CompEAS-BSW II
Embedded systems in vehicles were traditionally implemented in a strictly static manner, where the integration of functions was largely manual and dynamic adaptations were hardly supported. Considering increasing complexity, new hardware capabilities, and the need for over-the-air updates, this approach became a significant challenge for the automotive industry. The CompEAS-BSW project was dedicated to automating these processes by researching new concepts for model-based software design and the composition of modular software with changing non-functional requirements.
The project's approach addressed the dynamic composition and reliability of the entire software stack of embedded systems. The research ranged from the conception of future basic software (model-based OS design, portability) to module-based software development and partial updates (automatic integration, non-functional requirements). Through close collaboration between Pro²Future, Graz University of Technology, and the industry partner Elektrobit, solutions were developed that are directly tailored to the AUTOSAR Classic environment. The project results made a significant contribution to improving the partner's service and product portfolio, optimized internal development processes, and enabled new, more flexible, and reliable products and services through successful technology transfer. The intensive collaboration, which included 23 days of on-site expert workshops, ensured that the research was closely aligned with industry needs and that the results were directly applicable, culminating in a follow-up project, COEVOLVE.
Goals
The overarching goal of the project was to investigate reliability aspects and the dynamic composition of software on complex automotive platforms. The project's goals were to: (1) identify specific questions from current industry practice using scientific methods; (2) create workable solutions for the long-term maintenance and systematic implementation of future embedded automotive systems; and (3) effectively transfer the acquired knowledge to the partner and established standards.
The focus was on the evaluation and development of new technical concepts in the context of Classic AUTOSAR. Specifically, three core areas were addressed: First, improving the low-level Basic Software (BSW) layer, particularly the operating system and drivers, regarding portability and verification to reduce manual, error-prone porting efforts. Second, supporting the modelling of non-functional requirements (NFRs) in the middleware through automatic configuration, verification, and code generation, ensuring system stability and performance. Third, enhancing the integration and verification of compositional application software to increase the maintainability and reliability of the overall system, enabling robust partial updates in the field.
Approach
The project's approach was based on the application of formal methods for modelling and verifying embedded operating systems (OS). By analysing common programming paradigms, consistent formalizations for hardware and software models (HW/SW) were created using tools like Event-B, UPPAAL or Dafny to ensure compliance with functional and non-functional requirements. A key element was the integration of NFRs into the Basic Software (BSW) through a “Budget Manager,” which enabled the systematic derivation of target values. Generic NFR managers in the operating system also allowed for offline analysis and online management of these requirements, significantly improving system maintainability through runtime updates and compatibility checks. The LLVM compiler infrastructure was utilized to translate verified models into executable code, preserving correctness from design to implementation.
Expected and Achieved Results
The CompEAS-BSW project delivered crucial concepts and tools that significantly advanced the development of automotive software. The most important results were:
- LongtermBSW: Concepts for the model-based development of Basic Software (BSW) were created. These enabled the verification of models against target architectures and a largely automated porting of the BSW. This approach substantially increased the correctness and portability of real-time operating systems, moving away from manual, error-prone processes.
- GenericNFR: The project developed concepts for the formal specification of non-functional requirements directly in the source code of the Application Software. This enabled the basic software to monitor and enforce these requirements at runtime, leading to a new, timestamp-based implementation of scheduling tasks that achieved a 26% improvement over conventional methods with minimal memory overhead (< 1.7 KB), a critical advantage for resource-constrained automotive controllers.
- CompASW: Concepts were developed for extracting NFRs and generating metadata for individual software components (SWC). This allowed for automatic compatibility checks during partial changes (updates), which improved automatic integration and thus the maintainability of the overall system. To prevent deadlocks in multicore systems, a fair and starvation-free spinlock mechanism (M-HLP) was created and patented. The correctness of certain components of the operating system was formally verified using the proof assistant, which was written in the formal language Dafny. This process established a foundation for future certified systems.
The project results were published in over 19 scientific publications. The intensive technology transfer led to a patent developed within the project being acquired by Elektrobit, demonstrating the direct industrial relevance of the research.


