A Systems Engineering Approach to Verification of Distributed Body Control Applications Development 2010-01-2328

An effective methodology for design verification and product validation is always a key to high quality products. As many body control applications are currently implemented across multiple ECUs distributed on one or more vehicle networks, verification and validation of vehicle-level user functions will require availability of both the vehicle networks and multiple ECUs involved in the implementation of the user functions. While the ECUs are usually developed by different suppliers and vehicle networks' infrastructure and communication protocols are normally maintained and developed by the OEM, each supplier will be faced with a similar challenge - the ECU being developed cannot be fully verified and tested until all other ECUs and their communication networks are available in the final development stage. In such cases, many design and implementation errors associated with each ECU and their interactive functions cannot be identified prior to vehicle-level integration testing, at which time cost of fixing errors would be high for each supplier involved. The errors that are not discovered during integration testing will consequently affect product quality and timely delivery. Even if all the ECUs are available and work for their “happy paths”, it will still be challenging to validate the ECU's capability of handling fault conditions. Therefore, a fault insertion testing strategy is essential to fully meet customer's expectations and robust design.

This paper describes a methodology for developing body control applications based on the concept of executable specification, plant modeling, test case generation using various means, and migration of test cases in the virtual test harness model to ECU-in-the-loop testing environment. Unique aspects of the plant modeling, test case development strategies and their value are discussed in this context. For example, behavior models of other ECUs on the vehicle network, fault conditions, and commands from an external diagnostic device into the plant models are incorporated to enable verification of distributed body control applications. For verification, the use of Stateflow for test case development and test case reuse for both requirements verification and ECU in-the-loop testing are also discussed. The methodology described in this paper has been successfully applied to production projects.