Search Results

When developing software it is important to consider process, methods, and tools. For safety-critical software, standards such as IEC 61508 are often used to impose additional constraints on the development process and require the production of verification evidence and other artifacts. These constraints and artifacts are needed whether or not the design and code were produced manually or via tool automation. This paper discusses the usage of Production Code Generation for safety-critical software development.

Model-Based Design has become a standard in the automotive industry. In addition to the well-documented advantages that come from modeling control algorithms, [1,2,3,4] modeling plants can lead to more robust designs. Plant modeling enables engineers to test a controller with multiple plant parameters, and to simulate nominal or ideal values. Modeling variable physical parameters provides a better representation of what can be expected in production. Monte Carlo analysis is a standard method of simulating variability that occurs in real physical parameters. Automotive companies use Monte Carlo testing to ensure high quality, robust designs. Due to time and resource constraints, engineers often examine only a limited number of key parameters rather than an entire set. This leaves the design vulnerable to problems caused by missing the full potential impact of parameters that were unvaried during testing.

Model-Based Design is no longer limited to R&D and pilot programs; it is frequently used for production programs at automotive companies around the world. The demands of production programs drive an even greater need for tools and practices that enable automation and rigor in the area of verification, validation, and test. Without these tools and practices, achieving the quality demanded by the automotive market is not possible. This paper presents best practices in verification, validation, and test that are applicable to any program, but are critical when applying Model-Based Design in production programs.

When developing production software for fixed-point Engine Control Units (ECUs), it is important to consider the transition from floating-point to fixed-point algorithms. Systems engineers frequently design algorithms in floating-point math, usually double precision. This represents the ideal algorithm behavior without much concern for its final realization in production software and hardware. Software engineers and suppliers in mass production environments, however, are concerned with production realities and often need to convert these algorithms to fixed-point math for their integer-only hardware. A key task is to design scale factors that maximize code efficiency by minimizing the bytes used, while also minimizing quantization effects such that the fixed-point algorithms match the floating-point results within an acceptable numerical margin.

Automatic code generation from models is actively used at Caterpillar for powertrain and machine control development. This technology was needed to satisfy the industry's demands for both increased software feature content, and its added complexity, and a short turn-around time. A pilot development effort was employed initially to roll out this new technology and shape the deployment strategy. As a result of a series of successful projects involving rapid prototyping and production code generation, Caterpillar will deploy MathWorks modeling and code generation products as their department-wide production development capability. The data collected indicated a reduction of person hours by a factor of 2 to 4 depending on the project and a reduction of calendar time by a factor of greater than 2. This paper discusses the challenges, results, and lessons learned, during this pilot effort from the perspectives of both Caterpillar and The MathWorks.

Software developed for safety-critical systems needs to be of high integrity. Special precautions and development steps are needed for high-integrity software that are not required for other software, although many would argue that they should be. Examples include language subsets, Verification and Validation (V&V), inspections, requirements traceability, documentation, and structural test coverage. Production code generation supports these activities by providing a complete software engineering development environment using models to specify the software. The models can then be tested and stressed within boundaries of the modeling environment. The tests and results can then be reused and applied to the generated code. This paper describes high-integrity code development techniques and shows how they can be automated and applied at the model level, improving quality while shortening design cycles.