Search Results

This paper describes a new production code generator that meets both the requirements of code developers for efficient and reliable production code, as well as the desire of system engineers to establish a control design process based on simulation models that double as executable specifications for the ECU software. The production code generator supports automatic scaling, generates optimized fixed-point C code for microcontrollers like the Motorola 683xx, Siemens C16x, and Hitachi SH-2, and produces ASAP2 [1] calibration information. Benchmark results show that the autogenerated code can match or even exceed the efficiency of typical handwritten production code. Code quality is assured by design and by systematic, automatic, and extremely comprehensive test procedures.

This paper will first introduce and classify the basic principles of architecture-driven software development and will briefly sketch the presumed development process. This background information is then used to explain extensions which enable current behavior modeling and code generation tools to operate as software component generators. The generation of AUTOSAR software components using dSPACE's production code generator TargetLink is described as an example.

Model-based development is the established way of developing embedded control algorithms, especially for safety-critical applications. The aim is to improve development efficiency and safety by developing the software at a high abstraction level (the model) and by generating the implementation (the C code) automatically from the model. Although model-based development focuses on the models themselves, downstream artifacts such as source code or executable object code have to be considered in the verification stage. Safety standards such as ISO 26262 require upper bounds to be determined for the required storage space or the execution time of real-time tasks, and the absence of run-time errors to be demonstrated. Static analysis tools are available which work at the code level and can prove the absence of such errors. However, the connection to the model level has to be explicitly established.