Presentation of the speech for the 1st International Workshop on Modelling in Automotive Software Engineering at Models 2015 held in Ottawa, Canada

1. Anticipating Implementation-Level Timing
Analysis for Driving Design-Level
Decisions in EAST-ADL
Alessio Bucaioni
27-09-2015
MASE @ MODELS 2015
Arcticus Systems

2. 2
We discuss a methodology which provides
automation means for seamlessly linking
EAST-ADL design and implementation
levels to enable end-to-end delay analysis
at design level for supporting design
decisions
PRESENTATION TAKEAWAY

3. BACKGROUND - MOTIVATION
3
INTRODUCTION
5
100 million LoC
2000 SW functions
70-100 ECUs
200-300 mLoC (near future)
1GB size
5 or more buses
Development of these
systems is a daunting
task
• 100000000+ LoC
• 2000+ SW
functions
• 100+ ECUs
• 1+ G
• 5+ Bus

4. BACKGROUND - MOTIVATION
4
Painful to discover, during testing, that the SW
system does not deliver a service of acceptable
quality w.r.t. timing errors.
Early analysis of expected timing-behaviors
and feasibility of architectural decisions w.r.t.
timing requirements would be very welcome as
support for design decisions

5. 5
BACKGROUND - MOTIVATION
DESIGN FUNCTION PROTOTYPING,
ALLOCATION,
HW COMPONENT PROTOTYPING
Design level
Implementation level
Vehicle level
Analysis level
EAST-ADL,
TIMMO, TADL
RCM,
AUTOSAR
TADL 2
ABSTRACTION
LEVELS
METHODOLOGIES,
MODELS, LANGUAGES
FEATURE
MODELING
ACTIVITIES
CONSISTENCY
ANALYSIS
OF REQUIREMENTS
IMPLEM.FUNCTION PROTOTYPING,
SYSTEM PROPERTIES ANALYSES

6. 6
PROBLEM STATEMENT
Design level
Implementation level
Due to the lack of detailed timing
information at design level, timing
analysis cannot be performed on
design models.
They need to be translated to
implementation models equipped
with needed timing details.
TIMING
ANALYSIS
TIMING
ANALYSIS
translation

7. 7
PROBLEM STATEMENT
DESIGN FUNCTION PROTOTYPING,
ALLOCATION,
HW COMPONENT PROTOTYPING
Design level
Implementation level
Vehicle level
Analysis level
EAST-ADL,
TIMMO, TADL
RCM,
AUTOSAR
TADL 2
ABSTRACTION LEVELS METHODOLOGIES,
MODELS, LANGUAGES
FEATURE MODELING
ACTIVITIES
CONSISTENCY ANALYSIS
OF REQUIREMENTS
IMPLEM.FUNCTION PROTOTYPING,
SYSTEM PROPERTIES ANALYSES
EAST-ADL does not come with
explicit support for automation
among the abstraction levels.
It leads to a scattered development
process where consistency among
artifacts is a burden for the developer
to bear

8. 8
PROBLEM STATEMENT
Design level
Implementation level
TIMING
ANALYSIS
TIMING
ANALYSIS
translation
Done manually ,driven by the
developer’s experience and it
often considers a one-to-one
mapping only.
Tedious and error-prone, it may
lead to the loss of relevant
implementation model
candidates when dealing with
complex industrial systems.

9. CONTRIBUTION
9
We discuss a methodology which provides automation
means for seamlessly linking EAST-ADL design and
implementation levels to enable end-to-end delay
analysis at design level for supporting design
decisions.
Implementation level analysis is more accurate than
design level analysis, which usually provides
estimations and does not suffice industrial needs.

10. THE METHODOLOGY
10

11. A RUNNING EXAMPLE: THE STEER-BY-WIRE
SYSTEM
11
SWC WCET
(us)
Steer_Angle 120
Steer_Amgle_Processing 200
Input_Processing 280
Vehicle_Speed 120
FB_Steer_Torque_Computatio
n
1200
Steer_Sensor_Actuator 100
TIMING
CONSTRAINT
m
s
AGE 25
REACTION 35

12. 12
TRANSFORMATION PHASE
DL2RCM is a non-bijective transformation realized within EMF using
JTL.
JTL is a constraint-based bidirectional model transformation language
specifically tailored to support non-bijectivity by generating all the
possible solutions at once.
The DL2RCM transformation consists of 28 rules
The DL2RCM would generate 64 implementation models.
However, considering the timing analysis we are interested….

13. 13
TRANSFORMATION PHASE
We use ASP constraints for enforcing the bijectivity on the Steer_Angle ,
Vehicle_Speed and Steering_Sensation_Actuator obtaining 8 different
RCM models

14. 14
TRANSFORMATION PHASE

15. 15
TIMING ANALYSIS PHASE
End-to-end delay analysis:
• Age delay is important in control applications where the interest lies
in the freshness of received data
• Reaction delay is used to determine the first reaction time for a given
stimulus

16. 16
FILTERING AND PROPAGATION PHASEs
TIMING
CONSTRAINT
m
s
AGE 25
REACTION 35

17. 17
FILTERING AND PROPAGATION PHASEs

18. 18
DISCUSSION
Architectural decisions based on much more precise feedback.
Developers only focus on design activities exploiting implementation
level analysis results.
We exploit JTL’s capability of entailing ASP logic constraints for
narrowing the generation space. This can enable support for the
generation of different classes of models by providing different default
constraints.
It is not prevented the generation of dimly meaningless solutions nor
high transformation time in case of very complex design models.

19. 19
CONCLUSION
Through our methodology it is possible to disclose the opportunity of
shortening time-to-market and leverage expensive resources (e.g.,
architects, timing experts) more efficiently.
The system illustrated in this work contains more than 50 components
(17in the SC ECU and 10 in each of the four WC ECUs).
Starting from such an architecture, a designer willing to manually
define a proper implementation model, would face a space of 257
possible alternatives.

20. Thank you for the
attention!
Questions?

21. 21

22. 22
SELECTION FILTER
Figure 2 (a). Single-rate chain
Figure 2 (b). Multi-rate chain
In the body electronics
domain, the applications
are modeled with single-
rate chains.
In the control systems
domain, the applications
are modeled with multi-
rate chains.
If we target applications
with multi-rate chains,
then all single-rate
implementation models
would be discarded.