ramesh s talk

7/30/2019 Ramesh S Talk

http://slidepdf.com/reader/full/ramesh-s-talk 1/21

GM Confidential

Next Gen Embedded Control SW Development and

Validation:

Challenges & Solutions

S. Ramesh

GM R&D

([email protected])



2

GM Confidential

Electronics & Control Software

On the increase in several domains

Its complexity is exploding

Performing several critical functions



3

GM Confidential

ABS: Antilock Brake System

ACC: Adaptive Cruise Control

BCM: Body Control Module

DoD: Displacement On Demand

ECS: Electronics, Controls, and Software

EGR: Exhaust Gas Recirculation.

GDI: Gas Direct Injection

OBD: Onboard Diagnostics

TCC: Torque Converter Clutch

PT: Powertrain

V a l u e f r o m E

l e c t r o n i c s & S

o f t w a r e

- More functions & features in Software

Forefront of Innovation

Vehicle Integration

System Connection

Subsystem Controls & Features

Hybrid PT

Electric Ignition

ACC

Rear Vision

Passive Entry

Side Airbags

Fuel Cell

Wheel Motor

…

OnStar

OBD II

HI Spd Data

Rear aud/vid

CDs

BCM

ABS

TCC

EGR

Electric Fan

Head Airbags...

Electric Brake

DoD

GDI

…

…

…

……

…

1970s 1980s 1990s 2000s 2010s 2020s

Electronics, Control & Software

shifting the basis of competition in vehicles

$ 1 1 8 2

( + 1 9 6 % )

5 0 E C U s ( + 1 5 0 % )

1 0 0 M L i n e s o f C o d e ( + 9 9 0 0 % )

$ 4

0 0

2 0 E

C U s

1 M L

i n e s

Software $

Other $ Electronics $ Software $Other $2%

13%

76%

9%

Mechanical $

13%

24%

55%

8%

Mechanical $

Electronics $

AVG. AVG.

Source: Matt Tsien, GM



4

GM Confidential



5

GM Confidential



6

GM Confidential



GM Confidential



GM Confidential

Active Safety to Autonomy

360o Sensing

Hybrid Power

Train

EPS+AFS

(Partial Steer-by-wire)

V2I V2V

Wheel Motor

Brake by Wire

CAN

• By-wire applications

• Partial and Fully

Autonomous

• Federated to

Integrated functions



GM Confidential

Central Problems

How do we develop such large, complex and critical software that is correct and provides the necessary

confidence?

Are the current processes, methods and tools for V&V adequate?

What are the possible solutions and what challenges for their implementations?



GM Confidential

SW Development

Human-intensive

Considered a creative experience

Predominantly use of mental models and artifacts

Non standard Quality human dependent

Huge Gap between Requirement and Code

Requirements vague and informal

Code is formal

Human errors natural, inherent and have low

traceability 1 bug in every 40 – 50 lines of code (Industry

estimates)

Errors lead to

poor quality, high costs, conservative designs

extreme human hardship and

even serious safety issues

Requirements

Code



GM Confidential



GM Confidential

Model-based Development

Executable models used as intermediate step

Simulink/SF, UML Code auto-generated

Gap Still exists between Requirements and Design Models

V&V focused only on code

Requirements

Code

3

speed

2

throttleDelta

1

active

f()

fcg

throttleDelta

active

inactiveThrottleDelta

drag

speed

Plant

trigger

onOff

accelResume

cancel

decelSet

brake

gas

speed

throttleDelta

active

dSpeed

CruiseMain

CruiseMDL

8drag

7

inactiveThrottleDelta

6

gas

5

brake

4

decelSet

3cancel

2

accelResume

1

onOff



GM Confidential

V – cycle of Development and V&V

Focus on Integration testing (Domain & Vehicle level testing)

Many artifacts are informal and ambiguous

Test generation manual

Requirements

(System,Functional)

Functional

Architecture

Development

Physical

Architecture

Development

Integrate

SW & HW

(Component)

Functional

Integration

Vehicle

Validation

System

Validation

Implemen-

tation,

& Unit Testing

S y s t e m L

e v e l

C o m p o

n e n t

L e v e l

Simulation and Analysis Test Benches, Test Vehicles



GM Confidential

Fallout

Significant efforts for Verification and Validation with the explosion of Software Functionality

Automation of Verification Steps

Early Verification – catching bugs as they enter Higher standard of quality in Development and Verification of SW

Rigorous Processes, Methods and Tools



16

GM Confidential

Formal Methods integrated in Model Based Development

Design

Testing

Implementation

Requirements

• Formal Requirements models

– Transition systems

– Math functions – Formal logic

• Rigorous analysis

– Consistency

– Correctness – Completeness

• Design Verification

• Timing Analysis

– Model checking

• Design models – Transition Systems

– Hybrid automata

• Automatic code generation – Code generator verification

– Translation Validation

• Distributed Task schedules – Formal Verification

– Automatic

Synthesis

• Model-based testing – Test generation using model checking

– Better and effective coverage



17

GM Confidential

Formal Methods alone not enough

Formal methods is one (probably small) part in the solution

Software Engineering practices need to change

Good Requirement Engineering

Standardized and proven Components and execution infrastruture

Product-line approach to development

Rigorous Change management processes and Tools



18

GM Confidential

Technical Challenges

Scalability of formal methods

Striking the right level of abstraction

Earlier in the life cycle the better the scalability, the more robust the results (Time and Space) Distributed Development of Applications

Compositional verification methods

Extreme dependence on manual steps

Less/poor use of documentation

Lack of traceability Non standard activities

Focus on product-line rather than individual products

Lack of inadequate data for automatic V&V



19

GM Confidential

Techno Political Challenges

Existing internal `proven-in-use’ practices

Resistance to experimentation and exploration

External Tool vendors influence

Mathworks, IBM, Reactis

Changing SW Platforms and Standards

CAN vs Flexray vs Ethernet

Autosar vs Home-grown platforms

Mounting Resource Constraints

Struggling to complete yesterday’s work – no question of tomorrow’s technologies



20

GM Confidential

Conclusions

SW for Next Gen Embedded Systems pose several challenges

Automation and Rigorous Techniques are key requirements for meeting the challenges of Verification and

Validation

Formal methods employ mathematical artifacts that provide the necessary rigor

Formal artifacts are precisely analyzable with automatic support

Formal methods enhance quality and can lead to aggressive designs

SW Engg. Practices need to change significantly

Move away from human dependent steps

More standardization and less freedom for tomorrow’s programmers

The chasm between requirements and design to be bridged



GM Confidential

Thank You

ramesh s talk

Documents