william p. milam ford research and advanced...

High Confidence Embedded SystemsMay 1, 2003

An Automotive Perspective

William P. MilamFord Research and Advanced

Engineering


• Does it enable/enhance management of complex systems?

• Does it decrease time to market?• Does it enhance analytical capability?

Key Needs for Automotive


Drivers(Business Perspective)

• Maintain cost and reduce where possible• Increasing complexity – stability control,

traction control, hybrid, fuel cell• Emissions reduction, high reliability• Shorter time to market• Reuse and propagation


Today’s SituationTools and MethodsRely on experts and heroes Delta-change from previous designsSoftware architecture design reviewsSoftware process auditsManual system level verificationNo virtual verification (as in mechanical design)Verification only after control modules are suppliedDeal with systems problems as they arise (find and fix)

ProcessRequirements in text formatFull-service suppliers to resolve ambiguitiesSupplier component verificationTime intensive system verification due to complexityLimited life cycle information flow

Interaction Architecture based on Subsystem peer-to-peer connectivityDistributed subsystem authority negotiations (off and on line)Many interactions:

Many sources for error Difficult to develop new technologies (especially in parallel)

Complexity explosion (order n-squared) as # of subsystems increasesEach vehicle solution depends on the specific set of subsystems used (not plug-n-play)

Engine

Brakes

Climate Control

Driver Information Body

Motor/Generator

Infotainment

Trans

(representative only)


The Embedded Systems Problem

“The challenge… is to go from the traditional view of control systems as a single process with a single controller to recognising control systems as a heterogeneous collection of physical and information systems, with intricate interconnections and interactions.” [Air Force Office of Scientific Research]

“…today’s model based systems engineering tools do not address the complete range of analysis required to support future product plans. Consequently, we envision a day when we will be unable to deliver vehicles with complex content.” [Automotive Chief Engineer]

“Operational complexity of large-scale embedded systems is growing exponentially … and are increasingly integrated.” [D Sharp Boeing]


No Single Solution• Analysis design and

verification of systems with both discrete and continuous dynamics.

• Supervisory control for distributed systems.

• Automatic synthesis of algorithms with integrated verification and validation

• Reliability• Control over networks• Human interfaces • Learning systems and

robust adaptive control.

• Computation and Optimisation


Why is this so difficult?

ControllerControllerControllerController

Mode 1Mode 2

Mode 3Mode nMode

Selection

Diagnostics

FMEM

Initailisation

Sens

or I

nput

Pro

cess

ing

Actu

ator

Out

put

Pro

cess

ing

Feature A Version x.y.z

Typical P/T Control Example

• Features often execute in more than one context (e.g. 2msec, 16msec, 64msec).

• Multiple versions address program to program variation and evolution over time.

• Average feature has 1-2 execution contexts, 20 inputs and 14 outputs.

• There are about 60 features per application with more than 2000 connections among features.


Why Should We be Concerned?• Rapidly increasing technology feature

complexity (e.g. HEV, IVDC, Active Safety, …)

• Many features competing for same actuators (e.g. brake, throttle,…)

• Increasing number of suppliers of major subsystems on programs

• Market driving need to accelerate delivery of technology


Desires(MoBIES)

• Ability to adapt new tools and technologies to existing design process

• Ability to change tools without legacy pain


Challenge Problems

Radar

MissionComputer

Gyros

Accelerometers

Rudder(s)

Electro-Optical

GlobalPositioning

Inertial

Stabilators

Ailerons

Controls Displays

WeaponsExternalStores

Stick andThrottle

Engine(s)

Characteristics• Complex, Large• Decades Lifespan• Frequent Software

Updates• Mix of Computation

Types• Logic/State

Machine• Computational• Signal Processing• Feedback Control

Flight Control

External Hardware Signals

Ex te rna l Hardware S igna l s t o VC

CAN messages to VC

VC outputs to HW

V C o u t p u t s C A N m e s s a g e s

R003

2

cabin_heat_wtr_pump_f lg

1

c o o l i n g _ f a n _ o n _ i n t

v c _ o u t _ m u x

vc_hw_in_bus

vc_can_in_from_tc

vc_can_in_from_isg

v c _ c a n _ i n _ f r o m _ e c

vc_can_in_f rom_bmm

vc_can_in_f rom_bc

Trigger()

acce l_ped_pos_pct_hw

a i rbag_dep loy_f lg_hw

b r a k e _ s w i t c h _ f l g _ h w

b r a k e _ m a s t e r _ c y l i n d e r _ p r e s s _ h w

door_open_flg_hw

overd r ive_cance l_swi t ch_ f lg_hw

gear_ t ron ic_down_shi f t_ f lg_hw

gear_tronic_up_shift_flg_hw

gear_t ronic_quick_shi f t_f lg_hw

cru i se_con t r_bu t tons_ in t_hw

key_pos_int_hw

park_brake_switch_flg_hw

ac_on_flg_hw

cabin_heat_req_flg_hw

b r a k e _ p r e s s _ s w i t c h _ f l g _ h w

epo_flg_hw

eng_spd

eng_spd_va l id_f lg

eng_idle_spd_set

eng_tq

eng_tq_base

ambient_temp

s t a n d b y _ o k _ e n g _ f l g

eng_stop_type_req_int

warmup_eng_load_tq

eng_coolant_temp

eng_max_tq_capab

e n g _ m i n _ t q _ c a p a b

e n g _ c r a n k i n g _ s p d _ t a r g e t

a u x _ m e c h _ l o a d _ t q

ac_c lu t ch_on_f lg

t r ans_ tq_ra t io

gear_lever_pos_raw_int

gear_lever_pos_valid_flg

f i l tered_turbine_spd

filtered_turbine_spd_valid_flg

t r ans_o i l_ temp

trans_oil_temp_valid_flg

fi l tered_out_shaft_spd

f i l te red_out_shaf t_spd_val id_f lg

neutral_idle_status_flg

out_shaft_spd_change_rate

t r a n s _ t q _ l o s s _ o f f s e t

gear_commanded_int

t c _ t q _ m a x _ l i m _ b a s e

t c _ t q _ m a x _ l i m _ f a s t

t c _ t q _ m i n _ l i m _ f a s t

s tandby_ok_trans_flg

gear_current_int

g e a r _ e n g a g e m e n t _ f l g

tq_conv_clutch_status_int

eng_spd_req

eng_spd_req_f lg

b m m _ s o c _ r e q _ p c t

ba t t_soc_pct

ba t t_charge_curr

ba t t_equa l_cur r_req

bat t_equal_req_int

batt_volt

batt_temp

batt_sys_state_int

isg_spd

isg_inv_input_vol t

load42_aux_pwr_no_loss

inv_temp

batt12_volt

ba t t12_charge_cur r

isg_sys_state_int

i s g _ m a x _ t q _ c a p a b

isg_tq

s t a n d b y _ o k _ i s g _ f l g

i s g _ m i n _ t q _ c a p a b

i s g _ s t a t u s

s t c_mode_ in t

a b s _ a c t i v e _ f l g

msr_active_flg

veh_s tab_cont r_max_t rac_force

veh_stab_contr_min_trac_force

trac_contr_force_loss_req

veh_spd_abs

cooling_fan_on_int

cabin_heat_water_pump_on_flg

gear_tronic_quick_shif t_mode_flg

a c c e l _ p e d _ p o s _ p c t

brake_master_cyl inder_press

tq_modulation_avail_flg

airbag_deploy_flg

b rake_app l i ed_ f lg

driver_idle_req_int

brake_pressure_flg

ac_cutout_cmd_flg

b a t t 1 2 _ v o l t _ s e t

dc_dc_enable_int

eng_spd_ove r_veh_spd

filtered_veh_spd

gear_lever_pos_int

neu t r a l_ id l e_des_ f lg

rat ioed_veh_spd

v e h _ s p d

veh_spd_change_rate

trans_oil_pump_req_flg

t q _ c o n v _ c l u t c h _ s l i p _ d e s

tq_conv_clutch_sta tus_des_int

gear_des_int

shif t_s t ra tegy_sta tus_int

spd_contr_on_off_flg

spd_cont r_sof t_deac t ive_f lg

spd_contr_act ive_indicator

c rank_ tq_des_ fa s t

anti_stall_active_flg

isg_contr_mode_req_int

v c _ e n g _ i d l e _ s p d _ r e q

e n g _ t q _ d e s _ b a s e

e n g _ t q _ d e s _ f a s t

eng_tq_source_req_int

crank_capab_flg

soft_hybrid_sate_int

eng_s top_type_cmd_int

isg_func_state_req_int

c r a n k _ t q

crank_tq_valid_flg

i sg_spd_cont r_max_tq_l im

isg_spd_contr_min_tq_l im

isg_spd_des

isg_tq_des

isg_s tar t_spd_des

i sg_s top_spd_des

max_down_cur r

m a x _ u p _ c u r r

i s g _ t q _ s i g n _ c o n f

isg_tq_restriction_int

eng_tq_spd_flg

eng_stop_cmd_flg

VehicleCon t ro l l e r

vc

t c _ o u t _ m u x

tc_can_in_from_vc

t c _ c a n _ i n _ f r o m _ e c

t c _ c a n _ i n _ f r o m _ b c

tq_conv_clutch_slip_des

tq_conv_clutch_status_des_int

gear_des_int

gear_tronic_quick_shift_mode_flg

shift_strategy_status_int

crank_tq

crank_tq_valid_flg

spd_contr_active_indicator

neutral_idle_des_flg

accel_ped_pos_pct

brake_applied_flg

brake_master_cylinder_press

tq_modulation_avail_flg

crank_tq_des_fast

ac_clutch_on_flg

eng_coolant_temp

eng_coolant_temp_valid_flg

eng_spd

eng_spd_valid_flg

abs_diff_spd

veh_spd_abs

veh_spd_abs_valid_flg

f i l tered_out_shaft_spd

fi l tered_out_shaft_spd_val id_f lg

filtered_turbine_spd

filtered_turbine_spd_valid_flg

gear_engagement_f lg


gear_lever_pos_valid_flg


out_shaft_spd_change_rate

tq_conv_clutch_status_int

trans_oil_temp

trans_oil_temp_valid_flg

trans_shift_in_progress_flg

trans_tq_loss_offset

trans_tq_ratio

clutch_ped_pos_fail_flg

eng_spd_req

eng_spd_req_f lg

gear_commanded_int

gear_current_int

tc_tq_max_l im_base

tc_tq_max_lim_fast

tc_tq_min_lim_fast

standby_ok_trans_f lg

Transmission

Controller

t c

i s g _ o u t _ m u xi s g _ c a n _ i n _ f r o m _ v c

isg_can_in_f rom_bmm

ba t t_max_s ink_cur r_ava i l

ba t t_max_source_cur r_ava i l

batt_volt

bat t_contactor_closed_flg

bat t_sys_state_int

batt_max_volt_lim

batt_min_volt_lim

airbag_deploy_flg

isg_contr_mode_req_int

isg_spd_contr_max_tq_lim

isg_spd_contr_min_tq_lim

isg_spd_des

i s g _ t q _ d e s

i s g _ s t a r t _ s p d _ d e s

i s g _ s t o p _ s p d _ d e s

soft_hybrid_state_int

isg_func_state_req_int

max_down_curr

max_up_curr

bat t12_volt_set

dc_dc_enable_int

i s g _ t q _ s i g n _ c o n f

isg_tq_restriction_int

t rans_oi l_pump_req_flg

i sg_max_tq_capab

isg_min_tq_capab

i s g _ s y s _ s t a t e _ i n t

ba t t12_charge_cur r

b a t t 1 2 _ v o l t

load42_aux_pwr_no_loss

inv_temp

isg_inv_input_curr

isg_inv_input_vol t

isg_spd

isg _temp

isg _tq

s tandby_ok_isg_f lg

isg_spd_contr_tq_cmd

isg_contactor_close_req_flg

i sg_s ta tus

ISG

isg

h w _ i n _ m u x

e c _ o u t _ m u x

e c _ c a n _ i n _ f r o m _ v c

ec_can_in_from_tc

anti_stall_active_flg

eng_spd_ove r_veh_spd

brake_applied_flg

e n g _ t q _ s p d _ f l g

filtered_veh_spd

gear_ leve r_pos_ in t

driver_idle_req_int

neutral_idle_des_flg

rat ioed_veh_spd

v c _ e n g _ i d l e _ s p d _ r e q

v e h _ s p d

eng_tq_des_base

e n g _ t q _ d e s _ f a s t

eng_tq_source_req_in t

crank_capab_flg

eng_stop_cmd_flg

e n g _ s t o p _ t y p e _ c m d _ i n t

ac_cutout_cmd_flg

spd_contr_on_off_flg

s p d _ c o n t r _ s o f t _ d e a c t i v e _ f l g

v e h _ s p d _ c h a n g e _ r a t e

brake_pressure_flg

f i l tered_turbine_spd

f i l tered_turbine_spd_val id_f lg

gear_engagement_f lg



trans_oil_temp

trans_oi l_ temp_val id_f lg

eng_ id l e_spd_se t

s tandby_ok_eng_f lg

eng_stop_type_req_int

ac_clutch_on_flg

ambient_temp

aux_mech_load_tq

eng_coolant_temp

eng_coolant_temp_valid_flg

eng_spd

eng_spd_valid_flg

eng_max_tq_capab

eng_min_tq_capab

eng_tq

eng_tq_base

e n g _ c r a n k i n g _ s p d _ t a r g e t

warmup_eng_load_tq

EngineCon t ro l l e r

e c

b m m _ o u t _ m u x

b m m _ h w _ i n _ m u x

b m m _ h w _ i n _ b u s

b m m _ c a n _ i n _ f r o m _ v c

b m m _ c a n _ i n _ f r o m _ i s g

b m m _ c a n _ i n _ f r o m _ e c

Trigger()i s g _ f u n c _ s t a t e _ r e q _ i n t

sof t_hybrid_sta te_int

a m b i e n t _ t e m p

ac_clutch_on_flg

isg_inv_input_volt

isg_inv_input_curr

i s g _ s y s _ s t a t e _ i n t

ba t t_vol t1_hw

bat t_vol t2_hw

bat t_vol t3_hw

bat t_charge_cur r_hw

b a t t _ t e m p 1 _ h w



b a t t _ t e m p _ i n l e t _ h w

bat t_ temp_out le t_hw

batt_volt

ba t t_charge_curr

b a t t _ t e m p

bat t_soc_pct

b a t t _ m a x _ s i n k _ c u r r _ a v a i l

b a t t _ m a x _ s o u r c e _ c u r r _ a v a i l

bat t_max_vol t_l im

batt_min_volt_lim

bat t_equa l_cur r_req

batt_equal_req_int

batt_service_req_int

bat t_sys_state_int

b m m _ s o c _ r e q _ p c t

batt_l ife_remain_pct

batt_module_volt

b a t t _ c o n t a c t o r _ c l o s e d _ f l g

bat t_fan_ctr l_hw

B a t t e r y

M a n a g e m e n tModule

b m m

b c _ o u t _ m u x

abs_act ive_flg

abs_diff_spd

t rac_cont r_force_loss_req

v e h _ s t a b _ c o n t r _ m a x _ t r a c _ f o r c e

veh_s tab_con t r_min_ t rac_fo rce

m s r _ a c t i v e _ f l g

s t c _ m o d e _ i n t

v e h _ s p d _ a b s

veh_spd_abs_val id_f lg

brake_input_fail_flg

BC

b c

T e r m i n a t o r

[vc_out]

[bmm_hw_in]

[ i sg_out ]

[tc_out]

[bmm_out]

[bc_out]

[ec_out ]

[ h w _ i n ]

f()

Funct ion-Cal lGene ra to r1

f()

Funct ion-Cal lG e n e r a t o r

[ b m m _ o u t ]

[ec_out ]

[ h w _ i n ]

[tc_out]

[vc_out]

[vc_out]

[ t c _ o u t ]

[vc_out]

[ b m m _ h w _ i n ]

[vc_out]

[ec_out ]

[bc_out]

[ b m m _ o u t ]

[isg_out]

[ec_out ]

[bc_out]

[isg_out]

25

b a t t _ t e m p _ o u t l e t _ h w

24

b a t t _ t e m p _ i n l e t _ h w

23


22


21


20

ba t t_charge_cur r_hw

19

b a t t _ v o l t 3 _ h w

18


17


1 6

e p o _ f l g _ h w

15

brake_press_switch_f lg_hw

14

c a b i n _ h e a t _ r e q _ f l g _ h w

13

a c _ o n _ f l g _ h w

12

park_brake_swi tch_f lg_hw

1 1

key_pos_int_hw

1 0

cru i se_con t r_bu t tons_ in t_hw

9

gear_ t ron ic_qu ick_sh i f t_ f lg_hw

8

gea r_ t ron ic_up_sh i f t_ f lg_hw

7

gea r_ t ron i c_down_sh i f t _ f lg_hw

6

o v e r d r i v e _ c a n c e l _ s w i t c h _ f l g _ h w

5

door_open_f lg_hw

4

b r a k e _ m a s t e r _ c y l i n d e r _ p r e s s _ h w

3

brake_switch_flg_hw

2

a i r b a g _ d e p l o y _ f l g _ h w

1

a c c e l _ p e d _ p o s _ p c t _ h w

1 6 { 1 6 }

16{16}

ml_hw_in

a c c e l _ p e d _ p o s _ p c t _ h w

airbag_deploy_flg_hw

brake_switch_f lg_hw

brake_mas te r_cy l inde r_press_hw

door_open_f lg_hw

overdr ive_cancel_swi tch_f lg_hw

gear_tronic_down_shif t_f lg_hw

gear_tronic_up_shif t_f lg_hw

gea r_ t ron i c_qu ick_sh i f t _ f lg_hw

cruise_contr_but tons_int_hw

park_brake_switch_flg_hw

ac_on_flg_hw

cabin_heat_req_flg_hw

b r a k e _ p r e s s _ s w i t c h _ f l g _ h w

10{10}m l _ b c _ o u t

<abs_ac t ive_ f lg>

< a b s _ d i f f _ s p d >

<trac_contr_force_loss_req>

<veh_s tab_cont r_max_t rac_force>

<veh_stab_contr_min_trac_force>

<msr_active_flg>

<s tc_mode_in t>

<veh_spd_abs>

<veh_spd_abs_val id_f lg>

<brake_input_fai l_flg>

k e y _ p o s _ i n t _ h w

epo_f lg_hw

51{51}

< m l _ v c _ o u t >

<a i rbag_deploy_f lg>

<isg_cont r_mode_req_in t>

<isg_spd_contr_max_tq_lim>

<isg_spd_contr_min_tq_lim>

<isg_spd_des>

<isg_tq_des>

<isg_star t_spd_des>

<isg_s top_spd_des>

<sof t_hybr id_s ta t e_ in t>



<max_down_curr>

<max_up_cu r r>

<ba t t12_vo l t_ se t>

1 6 { 1 8 }

1 6 { 1 8 }

< m l _ b m m _ o u t >

<batt_max_sink_curr_avail>



<ba t t_vo l t>

<ba t t _con t ac to r_c lo sed_ f lg>



<bat t_max_volt_l im>

<batt_min_volt_lim>

<dc_dc_enable_ in t>



<isg_tq_restr ict ion_int>

<trans_oil_pump_req_flg>

16{16}

16{16}

ml_isg_out







<bat t12_charge_curr>

<ba t t12_vo l t>

<load42_aux_pwr_no_loss>



<isg_inv_input_curr>

<isg_inv_input_volt>



<isg_temp>



<s t andby_ok_ i sg_ f lg>

<isg_spd_contr_tq_cmd>

<isg_contactor_close_req_flg>

51{51}

51{51}

< m l _ v c _ o u t >

<tq_conv_c lu tch_s l ip_des>

<gear_des_int>

<gear_t ronic_quick_shi f t_mode_f lg>

<shif t_strategy_status_int>

< c r a n k _ t q >

<crank_tq_valid_flg>

<spd_contr_active_indicator>

<neutral_idle_des_flg>

<acce l_ped_pos_pc t>

<brake_applied_flg>



<tq_modulat ion_avai l_f lg>

10{10} 10{10}< m l _ b c _ o u t >

< a b s _ d i f f _ s p d >

<veh_spd_abs>

<veh_spd_abs_va l id_ f lg>

16{16}

16{16}

< m l _ e c _ o u t >

< c r a n k _ t q _ d e s _ f a s t >

<ac_clutch_on_flg>

<eng_coolant_temp>

<eng_coolant_temp_valid_flg>

< e n g _ s p d >

<eng_spd_valid_flg>

2 4 { 2 4 }

24{24}

ml_tc_out

< f i l t e r e d _ o u t _ s h a f t _ s p d >

<f i l t e red_ou t_sha f t_spd_va l id_ f lg>

<filtered_turbine_spd>

<filtered_turbine_spd_valid_flg>

< g e a r _ e n g a g e m e n t _ f l g >

<gear_ leve r_pos_raw_in t>

<gear_lever_pos_val id_f lg>

<neu t ra l_ id le_s ta tus_f lg>

<ou t_sha f t_spd_change_ra t e>

<tq_conv_clutch_sta tus_int>

<trans_oil_temp>

<trans_oil_temp_valid_flg>

< t r ans_sh i f t _ in_p rog re s s_ f lg>

< t r a n s _ t q _ l o s s _ o f f s e t >

<trans_tq_ratio>

<clutch_ped_pos_fail_flg>

<eng_spd_req>

< e n g _ s p d _ r e q _ f l g >

< g e a r _ c o m m a n d e d _ i n t >

<gear_cur ren t_ in t>

<tc_tq_max_l im_base>

< t c _ t q _ m a x _ l i m _ f a s t >

< t c _ t q _ m i n _ l i m _ f a s t >

< s t a n d b y _ o k _ t r a n s _ f l g >

< t q _ c o n v _ c l u t c h _ s t a t u s _ d e s _ i n t >

< e n g _ s t o p _ c m d _ f l g >

<fi l tered_turbine_spd>

<filtered_turbine_spd_valid_flg>

<gear_engagement_f lg>

<gear_lever_pos_raw_int>

<neutral_idle_status_flg>

<t rans_oi l_ temp>

<trans_oil_temp_valid_flg>

5 1 { 5 1 }

5 1 { 5 1 }

< m l _ v c _ o u t >

<ant i_s ta l l_ac t ive_f lg>

<eng_spd_over_veh_spd>

<brake_app l i ed_f lg>

<eng_tq_spd_flg>

< f i l t e r e d _ v e h _ s p d >

<gear_ lever_pos_ in t>

<driver_idle_req_int>


<ratioed_veh_spd>

< v c _ e n g _ i d l e _ s p d _ r e q >

<veh_spd>

< e n g _ t q _ d e s _ b a s e >

< e n g _ t q _ d e s _ f a s t >

< e n g _ t q _ s o u r c e _ r e q _ i n t >

<crank_capab_flg>

<eng_s top_ type_cmd_ in t>

< a c _ c u t o u t _ c m d _ f l g >

<spd_contr_on_off_flg>

<spd_cont r_sof t_deac t ive_f lg>

<veh_spd_change_ra t e>



16{16}

1 6 { 1 6 }

m l _ e c _ o u t

<eng_ id le_spd_se t>

< s t a n d b y _ o k _ e n g _ f l g >

< e n g _ s t o p _ t y p e _ r e q _ i n t >

<ac_c lu tch_on_f lg>

<ambient_temp>

< a u x _ m e c h _ l o a d _ t q >

<eng_coolant_temp>

<eng_coolant_temp_valid_flg>

<eng_spd>

<eng_spd_valid_flg>

< e n g _ m a x _ t q _ c a p a b >

< e n g _ m i n _ t q _ c a p a b >

<eng_tq>

< e n g _ t q _ b a s e >

<eng_cranking_spd_targe t>

<warmup_eng_load_tq>

2 4 { 2 4 }

24{24}

<ml_tc_out>

51{51}

5 1 { 5 1 }

< m l _ v c _ o u t >


1 6 { 1 6 } 16{16}< m l _ e c _ o u t >

16{16}

1 6 { 1 6 }

<ml_isg_out>

16{18}

16{18}

m l _ b m m _ o u t

<batt_volt>











<bat t_max_volt_l im>

<batt_min_volt_lim>

<batt_equal_curr_req>

<ba t t_equa l_ req_ in t>

<ba t t_se rv ice_req_ in t>




<bat t_ l i fe_remain_pct>3

<bat t_module_vol t>

<ba t t _con t ac to r_c lo sed_ f lg>


<ambient_temp>

<ac_c lu tch_on_f lg>

<isg_ inv_ inpu t_vo l t>

<isg_ inv_ inpu t_cur r>



9{9}

9{9}

<ml_bmm_hw_in>




b a t t _ c h a r g e _ c u r r _ h w

bat t_ temp1_hw

bat t_ temp2_hw

bat t_ temp3_hw

batt_temp_inlet_hw

b a t t _ t e m p _ o u t l e t _ h w

9{9}

9 { 9 }ml_bmm_hw_in

<bat t_vol t1_hw>

<bat t_vol t2_hw>

<bat t_vol t3_hw>

<batt_charge_curr_hw>







<ba t t_ temp_in le t_hw>

<batt_temp_outlet_hw>

16{16}

<ml_hw_in>

<acce l_ped_pos_pc t_hw>

<airbag_deploy_flg_hw>

<brake_switch_flg_hw>

<brake_master_cyl inder_press_hw>

<door_open_f lg_hw>

<overdrive_cancel_switch_flg_hw>

<gear_tronic_down_shift_flg_hw>

<gear_tronic_up_shif t_f lg_hw>

<gear_t ronic_quick_shi f t_f lg_hw>

<cruise_contr_buttons_int_hw>

< k e y _ p o s _ i n t _ h w >

1 6 { 1 6 }

1 6 { 1 6 }

< m l _ e c _ o u t >

< e n g _ s p d >

< e n g _ s p d _ v a l i d _ f l g >

< e n g _ i d l e _ s p d _ s e t >

< e n g _ t q >

<eng_ tq_base>

< a m b i e n t _ t e m p >

<standby_ok_eng_f lg>

< e n g _ s t o p _ t y p e _ r e q _ i n t >

<warmup_eng_ load_ tq>

< e n g _ c o o l a n t _ t e m p >

<eng_max_ tq_capab>

<eng_min_tq_capab>

< e n g _ c r a n k i n g _ s p d _ t a r g e t >

<aux_mech_load_tq>

2 4 { 2 4 }

24{24}

<ml_tc_out>

<eng_spd_req_flg>

< e n g _ s p d _ r e q >

<t rans_ tq_ra t io>

<gear_ leve r_pos_raw_in t>

<gea r_ leve r_pos_va l id_ f lg>

<filtered_turbine_spd>

<fi l tered_turbine_spd_val id_f lg>

<t rans_oi l_ temp>

<trans_oi l_ temp_val id_f lg>

<fil tered_out_shaft_spd>

<fil tered_out_shaft_spd_valid_flg>

<neutral_idle_status_flg>

< o u t _ s h a f t _ s p d _ c h a n g e _ r a t e >

<trans_tq_loss_offse t>

< g e a r _ c o m m a n d e d _ i n t >

<tc_tq_max_l im_base>

<tc_ tq_max_l im_fas t>

<tc_tq_min_lim_fast>

< s t a n d b y _ o k _ t r a n s _ f l g >

<gear_cur ren t_ in t>

<gear_engagement_f lg>

<tq_conv_c lu t ch_s t a tus_ in t>

1 6 { 1 8 } 1 6 { 1 8 }<ml_bmm_out>







<batt_equal_curr_req>

<ba t t_equa l_ req_ in t>

<batt_volt>




16{16}

16{16}

<ml_isg_out>



<isg_inv_input_volt>

<load42_aux_pwr_no_loss>



<ba t t12_vo l t>



<isg_max_tq_capab>



<standby_ok_isg_flg>

<isg_min_tq_capab>

<isg_s ta tus>

10{10}<ml_bc_out>

<s tc_mode_in t>

<abs_ac t ive_ f lg>

<msr_active_flg>

<veh_s tab_cont r_max_t rac_force>

<veh_stab_contr_min_trac_force>

<trac_contr_force_loss_req>

<veh_spd_abs>

<park_brake_swi tch_f lg_hw>

<ac_on_f lg_hw>

<cabin_hea t_req_f lg_hw>

<brake_press_switch_flg_hw>

51{51}

5 1 { 5 1 }

ml_vc_out

<cool ing_fan_on_int>

<gear_tronic_quick_shif t_mode_flg>

<isg_spd_contr_max_tq_lim>

<isg_spd_cont r_min_tq_ l im>

<isg_spd_des>

<isg_tq_des>

<isg_star t_spd_des>

<isg_s top_spd_des>

<max_down_curr>

<max_up_cu r r>

<veh_spd_change_ra t e>

< v e h _ s p d >

<ratioed_veh_spd>


<gear_ lever_pos_ in t>

< f i l t e r e d _ v e h _ s p d >

<eng_spd_over_veh_spd>

<ba t t12_vo l t_ se t>

< a c _ c u t o u t _ c m d _ f l g >

<driver_idle_req_int>

<brake_app l i ed_f lg>

<ai rbag_deploy_f lg>

<tq_modulation_avail_flg>



< a c c e l _ p e d _ p o s _ p c t >

<dc_dc_enable_ in t>



<isg_tq_restr ict ion_int>

<cabin_heat_wtr_pump_flg>

<trans_oil_pump_req_flg>

< e n g _ t q _ s p d _ f l g >

< e n g _ s t o p _ c m d _ f l g >



<ac_clutch_on_flg>



<tq_conv_clutch_sl ip_des>

< t q _ c o n v _ c l u t c h _ s t a t u s _ d e s _ i n t >

< g e a r _ d e s _ i n t >

< s h i f t _ s t r a t e g y _ s t a t u s _ i n t >

<spd_contr_on_off_flg>

<spd_cont r_sof t_deac t ive_f lg>

<spd_con t r_ac t ive_ ind ica to r>

< c r a n k _ t q _ d e s _ f a s t >

<ant i_s ta l l_ac t ive_f lg>

<isg_cont r_mode_req_in t>

< v c _ e n g _ i d l e _ s p d _ r e q >

< e n g _ t q _ d e s _ b a s e >

< e n g _ t q _ d e s _ f a s t >

< e n g _ t q _ s o u r c e _ r e q _ i n t >

<crank_capab_flg>


<eng_s top_ type_cmd_ in t>


< c r a n k _ t q >

<crank_ tq_va l id_f lg>

<epo_f lg_hw>

Motor

VSC

Trans

Eng

Batt

Brake


What type of models are we going to compile?

18-Dec-00M. Jennings, VES/FRL

Environment

Powerplant Transmission Driveline Wheels VehicleAcc/Aux

Acc/Aux Control

S

PP Control

S

T/M Control

S

D/L Control

S

Wheel Control

S

Driver

Driver/VehicleInterface

Vehicle SystemControl

Model Bus

Bus Subsystem

CAN SCP OtherBus 1

Bus Signal Connection

Mechanical Connection

Mechanical Coupling Element

S Sensors

Actuators

Legend:

Vehicle Model Architecture

VehicleControl

SA A

Acc ElectricalSystem

Acc ElectricalSystem Control

SA A A A A

A


Bus architecture for controls and electrical system

interactions

Bus architecture for controls and electrical system

interactions

Blocks are configurable sub-systems that point to

libraries of models to provide plug-and-play

capability

Blocks are configurable sub-systems that point to

libraries of models to provide plug-and-play

capability

Vehicle system control block for

advanced powertrainsystems

Vehicle system control block for

advanced powertrainsystemsDriver model for

controlling vehicle

maneuvers

Driver model for controlling

vehicle maneuvers

Coupling blocks handle torque-speed interactions

Coupling blocks handle torque-speed interactions


Integrated SubsystemController (hand-built)


InputOrganizer(hand-built)


Vehicle System Control (VSC)• Functional control

partition• Hierarchical and

modular controlstructure

• Standard and generic interfaces for function-to-function interaction

• Coordinated control of dynamic interaction between major vehicle subsystems

• Essential for controlling increasingly complex vehicle systems

TransmissionControl

EngineControl

BatteryControl

BrakeControl

Vehicle SystemControl

. . .


Hierarchy of Processes

VSC

HVAC Engine TransBrakes

AirMgtSpark

Ford

Visteon

Motorola Delphi

ZF

Battery

Driver

TevesBosch


Rising Demand For Model-based Development

• Increasing vehicle dependence on embedded controls

• Increasing system criticality

• Increasing system complexity

• Increasing quality emphasis

• Severe cost and time-to-market constraints


Future Vision

Process based on Core Asset Reuse and CommonalityReusable, unambiguous, and testable requirementsReusable, unambiguous and testable designsRigorous implementation verification

Software ModelDevelopment

Program Application

Model Library &Change Control

Systems-based Interaction ArchitectureExplicit vehicle and subsystems perspectivesFramework for technology development, reuse, and commonalityComplexity and change impact reductionSystem level risk / fault analysis

Systems

Trans

Infotainment

Driver Information

Motor/Generator

Brakes

Engine

Climate Control

Body

(representative only)

Tools and MethodsRequirements modelingDynamic state modelingModel checking and simulationRapid prototypingAutomatic code generationAutomated verification

Automatic test vector generationSoftware-in-the-loopHardware-in-the-loopModel Library

Software release management

From Requirements to Design

Net

wor

k Com

munic

atio

ns

Allocation of Functions

SA

Inte

rfac

e

Inte

rfac

es

AS

S

A

Controller Hardware

Sensor

Actuator

an allocatable vehicle-level function

a subsystem- or component-level function

an allocatable sensing function

S

S

S

A

D

Sensor

Actuator

T

V

CAA

VSCActive Energy management

Energy conservation

Energy storage

Power generation

.

.

.

Driver Aids

Lane control assist

Parking assist

Yaw control

Customer Feature Structure Design ArchitectureFunctional ArchitectureFunctional Analysis

Coef of friction

Steering wheel

Lane recognition

NPA Vehicle Model Architecture

for MATLAB v6.1, Simulink v4.0

VehSysCtl(Vsc)

Transmission (Trn)

Steering(Ste)

Powerplant (Pwp)

Environment ( E n v )

Electrical (Ele)

Driver (Drv)

Dr ivel ine(Dln)

Chassis(Cha)

BusCreator (Bus)

Brakes(Brk)

Accaux (Aux)

<Ms_EnvGloblBus>

<Ms_CtGloblBus>

<Ms_PtGloblBus>

<Ms_DrvGloblBus>

Vehicle Dynamics Model Architecture

Verification and Validation studies


• Limited modeling resource ==> Must make efficient use of modelers– Model Sharing

• Collaboration between development groups• A modeling community is needed where knowledge is

extracted and imparted by all involved • This sharing of knowledge needs to extend beyond just

exchanging files– Models are a product development deliverable (data integrity

and security)• Requirements, models, analysis, results …

Managing the Modeling Effort


Model Management System Goal

• Improve quality and reduce the time needed to develop vehicle control systems via greater reuse of models:– Collaboration environment for sharing

models– Configuration control of models


What’s missing?

• System analysis – Limited complexity• Multiple Languages – Unable to share

models across tools• Interface to Legacy – We cannot afford to

hit the reset button every time someone invents a ‘new’ tool.

• Validation of Tools – Compliance with standards is largely meaningless.

william p. milam ford research and advanced...

Documents