LATEST ISO UPDATE Focusing on Concurrency. Heiko Doerr MGI Group, 06. December 2016

Similar documents
SOFTWARE QUALITY. MADE IN GERMANY.

SOFTWARE QUALITY. MADE IN GERMANY.

Software architecture in ASPICE and Even-André Karlsson

Guido Sandmann MathWorks GmbH. Michael Seibt Mentor Graphics GmbH ABSTRACT INTRODUCTION - WORKFLOW OVERVIEW

Taking the Right Turn with Safe and Modular Solutions for the Automotive Industry

정형기법을활용한 AUTOSAR SWC 의구현확인및정적분석

Introducing a new temporal partitioning scheme to AUTOSAR OS

A Model-Based Reference Workflow for the Development of Safety-Related Software

2.1 What are distributed systems? What are systems? Different kind of systems How to distribute systems? 2.2 Communication concepts

Entwicklung zuverlässiger Software-Systeme, Stuttgart 30.Juni 2011

Software integration challenge multi-core experience from real world projects

Virtual Validation of Cyber Physical Systems

automatisiertensoftwaretests

Safety and Security for Automotive using Microkernel Technology

TCL. ASIL Level. Software. Automotive ISO Tool-Qualification. Safety Manual. Software for Safety-Related Automotive Systems

10 th AUTOSAR Open Conference

Virtualization of Heterogeneous Electronic Control Units Testing and Validating Car2X Communication

Alexandre Esper, Geoffrey Nelissen, Vincent Nélis, Eduardo Tovar

Deriving safety requirements according to ISO for complex systems: How to avoid getting lost?

Practical approaches for re-architecture with benefits for AUTOSAR or non-autosar implementations Dave Hoadley Principle Pilot Engineer

ISO meets AUTOSAR - First Lessons Learned Dr. Günther Heling

The Safe State: Design Patterns and Degradation Mechanisms for Fail- Operational Systems

10 th AUTOSAR Open Conference

AUTOSAR proofs to be THE automotive software platform for intelligent mobility

AUTOMATIC FUNCTIONALITY ASSIGNMENT TO AUTOSAR MULTICORE DISTRIBUTED ARCHITECTURES

Developing Dependable Software-Intensive Systems: AADL vs. EAST-ADL

AMDC 2017 Liviona Multi-Core in Automotive Powertrain and Next Steps Towards Parallelization

Communication Patterns in Safety Critical Systems for ADAS & Autonomous Vehicles Thorsten Wilmer Tech AD Berlin, 5. March 2018

Simulink for AUTOSAR: Best Practices

Tools and Methods for Validation and Verification as requested by ISO26262

Optimal Implementation of Simulink Models on Multicore Architectures with Partitioned Fixed Priority Scheduling

Welcome Note. Dr. Thomas Scharnhorst, AUTOSAR Spokesperson 10 th AUTOSAR Open Conference 8 th Nov 2017, Mountain View, California

AstréeA From Research To Industry

ISO Compliant Automatic Requirements-Based Testing for TargetLink

Functionality assignment to partitioned multi-core architectures

Automotive Networks Are New Busses and Gateways the Answer or Just Another Challenge? ESWEEK Panel Oct. 3, 2007

MARTE for time modeling and verification of real-time embedded system

Handling Challenges of Multi-Core Technology in Automotive Software Engineering

AUTOBEST: A microkernel-based system (not only) for automotive applications. Marc Bommert, Alexander Züpke, Robert Kaiser.

Generating Industry Standards Production C Code Using Embedded Coder

Installation of software and hardware Starting program and configuration of language and serial port... 3

An Information Model for High-Integrity Real Time Systems

D4.10 Final parmerasa Multi-core System Software

DRYING CONTROL LOGIC DEVELOPMENT USING MODEL BASED DESIGN

Frequently Asked Questions. AUTOSAR C++14 Coding Guidelines

Certified Automotive Software Tester Sample Exam Paper Syllabus Version 2.0

Fault-Injection testing and code coverage measurement using Virtual Prototypes on the context of the ISO standard

In Vehicle Networking : a Survey and Look Forward

Arccore AB 2017, all rights reserved. Accelerating innovation

Separating Product Variance and Domain Concepts in the Specification of Software Product Lines

Automated Freedom from Interference Analysis for Automotive Software

ABB Group May 7, 2010 Slide 1

Safety and Reliability of Software-Controlled Systems Part 14: Fault mitigation

Formal Verification for safety critical requirements From Unit-Test to HIL

Verification Futures The next three years. February 2015 Nick Heaton, Distinguished Engineer

Simulink 모델과 C/C++ 코드에대한매스웍스의정형검증툴소개 The MathWorks, Inc. 1

Introduction. CS3026 Operating Systems Lecture 01

UML for RTES: develop a UML-based proposal for modelling and analysing of RTES

10 th AUTOSAR Open Conference

Model-Based Design for Safety Critical Automotive Applications

CS2506 Quick Revision

Real-Time Programming

Virtual Hardware ECU How to Significantly Increase Your Testing Throughput!

Database Management. Understanding Failure Resiliency CHAPTER

Architectural Design

VDE Testing and Certification Institute

Today s topic: Real Time Programming with Ada

Database Management. Understanding Failure Resiliency CHAPTER

MAENAD Analysis Workbench

efmea RAISING EFFICIENCY OF FMEA BY MATRIX-BASED FUNCTION AND FAILURE NETWORKS

A Study on Embedded Operating Systems for Automotive Electronics

Product Information Embedded Operating Systems

ISO compliant verification of functional requirements in the model-based software development process

Till Steinbach 1 Franz Korf 1 René Röllig 2 Thomas Eymann 2.

Architectural Design

Developing AUTOSAR Compliant Embedded Software Senior Application Engineer Sang-Ho Yoon

Balance between Formal and Informal Methods, Engineering and Artistry, Evolution and Rebuild

Honours/Master/PhD Thesis Projects Supervised by Dr. Yulei Sui

Functional Safety and Safety Standards: Challenges and Comparison of Solutions AA309

Formal Methods in Software Engineering. Lecture 07

Operating Systems : Overview

Stateflow Best Practices By Michael Burke

802.1CB Failure Mode Considerations

Considerations in automotive embedded development Global Automotive Director Kiyo Uemura

Software Architecture for Secure ECUs. Rudolf Grave EB TechDay-June 2015

The Architecture Analysis and Design Language and the Behavior Annex: A Denotational Semantics

Flight Systems are Cyber-Physical Systems

IEEE P Wireless Personal Area Networks. TG9 KMP Minutes for November 2013 Plenary meeting, Dallas, TX USA

JOURNAL OF OBJECT TECHNOLOGY

Simulink, simulation, code generation and tasks. Marco Di Natale Associate Professor, Scuola S. Anna - Italy, UTRC Visiting Fellow

JamaicaVM Java for Embedded Realtime Systems

WHITE PAPER. 10 Reasons to Use Static Analysis for Embedded Software Development

AUTOSAR Method. Webinar

A High Integrity Distributed Deterministic Java Environment. WORDS 2002 January 7, San Diego CA

AUTOSAR Overview and Classic Platform

From MDD back to basic: Building DRE systems

Is This What the Future Will Look Like?

The AADL Behavioural annex 1

Workpackage WP2.5 Platform System Architecture. Frank Badstübner Ralf Ködel Wilhelm Maurer Martin Kunert F. Giesemann, G. Paya Vaya, H.

Fast and Accurate Source-Level Simulation Considering Target-Specific Compiler Optimizations

Transcription:

LATEST ISO 26262 UPDATE Focusing on Concurrency Heiko Doerr MGI Group, 06. December 2016

STARTING POINT ISO 26262 released in November 2011 Second edition available for review as ISO/DIS 26262:2018 Final publication scheduled for 2018 Impact on model-based development Changes of part 6? 1) Use cases of model-based development 2) Evolution of best practices 3) Handling of concurrency 2

UPDATE TO ANNEX B USE CASES OF MODELS Specification of software safety requirements: Models capture corresponding functionality in addition to requirements Representation of software architectural design: Models capture the static and dynamic aspects of software Design and implementation of software units: Most prominent use of models in automotive - model based software development Integration of software components: Models for the integration of software units Verification of software: Models serve as reference implementation, e.g. for generation of test cases - most likely known as model-based testing 3

UPDATE DUE TO EVOLUTION OF TECHNOLOGY Table 5 Mechanisms for error handling: Measure 1c) Independent parallel redundancy split into a) homogeneous and b) diverse redundancy Table 9 Methods for software unit verification Pair-programming added Notion Semantic code analysis refined to Static analyses based on abstract interpretation Table 12 Methods for verification of software integration Verification techniques also applicable to integrated software, e.g. analyses on control or data flow, static code analysis as well as abstract interpretation Table 16 Methods for deriving test cases Additional methods: analysis of functional dependencies and operational use cases 4

MINOR UPDATES TO RECOMMENDATIONS Changes to level recommendation: 0 + + ++ in various tables 5

MAJOR UPDATE HANDLING OF CONCURRENCY Table 1 Modelling and Coding guidelines New section of guidelines on the Representation of concurrency aspects Table 3 Principles for software architectural design Software components of any ASIL shall use only priority-based interrupts Concurrency aspects as processes or tasks shall be expressed Appropriate management of shared resources Table 4 Mechanisms for error detection Generalizes the recommended safety measure Control flow monitoring to temporal monitoring of program execution Active access permission control mechanisms to ensure that safety related resources are not corrupted during execution Table 6 Methods for the verification of the software architectural design Recommends scheduling analysis which becomes very important for multi-core of concurrent software system 6

CONCURRENCY IN MODEL-BASED DEVELOPMENT SW Unit task 7

SCHEDULING Mapping of logical units to run-time tasks Define threads within processes according to execution model of run time environment (e.g. statically scheduled OS, AUTOSAR RTE, ) jc_0301: Controller model: Control models are organized using the following hierarchical structure: Top layer / root level Trigger layer (optional) Structure layer Data flow layer 8

MULTITASKING IN THE MODEL Which scheduling aspects can be handled in the model? Definition of tasks / processes When and how tasks will be triggered Priorities Model priorities explicitly in Simulink See misra_slsf_009_b: You must not enforce explicit statement of execution order of blocks. misra_slsf_009_c: Block execution order must be specified by either data flow or function calls misra_slsf_009_d: Explicitly state sample times in the model 9

MULTITASKING IN THE MODEL At present, SW systems generated from models are already concurrently executed. Which are current approaches to design and documentation of concurrency, if any? Which are obstacles to successful creation of concurrent tasks from a software model? Which mistakes shall be avoided? Proposals for modelling guidelines welcome 10

MGIGROUP NEXT ONLINE MEETING Tuesday, March 7, 2017 3:00 pm CET (Berlin) 9:00 am EST (Detroit) 10:00 pm CST (Beijing) 7:30 pm IST (Bangalore) 11:00 pm JST (Tokyo) Link to Event: https://model-engineers-event-en.webex.com/model-engineers-eventen/onstage/g.php?mtid=ee8b1c35a236a00933b6895ab5fa07a4c 11

CONTACT MODEL ENGINEERING SOLUTIONS GMBH Mauerstraße 79 10117 Berlin T: +49 30 2091 6463-0 F: +49 30 2091 6463-33 info@model-engineers.com www.model-engineers.com 12

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback