east-adl ecs2013 20131105 - kth ices pe_hv line pe_pilot line pe_phases pe_exictation epf 2-4 affp_p...

EAST-ADL An Architecture Description Language for Model based Development– An Architecture Description Language for Model-based Development

and Management of Automotive Embedded Systems

Dr. DeJiu Chen, KTH Royal Institute of Technology D H ik Lö V l T k T h lDr. Henrik Lönn, Volvo Trucks Technology

Embedded Conference Scandinavia 2013Ki S kh lKista, Stockholm

2013-11-05

What are the issues of concern?What are the issues of concern? EVC Cooling Unit

ITS ITS

MicroAut...

FPK Antenna-mo...

Mai...

PTC He...

CAN VEH

brake open

CAN ETS

brake closed

main relay

Pedal Position Sensor 1

gears


-

- -

I-CAN

BA_Antenna-module_3

MR_Kl 87 -

Heat_400V in -

RF:K-Line

GPS:K Line

Li Ion Accu

charger

Power Elec...

AFFP

Electric Machine

HECU

RBS/SBA

ITS ITS

RLS

Front ...

Wind...

USM

Park aid

BCM

HMI-ECU

Gateway

Radio HVAC-...

eMotio...

DCM

Auto LinQ

Gears

Charging recept...

HVJB

SBW

Maintenance Switch

ev CAN

Accu_HV Accu_Interlock out

Accu_Interlock in

obc_P-CAN

obc_HV line

PE_P-CAN

PE_HV line

PE_pilot line

PE_phases

PE_exictation

EPF 2-4

AFFP_P CAN

AFFP_Pedal travel signal 2


HVIL conductor (Stator)

EMachine_phases

EMachine_HV in

EV EMR X61/L38

HECU_P-CAN

C-CAN

SBA_P CAN

pedal angle sensor

- -

LIN_1_D

LIN_1_E

LIN_2_D

Inter System-CAN - -

CF-CAN

I-CAN

CF-CAN

LIN_2_D

Inter System-CAN

LIN_1_D

LIN_1_E

-

Ethernet Cluster

Ethernet_AutoBoard_1

BA_AutoBoard_0

I-CAN

Inter System-CAN

C-CAN

I-CAN

M-CAN

P-CAN

D-CAN

D-Ethernet E1

M-CAN

-

I-CAN

BA_eMotion Skin_1 BA_eMotion Skin_1

CF-CAN

-

BA_Antenna-module_2

I-CAN

Ethernet

USB_eMotion Skin

-

P-R-N-D HMI

Three phases to obc -

HVJB_obc in

HVJB_Pilot signal out

HVJB_Pilot signal in

HVJB_Accu in

HVJB_Heater

HVJB_PE out

-

-

SBW_P CAN -

-

MSwitch_HV in

MSwitch_to HVJB

MSwitch_Pilot out

MSwitch_Pilot in -

-

GPS:K-Line

HMI:USB

HVJB - PE:HV line

Validation

SystemIntegration

System Requirements Analysis

System Concept

System

Real users, ’or’their stated needs

SystemTest

Acceptance test

Integration

Function Module

HW/SW U it

HW/SW.Unit TestSystem Concept

C lid ti

Function Module Concept Design

Function Module Requirements Analysis

Function ModuleIntegration

Function ModuleTest

SubsystemTest

y pDesign Verification

Mechanical Detailed Design

LayoutDes.

Implemen-tation

System Element

Prototyping/Production

LayoutOptimization

Proto-typ.

Software Integr.

HW/SW UnitIntegration

Consolidation

2013-11-05 ECS’13 2

Design Production

VDI 2206 - a process model of the system development process

State of practice Safety Safety Safety Functional & Technical SafetState of practice

Textual market requirement statements

Fine grained

Safety Engineer

Item goals Technical Safety Concepts

Fine‐grained traceability to All ?

Test caseTextual FRstatements

Models in SL, Textual Architecture

Fine‐grained traceability?

Test Engineer

Architect

statements Modelica, UML…specification

Discussions/ Meetings

Fine‐grained

Function Owner/Developer Textual module

integration spec.Models in UML…Textual module

specification

Fine grained traceability?

Software Designer

2013-11-05 ECS’13 3

CodeSoftware

Programmer

AgendaAgenda

ScopeScopeMethodology supportModeling for system specificationModeling for system specificationModeling for system analysisConclusionConclusion

2013-11-05 ECS’13 4

EAST-ADLEAST ADLAn open domain-specific modeling framework and formalism for automotive EE system descriptionA common ontology for model-based development and management of automotive E&E systems

(Safety) Requirements

Refine, Introduce &

Validate Req.Create Solution

Attach Safety Req. to Solution

Create Safety Relevant Models

Analyze Safety Enhanced

Model

Safety Requirements

Verify Solution against Safety

Req.

Vehicle Phase

Specify & Validate

Safety Req.

Refine, Introduce &

Validate Req.Create Solution




Model


Req.

Specify & Validate

SafetyReq.

Analysis Phase

Design Phase

Validate Req. to Solution Models Model

Safety Requirements

Req. Safety Req.

Refine, Introduce &

Validate Req.Create

Solution




Model

Safety Requirements


Req.

Specify & Validate

Safety Req.

Refine, Introduce &

V lid t RCreate

Solution

Attach Safety Req. t S l ti

Create Safety Relevant M d l


M d l


R

Specify & Validate

S f t R

Implementation Phase

Validate Req. Solution to Solution Models Model

Safety Requirements

Req. Safety Req.

RQ Engineer

Safety Engineer

SoftwareEngineer

System Engineer …

Model based architecture development with EAST ADLModel-based architecture development with EAST-ADLStakeholders,

Organization, Process

EAST-ADL Language and Methodology

EAST-ADL Tools

System Spec

Req Spec

V&V Spec

EAST-ADL Model

Var Spec

External Tools

p

Analytical Models for behavior, dependability, performance…

Target System

6

Models &Documents: consolidated and managed according to the views of stakeholders

Short historyShort history

• Valeo• AUDI AG

• BMW AG

• Carmeq GmbH

• CRF

• Daimler AG

• ETAS GmbH

Valeo

• Vector

• Volvo Car Corporation

• Volvo Technology AB

• ZF

• CEA-LIST http://www.maenad.eu/• ETAS GmbH

• Mecel AB

• Mentor Graphics

• OPEL GmbH

• PSA

• Renault

• INRIA

• LORIA

• Paderborn Univerisity-C-LAB

• Technical University of Darmstadt

• Technische Universität Berlin

Th R l I tit t f T h l

http://www.east-adl.info/

2013-11-05 ECS’13 7

• Robert Bosch GmbH

• Siemens, Continental

• The Royal Institute of Technology

• The University of Hull

• …

The methodology concept overviewThe methodology – concept overview

Vehicle

AnalysisCorrect-by-construction

Design

y

&

Correct-by-testing !

Impl.

2013-11-05 ECS’13 8

Oper.

The methodology model a snapshotThe methodology model – a snapshotVehicle

Analysis

Design

I lImpl.

Oper.

2013-11-05 ECS’13 9

The language concept overviewThe language – concept overview

EVC Cooling Unit

ITS ITS

Mai...

CAN VEH

CAN ETS main relay

-

- -

MR_Kl 87 -

Li Ion Accu

charger

Power Elec...

AFFP

Electric Machine

HECU

RBS/SBA

ITS ITS

RLS

Front ...

Wind...

USM

Park aid

MicroAut...

BCM

HMI-ECU

Gateway

Radio HVAC-...

eMotio...

FPK

DCM

Antenna-mo...

Auto LinQ

Gears

Charging recept...

HVJB

SBW

PTC He...

Maintenance Switch

ev CAN


Accu_Interlock in

obc_P-CAN

obc_HV line

PE_P-CAN

PE_HV line

PE_pilot line

PE_phases

PE_exictation

EPF 2-4

brake open

brake closed


gears


AFFP_P CAN




EMachine_phases

EMachine_HV in

EV EMR X61/L38

HECU_P-CAN

C-CAN

SBA_P CAN

pedal angle sensor

- -

LIN_1_D

LIN_1_E

LIN_2_D


CF-CAN

I-CAN

CF-CAN

LIN_2_D

Inter System-CAN

LIN_1_D

LIN_1_E

-

Ethernet Cluster


BA_AutoBoard_0

I-CAN

Inter System-CAN

C-CAN

I-CAN

M-CAN

P-CAN

D-CAN

D-Ethernet E1

M-CAN

-

I-CAN


I-CAN

CF-CAN

-

BA_Antenna-module_2

BA_Antenna-module_3

I-CAN

Ethernet

USB_eMotion Skin

-

P-R-N-D HMI


HVJB_obc in



HVJB_Accu in

HVJB_Heater

HVJB_PE out

-

-

SBW_P CAN -

-

Heat_400V in -

MSwitch_HV in

MSwitch_to HVJB

MSwitch_Pilot out

MSwitch_Pilot in -

-

RF:K-Line

GPS:K-Line

HMI:USB

HVJB - PE:HV line

The language scope Architecture specificationThe language scope – Architecture specification

Multi-leveled system specification (“Core”)y p ( )

VFM - Vehicle Feature Model

Abstracting

FAA - Functional Analysis ArchitectureFDA - Functional DesignFDA Functional Design Architecture

HWA - Hardware Architecture

Li Ion Accu

charger

Power Elec...

EVC

AFFP

Electric Machine

Cooling Unit

HECU

RBS/SBA

ITS ITS

RLS

Front ...

Wind...

USM

Park aid

MicroAut...

BCM

HMI-ECU

Gateway

Radio HVAC-...

eMotio...

FPK

Antenna-mo...

Auto LinQ

Gears

Mai...

HVJB

SBW

PTC He...

Maintenance Switch

ev CAN


Accu_Interlock in

obc_P-CAN

PE_P-CAN

PE HV line

PE_pilot line

PE phases

PE_exictation

EPF 2-4

CAN VEH

brake open

CAN ETS

brake closed

main relay


gears


-

AFFP_P CAN




EMachine_phases

EMachine_HV in

EV EMR X61/L38

HECU_P-CAN

C-CAN

SBA_P CAN

pedal angle sensor

- -

LIN_1_D

LIN_1_E

LIN_2_D


CF-CAN

I-CAN

CF-CAN

LIN_2_D

Inter System-CAN

LIN_1_D

LIN_1_E

-

Ethernet Cluster


BA_AutoBoard_0

I-CAN

Inter System-CAN

C-CAN

I-CAN

M-CAN

P-CAN

D-CAN

D-Ethernet E1

M-CAN

-

I-CAN


I-CAN

BA_Antenna-module_2

BA_Antenna-module_3

I-CAN

Ethernet

USB_eMotion Skin

-

P-R-N-D HMI

MR_Kl 87 -

HVJB_obc in



HVJB_Accu in

HVJB_Heater

HVJB_PE out

-

-

SBW_P CAN -

-

Heat_400V in -

MSwitch_HV in

MSwitch_to HVJB

MSwitch_Pilot out

MSwitch_Pilot in -

-

RF:K-Line

GPS:K-Line

HMI:USB

HVJB - PE:HV line

Allocation - Binding of FDA to HWA

2013-11-05 ECS’13 11

ITS ITS DCM Charging recept...

obc_HV line PE_HV line PE_phases

- - CF-CAN

-


HVJB PE:HV line

AUTOSAR

Example VFM for a vehicle feature specificationExample VFM for a vehicle feature specification

<<VehicleFeat re>> <<Feat reLinks>>

2013-11-05 ECS’13 12

<<VehicleFeature>> <<FeatureLinks>>

Example Analysis Architecture for an abstract function specification

<<PowerPort>> <<FlowPort>>

<<FunctionalDevice>>

<<AnalysisFunction>>

2013-11-05 ECS’13 13

Example Design Architecture for a more detailed function specification

<<LocalDeviceManager>>

<<DesignFunction>>

<<BasicSoftware>>

2013-11-05 ECS’13 14

<<HardwareFunction>>

The related specification of RealizationThe related specification of Realization

AnalysisAnalysis Architecture

<<Realisation>>

Design Architecture

2013-11-05 ECS’13 15

Example Realization MatrixesExample – Realization Matrixes<<Realisation>> VFM x AA

<<R li ti >> AA DA<<Realisation>> AA x DA

2013-11-05 ECS’13 16

Report for realization traceabilityReport for realization traceability

ABSBraking <VehicleFeature> is realized by pBrakePedalSensor: Generated report, a BrakePedalSensor <FunctionalDevice> <AnalysisFunctionPrototype>

BasicBraking <VehicleFeature> is realized by pBrakePedalSensor: BrakePedalSensor <FunctionalDevice> <AnalysisFunctionPrototype>

ABSBraking <VehicleFeature> is realized by pBrakePedalSensor:

p ,basis for systematic

- design contract creation,

impact assessment ABSBraking <VehicleFeature> is realized by pBrakePedalSensor: BrakePedalSensor <FunctionalDevice> <AnalysisFunctionPrototype>

PowerRegenByBraking <VehicleFeature> is realized by

pBrakePedalSensor: BrakePedalSensor <FunctionalDevice> <AnalysisFunctionPrototype>

- impact assessment for changes

- resolution of feature interference

<AnalysisFunctionPrototype>

pBrakePedalSensor: BrakePedalSensor <FunctionalDevice> <AnalysisFunctionPrototype> is realized by pBrakePedalSensor: P d lP E d <H d F i > <D i F i P >

…

PedalPosEncoder <HardwareFunction> <DesignFunctionPrototype>

pBrakePedalSensor: BrakePedalSensor <FunctionalDevice> <AnalysisFunctionPrototype> is realized by pBrakePedalIO: BrakePedalIO<BasicSoftware> <DesignFunctionPrototype>

2013-11-05 ECS’13 17

pBrakePedalSensor: BrakePedalSensor <FunctionalDevice> <AnalysisFunctionPrototype> is realized by pBrakePedalLDM: BrakePedalLDM <LocalDeviceManager> <DesignFunctionPrototype>

Example Func&HW binding specificationExample – Func&HW binding specification

<<FunctionAllocatoin>>

<<H d A hit t >><<HardwareArchitecture>>

2013-11-05 ECS’13 18

Example Allocation MatrixExample – Allocation MatrixAllocation Matrix

Resulted design

2013-11-05 ECS’13 19

The language scope – Modeling support forThe language scope Modeling support for requirements, analysis and V&V

Requirement modelProduct-line variability modelBehavior Model

Modes, triggering, external definition (Runnables)Temporal, quantification/ parametric, and computational constraints

Timing modelTiming events and timing-chain

Dependability modelItem, safety goals, functional and technical safety goalsFailure-modes and failure logics

V&V Model Li Ion Accu

charger

Power Elec...

EVC

AFFP

Electric Machine

Cooling Unit

HECU

RBS/SBA

ITS

ITS

ITS

ITS

RLS

Front ...

Wind...

USM

Park aid

MicroAut...

BCM

HMI-ECU

Gateway

Radio HVAC-...

eMotio...

FPK

DCM

Antenna-mo...

Auto LinQ

Gears

Mai...

Charging recept...

HVJB

SBW

PTC He...

Maintenance Switch

ev CAN


Accu_Interlock in

obc_P-CAN

obc_HV line

PE_P-CAN

PE_HV line

PE_pilot line

PE_phases

PE_exictation

EPF 2-4

CAN VEH

brake open

CAN ETS

brake closed

main relay


gears


-

AFFP_P CAN




EMachine_phases

EMachine_HV in

EV EMR X61/L38

HECU_P-CAN

C-CAN

SBA_P CAN

pedal angle sensor

-

-

-

-

LIN_1_D

LIN_1_E

LIN_2_D


CF-CAN

I-CAN

CF-CAN

LIN_2_D

Inter System-CAN

LIN_1_D

LIN_1_E

-

Ethernet Cluster


BA_AutoBoard_0

I-CAN

Inter System-CAN

C-CAN

I-CAN

M-CAN

P-CAN

D-CAN

D-Ethernet E1

M-CAN

-

I-CAN


I-CAN

CF-CAN

-

BA_Antenna-module_2

BA_Antenna-module_3

I-CAN

Ethernet

USB_eMotion Skin

-

P-R-N-D HMI

MR_Kl 87 -


HVJB_obc in



HVJB_Accu in

HVJB_Heater

HVJB_PE out

-

-

SBW_P CAN -

-

Heat_400V in -

MSwitch_HV in

MSwitch_to HVJB

MSwitch_Pilot out

MSwitch_Pilot in -

-

RF:K-Line

GPS:K-Line

HMI:USB

HVJB - PE:HV line

2013-11-05 ECS’13 20

Dependability ModelingDependability Modeling

Support for ISO26262 Safety Lifecycle, SEooCpp y y ,

2013-11-05 ECS’13 21

Example Dependability model for PHAExample Dependability model for PHA

<<Item>>

<<Hazard>>

<<Hazard

<<Safety G l

<<Hazard Event>>

Goal>>

2013-11-05 ECS’13 22

Example Error Model for FTA AnalysisExample Error Model for FTA Analysis<<ErrorModel>>

<<Anomaly>>

<<ErrorPropagation>>

2013-11-05 ECS’13 23

Example error logic definitionExample error logic definition

contain

2013-11-05 ECS’13 24

Behavior Constraint SpecificationBehavior Constraint Specification

RolesRolesRequirement refinements, elicitation, validationSystem compositionality, component composabilityError modelingError modelingTest case generation

2013-11-05 ECS’13 25

Example ABS behaviorExample – ABS behavior<<AttributeQuantificationConstraint>>

<<TemporalConstraint>>

2013-11-05 ECS’13 26

Language designLanguage design

Metamodel defined in UML (Enterprise Architect)( p )Documentation autogenerated from modelExchange format based on AUTOSAR schema

2013-11-05 ECS’13 27

Language implementationLanguage implementation

2013-11-05 ECS’13 28

ConclusionConclusionEAST-ADL provides a language and a methodology support for consistency enforcement, analysis,support for consistency enforcement, analysis, automated handling of information, and view generation in a multi-disciplinary engineering context.

Compatible with industrial standards and state-of-the-art technologies:

ISO 26262, AUTOSAR….Various formal techniques

http://www.maenad.eu/Various formal techniques

Flexible adoption.Conceptual

http://www.east-adl.info/

http://www.linkedin.com/groups/EASTADLpLanguageTool

-4639096

http://www.youtube.com/user/EASTADL

2013-11-05 ECS’13 32