Visvesvaraya Technological University

BELAGAVI, KARNATAKA.

A TECHNICAL SEMINAR REPORT ON

“Empirical Study for Open Source Libraries

in Automotive Software System”
Submitted to Visvesvaraya Technological University in partial
fulfillment of the requirement for the award of award of Bachelor of
Engineering in Computer Science and Engineering.

Submitted by:

SUPRITHA PATIL ML 4JN21CS411

Under the Guidance of

Mr.SANDEEP B., B.E.,M.Tech

Asst. Prof., Dept. of CS&E

Department of Computer Science & Engineering

J.N.N. College of Engineering
Shivamogga - 577 204
2023
 National Education Society (R.)

CERTIFICATE
This is to certify that the Technical Seminar report entitled

“Empirical Study for Open Source Libraries in

Automotive Software System”
Submitted by:
SUPRITHA PATIL ML 4JN21CS411

Student of 8th semester B. E. under the supervision and guidance towards

the partial fulfillment of the requirement for award of Bachelor of Engineering
degree in Computer Science and Engineering of Visvesvaraya Technological
University, Belagavi during the year 2023.

Signature of Guide Signature of Coordinators

Mr.SANDEEP B., B.E.,M.Tech Dr. Sankhya N Nayak, M.Tech., Ph. D

Asst. Prof., Dept. of CS&E Assoc. Prof., Dept. of CS&E

Signature of HOD

Dr. Jalesh Kumar. M.Tech., Ph. D.

Prof. & Head, Dept. of CS&E
 ABSTRACT

Open-source software has revolutionized the field of software development, providing

a collaborative and transparent approach that encourages knowledge sharing and innovation.
However, the adoption of open-source software in automotive systems introduces security
concerns that require careful scrutiny and management. It focuses specifically on the unique
characteristics and challenges of open-source software in automotive vehicles. To achieve
these goals, it examine real-world examples and case studies to analyze the impact of open-
source software on automotive systems.

i
 ACKNOWLEDGMENT

The credit of the successful completion of the technical seminar should go to the
persons who rendered their consistent, constant source of knowledge, timely suggestions and
instructions towards us.

First of all I wish to express earnest thanks and affection respect to my project guide
Mr. Mr.Sandeep B,(B.E, M.Tech), Department of Computer Science & Engineering, who is
the motivator and source of inspiration.

I would like to thank our beloved Coordinators Dr. Ravindra S and Dr. Sankhya N
Nayak, Department of Computer Science & Engineering for their support.

I would like to thank our beloved Professor and Head Dr. Jalesh Kumar, Department
of Computer Science & Engineering for allowing me to take up this technical seminar.

I am very much grateful to our respected principal, Dr. Y. Vijay Kumar for his
encouragement and providing an excellent working environment in our college.

Finally, I thank our teaching and non-teaching staff, classmates and all who have
helped us directly or indirectly for the successful completion of this technical seminar and, I
would like to thank JNNCE College for providing a stage to show my talent.

Supritha Patil Ml

4JN21CS411

ii
 TABLE OF CONTENTS

Abstract i
Acknowledgment ii
Contents iii
List of Figures iv
List of Tables v

Chapters Page No.

1 INTRODUCTION 1-3

1.1 Introduction of the project 1

1.2 Overview of research question 2

1.3 Problem description 3

2 LITERATURE SURVEY 4-8

3 APPROACHES AND METHODS 9-16

3.1 Automotive software collection and processing 9

3.1.1 Specific criteria to select firmware 9

3.2 Automotive software decompression 9

3.3 Open source component detection 11

3.3.1 Library name fuzzy match 11

3.3.2 Meta-info matching 11

3.3.3 String matching 12

3.3.4 Clustering Rules 12

3.4 Automotive system architecture 13

4 RESULTS 17

5 APPLICATIONS 18-19

5.1 Commonly-used open source software identification 18

6 CONCLUSION & REFERENCES 20-21

iii
 LIST OF FIGURES
Figure Title Page No.

Figure 1.2 Overview of research questions 2

Figure 3.2 Workflow of data extraction 10

Figure 3.4 Automotive system architecture 15

iv
 Empirical Study for Open Source Libraries in Automotive Software
System

CHAPTER 1

INTRODUCTION
1.1 Introduction of the project

Open-source software has emerged as a transformative force in the realm of

software development and innovation. Open source software refers to software whose
source code is freely available to the public, allowing anyone to view, modify, and
distribute it. This collaborative and transparent approach to software development has
fostered a vibrant ecosystem of projects, communities, and contributions from developers
worldwide. Open- source software encourages knowledge sharing, collaboration, and
collective problem solving, enabling developers to build upon existing solutions and create
new ones more efficiently. Moreover, open source software promotes flexibility,
customization, and adaptability, as developers can modify the source code to suit their
specific needs. The open- source movementhas not only driven the development of high-
quality and robust software but has also sparked technological advancements in various
domains, ranging from operating systems and programming languages to web frameworks
and machine learning algorithms.

The utilization of open-source software in automotive car software systems has

gained significant traction in recent years. The automotive industry has recognized the
benefits of leveraging open-source software for various components, including operating
systems, middleware, and application frameworks.Open-source software enables
automakers and suppliers to harness the collective expertise of a global community,
resulting in accelerated development cycles, cost savings, and increased innovation.
However, the adoption of open- source software in automotive systems also introduces
potential security concerns. The transparency and accessibility of open-source software,
while promoting collaboration, can also expose vulnerabilities to malicious actors. As the
complexity of automotive software systems increases, ensuring the security of open-source
components becomes crucial. It requires rigorous scrutiny, continuous monitoring, and
timely patching to mitigate potential security risks.
Therefore, it is important to understand the usage of open-source software in automotive
systems. Empirical Study for Open Source Libraries in Automotive Software Systems few

Department of CS&E, JNNCE, Shivamogga Page 1

 Empirical Study for Open Source Libraries in Automotive Software
System

existing studies that aim to provide such information. Instead, some related researchers are
trying to investigate the open-source software ecosystem in a more general situation

1.2 Overview of research question

This provide an overview of open source libraries in automotive software system

study,as depicted in Figure 1.1, which also presents the research questions (RQs) guiding
this investigation. Firstly, the aim is to comprehensively understand the software structure
of automotive systems (RQ1). Secondly ,identify and analyze the open-source libraries
utilizedwithin the automotive components, examining their distribution across the system
(RQ2). Subsequently, compare these automotive-specific libraries with commonly used
libraries in the broader open-source ecosystem to ascertain if there are any distinct
distribution patterns unique to automotive systems (RQ3). Finally, assess the security
implications associated with the utilization of open-source libraries in automotive systems
(RQ4), as addressingsecurity concerns is a primary motivation for studying and managing
these libraries.

Figure 1.2: Overview of research questions

Department of CS&E, JNNCE, Shivamogga Page 2

 Empirical Study for Open Source Libraries in Automotive Software
System

1.3 Problem description

The problem addressed in the open source libraries for automative software system is that the
quality fails due to their community-driven nature. While many are reliable, some may suffer
from inadequate resources or inconsistent maintenance. Metrics like maintenance and security can
help evaluate an open source project's quality and it may is hardly to maintain its open source
projects licencses. Different licenses have varying requirements, restrictions, and obligations and
also it suffer from mitigate security risks& design flaws. The aim was to increase the qualtity with
easy maintenance with increasing embraces software-driven innovations to explore the
utilization of open-source software in the automotive industry and delving into its benefits,
challenges, and implications. By examining real-world examples and case studies.

Department of CS&E, JNNCE, Shivamogga Page 3

 Empirical Study for Open Source Libraries in Automotive Software
System

CHAPTER 2

LITERATURE SURVEY
Literature Survey helps in relating the proposed work to prior researches in statistics
and helps in finding errors and drawbacks of the particular method used to solve problem.

1. Title: “An Automated Continuous Integration Multitest Platform for

AutomotiveSystems”

Authors Name: Boyang Du, Sarah Azimi, Annarita Moramarco and Davide
Sabena.Year: 2022.
Description:

In this article, it presented a new test platform framework for automotive

applications, utilizing multiple test platforms with different levels of observability and
controllability at different stages of application development. Furthermore, a unified
interface is introduced to distribute the test cases among different test platforms
including EVE, FPGA-based VP, and HIL to be executed as earlier as possible. Together
with the ACI solution adopted from software engineering, the proposed framework is
able to automatically generate test cases from test requirement items and launch the test
cases across different test platforms as soon asavailable.

Advantage:

In this article, it propose a new testing infrastructure that unifies different platforms
targeting different stages of development, taking advantage of existing CI tools in
software development. The testing infrastructure is able to generate test cases targeting
different systems taking into account the availability of different features of each
platform and gather test results to provide feedback to designers. It reduce cost in terms
of time

Disadvantage:

The resolution has not been provided for the Virtual Platform and System since
both the approaches adopted a simulation engine that cannot be compared with a system
emulation.

Department of CS&E, JNNCE, Shivamogga Page 4

 Empirical Study for Open Source Libraries in Automotive Software
System

2. Title: “Painting the Landscape of Automotive Software in GitHub”

Authors Name: Sangeeth Kochanthara, Yanja Dajsuren and Loek
Cleophas.Year: 2022.
Description:

This study presents a landscape of automotive software projects publicly available

on GitHub. It identified and categorized ≈600 automotive repositories grounded in
definitions from literature and well-defined empirical methods.It also identified a
similar number of non-automotive projects for comparison. It will be analyzed the
origin, temporal trends, key players, popularity of projects, languages for development,
user distribution across repositories, and development activities. It also present, a first of
its kind, manually curated dataset of automotive projects and a comparison set of non-
automotive projects, for replication and future research. This study shows that
automotive domain is undergoing a shift in multiple dimensions including the
prevalence of automated driving software development, change in preferred language
from MATLAB to Python, and entry of softwarecompanies and startups to the domain.

Advantage:

The Advantage of this paper is the recent developments in software engineering,

that enables automated driving, will further accelerate open source automotive software
development. It believe that the software stacks for automated driving will benefit from
perception and decision software currently developed in open source. Since these
systems are developed independent of car makers, involving the open source
community for the acceleration of their development, is a logical step.

Disadvantage:

Some of the repositories from Py Git Hub based data was not available in G H
Torrent. Consequently. And it might have missed the different tiers of suppliers to car
makers since there is no straightforward way to identify suppliers from the GitHub
meta- data.

Department of CS&E, JNNCE, Shivamogga Page 5

 Empirical Study for Open Source Libraries in Automotive Software
System

3. Title: “Empirical Study for Open Source Libraries in Automotive

Software Systems”Authors Name: Yanan Zhangi, Yuqiao Ning, Chao
Ma and Longhai Yu.
Year: 2023.

Description:

This paper presents a comprehensive empirical study on the utilization of open-

source libraries within automotive ecosystems. By collecting and analyzing 10
firmware samples and 4092 libraries, it offer insights into the overall software
architecture of automotive systems. Furthermore, it investigate the distribution patterns
of open-source libraries in thisdomain and compare them with those found in general-
purpose software. Surprisingly, our findings reveal that a significant portion 61.15% of
automotive libraries is distinct from thelibraries commonly used in general software.
Finally, it conduct an analysis of security issues associated with the use of these
libraries and provide actionable recommendations for improving open-source library
management across all user categories.

Advantage:

It is advantageous to provide not only the libraries themselves but also best
practices fortheir usage and management. This can encompass offering standardized
installation or import procedures for the libraries and ensuring their compatibility with
component detection tools. The overarching goal is to facilitate easier open-source
management for C/C++ developers.

Disadvantage:

It is crucial to acknowledge that the scope of automotive open-source libraries

differs from commonly used libraries. As a result, software component analysis tools
that perform well in general library detection may exhibit limited effectiveness in
automotive scenarios. This discrepancy arises due to the heavy reliance of these tools
on the comprehensiveness of their underlying databases.

Department of CS&E, JNNCE, Shivamogga Page 6

 Empirical Study for Open Source Libraries in Automotive Software
System

4. Title: “Assessing the Real Impact of Open-Source Components in

Software Systems” Authors Name: Andy Molin, Andrei Mario Rivis
and Radu Marinescu.
Year: 2023.
Description:

This paper proposes an advanced software composition analysis (SCA) approach

that simultaneously considers open-source component issues and their integration into a
software system. It introduce a novel meta-model that links a library with its source
code dependencies and enables a unified analysis, irrespective of the originating package
manager or open-source repository. The proposed approach, instantiated through a code
analysis tool and adapters for major package managers and repositories, was applied to
over 200 popular GitHub projects. Results confirm that the impact of open-source
component issues largely depends on their integration level in the software system,
validating our assumption that effective risk management requires understanding of the
open-source component use within the system. Our work, therefore, provides an enriched
methodology for SCA.

Advantage:

The entire system developed offers a better perspective when it comes to analyze a
project’s dependencies. It offers a view on the age of the dependencies, on the
vulnerabilitiesa dependency has, and also can help to understand the structure of a
system by simply seeingits dependencies and where they are used. This approach
enables to allocate resources and efforts more efficiently, ensuring that the most
pressing library- related issues are tackled promptly. Therefore, this approach can make
an important contribution in the process of evaluating the quality of software systems.

Disadvantage:

This approach focuses on analyzing third-party libraries obtained from external

repositories. However, many software systems incorporate embedded libraries, which
are libraries included within the system’s codebase. While SCA approach provides
valuable insights into the libraries used in open-source projects, it is important to
acknowledge several limitations and potential threats to the validity of our analysis.

Department of CS&E, JNNCE, Shivamogga Page 7

 Empirical Study for Open Source Libraries in Automotive Software
System

5. Title: “Treat societally impactful scientific insights as open-source

software artifacts” Author Name: Cynthia C. S. Liem and Andrew M.
Demetriou.
Year: 2023.

Description:

This article is a ‘paper’. At the moment it will reach broader readership with a
formal citation attached, it will have passed peer review, and be part of a referenceable
collection ofproceedings of the ICSE 2023 Software Engineering in Society Track. This
form and workflow have been the traditional template for communicating scientific
outcomes, where getting papers accepted at prestigious venues has traditionally been
treated as the major indicator of academic achievement. Academic research has been
operating under scarcity, both regarding job and research funding security. As a
consequence, (not) getting major publications accepted and sufficiently cited thus has
great career consequences. Still, for a long time, research communities have been
acknowledging that contributions of scientific insight extend much beyond a paper, and
proposals for open science have emerged, including ventures 1Most likely, it will not
reach the reader on paper, but as a digital PDF. into open access, open and FAIR
(Findable, Accessibile, Interoperable, Reusable) data, and open-source software.

Advantage:

More specifically, considering empirical scientific insights in the broad sense (i.e.,
insights requiring empirical observation of phenomena, often expressed in the form of
data measurements), this will argue that making these insights more open will require
infrastructure and quality assurance mechanisms similar to those needed in developing
complex open-source software artifacts.

Disadvantage:

Still, open access is only an aspect of open science, and insights and methods
reported in a paper may not trivially be reproducible or replicable, either because
common specifications are not sufficiently detailed, or because claims may be outright
false.

Department of CS&E, JNNCE, Shivamogga Page 8

 Empirical Study for Open Source Libraries in Automotive Software
System

CHAPTER 3

PROPOSED METHODS

3.1 Automotive software collection and processing

It presents a detailed process for collecting open-source libraries from real-world

automotive systems. Initially, it collects 100 firmware by directly extracting the system
data from car hardware or their updating packages. Due to the concerns about protecting
the sensitive information of automotive companies, in this article, this only provide an
overview ofthe sources of 100 firmware samples. Detailed information, such as the
specific car mode, will not be disclosed. Among the 100 firmware, the aim is to collect
samples from as many automotive companies as possible.

3.1.1 Specific criteria to select firmware:

 The selected firmware must either represent a complete system image or an update
package aimed at upgrading the entire firmware system. If there is no such
firmware,select multiplefirmware to ensure that the combination of them can cover the
entire system. This criterion ensures to avoid selecting firmware that only contains partial
information about the system.
 The selected firmware should originate from different automotive manufacturers,
rather than being limited to a single one. This approach ensures that the firmware comes
from different development teams, which may use different open source libraries.
 The selected firmware should come from different parts of the automotive system.
As an automotive vehicle may integrate multiple firmware systems, this criterion ensures
that our selection includes firmware from various parts with different kinds of open
source libraries.

3.2 Automotive software decompression

After successfully obtaining the binary file from the firmware, the subsequent step
involves extracting all the open-source libraries present within the unified binary file. To
accomplish this, it employ an efficient iterative decompression engine designed
specifically for this purpose. The primary objective of this engine is to progressively break
down the file into smaller components until there are no remaining compressed files in the

Department of CS&E, JNNCE, Shivamogga Page 9

 Empirical Study for Open Source Libraries in Automotive Software
System
final results. Figure

Department of CS&E, JNNCE, Shivamogga Page 10

 Empirical Study for Open Source Libraries in Automotive Software
System

3.1 illustrates the workflow for our data extraction process. Beginning with a firmware
file, the initial step involves decompression or unzipping using appropriate archive tools,

resulting in first-level binary files. These binary files encompass known file types,
unknown types, and archive files. To further recover and extract binary files with
recognized formats, it employ distinct analysis tools. For unknown binaries, employ bin
walk to extract potential files, and for archive files, utilize archive tools to decompress
them. This process yields second-level binary files. By iteratively applying this procedure,
the progress to extract binary files that cannot undergo further decompression. These files
are considered the final output of our comprehensive data extraction process.

Figure 3.2: Workflow of data extraction.

For instance, if the magic header corresponds to a well-known file type such as
PNG (Portable Network Graphics) or JPEG (Joint Photographic Experts Group), it
indicates that thefile is an image and thus not relevant to our objective of extracting open-
source libraries. Therefore, such files are filtered out from further consideration.

TABEL 3.2: File type with decompression tools.

Department of CS&E, JNNCE, Shivamogga Page 11

 Empirical Study for Open Source Libraries in Automotive Software
System

For files identified as being of file system type, such as. img files,undertake the process of
system recovery and subsequently extract all files residing within the system. It is important
to note that file systems are a unique form of compression and may not be decompressed
using standard decompression tools. Therefore, specialized techniques are applied to
recover the system and extract its contents successfully. Lastly, files with an unknown type,
typically binary files or data files, undergo an additional step in which the bin walk tool is
employed as the default method to determine whether they contain any of the smaller files
of interest. By subjecting these files to bin walk’s analysis, it can identify embedded files or
additional layers of compression that may exist within them. This approach enables
comprehensive exploration of the binary and data files to ensure no relevant open- source
libraries are overlooked during the extraction process.

3.3 Open source component detection

In the final stage of the process, after decompressing the binary program, The main
focus on detecting the open-source libraries within the decompressed files. Drawing
inspiration from existing approaches and industry practices, and introduce an automatic
component detection algorithm to identify the majority of the open-source
components.This algorithm incorporates three types of feature matching: library name,
meta-info, and string matching, to effectively detect the components. Additionally, it
employ clustering rules to identify additional components that exhibit similar attributes.

3.3.1 Library name fuzzy matching

The binary file names often provide valuable clues about the real names of the
libraries.As our first strategy, leverage this feature to identify libraries within the
automotive system. However, there are cases where the file names have been deliberately
altered, rendering this approach ineffective. Moreover, the expected errors will also occur
if the file name does not match the library name. For example, the network communication
library OpenSSL may be distributed with the file name lib crypto. Using the name
matching approach cannot match thesetwo names. To address this challenge, incorporate
additional strategies to verify the actual names of the libraries.

3.3.2 Meta-info matching

Meta-info is a special type of feature that usually exists in the open source. The file
header of a binary file generally encompasses metadata, including the magic number, file

Department of CS&E, JNNCE, Shivamogga Page 12

 Empirical Study for Open Source Libraries in Automotive Software
System

type,and file version. Extracting this metadata necessitates reading the file header. It is
important to note that the file header format can differ across various types of binary files,
thereby requiringan understanding of how to interpret the file header based on the specific
file type. For instance, in the case of ELF (Executable and Linkable Format) files, the file
header encompasses significant metadata such as the file type, machine code, and entry
point address.

To access the information within the ELF file header, the ‘‘readelf’’ tool can be utilized.
The expected error of this matching approach occurs when the given binary file does not
contain the meta-info header. For the binary files that are imported from standard package
managers, the header will exist. Otherwise, different matching algorithms should be used
to determine the library name.

3.3.3 String matching

Strings in software binaries are typically invariants that remain unchanged during
the compilation process from source code. To exploit this characteristic, it collect and
extract strings from the source code of various projects and then proceed to detect libraries
in binary formats. and employ the command strings to extract strings from the target
binary files and compare them against the strings collected from the source code of
specific libraries. In our experiments, the set a threshold of 10%. If 10% of the strings in
the binary file match with those from a particular library,consider the binary file to contain
that library. This approach enables us to identify libraries present in the binary firmware
with a significant degree of confidence. The expected errors happen due to two reasons.
First, although the threshold of 10% is chosen to minimize the false positive and false
negative cases, there are cases where a binary file contains more than 10% strings of a
different library. Second, the library may importother libraries as their dependencies. This
will import other libraries’ strings into the source code. Matching strings of other libraries
will produce false positives if the percentage of these strings is relatively high. Therefore,
after the string matching algorithm, the employ human experts to verify the correctness of
the library prediction.

3.3.4 Clustering Rules

After completing all three steps of open-source library detection,to have identified
the libraries that can be detected through feature matching. However, this method of
detection relies on having the features of all libraries beforehand and cannot identify

Department of CS&E, JNNCE, Shivamogga Page 13

 Empirical Study for Open Source Libraries in Automotive Software
System
libraries whose features are not present in the database. To address this limitation,to
propose a set of

Department of CS&E, JNNCE, Shivamogga Page 14

 Empirical Study for Open Source Libraries in Automotive Software
System

rules to identify additional and new libraries within the binary firmware.
The rules are as follows:

 The file must be in the elf format (e.g., .so, .bin, or a binary file without an extension).

 The file should reside in the same folder as the already detected binary library.

 The file should adhere to the same format as the already detected binary library.

 The file should follow a specific naming convention, which can be expressed using
regular expressions.
To identify these additional libraries that exhibit similar characteristics to the
detected libraries, the employ the aforementioned rules and engage three software
engineering researchers for manual collection within the binary. In total, to successfully
collected 4092 open-source libraries from 676825 decompressed files, which will be
utilized for further analysis.

3.4 Automotive system architecture

This aim to understand how the automotive software system is structured. To

achieve this goal, manually analyze all the 100 firmware to collected from the automotive
systems. firstly classify these firmware into six types based on the functionalities they
provide. They are TBOX, IVI, In-Vehicle Gateway, ADAS, OBU and RSU. The detailed
explanation of thesesix types is given below. Then,examine the overall architecture of the
automotive system and understand the places where these firmware come from.

1) Telematics Box(TBOX):

The TBOX facilitates communication and data exchange between vehicles and the
Internet. Through TBOX connectivity, smart connected cars can access various telematics
services and applications, including real-time traffic information, navigation services,
remote payments, smart home integration, and entertainment applications. Acting as a
bridge between the vehicle and cloud services, the TBOX enables interaction and
integration with the external world.

2) In-Vehicle Infotainment System (IVI):

The IVI is an integrated onboard system that combines multimedia,

communication, and information processing functions, providing rich information,
entertainment, and
Department of CS&E, JNNCE, Shivamogga Page 15
 Empirical Study for Open Source Libraries in Automotive Software
System
interactive experiences for drivers and passengers in a transportation context. IVI can also

Department of CS&E, JNNCE, Shivamogga Page 16

 Empirical Study for Open Source Libraries in Automotive Software
System

interact with other vehicle systems, such as the vehicle control unit, to achieve a highly
integrated vehicle electrical architecture and enable intelligent and connected features. IVI
typically participates in vehicle integration as individual components.

3) In-Vehicle Gateway:

The In-Vehicle Gateway serves as a bridge between the internal and external

networks of a vehicle. It manages data flow within the vehicle’s internal network and
facilitates communication between the vehicle and the external Internet. The In-Vehicle
Gateway collectsdata from various internal systems and sensors, performs processing and
aggregation, and distributes the data, making it accessible and usable by different systems
and external cloud platforms.

4) Autonomous Driving Assistance System (ADAS):

The ADAS in intelligent connected vehicles integrates sensors, data processing, and
control algorithms to enable autonomous driving under specific conditions. Its purpose is
to provide advanced automated driving features, alleviate driver burden, and enhance
driving safety and convenience. The functionalities of ADAS include environment
perception and modeling, localization and route planning, autonomous driving decision-
making and vehicle control, and status monitoring and fault handling. ADAS utilizes sensors
such as lidar, cameras, and mm-wave radar to perceive and monitor road conditions,
vehicles, pedestrians, and obstacles in real time.

5) On-Board Unit (OBU):

The OBU is a device or module installed in a vehicle to enable external

communicationand connectivity. The OBU primarily collects vehicle, road, and pedestrian
information and provides communication and interaction capabilities with Roadside Units
(RSUs) and other OBUs. By utilizing Vehicle-to-Everything (V2X) communication
technology and Vehicle-to- Vehicle and Vehicle-to-Infrastructure (V2V/V2I) ultra-high-
frequency communication, theOBU establishes a vehicle self-organizing network, enabling
interconnection among vehicle terminals. It provides comprehensive traffic information to
drivers, improves driving experiences, and contributes to the realization of intelligent
traffic management and transportation systems.

Department of CS&E, JNNCE, Shivamogga Page 17

 Empirical Study for Open Source Libraries in Automotive Software
System

TABLE 3.2: Commonly used open source libraries.

6) Road Side Unit (RSU):

The RSU is the fundamental unit and primary deployment device in road network
construction, responsible for providing communication and interaction between vehicles
and road infrastructure. The main functionalities of the RSU include road information
interaction, intelligent traffic warning, and traffic management and optimization.
Simultaneously, the RSUcollects data from multiple vehicles for traffic flow analysis and
prediction, optimizing signal control and traffic dispatching to improve road efficiency and
reduce congestion. Through communication with vehicles, the RSU offers functions such
as traffic information exchange, traffic safety support, traffic management, and
optimization, providing essential support for thedevelopment of intelligent connected
vehicle systems and the intelligence of transportation systems.

Figure 3.4: Automotive system architecture.

Figure 4.2 shows the architecture for the automotive system and the locations where
theopen source package is found. The top structure of the automotive system is segmented
into distinct domains, delineating the boundaries of its core functionalities. Through an
assessment of component placement within the sample firmware, three pivotal domains are
discerned: the autonomous driving domain, intelligent cockpit domain, and vehicle control
domain. Seamlessly interlinked via an in-vehicle Ethernet connection, this architecture

Department of CS&E, JNNCE, Shivamogga Page 18

 Empirical Study for Open Source Libraries in Automotive Software
System

orchestrates a transition from a decentralized modular approach to a centralized computing

platform. This transition serves dual purposes-reducing costs and augmenting component
collaboration- thereby enhancing the overall system’s efficiency. Within each domain,
domain controllers forge connections with corresponding Electronic Control Units (ECUs)
via the Controller AreaNetwork (CAN) connection, facilitating the realization of logical
functions.For ECUs, they follow the AUTOSAR architecture which consists of four layers.
The foundational layer constitutes microcontrollers, which serve as intermediaries for
hardware communication. Situated above is the basic software layer, endowing the system
with foundational services encompassing networking and beyond. The runtime layer
elevates the abstraction further, which meticulously encapsulates low-level
implementations to ensure operational robustness. The top layer of this architecture is the
application layer, housing tailored software modules that underpin a spectrum of
functionalities. The sphere of open source libraries finds its realm of impact primarily
within the application and basic software layers. Detailed discussions regarding this aspect
are expounded upon in the subsequent section.

Department of CS&E, JNNCE, Shivamogga Page 19

 Empirical Study for Open Source Libraries in Automotive Software
System

CHAPTER 4

RESULTS

In this section,summarize the lessons learned from the finding in automotive open-
source library management. Firstly, for developers of software component detection tools,
it is essential to recognize the significant differences between automotive libraries and
commonly used libraries. Consequently, it is crucial to collect signatures specifically
tailored to the automotive domain. While some industrial tools claim to include libraries for
automobiles, our experiments revealed that none of them successfully detected libraries in
real-world cars. Therefore, developers must thoroughly investigate the scope of these
libraries and incorporate them into their databases.

Secondly, for developers of automotive systems, it is imperative to manage the open-

source libraries integrated into their systems, as many of these libraries often come with
security issues, such as vulnerabilities. While software component detection tools offer
protection after system compilation, it is preferable for developers to mitigate these issues
beforehand. One approach is to proactively select safe open-source libraries and their
appropriate versions during the development phase, thus alleviating potential problems.

Thirdly, for developers and management teams of open source libraries, given their
widespread use, it is advantageous to provide not only the libraries themselves but also best
practices for their usage and management. This can encompass offering standardized
installation or import procedures for the libraries and ensuring their compatibility with
component detection tools. The overarching goal is to facilitate easier open-source
management for C/C++ developers.

Department of CS&E, JNNCE, Shivamogga Page 20

 Empirical Study for Open Source Libraries in Automotive Software
System

CHAPTER 5

APPLICATION
5.1 Commonly-used open source software identification

In this section, the outline the procedure for identifying commonly used open-
source software within the ecosystem. Defining what constitutes ‘‘commonly used’’
presents a significant challenge. To address this, propose three criteria for assessing
libraries and provide a detailed process for collecting the list of open-source libraries
based on each of thesethree criteria. By employing this comprehensive approach, The
aim to establish a robust and representative dataset of widely adopted open-source
software components.

1 Libraries listed open source websites:

To initiate our data collection process, explore various online platforms that
curate lists of significant and foundational open-source packages. These platforms
serve as valuable references for identifying commonly used libraries within the
software engineering community.Our approach involves gathering a compilation of
websites that feature popular open-source packages. Subsequently, to conduct web
crawling techniques to extract the names of these libraries, which form the basis of our
data collection. By leveraging these reputable online resources, To ensure a
comprehensive and representative dataset of widely adopted open- source libraries.

2 Popular libraries hosted in GitHub:

Secondly, utilize GitHub, the largest code-hosting website globally, as a

valuable resource for open-source libraries. GitHub serves as a hub for numerous
open-source projects, making it an ideal platform for our research. One of the key
features offered by GitHub is the star rating system, which indicates the number of
individuals who appreciate a particular project. The higher the number of stars, the
more popular the open-source project tends to be. Hence, the employ the star count as
a criterion for selecting opensource components.

3 Libraries with CVEs:

The third aspect, consider is the presence of Common Vulnerabilities and Exposures

Department of CS&E, JNNCE, Shivamogga Page 21

 Empirical Study for Open Source Libraries in Automotive Software
System

(CVEs) within open-source libraries. CVEs refer to publicly known software security
bugs thatcan be exploited by malicious actors to target software systems. However,
identifying CVEs is a challenging task that requires significant effort. Consequently,
adversaries tend to focus theirefforts on finding vulnerabilities in popular software that
holds a large market share and can result in substantial losses when compromised. In
essence, open source projects with CVEs areoften those that are widely used by others.

4 Data consolidation:

Once to have collected the open-source lists from the three aforementioned
aspects, and merge them into a single unified list and eliminate any duplicate entries.
In cases to encounter libraries with similar but not identical names, and engage two
software engineering researchers to perform a manual verification process. Their
objective is to determine whether the open-source libraries in question refer to the
same project. In instances where a match is confirmed, to remove one of the duplicate
entries to ensure that there is no redundancy within our dataset.

Department of CS&E, JNNCE, Shivamogga Page 22

 Empirical Study for Open Source Libraries in Automotive Software
System

CHAPTER 6

CONCLUSION
In conclusion, it presents a comprehensive empirical study on the utilization of
open- source libraries within automotive ecosystems. By collecting and analyzing 10
firmware samples and 4092 libraries, to offer insights into the overall software
architecture of automotive systems. Furthermore, to investigate the distribution
patterns of open-source libraries in this domain and compare them with those found in
general- purpose software. Surprisingly, our findings reveal that a significant portion
61.15% of automotive libraries is distinct from the libraries commonly used in general
software. Finally, conduct an analysis of security issues associated with the use of
these libraries and provide actionable recommendations for improving open-source
library management across all user categories. Through this research, the aim to
enhance understanding and facilitate effective utilization of open-source libraries in the
automotive context.

Department of CS&E, JNNCE, Shivamogga Page 23

 Empirical Study for Open Source Libraries in Automotive Software
System

REFERENCE
[1]. B. Du, S. Azimi, A. Moramarco, D. Sabena, F. Parisi and L. Sterpone, "An
Automated Continuous Integration Multitest Platform for Automotive Systems," in
IEEE Systems Journal,vol. 16, no. 2, pp. 2495-2506, June 2022.

[2]. S. Kochanthara, Y. Dajsuren, L. Cleophas and M. van den Brand, "Painting the
Landscape of Automotive Software in GitHub," 2022 IEEE/ACM 19th International
Conference on Mining Software Repositories (MSR), Pittsburgh, PA, USA, 2022.

[3]. Y. Zhang, Y. Ning, C. Ma, L. Yu and Z. Guo, "Empirical Study for Open Source
Librariesin Automotive Software Systems," in IEEE Access, vol. 11, pp. 123717-123728,
2023.

[4]. A. Molin, A. M. Riviş and R. Marinescu, "Assessing the Real Impact of Open-
Source Components in Software Systems," in IEEE Access, vol. 11, pp. 111226-
111237, 2023.

[5]. C. C. S. Liem and A. M. Demetriou, "Treat societally impactful scientific insights

as open-source software artifacts," 2023 IEEE/ACM 45th International Conference on
Software Engineering: Software Engineering in Society (ICSE-SEIS), Melbourne,
Australia, 2023.

[6]. W. Tang, Z. Xu, C. Liu, J. Wu, S. Yang, Y. Li, P. Luo, and Y. Liu, ‘‘Towards
understanding third-party library dependency in C/C++ ecosystem,’’ in Proc. 37th
IEEE/ACM Int. Conf. Automated Software. Eng., Oct. 2022, pp. 1–12.

Department of CS&E, JNNCE, Shivamogga Page 24