Osek/(635,7 20, 02',67$5
����
(635,7 � 20, �02',67$5&
�3URMHFW 1U ������
:3� GHOLYHUDEOH '���
)LQDO 3XEOLF 5HSRUW
1(�������$1
St-CLOUD, 25 May 1999
BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB
This document is the property of Modistarc consortium and may not be copied or communicated without written consent.
1(�������$1
20,�02',67$5&
Final Public Report
3DJH ,
____________________________________________________________________________________________________
'2&80(17 ,1'(;$7,21
PROJECT :
TITLE : MODISTARC - WP1 deliverable D1.1 - REFERENCE : NE923026/AN
Final Public Report
ACTION
NAME
DATE
SIGNATURE
DRAFTED BY
D. STUNAULT
25 May 1999
APPROVED BY
'2&80(17 )2//2:�83
INDEX
DATE
MODIFICATIONS
NAME
BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB
This document is property of Modistarc consortium and may not be copied or communicated without written consent.
1(�������$1
20,�02',67$5&
Final Public Report
3DJH &��
____________________________________________________________________________________________________
&217(17
�� ,1752'8&7,21
�
�� 352-(&7 6800$5<
�
�� 7+20621�&6) '(7(;,6
�
�� )=,
�
�� ,167,787( 2) ,1'8675,$/ ,1)250$7,21 7(&+12/2*<� 81,9(56,7< 2)
.$5/658+(
�
�� ,15,$
�
�� $'$0 23(/ $*
�
�� 36$
�
�� 5(1$8/7
�
��� %0:
��
��� 027252/$
��
��� 6$*(0
��
��� 6,(0(16 $872027,9( 6�$�
��
BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB
1
This document is property of Modistarc consortium and may not be copied or communicated without written consent.
1(�������$1
20,�02',67$5&
Final Public Report
3DJH �
____________________________________________________________________________________________________
�� ,1752'8&7,21
The ESPRIT/OMI MODISTARC Programme Nr 25332 was awarded by the CEC in 1997. It has been achieved
over a 20 month period lasting from September 1997 to April 1999. MODISTARC stands for Methods and Tools
for the validation of OSEK/VDX based DISTributed ARChitectures.
This report summarizes the work accomplished in the project, the main results obtained and the overall
conclusions from the companies or institutes participating in the project consortium.
�� 352-(&7 6800$5<
���
027,9$7,216
Through the OSEK/VDX consortium activities, the European car industry has defined a common
software architecture for Electronic Control Units (ECUs). Clearly, the goals of this initiative are to save
costs and development time of distributed automotive applications by enabling portability and reusability
of application software as well as network interoperability. The OSEK/VDX architecture includes three
basic modules defining an Operating System (OS), as well as Communication (COM) and Network
Management (NM) protocols. The related standards specify the interfaces and functionnality of the basic
modules. MODISTARC aims at supporting this standardisation effort by providing the relevant test
methods and tools to assess the conformance of OS, COM and NM implementations to the OSEK/VDX
specifications. This way MODISTARC has helped the European car industry to keep its leading position
in implementation of network based architectures inside vehicles.
���
&216257,80
The MODISTARC consortium was balanced between experts in the conformance testing area and major
representatives of the European car industry. It consisted of twelve companies or institutes, as follows:
• 4 car manufacturers: PSA, BMW, Opel, Renault,
• 4 automotive equipment suppliers: Motorola, Sagem, Siemens Automotive and Siemens AG,
• 3 conformance experts: Dassault Electronique (who moved to Thomson-CSF Detexis on January 1st,
1999), ForschungsZentrum Informatik (FZI) and Institut National de la Recherche en Informatique et
Automatique (INRIA),
• the Institute of Industrial Information Technology (IIIT) of the University of Karlsruhe who is also the
coodinator of the OSEK/VDX activities.
It should be noticed that six in the MODISTARC companies/institutes are also members of the
OSEK/VDX steering committee: BMW, Opel, Renault, PSA, Siemens and the IIIT Karlsruhe.
The project leader was Dassault Electronique (now Thomson-CSF Detexis).
���
:25. 352*5$00(
To achieve its objectives, the MODISTARC programme has been split into 9 workpackages including 7
technical workpackages:
• WP2: Conformance testing methodology.
BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB
1
This document is property of Modistarc consortium and may not be copied or communicated without written consent.
1(�������$1
20,�02',67$5&
Final Public Report
3DJH �
____________________________________________________________________________________________________
The goals of this workpackage are to develop a conformance testing approach adapted to the
OSEK/VDX specifications and to the constraints of the automotive environment.
• WP3: Test suites definition for OS.
The goals of this workpackage are to define the tests that OS implementations must pass in order to
conform to the OSEK/VDX OS specification.
• WP4: Test suites definition for COM and NM
The goals of this workpackage are to define the tests that COM and NM implementations must pass in
order to conform to the OSEK/VDX COM and OSEK/VDX NM specifications respectively.
• WP5: Conformance tool development for OS
The goals of this workpackage are to develop a software tool implementing the OS test suites defined
in WP3.
• WP6: Conformance tool development for COM and NM
The goals of this workpackage are to develop a software tool implementing the COM and NM test
suites defined in WP4 .
• WP7: OSEK/VDX implementation adaptation
The goals of this workpackage are firstly to update OSEK/VDX implementations according to the last
versions of OSEK/VDX specifications published during the project and secondly to prepare the
implementations for conformance testing.
• WP8: Conformance test campaign
The goals of this workpackage are firstly to validate the conformance tools developed in WP5 and
WP6 by executing the test suites against the OSEK/VDX implementations developed in WP7. In a
second step, interoperability tests are planned on a network platform interconnecting the previously
certified OSEK/VDX implementations.
Moreover, a new task has been created in the course of the project in order to define the procedures and
rules that OSEK/VDX suppliers will have to follow to get the OSEK/VDX certificate.
���
0$,1 ,668(6
The Modistarc project has concluded successfully. All tasks of the work programme have been achieved.
The project has issued new standards about conformance testing agreed by the OSEK/VDX consortium.
All documents are available at the OSEK/VDX web site: www.osek-vdx.org, including:
• Conformance methodology 2.0.
The developed methodology is largely inspired from the ISO standard 9646 defining the conformance
methodology for ISO network protocol implementations. The document also specifies the applicable
test architectures and it describes the techniques used to generate the test cases from the OSEK/VDX
specification: classification tree method for the OS, tree analysis of SDL specifications for COM and
NM.
• Conformance test suites for OS consisting of two documents:
− OS Test Plan 2.0
− OS Test Procedure 2.0
BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB
2
This document is property of Modistarc consortium and may not be copied or communicated without written consent.
1(�������$1
20,�02',67$5&
Final Public Report
3DJH �
____________________________________________________________________________________________________
According to the methodology, the test plan consists of test purposes extracted from the OSEK/OS
specification. The test plan specifies the sequence of the interactions between the test application and
the implementation to verify one or more test purposes.
• Conformance test suites for COM and NM consisting of four documents:
− COM Test Plan 2.0
− COM Test Procedure 2.0
− NM Test Plan 2.0
− NM Test Procedure 2.0
Here, test plan and test procedure mean the same as above for OS. The test architecture matches the
“distributed” method defined in ISO 9646. The test cases are specified in TTCN language (ISO 9646-
3).
The project has also issued the associated Conformance Tools developed by FZI for OS and by
Thomson-CSF Detexis for COM and NM. Both tools are going to be marketed by Thomson-CSF
Detexis. The products will be launched at the next OSEK/VDX workshop end of 1999. They have been
validated against OSEK/VDX implementations provided by BMW, Motorola, Sagem and Siemens
Automotive. As a consequence, those implementations are the first ones that can be considered truly
“OSEK/VDX compliant”.
Each tool provides with a user friendly interface allowing to configure the tester, select and execute the
test cases, analyse and display the test results. It runs on PC/Windows NT with an additional CAN board
for COM and NM tests.
���
26(.�9'; &(57,),&$7,21 352&('85(
The certification procedure of OSEK/VDX implementations is currently defined as follows:
1. Each individual supplier of an OSEK/VDX implementation shall perform the certification process for
each new software release as documented in Modistarc.
2. Independent entities authorised by the OSEK/VDX Steering Committee (STC) shall audit the
certification performed by the supplier and its corresponding results.
3. The auditing entity issues a certificate upon a successful auditing of an OSEK/VDX implementation
according to the certification process for a given time duration.
4. Based upon such certificate Siemens AG as TradeMark owner on behalf of the OSEK/VDX STC
partners shall grant the right to the supplier to use the OSEK/VDX TradeMark on its certified
OSEK/VDX implementation.
BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB
3
This document is property of Modistarc consortium and may not be copied or communicated without written consent.
1(�������$1
20,�02',67$5&
Final Public Report
3DJH �
____________________________________________________________________________________________________
(;3(576 $1' 722/ '(9(/23(56
�� 7+20621�&6) '(7(;,6
���
52/( ,1 7+( 352-(&7
Dassault Electronique (now Thomson-CSF Detexis) has been a European leader in the field of real-time
networks on the avionics, aerospace and defence markets for about 25 years. Through this experience,
the company has gained strong skills that were successfully applied to the automotive sector in
Modistarc.
Thomson-CSF Detexis took the leadership of the project and as such was in charge of all tasks connected
to administrative management and technical work organisation. Moreover, as an expert in networking
techniques, the company was also leader of WP2 (Conformance Testing Methodology), WP4
(Conformance Test Suites for COM and NM) and WP6 (Conformance Test tools for COM and NM). Its
role was to develop the appropriate methodology, to specify the test suites and to implement the
conformance tools devoted to OSEK/VDX COM and NM.
���
:25. $&&203/,6+('
• Development of conformance methodology for OSEK/COM and OSEK/NM implementations,
including:
− analysis of the OSEK specification, selection of relevant interfaces for testing and relevant
protocol information,
− definition of methods do derive conformance tests from the SDL specification and obtain the best
coverage of the specification by the tests,
− definition of the test architecture based on the ISO 9646 distributed method and comprising a
Lower Tester and an Upper Tester. The Lower Tester exchanges data with the implementation
under test (IUT) through the network. The Upper Tester exchanges data with the IUT through the
API.
• Development of the Test Plans and the Test Procedures for OSEK/COM and OSEK/NM
implementations, including:
− definition of a Test Management Protocol allowing to synchronize the respective actions of the
Lower Tester and the Upper Tester,
− definition of the test suites in TTCN comprising about 125 test cases for the COM and 150 test
cases for the NM,
− validation of the cases by simulation of the TTCN sequences against the SDL models of the COM
and NM specifications.
• Development of the OSEK/COM and OSEK/NM conformance tools, including:
− the Lower Tester implemented as a Windows/NT application consisting of a graphical user
interface, the test suite issued by automatic C code generation from the TTCN specification and an
adaptor that interfaces the test suite with the PC/NT environnement and the CAN network,
− the Upper Tester implementing the Test Management Protocol and delivered as a C code to be
installed by customers in the target equipment (e.g. ECU) along with the OSEK/VDX
implementation,
BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB
4
This document is property of Modistarc consortium and may not be copied or communicated without written consent.
1(�������$1
20,�02',67$5&
Final Public Report
3DJH �
____________________________________________________________________________________________________
− technical support of the OSEK/VDX suppliers Motorola, Sagem and Siemens during the
conformance test campaign.
���
5(68/76
The Conformance Methodology and the Test Plans and Test Procedures are new OSEK/VDX standards
that complete the set of applicable documents and will help automotive suppliers to develop reliable
OSEK/VDX implementations. Feedback from the project will also help the OSEK specification groups
to improve quality and readability of the specification in future releases.
The conformance tools are available and supported by the OSEK/VDX steering committee. They will be
marketed and largely publicised through conferences, demonstrations and advertisements in the next
months. They represent a key milestone of the conformance acceptation procedure that is going to be put
in place by the steering committee. For end users, they will guarantee the installation of compliant OSEK
implementations onboard vehicles and improve confidence in quality and security of automotive systems.
�� )=,
���
52/( ,1 02',67$5&
FZI was engaged in the OSEK/OS part of MODISTARC. This includes the development of the
conformance testing methodology, the specification of the test suite, and the development of the
certification tools.
���
:25. $&&203/,6+('
• Development of the methods and techniques for certification of OSEK/OS implementations.
• Preparation of the OS part of the conformance methodology document.
• Specification of test cases by means of the classification-tree method
• Preparation of the OSEK/OS test plan and OSEK/OS test procedure document
• Specification of the test sequences using formal methods (Statecharts) and automated C code
generation
• Development of test analysis tools which allow an automated verification of the test results.
���
5(68/7 � &21&/86,21
The OSEK/OS conformance tools developed in MODISTARC consist of the test suite, a test
configuration tool, and a test analysis tool. The test configuration tool is used to select the test sequences
of the test suite that are to be run on the implementation under test. At the end of a test run, the test
analysis tool is used to verify automatically the test results. These tools have been successfully run on
OSEK/OS implementations of BMW, Motorola, Siemens Automotive, and Sagem.
BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB
5
This document is property of Modistarc consortium and may not be copied or communicated without written consent.
1(�������$1
20,�02',67$5&
Final Public Report
3DJH �
____________________________________________________________________________________________________
�� ,167,787( 2) ,1'8675,$/ ,1)250$7,21 7(&+12/2*<�
81,9(56,7< 2) .$5/658+(
The Institute of Industrial Information Technology (IIIT) of the University of Karlsruhe works as co-
ordinator of the OSEK/VDX project since 1994. With the IIIT chosen then as a neutral and valued
partner, all the activities of the IIIT aimed at the progress and success of the OSEK/VDX project by
moving forward and supporting the installation of an effective structure as it exists and as it has proven
by now. After all, these facts have lead to a relatively quick release of the first OSEK/VDX
specifications, defining a newly created standard in automotive. Being one basic research activity at the
IIIT in the first place, the technology involved in this area has been promoted by current activities and
contacts in the industrial field.
In September 1997, with the start of the ESPRIT project MODISTARC of the information technologies
(IT) programme project - as it is managed by the Directorate General for Industry of the European
Commission - the main goal of a project like MODISTARC was to support the effort of the European car
industry towards the development and standardisation of networking architectures within an integrated
programme of industrial R&D projects. At that time, with the recently issued three new standards
defining respectively the OSEK/VDX Operating System, Communication and Network, the goals of
MODISTARC were aiming at supporting OSEK/VDX.
The IIIT decided to contribute within the MODISTARC project and to focus on the success by bringing
their experience gathered ever since the start of the OSEK/VDX project and by applying the tasks within
OSEK/VDX, as this work is strongly related towards MODISTARC.
During the MODISTARC project, the IIIT took care of ensuring relations to and close co-operation with
the OSEK/VDX consortium. This included:
• the communication and report of interests, progress and evolutions (on a technical as well as on an
organisational basis) between MODISTARC and OSEK/VDX consortium,
• the provision of feedback to both projects respectively,
• the organisation of opportunities for joined discussions whenever the provision of a direct exchange
became obvious and fruitful,
• the addressing of first steps towards a certification jointly driven on behalf of both MODISTARC and
OSEK/VDX in their common interest of completing the purpose and goals of MODISTARC,
• the dissemination of the MODISTARC project and results within and outside of the OSEK/VDX
consortium (OSEK/VDX Working Group meetings, establishing and maintaining an internet
homepage dedicated to the MODISTARC project and its officially released documents, presentation
of MODISTARC on conferences all over the world, promotion of a workshop for giving each partner
an opportunity of presenting the results of the MODISTARC project)
• and - last but not least - basic organisational issues (invitation to MODISTARC project meetings,
writing the minutes of these meetings and providing them to all partners).
For more information about MODISTARC, OSEK/VDX or the IIIT, please have a look at the respective
internet home pages related to:
• MODISTARC
KWWS���ZZZ�RVHN�YG[�RUJ�0RGLVWDUF�KWPO
• OSEK/VDX:
KWWS���ZZZ�RVHN�YG[�RUJ�
• IIIT
KWWS���ZZZ�LLLW�HWHF�XQL�NDUOVUXKH�GH (Click on „Research“)
BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB
6
This document is property of Modistarc consortium and may not be copied or communicated without written consent.
1(�������$1
20,�02',67$5&
Final Public Report
3DJH �
____________________________________________________________________________________________________
The IIIT has ever been and always will be open for projects and developments especially - but not
exclusively - in the automotive field or around OSEK/VDX, MODISTARC and related areas.
Emphasizing its strong interest, the IIIT will put its experience, knowledge and support at the disposal of
new projects or interested parties.
�� ,15,$
The contribution of INRIA to the Modistarc project consisted in a participation to the definition of the
testing methodology and architecture described in the “Conformance Testing Methodology” document
and then in a careful review of the test-objectives expressed in the COM, NM and OS “Test Plan”
documents.
���
&2175,%87,21 72 7+( '(),1,7,21 2) 7+( 7(67,1* 0(7+2'2/2*< $1'
$5&+,7(&785(
A testing methodology based on the widely accepted ISO-9646 standard has been advocated. ISO-9646 is
the state-of-the-art testing methodology standard in the telecommunication industry. However it had to be
adapted to both the stringent requirements of OSEK certification and the specific constraints imposed by
the architecture of OSEK automotive embedded systems, for instance:
1. The strict limitation of RAM/ROM memory available on ECUs (a few k-bytes) in which the upper-
tester had to be fitted
2. The difficulty of synchronising upper and lower testers while minimising the interference with the
COM and NM implementations under test.
Automatic generation of some of the test cases for COM and NM has been advocated and evaluated
(using the prototype tool TGV of INRIA/VERIMAG). For this purpose, TGV has been interfaced to
SDT, the SDL tool suite marketed by Telelogic. Unfortunately this had to be dismissed later in the course
of the project when it became evident that the SDL formal specifications of COM and NM provided to us
by the OSEK consortium lacked maturity and stability.
���
5(9,(: $1' (9$/8$7,21 2) 7(67 3/$16
INRIA has undertaken a careful review of the “Test Plan” documents for COM, NM and most
particularly OS. It aimed at checking the test objectives contained in these documents against the general
requirements of OSEK certification and the OSEK specifications of OS, COM and NM.
BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB
7
This document is property of Modistarc consortium and may not be copied or communicated without written consent.
1(�������$1
20,�02',67$5&
Final Public Report
3DJH �
____________________________________________________________________________________________________
&$5 0$18)$&785(56
�� $'$0 23(/ $*
���
:25. $&&203/,6+('
The International Technical Development Center of the Adam Opel AG participated in the work package
2 (WP2), work package 3 (WP3) and work package 8 (WP8) of the MODISTARC project. Opel
contributed input during the different work group meetings. The scope of WP2, at the beginning of the
project, was the definition of the conformance testing methodology. During the following WP3 the test
suites for the OSEK/VDX operating system were defined. Opel hosted the second EC review meeting in
October 1998. During WP8, at the project end, the results of the different work packages were used in a
conformance test campaign. Opel got in contact with the TÜV-Rheinland for a test witnessing procedure.
The test witnessing procedure is required to close the gap between the MODISTARC test procedures
performed by the OSEK/VDX implementers and the issue of the OSEK/VDX trademark.
���
5(68/76
The deliverable of WP2 was the OSEK/VDX document ‘Conformance Testing Methodology’ that was
made public on the MODISTARC homepage. The results of the WP3 were the certification test plan for
the OSEK/VDX operating system and the certification procedure document for the OSEK/VDX
operating system. These documents were the base for development of the conformance test tool for the
OSEK/VDX operating system by the ‘Forschungszentrum für Informatik’ in Karlsruhe (FZI). During
WP8 the tools and the human interfaces of the tools showed some insufficiencies that could be changed.
The contact to the TÜV-Rheinland leaded to brainstorming meetings. The output of these meetings will
be the base for future definitions of test witnessing procedures by an appointed institute.
���
&21&/86,21
The work, like conformance methodology and conformance procedures, done by the MODISTARC
project is a flexible base for adapting the conformance tests to future versions of the OSEK/VDX
specifications. The existing conformance test suites and tools support the confidence of Opel in
OSEK/VDX. The definition of a strategy for the maintenance and the adoption to next versions of the
OSEK/VDX specifications is one of the future challenges. Set-up of test witnessing procedures to enable
the issuing of the OSEK/VDX trademark is another future challenge. Extensions of the conformance
tests with respect to the performance of OSEK/VDX implementations and the interchangability of
OSEK/VDX applications are desirable.
�� 36$
���
52/( ,1 7+( 352-(&7
As car manufacturer, PSA is responsible for the integration of the electronic subsystems in its vehicles. It
implies that the interaction between ECUs should be properly described and certified. OSEK/VDX give
an answer to this problem, provided that the OSEK/VDX components used are certified to be in
conformance with their specification to ensure interoperability between the ECUs. This is the aim of the
MODISTARC program. At the end of the program interoperability of certified ECUs is demonstrated on
a test platform
BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB
8
This document is property of Modistarc consortium and may not be copied or communicated without written consent.
1(�������$1
20,�02',67$5&
Final Public Report
3DJH �
____________________________________________________________________________________________________
���
:25. $&&203/,6+('
For this, PSA:
• participated to the analyse and definition of the conformance testing methodology and the test suites
for COM and NM.
• defined, in agreement with the other participants, the test platform:
− common interface,
− modules (server or client) to be added in the ECUs,
− interoperability tests to be executed on the platform.
• validated the test platform and executed the interoperability tests.
���
5(68/76
The interoperability has been demonstrated on a test platform using three ECUs previously certified
using the tools developed in the MODISTARC program.
�� 5(1$8/7
Renault has been an associated partner to the Modistarc since September 1997. On the Renault side, S.
Boutin and L. Massimelli-Mathieu have been involved in the project.
���
:25. $&&203/,6+('
• verification of the OSEK Network Management SDL specification, partial verification of the OSEK
Communication SDL specification (for this part, Mr Stunault from Thomson-CSF Detexis performed
most of the work). These actions had not been planned prior to the project but nevertheless essential
as the SDL specifications were the basis from which Thomson-CSF issued conformance test cases.
• contribution to the test procedure documents: we advocated a test procedure allowing to perform the
OSEK certification and the validation of ECUs with exactly the same tool. Unfortunately, our
proposal was not implemented eventually.
• participation to all the project meetings by S. Boutin.
• support by L. Massimelli-Mathieu, for all the questions concerning Communication and Network
Management.
���
5(1$8/7 $1' 26(.
Renault will already use embedded OSEK components in the new Megane by April 99. Moreover
Renault clearly advocates OSEK and is an active member of the OSEK consortium. There are Renault
representatives at the various OSEK working groups: OS, NM, COM, OIL.
���
,17(5(67 2) 5(1$8/7 7+528*+ 02',67$5&
OSEK certification (and more generally validation) is already performed at Renault following a "home
made" procedure. Our aim is to externalize this proprietary procedure as soon as a rationalized and
standard procedure will be available on the market place. To our point of view, suppliers and OSEK
vendors ought to be the end users of the Modistarc project because they are able to perform the
certification for a wider set of ECUs than Renault alone can do. So the Modistarc project should allow to
lower the price of certification. For all these reasons (externalization, lower prices, standard pieces of
BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB
9
This document is property of Modistarc consortium and may not be copied or communicated without written consent.
1(�������$1
20,�02',67$5&
Final Public Report
3DJH ��
____________________________________________________________________________________________________
code) we are satisfied to see that the Modistarc project comes to its end successfully. So Renault
advocates the use of the certification procedure issued in the Modistarc project.
��� %0:
����
52/( ,1 7+( 352-(&7
At BMW the implementation of OSEK software modules is currently under investigation. Besides the
extensive performance investigations, the conformance to OSEK is checked step by step with reference
to the specifications. The implementation of a conformance testing tool is seen to be a significant gain in
time, particularly in testing release updates from the different OSEK implementations.
����
:25. $&&203/,6+('
BMW delivered the following inputs for the specification of the test plan and the test procedure
elaborated in the WPs 2 to 6:
• Separate the different test runs according to Conformance Classes of OSEK OS.
• Review of the different versions of the test plans for OS, COM and NM.
• Test environment for the HW related parts of the communication channel.
• Confirmation of the testplans by hand-written test procedures outside of the scope of MODISTARC at
the BMW Software Standard Core implementation with HC12 and C167 CPU’s.
• Concept development for the integration of the OSEK compliant Operating System with the OS test
suite from FZI.
����
5(68/76 2%7$,1('
In the framework of MODISTARC the BMW conformance test campaign concentrates on an OSEK
operating system for PowerPC.
• Static test scenarios of alarm calls: The implemented OS uses a HW timer as a time reference for the
alarm calls. The resolution of the time base is variable via a configurable prescaler unit of the HW.
• Test of TerminateTask: Every task of a test case in the test suite ends with a check of
TerminateTask(). An OSEK-OS supports a call of TerminateTask() within a task.
• ChainTask: According to the OSEK specification the API function ChainTask() causes the current
task to be terminated and activates the chained task. The implemented OS supports a call to
TerminateTask() at the end of a task only. Therefore ChainTask() can only be used as the last function
call within a task.
• Non interruptible ISR / interrupt processing: In the implemented operating system a non interruptible
ISR can be implemented using interrupt disabling. The test suite supplies call-back functions in the
prologue and epilogue of every test case.
• Resource access: The tested operating system supports resource access even within an ISR. The test
suite provides test scenarios with resource accesses within ISR's.
• Error Hook: The parameter list of ErrorHook() in the test suite does not provide an optional
parameter. It is possible to provide a software adapter to adjust the kernel to the test suite. It calls the
kernel error hook with additional parameters.
BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB 10
This document is property of Modistarc consortium and may not be copied or communicated without written consent.
1(�������$1
20,�02',67$5&
Final Public Report
3DJH ��
____________________________________________________________________________________________________
����
&21&/86,21
BMW has made good experiences using MODISTARC documents and the test suite from FZI. There are
only problems with test cases for dynamic alarms using the functions „CertInitCounter“ and
„CertTriggerCounter“. The test suite assumes a Counter API which is not standardly provided by
implementations of OSEK OS. This is a situation to be addressed because there is no specification of a
Counter API in OSEK OS V2.0 R1.
BMW expects an open commercial usage of tools for the certification process for OSEK compliant
products as soon as possible. The certification tools have to able to be updated according the current and
upcoming versions of the OSEK specifications.
In addition a clear conformance testing business plan as well the evaluation of the OSEK modules as the
certification of the final ECU implementations are required.
BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB 11
This document is property of Modistarc consortium and may not be copied or communicated without written consent.
1(�������$1
20,�02',67$5&
Final Public Report
3DJH ��
____________________________________________________________________________________________________
(48,30(17 6833/,(56
��� 027252/$
����
&203$1< &200,70(17
Motorola considered MODISTARC project as an opportunity to make sure that Motorola OSEK
development strategy was in line with certification needs. One of the key features of the OSEK/VDX
standard is the "interoperability" of OSEK ECU’s which leads to easier and faster integration of ECU’s.
There must be a means of verifying that all OSEK implementations are compliant to the OSEK
specification. Also, it is important for Motorola as an OSEK software supplier to be certified as we
expect our customers in the automotive industry to require it.
In the framework of the MODISTARC project Motorola was committed to participate in the following
tasks:
• Conformance tool for OS development (work package 5)
• Conformance tool for COM & NM development (work package 5)
• OSEK OS/PC implementation (work package 7)
• OSEK NM/PC implementation (work package 7)
• OSEK COM/PC implementation (work package 7)
• OSEK OS/PC certification (work package 8)
• OSEK NM/PC certification (work package 8)
• OSEK COM/PC certification (work package 8)
����
:25. $&&203/,6+('
All the activities the company was committed to accomplish (listed above), have been performed in
accordance with project schedule.
����
5(68/76
As a result of participation in the project, Motorola developed:
• OSEK OS/PC implementation operating on PC under WindowsNT.
All Basic and Extended Conformance Classes, scheduling policies, both Basic Status and Extended
Status were supported.
All the certification tests passed on this implementation.
• OSEK COM/NM/PC implementation operating on PC under WindowsNT.
All Communication Conformance Classes for COM, Direct and Indirect management for NM were
supported.
Due to a number of ambiguous statements/requirements in COM and NM specifications, 6 of 125
COM tests and 8 of 153 NM tests did not pass yet.
At the moment, a work on fixing the issue is being performed in cooperation with the COM/NM
conformance tool supplier.
BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB 12
This document is property of Modistarc consortium and may not be copied or communicated without written consent.
1(�������$1
20,�02',67$5&
Final Public Report
3DJH ��
____________________________________________________________________________________________________
����
&21&/86,21
In addition to MODISTARC activity, Motorola is developing OSEK OS, COM and NM as commercial
products, not only for Windows NT but also for various microcontrollers. Motorola intends to certify our
microcontroller versions of OSEK as well.
OSEK OS, COM and NM conformance tools developed in the framework of the project are used by the
company as a part of OSEK System Software Testing.
��� 6$*(0
1R ,QSXW�
��� 6,(0(16 $872027,9( 6�$�
����
52/( ,1 7+( 352-(&7
As member of OSEK consortium Siemens brings its know how of OSEK specification to the Modistarc
project, in order to establish the test suites for OSEK certification.
By the way the main action from Siemens is related to OSEK software implementation and certification
of these implementation. As results Siemens validated on its OSEK implementation the certification tool
provided by FZI and Thomson Detexis.
����
5(68/76
The outcome we have from the certification is :
• OSEK operating system v2.1 r1 ; certified for conformance class BCC1
• OSEK communication v2.1 r1 ; certified for conformance class CCC0 with segmentation protocol
certified as well ( needed for « diagnostic on CAN »)
• OSEK network management v2.5 ; certified for core functionnality
The certification allowed us to correct wrong interpretation of OSEK specifications, thus to be conform
to the specifications.
In order to demonstrate the relevance of the methods and tools used for the certification, Siemens
participated to the conformance test campaign. This conformance test campaign showed that electronic
control unit with OSEK certified software can exchange messages on a CAN bus without additional work
at the car manufacturer side.
����
&21&/86,21
Today Siemens is developing software module based on 3 differents OSEK environment for customer
oriented projects. With OSEK certification we will be able to reuse SW module written in different
OSEK environments.
Furthermore additional items have been identified during Modistarc project. This improves mainly
performance criteria for OSEK implementions
BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB 13
This document is property of Modistarc consortium and may not be copied or communicated without written consent.
