What Could Cause Your Subaru's Touch Screen To Stop Working
ECU Verification & Validation
1. Automotive Embedded Software
Verification and Validation Strategies
Shankar Akella
www.emmeskay.com
info@emmeskay.com
EMMESKAY, INC. EMMESKAY SYSTEMS SOLUTIONS Pvt. Ltd.
47119, Five Mile Road No. 20, Kannadasan Salai, T. Nagar
Plymouth, MI 48170 USA Chennai 600 017 INDIA
Phone: (734) 207 – 5564 Phone: +91 – 44 – 2436 1318
FAX: (734) 207 – 5556 FAX: +91 – 44 – 2436 1350
CONFIDENTIAL
2. Presentation Objective
Automotive Embedded
Software Verification
Overview of Model Based Control (MBC) and Validation
Strategies
Development Process
Presentation Objective
Introduce Automotive embedded software Presentation Outline
verification and validation strategies Model Based Control
Development
Verification and
Validation
Static Verification &
Validation
Dynamic Verification &
Validation
Model based
Verification & Validation
2
3. Presentation Outline
Automotive Embedded
Software Verification
Model Based Control (MBC) Development and Validation
Strategies
Process
Presentation Objective
Verification and Validation Presentation Outline
Static Verification and Validation Strategies Model Based Control
Development
Dynamic Verification and Validation Strategies
Verification and
Model based Verification and Validation Validation
Strategies Static Verification &
Validation
Dynamic Verification &
Validation
Model based
Verification & Validation
3
4. Trends in Vehicle Electronic Content
Automotive Embedded
Software Verification
Trends in Vehicle E/E content and Validation
Strategies
# ECUs in a typical Luxury car Code Size (MB) Mercedes S-class
Presentation Objective
70 500
60
Presentation Outline
400
50 Model Based Control
40 300 Development
30 200 Verification and
20 Validation
100
10 Static Verification &
0 0 Validation
1995 1997 2000 2003 2006 1990 1998 2005
Dynamic Verification &
Validation
E/E as % of Average Vehicle Cost
35 Model based
30
Verification & Validation
25
20
15
10
5
0
1995 2000 2005 2010 2015
Electric Electronic
4
5. Trends in Vehicle Electronic Content
Automotive Embedded
Software Verification
Increase in number of ECUs in turn increases the and Validation
Strategies
complexity & number of communication networks inside
vehicle
Presentation Objective
Presentation Outline
In Vehicle Networks Model Based Control
Development
Local Interconnect Network (LIN)
Verification and
Controller Area Network (CAN) Validation
Length of Wiring Harness
FlexRay Network Static Verification &
2000
2000
Media-Oriented Service Transport (MOST) Validation
1500
Dynamic Verification &
1000 Validation
500
Model based
35
Verification & Validation
0
1955 2005
5
6. Trends in Vehicle Electronic Content
Automotive Embedded
Future Trends Software Verification
and Validation
From IBM’s Automotive Strategies
2020 Global Study
Presentation Objective
Presentation Outline
Model Based Control
Development
Verification and
Validation
Static Verification &
Validation
Dynamic Verification &
Validation
Model based
Verification & Validation
“The complexity of the vehicle will grow
exponentially as future innovations enable
it to become more intelligent and
connected”
”… estimate that 90 percent of future
innovation will be based on electronics,
most of which will be embedded software”
6
7. Drivers for Increase in Electronic Content
Automotive Embedded
Software Verification
and Validation
Telematics Strategies
Presentation Objective
Emission & Other Regulations + Customer Expectations
Presentation Outline
Model Based Control
Performance Safety Development
Verification and
Validation
Static Verification &
Validation
Power Train Chassis Safety Comfort # of Features Dynamic Verification &
Validation
Engine Control Brake Control Telematics Model based
Verification & Validation
Parking Assist
Automatic Climate Control
Steer-by-wire Night Vision
Adaptive Cruise Control
7
8. Challenges facing Automotive Electronics
Automotive Embedded
Software Verification
Increased System Scale and Complexity and Validation
Strategies
Increase in number of ECU’s
Presentation Objective
Increase in number of communication networks Presentation Outline
Model Based Control
Development
Electronics growth & complexity Verification and
is resulting in the following Validation
issues
Static Verification &
Validation
Dynamic Verification &
Validation
Longer Lower Increased Model based
Development Time Quality Costs Verification & Validation
Requires new development techniques to
solve these issues
8
9. How to handle the Challenges
Automotive Embedded
Software Verification
and Validation
Start
Is AC on
Strategies
Compute Torque
False
Demand
True
Recompute
Compute Engine load Engine Load
Recompute
Determine Engine Engine Inputs
Inputs
Stop
Presentation Objective
Advanced Control Presentation Outline
Distributed ECU’s
Strategies Model Based Control
Power Train Chassis Safety Comfort # of Features Development
Engine Control Brake Control Telematics Verification and
Validation
Parking Assist
Realization Software
concept Good Processes
Automatic Climate Control
requires
Requirements
Analysis & Tools Static Verification &
Steer-by-wire Night Vision
Architectural
Design
Validation
Adaptive Cruise Control Stage 1: Detailed design, code, debug, test
and delivery
Dynamic Verification &
Validation
Stage 2: Detailed design, code, debug, test
and delivery
Model based
Stage n: Detailed design, code, debug, test
and delivery
Verification & Validation
Model Based Control
Development Process is
one such process Skilled Resources
9
10. Control Development Process
Automotive Embedded
Software Verification
and Validation
Strategies
System Calibration and
Requirements Release Presentation Objective
ANALYSIS PRODUCT Presentation Outline
CALIBRATION & Model Based Control
RELEASE Development
Specifications to meet Verification and
Application Integration Validation
Requirements and Testing
Static Verification &
SYNTHESIS / PRODUCT TESTING Validation
DESIGN Dynamic Verification &
Validation
Model based
Verification & Validation
System Implementation
Embedded Code
IMPLEMENTATION
10
11. Model Based Control Development
Automotive Embedded
Analysis Software Verification
and Validation
Vehicle system model is used to analyze the
Strategies
vehicle performance and derive subsystem/
component requirements from
vehicle/subsystem requirements Presentation Objective
Design Presentation Outline
Models of the controller are constructed and Model Based Control
are tested against vehicle system models Development
through simulation in an iterative process to
check if requirements are satisfied Verification and
Validation
Implementation Static Verification &
Embedded C-code is automatically Validation
generated from the controller models
Dynamic Verification &
Validation
Vehicle System Dynamics
Vehicle System Dynamics
Testing Model based
Vehicle System Dynamics
Vehicle System Dynamics
Embedded C-code running on the target Verification & Validation
Signal Conditioning
Signal Loads
processor (ECU – Electronic Control Unit) is
verified on a test platform that emulates
actual vehicle behavior
Calibration
With the vehicle system model emulating the
actual vehicle, the ECU is calibrated to meet
C- requirements before calibration is done on
C- code
Controller code the real vehicle
Controller
Controller
11
12. Model Based Control Development
Automotive Embedded
Software Verification
and Validation
Strategies
Analysis Design Implementation Testing & Calibration
Model Based Approach Traditional Approach
Presentation Objective
Presentation Outline
Model Based Control
Development
Verification and
Validation
Documents Manual Prototype Based
Static Verification &
Validation
Dynamic Verification &
Validation
C n ller S b ystem
o tro u s
Model based
1 -K- Kp
D ired
es Proportional Gain
rpm 1
rpm
to Ki KTs Throttle Ang.
limit
rad/s P t S b z-1
lan u system
Verification & Validation
Integral Gain output
D crete-Tim
is e
0 edge180 N
Integrator
2 in gra r in u
te to p t
1 Timing valve timing
N e b in gra n
na le te tio
co tro r o ut
n lle utp
1 Throttle Ang. mass(k) AC
ir harge rad/s
prevent windup to rpm
Throttle Ang Torque Teng
Engine Speed, N ass(k+1)
m mass(k+1)
N
N 30/pi 2
trigger Engine
trigger C bus
om tion Tload Speed N
Throttle &Manifold Load Vehicle
C pres ion
om s
Dynam ics
drag torque
3
Throttle
Degrees Load
Models Automatic Virtual &
Prototype Based
12
13. Verification and Validation
Automotive Embedded
Software Verification
and Validation
Strategies
Verification Validation Presentation Objective
The Process of evaluating a The Process of evaluation of a Presentation Outline
system or component to system or component during or at Model Based Control
determine whether the product of the end of the development Development
a given development phase process to determine whether it Verification and
satisfy the conditions imposed at satisfies specified requirements Validation
the start of the phase Static Verification &
Validation
Are we building the software Are building the right software? Dynamic Verification &
right? Validation
Does the software conform to Does the software do what the Model based
Verification & Validation
specifications? user really wants?
13
14. Verification and Validation
Automotive Embedded
Validation Software Verification
and Validation
Strategies
Validation
Requirements Vehicle Testing
Presentation Objective
Presentation Outline
Requirements
Model Model Based Control
Development
Verification and
Verification Validation
Static Verification &
Verification System Validation
System Design
Integration
Dynamic Verification &
Validation
Model based
Design Model Source Code Verification & Validation
Implementation
14
15. Why is Verification and Validation Important
Automotive Embedded
Software Verification
Recent Auto Recalls due to Software Failure and Validation
Strategies
Toyota Prius – HEV Presentation Objective
Year 2005 Presentation Outline
Recalled 160,000 vehicles worldwide Model Based Control
Software error stalls the gasoline engine Development
from operating [NHTSA AID PE05029] Verification and
Validation
Daimler Chrysler – Jeep Commander, Static Verification &
Validation
Wrangler, Grand Cherokee
Dynamic Verification &
Year 2007
Validation
Recalled 296,550 vehicles
Model based
Software error in ABS ECU allows Verification & Validation
momentary delay in braking during some
maneuvers which can cause a crash without
any warning [NHTSA ID 07V434000]
$ Between 2005-2007 approximately 700,000 vehicles of
different makes are recalled due to Software errors
15
16. Why is Verification and Validation Important
Automotive Embedded
Software Verification
and Validation
Safety Critical Strategies
Presentation Objective
Loss of life
Presentation Outline
Model Based Control
Injury or illness Development
Verification and
Embedded Serious Environmental
Validation
Malfunctions Static Verification &
Software damage Validation
System Dynamic Verification &
Validation
Significant loss or
Model based
damage to property Verification & Validation
Software Criticality level
helps in determining effort Major economic loss
level required for
verification and validation Business Critical
16
17. Current State of Verification and Validation
Automotive Embedded
Software Verification
Current Verification and Validation techniques rely mostly on physical
and Validation
prototypes. Hence this process is Strategies
Time consuming
Expensive Presentation Objective
Presentation Outline
Model Based Control
Development
Verification and
Validation
Static Verification &
Validation
Dynamic Verification &
Validation
Model based
Verification & Validation
From “Production code generation for engine control system”, IAC 2004
17
18. Objectives of Verification and Validation
Automotive Embedded
Software Verification
and Validation
Strategies
1. Ensure that that software performs intended functions correctly
2. Ensure that the software performs no unintended functions Presentation Objective
3. Increase the confidence level in using the software Presentation Outline
Model Based Control
Development
Verification and
Validation
Static Verification &
Validation
Dynamic Verification &
Validation
Model based
Verification & Validation
18
19. Verification and Validation Strategies
Automotive Embedded
Software Verification
Verification and Validation Strategies can be broadly and Validation
Strategies
Categorized into
Presentation Objective
Strategies involve Strategies involve Presentation Outline
analysis of static simulating code and
Model Based Control
system observing the behavior to Development
representation to uncover errors.
uncover errors Verification and
Validation
Static Dynamic Static Verification &
Validation
Dynamic Verification &
Validation
Model based
Verification & Validation
Model Based
Strategies involve analysis
using a formal model of the
code to uncover errors
19
20. Static Verification and Validation
Automotive Embedded
Static Verification and Validation strategies involve analysis Software Verification
and Validation
of code without executing the code Strategies
Presentation Objective
Presentation Outline
Model Based Control
Development
Software Inspections
Verification and
Validation
Static Verification &
Validation
Dynamic Verification &
AST
Validation
Source Code Control flow graph
Automated Static Verification Call trees Model based
Verification & Validation
Automated Analysis
20
21. Static Verification and Validation
Automotive Embedded
Software Inspections Software Verification
and Validation
Strategies
Software inspections involve inspecting the code and other
documents to identify errors
Presentation Objective
Usually inspection checklists are used during the Presentation Outline
inspections Model Based Control
Inspection checklists Development
Verification and
Data faults Validation
Control faults Static Verification &
I/O faults Validation
Interface faults Dynamic Verification &
Validation
Storage management faults
Model based
Exception management faults Verification & Validation
Code inspections can be performed on incomplete version
also
Manual process hence to be effective requires
Good process
Guidelines or checklists
Process discipline
21
22. Static Verification and Validation
Automotive Embedded
Software Verification
Static verification using automatic tools and Validation
Strategies
There are automatic tools which can find following errors
without executing the C-code Presentation Objective
Presentation Outline
Dead code
Model Based Control
Out of bounds arrays & pointers Development
Read access to non-initialized data Verification and
Invalid arithmetic operations Validation
Division by zero Static Verification &
Validation
Square root of a negative number
Dynamic Verification &
Overflow and under flow on integers and floating point Validation
numbers Model based
These tools use advanced techniques like semantic Verification & Validation
analysis and data flow analysis to identify these errors
Two Commercial Tools available for Static Verification
1. Polyspace (Recently acquired by Mathworks)
2. Coverity
22
23. Dynamic Verification and Validation
Automotive Embedded
Dynamic Verification and Validation strategies involve Software Verification
and Validation
simulating code and observing the behavior to identify errors Strategies
Open Loop Closed Loop Presentation Objective
Presentation Outline
Controlled System
Model Based Control
Behavior Development
Verification and
Controlled Validation
Functional System
Static Verification &
Test Stimuli
Generation
Validation
Test Stimuli Dynamic Verification &
Validation
Structural Controller Model based
Verification & Validation
Code
Simulation environment
Model in the Software in Processor Hardware in
Loop the Loop in the Loop the Loop
Simulation Simulation Simulation Simulation
23
24. Functional (Requirements based) Validation
Automotive Embedded
Software Verification
and Validation
Strategies
Functional Test stimuli is generated based Test Vectors Presentation Objective
Requirements on functional requirements
Presentation Outline
Model Based Control
Development
Verification and
Validation
Functional validation can determine whether the control
system behaves as expected/desired Static Verification &
Validation
Functional validation requires functional requirements Dynamic Verification &
which are Validation
Clear (no ambiguities) Model based
Verification & Validation
Complete
Consistent
Test vectors are generated from the requirements alone
and no need of the source code for the controller.
Model Based development enables execution of functional
validation early in the development process
24
25. Structural Verification
Automotive Embedded
Software Verification
and Validation
Strategies
Source Code Test stimuli is generated based Test Vectors
on source code
Presentation Objective
Presentation Outline
Model Based Control
Development
Test vectors are generated in such a way that the generated
Verification and
test vectors will maximize a chosen structural coverage metric Validation
Popular Structural coverage metrics are control flow based Static Verification &
metrics Decision
Validation
Condition Dynamic Verification &
Validation
Decision Model based
if ( (a > 10) && (b > 5) && (c > 0) )
Condition and Decision Verification & Validation
Modified Condition and Decision C1 C2 C3
Conditions
Structural verification can ensure that the software does not
perform any unintended actions
25
26. Open Loop Verification & Validation
Automotive Embedded
Software Verification
and Validation
Strategies
Controlled System
Presentation Objective
Input Actuators System Sensors Outputs
Processing Processing Dynamics Processing Processing Presentation Outline
Model Based Control
Development
Verification and
Controller Code
Validation
Static Verification &
Validation
Used for First level testing Dynamic Verification &
Validation
Easy to implement & execute
Model based
Very useful when controller code is changing rapidly during Verification & Validation
initial development stages
Useful for testing the controller behavior in the presence of
sensor failures
Requires sufficient knowledge of the controller algorithm for
effective use.
26
27. Closed Loop Verification & Validation
Automotive Embedded
Software Verification
and Validation
Strategies
Controlled System Presentation Objective
Input Actuators System Sensors Outputs Presentation Outline
Processing Processing Dynamics Processing Processing Model Based Control
Development
Verification and
Validation
Controller Code
Static Verification &
Validation
Dynamic Verification &
Validation
Model based
Controller code functional behavior verification Verification & Validation
Requires high fidelity models to represent the controlled
system behavior
Useful to test the diagnostics functions
27
28. Model in the loop Simulation
Automotive Embedded
Software Verification
Simulation involving controller model and controlled system and Validation
model in a desktop. Strategies
Presentation Objective
Controller Subsystem Plant Subsystem
Presentation Outline
edge180 N
1 -K- Kp
1 Timing valve timing
D ired
es Proportional Gain
rpm 1
rpm
to Ki K Ts Throttle Ang. rad/s
limit 1 Throttle Ang. mass(k) Air Charge
rad/s to rpm
Integral Gain z-1 output Throttle Ang Torque Teng
Model Based Control
Engine Speed, N
mass(k+1) mass(k+1)
D crete-Time
is N
N 30/pi
0 2
Integrator trigger Engine
2 integrator input trigger Combustion Tload Speed N
N enable integration Throttle & Manifold
Compression Load Vehicle
Development
controller output Dynamics
drag torque
prevent windup
3
Throttle
Degrees Load
Verification and
Controller Model Controlled system Model Validation
Static Verification &
Model in the loop Simulation Validation
Dynamic Verification &
Validation
Very useful for testing the control algorithm alternatives
Model based
Can be performed early in the control development process Verification & Validation
to identify infeasible designs and hence saves lot of time.
High fidelity controlled system models can be used as the
simulation is non-real time.
28
29. Software in the loop Simulation
Automotive Embedded
Software Verification
Simulation involving controller code and controlled system and Validation
model in a desktop. Strategies
Presentation Objective
Plant Subsystem
edge180 N
Presentation Outline
1 Timing valve timing
1
Throttle Ang
Throttle Ang.
Engine Speed, N
mass(k+1)
mass(k)
mass(k+1)
Air Charge
N
Torque Teng
rad/s
to rpm Model Based Control
Development
N 30/pi 2
trigger Engine
trigger Combustion Tload Speed N
Throttle & Manifold Load Vehicle
Compression
Dynamics
drag torque
Throttle
Degrees
3
Load Verification and
Validation
Controller Code on Desktop Controlled system Model
Static Verification &
Validation
Software in the loop Simulation Dynamic Verification &
Validation
Useful in identifying implementation errors Model based
Can be performed before the availability of controller Verification & Validation
hardware.
High fidelity controlled system models can be used as the
simulation is non-real time.
29
30. Processor in the loop Simulation
Automotive Embedded
Software Verification
Co-simulation involving controller code on the target and Validation
processor and controlled system model on a desktop Strategies
Presentation Objective
Plant Subsystem
1 Timing
edge180
valve timing
N
Presentation Outline
rad/s
Model Based Control
1 Throttle Ang. mass(k) Air Charge
to rpm
Throttle Ang Torque Teng
Engine Speed, N
mass(k+1) mass(k+1)
N
N 30/pi 2
trigger Engine
trigger Combustion Tload Speed N
Throttle & Manifold
Compression Load
drag torque
Vehicle
Dynamics Development
3
Verification and
Throttle
Degrees Load
Controller Code on Target Controlled System Model Validation
Static Verification &
Validation
Processor in the loop Simulation
Dynamic Verification &
Validation
Controlled system model and target exchange data using
Model based
standard communication protocols (like RS232). Verification & Validation
Useful in identifying target processor related
implementation errors (like memory limitations)
High fidelity controlled system models can be used as the
simulation is non-real time.
30
31. Hardware in the loop Simulation
Automotive Embedded
Software Verification
Real time co-simulation involving the controller code on the and Validation
target processor and controlled system model on a real time Strategies
computer
Presentation Objective
Plant Subsystem Presentation Outline
edge180 N
Model Based Control
1 Timing valve timing
Throttle Ang. mass(k) Air Charge rad/s
1
to rpm
Throttle Ang Torque Teng
Development
Engine Speed, N
mass(k+1) mass(k+1)
N
N 30/pi 2
trigger Engine
trigger Combustion Tload Speed N
Throttle & Manifold Load Vehicle
Compression
Dynamics
drag torque
Throttle
Degrees
3
Load
Verification and
Validation
Controller Code on ECU Controller System Model
Static Verification &
Real Time Validation
Hardware in the loop Simulation Dynamic Verification &
Validation
Controlled system model and ECU exchange data using IO Model based
Verification & Validation
channels available in the ECU
Useful in identifying both IO & processor related implementation
errors
High fidelity controlled system models requires high-end computing
machines to simulate these models in real time.
Very useful to test controller behavior under extreme operating
conditions
31
32. Dynamic Verification and Validation
Automotive Embedded
Model-in-the-Loop Software Verification
Simulation and Validation
Strategies
Software-in-the-Loop
Simulation
Processor-in-the-Loop Presentation Objective
Simulation Presentation Outline
Hardware-in-the-Loop
Simulation Model Based Control
Development
Functional errors √ √ √ √ Verification and
Validation
Programming errors √ √ √ Static Verification &
Validation
Compiler errors √ √ Dynamic Verification &
Validation
Real-time scheduling problems √ Model based
Verification & Validation
Speed/memory problems √
I/O software √
Accuracy effects √ √ √
From “General HIL Overview” presentation by dSpace
32
33. Dynamic Verification and Validation
Automotive Embedded
Tools which support Dynamic Verification & Validation Software Verification
and Validation
Matlab/Simulink Strategies
Model in the loop Simulation
Ascet
Matlab/Simulink Presentation Objective
Software in the loop Simulation
Ascet/Intecrio Presentation Outline
Processor in the loop Simulation Matlab/Simulink
Model Based Control
Matlab/Simulink Development
Ascet/Intecrio
Hardware in the loop Simulation Verification and
RT-Lab Validation
RTI
Static Verification &
Tools for Automatic Test Vector Generation from Validation
Simulink M odel Dynamic Verification &
Validation
BEACON Tester ADI
Model based
Verification & Validation
MATT [Matlab Automated
Testing Tool] University of Montana
Reactis Reactive Systems
STB [Safety Test Builder] TNI Software
T-VEC Tester for Simulink T-VEC
Simulink Design Verifier MathWorks
33
34. Dynamic Verification and Validation
Automotive Embedded
Software Verification
and Validation
Validation Strategies
Requirements Vehicle Testing
Presentation Objective
Hardware In
Loop Simulation Presentation Outline
Model Based Control
Requirements Development
Hardware In
Model Verification and
Loop Simulation
Validation
Verification System Static Verification &
System Design Validation
Integration
Dynamic Verification &
Validation
Processor In
Model In Loop Loop Simulation Model based
Verification & Validation
Simulation
Design Model Source Code
Software In Loop
Simulation
Implementation
34
35. Model based Verification and Validation
Automotive Embedded
Software Verification
Model based Verification and Validation strategies involve analysis of and Validation
the embedded software code using a formal model Strategies
Presentation Objective
These techniques are also known as Formal Methods or
Presentation Outline
Formal Verification
Model Based Control
Mainly two techniques Development
Model Checking Verification and
Validation
Theorem Provers
Static Verification &
…. Validation
Creating the formal model for the embedded software is the Dynamic Verification &
Validation
key.
Model based
If there are errors in generating the formal model then the Verification & Validation
verification cannot capture
35