WO2007045262A1 - Procede permettant de tester la disponibilite de fonctionnement d'appareils de commande commandes par programme d'un vehicule a moteur - Google Patents

Procede permettant de tester la disponibilite de fonctionnement d'appareils de commande commandes par programme d'un vehicule a moteur Download PDF

Info

Publication number
WO2007045262A1
WO2007045262A1 PCT/EP2005/011331 EP2005011331W WO2007045262A1 WO 2007045262 A1 WO2007045262 A1 WO 2007045262A1 EP 2005011331 W EP2005011331 W EP 2005011331W WO 2007045262 A1 WO2007045262 A1 WO 2007045262A1
Authority
WO
WIPO (PCT)
Prior art keywords
test
program
control device
control
vehicle
Prior art date
Application number
PCT/EP2005/011331
Other languages
German (de)
English (en)
Inventor
Thomas Stauner
Daniel Schick
Original Assignee
Bayerische Motoren Werke Aktiengesellschaft
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Bayerische Motoren Werke Aktiengesellschaft filed Critical Bayerische Motoren Werke Aktiengesellschaft
Priority to PCT/EP2005/011331 priority Critical patent/WO2007045262A1/fr
Publication of WO2007045262A1 publication Critical patent/WO2007045262A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/22Detection or location of defective computer hardware by testing during standby operation or during idle time, e.g. start-up testing
    • G06F11/26Functional testing
    • G06F11/263Generation of test inputs, e.g. test vectors, patterns or sequences ; with adaptation of the tested hardware for testability with external testers
    • G06F11/2635Generation of test inputs, e.g. test vectors, patterns or sequences ; with adaptation of the tested hardware for testability with external testers using a storage for the test inputs, e.g. test ROM, script files

Definitions

  • the invention relates to a method for testing the behavior of program-controlled control devices of a vehicle.
  • the quality assurance in the development can only guarantee a high degree of conformity of the software with its specification. As a result, remaining software errors after the development process can lead to erroneous behavior of the vehicle's electronic or control unit system. A sufficient test is difficult and very expensive due to the ever-increasing number of variants of special equipment in the vehicle, which very often have especially program-controlled ECUs.
  • the object of the method according to the invention is to ensure the correct functioning of software in the vehicle.
  • Software is referred to here as "correct” if the actual behavior meets the specified or desired behavior.
  • the transmission of a program control or software for the operation of at least one first control device i. an operation program control
  • a program control or software for testing the behavior of at least the first control device in its execution of the program control for its operation i. a test program control
  • at least the program control or software for testing the behavior of at least the first control device is transmitted to a program-controlled test execution device provided in the vehicle.
  • the storage of the program control or software for operating at least the first control device takes place in a memory assigned to the first control device.
  • the program control or software for testing the behavior of at least the first control device during its execution of the program control is stored in a memory associated with the test execution device.
  • At least the first control unit is program-controlled by the program control or software for operating the at least first control unit.
  • the program-controlled test execution device transmits test data at least to the first control device, and the response of at least the first control device is output by the test execution device evaluated.
  • the reaction or the response behavior is compared at least with an expected response behavior for checking the correct operation of at least the first control device.
  • test infrastructure consisting of appropriate hardware and software, which makes it possible to run test sequences and thus to determine whether the components involved in the test sequence behave as specified.
  • test infrastructure is able to send and receive messages on different vehicle buses.
  • This message sequences can be stimulated and monitored.
  • the observable behavior of the components involved by the message sequences can thus be compared with the behavior specified in the test case.
  • test case specifications can be introduced into the vehicle together with the software components, with the aid of which the correct functioning of the respective software component can be checked.
  • the invention allows that directly in the vehicle at the specific Steuerierial Electronics configuration tests can be performed to ensure the desired functionality. These tests can be carried out, for example, in the workshop or in the vehicle service after the implementation of software changes. Such tests could be performed even if the driver has been given the opportunity to make software changes. Likewise, the method according to the invention can also be carried out after the production of the vehicle in the factory, in order to quickly obtain statements on the functionality of the installed components or control devices within the framework of a so-called "quick check".
  • components or control devices could be installed or installed after installation their program controls or software components themselves, by testing the interfaces of components to which there is a dependency, check that there is a compatible configuration in the vehicle.
  • test data or test sequences may be desirable not to trigger test data or test sequences during testing, but only to control whether a particular process is actually occurring. This is e.g. the case in test vehicles in which manually checked certain components of the vehicle for their functionality. Again, the inventive method can provide support.
  • the fault diagnosis in particular in the workshop or the vehicle service, can be supported by the execution of test cases or the transmission of test data or test sequences by localizing the type or the exact origin of the error by executing the test cases ,
  • the transmission of the operating program control and / or the test program control into the vehicle takes place via a central, preferably single programming interface of the control device architecture of the vehicle with the outside world.
  • the programming interface is protected against manipulative accesses to the control devices of the vehicle, in particular by checking the transmitted operating and / or test program control on the basis that the program controls are protected by the public Key procedures are secured against adulteration.
  • the access to the hardware and software or to the control units of the vehicle well controlled and manipulative interventions, especially in a wireless transmission of software components, can be effectively prevented.
  • the wireless transmission can take place, for example, via the known communication channels, such as D-network, W-LAN or UMTS.
  • the program-controlled test execution device at least partially simulates a second control device, different from the first control device, of the control device architecture of the vehicle.
  • test execution device can also at least partially simulate further control devices, that possibly several other control devices are addressed and that the tests can possibly also take place via one or more vehicle buses.
  • the test execution device may have a network bridge or the like across two or more buses of the vehicle.
  • the program-controlled test execution device sends and receives test data or test sequences or messages on different vehicle buses and / or line networks of the vehicle.
  • the test data or the like is generated by the test execution device based on test case specifications and forms part of the program control or software for testing the behavior of at least the first control device ,
  • test cases with associated test data are specified as message sequence charts, ie so-called MSCs, an international standard of the International Telecommunications Union, ie the ITU, in the test case specifications.
  • MSCs message sequence charts
  • ITU International Telecommunications Union
  • the program-controlled test execution device when evaluating the response behavior of the at least first control device, checks whether the first control device responds with a predetermined response within a predetermined time frame.
  • safety-related control devices such as an ABS control unit, this can be an important and meaningful test. This will often apply to control units or to a combination of control units, which exchange information or data largely in real time when the vehicle is operating.
  • test data represent a message that is important for safe operation of the vehicle. It may further be provided that the test data represent a message that is sent more frequently than other messages from the second control device to the first control device during operation of the vehicle. As a result, if necessary, a more realistic test can be carried out.
  • the second control device is operated by the test control device when transmitting the test data or test sequences to the first control device and / or during the subsequent reception of a response message by the first control device in a manner such that the second control device simulated by the test execution device does not affect the communication. This measure will regularly increase the reliability of the test and / or allow a meaningful test in the first place.
  • Test cases are described, for example, as MSC (Message Sequence Chart), an international standard of the ITU (International Telecommunication Union). specified. In the process, those messages are marked that are to be sent or received by the test instance when the test case is executed. All unmarked messages are sent or received by components installed in the vehicle, in particular control units. In the test case specification, time conditions can also be specified by means of timers.
  • MSC Message Sequence Chart
  • ITU International Telecommunication Union
  • the textual representation of an MSC generates a syntax tree, which forms the basis for the further steps.
  • This syntax tree of the MSC is concretised by means of configuration files and the on-board network database. From the concretized syntax tree of the MSC, a finite automaton is generated. This machine is executed in the last step and returns the result of the test case ("PASS" or "FAIL") and preferably also a log of the test process.
  • the method is also applicable to other description techniques for test cases, so instead of MSCs e.g. TTCN test descriptions or UML2 sequence charts.
  • Test case specifications such as MSCs
  • MSCs MSCs
  • test cases In the example of MSCs as a test case specification language, the messages are given only with formal parameters, ie only identifiers, but none Values for the parameters specified. In order to concretize the abstract test cases into test sequences, actual parameters (ie concrete values for the parameters) must be specified. By concretizing in a separate step, test cases can be reused and operated with different configurations of bus message and timer parameters.
  • bus messages are provided with human readable identifiers, e.g.
  • ConnectionMaster.BuildHighSyncConnection.StartResult These identifiers can be converted into hexadecimal values by means of the vehicle electrical system database, which are actually transmitted on the buses and can be interpreted by control units.
  • a corresponding automaton template can be specified for the translation, which are then linked together according to the MSC constructs in the test case.
  • the generated machines are finite state machines based on Mealy machines. They consist of a set of states connected by transitions. Each machine has exactly one start and exactly one final state.
  • transitions are marked with bus or timer messages, with the bus messages indicating whether they originate from the tester or the environment.
  • timers which are generated and controlled according to the timer constructs of the MSCs. So they are not part of the machine (as is the case with time machines), but are independent constructs and communicate by means of timer messages with the machine. This means that the temporal aspects and the purely logical aspects of the order are separated in this model.
  • machines such as timed machines
  • machines are also applicable to the method according to the invention.
  • tester message An automaton is set to its start state for execution. Now (and whenever a new state is reached), it is checked whether the state has an outgoing transition marked with a message to be sent by the tester component (hereinafter referred to as "tester message"). If so, this is sent and the target state of the transition becomes the new state of the machine.
  • test execution is ended with the test result "FAIL".
  • machines can also be used directly as a test case specification.
  • the concretization step of the syntax tree is still recommended. Otherwise the specification would be unnecessarily restricted.

Landscapes

  • Engineering & Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Quality & Reliability (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Debugging And Monitoring (AREA)
  • Test And Diagnosis Of Digital Computers (AREA)

Abstract

Procédé permettant de tester le comportement d'appareils de commande commandés par programme d'un véhicule à moteur. Pour garantir la fonction correcte d'un logiciel dans le véhicule, la présente invention comporte les étapes suivantes: transmission au véhicule d'une commande à programme ou d'un logiciel destinés à faire fonctionner au moins un premier appareil de commande, c'est-à-dire d'une commande à programme de fonctionnement, et d'une commande à programme ou d'un logiciel destinés à tester le comportement d'au moins le premier appareil de commande lors de l'exécution par cet appareil de la commande à programme en vue du fonctionnement dudit appareil, c'est-à-dire d'une commande à programme de test, la commande à programme ou le logiciel de test du comportement d'au moins le premier appareil de commande étant transmis à un dispositif d'exécution de tests commandé par programme et situé dans le véhicule; mise en mémoire de la commande à programme ou du logiciel destinés à faire fonctionner au moins le premier appareil de commande dans une mémoire associée au premier appareil de commande; et mise en mémoire de la commande à programme ou du logiciel de test du comportement d'au moins le premier appareil de commande lors de son exécution de la commande à programme dans une mémoire associée au dispositif d'exécution de tests. Au moins le premier appareil de commande est commandé par programme par la commande à programme ou le logiciel destinés à faire fonctionner ledit premier appareil de commande, le dispositif d'exécution de tests commandé par programme transmet au moins au premier appareil de commande des données de test et la réaction ou le comportement de réponse d'au moins le premier appareil de commande sont évalués et comparés à un comportement de réponse attendu en vue de la vérification du fonctionnement adéquat du premier appareil de commande.
PCT/EP2005/011331 2005-10-21 2005-10-21 Procede permettant de tester la disponibilite de fonctionnement d'appareils de commande commandes par programme d'un vehicule a moteur WO2007045262A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/EP2005/011331 WO2007045262A1 (fr) 2005-10-21 2005-10-21 Procede permettant de tester la disponibilite de fonctionnement d'appareils de commande commandes par programme d'un vehicule a moteur

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/EP2005/011331 WO2007045262A1 (fr) 2005-10-21 2005-10-21 Procede permettant de tester la disponibilite de fonctionnement d'appareils de commande commandes par programme d'un vehicule a moteur

Publications (1)

Publication Number Publication Date
WO2007045262A1 true WO2007045262A1 (fr) 2007-04-26

Family

ID=36581780

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2005/011331 WO2007045262A1 (fr) 2005-10-21 2005-10-21 Procede permettant de tester la disponibilite de fonctionnement d'appareils de commande commandes par programme d'un vehicule a moteur

Country Status (1)

Country Link
WO (1) WO2007045262A1 (fr)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2804212A1 (fr) * 2000-01-21 2001-07-27 Renault Procede de parametrage d'un systeme de diagnostic embarque sur un vehicule
US20030217306A1 (en) * 2002-05-17 2003-11-20 Harthcock Jerry D. Self-programmable microcomputer and method of remotely programming same

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2804212A1 (fr) * 2000-01-21 2001-07-27 Renault Procede de parametrage d'un systeme de diagnostic embarque sur un vehicule
US20030217306A1 (en) * 2002-05-17 2003-11-20 Harthcock Jerry D. Self-programmable microcomputer and method of remotely programming same

Similar Documents

Publication Publication Date Title
DE10307342B4 (de) Vorrichtung und Verfahren zur modellbasierten On-Board-Diagnose
EP2770389B1 (fr) Procédé de réalisation d'une configuration d'un système de test d'appareils de commande
DE102018113625A1 (de) Fehlerinjektionstestvorrichtung und -verfahren
EP2685382B1 (fr) Procédé et dispositif de création et de test d'un programme d'appareil de commande
DE102005044236B4 (de) Diagnosegerät
DE10323384A1 (de) Diagnosesystem
DE102004042002A1 (de) Verbesserte Reparaturverifikation für elektronische Fahrzeugsysteme
WO2003027850A2 (fr) Procede pour verifier le logiciel d'unites de commande et systeme de verification
EP2770434B1 (fr) Procédé de réalisation d'un inventaire des composants matériels rattachés à un système de test d'appareils de commande
EP1906377A1 (fr) Système et procédé d'intégration d'un système de contrôle de processus industriel dans un simulateur d'entraînement
DE102015108064B4 (de) Testsystem und Verfahren zum automatisierten Testen von wenigstens zwei gleichzeitig an das Testsystem angeschlossenen Steuergeräten sowie Steuergeräte-Anschluss- und Steuergeräte-Umschalteinheit zur Verwendung in einem solchen Testsystem
DE102006031242A1 (de) Verfahren zum Durchführen eines Tests
DE102019104055A1 (de) Diagnosesystem für Kraftfahrzeuge
WO2012168214A1 (fr) Système de simulation, procédé permettant d'effectuer une simulation, système de guidage et produit de programme informatique
DE10323390A1 (de) Telediagnose-Viewer
WO2008095518A1 (fr) Utilisation d'une architecture de diagnostic distribué dans autosar
EP1860565B1 (fr) Procédé destiné à la vérification du fonctionnement d'un appareil de commande pour un véhicule automobile
EP2729857B1 (fr) Documentation d'erreurs au sein d'une mémoire d'erreurs d'un véhicule à moteur
WO2015035438A1 (fr) Procédé pour vérifier des logiciels générés ainsi que dispositif de vérification pour la réalisation d'un tel procédé
WO2007045262A1 (fr) Procede permettant de tester la disponibilite de fonctionnement d'appareils de commande commandes par programme d'un vehicule a moteur
DE102008030162B4 (de) Verfahren zum Prüfen der Funktionsfähigkeit einer eingebetteten Komponente in einem eingebetteten System
DE102018217728B4 (de) Verfahren und Vorrichtung zum Schätzen von mindestens einer Leistungskennzahl eines Systems
DE102020204866A1 (de) Verfahren und Anordnung zum Bereitstellen eines Prüfstands zum Prüfen eines Verbundes aus Komponenten eines Kraftfahrzeugs
DE10307344A1 (de) Vorrichtung und Verfahren zur dezentralen On-Board-Diagnose für Kraftfahrzeuge
DE10121587A1 (de) Verfahren und Vorrichtung zur automatisierten Prüfung grundlegender CAN-Eigenschaften von Steuergeräten

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 05806412

Country of ref document: EP

Kind code of ref document: A1