Copyright Copyright ©© Hitachi Automotive Systems, Ltd. All rights reservedHitachi Automotive Systems, Ltd. All rights reserved
Panel Session 1Panel Session 1Panel Session 1Panel Session 1 "Design Verification, Test""Design Verification, Test""Design Verification, Test""Design Verification, Test"
Automotive Functional Safety Standard ISO26262Automotive Functional Safety Standard ISO26262Automotive Functional Safety Standard ISO26262Automotive Functional Safety Standard ISO26262and and and and Design VerificationDesign VerificationDesign VerificationDesign Verification TechnologyTechnologyTechnologyTechnology
June 8, 2012June 8, 2012June 8, 2012June 8, 2012June 8, 2012June 8, 2012June 8, 2012June 8, 2012
Yoshihiro MiyazakiYoshihiro MiyazakiYoshihiro MiyazakiYoshihiro MiyazakiYoshihiro MiyazakiYoshihiro MiyazakiYoshihiro MiyazakiYoshihiro Miyazaki
CREST "Platform Technology of Dependable VLSI Systems"DVLSI Program Review 2012-1
1. Company profile1. Company profile1. Company profile1. Company profile1. Company profile1. Company profile1. Company profile1. Company profile2. Development technology trends of the automotive2. Development technology trends of the automotive2. Development technology trends of the automotive2. Development technology trends of the automotive2. Development technology trends of the automotive2. Development technology trends of the automotive2. Development technology trends of the automotive2. Development technology trends of the automotive
electronic systemelectronic systemelectronic systemelectronic systemelectronic systemelectronic systemelectronic systemelectronic system3. 3. 3. 3. 3. 3. 3. 3. Automotive Functional Safety Standard ISO26262Automotive Functional Safety Standard ISO26262Automotive Functional Safety Standard ISO26262Automotive Functional Safety Standard ISO26262Automotive Functional Safety Standard ISO26262Automotive Functional Safety Standard ISO26262Automotive Functional Safety Standard ISO26262Automotive Functional Safety Standard ISO262624. Virtual ECU application technology4. Virtual ECU application technology4. Virtual ECU application technology4. Virtual ECU application technology4. Virtual ECU application technology4. Virtual ECU application technology4. Virtual ECU application technology4. Virtual ECU application technology
ContentsContents
Executive Chief Engineer, Electronic Platform Technology GMExecutive Chief Engineer, Electronic Platform Technology GM
R&D Div.R&D Div.
Hitachi Automotive Systems, Ltd.Hitachi Automotive Systems, Ltd.
2222Copyright © Hitachi Automotive Systems, Ltd. All rights reserved
Company profile1111. Company profile. Company profile. Company profile. Company profile
Hitachi advanced into domestic production of automotive electric parts in 1930.
Having 80 years history in the automotive industry,
Hitachi Automotive Systems, Ltd., was established on July 1st, 2009 by the split-off from Hitachi, Ltd.
Hitachi advanced into domestic production of automotive electric parts in 1930.
Having 80 years history in the automotive industry,
Hitachi Automotive Systems, Ltd., was established on July 1st, 2009 by the split-off from Hitachi, Ltd.
Development, manufacture, sales and services of automotive components,
transportation related components, industrial machines and systems, etcBusiness
Hitachi Automotive Systems, Ltd. Name
July 1, 2009Established
Shin-Otemachi Bldg.
2-1, Otemachi 2-chome, Chiyoda-ku, Tokyo, JapanHeadquarter
15,000 million yen (Wholly-owned subsidiary of Hitachi, Ltd)Capital
811.5 billion yen Year ended March 31, 2012, Consolidated basisRevenues
Kunihiko Ohnuma
President and Chief Executive OfficerRepresentative
3333Copyright © Hitachi Automotive Systems, Ltd. All rights reserved
Product summary1111. Company profile. Company profile. Company profile. Company profile
Vehicle maintenance/Diagnosis
Auto insurance
Entertainment
Telematics service
Logistics for
delivery vehicles
Car information unit for job oriented servicePND*
Navigationsystem
Millimeter wave radar
Camera
Audio
Proving car
Electroniccontrol unit
ETC,VICS trafficcontrol system
Rear view monitor
HEV*
Engine/Brakes/Steering
Mobilecommunicationnetworks
Traffic information centerTraffic forecast & information
Satellite broadcasting/communicationDigital broadcasting
Image processing camera
Power steering
Air leveling system
Millimeter wave radar
VDCBrakeCaliper
Suspension
Stereo Camera
Brake actuation
ADAS Control Unit
Hydraulic cylinder for roll control
Propeller Shaft
Lithium-ion batteryHitachi Vehicle Energy)
InverterMotor
Starter
Injector
Control Unit
High pressure fuel pump
Piston
Valve timing control
Airflow Sensor
Variable valve event and lift control system
Balancer
Electronic throttle body
VDC: Vehicle Dynamics
Control
ADAS: Advanced Driver
Assistance System
Engine Management SystemsEngine Management SystemsEnviron
ment Drive Control SystemsDrive Control SystemsSafety
Electric Electric PowertrainPowertrain SystemsSystemsEnviron
ment
*PND:Portable Navigation Device *HEV: Hybrid Electric Vehicles
Car Information SystemsCar Information SystemsInformat
ion
4444Copyright © Hitachi Automotive Systems, Ltd. All rights reserved
Definition of the electronic platform2. Development technology trends of the automotive electronic sy2. Development technology trends of the automotive electronic sy2. Development technology trends of the automotive electronic sy2. Development technology trends of the automotive electronic systemstemstemstem
With enlargement and advancement of the in-vehicle software,
forming the common basis from the base of each software is becoming
much effective and it is named as “electronic platform”.
With enlargement and advancement of the in-vehicle software,
forming the common basis from the base of each software is becoming
much effective and it is named as “electronic platform”.
[In a wide sense] Electronic platform[In a wide sense] Electronic platform
[In a narrow sense] Electronic platform (Implementation platform)[In a narrow sense] Electronic platform (Implementation platform)
Development platformDevelopment platform
Microcomputer, in-vehicle LAN, the basic OS, BIOS, communication software, etc.
Methods and tools such as control model description, programming, verification, etc.
Application
Software
Base software(the basic OS,
communication software)
Base hardware
(microcomputers)
In-vehicle network (LAN)
ECU for engines
Application
software
Base
software
Base
hardware
ECU for AT ECU for brakes
Application
software
Base
software
Base
hardware
Concept
Conformity with vehicle/
its verificationControl
design
Software design Software test
Implementation
Electronic platform (implementation platform) Development platform
Software architecture Software development process
Design,test methodss and tools
supporting the development process
5555Copyright © Hitachi Automotive Systems, Ltd. All rights reserved
Approach to measures of in-vehicle software development in recent years
2. Development technology trends of the automotive electronic sy2. Development technology trends of the automotive electronic sy2. Development technology trends of the automotive electronic sy2. Development technology trends of the automotive electronic systemstemstemstem
Measures approach 1: Reduce things to be developed
Electronic platform (implementation platform)
→→→→ standardization, high-level functionStandardization of software hierarchical structure specifications
Standardization of basic software specifications
Standardization of applications software data interface specifications
→→→→industry standardization : AUTOSAR, JasPar
Measures approach 1: Reduce things to be developed
Electronic platform (implementation platform)
→→→→ standardization, high-level functionStandardization of software hierarchical structure specifications
Standardization of basic software specifications
Standardization of applications software data interface specifications
→→→→industry standardization : AUTOSAR, JasPar
Many problems come to the front with progress of applying electronic controlIncrease of the in-vehicle controller number Enlargement of the in-vehicle controller software
Complexity, advancement of the control Keeping & improvement of reliability
Measures approach 2: Ease and facilitate development work (abstraction, automation)
Development platform →→→→ advancement, standardization
"model based development method"Control model description language, tool
Modeling and simulation for the controller and the control target
Automatic cord generation (programming-less)
→→→→ industry standardization: JMAAB, the Society of Instrument and Control Engineers
Measures approach 2: Ease and facilitate development work (abstraction, automation)
Development platform →→→→ advancement, standardization
"model based development method"Control model description language, tool
Modeling and simulation for the controller and the control target
Automatic cord generation (programming-less)
→→→→ industry standardization: JMAAB, the Society of Instrument and Control Engineers
6666Copyright © Hitachi Automotive Systems, Ltd. All rights reserved
Advancement / complexity of the in-vehicle control
2. Development technology trends of the automotive electronic sy2. Development technology trends of the automotive electronic sy2. Development technology trends of the automotive electronic sy2. Development technology trends of the automotive electronic systemstemstemstem
User attentions to safety of the electronic control system
→→→→ becoming higher
Correspondence to functional safety standard ISO26262
(2011/Nov. established)
Further advancement, complexity of the electronic control function
Remarkable
improvement in
safety/efficiency/quality
for verification
is required
Evolution from aggregate of the single function control
to integrated control
Steering controlBrake control
Suspension
control
Engine control
Battery control
Drive control system
Motor control
Control target decision
ITS integration control
Vehicle dynamics control
Coordination of actuation systems/Regenerative brake systems, etc
Energy management
The outside
world
Information
Outside recognition system In-vehicle information system
Outside
a car
Commu
nication
Extract information
Target information
CameraMap
information
RadarPosition
information
Other sensorsInfrastructure
information
HEV control
[Notes] ITS: Intelligent Transport Systems, HEV: Hybrid Electric Vehicle
Difficulty increase to verify
7777Copyright © Hitachi Automotive Systems, Ltd. All rights reserved
Characteristics of ISO26262
Automotive functional safety standard ISO26262 inherits characteristics fromthe higher level standard i.e. functional safety standard IEC61508. It also adds the adaptation for the automotive field shown below.
① Introduction of Automotive Safety Integrity LevelSIL in IEC61508: recognized as the property of the target failure rateASIL in ISO26262: defined as the integrated safety requirement level with both random
failure and systematic failure (including software bugs, etc.)ASIL A (lower level)~ASIL D (higher level)
② Definition of H&R(Hazard analysis & Risk assessment) for the ASIL derivationEvaluated by three factors shown below
E(Exposure) : frequency of cases exposed at the event or assumed driving statusC(Controllability) : possibillity or difficulty of avoidanceS(Severity) : severity of damage or injury
C1C1C1C1 SimplSimplSimplSimpleeee C2C2C2C2 NormalNormalNormalNormal C3C3C3C3 DifficultDifficultDifficultDifficult
E1E1E1E1 very lowvery lowvery lowvery low QMQMQMQM QMQMQMQM QMQMQMQM
E2E2E2E2 lowlowlowlow QMQMQMQM QMQMQMQM QMQMQMQM
E3E3E3E3 mediummediummediummedium QMQMQMQM QMQMQMQM AAAAE4E4E4E4 highhighhighhigh QMQMQMQM AAAA BBBB
QMQMQMQM QMQMQMQM QMQMQMQM
QMQMQMQM QMQMQMQM AAAAQMQMQMQM AAAA BBBB
AAAA BBBB CCCCQMQMQMQM QMQMQMQM AAAAQMQMQMQM AAAA BBBB
AAAA BBBB CCCC
BBBB CCCC DDDD
S1S1S1S1Light and moderateLight and moderateLight and moderateLight and moderate
S2S2S2S2SevereSevereSevereSevere
S3S3S3S3fatalfatalfatalfatal
* QM : Quality Management (no requirement to comply with ISO 26262)
3. Automotive Functional Safety Standard ISO262623. Automotive Functional Safety Standard ISO262623. Automotive Functional Safety Standard ISO262623. Automotive Functional Safety Standard ISO26262
E1E1E1E1 very lowvery lowvery lowvery low
E2E2E2E2 lowlowlowlow
E3E3E3E3 mediummediummediummediumE4E4E4E4 highhighhighhigh
E1E1E1E1 very lowvery lowvery lowvery low
E2E2E2E2 lowlowlowlow
E3E3E3E3 mediummediummediummediumE4E4E4E4 highhighhighhigh
8888Copyright © Hitachi Automotive Systems, Ltd. All rights reserved
Overview of ISO26262
Concept
phase
Production
and operation
22222222. . . . Management of functional safety
11111111. . . . VocabularyVocabularyVocabularyVocabulary
88888888. . . . Supporting processes
99999999. . . . ASIL-oriented and safety-oriented analyses
33333333.... 77777777....
55555555. . . . Product
development
at the
hardware level
66666666. . . . Product
development
at the
software level
44444444. . . . Product development at the system level
1010101010101010. . . . Guideline Guideline Guideline Guideline forforforfor ISO 26262ISO 26262ISO 26262ISO 26262 understanding
ISO26262ISO26262ISO26262ISO262623. Automotive Functional Safety Standard ISO262623. Automotive Functional Safety Standard ISO262623. Automotive Functional Safety Standard ISO262623. Automotive Functional Safety Standard ISO26262
9999Copyright © Hitachi Automotive Systems, Ltd. All rights reserved
Activities in Japan related to ISO26262ISO26262ISO26262ISO26262ISO26262
deliberations of the standarddeliberations of the standarddeliberations of the standarddeliberations of the standard
DIS ISFDISISO
JSAE
ISO26262ISO26262ISO26262ISO26262 guidebookJAMA
Microcontroller standardizationMicrocontroller standardizationMicrocontroller standardizationMicrocontroller standardization TFTFTFTFJASPAR* Functional Safety related Functional Safety related Functional Safety related Functional Safety related WGsWGsWGsWGsGuidebookGuidebookGuidebookGuidebook software, Microcontrollersoftware, Microcontrollersoftware, Microcontrollersoftware, Microcontroller demonstration experimentdemonstration experimentdemonstration experimentdemonstration experiment
translation general information guidebook
* * * * JASPAR (JASPAR (JASPAR (JASPAR (Japan Automotive Software Platform and Japan Automotive Software Platform and Japan Automotive Software Platform and Japan Automotive Software Platform and ARchitectureARchitectureARchitectureARchitecture))))
[the establishment] September, 2004 (the establishment of the st[the establishment] September, 2004 (the establishment of the st[the establishment] September, 2004 (the establishment of the st[the establishment] September, 2004 (the establishment of the standardization consortium by three Japan car makers)andardization consortium by three Japan car makers)andardization consortium by three Japan car makers)andardization consortium by three Japan car makers)
[activity contents] the non[activity contents] the non[activity contents] the non[activity contents] the non----competition domains such as incompetition domains such as incompetition domains such as incompetition domains such as in----vehicle LAN elemental technology, middleware, the software base vehicle LAN elemental technology, middleware, the software base vehicle LAN elemental technology, middleware, the software base vehicle LAN elemental technology, middleware, the software base by cooperation by cooperation by cooperation by cooperation
in Japanese makersin Japanese makersin Japanese makersin Japanese makers
[Activity 2010[Activity 2010[Activity 2010[Activity 2010---- ] Functional safety WG newly established: Formulation and eva] Functional safety WG newly established: Formulation and eva] Functional safety WG newly established: Formulation and eva] Functional safety WG newly established: Formulation and evaluation of the functional safety requirement about luation of the functional safety requirement about luation of the functional safety requirement about luation of the functional safety requirement about
the automotive electronic platformthe automotive electronic platformthe automotive electronic platformthe automotive electronic platform
[Activity 2011[Activity 2011[Activity 2011[Activity 2011---- ] "Evaluation of transient fault effect" newly added as one of] "Evaluation of transient fault effect" newly added as one of] "Evaluation of transient fault effect" newly added as one of] "Evaluation of transient fault effect" newly added as one of the activitiesthe activitiesthe activitiesthe activities
2009 2010 2011
translationguidebook
JARI ISO26262Joint ResearchISO26262Joint ResearchISO26262Joint ResearchISO26262Joint ResearchFunctional Safety related Functional Safety related Functional Safety related Functional Safety related WGsWGsWGsWGs
2005200520052005 deliberationsdeliberationsdeliberationsdeliberations5 engineers registered for 5 engineers registered for 5 engineers registered for 5 engineers registered for internatinalinternatinalinternatinalinternatinal meetingmeetingmeetingmeeting1 engineer from my company1 engineer from my company1 engineer from my company1 engineer from my company
3. Automotive Functional Safety Standard ISO262623. Automotive Functional Safety Standard ISO262623. Automotive Functional Safety Standard ISO262623. Automotive Functional Safety Standard ISO26262
Society of Automotive Engineers of Japan, Inc.Society of Automotive Engineers of Japan, Inc.Society of Automotive Engineers of Japan, Inc.Society of Automotive Engineers of Japan, Inc.
Japan Automobile Manufacturers Association, Inc.Japan Automobile Manufacturers Association, Inc.Japan Automobile Manufacturers Association, Inc.Japan Automobile Manufacturers Association, Inc.
Japan Automobile Research InstituteJapan Automobile Research InstituteJapan Automobile Research InstituteJapan Automobile Research Institute
10101010Copyright © Hitachi Automotive Systems, Ltd. All rights reserved
Difference between ISO26262 and conventional development
Requirement levelRequirement levelRequirement levelRequirement levelby conventional quality managementby conventional quality managementby conventional quality managementby conventional quality management
Safety integrity levelSafety integrity levelSafety integrity levelSafety integrity levelcomplied by ISOcomplied by ISOcomplied by ISOcomplied by ISO
ASILASILASILASIL DDDD
ASILASILASILASIL CCCC
ASILASILASILASIL BBBB
ASILASILASILASIL AAAA
A lot of requirements of ISO26262A lot of requirements of ISO26262A lot of requirements of ISO26262A lot of requirements of ISO26262 are similar to those of conventional quality are similar to those of conventional quality are similar to those of conventional quality are similar to those of conventional quality management. But some requirements not included in the conventionmanagement. But some requirements not included in the conventionmanagement. But some requirements not included in the conventionmanagement. But some requirements not included in the conventional ways are added.al ways are added.al ways are added.al ways are added.It is required to show evidence of design and verification basedIt is required to show evidence of design and verification basedIt is required to show evidence of design and verification basedIt is required to show evidence of design and verification based on the view point of on the view point of on the view point of on the view point of functional safety.functional safety.functional safety.functional safety. Report information necessary for audit, etc. shall be Report information necessary for audit, etc. shall be Report information necessary for audit, etc. shall be Report information necessary for audit, etc. shall be submitsubmitsubmitsubmitted.)ted.)ted.)ted.)Not Not Not Not ○○○○××××(yes or no) judgment but quantitative judgment is required. (yes or no) judgment but quantitative judgment is required. (yes or no) judgment but quantitative judgment is required. (yes or no) judgment but quantitative judgment is required. (Example: diagnostic coverage)(Example: diagnostic coverage)(Example: diagnostic coverage)(Example: diagnostic coverage)
Requirement directionRequirement directionRequirement directionRequirement directionis partly differentis partly differentis partly differentis partly different
ISO26262ISO26262ISO26262ISO262623. Automotive Functional Safety Standard ISO262623. Automotive Functional Safety Standard ISO262623. Automotive Functional Safety Standard ISO262623. Automotive Functional Safety Standard ISO26262
11111111Copyright © Hitachi Automotive Systems, Ltd. All rights reserved
Metrics evaluation complied by ISO26262
11111111
Safe faults
2222
nnnn
∞∞∞∞
Detected Multiple or Perceived Multiple
Point faults
Single Point Fault MetricSingle Point Fault MetricSingle Point Fault MetricSingle Point Fault Metric
SPFMSPFMSPFMSPFMLatent Fault MetricLatent Fault MetricLatent Fault MetricLatent Fault Metric
LFMLFMLFMLFM
Σ( Fault )
BaumKuchenBaumKuchenBaumKuchenBaumKuchen Model representationModel representationModel representationModel representation
Latent MultiplePoint faults
Single Point orResidual faults 1111
Hardware Architecture MetricsHardware Architecture MetricsHardware Architecture MetricsHardware Architecture Metricsmetrics for the assessment of the effectiveness of the hardware metrics for the assessment of the effectiveness of the hardware metrics for the assessment of the effectiveness of the hardware metrics for the assessment of the effectiveness of the hardware architecture with respect to safetyarchitecture with respect to safetyarchitecture with respect to safetyarchitecture with respect to safety
(≧60%)(≧90%)ASIL B
≧80%≧97%ASIL C
≧90%≧99%ASIL D
LFMSPFMASIL
ISO26262ISO26262ISO26262ISO262623. Automotive Functional Safety Standard ISO262623. Automotive Functional Safety Standard ISO262623. Automotive Functional Safety Standard ISO262623. Automotive Functional Safety Standard ISO26262
12121212Copyright © Hitachi Automotive Systems, Ltd. All rights reserved
Methodology of Approach to ISO26262ISO26262ISO26262ISO26262ISO26262
①Analyze gaps against one's company's conventional development process and extract the lacked parts (gap analysis)
②Focus attention on "highly recommended" (++) or higher level in ISO26262 at gap analysis(consider "highly recommended" (++) to be covered in principle)
③keep conventional level if the level of the conventional process is higher than ISO26262 requirement(The level may be lowered from the view point of ISO26262. But do not lowerthe level consciously)
ISO26262ISO26262ISO26262ISO26262ISO26262ISO26262ISO26262ISO26262
decided decided decided decided as for each as for each as for each as for each componentcomponentcomponentcomponent
ECU SoftwareSafety/Quality
Standard
ECU SoftwareDesign Standard
Coding Rule
ProductProductProductProductdevelopmentdevelopmentdevelopmentdevelopment
System levelSystem levelSystem levelSystem levelHardware Hardware Hardware Hardware lebellebellebellebelSoftware levelSoftware levelSoftware levelSoftware level
ASILASILASILASILCustomer
Standard
ECU SoftwareSafety/Quality
Standard
ECU SoftwareDesign Standard
Coding Rule
one's company's one's company's one's company's one's company's standard development standard development standard development standard development process/workoutprocess/workoutprocess/workoutprocess/workout
Gap AnalysisGap AnalysisGap AnalysisGap Analysis
ECU SoftwareSafety/Quality
Standard
ECU SoftwareDesign Standard
Coding Rule
Add ISO26262 Add ISO26262 Add ISO26262 Add ISO26262 requirement to requirement to requirement to requirement to
conventional processconventional processconventional processconventional process
Add ISO26262 Add ISO26262 Add ISO26262 Add ISO26262 requirement to requirement to requirement to requirement to
conventional processconventional processconventional processconventional process
3. Automotive Functional Safety Standard ISO262623. Automotive Functional Safety Standard ISO262623. Automotive Functional Safety Standard ISO262623. Automotive Functional Safety Standard ISO26262
13131313Copyright © Hitachi Automotive Systems, Ltd. All rights reserved
Application of Development Technologies and Development Tools
ISO26262ISO26262ISO26262ISO262623. Automotive Functional Safety Standard ISO262623. Automotive Functional Safety Standard ISO262623. Automotive Functional Safety Standard ISO262623. Automotive Functional Safety Standard ISO26262
Requirements management & traceability managementRequirements management & traceability managementRequirements management & traceability managementRequirements management & traceability managementand support tools (as for safety)and support tools (as for safety)and support tools (as for safety)and support tools (as for safety)
QQQQuantificationuantificationuantificationuantification of test coverageof test coverageof test coverageof test coverage and support toolsand support toolsand support toolsand support tools
Formal verification and support toolsFormal verification and support toolsFormal verification and support toolsFormal verification and support tools
Virtual ECUVirtual ECUVirtual ECUVirtual ECU simulatorsimulatorsimulatorsimulator Virtual HILSVirtual HILSVirtual HILSVirtual HILS
ISO26262 WANT requirement
Correspondence work for ISO26262 (manCorrespondence work for ISO26262 (manCorrespondence work for ISO26262 (manCorrespondence work for ISO26262 (man----hour increase): hour increase): hour increase): hour increase): TTTTraditional Japanese sprit of fight with bamboo spearsraditional Japanese sprit of fight with bamboo spearsraditional Japanese sprit of fight with bamboo spearsraditional Japanese sprit of fight with bamboo spears can not win global business race can not win global business race can not win global business race can not win global business race ⇒⇒⇒⇒Apply recent dApply recent dApply recent dApply recent development evelopment evelopment evelopment ttttechnologies and echnologies and echnologies and echnologies and ddddevelopment evelopment evelopment evelopment ttttoolsoolsoolsools
Achieve more efficient and higher quality development processAchieve more efficient and higher quality development processAchieve more efficient and higher quality development processAchieve more efficient and higher quality development process
ISO26262 MUST requirement
ISO26262ISO26262ISO26262ISO26262 standard describes recommendation to apply various standard describes recommendation to apply various standard describes recommendation to apply various standard describes recommendation to apply various development technologies and toolsdevelopment technologies and toolsdevelopment technologies and toolsdevelopment technologies and tools
14141414Copyright © Hitachi Automotive Systems, Ltd. All rights reserved
What is virtual ECU simulator ?
ToolsToolsToolsTools ExampleExampleExampleExample Synopsys Inc./Synopsys Inc./Synopsys Inc./Synopsys Inc./CoMETCoMETCoMETCoMET GAIO TECHNOLOGY CO., LTD.GAIO TECHNOLOGY CO., LTD.GAIO TECHNOLOGY CO., LTD.GAIO TECHNOLOGY CO., LTD./No.1/No.1/No.1/No.1 System Simulator, etc.System Simulator, etc.System Simulator, etc.System Simulator, etc.
4. Virtual ECU simulator4. Virtual ECU simulator4. Virtual ECU simulator4. Virtual ECU simulator
01001010
01101011
11101010
01010111
... ...
01001010
01101011
11101010
01010111
... ...
Microcomputer modelControl plant model
Control software
+ base software
(implementation cord)
A microcomputer,
peripheral hardware
Cooperative simulation
New development
New applying
(combination)
New applying
(combination)
Application of the virtual ECU simulator
System, control: Implementation-related evaluation (execute time, operation load) of the electronic control
system, necessary operational precision, error influence, implementation cost)
Hardware: Microcomputer design (or selection), ECU design, ASIC development
Network: Communication error injection, network delay, decentralized control
Software: Run time task analysis, CPU load factor evaluation, the OS, middle software performance evaluation,
FMEA test,exhaustive timing test (interrupts), HILS substitute
4. Virtual ECU application technology4. Virtual ECU application technology4. Virtual ECU application technology4. Virtual ECU application technology
15151515Copyright © Hitachi Automotive Systems, Ltd. All rights reserved
An application example: Virtual HILS(vHILS)ECUECUECUECU
�Target product system: ADAS controller
Speed up/downSafe
distance
Radar
◆◆◆◆Virtual HILS (vHILS)
Ranging with radar and Keeping safe distance against proceeding Ranging with radar and Keeping safe distance against proceeding Ranging with radar and Keeping safe distance against proceeding Ranging with radar and Keeping safe distance against proceeding vehicles ahead (ACC function) , etc.vehicles ahead (ACC function) , etc.vehicles ahead (ACC function) , etc.vehicles ahead (ACC function) , etc.
ADAS: Advanced Driver Assistance Systems
ACC: Adaptive Cruise Control
Input
Display
Engine
③Vehicle Model
②CAN Model
CANBus Monitor
Body
HMI
Sensor
①ECU Model
ADASECU
Vehicle
Test Specs
④Event Processor
Road
Condition
The processing throughput by 3 parallel computingThe processing throughput by 3 parallel computingThe processing throughput by 3 parallel computingThe processing throughput by 3 parallel computing----> evaluated result: equal to a real machine> evaluated result: equal to a real machine> evaluated result: equal to a real machine> evaluated result: equal to a real machine
more thanmore thanmore thanmore than a real machinea real machinea real machinea real machine to be feasibleto be feasibleto be feasibleto be feasibleby N parallel processingby N parallel processingby N parallel processingby N parallel processing
4. Virtual ECU application technology4. Virtual ECU application technology4. Virtual ECU application technology4. Virtual ECU application technology
HILS: Hardware-in-the-loop simulator
Note: Conventionally HILS with real ECU is usedNote: Conventionally HILS with real ECU is usedNote: Conventionally HILS with real ECU is usedNote: Conventionally HILS with real ECU is used
16161616Copyright © Hitachi Automotive Systems, Ltd. All rights reserved
The future of the software verification: V2Cloud
ECUECUECUECU
Large-scale computer environment
User
VehicleECU
MCU
CPUPeri
pheral
Virtual HILSController
Interlocking
movement
vHILS vHILS vHILS vHILS
vHILS vHILS vHILS vHILS
Front-end
VM Controller
Query Processor
Task Distributer
Trace Collector
※VM: Virtual Machine
Test vectors
described in a
spreadsheet
test vector result
Engine Test ◯
Brake Test ◯
Body Test X
Network Test ◯
Fail Test X
Test Queries
Result
■■■■Cloud computing for software verification
–Large-scale VM environment: Facilitates sharing and management of the simulation
–Complete automation: Scalable environment
–Without having fixed assets, it is possible to enjoy the necessary target system configuration
and test performance when needed
Expectation (example): Massive regression tests or fault injection tests
HILS : several days -> parallel VHILS on V2Cloud : one night only !
4. Virtual ECU application technology4. Virtual ECU application technology4. Virtual ECU application technology4. Virtual ECU application technology
17171717Copyright © Hitachi Automotive Systems, Ltd. All rights reserved
[Appendix] References
� JMAABJMAABJMAABJMAAB http://http://http://http://jmaab.mathworks.jpjmaab.mathworks.jpjmaab.mathworks.jpjmaab.mathworks.jp////
� ISO26262ISO26262ISO26262ISO26262
� SSSS.Oho.Oho.Oho.Oho et al,et al,et al,et al, Advanced ModelAdvanced ModelAdvanced ModelAdvanced Model----based Development Techniques Applied to Automotive Engine Managebased Development Techniques Applied to Automotive Engine Managebased Development Techniques Applied to Automotive Engine Managebased Development Techniques Applied to Automotive Engine Management Systems, ment Systems, ment Systems, ment Systems,
Hitachi Hitachi Hitachi Hitachi HyoronHyoronHyoronHyoron, Vol. 91, no.10, pp. 54, Vol. 91, no.10, pp. 54, Vol. 91, no.10, pp. 54, Vol. 91, no.10, pp. 54----57, 200957, 200957, 200957, 2009
� Y.SugureY.SugureY.SugureY.Sugure, , , , et.alet.alet.alet.al., "Virtual Engine System Prototyping with High., "Virtual Engine System Prototyping with High., "Virtual Engine System Prototyping with High., "Virtual Engine System Prototyping with High----Resolution FFT for Digital Knock Detection Using CPU Resolution FFT for Digital Knock Detection Using CPU Resolution FFT for Digital Knock Detection Using CPU Resolution FFT for Digital Knock Detection Using CPU
ModelModelModelModel----Based Hardware/Software CoBased Hardware/Software CoBased Hardware/Software CoBased Hardware/Software Co----simulation," SAE Paper 2009simulation," SAE Paper 2009simulation," SAE Paper 2009simulation," SAE Paper 2009----01010101----0532053205320532
� Y. Ito et al, "A Model Based Software Validation for Automotive Y. Ito et al, "A Model Based Software Validation for Automotive Y. Ito et al, "A Model Based Software Validation for Automotive Y. Ito et al, "A Model Based Software Validation for Automotive Control Systems", International Conference on Control, Control Systems", International Conference on Control, Control Systems", International Conference on Control, Control Systems", International Conference on Control,
Automation and Systems (ICCAS), pp.102, 2010Automation and Systems (ICCAS), pp.102, 2010Automation and Systems (ICCAS), pp.102, 2010Automation and Systems (ICCAS), pp.102, 2010
� Y. Ito, et al., "VIRTUAL HILS : A ModelY. Ito, et al., "VIRTUAL HILS : A ModelY. Ito, et al., "VIRTUAL HILS : A ModelY. Ito, et al., "VIRTUAL HILS : A Model----Based Control Software Validation Method", SAE Paper 2011Based Control Software Validation Method", SAE Paper 2011Based Control Software Validation Method", SAE Paper 2011Based Control Software Validation Method", SAE Paper 2011----01010101----1018101810181018
� Y.MiyazakiY.MiyazakiY.MiyazakiY.Miyazaki Platform Development Trends for Automotive Electronic Platform Development Trends for Automotive Electronic Platform Development Trends for Automotive Electronic Platform Development Trends for Automotive Electronic SystemSystemSystemSystem――――IssuesIssuesIssuesIssues and Solution Casesand Solution Casesand Solution Casesand Solution Cases――――,,,, 2011 CAR2011 CAR2011 CAR2011 CAR----
ELE JAPAN Technical Conference (CARELE JAPAN Technical Conference (CARELE JAPAN Technical Conference (CARELE JAPAN Technical Conference (CAR----10)10)10)10)
Top Related