tool-based “essential analysis” for simple and formally verified … · 2018-05-01 · since...
TRANSCRIPT
1 Restricted | ETAS | 4th October 2017 | © ETAS GmbH 2017. All rights reserved, also regarding any disposal, exploitation, reproduction,
editing, distribution, as well as in the event of applications for industrial property rights.
Introducing SCODE Essential Analysis Methodology & Tool
Mastering Complexity
Tool-based “Essential Analysis” for simple and formally verified solutions including program-code
Arndt-Michael Meyer, ETAS (Bosch Group)Eindhoven, 4th October 2017
2 Restricted | ETAS | 4th October 2017 | © ETAS GmbH 2017. All rights reserved, also regarding any disposal, exploitation, reproduction,
editing, distribution, as well as in the event of applications for industrial property rights.
Sample Implementation from ASCET
Complex ImplementationComplex Interrelationships Very high number combinations and paths to be tested
Introducing SCODE Essential Analysis Methodology & Tool
SCODE – the “Why” part
Some of the common challenges in embedded software
developments are:
Complex Implementations
Hard to understand
Difficult to test and maintain
Complex Input / Output Dependencies
Alternate cause-effect chains
Mixed data and control flow
Inherent conundrum that comes out of combinations
Number of input / output combinations
Number of variants
3 Restricted | ETAS | 4th October 2017 | © ETAS GmbH 2017. All rights reserved, also regarding any disposal, exploitation, reproduction,
editing, distribution, as well as in the event of applications for industrial property rights.
Introducing SCODE Essential Analysis Methodology & Tool
SCODE – the “Why” part
Consider a software implementation with 15 dynamically active Boolean switches, this
would mean that SW will have 32768 combinations / paths which are to be designed,
defined and tested.
Any increase in the number of switches, increases these combinations
exponentially. Doubling the switches in the above example, say 30 Switches would
lead to ~109 combinations paths.
SCODE helps not only to handle these complexities, but also to verify the completeness, determinism and consistency
4 Restricted | ETAS | 4th October 2017 | © ETAS GmbH 2017. All rights reserved, also regarding any disposal, exploitation, reproduction,
editing, distribution, as well as in the event of applications for industrial property rights.
Introducing SCODE Essential Analysis Methodology & Tool
SCODE – the “Why” part
5 Restricted | ETAS | 4th October 2017 | © ETAS GmbH 2017. All rights reserved, also regarding any disposal, exploitation, reproduction,
editing, distribution, as well as in the event of applications for industrial property rights.
Introducing SCODE Essential Analysis Methodology & Tool
SCODE – the “What” part
SCODE allows to describe and verify complex
interrelationships of embedded software systems
in a clear manner, by applying the idea of an
Essential Analysis
With the support of appropriate tooling SCODE
can help to prove that the whole input space is
covered and that all decisions are consistent
It provides efficiency gains by avoiding issues
found in the later phases of the development
through early verification
SCODE supports in the creating design that
comply to the requirements of the functional
safety standards
6 Restricted | ETAS | 4th October 2017 | © ETAS GmbH 2017. All rights reserved, also regarding any disposal, exploitation, reproduction,
editing, distribution, as well as in the event of applications for industrial property rights.
Introducing SCODE Essential Analysis Methodology & Tool
SCODE – the “What” part
SCODE Methodology is from Bosch Corporate Research. ETAS is the transfer partner
for the methodology and the tool.
The methodology is first introduced in 2007 and has been applied more than 200 pilot
projects in more than 10 business units inside Bosch
Since 2014, ETAS is supporting various Bosch business units in implementation,
provide SCODE coaches and training on SCODE
SCODE has been successfully applied in different domain areas ranging from engine
control, driver assistance to consumer appliances.
ETAS has supported multiple applications with series development, including the ones
with functional safety relevance.
7 Restricted | ETAS | 4th October 2017 | © ETAS GmbH 2017. All rights reserved, also regarding any disposal, exploitation, reproduction,
editing, distribution, as well as in the event of applications for industrial property rights.
Introducing SCODE Essential Analysis Methodology & Tool
SCODE – the “When” part
When to apply SCODE?
SCODE methodology is for design and re-engineering of problem scenarios that
include many interdependent decision points, such as:
Model-based embedded systems with many switches
Nested if-statements in program code
Complex state machines
Multiple variants with dependencies
When NOT to apply SCODE?
SCODE is not the right solution for the problem scenarios like
Straight forward Calculations
Protocols, Cyclic routine behavior
Database Management
8 Restricted | ETAS | 4th October 2017 | © ETAS GmbH 2017. All rights reserved, also regarding any disposal, exploitation, reproduction,
editing, distribution, as well as in the event of applications for industrial property rights.
Introducing SCODE Essential Analysis Methodology & Tool
SCODE Essential Analysis Methodology
Basic Idea: Decompose the Problem
Standard approach: Divide et impera (divide and conquer)
Essential Analysis systematically decomposes overall problem
according to discrete situations in the system context
leads to (maximal) independent sub-problems, called modes
separates control flow from data flow
Mode decomposition shows only inherent complexity of problem
Problem Context
System
Context 1
Mode 1
Context n
Mode nSCODE
9 Restricted | ETAS | 4th October 2017 | © ETAS GmbH 2017. All rights reserved, also regarding any disposal, exploitation, reproduction,
editing, distribution, as well as in the event of applications for industrial property rights.
Introducing SCODE Essential Analysis Methodology & Tool
SCODE Essential Analysis Methodology
Basic Idea: Formalize the System Knowledge
Structured discussion between
System Expert (context, requirements, system
approach)
Analyst (method competence)
Compact & formal notation
Unambiguous specification
Enables automated property checks
Amenable to test case derivation
10 Restricted | ETAS | 4th October 2017 | © ETAS GmbH 2017. All rights reserved, also regarding any disposal, exploitation, reproduction,
editing, distribution, as well as in the event of applications for industrial property rights.
Introducing SCODE Essential Analysis Methodology & Tool
SCODE Essential Analysis Methodology
Basic Idea: Guaranteed Completeness and Consistency
With appropriate tooling, Guaranteed properties of
system and system design
Completeness
Checks whether all possible states in problem
space have been analyzed.
Determinism
Checks whether each context situation leads
exactly into one mode of operation
Consistency
Checks whether transitions between the modes
are unique and lively
ETAS SCODE Tool V2.2.0
11 Restricted | ETAS | 4th October 2017 | © ETAS GmbH 2017. All rights reserved, also regarding any disposal, exploitation, reproduction,
editing, distribution, as well as in the event of applications for industrial property rights.
Introducing SCODE Essential Analysis Methodology & Tool
SCODE Essential Analysis Methodology
Overview SCODE Approach
Results : Formalized System Knowledge &Guaranteed Completeness and Consistency
12 Restricted | ETAS | 4th October 2017 | © ETAS GmbH 2017. All rights reserved, also regarding any disposal, exploitation, reproduction,
editing, distribution, as well as in the event of applications for industrial property rights.
Introducing SCODE Essential Analysis Methodology & Tool
SCODE Essential Analysis Methodology
Complete & Consistent Specification
Decision Tree
Mode Transition Graph
• Requirements• Existing
Implementations• Function
Specifications
• Design Specification
• Code Gen in ML , C• Test Case
Generation
17 Restricted | ETAS | 4th October 2017 | © ETAS GmbH 2017. All rights reserved, also regarding any disposal, exploitation, reproduction,
editing, distribution, as well as in the event of applications for industrial property rights.
Introducing SCODE Essential Analysis Methodology & Tool
SCODE Essential Analysis Methodology
SCODE: Separation of Control from Data Flow
~30 Switches ~109 Paths
19 Restricted | ETAS | 4th October 2017 | © ETAS GmbH 2017. All rights reserved, also regarding any disposal, exploitation, reproduction,
editing, distribution, as well as in the event of applications for industrial property rights.
Introducing SCODE Essential Analysis Methodology & Tool
SCODE Essential Analysis Methodology
Step 1: Define Problem Space
The problem space is defined using a Zwicky-Box* in
terms of
Dimensions – aspects of the system or its context that
cause or represent different system behaviors (or cause
effect chains)
Alternatives – possible values or value ranges of a
dimension
*A morphological box developed by Fritz Zwicky, a Swiss astronomer for problem solving
22 Restricted | ETAS | 4th October 2017 | © ETAS GmbH 2017. All rights reserved, also regarding any disposal, exploitation, reproduction,
editing, distribution, as well as in the event of applications for industrial property rights.
Introducing SCODE Essential Analysis Methodology & Tool
SCODE Essential Analysis Methodology
Step 2: Define Modes
Modes are defined via rules referring to the problem
space, as a combination of dimension-alternatives
The complete problem space is partitioned into:
a) System Modes, and
b) Non-System Mode(s)
The tooling provides static analysis checks for the
completeness and consistency of these definitions
The check for the completeness can be configured for
condition sub-space only or for total problem
space.
26 Restricted | ETAS | 4th October 2017 | © ETAS GmbH 2017. All rights reserved, also regarding any disposal, exploitation, reproduction,
editing, distribution, as well as in the event of applications for industrial property rights.
Introducing SCODE Essential Analysis Methodology & Tool
SCODE Essential Analysis Methodology
Step 3: Define Mode Transitions
The definition of the mode transition captures the
dynamic behavior of the system in the problem context
This is done by the specifying which event (changes in
the context) causes a transition between system modes
In similar way, the changes in the context that doesn’t
exist / doesn’t occur / are not allowed for a given system
mode are defined as non-transition of the given system
mode
29 Restricted | ETAS | 4th October 2017 | © ETAS GmbH 2017. All rights reserved, also regarding any disposal, exploitation, reproduction,
editing, distribution, as well as in the event of applications for industrial property rights.
Introducing SCODE Essential Analysis Methodology & Tool
SCODE Essential Analysis Methodology
Benefits
Efficiency Gains
Enables early-verification of the specification
20% to 50% savings in development effort (according to expert
estimates)
Modularity
Mode structure eases extensibility
o Introduction of additional modes (e.g. failure or fall-back modes)
without interference with existing modes
Systematic handling of static variants
o Derivation of topology or feature variants
30 Restricted | ETAS | 4th October 2017 | © ETAS GmbH 2017. All rights reserved, also regarding any disposal, exploitation, reproduction,
editing, distribution, as well as in the event of applications for industrial property rights.
Introducing SCODE Essential Analysis Methodology & Tool
SCODE Essential Analysis Methodology
Benefits
Complexity Reduction
Systematic problem decomposition
Separation of control and data flow by derivation of system modes
Formalized system knowledge
Compact and unambiguous specification
Easily understandable models per mode (= context situation)
Quality Assurance
Guaranteed completeness and consistency
Supports derivation of test cases
Suitable for new developments as well as restructuring of existing
functions
31 Restricted | ETAS | 4th October 2017 | © ETAS GmbH 2017. All rights reserved, also regarding any disposal, exploitation, reproduction,
editing, distribution, as well as in the event of applications for industrial property rights.
Introducing SCODE Essential Analysis Methodology & Tool
SCODE Tool
Video of SCODE tool usage
32 Restricted | ETAS | 4th October 2017 | © ETAS GmbH 2017. All rights reserved, also regarding any disposal, exploitation, reproduction,
editing, distribution, as well as in the event of applications for industrial property rights.
Introducing SCODE Essential Analysis Methodology & Tool
ETAS RTA Consulting
ETAS RTA Consulting can support you in every step
from investigating until rolling out the SCODE
methodology into your company/business unit
Perform a SCODE Analysis for a given project need
- from deriving the problem description to high
quality specifications, code, and test cases
Help with transferring the results of the SCODE
Analysis into a series code implementation
Provide SCODE coaches that support the rollout
and implementation of the methodology in order
to establish the know-how in-house
Provide training on SCODE methodology and
tooling to support establishing the in-house
capability for the methodology and the tooling
33 Restricted | ETAS | 4th October 2017 | © ETAS GmbH 2017. All rights reserved, also regarding any disposal, exploitation, reproduction,
editing, distribution, as well as in the event of applications for industrial property rights.
Introducing SCODE Essential Analysis Methodology & Tool
From Piloting to Roll-out
We support you in every step from “Getting-to-Know” Phase until Roll-out Phase of the SCODE
methodology into your company/business unit
From piloting
to rolling-out
• Perform /support SCODE analysis from concept to code generation for a specific customer applications
• Workshops and hands-on with customer examples with multiple experts
• Coaching & hands-on with a single expert
• Offer training on the methodology and tool
• Provide guidelines and material for in-house training
Possible timeline for SCODE introduction
34 Restricted | ETAS | 4th October 2017 | © ETAS GmbH 2017. All rights reserved, also regarding any disposal, exploitation, reproduction,
editing, distribution, as well as in the event of applications for industrial property rights.
Introducing SCODE Essential Analysis Methodology & Tool
Further Links
Resources
SCODE Essential Analysis Whitepaper from ETAS Downloads
ETAS SCODE Tool on ETAS Website
ETAS SCODE Flyer from ETAS Downloads
ETAS SCODE Trainings from ETAS Trainings Section
35 Restricted | ETAS | 4th October 2017 | © ETAS GmbH 2017. All rights reserved, also regarding any disposal, exploitation, reproduction,
editing, distribution, as well as in the event of applications for industrial property rights.
Introducing SCODE Essential Analysis Methodology & Tool
Your contacts for SCODE @ ETAS