Title: Realtime distributed control systems Trends
1Real-time distributed control systemsTrends
Needs in Vehicle Motion Control
2Trends
3State of model-based software engrg
- Current methods, standards, tools, skills are
still evolving. - Testing simulation cannot guarantee absence of
errors. - Need enhanced error-reduction approaches.
- Correct-by-construction methods.
- Enabler Unambiguous behavior modeling.
- Single universally acceptable solution not
feasible. - Approach
- Focus on a narrow domain, e.g. Vehicle Motion
Control (VMC) - Requires high integrity
- Satisfactory semantic constraints identifiable
extended FSM (eFSM) - Enable High Integrity Process Framework with eFSM
metamodel
4HIS Framework
5Specification-refinement multi-stage process
Level 0 End-user objectives, intent
expectations
0T1
Level 1 Requirements in restricted natural text
1T2
K n o w l e d g e B a s e
Levels 0 and 1 for Pv have been performed.
Level 1 ? Level 2 direct 11 mapping exists
Level 2 Requirements Model
2T3
Level 3 Design model satisfies L2
3T4
. . .
i-1Ti
Level N-1 Functionality needed to support Level
N-2
N-1TN
Hardware interface
6Overall Roadmap (Proposal STREP)
Project coordination / controlling
DaimlerChrysler
WP 1 Software Architecture
WP 2 Hardware Architecture
WP 0 Analysis Phase
Veesa Study (Vehicle e-safety Architecture)
WP 3 System Dependability
WP4 Processes and Tools
WP 5 Evaluation and Validation
WP 6 Technical Management Exploitation and
Dissemination
Q3/07
Q1/03
Q1/04
Q3/05
Q1/07
Q1/05
7Workpackages and Budget (Proposal STREP)
? 10,0 M
1,0
WP 0 Analysis Phase WP 0.1 Data collection WP
0.2 Guidelines for SPs
1,6
2,1
1,4
1,4
1,0
WP 1 Software Architecture WP 1.1 Software
Topology WP 1.2 FT SW Mechanisms WP 1.3 SW
Gateway Concept
WP 2 Hardware Architecture WP 2.1 Logic System
Architecture WP 2.2 ECU Architecture Design WP
2.3 Communication System
WP 3 System Dependability WP 3.1 Adaption and
Extention of Methods WP 3.2 Development of
Guidelines
WP 4 Processes and Tools WP 4.1 Process and
Tool Landscape WP4.2 Processes for Integrated
Safety Systems WP 4.3 Tool Interaction Tool
Development
Technical Management WP 6.1 Interface to
Integrated Safety IPs WP 6.2 Dissemination WP
6.3 Homologation Certification Core DC Bos
ch CRF Valeo Volvo ZF
WP 5 Evaluation and Validation W 5.1 System
Dependability Evaluation WP 5.2 Stability Control
and Distributed Brake System WP 5.3 Telematics
Validator WP 5.4 Commercial Vehicle Testbench
1,5
8Capture natural language requirements
Word
Capture structured system requirements
DOORS
Identify functional architecture (FAA)
UML Tool, GME for ADL
Specify and analyze dynamic view
UML Tool (MSCs)
Quality Gate
9Assumed environment of vehicle cruise control - 2
Legend PMPropulsion Motor BMBrake Motor WS
Wheel speed CC cruise control LFLeft
Front RRRight Rear and so on
Cruise Control
Needed functions
(other signals omitted for clarity)
Vehicle motion control (higher level)
Parameters
PM-LF
Requested_ Long_velocity
PM-RF
PM-LR
Output Transformer
Long_Velocity Regulator
PM-RR
BM-LF
Current_ Long_velocity
BM-RF
BM-LR
WS signals to other functions
BM-RR
filter
fusion
input
actuator
regulator
10Example layered process tracing one distributable
unit (DU)
Applic FSMs
WS-LF signal, WS-LF filter
Reusable Assets
(WS-LF signal filter) composed in distributable
unit (DU) with parafunctional properties
Task, global scheduler, global timer
Global services
Layer
DU in Task with global schedule and communication
Timer and scheduler for Vechicle A,
Local Service
Local Task, schedule, IPC, timer, scheduler
MPC CAN
HW
All on target
11Verification points Quality Gates L0?L1?L2
Layer 0 End-user objectives, intent, expectations
K NOWLEDGE BASE.
Feedback
0T1
constraints
Ontology vocabulary, Layer 1
Layer 1 Requirements in restricted natural text
QG1
Feedback
1T2
constraints
Ontology vocabulary, Layer 2
QG2
Layer 2 Requirements spec - analyzable model
12Verification in Layered Process
Transformation rules constraints
- Ontology constrains the design spaces
- Prevents many wrong designs
- Rules and constraints are pre-validated
- Reusable assets are pre-validated
- Composition and transformation process are built
in framework - QG checks that reused assets were pre-validated
and are correctly used.
CC controller FSM
FSMs
Formal Sim
QG
Ontology
Formal
CC in DU
Quality Gate
Global service
global
CC in Task
Formal Sim
Local service
Verification authority
local
CC on OS
hw
HW
Formal Sim
CC on target
Formal Prototype
13L2 Requirements Para-functional Properties
Risk level assignment rule for function
composition
WS-xx
VMC
WS_Filter
LoopInterval (LI) .001s LoopInterval_tolerance
.0001s
LI .06s LI_tol .006s
LI ?s LI_tol ?s
RiskLevel .?
RiskLevel .H
RiskLevel .?
Apply rule assign H
14L3 Model Para-functional Properties Refine
VMC
LI .064s LI_tol .002s
RiskLevel .H
Apply rule
Assumed design rule for chained continuous
control functions Loop interval of consumer must
be even integral multiple of (or same as) loop
interval of producer