Development of AUTOSAR Software Components with Model-Based Design

Similar documents
Development of AUTOSAR Software Components with Model-Based Design

Applying Model-Based Design to Commercial Vehicle Electronics Systems

Frontload the design, V&V and certification of software-intensive mechatronic systems by adopting the Digital Twin approach

Automation framework for converting legacy application to AUTOSAR System using dspace SystemDesk

Agenda. Why AUTOSAR Introduction Technical Overview Backup References. 26 August 2015 Liu Xue

SystemDesk

2010 The MathWorks, Inc. Model-Based Design for High Integrity Software and Hardware

Application of MBD to Development of ECU Prototype for EPS

EB Automotive ECU solutions AUTOSAR Basic Software Tooling Functional Safety Customization Services

A Model-Based Reference Workflow for the Development of Safety-Critical Software

EB Automotive Driving the Future of Software

Model-Driven Development for Safety-Critical Software Components

Calibration Data Management A Puzzle Game no more

What s New in MATLAB and Simulink

What s New in MATLAB and Simulink

Model-Based Design for High Integrity Software Development Mike Anthony Senior Application Engineer MathWorks Tucson, AZ USA

ISO Software Compliance with Parasoft: Achieving Functional Safety in the Automotive Industry

Novedades de las últimas versiones de MATLAB y Simulink

SystemDesk 3.0

What s New in MATLAB and Simulink

DynaFusion Training Catalog

Model Based Embedded System Development for In-Vehicle Network Systems

Model Based Approach for the Integration of ECUs

Model-Sharing in the service of Innovation for the Automotive Industry

Trends in Automotive Software Engineering

Engineering the Future with AUTOSAR

Project Summary. Acceptanstest av säkerhetskritisk plattformsprogramvara

Measurement, simulation, virtualization

PC-Based Validation of ECU Software

WIND RIVER SIMICS WHEN IT MATTERS, IT RUNS ON WIND RIVER DEVELOP SOFTWARE IN A VIRTUAL ENVIRONMENT

Experience Report: Developing Off-Highway and Commercial Vehicles ECUs with AUTOSAR

A-L-V. Presenters, Ford Chassis Controls: Nate Rolfes John Broderick Jeff Cotter. With Ford MBSE Tools & Methods:

What s New in MATLAB and Simulink

Simulink as Your Enterprise Simulation Platform

Press Release. ETAS Rolls Out New Solutions for Simulink Users

HIL - TEST AND SIMULATION

Automotive Systems Engineering

Simulink as Your Enterprise Simulation Platform

AUTOSAR Automotive Open System Architecture

PREEvision 7.0. Roadmap and new Features. 3 th of March 2014

Safety Concept Description Language (SCDL) ISO Safety Concept, Design & Verification

Accelerating Innovation in Automotive Engineering

THE CHALLENGE OF ISO FOR COMPLEX SOFTWARE MODELS Oliver Collmann

The Role of Real-Time Workshop Embedded Coder in Supporting Cummins Inc. Vision for Model Based Development

Introduction to Simulink & Stateflow

Smart Strategic Approach for Functional Safety Implementation. Chandrashekara N Santosh Kumar Molleti

Renault Nissan new Software Strategy V07 Olivier Guetta, Emmanuel Coutenceau, Kazuhiro Ishigami

SOFTWARE DEVELOPMENT STANDARD

Working with. Eric Winder, Senior Applications Engineer. Renesas Electronics America Inc Renesas Electronics America Inc. All rights reserved.

Fiat Group Automobiles Policy for Software Quality Improvement

Developing Prognostics Algorithms: Data-Based and Model-Based Approaches

Autosar for Agri cultural Electronics

Shenoy R K Senior Vice President, Powertrain Electronics Robert Bosch Engineering and Business Solutions ltd.

Model-Based Design for ISO Applications. April 2010

Safe and Secure by Design: Systems Engineering Best Practices for Connected Vehicles

CTM CONTROL : Addressing the MC/DC Objective for Safety-Critical Automotive Software

Introduction to Simulink & Stateflow

Utilization of Simulink Verification and Validation (V&V) and Simulink Design Verifier (SDV) for HVAC Controls Software

Model-Based Design of a Quadcopter Ryan Gordon

Verification & Validation of an Autonomous Quadcopter System

The Internet of Simulation: Enabling Agile Model Based Systems Engineering for Cyber-Physical Systems

Modeling & Simulation Virtual commissioning

Guided and automated calibration and validation of powertrain systems

Introducing Capital HarnessXC The Newest Member of the CHS Family

Adoption of Modeling Standards as a Part of Enterprise-Wide Deployment

AMASS. Architecture-driven, Multi-concern and Seamless Assurance and

Model Based Design in Automation

Applicability of Model-Based Design Quality Metrics to Medical Device Software

architecture (SAFE) Project Presentation SAFE project partners

PLM Solutions V5.16 Empower your innovation network

elektrobit.com Driver assistance software EB Assist solutions

Automotive Systems Engineering und Functional Safety: The Way Forward

SeamleSS Implementation. based on ISO 26262

» Software in Tractors: Aspects of Development, Maintenance and Support «

Model-Based Design Maturity: Benchmarking the Automotive Industry Vinod Reddy Manager, Consulting Services

Model-Based Design with MATLAB and Simulink to shorten the design of a new infusion pump

The Functional. Mockup-Interface: Innovation through. Open Standards. Hubertus Tummescheit, Modelon

codebeamer ALM supports Aviation Development and Regulatory Compliance (DO-178B/C, DO-254, and more)

Vector Software. Understanding Verification and Validation of software under IEC :2010 W H I T E P A P E R

Working with. Renesas Electronics America Inc Renesas Electronics America Inc. All rights reserved.

Brochure. About. Tools. Services. Where can we help? Our approach Why choose Rapita?

Brochure Services. About. Tools. »» Where can we help? »» Unit/system testing. »» Software verification services»» Our approach

Virtual Integration on the Basis of a Structured System Modelling Approach

Abstraction Layers for the rollout of Automotive SPICE

Niagara 4 + JACE our newest products are open 4

PSS E. High-Performance Transmission Planning Application for the Power Industry. Answers for energy.

Brochure Services. About. Tools. »» Where can we help? »» Unit/system testing. »» Multicore timing services»» Our approach

Title of Slide. Virtual Simulation using QTronic Silver and TestWeaver. Presented by: Robert Ter waarbeek

AVL CONCERTO 4. Experience the harmony

A Cost-effective Methodology for Achieving ISO26262 Software Compliance. Mark Pitchford

Brochure Services. About. Tools. »» Where can we help? »» Unit/system testing. »» Software verification services»» Our approach

Saber Automotive Overview

The Timing Model TIMMO Methodology Guest Lecture at Chalmers University

The Impact of Modelling and Simulation in Airbus Product Development

Brochure Services. About. Tools. » Where can we help? » Unit/system testing. » Software verification services» Our approach

EAST-ADL Introduction: Overview

New Solution Deployment: Best Practices White Paper

AUTOSAR E/E Design Flow Solution. - Optimizing Functional / Logical Architecture Design with EAST-ADL and AUTOSAR

Vector is a global company located in Stuttgart, Germany Subsidiaries in USA, Japan, France, Sweden

This document describes the overall software development process of microcontroller software during all phases of the Company Name product life cycle.

Transcription:

Development of AUTOSAR Software Components with Model-Based Design Guido Sandmann Automotive Marketing Manager, EMEA The MathWorks Joachim Schlosser Senior Team Leader Application Engineering The MathWorks ABSTRACT This paper shows how engineers can create AUTOSAR Software Components using Simulink models without the need to change the models and with a possibility to generate Simulink models from Software Component Descriptions. Before describing these workflows, the paper introduces Model-Based Design and the idea of AUTOSAR to establish a common terminology and to show the motivation for combining AUTOSAR and Simulink models. INTRODUCTION The steady growth in the number of electronic control units (ECUs) on the average vehicle and the complexity of the algorithms that reside on these controllers has resulted in one of the most significant initiatives in the automotive industry in years. AUTOSAR the Automotive Open System Architecture has united more than 100 companies, automobile manufacturers, suppliers and tool vendors to develop a standard architecture for electronic control units. Version 2.1 was released by the end of 2006, and now OEMs as well as suppliers have started to develop and integrate AUTOSARcompliant functionality and components into vehicles. Version 2.1 of the AUTOSAR standard was seen by many as a maturing of the standard AUTOSAR basic software core and the stabilization of the information needed to specify application software components. This precipitated a rise in the number of tool vendors who blended the strengths of their tools with the standardized AUTOSAR platform. In 2006, Volkswagen used Model-Based Design in its approach and integrated an AUTOSAR-compliant Comfort and Convenience ECU into an existing E/E environment [1]. To address the complexity of applications and algorithms, automotive engineers are using Model-Based Design, which is already a widely used and accepted approach. Model-Based Design offers unambiguous and executable specifications in very early development phases. Capabilities such as automatic verification and validation and code generation are additional key benefits that make the development processes much more efficient and effective. As a standard architecture for ECU networks, AUTOSAR is already playing a significant role in the automotive industry. Even though the current activities focus mainly on further defining and refining the standard, many OEMs and suppliers currently take AUTOSAR into account when considering their future development processes and tool landscapes. This requires making decisions for a complete tool chain, starting from tools to design ECU architectures at the vehicle level down to tools for modeling the functional behavior of AUTOSAR software components required within Model-Based Design, as well as run-time environment generators and basic software component generation. MODEL-BASED DESIGN Traditional embedded software development involves paper designs and hand coding, followed by verification activities such as code inspections and unit and integration testing. Many of these activities lack tool automation, and so involve manual interaction. Thus they are error prone and time consuming. Lack of tool chain integration provides another opportunity for errors to be injected into the software that are often detected late and at high costs to the development process.

Figure 1. Model-Based Design. To overcome these challenges, Model-Based Design has become a widely used and accepted approach. Not only do simulations provide insight into the dynamic and algorithmic aspects of the system, but models are also commonly used for several constructive tasks, including: - Serving as executable specifications - Communicating component requirements and interface definitions between customer and supplier - Providing virtual prototypes of vehicle systems and models of drivers, road conditions, and other environmental conditions for algorithm development - Enabling automatic code generation of the software algorithms for production systems These Model-Based Design activities keep the engineering process focused on error prevention and early error detection. Verification and validation early in a project can reduce the risks associated with late error detection. As shown inerror! Reference source not found. Figure 1, Model-Based Design puts the model in the center of the development process and enables engineers to create executable specifications, automatically generate embedded code, and perform verification and validation (V&V) activities on these models. REQUIREMENTS AND CODE TRACEABILITY Embedded software development using Model-Based Design typically begins with high-level system requirements. These requirements are often managed with dedicated requirements management tools, word processors, or spreadsheets. Regardless of the tool used, engineers must ensure that a model and ultimately the generated code fulfills these high level requirements. Hence, it is important to have a robust traceability capability that links each requirement with the corresponding part of a model. Throughout the process, engineers develop a detailed software design model and continuously perform verification and validation to ensure that the model satisfies the requirements. Models consisting of state machines and block diagrams can have links that support bidirectional traceability to the requirements defined in popular documentation and requirements management tools. Test cases defined either by an engineer or generated automatically can also be linked with requirements to document the appropriate coverage. In later stages of the process, after generating the production code from the implementation model for a specific target, links between the code statements and the model with regard to the requirements are also available in Real-Time workshop Embedded Coder. Industry standards such as IEC 61508 [4] or Automotive SPICE [5] require this high degree of traceability for safety-critical software development.

Figure 2. Requirements and code traceability. EXECUTABLE SPECIFICATION, VERIFICATION, AND VALIDATION The requirements specified in a requirements document are then translated into a model, which is a formal description on a very abstract level that captures all relevant functional aspects. The primary advantages of this approach are the elimination of ambiguity and the definition of well-defined interfaces, which allow engineers to execute their concepts in the very early stages of development. 50 45 40 35 30 25 20 Relative Cost to Fix Defect Type Requirements Design Code Test Requirements Design Code Phase Found Test 15 10 5 0 Test Code Design Requirements Figure 3: Relative cost to fix defects per phase found [2]. With this approach, engineers can start test and validation activities from the beginning of a project. In Model-Based Design, test and validation is not just the last step in the process but a continuous verification and validation activity. In addition to test scenarios developed by a design or test engineer, there is also tool support available for automatic generation of test cases addressing coverage metrics up to modified condition/decision coverage (MC/DC).

Additionally, Model-Based Design with executable specifications facilitates communication between OEM and supplier, as well as communication among engineers on a project by its pure nature to be executable and graphical. Model-Based Design thus enables teams to complete important tasks much earlier than in a traditional approach. At the same time it leverages the quality of the complete design process, because it avoids time and cost-intensive iterations by not waiting to find errors at the very end. Error! Reference source not found. Figure 3 shows the tremendous increase in cost for fixing errors that are introduced in the requirements phase but not found until the test phase. PRODUCTION CODE GENERATION The software is automatically generated from the models during production code generation, for example when using Real-Time Workshop Embedded Coder. Since for time-discrete models no block replacements are necessary, this gives a fast path to code. A key benefit of this smooth integration is the reuse of the entire infrastructure that was already built and previously used for testing at the model level. Bugs and other defects discovered during the continuous verification and validation process are fixed at the model level, and the software can be regenerated without additional manual effort. AUTOSAR To address the challenges of increasing complexity while developing and maintaining electronic applications within the automotive domain, the companies involved decided to define a standardized architecture for electronic control units (ECU). Therefore, in 2002 leading OEMs and suppliers established the partnership of AUTOSAR (Automotive Open System Architecture) to pursue goals that include [3]: - Implementation and standardization of basic system functions as an OEM-wide "Standard Core" solution - Scalability to different vehicle and platform variants - Transferability of functions throughout the network - Integration of functional modules from multiple suppliers - Consideration of availability and safety requirements - Redundancy activation - Maintainability throughout the whole product life cycle - Increased use of commercial off-the-shelf hardware - Software updates and upgrades over the lifetime of the vehicle Figure 4. The AUTOSAR Software Architecture. Figure 4Error! Reference source not found. shows the defined architecture with the different software layers divided into three major areas. The Application Layer contains the functional applications of an ECU network. In the terminology of the standard, they are referred to as AUTOSAR Software Components. The AUTOSAR Run-Time Environment (RTE) layer was introduced to decouple the application software from the concrete infrastructure software. Finally, the AUTOSAR Basic Software layer between micro-controller and the RTE defines the infrastructure software both as hardware-dependent and hardware-independent non-functional services.

As mentioned above, the decoupling of functional application software and the target hardware is one of the main goals of AUTOSAR. To reach this goal, the Virtual Functional Bus (Error! Reference source not found.) was introduced. AUTOSAR software components implement the Application Layer and encapsulate the functionality of a single ECU or an ECU network. These software components have well-defined and standardized interfaces. Each AUTOSAR software component is dedicated to one specific ECU, while one ECU could consist of multiple software components. Figure 5. The Virtual Functional Bus. The Virtual Functional Bus implements the communication between the different AUTOSAR software components regardless of where they are located within the vehicle s ECU network. This concept in principle allows integration or transfer of AUTOSAR software components anywhere on the network. In the implementation phase, the generated runtime environment is a specific instance of the Virtual Functional Bus. DEVELOPMENT OF AUTOSAR SOFTWARE COMPONENTS The concept and benefits of Model-Based Design are even more valuable within the context of AUTOSAR, and should be applied to even more uses. Once a company has made the decision to develop their ECUs following an AUTOSARcompliant process, the design or software engineer should not be forced to change his or her workflow in order to generate AUTOSAR-compliant software. The MathWorks approach based upon MATLAB, Simulink, and Real-Time Workshop Embedded Coder for generating AUTOSAR-compliant code follows a transparent and intuitive process, and it supports two different workflows: top-down and bottom-up.

Simulink *.arxml Figure 6. DaVinci Architecture export and import into MATLAB and Simulink. TOP-DOWN: FROM AN ARCHTECTURE MODEL TO AN AUTOSAR SOFTWARE COMPONENT In the top-down workflow, system engineers use an architecture design tool (known as Authoring Tool in AUTOSAR terminology) such as the DaVinci Tool Suite from Vector Informatik to design the architecture of a vehicle s ECU network. Of course this does not restrict the possibility to use other authoring tools. The engineers then export an XML-description of the corresponding components: the AUTOSAR Software Component Description. This file contains all necessary information about the components such as runnables, interface descriptions, data types, and so on. With the AUTOSAR solution from The MathWorks, engineers can import this XML-file and automatically generate a skeleton Simulink model that contains the interface blocks (inports and outports) and the AUTOSAR-related settings for these objects as defined in the software component s description file. Figure 6Error! Reference source not found. illustrates the workflow. MATLAB API functions allow importing the AUTOSAR Software Component Description files and the generation of the skeleton model according to the AUTOSAR settings by using the MATLAB command line. Starting from this skeleton model, design engineers can develop the controller model with Simulink, Stateflow, and companion blocksets, as shown in Figure 7. Authoring Tool

Figure 7. Controller Design (other example). The block structure of the model can remain, and if the port structure is the same, engineers do not need to make extensive changes. The verification and validation features especially can be applied as usual and described in the section on Model-Based Design. Typically, the design engineer makes enhancements to the model relevant to AUTOSAR, for example by introducing additional runnables or interface objects. In this particular case he or she has to make corresponding settings to ensure that the generated code is compliant to the standard and fits into the additional software environment containing the run-time environment and hardware-related components from the basic software layer. These settings can be made via appropriate configuration parameter dialogs. For the code generation, the corresponding AUTOSAR System Target in Real-Time Workshop Embedded Coder needs to be selected. This second part of the workflow is the same procedure as in the following workflow, and it is illustrated in Figure. BOTTOM-UP: REUSING LEGACY MODELS TO GENERATE AUTOSAR-COMPLIANT CODE Because Model-Based Design is a well established process in the automotive industry, companies usually have an extensive library of mature and extensively tested models. It is important that these models can be reused to target different platforms such as AUTOSAR without any changes to the models blocks. The bottom-up workflow requires the same AUTOSAR configurations as described in the top-down workflow. In particular, the interface objects need to be configured to ensure that the generated software component can be integrated properly. In addition to the code files, an updated AUTOSAR software component description file in XML format will also be generated automatically, as shown in Figure. Simulink Authoring Tool.arxml AUTOSAR C Code Figure 8: Simulink AUTOSAR Code Generation, XML export and import into DaVinci Architect. CONCLUSION The complexity of electronic control units for automotive applications is constantly increasing, and as a consequence, the collaboration between OEMs and suppliers led to the AUTOSAR partnership one of the biggest standardization activities in the industry. The AUTOSAR standard is seen as the most important step towards dealing with the challenges

for the development process of modern automobiles. While AUTOSAR is focusing on the software and communication aspects between AUTOSAR software components and the decoupling of the application and the Basic Software layer, Model-Based Design is an established paradigm to deal with the complexity on a functional level. Because of the different direction of both approaches, Model-Based Design and AUTOSAR are not only compatible, but also complementary. The combination of the two is an excellent way to improve the cooperation between system engineers and design engineers, as well as collaboration between OEMs and suppliers. This paper showed that well-established tools for Model-Based Design from The MathWorks can easily be used to develop AUTOSAR-compliant software, starting with traditional Model-Based Design that is enhanced with the introduction of AUTOSAR-relevant aspects. The fact that no additional or exchanged blocks in the Simulink models are required, together with the capability of defining different configuration sets in Real-Time Workshop Embedded Coder enables choosing between AUTOSAR and any other code generation with just a fingertip. REFERENCES 1. Andreas Köhler, Volkswagen AG and Tillman Reck, Carmeq GmbH, AUTOSAR-Compliant Functional Modeling with MATLAB, Simulink, Stateflow and Real-Time Workshop Embedded Coder of a Serial Comfort Body Controller, MathWorks Automotive Conference 2007, Dearborn 2. NASA Return on Investment for Independent Verification & Validation, 2004. 3. www.autosar.org 4. Comité Européen de Normalisation Electrotechnique (CENELEC), Bruxelles: IEC 61508-3: Functional safety of electri-cal/electronic/ programmable electronic safety-related systems, Part 3: Software requirements, 1998. 5. International Organization for Standardization (ISO), ISO/IEC 15504-5: Information technology -- Process Assessment Part 5: An exemplar Process Assessment Model, 2006

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback