Bringing new life to embedded computer systems

Most embedded computer systems cannot be updated. If new functions are to be added, all the electronics must be replaced. Professor Yi Wang, Professor of Embedded Systems at Uppsala University, is heading a project that will make it possible to update software in everything from pacemakers to satellites while they are still operating.

Project Grant 2019

Designed for UPDATE: Next-Generation Embedded Systems

Principal investigator:
Professor Yi Wang, Uppsala University

Uppsala University
Bengt Jonsson
Philipp Rümmer
Thiemo Voigt

Uppsala University

Grant in SEK:
SEK 25,000,000 over five years

Have you ever had your mobile phone screen go jet black after an update? Often it is not possible to resolve the problem without a factory reset of the software. The reason this happens is to be found in the design of the telephone’s embedded software.

Crash risk

It is probably not the end of the world if a cellphone has to be reset, but the same problem occurs in all embedded computer systems. And these are found in virtually all electronics, from satellites to medtech applications.

“Current embedded software systems are not designed to be updated. On the contrary, if they are modified in any way, there is a high risk they will crash or become unstable, with compromised security,” Wang explains.

Wang is heading a five-year project funded by Knut and Alice Wallenberg Foundation with a view to changing that. The aim is to lay the foundation for a completely new way of developing embedded systems that can be periodically updated, thus extending their life.

Guaranteeing operational reliability

The research team faces multiple challenges. A theoretical breakthrough in design principles for embedded systems will be required, along with a new generation of software tools. Among other things, the tools should enable scientists to analyze and guarantee the operational reliability of the embedded systems before an update is performed.

“As far as a cellphone or laptop is concerned, it doesn’t matter much if a reboot is needed following an update. But there are plenty of examples where it is vital that operation of the system is not impacted by an update.”

 Wang gives the pacemaker as an example. If it could be updated simply and securely, it would be possible to add new functions. But current pacemakers cannot be updated; they have to be replaced, obliging the patient to undergo surgery. The same applies to most current medtech solutions.

“If it were possible to update medtech devices without risking a shutdown or critical disruption, patients could benefit from software development, and the technology would probably become more energy-efficient over time,” Wang says.

Modern vehicles, for example, contain numerous computer systems that are time-critical, where the right information must reach the right destination in time in order to work properly. Before the engine control system is updated, there must be an assurance that the vehicle’s brakes or road holding will not be affected.

Updating a system while it is operating requires tools that enable an extensive analysis to assure operational reliability. Also needed are tools that ensure that an update does not compromise system security. An update must not create security vulnerabilities, potentially allowing a hacker to take control of a system. New, robust data protocols are needed that are capable of assuring integrity during an update, even in more insecure environments or networks.

Updated in parts

The project is divided into five work packages, beginning with development of a new design structure for embedded systems.

The structure is based on the idea of creating a multilayered system whose layers are given different functions to ensure that individual tasks work independently of each other. This will allow the individual parts of a system to be updated without it being shut down.

When a system of this kind is updated, it will be possible to check that the update has not impacted any other function, and that there are sufficient resources in the system to perform and also implement the update.

The next step in the project is to develop the tools to be used to build new systems and analyze the result. Even now, embedded systems are so extensive, with many millions of rows of program code, that it is impossible do so manually. 

Active collaborations

Lastly, the researchers intend to demonstrate the improvements that can be achieved using the new technology by means of a series of practical case studies. The team is already collaborating with companies in the automotive industry, one result being a prototype solar power-driven small electric vehicle. But most of all, Wang wants to send the system into space.

This is because current satellites suffer from the same limitations as other embedded systems – once they are orbiting the Earth they cannot be updated with new functions.

“If we can replace the software in a satellite, we can give it new tasks and a longer lifespan than current satellites. We hope to achieve this within the scope of our project, but it’s expensive, so we need to do it in collaboration with other European universities,” Wang says. 

Text Magnus Trogen Pahlén
Translation Maxwell Arding
Photo Magnus Bergström