Department: System Evolution and Operation

• to provide dynamically adaptable and configurable hardware/software platforms that are predictable and monitorable in terms of functional and extra-functional system properties (e.g. security, timing, performance, resource consumption) and can be modularly updated and expanded with the help of virtualization solutions.

• for incremental approval from the component level (software component) via the subsystem (control unit with several software components) to the system (E/E architecture of the entire vehicle) during operation using self-explanatory and self-certifying components. Runtime validation and incremental approval of variable AI components are a particular challenge here.

• for continuous runtime monitoring of the driving function and the operational design domain (ODD) of highly automated vehicles that will be able to adapt dynamically to changing environmental and operating conditions in the future.

Group: Deployment and Updates

The "Deployment and Updates" research group focuses on innovative methods for the efficient execution of software - in particular artificial intelligence (AI) - on embedded systems. The focus is on hardware platforms such as FPGAs, microcontrollers and single-board computers in order to achieve maximum performance while minimising resource consumption.

A central component is the development of a powerful software tool that supports users in applying specific optimisation techniques such as quantisation, pruning and low-rank compression. This makes it possible to select the optimal hardware for each AI or to utilise existing hardware more efficiently.

For compact neural networks, we are working on a high-performance FPGA implementation that offers maximum speed and energy efficiency. At the same time, innovative approaches to reducing memory requirements, execution time and energy consumption on processor-based embedded systems are being researched.

These efficient methods create new potential for AI applications that were previously impossible to realise due to speed or energy restrictions. In the automotive sector and the Internet of Things (IoT) in particular, new opportunities are opening up for powerful and resource-efficient AI technologies that can fundamentally change existing systems.

The aim is to make artificial intelligence more powerful, more efficient and more widely accessible.

Group: Monitoring and Diagnosis

The "Monitoring and Diagnosis" group addresses the monitoring of embedded hardware/software systems (usually networked control units in vehicles and transport infrastructure) during operating hours.

This includes solutions for (formal) specification, instrumentation, and the observation and monitoring of functional and extra-functional system integrity (e.g. with regard to real-time behavior, resource usage and power dissipation). In addition to monitoring at runtime, the group also deals with the evaluation, local handling (reaction) and forwarding (feedback) of events that may occur during operation. Solutions are developed for problem detection and handling as well as for feedback to the system developers. The system is monitored across different levels of abstraction, while detected errors and deviations should initially be handled as locally as possible using compensation strategies or self-repair mechanisms. If local treatment is not possible, appropriate strategies are used at the next higher system level.

Group: Configuration and Evolution

The main focus of the "Configuration and Evolution" group is on safeguarding the operating environment of a highly or fully automated transport system. It is assumed that approval or authorization is granted under certain conditions. The Operational Design Domain (ODD) defines the area in which automated driving functions may be used and includes a specification of the scenery, environmental conditions and dynamic elements. The CE group is researching the automated and verifiably correct generation of ODD monitors, which continuously check whether the automation is within the permitted ODD and whether the function is working correctly within the permitted ODD as part of a runtime verification.

This monitoring of operational safety is followed by the dynamic safeguarding of exit strategies in order to keep the system in a safe operating state (including degradation of the automation).