LOGO. NEPTUNE2008. Background : EAST-ADL 1.0 language ... Improved support for Requirements and Verification and Validation. ⢠Behavior modeling.
“Advancing Traffic Efficiency and Safety through Software Technology”
An MDE approach for automotive with EAST-ADL2 David Servat, Patrick Tessier, Sébastien Gérard, CEA LIST Philippe Cuenot, Continental Automotive
LOGO
Agenda • EAST-ADL2 Context • Functional Abstraction • AUTOSAR Alignment • Modeling Issues • Profile and tooling approach • Conclusion
D. Servat, 2008-04-09
Page 2
NEPTUNE2008
LOGO
Background : EAST-ADL 1.0 language (http://www.east-eea.net/) Describes Automotive Electronic Systems elements • Requirements, Vehicle Features, Variants • Functions (structural and behavior view) • Hardware Components • Software Components • Communication
Wipers
Vehicle Level
Define a Domain Model • Capturing engineering element in a standardized way D. Servat, 2008-04-09
Analysis Level Design Level Implementation Level Operational Level
Page 3
NEPTUNE2008
LOGO
EAST-ADL2 language New release of the EAST ADL with main refinement • • • •
Alignment with existing standard (AUTOSAR, SySML, UML, AADL) Improved support for Requirements and Verification and Validation Behavior modeling Reuse and variability description
Complements AUTOSAR on • • • •
Requirement modeling and tracing Feature modeling including concept to support product line Structural and behavioral modeling for functional decomposition Architecture annotation : failure modes, timing information
D. Servat, 2008-04-09
Page 4
NEPTUNE2008
LOGO
ATESST : R&D Cooperative Project (http://www.atesst.org) IST Directorate G 6 Components and Systems Unit G4 • January 2006 to March 2008 • 25 Person years
Automotive centered context • Vehicle Manufacturers Volvo (S), Volvo Cars (S), Daimler (D), Volkswagen/Carmeq (D)
• Automotive Suppliers Continental (F), Mecel (S)
• Tool Vendors ETAS (D), Mentor Graphics (Hu)
• Academic CEA (F), The Royal Institute of Technology (S), Technische Universität Berlin (D) D. Servat, 2008-04-09
Page 5
NEPTUNE2008
LOGO
Functional Abstraction • Basic Functional entity ADLFunction for physical system Modeling on Analysis and Design level • SySML oriented Block definition
• Initiated from Feature modeling • Abstraction view adequate to disciplines
D. Servat, 2008-04-09
• Composition possible • FlowPort definition for data modeling • Client/Server definition for service modeling
Page 6
NEPTUNE2008
LOGO
Functional Abstraction Behavioral semantic of ADLFunction • Synchronous run to completion • • • •
Independent of behavior notation Transformation towards legacy tools (Simulink, ASCET, UML...) Discrete or time continuous model Triggering mechanism for discrete (periodic, event) with port relation
• Behavioral relation with software component • ADLFunction mapped to Runnable entities • Trigger abstract mechanism of RTE event
D. Servat, 2008-04-09
Page 7
NEPTUNE2008
LOGO
AUTOSAR Alignment System Model
Vehicle
VehicleFeatureModel
Level Analysis Architecture
Analysis
FunctionalAnalysisArchitecture
Environ ment Model
Level
Design Architecture Funct. Design Architecture
Design MW Abstraction
HW Design Architecture
Implementation Architecture AUTOSAR Application SW Architecture
AUTOSAR Basic SW
Implement. AUTOSAR HW
AUTOSAR Templates
Operational Architecture
D. Servat, 2008-04-09
Level
Level Operational Level
Page 8
NEPTUNE2008
LOGO
Autosar Alignment : Functional Design Architecture ADL Hw Connector (IO, Power, Com.)
Hardware Architecture
Environment
Sensor
ADL Hw Port (IO, Power, Com.)
ECU
Functional Design Architecture
Model ADLFunction
Brake Pedal Transfer Fct
IO Pedal Transfer Fct
Implementation Level D. Servat, 2008-04-09
Platform SWIO HAL
Brake Environment
ADLFunction
HW & Electronics
ADLFunction
Design Level
Local Device Manager
ADLFunction Pedal Control
Pedal Brake
Sensor Actuator SWC Pedal Brake
Page 9
Application SWC Pedal Control
NEPTUNE2008
Local Device Manager Brake Motor
Sensor Actuator SWC Brake Motor
LOGO
Requirements Modeling • Basic Concept inheriting from SySML Supporting Traceability Behavioral Models of the requirement (Details) Refine-Req System Components
Satisfy-Req
Verify-Req Requirement
V&V-Cases
Derive-Req New requirements derived (refinement or decomposition)
• Concept to support user-specific extensions (RIF*) *:RIF = Requirements Interchange Format is currently defined by german automobile manufacturers (HIS = “Hersteller Initiative Software), see www.automotive-his.de D. Servat, 2008-04-09
Page 10
NEPTUNE2008
LOGO
Variability Modeling • Driven by Features (Requirements) • Feature Tree modeling at all abstraction view (VFM, FAA,...) • Multi-level Feature Tree with deviation permission • Feature Tree for Product decision (orthogonal link)
• Linked with Artifact models (Solution) • Tag for variable element in relation to variation point • Feature relation via configuration and semantic expression (OCL like)
VFM Level Core Feature Model
Product Model
Vehicle
EME A-
C18
C-
C22
E-
C320-
Engine
Standard
Wiper ClimateCtrl
LowEnergy Consumption Comfort Wiper
Basic
FAA / FDA / etc.
Speed-Ctrld
artifact line
contribution of supplier
• Plug-in for Feature selection and Artifact variability resolution D. Servat, 2008-04-09
Page 11
Advanced
NEPTUNE2008
Rain-Ctrld
LOGO
Error Modeling • Modeling of Hazard and relation to Vehicle functional failure (Error Behavior) • Modeling of component failure for Software and Hardware (Error Behavior) • Modeling of propagation relation between component and over refinement view (Error propagation) • Plug-in allows automatic synthesis of FTA and FMEA for detailed safety analysis through an external tool (HiP-HOPS*). *:Hip-Hops = Hierarchically Performed Hazard Origin and Propagation Studies developed by University of York (U.K.) D. Servat, 2008-04-09
Page 12
NEPTUNE2008
LOGO
UML2 Profile
ATESST EA
DM
via PDT
EAST-ADL2 Profile
ATESST has defined a profile for EAST-ADL Domain Model
Choose target UML2 metaclass Define properties Define constraints
Profile
Feature VFMFeature +
isCustomerVisible: boolean
+
isDesignVariabilityRationale: boolean
+
isRemoved: boolean
+referenceFeature *
CEA Profile Definition Tool D. Servat, 2008-04-09
Page 13
NEPTUNE2008
LOGO
Profile relations SysML Profile
EAST-ADL2 Profile import
ADLRealization realizedBy
UML::Element extends AUTOSAR Profile AUTOSAR Stereotype D. Servat, 2008-04-09
Page 14
NEPTUNE2008
LOGO
Papyrus www.papyrusuml.org • Eclipse UML2 compliance • Full respect of the UML2 standard as defined by the OMG • Full respect of the DI2 (OMG Diagram Interchange) standard • Extendable architecture of Papyrus that allows users to add new diagrams, new code generators, etc. • Profile development support facilities for UML2 profiles • Nested profiles support. Papyrus enables the definition of a hierarchical profile - with internal subprofiles - and the use of them - i.e. correct "define" operation on such profiles as compared to the restricted Eclipse/UML2 "define" operation which does not operate recursively. •Available as UML Eclipse plug-in and standalone (Rich Client Platform)
D. Servat, 2008-04-09
Page 15
NEPTUNE2008
LOGO
Papyrus snapshot
D. Servat, 2008-04-09
Page 16
NEPTUNE2008
LOGO
Papyrus snapshot
D. Servat, 2008-04-09
Page 17
NEPTUNE2008
LOGO
ATESST Tool RCP ATESST Example model
Bundled as Rich Client Platform
WP2 Error Behavior
ATESST Plugins WP4 Feature
WP4 Variability
WP5 Palette, CVV
Papyrus GMF
Eclipse UML2 EMF Eclipse
D. Servat, 2008-04-09
EAST-ADL2 Profile
Page 18
NEPTUNE2008
LOGO
Conclusion • EAST-ADL2 reflects Automotive needs and processes • Complementary to AUTOSAR • Potential support for future ISO WD26262 • Public results delivered as Domain Model • Allowing functional decomposition of System Architecture • Capturing all Engineering Information • Supporting Safety Assessment (Analysis and Safety Case)
• Domain Model implemented as public UML2 profile • Prototype tool as RCP eclipse application based on Papyrus opensource UML modeler, downloadable here http://www.atesst.org/ and http://www.papyrusuml.org/
D. Servat, 2008-04-09
Page 19
NEPTUNE2008