Günter Ehmen and Kim Grüttner and Björn Koopmann and Frank Poppen and Philipp Reinkemeier and Ingo Stierand
SAE World Congress Experience (WCX'18)
The application of digital control in the automotive domain clearly follows an evolution with increasing complexity of both covered functions and their interaction. Advanced Driver Assistance Systems (ADAS) and Automated Driving Functions (AD) comprise modular interacting software components that typically build upon a layered architecture. As these components are generally developed by different teams, using different tools for different functional purposes and building upon different models of computation, an integration of all components guaranteeing the satisfaction of all requirements calls for coherent handling of timing properties.
We propose an approach addressing this major challenge, which consists of four design paradigms. A compositional semantic framework – based on a notion of components, their interfaces and their interaction – provides the common ground. Equipped with well-defined semantics allowing to express specifications in terms of contracts, and together with also well-defined operations (such as decomposition and refinement), the framework gives means to all typical design steps in the considered application domain. The second paradigm consists of a carefully selected set of contract specification patterns covering a multitude of relevant timing phenomena. The third paradigm concerns the embedding of different models of computation into the framework, lifting them into a common semantic domain. The fourth design paradigm provides for integrating models of computation by means of interaction components. All those paradigms are well-known in academia or industrial practice. Although we have extended them where needed in order to fit the particular needs of ADAS/AD design, it is foremost their interplay which is the novelty of our approach.
The application of the approach is exemplified by an industrial motivated case study of an emergency stop system. In the course of this demonstration we show that coherent treatment of time and timing effects in ADAS/AD design is indeed possible and can be integrated in typical industrial processes.