Contact: Dr. Christian Schwarzl
In today's world, embedded systems are everywhere – consumer devices, offices, homes, factories, planes and cars. Amongst them, automotive embedded systems have very special characteristics. High demands on quality, reliability, the increasing complexity and the rapidly growing number of interactions between subsystems, as well as time-to-market and cost constraints lead to challenging requirements for new processes, methods and tools.
Automotive embedded systems are developed in collaboration of automotive manufacturers (OEMs), tier 1 and tier 2 suppliers by use of various software tools from tool vendors. In this environment, automotive embedded systems are undergoing a paradigm shift. With the introduction of AUTOSAR, all participating parties can use the same standardized automotive software architecture. This new ecosystem also opens a multitude of research aspects for associated development processes and methodologies.
Research focus is the development and improvement of processes and design flows for an efficient configuration of in-vehicle networks and the realization of automotive communication architectures. The goal is to master the increasing complexity and to avoid human error sources.
- Model-based design methods
- Functional safety and processes
- Safety-critical systems, timing, optimization
- Future communication networks (Ethernet, Flexray)
- Distributed systems
- Requirements management and seamless tool chain
- Car-to-x communication
- Sensors and data fusion
- Software variants and product lines
Model-based design has become the preferred approach for developing automotive embedded software. The design of electronic functions is performed by using a graphical model from which code generating tools can automatically generate executable source code. In automotive implementations, a large model typically consists of thousands of blocks, hundreds of subsystems und a significant number of subsystem hierarchy. This size and complexity can no longer be understood by a single person and requires an intelligent automated support of additional software tools.
The use of models opens up many new opportunities for improving the E/E development process. Early simulation enables developers to get feedback about the correctness of the implementation. Additional loops caused by subsequent software unit testing, integration testing and system testing can be reduced. Simulation in an early phase can be performed by model-in-the-loop (MiL), software-in-the-loop (SiL) and processor-in-the-loop (PiL) simulation. The way in which these simulations are carried out depends heavily on the used software tools and requires adjustments to the development process.
Challenges for model-based development is the combination of both, the top-down principle with the so-called bottom-up approach. The latter is demanded by existing mass-production ready models that needs to be adapted and re-used in future development projects. In this context, executable specifications are a new field that requires research with regard to integration into development processes.
The main research focuses of ViF, related to model-based design, are the adaption of methods, processes and development tools to achieve AUTOSAR compliancy, while considering growing complexity, growing degrees of interconnection and product lines of electronic control units.
Functional Safety is a very important development goal for all systems with electric and electronic components. Errors or system failures in these components should not lead to any harm for people or the system environment. These failures may be caused by constructive or systematic errors during development of hardware or software. Additionally, failures may also occur due to random hardware failures under system operation. Other areas of system safety like fire protection, transportation of dangerous goods, accident prevention measures and passive measures are not part of functional safety.
The automotive industry has committed itself to establish standardized procedures for the development of functional safety starting with 2011. The standard ISO 26262 describes the necessary requirements, development processes, verification measures and analysis methods. The standard classifies the criticality of safety-related systems into four levels, ASIL - Automotive Safety Integrity Levels.
The research focus in the context of functional safety at ViF covers methods, processes and software development tools to efficiently deal with the required new ISO 26262 standard.
Validation & Verification
The current state of the art allows car manufacturers a high degree of automation during integration tests of a vehicle's electronic system. The growing complexity of automotive electronics – caused by the integration of multimedia and assistant systems – also requires the continuous enhancement of test automation methods. The increasing system complexity leads to an exponential growth of possible system states and is therefore a major challenge for the functional validation of the electronic system in today's and future vehicles.
For this reason, model-based testing methods are employed in order to maintain and improve the high system quality level. The use of state machines, as a formal specification, allows not only a higher degree of automation, but also enables an early simulation and validation of the vehicle electronics. This can be achieved by the virtual operation of the electronic system in a hardware-in-the-loop (HiL) system, where the state machines can be used as substitution for prototypes. This leads to massive cost savings during the system development because the iteration time between implementation, test and error correction can be decreased significantly.
To test the electronic system in a possibly best realistic environment, additional vehicle components have to be included. These missing components, like the engine or the transmission, are therefore simulated in real time by the HiL system. These simulated components can create and send messages over the vehicle network, which are processed by the system under test (SUT) during the test execution.
Despite the high degree of already available test automation, the creation of test cases and the analysis of the obtained results are still laborious tasks and often performed manually. Moreover, the manual creation of test cases is error prone and due to the high number of needed test cases, infeasible in the long run. These challenges can be overcome by a fully automated test case generation technique, which is based on the state machines describing the system behavior. These state machines are, due to their provided formalism, also suitable for the automatic test case generation and can therefore lead to a substantial reduction of development time and error rates.