Distributed Model Based Development For Car Electronics ...

Distributed Model Based Development For Car Electronics Scenarios and Examples

Cadence Confidential

Automotive Tiger Team

Outline ï ï

Examples of Distributed Systems Scenarios by Example



Examples of Distributed Systems



Adaptive Cruise Control (ACC) + Brake By Wire


Source Renault


Brake By Wire ñ Sensotronic Brake Control System (SBC) Block Diagram Brake Pressure

Brake4 Brake3 Brake2 Brake1

Windshield Wiper

Electric Brakes

Delta Time

Brake Pedal Brake Pedal Speed

Active Body Control

Engine Torque Engine Braking Gear Selection

Computer

Front Wheel speed

Engine/ Transmission Control Unit


SBC

Source Mercedes-Benz

ABS ABS

Brake Cylinder Pressure Transversal Acceleration Rotational Speed

Steering Angle

Electronic Stability Program Steering Wheel Sensors


Brake ProjectÖ From Centralized Redundancy..

Conceptual Block Diagram

Dependencies

ï ï ï ï

Fault tolerant Pedal Module

ï

4 High End Microcontrollers (incl. RAM, ROM, IO), 4 for the Brake Module

ï

3 Low End Controller for the Pedal Module (incl. Sensor, Power Supply, RAM, ROM)

ï

8-16 Midrange Microcontroller/DSP for the Phase Transversal Acceleration Converters, Power Management (incl. Power stages, sensors, RAM, ROM)

ï

Totals:

Fault tolerant Electronic Brake Module (fail-safe) Fault tolerant Power Management Module (fail-safe) Phase Converter for each actuator

Centralized Redundancy

Cadence Confidential Source

ï

15-23 microcontrollers 11 separate electronic control units 9 communication links. fault tolerant if 4 wheel braking is required after a

Total of 4 ECUs and 3 communication links must be operational to allow braking on one wheel (fault-tolerant)

Infineon-Delphi-Volvo-WindRiver


Brake Project ..to Distributed Redundancy

Conceptual Block Diagram

ï ï ï

Pedal Module

ï

Totals:

Power Management Module (fail-silent ECUs) Wheel Brake ECU for both brake control and the phase converter functions

-

Dependencies

ï

11 microcontrollers (incl. resources) 9 separate electronic control units 8 communication links

3 ECUs and 2 communication links must be operational to allow braking at one wheel Transversal Acceleration

Distributed Redundancy




Brake Project: (variant of) Unidirectional Redundant Ring Structure

Unidirectional Redundant Ring Structure

ï

2 travel sensors and one force sensor to determine driver intent (each sensor connected to a different wheel node)

ï

Sensor values communicated over the network ! Consistency checks

ï

Wheel node calculates the actuation commands for all four wheels

ï

Commands communicated via network ! each of the four wheel nodes compares their own actuation commands with those calculated by the other wheel nodes

ï

Voting mechanism in the network layer of each wheel Transversal Acceleration node can then disable the power to individual actuators in case of a fault.

ï

If a node needs to be shut down the brake force is redistributed to prevent the vehicle from yawing.

ï

The advanced brake functions (ABS) are executed in the two front wheel nodes.

ï

If the front wheel nodes do not calculate the same output commands for these advanced brake functions, the function will be deactivated. This provides fail-safe operation

ï

Redundant power supply.

Actual Implementation




Scenarios by Example



Objectives 1.

To implement the SBC system on the Infineon-Delphi distributed redundancy architecture integrating the basic brake function with ABS, etcÖ ï Assumption1: designer has only the SBC spec ñ executable spec not yet available for the control algorithms (typical INTEGRATOR CASE!)

ï

2.

Assumption2: distributed architecture is defined (number of ECUs, Communication Protocols)

To add the ACC functionality (derivative design) to the existing SBC system (virtual) platform



Scenarios/Design Steps for Objective 1 1.0: UML Description for SBC, ABS, etc

1.1: Functional Network Integration w/ coarse models/ unTimed Validation (SBC + ABS + ..)

Sw (re)-Distribution

Product Marketing Manager

System Architect

1.2: Control Algorithms/Plants Development and UnTimed Validation

Algorithm Developer

1.3: Functional Network w/ finer models/un-Timed Validation (SBC + ABS + ..)

System Integrator

1.4: Functional Network w/ finer models/ Timed Validation (SBC + ABS + ..)

System Integrator Protocol (re)- Configuration

SBC Virtual Prototype Sign-off



Scenarios/Design Steps for Objective 1 SBC Virtual Prototype Sign-off

Sw Real Time Validation

Cycle Accurate Validation

1.5: System Aware ECU SW RT Validation

1.6: Protocol Configuration Detailed Analysis

1.7: Export (SW to Target, Comm Layer, etc.)

4: Functional Network Finer Timed SBC Physical Prototype Validation (SBC + ABS + ..) Ready for Testing


SW Developer

System Integrator

System Integrator

System Integrator


Scenarios/Design Steps for Objective 2 2.0: UML Description for ACC

2.1: Functional Network Integration w/ coarse ACC model/ un-Timed Validation (SBC Virtual Platform + ACC)



System Architect

2.2: ACC Control Algorithms/Plants Development and UnTimed Validation

Algorithm Developer

2.3: Functional Network w/ Finer ACC model/ un-Timed Validation (SBC Virtual Platform + ACC)

System Integrator

2.4: Functional Network w/ Finer ACC model/ Timed Validation (SBC Virtual Platform + ACC)


SBC + ACC Virtual Prototype Sign-off



Scenarios/Design Steps for Objective 2 SBC + ACC Virtual Prototype Sign-off



2.5: System Aware ACC ECU SW RT Validation



4: Functional Network Finer Timed SBC + ACC Physical Prototype Validation (SBC + ABS + ..) Ready for Testing


SW Developer

System Integrator

System Integrator

System Integrator






System Architect


Algorithm Developer


System Integrator






1.1: Functional Network Integration with Coarse Grain Models Brake1 Pressure

Brake1 Windshield Wiper

Brake1 Cylinder Pressure Wheel_1 speed

Brake Pedal

ABS

Wheel1 Sensors

Brake2 Delta Time

SBC

Brake Pedal Speed

Function

Engine Torque

Engine/ Transmission Control Algorithm

Engine Braking

ABS

Wheel2 Sensors

Brake3

Gear Selection Steering Angle

Steering Wheel Sensors


Electronic Stability Program

Brake4 Rotational Speed Transversal Acceleration


1.1: Functional Network Integration with Coarse Grain Models Coarse Grain C/C++ Plant Model

Coarse Grain C/C++ Plant Model

Brake1 Pressure

Brake1 Windshield Coarse Grain C/C++ Wiper

Brake1 Cylinder Pressure

Brake Pedal

Delta Time Coarse Grain C/C++ Brake Pedal Speed Control Algorithm Model Engine Torque

Engine/ Engine Braking Transmission Control Gear Selection Coarse Grain C/C++ Algorithm



SBC

Function

Wheel1

ABS

Wheel2 Sensors

Coarse Grain C/C++

Brake3 Control Algorithm Model

Plant Model Steering Angle Coarse Grain C/C++ Control Algorithm Model Electronic Rotational Stability Speed

Program

ABS

Sensors Wheel_1 speed Coarse Grain C/C++ Coarse Grain C/C++ Plant Model Control Algorithm Brake2 Model

Plant Model

Brake4

Transversal Acceleration


1.1: Functional Network Validation with tokenlevel (messages) un-timed Simulation Brake1 Pressure



Brake Pedal

ABS

Wheel1 Sensors

Brake2 Delta Time

SBC

Brake Pedal Speed

Function

Engine Torque


Engine Braking

ABS

Wheel2 Sensors

Brake3





Simulation w/ Probing Simulation and Signal Probing Cadence Confidential


1.1: Functional Network Validation with tokenlevel un-timed Simulation Brake1 Pressure



Brake Pedal

ABS

Wheel1 Sensors

Brake2 Delta Time

SBC

Brake Pedal Speed

Function

Engine Torque


Engine Braking

ABS

Wheel2 Sensors

Brake3





Simulation Finished…. Cadence Confidential





Brake Pedal

ABS

Wheel1 Sensors

Brake2 Delta Time

SBC

Brake Pedal Speed

Function

Engine Torque


Engine Braking

ABS

Wheel2 Sensors

Brake3





Display Simulation Results… Cadence Confidential






System Architect


Algorithm Developer


System Integrator






1.2: Control Algorithmsí/Plantsí Development and un-timed validation Export of Plant Model Interface to Mathworks/Simulink (not available in the current offer)

Coarse Grain C/C++ Plant Model

Brake1 Pressure



ABS

Brake Pedal

Wheel_1 speed Coarse Grain C/C++ Control Algorithm Brake2 Model

Delta Time

SBC

Brake Pedal Speed

Function

Engine Torque


Wheel1 Sensors

Export of Control Wheel2 Algorithm Interface to ABS Sensors Ascet-SD (not available in the current offer)

Engine Braking

Brake3




Plant Development and UnTimed Validation



Control Algorithm Development and UnTimed Validation






System Architect


Algorithm Developer


System Integrator






1.3: Functional Network Integration with Finer Grain Models Import of Plant Model from Mathworks/Simulink

Brake1 Pressure



Brake Pedal

Delta Time

SBC

Brake Pedal Speed

Function

Engine Torque


Engine Braking

ABS

Wheel1

Sensors Import of Control Algorithm Model from Brake2 Ascet-SD (From Target Link in the Wheel2 ABS Sensors future)

Wheel_1 speed

Brake3







1.3: Functional Network Integration with Finer Grain Models Black Box C++ Matworks/Simulink Plant Model

Brake1 Pressure

White Box C Process code



ASCET-SD Module

Brake Pedal

SBC

Engine Torque


ABS

Wheel1 Sensors

Brake2

Delta Time Brake Pedal Speed


Wheel_1 speed

Function

Engine Braking

ASCET-SD ABS Project

Wheel2 Sensors

Brake3

ASCET-SD Process Steering Angle

Gear Selection



Refinement from C++ Models to Hierarchical Finer Grain Detailed Models Cadence Confidential





Brake Pedal

ABS

Wheel1 Sensors

Brake2 Delta Time

SBC

Brake Pedal Speed

Function

Engine Torque


Engine Braking

ABS

Wheel2 Sensors

Brake3





Simulation with Finer Grain Models Finished…. Cadence Confidential





Brake Pedal

ABS

Wheel1 Sensors

Brake2 Delta Time

SBC

Brake Pedal Speed

Function

Engine Torque


Engine Braking

ABS

Wheel2 Sensors

Brake3





Display Simulation ResultsÖ Distributed Algorithm Still OK☺ Cadence Confidential






System Architect


Algorithm Developer


System Integrator






1.4: Functional Network Validation with tokenlevel timed Simulation Brake1 Pressure



Plant1

Brake Pedal

Brake2 Delta Time RF Base Brake Brake Pedal Speed

Transmission Control Transmission Algorithm Control

RR Base Brake

SBC

Function

Engine Torque

Engine Braking LF Base Brake Gear Selection Steering Angle

Plant2

Wheel1 Sensors

RF ABS

Engine Control Engine/


ABS


ABS

Wheel2 Sensors

LF ABS

Brake3

LR Base Brake Plant3


Functional Network Cadence Confidential


1.4: Functional Network Validation with tokenlevel timed Simulation

Brake1 Pressure

Delta Time


Plant1: Windshield Brake Pedal

RF_Wheel_speed

Brake Pedal Speed

Engine Control

LF Base Brake

Gear Selection

LR Base Brake

RF ABS Brake2 Pressure Brake2 Cylinder Pressure Plant3: Brakes LF_Wheel_speed Wheels

LF ABS Steering Angle

Plant2: Steering Wheel

RR Base Brake

Engine Torque Engine Braking

Transmission Control

RF Base Brake


Rotational Speed Transversal Acceleration

Brake3 Pressure Brake3 Cylinder Pressure Brake4 Pressure Brake4 Cylinder Pressure

Functional Network Cadence Confidential



Architectural Model Cadence Confidential



ECU1

ECU8

ECU5 ECU2

ECU9

ECU6

ECU3

ECU7 ECU4

Architectural Model Cadence Confidential


1.4: Functional Network Validation with tokenlevel timed Simulation UCM Communication Cycle is Configured as TimeTriggered Communication (no arbitration)

UCM Bus Controllers Configured with Periodic Frame Activation Policy

ParentRTOS_1

Child

Static Priority Scheduler

ParentRTOS_2

Parent

Child

(UCM Enabled)


Parent

Child

Simple CPU (UCM Enabled)

Hos tDataBus

(UCM Enabled)

LocalBus2

Child


HostDataBus

ECU1

ECU2

Local Transfer Memory

HostDataBus2

(UCM Enabled)

Hos tDataBus

ECU3

ECU4

LocalBus1

HostDataBus

BusIn ECU BusBridge (UCM Enabled) BusOut

UCM Bus Controller

UCMsideData

ECUport1

ECU5

UCM Bus Controllers Configured with Dynamic Asynchronous Frame Activation Policy

ECU6

ECU7

ECU8

ECU9

UCM Communication Cycle as High Speed CAN (arbitration)

Architectural Model (Communication Cycle, ECU’s) Cadence Confidential



Mapping of RF ABS to ECU2 Communication Matrix TT Bus

E C U 1

E C U 2

E C U 3

W r ite R ea d N o A c c e s s N o A c c e s s

R e a d W r ite /R e a d R e a d R e a d

N o A c c e s s R e ad W rite W r ite /R e a d

B B B B

M M M M

1 2 3 4

Functional Network UCM Transfer SW->Memory

ParentRTOS_1

Child


ParentRTOS_2

Parent

Child

(UCM Enabled)


Parent

Child


Hos tDataBus

(UCM Enabled)

LocalBus2

UCM Transfer SW->Memory

Child

Simple CPU

Local Trans fer Memory

(UCM Enabled)

HostDataBus2

(UCM Enabled)

HostDataBus

HostDataBus

Mapping of Engine Control Communication w/ SBC to HIGH Speed CAN Mapping of RF to RR SBC Communication to TimeTriggered Dependable Bus

BusIn

LocalBus1

SW Tasks

HostDat aBus

ECU BusBridge (UCM Enabled) BusOut

UCM Bus Controller

UCMsideData

ECUport1

Communication Matrix CAN Bus

B B B B

M M M M

1 2 3 4

E C U 1

E C U 2

E C U 3


R e a d W r ite /R e a d R e a d R e a d


Architectural Model

Mapping of SW and Zero-Time Communications: Automatic Configuration of Buses and SW Tasks Cadence Confidential





Architectural Model

Coarse Grain Analysis via Simulation…are the signals still OK? Cadence Confidential



Transition from idle to Queued

Transition from Accessing to Idle



Communication Protocol Configuration Validation: Bus Schedule OK? Traffic? Frame Packaging? Transmission Delay?

Bus Probing

Transition from Blocked to Accessing

Architectural Model

Finer Grain Analysis via Simulation Cadence Confidential


1.4: Functional Network Validation with tokenlevel timed Simulation Gantt Charts

ECU1 10ms Task Activated

ECU1 10 ms Task Running ECU1 10 ms Task Done

RTOS Probing Functional Network ParentRTOS_1

Child



ParentRTOS_2

Parent

Child


ParentRTOS_1 Parent

Child

Simple CPU Child

(UCM Enabled)

RTOS Probing

(UCM Enabled)

Hos tDataBus

(UCM Enabled)


ParentRTOS_2

Parent

Child

(UCM Enabled)


Parent

Child


HostDataBus


Child


Hos tDataBus

(UCM Enabled)

LocalBus2

LocalBus2

HostDataBus2

Child

(UCM Enabled)


HostDataBus


HostDataBus2

(UCM Enabled)

HostDataBus HostDataBus

BusIn


BusIn

ECU BusBridge (UCM Enabled)

LocalBus1

HostDat aBus

UCM Bus Controller

LocalBus1

RTOS Probing

BusOut

HostDat aBus


UCM Bus Controller

UCMsideData UCMsideData

ECUport1

ECUport1

ParentRTOS_1

Child

SW Task Scheduling Validation: Task Priorities? Cooperative? Preemptive?


ParentRTOS_2

Parent

Child

(UCM Enabled)


Parent

Child


Hos tDataBus

(UCM Enabled)

LocalBus2

Child


HostDataBus


HostDataBus2

(UCM Enabled)

HostDataBus

BusIn

LocalBus1

HostDat aBus


UCM Bus Controller

UCMsideData

ECUport1

Architectural Model

Finer Grain Analysis via Simulation Cadence Confidential






System Architect


Algorithm Developer


System Integrator














SW Developer

System Integrator

System Integrator

System Integrator



ECU1 TT Bus Controller Collected Input Trace

Functional Network

ECU1 TT Bus Probing



ECU1 Can Bus Probing ECU1 CAN Bus Controller Collected Input Trace

Architectural Model

ECU1 SW Real Time Validation: Simulation with Probing of ECU1 Traffic Cadence Confidential



Functional Network

ParentRTOS 1

Child



ParentRTOS 2

Parent

Child

(UCM Enabled)

Static P riority Scheduler

Parent

Child


HostDataBus

(UCM Enabled)

LocalBus2

Child


HostDataBus

Event Driven


Local Transfer Memory

HostDataBus2

(UCM Enabled)

HostD ataB us

BusIn ECU BusBridge (UCM Enabled)

Loc alBus1

HostDat aBus

Periodic 50 ms

BusOut

UCM Bus Controller

UCMsideData

ECUport1

ECU1

Architectural Model

ECU1 SW Real Time Validation: Export of ECU1 SW Task Configuration/RT Constraints



1.5: System Aware ECU SW RT Validation Event Driven LF Base Brake Model

Periodic 50 ms

LF ABS Model

RT Constraints

dSpace TL ASCET-SD

Automatic Code ETAS Generation of Instrumented Application SW

SW Debugger/ Cycle Accurate Timing Estimator

ECU1

Application SW Validation vs. RT constraints

ECU1 TT Bus Controller/ CAN Bus Controller Traffic Traces











SW Developer

System Integrator

System Integrator

System Integrator



Communication Matrix Functional Network UCM Transfer SW->Memory

E C U 1

E C U 2

E C U 3


R e a d W UCM Transfer r ite /R e a d SW->Memory R e a d R e a d


B B B B

Communication Cycle Layout/(static) Bus Schedule

M M M M

1 2 3 4

Frame3

Frame2

Frame4

Telg1

Telg2

Telg3

Telg4 Frame1

Frames Architectural Model

Export of Bus Configuration




Export CAN Bus Configuration

XML DB

Co-Simulation with CANoE











SW Developer

System Integrator

System Integrator

System Integrator






System Architect


Algorithm Developer


System Integrator






2.1: Functional Network Validation with tokenlevel timed Simulation ACC

Derivative Design: Adding ACC…do they work together?





Skipped these two Steps in slides yet they do exist!!



System Architect


Algorithm Developer


System Integrator









Architectural Model

Coarse Grain Analysis via Simulation…Existing Architecture is sufficient?



Scenarios/Design Steps for Objective 2 SBC + ACC Virtual Prototype Sign-off



These three Steps are left to the reader as exercise☺

2.5: System Aware ACC ECU SW RT Validation



4: Functional Network Finer Timed SBC + ACC Physical Prototype Validation (SBC + ABS + ..) Ready for Testing


SW Developer

System Integrator

System Integrator

System Integrator


Backup Slides



Brake Project ñ High Level Objectives ï ï ï ï

Distributing vehicle control over multiple subsystems from different vendors Enabling vehicle control by defining open interfaces between chassis control systems Providing a fault-tolerant safety architecture based on system distribution Enhancing the OSEK operating system to create a distributed operating system


ï

Distributed Approach is focused on the base brake function: most critical for safe and reliable brake system

ï

Shift from Fail-Safe to Fail-Silent:

- Fail-Safe: In case of an error within the electronic control, the

performance of the mechanical system is reduced, while still providing minimum functionality

- Fail-Silent: When one task or node fails, another is already running and the system employs the alternative




Brake Project ñ Main Features ï ï ï

Dynamic allocation of control tasks to multiple electronic control units Time-triggered scheduling of the tasks enabling task encapsulation ìSilent Stateî Operating system:

- time-triggered concept - deterministic system behavior - complete separation of tasks (task encapsulation): in case of faulty task, the operating system enters a "silent state" (fail silent)

ï

ìFault Tolerantî Communication System:


- no central master and ECU local redundancy ! Reduced Number of ECUs - Local redundancy achieved by inherent redundancy of a braking system

ï

Definition of Open Interface Standards:

- between the brake actuatorís control circuitry and the brakeís electronic control unit - to the communication system - between upper control layers




Brake Project ñ Challenges ï

Global time synchronization between component ECUs and processes to ensure accurate calculation of vehicle states from sensor inputs

ï ï ï ï

Deterministic actuation of wheel brakes with the respect to brake demands Composability of brake system elements Encapsulation of sub-systems and faults Acceptable vehicle performance in the presence of fault through Transversal Acceleration redundancy, including:

- Dynamic reconfiguration and redistribution of brake function - Optimization to minimize number of redundant subsystems - Extended and optimized degraded modes to achieve full potential of vehicle performance




Brake Project ñ Communication Medium ï ï

Connects and correlates the distributed control units in the control path

ï

Requirements:

Encapsulates the distributed control units to prevent fault propagation (time and value domain)

-

Application level features Synchronized and distributed global time synchronisation


Failure tolerance Encapsulation at the protocol and at the physical level Compatibility with other systems already in production

Need open standard for deterministic failure-tolerant communication protocol (FlexRay)




Distributed Model Based Development For Car Electronics ...

Distributed Model Based Development For Car Electronics ...

Suggest Documents

Service based meta-model for the development of distributed ...

A Model Based Development Approach for Distributed Embedded

A Model Based Development Approach for Distributed Embedded

Service based meta-model for the development of distributed ...

Model-Driven Development of Component-based Adaptive Distributed

Model-based Task Allocation in Distributed Software Development ...

Model-Based Development of Distributed Embedded Real ... - CiteSeerX

Model-Based Development of Distributed Embedded Real-Time ...

Development Of Autonomous Downscaled Model Car

Model Car Testbed for Development of V2X Applications

POWER ELECTRONICS FOR DISTRIBUTED ENERGY SYSTEMS ...

Model based Software Development

A Simplified Spice Based IGBT Model for Power Electronics Modules ...

SP@CE - An SP-based Programming Model for Consumer Electronics ...

A Novel Prediction Model for Car Body Vibration Acceleration Based

Applying Model Based Techniques for Early Safety ... - BMW Car IT

DISTRIBUTED, OPEN SIMULATION MODEL DEVELOPMENT WITH ...

Distributed open simulation model development with ... - CiteSeerX

Model driven development of distributed control applications

Managing model conflicts in distributed development - Mancoosi

Methodology for model-based development, validation ... - mediaTUM

Software Engineering for Model-Based Development

development of a distributed hydrological model for ... - Hydrologie.org

Electrical model development and validation for distributed resources