model-based design of diagnostics applications using ... · model-based design of diagnostics...

Confidential

Informationstechnik München

Excellence in Automotive Computing.

IFS Informationstechnik GmbH Trausnitzstraße 8 81671 Munich Headquarters: Munich Commercial Register: Amtsgericht Munich HRB 126547 CEO: Dr.-Ing. Markus A. Stulle Dipl.-Ing. Thomas Frey

23 March 2011

Model-based Design of

Diagnostics Applications

Using GRAFCET (DIN EN 60848)

23 March 2011, 2:45pm

Dr Mario Schweigler, IFS Informationstechnik Munich

8th International CTI Forum “Automotive Diagnostic Systems”

Confidential Confidential



23 March 2011

Outline

challenges facing modern software

discrete-event dynamic models

mathematical definition

visualisation with GRAFCET

description form for DEDS models

vehicle diagnostics as a control plant

basic idea

synthesis of complex workflows

tool-assisted verification




23 March 2011

reduced time for development

shorter product and development cycles

acceleration crisis

growing complexity

concurrency

higher demand for correctness

proof of correctness

approach: synthesis of complex workflows by combining formally proven

modules

adopting formal methods from the theory of discrete-event dynamic systems

Challenges Facing Modern Software




23 March 2011

Terms

system: a group of entities in relation with each other

static

involving time: dynamic

model: abstraction of a system

aspects: time evolution and possible values and states

continuous discrete

hybrid forms

figures taken from “Modelling and Control of Discrete-event Dynamic Systems”, B. Hrúz und M.C. Zhou




23 March 2011

Discrete-event Dynamic Models –

Classification

discrete-event dynamic system (DEDS)

discrete

dynamic

state evolution

triggered by

asynchronous events

figures taken from “Modelling and Control of Discrete-event Dynamic Systems”, B. Hrúz und M.C. Zhou




23 March 2011


General Mathematical Definition

description of a system with discrete states

transitions between states triggered by discrete events

mathematical notation (“basic transition system”):

Π: set of state variables

Q: set of states with particular values for the variables from Π

Σ: set of transitions leading from one state to another if a

defined condition is met

Ө: initial state





Further Definitions

situation

set of coexistent states in a concurrent system (marking of a Petri net)

reachability graph

state machine with reachable situations as nodes

and transitions as directed edges

error

Martin Weingardt: “Given an alternative, an error is the variant which is

classified by a subject – in relation to a correlating context and a specific

interest – to be so unfavourable as to appear undesirable.”

in this context: an undesired situation

23 March 2011





Controller and Plant

controller

basis: DEDS

plant

event sources

sensors

actuators

system boundaries

environment as

part of the plant

23 March 2011




23 March 2011


Example: Controller for a Coffee Vendor




23 March 2011

GRAFCET –

Introduction (I)

graphical design language for describing the behaviour of

controlled systems based on discrete-event dynamic models

GRAphe Fonctionnel de Commande Etapes/Transitions

(en. control function graph with steps and transitions)

standardised in DIN EN 60848

successor of DIN 40719 part 6 “function plan”

standard valid throughout Europe




23 March 2011

GRAFCET –

Introduction (II)

workflow consisting of alternating steps and transitions

individual steps can be associated with actions

branching of workflows possible

alternative paths

parallel paths ( concurrent situations)

structuring possible




23 March 2011

GRAFCET – Visualisation

of Elements (I)

separation of structure and effect

effect structure




23 March 2011


of Elements (II)

structure:

steps, initial step

corresponds to set Q and Ө

transitions and conditions

corresponds to set Σ

effect:

steps can be associated with actions




23 March 2011


of Workflow Structures (I)

chain

every step is followed by a

transition (except the final step)

every transition is followed

by a step




23 March 2011


of Workflow Structures (II)

alternative branching

a step is followed by two or more mutually exclusive transitions

partial workflows may be of arbitrary length

(empty partial workflows are ‘skipped’)




23 March 2011


of Workflow Structures (III)

parallel branching

a transition activates several partial workflows

partial workflows are processed independently

synchronised convergence via shared transition




23 March 2011


of Workflow Structures (IV)

jumps and loopback

jumps allow for clearer visualisation

loopback allows for cyclic workflows

1

2 3




23 March 2011

GRAFCET –

Structuring (I)

macro step

visual structuring from coarse to fine

macro step visualises a partial GRAFCET

macro step is left when partial GRAFCET

has been processed




23 March 2011

GRAFCET –

Structuring (II)

macro step: vehicle diagnostics example




23 March 2011

GRAFCET –

Structuring (III)

inclusive step

hierarchical structuring

inclusive step contains a partial GRAFCET

partial GRAFCET is active until inclusive step is exited

(controllable from outside)

enables exception handling without ‘bloated’ code




23 March 2011

GRAFCET –

Structuring (IV)

inclusive step: vehicle diagnostics example




23 March 2011

Canonical Description Form (KBF)

(I)

XML document

contains description of DEDS model

allows expression of concurrency

modelling of the following elements:

inputs: sensors events

outputs: actuators actions

states (incl. macro steps and inclusive steps)

conditions, transitions

tool enables GRAFCET visualisation of KBF




23 March 2011


(II)

combination of

sensors to events

combination of

actuators to actions




23 March 2011


(III)




23 March 2011

Vehicle Diagnostics As a Control Plant –

Basic Idea

idea: transferring processes used in automation technology

to vehicle diagnostics workflows

synthesis of error-free programs from modules with a

well-known behaviour

tool for analysis, verification and visualisation of





23 March 2011


Elements of the Control Plant

event sources

vehicle

user

sensors

data read from vehicle

user inputs

actuators

telegrams sent to vehicle

information displayed to user





Requirements Document

requirements document specifies the reachability graph of the

diagnostics use case

definition of error:

situation reachable

which is explicitly prohibited by requirements document

situation not reachable

which is explicitly demanded by requirements document

23 March 2011




23 March 2011


Synthesis of Complex Workflows (I)

prerequisite: the intended workflow can be combined from modules

with a well-known reachability graph

examples:

model series identification

read-out and interpretation of diagnostic trouble codes

recording of symptoms

combination of these partial workflows to a full diagnostics workflow

prevention of errors by utilising formal methods

calculation of the effective reachability graph

tool-assisted comparison with the reachability graph specified in

requirements document





Synthesis of Complex Workflows (II)

23 March 2011





Tool-assisted Verification (I)

example of a

diagnostics module:

model series

identification

23 March 2011




23 March 2011


Tool-assisted Verification (II)

model series identification:

reachability graph

S0 = initial state

S1 = initialising database

S2 = reading VIN

S3 = waiting for database

S4 = manual VIN input

S5 = database error

S6 = database query

S7 = final state





Tool-assisted Verification (III)

erroneous situation

(S3, S4):

manual VIN input

despite

successful read-out

impossible according to

reachability graph

23 March 2011





Tool-assisted Verification (IV)

erroneous situation

(S5, S6):

database query

despite

initialisation error

impossible according to

reachability graph

23 March 2011




23 March 2011


Example: Start of a Diagnostics Session

(I)

workflow of a diagnostics session modelled as a

discrete-event dynamic system

synthesis from modules

using inclusive steps and macro steps

example demonstrates the beginning of a session

session start

connection to runtime system

model series identification




23 March 2011



(II)




23 March 2011



(III)




23 March 2011



(IV)




23 March 2011

Conclusion

discrete-event dynamic models are helpful in creating error-free

workflows

GRAFCET constitutes an adequate visualisation standard for


tool-assisted verification to secure the correctness of workflows

formal methods are a profitable tool for creating diagnostics

workflows




23 March 2011

End of Presentation

Thank you for your attention!




23 March 2011

Appendix: GRAFCET Example –

Controller for a Coffee Vendor (I)




23 March 2011


Controller for a Coffee Vendor (II)




23 March 2011


Controller for a Coffee Vendor (III)




23 March 2011

Appendix: KBF Example –

Controller for a Coffee Vendor (I)




23 March 2011


Controller for a Coffee Vendor (II)




23 March 2011


Controller for a Coffee Vendor (III)




23 March 2011


Controller for a Coffee Vendor (IV)




23 March 2011


Controller for a Coffee Vendor (V)




23 March 2011


Controller for a Coffee Vendor (VI)




23 March 2011


Controller for a Coffee Vendor (VII)




23 March 2011


Controller for a Coffee Vendor (VIII)




23 March 2011


Controller for a Coffee Vendor (IX)




23 March 2011


Controller for a Coffee Vendor (X)




23 March 2011


Controller for a Coffee Vendor (XI)




23 March 2011


Controller for a Coffee Vendor (XII)




23 March 2011


Controller for a Coffee Vendor (XIII)




23 March 2011


Controller for a Coffee Vendor (XIV)

model-based design of diagnostics applications using ... · model-based design of diagnostics...

Documents