Fault-Injection testing and code coverage measurement using Virtual Prototypes on the context of the ISO standard

Similar documents
Virtual Hardware ECU How to Significantly Increase Your Testing Throughput!

Deriving safety requirements according to ISO for complex systems: How to avoid getting lost?

Formal Verification and Automatic Testing for Model-based Development in compliance with ISO 26262

Entwicklung zuverlässiger Software-Systeme, Stuttgart 30.Juni 2011

Certified Automotive Software Tester Sample Exam Paper Syllabus Version 2.0

Understanding SW Test Libraries (STL) for safetyrelated integrated circuits and the value of white-box SIL2(3) ASILB(D) YOGITECH faultrobust STL

Tools and Methods for Validation and Verification as requested by ISO26262

Riccardo Mariani, Intel Fellow, IOTG SEG, Chief Functional Safety Technologist

FUNCTIONAL SAFETY AND THE GPU. Richard Bramley, 5/11/2017

Functional Safety and Safety Standards: Challenges and Comparison of Solutions AA309

CTFL -Automotive Software Tester Sample Exam Paper Syllabus Version 2.0

DEPENDABLE PROCESSOR DESIGN

automatisiertensoftwaretests

FMEDA-Based Fault Injection and Data Analysis in Compliance with ISO SPEAKER. Dept. of Electrical Engineering, National Taipei University

Software Verification and Validation (VIMMD052) Introduction. Istvan Majzik Budapest University of Technology and Economics

By Matthew Noonan, Project Manager, Resource Group s Embedded Systems & Solutions

Click ISO to edit Master title style Update on development of the standard

Whose fault is it? Advanced techniques for optimizing ISO fault analysis

Leveraging Formal Methods for Verifying Models and Embedded Code Prashant Mathapati Application Engineering Group

European Conference on Nanoelectronics and Embedded Systems for Electric Mobility

Model-Based Design for High Integrity Software Development Mike Anthony Senior Application Engineer The MathWorks, Inc.

Automating Best Practices to Improve Design Quality

What functional safety module designers need from IC developers

Using Code Coverage to Improve the Reliability of Embedded Software. Whitepaper V

Failure Diagnosis and Prognosis for Automotive Systems. Tom Fuhrman General Motors R&D IFIP Workshop June 25-27, 2010

Automotive ECU Design with Functional Safety for Electro-Mechanical Actuator Systems

Production Code Generation and Verification for Industry Standards Sang-Ho Yoon Senior Application Engineer

Using Model-Based Design in conformance with safety standards

Software architecture in ASPICE and Even-André Karlsson

CODE / CONFIGURATION COVERAGE

Eliminating Single Points of Failure in Software Based Redundancy

Functional Safety Architectural Challenges for Autonomous Drive

Automatización de Métodos y Procesos para Mejorar la Calidad del Diseño

Functional Safety beyond ISO26262 for Neural Networks in Highly Automated Driving

Isolation of Cores. Reduce costs of mixed-critical systems by using a divide-and-conquer startegy on core level

ISO meets AUTOSAR - First Lessons Learned Dr. Günther Heling

LabVIEW FPGA in Hardware-in-the-Loop Simulation Applications

By V-cubed Solutions, Inc. Page1. All rights reserved by V-cubed Solutions, Inc.

Seven Roadblocks to 100% Structural Coverage (and how to avoid them)

Verification, Validation, and Test with Model-Based Design

Don t Judge Software by Its (Code) Coverage

From Design to Production

Verification and Test with Model-Based Design

Implementation and Verification Daniel MARTINS Application Engineer MathWorks

ISO26262 This Changes Everything!

Software Architecture. Definition of Software Architecture. The importance of software architecture. Contents of a good architectural model

Testing. ECE/CS 5780/6780: Embedded System Design. Why is testing so hard? Why do testing?

SOFTWARE QUALITY. MADE IN GERMANY.

Formal Methods and their role in Software and System Development. Riccardo Sisto, Politecnico di Torino

Automating Best Practices to Improve Design Quality

A Model-Based Reference Workflow for the Development of Safety-Related Software

Workpackage WP2.5 Platform System Architecture. Frank Badstübner Ralf Ködel Wilhelm Maurer Martin Kunert F. Giesemann, G. Paya Vaya, H.

Safety and Reliability of Software-Controlled Systems Part 14: Fault mitigation

Report. Certificate Z

Issues in Programming Language Design for Embedded RT Systems

Automated Continuous Verification & Validation for Automobile Software

Chap 2. Introduction to Software Testing

EDA Support for Functional Safety How Static and Dynamic Failure Analysis Can Improve Productivity in the Assessment of Functional Safety

Verification and Validation of High-Integrity Systems

Test requirements in networked systems

Simulink Verification and Validation

Simulink 모델과 C/C++ 코드에대한매스웍스의정형검증툴소개 The MathWorks, Inc. 1

Is This What the Future Will Look Like?

Increasing Design Confidence Model and Code Verification

정형기법을활용한 AUTOSAR SWC 의구현확인및정적분석

TU Wien. Fault Isolation and Error Containment in the TT-SoC. H. Kopetz. TU Wien. July 2007

Battery Stack Management Makes another Leap Forward

MASP Chapter on Safety and Security

The Safe State: Design Patterns and Degradation Mechanisms for Fail- Operational Systems

Test Automation Strategies in Continuous Delivery. Nandan Shinde Test Automation Architect (Tech CoE) Cognizant Technology Solutions

New ARMv8-R technology for real-time control in safetyrelated

Sicherheitsaspekte für Flashing Over The Air in Fahrzeugen. Axel Freiwald 1/2017

Alexandre Esper, Geoffrey Nelissen, Vincent Nélis, Eduardo Tovar

Software Techniques for Dependable Computer-based Systems. Matteo SONZA REORDA

Increasing Embedded Software Confidence Model and Code Verification. Daniel Martins Application Engineer MathWorks

Don t Be the Developer Whose Rocket Crashes on Lift off LDRA Ltd

Best Practices Process & Technology. Sachin Dhiman, Senior Technical Consultant, LDRA

Virtualization of Heterogeneous Electronic Control Units Testing and Validating Car2X Communication

CSE 5306 Distributed Systems. Fault Tolerance

Introducing the FPGA-Based Prototyping Methodology Manual (FPMM) Best Practices in Design-for-Prototyping

TSW Reliability and Fault Tolerance

UK EPR GDA PROJECT. Name/Initials Date 30/06/2011 Name/Initials Date 30/06/2011. Resolution Plan Revision History

ISO compliant verification of functional requirements in the model-based software development process

Development and Deployment of ECU based Control Systems through MBD. Imperative role of Model based design in System Engineering

ISO Compliant Automatic Requirements-Based Testing for TargetLink

Testing for the Unexpected Using PXI

Simulink 를이용한 효율적인레거시코드 검증방안

Model-Based Design for Safety Critical Automotive Applications

Strato and Strato OS. Justin Zhang Senior Applications Engineering Manager. Your new weapon for verification challenge. Nov 2017

Frequently Asked Questions. AUTOSAR C++14 Coding Guidelines

Automatic Code Generation Technology Adoption Lessons Learned from Commercial Vehicle Case Studies

Enabling Safe, Secure, Smarter Cars from Silicon to Software. Jeff Hutton Synopsys Automotive Business Development

Automotive Functional Safety

What are Embedded Systems? Lecture 1 Introduction to Embedded Systems & Software

Driver Assistance Pushes New Flash Functionalities

Software integration challenge multi-core experience from real world projects

Software Quality. Chapter What is Quality?

EXPERIENCES FROM MODEL BASED DEVELOPMENT OF DRIVE-BY-WIRE CONTROL SYSTEMS

Safety and Security for Automotive using Microkernel Technology

Architecture concepts in Body Control Modules

Transcription:

Fault-Injection testing and code coverage measurement using Virtual Prototypes on the context of the ISO 26262 standard NMI Automotive Electronics Systems 2013 Event Victor Reyes Technical Marketing System Level Solutions September 24 th, 2013 Synopsys 2013 1

AGENDA Introduction Fault-Injection with Virtual Prototypes Code Coverage with Virtual Prototypes Summary Synopsys 2013 2

The Zero SW Defects Challenge Cost of non-quality Recalls Late redesigns Jaguar announces the recall of 17.600 units only on the UK due to software glitches on the cruise control system, IEEE Spectrum, October 2011 Cost of testing Testing is already 75% of the SW development cost Variants induced combinatorial complexity Opel chassis: one vehicle, 72 variants, 250.000 test scenarios Expensive HIL testing labs Not only more testing but better testing Driven by code coverage Testing when HW or SW fails Diagnostic SW is already 50% of the LoC and runtime Safety standards ISO 26262 Source: Infineon Synopsys 2013 3

ISO 26262 Functional Safety Standard What is ISO 26262? Functional safety standard for passenger vehicles (replacing IEC 61508) Addresses hazards caused by malfunctioning behavior of E/E safety related systems What does it provide? Automotive safety lifecycle Automotive specific risk-based approach ASIL (Automotive Safety Integrity Levels) Requirements for validation of safety levels Is the standard mandatory? Not directly, but becomes best practice and state-of-the-art. This imposes legal responsibilities to manufacturers that do not apply the standard, being liable in court in case of accident. Synopsys 2013 4

Requirements for ASIL V&V o no recommendation + recommended ++ highly recommended 4-7 System Design 4-8 Item Integration and Test 5-7 Hardware Design 6-7 SW Architectural Design 5-10 HW Integration and Test 6-10 SW Integration and Test 4.7 Verification Methods (partial list) ASIL A B C D Simulation + + ++ ++ System prototyping + + ++ ++ 6.10 Methods for SW integration testing (partial list) ASIL A B C D Requirement-based test ++ ++ ++ ++ Fault Injection test + + ++ ++ Back-to-back test + + ++ ++ Simulation and prototyping are highly recommended methods for System, HW and SW Design verification, specially as a fault-injection technique Fault-injection testing is highly recommended during Integration and Test for: (System) to improve test coverage of safety measures that are not invoked during normal operation (HW) whenever a HW safety mechanism is defined to analyze its response to faults (SW) where arbitrary faults corrupting software or hardware components must be injected to test the safety mechanism Synopsys 2013 5

Requirements for ASIL V&V (cont.) o no recommendation + recommended ++ highly recommended 4-7 System Design 4-8 Item Integration and Test 5-7 Hardware Design 6-7 SW Architectural Design 5-10 HW Integration and Test 6-10 SW Integration and Test The test environment for software integration testing shall correspond as closely as possible to the target environment Differences can arise in the source or object code due to different bit widths of data/address words of the processors Differences between the test environment and the target environment shall be analyzed in order to specify additional tests in subsequent test phases 6.9 Structural coverage metrics at the SW unit level 6.10 Structural coverage metrics at the SW architecture level ASIL A B C D Statement coverage ++ ++ + + Branch coverage + ++ ++ ++ MC/DC (modified condition/decision coverage) + + + ++ ASIL A B C D Function coverage + + ++ ++ Call coverage + + ++ ++ Synopsys 2013 6

AGENDA Introduction Fault-Injection with Virtual Prototypes Code Coverage with Virtual Prototypes Summary Synopsys 2013 7

Fault-Injection Overview Fault-injection help to determine whether the response of a system matches its specification, in presence of a defined set of faults. Aimed at Understanding of the effects of the faults and thus of the related behavior of the target system Assessing the efficacy of the fault tolerance mechanisms embedded into the target system Reducing the presence of faults in the design/implementation of the fault tolerance systems Hardware faults (best classified by their duration) Permanent (triggered by component damage), Transient (triggered by environmental conditions, a.k.a. soft-errors), Intermittent (unstable hardware) Software faults are always the consequence of an incorrect design, at the specification or at the coding time Faults are latent in the code and show up only during operations Despite their permanent nature, their behaviors are transient Synopsys 2013 8

Techniques and Categorization Hardware-based Fault-Injection w/ contact wo/ contact Software-based Fault-Injection Simulation-based Fault-Injection (RTL /Gate Level) Faults injection points Limited set of injection points, mainly IO pin level Internal (soft errors: radiation, EMI) Only locations accessible by SW (memory, registers) Full access to HW blocks Able to model permanent faults Intrusiveness on the experiment Yes No No (unless explicit HW support) Yes None None High None Observability Low Low Low High Controllability High Medium High High Repeatability Medium Medium Medium High Experiment speed Real time Real time Real time Very slow (limits the actual cases where can be applied) Synopsys 2013 9

What are Virtual Prototypes? Fast, fully functional software model of the digital hardware executing unmodified production software and providing a higher debugging/analysis efficiency Target Software Stack Virtual ECU Early Availability Easier Deployment Synopsys 2013 10 Seminar 2012

What are Virtual Prototypes? Fast, fully functional software model of the digital hardware executing unmodified production software and providing a higher debugging/analysis efficiency Visibility Controllability Target Software Stack Virtual ECU Non Intrusive Deterministic Fast Scriptable Better Developer Productivity Synopsys 2013 11 Seminar 2012

Where do we fit in? Physical/mechanical models modeled in e.g. Saber, Simulink ECU Other ECU components (mainly mixed-signal) modeled in e.g. Saber, Simulink Virtual Prototype (running real binary software) Synopsys 2013 12

Fault-Injection using Virtual Prototypes Virtual Prototype based solution Faults injection points Able to model permanent faults Intrusiveness on the experiment Observability Controllability Repeatability Experiment speed Full access to internal and external HW elements (that have been modeled), as well as SW Yes None High High High 1/10 real time Can modify the state of the complete system Faults reside in the simulation framework / do not go into release code All HW and SW events can be recorded and correlated Can be triggered by software, hardware or time events Completely deterministic Fast enough to run complete SW stacks Synopsys 2013 13

Virtual ECUs are Being Used by Tier1s For SW Development Compliant with ISO26262 Method: Injection of error into IC models by simulation backplane during program execution Benefit of simulator approach: Access to failure modes, which are hard to provoke with silicon setup Source: Advanced Fault-Injection Methods for Automotive Safety Critical System (Freescale, Continental-Teves, Synopsys) Synopsys 2013 14

AGENDA Introduction Fault-Injection with Virtual Prototypes Code Coverage with Virtual Prototypes Summary Synopsys 2013 15

Code Coverage Overview Code coverage help achieving cost-effective testing, i.e. same result with fewer tests (eliminate redundant tests) What to measure? Function coverage: has each function in the SW been called? Call coverage: has each different function call been encountered at least once? Statement coverage: has each statement in the SW been executed? Branch coverage: has each branch of each control structure been executed? Decision coverage: has every decision taken all possible outcomes at least once? Condition coverage: has each Boolean sub-expression evaluated both true and false? Modified Condition/Decision coverage Synopsys 2013 16

Confidence (target) vs. Productivity (host) On-target testing + Minimizes the credibility gap, the possibility that unanticipated difference exist between execution on-host and on-target + Has the ability to execute all code (e.g. drivers). + Provides better arguments to certification authorities Depends on HW resources/instrumented code On-host testing + Useful when target is not available or when access is limited + Quicker build-run-analyze turnarounds Software requires adaptation Synopsys 2013 17

Coverage Flow with Virtual Prototypes + Good turnaround and scalability (parallel simulations) + Software does not require adaptations (same binary) + Does not consume hardware resources + Code does not need to be instrumented Few supported metrics for now (connection to external tools possible) Synopsys 2013 18

Example of code coverage report Statement and function coverage Analysis based on LCOV Synopsys 2013 19

AGENDA Introduction Fault-Injection with Virtual Prototypes Code Coverage with Virtual Prototypes Summary Synopsys 2013 20

Virtual Prototypes for Functional Safety Fault-injection and code coverage are two important techniques recommended by ISO 26262 Virtual Prototypes provide a framework for advanced fault-injection o Providing more visibility and fault-injection points than HW based w/ contact FI o More controllable and precise to trigger soft-errors than HW based wo/ contact FI o Completely non-intrusive (unlike Software based FI) o Running orders of magnitude faster than RTL/gate level simulators Virtual Prototypes can be used to make testing more cost-effective through code-coverage measurements o o With the turnaround and scalability of host-based methods With the confidence of target-based methods Errors can be put under version control and FI testing automated and measure during regressions May be used as testing evidence for certification Synopsys 2013 21

Mazda Adopts Synopsys' Virtual Prototyping Solution for Electronic Control Unit Verification ECU system verification in a virtual environment. Shift testing on real equipment (Automobiles and HILS) to virtual environment. Perform dangerous live tests and difficult to reproduce conditions and scenarios Save development time and costs Enhance levels of safety, reliability and quality. "Today, the ECU is the most important device in automobiles based on performance and cost. We need virtual prototyping not only to accelerate ECU development time while lowering cost, but also to ensure that our ECUs are safe and reliable," said Mr. Hisayoshi Naito general manager, Vehicle Development Division, Mazda. More Information: http://synopsys.mediaroom.com/index.php?s=43&item=884 Synopsys 2013 22

Synopsys 2013 23 Thank You

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback