

# DATA CONSISTENCY TEST TOWARDS SYSTEMATIC REQUIREMENTS ELICITATION IN AUTOMOTIVE MULTI-CORE APPLICATIONS

ERTS 2020 Toulouse, 30.01.2020 Ralph Mader Vitesco Technologies GmbH Wolfgang Pree University of Salzburg and Chrona.com

Public



### DATA CONSISTENCY TEST – TOWARDS SYSTEMATIC REQUIREMENTS ELICITATION

**1 MULTI CORE SOFTWARE FOR POWERTRAIN** 

2 WHAT IS DATA CONSISTENCY

3 IDENTIFICATION OF CONSISTENCY REQUIREMENTS

4 SUMMARY AND OUTLOOK



## **MULTI-CORE SOFTWARE FOR POWERTRAIN**

WHERE IS MULTI-CORE IN USE?





# **MULTI-CORE SOFTWARE FOR POWERTRAIN**

#### PROJECT VERSUS PLATFORM DEVELOPMENT



> Platform solution must be independent from core partitioning in project



TECHNOLOGIE

# **MULTI-CORE SOFTWARE FOR POWERTRAIN**

#### TYPES OF SOFTWARE USED







### DATA CONSISTENC TEST – TOWARDS SYSTEMATIC REQUIREMENTS ELICITATION

1 MULTI CORE SOFTWARE FOR POWERTRAIN

**2 WHAT IS DATA CONSISTENCY** 

**3 IDENTIFICATION OF CONSISTENCY REQUIREMENTS** 

4 SUMMARY AND OUTLOOK



## WHAT IS DATA CONSISTENCY?

DATA CONSISTENCY = DATA STABILITY & DATA COHERENCY

#### Stability

Coherency



> For proper functional behavior, both stability and coherency have to be ensured



vitesco

TECHNOLOGIE

# **MEANS TO ENSURE DATA CONSISTENCY**

#### BUFFERING OR LOGICAL EXECUTION TIME (LET)

> Below you find two means how to ensure data consistency in Multi-Core Systems





## DATA CONSISTENCY WITH MINIMAL OVERHEAD

SHORTCOMINGS OF REQUIREMENTS ELICITATION

#### Status Quo

- > Functions are designed mostly by mechanical engineers
- > Design object reviews are used today for identifying consistency requirements
- > Quality of requirements is based on the multi-core background of the reviewers

#### Consequences

- Missing Requirements could generate sporadic functional issues (sleeping issues)
- > Non-maintained Requirements could lead to miss data protection
- > Useless Requirements consume resources and add validation & maintenance effort



### DATA CONSISTENCY TESTING – TOWARDS SYSTEMATIC REQUIREMENTS ELICITATION

1 MULTI CORE SOFTWARE FOR POWERTRAIN

2 WHAT IS DATA CONSISTENCY

**3 IDENTIFICATION OF CONSISTENCY REQUIREMENTS** 

4 SUMMARY AND OUTLOOK





TIMING IS EVERYTHING ...



milliseconds

a Ob

global variables a, b





TIMING IS EVERYTHING ...



milliseconds



global variables a, b

Provider component (PRV) writes values to a, b



























TIMING IS EVERYTHING ...

All would have been fine if:

> MUT would have executed a bit faster (eg, shorter waiting time for bus communication resource), or > PRV would have executed a bit slower (eg, longer interrupt by another task function on core 2)





# **CORE CONCEPT: ADVERSARIAL TESTING**



BY VARYING THE EXECUTION TIMES OF TASK FUNCTIONS WITHIN WCET LIMITS

- > maximize occurrences of violations by manipulating execution times of code fragments to achieve "bad" interleaving of MUT and PRV executions
  - > PAP coverage (as many different PAPs as possible )
  - > filter by assessing the effect of certain PAPs on the outputs
- > basis for consistency testing: Validator simulator: a platform-aware Software-inthe-Loop (SiL) simulation
  - > execution of application software is interleaved with simulation of a virtual platform model



### **RESULTS OF CONSISTENCY TESTING**



ADEQUATE SET OF VARIABLES THAT NEED TO BE BUFFERED

>a (typically a reduced) set of data protection requirements

>documented exceptions with reproducible tests



### **SOLID FORMAL BASIS**



#### FINITE STATE MACHINES



W.Exit:  $\forall C \in v.CS, C.fat \leftarrow \min(C.fat, t);$ 

> THUS, CONSISTENCY/COHERENCY TESTING CAN BE FORMALLY VERIFIED





### **TOOL USAGE**



IMPROVES SOFTWARE QUALITY AND REDUCES RESOURCE CONSUMPTION

- > batch mode as part of a daily build (continuous integration)
- > interactively with UI seamlessly integrated in Matlab/Simulink and Eclipse

| □ ConsistestReport.ctxml 🛛                                  |                                        |                      |      |      |      |      |      |      |      |      |  |
|-------------------------------------------------------------|----------------------------------------|----------------------|------|------|------|------|------|------|------|------|--|
| Module<br>✔ fmsp_ispclbas0_systrig_sege1                    | Set                                    | Var                  | E: 0 | E: 1 | E: 2 | E: 3 | E: 4 | E: 5 | E: 6 | E: 7 |  |
| <ul> <li>Imsp_isperbuse_systing_segen</li> <li>V</li> </ul> | fmsp_ispclbas0_ispcl_bas10ms           |                      |      |      |      |      |      |      |      |      |  |
|                                                             | ······································ | fac_afu_afs          | ۲    | ۲    | ۲    | ۲    | ۲    | ۲    | ۲    | •    |  |
|                                                             |                                        | fac_afu_ratio        | 0    | ۲    | ۲    | ۲    | 0    | ۲    | ۲    | 0    |  |
|                                                             |                                        | inh_iv_cyl_deac      | 0    | ۲    | ۲    | ۲    | ۲    | ۲    | ۲    | 0    |  |
| *                                                           | fmsp_ispclbas0_ispcl_bas5ms            |                      |      |      |      |      |      |      |      |      |  |
|                                                             |                                        | m_fg_inv_clp_cyl_inj | •    | ۲    | ۲    | ۲    | ۲    | ۲    | ۲    | •    |  |
| ~                                                           | fmsp_ispclbas0_ispcl_basseg            |                      |      |      |      |      |      |      |      |      |  |
|                                                             |                                        | lf_mfl_inj_upd       | ۲    | ۲    | ۲    | ۲    | ۲    | ۲    | ۲    | 0    |  |
| <ul> <li>fmsp_ispclmplinj_systrig_sege1</li> </ul>          |                                        |                      |      |      |      |      |      |      |      |      |  |
| ~                                                           | fmsp_isp_mpl_inj100ms                  |                      |      |      |      |      |      |      |      |      |  |
|                                                             |                                        | tco_1_sys            | ۲    | ۲    | ۲    | ۲    | ۲    | ۲    | ۲    | 0    |  |
|                                                             |                                        | tco_st_cur           | 0    | ۲    | ۲    | ۲    | ۲    | ۲    | ۲    | 0    |  |
| *                                                           | fmsp_isp_mpl_inj10ms                   |                      |      |      |      |      |      |      |      |      |  |
|                                                             |                                        | lv_st_end            | ۲    | 0    | ۲    | ۲    | ۲    | ۲    | 0    | 0    |  |
|                                                             |                                        | state_var_mkt        | ۲    | ۲    | ۲    | ۲    | ۲    | ۲    | ۲    | •    |  |
|                                                             |                                        | t_ast                | ۲    | 0    | ۲    | ۲    | 0    | ۲    | 0    | •    |  |
| ~                                                           | fmsp_isp_mpl_inj5ms                    |                      |      |      |      |      |      |      |      | _    |  |
|                                                             |                                        | m_air_cyl_pred       | 0    | 0    | ۲    | ۲    | 0    | 0    | 0    | 0    |  |



### DATA CONSISTENC TEST - TOWARDS SYSTEMATIC REQUIREMENT ELICITATION

1 MULTI CORE SOFTWARE FOR POWERTRAIN

2 WHAT IS DATA CONSISTENCY

3 IDENTIFICATION OF CONSISTENCY REQUIREMENTS

**4 SUMMARY AND OUTLOOK** 



# SUMMARY AND OUTLOOK

#### WHEN TO PERFORM THE CONSISTENCY TEST?



Consistency stress test will complement the SIL test as a formal way to prove data consistency



### SUMMARY AND OUTLOOK

> Test is based on a formal method to identify consistency requirements

- > It works in context of a project
- > Extension to platform approach is possible by batch processing of different scenarios
- > Piloting Phase within Vitesco Technologies is started





# QUESTIONS?



#### EXAMPLE AND CASE STUDY ENGINE CONTROL FUNCTION – FOR SELF STUDY





































>Consistency sets:  $C_0=\{a,c,e\}, C_1=\{b,d\}$ 



> > Buffering requirements for **a,c,d** 



# **IDENTIFICATION OF CONSISTENCY REQUIREMENTS**



#### **TESTING WORKFLOW**

| Starting point                                                                                                               | ConsisTest model generation                                                                                                                                                                                                                                                                                                                                                             | Testing                                                                                                                                                                                                                                                                                                                             |  |  |  |  |  |
|------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--|--|--|--|--|
| <ul> <li>Standard Simulink SIL model</li> <li>MUT and PRV software is built into an S-function</li> <li>Testcases</li> </ul> | <ul> <li>Replace original S-function with Validator<br/>S-function in the Simulink model</li> <li>Instrument the MUT and PRV software at<br/>the access points</li> <li>Generate Validator glue code, set<br/>parameters of virtual execution platform</li> <li>Build generated and instrumented<br/>software together with Validator library<br/>into a separate executable</li> </ul> | <ul> <li>&gt; Set runtime configuration: test case,<br/>alternative CSs and WCETs, protection<br/>levels for inputs</li> <li>&gt; Run test group</li> <li>&gt; Evaluate results: view report on PAPs and<br/>output comparison</li> <li>&gt; Decide on protection levels of variables<br/>and repeat tests, if necessary</li> </ul> |  |  |  |  |  |

Seamless Workflow in existing Simulink Models



>MUT: periodic (10ms)
>PRV: event-triggered (crank-angle event)



#### >SIL model with test configuration





# >SIL model with test configuration >Apply test configuration on SIL model





#### >SIL model with replaced S-Function



Validator S-Function



# >SIL model with replaced S-Function >Execute test runs

| 4<br>BalancingFuelSupplyRequest            |           |                                         |                   |                   |                                   |  |  |  |  |  |
|--------------------------------------------|-----------|-----------------------------------------|-------------------|-------------------|-----------------------------------|--|--|--|--|--|
| 5<br>BalancingFuelSupplySetpoint           | [         | Run Configuration                       |                   |                   | - 🗆 ×                             |  |  |  |  |  |
|                                            |           | Run Configuration                       |                   |                   |                                   |  |  |  |  |  |
| 6<br>►xternalFuelSupplyRequest             |           | Results base folder C:\Data\SIM_PRJ_FUS | Browse            |                   |                                   |  |  |  |  |  |
|                                            |           | Consistency violation mode access 🔹     | Trace start (sec) | 0 Validator be    | oehavior 💿 Slave 🔿 Zero Exec Time |  |  |  |  |  |
| 7 → sfun_fue<br>ExternalFuelSupplySetpoint |           | Test Nr 1                               | Trace end (sec)   | 0                 | Plant period (ms) 1               |  |  |  |  |  |
|                                            |           | Test Configurations                     |                   |                   |                                   |  |  |  |  |  |
|                                            |           | Consistency set configurations          | Execution tin     | ne configurations |                                   |  |  |  |  |  |
| IDX_CMB_MOD_INJ_MOD                        |           | $\checkmark$                            | ✓                 |                   |                                   |  |  |  |  |  |
|                                            |           | ✓ ID0                                   | ✓ Test1           |                   |                                   |  |  |  |  |  |
| LV_IGK                                     |           |                                         |                   |                   |                                   |  |  |  |  |  |
| 3                                          |           |                                         |                   |                   | Run Close                         |  |  |  |  |  |
| LV_ST_END                                  | Validator | r S-Function                            |                   |                   |                                   |  |  |  |  |  |



### **TEST RESULTS**

| silval - sfun/results/MonitoringResults_19_10_14 File Edit Source Refactor Navigate Search                         |                                   |           |            |                             |            | _         |         | ×   |
|--------------------------------------------------------------------------------------------------------------------|-----------------------------------|-----------|------------|-----------------------------|------------|-----------|---------|-----|
| S S =                                                                                                              | No Launch Configurations          | ∼ on:     |            | ✓ ‡ 1                       | • 🗐        | 6         | - 🔨 - [ | 010 |
| ● - 🗉 🔪 👩 - 😂 - 🔂 - 🚱 - 🔅                                                                                          | - () - 🥵 - 💁 - 😕 😂 🛷 -            |           | n i 🖢 👻    | ┦▼\$> \$> - \$> -           |            | Quick Acc | ess 🔡 🖻 | Ec  |
| Project Ex 💥 🔄 Connections 🖳 🗖                                                                                     | € CTReport.csxmI 🔀                |           |            |                             |            |           |         |     |
| E S   S                                                                                                            | Consistency Mode: MUT Consistency | Violatio  | on Mode: A | Access-based                |            |           |         |     |
| > 👫 Binaries<br>> 🌐 Archives                                                                                       | Module CS-Config CSet             |           |            |                             |            |           |         |     |
| > 🛗 Archives                                                                                                       | Module                            | CS-Config | CSet       | Variable 🔺                  | Protection |           | Test1   |     |
| > 🤁 bin                                                                                                            |                                   |           |            |                             | Used       | Revised   | 10311   | B   |
| ✓                                                                                                                  | fusp_ispclai0_systrig_10mst2      |           |            |                             |            |           |         |     |
| > 🚌 MonitoringResults_19_10_14_111807                                                                              | ⊿ ID0                             |           |            |                             |            |           |         | 1   |
| ✓ 2→ src                                                                                                           | ✓ CS_10ms                         |           |            |                             |            |           |         | E   |
| ✓ ₂→ application                                                                                                   | fusp_ispclai0systrig_10mst2       | ID0       | CS_10ms    | idx_cmb_mod_inj_mod         | test       | ▶test 🔹   |         |     |
| > 🚌 application<br>🕅 CTConfig_default.xml                                                                          | fusp_ispclai0systrig_10mst2       | ID0       | CS_10ms    | lv_st_end                   | test       | ▶test -   | · (     |     |
| x model_data.xml                                                                                                   | ▲ CS_seg                          |           |            |                             |            |           |         |     |
| <ul> <li>&gt; &gt; include</li> <li>&gt; &gt; valgen</li> <li>&gt; h cosim.h</li> <li>CTConfig_sfun.xml</li> </ul> | fusp_ispclai0systrig_10mst2       | ID0       | CS_seg     | BalancingFuelSupplyRequest  | test       | ▶test •   |         |     |
|                                                                                                                    | fusp_ispclai0systrig_10mst2       | ID0       | CS_seg     | BalancingFuelSupplySetpoint | test       | ▶test •   |         |     |
| Inputs.vin Inputs.vin                                                                                              | fusp_ispclai0systrig_10mst2       | ID0       | CS_seg     | ExternalFuelSupplyRequest   | test       | ▶test •   |         |     |
| sfun.ovd val_build_conf.bat                                                                                        | fusp_ispclai0systrig_10mst2       | ID0       | CS_seg     | ExternalFuelSupplySetpoint  | test       | ▶test •   |         |     |
| x val_run_conf.xml                                                                                                 | fusp_ispclai0systrig_10mst2       | ID0       | CS_seg     | lv_igk                      | test       | ▶test •   |         |     |
| ) items selected                                                                                                   |                                   | 1         | 115M of 2  | 256M                        |            |           |         |     |



### **INPUT AND OUTPUT SIGNAL TRACES**





### **TESTING EFFORT CONSIDERATION**

>Run on an INTEL i7 with 2.7GHz and 32GB RAM
>SIL environment setup: ~60min (one time effort)
>One test case execution: 12secs-3.5min (1min avg.)
>Evaluation of test results: ~30min
>On average 5 test cases per module
>One module is on average reused in 10 projects

>Additional testing overhead introduced per module: **140min**