Dr. rer. nat.

Weiß, Gereon

Filters

10
Reset filters

Settings
Now showing 1 - 10 of 10
  • Publication
    Approach for Argumenting Safety on Basis of an Operational Design Domain
    ( 2024)
    Weiß, Gereon
    ;
    Zeller, Marc
    ;
    Schoenhaar, Hannes
    ;
    Drabek, Christian
    ;
    Kreutz, Andreas
    The Operational Design Domain (ODD) is a representative model of the real world in which an Automated Driving System (ADS) is intended to operate. The definition of the ODD is a crucial part of the development process for such an artificial intelligence (AI)-enabled system. This is due to the fact that the ODD is the basis for several critical development activities, like defining system-level requirements, test & verification, and building a well-founded safety case for an AI-based ADS. Since an inadequately defined ODD poses a major safety concern for the entire development, an ODD must be defined completely and consistently during the development process. In this work, we present an approach for the ODD definition and maintenance during the development of safety-critical AI-based ADS functionalities and provide evidences to argue the sufficient completeness and consistency. We demonstrate the feasibility of our approach by an industrial use case of a fully automated system in the railway domain.
  • Publication
    Concept for Safe Interaction of Driverless Industrial Trucks and Humans in Shared Areas
    ( 2022-06-17)
    Drabek, Christian
    ;
    Kosmalska, Anna
    ;
    Weiß, Gereon
    ;
    Ishigooka, Tasuku
    ;
    Otsuka, Satoshi
    ;
    Mizuochi, Mariko
    Humans still need to access the same area as automated systems, like in warehouses, if full automation is not feasible or economical. In such shared areas, critical interactions are inevitable. The automation of vehicles is usually tied to an argument on improved safety. However, current standards still rely also on the awareness of humans to avoid collisions. Along with this, modern intelligent warehouses are equipped with additional sensors that can help to automate safety. Blind corners, where the view is obscured, are particularly critical and, moreover, their location can change when goods are moved. Therefor, we generalize a concept for safe interactions at known blind corners to movements in the entire warehouse. We propose an architecture that uses infrastructure sensors to prevent human-robot collisions with respect to automated forklifts as instances of driverless industrial trucks. This includes a safety critical function using wireless communication, which sporadically might be unavailable or disturbed. Therefore, the proposed architecture is able to mitigate these faults and gracefully degrades the system’s performance if required. Within our extensive evaluation, we simulate varying warehouse settings to verify our approach and to estimate the impact on an automated forklift’s performance.
  • Publication
    Safe Interaction of Automated Forklifts and Humans at Blind Corners in a Warehouse with Infrastructure Sensors
    ( 2021)
    Drabek, Christian
    ;
    Kosmalska, Anna
    ;
    Weiß, Gereon
    ;
    Ishigooka, Tasuku
    ;
    Otsuka, Satoshi
    ;
    Mizuochi, Mariko
    Co-working and interaction of automated systems and humans in a warehouse is a significant challenge of progressing industrial systems' autonomy. Especially, blind corners pose a critical scenario, in which infrastructure-based sensors can provide more safety. The automation of vehicles is usually tied to an argument on improved safety. However, current standards still rely on the awareness of humans to avoid collisions, which is limited at corners with occlusion. Based on the examination of blind corner scenarios in a warehouse, we derive the relevant critical situations. We propose an architecture that uses infrastructure sensors to prevent human-robot collisions at blind corners with respect to automated forklifts. This includes a safety critical function using wireless communication, which sporadically might be unavailable or disturbed. Therefore, the proposed architecture is able to mitigate these faults and gracefully degrades performance if required. Within our extensive evaluation, we use a warehouse simulation to verify our approach and to estimate the impact on an automated forklift's performance.
  • Publication
    Dependable and Efficient Cloud-Based Safety-Critical Applications by Example of Automated Valet Parking
    ( 2021)
    Drabek, Christian
    ;
    Shekhada, Dhavalkumar
    ;
    Weiß, Gereon
    ;
    Trapp, Mario
    ;
    Ishigooka, Tasuku
    ;
    Otsuka, Satoshi
    ;
    Mizuochi, Mariko
    Future embedded systems and services will be seamlessly connected and will interact on all levels with the infrastructure and cloud. For safety-critical applications this means that it is not sufficient to ensure dependability in a single embedded system, but it is necessary to cover the complete service chain including all involved embedded systems as well as involved services running in the edge or the cloud. However, for the development of such Cyber-Physical Systems-of-Systems (CPSoS) engineers must consider all kinds of dependability requirements. For example, it is not an option to ensure safety by impeding reliability or availability requirements. In fact, it is the engineers' task to optimize the CPSoS' performance without violating any safety goals. In this paper, we identify the main challenges of developing CPSoS based on several industrial use cases and present our novel approach for designing cloud-based safety-critical applications with optimized performance by the example of an automated valet parking system. The evaluation shows that our monitoring and recovery solution ensures a superior performance in comparison to current methods, while meeting the system's safety demands in case of connectivity-related faults.
  • Publication
    Method for automatic resumption of runtime verification monitors
    ( 2017)
    Drabek, Christian
    ;
    Weiß, Gereon
    ;
    Bauer, Bernhard
    In networked embedded systems created with parts from different suppliers, deviations from the expected communication behavior often cause integration problems. Therefore, runtime verification monitors are used to detect if observed communication behavior fulfills defined correctness properties. However, in order to resume verification if unspecified behavior is observed, the runtime monitor needs a definition of the resumption. Otherwise, further deviations may be overlooked. We present a method for extending state-based runtime monitors with resumption in an automated way. This enables continuous monitoring without interruption. The method may exploit diverse resumption algorithms. In an evaluation, we show how to find the best suited resumption extension for a specific application scenario and compare the algorithms.
  • Publication
    DANA - Description and Analysis of Networked Applications
    ( 2017)
    Drabek, Christian
    ;
    Weiß, Gereon
    We introduce the DANA platform for specifying and analyzing networked applications. DANA was originally created targeting the automotive domain for the verification and validation of software interface behavior in new infotainment and advanced driver assistant systems that are integrated on a single hardware platform. The messages in these interfaces can contain complex data, e.g., playlists with images. Therefore, valid behavior is described as a layered reference model. The platform can use the model to generate test cases, code for simulation, and to verify a live or recorded trace. Exchangeable resumption algorithms enable DANA to resume runtime verification after a deviation using the original state machine without manual changes. A generic input model allows quick integration of new sources for messages. Therefore, DANA can easily be applied to other domains where interactive behavior can be observed. In this paper, we present the tool, its layered reference model, and show its application for runtime verification.
  • Publication
    Generic management of availability in fail-operational automotive systems
    ( 2017)
    Schleiß, Philipp
    ;
    Drabek, Christian
    ;
    Weiß, Gereon
    ;
    Bauer, Bernhard
    The availability of functionality is a crucial aspect of mission- and safety-critical systems. This is for instance demonstrated by the pursuit to automate road transportation. Here, the driver is not obligated to be part of the control loop, thereby requiring the underlying system to remain operational even after a critical component failure. Advances in the field of mixed-criticality research have allowed to address this topic of fail-operational system behaviour more efficiently. For instance, general purpose computing platforms may relinquish the need for dedicated backup units, as their purpose can be redefined at runtime. Based on this, a deterministic and resource-efficient reconfiguration mechanism is developed, in order to address safety concerns with respect to availability in a generic manner. To find a configuration for this mechanism that can ensure all availability-related safety properties, a design-time method to automatically generate schedules for different modes of operations from declaratively defined requirements is established. To cope with the inherent computational complexity, heuristics are developed to effectively narrow the problem space. Subsequently, this method's applicability and scalability are respectively evaluated qualitatively within an automotive case study and quantitatively by means of a tool performance analysis.
  • Publication
    Absicherung von komplexen Software-Komponenten vernetzter Fahrzeuge
    ( 2016)
    Weiß, Gereon
    ;
    Drabek, Christian
    Die Menge an Software in Fahrzeugen nimmt nicht nur stetig zu, sondern übernimmt auch immer komplexere und kritischere Funktionen. Hiermit steigt auch die Komplexität der Schnittstellen und Funktionsinteraktionen stark an. Gute Beispiele hierfür sind die Hochintegration oder auch Fahrzeugumweltvernetzung. Damit diese Funktionen zukünftig in hoher Qualität realisiert und abgesichert werden können, sind neue Entwicklungs- und Absicherungskonzepte sowie Methoden unerlässlich. Im Beitrag werden die Herausforderungen zukünftiger vernetzter Fahrzeugsysteme diskutiert. Darüber hinaus wird eine modellbasierte Methodik vorgestellt, die eine Absicherung von komplexen Software-Schnittstellen ermöglicht, wie sie für Ethernet oder V2X-basierte Funktionen notwendig sind.
  • Publication
    Towards flexible and dependable E/E-architectures for future vehicles
    ( 2016)
    Weiß, Gereon
    ;
    Schleiß, Philipp
    ;
    Drabek, Christian
    Future vehicles are expected to evolve towards enabling fully electric and autonomous driving. However, technically this evolution requires fundamental changes of traditional automotive engineering principles. Specifically, challenges arise for the Electric/Electronic (E/E) vehicle architectures as underlying basis for almost all car functionalities. Higher demands on vehicle system's flexibility and dependability have to be incorporated. We present a novel approach for such future E/E-architectures which considers these requirements as first principles by exploiting runtime adaptation capabilities. Based on use cases, a generic hardware and software architecture is presented which enables technology-independent realization of the provided concepts. Additionally, the incorporated generic failure management and design support are introduced. The approach has been evaluated in different prototype demonstrators, including an e-vehicle prototype compromising enhanced driving functionality. Thereby, the advantages of the concepts for future vehicle E/E-architectural development could be highlighted.
  • Publication
    Interface verification using executable reference models: An application in the automotive infotainment
    ( 2013)
    Drabek, Christian
    ;
    Pramsohler, Thomas
    ;
    Zeller, Marc
    ;
    Weiß, Gereon
    Modern in-vehicle infotainment systems comprise highly interactive software components. The verification of the interfaces of such components poses a major challenge for developers. In this work, we present an approach for model-based verification of distributed infotainment components. We define a layered reference model which specifies the interaction between two components at syntactical and behavioral level. The layers abstract from the used middleware so developers may focus on the components' actual interface behavior. Additionally, we define a model execution framework which enables the reuse of the reference model for verification of interface implementations. We demonstrate the applicability of the approach using an industrial case study. Our approach aims at reducing errors in the communication behavior and increasing the overall product quality.