Predictable Assembly with SaveCCTMikael kerholmMRTC, Mlardalen University, http://www.mrtc.mdh.seCC Systems AB, http://www.cc-systems.com mikael.akerholm@mdh.se

OutlineBackground and motivationCentral Concepts of Component TechnologiesSaveCCT - A Component Technology for Vehicular Systems Target DomainTechnology OverviewComponent ModelToolsExample application Adaptive Crusie Controller (ACC)

Background: Save/Save++ (and progress)Save (2003-2006)Enabling systematic development of component-based software for safety critical embedded systems. Component technologies -> SaveCCTMDH, UU, KTH, LiTH, (ABB, Bombardier, CC Systems, CR&T, Saab, Scania, Volvo Car and Volvo TD) Save++ (2006-2007) integrates as a part of the progress project (2006-2010) at MDHImproved theories, methods, technologies, and tools, based on Save and Save++, -> ( SaveCCT++ )

MotivationMore FunctionalityImprove existing FunctionalityLower priceMore ElectronicsWith SoftwareSoftware Crisis (1968):Error-ProneLateExpensive

Promising, successful in the PC domainComponent Technologies, target PC ApplicationsVehicular Software Different from PC Software

Need Better Software Engineering Approaches!Component-Based Software EngineeringComponent TechnologyFor Vehicular Applications!

Central ConceptsComponent FrameworkPlatformComponentsRepositorySupporting Tool

SaveCCT For Vehicular SystemsCharacteristcs:Many suppliersDistributed applicationsSafety Reliability Resource efficiency (Hard) Real-Time requirements

SaveCCT Design GoalsEfficient Development:Enable utilization of CBSE advantages, provide the necessary possibilities for the target domainPredictable Behavior:Need to be able to apply analysis of important run-time attributes during design-time, e.g., Timing, Safety, Reliability, Memory needs, Processor demands Run-Time Efficiency:Ideally enable CBSE without run-time cost, compared to C programming with RTOS

Process OverviewSystem RequirementsComponentRequirementsSelect and AdaptComponentVerificationSystemVerificationNeed forcomponent Develop or BuyVerify ComponentRepositorySystemCompositionSystem DecompositionInterface betweenComponent developersAnd system developers

SaveCCT Technology OverviewRepository

The SaveCCM component modelRestictive in comparision to PC/Internet component modelsCOM, .Net, EJB Enable analysis during design-time, and determinstic reproducable behaviour during run-time (test-time)Textual xml, and graphical UML influenced syntax

SaveCCM Syntax:Basic ComponentPortsTrigger, data, combinedBehaviourRead Execute Writefixed_t error = Setpoint Value;fixed_t u = fixed_mul(K, e);

if (IntegrationEnabled) u += fixed_div(NewState, T_i);

Control = LIMIT(u, 0, MAX_CONTROL);State = error;

SaveCCM Syntax:Basic ComponentPortsTrigger, data, combinedBehaviourRead Execute Writefixed_t error = Setpoint Value;fixed_t u = fixed_mul(K, e);

if (IntegrationEnabled) u += fixed_div(NewState, T_i);

Control = LIMIT(u, 0, MAX_CONTROL);State = error;

SaveCCM Syntax:SwitchPortsSetports determine active configurationConnection patternsFor static or dynamic reconfiguration

SaveCCM Syntax:AssemblyPortsInternal components and connectionsEncapsulation of a sub-system

SaveCCM Syntax:Composite ComponentPortsInternal components and connectionsRestricted behaviour, read-execute-write

SaveCCM Formal Foundation Timed Automata with TasksSaveCCM CoreBuilding blocks for SaveCCM semantics:Basic ComponentComposite ComponentConditional ConnectionPort: point of interactionWhere connection meet componentTransfer data or triggeringSingle data item, overwrite semantics

On request, John may give a lecture ;o)Finite automata with

Dense time clocks,manipulated on edges

Tasks, released whena location is reached

Dense time is possible by using a symbolic representationx 5y := 0T1u!x 10

SaveCCT Glue Code GeneratorMotivation2 GHz256 MB RAM1 MB OSSyncronisation, IPC, Timingstatic configuration

SaveCCT Glue Code Generator- Task Allocation

Analysis

TargetCompiler

RTOS RTOS Fully Automated Compile-Time StepSaveCCMComponent ModelIntermediate Task ModelsRTOSExecution ModelsCrossFire, RTXCPC/Win32, CCSimTech

SaveCCT Tools (under continous improvement) Save IDE (under continous improvement) Component compositionSeveral existing prototypes for graphical composition from masters thesis projects, currently under major revisionAutomated connectivity to analysis tools through translations of SaveCCM XML totimed automata with tasks ->Times (Timing and much more)Finite State Processes -> LTSA (Control loop liveness)TestAutomated test tools, e,g., test-complete and LabView, from CCSimTechRepositoryUnder construction, will provide means for easy selection and specialisation of components through distingushing component versions, from component variants

Example Application SaveCCT in an industrial Environment

Case Study at CC SystemsIntegrated our technology in a real industrial environment, i.e., selected development tools and hardware from the companys repertoireCrossFire ECU, CCSimTech simulation technique, target compiler Implemented a fictive vehicular control application with the technology, and used as basis for evaluation

Road Signs EnabledCurrent SpeedRoad Sign SpeedACC Max SpeedDistanceACC EnabledBrake Pedal Used

50 Hz10 HzBrake SignalThrottle

Brake Assist

Logger HMI Outputs

Object Recognition

Mode Switch

ACCController

Brake AssistACCMax SpeedACC ApplicationSpeed Limit

ACC Controllers

DistanceController

SpeedControllerDistanceControlRelativeSpeedMaxSpeed

DistanceController

CalcOutput

UpdateState

Speed Controller

CalcOutput

UpdateStateDistanceRelativeSpeedMaxSpeedCurrentSpeedCurrentSpeedControl

ACC Controllers

Automated Analysis of The ACCStatic WCET analysis through integration of the aiT Worst-Case Execution Time AnalyserWCET ~ 3% over-estimationContext dependent WCET analysis preferable, but not yet achievedTiming and more through the underlying Timed Automata modelThe Times tool checks e.g., Schedulability and Response times for end-2-end transactionsLivenessFinite State Processes (FSP), derived from SaveCCTLabeled Transition System Analyser (LTSA), is used to verify liveness

Questions