KOSTAL Asia R&D Center Receives ISO 26262 ASIL D Certification for Automotive Software Developed with Model-Based Design
Challenge
Develop automotive electronic steering column lock software and certify it to the highest-level functional safety standard
Solution
Use Model-Based Design to design, implement, and verify the application software via back-to-back PIL testing required for ISO 26262 ASIL D certification
Results
- Development and certification time cut by 30%
- 80% of errors identified in modeling phase
- PIL test framework for ISO 26262 established
The rapid growth of the automotive industry in China has spurred demand for more sophisticated and more mature automotive technologies. An increasing number of OEMs, for example, are starting to require their suppliers to certify products to the ISO 26262 functional safety standard.
KOSTAL Asia R&D Center, a subsidiary of KOSTAL Group, recently became the first company in China to obtain ISO 26262 Automotive Safety Integrity Level (ASIL) D certification for a locally developed product. Though focused on R&D, the center has comprehensive product development capabilities and is responsible for selecting and tailoring tools and methods based on local customers’ requirements. KOSTAL achieved the highest level of functional safety certification under ISO 26262 for its electronic steering column lock (ESCL) module. The center’s engineers designed, developed, and tested part of the ESCL application software using Model-Based Design and with support from MathWorks engineers.
“MathWorks engineers helped us make the transition to a development process that supports ISO 26262 certification one step at a time,” says Cheng Hui, platform and process manager at KOSTAL Asia R&D Center. “Model-Based Design with MATLAB and Simulink enabled us to speed development by verifying our design early and reducing the manual work associated with the verification, validation, and reporting tasks needed for certification.”
Challenge
An automotive ESCL prevents theft by locking the steering wheel when the vehicle is parked. Because of the dangers such a system could cause if it erroneously locked the wheel while the car was moving, ESCL software must be developed to ISO 26262 ASIL D, the highest functional safety standard.
To achieve this goal, KOSTAL needed to fulfill all ISO 26262 ASIL D requirements, including the verification of software via back-to-back testing that includes software-in-the-loop (SIL) and processor-in-the-loop (PIL) tests on the automatically generated code. KOSTAL engineers needed support to rapidly establish the necessary framework.
Solution
KOSTAL used Model-Based Design with MATLAB® and Simulink® to develop the ESCL application software and certify it to ISO 26262 ASIL D.
The company worked with MathWorks engineers to establish a PIL testing framework and to provide training to software development team members who were new to Model-Based Design.
Working in Simulink and Stateflow®, KOSTAL engineers developed a model of the ESCL software application layer, which included a finite state machine to define the sequential decision logic.
The group created modeling standards based on MathWorks Automotive Advisory Board (MAAB) guidelines and used Simulink Check™ to ensure that their model complied with the standards.
They ran simulations in Simulink to verify the functionality of the design, and used Simulink Coverage™ to measure model coverage of the functional tests.
Using Simulink Design Verifier™ they applied formal methods to identify dead logic and other design errors in the model.
The engineers generated C code from the ESCL model using Embedded Coder®. They used Polyspace Code Prover™ and Polyspace Bug Finder™ to check the generated code and handwritten code for run-time errors.
They then ran back-to-back PIL tests using the generated code and compared the test results in MATLAB.
To streamline the certification process, the engineers used IEC Certification Kit for ISO 26262 and IEC 61508. They qualified several tools for certification, including Embedded Coder, Simulink Coverage, Polyspace Bug Finder, and Polyspace Code Prover.
The ESCL is ISO 26262 ASIL D certified and has been approved for production by one of the largest car manufacturers in China. Model-Based Design is now the preferred approach for projects requiring functional safety certification at KOSTAL.
Results
- Development and certification time cut by 30%. “Without Model-Based Design, we would have needed at least 30% more time to develop and certify the ESCL application software,” says Hui. “We saved time and effort by generating efficient code that satisfied all our speed and memory requirements.”
- 80% of errors identified in modeling phase. “Using Model-Based Design, we identified and resolved 80% of logic and functional errors in the model development and simulation phase,” Hui says. “This early verification, combined with Polyspace static analysis, saved considerable validation and testing effort.”
- PIL test framework for ISO 26262 established. “We use Model-Based Design for the application software. According to ISO 26262, the automatically generated code should be tested using PIL. MathWorks engineers provided us with exceptional support in establishing a back-to-back PIL testing framework,” says Hui. “That framework was instrumental in our ability to achieve ISO 26262 certification on schedule.”