2 - PDF Free Download

Undecided EU Sales&Support Sumitomo Deutschland GmbH EU/Germany General Agent Undecided India Sales VRAIC China Sales GAIO Technology Tokyo,Japan Sales&Support R&D GAIO Inc USA/North America Sales 6

AUTOSAR ISO26262 13

AutomotiveSPICECMMI AUTOSARADL AUTOSAR ISO26262 15

17 HILS ( ) Plant ( ) + (PC) Plant ( ) + () Plant ( ) + () Plant () + ( ) Plant ( ) + ( ) Plant () + HILS

JMAAB 20

MILS/SILS SPILS OS Vin DC = 130 L1_VALUE = 10mH L2_VALUE = 0.166mH D1 TX1 D1N4933 D2 D1N4933 L1 1 2 20uH C3 0.1u R1 130 OUT X1 C1 4 ZX + 1 200u 5-2 Reference Load Vload DC = 1 C2 0 Q1 0.5n 2N6547/TO R2 Vsw 100 D3 D1N4933 0 0 0 0 TRAN = pulse(0 1 5u 0.05u 0.05u 12.5u 25u) Rf 100Meg 0 3 Rref 1 0 0 0 Virtual World Real World + HILS FPGA HILS 21

Plant ( ) RTW-EC a.c a.c s.c d.c a.c ( ) m.c obj-m ( ) 100% obj-d TP-D obj-e 100% (obj-e) TP-M + Plant ( ) ( ) PF 23

dll dll S-function RTW Plant ( ) dll RTW-EC Obj S-function Plant ( ) 24

2 MILS/SILS 2 MILS/SILS MILS/SILS D E C A B 2 ECU1 D A HW C E B ECU2 ECU3 1 1 MILS/SILS HILS SS SILS/PILS ECU ECU1 ECU1 ECU2 ECU2 ECU3 ECU3 1 1 MILS/SILS PILS /HILS SILS/PILS ECU ECU1 ECU2 ECU3 ECU1 ECU2 MILS/SILS 1 1 ECU3 PILS /HILS BSW HW VFB: Virtual Functional Bus RTE: Run-time Environment 25

OEM OEM GM OEM AUTOSAR 4.X AUTOSAR JasPar 26

ODE + ODE Simulink DAE ODE Simulink or DAE Modelica 32

x := 2+y; f = m * a; ( ) 33

IEC 61508 Derivates Safety Standards - IEC 61508 (Meta-Standard) - ISO TR 15497: MISRA Guidelines - ECSS-E-40A (EU, Space) - RTCA DO-178B (Aerospace SW, V&V) - SAE APR 7451 (Aerospace, HW) - NASA-GB-1740,13-96 (SW-Guidebook) - Def Stan 00-55 (Military) - IEC 60880 (SW in Nuclear Power Plants) - AUTOSAR Safety Function - ISO13482 ( ) - IEC62278, EN 5012x () - IEC62304 ( ) IEC60601 1-4 (Medical) - ISO10218 ( ) - IEC61311-6 (PLC) - IEC62061 () - IEC61800 ( ) - IEC61784-3 ( ) - EN81-1 () - IEC61511 () - IEC61513 () - ISO EN 12100 (Machinery) - ISO26262 (Automotive) Specific Design Instructions - Standardised E-Gas-Safety Concept - Type Approval Regulations: ECE R13(H) Annex 18(8), ECE R79 Annex 6 Assessment Models - IEC 15504 (SPICE) - CMM(I) Quality Standards - ISO 16949 (automotive) - VDA Band 3.1 und 4.ff - DIN EN 60300-2(Reliability Management) - VDI 4001-10: Technical Reliability Engineering Standards - ISO/IEC 12207 (SW-Process) - V-Model Functional Safety in the Automotive Industry, Process and methods BMW AG, RELNETyX AG 36

BTB Back-to-back BTB 44

MC- Checker winams OEM CarSim CANalyzer Vector u ucarsim ucanalyzer MC-Checker winams 45

46-6-5 6-6 6-7 6-8 6-9 6-10 6-11 6-AnnexC ALM

21% 3 32 28% 12 30 17 12 6 13 11 2 10 ET2008 4 48

() etc ( ) etc 49

Reactis M Export BTB MILS SPILS 53

EmbeddedTester M (MC/DC) BTB Convert/export MCC SPILS BTB 54

56 Task Task2 Task 2 (VFB) (RTE) (RTE) Task Task2 Task OS NW OS NW NW ECU ECU2 ECU CAN LIN GW ECU ECU t task1 task2 task3 FlexRay

TargetLink P Q P Assumption true Sig sig1 sig2 sig3 Property sig1 sig3 Property sig2 58

JFPSLP Jean-Raymond Abrial, Modeling in Event-B 59

BTC Embedded Specifier exmotion USDM TargetLink P Q P Assumption EmbeddedValidator 60

ECU P Q P Q BTC EmbeddedTester C-Observer EmbeddedTester M Convert/export (MC/DC) BTB MCC SPILS 61 BTB

,, ISO/DIS 26262 Fault= 68

INT + fault DF DF: detected fault fault DF reset 69

70 FMC0 FMC1 FMC2 FMC3 FMCn FME0 FME1 FME2 FME3 FMEn DF0 DF1 DF2 DF3 DF4 DFm

/ DI/EI» 74

(a) B A 11 A 12 + B 1 (b) A 11 A 12 B 1 (c)»? 77

= 100% 78 78

Software Module (OS independent SystemSimulator Task1 Taskn OS Interrupt handling module Input test case for interrupt handling modules Cause interrupt Setting Save/load class of interrupt Timing of interrupt interrupt testing point Interrupting test point will be identified automatically Test case for interupt handling module Shared resources SFR Memory Register Information on behavior of interrupt Show Save/load Calculate and view coverage I0: 100% I1: 90% Event log Coverage information 79