PhD defence: Timing-aware Model-Based Design with Application to Automotive Embedded Systems

Cyber-Physical System (CPS) are systems piloting physical processes, which have become an integral part of our daily life. Model-Driven Engineering (MDE) is widely applied in the industry to develop new software functions and integrate them into the existing run-time environment of a Cyber-Physical System (CPS). MBD provides indispensable means to model and implement the desired functionality, and to validate the functional, the non-functional, and in particular the real-time behavior against the requirements. Current industrial practice in model-based development completely relies on generative MBD, i.e., on code generation to bridge the gap between model and implementation. An alternative approach, although not yet used in the automotive domain is model interpretation. In this thesis, in the place of code generation, we investigate the applicability of model interpretation to automotive software development with a help of a control function design.

The control laws of these software functions typically assume deterministic sampling rates and constant delays from input to output. However, on the target processors, the execution times of the software will depend on many factors such as the amount of interferences from other tasks, resulting in varying delays from sensing to actuating. The existing approaches support the simulation of control algorithms, but not their actual implementation.  Further, in the thesis, we present the CPAL model interpretation engine running in a co-simulation environment to study control performances while considering the run-time delays. The main advantage is that the model developed for simulation can be re-used on the target processors. Additionally, the simulations performed at design phase can be made realistic in the timing dimension using timing annotations inserted in the models to capture the delays on the actual hardware. Introspection features natively available facilitate the implementation of self-adaptive and fault-tolerance strategies to mitigate and compensate the run-time latencies.

As the processing power is increasingly available with today’s hardware, other concerns than execution performance such as simplicity and predictability become important factors towards functional safety objective. The motivation towards predictable execution behavior, we revisited FIFO scheduling with offset and strictly periodic task activations. The execution order in this case is uniquely and statically determined. This means that whatever the execution platform and the task execution times, be it in simulation mode in a design environment or at run-time on the actual target, the task execution order will remain identical. Beyond the task execution order, the reading and writing events that can be observed outside the tasks occur in the same order. This property, leveraged by our MBD environment CPAL design flow provides a form of timing equivalent behavior between development phase and run-time phase that eases the implementation of the application and the verification of its timing correctness.