The TIMMO Methodology

Similar documents
STPA in Automotive Domain Advanced Tutorial

Advancing Traffic Efficiency and Safety through Software Technology phase 2 (ATESST2)

Momentu. Brake-by-Wire Gathers. HIL Test System for Developing a 12-V Brake-by-Wire System BRAKE-BY-WIRE SYSTEMS

EPSRC-JLR Workshop 9th December 2014 TOWARDS AUTONOMY SMART AND CONNECTED CONTROL

Compatibility of STPA with GM System Safety Engineering Process. Padma Sundaram Dave Hartfelder

Multi-ECU HiL-Systems for Virtual Characteristic Rating of Vehicle Dynamics Control Systems

Automated Driving is the declared goal of the automotive industry. Systems evolve from complicated to complex

EMC System Engineering of the Hybrid Vehicle Electric Motor and Battery Pack

STPA based Method to Identify and Control Software Feature Interactions. John Thomas Dajiang Suo

Model Interpretation for an AUTOSAR compliant Engine Control Function

ESC-HIL TEST SYSTEM SOLUTIONS FOR VIRTUAL TEST DRIVING

Control as a Service (CaaS)

DYNA4 Open Simulation Framework with Flexible Support for Your Work Processes and Modular Simulation Model Library

ASM Brake Hydraulics Model. dspace Automotive Simulation Models ASM Brake Hydraulics Model

EB TechPaper. Electronic horizon. efficiency, comfort and safety with map data. automotive.elektrobit.com

Experience the Hybrid Drive

Integrated ADAS HIL System with the Combination of CarMaker and Various ADAS Test Benches. Jinjong Lee, Konrad Yu-Mi Song, Hyundai-Autron

Items to specify: 4. Motor Speed Control. Head Unit. Radar. Steering Wheel Angle. ego vehicle speed control

The competitiveness of the European automotive software industry

Состояние и перспективы развития интегрированной модульной авионики

Automated Testing in Automotive Software Development using Vehicle System Simulation

The MathWorks Crossover to Model-Based Design

WHITE PAPER Autonomous Driving A Bird s Eye View

future of mobility DI STEFANIE PYKA, ROBERT BOSCH AG WIEN

BASIC MECHATRONICS ENGINEERING

Highly dynamic control of a test bench for highspeed train pantographs

Embedded Torque Estimator for Diesel Engine Control Application

Control Design of an Automated Highway System (Roberto Horowitz and Pravin Varaiya) Presentation: Erik Wernholt

DESIGN DEVELOPMENT ENGINEERING TECHNOLOGY INDUSTRIALIZATION

Integration of EtherCAT in Advanced Test Systems Solutions and Challenges. Dr. Frank Schütte, Andreas Tenge, Dr. László Juhász dspace GmbH, Paderborn

Automated Driving - Object Perception at 120 KPH Chris Mansley

Analyzing Feature Interactions in Automobiles. John Thomas, Ph.D. Seth Placke

Smart Grid A Reliability Perspective

Automotive Electronics/Connectivity/IoT/Smart City Track

THE WAY TO HIGHLY AUTOMATED DRIVING.

Offshore Application of the Flywheel Energy Storage. Final report

ASM Gasoline Engine Simulation Package. dspace Automotive Simulation Models ASM NEW: Gasoline Engine Model and ASMParameterization

Testing Electrified Drivetrains for Vehicles without the Battery or Engine. Application Reprint of Readout No. 38

Integrating State Machine Analysis with STPA

CONNECTED AUTOMATION HOW ABOUT SAFETY?

Functional Algorithm for Automated Pedestrian Collision Avoidance System

OPENSTEERING PLATFORM

Can STPA contribute to identify hazards of different natures and improve safety of automated vehicles?

Electronic Brake by Wire

ADVANCED EMERGENCY BRAKING SYSTEM (AEBS) DISCLAIMER

Comprehensive and Cross-domain Vehicle Simulation for Electrification

dspace GmbH Rathenaustr Paderborn Germany dspace Technology Conference Workshop #2

SmartGrids ERA-Net. Project: Cyber-phySicAl security for Low-VoltAGE grids (SALVAGE)

Components and tooling to reduce complexity and cost in E/E powertrain system design for Hybrid electric Vehicles

VHDL (and verilog) allow complex hardware to be described in either single-segment style to two-segment style

COUPLING HIL-SIMULATION, ENGINE TESTING AND AUTOSAR- COMPLIANT CONTROL UNITS FOR HYBRID TESTING

SARE-väst. Challenges with traditional requirement handling from a Tier-1 perspective. Magnus Skoog Driven for Life

Real-Time Modelica Simulation on a Suse Linux Enterprise Real Time PC

EGVIA Workshop: European funded project results - Reduction of CO2 emissions from Heavy-Duty Trucks.

Software-innovations as key driver for a Green, Connected and Autonomous mobility

European Bus System of the Future

MAX PLATFORM FOR AUTONOMOUS BEHAVIORS

Using cloud to develop and deploy advanced fault management strategies

elektrobit.com Driver assistance software EB Assist solutions

Design and Experimental Study on Digital Speed Control System of a Diesel Generator

Automotive ABS Model Overview

University Of California, Berkeley Department of Mechanical Engineering. ME 131 Vehicle Dynamics & Control (4 units)

Model Based Design: Balancing Embedded Controls Development and System Simulation

Siemens ADAS. Collision avoidance as the first step towards autonomous driving

NASA Glenn Research Center Intelligent Power System Control Development for Deep Space Exploration

OPTIMAL BATCH DISTILLATION SEQUENCES USING ASPEN PLUS

A Review on Cooperative Adaptive Cruise Control (CACC) Systems: Architectures, Controls, and Applications

University of New Hampshire: FSAE ECE Progress Report

MBS Models. ADAMS/Hydraulics - an Embedded Hydraulics Environment

1) The locomotives are distributed, but the power is not distributed independently.

Übersicht der VVT-Systementwicklung bei Hilite. Overview of VVT System development at Hilite

VIRTUAL VEHICLE Research Center

EMERGING TRENDS IN AUTOMOTIVE ACTIVE-SAFETY APPLICATIONS

FE Modeling and Analysis of a Human powered/electric Tricycle chassis

Combining Optimisation with Dymola to Calibrate a 2-zone Predictive Combustion Model.

SUBJECT: Automatic Stability Control with Traction Control System (ASC+T)

MoBEO: Model based Engine Development and Calibration

Electric Vehicle Cyber Research

Safe Automotive software architecture (SAFE)

Simulated EV Dynamics: Safety & etvc

E-Mobility in Planning and Operation of future Distribution Grids. Michael Schneider I Head of Siemens PTI

State-of-the-Art and Future Trends in Testing of Active Safety Systems

Stability, Protection and Control of Systems with High Penetration of Converter Interfaced Generation

A Hardware-in-the-Loop Facility for Integrated Vehicle Dynamics Control System Design and Validation

GRPE-HDH Research Project Offer To Next Validation Phase

VIRTUAL HYBRID ON THE ENGINE TEST BENCH SMART FRONTLOADING

Scheduling. Purpose of scheduling. Scheduling. Scheduling. Concurrent & Distributed Systems Purpose of scheduling.

SIMULATING AUTONOMOUS VEHICLES ON OUR TRANSPORT NETWORKS

6.823 Computer System Architecture Prerequisite Self-Assessment Test Assigned Feb. 6, 2019 Due Feb 11, 2019

Autonomous Driving by Audi. Dr. Miklós Kiss

VGI Communications Protocols. April 2018

Overview of Intelligent Power Controller Development for the Deep Space Gateway

Software Driving License

Status of the Informal Working Group on ACSF

LMS Imagine.Lab AMESim Ground Loads and Flight Controls

Test & Validation Challenges Facing ADAS and CAV

VEHICLE DYNAMICS BASED ABS ECU TESTING ON A REAL-TIME HIL SIMULATOR

Inverted Pendulum Control: an Overview

European Corridor Austrian Testbed for Cooperative Systems

Introducing Formal Methods (with an example)

Transcription:

ITEA 2 06005: TIMMO Timing Model The TIMMO Methodology Guest Lecture at Chalmers University February 9 th, 2010 Stefan Kuntz, Continental Automotive GmbH 2010-02-09 Chalmers University, Göteborg Slide 1

Objectives TIMMO Solving the problem of describing the timing requirements imposed on and temporal behavior of a distributed real-time embedded softwareintensive system Define a language to specify timing requirements and constraints timing properties Provide the capability to analyze and assess timing, a.k.a. temporal behavior, of a system beginning at early stages of the development process Define a methodology that enables one to apply the language in different scenarios Alignment with Automotive Open System Architecture AUTOSAR 2010-02-09 Chalmers University, Göteborg Slide 3

Objectives AUTOSAR Timing Subgroup and TIMMO AUTOSAR Timing Subgroup 1 Timing Model TIMMO Augmenting AUTOSAR with timing properties for the analysis of a system s dynamics Augmenting AUTOSAR with timing constraints for the validation of a system s dynamics Consolidated and consistent representation of timing information Integration of feedback from ITEA 2 project TIMMO Methodology. Formal and standardized specification, analysis, and verification of timing properties and constraints across all development phases. Language. Formal and standardized specification, analysis, and verification of timing properties and constraints on all levels of abstraction. Early validation. Improved and predictable development cycle 1 AUTOSAR Release 4.0 2010-02-09 Chalmers University, Göteborg Slide 4

Objectives Reflections on Timing Requirements and Properties Vehicle Level (EAST-ADL) OEM «Requirement» The doors shall be unlocked not later than 1 second after a valid [transponder] key has been recognized. Analysis Level (EAST-ADL) «Requirement», «Property»... Design Level (EAST-ADL) Implementation Level (AUTOSAR)? How are timing constraints broken down into timing constraints/properties; and how are timing properties transformed into timing constraints/properties? «Property», «Requirement»... Operational Level (AUTOSAR) Level of abstraction Supplier «Property» The function (runnable) unlockdoor responds within 120 (nominal) to a request to unlock the doors. [Assumption: The function is executed on a X12 6MHz processor, etc.] 2010-02-09 Chalmers University, Göteborg Slide 5

Objectives Time Budgeting Vehicle Level (EAST ADL) Analysis Level (EAST ADL) OEM «Constraint» The doors shall be unlocked not later than 1 second after a valid [transponder] key has been recognized. 200 75 Time Budget 1s 200 400 125 Design Level (EAST ADL) 25 100 30 75 Implementation Level (AUTOSAR) Operational Level (AUTOSAR) Level of abstraction Supplier «Property» The function (runnable) unlockdoor responds within 1,2 (nominal) to a request to unlock the doors. [Assumption: The function is executed on a X12 6MHz processor... ] 3,5 33 Time Budget 1,2 9 4,1 2010-02-09 Chalmers University, Göteborg Slide 6

EAST-ADL Level of Abstraction Vehicle Level Analysis Level Feature Model Functional Analysis Architecture Preliminary Hardware Design Architecture/Model Design Level Environment Models Functional Design Architecture Middleware Abstraction Hardware Design Architecture/Model Implementation Level Operational Level Implementation Architecture AUTOSAR VFB, Software Component, System, Basic Software Module, and ECU view Operational Architecture AUTOSAR... AUTOSAR ECU Resource Description Level of abstraction Artifact 2010-02-09 Chalmers University, Göteborg Slide 7

Modeling Methodology SPEM and Eclipse Process Framework (EPF) Composer Software Process Engineering Meta-Model Role Performer Method content elements: Task, work product, and role Process elements: Phase, activity, task, milestone Artifact Task Artifact Input Work Product Output Work Product Special care has been taken on the highly iterative and repeatable nature of the methodology on different levels: Task Sequence of tasks Phases (Abstraction Levels) 2010-02-09 Chalmers University, Göteborg Slide 8

EAST-ADL Methodology and Timing Artifacts Simplified View Vehicle Level/Phase Create VFM Annotate VFM Analyze Timing Validate Timing V TR Analysis Level/Phase Create FAA Annotate FAA Analyze Timing Validate Timing A TR Design Level/Phase Create FDA, HDA,... Annotate FAA, HDA,... Analyze Timing Validate Timing D TR Implementation Level/Phase Create SW-CT,... Annotate SW-CT,... Analyze Timing Validate Timing AR TR Operational Level/Phase Measure Runtime Annotate Models Validate Timing Level of abstraction/phase Task XML VTR Vehicle Timing Requirements ATR Analysis Timing Requirements DTR Design Timing Requirements ARTR AUTOSAR Timing Requirements 2010-02-09 Chalmers University, Göteborg Slide 9

Events and Event Chains Events Event State or Change in State Observable at specific locations in the system subject to analysis Event Model Periodic Sporadic Pattern Arbitrary 2010-02-09 Chalmers University, Göteborg Slide 10

Events and Event Chains Event Chains Relating events Causality Stimulus EC Response Response/Stimulus ECS ECS ECS ECS Strands ECS ECS EC Event Chain ECS Event Chain Segment Segment Segment 2010-02-09 Chalmers University, Göteborg Slide 11

Events and Event Chains Constraints and Description «Event Constraint» Periodic, Sporadic,... «Delay Constraint» Age/Reaction «Synchronization C.» Input/Output «Event Constraint» Periodic, Sporadic,... Stimulus Observable Event «Event Chain» «Timing Description» Response Observable Event TADL specifies a couple of predefined Observable Events on the Analysis and Design Level: EventADL- InFlowPort, EventADLOutFlowPort, EventADLServerPort, EventADLClientPort, etc. On Implementation Level AUTOSAR Timing Extensions (R4.0) specifies a couple of predefined Observable Events. 2010-02-09 Chalmers University, Göteborg Slide 12

Events and Event Chains EAST ADL Abstraction Levels, Events, and Timing Vehicle Level (EAST ADL) Analysis Level (EAST ADL) Design Level (EAST ADL) Implementation Level (AUTOSAR) Event Events are refined across the levels of abstraction. An event on one level may be refined into a sequence of events (causality) on the level of abstraction beneath. Event models (periodic, sporadic, pattern, arbitrary) are specified for events. On the operational level all events given on the implementation level occur over time. Operational Level (AUTOSAR) Event Occurrences time Level of abstraction 2010-02-09 Chalmers University, Göteborg Slide 13

Example Braking System Boundaries The Driver Brake Pedal Brake System Brake/Stop Lights Rear Right Brake/Stop Light Rear Middle Brake/Stop Light Rear Left Other Traffic Participant From the actor/user's (driver, other traffic participants) perspective the brake system consists of a brake pedal (sensor) and the stop lights (actuators). An assumption is that the brake actuators are part of the system called 'Brake System' but are not shown in the figure depicted above, due to the fact that these actuators are not directly visible to actors (driver and traffic participants). From a vehicle's point of view the Brake System simply is a box without any input/output arrows. So what is the relation with other vehicle functions? For example, the vehicle function Cruise Control also senses the brake pedal in order to temporarily turn off its operation when the driver pedals the brake pedal. In this case the brake pedal becomes a global visibility in the vehicle's system. 2010-02-09 Chalmers University, Göteborg Slide 14

Example Braking System The Hardware View 3 1 3 1 5 2 4 3 1 3 1 1 3 Brake Actuator 2 Pedal Module Brake Pedal Wheel Speed Sensor 4 Steering Angle Sensor 5 Rear Body Controller Unit Wire Network, e.g. CANbus, FlexRay TM 2010-02-09 Chalmers University, Göteborg Slide 15

Example Vehicle Level Automatic Transmission Basic Braking mandatory Braking Deceleration optional Anti Blocking System ABS optional Electronic Stability Program ESP Cruise Control CC ACC (distance, velocity) Hybrid Electric Vehicle Electronic Stability Program ESP Timing requirement: The response time of the [feature] brake shall be less than 500. [The driver shall make the experience that the breaks are taking into effect immediately after she/he presses the brake pedal.] The value of this requirement may change depending on other available features. 2010-02-09 Chalmers University, Göteborg Slide 16

Example Vehicle Level One proposal... not yet approved «Delay Constraint» Reaction, Age Stimulus Response «EM» Brake Pedal «Feature» Braking «EM» Vehicle The environment model of the Brake Pedal describes how the brake pedal is pressed and which physical means are used to carry the information how strong the brakes should be applied. The environment model of the Vehicle describes how the vehicle is slowed-down when the brake pedal is pressed. On this level of abstraction the stimulus occurs sporadic... no one is braking periodically! 2010-02-09 Chalmers University, Göteborg Slide 17

Example Analysis Level Vehicle State Diagnosis Vehicle Functionality Braking «FD» Brake Pedal «ADLFunction» Brake Controller «FD» Brake Actuation Exterior Light «FD» Stop Light Actuation Four Wheels (Passenger Car) «FD» Functional Device The component which interacts with the environment. 2010-02-09 Chalmers University, Göteborg Slide 20

Example Analysis Level Vehicle State «Delay Constraint» Reaction, Age Diagnosis «Synchronization C.» Output Vehicle Functionality Braking Stimulus Response 1..4 «FD» Brake Pedal «ADLFunction» Brake Controller «FD» Brake Actuation «Delay Constraint» Reaction, Age Exterior Light «FD» Stop Light Actuation Response Four Wheels (Passenger Car) «FD» Functional Device The component which interacts with the environment. 2010-02-09 Chalmers University, Göteborg Slide 21

Example Design Level First Approximation based on Analysis Level Vehicle State Diagnosis Vehicle Functionality Braking «LDM» Brake Pedal «ADLFunction» Brake Controller «LDM» Brake Actuation Exterior Light «LDM» Stop Light Actuation Four Wheels (Passenger Car) «LDM» Local Device Manager The component which interacts with abstract function dealing with sensors and actuators. 2010-02-09 Chalmers University, Göteborg Slide 22

Example Design Level Time Budgets given from Analysis Level Vehicle State «Delay Constraint» Reaction, Age Diagnosis «Delay Constraint» Reaction, Age «Delay Constraint» Reaction, Age Stimulus Vehicle Functionality Braking Response Stimulus Response Stimulus Response «LDM» Brake Pedal «ADLFunction» Brake Controller «LDM» Brake Actuation «Delay Constraint» Reaction, Age Exterior Light «LDM» Stop Light Actuation Response Four Wheels (Passenger Car) «LDM» Local Device Manager The component which interacts with abstract function dealing with sensors and actuators. 2010-02-09 Chalmers University, Göteborg Slide 23

Example Design Level Possible Design of the Brake Controller Stimulus «Delay Constraint» Reaction, Age «ADLFunction» Brake Controller Response Check Signal Plausibility Brake Force Arbiter Brake Actuator Monitor Brake Force Calculation Diagnosis Arbiter Vehicle State Monitor Brake Safety Monitor Elementary ADL Function 2010-02-09 Chalmers University, Göteborg Slide 24

Example Implementation Level AUTOSAR Virtual Function Bus View Sensor SW-C SW-C #1 Brake Coordinator SW-C #2 Brake Controller SW-C #3 Brake Force Arbiter SW-C #4 FL Actuator SW-C Wheel FL Virtual Function Bus ECU Abstraction Component (Sensor) AUTOSAR Service «Latency Timing C.» Reaction ECU Abstraction Component (Actuator) SW-C Software Component Observable Events 2010-02-09 Chalmers University, Göteborg Slide 25

Example Implementation Level AUTOSAR Component View... First alternative RE Check Signal Plausibility SW-C Brake Controller 1 «Execution Order C.» Stimulus RE Activated RE Brake Actuator Monitor 2 RE Diagnosis Arbiter 3 4 5 RE Vehicle State Monitor 6 RE Brake Safety Monitor «Latency Timing C.» Reaction RE Brake Force Calculation RE AUTOSAR Runnable Entity Response RE Terminated 2010-02-09 Chalmers University, Göteborg Slide 26

Between Views VFB View and Software Component View «Latency Timing C.» Reaction RE Check Signal Plausibility SW-C #2 Brake Controller Stimulus Data Received Response RE Activated 1) RE Brake Actuator Monitor RE Diagnosis Arbiter VFB Response Data Sent Stimulus RE Terminated 1) RE Vehicle State Monitor RE Brake Safety Monitor AUTOSAR Service «Latency Timing C.» Reaction RE Brake Force Calculation 1) Not shown in VFB view SW-C Software Component RE AUTOSAR Runnable Entity 2010-02-09 Chalmers University, Göteborg Slide 28

Example Implementation Level AUTOSAR System View ECU #1 ECU #2 ECU #3 ECU Wheel FL Sensor SW-C SW-C SW-C SW-C #1 SW-C #2 SW-C #3 SW-C #4 Actuator SW-C RTE RTE RTE RTE Basic SW First Transmission Basic SW Bus #1 Basic SW Third Transmission Basic SW Bus #2 Second Transmission Sensor «Latency Timing C.» Reaction Actuator Observable Events SW-C Software Component ECU Electronic Control Unit RTE Run Time Environment 2010-02-09 Chalmers University, Göteborg Slide 29

Example Implementation Level AUTOSAR ECU View ECU #1 Sensor SWC SWC Basic SW RTE «Latency Timing C.» Reaction/Age Sensor SWC I/O HW Abstraction I/O Drivers Peripheral RTE SWC Communication Services Communication Hardware Abstraction Communication Drivers Communication Controller ECU View: Basic Software Module Entry Called, Basic Software Module Entry Returned Internal Behavior: Runnable Entity Activated, Runnable Entity Started, Runnable Entity Terminated, Basic Software Module Entity Activated, Basic Software Module Entity Started, Basic Software Module Entity Terminated Communication: Signal Sent To COM, Signal Available For RTE, IPDU Sent To Interface, IPDU Received by COM, Frame Queued for Transmission, Frame Transmitted on Bus, Frame Received by Interface Observable Events 2010-02-09 Chalmers University, Göteborg Slide 30

Questions and Discussion Thank you very much for your attention! 2010-02-09 Chalmers University, Göteborg Slide 31

2024 © autodocbox.com Privacy Policy | Terms of Service | Feedback