Assuring Degradation Cascades of Car Platoons via Contracts

  • Irfan SljivoEmail author
  • Barbara Gallina
  • Bernhard Kaiser
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10489)


Automated cooperation is arriving in practice, for instance in vehicular automation like platoon driving. The development and safety assurance of those systems poses new challenges, as the participating nodes are not known at design time; they engage in communication at runtime and the system behaviour can be distorted at any time by failures in some participant or in the communication itself. When running on a highway, simply switching off the function is not an option, as this would also result in hazardous situations. Graceful degradation offer a systematic approach to define a partial-order of less and less acceptable operation modes, of which the best achievable is selected in presence of failures. In this work we propose an approach for assurance of the degradation cascades based on mode-specific assertions, captured by assumption/guarantee contracts. More specifically, we share our experiences and methodology for specifying the contracts for both the nominal safe behaviour as well as the less safe but acceptable behaviour in presence of failures. Furthermore, we present an argument pattern for adequacy of the degradation cascades for meeting the global safety goals based on the contracts. We illustrate our approach by a car platooning case study.



This work is supported by EU and VINNOVA via the ECSEL Joint Undertaking project AMASS (No. 692474).


  1. 1.
    Kagermann, H., Helbig, J., Hellinger, A., Wahlster, W.: Recommendations for implementing the strategic initiative INDUSTRIE 4.0: securing the future of German manufacturing industry. Forschungsunion (2013)Google Scholar
  2. 2.
    Adler, R., Schaefer, I., Trapp, M., Poetzsch-Heffter, A.: Component-based modeling and verification of dynamic adaptation in safety-critical embedded systems. ACM Trans. Embed. Comput. Syst. 10(2), 1–39 (2011)CrossRefGoogle Scholar
  3. 3.
    Kaiser, B.: From “safe state” to “degradation cascades” - structured and quantified requirements for automated driving systems. Presentation at VDA Automotive SYS, Berlin, Germany (2016)Google Scholar
  4. 4.
    Shelton, C.P., Koopman, P., Nace, W.: A framework for scalable analysis and design of system-wide graceful degradation in distributed embedded systems. In: 8th International Workshop on Object-Oriented Real-Time Dependable Systems, pp. 156–163. IEEE (2003)Google Scholar
  5. 5.
    Sljivo, I., Gallina, B., Carlson, J., Hansson, H.: Strong and weak contract formalism for third-party component reuse. In: 3rd International Workshop on Software Certification, pp. 359–364. IEEE, November 2013Google Scholar
  6. 6.
    Sljivo, I., Gallina, B., Carlson, J., Hansson, H., Puri, S.: A method to generate reusable safety case argument-fragments from compositional safety analysis. J. Syst. Softw.: Spec. Issue Softw. Reuse 131, 570–590 (2016)CrossRefGoogle Scholar
  7. 7.
    Gallina, B., Javed, M., Muram, F., Punnekkat, S.: Model-driven dependability analysis method for component-based architectures. In: 38th Euromicro Conference on Software Engineering and Advanced Applications, pp. 233–240. IEEE, September 2012Google Scholar
  8. 8.
    Kaiser, B., Nejad, B.M., Kusche, D., Schulte, H.: Systematic design and validation of degradation cascades for safety-relevant systems. In: To Appear in The Annual European Safety and Reliability Conference ESREL, June 2017Google Scholar
  9. 9.
    Goal Structuring Notation Working Group: GSN Community Standard Version 1. Origin Consulting (York) Limited (2011)Google Scholar
  10. 10.
    Kaiser, B., Weber, R., Oertel, M., Böde, E., Nejad, B.M., Zander, J.: Contract-based design of embedded systems integrating nominal behavior and safety. Complex Syst. Inform. Model. Q. 4, 66–91 (2015)Google Scholar
  11. 11.
    Sljivo, I., Gallina, B., Carlson, J., Hansson, H.: Generation of safety case argument-fragments from safety contracts. In: Bondavalli, A., Di Giandomenico, F. (eds.) SAFECOMP 2014. LNCS, vol. 8666, pp. 170–185. Springer, Cham (2014). doi: 10.1007/978-3-319-10506-2_12 Google Scholar
  12. 12.
    ECSEL-JU-692474: AMASS - Architecture-Driven, Multi-concern and Seamless Assurance and Certification of Cyber-Physical Systems.
  13. 13.
    Ghodratbaki, A.: Modellierung lose gekoppelter System-of-Systems am Beispiel eines Cooperative Adaptive Cruise Control (CACC) Fahrerassistenzsystems. Master’s thesis (2017)Google Scholar
  14. 14.
    Schneider, D., Trapp, M.: Conditional safety certification of open adaptive systems. TAAS 8(2), 8:1–8:20 (2013)CrossRefGoogle Scholar
  15. 15.
    Oertel, M., Schulze, M., Peikenkamp, T.: Reusing a functional safety concept in variable system architectures. In: 7th International Workshop on Model-Based Architecting and Construction of Embedded Systems, pp. 16–25, September 2014Google Scholar
  16. 16.
    Iliasov, A., Romanovsky, A., Dotti, F.L.: Structuring specifications with modes. In: LADC, pp. 81–88. IEEE Computer Society (2009)Google Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Irfan Sljivo
    • 1
    Email author
  • Barbara Gallina
    • 1
  • Bernhard Kaiser
    • 2
  1. 1.Mälardalen UniversityVästeråsSweden
  2. 2.Berner & Mattner Systemtechnik GmbHMunichGermany

Personalised recommendations