Automotive Functional Safety Standard ISO26262 and Design ... · 6/8/2012 · →→→→industry standardization: JMAAB, the Society of Instrument and Control Engineers Measures

Copyright Copyright ©© Hitachi Automotive Systems, Ltd. All rights reservedHitachi Automotive Systems, Ltd. All rights reserved

Panel Session 1Panel Session 1Panel Session 1Panel Session 1 "Design Verification, Test""Design Verification, Test""Design Verification, Test""Design Verification, Test"

Automotive Functional Safety Standard ISO26262Automotive Functional Safety Standard ISO26262Automotive Functional Safety Standard ISO26262Automotive Functional Safety Standard ISO26262and and and and Design VerificationDesign VerificationDesign VerificationDesign Verification TechnologyTechnologyTechnologyTechnology

June 8, 2012June 8, 2012June 8, 2012June 8, 2012June 8, 2012June 8, 2012June 8, 2012June 8, 2012

Yoshihiro MiyazakiYoshihiro MiyazakiYoshihiro MiyazakiYoshihiro MiyazakiYoshihiro MiyazakiYoshihiro MiyazakiYoshihiro MiyazakiYoshihiro Miyazaki

CREST "Platform Technology of Dependable VLSI Systems"DVLSI Program Review 2012-1

1. Company profile1. Company profile1. Company profile1. Company profile1. Company profile1. Company profile1. Company profile1. Company profile2. Development technology trends of the automotive2. Development technology trends of the automotive2. Development technology trends of the automotive2. Development technology trends of the automotive2. Development technology trends of the automotive2. Development technology trends of the automotive2. Development technology trends of the automotive2. Development technology trends of the automotive

electronic systemelectronic systemelectronic systemelectronic systemelectronic systemelectronic systemelectronic systemelectronic system3. 3. 3. 3. 3. 3. 3. 3. Automotive Functional Safety Standard ISO26262Automotive Functional Safety Standard ISO26262Automotive Functional Safety Standard ISO26262Automotive Functional Safety Standard ISO26262Automotive Functional Safety Standard ISO26262Automotive Functional Safety Standard ISO26262Automotive Functional Safety Standard ISO26262Automotive Functional Safety Standard ISO262624. Virtual ECU application technology4. Virtual ECU application technology4. Virtual ECU application technology4. Virtual ECU application technology4. Virtual ECU application technology4. Virtual ECU application technology4. Virtual ECU application technology4. Virtual ECU application technology

ＣｏｎｔｅｎｔｓＣｏｎｔｅｎｔｓ

Executive Chief Engineer, Electronic Platform Technology GMExecutive Chief Engineer, Electronic Platform Technology GM

R&D Div.R&D Div.

Hitachi Automotive Systems, Ltd.Hitachi Automotive Systems, Ltd.

2222Copyright © Hitachi Automotive Systems, Ltd. All rights reserved

Company profile1111. Company profile. Company profile. Company profile. Company profile

Hitachi advanced into domestic production of automotive electric parts in 1930.

Having 80 years history in the automotive industry,

Hitachi Automotive Systems, Ltd., was established on July 1st, 2009 by the split-off from Hitachi, Ltd.

Hitachi advanced into domestic production of automotive electric parts in 1930.

Having 80 years history in the automotive industry,

Hitachi Automotive Systems, Ltd., was established on July 1st, 2009 by the split-off from Hitachi, Ltd.

Development, manufacture, sales and services of automotive components,

transportation related components, industrial machines and systems, etcBusiness

Hitachi Automotive Systems, Ltd. Name

July 1, 2009Established

Shin-Otemachi Bldg.

2-1, Otemachi 2-chome, Chiyoda-ku, Tokyo, JapanHeadquarter

15,000 million yen (Wholly-owned subsidiary of Hitachi, Ltd)Capital

811.5 billion yen Year ended March 31, 2012, Consolidated basisRevenues

Kunihiko Ohnuma

President and Chief Executive OfficerRepresentative


Product summary1111. Company profile. Company profile. Company profile. Company profile

Vehicle maintenance/Diagnosis

Auto insurance

Entertainment

Telematics service

Logistics for

delivery vehicles

Car information unit for job oriented servicePND*

Navigationsystem

Millimeter wave radar

Camera

Audio

Proving car

Electroniccontrol unit

ETC,VICS trafficcontrol system

Rear view monitor

HEV*

Engine/Brakes/Steering

Mobilecommunicationnetworks

Traffic information centerTraffic forecast & information

Satellite broadcasting/communicationDigital broadcasting

Image processing camera

Power steering

Air leveling system

Millimeter wave radar

VDCBrakeCaliper

Suspension

Stereo Camera

Brake actuation

ADAS Control Unit

Hydraulic cylinder for roll control

Propeller Shaft

Lithium-ion batteryHitachi Vehicle Energy)

InverterMotor

Starter

Injector

Control Unit

High pressure fuel pump

Piston

Valve timing control

Airflow Sensor

Variable valve event and lift control system

Balancer

Electronic throttle body

VDC: Vehicle Dynamics

Control

ADAS: Advanced Driver

Assistance System

Engine Management SystemsEngine Management SystemsEnviron

ment Drive Control SystemsDrive Control SystemsSafety

Electric Electric PowertrainPowertrain SystemsSystemsEnviron

ment

*PND:Portable Navigation Device *HEV: Hybrid Electric Vehicles

Car Information SystemsCar Information SystemsInformat

ion


Definition of the electronic platform2. Development technology trends of the automotive electronic sy2. Development technology trends of the automotive electronic sy2. Development technology trends of the automotive electronic sy2. Development technology trends of the automotive electronic systemstemstemstem

With enlargement and advancement of the in-vehicle software,

forming the common basis from the base of each software is becoming

much effective and it is named as “electronic platform”.

With enlargement and advancement of the in-vehicle software,

forming the common basis from the base of each software is becoming

much effective and it is named as “electronic platform”.

[In a wide sense] Electronic platform[In a wide sense] Electronic platform

[In a narrow sense] Electronic platform (Implementation platform)[In a narrow sense] Electronic platform (Implementation platform)

Development platformDevelopment platform

Microcomputer, in-vehicle LAN, the basic OS, BIOS, communication software, etc.

Methods and tools such as control model description, programming, verification, etc.

Application

Software

Base software(the basic OS,

communication software)

Base hardware

(microcomputers)

In-vehicle network (LAN)

ECU for engines

Application

software

Base

software

Base

hardware

ECU for AT ECU for brakes

Application

software

Base

software

Base

hardware

Concept

Conformity with vehicle/

its verificationControl

design

Software design Software test

Implementation

Electronic platform (implementation platform) Development platform

Software architecture Software development process

Design,test methodss and tools

supporting the development process


Approach to measures of in-vehicle software development in recent years

2. Development technology trends of the automotive electronic sy2. Development technology trends of the automotive electronic sy2. Development technology trends of the automotive electronic sy2. Development technology trends of the automotive electronic systemstemstemstem

Measures approach 1: Reduce things to be developed

Electronic platform (implementation platform)

→→→→ standardization, high-level functionStandardization of software hierarchical structure specifications

Standardization of basic software specifications

Standardization of applications software data interface specifications

→→→→industry standardization : AUTOSAR, JasPar

Measures approach 1: Reduce things to be developed

Electronic platform (implementation platform)

→→→→ standardization, high-level functionStandardization of software hierarchical structure specifications

Standardization of basic software specifications

Standardization of applications software data interface specifications

→→→→industry standardization : AUTOSAR, JasPar

Many problems come to the front with progress of applying electronic controlIncrease of the in-vehicle controller number Enlargement of the in-vehicle controller software

Complexity, advancement of the control Keeping & improvement of reliability

Measures approach 2: Ease and facilitate development work (abstraction, automation)

Development platform →→→→ advancement, standardization

"model based development method"Control model description language, tool

Modeling and simulation for the controller and the control target

Automatic cord generation (programming-less)

→→→→ industry standardization: JMAAB, the Society of Instrument and Control Engineers

Measures approach 2: Ease and facilitate development work (abstraction, automation)

Development platform →→→→ advancement, standardization

"model based development method"Control model description language, tool

Modeling and simulation for the controller and the control target

Automatic cord generation (programming-less)

→→→→ industry standardization: JMAAB, the Society of Instrument and Control Engineers


Advancement / complexity of the in-vehicle control

2. Development technology trends of the automotive electronic sy2. Development technology trends of the automotive electronic sy2. Development technology trends of the automotive electronic sy2. Development technology trends of the automotive electronic systemstemstemstem

User attentions to safety of the electronic control system

→→→→ becoming higher

Correspondence to functional safety standard ISO26262

(2011/Nov. established)

Further advancement, complexity of the electronic control function

Remarkable

improvement in

safety/efficiency/quality

for verification

is required

Evolution from aggregate of the single function control

to integrated control

Steering controlBrake control

Suspension

control

Engine control

Battery control

Drive control system

Motor control

Control target decision

ITS integration control

Vehicle dynamics control

Coordination of actuation systems/Regenerative brake systems, etc

Energy management

The outside

world

Information

Outside recognition system In-vehicle information system

Outside

a car

Commu

nication

Extract information

Target information

CameraMap

information

RadarPosition

information

Other sensorsInfrastructure

information

HEV control

[Notes] ITS: Intelligent Transport Systems, HEV: Hybrid Electric Vehicle

Difficulty increase to verify


Characteristics of ISO26262

Automotive functional safety standard ISO26262 inherits characteristics fromthe higher level standard i.e. functional safety standard IEC61508. It also adds the adaptation for the automotive field shown below.

① Introduction of Automotive Safety Integrity LevelSIL in IEC61508： recognized as the property of the target failure rateASIL in ISO26262： defined as the integrated safety requirement level with both random

failure and systematic failure （including software bugs, etc.)ＡＳＩＬＡ (lower level)～ＡＳＩＬＤ (higher level)

② Definition of H&R（Hazard analysis & Risk assessment） for the ASIL derivationEvaluated by three factors shown below

E(Exposure) ： frequency of cases exposed at the event or assumed driving statusC(Controllability) ： possibillity or difficulty of avoidanceS(Severity) ： severity of damage or injury

C1C1C1C1 SimplSimplSimplSimpleeee C2C2C2C2 NormalNormalNormalNormal C3C3C3C3 DifficultDifficultDifficultDifficult

E1E1E1E1 very lowvery lowvery lowvery low QMQMQMQM QMQMQMQM QMQMQMQM

E2E2E2E2 lowlowlowlow QMQMQMQM QMQMQMQM QMQMQMQM

E3E3E3E3 mediummediummediummedium QMQMQMQM QMQMQMQM AAAAE4E4E4E4 highhighhighhigh QMQMQMQM AAAA BBBB

QMQMQMQM QMQMQMQM QMQMQMQM

QMQMQMQM QMQMQMQM AAAAQMQMQMQM AAAA BBBB

AAAA BBBB CCCCQMQMQMQM QMQMQMQM AAAAQMQMQMQM AAAA BBBB

AAAA BBBB CCCC

BBBB CCCC DDDD

S1S1S1S1Light and moderateLight and moderateLight and moderateLight and moderate

S2S2S2S2SevereSevereSevereSevere

S3S3S3S3fatalfatalfatalfatal

* QM : Quality Management (no requirement to comply with ISO 26262)

3. Automotive Functional Safety Standard ISO262623. Automotive Functional Safety Standard ISO262623. Automotive Functional Safety Standard ISO262623. Automotive Functional Safety Standard ISO26262

E1E1E1E1 very lowvery lowvery lowvery low

E2E2E2E2 lowlowlowlow

E3E3E3E3 mediummediummediummediumE4E4E4E4 highhighhighhigh

E1E1E1E1 very lowvery lowvery lowvery low

E2E2E2E2 lowlowlowlow

E3E3E3E3 mediummediummediummediumE4E4E4E4 highhighhighhigh


Overview of ISO26262

Concept

phase

Production

and operation

22222222. . . . Management of functional safety

11111111. . . . VocabularyVocabularyVocabularyVocabulary

88888888. . . . Supporting processes

99999999. . . . ASIL-oriented and safety-oriented analyses

33333333.... 77777777....

55555555. . . . Product

development

at the

hardware level

66666666. . . . Product

development

at the

software level

44444444. . . . Product development at the system level

1010101010101010. . . . Guideline Guideline Guideline Guideline forforforfor ISO 26262ISO 26262ISO 26262ISO 26262 understanding

ISO26262ISO26262ISO26262ISO262623. Automotive Functional Safety Standard ISO262623. Automotive Functional Safety Standard ISO262623. Automotive Functional Safety Standard ISO262623. Automotive Functional Safety Standard ISO26262


Activities in Japan related to ISO26262ISO26262ISO26262ISO26262ISO26262

deliberations of the standarddeliberations of the standarddeliberations of the standarddeliberations of the standard

DIS ISFDISISO

JSAE

ISO26262ISO26262ISO26262ISO26262 guidebookJAMA

Microcontroller standardizationMicrocontroller standardizationMicrocontroller standardizationMicrocontroller standardization TFTFTFTFJASPAR* Functional Safety related Functional Safety related Functional Safety related Functional Safety related WGsWGsWGsWGsGuidebookGuidebookGuidebookGuidebook software, Microcontrollersoftware, Microcontrollersoftware, Microcontrollersoftware, Microcontroller demonstration experimentdemonstration experimentdemonstration experimentdemonstration experiment

translation general information guidebook

* * * * JASPAR (JASPAR (JASPAR (JASPAR (Japan Automotive Software Platform and Japan Automotive Software Platform and Japan Automotive Software Platform and Japan Automotive Software Platform and ARchitectureARchitectureARchitectureARchitecture))))

[the establishment] September, 2004 (the establishment of the st[the establishment] September, 2004 (the establishment of the st[the establishment] September, 2004 (the establishment of the st[the establishment] September, 2004 (the establishment of the standardization consortium by three Japan car makers)andardization consortium by three Japan car makers)andardization consortium by three Japan car makers)andardization consortium by three Japan car makers)

[activity contents] the non[activity contents] the non[activity contents] the non[activity contents] the non----competition domains such as incompetition domains such as incompetition domains such as incompetition domains such as in----vehicle LAN elemental technology, middleware, the software base vehicle LAN elemental technology, middleware, the software base vehicle LAN elemental technology, middleware, the software base vehicle LAN elemental technology, middleware, the software base by cooperation by cooperation by cooperation by cooperation

in Japanese makersin Japanese makersin Japanese makersin Japanese makers

[Activity 2010[Activity 2010[Activity 2010[Activity 2010---- ] Functional safety WG newly established: Formulation and eva] Functional safety WG newly established: Formulation and eva] Functional safety WG newly established: Formulation and eva] Functional safety WG newly established: Formulation and evaluation of the functional safety requirement about luation of the functional safety requirement about luation of the functional safety requirement about luation of the functional safety requirement about

the automotive electronic platformthe automotive electronic platformthe automotive electronic platformthe automotive electronic platform

[Activity 2011[Activity 2011[Activity 2011[Activity 2011---- ] "Evaluation of transient fault effect" newly added as one of] "Evaluation of transient fault effect" newly added as one of] "Evaluation of transient fault effect" newly added as one of] "Evaluation of transient fault effect" newly added as one of the activitiesthe activitiesthe activitiesthe activities

2009 2010 2011

translationguidebook

JARI ISO26262Joint ResearchISO26262Joint ResearchISO26262Joint ResearchISO26262Joint ResearchFunctional Safety related Functional Safety related Functional Safety related Functional Safety related WGsWGsWGsWGs

2005200520052005 deliberationsdeliberationsdeliberationsdeliberations5 engineers registered for 5 engineers registered for 5 engineers registered for 5 engineers registered for internatinalinternatinalinternatinalinternatinal meetingmeetingmeetingmeeting1 engineer from my company1 engineer from my company1 engineer from my company1 engineer from my company


Society of Automotive Engineers of Japan, Inc.Society of Automotive Engineers of Japan, Inc.Society of Automotive Engineers of Japan, Inc.Society of Automotive Engineers of Japan, Inc.

Japan Automobile Manufacturers Association, Inc.Japan Automobile Manufacturers Association, Inc.Japan Automobile Manufacturers Association, Inc.Japan Automobile Manufacturers Association, Inc.

Japan Automobile Research InstituteJapan Automobile Research InstituteJapan Automobile Research InstituteJapan Automobile Research Institute


Difference between ISO26262 and conventional development

Requirement levelRequirement levelRequirement levelRequirement levelby conventional quality managementby conventional quality managementby conventional quality managementby conventional quality management

Safety integrity levelSafety integrity levelSafety integrity levelSafety integrity levelcomplied by ISOcomplied by ISOcomplied by ISOcomplied by ISO

ASILASILASILASIL DDDD

ASILASILASILASIL CCCC

ASILASILASILASIL BBBB

ASILASILASILASIL AAAA

A lot of requirements of ISO26262A lot of requirements of ISO26262A lot of requirements of ISO26262A lot of requirements of ISO26262 are similar to those of conventional quality are similar to those of conventional quality are similar to those of conventional quality are similar to those of conventional quality management. But some requirements not included in the conventionmanagement. But some requirements not included in the conventionmanagement. But some requirements not included in the conventionmanagement. But some requirements not included in the conventional ways are added.al ways are added.al ways are added.al ways are added.It is required to show evidence of design and verification basedIt is required to show evidence of design and verification basedIt is required to show evidence of design and verification basedIt is required to show evidence of design and verification based on the view point of on the view point of on the view point of on the view point of functional safety.functional safety.functional safety.functional safety. Report information necessary for audit, etc. shall be Report information necessary for audit, etc. shall be Report information necessary for audit, etc. shall be Report information necessary for audit, etc. shall be submitsubmitsubmitsubmitted.)ted.)ted.)ted.)Not Not Not Not ○○○○××××(yes or no) judgment but quantitative judgment is required. (yes or no) judgment but quantitative judgment is required. (yes or no) judgment but quantitative judgment is required. (yes or no) judgment but quantitative judgment is required. (Example: diagnostic coverage)(Example: diagnostic coverage)(Example: diagnostic coverage)(Example: diagnostic coverage)

Requirement directionRequirement directionRequirement directionRequirement directionis partly differentis partly differentis partly differentis partly different



Metrics evaluation complied by ISO26262

11111111

Safe faults

2222

nnnn

∞∞∞∞

Detected Multiple or Perceived Multiple

Point faults

Single Point Fault MetricSingle Point Fault MetricSingle Point Fault MetricSingle Point Fault Metric

SPFMSPFMSPFMSPFMLatent Fault MetricLatent Fault MetricLatent Fault MetricLatent Fault Metric

LFMLFMLFMLFM

Σ( Fault )

BaumKuchenBaumKuchenBaumKuchenBaumKuchen Model representationModel representationModel representationModel representation

Latent MultiplePoint faults

Single Point orResidual faults 1111

Hardware Architecture MetricsHardware Architecture MetricsHardware Architecture MetricsHardware Architecture Metricsmetrics for the assessment of the effectiveness of the hardware metrics for the assessment of the effectiveness of the hardware metrics for the assessment of the effectiveness of the hardware metrics for the assessment of the effectiveness of the hardware architecture with respect to safetyarchitecture with respect to safetyarchitecture with respect to safetyarchitecture with respect to safety

(≧60%)(≧90%)ASIL B

≧80%≧97%ASIL C

≧90%≧99%ASIL D

LFMSPFMASIL



Methodology of Approach to ISO26262ISO26262ISO26262ISO26262ISO26262

①Analyze gaps against one's company's conventional development process and extract the lacked parts (gap analysis)

②Focus attention on "highly recommended" (++) or higher level in ISO26262 at gap analysis（consider "highly recommended" (++) to be covered in principle)

③keep conventional level if the level of the conventional process is higher than ISO26262 requirement(The level may be lowered from the view point of ISO26262. But do not lowerthe level consciously）

ISO26262ISO26262ISO26262ISO26262ISO26262ISO26262ISO26262ISO26262

decided decided decided decided as for each as for each as for each as for each componentcomponentcomponentcomponent

ECU SoftwareSafety/Quality

Standard

ECU SoftwareDesign Standard

Coding Rule

ProductProductProductProductdevelopmentdevelopmentdevelopmentdevelopment

System levelSystem levelSystem levelSystem levelHardware Hardware Hardware Hardware lebellebellebellebelSoftware levelSoftware levelSoftware levelSoftware level

ASILASILASILASILCustomer

Standard


Standard


Coding Rule

one's company's one's company's one's company's one's company's standard development standard development standard development standard development process/workoutprocess/workoutprocess/workoutprocess/workout

Gap AnalysisGap AnalysisGap AnalysisGap Analysis


Standard


Coding Rule

Add ISO26262 Add ISO26262 Add ISO26262 Add ISO26262 requirement to requirement to requirement to requirement to

conventional processconventional processconventional processconventional process

Add ISO26262 Add ISO26262 Add ISO26262 Add ISO26262 requirement to requirement to requirement to requirement to

conventional processconventional processconventional processconventional process



Application of Development Technologies and Development Tools


Requirements management & traceability managementRequirements management & traceability managementRequirements management & traceability managementRequirements management & traceability managementand support tools (as for safety)and support tools (as for safety)and support tools (as for safety)and support tools (as for safety)

QQQQuantificationuantificationuantificationuantification of test coverageof test coverageof test coverageof test coverage and support toolsand support toolsand support toolsand support tools

Formal verification and support toolsFormal verification and support toolsFormal verification and support toolsFormal verification and support tools

Virtual ECUVirtual ECUVirtual ECUVirtual ECU simulatorsimulatorsimulatorsimulator Virtual HILSVirtual HILSVirtual HILSVirtual HILS

ISO26262 WANT requirement

Correspondence work for ISO26262 (manCorrespondence work for ISO26262 (manCorrespondence work for ISO26262 (manCorrespondence work for ISO26262 (man----hour increase): hour increase): hour increase): hour increase): TTTTraditional Japanese sprit of fight with bamboo spearsraditional Japanese sprit of fight with bamboo spearsraditional Japanese sprit of fight with bamboo spearsraditional Japanese sprit of fight with bamboo spears can not win global business race can not win global business race can not win global business race can not win global business race ⇒⇒⇒⇒Apply recent dApply recent dApply recent dApply recent development evelopment evelopment evelopment ttttechnologies and echnologies and echnologies and echnologies and ddddevelopment evelopment evelopment evelopment ttttoolsoolsoolsools

Achieve more efficient and higher quality development processAchieve more efficient and higher quality development processAchieve more efficient and higher quality development processAchieve more efficient and higher quality development process

ISO26262 MUST requirement

ISO26262ISO26262ISO26262ISO26262 standard describes recommendation to apply various standard describes recommendation to apply various standard describes recommendation to apply various standard describes recommendation to apply various development technologies and toolsdevelopment technologies and toolsdevelopment technologies and toolsdevelopment technologies and tools


What is virtual ECU simulator ?

ToolsToolsToolsTools ExampleExampleExampleExample Synopsys Inc./Synopsys Inc./Synopsys Inc./Synopsys Inc./CoMETCoMETCoMETCoMET GAIO TECHNOLOGY CO., LTD.GAIO TECHNOLOGY CO., LTD.GAIO TECHNOLOGY CO., LTD.GAIO TECHNOLOGY CO., LTD./No.1/No.1/No.1/No.1 System Simulator, etc.System Simulator, etc.System Simulator, etc.System Simulator, etc.

4. Virtual ECU simulator4. Virtual ECU simulator4. Virtual ECU simulator4. Virtual ECU simulator

01001010

01101011

11101010

01010111

... ...

01001010

01101011

11101010

01010111

... ...

Microcomputer modelControl plant model

Control software

+ base software

(implementation cord)

A microcomputer,

peripheral hardware

Cooperative simulation

New development

New applying

(combination)

New applying

(combination)

Application of the virtual ECU simulator

System, control: Implementation-related evaluation (execute time, operation load) of the electronic control

system, necessary operational precision, error influence, implementation cost)

Hardware: Microcomputer design (or selection), ECU design, ASIC development

Network: Communication error injection, network delay, decentralized control

Software: Run time task analysis, CPU load factor evaluation, the OS, middle software performance evaluation,

FMEA test,exhaustive timing test (interrupts), HILS substitute

4. Virtual ECU application technology4. Virtual ECU application technology4. Virtual ECU application technology4. Virtual ECU application technology


An application example: Virtual HILS(vHILS)ECUECUECUECU

�Target product system: ADAS controller

Speed up/downSafe

distance

Radar

◆◆◆◆Virtual HILS (vHILS)

Ranging with radar and Keeping safe distance against proceeding Ranging with radar and Keeping safe distance against proceeding Ranging with radar and Keeping safe distance against proceeding Ranging with radar and Keeping safe distance against proceeding vehicles ahead (ACC function) , etc.vehicles ahead (ACC function) , etc.vehicles ahead (ACC function) , etc.vehicles ahead (ACC function) , etc.

ADAS: Advanced Driver Assistance Systems

ACC: Adaptive Cruise Control

Input

Display

Engine

③Vehicle Model

②CAN Model

CANBus Monitor

Body

HMI

Sensor

①ECU Model

ADASECU

Vehicle

Test Specs

④Event Processor

Road

Condition

The processing throughput by 3 parallel computingThe processing throughput by 3 parallel computingThe processing throughput by 3 parallel computingThe processing throughput by 3 parallel computing----> evaluated result: equal to a real machine> evaluated result: equal to a real machine> evaluated result: equal to a real machine> evaluated result: equal to a real machine

more thanmore thanmore thanmore than a real machinea real machinea real machinea real machine to be feasibleto be feasibleto be feasibleto be feasibleby N parallel processingby N parallel processingby N parallel processingby N parallel processing


HILS: Hardware-in-the-loop simulator

Note: Conventionally HILS with real ECU is usedNote: Conventionally HILS with real ECU is usedNote: Conventionally HILS with real ECU is usedNote: Conventionally HILS with real ECU is used


The future of the software verification: V2Cloud

ECUECUECUECU

Large-scale computer environment

User

VehicleECU

MCU

CPUPeri

pheral

Virtual HILSController

Interlocking

movement

vHILS vHILS vHILS vHILS

vHILS vHILS vHILS vHILS

Front-end

VM Controller

Query Processor

Task Distributer

Trace Collector

※VM: Virtual Machine

Test vectors

described in a

spreadsheet

test vector result

Engine Test ◯

Brake Test ◯

Body Test X

Network Test ◯

Fail Test X

Test Queries

Result

■■■■Cloud computing for software verification

–Large-scale VM environment: Facilitates sharing and management of the simulation

–Complete automation: Scalable environment

–Without having fixed assets, it is possible to enjoy the necessary target system configuration

and test performance when needed

Expectation (example): Massive regression tests or fault injection tests

HILS : several days -> parallel VHILS on V2Cloud : one night only !



[Appendix] References

� JMAABJMAABJMAABJMAAB http://http://http://http://jmaab.mathworks.jpjmaab.mathworks.jpjmaab.mathworks.jpjmaab.mathworks.jp////

� ISO26262ISO26262ISO26262ISO26262

� SSSS.Oho.Oho.Oho.Oho et al,et al,et al,et al, Advanced ModelAdvanced ModelAdvanced ModelAdvanced Model----based Development Techniques Applied to Automotive Engine Managebased Development Techniques Applied to Automotive Engine Managebased Development Techniques Applied to Automotive Engine Managebased Development Techniques Applied to Automotive Engine Management Systems, ment Systems, ment Systems, ment Systems,

Hitachi Hitachi Hitachi Hitachi HyoronHyoronHyoronHyoron, Vol. 91, no.10, pp. 54, Vol. 91, no.10, pp. 54, Vol. 91, no.10, pp. 54, Vol. 91, no.10, pp. 54----57, 200957, 200957, 200957, 2009

� Y.SugureY.SugureY.SugureY.Sugure, , , , et.alet.alet.alet.al., "Virtual Engine System Prototyping with High., "Virtual Engine System Prototyping with High., "Virtual Engine System Prototyping with High., "Virtual Engine System Prototyping with High----Resolution FFT for Digital Knock Detection Using CPU Resolution FFT for Digital Knock Detection Using CPU Resolution FFT for Digital Knock Detection Using CPU Resolution FFT for Digital Knock Detection Using CPU

ModelModelModelModel----Based Hardware/Software CoBased Hardware/Software CoBased Hardware/Software CoBased Hardware/Software Co----simulation," SAE Paper 2009simulation," SAE Paper 2009simulation," SAE Paper 2009simulation," SAE Paper 2009----01010101----0532053205320532

� Y. Ito et al, "A Model Based Software Validation for Automotive Y. Ito et al, "A Model Based Software Validation for Automotive Y. Ito et al, "A Model Based Software Validation for Automotive Y. Ito et al, "A Model Based Software Validation for Automotive Control Systems", International Conference on Control, Control Systems", International Conference on Control, Control Systems", International Conference on Control, Control Systems", International Conference on Control,

Automation and Systems (ICCAS), pp.102, 2010Automation and Systems (ICCAS), pp.102, 2010Automation and Systems (ICCAS), pp.102, 2010Automation and Systems (ICCAS), pp.102, 2010

� Y. Ito, et al., "VIRTUAL HILS : A ModelY. Ito, et al., "VIRTUAL HILS : A ModelY. Ito, et al., "VIRTUAL HILS : A ModelY. Ito, et al., "VIRTUAL HILS : A Model----Based Control Software Validation Method", SAE Paper 2011Based Control Software Validation Method", SAE Paper 2011Based Control Software Validation Method", SAE Paper 2011Based Control Software Validation Method", SAE Paper 2011----01010101----1018101810181018

� Y.MiyazakiY.MiyazakiY.MiyazakiY.Miyazaki Platform Development Trends for Automotive Electronic Platform Development Trends for Automotive Electronic Platform Development Trends for Automotive Electronic Platform Development Trends for Automotive Electronic SystemSystemSystemSystem――――IssuesIssuesIssuesIssues and Solution Casesand Solution Casesand Solution Casesand Solution Cases――――,,,, 2011 CAR2011 CAR2011 CAR2011 CAR----

ELE JAPAN Technical Conference (CARELE JAPAN Technical Conference (CARELE JAPAN Technical Conference (CARELE JAPAN Technical Conference (CAR----10)10)10)10)

Documents

Automotive Functional Safety Standard ISO26262 and Design ... · 6/8/2012 · →→→→industry standardization: JMAAB, the Society of Instrument and Control Engineers Measures