Debugging the new AUTOSAR framework
AUTOSAR turned concept into reality in October 2009 at its ninth conference held at the BMW R&D center in Munich. Cars “running” on some AUTOSAR 3.1 based ECUs are on the road today and no later than 2011 we’ll have cars with the whole ECU network based on release 4.0. AUTOSAR is even contaminating geographies (JASPAR in Japan) and domains (SAVOIR in Space).
INTECS supports OEMs and Tier One suppliers in the AUTOSAR roll out, and continues to focus on industrialization and optimization. Every OEM is already exploiting the standard either from writing its own “customer experience” related software, stopping the ECUs number growth and even planning ECUs consolidation.
Most Tier1 suppliers are driving the Basic Software (BSW) revolution hitting their ECUs, while those with strong IPs are also working on a packetized Software Components (SWC) offering. Some slow followers are still stuck in the middle. The only hindrance to the AUTOSAR rollout is an expensive and aged “modules and tools” chain. A new solution, the ARTOP framework, sponsored by BMW and Continental may help to accelerate growth.
The ARTOP framework contains the basic building blocks typically required in using AUTOSAR tools. It encompasses implementations of AUTOSAR meta model releases and a number of related services including AUTOSAR XSD compliant serialization, rule-based validation, tree and form-based views and editing, and templatebased target code, documentation and report generation. Waiting for the release of AUTOSAR 4.0 by end of the year and in order for companies to reach optimum levels of consolidation, re-use, ease of integration, quality and cost efficiency, INTECS believes that there are three key drivers: Model-Based Engineering, rigorous Safety approach and early Debugging.
For more than 10 years, the automotive industry has been adapting and redeveloping technology from the avionics industry. The process is now changing and the model-based solution has become more popular through the use of tools such as Simulink and Stateflow. Engineering models are regularly built, simulated, tested, and verified, with code automatically generated from the models through validated tools like dSPACE TargetLink and Real Time Workshop.
AUTOSAR, with its Virtual Functional Bus concept, permits “virtual integration” of the entire networked software system at a much earlier stage of the lifecycle, thereby saving time and money. INTECS is at the centre of model-based innovation and is the coordinator of a large pan-European project called CHESS. CHESS develops model-driven solutions, integrates them in componentbased execution frameworks, assesses their applicability from the perspective of multiple domains (such as space, railways, telecommunications and automotive), and verifies their performance through the elaboration of industrial use cases.
The emphasis is on what AUTOSAR calls “compositionality”, where critical systems assembled from components with verified properties are guaranteed to retain those properties in the overall composition. INTECS’ experience in the automotive industry, expecially with Body and Powertrain ECUs, has allowed it to get a good idea of where the model-based approach is progressing in the industry, and where it still needs to catch on.
In a broader context, full AUTOSAR development is still hampered by key issues such as the lack of a standard language, insufficient integration with tools and languages at the architectural level, problems in dealing with the very large models that arise in practice, immaturity of V&V procedures and tools, difficulties in handling product families and variants (EAST-ADL is addressing this issue explicitly), and Hard Real Time issues not addressed by TIMMO. As challenging as these issues are, AUTOSAR and its companion initiatives are in the process of developing positive solutions to each issue and INTECS is helping its clients to apply them in their projects.
With the growth of vehicle safety solutions, it is imperative that OEMs push the industry towards a more rigorous safety process. The IEC 61508 is currently being used as a reference standard, but it was not designed for the automotive industry so its application is cumbersome. In September 2009, INTECS, together with iKV, co-sponsored the presentation of the new ISO/DIS 26262. Although it is still in draft format, the ISO/DIS 26262 is a safety standard tailored to the automotive industry, setting a five level scale of Automotive Safety Integrity Levels (ASIL).
The challenge is for the industry to conform to this standard in an effective and efficient way. The automotive industry currently lacks the financial stability to add this into budgets, and most automotive projects are based on pre-developed software. Products are also derived from configuring and adapting other products, which poses serious challenges to safety demonstration. AUTOSAR is designed with safety in mind and INTECS is contributing to the Functional Safety (WP II 1.1.3) working group. AUTOSAR cannot guarantee safety, but an AUTOSAR compliant architecture provides a sound platform to deploy safetycritical applications.
AUTOSAR does not solve all safety related problems, such as full predictability of extra-functional properties such as timing and safety, but INTECS is involved in a number of research projects such as CHESS where these issues are further investigated.
DEBUGGING & DIAGNOSTICS
The “deconstructed” AUTOSAR architecture will be more flexible and efficient but also more difficult to debug. INTECS is active in the Debugging (WP II 1.1.3) working group and specifically in the subgroup, Diagnostic Log and Trace.
BMW, INTECS and the ESK Fraunhofer Institute are working together to standardize an application protocol for the logging and the tracing of information for the debugging and diagnosis of ECUs’ software. By the end of this year, the specification will be frozen and made available in the official AUTOSAR release 4.0. It will work according to the AUTOSAR philosophy - to make the designer and the systems engineer capable of supervising the ECU functionality independently of the supplier of the ECU itself.
INTECS has developed a specific host tool, the “DLT Analyzer” which is designed to collect, analyze, log and trace information coming from an AUTOSAR based vehicle. INTECS’ “DLT Analyzer” is useful during the development phase of the ECU software life cycle to help the designer in tuning and controlling all implemented vehicle functionalities. After production, it allows the developer to elaborate the log information to identify and solve the software problems generated during the vehicle running.
One of the key aspects of the analyzer is security. The protocol supported by the embedded module must be able to avoid unauthorized access to ECUs - particularly during the production phase. To accomplish this, it defines an interface to the PDU Router module or an interface to DCM. The former interface permits high transfer speed while the latter permits the operator to set up a secure communication through the UDS services provided by the DCM module to the detriment of the bandwidth.
However, once a secure connection using UDS services has been established, the operator can enable the interface to PDU Router and gain transfer rate. INTECS “DLT Analyzer” will support verbose and non-verbose mode, run-time configurations, TCP-IP CAN, FlexRay, UDS services, FIBEX standard and various graphical plug-ins. INTECS is very interested in the future of ARTOP and its offering of AUTOSAR metamodel implementations and services, open to all AUTOSAR members and based on Eclipse. INTECS believes that ARTOP may be able to act as a facilitator for a product roadmap planned for its DLT Analyzer, DLT embedded module, Diagnostics offering and for the automotive version of its Eclipse-based tool for Functional- and Time-based design, schedulability analysis and formal design verification