Programme

The availability of powerful Artificial Intelligence (AI) algorithms boosts the development of advanced functionalities in the automotive domain and is essential to enable the deployment of autonomous and semi-autonomous vehicles. However, integrating such advanced and complex functionalities in automotive systems may raise several issues. In particular, the analysis of the effects of faults possibly affecting the hardware executing an AI-based application is made challenging by the system’s complexity (in terms of both hardware and software). Reliability analysis often resorts to Fault Injection techniques. However, Fault Injection experiments are often unacceptably time-consuming and limited to some components of the overall system, thus failing to consider the fault impact at the vehicle level. This work proposes a new method, named Two-steps IntegrAted Reliability Assessment (TIARA), for early estimation of the end-to-end impact (up to the vehicle level) of faults affecting the hardware running AI-based perception tasks in a typical ADAS system. TIARA allows for the early exploration and evaluation of algorithms, driving agents, and critical operational scenarios. TIARA can estimate the effects of faults affecting a subsystem up to the vehicle dynamics level, integrating a fault injection approach at the neural network level with a commercial automotive-grade virtual scenario generator. When compared to previous works, TIARA dramatically reduces the required computational effort by adopting a two-stage evaluation strategy. We validated our methodology resorting to two ADAS applications: Lane Centering Assistance (LCA) and Emergency Lane Keeping Assistance (ELKA), using the YoloP model for perception. The experimental results on nine different driving scenarios show that TIARA allows for an effective early estimation of system reliability through relevant driving dynamics and comfort metrics, as mandated by standards, while reducing computing complexity by up to 43.2x in comparison with an exhaustive Fault Injection approach. In addition, the validation of the TIARA methodology through a hardware-in-the-loop implementation yields results that closely match the behavior of a real-world system, demonstrating the versatility of TIARA for the evaluation of automotive systems.

The possibility of deploying AI solutions on embedded systems, such as Jetson Orin Nano Super, allows the creation of compact and efficient systems capable of real-time processing of camera images, making it suitable for deployment in various scenarios where limited resources are required, such as the automotive sector. The automotive industry has been transformed by the integration of embedded systems, enhancing performance, safety, and user experience. In the context of automotive safety and human-centric vehicle design, the Distrimuse project introduces an embedded system designed to assess drivers' visual distractions during a citizen driving simulation. This system integrates real-time eye tracking data with the detection of simulated vulnerable road users (VRUs), to assess situational awareness and assess safety risks in an urban context. Utilizing the ScaNer driving simulator, the system receives a continuous video stream representing complex traffic scenarios. An object detector neural network (CNN), running on an NVIDIA Jetson Orin Nano Super, in combination with traking and calibration algorithm is used to detect VRUs in real time directly from the simulated video feed. To analyze the driver’s attention in relation to these road users, real-time eye tracking data is collected and temporally synchronized with the environmental context. The embedded platform handles all processing locally, including CNN inference, sensor fusion, and distraction assessment. All computational modules are developed in a mixture o python and C++ modules for performance, and neural inference is accelerated using NVIDIA TensorRt engine deployed via Docker, ensuring high efficiency and portability. This architecture enables a low-latency and high-fidelity assessment of driver behavior in relation to road safety, making it a valuable framework for the development and validation of next-generation DMS and ADAS technologies. The embedded system synchronizes driver gaze behavior with the detection in the external environment, particularly focusing in complex traffic scenarios. dynamic video stream generated by the SCANeR driving simulator.

Urban logistics are under increasing pressure due to rising demand, stricter environmental policies, and the inefficiency of fragmented transport systems. The TRACE project aims to address these challenges by developing an intelligent, interoperable platform for future-ready urban delivery.

TRACE designs and develops a smart platform that seamlessly integrates heterogeneous logistics operations and supports them through advanced mechanisms for both technical and financial management of shared resources. The TRACE platform includes modules for planning, scheduling, optimisation, and event handling. Moreover, it employs blockchain technology to enable the real-time execution of smart contracts and secure financial transactions. This makes TRACE one of the first attempts to provide a truly “intelligent layer” over existing logistics frameworks.

At the HiPeRT Lab (University of Modena), we contribute to the Italian Demonstrator by developing core software components, on Nvidia embedded boards, for autonomous vehicles, GPS tracking, mission planning, and AV cargo bikes capable of operating as coordinated platoons to improve the delivery performance and the CO2 emission, based on deliveries with traditional vans. These vehicles communicate in real-time with Modena’s Automotive Smart Area, allowing for decentralized, adaptive operation.

Additionally, we use a digital twin of the city of Modena to provide real-time visualization of logistics flows and interactions. This improves monitoring in live scenarios.

TRACE has the potential to significantly reduce emissions, optimize last-mile delivery, and transform urban mobility into a cleaner, faster, and more intelligent system. It appeals to governments for its sustainability goals, to industry stakeholders for its integrative and secure architecture, and to research institutions for its pioneering use of AI, blockchain, and autonomous systems in urban logistics.

Quadruped robots have become quite popular for their ability to adapt their locomotion to generic uneven terrains, but existing control solutions are computationally expensive and not suitable for real-time applications.

To address this issue, we present Feelbert, a modular control framework for quadrupedal locomotion suitable for predictable execution on an embedded system under hard real-time execution constraints.

The framework is based on a feedback linearization technique and a closed-form control law for the pose of the body, and foot trajectories are updated online according to velocity commands.

Feelbert has been integrated in ROS 2 and can also be compiled as a standalone application on a Raspberry Pi 5, demonstrating satisfactory results both in terms of reference tracking and temporal predictability.

Over the past decade, the integration of machine learning into cyber-physical systems has gained significant momentum in both industry and academia. However, the unpredictable behavior and brittle robustness of neural networks and reinforcement learning agents pose challenges for real-world deployment. To mitigate these risks, photo-realistic simulators have emerged as a promising solution, enabling extensive and safe testing of AI-driven algorithms in controlled environments.

SimPRIVE - Simulation framework for Physical Robots Interacting with Virtual Environments - is inspired by the vehicle-in-the-loop simulation paradigm. It enables real-time interaction between a physical robot and its digital twin in a simulated environment. The framework receives the robot’s position and orientation from the physical world, updates the digital twin accordingly, and transmits simulated sensory data and contextual information back to the robot. This closed-loop system allows for safe experimentation with complete software and hardware stacks, including AI-based control systems, while minimizing the risks and costs of real-world testing.

The virtual environment can be populated with programmable objects, people, and vehicles, offering a rich and dynamic testing ground. SimPRIVE is designed to be lightweight, ensuring fast rendering and low execution latency. It supports both custom and pre-built environments, making it adaptable to a wide range of research and industrial applications.

To validate the framework, a reinforcement learning agent trained for obstacle avoidance was deployed on an AgileX Scout Mini rover. The rover successfully navigated a virtual office environment, avoiding obstacles such as furniture and people. In the physical world, the robot operated within a confined indoor space, using a LiDAR-based heuristic to prevent collisions. This experiment demonstrated SimPRIVE's effectiveness in bridging the gap between simulation and real-world deployment.

Physical safety cages are the de-facto starndard for ensuring a safe operation of robots and humans within supply chains: a physical cage is positioned around the robot, making it impossible for the robot arm to hit anybody as they are forced to stay outside the cage. Unfortunately, this heavily limits the opportunity of interacting between robots and humans or even other robots. Conversely, cobots (COllaborative roBOTS, or companion robots) are intended for direct human-robot interaction within a shared space, or where humans and robots are in close proximity. This completely contrasts with traditional industrial robot applications in which robots are isolated from human contact via physical cages, and opens the ground for a multitute of safety hazards and security threats that need to be listed, attached to a risk and eventually mitigated. The talk will present the approach of the CogniSafe3D EU – Eurostars project, which aims at ensuring a safe and secure operation of cobots without physical cages by enforcing specific interaction protocols and a LiDAR observing the surroundings of the cobot.

Deploying latency-sensitive applications at the edge—such as perception pipelines, control loops, or real-time AI inference—requires more than just resource provisioning: it often demands temporal guarantees. Yet, mainstream container orchestration frameworks like Kubernetes lack native support for scheduling policies that ensure bounded latency and CPU isolation, making them not suitable for real-time deployments in dynamic, multi-tenant edge environments.

In this talk, we present a modular framework developed within the NANCY project that brings temporal isolation to containerized edge workloads. We introduce KubeDeadline, an extension to Kubernetes that enables the use of Linux’s SCHED_DEADLINE scheduler via the Constant Bandwidth Server model, offering guaranteed CPU bandwidth and bounded CPU latency. The system integrates with distributed execution frameworks such as Ray, unlocking real-time capabilities for distributed AI workloads.

To cope with dynamic workloads, we further incorporate a runtime monitoring layer for detecting execution time budget and a period estimation mechanism for autonomously configuring scheduling parameters. Together, these technologies enable a real-time container stack that is predictable and self-adapting, laying the foundation for resilient and time-aware edge computing.

The steadily increasing algorithmic complexity of embedded application software is pushing the semiconductor industry to deliver higher performance architectures also in embedded systems. Mirroring the evolution of the high-performance and desktop computing spaces, multicore architectures and accelerators are thus expected to soon become prevalent in the embedded space, including microcontrollers.

In the libreRT project we aim at solving the portability and programmability problems by providing a unified way to program heterogeneous architectures across all embedded systems, small and large, based on SYCL.

In this presentation we focus on two aspects of our efforts. The first is approximate computing, an emerging paradigm that aims to exploit the inherent error tolerance of many applications, particularly in domains such as image processing and machine learning.

We introduced SYprox, a new approximate computing framework based on SYCL that allows programmers to easily implement heterogeneous approximated applications, allowing the adoption of these approximation techniques automatically based on the capabilities of the target platform.

The second aspect are the modifications required to the operating system and parallel programming runtimes to allow OpenMP and SYCL programming on microcontrollers, and to the best of our knowledge we present the first results of running SYCL code on microcontrollers.

We discuss our embedded SYCL implementation and compare the performance of parallel SYCL code on the RP2040 dual-core microcontroller using standard benchmarks.

Virtualization has become a key enabling technology in embedded systems, allowing multiple isolated software environments to coexist on a single hardware platform. By decoupling hardware from software execution contexts, virtualization enhances modularity, scalability, and resource utilization, while also enabling better isolation and fault containment. As embedded systems increasingly adopt virtualization to manage complex workloads and mixed-criticality applications, efficient interrupt handling becomes critical to maintaining system performance and responsiveness.

This presentation investigates Virtual Interrupt Management (VIM) as an efficient software-based approach to orchestrate interrupt handling within embedded virtualized environments. We explore how modern processors, such as ARMv8-A and ARMv8-R, support virtualization through exception levels, memory protection mechanisms, and hardware extensions. At the software level, we analyze architectural solutions including separation kernels, type-1 hypervisors, and guest OS partitioning. Key interrupt virtualization techniques such as emulation, passthrough, paravirtualization, and the Dom0 model are examined with respect to performance, isolation, and security trade-offs. Finally, we outline performance evaluation strategies by highlighting metrics such as CPU utilization, I/O latency, and response time, and we emphasize the role of trace-based visualization tools in profiling virtualized systems. The findings contribute to a deeper understanding of software-driven interrupt management strategies and their impact on the design of efficient, secure, and responsive embedded virtualized systems.

In our previous work, we discussed the need for a seamless runtime environment where application components can be deployed on any node of the system, safely isolated from the host environment.

The WebAssembly (Wasm) technology provides a portable bytecode format suited for formal verification and with the potential to stand as that seamless runtime environment.

Wasm, with its lower execution overhead and footprint than other virtualization strategies (e.g., containers), is now becoming attractive for use in demanding cyber-physical systems such as those in automotive and industrial control.

Contrasting heterogeneity is not a lone goal for modern cyber-physical systems. Several industrial scenarios, ranging from energy optimization to the so-called "Edge intelligence", would benefit from relocation-capable computations, namely, computations that can move across nodes, preserving their execution progress.

A checkpoint and restore mechanism is central to live migration, and has to be entirely independent of the underlying host architecture.

Our work shows that the Wasm bytecode, through proper ahead-of-time instrumentation, is apt for the task.

However, coordinating the relocation of an aggregate of migrating components is still an open question.

To address this challenge, we are working on the design of a two-level orchestrator, distinguishing between application and infrastructure level decisions.

Our goal is to develop an orchestration strategy suited for end-to-end analysis and backed by a real-time system model.

In this talk, we will present the latest advancements of this ongoing project.

The electromyography (EMG) signal is particularly useful in monitoring muscle activity, and it can be acquired non- invasively on the skin surface. Thanks to these key characteristics, EMG-based human-machine interfaces (HMIs) for prosthetic myocontrol, as well as gesture recognition, are becoming widespread. A key challenge in this context is to design embedded systems to process EMG signals and generate motor commands with miniaturized, unobtrusive, and low-power devices, reliably and in real-time, at a relatively low cost to provide continuous monitoring without causing stigma or discomfort. This presentation presents an overview of the current status and future research challenges in systems and circuits for EMG acquisition and processing. We start by illustrating the sensor interfaces and EMG acquisition systems, then focus on conventional state-of-the-art EMG gesture recognition algorithms as well as novel architectures that tackle EMG processing challenges. Finally, we discuss open challenges, such as EMG variability, natural control, and efficient computation, to bring the myocontrol completely out-of-the-lab, filling the gap between research prototypes and real-world applications.

Deep Learning (DL) is increasingly central to modern computing, particularly in embedded applications, due to its unparalleled predictive capabilities. Compared to traditional cloud-based solutions, deploying DL models at the edge offers significant advantages in privacy, latency, predictability, and energy efficiency.

However, edge computing is inherently limited by the power and memory constraints of embedded devices. Current methodologies for deploying AI on edge platforms either involve highly customized workflows ailored to a specific family of edge devices, e.g. based on a specific Microcontroller (MCU) or rely on generic routines that fail to fully exploit hardware accelerators and platform-specific features.

We introduce MATCH, a novel deep neural network (DNN) deployment framework based on Apache TVM, and designed for agile and flexible retargeting across diverse MCUs, processors and accelerators. MATCH leverages a customizable, model-based hardware abstraction to partition networks according to hardware-specific capabilities, manage accelerator-specific compilation flows, and fall back on TVM for unsupported nodes. Its temporal mapping engine, powered by ZigZag, performs scheduling and memory allocation optimization at the node level. Finally its graph runtime handles node offloading and features a final memory planning pass to allocate all the tensors.

Our approach demonstrates that a general, retargetable mapping framework can match—and even surpass—the performance of specialized toolchains across heterogeneous targets, requiring only an abstract hardware cost model and a SoC-specific API.

We evaluate MATCH on two state-of-the-art heterogeneous MCUs: GAP9 and DIANA. On the four DNN models from the MLPerf Tiny suite, MATCH achieves an average 60.87× reduction in inference latency on DIANA compared to plain TVM, thanks to efficient use of the onboard hardware accelerator. Against HTVM, a fully customized toolchain for DIANA, MATCH still reduces latency by 16.94%.

On GAP9, considering the same benchmarks, MATCH achieves a 2.15× latency improvement over the dedicated DORY compiler, through heterogeneous mapping that synergistically exploits both the DNN accelerator and the eight-core cluster available on-chip.

MATCH is entirely open-source (https://github.com/eml-eda/match), empowering researchers and developers to automatically design, optimize, and deploy DL models tailored to resource-constrained edge devices—harnessing platform-specific features with minimal manual effort.

In recent years, there has been an increasing demand for real time, low latency, and privacy preserving machine learning applications, leading to a shift towards deploying intelligence at the edge. This trend is particularly prevalent in the domain of reinforcement learning (RL), where the capability to adapt and learn from real time interactions is essential. Nevertheless, the training of RL agents directly on microcontrollers—devices that are fundamentally limited in terms of memory, computation, and energy remains a substantial challenge.

This study demonstrates the feasibility of implementing classic backpropagation directly on microcontrollers for training reinforcement learning (RL) agents, specifically focusing on resource constrained hardware platforms such as the STM32F4 (128 Kb SRAM, 512 Kb Flash), STM32H7 (up to 1.4 Mb of SRAM, up to 2 Mb Flash), and STM32N6 (Flash up to 4 Mb, SRAM up to 4,2 Mb) microcontrollers. Using the REINFORCE algorithm with a multilayer perceptron (MLP) network architecture (four inputs, one hidden ReLU layer of variable size, and a 10 unit softmax output), we conducted training from scratch.

The RL environment, simulated externally using Gymnasium on a PC, only sends the state to the microcontroller. All computations, including state evaluation, reward calculation, policy updates, and action selection, were performed exclusively on the device. The resulting actions were communicated back to the PC environment. This setup closely emulates real world sensor based interactions, positioning the microcontroller as the computational core for autonomous decision making.

To evaluate the generality and robustness, we conducted experiments on multiple standard RL benchmarks, including CartPole, LunarLander, and MountainCar, across various network topologies and hardware configurations. Measurements of the training time and energy consumption were collected to analyze the scalability and efficiency with respect to both the model complexity and microcontroller capabilities. The results confirm that microcontroller based training can achieve performance comparable to training on conventional hardware, with acceptable latency and energy profiles.

While the existing literature explores on-device training using alternative methods or simplified architectures, few studies have explicitly implemented full backpropagation for RL tasks on highly constrained microcontrollers. Our findings highlight that classical backpropagation remains a viable and powerful training method for RL applications on tiny edge devices, particularly when compact network structures are employed, as is typically the case in RL tasks.

In addition to validating the feasibility of online learning on such platforms, our work contributes a generalizable methodology for deploying on-device intelligence without relying on specialized hardware accelerators. Future directions include developing a dedicated, scalable framework to streamline continuous learning deployment on edge hardware, experimenting with other reinforcement learning algorithms specifically for continuous control tasks, and conducting tests in real world environments instead of simulated setups.

Preparing the next generation of embedded-software engineers requires more than discrete lectures on faults, threats and coding rules: it demands an integrated, hands-on journey that lets students live the full life-cycle of a safety-critical product. For the past three academic years the University of Parma has offered exactly this through the 6-ECTS MSc course "Development of Reliable, Safe and Secure Software".

Rather than scattering small lab assignments across topics, the course revolves around a single, collaborative capstone: the design and virtual qualification of a neonatal incubator thermostat - an artifact whose dependability stakes are instantly clear to every participant. Working as one development team, students start with stakeholder analysis and STPA-based hazard identification, then follow a condensed but faithful ISO 26262-inspired workflow: requirements elicitation and traceability, architecture definition, unit design, MISRA-guided implementation, MC/DC-oriented verification, continuous integration, system-level simulation and validation. The only steps omitted are hardware manufacture and physical tests, so learners still traverse every software-engineering discipline that feeds a safety case, from risk assessment to coverage closure.

This talk distills three editions of the course into four transferable pedagogical insights:

1. "One system, many roles" - students rotate between safety, security and quality leads, experiencing the trade-offs first-hand.

2. "Traceability as a scaffold" - a lightweight requirements management system turns the abstract idea of bidirectional links into a daily habit.

3. "Feedback loops over grades" - weekly design reviews (with the participation of industry guests) replace traditional mid-term exams, mirroring real assessment gates.

4. "Open artifacts, open doors" – all templates, checklists, scripts and exemplar work products are released under a permissive license, enabling other universities and companies to adopt or remix the material at zero cost.

Student feedback confirm the approach: across 50+ enrolled students, average project rubric scores is 30/30, while many of them expressed agreement on the fact that the project clarified how safety, security and reliability interlock.

By sharing the lessons learned about orchestration, coaching and tooling, the presentation invites the IWES community to replicate, extend - or even host—the experience. The goal aligns neatly with IWES 2025's mission to foster academia–industry exchange on embedded-system practice. Attendees will leave with a concrete blueprint for embedding holistic dependability education into their own curricula, plus an open invitation to collaborate on the next iteration.

Cyber-physical systems are vulnerable to Advanced Persistent Threats (APTs), which exploit system vulnerabilities using stealthy, long-term attacks. Anomaly-based intrusion detection systems are a promising means to protect against APTs. Still, they depend on high-quality datasets, which often fail to represent APT complexity and the evolution of the attacker strategies through time. This presentation proposes a methodology to create semi-synthetic, labeled datasets that represent the complex attack graphs of APTs in cyber-physical systems. To demonstrate our approach, we replicate publish/subscribe network traffic from a real testbed with realistic noise and multi-step APT attacks based on the MITRE ATT&CK framework. The dataset captures detailed APT stages and enables the evaluation of the intrusion detection systems that revolve around false positives and the time to detection.

Realistic industrial systems typically need to be modeled as hybrid systems consisting of hundreds (easily thousands) of nonlinear differential algebraic equations (DAEs). The size of such models is one of the major obstacles to overcome when developing automated design methods for industrial control systems.

We present a scenario-based approach that, by exploiting the synergies among simulation, black-box optimization, and statistical model checking, allows us to automate the design of quality-guaranteed industry-size control systems, i.e., control systems for which a user-specified statistical guarantee on correctness holds over the possible operational scenarios.

We show the effectiveness of our approach through a Modelica model consisting of a hybrid nonlinear DAE system with 1276 equations, 492 of which are nontrivial, containing 152 continuous state variables and 38 discrete ones, plus 7 algorithm blocks.

Our experiments show that within a few hours of computation on an off-the-shelf work-station, we can find quality-guaranteed solutions (with very tight quality guarantees) to our design problem. We also compute an entire discretized Pareto front for such a large system over two conflicting key performance indicators.

This work appears in IEEE Transactions on Industrial Informatics, Vol. 21, N. 5, May 2025. DOI: 10.1109/TII.2025.3528556

The use of synthetic datasets is emerging as a practical solution to address the lack of annotated data in the railway domain, where acquiring images, point clouds, and accurate ground truth can be complex and expensive.

In this context, we present SynDRA and SynDRA-BBox, two synthetic datasets generated using a simulation framework developed in Unreal Engine 5.

SynDRA is a dataset consisting of RGB image sequences and corresponding semantic segmentation maps, captured from a front-mounted stereo camera installed on a moving train. The sequences were generated across four different virtual environments, each traversed in both directions and under various lighting conditions (morning, afternoon, evening) and weather conditions (clear, rainy, foggy), resulting in a total of 80 realistic sequences. The environments reproduce urban, rural, and industrial scenarios, representing realistic railway infrastructure.

SynDRA-BBox is a multimodal extension focused on object detection. The sequences were captured in selected areas of the four original SynDRA environments, as well as in three additional environments specifically designed to diversify scene geometry and content. The dataset includes data from:

• 30° FOV RGB camera;

• 90° stereo RGB cameras;

• Non-repeating scanning Livox TELE-15 LiDAR;

• 64-channel Velodyne LiDAR.

The annotations include:

• Semantic segmentation for all cameras and point clouds;

• Depth maps for each camera;

• 2D and 3D object detection annotations on both images and point clouds;

• Precise position and timestamp information for all RGB and LiDAR sensors.

Both datasets have been employed to evaluate traditional and AI-based perception algorithms, with particular focus on synthetic-to-real domain adaptation techniques. Experimental evaluations cover semantic segmentation and object detection tasks, highlighting the value of synthetic data for pre-training and validation in real-world applications.

Both datasets are publicly available at syndra.retis.santannapisa.it. We have released them to support and accelerate research in the field, and we welcome potential collaborations and feedback from the community.

This study addresses the challenges of managing multi-camera video streams in smart cities by proposing fog computing as a means to decentralize processing and overcome cloud limitations. The research explores lightweight GPU partitioning strategies, specifically CUDA Green Context (GC), on NVIDIA Jetson Orin platforms. By evaluating a real-world multi-camera application, object detection latency was measured. Results show that partitioning significantly reduces latency: Quarter Partitioning achieved a 10% improvement and Half Partitioning 6% compared to the non-partitioned configuration. This is hypothesized to result from more efficient use of the GPU memory hierarchy. The work confirms the benefits of GPU partitioning—including latency reduction and data isolation—even in resource-constrained embedded fog environments.

In this presentation we will go over the experience of a mid-size embedded engineering organization during the creation of a new product with a GUI.

We will look at the requirements gathering, supplier selection, decision making, development, platforms, design, skills, licensing, software development, we will see examples of complex features like multilanguage support. The presentation recounts the complete journey from original inception to launching the product, detailing aspects of process as well as of technical nature, showing frameworks and pieces of code.