This is the fifth and final installment in a series of articles addressing engineering challenges and opportunities associated with the verification and validation of autonomous and semi-autonomous vehicles.
Part V: Design-Aware V&V
Thus far, this series has addressed test reuse across workflows, the value of scalable-fidelity in XIL test benches, and generative, model-driven development (MDD) workflow solutions to key verification and validation (V&V) tasks relative to the development of electrical/electronic (E/E) systems in vehicles. Interestingly enough, the solutions to these challenges present another set of brand new challenges, which in turn demand additional solutions.
Central to each V&V solution discussed herein is the concept of modeling, which raises the abstraction level to the domain of E/E systems, thereby allowing tools to produce optimal product realizations from design input bases. However, raising abstraction levels means that the expert designs of tooling-produced implementations are more-or-less foreign to vehicle function developers. This presents a V&V challenge, because verification tools are very good at extracting information and supporting stimulus at the technical implementation level – but not for the level at which the E/E system is designed, nor the level in which verification engineers understand the system. This is analogous to how a modern C++ compiler can produce very safe, high-performance code, but a C++ programmer trying to debug and analyze a system using a disassembler will inevitably face challenges.
Luckily, for the same reason that an automatic, generative MDD workflow is possible, an MDD verification environment that supports debugging and analysis at the design level is also possible. The solution lies in the meta-models of which the design input models conform to and are otherwise described by. Generative tools use formal design model descriptions, along with a knowledge of the formal semantics embodied in their meta-model in order to transform the design model into a mapped implementation model. This mapping is symmetrical, in the sense that it can also be used to cross-correlate information in the implementation model (and information within its execution trace) back into corresponding information in the design model.
This kind of referencing is used to create V&V tools that are “design-aware.” The notion of design-awareness is general, and can be applied to different domain concepts with the design such as architecture, test, and/or language; and it can also be applied more-or-less deeper in the configuration of the implementation, such as in the MDDRTOS (kernel), platform services, or even in software interfaces.
As an example, “AUTOSAR-aware” V&V tools allow developers to debug and analyze E/E systems in the context of the AUTOSAR architectural model that describes the embedded software content within an ECU. For debugging, verification engineers can set “breakpoints” on AUTOSAR elements such as software components or port interfaces, and then the system will halt when activity occurs in the context of these elements, allowing verification engineers to inspect data within the ports and the component’s internals. For analysis, AUTOSAR-aware agents can present a system trace collected during the execution of the digital twin in the context of the AUTOSAR model and basic software (BSW) configuration elements such as tasks and network signals.
In summary, scalable-fidelity, test reuse, generative workflows and design-aware V&V tool solutions combine to help verification engineers effectively verify and validate vehicle E/E systems, driven by rapidly advancing trends in the automotive market. The primary business values of effective V&V are:
- Problems can be found earlier in the automotive design development processes, when they are least expensive to fix
- Increased V&V coverage increases safety, enhances security, and otherwise finds problems before they are deployed into the field
- Tests include test benches of mixed fidelity to support the massive number of V&V cycles required for multi-ECU systems
- Test cases are reused across the entire development process
- OEMs and suppliers efficiently exchange test cases and test benches
- Training costs are decreased
- Verification engineers can switch between the best test automation software and the best test benches
- Implementation domain expertise captured in tools increases quality and reduces future issues
- Manual or otherwise repetitious efforts can be removed to accelerate time-to-market
- Verification and design engineers can generate product realizations at the domain level in which they are designed
See below for the previous four installments in the series: