Achieving Effective Verification and Validation of Vehicle E/E Systems - Part 4

April 12, 2019


Achieving Effective Verification and Validation of Vehicle E/E Systems - Part 4

A generative model-driven development (MDD) workflow is a systems engineering process that uses software tools to automatically generate products using models as inputs.

This is the fourth installment in a series of articles addressing engineering challenges and opportunities associated with the verification and validation of autonomous and semi-autonomous vehicles.

Part IV: Generative model-driven development workflows

A generative model-driven development (MDD) workflow is a systems engineering process that uses software tools to automatically generate products using models as inputs, applying model transformation algorithms that capture engineering expertise that is otherwise applied manually. This technique allows developers to focus on their domain and create models using domain-specific modeling tools that are optimized for specific types of problems. After sufficient verification and validation (V&V) of these models that prove that the system they represent meets requirements, the validated models drive subsequent automated production phases in a systematic manner. Generative MDD workflows ensure the best quality, performance, and compliance while also shrinking development time.

Generative model-driven development workflows can optimize quality, performance, and compliance while streamlining development cycles.

Standards such as ASAM XIL, FMI, and AUTOSAR provide formal ingredients to establish a comprehensive generative MDD workflow for electrical/electronic (E/E) system development. ASAM XIL provides the standard test automation and test bench architecture, FMI provides the standard abstraction required to deploy domain-specific models into the workflow, and AUTOSAR standardizes on the software architecture aspects used to map formal E/E hardware and software concepts to the models and test data. AUTOSAR is also used as part of the produced implementation as an embedded software runtime. Using a set of rules, it is possible for tooling to take test case descriptions, functional models, environmental models, and architectural models that are produced during normal system design efforts, and generate the test benches, mappings, and configurations required for automatic V&V regression testing.

Today, generative MDD workflows exist that begin with AUTOSAR models of an E/E system’s architecture and FMI models of its software and environmental behavior, and then automatically configures and generates production quality embedded software images that are ready for V&V on a scalable XIL test bench. In these workflows, AUTOSAR is used to guide the domain-specific behavioral modeling activity because the model represents embedded software that will deploy in an AUTOSAR platform. By using the architecture model as an input to behavioral modeling, the model conforms to the structure needed by the C/C++ code generation tools that are specifically designed to produce AUTOSAR-compliant code. This saves an engineering adaptation step and helps focus the controls and function engineers on behavior and triggering semantics that surround the system.

Very little to no input is required by the ECU integrator to produce systems that are ready for V&V. The amount of input depends on the engineering phase (what aspect of the system is under test) and also any institutional rules and styles their organization employs at each engineering step. For example, if it is the application logic that is being tested, default configuration rules that generate “good enough” AUTOSAR firmware is sufficient for validating the function, because AUTOSAR-compliant platforms realize standard semantics independent from actual ECU hardware specifics. If timing, memory, and other hardware-dependent constraints must be considered, more rigorous rules must be applied. But even in this case, once the generation is configured, the generative workflow automatically produces the integrated ECU including the AUTOSAR firmware and runtime environment.

Using an AUTOSAR-aware MDD workflow, the model-in-the-loop (MIL) test bench generation is automated. In addition, its V&V efforts are performed in a more realistic embedded software context. In tool offerings that utilize scalable virtual ECUs that model ECU hardware, what is traditionally performed using software-in-the-loop (SIL) test benches can be skipped, and the V&V can be directly performed on virtual hardware-in-the-loop (vHIL) test benches that offer the convenience advantages of SIL test benches and the fidelity advantages of hardware-in-the-loop (HIL) test benches.

In short, generative MDD workflows provide value by leveraging implementation domain expertise that is captured in tools to increase quality and reduce problems, and manual or otherwise repetitious efforts are eliminated, thereby accelerating time-to-market.

The fifth and final installment in this series will address the role of generative model-driven development in automotive V&V.