Search Results

Model-Based Design with production code generation has been extensively utilized throughout the automotive software engineering community because of its ability to address complexity, productivity, and quality challenges. With new applications such as lane departure warning or electromechanical steering, engineers have begun to consider Model-Based Design to develop embedded software for applications that need to comply with safety standards such as IEC 61508. For in-vehicle applications, IEC 61508 is often considered state-of-the-art or generally accepted rules of technology (GART) for development of high-integrity software [6, 11]. In order to demonstrate standards compliance, the objectives and recommendations outlined in IEC 61508-3 [8] must be mapped onto processes and tools for Model-Based Design. This paper discusses a verification and validation workflow for developing in-vehicle software components which need to comply with IEC 61508-3 using Model-Based Design.

When developing software it is important to consider process, methods, and tools. For safety-critical software, standards such as IEC 61508 are often used to impose additional constraints on the development process and require the production of verification evidence and other artifacts. These constraints and artifacts are needed whether or not the design and code were produced manually or via tool automation. This paper discusses the usage of Production Code Generation for safety-critical software development.

Permanently increasing software complexity of today's electronic control units (ECUs) makes testing a central and significant task within embedded software development. While new software functions are still being developed or optimized, other functions already undergo certain tests, mostly on module level but also on system and integration level. Testing must be done as early as possible within the automotive development process. Typically ECU software developers test new function modules by stimulating the code with test data and capturing the modules' output behavior to compare it with reference data. This paper presents a new and systematic way of testing embedded software for automotive electronics, called MTest. MTest combines the classical module test with model-based development. The central element of MTest is the classification-tree method, which has originally been developed by the DaimlerChrysler research department.

In the automotive industry, the model-based approach is increasingly establishing itself as a standard paradigm for developing control unit software. Just as code reviews are widespread in classical software development as a quality assurance measure, models also have to undergo a stringent review procedure – particularly if they serve as a starting point for automatic implementation by code generators. In addition to these model reviews, the generated production code is reviewed later in the development process by performing auto code reviews. This article will present procedures for and give an account of experiences with model and code reviews which have been adapted to the model-based development process.

Whereas the verification of non-safety-related, embedded software typically focuses on demonstrating that the implementation fulfills its functional requirements, this is not sufficient for safety-relevant systems. In this case, the control software must also meet application-specific safety requirements. Safety requirements typically arise from the application of hazard and/or safety analysis techniques, e.g. FMEA, FTA or SHARD. During the downstream development process it must be shown that these requirements cannot be violated. This can be achieved utilizing different techniques. One way of providing evidence that violations of the safety properties identified cannot occur is to thoroughly test each of the safety requirements. This paper introduces Evolutionary Safety Testing (EST), a fully automated procedure for the safety testing of embedded control software.

When testing electronic control unit (ECU) software, test stimuli as well as test results are time-dependent signals. In order to effectively achieve high quality testing during development, the approved results of former tests serve as reference data for regression and back-to-back tests. The evaluation of those tests leads to a new task, the trustworthy comparison of time-dependent signals. To carry out this task we developed new concepts for signal comparisons and a tool, called MEval, for automating the test evaluation. Given a reference and a current result signal as inputs MEval evaluates their similarity. A new variant of a dynamic time warping algorithm, called difference-matrix preprocessing, allows an independent assessment of amplitude deviation and possible time shifts. Using the automatic test evaluation we defined an integrated test process for the model-based development of ECU software.

Usually, the testing of today’s ECU software follows a gut feeling approach, leading to test gaps and test redundancies. This paper presents a new, more systematic way of testing automotive control software. The central element of the approach is the Classification-Tree Method for Embedded Systems (CTM/ES). Using an interface description, which can be based on the specification and/or an executable model of the software, test scenarios can be derived systematically and described in a graphical way so as to provide the user with visual information about test coverage. The CTM/ES can be integrated into an overall test strategy for automotive control software developed in a model-based way. The approach opens up a new way of assuring quality for embedded control software which is especially designed for automotive software developers.

International standards that define requirements for the development of safety-related systems typically also define required confidence levels for the software tools used to develop those systems. The standards define-to a greater or lesser extent- procedures to classify, validate, certify, or qualify tools. To date, there is no common approach for tool validation, certification, and qualification across safety standards. Different standards attach different levels of importance to tool validation, certification, and qualification, and suggest different approaches to gain confidence in the tools used. With ISO 26262 “Road Vehicles - Functional Safety” on the horizon, automotive software practitioners will need to understand and implement the new software tool classification and qualification requirements laid out in this standard.

Because of its ability to address software complexity and productivity challenges, Model-Based Design with production code generation has been extensively used throughout the automotive software engineering community. More recently, engineers have begun to focus on compliance with external standards such as IEC 61508 and the use of Model-Based Design. For in-vehicle applications, the standard applied is typically IEC 61508-3. To demonstrate standard compliance, the objectives and recommendations outlined in IEC 61508-3 have to be mapped onto Model-Based Design processes and tools. This paper discusses a verification and validation workflow for developing in-vehicle software components that need to meet IEC 61508 using Model-Based Design.