SOFTWARE QUALITY.IN CONTROL.SOLUTIONS FOR INTEGRATED QUALITY ASSURANCE OF EMBEDDED SOFTWARE

ISO 26262 SOFTWARE ARCHITECTURE IN SIMULINK®: DO’S AND DON’TS

Scott Ranville, VP, MES Inc.

SOFTWARE QUALITY.IN CONTROL.SOLUTIONS FOR INTEGRATED QUALITY ASSURANCE OF EMBEDDED SOFTWARE

MISSION STATEMENT

For more than 10 yearswe have been helping our customers

deliver embedded systemswithout software errors.

‘‘SOFTWARE THAT GETS YOU GOING

3

MES ACADEMY

MESACADEMY

MESQUALITY TOOLS

MESQUALITY TOOLS

Knowledge transfer of methods, tools, and best practices

for automotive software

development

MESTEST CENTER

© MODEL ENGINEERING SOLUTIONS INC | SW ARCH: DO & DON’T | 2019

4

STRATEGIC & PRODUCT PARTNERSHIPS

dSPACE GmbH Strategic product partner

MathWorks, Inc. Product partnership for MES Test Manager

ISO 26262 Simulink and Embedded Coderunit test framework

ETAS GmbH Product partner for ASCET guideline checking

SAE International Training workshop partner for SAE Certificate of Competency

© MODEL ENGINEERING SOLUTIONS INC | SW ARCH: DO & DON’T | 2019

5

MES QUALITY TOOLS

Professional tools for integrated quality assurance.

© MODEL ENGINEERING SOLUTIONS INC | SW ARCH: DO & DON’T | 2019

6

OUR CUSTOMERS

© MODEL ENGINEERING SOLUTIONS INC | SW ARCH: DO & DON’T | 2019

adcos GmbH, AFT Atlas Fahrzeugtechnik, Akebono Brake Corporation, Aisin Seiki, Altran, Amminex A/S, Audi AG, Audi Electronics Venture GmbH,Automotive Lighting Reutlingen, AUTOSAR GbR, AVL Software and Functions GmbH, Berner & Mattner GmbH, Bertrandt Ingenieurbüro GmbH,Bertrandt S.A.S., BFFT Gesellschaft für Fahrzeugtechnik, Borg Warner TorqTransfer Systems, Bosch Engineering GmbH, Brembo S.p.A., BTC EmbeddedSystems AG, Carmeq GmbH, CATL, Changan R&D Centre UK, CLAAS Industrietechnik GmbH, Continental Automotive GmbH, Continental Brasil,Continental Engineering Services GmbH, Conti TEMIC microelectronic, CTAG Centro Tecnológico de Automoción de Galicia, Daimler AG - Research andAdvanced Engineering, Daimler AG - Truck Division, Daimler AG (India), Dana Rexroth Transmission Systems, Delphi, DENSO AUTOMOTIVE DeutschlandGmbH, DENSO Corporation, DENSO Create Inc., DEUTZ AG, Dong Feng Motor Co., dSPACE GmbH, dSPACE (Japan), e4t electronics for transportation,Eberspächer Climate Control Systems GmbH und Co. KG, EFS GmbH, Elektronische Fahrwerksysteme GmbH, Engineering Center for Steyr MAGNAPowertrain, ESG Elektroniksystem- und Logistik GmbH, EvoBus GmbH, Faurecia, FEV Motorentechnik GmbH, Fiat, Fiat Chrysler Automobiles Group(FCA), Ford Motor Company, Forschungsgesellschaft für Kraftfahrwesen Aachen mbH, Fuji Heavy Industries Ltd., Fujitsu-Ten, GAC Guangzhou AutomobileGroup Co., Geely Automobile Holdings Ltd, German Aerospace Center (DLR), Gigatronik, GKN Driveline, Gyeongbuk Institute of IT Convergence IndustryTechnology, Hella KGaA Hueck und Co., Hirain Hong Kong Technical Corporation Limited, Hitachi Automotive Systems Ltd., HJS Emission TechnologyGmbH & Co. KG, Hochschule Reutlingen, Honda R&D Co., Ltd., Hyundai Mobis, Hyundai Motor Company & Kia Motors Corporation, IAV GmbH,IDIADA Automotive Technology S.A., IHI Aerospace Co. Ltd., iMar GmbH, Jaguar Land Rover, JCI Johnson Controls Inc., Johnson Controls – SAFT, JTEKTCorporation, JTEKT Europe Technical Center, JTEKT France, Lemförder Electronic GmbH, Leopold Kostal & Co. KG, LG Chem Power Inc., MAGNA E-Car,MAGNA STEYR Fahrzeugtechnik AG & Co KG, MAGNA STEYR Battery Systems GmbH & Co OG, MAGNA Powertrain AG, MAGNA Powertrain of America,Mando-Halla Electronics Corporation, Marquardt GmbH, Marquardt Schaltsysteme S.C.S., Marquardt Service GmbH, MathWorks Inc., MB Tech GroupGmbH & Co. KGaA, Mercedes Benz Cars, Mercedes Benz - Research and Development (India), Mercedes-Benz Research & Development North America,Inc., Methodpark, MOBIS India R&D Center, NDS e.V., Niria Dynamics AB, NSK Nippon Seiko K.K., NuCellSys GmbH, OSB AG, Ovalo, Panasonic ITS Co.Ltd, PG Intergroup, Porsche AG, Punch Powertrain N.V., Renault, Robert Bosch GmbH, Robert Bosch Engineerings and Business Solutions Ltd., SAIC,SAIC Motor Technical Center, Samsung SDI Co., Schaeffler Techn. AG & Co.KG, SALT AND PEPPER Mitte GmbH & Co. KG, Siemens AG, Siemens China,SPACEBEL S.A., Space Telescope Science Institute, Stihl AG, Tabuchi Electric Co. Ltd., TAKATA AG, TDI Product Solutions, Tech Mahindra TechnologyCentre, TECNALIA - Transport and Industrial System, Thales Transportation Systems GmbH, Thales UK, TNO PC Ware, ThyssenKrupp Presta Hungary Kft.,Toyota Motor Asia Pacific Engineering & Manufacturing Co. Ltd., Toyota Motor Corporation, Toyota Motor Europe, Toyota Technical Development Corp.,Toyota Thailand, Toyota Tsusho Electronics Corporation, Transtron Inc., TRW Automotive GmbH, T-Systems International GmbH, Vaillant GmbH, Valeo,Valeo Egypt, Validas AG, Vocis Driveline Controls, Volkswagen AG, VW Shanghai, WABCO GmbH, WABCO Development GmbH, WABCO India Limited,Webasto Thermo & Comfort, WoTech GmbH, ZF Friedrichshafen AG, ZF Lenksysteme.

7

SCOTT RANVILLE

20+ years MBD Tool and Process Consulting

Started career at Ford Research

Experience with many tools: Autocode – MiL Testing – Model Complexity – Modeling Style Guides and Checkers– etc.

Domains: Automotive and Aerospace

Standards: ISO 26262 (Functional Safety Certified Automotive Engineer), DO-178b

8

INTRODUCTION TO ISO 26262

Buggy Reality

9

SOFTWARE ARCHITECTURE

Really Reality

10

SELECT ISO 26262 WORK PRODUCTS

Formal requirements including Safety Goals

Oh My

11

ISO 26262: SOFTWARE ARCHITECTURE PRINCIPLES

Reality Wins !

12

M-XRAY® SUPPORT OF ISO 26262

1a: Report includes visualization of hierarchy

1b: Complexity = Size

1c: interfaces

1d: 1/Incoherence = Cohesion

Not So Fast !

13

EXAMPLE PROJECT EVOLUTION OVER TIME

Functional Safety Manager

14

DO‘S AND DONT‘S

Do

Plan on meeting all of the ISO 26262 Design Principles

With Initial Design

Monitor the Properties Over Time

Don’t

Think that the design principles are too abstract to measure and enforce

Let the software architecture evolve over time without monitoring it

15

EXAMPLE USE OF M-XRAY®: ISO 26262

Scenario Have existing model

Want to move to ISO 26262 process

ISO 26262 Requirements Create a Software Architecture

Identify Units and Components

Create a Test Plan

Task: Identify Units and Components Small enough to be testable, maintainable, ...

Not too small to keep test plan reasonable

We

16

EXAMPLE USE OF M-XRAY®: ISO 26262

Modeling Style Guide Consideration

To facilitate identifying Units and Components

Add “_unit” to Subsystem name for Units

Add “_comp” to Subsystem name for Components

We Are

17

EXAMPLE USE OF M-XRAY®: SIZE OF INITIAL UNIT/COMPONENT

Most meaningful M-XRAY® metric: Global Complexity

Secondary Metrics: Incoherence, Elementary I/O count

We Are Safe !

18

EXAMPLE USE OF M-XRAY®:CHANGE COMPONENT TO UNIT

The Auditor

19

EXAMPLE USE OF M-XRAY®: UNIT TOO BIG

20

EXAMPLE USE OF M-XRAY®: REFACTORED MODEL

Where is your software architecture?

21

EXAMPLE USE OF M-XRAY®: REFACTORED RESULTS

Original overly large “unit” broken into 6 “units” of reasonable size

SteeringControl_unit 1135

Original:

Refactored:

ManualSteering_unit 114

EstSteeringAngl_unit 19

PathFollower_unit 395

PathPlanner_unit 217

SMCtrlPI_unit 80

SMCtrlSmpl_unit 161

SteeringControl_comp AutoSteering_comp

Where is your test plan ?

22

DO‘S AND DONT‘S

Do

Take the time to understand legacy models

Balance Unit size for testing, maintainability, readability, …

Don’t

Accept legacy models as is because of the time needed to make it more ISO 26262 compliant (Safety Culture violation)

Where is your unit test coverage report ?

23

SW ARCH. ANALYSIS: CLONE SUBSYSTEMS

SW Team to the Rescue !

24

EVALUATION CLONE GROUPS DETECTION

Model(Simulink)

Global

complexity

#Blocks #Clone

Groups

found1

#False

Positive

Groups

#Subsystems in

Clone Groups2% Reducible

Complexity2

1 107,659 16,886 33 1 126 8.6

2 75,089 12,357 27 0 72 7.2

3 57,726 8,661 5 1 14 0.8

4 11,910 1,591 5 0 11 3.2

5 9,381 1,626 8 0 27 9.91 = False positives included, 2 = False positives excluded

Replacement of clones by libraries reduces complexity.

see Salecker et al. (2016), JUST SIMPLIFY: Clone Detection for Simulink Controller Models, SAE World Congress 2016, Detroit, MI, USA

Well Trained

25

DO‘S AND DONT‘S

Do

Enforce discipline on the developers to take the extra time to create Libraries/Model Ref for clones

Don’t

Underestimate the overall time it will take the company as a whole to leave clones in the model

Documented Process

26

SW ARCH. ANALYSIS: COHESION

Local Complexity 1104, Incoherence ≈ 5 Local Complexity 194, Incoherence ≈ 4

Subsystems with high complexity and high incoherence are appropriate candidates for refactoring.

Automated Tools

27

DO‘S AND DONT‘S

Do

Group similar functionality together

Don’t

Presume that the meaning of un-related threads in a given Subsystem is easy to understand

Safety Test Results

28

SW ARCH. ANALYSIS : HIERARCHY

Audit Passed !

29

DO‘S AND DONT‘S

Do

Understand the hierarchical organization

Don’t

Assume that each piece of the hierarchy is equally complex

30

CENTRALIZATION/LAYERED ARCHITECTURE

Pre and Post processing of signals

Error Detection/ Error Handling

CheckBatteryLevel

GearLevelPosition

Pre processing Post processing

Event storage

ECU/CAN signals

……

Product Release

31

DO‘S AND DONT‘S

Do

Create Sub-Unit hierarchy to enhance understandability and maintainability

Don’t

Mix pre/post processing with main algorithm

32

SOFTWARE ARCHITECTURE: CUSTOMER STORY

Objective

Improve testability and understanding of the model by reducing complexity

MXRAY Features Used

Complexity Metrics Refactored overly complex Subsystems

Clone Detection Converted redundant elements into Library/Model Reference

Results

“MXRAY considerably improved the overall readability, testability, and maintainability of our software modules.” Humphrey Achiri, Senior Developer

Calibrators: “become much easier to navigate”

Testers: easier to perform requirements-based testing since individual requirements were better aligned with the actual implementation in subsystems

Requirements Team: “Wow – these software models are much easier to understand and to work with now.”

see https://model-engineers.com/en/company/references/success-stories/

Accident Free !

33

SAVE THE DATE

“Taming the Beast – How to Manage Large Software Models”

March 13 - 14, 2019, Troy, Michigan

April 8 – 9, 2019, Berlin, Germany

Agenda

Basic concepts of software architectures

Assessing architectural design principles in models

Refactoring Simulink® models

Layered architectures

Roles and responsibilities

Agile considerations

Bring your models for hands-on activities in the class

Register at: https://model-engineers.com/en/academy/training

10% Discount, contact me by Feb. 15, 2019, Code: SAFE=FUN

34

MODEL ENGINEERING SOLUTIONS INC.

Evaluations available at:https://www.model-engineers.com/en/evaluate-tool.html

Scott RanvilleT: 248-845-7664scott.ranville@model-engineers-inc.comwww.model-engineers.comBlog: https://mbdtap.wordpress.com/

© MODEL ENGINEERING SOLUTIONS INC | SW ARCH: DO & DON’T | 2019