model-based design of diagnostics applications using ... · model-based design of diagnostics...
TRANSCRIPT
Confidential
Informationstechnik München
Excellence in Automotive Computing.
IFS Informationstechnik GmbH Trausnitzstraße 8 81671 Munich Headquarters: Munich Commercial Register: Amtsgericht Munich HRB 126547 CEO: Dr.-Ing. Markus A. Stulle Dipl.-Ing. Thomas Frey
23 March 2011
Model-based Design of
Diagnostics Applications
Using GRAFCET (DIN EN 60848)
23 March 2011, 2:45pm
Dr Mario Schweigler, IFS Informationstechnik Munich
8th International CTI Forum “Automotive Diagnostic Systems”
Confidential Confidential
Informationstechnik München
Excellence in Automotive Computing.
23 March 2011 Page 2
Outline
challenges facing modern software
discrete-event dynamic models
mathematical definition
visualisation with GRAFCET
description form for DEDS models
vehicle diagnostics as a control plant
basic idea
synthesis of complex workflows
tool-assisted verification
Confidential Confidential
Informationstechnik München
Excellence in Automotive Computing.
23 March 2011 Page 3
reduced time for development
shorter product and development cycles
acceleration crisis
growing complexity
concurrency
higher demand for correctness
proof of correctness
approach: synthesis of complex workflows by combining formally proven
modules
adopting formal methods from the theory of discrete-event dynamic systems
Challenges Facing Modern Software
Confidential Confidential
Informationstechnik München
Excellence in Automotive Computing.
23 March 2011 Page 4
Terms
system: a group of entities in relation with each other
static
involving time: dynamic
model: abstraction of a system
aspects: time evolution and possible values and states
continuous discrete
hybrid forms
figures taken from “Modelling and Control of Discrete-event Dynamic Systems”, B. Hrúz und M.C. Zhou
Confidential Confidential
Informationstechnik München
Excellence in Automotive Computing.
23 March 2011 Page 5
Discrete-event Dynamic Models –
Classification
discrete-event dynamic system (DEDS)
discrete
dynamic
state evolution
triggered by
asynchronous events
figures taken from “Modelling and Control of Discrete-event Dynamic Systems”, B. Hrúz und M.C. Zhou
Confidential Confidential
Informationstechnik München
Excellence in Automotive Computing.
23 March 2011 Page 6
Discrete-event Dynamic Models –
General Mathematical Definition
description of a system with discrete states
transitions between states triggered by discrete events
mathematical notation (“basic transition system”):
Π: set of state variables
Q: set of states with particular values for the variables from Π
Σ: set of transitions leading from one state to another if a
defined condition is met
Ө: initial state
Confidential Confidential
Informationstechnik München
Excellence in Automotive Computing.
Discrete-event Dynamic Models –
Further Definitions
situation
set of coexistent states in a concurrent system (marking of a Petri net)
reachability graph
state machine with reachable situations as nodes
and transitions as directed edges
error
Martin Weingardt: “Given an alternative, an error is the variant which is
classified by a subject – in relation to a correlating context and a specific
interest – to be so unfavourable as to appear undesirable.”
in this context: an undesired situation
23 March 2011 Page 7
Confidential Confidential
Informationstechnik München
Excellence in Automotive Computing.
Discrete-event Dynamic Models –
Controller and Plant
controller
basis: DEDS
plant
event sources
sensors
actuators
system boundaries
environment as
part of the plant
23 March 2011 Page 8
Confidential Confidential
Informationstechnik München
Excellence in Automotive Computing.
23 March 2011 Page 9
Discrete-event Dynamic Models –
Example: Controller for a Coffee Vendor
Confidential Confidential
Informationstechnik München
Excellence in Automotive Computing.
23 March 2011 Page 10
GRAFCET –
Introduction (I)
graphical design language for describing the behaviour of
controlled systems based on discrete-event dynamic models
GRAphe Fonctionnel de Commande Etapes/Transitions
(en. control function graph with steps and transitions)
standardised in DIN EN 60848
successor of DIN 40719 part 6 “function plan”
standard valid throughout Europe
Confidential Confidential
Informationstechnik München
Excellence in Automotive Computing.
23 March 2011 Page 11
GRAFCET –
Introduction (II)
workflow consisting of alternating steps and transitions
individual steps can be associated with actions
branching of workflows possible
alternative paths
parallel paths ( concurrent situations)
structuring possible
Confidential Confidential
Informationstechnik München
Excellence in Automotive Computing.
23 March 2011 Page 12
GRAFCET – Visualisation
of Elements (I)
separation of structure and effect
effect structure
Confidential Confidential
Informationstechnik München
Excellence in Automotive Computing.
23 March 2011 Page 13
GRAFCET – Visualisation
of Elements (II)
structure:
steps, initial step
corresponds to set Q and Ө
transitions and conditions
corresponds to set Σ
effect:
steps can be associated with actions
Confidential Confidential
Informationstechnik München
Excellence in Automotive Computing.
23 March 2011 Page 14
GRAFCET – Visualisation
of Workflow Structures (I)
chain
every step is followed by a
transition (except the final step)
every transition is followed
by a step
Confidential Confidential
Informationstechnik München
Excellence in Automotive Computing.
23 March 2011 Page 15
GRAFCET – Visualisation
of Workflow Structures (II)
alternative branching
a step is followed by two or more mutually exclusive transitions
partial workflows may be of arbitrary length
(empty partial workflows are ‘skipped’)
Confidential Confidential
Informationstechnik München
Excellence in Automotive Computing.
23 March 2011 Page 16
GRAFCET – Visualisation
of Workflow Structures (III)
parallel branching
a transition activates several partial workflows
partial workflows are processed independently
synchronised convergence via shared transition
Confidential Confidential
Informationstechnik München
Excellence in Automotive Computing.
23 March 2011 Page 17
GRAFCET – Visualisation
of Workflow Structures (IV)
jumps and loopback
jumps allow for clearer visualisation
loopback allows for cyclic workflows
1
2 3
Confidential Confidential
Informationstechnik München
Excellence in Automotive Computing.
23 March 2011 Page 18
GRAFCET –
Structuring (I)
macro step
visual structuring from coarse to fine
macro step visualises a partial GRAFCET
macro step is left when partial GRAFCET
has been processed
Confidential Confidential
Informationstechnik München
Excellence in Automotive Computing.
23 March 2011 Page 19
GRAFCET –
Structuring (II)
macro step: vehicle diagnostics example
Confidential Confidential
Informationstechnik München
Excellence in Automotive Computing.
23 March 2011 Page 20
GRAFCET –
Structuring (III)
inclusive step
hierarchical structuring
inclusive step contains a partial GRAFCET
partial GRAFCET is active until inclusive step is exited
(controllable from outside)
enables exception handling without ‘bloated’ code
Confidential Confidential
Informationstechnik München
Excellence in Automotive Computing.
23 March 2011 Page 21
GRAFCET –
Structuring (IV)
inclusive step: vehicle diagnostics example
Confidential Confidential
Informationstechnik München
Excellence in Automotive Computing.
23 March 2011 Page 22
Canonical Description Form (KBF)
(I)
XML document
contains description of DEDS model
allows expression of concurrency
modelling of the following elements:
inputs: sensors events
outputs: actuators actions
states (incl. macro steps and inclusive steps)
conditions, transitions
tool enables GRAFCET visualisation of KBF
Confidential Confidential
Informationstechnik München
Excellence in Automotive Computing.
23 March 2011 Page 23
Canonical Description Form (KBF)
(II)
combination of
sensors to events
combination of
actuators to actions
Confidential Confidential
Informationstechnik München
Excellence in Automotive Computing.
23 March 2011 Page 24
Canonical Description Form (KBF)
(III)
Confidential Confidential
Informationstechnik München
Excellence in Automotive Computing.
23 March 2011 Page 25
Vehicle Diagnostics As a Control Plant –
Basic Idea
idea: transferring processes used in automation technology
to vehicle diagnostics workflows
synthesis of error-free programs from modules with a
well-known behaviour
tool for analysis, verification and visualisation of
discrete-event dynamic models
Confidential Confidential
Informationstechnik München
Excellence in Automotive Computing.
23 March 2011 Page 26
Vehicle Diagnostics As a Control Plant –
Elements of the Control Plant
event sources
vehicle
user
sensors
data read from vehicle
user inputs
actuators
telegrams sent to vehicle
information displayed to user
Confidential Confidential
Informationstechnik München
Excellence in Automotive Computing.
Vehicle Diagnostics As a Control Plant –
Requirements Document
requirements document specifies the reachability graph of the
diagnostics use case
definition of error:
situation reachable
which is explicitly prohibited by requirements document
situation not reachable
which is explicitly demanded by requirements document
23 March 2011 Page 27
Confidential Confidential
Informationstechnik München
Excellence in Automotive Computing.
23 March 2011 Page 28
Vehicle Diagnostics As a Control Plant –
Synthesis of Complex Workflows (I)
prerequisite: the intended workflow can be combined from modules
with a well-known reachability graph
examples:
model series identification
read-out and interpretation of diagnostic trouble codes
recording of symptoms
combination of these partial workflows to a full diagnostics workflow
prevention of errors by utilising formal methods
calculation of the effective reachability graph
tool-assisted comparison with the reachability graph specified in
requirements document
Confidential Confidential
Informationstechnik München
Excellence in Automotive Computing.
Vehicle Diagnostics As a Control Plant –
Synthesis of Complex Workflows (II)
23 March 2011 Page 29
Confidential Confidential
Informationstechnik München
Excellence in Automotive Computing.
Vehicle Diagnostics As a Control Plant –
Tool-assisted Verification (I)
example of a
diagnostics module:
model series
identification
23 March 2011 Page 30
Confidential Confidential
Informationstechnik München
Excellence in Automotive Computing.
23 March 2011 Page 31
Vehicle Diagnostics As a Control Plant –
Tool-assisted Verification (II)
model series identification:
reachability graph
S0 = initial state
S1 = initialising database
S2 = reading VIN
S3 = waiting for database
S4 = manual VIN input
S5 = database error
S6 = database query
S7 = final state
Confidential Confidential
Informationstechnik München
Excellence in Automotive Computing.
Vehicle Diagnostics As a Control Plant –
Tool-assisted Verification (III)
erroneous situation
(S3, S4):
manual VIN input
despite
successful read-out
impossible according to
reachability graph
23 March 2011 Page 32
Confidential Confidential
Informationstechnik München
Excellence in Automotive Computing.
Vehicle Diagnostics As a Control Plant –
Tool-assisted Verification (IV)
erroneous situation
(S5, S6):
database query
despite
initialisation error
impossible according to
reachability graph
23 March 2011 Page 33
Confidential Confidential
Informationstechnik München
Excellence in Automotive Computing.
23 March 2011 Page 34
Vehicle Diagnostics As a Control Plant –
Example: Start of a Diagnostics Session
(I)
workflow of a diagnostics session modelled as a
discrete-event dynamic system
synthesis from modules
using inclusive steps and macro steps
example demonstrates the beginning of a session
session start
connection to runtime system
model series identification
Confidential Confidential
Informationstechnik München
Excellence in Automotive Computing.
23 March 2011 Page 35
Vehicle Diagnostics As a Control Plant –
Example: Start of a Diagnostics Session
(II)
Confidential Confidential
Informationstechnik München
Excellence in Automotive Computing.
23 March 2011 Page 36
Vehicle Diagnostics As a Control Plant –
Example: Start of a Diagnostics Session
(III)
Confidential Confidential
Informationstechnik München
Excellence in Automotive Computing.
23 March 2011 Page 37
Vehicle Diagnostics As a Control Plant –
Example: Start of a Diagnostics Session
(IV)
Confidential Confidential
Informationstechnik München
Excellence in Automotive Computing.
23 March 2011 Page 38
Conclusion
discrete-event dynamic models are helpful in creating error-free
workflows
GRAFCET constitutes an adequate visualisation standard for
discrete-event dynamic models
tool-assisted verification to secure the correctness of workflows
formal methods are a profitable tool for creating diagnostics
workflows
Confidential Confidential
Informationstechnik München
Excellence in Automotive Computing.
23 March 2011 Page 39
End of Presentation
Thank you for your attention!
Confidential Confidential
Informationstechnik München
Excellence in Automotive Computing.
23 March 2011 Page 40
Appendix: GRAFCET Example –
Controller for a Coffee Vendor (I)
Confidential Confidential
Informationstechnik München
Excellence in Automotive Computing.
23 March 2011 Page 41
Appendix: GRAFCET Example –
Controller for a Coffee Vendor (II)
Confidential Confidential
Informationstechnik München
Excellence in Automotive Computing.
23 March 2011 Page 42
Appendix: GRAFCET Example –
Controller for a Coffee Vendor (III)
Confidential Confidential
Informationstechnik München
Excellence in Automotive Computing.
23 March 2011 Page 43
Appendix: KBF Example –
Controller for a Coffee Vendor (I)
Confidential Confidential
Informationstechnik München
Excellence in Automotive Computing.
23 March 2011 Page 44
Appendix: KBF Example –
Controller for a Coffee Vendor (II)
Confidential Confidential
Informationstechnik München
Excellence in Automotive Computing.
23 March 2011 Page 45
Appendix: KBF Example –
Controller for a Coffee Vendor (III)
Confidential Confidential
Informationstechnik München
Excellence in Automotive Computing.
23 March 2011 Page 46
Appendix: KBF Example –
Controller for a Coffee Vendor (IV)
Confidential Confidential
Informationstechnik München
Excellence in Automotive Computing.
23 March 2011 Page 47
Appendix: KBF Example –
Controller for a Coffee Vendor (V)
Confidential Confidential
Informationstechnik München
Excellence in Automotive Computing.
23 March 2011 Page 48
Appendix: KBF Example –
Controller for a Coffee Vendor (VI)
Confidential Confidential
Informationstechnik München
Excellence in Automotive Computing.
23 March 2011 Page 49
Appendix: KBF Example –
Controller for a Coffee Vendor (VII)
Confidential Confidential
Informationstechnik München
Excellence in Automotive Computing.
23 March 2011 Page 50
Appendix: KBF Example –
Controller for a Coffee Vendor (VIII)
Confidential Confidential
Informationstechnik München
Excellence in Automotive Computing.
23 March 2011 Page 51
Appendix: KBF Example –
Controller for a Coffee Vendor (IX)
Confidential Confidential
Informationstechnik München
Excellence in Automotive Computing.
23 March 2011 Page 52
Appendix: KBF Example –
Controller for a Coffee Vendor (X)
Confidential Confidential
Informationstechnik München
Excellence in Automotive Computing.
23 March 2011 Page 53
Appendix: KBF Example –
Controller for a Coffee Vendor (XI)
Confidential Confidential
Informationstechnik München
Excellence in Automotive Computing.
23 March 2011 Page 54
Appendix: KBF Example –
Controller for a Coffee Vendor (XII)
Confidential Confidential
Informationstechnik München
Excellence in Automotive Computing.
23 March 2011 Page 55
Appendix: KBF Example –
Controller for a Coffee Vendor (XIII)