tool-based “essential analysis” for simple and formally verified … · 2018-05-01 · since...

editing, distribution, as well as in the event of applications for industrial property rights.

Introducing SCODE Essential Analysis Methodology & Tool

Mastering Complexity

Tool-based “Essential Analysis” for simple and formally verified solutions including program-code

Arndt-Michael Meyer, ETAS (Bosch Group)Eindhoven, 4th October 2017

Sample Implementation from ASCET

Complex ImplementationComplex Interrelationships Very high number combinations and paths to be tested

SCODE – the “Why” part

Some of the common challenges in embedded software

developments are:

Complex Implementations

Hard to understand

Difficult to test and maintain

Complex Input / Output Dependencies

Alternate cause-effect chains

Mixed data and control flow

Inherent conundrum that comes out of combinations

Number of input / output combinations

Number of variants

Consider a software implementation with 15 dynamically active Boolean switches, this

would mean that SW will have 32768 combinations / paths which are to be designed,

defined and tested.

Any increase in the number of switches, increases these combinations

exponentially. Doubling the switches in the above example, say 30 Switches would

lead to ~109 combinations paths.

SCODE helps not only to handle these complexities, but also to verify the completeness, determinism and consistency

SCODE – the “What” part

SCODE allows to describe and verify complex

interrelationships of embedded software systems

in a clear manner, by applying the idea of an

Essential Analysis

With the support of appropriate tooling SCODE

can help to prove that the whole input space is

covered and that all decisions are consistent

It provides efficiency gains by avoiding issues

found in the later phases of the development

through early verification

SCODE supports in the creating design that

comply to the requirements of the functional

safety standards

SCODE – the “What” part

SCODE Methodology is from Bosch Corporate Research. ETAS is the transfer partner

for the methodology and the tool.

The methodology is first introduced in 2007 and has been applied more than 200 pilot

projects in more than 10 business units inside Bosch

Since 2014, ETAS is supporting various Bosch business units in implementation,

provide SCODE coaches and training on SCODE

SCODE has been successfully applied in different domain areas ranging from engine

control, driver assistance to consumer appliances.

ETAS has supported multiple applications with series development, including the ones

with functional safety relevance.

SCODE – the “When” part

When to apply SCODE?

SCODE methodology is for design and re-engineering of problem scenarios that

include many interdependent decision points, such as:

Model-based embedded systems with many switches

Nested if-statements in program code

Complex state machines

Multiple variants with dependencies

When NOT to apply SCODE?

SCODE is not the right solution for the problem scenarios like

Straight forward Calculations

Protocols, Cyclic routine behavior

Database Management

SCODE Essential Analysis Methodology

Basic Idea: Decompose the Problem

Standard approach: Divide et impera (divide and conquer)

Essential Analysis systematically decomposes overall problem

according to discrete situations in the system context

leads to (maximal) independent sub-problems, called modes

separates control flow from data flow

Mode decomposition shows only inherent complexity of problem

Problem Context

System

Context 1

Mode 1

Context n

Mode nSCODE

Basic Idea: Formalize the System Knowledge

Structured discussion between

System Expert (context, requirements, system

approach)

Analyst (method competence)

Compact & formal notation

Unambiguous specification

Enables automated property checks

Amenable to test case derivation

Basic Idea: Guaranteed Completeness and Consistency

With appropriate tooling, Guaranteed properties of

system and system design

Completeness

Checks whether all possible states in problem

space have been analyzed.

Determinism

Checks whether each context situation leads

exactly into one mode of operation

Consistency

Checks whether transitions between the modes

are unique and lively

ETAS SCODE Tool V2.2.0

Overview SCODE Approach

Results : Formalized System Knowledge &Guaranteed Completeness and Consistency

Complete & Consistent Specification

Decision Tree

Mode Transition Graph

• Requirements• Existing

Implementations• Function

Specifications

• Design Specification

• Code Gen in ML , C• Test Case

Generation

SCODE: Separation of Control from Data Flow

~30 Switches ~109 Paths

Step 1: Define Problem Space

The problem space is defined using a Zwicky-Box* in

terms of

Dimensions – aspects of the system or its context that

cause or represent different system behaviors (or cause

effect chains)

Alternatives – possible values or value ranges of a

dimension

*A morphological box developed by Fritz Zwicky, a Swiss astronomer for problem solving

Step 2: Define Modes

Modes are defined via rules referring to the problem

space, as a combination of dimension-alternatives

The complete problem space is partitioned into:

a) System Modes, and

b) Non-System Mode(s)

The tooling provides static analysis checks for the

completeness and consistency of these definitions

The check for the completeness can be configured for

condition sub-space only or for total problem

space.

Step 3: Define Mode Transitions

The definition of the mode transition captures the

dynamic behavior of the system in the problem context

This is done by the specifying which event (changes in

the context) causes a transition between system modes

In similar way, the changes in the context that doesn’t

exist / doesn’t occur / are not allowed for a given system

mode are defined as non-transition of the given system

Benefits

Efficiency Gains

Enables early-verification of the specification

20% to 50% savings in development effort (according to expert

estimates)

Modularity

Mode structure eases extensibility

o Introduction of additional modes (e.g. failure or fall-back modes)

without interference with existing modes

Systematic handling of static variants

o Derivation of topology or feature variants

Benefits

Complexity Reduction

Systematic problem decomposition

Separation of control and data flow by derivation of system modes

Formalized system knowledge

Compact and unambiguous specification

Easily understandable models per mode (= context situation)

Quality Assurance

Guaranteed completeness and consistency

Supports derivation of test cases

Suitable for new developments as well as restructuring of existing

functions

SCODE Tool

Video of SCODE tool usage

ETAS RTA Consulting

ETAS RTA Consulting can support you in every step

from investigating until rolling out the SCODE

methodology into your company/business unit

Perform a SCODE Analysis for a given project need

- from deriving the problem description to high

quality specifications, code, and test cases

Help with transferring the results of the SCODE

Analysis into a series code implementation

Provide SCODE coaches that support the rollout

and implementation of the methodology in order

to establish the know-how in-house

Provide training on SCODE methodology and

tooling to support establishing the in-house

capability for the methodology and the tooling

From Piloting to Roll-out

We support you in every step from “Getting-to-Know” Phase until Roll-out Phase of the SCODE

methodology into your company/business unit

From piloting

to rolling-out

• Perform /support SCODE analysis from concept to code generation for a specific customer applications

• Workshops and hands-on with customer examples with multiple experts

• Coaching & hands-on with a single expert

• Offer training on the methodology and tool

• Provide guidelines and material for in-house training

Possible timeline for SCODE introduction

Further Links

Resources

SCODE Essential Analysis Whitepaper from ETAS Downloads

ETAS SCODE Tool on ETAS Website

ETAS SCODE Flyer from ETAS Downloads

ETAS SCODE Trainings from ETAS Trainings Section

Your contacts for SCODE @ ETAS

tool-based “essential analysis” for simple and formally verified … · 2018-05-01 · since...

Documents

spc58 mcus etas rta autosar starter kit · st’s etas...

acsi etas host

real-time location & etas - copilot professional ·...

nonstationary etas models for nonstandard earthquakes

high data transfer allows universal use - etas

8 western blot diagnostico etas

etas flexecu en

autosar-softwaremit ascet (dr. kai pinnow –etas gmbh)...

etas ascmomocav5.4 user'sguide...1ascmomoca–introduction...

the countdown to etas [encore]

rec etas baby cooke nero 2007

environmental triaxial automated system (etas)

eletronic travel aids etas

etas: evolved text ads by mark irvine

ascet v7.1 release notes en - etas...etas introduction ascet...

etas & design methods for anchors in construction 26 07...

ats1250 inst rom - etas

rta-os zynqusr5/arm v2.0 - etas

etas rtpc v6.5.1 - hardware compatibility list

ascet-se v6.3 user's guide - etas