Systems engineering is
the interdisciplinary field
of engineering focusing
on how complex
engineering projects
should be designed and
managed over their life
cycles
Quality attributes:
usability, efficiency, reliability, maintainability, reusability
different qualities can conflict
increasing efficiency can reduce maintainability
increasing usability can reduce efficiency
Usability
Users can learn it and fast and get their job done easily
Efficiency
It doesnt waste resources such as CPU time and memory
Reliability
It does what it is required to do without failing
Maintainability
It can be easily changed
Reusability
Its parts can be used in other projects, so reprogramming
is not needed
9
What is Automotive Software Engineering?
Process models:
Capability Maturity Model Integration (CMMI)
Software Process Improvement and Capability Determination
(SPICE)
V-Model
Standards:
IEC 61508 (Functional Safety standard)
ISO26262 (Functional Safety standard)
MISRA-C
Waterfall model
Agile software development
Prototyping
Incremental development
Rapid application development
V-model
Waterfall model
requirements engineering
V&V
design
V&V
implementation
V&V
testing
V&V
maintenance
V&V
Waterfall model
Document oriented
Suited for (very) large projects (> 50 people)
Too many design activities during coding and testing
Comprehensive documentation
ESA Life cycle:
User Requirements Software Project
Document Management Plan
Software Requirements Software Configuration
Document Management Plan
Architectural Design Software Validation and
Document Verification Plan
Detailed Design Document Software Quality
Assurance Plan
Software Transfer Document
Meeting minutes
Project History Document
Progress reports
Feb 2009 17
Software development model
See http://agilemanifesto.org/
Agile methods
Individuals and interactions are more important than
processes and tools
Working software is more important than comprehensive
documents
Customer collaboration is more important than contract
negotiation
Responding to change is more important than following a
plan
XP practices
Co-location
Self organizing teams
Pair programming
Collective code ownership
Working software
User stories
Unit testing
Continuous build and integration
Customer collaboration
Scrum: Prioritized backlog of user stories
Must be accessible for questions
Frequent delivery of working software
Acceptance testing
Agile methods
No extensive architectural or design phase
No energy spend on documentation
design design
implementation implementation
testing testing
maintenance
Advantages of prototyping
Resulting system is easier to use
Resulting system has less features
User needs are better accommodated
Design is of higher quality
Problems are detected earlier
Resulting system is easier to maintain
Development costs less effort
Disadvantages of prototyping
Resulting system has more features
Design is of lower quality
Performance of resulting system is worse
Resulting system is harder to maintain
Team members should be more experienced
Prototyping
Is useful in situations with unclear or ambiguous
requirements
Is useful in when emphasis is on user interface
Users and designers must be aware of pitfalls
Must planned and controlled
Incremental development
Incremental development
First focusing on essential features
Additional functionality is only included if needed
Resulting systems are leaner but provide sufficient
support to the user
V-model
Implementation Phase
This is the phase of the project during which the actual
physical work is performed.
Construction of the equipment occurs during this
phase, as does the programming of the software.
Note that the Implementation Phase is the turning
point of the V-model. At this point, all the tasks turn
from specification of what is supposed to happen to
verification of what actually happens.
Very critical that any RFI and As-built information is
recorded and worked back into the detailed design
documents!
Underlying principles
Independence of methods and tools
Independence of organizations
Separation into submodels
Orientation to activities and products
Adaptability of the model
Regulations on 3 levels
Procedure (what)
Allocation of methods (how)
Functional tool requirements (what)
Procedure
What has to be done:
Activities to be carried out
Results that have to be
produced
Content of the results
Roles
Lifecycle process
model
Tailoring
No important document is forgotten
Tailoring relevant for tendering
Selection of the necessary activities and products
Deletion conditions
The resulting subset of the Lifecycle is put together in the Project
Manual
Technical Tailoring
Adapting to conditions during the course of the project
Software development
SD1-System Req. analysis
Description of the requirements of the system and its
environment,
Risk Analysis, and
User requirements
SD2System design
Segmentation of the system into SW/HW
SD3-SW/HW requirement analysis
Detail Technical Requirements
SD4-Preliminary SW design
Structuring of the interfaces and interaction of SW components
Software development
SD5-Detailed SW design
Description of functionality, Data administration and error
handling of SWC
SD6-SW implementation
Coding in chosen programming language
SD7-SW integration
Integration of modules
SD8-System integration
Integration of SW and HW components
SD9-Transition to utilization
Activities for Deployment into Production
SWD 1 SWD 9
System
Requirements Analysis System
System Requirements
and Design Integration
System Design
System Integration
Plan
Segment
DP Requirements SWD 2 SWD 8 Manual
DP Design
Information
DP Integration Plan DP DP Integration
Requirements Analysis
and Desgin
Program
SW Requirements
SWD 3 Documents
SWCI
Integration (SWCI)
SW Requirements
Analysis
SWD 7 SWCI
SW Inte-
gration
SWD 4 Program Documents
SW Architecture
(Component)
Interface Design
SWCI Integration Plan Preliminary Component
Design
Integration
Component
Data-Dictionary
SWD 5
SW Design Program Documents
Detailed (Module)
Design
Module
SWD 6
Implementation Legend:
Proof
activities
(see QA)
SWD
Activity
Quality assurance
QA1-Initialization
Generated the QA and Assessment Plan
QA2-Assessment Preparation
Generation of unambiguous Assessment specification and
procedures & Req. of Assessment Environment
QA3-Process Assessment of Activities
Specified procedures were adhered to during the realization of an
activity
QA4-Product Assessment
Assessment with respect to the formal criteria & the contents of
the product. Assessment Report generated.
QA5-Reporting
Assessment Reports are assessed in regular intervals and the
results submitted to PM.
Configuration management
CM1-CM Initialization
Generation of the CM plan and setting of the CM resources
CM2-Product and CM
Administration of products, configurations and rights
CM3-Change Management
Controlled artifacts are recorded and administered
CM4-CM Services
General services (e.g Product Catalog)
Project management
PM1-Project Initialization
PM2-Placement/Procurement
PM3-Contractor Management
PM4-Detailed Planning
PM5-Cost/Benefit Analysis
PM6-Phase Review
PM7-Risk Management
Project management
PM8-Project Control
PM9-Information Service/Reporting
PM10-Training/Instruction
PM11-Supplying Resources
PM12-Allocation of Work Orders
PM13-Staff Training
PM14-Project Completion
Final Project Report
Tool requirements
What is to be used to do something:
Functional characteristics must the tools have
Introduces the Software Development Environment
User Interface
Work flow management
Security and integrity requirements
Software development
Quality assurance
Configuration Management
Project Management
Use for:
Selection of tools
Evaluation
Further development of tools
Category Definition
Catastrophic Multiple loss of life
Critical Loss of a single life
Marginal Major injuries to one or more persons
Negligible Minor injuries at worst
Consequence
Likelihood Catastrophic Critical Marginal Negligible
Frequent I I I II
Probable I I II III
Occasional I II III III
Remote II III III IV
Improbable III III IV IV
Incredible IV IV IV IV
Improved Reliability
For systems that operate continuously (continuous mode)
the allowable frequency of failure must be determined
For systems that operate more than once a year (high
demand) the allowable frequency of failure must be
determined
For systems that operate intermittently (less than once a
year / low demand) the probability of failure is specified as
the probability that the system will fail to respond on demand
Failure to Safety
Calculation of safe failure fraction (SFF) determines how Fail-
safe the system is
Part 5: Examples of methods for the determination of Part 5: Product Development: Hardware Level
safety integrity levels
Part 6: Guidelines on the application of parts 2 and 3 Part 6: Product Development: Software Level
ASIL
ISO 26262 replaces SILs with ASILs (Automotive Safety
Integrity Levels)
ASILs designed to specify the measures required to avoid
unreasonable residual risk
ASIL levels A-D, with D being the most demanding
Risk of each hazardous event is evaluated on the basis of:
Frequency of the situation (or exposure)
Impact of possible damage (or severity)
Controllability
ISO 26262:
Uses ASILs for specifying the item's necessary safety
requirements for achieving an acceptable residual risk.
Provides requirements for validation and confirmation
measures to ensure a sufficient and acceptable level of
safety is being achieved.
Covers functional safety aspects of the entire development
process (including such activities as requirements
specification, design, implementation, integration,
verification, validation, and configuration).
System Design
To develop the system design and the technical safety
concepts that comply with the functional requirements and
the technical safety requirements specification.
Verify the system design and technical safety concept
comply with technical safety requirements specification.
Need to have bidirectional traceability between system
design and technical safety requirements specification.
Safety Validation
To provide evidence of due compliance with the functional
safety goals and that the safety concepts are appropriate for
the functional safety of the item.
To provide evidence that the safety goals are correct,
complete and fully achieved at vehicle level.
The validation plan shall include:
1. The configuration of the item
2. The specification of test cases and acceptance criteria
3. The required environmental conditions
Software Design
To develop a software architectural design that realizes the
software safety requirements and verify the software
architectural design achieving bi-directional traceability
The software architectural design represents all software
components and their interactions with one another in a
hierarchical structure.
Software Design
The software architectural design shall exhibit
Modularity
Encapsulation
Minimum complexity
V model for
software
development
Definition:
Design is a problem-solving process whose objective is
to find and describe a way:
To implement the systems functional requirements...
While respecting the constraints imposed by the
quality, platform and process requirements...
including the budget
And while adhering to general principles of good
quality
System:
A logical entity, having a set of definable responsibilities or
objectives, and consisting of hardware, software or both.
A system can have a specification which is then implemented by
a collection of components.
A system continues to exist, even if its components are changed
or replaced.
The goal of requirements analysis is to determine the
responsibilities of a system.
Subsystem:
A system that is part of a larger system, and which has a
definite interface
Component:
Any piece of software or hardware that has a clear role
A component can be isolated, allowing you to replace it with a
different component that has equivalent functionality
Many components are designed to be reusable
Conversely, others perform special-purpose functions
Module:
A component that is defined at the PL level
For example: classes and packages are modules in Java
Function:
Unit at programming level with specific behaviour
For example: methods in Java, functions in C
Top-down design
First design the very high level structure of the system.
Then gradually work down to detailed decisions about low-
level constructs.
Finally arrive at detailed decisions such as:
the format of particular data items;
the individual algorithms that will be used.
Bottom-up design
Make decisions about reusable low-level utilities.
Then decide how these will be put together to create high-
level constructs.
Architecture design:
The division into subsystems and components,
How these will be connected
How they will interact
Their interfaces.
Class design:
The various features of classes
User interface design
Algorithm design:
The design of computational mechanisms
Protocol design:
The design of communications protocol
System modeling
What is SysML?
A graphical modeling language in response to the UML for
Systems Engineering developed by the a.o. OMG
a UML Profile that represents a subset of UML 2 with extensions
Supports the specification, analysis, design, verification, and
validation of systems that include hardware, software, data,
personnel, procedures, and facilities
Supports model and data interchange via XML Metadata
Interchange (XMI)
What is SysML?
Is a visual modeling language that provides
Semantics = meaning
Notation = representation of meaning