ISO 26262 compliant verification of functional requirements in the model-based software development process

The model-based software development process is generally accepted in the automotive and aerospace domain. More or less seamless tool-chains support the model-based approach in order to help improving the functional safety aspects of such processes while keeping the efficiency under growing complexity concerns. In the last decade, fundamental progress and improvements in the area of modelling, simulation and automatic code generation have been achieved. Even in the area of fully automated structural testing, various solutions have been successfully entered the tool-chains. Concerning the verification of functional requirements in the model-based domain, there is still big room for improvements. Especially the demand of having an automatic, scalable approach for functional testing and formal verification is not yet achieved. This paper presents an automatic approach that has been developed in order to efficiently support international standards regarding functional safety, like ISO 26262 for automotive. It presents an integrated method to use automatically synthesized C-code observer fragments from formalized specifications. Then requirements based functional test and formal verification can be almost automated as the synthesised C-code observers are automatically embedded into a test and verification tool environment. This includes the model, code and object code levels such that a very general use of C-observers can be shown. The automation of this approach includes the requirements-based test case generation, automatic test execution and analysis, as well as test quality measurement and coverage of requirements. The described method effectively and smoothly fits into the framework of software quality standards as it is for instance specified in the new automotive standard for functional safety ISO 26262. The approach has already been implemented in a first version for the Matlab/Simulink tool chain on top of the production code generator TargetLink from dSPACE. Further future potential of such observer technology, for instance 'embedded diagnostics' by using C-observers, will also be discussed. ISO 26262 compliant verification of functional requirements in the MBD process 2 1 Field of Application The presented method has been introduced within a widely used model and auto code based testing and verification tool environment as an extension to enable automatic requirements based testing. The testing tool environment’s main use case in the past was the automatic structural back-to-back testing between MiL, SiL and PiL including full automatic structural test vector generation to ensure a maximum model and code coverage up to MC/DC. This approach allows to automatically test all development steps from the model level down to the implementation level. It finally lifts testing up to the model level, hence called model based testing. The model based approach is in the main focus of this development and test environment, but even any kind of C-Code resulting from other code generation and even hand written code sources is supported. The main use case structural back-to-back testing is supporting the recommended ISO 26262 methodology and has been certified by an independent certification body to be “suitable for purpose” for all defined ASILs from A to D. This touches an important described method of the ISO 26262, but requirements related testing methodologies of the ISO 26262 are not automated by this back-to-back testing approach. In order to enable more automatic testing for requirement-based testing of the testing tool environment an extension to the former introduced main use case is described in the following chapters. Two main topics are addressed. First, the new extension shall cover all important recommendations of the ISO 26262 concerning requirements based testing, and second it shall automate the testing as much as possible within the MBD Process. This new approach has been introduced successfully in the automotive domain last year in Germany and Japan. First results are very promising regarding three aspects: • Smooth integration in the existing testing process