Model-based development represents a significant change in software coding process.
Automatic Code Generation was introduced a few years ago and is radically changing the product engineering process. Autoliv, worldwide leader in automotive safety, is actively using code generation from models for its active safety product development. This new software approach was introduced in Autoliv in order to satisfy the demands of customers and OEMs across the globe. Indeed, in a highly competitive area like automotive industry, every tier1 supplier has to provide increasing system functionalities (which add complexity to the software), but must reduce development time.
The usual hand-written code process does not meet these requirements. The period between the design concept realised by the system team and the code written by the software team is much longer, and also includes various intermediary specification documentation and reviews.
This process was getting more and more delayed as many loops were observed during new product development. To limit the overall development time, system designers were required to freeze the concept quite early, missing some critical points that would come later in the development process. To allow more flexibility between design and coding, model-based design and rapid prototyping have been introduced.
For years, numerical modeling and control design have been used and accepted by engineers from all industries. The MathWorks have done a lot in this area developing the Matlab® and Simulink® products. The Simulink environment represents graphically the designed system and gives the ability to run simulations, which in fact is its main purpose. Using these tools, engineers can graphically design their system and the control strategy to compare them with the original plant model.
A first asset of model-based design is the graphical representation, which makes communication much easier for a multidisciplinary team. These tools also provide the possibility to leave the regular paper specification work and use these Simulink files as executable specifications.
The system is numerically designed and validated before real-time implementation and rapid prototyping. From the model-based design, code is generated automatically, which is downloaded and tested on a generic Electronic Control Unit (ECU). This rapid prototyping platform reprieves engineers of serial ECU product limitations such as memory capacity, number of inputs/outputs, power processing or any concern regarding production code issues.
Using this step instead of the regular development process, engineers can test their system in a real environment much faster.
If rapid prototyping clearly demonstrates a great efficiency for developing new system design, one could wonder if the code generated during rapid prototyping can be used directly for serial production.
As rapid prototyping does not take into account production ECU properties, software engineers may need to adapt the model, tune the data type and specify signal properties from floating to fixed point code generation for instance.
Some system functions are common to many products with different hardware platform. As it should be reused, the generated code must be specified so that it fits to these different architectures. Any supplier or OEM working with model-based design for production has to adopt a process that limits the extensive work experienced with written code when it is about code migration from an environment to another. This constraint will become more and more important for automotive companies delivering AUTOSAR compliant systems in the near future.
Model-based design and automatic code generation must be reliable, especially for aerospace and automotive industry. Automatic code generation presents various opportunities to test the generated functions in a lab before final validation in real environment (e.g. in the vehicle):
Last year, The MathWorks launched a new toolbox to be used in combination with Matlab and Simulink Verification & Validation. Using it, one can link a part of the designed model in Simulink to its system specification (either using a Microsoft Word document or DOORS – software dedicated to specification management). On running simulation, it reports if the system passed or failed those requirements and highlights the part of the model that initiated a wrong behaviour.
It has been demonstrated that generated production code can be as reliable as legacy code. As an example, some aerospace companies such as Airbus are using automatically generated code for some functions in their new planes, being MISRA-C (Motor Industry Software Reliability Association) compliant. A pilot project within Autoliv has been set-up for an advanced engineering product: the electrical reversible retractor. This system consists of an ECU that detects abnormal vehicle dynamics behavior in a similar manner as an Electronic Stability Program (ESP). The ECU commands an electrical motor coupled to the belt. The effect is that belt slack is eliminated in severe dynamic situation such as emergency braking, or vehicle sliding. A first version of this product has been realised, according to the standard Autoliv process.
In this classic process, the system specification is first defined, then the algorithm is developed using MATLAB® and Simulink® and vehicle simulation software. Once the algorithm design is frozen, a coding specification is documented so that the software team can implement it on a real-time target. It took the software team about three man-months for the coding task. This first system was released and tested on vehicle. Then new functionalities had to be added to the product. At this point, it was decided to switch to model-based design, i.e. integrating automatic code generation using toolboxes such as Real Time Workshop®, Real Time Workshop® Embedded Coder and “Embedded Target for …” series from The MathWorks.
Results were significant for a first model-based design application: it took one man-month to adapt the existing active belt algorithm and add extra features. Even including the time needed for the team to handle these new tools, the time to develop the prototype was cut down by a factor 3. Since then, all new advanced developments within Autoliv are using rapid prototyping so that we can demonstrate the good behavior of our safety systems and promote them efficiently to our customers. These successes with rapid prototyping naturally lead to global projects for Autoliv, studying ways to apply code generation for all new serial products including airbag ECUs.
The goal of this first project was to get technicians and engineers used to the model based approach, and rate this new process. It has been seen that developers with a control system design background adopt these new processes much easier than engineers with computer science skills. The latter need more time and training before getting used to the different tools for code generation.
Model-based development represents a significant change in software coding process and cultural approach. Therefore, it is important for companies that wish to use automatic code generation for production to go through all the steps: from simulation to rapid prototyping and then from automatically generated code function to fully automatically generated applications. It is then easier for people and processes to handle these new tools, resulting in a company’s success.
Keywords: Automatic Code Generation, Model-based design, The MathWorks
