Search Results

Model-based software development is increasingly being used to develop software for electronic control units (ECUs). When developing safety-related software, compared to non-safety-related software development, additional requirements specified by relevant safety-standards have to be met. Meeting these requirements should also be considered to be best practices for non-safety-related software. This paper introduces a model-based reference workflow for the development of safety-related software conforming to relevant safety-standards such as IEC 61508 and ISO 26262. The reference workflow discusses requirements traceability aspects, software architecture considerations that help to support modular development and ease the verification of model parts and the code generated from those model parts, and the selection and enforcement of modeling and coding guidelines.

Model-based software development and automatic code generation have become increasingly established in recent years. The automotive industry has widely adopted and successfully deployed these methods in many different series production programs worldwide. This brought various benefits, such as a reduction in development times, improved quality due to more precise specifications, and early verification and validation by means of simulation. At the same time, more and more safety-related and safety-critical systems have been - and will be -introduced into modern vehicles. Common examples are active front steering, adaptive cruise-control, and integrated chassis control. This leads to the question, if and how model-based design and automatic production code generation can be applied to the development of safety-critical systems.

This paper will first introduce and classify the basic principles of architecture-driven software development and will briefly sketch the presumed development process. This background information is then used to explain extensions which enable current behavior modeling and code generation tools to operate as software component generators. The generation of AUTOSAR software components using dSPACE's production code generator TargetLink is described as an example.

Function models have a well-established position in automotive software development. Formal system models, on the other hand, are rare. This article describes the various aspects of function and system models, focusing mainly on AUTOSAR-compatible models. It also depicts the challenges for future overall models that combine the function models and the system model, and the resulting benefits, such as early system verification via PC-based simulations.

Embedded software in the car is becoming increasingly complex due to the growing number of software-based controller functions and the increasing complexity of the software itself. Model-based development with Simulink combined with TargetLink for automatic code generation helps significantly to improve the quality of the embedded software. The development of large-scale Simulink models in distributed teams is a challenging task, especially when developing safety-critical software that must fulfill requirements stated in the ISO 26262 [1] safety standard. In practice, many questions on how to avoid the pitfalls of distributed model-based development remain open, such as how to define an appropriate model architecture, handle model complexity, and achieve compliance with ISO 26262. The intent of this paper is threefold. Firstly, we summarize those requirements of ISO 26262 that are relevant for developing complex software in a distributed environment.

Model-based development and autocoding have become common practice in the automotive industry over the past few years. The industry is using these methods to tackle a situation in which complexity is constantly growing and development times are constantly decreasing, while the safety requirements for the software stay the same or even increase. The debate is no longer whether these methods are useful, but rather on the conditions for achieving optimum results with them. From the experiences made during the last decade this paper shows some of the key factors helping to achieve success when introducing or extending the deployment of automatic code generation in a model-based design process.

Model-based development is the established way of developing embedded control algorithms, especially for safety-critical applications. The aim is to improve development efficiency and safety by developing the software at a high abstraction level (the model) and by generating the implementation (the C code) automatically from the model. Although model-based development focuses on the models themselves, downstream artifacts such as source code or executable object code have to be considered in the verification stage. Safety standards such as ISO 26262 require upper bounds to be determined for the required storage space or the execution time of real-time tasks, and the absence of run-time errors to be demonstrated. Static analysis tools are available which work at the code level and can prove the absence of such errors. However, the connection to the model level has to be explicitly established.

In modern vehicles the architecture of electronics is growing more and more complex because both the number of electronic functions – e.g. implemented as software modules – as well as the level of networking between electronic control units (ECUs) is steadily increasing. This complexity leads to greater propagation of failure symptoms, and diagnosing the causes of failure becomes a new challenge. Diagnostics aims at detecting failures such as defect sensors or faulty communication messages. It is subdivided into diagnosis algorithms on an ECU and algorithms running offboard, e.g. on a diagnostic tester. These algorithms have to complement each other in the best possible way. While in the past the diagnosis algorithm was developed late in the development process, nowadays there are efforts to start the development of such algorithms earlier – at least in parallel to developing a new feature itself. This would allow developers to verify the diagnosis algorithms in early design stages.

Over the last few years the introduction of explicit system and software architecture models (e.g. AUTOSAR models) has led to changes in the automotive development process. The ability to simulate these models on a PC will be decisive for the acceptance of such approaches. This would support the early verification of distributed ECU and software systems and could therefore lead to cost savings. This paper describes an implementation of such an approach which fits into current development processes.