Test requirements in networked systems

Similar documents
Model based testing and Hardware-in-the-Loop simulation of embedded CANopen control devices

DEVELOPMENT OF DISTRIBUTED AUTOMOTIVE SOFTWARE The DaVinci Methodology

Reasons for System Simulation with CANoe J1939 Version /06/04 Application Note AN-ION

Guido Sandmann MathWorks GmbH. Michael Seibt Mentor Graphics GmbH ABSTRACT INTRODUCTION - WORKFLOW OVERVIEW

CANoe 6.0. The Professional Development and Test Tool for CAN, LIN, MOST, FlexRay and J1587 TOOLS FOR NETWORKS AND DISTRIBUTED SYSTEMS

CAN FD - Flexible Tools for Flexible Data Rates

FOUR INDEPENDENT TOOLS TO MANAGE COMPLEXITY INHERENT TO DEVELOPING STATE OF THE ART SYSTEMS. DEVELOPER SPECIFIER TESTER

A number of optimizations are already in use by the majority of companies in industry, notably:

An Integrated Test Framework to Reduce Embedded Software Lifecycle Costs

Fending Off Cyber Attacks Hardening ECUs by Fuzz Testing

VT System Smart HIL Testing

Effective Verification Strategies for Distributed Body Control Applications based on Plant Modeling and Test Case Reuse

Certified Automotive Software Tester Sample Exam Paper Syllabus Version 2.0

Impact of Platform Abstractions on the Development Workflow

Using CAN with flexible data-rate in CANopen systems

THE BENEFITS OF MODEL-BASED ENGINEERING IN PRODUCT DEVELOPMENT FROM PCB TO SYSTEMS MENTOR GRAPHICS

Virtual Hardware ECU How to Significantly Increase Your Testing Throughput!

The software lifecycle and its documents

Tools and Methods for Validation and Verification as requested by ISO26262

ODX Process from the Perspective of an Automotive Supplier. Dietmar Natterer, Thomas Ströbele, Dr.-Ing. Franz Krauss ZF Friedrichshafen AG

CANoe.J1939. Product Information

SUMMARY: MODEL DRIVEN SECURITY

Designing and debugging real-time distributed systems

Programming CANopen from an IEC1131 point of view

Quo Vadis SAE J1939 Standardization

Artop (AUTOSAR Tool Platform) Whitepaper

Introduction To Software Testing. Brian Nielsen. Center of Embedded Software Systems Aalborg University, Denmark CSS

Formal Verification for safety critical requirements From Unit-Test to HIL

Virtualization of Heterogeneous Electronic Control Units Testing and Validating Car2X Communication

Shift Left Testing: are you ready? Live Webinar, Sept 19

Software Engineering Testing and Debugging Testing

Software Architecture. Definition of Software Architecture. The importance of software architecture. Contents of a good architectural model

Virtualizing the TCU of BMW's 8 speed transmission

Fault-Injection testing and code coverage measurement using Virtual Prototypes on the context of the ISO standard

Testing Under Time Pressure. Versatile Test Benches for Avionic Systems

vflash Vector Webinar V

Tools for CAN based networking. On the street, in the air, in the orbit

AUTOSAR Software Design with PREEvision

Integration Testing Qualidade de Software 2

AUTOSAR Method. Webinar

Chapter 1: Principles of Programming and Software Engineering

Software Engineering

Software Quality. Richard Harris

Virtual Validation of Cyber Physical Systems

Mixed Signal Verification Transistor to SoC

elektronik Security for Software and IT ECU ENERGY STORAGE TESTING COVER STORY Gasoline Direct Injection in-the-loop

Flash Bootloader. Product Information

A Data Modeling Process. Determining System Requirements. Planning the Project. Specifying Relationships. Specifying Entities

Enhancing validation with Prototypes out of Requirements Model

Architecture concepts in Body Control Modules

ISO Compliant Automatic Requirements-Based Testing for TargetLink

Lecture 34 SDLC Phases and UML Diagrams

BUILDING GOOD-QUALITY FUNCTIONAL SPECIFICATION MODEL

Chapter 1: Programming Principles

4.2.2 Usability. 4 Medical software from the idea to the finished product. Figure 4.3 Verification/validation of the usability, SW = software

Standardized Tool Components for NRMM-Diagnostics

Software Verification and Validation (VIMMD052) Introduction. Istvan Majzik Budapest University of Technology and Economics

Software Engineering - I

Object Oriented Programming

Choosing an Intellectual Property Core

UML-based framework for simulation of distributed ECU systems in automotive applications

Concept Manual vteststudio. Version 2.2 English

A Model-Based Development Method for Device Drivers

Decoupling Test Cases from Real and Virtual Test Systems with ASAM HIL API

Model Based Development and Code Generation for Automotive Embedded Systems. April 26, 2017 Dr. Gergely Pintér, Dr. Máté Kovács thyssenkrupp Steering

AUTOSAR - Challenges and Solutions from a Software Vendor s Perspective

Single device test requirements for reliable CAN-Based multi-vendor networks

Verified and validated

Design of a Flexible Integration Interface for PIL Tests

CTFL -Automotive Software Tester Sample Exam Paper Syllabus Version 2.0

Future Directions in Simulation Modeling. C. Dennis Pegden

CANbedded. Product Information

Unit Testing as Hypothesis Testing

Automotive and industrial use cases for CAN FD

Software Development Fundamentals (SDF)

A Model-Based Reference Workflow for the Development of Safety-Related Software

Rules of Writing Software Requirement Specifications

Low Level Design Activities. Implementation (Low Level Design) What is a Good Low Level Module? Black Box Aspects. Black box aspects White box aspects

ISO compliant verification of functional requirements in the model-based software development process

(Traditional) Software Development Activities

Mathematics and Computing: Level 2 M253 Team working in distributed environments

The Analysis and Proposed Modifications to ISO/IEC Software Engineering Software Quality Requirements and Evaluation Quality Requirements

CANopen, die Qual der Wahl (the agony of choice)

Chapter 2 Overview of the Design Methodology

WHITEPAPER. Is Single Automation Framework possible for all Application Layers?

lnteroperability of Standards to Support Application Integration

Holger Zeltwanger CAN CAN. protocol and its impacts on CANopen. CiA

Executive Summary. Round Trip Engineering of Space Systems. Change Log. Executive Summary. Visas

State of the Port to x86_64 July 2017

Optimizing Emulator Utilization by Russ Klein, Program Director, Mentor Graphics

Key Features. Defect Rates. Traditional Unit testing: 25 faults / KLOC System testing: 25 / KLOC Inspections: / KLOC

Indigo. Vector Diagnostic Tester V / 6

PERSPECTIVE. End-to-end test automation A behaviordriven and tool-agnostic approach. Abstract

Software Engineering 2 A practical course in software engineering. Ekkart Kindler

Requirements. Requirements. Types of Requirement. What Is a Requirement?

Unit Testing as Hypothesis Testing

Delimited. Interfaced. Readable. Modifiable. Verifiable. Prioritized* Endorsed

From Signal to Service

Design of Embedded Systems

Software Processes. Ian Sommerville 2006 Software Engineering, 8th edition. Chapter 4 Slide 1

Transcription:

Test requirements in networked systems Jürgen Klüser, Vector Informatik GmbH The use of CAN with J1939 or CANopen based higher layers leads to cost efficient and flexible solutions, but together with a high increase of the electronics complexity. An additional complication is the typical approach of distributed development between OEMs and several suppliers. The consequence has to be a systematic improvement of the development process. Project risks are to be reduced by taking testability as a design requirement and by performing the appropriate tests in the very early project phases. This paper discusses concepts combining system prototyping with test case generation along the V-model. 1 Introduction The development process of a networked system can be described by the V-model. Figure 1 shows the typical situation of today s testing activities in a simplified V- model. In contrast to pure theory the reality shows a delay of the implementation phase. Testing activities, even if planned in the beginning, are going to be specified just before they have to be performed. A typical argument is that the implementation phase will bring expertise and even changes in the original design and maybe even a more detailed view on the requirements. The consequence of late test specification is a high risk. Due to the reduced time remaining, this most often will delay the overall project or testing will not be performed sufficiently. Problems in the implementation or in the design, found at this late stage cannot be solved in time and tested again. 2 Testability as a system requirement The V-model includes two basic patterns. The first says that every phase is identified by results that have to pass a quality gate. The second demands that the phases and their quality gates on the right side are a direct traceable consequence of the corresponding phase on the left. The System Requirements mainly define use cases. This clearly should include topics like testability as an input for the architecture, requirements for EOL tests, and diagnostics requirements. Applying the two basic patterns to that approach of testability as requirement forces the system architect and designer to provide measures and specifications for tests in the early phases. Experience with that approach in the diagnostic domain as presented by [3] showed a significant increase in quality and process stability. This can be applied to the testing domain in the very same manner. Figure 1: Today s testing activities in the product s life cycle 06-6 3 System Architecture Introducing an executable specification

For years it is state of the art to describe the system architecture with simulation tools as a simulated model. Besides manual review technology this allows to systematically verify many aspects of the design. Consequent application of this approach leads us to the concept of the executable specification. This is true also for the testing domain (Refer to [4]). Specifying tests in an executable form in fact leads to a first implementation level of these tests. This immediately brings a set of benefits: The system architecture model can be tested systematically. The real world shows that problems detected in later phases may require slight modifications in the design. The tests can then be applied as regression tests. In formal words this means passing the Quality Gate Architecture can be achieved with less effort on a higher maturity level. Even the test concept itself can be tested in an early phase. A valid argument against writing test specifications before the verification and validation phases had been that the implementation will almost always bring modifications and changes. These changes invalidated test specifications and therefore resulted in wasted effort. An executable test spec can be changed without the need to specify everything from scratch again. From the communication s perspective the executable specification has further advantages: After definition of the relations between ECUs a big part of the communication description can simply be generated. This is even more true in those cases where a higher layer protocol such as J1939 or CANopen is used. These standards give much information about how relations have to be realized. In J1939 for example the signals are assigned to concrete parameter groups, that in most cases have well-defined communication parameters. The object model of CANopen allows one to generate the complete communication behavior after selection of the object relations. But tools with build-in knowledge of these protocols do not only generate complete communication system simulations in addition they generate many test scenarios, that are ready-to-use. From pure use-case tests as the highest layer this can go downwards to protocol tests and communication tests. The usage of typical commercial protocol stacks also requires testing of the integrated product. The flexibility for being usable in many different applications in protocol stacks is implemented by configurability which may be done incorrectly by the integrator. The protocol tests allow verification of conformance to the higher layer standard. This generation concept does not only save time and enhance maturity once. After potential changes the test cases can Figure 2: Approach with an executable test specification 06-7

be regenerated automatically. This will require minimal manual adaptations if at all. Refining the system model by a basic behavior description in fact specifies the requirements as an input for the ECU design. In parallel the test specifications will be refined. These are to be passed to the ECU suppliers (external company or internal departments). Today they are faced with the problem of written specifications, which very often do not describe specifically enough of what is needed or which are not fully consistent. Improved by the concept of passing simulations the full strength develops with having efficient test cases available that are part of the development contract. Regardless if the behavior description is model driven or conventional, regardless of the abstraction level in any case the simulation tool must support this by a builtin description language or by an interface to external behavior modeling or the best of both. Whether this is UML based, XML based, proprietary or whatever goes beyond the scope of this article. 4 ECU development With a written specification, designing, implementing and testing it on that basis only, is pure theory. In reality the developers need an environment with which they can implement and test stepwise. Like a debugger or emulator for the SW environment the remaining bus simulation for the communication part most often is the only chance to provide a sufficient environment. For example, implementing and testing operation modes of an ECU is not possible without correctly working network management. A typical problem in these small development steps is the availability of the counterpart of the communication modules. It costs much effort and time to set-up or implement the tests. For many cases standard analysis tools are a good choice. Much more efficient is the support by a dedicated test tool. It should provide the generated tests not only as a set but should allow for the selection, grouping, and execution of single tests easily. To accomplish this each test needs clear preconditions and constraints. Specifically the protocol tests and communication tests help to detect problems very early and therefore reduce the number of iterations between implementation and verification phases. 5 Re-use and refinement for the ECU verification The final phase of the ECU development is the ECU verification. Potential modifications of the original specifications caused by implementation experience lead only to modifications of the executable prototype. These immediately can be applied in the form of the remaining bus simulation concept. And the same is true for the modeled tests. For many higher layer protocols user organizations provide conformance tests, for example the CANopen conformance test tool of CiA, the DeviceNet conformance test of ODVA, or the ISOBUS test of DLG. It is strictly recommended to use such support. It guarantees that an ECU fulfills a certain level of conformance and interoperability. Anyhow, an intended drawback is that if a test fails, the tools do not really help in finding the reasons. This is a gap that has to be filled by the dedicated development test tools. So, once again the ability to perform single tests with meaningful tracing and problem tracking and this with fast turnaround times is indispensable. As an example take CANopen: If the SDO (transport protocol) implementation has a problem accessing an object, the conformance test just will tell you SDO failed. Repeating this in order to find details will require a long turnaround time again. A development tool with a test feature set and its generated protocol test will quickly tell, what messages have been wrong and can support in finding the problem source even down to the bit level. As already demanded for the ECU design, the ability of a test description language is essential here as well. In contrast to the pure conformance test tools the test procedure needs to be extendable by ECU specific or application specific features. 06-8

This furthermore makes one independent of the set of tests, the tool provider implementation, and allows for future extensions. 6 Back to the OEM A strong argument for remaining bus simulation is to make the system integrator capable of starting the integration of an ECU before all other ECUs are available. Features like simulated network management let the ECU think it was in a real environment. This is also a precondition for starting the first integration tests. This will save time for example if delivery delays of single ECUs occur. The automatic tests can be applied. Final integration will then only require regression tests. The focus here will be on the level of the communication tests, while the use-case tests are more a subject of the validation and acceptance phases. 7 Some detail aspects For White Box tests it is desirable to have an interface to debugging tools (Figure 4). For example in car ECUs the RTOS OSEK is used quite often. Here for example debugging and control of task states is essential. Figure 4: White box test support As mentioned above, for Black Box tests it is important to have various possibilities to efficiently describe the test activity, sequence, and timing. This should be selectable from scripting (Figure 5) or with a more abstract test pattern approach (Figure 6). The behavior of an ECU depends on its whole environment. Essentially known from the HIL concepts (see [1], [2]) any test environment needs to fulfill that aspect. As shown in Figure 3 this requires the ability to treat all relevant bus systems, but also to observe and control digital and analog I/O. This includes the treatment of standard and OEM specific system and device descriptions like DBC (CAN), LDF (LIN), EDS (CANopen), CDD/ODX (Diagnostics) and many more. Besides a GUI it shall be able to define and use userdefined panels and an open interface to application specific software. Figure 3: Testing domain Figure 5: Scripted black box tests In both cases the support has to include basic bus and I/O operations like output bus messages (CAN frames, MOST frames, J1939 PGs etc.) but also signal operations. The latter can be achieved by a so-called Interaction Layer. This has the task to map signals to the appropriate 06-9

communication entities with the correct communication parameters (timing, trigger) according to the system description. For easy treatment of timing conditions the system has to support event conditions with Wait constructs for messages, environmental conditions, and signal conditions in any combination. with Altova AuthenticDesk. The user does not need knowledge about the XML structure itself or about complex scripting languages. The open structure for tools can be utilized for test generation tools too. Typically domain know-how exists in various forms. Examples for test-case generations are: DOORS: Structuring requirements from which test-case can be organized. UML Tool: Use sequence and/or state diagrams CANdb++: Monitoring of communication parameters like cycle times, message DLCs, mapping of signals. CANdela Studio and DiVa: Specify diagnostic services and generate the necessary tests. DaVinci: Test mapping of all input and output signals to ECUs. ProCANopen: Generate complete CANopen protocol tests. and many more. Figure 6: Test pattern approach Meanwhile XML is widely used. There are many highly sophisticated tools for editing, checking and formatting XML. Figure 7 shows an example for editing a test case 06-10 8 Reporting Figure 7: Test description in Altova AuthenticDesk (XMLSpy) Last but not least all that test support is useless without a thorough reporting of the results. A modern test tool will provide automatic reporting. A typical test control structure is shown in Figure 8. It substructures in test modules with global invariants. Here again the strength of XML can be used. By using XML for the test patterns and specifications, groups of tests, test cases and sub-test-cases including their respective invariants the test tool will control the test execution. At the same time it will

set-up the report structure. The report will be created automatically, formatted by a style sheet. It contains the test structure, the test cases, the overall result, and the test passes and fails with their respective environmental conditions. 9 Conclusion The impact of consequent test concepts very often is neglected in the early phases of a project. For designing, specifying, implementing, and executing tests near the end of the project, the typical lack of time in that phase is a high risk for the project delivery date, the costs, and in particular for the quality of the product. Applying concepts of model-based development, rapid prototyping, and code generation leads to an executable test specification. This shifts much of the work to earlier project phases, provides a testing environment already before the implementation and at the same time avoiding double-work for test specification changes due to design changes. The quality of all phases is significantly enhanced, the efficiency of the implementation phases is increased, and the project risk and cost is reduced. References [1] Siegfried Beeh, Vector Informatik: Testing with CANoe, Vector Congress 2004 [2] Thomas Bardelang, DaimlerChrysler: CAN in the HIL for the new Actros; Experiences in the test of networking mechatronic systems, Vector Symposium 2004 [3] Norbert Schlingmann, Claas: Challenges and methods in the development process of CAN based diagnostic systems, Symposium CAN in Commercial Vehicles 2005 [4] Mirko Tischer, Vector Informatik: Prototyping and testing CANopen systems, CAN Newsletter 3/2006 [5] Vector Informatik GmbH, CANoe user manual, 2006 Several Figures are taken from [1] Figure 8: Test control and report structure 06-11

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback