1

Success Story

October 2009

Efficient Airbag ECU Tests

The functional integrity of the safety system depends on the

airbag control unit. Airbag systems must operate absolutely error-

free, and so they are subject to the most stringent safety require-

ment level: ASIL Level D. It requires continual monitoring of all of

the system components involved such as squibs, sensors, switches

and the airbag control unit itself. Fault conditions are stored in

fault memory and can be read out in the service garage.

The test system presented here focuses less on crash-triggering

tests, and more on validation of software requirements derived

from customer and internal requirements. In addition, the test

hardware is used to simulate the vehicle environment of the target

systems. The hardware makes it possible to automatically simulate

nearly all external system states that are relevant to functional

software tests (Figure 1). One of the test system’s capabilities is to

generate various error states of the airbag system to study the

ECU’s behavior in such situations. The desire to improve test quality

and automate test sequences in testing that supports development

motivated Bosch to subcontract the development of a compact,

mobile airbag test system. The goal was to obtain a flexible system

that implements the requirements of early test phases more cost-

effectively than powerful HIL systems (Figure 2), and which is

well-suited to worldwide use at all Bosch development sites for air-

bag systems

Requirements of the new test system

In the framework of project services, Vector Informatik developed

the test system software and integrated the test hardware. The

project-specific hardware was designed and built by TBM Software-

Entwicklung & Elektronik (TBM). In the joint planning phase, it was

Validation of Software Requirements with Automated Tests during Development

In the automobile, airbags are one of the safety-critical systems whose reliability can be a matter of life or death. The airbag control unit is responsible for proper operation of the entire occupant restraint system, consisting of all sorts of airbags, belt tensioners, sensors and switches. Even during product development, numerous validation tests are indispen-sable at all development stages. A new test system from Robert Bosch, increases efficiency in early test phases in develop-ment; it shortens test times while simultaneously increasing testing depth. It also reduces the number of test iterations for system tests on existing HIL test benches.

2

Success Story

October 2009

determined that software and hardware requirements for the new

system would vary widely, because it would have to handle many

Bosch projects for different OEMs, vehicle lines and variants. The

goal here was to find a reasonable compromise that would allow a

majority of the software requirements to be validated for the ECUs.

A key requirement is simulation and monitoring of the ECU’s

immediate environment. This environment consists of squibs,

switches, peripheral acceleration sensors, warning lamps and the

CAN bus. To simulate line errors, the system must be capable of

generating short circuits between lines and different voltages, for

example. Resistor decades simulate the operating ranges of squibs

and seatbelt switches in this application. The test system must also

simulate connection of the wrong lines as well as overvoltages and

undervoltages. This involves use of an integrated voltage supply to

run through various individually programmable voltage curves.

Afterwards, a check is made to determine whether the airbag ECU’s

Figure 1: Layout of the test system. An important requirement is the simulation and monitoring of sqibs, switches, peripheral acceleration sensors, warnign lamps, and the CAN bus.

Airbag triggering process

An airbag triggering process consists of a sequence of highly precise,

interrelated and coordinated individual actions. Sensors supply infor-

mation on the vehicle’s speeds, transverse and longitudinal accelera-

tion values and rotational movements.The airbag ECU applies other

parameters in its computations – such as weight distribution on seats,

states of seatbelts, belt tensioners and switches – to determine which

airbags should be ignited, at what times and with which strength. The

air bags are only activated for a short period of time, so precise igni-

tion time is a crucial parameter. Another important parameter is the

speed at which the bags fill, which can be influenced by the use of dif-

ferent ignition pills. The ignition pills are pyrotechnical propellant

charges that generate a lot of gas in a short period of time.

internal monitoring correctly identifies the error states.

Another important requirement is configurability of the test

system. The number, names and assignments of the pins used, as

well as the number and type of squibs and seat belt buckles vary

with each project. These aspects must be taken into consideration,

so that the test system can be conveniently used in different

projects.

Automatable tests, easy operation and flexible test software Vector’s CANoe test and simulation software and integrated Test

Feature Set (TFS) made a significant contribution toward quick and

successful implementation of the new test system. Basic properties

of TFS are automatic execution of ECU tests and parallel generation

of test reports. The test sequences themselves are created in CAPL,

a C-based script language to conveniently support specific applica-

tion cases; project-specific extensions are made.

The test hardware from TBM, specially developed for this project,

is controlled via CAN. The interface to CANoe is made via a channel

of the Vector CAN hardware. To drive the TBM test hardware, Vector

developed a C++ DLL, which provides all of the necessary CAPL test

functions. This makes additional functions available to users,

including automatic reporting.

In creating the test sequences, it is often very advantageous to

be able to address ECU pins by meaningful names. Mapping tables

handle the assignments between test hardware channels and

project-specific pin names.

CANoe, the central control unit, is responsible for core functions:

Test hardware drive control via CAN, CAN remaining bus simulation,

3

Success Story

October 2009

the airbag ECUs of most OEMs, vehicle lines and equipment vari-

ants, and it is well suited for automated software requirement tests

as well as error replication and analysis. In addition, it is already

being used for certain software integration tests and module tests.

The system lets users automatically test ECU functions, log the

observed behavior and recognize deviations from expected behavior.

In total, 42 systems are now in use in Germany, India, the USA and

Japan. The cost advantage compared to large HIL test benches

enables its use in low-cost countries.

The primary software and hardware developments were com-

pleted within the very short time of just half a year. For the time

from startup to in-house maintenance of the new system by Bosch,

Vector was the central contact partner for application support and

modifications to the overall test system.

Summary

The new airbag test system for software requirements testing

exceeded expectations in fulfilling project goals. After an initial

automation effort, the system enables significantly shorter test

times despite the much higher number of test cases. In addition,

early implementation of automated tests during software develop-

ment means that errors in the airbag ECUs can be detected and

corrected more quickly. Subsequent validation stages build upon a

high level of software quality. Global use of a uniform test system

for software validation levels at all Bosch sites for developing

airbag ECUs makes it easy to reproduce faulty behavior indepen-

dent of the site. Excited about the many capabilities and potential

of CANoe, Bosch is already considering further extensions of its

airbag test system.

diagnostics and reporting (Figure 3). Extensive CAPL functions

allow Bosch to create complex test cases as well. These functions

are used to control switching of short circuits, setting of resistances

and setting of current sources. They are also used to send and

evaluate CAN messages, e.g. in testing the ECU’s error memory.

Additional CAPL convenience functions are used to search for a

specific ECU pin name, or to query switch states and compare them.

There are also arithmetic functions for processing arrays. CANdela

files in CDD format or ODX files may be used as standard diagnostic

description files. Since diagnostic descriptions are not available in

these formats on all projects, Excel tables are also used. This makes

it possible to use symbolic descriptors for diagnostic services and

parameters in all projects. The Bosch airbag ECUs also support

production diagnostics – an internal company diagnostic protocol.

Production diagnostic services are already integrated in ECU imple-

mentations very early in development. These services have been

integrated in CANoe. XML/HTML reports generated from the

CANoe TFS can be modified to be project-specific, and test log

depth of detail is set separately for each test run.

At Bosch, the test system was systematically further developed

and a test control was implemented for individual, manually

executed tests, for example. The system offers a graphic CANoe

operating panel for this purpose, and this renders the previous

manually operated test hardware unnecessary.

The results

The new test system – subcontracted by Bosch and implemented by

Vector and TBM – includes project-dependent squibs, seatbelt buck-

les and configurable warning lamps. It is universally applicable for

Fig ure 2: Use of the new test system in the V-Model

Fig ure 3: Components of the CANoe configuration

4

Success Story

October 2009

Translation of a German publication in Hanser Automotive, 10/2009

Cover pictureRobert Bosch GmbHFigures 1-3 Vector Informatik GmbH

Links:Homepage Bosch: www. bosch.comHompage Vector: www.vector.comProduct Information CANoe: www.vector.com/canoe

>> Your Contact:

Germany and all countries, not named belowVector Informatik GmbH, Stuttgart, Germany, www.vector.com

France, Belgium, Luxembourg Vector France, Paris, France, www.vector-france.com

Sweden, Denmark, Norway, Finland, IcelandVecScan AB, Göteborg, Sweden, www.vector-scandinavia.com

Great BritainVector GB Ltd., Birmingham, United Kingdom, www.vector-gb.co.uk

USA, Canada, MexicoVector CANtech, Inc., Detroit, USA, www.vector-cantech.com

JapanVector Japan Co., Ltd., Tokyo, Japan, www.vector-japan.co.jp

KoreaVector Korea IT Inc., Seoul, Republic of Korea, www.vector.kr

IndiaVector Informatik India Prv. Ltd., Pune, India, www.vector.in

E-Mail Contactinfo@vector.com

David Oberschmidt, Bosch has been employed at Robert Bosch GmbH in the Airbags area until 2006, and since then as technical project leader for ESP applica-tion projects in France.

Frank Böhm, Bosch has been employed at Robert Bosch GmbH since 2002, where he works as a development engineer in the Airbag area, specializing in the areas of Test Automation and Test Tooling.

Katja Hahmann, Vector since 1997 she has been employed at Vector in Stuttgart where she is group manager for CANoe Application Development in the Net-works and Distributed Systems product line.

Dr. Martin C. Geisler, Bosch since 2005 he has been employed at Robert Bosch GmbH as sub-project leader and later as team leader for software validation in the Airbag area.