Search Results

Model-based software development is increasingly being used to develop software for electronic control units (ECUs). When developing safety-related software, compared to non-safety-related software development, additional requirements specified by relevant safety-standards have to be met. Meeting these requirements should also be considered to be best practices for non-safety-related software. This paper introduces a model-based reference workflow for the development of safety-related software conforming to relevant safety-standards such as IEC 61508 and ISO 26262. The reference workflow discusses requirements traceability aspects, software architecture considerations that help to support modular development and ease the verification of model parts and the code generated from those model parts, and the selection and enforcement of modeling and coding guidelines.

Model-based software development and automatic code generation have become increasingly established in recent years. The automotive industry has widely adopted and successfully deployed these methods in many different series production programs worldwide. This brought various benefits, such as a reduction in development times, improved quality due to more precise specifications, and early verification and validation by means of simulation. At the same time, more and more safety-related and safety-critical systems have been - and will be -introduced into modern vehicles. Common examples are active front steering, adaptive cruise-control, and integrated chassis control. This leads to the question, if and how model-based design and automatic production code generation can be applied to the development of safety-critical systems.

This paper will first introduce and classify the basic principles of architecture-driven software development and will briefly sketch the presumed development process. This background information is then used to explain extensions which enable current behavior modeling and code generation tools to operate as software component generators. The generation of AUTOSAR software components using dSPACE's production code generator TargetLink is described as an example.

In future cars, mechanical and hydraulic components will be replaced by new electronic systems (x-by-wire). A failure of such a system constitutes a safety hazard for the passengers as well as for the environment of the car. Thus electronics and in particular software are taking over more responsibility and safety-critical tasks. To minimize the risk of failure in such systems safety standards are applied for their development. The safety standard IEC 61508 has been established for automotive electronic systems. At the same time, automatic code generation is increasingly being used for automotive software development. This is to cope with today's increasing requirements concerning cost reduction and time needed for ECU development combined with growing complexity. However, automatic code generation is hardly ever used today for the development of safety-critical systems.

Hardware-in-the-loop (HIL) simulation is now a standard component in the vehicle development process as a method for testing electronic control unit (ECU) software. HIL simulation is used for all aspects of development, naturally including safety-relevant functions and systems. This applies to all test tasks (from function testing to release tests, testing a single ECU or an ECU network, and so on) and also to different vehicle domains: The drivetrain, vehicle dynamics, driver assistance systems, interior/comfort systems and infotainment are all tested by HIL simulation. At the same time, modern vehicles feature more and more safety-related systems such as Adaptive Cruise Control, Electronic Stability Program, Power Assisted Steering, and Integrated Chassis Management.

Model-based development and autocoding have become common practice in the automotive industry over the past few years. The industry is using these methods to tackle a situation in which complexity is constantly growing and development times are constantly decreasing, while the safety requirements for the software stay the same or even increase. The debate is no longer whether these methods are useful, but rather on the conditions for achieving optimum results with them. From the experiences made during the last decade this paper shows some of the key factors helping to achieve success when introducing or extending the deployment of automatic code generation in a model-based design process.

Permanently increasing software complexity of today's electronic control units (ECUs) makes testing a central and significant task within embedded software development. While new software functions are still being developed or optimized, other functions already undergo certain tests, mostly on module level but also on system and integration level. Testing must be done as early as possible within the automotive development process. Typically ECU software developers test new function modules by stimulating the code with test data and capturing the modules' output behavior to compare it with reference data. This paper presents a new and systematic way of testing embedded software for automotive electronics, called MTest. MTest combines the classical module test with model-based development. The central element of MTest is the classification-tree method, which has originally been developed by the DaimlerChrysler research department.