SE@RWTH : Case Study on Component and Connector Views

Case Study on Structural Views for Component and Connector Models

V. Bertram S. Maoz, J.O. Ringert, B. Rumpe, and M. von Wenckstern

Additions to Sections

C&C Views Definitions (Section II. Background)
Example Process with Focus on Challenges Traceability and Evolution (Section IV. Preliminary Study)

Public Demonstrator Simulink Models by Daimler AG

All these models are public demonstrator models, and are not used directly in the automotive software. These models have been slightly modified to remove important intellectual properties (e.g. car specific configuration parameters have been replaced by other numbers). The main purpose of this models is to give universities an insight how C&C modeling is done in industry.

An overview about the statistical data of the Simulink models is available here.

Public Requirement Documents by Daimler AG

C&C Views created by Domain Experts

An overview about the statistical data of the Views and their Witnesses Sizes for ADASv1 and ADASv4 is available here.

Highlighted Simulink Models for Tracing Requirements

Here we added the Simulink models which the domain experts colored by orange to highlight the important Simulink block diagrams of the corresponding requirement. This evaluation has been done on ADASv4.

FA-4 If the distance to the vehicle ahead falls below the specified speed-dependent safety distance (see FA -78), the vehicle brakes automatically. The maximum deceleration is 5m/s².
FA-86 The adaptive cruise control system has to calculate the distance (time) to the vehicle ahead and has to issue the following warnings depending on the calculated value:
- FA-81:Acoustic alarm if the actual distance is less than (current speed / 3.6) * t.
- FA-82:Visual warning if the actual distance is less than (current speed / 3.6) * t2.
FA-21 If no speed was set since the last start of the motor and the cruise control lever is pulled, the current vehicle speed is used as speed set point. If the current vehicle speed is below 20km/h, the speed is not adopted as speed set point and the cruise control is not activated.
FA-68 If the driver presses the speed limiting lever downwards beyond the first resistance stage (i.e. beyond the pressure point) and speed limit function is activated, the speed limit is decreased to the next ten’s place (e.g. starting speed limit 57 km/h -> target speed limit 50 km/h).Tracing shows that requirement is NOT satisfied!
FA-77 If a road sign indicating a speed limit of F km/h according to the local traffic laws (maximum permissible speed) is recognized when driving with activated speed limit function, the speed limit is set to the value F.

Time Statistics for View Verification and Witnesses Generations

These statistics show what models satisfies which views and how much time was needed by the verification and witness generation process.

Translated Simulink Models

Advanced Driver Assistance System version 1: MontiArc Model, renamed C&C Model
Advanced Driver Assistance System version 2: MontiArc Model, renamed C&C Model
Advanced Driver Assistance System version 3: MontiArc Model, renamed C&C Model
Advanced Driver Assistance System version 4: MontiArc Model, renamed C&C Model
Adaptive Exterior Light System Model: MontiArc Model, renamed C&C Model

Further background information

Since the C&C View Verification Tool only works on MontiArc models, these Simulink models must be translated into MontiArc ones.

The first bachelor thesis report (David Ernst) shows how derive a block execution order for MontiArc models which has the same properties as Simulink's slist or elist command. Based on this derived block execution order, we can generate Java code to execute the MontiArc models and they produce for the same input values the same output values as the Simulink models. This way we can later test whether our transformation from Simulink to MontiArc was successful (we need to provide for each used atomic Simulink block such as Relational Operator, Logical Operator, Unit Delay, and so on, a Java implementation of this class).

The second bachelor thesis report (Stefan Brunecker) shows the actual algorithm how to transform Simulink models to MontiArc models. One of the challenges was that Simulink does not only exchange data between subsystem's ports but also control-flow information (e.g. if, enabled, triggered subsystems) which is not supported in MontiArc, and so these blocks must be transformed. Another challenge was that in Simulink subsystems can exchange information using global variables (data store memory, data store read, and data store write blocks); they must be replaced by input and output ports of subsystems. The complication began in combination with the control-flow-components since than the variables are not every time updated and this can result in very complicated transformations. Another part of the transformation was to remove the Simulink buses (bus creator, and bus selector blocks), since they are only used for graphical groupings so that large models are still readable, and have no semantical meaning at all in the textual MontiArc language

main page about us - staff - activities - teams - how to find us teaching - lectures - bachelor theses - master theses research - projects publications - by topic - books - ph.d. theses jobs - research (WiMi) - students (HiWi) - industrial cooperation videos		Case Study on Structural Views for Component and Connector Models V. Bertram S. Maoz, J.O. Ringert, B. Rumpe, and M. von Wenckstern Additions to Sections C&C Views Definitions (Section II. Background) Example Process with Focus on Challenges Traceability and Evolution (Section IV. Preliminary Study) Public Demonstrator Simulink Models by Daimler AG All these models are public demonstrator models, and are not used directly in the automotive software. These models have been slightly modified to remove important intellectual properties (e.g. car specific configuration parameters have been replaced by other numbers). The main purpose of this models is to give universities an insight how C&C modeling is done in industry. Advanced Driver Assistance System version 1 Advanced Driver Assistance System version 2 Advanced Driver Assistance System version 3 Advanced Driver Assistance System version 4 Adaptive Exterior Light System Model (it is in German) An overview about the statistical data of the Simulink models is available here. Public Requirement Documents by Daimler AG Original German Requirements of ADAS version 1 and Adaptive Exterior Light System Model Original German Requirements of ADAS version 4 and Adaptive Exterior Light System Model Translated Requirements of ADAS version 4 and Adaptive Exterior Light System Model (done by TUM) C&C Views created by Domain Experts 17 Views of ADAS version 1 inclusive original German Daimler Requirements and their English Translation 26 Views of ADAS version 4 inclusive original German Daimler Requirements and their English Translation 7 Views of ALS inclusive English Translated Requirements (C&C names as well as port names are in German) An overview about the statistical data of the Views and their Witnesses Sizes for ADASv1 and ADASv4 is available here. Highlighted Simulink Models for Tracing Requirements Here we added the Simulink models which the domain experts colored by orange to highlight the important Simulink block diagrams of the corresponding requirement. This evaluation has been done on ADASv4. FA-4 If the distance to the vehicle ahead falls below the specified speed-dependent safety distance (see FA -78), the vehicle brakes automatically. The maximum deceleration is 5m/s². FA-86 The adaptive cruise control system has to calculate the distance (time) to the vehicle ahead and has to issue the following warnings depending on the calculated value: FA-81:Acoustic alarm if the actual distance is less than (current speed / 3.6) * t. FA-82:Visual warning if the actual distance is less than (current speed / 3.6) * t2. FA-21 If no speed was set since the last start of the motor and the cruise control lever is pulled, the current vehicle speed is used as speed set point. If the current vehicle speed is below 20km/h, the speed is not adopted as speed set point and the cruise control is not activated. FA-68 If the driver presses the speed limiting lever downwards beyond the first resistance stage (i.e. beyond the pressure point) and speed limit function is activated, the speed limit is decreased to the next ten’s place (e.g. starting speed limit 57 km/h -> target speed limit 50 km/h).Tracing shows that requirement is NOT satisfied! FA-77 If a road sign indicating a speed limit of F km/h according to the local traffic laws (maximum permissible speed) is recognized when driving with activated speed limit function, the speed limit is set to the value F. Time Statistics for View Verification and Witnesses Generations These statistics show what models satisfies which views and how much time was needed by the verification and witness generation process. Advanced Driver Assistance System version 1 Advanced Driver Assistance System version 2 Advanced Driver Assistance System version 3 Advanced Driver Assistance System version 4 Adaptive Exterior Light System Model Translated Simulink Models Advanced Driver Assistance System version 1: MontiArc Model, renamed C&C Model Advanced Driver Assistance System version 2: MontiArc Model, renamed C&C Model Advanced Driver Assistance System version 3: MontiArc Model, renamed C&C Model Advanced Driver Assistance System version 4: MontiArc Model, renamed C&C Model Adaptive Exterior Light System Model: MontiArc Model, renamed C&C Model Further background information Since the C&C View Verification Tool only works on MontiArc models, these Simulink models must be translated into MontiArc ones. The first bachelor thesis report (David Ernst) shows how derive a block execution order for MontiArc models which has the same properties as Simulink's slist or elist command. Based on this derived block execution order, we can generate Java code to execute the MontiArc models and they produce for the same input values the same output values as the Simulink models. This way we can later test whether our transformation from Simulink to MontiArc was successful (we need to provide for each used atomic Simulink block such as Relational Operator, Logical Operator, Unit Delay, and so on, a Java implementation of this class). The second bachelor thesis report (Stefan Brunecker) shows the actual algorithm how to transform Simulink models to MontiArc models. One of the challenges was that Simulink does not only exchange data between subsystem's ports but also control-flow information (e.g. if, enabled, triggered subsystems) which is not supported in MontiArc, and so these blocks must be transformed. Another challenge was that in Simulink subsystems can exchange information using global variables (data store memory, data store read, and data store write blocks); they must be replaced by input and output ports of subsystems. The complication began in combination with the control-flow-components since than the variables are not every time updated and this can result in very complicated transformations. Another part of the transformation was to remove the Simulink buses (bus creator, and bus selector blocks), since they are only used for graphical groupings so that large models are still readable, and have no semantical meaning at all in the textual MontiArc language Ernst, David: Transformation von MontiArc-Modellen zu Kontrollflussgraphen, 2016 (it is in German) Brunecker, Stefan: Transforming Simulink Models to MontiArc Models, 2016