cps verification cps week.pptable/acps2011/presentations/7_butts.pdf · verification of...

Toyota’s Direction

Infrastructure integration

Our sustainable mobility strategy Our sustainable mobility strategy includes products, partnerships, the includes products, partnerships, the urban environment and energyurban environment and energyurban environment and energy urban environment and energy solutions.*solutions.*

*Toyota 2010 North American Environmental Report Highlights*Toyota 2010 North American Environmental Report Highlights

Toyota Technical CenterPowertrain Control – Model based Development

1Vehicle technologies

Toyota 2010 North American Environmental Report HighlightsToyota 2010 North American Environmental Report Highlights

Presentation FlowPresentation Flow

1. Development Challenges1. Development Challenges2. Focus on Verification and Validation3 Open Challenge: Engineering Processes for3. Open Challenge: Engineering Processes for

Verification and Validation of Cyber-Physical Systemsy

CPS Week 2011Toyota Technical Center

Powertrain Control – Model based Development

2

Product Direction: Today’s Complexity - system scale

- variations

Environment

LEXUS LS460 …• 100 Electronic Control Units (ECUs) or more• Program size of seven million lines

catio

n

Large-scale and Comp

Engine control

Auto cruise controlAir conditioner control

Nikkei business (September, 2006)

umbe

r of

pag

es o

f ng

ine

cont

rol s

peci

fic

Transmission control

Vehicle integration control

Suspension control

Power steering control

S f t

1988 1997 2002 2005 2007

nu en

Hybrid control

Suspension control

Brake control

Electric power control

AWD control

Safety Comfort

Control, integration, and complexity are accelerating in order to improve vehicle f d id f t

In-vehicle control systems


performance and provide new features.

3

Product Direction: Tomorrow’s Complexity: Cyber-Physical Systems- Vehicle to Infrastructure and Vehicle to Vehicle

C lli i A id d C ti D i i- Collision Avoidance and Cooperative Driving I2VInfra struc ture

V 2VC oop erat ion

P ath P lannin g

B ehav ior

N o m inal Path M ap

V 2VS afety M app in g

R eg ulat ion L oca liz at ion

C oll ision-F ree P ath

M ap

Veh ic le St a te Ob sta cles

P hy s ic al

G P S , R ada r, C am er a

A ct uator M ove m en ts

M eas urem e nts

CPS: distributed computation nodes operating in a control hierarchy that interact ith th hi l ’ h i l i l ti t id iti l f ti

V ehicle 3 C ontro l le r

Veh ic le 2 C on tro ller

V ehicle 1 C ontro l le r


with the vehicle’s physical processes in real-time to provide critical function.

4

Today’s Situation: Control Development Process OverviewToday s Situation: Control Development Process Overview

Insufficient requirement analysis and test designHigh possibility of re-design and re-evaluation

Focus on right hand side of V-processInefficient V&V due to exhaustive experiment with the actual product

Huge number of tests and more difficult evaluation

Market ProductNew

knowledge

gApproaching the limits of human power

Packagetest

needs strategyknowledge

Changedtarget

Req. analysis

System design

Control designPrototypingsystem

Req.analysis Evaluation

Spec C-code

Mass Production Phase Advanced Phase Very Advanced Phase

MassProduction

Small multiple V-processes are executed on big multiple V-processes


5

Consequence of Development Complexity

H

Getting larger and more complex control system

Development in shorter time

Heavy workload

Globalization,Fuel economy

Lack of researchLack of research for new development

method or process

Conventional development Low efficiency

A shift in paradigm is needed to overcome the above “Demon Cycle”Toyota has been pushing ahead with MBD as an essential solution.


Toyota has been pushing ahead with MBD as an essential solution.

6

Model-Based Development: Basic Tooling

Virtual WorldValidation

Control SoftwareSpecification=

Engine PerformanceSpecification=

Plant Model Controller ModelSILS / MILS

Combination

Plant Model Controller Model

HILSRapid Prot. ECU

Plant(Engine, Transmission etc.)

Controller(Hardware, Software)

Real World

Combination

Validation


Real World

7

MBD Focus areas

1.1. Process and Information ManagementProcess and Information Management

22 Plant ModelingPlant Modeling2.2. Plant ModelingPlant Modeling

3.3. ModelModel--based control designbased control design

4.4. CalibrationCalibration4.4. CalibrationCalibration

5.5. Verification and ValidationVerification and Validation


8

Verification and ValidationSt t- Strategy -

1. V&V process(ex. Hierarchical verification, Requirements specification)

2. Verification with advanced techniques(ex Automated test generation Formal methods)

Req. analysis

System design Calibrationand Test

Control systemreq. spec Product

(ex. Automated test generation, Formal methods)

3. Efficient Validation including experiment(ex. Software structural analysis, Defect cause exploration)

Control design Integration

Control systemdesign spec

Control softreq. spec

ECU

and Test

( y , p )

4. V&V environment(ex. Integrated V&V environment, Test-reuse, Test Automation Data Base) Code gen.

Control softdesign spec

C-code

Control design Integration

Renew development process by applying advanced V&V technologies to improve: Quality - no defects allowed in product Efficiency - minimized development cost


Efficiency minimized development cost

9

Verification and Validation- Needs and technologies -

CPSCPS

Vehicle

Problem scaleLine Off

bl lit

CPSCPS

HILS

Unit

- able quality

No hesitation in coldenvironment

O tp t e o of the

System

(Closed-loop)

SILS

Gap

Output error of thesystem shall be lessthan 5%

Needs found in the actual development

Feature Output error of the featureF l th d

Automated test generation

Existing “advanced” technologies

ModuleVagueness ofrequirement

Output error of the feature shall be less than 5%

Output of the function is always in certain range

Formal methodsSoftware


Quantitative/Static(ex. Logic)

Quantitative/Dynamic(ex. Trajectory)

Qualitative/Dynamic（ex. hunting）

Sensibility（Quickness）

10

Verification of Cyber-physical systems (e.g. collision avoidance)• The systems are vastly heterogeneous in nature. What mathematical or modeling

t ti h ld b d t d it lid ti d ifi ti ?representations should be used to admit validation and verification?• The systems are complex. What is the maximum complexity that can be validated and

verified? How do we quantify complexity? • Given detailed design models of the system components (these are the most readily available g y p ( y

in today’s processes) how does the engineer properly abstract the models to satisfy the complexity constraint?

• The system functionality is hierarchically structured. Are there validation and verification techniques that accommodate (and possibly exploit) this structure?techniques that accommodate (and possibly exploit) this structure?

• The systems are comprised of outside elements (e.g. infrastructure, unknown vehicles) that cannot be brought in-house for analysis or testing. How do we parameterize the outside element’s performance envelope for validation and verification?The s stems rel on loss ireless comm nication Ho do e characteri e the orst case• The systems rely on lossy wireless communication. How do we characterize the worst-case scenarios so that we can validate and verify the dynamic behavior of the system?

• This system configuration is multi-agent and dynamic. How do we validate and verify given the untold number of agent scenarios?

• The systems are subject to malicious interaction. How do we validate and verify the system’s countermeasures?

• The vehicle performance envelopes are subject to several uncertain parameters such as weight, road coefficient, road grade, tire wear. Are there validation and verification techniques


weight, road coefficient, road grade, tire wear. Are there validation and verification techniques able to accommodate these uncertainties?

11

Open Challenge: Engineering Processes for Verification and Validation of Cyber-Physical Systemsy y y

a) We propose a community challenge to:a) describe what it means to validate and verify cyber-

physical systems in concrete terms,b) develop engineering processes that practicing engineers

can use to conduct the validation and verification, and) t k b bli hi t i th l dc) track progress by publishing metrics on the scale and

complexity of systems than can be validated and verified using the processes.

b) Collision avoidance systems could be used as a representative application test-bed:a) much of the work is already government sponsored anda) much of the work is already government sponsored, andb) the benefits are societal.


12

Perhaps we need to generate a Moore’s Law for Validation and Verification of Cyber-Physical Systems ?

Thank youThank you


13

cps verification cps week.pptable/acps2011/presentations/7_butts.pdf · verification of...

Documents