Automotive embedded systems have strongly grown in complexity due to the amount of functionalities available, the large number of interactions between these functions as well as the different domains they cover. The development of automotive embedded system is confronted to two main problems. First, the development of such systems requires the coordination between experts from different domains (e.g. materials, vehicle dynamics, thermodynamics, computer science) and the efficient (seamless) integration of their expertise within a common development process. Second, the development process should be able to provide a guarantee for the system reliability (e.g. using well defined development stages with good traceability in-between). This non-functional requirement is strongly required for every system in order to ensure a given quality and even mandatory for safety-critical systems when human life and health depend on the correct operation of the car. These systems impact vehicular safety. They are responsible for highly safety-critical vehicle functions such as braking, steering or recuperating.

In order to appropriately mitigate risks, such systems are built on two cornerstones. First, they are designed and developed using standardized development processes in order to avoid systematic faults and systematically identify design errors. The phase model of the safety lifecycle according to ISO 26262 (an automotive safety standard issued by ISO) including phases for Concept Phase and Product Development is depicted by Figure 1. The numbers in this figure refer to corresponding chapters of the standard.

Moreover, these systems provide fault-tolerant architectures that allow the detection of transient and permanent faults during system operation in order to be able to achieve and maintain a safe state. Exemplary typical architectures that facilitate the detection of faults are depicted by Figure 2.

Research in MEPAS is focused on two points:

• Workflow and a tool chain that allow support while carrying out safety-relevant activities required by contemporary automotive safety standards
• New computer architectures, relying on existing automotive standards (e.g. AUTOSAR), that can be used as target hardware for system development

Tool chain and computer architectures will be evaluated using a highly safety-critical embedded system that is part of a complex automotive powertrain.