Cross-layer analysis, testing and verification of automotive control software

Automotive architectures today consist of up to 100 electronic control units (ECUs) that communicate via one or more FlexRay and CAN buses. Multiple control applications - like cruise control, brake control, etc. - are specified as Simulink/Stateflow models, from which code is generated and mapped onto the different ECUs. In addition, scheduling policies and parameters, both for the ECUs and the buses, need to be specified. Code generation/optimization from the Simulink/Stateflow models, task partitioning and mapping decisions, as well as the parameters chosen for the schedulers - all of these impact the execution times and timing behaviour of the control tasks and control messages. These in turn affect control performance, such as stability and steady-/transient-state behaviour. This paper discusses different aspects of this multi-layered design flow and the associated research challenges. The emphasis is on model-based code generation, analysis, testing and verification of control software for automotive architectures, as well as on architecture or platform configuration to ensure that the required control performance requirements are satisfied.

[1]  Koushik Sen,et al.  DART: directed automated random testing , 2005, PLDI '05.

[2]  K.-E. Arzen,et al.  How does control timing affect performance? Analysis and simulation of timing using Jitterbug and TrueTime , 2003, IEEE Control Systems.

[3]  Anuradha M. Annaswamy,et al.  Optimizing hierarchical schedules for improved control performance , 2010, International Symposium on Industrial Embedded System (SIES).

[4]  Thomas A. Henzinger,et al.  From control models to real-time code using Giotto , 2003 .

[5]  Wolfgang Pree,et al.  Modeling with the Timing Definition Language (TDL) , 2006, ASWSD.

[6]  Rajeev Alur,et al.  Symbolic analysis for improving simulation coverage of Simulink/Stateflow models , 2008, EMSOFT '08.

[7]  Sanjit A. Seshia,et al.  GameTime: A Toolkit for Timing Analysis of Software , 2011, TACAS.

[8]  Kenneth R. Butts,et al.  Migration of Legacy Software Towards Correct-by-Construction Timing Behavior , 2010, Monterey Workshop.

[9]  Jonathan P. Bowen,et al.  From MC/DC to RC/DC: formalization and analysis of control-flow testing criteria , 2006, Formal Aspects of Computing.

[10]  Indranil Saha,et al.  An approach to reverse engineering of C programs to simulink models with conformance testing , 2009, ISEC '09.

[11]  Edward A. Lee,et al.  Timed multitasking for real-time embedded software , 2003 .

[12]  Paulo Tabuada,et al.  Dynamic Scheduling and Control-Quality Optimization of Self-Triggered Control Applications , 2010, 2010 31st IEEE Real-Time Systems Symposium.

[13]  Anton Cervin,et al.  Delay-Aware Period Assignment in Control Systems , 2008, 2008 Real-Time Systems Symposium.

[14]  Martin Lukasiewycz,et al.  Constraint-driven synthesis and tool-support for FlexRay-based automotive control systems , 2011, 2011 Proceedings of the Ninth IEEE/ACM/IFIP International Conference on Hardware/Software Codesign and System Synthesis (CODES+ISSS).

[15]  Scott A. Mahlke,et al.  The theory of deadlock avoidance via discrete control , 2009, POPL '09.

[16]  Michael D. Lemmon,et al.  Reducing Delay Jitter of Real-Time Control Tasks through Adaptive Deadline Adjustments , 2010, 2010 22nd Euromicro Conference on Real-Time Systems.

[17]  Anton Cervin,et al.  Optimal on-line scheduling of multiple control tasks: a case study , 2006, 18th Euromicro Conference on Real-Time Systems (ECRTS'06).

[18]  G. Bosman,et al.  A Survey of Co-Design Ideas and Methodologies (draft) , 2003 .

[19]  Daniel Kroening,et al.  Test-case generation for embedded simulink via formal concept analysis , 2011, 2011 48th ACM/EDAC/IEEE Design Automation Conference (DAC).

[20]  Anuradha M. Annaswamy,et al.  Schedulability analysis of distributed cyber-physical applications on mixed time-/event-triggered bus architectures with retransmissions , 2011, 2011 6th IEEE International Symposium on Industrial and Embedded Systems.

[21]  Fumin Zhang,et al.  Task Scheduling for Control Oriented Requirements for Cyber-Physical Systems , 2008, 2008 Real-Time Systems Symposium.

[22]  S. Ramesh,et al.  Randomized directed testing (REDIRECT) for Simulink/Stateflow models , 2008, EMSOFT '08.

[23]  Reinhold Heckmann,et al.  Combining a High-Level Design Tool for Safety-Critical Systems with a Tool for WCET Analysis on Executables , 2008 .

[24]  Heiko Hubert,et al.  A Survey of HW/SW Cosimulation Techniques and Tools , 1998 .

[25]  Linda Bushnell,et al.  Stability analysis of networked control systems , 2002, IEEE Trans. Control. Syst. Technol..

[26]  Samarjit Chakraborty,et al.  Re-engineering cyber-physical control applications for hybrid communication protocols , 2011, 2011 Design, Automation & Test in Europe.

[27]  Dai Shuang-feng Stability Analysis of Networked Control System , 2007 .

[28]  Nicolas Halbwachs,et al.  Synchronous Programming of Reactive Systems , 1992, CAV.

[29]  Sriram Sankaranarayanan,et al.  Generating and Analyzing Symbolic Traces of Simulink/Stateflow Models , 2009, CAV.

[30]  Edward A. Lee,et al.  Heterogeneous Concurrent Modeling and Design in Java (Volume 1: Introduction to Ptolemy II) , 2008 .

[31]  Alberto L. Sangiovanni-Vincentelli,et al.  Software timing analysis using HW/SW cosimulation and instruction set simulator , 1998, Proceedings of the Sixth International Workshop on Hardware/Software Codesign. (CODES/CASHE'98).

[32]  S. Ramesh,et al.  Efficient coverage of parallel and hierarchical stateflow models for test case generation , 2012, Softw. Test. Verification Reliab..

[33]  Jakob Engblom,et al.  The worst-case execution-time problem—overview of methods and survey of tools , 2008, TECS.

[34]  Anton Cervin,et al.  Resource management for control tasks based on the transient dynamics of closed-loop systems , 2006, 18th Euromicro Conference on Real-Time Systems (ECRTS'06).

[35]  James A. Rowson,et al.  Hardware / Software Co-Simulation , 2000 .

[36]  Joseph Sifakis,et al.  Building models of real-time systems from application software , 2003, Proc. IEEE.

[37]  Mark Harman,et al.  An Analysis and Survey of the Development of Mutation Testing , 2011, IEEE Transactions on Software Engineering.

[38]  Koushik Sen,et al.  CUTE: a concolic unit testing engine for C , 2005, ESEC/FSE-13.

[39]  Samarjit Chakraborty,et al.  Co-design of cyber-physical systems via controllers with flexible delay constraints , 2011, 16th Asia and South Pacific Design Automation Conference (ASP-DAC 2011).

[40]  Rupak Majumdar,et al.  Hybrid Concolic Testing , 2007, 29th International Conference on Software Engineering (ICSE'07).

[41]  A Jeeerson Ooutt,et al.  Subsumption of Condition Coverage Techniques by Mutation Testing , 1996 .

[42]  Stephen A. Edwards,et al.  Design of embedded systems: formal models, validation, and synthesis , 1997, Proc. IEEE.

[43]  S. Ramesh,et al.  AutoMOTGen: Automatic Model Oriented Test Generator for Embedded Control Systems , 2008, CAV.