Entwicklung zuverlässiger Software-Systeme, Stuttgart 30.Juni 2011

Similar documents
Tools and Methods for Validation and Verification as requested by ISO26262

Formal Verification and Automatic Testing for Model-based Development in compliance with ISO 26262

Fault-Injection testing and code coverage measurement using Virtual Prototypes on the context of the ISO standard

automatisiertensoftwaretests

Virtualization of Heterogeneous Electronic Control Units Testing and Validating Car2X Communication

Verification, Validation, and Test with Model-Based Design

ISO Compliant Automatic Requirements-Based Testing for TargetLink

Certified Automotive Software Tester Sample Exam Paper Syllabus Version 2.0

ISO compliant verification of functional requirements in the model-based software development process

From Design to Production

Virtual Hardware ECU How to Significantly Increase Your Testing Throughput!

Verification & Validation of Open Source

A Model-Based Reference Workflow for the Development of Safety-Related Software

GAIO. Solution. Corporate Profile / Product Catalog. Contact Information

Verification and Test with Model-Based Design

Is This What the Future Will Look Like?

CTFL -Automotive Software Tester Sample Exam Paper Syllabus Version 2.0

Software architecture in ASPICE and Even-André Karlsson

By V-cubed Solutions, Inc. Page1. All rights reserved by V-cubed Solutions, Inc.

On Error-Class Distribution in Automotive Model-Based Software Harald Altinger, Yanja Dajsuren, Sebastian Siegl, Jurgen J. Vinju, and Franz Wotawa

StackAnalyzer Proving the Absence of Stack Overflows

Automating Best Practices to Improve Design Quality

Understanding SW Test Libraries (STL) for safetyrelated integrated circuits and the value of white-box SIL2(3) ASILB(D) YOGITECH faultrobust STL

Developing AUTOSAR Compliant Embedded Software Senior Application Engineer Sang-Ho Yoon

Taking the Right Turn with Safe and Modular Solutions for the Automotive Industry

Model Based Development of a Light Function for a Rapid Prototyping System. Prof. Dr. Dieter Nazareth

DRYING CONTROL LOGIC DEVELOPMENT USING MODEL BASED DESIGN

Simulink 모델과 C/C++ 코드에대한매스웍스의정형검증툴소개 The MathWorks, Inc. 1

Static Analysis in C/C++ code with Polyspace

Department PGA/PRM-M2. Date Released: Department NE/PJM. C h a n g e s

SOFTWARE QUALITY OBJECTIVES FOR SOURCE CODE

MIL/SIL/PIL Approach A new paradigm in Model Based Development

Reuse of Hardware Independent Test Sequences across MiL-, SiL- and HiL-Test Scenarios

Model based testing and Hardware-in-the-Loop simulation of embedded CANopen control devices

Functional Safety and Safety Standards: Challenges and Comparison of Solutions AA309

Guido Sandmann MathWorks GmbH. Michael Seibt Mentor Graphics GmbH ABSTRACT INTRODUCTION - WORKFLOW OVERVIEW

Implementation and Verification Daniel MARTINS Application Engineer MathWorks

[0569] p 0318 garbage

Simulink for AUTOSAR: Best Practices

AstréeA From Research To Industry

C and C++ Secure Coding 4-day course. Syllabus

SCADE. SCADE Suite Tailored for Critical Applications EMBEDDED SOFTWARE

Virtualizing the TCU of BMW's 8 speed transmission

정형기법을활용한 AUTOSAR SWC 의구현확인및정적분석

Embedded/Connected Device Secure Coding. 4-Day Course Syllabus

Riccardo Mariani, Intel Fellow, IOTG SEG, Chief Functional Safety Technologist

Safety and Security for Automotive using Microkernel Technology

Deriving safety requirements according to ISO for complex systems: How to avoid getting lost?

How to Break Software by James Whittaker

European Conference on Nanoelectronics and Embedded Systems for Electric Mobility

Ensuring quality for ADAS applications with a model-based approach

Experiences with AUTOSAR compliant Autocode generation using TargetLink

Failure Diagnosis and Prognosis for Automotive Systems. Tom Fuhrman General Motors R&D IFIP Workshop June 25-27, 2010

AVS: A Test Suite for Automatically Generated Code

Leveraging Formal Methods for Verifying Models and Embedded Code Prashant Mathapati Application Engineering Group

Don t Judge Software by Its (Code) Coverage

Testing. ECE/CS 5780/6780: Embedded System Design. Why is testing so hard? Why do testing?

Hardware-In-Loop Test Setup Automation

Report. Certificate Z

TCL. ASIL Level. Software. Automotive ISO Tool-Qualification. Safety Manual. Software for Safety-Related Automotive Systems

Automatización de Métodos y Procesos para Mejorar la Calidad del Diseño

10 th AUTOSAR Open Conference

Volvo Car Group Jonn Lantz Agile by Models

LATEST ISO UPDATE Focusing on Concurrency. Heiko Doerr MGI Group, 06. December 2016

FUNCTIONAL SAFETY AND THE GPU. Richard Bramley, 5/11/2017

ES6xx Add-On & Hardware Configuration Tool V1.4.0

A Hardware-in-the-Loop Testing Platform Based on a Common Off-The-Shelf Non-Real-Time Simulation PC

Automating Best Practices to Improve Design Quality

EHOOKS V4.0 PRE-RELEASE

ISO meets AUTOSAR - First Lessons Learned Dr. Günther Heling

Current shipped hardware state: D010/01 Current released firmware version: HSP Department PGA/PRM-M2. Date Released:

EHOOKS V4.3 User Guide

Real and Virtual Development with SystemDesk

A TOOL-CHAIN FOR FUNCTIONAL SAFETY AND RELIABILITY IMPROVEMENT IN AUTMOTIVE SYSTEMS

Software Engineering 2 A practical course in software engineering. Ekkart Kindler

Workpackage WP2.5 Platform System Architecture. Frank Badstübner Ralf Ködel Wilhelm Maurer Martin Kunert F. Giesemann, G. Paya Vaya, H.

Frequently Asked Questions. AUTOSAR C++14 Coding Guidelines

Development and Deployment of ECU based Control Systems through MBD. Imperative role of Model based design in System Engineering

Verification and Validation of High-Integrity Systems

FULL VIRTUALIZATION OF RENAULT'S ENGINE MANAGEMENT SOFTWARE APPLICATION TO SYSTEM DEVELOPMENT

Module Test in System Context

Safety Argument based on GSN for Automotive Control Systems. Yutaka Matsubara Nagoya University

Alexandre Esper, Geoffrey Nelissen, Vincent Nélis, Eduardo Tovar

TESSY and ISO TESSY White Paper Author: Frank Büchner. How TESSY helps to achieve ISO compliance

KSAR Support. for. ST s SPC5 32-bit Automotive MCUs

A Study on Embedded Operating Systems for Automotive Electronics

Safety Manual. for ait, Astrée, StackAnalyzer. AbsInt Angewandte Informatik GmbH

Decoupling Test Cases from Real and Virtual Test Systems with ASAM HIL API

FMEDA-Based Fault Injection and Data Analysis in Compliance with ISO SPEAKER. Dept. of Electrical Engineering, National Taipei University

Increasing Embedded Software Confidence Model and Code Verification. Daniel Martins Application Engineer MathWorks

Functional Safety Design Packages for STM32 & STM8 MCUs

Software integration challenge multi-core experience from real world projects

Dynamic Architectural Simulation Model of YellowCar in MATLAB/Simulink Using AUTOSAR System

Appendix to The Health of Software Engineering Research

MEMORY MANAGEMENT TEST-CASE GENERATION OF C PROGRAMS USING BOUNDED MODEL CHECKING

Software Verification and Validation (VIMMD052) Introduction. Istvan Majzik Budapest University of Technology and Economics

Product: XETK-T2.1 Rev : 03 Page 1 of 12. Current shipped (hardware state): C011 Current released firmware version: HSP Department MCD/PRM-H

KESO Functional Safety and the Use of Java in Embedded Systems

Software Architecture. Definition of Software Architecture. The importance of software architecture. Contents of a good architectural model

Using Intel VTune Amplifier XE and Inspector XE in.net environment

Transcription:

Entwicklung zuverlässiger Software-Systeme, Stuttgart 30.Juni 2011 Tools and Methods for Validation and Verification as requested by ISO26262 1

Introduction ISO26262 ISO 26262 is the adaptation of IEC 61508 to comply with needs specific to the application sector of E/E systems within road vehicles. This adaptation applies to all activities during the safety lifecycle of safety-related systems comprised of electrical, electronic, and software elements that provide safety-related functions. Goal: Functional safety of electrical/electronic/programmable electronic safety-related systems Provides measures for an automotive safety lifecycle (management, development, production, operation, service, decommissioning) an automotive specific risk-based approach for determining risk classes (Automotive Safety Integrity Levels, ASILs); requirements for validation and confirmation measures to ensure a sufficient and acceptable level of safety being achieved. 2

Software development process in ISO26262 Depending on the ASIL, ISO26262 gives principles for design suggests mechanisms for error detection demands methods for the verification suggests methods for testing and deriving test cases& metrics cases on both software unit and architectural level ISO26262 follows a V-cycle development approach 3

ISO26262 Software Unit & Integration Test methods Methods for software testing at architectural (integration) and unit level (according to ISO26262 part 6, chapter 9.4.3 and 10.4.3) Requirements-based test (=validation) Interface test Fault injection test.. Includes injection of arbitrary faults in order to test safety mechanisms (e.g. by corrupting software or hardware components Resource usage test.. average/maximum processor performance, min/max execution times, storage usage (stack, program, data), bandwidth of communication links.. Back-to-back comparison test between model and code (if applicable).. model that can simulate the functionality of the software components. Here, the model and code are stimulated the same way and results compared with each other 4

ISO26262 Software Unit & Integration Test Requirements Test Requirements for software testing at architectural und unit level The test environment for software integration testing shall correspond as closely as possible to the target environment. If the software unit testing is not carried out in the target environment, the differences in the source and object code, and the differences between the test environment and the target environment, shall be analysed in order to specify additional tests in the target environment during the subsequent test phases. (part 6, chapter 9.4.6) Test Environment: The testing of the implementation of the software safety requirements shall be executed on the target hardware. (part 6, chapter 11.4.2) Hardware-in-the-loop, electronic control unit network environments, vehicles (table16) Conclusion: To optimize the test and minimize the effort, as many of the target specific potential problems should be indentified in early tests. 5

MIL, SIL, PIL, HIL MIL, SIL, PIL and HIL tests are suggested for both software unit test and integration test (part 6, section 9.4.6 and 10.4.8) MIL (model in the loop) algorithm in a simulation environment, floating point, usually open loop stimulation (test vectors) SIL (software in the loop) algorithm in a programming language, fix point, real time or non real time environment usually open loop stimulation (test vectors) PIL (processor in the loop) algorithm executed on target microcontroller real time environment usually open loop stimulation (test vectors) HIL (hardware in the loop) algorithm executed on a real time target (µc or RP target) real time environment closed loop stimulation Tests for Requirements & concepts (validation) logic Code verification (syntax, initialisation, ) Arithmetics Resource usage (Real?) time behaviour (real time) OS performance Integration test Full closed loop HW interfaces 6

Virtual Prototyping Virtual Prototyping Model-in-the-Loop (MiL) (often called simulation) Function models Floating point, non-optimized, Non-real time Plant model might be replaced by test vectors unit test open loop Several function models plant model needed integration test closed loop Plant Model Fahrer Umwelt Sollwertgeber Steuerung/ Regler Überwachung Aktuatoren Strecke Sensoren Fahrzeug 7

Virtual Prototyping Virtual Prototyping Software-in-the-Loop (SiL) SWCs C-Code Plant Model ECU ready C-Code! Fix point, optimized, multi-raster, OS/basic SW accesses, Non-real time Plant model might be replaced by test vectors unit test open loop Several function models plant model needed integration test closed loop Fahrer Umwelt Sollwertgeber Steuerung/ Regler Überwachung Aktuatoren Strecke Sensoren Fahrzeug 8

Rapid Prototyping Rapid Prototyping external Bypass System (e.g. extension of an existing system) User PC Function models or SWCs especially to identify conceptual error Real time I/O connection to real world via ECU & RP-I/O-System Function models or SWCs Rapid Prototyping System I/O System Temperature Pressure Valve/Injector Lambda ECU 9

Target Prototyping Target Prototyping internal Bypass System C-Code User PC SWCs especially to identify memory/timing issues Real time I/O connection to real world only via ECU SWCs ECU Interface System Temperature Pressure Valve/Injector Lambda ECU 10

Hardware-in-the-Loop Hardware-in-the-Loop real time replacement for the real world C-Code User PC Plant model in real time All I/O for ECU generated by HIL system SWCs ECU Interface System DVE Model Fahrer Sollwertgeber Temperature Pressure Aktuatoren Steuerung/ Regler Überwachung Umwelt Strecke Sensoren Valve/Injector Lambda Fahrzeug ECU 11

Processor-in-the-Loop Processor-in-the-Loop real time with real I/O C-Code User PC One SWC especially to identify memory/timing/µc specific issues Real time Mainly unit tests as only one SWC used real time test vectors needed SWC ECU Interface System Eval Board 12

MIL, SIL, PIL, HIL for ISO26262 requirements VP RP OTP RP OTP MIL SIL PIL HIL Requirements-based test Interface test Fault injection test Resource usage test Back-to-back comparison algorithm implementation 13

Verification RP-SIL OTP VP-SIL RP-MIL VP-MIL Validation Tools and Methods for Validation and Verification Software bug types what could possibly go wrong? Conceptual error code is syntactically correct, but the programmer or designer intended it to do something else Teamworking bugs Unpropagated updates, Comments out of date or incorrect Arithmetic bugs Division by zero, Arithmetic overflow or underflow, Loss of arithmetic precision due to rounding or numerically unstable algorithms Logic bugs Infinite loops and infinite recursion, Off by one error, counting one too many or too few when looping Syntax bugs Use of the wrong operator, Multi-threading programming bugs Deadlock, Race condition, Concurrency errors in critical sections, mutual exclusions and other features of concurrent processing. Time-of-check-to-time-of-use (TOCTOU) Resource bugs Null pointer dereference, Using an uninitialized variable, Using an otherwise valid instruction on the wrong data, Access violations, Resource leaks Interfacing bugs Incorrect API usage, Incorrect protocol implementation, Incorrect hardware handling Performance bugs too high computational complexity of algorithm, random disk or memory access sources: http://en.wikipedia.org/wiki/software_bug#common_types_of_computer_bugs; http://www.articlesnatch.com/article/software-bug-and-their-common-types/594429 14

Prototyping Tools as Environment for Validation : example EHOOKs ISO26262: 9.4.6/10.4.8: The test environment for software integration testing shall correspond as closely as possible to the target environment... ECU values for reading can be accessed via standard measurement EHOOKs is a PC software that allows to patch ECU code to access ECU values for writing. The module under test can either be executed ECU internally (= on target) or on external (RP) hardware The outputs of both implemented ECU module and module under test can be compared with a standard measurement tool (INCA) The ECU function can be added to the ECU code or executed externally The output of the simulated ECU function can be compared to the implemented software 15

Summary and conclusion State of the art prototyping methods are well suited to fulfil the requirements for development and test of safety related software according to ISO26262 These methods need to be extended to cover new software architectures like AUTOSAR Following the MIL -> SIL -> PIL -> HIL approach scan satisfy ISO26262 compliant development But advanced tools allow to cover more test details already in earlier stages while reducing the effort and time As well as improving the quality of test capabilities, test cases and coverage 16

Thank you for your attention! 17

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback