Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
SOFTWARE QUALITY.IN CONTROL.SOLUTIONS FOR INTEGRATED QUALITY ASSURANCE OF EMBEDDED SOFTWARE
ISO 26262 SOFTWARE ARCHITECTURE IN SIMULINK®: DO’S AND DON’TS
Scott Ranville, VP, MES Inc.
SOFTWARE QUALITY.IN CONTROL.SOLUTIONS FOR INTEGRATED QUALITY ASSURANCE OF EMBEDDED SOFTWARE
MISSION STATEMENT
For more than 10 yearswe have been helping our customers
deliver embedded systemswithout software errors.
‘‘SOFTWARE THAT GETS YOU GOING
3
MES ACADEMY
MESACADEMY
MESQUALITY TOOLS
MESQUALITY TOOLS
Knowledge transfer of methods, tools, and best practices
for automotive software
development
MESTEST CENTER
© MODEL ENGINEERING SOLUTIONS INC | SW ARCH: DO & DON’T | 2019
4
STRATEGIC & PRODUCT PARTNERSHIPS
dSPACE GmbH Strategic product partner
MathWorks, Inc. Product partnership for MES Test Manager
ISO 26262 Simulink and Embedded Coderunit test framework
ETAS GmbH Product partner for ASCET guideline checking
SAE International Training workshop partner for SAE Certificate of Competency
© MODEL ENGINEERING SOLUTIONS INC | SW ARCH: DO & DON’T | 2019
5
MES QUALITY TOOLS
Professional tools for integrated quality assurance.
© MODEL ENGINEERING SOLUTIONS INC | SW ARCH: DO & DON’T | 2019
6
OUR CUSTOMERS
© MODEL ENGINEERING SOLUTIONS INC | SW ARCH: DO & DON’T | 2019
adcos GmbH, AFT Atlas Fahrzeugtechnik, Akebono Brake Corporation, Aisin Seiki, Altran, Amminex A/S, Audi AG, Audi Electronics Venture GmbH,Automotive Lighting Reutlingen, AUTOSAR GbR, AVL Software and Functions GmbH, Berner & Mattner GmbH, Bertrandt Ingenieurbüro GmbH,Bertrandt S.A.S., BFFT Gesellschaft für Fahrzeugtechnik, Borg Warner TorqTransfer Systems, Bosch Engineering GmbH, Brembo S.p.A., BTC EmbeddedSystems AG, Carmeq GmbH, CATL, Changan R&D Centre UK, CLAAS Industrietechnik GmbH, Continental Automotive GmbH, Continental Brasil,Continental Engineering Services GmbH, Conti TEMIC microelectronic, CTAG Centro Tecnológico de Automoción de Galicia, Daimler AG - Research andAdvanced Engineering, Daimler AG - Truck Division, Daimler AG (India), Dana Rexroth Transmission Systems, Delphi, DENSO AUTOMOTIVE DeutschlandGmbH, DENSO Corporation, DENSO Create Inc., DEUTZ AG, Dong Feng Motor Co., dSPACE GmbH, dSPACE (Japan), e4t electronics for transportation,Eberspächer Climate Control Systems GmbH und Co. KG, EFS GmbH, Elektronische Fahrwerksysteme GmbH, Engineering Center for Steyr MAGNAPowertrain, ESG Elektroniksystem- und Logistik GmbH, EvoBus GmbH, Faurecia, FEV Motorentechnik GmbH, Fiat, Fiat Chrysler Automobiles Group(FCA), Ford Motor Company, Forschungsgesellschaft für Kraftfahrwesen Aachen mbH, Fuji Heavy Industries Ltd., Fujitsu-Ten, GAC Guangzhou AutomobileGroup Co., Geely Automobile Holdings Ltd, German Aerospace Center (DLR), Gigatronik, GKN Driveline, Gyeongbuk Institute of IT Convergence IndustryTechnology, Hella KGaA Hueck und Co., Hirain Hong Kong Technical Corporation Limited, Hitachi Automotive Systems Ltd., HJS Emission TechnologyGmbH & Co. KG, Hochschule Reutlingen, Honda R&D Co., Ltd., Hyundai Mobis, Hyundai Motor Company & Kia Motors Corporation, IAV GmbH,IDIADA Automotive Technology S.A., IHI Aerospace Co. Ltd., iMar GmbH, Jaguar Land Rover, JCI Johnson Controls Inc., Johnson Controls – SAFT, JTEKTCorporation, JTEKT Europe Technical Center, JTEKT France, Lemförder Electronic GmbH, Leopold Kostal & Co. KG, LG Chem Power Inc., MAGNA E-Car,MAGNA STEYR Fahrzeugtechnik AG & Co KG, MAGNA STEYR Battery Systems GmbH & Co OG, MAGNA Powertrain AG, MAGNA Powertrain of America,Mando-Halla Electronics Corporation, Marquardt GmbH, Marquardt Schaltsysteme S.C.S., Marquardt Service GmbH, MathWorks Inc., MB Tech GroupGmbH & Co. KGaA, Mercedes Benz Cars, Mercedes Benz - Research and Development (India), Mercedes-Benz Research & Development North America,Inc., Methodpark, MOBIS India R&D Center, NDS e.V., Niria Dynamics AB, NSK Nippon Seiko K.K., NuCellSys GmbH, OSB AG, Ovalo, Panasonic ITS Co.Ltd, PG Intergroup, Porsche AG, Punch Powertrain N.V., Renault, Robert Bosch GmbH, Robert Bosch Engineerings and Business Solutions Ltd., SAIC,SAIC Motor Technical Center, Samsung SDI Co., Schaeffler Techn. AG & Co.KG, SALT AND PEPPER Mitte GmbH & Co. KG, Siemens AG, Siemens China,SPACEBEL S.A., Space Telescope Science Institute, Stihl AG, Tabuchi Electric Co. Ltd., TAKATA AG, TDI Product Solutions, Tech Mahindra TechnologyCentre, TECNALIA - Transport and Industrial System, Thales Transportation Systems GmbH, Thales UK, TNO PC Ware, ThyssenKrupp Presta Hungary Kft.,Toyota Motor Asia Pacific Engineering & Manufacturing Co. Ltd., Toyota Motor Corporation, Toyota Motor Europe, Toyota Technical Development Corp.,Toyota Thailand, Toyota Tsusho Electronics Corporation, Transtron Inc., TRW Automotive GmbH, T-Systems International GmbH, Vaillant GmbH, Valeo,Valeo Egypt, Validas AG, Vocis Driveline Controls, Volkswagen AG, VW Shanghai, WABCO GmbH, WABCO Development GmbH, WABCO India Limited,Webasto Thermo & Comfort, WoTech GmbH, ZF Friedrichshafen AG, ZF Lenksysteme.
7
SCOTT RANVILLE
20+ years MBD Tool and Process Consulting
Started career at Ford Research
Experience with many tools: Autocode – MiL Testing – Model Complexity – Modeling Style Guides and Checkers– etc.
Domains: Automotive and Aerospace
Standards: ISO 26262 (Functional Safety Certified Automotive Engineer), DO-178b
8
INTRODUCTION TO ISO 26262
Buggy Reality
9
SOFTWARE ARCHITECTURE
Really Reality
10
SELECT ISO 26262 WORK PRODUCTS
Formal requirements including Safety Goals
Oh My
11
ISO 26262: SOFTWARE ARCHITECTURE PRINCIPLES
Reality Wins !
12
M-XRAY® SUPPORT OF ISO 26262
1a: Report includes visualization of hierarchy
1b: Complexity = Size
1c: interfaces
1d: 1/Incoherence = Cohesion
Not So Fast !
13
EXAMPLE PROJECT EVOLUTION OVER TIME
Functional Safety Manager
14
DO‘S AND DONT‘S
Do
Plan on meeting all of the ISO 26262 Design Principles
With Initial Design
Monitor the Properties Over Time
Don’t
Think that the design principles are too abstract to measure and enforce
Let the software architecture evolve over time without monitoring it
15
EXAMPLE USE OF M-XRAY®: ISO 26262
Scenario Have existing model
Want to move to ISO 26262 process
ISO 26262 Requirements Create a Software Architecture
Identify Units and Components
Create a Test Plan
Task: Identify Units and Components Small enough to be testable, maintainable, ...
Not too small to keep test plan reasonable
We
16
EXAMPLE USE OF M-XRAY®: ISO 26262
Modeling Style Guide Consideration
To facilitate identifying Units and Components
Add “_unit” to Subsystem name for Units
Add “_comp” to Subsystem name for Components
We Are
17
EXAMPLE USE OF M-XRAY®: SIZE OF INITIAL UNIT/COMPONENT
Most meaningful M-XRAY® metric: Global Complexity
Secondary Metrics: Incoherence, Elementary I/O count
We Are Safe !
18
EXAMPLE USE OF M-XRAY®:CHANGE COMPONENT TO UNIT
The Auditor
19
EXAMPLE USE OF M-XRAY®: UNIT TOO BIG
20
EXAMPLE USE OF M-XRAY®: REFACTORED MODEL
Where is your software architecture?
21
EXAMPLE USE OF M-XRAY®: REFACTORED RESULTS
Original overly large “unit” broken into 6 “units” of reasonable size
SteeringControl_unit 1135
Original:
Refactored:
ManualSteering_unit 114
EstSteeringAngl_unit 19
PathFollower_unit 395
PathPlanner_unit 217
SMCtrlPI_unit 80
SMCtrlSmpl_unit 161
SteeringControl_comp AutoSteering_comp
Where is your test plan ?
22
DO‘S AND DONT‘S
Do
Take the time to understand legacy models
Balance Unit size for testing, maintainability, readability, …
Don’t
Accept legacy models as is because of the time needed to make it more ISO 26262 compliant (Safety Culture violation)
Where is your unit test coverage report ?
23
SW ARCH. ANALYSIS: CLONE SUBSYSTEMS
SW Team to the Rescue !
24
EVALUATION CLONE GROUPS DETECTION
Model(Simulink)
Global
complexity
#Blocks #Clone
Groups
found1
#False
Positive
Groups
#Subsystems in
Clone Groups2% Reducible
Complexity2
1 107,659 16,886 33 1 126 8.6
2 75,089 12,357 27 0 72 7.2
3 57,726 8,661 5 1 14 0.8
4 11,910 1,591 5 0 11 3.2
5 9,381 1,626 8 0 27 9.91 = False positives included, 2 = False positives excluded
Replacement of clones by libraries reduces complexity.
see Salecker et al. (2016), JUST SIMPLIFY: Clone Detection for Simulink Controller Models, SAE World Congress 2016, Detroit, MI, USA
Well Trained
25
DO‘S AND DONT‘S
Do
Enforce discipline on the developers to take the extra time to create Libraries/Model Ref for clones
Don’t
Underestimate the overall time it will take the company as a whole to leave clones in the model
Documented Process
26
SW ARCH. ANALYSIS: COHESION
Local Complexity 1104, Incoherence ≈ 5 Local Complexity 194, Incoherence ≈ 4
Subsystems with high complexity and high incoherence are appropriate candidates for refactoring.
Automated Tools
27
DO‘S AND DONT‘S
Do
Group similar functionality together
Don’t
Presume that the meaning of un-related threads in a given Subsystem is easy to understand
Safety Test Results
28
SW ARCH. ANALYSIS : HIERARCHY
Audit Passed !
29
DO‘S AND DONT‘S
Do
Understand the hierarchical organization
Don’t
Assume that each piece of the hierarchy is equally complex
30
CENTRALIZATION/LAYERED ARCHITECTURE
Pre and Post processing of signals
Error Detection/ Error Handling
CheckBatteryLevel
GearLevelPosition
Pre processing Post processing
Event storage
ECU/CAN signals
……
Product Release
31
DO‘S AND DONT‘S
Do
Create Sub-Unit hierarchy to enhance understandability and maintainability
Don’t
Mix pre/post processing with main algorithm
32
SOFTWARE ARCHITECTURE: CUSTOMER STORY
Objective
Improve testability and understanding of the model by reducing complexity
MXRAY Features Used
Complexity Metrics Refactored overly complex Subsystems
Clone Detection Converted redundant elements into Library/Model Reference
Results
“MXRAY considerably improved the overall readability, testability, and maintainability of our software modules.” Humphrey Achiri, Senior Developer
Calibrators: “become much easier to navigate”
Testers: easier to perform requirements-based testing since individual requirements were better aligned with the actual implementation in subsystems
Requirements Team: “Wow – these software models are much easier to understand and to work with now.”
see https://model-engineers.com/en/company/references/success-stories/
Accident Free !
33
SAVE THE DATE
“Taming the Beast – How to Manage Large Software Models”
March 13 - 14, 2019, Troy, Michigan
April 8 – 9, 2019, Berlin, Germany
Agenda
Basic concepts of software architectures
Assessing architectural design principles in models
Refactoring Simulink® models
Layered architectures
Roles and responsibilities
Agile considerations
Bring your models for hands-on activities in the class
Register at: https://model-engineers.com/en/academy/training
10% Discount, contact me by Feb. 15, 2019, Code: SAFE=FUN
34
MODEL ENGINEERING SOLUTIONS INC.
Evaluations available at:https://www.model-engineers.com/en/evaluate-tool.html
Scott RanvilleT: 248-845-7664scott.ranville@model-engineers-inc.comwww.model-engineers.comBlog: https://mbdtap.wordpress.com/
© MODEL ENGINEERING SOLUTIONS INC | SW ARCH: DO & DON’T | 2019