Anticipating Implementation-Level Timing

Analysis for Driving Design-Level

Decisions in EAST-ADL

Alessio Bucaioni

27-09-2015

MASE @ MODELS 2015

Arcticus Systems

2

We discuss a methodology which provides

automation means for seamlessly linking

EAST-ADL design and implementation

levels to enable end-to-end delay analysis

at design level for supporting design

decisions

PRESENTATION TAKEAWAY

BACKGROUND - MOTIVATION

3

INTRODUCTION

5

100 million LoC

2000 SW functions

70-100 ECUs

200-300 mLoC (near future)

1GB size

5 or more buses

Development of these

systems is a daunting

task

• 100000000+ LoC

• 2000+ SW

functions

• 100+ ECUs

• 1+ G

• 5+ Bus

BACKGROUND - MOTIVATION

4

Painful to discover, during testing, that the SW

system does not deliver a service of acceptable

quality w.r.t. timing errors.

Early analysis of expected timing-behaviors

and feasibility of architectural decisions w.r.t.

timing requirements would be very welcome as

support for design decisions

5

BACKGROUND - MOTIVATION

DESIGN FUNCTION PROTOTYPING,

ALLOCATION,

HW COMPONENT PROTOTYPING

Design level

Implementation level

Vehicle level

Analysis levelEAST-ADL,

TIMMO, TADL

RCM,

AUTOSAR

TADL 2

ABSTRACTION

LEVELS

METHODOLOGIES,

MODELS, LANGUAGES

FEATURE

MODELING

ACTIVITIES

CONSISTENCY

ANALYSIS

OF REQUIREMENTS

IMPLEM.FUNCTION PROTOTYPING,

SYSTEM PROPERTIES ANALYSES

6

PROBLEM STATEMENT

Design level

Implementation level

Due to the lack of detailed timing

information at design level, timing

analysis cannot be performed on

design models.

They need to be translated to

implementation models equipped

with needed timing details.

TIMING

ANALYSIS

TIMING

ANALYSIS

translation

7

PROBLEM STATEMENT

DESIGN FUNCTION PROTOTYPING,

ALLOCATION,

HW COMPONENT PROTOTYPINGDesign level

Implementation level

Vehicle level

Analysis levelEAST-ADL,

TIMMO, TADL

RCM,

AUTOSAR

TADL 2

ABSTRACTION LEVELSMETHODOLOGIES,

MODELS, LANGUAGES

FEATURE MODELING

ACTIVITIES

CONSISTENCY ANALYSIS

OF REQUIREMENTS

IMPLEM.FUNCTION PROTOTYPING,

SYSTEM PROPERTIES ANALYSES

EAST-ADL does not come with

explicit support for automation

among the abstraction levels.

It leads to a scattered development

process where consistency among

artifacts is a burden for the developer

to bear

8

PROBLEM STATEMENT

Design level

Implementation level

TIMING

ANALYSIS

TIMING

ANALYSIS

translation

Done manually ,driven by the

developer’s experience and it

often considers a one-to-one

mapping only.

Tedious and error-prone, it may

lead to the loss of relevant

implementation model

candidates when dealing with

complex industrial systems.

CONTRIBUTION

9

We discuss a methodology which provides automation

means for seamlessly linking EAST-ADL design and

implementation levels to enable end-to-end delay

analysis at design level for supporting design

decisions.

Implementation level analysis is more accurate than

design level analysis, which usually provides

estimations and does not suffice industrial needs.

THE METHODOLOGY

10

A RUNNING EXAMPLE: THE STEER-BY-WIRE

SYSTEM

11

SWC WCET

(us)

Steer_Angle 120

Steer_Amgle_Processing 200

Input_Processing 280

Vehicle_Speed 120

FB_Steer_Torque_Computatio

n

1200

Steer_Sensor_Actuator 100

TIMING

CONSTRAINT

m

s

AGE 25

REACTION 35

12

TRANSFORMATION PHASE

DL2RCM is a non-bijective transformation realized within EMF using

JTL.

JTL is a constraint-based bidirectional model transformation language

specifically tailored to support non-bijectivity by generating all the

possible solutions at once.

The DL2RCM transformation consists of 28 rules

The DL2RCM would generate 64 implementation models.

However, considering the timing analysis we are interested….

13

TRANSFORMATION PHASE

We use ASP constraints for enforcing the bijectivity on the Steer_Angle ,

Vehicle_Speed and Steering_Sensation_Actuator obtaining 8 different

RCM models

14

TRANSFORMATION PHASE

15

TIMING ANALYSIS PHASE

End-to-end delay analysis:

• Age delay is important in control applications where the interest lies

in the freshness of received data

• Reaction delay is used to determine the first reaction time for a given

stimulus

16

FILTERING AND PROPAGATION PHASEs

TIMING

CONSTRAINT

m

s

AGE 25

REACTION 35

17

FILTERING AND PROPAGATION PHASEs

18

DISCUSSION

Architectural decisions based on much more precise feedback.

Developers only focus on design activities exploiting implementation

level analysis results.

We exploit JTL’s capability of entailing ASP logic constraints for

narrowing the generation space. This can enable support for the

generation of different classes of models by providing different default

constraints.

It is not prevented the generation of dimly meaningless solutions nor

high transformation time in case of very complex design models.

19

CONCLUSION

Through our methodology it is possible to disclose the opportunity of

shortening time-to-market and leverage expensive resources (e.g.,

architects, timing experts) more efficiently.

The system illustrated in this work contains more than 50 components

(17in the SC ECU and 10 in each of the four WC ECUs).

Starting from such an architecture, a designer willing to manually

define a proper implementation model, would face a space of 257

possible alternatives.

Thank you for the attention!Questions?

21

22

SELECTION FILTER

Figure 2 (a). Single-rate chain

Figure 2 (b). Multi-rate chain

In the body electronics

domain, the applications

are modeled with single-

rate chains.

In the control systems

domain, the applications

are modeled with multi-

rate chains.

If we target applications

with multi-rate chains,

then all single-rate

implementation models

would be discarded.