

### ITEA 2 - 09033

# 

## TIMMO-2-USE

Timing Model - Tools, algorithms, languages, methodology, USE cases

Report type Report name Deliverable D9 Use Case and Requirements Specification

Report status Version number Date of preparation Public Version 1.0 2012-01-16

#### TIMMO-2-USE Partners

AbsInt Angewandte Informatik GmbH Arcticus Systems AB Chalmers University of Technology Continental Automotive GmbH Delphi France SAS dSpace GmbH **INCHRON GmbH** Institute National de Recherche en Informatique et Automatique INRIA Mälardalen University Rapita Systems Ltd, UK RealTime-at-Work Robert Bosch GmbH Symtavision GmbH Technische Universität Braunschweig University of Paderborn Volvo Technology AB

#### **Project Coordinator**

Dr. Daniel Karlsson

Volvo Group Trucks Technology Advanced Technology & Research Dept 6260, M2.7 405 08 Göteborg Sweden Tel.: +46 31 322 9949 Email: <u>Daniel.B.Karlsson@volvo.com</u>

© Copyright 2010-2012: The TIMMO-2-USE Consortium

Authors

Wendel Ramisch, INCHRON GmbH Stefan Kuntz, Continental Automotive GmbH

#### Document History

| Ve | ersion | Date       | Description              |
|----|--------|------------|--------------------------|
|    | 1.0    | 2012-01-16 | First published version. |

#### Table of contents

| ΤI | MMO-2-U           | SE Partners                                                                    | 2  |  |  |
|----|-------------------|--------------------------------------------------------------------------------|----|--|--|
| Aι | uthors            |                                                                                | 3  |  |  |
| D  | ocument H         | listory                                                                        | 4  |  |  |
| Та | able of contents5 |                                                                                |    |  |  |
| 1  | Executive         | e Summary                                                                      | 10 |  |  |
| 2  | Introducti        | on                                                                             | 10 |  |  |
| 3  | Approach          | 1                                                                              | 12 |  |  |
| 4  | Requirem          | nents                                                                          | 13 |  |  |
|    | 4.1 Red           | quirements Status                                                              | 13 |  |  |
|    | 4.1.1             | ABS#0001 - Timing Analysis in Implementation Phase                             | 13 |  |  |
|    | 4.1.2             | ABS#0002 - Perform Timing Analysis On Code-Level                               | 14 |  |  |
|    | 4.1.3             | ABS#0003 - Executable for WCET analysis                                        | 14 |  |  |
|    | 4.1.4             | ABS#0004 - Mapping to Source Code for WCET analysis                            | 14 |  |  |
|    | 4.1.5             | ABS#0005 - Analysis Start Point for WCET analysis                              | 14 |  |  |
|    | 4.1.6             | ABS#0006 - Loop Bounds for WCET analysis                                       | 15 |  |  |
|    | 4.1.7             | ABS#0007 - Recursion Bounds for WCET analysis                                  | 15 |  |  |
|    | 4.1.8             | ABS#0008 - Function Pointers for WCET analysis                                 | 16 |  |  |
|    | 4.1.9             | ABS#0009 - Volatile Variables for WCET analysis                                | 16 |  |  |
|    | 4.1.10            | ABS#0010 - Improving precision of WCET analysis                                | 16 |  |  |
|    | 4.1.11            | ABS#0011 - Supported Processor for WCET analysis                               | 17 |  |  |
|    | 4.1.12            | ABS#0012 - Processor Configuration for WCET analysis                           | 17 |  |  |
|    | 4.1.13            | ABS#0013 - Processor-Specific Hardware and Software Settings for WCET analysis | 17 |  |  |
|    | 4.1.14            | ABS#0014 - Cache Description for WCET analysis                                 | 18 |  |  |
|    | 4.1.15            | BOSCH#0001 - Control Timing Requirements                                       | 18 |  |  |
|    | 4.1.16            | BOSCH#0002 - Solution dependent and independent timing requirements            | 19 |  |  |
|    | 4.1.17            | BOSCH#0003 - Tracing of control timing requirements                            | 19 |  |  |
|    | 4.1.18            | BOSCH#0004 - Collaborative Engineering of Control Applications                 | 20 |  |  |
|    | 4.1.19            | BOSCH#0005 - Mode dependent timing requirements                                | 20 |  |  |
|    | 4.1.20            | BOSCH#0006 - Mode dependencies                                                 | 20 |  |  |
|    | 4.1.21            | BOSCH#0007 - Explicit and implicit events                                      | 20 |  |  |
|    | 4.1.22            | BOSCH#0008 - Concepts of time                                                  | 21 |  |  |
|    | 4.1.23            | BOSCH#0009 - Specification of events in the continuous environment             | 21 |  |  |
|    | 4.1.24            | BOSCH#0010 - Methodology for timing design of control applications             | 21 |  |  |
|    | 4.1.25            | BOSCH#0011 - Derivation of discrete timing requirements                        | 22 |  |  |
|    | 4.1.26            | CAG#0001 - Events between LoA                                                  | 22 |  |  |

| 4.1.27 | CAG#0002 - Event chains between LoA                       | 22 |
|--------|-----------------------------------------------------------|----|
| 4.1.28 | CAG#0003 - Age constraint on events                       | 22 |
| 4.1.29 | CAG#0004 - Synchronization constraint on events           | 23 |
| 4.1.30 | CAG#0005 - Hardware                                       | 23 |
| 4.1.31 | CAG#0006 - Obtain timing information (closed-loop)        | 24 |
| 4.1.32 | CAG#0007 - Use of SystemC                                 | 24 |
| 4.1.33 | CAG#0008 - Multi-Core                                     | 24 |
| 4.1.34 | CAG#0009 - Scheduling Analysis                            | 25 |
| 4.1.35 | CAG#0010 - Time Bases                                     | 25 |
| 4.1.36 | CAG#0011 - Time bases relation                            | 26 |
| 4.1.37 | CAG#0012 - Semantics of event chains (components)         | 26 |
| 4.1.38 | CAG#0013 - Semantics of event chains (connectors)         | 26 |
| 4.1.39 | CAG#0014 - Composition of runnable entities               | 27 |
| 4.1.40 | CAG#0015 - Assumptions on target systems                  | 28 |
| 4.1.41 | CAG#0016 - Use of AUTOSAR timing views                    | 28 |
| 4.1.42 | CAG#0017 - Reuse of events                                | 29 |
| 4.1.43 | CAG#0018 - Reuse of event chains                          | 30 |
| 4.1.44 | CAG#0019 - ID never used                                  | 30 |
| 4.1.45 | CAG#0020 - Revising timing constraints                    | 31 |
| 4.1.46 | CAG#0021 - Virtual Integration (timing)                   | 31 |
| 4.1.47 | CAG#0022 - Transition from DL to IL                       | 31 |
| 4.1.48 | CAG#0023 - Transition from AL to DL                       | 32 |
| 4.1.49 | CAG#0024 - Multi-Core (Scheduling Analysis)               | 32 |
| 4.1.50 | CAG#0025 - Safety (timing)                                | 32 |
| 4.1.51 | CAG#0026 - Age constraint per runnable entity             | 33 |
| 4.1.52 | CAG#0027 - Synchronization constraint per runnable entity | 34 |
| 4.1.53 | CAG#0028 - Integrating a component                        | 35 |
| 4.1.54 | CAG#0029 - Exchange a component                           | 35 |
| 4.1.55 | CAG#0030 - Distribute Jitter                              | 36 |
| 4.1.56 | CAG#0031 - HW/SW Co-design (Methodology)                  | 36 |
| 4.1.57 | CAG#0032 - HW/SW Co-design (Language)                     | 36 |
| 4.1.58 | CAG#0033 - EPF                                            | 36 |
| 4.1.59 | CAG#0034 - Automation                                     | 37 |
| 4.1.60 | CAG#0035 - Task synthesis                                 | 37 |
| 4.1.61 | CAG#0036 - Variability                                    | 37 |
| 4.1.62 | CAG#0037 - EAST-ADL XML                                   | 38 |
| 4.1.63 | CAG#0038 - Timing Analyses                                | 38 |
| 4.1.64 | CAG#0039 - Sequence Constraint                            | 38 |
|        |                                                           |    |

| 4.1.65  | CAG#0040 - Verify timing constraints                           |    |
|---------|----------------------------------------------------------------|----|
| 4.1.66  | CAG#0041 - TADL in modeling languages                          |    |
| 4.1.67  | CAG#0042 - Static verification                                 |    |
| 4.1.68  | CAG#0043 - Dynamic verification                                |    |
| 4.1.69  | CAG#0044 - Runtime trace                                       |    |
| 4.1.70  | CAG#0045 - Constraint language                                 | 40 |
| 4.1.71  | CAG#0046 - Mode dependent application                          |    |
| 4.1.72  | CAG#0047 - Mode dependent end-to-end delay                     |    |
| 4.1.73  | CAG#0048 - Mode switch in stimulus/response                    |    |
| 4.1.74  | CAG#0049 - Timing constraints on mode switch                   | 41 |
| 4.1.75  | CAG#0050 - TADL profile for dynamic UML diagrams               | 41 |
| 4.1.76  | CAG#0051 - Reuse of timing constraints                         | 41 |
| 4.1.77  | DSP#0001 - Code level exchange                                 | 42 |
| 4.1.78  | DSP#0002 - Code level analysis                                 | 42 |
| 4.1.79  | DSP#0003 - Code level results                                  | 42 |
| 4.1.80  | DSP#0004 - Target processor dependence                         | 42 |
| 4.1.81  | DSP#0005 - Levels of abstraction                               | 43 |
| 4.1.82  | DSP#0006 - Expressiveness                                      | 43 |
| 4.1.83  | DSP#0007 - Generation of timing test units                     | 43 |
| 4.1.84  | DSP#0008 - Test framework                                      | 43 |
| 4.1.85  | DSP#0009 - Re-use of test descriptions                         | 44 |
| 4.1.86  | INRIA#0001 - Multiform concepts of time                        | 44 |
| 4.1.87  | INRIA#0002 - Time bases                                        | 44 |
| 4.1.88  | INRIA#0003 - Timing expressions                                | 44 |
| 4.1.89  | INRIA#0004 - Functional time                                   | 45 |
| 4.1.90  | INRIA#0005 - Executable models                                 | 45 |
| 4.1.91  | RTAW#0001 - ECU partitioning                                   | 45 |
| 4.1.92  | RTAW#0002 - Extension of AUTOSAR R4.0                          | 45 |
| 4.1.93  | RTAW#0003 - Scenario based analysis                            | 46 |
| 4.1.94  | RTAW#0004 - Data Converters                                    | 46 |
| 4.1.95  | RTAW#0005 - Synchronized schedules                             | 46 |
| 4.1.96  | TUBS#0001 - Uncertainty                                        | 46 |
| 4.1.97  | TUBS#0002 - Uncertain parameters                               | 47 |
| 4.1.98  | TUBS#0003 - Timing analysis using uncertain timing information | 47 |
| 4.1.99  | TUBS#0004 - Obtain uncertain timing information                | 47 |
| 4.1.100 | UPB#0001 - Abstraction levels                                  | 47 |
| 4.1.101 | UPB#0002 - Event type a-periodic                               | 48 |
| 4.1.102 | UPB#0003 - Bus communication                                   | 48 |
|         |                                                                |    |

| 4.1.103 UPB#0004 - Delay and jitter                                           | 48 |
|-------------------------------------------------------------------------------|----|
| 4.1.104 UPB#0005 - Global time base                                           | 48 |
| 4.1.105 UPB#0006 - Transformation                                             | 49 |
| 4.1.106 UPB#0007 - Execution times                                            | 49 |
| 4.1.107 UPB#0008 - FIBEX compliance                                           | 49 |
| 4.1.108 UPB#0009 - AUTOSAR compliance                                         | 50 |
| 4.1.109 UPB#0010 - AUTOSAR Timing extensions                                  | 50 |
| 4.1.110 UPB#0011 - Multi-core support                                         | 50 |
| 4.1.111 UPB#0012 - Black box behavior                                         | 50 |
| 4.1.112 UPB#0013 - Reduce overhead                                            | 51 |
| 4.1.113 UPB#0014 - Time- and event triggering                                 | 51 |
| 4.1.114 UPB#0015 - Refinement and abstraction                                 | 51 |
| 4.1.115 UPB#0016 - Frame modeling                                             | 52 |
| 4.1.116 UPB#0017 - Synchronization                                            | 52 |
| 4.1.117 UPB#0018 - Redundancy/safety                                          | 52 |
| 4.1.118 UPB#0019 - Hardware relation                                          | 52 |
| 4.1.119 UPB#0020 - Offline simulation                                         | 53 |
| 4.1.120 UPB#0021 - Communication simulation                                   | 53 |
| 4.1.121 UPB#0022 - Software instruction level                                 | 53 |
| 4.1.122 UPB#0023 - AUTOSAR views                                              | 53 |
| 4.1.123 UPB#0024 - Relationship between time bases                            | 54 |
| 4.1.124 VTEC#0001 - Traceability between design and implementation levels     | 54 |
| 4.1.125 VTEC#0002 - Decomposition of time budget                              | 54 |
| 4.1.126 VTEC#0003 - Methods for estimating WCET at analysis and design levels | 54 |
| 4.1.127 VTEC#0003 - Timing specification of hardware                          | 55 |
| 4.1.128 VTEC#0004 - Timing budget negotiation between OEM and supplier        | 55 |
| 4.1.129 VTEC#0004 - Timing characteristics of behavior/algorithm              | 55 |
| 4.1.130 VTEC#0005 - Access right to TIMMO model                               | 56 |
| 4.1.131 VTEC#0006 - Different interpretations of timing information           | 56 |
| 4.1.132 VTEC#0007 - Timing constraints dependent on modes                     | 56 |
| 4.1.133 VTEC#0008 - Timing specifications depending on modes                  | 56 |
| 4.1.134 VTEC#0009 - Method and tool support for mode-dependent bus scheduling | 57 |
| 4.1.135 VTEC#0010 - Methodology support for mode-aware design                 | 57 |
| 4.1.136 VTEC#0011 - Support of multiple solutions                             | 57 |
| 4.1.137 VTEC#0012 - Decision of timing solution                               | 57 |
| 4.1.138 VTEC#0013 - Effect of a selected solution                             | 58 |
| 4.1.139 VTEC#0014 - Tool support for comparing alternative timing solutions   | 58 |
| 4.1.140 VTEC#0015 - Methodology support for change management                 | 58 |
|                                                                               |    |

| 4.1.141 VTEC#0016 - Definition of dependency                                         | . 58 |
|--------------------------------------------------------------------------------------|------|
| 4.1.142 VTEC#0017 - Identification of dependency                                     | . 59 |
| 4.1.143 VTEC#0018 - Reduction of design iteration                                    | . 59 |
| 4.1.144 VTEC#0019 - Continuous time specifications                                   | . 59 |
| 4.1.145 VTEC#0020 - Time delays for control applications                             | . 59 |
| 4.1.146 VTEC#0021 - Traceability between continuous and discrete time specifications | . 60 |
| 4.1.147 VTEC#0022 - Conversion from continuous time to discrete time                 | . 60 |
| 4.1.148 VTEC#0023 - Verification of component mapping                                | . 60 |
| 4.1.149 VTEC#0024 - Optimization of component mapping                                | . 61 |
| 4.1.150 VTEC#0025 - Model integration                                                | . 61 |
| 4.1.151 VTEC#0026 - Internal and external triggers                                   | . 61 |
| 4.1.152 VTEC#0027 - Schedulability analysis                                          | . 61 |
| 4.1.153 VTEC#0028 - Timing information and variability                               | . 62 |
| 4.1.154 VTEC#0029 - Configuration at the vehicle level                               | . 62 |
| 4.1.155 VTEC#0030 - Exploitation of vehicle configurations                           | . 62 |
| 4.1.156 VTEC#0031 - Scheduling based on vehicle configuration                        | . 63 |
| 4.1.157 VTEC#0032 - Infrastructure-independent timing information                    | . 63 |
| 4.1.158 VTEC#0033 - Methods for timing characterization of behavior/algorithm        | . 63 |
| 4.1.159 VTEC#0034 - Application-independent timing information                       | . 63 |
| 4.1.160 VTEC#0035 - Methods for timing characterization of hardware                  | . 64 |
| 4.1.161 VTEC#0036 - Support of flexible timing definition                            | . 64 |
| 4.1.162 VTEC#0037 - Methodology for development                                      | . 64 |
| 4.1.163 VTEC#0038 - Tool integration                                                 | . 64 |
| 4.1.164 VTEC#0039 - AUTOSAR compliance                                               | . 65 |
| 4.1.165 VTEC#0040 - EAST-ADL compliance                                              | . 65 |
| 4.1.166 VTEC#0041 - Model parameters                                                 | . 65 |
| 4.1.167 VTEC#0042 - Automatic model reuse                                            | . 65 |
| 4.1.168 VTEC#0043 - System parameters                                                | . 66 |
| 4.1.169 VTEC#0044 - Analysis of the synchronization constraint                       | . 66 |
| 4.1.170 VTEC#0045 - Signal age                                                       | . 66 |
| 4.1.171 VTEC#0046 - Methodology for synchronization issues                           | . 66 |
| 4.1.172 VTEC#0047 - Specification of probabilistic timing information                | . 67 |
| 4.1.173 VTEC#0048 - Analysis of probabilistic timing specifications                  | . 67 |
| 4.1.174 VTEC#0049 - Methodology to work with probabilistic timing specifications     | . 67 |
| 4.1.175 VTEC#UC0001 to VTEC#UC0011                                                   | . 68 |
| Use Cases                                                                            | . 68 |
| State-of-the-Art Analysis                                                            | . 69 |
| TIMMO-2-USE Models                                                                   | . 69 |
|                                                                                      |      |

| 8 | References | . 7 | 0 |
|---|------------|-----|---|
|---|------------|-----|---|

#### *1 Executive Summary*

The major work results of the work package 1 are:

- 1. The set of *requirements* is an essential input for conducting the work in the various work packages.
- The set of use cases is important for gaining a common understanding about the objectives of the TIMMO-2-USE project. In addition the use cases, like the requirements, are an important input for conducting the work in the various work packages.
- 3. The *state-of-the-art analysis* provides a basis for conducting the work in the various work packages. It especially for determines which of the existing/available approaches could be utilized and enhanced to satisfy the given requirements, or proposing new techniques in order to manage time information in the various steps of today's and future's development processes.
- 4. The *TIMMO-2-USE Use Cases and Requirements Model* provides the UML models describing use cases and requirements. The models have been created using the UML authoring tool Enterprise Architect from SPARX Systems.

#### 2 Introduction

#### Purpose

The purpose of this document is to describe the work carried out in work package 1 in phase 2 of the TIMMO-2-USE funded research project. In particular, it provides additional information and background on the work carried out in the work package 1 with regard to revising existing and specifying new requirements, revising existing and describing new use cases, and conducting a review of the state-of-the-art analysis.

#### Scope

The scope of this document is the work conducted in work package 1 during the second phase of the TIMMO-2-USE funded research project.

#### Abbreviations and Acronyms

The table below lists all abbreviations and acronyms used in this document.

| Abbreviation<br>Acronym | Description                                                                                                                                                                       |
|-------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| ATESST                  | Advancing Traffic Efficiency and Safety through Software Technology <a href="http://www.atesst.org">http://www.atesst.org</a>                                                     |
| AUTOSAR                 | AUTomotive Open System ARchitecture http://www.autosar.org                                                                                                                        |
| EAST-ADL                | Embedded Architectures and Software Technologies - Architecture Description Language http://www.east-adl.org                                                                      |
| FPP                     | Full Project Proposal                                                                                                                                                             |
| LoA                     | Level of Abstraction which is one of the five levels of abstraction defined in<br>the EAST-ADL specification: Vehicle, Analysis, Design, implementation and<br>Operational Level. |
| MAENAD                  | Model-based Analysis & Engineering of Novel Architectures for Dependable Electric Vehicles <a href="http://www.maenad.eu">http://www.maenad.eu</a>                                |
| SOTA                    | State-of-the-art [Analysis]                                                                                                                                                       |
| TIMMO                   | TIMing MOdel http://www.timmo-2-use.org/timmo                                                                                                                                     |

#### Structure of this document

The document consists of eight chapters. The chapter "Executive Summary" provides a brief summary about the results of the work conducted in work package 1. The section "Introduction" explains the purpose, scope, and structure of this document. The approach taken to perform the review of requirements and use cases is sketched out in section "Approach". Section "Requirements" provides a detailed report on the status of all requirements. Information about the revised use cases is given in section "Use Cases". The review of the state-ofthe-art report is described in section "State-of-the-Art Analysis".

Section "TIMMO-2-USE Models" provides information about the TIMMO-2-USE Models containing the requirements and use cases.

And last but not least, the chapter "References" lists important documents the reader of this document shall be aware of.

#### Structure of the Deliverable D9

The Deliverable D9 consists of several parts – each of these parts is a separate document. The primary reason for this structure is that the documents containing the requirements and the description of the use cases are generated using SPARX Systems Enterprise Architect UML Modeling Software. In order to unambiguously identify these parts the following scheme has been chosen:

- D9 The document which represents the "core" deliverable D9 and provides additional information and background on the work carried out in the work package 1 (this document).
- D9.1 The document which contains the requirements specified during the course of work package 1.
- D9.2 The document which contains the description of the use cases identified during the course of the work package 1.

- D9.3 The document which contains the state-of-the-art (SOTA) analysis conducted during the course of work package 1.
- D9.4 The Enterprise Architect Project file which contains the use cases and requirements models.

| 3 Approach                |                                                                                                                                                                                                                                                                                                                                                                 |
|---------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|                           | This chapter describes the approach taken to specify the requirements that are considered to be the basis for the various work packages in the TIMMO-2-USE project and the way relevant use cases were identified.                                                                                                                                              |
| Requirements              |                                                                                                                                                                                                                                                                                                                                                                 |
|                           | When work package 1 suspended its activity in phase 1 the various<br>work packages started to review the requirements at the very<br>beginning and before any task was started. During this period of time<br>requirements were assessed and revised and any change was<br>reported to the work package 1 leader in order to keep track of any<br>modification. |
|                           | At the beginning of phase 2 the work package 1 leader asked every<br>work package leader to review the requirements again and report the<br>state of the requirements at that time. For this purpose three states<br>were defined:                                                                                                                              |
|                           | 1. A requirement is already satisfied.                                                                                                                                                                                                                                                                                                                          |
|                           | 2. A requirement is <i>not</i> [yet] <i>satisfied</i> but will be satisfied until the end of the project.                                                                                                                                                                                                                                                       |
|                           | 3. A requirement is <i>not satisfied</i> and cannot be satisfied until the end<br>of the project. In this case a justification shall be provided in order<br>to convey the reason for this case, for example due to the fact<br>that satisfying a requirement requires more effort than time is<br>available until the end of the project.                      |
|                           | Section 4 provides more and detailed information about every revised requirement.                                                                                                                                                                                                                                                                               |
| Use Cases                 |                                                                                                                                                                                                                                                                                                                                                                 |
|                           | Section 5 provides more and detail information about the reviewed and revised use cases.                                                                                                                                                                                                                                                                        |
| State of the ort Applysia |                                                                                                                                                                                                                                                                                                                                                                 |
| State-of-the-art Analysis | After work package 1 suspended its activity in phase 1 a dedicated group of individuals reviewed the state-of-the-art analysis and proposed some changes.                                                                                                                                                                                                       |
|                           | Section 6 provides more information on the changes applied to the contents of the state-of-the-art analysis.                                                                                                                                                                                                                                                    |

#### 4 Requirements

An important work product of the work package 1 is the specification of requirements for the TIMMO-2-USE project. These requirements were reviewed and revised during the beginning of work packages 2 through 5. In addition, the requirements were reviewed and revised by work package 1 during the beginning of phase 2.

#### **Requirements Document**

For more details about the requirements reviewed and revised refer to deliverable D9.1 [5].

#### Statistics

Table 1 provides a summary of the requirements coverage.

| Status      | #   | Description                                                                                                                      |
|-------------|-----|----------------------------------------------------------------------------------------------------------------------------------|
| Approved    | 112 | These requirements are still not satisfied but will be satisfied at the end of the project TIMMO-2-USE.                          |
| Implemented | 46  | These requirements are already satisfied.                                                                                        |
| Rejected    | 26  | The vast majority of these requirements are not<br>in the scope of TIMMO-2-USE. If possible a<br>solution has been sketched out. |
| Total:      | 184 |                                                                                                                                  |

Table 1: Requirements Coverage and Statistics.

#### 4.1 Requirements Status

The following subsections list all requirements that have been specified during phase 1. Every subsection is structured as follows:

- Status. This paragraph provides information about the current state of the requirement. It indicates whether the requirement has been changed or left unchanged.
- Description. If the requirement as been changed then this paragraph contains the revised description of the requirement.
- Rational/Comment/Justification. This paragraph either provides a justification for revising the requirement, a comment that provides more information about the background and possible solutions, or a rational for the requirement.

#### 4.1.1 ABS#0001 - Timing Analysis in Implementation Phase

#### Status

The requirement has been changed. The status of this requirement is set to "Implemented".

#### Description

None

Rational/Comment/Justification

The specific use case "Perform Timing Analysis On Code-Level" addresses this issue.

#### 4.1.2 ABS#0002 - Perform Timing Analysis On Code-Level

Status

The requirement has been changed. The status of this requirement is set to "Implemented".

Description

None

Rational/Comment/Justification

The specific use case "Perform Timing Analysis On Code-Level" addresses this issue.

#### 4.1.3 ABS#0003 - Executable for WCET analysis

Status

The requirement has been changed. The status of this requirement is set to "Implemented".

Description

None

Rational/Comment/Justification

During the Implementation Phase executables are available. This is ensured by the AUTOSAR methodology.

#### 4.1.4 ABS#0004 - Mapping to Source Code for WCET analysis

Status

The requirement has been changed. The status of this requirement is set to "Implemented".

Description

None

Rational/Comment/Justification

During the Implementation phase source code, debug information and/or map files are available. This is ensured by the AUTOSAR methodology.

#### 4.1.5 ABS#0005 - Analysis Start Point for WCET analysis

#### Status

The requirement has been changed. The status of this requirement is set to "Implemented".

#### Description

#### None

Rational/Comment/Justification

The entries of executable entities are recorded in the AUTOSAR models and are available for conducting WCET analysis.

#### 4.1.6 ABS#0006 - Loop Bounds for WCET analysis

Status

The requirement has not been changed.

Description

None

Rational/Comment/Justification

This requirement is concerned with specifying a language or format to exchange such annotations. Such an activity is outside the scope of the project TIMMO-2-USE. However, the work package 1 members agree that a standardized language, or exchange format, would be a good thing. Right now every WCET analysis tool has its own annotation format for providing this kind of needed information. As the need grows to exchange information between tools, and software providers, this fact becomes more and more of a hindrance to the efficient use of WCET analysis tools in tool chains.

See also subsection 4.1.77.

4.1.7 ABS#0007 - Recursion Bounds for WCET analysis

Status

The requirement has not been changed.

Description

None

Rational/Comment/Justification

This requirement is concerned with specifying a language or format to exchange such annotations. Such an activity is outside the scope of the project TIMMO-2-USE. However, the work package 1 members agree that a standardized language, or exchange format, would be a good thing. Right now every WCET analysis tool has its own annotation format for providing this kind of needed information. As the need grows to exchange information between tools, and software providers, this fact becomes more and more of a hindrance to the efficient use of WCET analysis tools in tool chains.

See also subsection 4.1.77.

#### 4.1.8 ABS#0008 - Function Pointers for WCET analysis

#### Status

The requirement has not been changed.

Description

None

#### Rational/Comment/Justification

This requirement is concerned with specifying a language or format to exchange such annotations. Such an activity is outside the scope of the project TIMMO-2-USE. However, the work package 1 members agree that a standardized language, or exchange format, would be a good thing. Right now every WCET analysis tool has its own annotation format for providing this kind of needed information. As the need grows to exchange information between tools, and software providers, this fact becomes more and more of a hindrance to the efficient use of WCET analysis tools in tool chains.

See also subsection 4.1.77.

#### 4.1.9 ABS#0009 - Volatile Variables for WCET analysis

Status

The requirement has not been changed.

Description

None

#### Rational/Comment/Justification

This requirement is concerned with specifying a language or format to exchange such annotations. Such an activity is outside the scope of the project TIMMO-2-USE. However, the work package 1 members agree that a standardized language, or exchange format, would be a good thing. Right now every WCET analysis tool has its own annotation format for providing this kind of needed information. As the need grows to exchange information between tools, and software providers, this fact becomes more and more of a hindrance to the efficient use of WCET analysis tools in tool chains.

See also subsection 4.1.77.

#### 4.1.10 ABS#0010 - Improving precision of WCET analysis

#### Status

The requirement has not been changed.

Description

None

Rational/Comment/Justification

This requirement is concerned with specifying a language or format to exchange such annotations. Such an activity is outside the scope of the project TIMMO-2-USE. However, the work package 1 members agree that a standardized language, or exchange format, would be a good thing. Right now every WCET analysis tool has its own annotation format for providing this kind of needed information. As the need grows to exchange information between tools, and software providers, this fact becomes more and more of a hindrance to the efficient use of WCET analysis tools in tool chains.

See also subsection 4.1.77.

#### 4.1.11 ABS#0011 - Supported Processor for WCET analysis

Status

The requirement has been changed. The status of this requirement is set to "Implemented".

Description

None

#### Rational/Comment/Justification

During the Implementation phase source code is compiled for a specific target processor. This is ensured by the AUTOSAR methodology.

#### 4.1.12 ABS#0012 - Processor Configuration for WCET analysis

Status

The requirement has been changed. The status of this requirement is set to "Implemented".

Description

#### None

#### Rational/Comment/Justification

The AUTOSAR Resource Template provides means to specify hardware properties — including processors and their internals, like caches, etc. This description can be used to specify the configuration of a processor and utilize the information in the WCET analysis activities.

The specific use case "Perform Timing Analysis on Code-Level" may be used to provide some examples of using the AUTOSAR Resource Template for this purpose.

#### 4.1.13 ABS#0013 - Processor-Specific Hardware and Software Settings for WCET analysis

#### Status

The requirement has been changed.

#### Description

#### None

Rational/Comment/Justification

The AUTOSAR Resource Template provides means to specify hardware settings — including processors and their internals, like caches, etc. This description can be used to specify the configuration of a processor and utilize the information in the WCET analysis activities.

The specific use case "Perform Timing Analysis on Code-Level" may be used to provide some examples of using the AUTOSAR Resource Template for this purpose.

The following questions were raised during the discussion in phase 2 and need to be answered: What is meant by "Software Settings"? Is the Basic Software Configuration meant here? In this case all the information contained in the Basic Software Configuration respectively ECU Configuration can be utilized.

#### 4.1.14 ABS#0014 - Cache Description for WCET analysis

Status

The requirement has been changed. The status of the requirement is set to "Implemented".

Description

None

#### Rational/Comment/Justification

The AUTOSAR Resource Template provides means to specify hardware properties — including processors and their internals, like cache, etc. This description can be used to specify the configuration of a processor and utilize the information in the WCET analysis activities.

The specific use case "Perform Timing Analysis on Code-Level" may be used to provide some examples of using the AUTOSAR Resource Template for this purpose. For example, the use case can provide examples to specify the characteristics of caches and their configurations for some processors.

#### 4.1.15 BOSCH#0001 - Control Timing Requirements

Status

The requirement has been changed. The status of this requirement is set to "Implemented".

Description

None

#### Rational/Comment/Justification

The EAST-ADL provides means to model a plant using the Environment package. This plant model contains all the [timing] information about the plant or at least provides all information to derive those [timing] information. In other words, the external model is used to specify all the parameters respectively characteristics of the plant and the EAST-ADL provides means to reference the corresponding element in the model that represents the plant.

In particular, the element "Function Behavior" references the element "Function Type". The element "Function Behavior" is a kind of placeholder for the behavior model that is described with appropriate means, like MATLAB/Simulink, Stateflow, etc.

Comment: The term "Shannon Threshold Frequency" is used in the description but the "Shannon-Nyquist Sampling Theorem" is meant.

See also subsections 4.1.25 and 4.1.144.

#### 4.1.16 BOSCH#0002 - Solution dependent and independent timing requirements

Status

The requirement has been changed. The status of this requirement is set to "Implemented".

Description

None

#### Rational/Comment/Justification

This requirement asks for a capability to express whether a requirement is directly derived from another requirement or a requirement originated from a given solution, for example the existence of an Analysis Function on the Analysis Level.

The EAST-ADL provides means to create relationships between requirements, between requirements and elements representing solutions. The capabilities and semantics of the element "Refine" shall be checked in order to be used as a relationship to specify that a requirement originates from, for example a Function Type.

See also subsection 4.1.22.

#### 4.1.17 BOSCH#0003 - Tracing of control timing requirements

#### Status

The requirement has been changed. The status of this requirement is set to "Implemented".

Description

None

Rational/Comment/Justification

The EAST-ADL provides means to specify relationships between requirements.

See also subsections 4.1.146 and 4.1.147.

4.1.18 BOSCH#0004 - Collaborative Engineering of Control Applications

Status

The requirement has not been changed.

Description

None

Rational/Comment/Justification

The main use case "Develop Control Applications" (UC#0005) and the specific use case "Explore Design Alternatives for Control Applications" address this topic.

*4.1.19* BOSCH#0005 - Mode dependent timing requirements

Status

The requirement has been changed. The status of this requirement is set to "Implemented".

Description

None

Rational/Comment/Justification

TADL provides means to mark a timing constraint to be valid only in a specific mode.

See also subsections 4.1.71, 4.1.72, 4.1.132 and 4.1.133.

4.1.20 BOSCH#0006 - Mode dependencies

Status

The requirement has not been changed.

Description

None

Rational/Comment/Justification

The EAST-ADL Specification [3] provides means to specify transitions between states in the "Annex C: Behavior constraints". This can be combined with the TADL such that a timing constraint does not only "depend" on a state/mode but also on a state/mode transition.

See also subsections 4.1.71, 4.1.72, 4.1.73, 4.1.74, 4.1.132 and 4.1.133.

4.1.21 BOSCH#0007 - Explicit and implicit events

Status

The requirement has not been changed.

#### Description

None

Rational/Comment/Justification

The term "Explicit Event" refers to events that occur at the boundary between environment (plant) and system (controller). Such events lead to reactions of the system (controller) which influences the environment.

The term "Implicit Event" refers to events that occur in the environment and lead to a different behavior of the environment. Those events cannot directly (explicitly) be detected by the system.

#### 4.1.22 BOSCH#0008 - Concepts of time

Status

The requirement has not been changed.

Description

None

Rational/Comment/Justification

See also subsections 4.1.16, 4.1.23 and 4.1.86

4.1.23 BOSCH#0009 - Specification of events in the continuous environment

Status

The requirement has not been changed.

Description

None

Rational/Comment/Justification

See also subsections 4.1.16, 4.1.22 and 4.1.86

4.1.24 BOSCH#0010 - Methodology for timing design of control applications

#### Status

The requirement has not been changed.

Description

None

#### Rational/Comment/Justification

The main use case "Develop Control Applications" (UC#0005) and the specific use case "Explore Design Alternatives for Control Applications" address this topic.

4.1.25 BOSCH#0011 - Derivation of discrete timing requirements

#### Status

The requirement has been changed. The status of this requirement has been set to "Rejected".

#### Description

None

#### Rational/Comment/Justification

This is a duplicate of the requirement BOSCH#0001. See also subsection 4.1.15.

#### 4.1.26 CAG#0001 - Events between LoA

Status

The requirement has not been changed.

Description

None

Rational/Comment/Justification

None

#### 4.1.27 CAG#0002 - Event chains between LoA

Status

The requirement has not been changed.

Description

None

Rational/Comment/Justification

None

#### 4.1.28 CAG#0003 - Age constraint on events

#### Status

The requirement has been revised.

Description

The language shall provide the capability to impose an age constraint on an event that either references an input flow port, a server port, or a function type.

#### Rational/Comment/Justification

The current state of the language provides the Age Constraint to specify an age constraint on an event chain. This requires that the relationship between events, namely stimulus events *and* response events, is known.

In the case of building systems based on existing [reusable] components such relationships may not be known beforehand. But the fact that the age of data received by a component via its function ports shall have an upper limit, or in case of an event triggering the "execution" of a function shall be "not older than a given amount of time".

A new type of time constraint is required that can be imposed on events.

#### 4.1.29 CAG#0004 - Synchronization constraint on events

Status

The requirement has been revised.

Description

The language shall provide the capability to impose synchronization constraints on events.

#### Rational/Comment/Justification

The current state of the language provides the Input and Output Synchronization Constraints to specify synchronicity constraints on an event chain. This requires that the relationship between events, namely stimulus events *and* response, is known.

In the case of building systems based on existing [reusable] components such relationships may not be known beforehand. But the fact that events shall occur simultaneously is known and shall be expressed as a constraint. For example, all events referencing an input flow port of a component shall occur simultaneously.

A new type of time constraint is required that can be imposed on events.

#### 4.1.30 CAG#0005 - Hardware

Status

The requirement has been revised.

Description

The language shall provide means to specify events referencing Hardware Pins and Hardware Pin Groups.

#### Rational/Comment/Justification

The current state of the language does not provide any capability to specify events referencing "ports" in the Hardware Design Architecture HDA. Thus, it is not possible to specify any timing information in the HDA respectively impose any timing constraint on hardware components.

The current state of the language allows one to make use of the element Hardware Function Type HFT which appears on the Design Level in the Functional Design Architecture FDA. The element HFT references a hardware component type specified in the HDA. One can specify events referencing the ports of the HFT and then impose

timing constraints on those events and the event chains referencing these events. However, the relation between ports of the HFT and pins/pin groups of the Hardware Component Type cannot be specified.

Conclusion: The solution sketched out is not sufficient and still makes it hard to express a precise relationship between the ports of the HFT in the FDA and the pins in the HDA.

See also subsections 4.1.118, 4.1.127 and 4.1.151.

#### 4.1.31 CAG#0006 - Obtain timing information (closed-loop)

Status

The requirement has not been changed.

Description

None

#### Rational/Comment/Justification

The main use case "Develop Control Application" (UC#0005) and the specific use cases "Explore Design Alternatives for Control Applications", "Control Scheduling Co-Design with Fixed Rates", "Control Scheduling Co-Design with Flexible Timing Structure", and "Transform Continuous Time Model to Discrete Time Model" are addressing this topic.

#### 4.1.32 CAG#0007 - Use of SystemC

Status

The requirement has not been changed.

Description

#### None

#### Rational/Comment/Justification

A demonstrator/validation has been specified to verify whether SystemC is the appropriate means to accomplish this. This is not really a requirement rather a wish to assess SystemC's capabilities for creating "executable" models in the sense that simulation can be performed. Such simulations could be used to verify and validate the created models.

See also subsection 4.1.90 and 4.1.119.

#### 4.1.33 CAG#0008 - Multi-Core

#### Status

The requirement has been changed. The status of this requirement has been set to "Rejected".

Description

None

#### Rational/Comment/Justification

The language has been reviewed with regard to this topic and the result of the scrutiny is that the capabilities of the language are sufficient to specify *timing information* in the context of multi-core systems. The language provides two important capabilities related to concurrency: Precedence and Synchronization constraints. The first element is used to ensure that executable entities realizing functions are executed in subsequent order even on a multi-core processor, and the latter is used to ensure synchronicity of executions and transmissions of data.

See also subsections 4.1.49 and 4.1.110.

#### 4.1.34 CAG#0009 - Scheduling Analysis

Status

The requirement has been changed. The status of this requirement is set to "Implemented".

Description

None

#### Rational/Comment/Justification

This requirement can be interpreted in the following ways:

• The methodology shall describe what information from models on higher levels of abstraction and views (AUTOSAR) on the Implementation Level are required in order to perform scheduling analysis during the Implementation Phase.

Such a requirement is already satisfied because the AUTOSAR models on the Implementation Level provide all information to perform scheduling analysis during the Implementation phase.

• What information from models on a level of abstraction is required to perform a scheduling analysis on that level of abstraction respectively during the corresponding phase?

This question is still not answered and leads to the fact that this requirement is still valid.

The work package 1 members tend to the first interpretation and that results in the fact that the requirement has been satisfied already.

See also subsection 4.1.152.

# 4.1.35 CAG#0010 - Time Bases Status The requirement has been revised. The status of the requirement has been set to "Implemented" Description The lenguage shall provide means to energify the ecourtement of an analysis.

The language shall provide means to specify the occurrences of an event.

The language already provides means to specify the occurrences of an event: The element "Event Constraint" is used to accomplish this.

See also subsections 4.1.87, 4.1.104 and 4.1.123.

#### 4.1.36 CAG#0011 - Time bases relation

Status

The requirement has been revised.

Description

The language shall provide means to specify the relation between the occurrences of two or more events.

#### Rational/Comment/Justification

This is still an issue and has been discussed already in the project TIMMO. See presentation held during the TIMMO WP2 meeting on December 10<sup>th</sup> and 11<sup>th</sup>, 2008 in Vienna. Possibly the introduction of the concept "Symbolic Time Expression STE" solves this issue.

See also subsection 4.1.123.

#### 4.1.37 CAG#0012 - Semantics of event chains (components)

Status

The requirement has been changed. The status of this requirement is set to "Implemented".

Description

None

Rational/Comment/Justification

The originator admitted that the semantics of event chains related to components/functions is defined. It specifies the relationship between events that are observed at the ports of a function. This relationship means that if the stimulus event occurs then the response event occurs; or in other words that the response event only occurs if the stimulus event occurred before.

#### 4.1.38 CAG#0013 - Semantics of event chains (connectors)

#### Status

The requirement has not been changed.

Description

None

#### Rational/Comment/Justification

Despite the fact that the originator admits that the semantics of event chain is defined and unambiguous, the question still remains how to interpret timing models containing event chains that cover connectors only as shown in Figure 1.



- ATC OSTC Output Synchronization Constraint
- ISTC Input Synchronization Constraint

Figure 1: Output Synchronization Constraint imposed on an Event Chain "spanning" a Connector.

Considering the various constraints that can be imposed on such an event chain the question is what is the meaning of every timing model and what exactly is meant. Since the project TIMMO-2-USE is largely concerned with use and practices there should be a response to this requirement.

#### 4.1.39 CAG#0014 - Composition of runnable entities

#### Status

The requirement has been revised and its status has been set to "Rejected".

Description

The alias of this requirement has been changed from "Composability of runnable entities" to "Composition of runnable entities".

#### Rational/Comment/Justification

EC

E#

DC

RC

This is a structural modeling issue and is not related to timing. In addition, it is a requirement imposed on AUTOSAR because it explicitly refers to runnable entities which exist only in the AUTOSAR domain.

Typically, an embedded real-time system consists of several thousand executable entities and during the configuration of the operating system to be executed on an ECU those runnable entities must be mapped to available operating system tasks. Considering the huge number of runnable entities that need to be managed this is

a tedious and time consuming task. In order to ease this task, runnable entities with the same or similar execution characteristics and constraints could be tied together and this bundle can be mapped to the corresponding task. Another possibility would be to figure out a way to perform this semi-automatic.

#### 4.1.40 CAG#0015 - Assumptions on target systems

Status

The requirement has been changed. The status of this requirement is set to "Rejected".

Description

None

Rational/Comment/Justification

Initially, this requirement originated from the project TIMMO and was taken on by the project TIMMO-2-USE. The conclusion drawn by the work package 1 members is that this topic is out of scope for two reasons:

- 1. The number of possible system properties one can make assumptions on is by far too large to deal with them in the project TIMMO-2-USE.
- 2. Most of the system properties one can make assumptions on are not timing related.

Therefore, this topic is a good candidate for proposing a separate research activity that addresses the issues related to making assumptions on a target system and how to formalize the description of such assumptions.

4.1.41 CAG#0016 - Use of AUTOSAR timing views

Status

The requirement has not been changed.

Description

None

Rational/Comment/Justification

The specific use cases "Transform Timing Information from Design Level to Implementation Level" describes how models, including timing, on the Design Level are used to create the corresponding AUTOSAR models/descriptions on the Implementation Level especially AUTOSAR timing views, and vice versa.

The use of AUTOSAR timing views on the Implementation Level is already described in the AUTOSAR Specification of Timing Extensions [2]. In addition, the next revision of this specification to be released and of 2012 will contain further information about how to create timing models in the specific timing views.

#### 4.1.42 CAG#0017 - Reuse of events

#### Status

The requirement has not been changed.

Description

#### None

#### Rational/Comment/Justification

The element "Event" of the language references the location in a system where the occurrence of the specified event is observed. The language provides means, called instance references, to reference

- Function Flow Ports,
- Function Client/Server Ports, and
- Function Prototypes.

In case of ports, the event may reference a port that is part of a Function Type or a port of a Function Prototype that is "derived" from a Function Type, in other words is an instance of the corresponding Function Type.

Assumed one defines a Function Type that has two Function Flow Ports: one is an input function flow port and the other one is an output function flow port. In addition, one "annotates" timing information: an event is defined referencing the input function flow port and a second event is defined referencing the output function flow port of this Function Type. In order to complete the timing model two timing constraints are specified. The first timing constraint, a periodic event constraint (period = 5ms, jitter = 1ms), is imposed on the event referencing the input port; and the second timing constraint, a periodic event constraint (period = 10ms, jitter = 2ms), is imposed on the output port.<sup>1</sup> The models are packed together and are regarded as a re-usable component/artifact which can be used to build up different/various systems.

In a further step a system is created using this Function Type. For this purpose a Function Prototype is created based upon the given Function Type. And at this point the question arises about the instantiation rules of the timing information. The events defined in the timing model of the function type still referencing the input and output ports of the Function Type.

Neither the EAST-ADL specification nor the TADL specification provides any explicit explanations and rules for such instantiation.

Further cases are when a Function Type is used several times in the same system, or one adds additional timing information, but the

<sup>&</sup>lt;sup>1</sup> **Thoughts**: In this situation the timing constraints can be regarded as assumptions made on the target system. For example, the component requires that the target system provides the data via the input function flow port at the rate specified by the timing constraint.

events referencing the ports of the Function Prototype — how to solve the conflict when the imposed timing constraints are different?

**NOTE!** This is general unresolved issue with regard to types and prototypes and elements referencing them directly or parts of them.



Figure 2: Reuse of Events and Event Chains.

#### CAG#0018 - Reuse of event chains 4.1.43

Status

The requirement has not been changed.

Description

Rational/Comment/Justification

This requirement addresses the same topic as described in section 4.1.42. In this case the question is how to deal with event chains and the timing constraints imposed on those event chains when the events of the event chains reference ports of a Function Prototype.

#### 4.1.44 CAG#0019 - ID never used

This requirement ID has never been used.

Status

None

None

Description

None

Rational/Comment/Justification

None

#### 4.1.45 CAG#0020 - Revising timing constraints

Status

The requirement has not been changed.

Description

None

Rational/Comment/Justification

This requirement addresses a similar topic as described in sections 4.1.42 and 4.1.43. It is slightly different because the question is here how to "override" the value of a timing constraint that is part of the timing model related to the Function Type. For example, a given Function Type is used in several systems, but *only* the value of a timing constraint is altered depending on the target system.

There are two possible ways tackling this issue:

- 1. Variant management. Using the capabilities of variant management and create variants with the required values of timing constraints.
- 2. Symbolic Timing Expressions. Using symbolic timing expressions and provide means to set the corresponding value depending on the context of the system the component is being used.
- 4.1.46 CAG#0021 Virtual Integration (timing)

Status

The requirement has not been changed.

Description

None

Rational/Comment/Justification

The main use case "Integrate Re-usable Component" (UC#0012) and the specific use case "Integrate Re-usable SW-Component" address this topic.

#### 4.1.47 CAG#0022 - Transition from DL to IL

#### Status

The requirement has not been changed.

Description

None

#### Rational/Comment/Justification

The specific use case "Transform Timing Information from Design Level to Implementation Level" addresses this topic.

#### 4.1.48 CAG#0023 - Transition from AL to DL

Status

The requirement has not been changed.

Description

None

Rational/Comment/Justification

The specific use case "Transform Timing Information from Analysis Level to Design Level" addresses this topic.

#### 4.1.49 CAG#0024 - Multi-Core (Scheduling Analysis)

Status

The requirement has not been change. The status of the requirement has been set to "Implemented".

Description

None

Rational/Comment/Justification

In practice, scheduling analysis is conducted during the implementation and operational phase. On the Implementation Level respectively during the Implementation Phase the AUTOSAR models provide sufficient means to describe all information required to perform such analysis.

See also subsections 4.1.33 and 4.1.110.

4.1.50 CAG#0025 - Safety (timing)

#### Status

The requirement has been revised. The status of the requirement has been set to "Rejected".

Description

None

Rational/Comment/Justification

The requirement is by far too vague. Any attempt to provide a comprehensible and unambiguous requirement failed and the partner decided to withdraw this requirement. Other funded research projects, like MAENAD, SAFE, TimeSafe, etc. are dealing with this topic.

#### *4.1.51* CAG#0026 - Age constraint per runnable entity

#### Status

The requirement has been revised. The status of the requirement has been set to "Rejected".

#### Description

None

#### Rational/Comment/Justification

This is a timing modeling issue related to AUTOSAR Specification of Timing Extensions [2]. In addition, it is a requirement imposed on AUTOSAR because it explicitly refers to runnable entities which exist only in the AUTOSAR domain respectively the Implementation Level.

The AUTOSAR Specification of Timing Extensions enables one to impose an age timing constraint on events related to the receipt of data via ports of software components. The internal behavior of a software component may contain several runnable entities. These runnable entities access data received via the ports of the software component. Since the age timing constraint refers to data received via a port, the age timing constraint is imposed on all runnable entities reading the specific data irrespective of the fact that some of those runnable entities may not have the same age timing constraint specified on the "port level". As a consequence, a system integrator maps all runnable entities to a task with a recurrence that satisfies the age timing constraint, but it may be the case that only one of those runnable entities need to be executed with the proper frequency and all other could be executed less frequent.

In order to enable one to define the age timing constraint for every runnable entity individual, the language shall provide the appropriate means.

Figure 3 sketches out a possible solution and gives an idea how to satisfy this requirement. The shown timing model indicates that the age timing constraint applies only to RE1, but not to RE2 and RE3. One could also imagine that the Age Timing Constraints (ATC) imposed on the two event chains are different [,but of course must be consistent].



Figure 3: Age Timing Constraint per Runnable Entity.

On the other hand exactly *one* [the same] Age Timing Constraint may be imposed on both event chains. This would express that *this* Age Timing Constraint is imposed on both event chains.

#### 4.1.52 CAG#0027 - Synchronization constraint per runnable entity

Status

The requirement has been revised. The status of the requirement has been set to "Rejected".

Description

None

#### Rational/Comment/Justification

This is a timing modeling issue related to AUTOSAR Specification of Timing Extensions [2]. In addition, it is a requirement imposed on AUTOSAR because it explicitly refers to runnable entities which exist only in the AUTOSAR domain respectively the Implementation Level.

Figure 4 sketches out a possible solution and gives an idea how to satisfy this requirement. The shown timing model indicates that the synchronization constraint applies only to RE1, but not to RE2 and RE3. One could also imagine that the Synchronization Constraints (STC) imposed on the two event chains are different [,but of course must be consistent].



Figure 4: Synchronization Timing Constraint per Runnable Entity.

#### 4.1.53 CAG#0028 - Integrating a component

Status

The requirement has not been changed.

Description

None

Rational/Comment/Justification

The main use case "Integrate Re-usable Component" (UC#0012) and the specific use case "Integrate Re-usable SW-Component" address this topic.

#### 4.1.54 CAG#0029 - Exchange a component

#### Status

The requirement has not been changed.

Description

None

#### Rational/Comment/Justification

The main use case "Integrate Re-usable Component" (UC#0012) and the specific use case "Integrate Re-usable SW-Component" address this topic.

#### 4.1.55 CAG#0030 - Distribute Jitter

#### Status

The requirement has been changed. The status of this requirement has been set to "Implemented".

#### Description

None

#### Rational/Comment/Justification

By and large, if a time budget is specified including a jitter (variation) then the values of all timing constraints imposed on the time budget's [event chain] segments must chosen such that the upper bound of the time budget is not exceeded.

#### 4.1.56 CAG#0031 - HW/SW Co-design (Methodology)

Status

The requirement has been changed. The status of the requirement has been set to "Rejected".

Description

None

#### Rational/Comment/Justification

The originator of this requirement has decided to withdraw this requirement, because it is primarily not in the scope of the TIMMO-2-USE project.

#### 4.1.57 CAG#0032 - HW/SW Co-design (Language)

Status

The requirement has been changed. The status of the requirement is set to "Implemented".

Description

None

#### Rational/Comment/Justification

The EAST-ADL and AUTOSAR provide means to model software and hardware as well as referencing relevant model elements between those domains.

There is still a lack of modeling capabilities with regard to timing and the requirement described in section 4.1.30 still has to be satisfied.

#### 4.1.58 CAG#0033 - EPF

#### Status

The requirement has been changed. The status of this requirement is set to "Implemented".

None

Rational/Comment/Justification

Eclipse Process Framework (EPF) is being used for modeling methodology since the beginning of work package 4 "Methodology".

# 4.1.59 CAG#0034 - Automation

Status

The requirement has been changed. The status of this requirement is set to "Rejected".

Description

None

Rational/Comment/Justification

The originator of this requirement has decided to withdraw this requirement, because it is a nominal member of the work package 1 activities and has not been completed at all.

| 4.1.60 | CAG#0035 - | Task s | vnthesis |
|--------|------------|--------|----------|
|        |            |        |          |

Status

The requirement has been changed. The status of this requirement is set to "Rejected".

Description

None

Rational/Comment/Justification

This requirement is not in the scope of the TIMMO-2-USE project and the members of work package 1 agreed to withdraw this requirement.

# 4.1.61 CAG#0036 - Variability

Status

The requirement has not been changed.

Description

None

#### Rational/Comment/Justification

The main use case "Specify Variability and Timing Information" (UC#0006) addresses this topic. Work package 4 "Methodology" regards this topic as cross-cutting concern.

See also subsection 4.1.153.

# 4.1.62 CAG#0037 - EAST-ADL XML

#### Status

The requirement has been changed. The status of this requirement is set to "Rejected".

#### Description

None

# Rational/Comment/Justification

This requirement addresses a topic that is not in the scope of the TIMMO-2-USE project. The EAST-ADL XML interchange format is specified in the funded research project MAENAD.

See also subsection 4.1.163.

## 4.1.63 CAG#0038 - Timing Analyses

#### Status

The requirement has not been changed.

Description

#### None

#### Rational/Comment/Justification

Several use cases have been defined at the beginning of the project in order to address this topic and to describe the possible timing analysis techniques that could be applied.

# 4.1.64 CAG#0039 - Sequence Constraint

## Status

The requirement has been changed. The status of this requirement is set to "Implemented".

Description

#### None

## Rational/Comment/Justification

The EAST-ADL provides the element "Precedence Constraint" for the purpose of specifying sequence constraints among Function Prototypes.

## 4.1.65 CAG#0040 - Verify timing constraints

#### Status

The requirement has not been changed.

#### Description

None

## Rational/Comment/Justification

None

## 4.1.66 CAG#0041 - TADL in modeling languages

Status

The requirement has been changed. The status of this requirement is set to "Implemented".

Description

None

#### Rational/Comment/Justification

With regard to SysML only atomic flow ports are supported. However, the notion of event and event easily chain can be applied to SysML as well: The observable locations that are referenced by events are SysML ports and SysML Blocks.

# 4.1.67 CAG#0042 - Static verification

Status

The requirement has not been changed.

Description

None

Rational/Comment/Justification

None

# 4.1.68 CAG#0043 - Dynamic verification

Status

The requirement has not been changed.

Description

None

Rational/Comment/Justification

None

## 4.1.69 CAG#0044 - Runtime trace

Status

The requirement has been changed. The status of the requirement has been set to "Rejected"

Description

None

#### Rational/Comment/Justification

The members of work package 1 decided that this requirement is not in the scope of the project TIMMO-2-USE. In general, perform [timing] measurements on a system is part of the Implementation and Operational Level. In fact, performing such measurements and utilizing the obtained timing information is important for create sound timing models and verify/validate a system against its timing requirements. The members of the work package agree with the proposal to specify a standard exchange format for such measurements.

# 4.1.70 CAG#0045 - Constraint language

Status

The requirement has not been changed.

Description

None

## Rational/Comment/Justification

The purpose of the demonstrator/validator being built up by Continental Automotive is to assess the capabilities provided by Modelica.

## *4.1.71* CAG#0046 - Mode dependent application

Status

The requirement has not been changed.

Description

None

Rational/Comment/Justification

None

See also subsections 4.1.19, 4.1.20, 4.1.72, 4.1.73, 4.1.74 and 4.1.20.

# 4.1.72 CAG#0047 - Mode dependent end-to-end delay

#### Status

The requirement has not been changed.

Description

None

## Rational/Comment/Justification

None

See also subsections 4.1.19, 4.1.20, 4.1.71, 4.1.73, 4.1.74 and 4.1.20.

4.1.73 CAG#0048 - Mode switch in stimulus/response

Status

The requirement has not been changed.

Description

None

Rational/Comment/Justification

None

See also subsections 4.1.19, 4.1.20, 4.1.71, 4.1.72, 4.1.74 and 4.1.20.

4.1.74 CAG#0049 - Timing constraints on mode switch

Status

The requirement has not been changed.

Description

None

Rational/Comment/Justification

None

See also subsections 4.1.19, 4.1.20, 4.1.71, 4.1.72, 4.1.73 and 4.1.20.

4.1.75 CAG#0050 - TADL profile for dynamic UML diagrams

Status

The requirement has not been changed.

Description

None

Rational/Comment/Justification

None

### 4.1.76 CAG#0051 - Reuse of timing constraints

Status

The requirement has not been changed.

Description

None

Rational/Comment/Justification

See also subsections 4.1.42, 4.1.43 and 4.1.45.

# 4.1.77 DSP#0001 - Code level exchange

#### Status

The requirement has not been changed.

Description

None

## Rational/Comment/Justification

See also subsections 4.1.6, 4.1.7, 4.1.8, 4.1.9 and 4.1.10.

## 4.1.78 DSP#0002 - Code level analysis

#### Status

The requirement has been changed. The status of this requirement is set to "Implemented".

Description

None

#### Rational/Comment/Justification

The specific use case "Perform Timing Analysis On Code-Level" addresses this topic.

# 4.1.79 DSP#0003 - Code level results

Status

The requirement has not been changed.

Description

None

#### Rational/Comment/Justification

None

# 4.1.80 DSP#0004 - Target processor dependence

#### Status

The requirement has not been changed.

#### Description

None

#### Rational/Comment/Justification

None

See also subsections 4.1.11, 4.1.12 and 4.1.13.

4.1.81 DSP#0005 - Levels of abstraction

#### Status

The requirement has been changed. The status of this requirement is set to "Implemented".

#### Description

None

#### Rational/Comment/Justification

Both, EAST-ADL and AUTOSAR, provide different levels of abstractions respectively different views in order to specify timing requirements related to the particular level of abstraction and view.

## 4.1.82 DSP#0006 - Expressiveness

Status

The requirement has not been changed.

Description

None

#### Rational/Comment/Justification

None

## 4.1.83 DSP#0007 - Generation of timing test units

Status

The requirement has not been changed.

Description

None

#### Rational/Comment/Justification

A test bed is automatically created based on the timing models to perform timing related test.

# 4.1.84 DSP#0008 - Test framework

## Status

The requirement has not been changed.

Description

None

## Rational/Comment/Justification

None

# 4.1.85 DSP#0009 - Re-use of test descriptions

#### Status

The requirement has not been changed.

Description

None

Rational/Comment/Justification

None

# 4.1.86 INRIA#0001 - Multiform concepts of time

## Status

The requirement has not been changed.

Description

None

#### Rational/Comment/Justification

See also subsections 4.1.22 and 4.1.23.

| 4.1.87 | INRIA#0002 - | Time bases |
|--------|--------------|------------|
|        |              |            |

Status

The requirement has not been changed.

Description

None

Rational/Comment/Justification

See also subsections 4.1.35, 4.1.104 and 4.1.36.

# 4.1.88 INRIA#0003 - Timing expressions

#### Status

The requirement has been changed. The alias of this requirement is set to "Timing expressions".

Description

#### None

#### Rational/Comment/Justification

The current state of the language TADL only allows specifying *constant* timing values. In addition, the supported units of time are limited to seconds [s] and degree [<sup>o</sup>].

The primary purpose of this requirement is to state that the language TADL shall provide means to express timing values using expressions and also introduce more units for time  $\rightarrow$  Multiform Time.

## See also subsection 4.1.86 and 4.1.161.

# 4.1.89 INRIA#0004 - Functional time

Status

The requirement has not been changed.

Description

None

Rational/Comment/Justification

It is not clear what exactly is meant by the term "Functional Time". Is it a synonym for the term "Multiform Time"?

# 4.1.90 INRIA#0005 - Executable models

Status

The requirement has not been changed.

Description

None

Rational/Comment/Justification

See also subsections 4.1.32 and 4.1.119.

## 4.1.91 RTAW#0001 - ECU partitioning

Status

The requirement has been changed. The status of this requirement is set to "Rejected".

Description

None

Rational/Comment/Justification

The EAST-ADL provides means to relate model elements, like components, to an element representing ECUs.

# 4.1.92 RTAW#0002 - Extension of AUTOSAR R4.0

Status

The requirement has been changed. The status of this requirement is set to "Implemented".

Description

None

Rational/Comment/Justification

See also subsection 4.1.108.

# 4.1.93 RTAW#0003 - Scenario based analysis

#### Status

The requirement has been changed. The status of this requirement is set to "Implemented".

#### Description

None

#### Rational/Comment/Justification

The AUTOSAR Specification of Timing Extensions [2] provides all means to build timing model to accomplish this.

# 4.1.94 RTAW#0004 - Data Converters

Status

The requirement has not been changed.

Description

None

Rational/Comment/Justification

None

## 4.1.95 RTAW#0005 - Synchronized schedules

Status

The requirement has been changed. The status of this requirement is set to "Implemented".

Description

None

Rational/Comment/Justification

The AUTOSAR Specification of Timing Extensions [2] provides all means to build timing model to accomplish this. The elements Synchronization Timing Constraint and Offset Timing Constraints are intended to specify the relationships requested by this requirement.

# 4.1.96 TUBS#0001 - Uncertainty

Status

The requirement has not been changed.

Description

None

#### Rational/Comment/Justification

The main use case "Specify Probabilistic Timing Properties" (UC#0011) addresses this topic.

See also subsection 4.1.172.

4.1.97 TUBS#0002 - Uncertain parameters

Status

The requirement has not been changed.

Description

None

Rational/Comment/Justification

The main use case "Specify Probabilistic Timing Properties" (UC#0011) and the specific use case "Capture, Analyze, and Utilize Uncertain Timing Information" addressing this topic.

# 4.1.98 TUBS#0003 - Timing analysis using uncertain timing information

Status

The requirement has been changed. The alias of this requirement is set to "Timing analysis using uncertain timing information".

Description

None

Rational/Comment/Justification

The specific use case "Capture, Analyze, and Utilize Uncertain Timing Information" addresses this topic.

## 4.1.99 TUBS#0004 - Obtain uncertain timing information

Status

The requirement has not been changed.

Description

None

Rational/Comment/Justification

The specific use case "Capture, Analyze, and Utilize Uncertain Timing Information" addresses this topic.

#### 4.1.100 UPB#0001 - Abstraction levels

Status

The requirement has been changed. The status of this requirement is set to "Implemented.

Description

None

Rational/Comment/Justification

EAST-ADL and AUTOSAR define several levels of abstraction respectively views, and to create timing models related to these abstraction levels respectively views.

# 4.1.101 UPB#0002 - Event type a-periodic

Status

The requirement has not been changed.

Description

None

Rational/Comment/Justification

The project TIMMO-2-USE proposes the notion of Probabilistic Timing which can be used to express a-periodic events. The applicability of the Probabilistic Timing for this purpose must be demonstrated.

4.1.102 UPB#0003 - Bus communication

Status

The requirement has been changed. The status of this requirement is set to "Implemented".

Description

None

Rational/Comment/Justification

AUTOSAR provides means to specify various types of networks: LIN, CAN, TTCAN, FlexRay, Ethernet, etc. The AUTOSAR Specification of Timing Extensions [2] provides means to create appropriate timing models for those networks.

See also subsection 4.1.115.

4.1.103 UPB#0004 - Delay and jitter

Status

The requirement has been changed. The status of this requirement is set to "Rejected".

Description

None

Rational/Comment/Justification

TADL and AUTSAR Specification of Timing Extensions [2] provide means to specify delay constraints and jitter.

*4.1.104 UPB#0005 - Global time base* 

Status

The requirement has been changed. The status of this requirement is set to "Implemented".

None

Rational/Comment/Justification

TADL and AUTOSAR Specification of Timing Extensions [2] provide means to specify time bases. However, both languages have not the capability to specify that a defined time base plays the role of a *global* time base. To a certain degree this can be deduced only from analyzing the timing model and determine the *root* time base all other time bases are derived from.

See also subsections 4.1.35, 4.1.87 and 4.1.116

| 4.1.105 UPB#0006 - T | ransformation |
|----------------------|---------------|
|----------------------|---------------|

Status

The requirement has not been changed.

Description

None

Rational/Comment/Justification

None

## 4.1.106 UPB#0007 - Execution times

Status

The requirement has been changed. The status of this requirement is set to "Implemented".

Description

None

### Rational/Comment/Justification

AUTOSAR provides means to specify various types of execution times. The element "Resource Consumption" enables one to specify several types of execution times:

- Analyzed execution time
- Measured execution time
- Rough estimate of execution time
- Simulated execution time

For more details on the resource consumptions refer to the AUTOSAR Specification of Basic Software Module Description Template.

# 4.1.107 UPB#0008 - FIBEX compliance

## Status

The requirement has not been changed.

None

Rational/Comment/Justification

AUTOSAR has adopted the FIBEX standard and continues to maintain consistency with the FIBEX standard.

# 4.1.108 UPB#0009 - AUTOSAR compliance

Status

The requirement has been changed. The status of this requirement is set to "Implemented".

Description

None

Rational/Comment/Justification

See also subsection 4.1.92.

## 4.1.109 UPB#0010 - AUTOSAR Timing extensions

Status

The requirement has been changed. The status of this requirement is set to "Implemented".

Description

None

Rational/Comment/Justification

None

## 4.1.110 UPB#0011 - Multi-core support

Status

The requirement has been changed. The status of this requirement is set to "Rejected".

Description

None

Rational/Comment/Justification

See also subsections 4.1.33 and 4.1.49.

4.1.111 UPB#0012 - Black box behavior

Status

The requirement has been changed. The status of this requirement is set to "Implemented".

None

Rational/Comment/Justification

This depends on how components, including timing information, are exchanged between peers, for example OEM and supplier, and vice versa. Both languages, EAST-ADL/TADL and AUTOSAR, provide means to disclose sufficient information on the level of a "component" but "hiding" the peculiarities of the component's internals.

# 4.1.112 UPB#0013 - Reduce overhead

Status

The requirement has not been changed.

Description

None

Rational/Comment/Justification

None

# 4.1.113 UPB#0014 - Time- and event triggering

Status

The requirement has been changed. The status of this requirement is set to "Implemented".

Description

None

Rational/Comment/Justification

Events that occur periodically (time triggered) and/or sporadically (event triggered) can be specified using the capabilities provided by TADL and the AUTOSAR Specification of Timing Extensions [2].

## 4.1.114 UPB#0015 - Refinement and abstraction

Status

The requirement has been changed. The status of this requirement is set to "Implemented".

Description

None

Rational/Comment/Justification

The specific use cases "Transform Timing Information from Vehicle Level to Analysis Level", "Transform Timing Information from Analysis Level to Design Level" and "Transform Timing Information from Design Level to Implementation Level" addressing this topic.

# 4.1.115 UPB#0016 - Frame modeling

#### Status

The requirement has been changed. The status of this requirement is set to "Implemented"

#### Description

None

#### Rational/Comment/Justification

AUTOSAR provides all the means to specify network frames or various types of networks, like LIN, CAN, TTCAN, FlexRay, etc.

See also subsection 4.1.102.

# 4.1.116 UPB#0017 - Synchronization

Status

The requirement has been revised. The status of this requirement is set to "Implemented".

Description

#### None

Rational/Comment/Justification

TADL and AUTOSAR Specification of Timing Extensions [2] provide means to specify synchronization constraints (TADL) respectively synchronization timing constraints (AUTOSAR).

See also subsections 4.1.104 and 4.1.123.

## 4.1.117 UPB#0018 - Redundancy/safety

Status

The requirement has not been changed.

Description

None

Rational/Comment/Justification

None

## 4.1.118 UPB#0019 - Hardware relation

Status

The requirement has not been changed.

Description

None

Rational/Comment/Justification

See also subsections 4.1.30, 4.1.127 and 4.1.151.

# 4.1.119 UPB#0020 - Offline simulation

#### Status

The requirement has not been changed.

Description

None

Rational/Comment/Justification

See also subsections 4.1.32 and 4.1.90.

4.1.120 UPB#0021 - Communication simulation

Status

The requirement has not been changed.

Description

None

Rational/Comment/Justification

See also subsection 4.1.119.

| 4 1 121 I | IPB#0022 - | Software | instruct | ion level |
|-----------|------------|----------|----------|-----------|
| 4.1.1210  | FD#0022 -  | Sullwale | msuucu   |           |

Status

The requirement has not been changed.

Description

None

Rational/Comment/Justification

There are still some questions that need to be answered: What does software instruction level mean? Is machine instruction level meant?

# 4.1.122 UPB#0023 - AUTOSAR views

## Status

The requirement has been changed. The status of the requirement is set to "Implemented".

Description

None

Rational/Comment/Justification

AUTOSAR Specification of Timing Extensions [2] provides means to support the AUTOSAR views and to annotate timing. In particular, the AUTOSAR Specification of Timing Extensions provides a timing view for every existing AUTOSAR view as shown below:

| AUTOSAR View               | AUTOSAR Timing |  |
|----------------------------|----------------|--|
| Virtual Function Bus VFB   | VFB Timing     |  |
| Software Component SW-C    | SW-C Timing    |  |
| System                     | System Timing  |  |
| Basic Software Module BSWM | BSWM Timing    |  |
| ECU                        | ECU Timing     |  |

# 4.1.123 UPB#0024 - Relationship between time bases

Status

The requirement has not been changed.

Description

None

Rational/Comment/Justification

See also subsection 4.1.36 and 4.1.116.

4.1.124 VTEC#0001 - Traceability between design and implementation levels

Status

The requirement has been changed. The status of the requirement is set to "Implemented".

Description

None

Rational/Comment/Justification

The EAST-ADL provides means to specify such traces between elements on different levels of abstraction.

# 4.1.125 VTEC#0002 - Decomposition of time budget

Status

The requirement has been changed. The status of the requirement is set to "Implemented".

Description

None

Rational/Comment/Justification

The notion of event chain supports decomposing time budgets.

*4.1.126* VTEC#0003 - Methods for estimating WCET at analysis and design levels

Status

The requirement has not been changed.

Description

None

Rational/Comment/Justification

**ATTENTION!** The requirement ID has been used twice for different requirements.

# 4.1.127 VTEC#0003 - Timing specification of hardware

Status

The requirement has not been changed.

Description

None

#### Rational/Comment/Justification

**ATTENTION!** The requirement ID has been used twice for different requirements.

See also subsections 4.1.30, 4.1.118 and 4.1.151.

4.1.128 VTEC#0004 - Timing budget negotiation between OEM and supplier

Status

The requirement has not been changed.

Description

None

Rational/Comment/Justification

**ATTENTION!** The requirement ID has been used twice for different requirements.

4.1.129 VTEC#0004 - Timing characteristics of behavior/algorithm

## Status

The requirement has not been changed.

Description

None

Rational/Comment/Justification

ATTENTION! The requirement ID has been used twice for different requirements.

# 4.1.130 VTEC#0005 - Access right to TIMMO model

#### Status

The requirement has been changed. The status of the requirement is set to "Rejected".

Description

None

Rational/Comment/Justification

This requirement is not in the scope of the project TIMMO-2-USE.

# *4.1.131 VTEC#0006 - Different interpretations of timing information*

Status

The requirement has not been changed.

Description

None

Rational/Comment/Justification

The EAST-ADL provides means to "declare" timing information as property or requirement/constraint.

# *4.1.132* VTEC#0007 - Timing constraints dependent on modes

Status

The requirement has been changed. The status of the requirement is set to "Implemented".

Description

None

Rational/Comment/Justification

The language already provides the capability to specify that timing constraints relate to modes.

See also subsections 4.1.19, 4.1.20, 4.1.71 and 4.1.72.

# *4.1.133 VTEC#0008 - Timing specifications depending on modes*

Status

The requirement has been changed. The status of the requirement is set to "Implemented".

Description

None

Rational/Comment/Justification

The language already provides the capability to specify that timing constraints relate to modes.

## See also subsections 4.1.19, 4.1.20, 4.1.71 and 4.1.72.

# 4.1.134 VTEC#0009 - Method and tool support for mode-dependent bus scheduling

Status

The requirement has not been changed.

Description

None

Rational/Comment/Justification

None

4.1.135 VTEC#0010 - Methodology support for mode-aware design

Status

The requirement has not been changed.

Description

None

Rational/Comment/Justification

The main use case "Specify Mode Dependent Timing Information" (UC#0002) addresses this topic.

# *4.1.136* VTEC#0011 - Support of multiple solutions

Status

The requirement has not been changed.

Description

None

Rational/Comment/Justification

This requirement is partly satisfied: One can create several models each representing a solution. Configuration and/or variant handling capabilities are used to handle these solutions.

# 4.1.137 VTEC#0012 - Decision of timing solution

Status

The requirement has been changed. The status of the requirement is set to "Rejected".

Description

None

#### Rational/Comment/Justification

This requirement addresses general modeling topics and is not in the scope of the project TIMMO-2-USE.

# 4.1.138 VTEC#0013 - Effect of a selected solution

Status

The requirement has been revised. The status of the requirement is set to "Implemented".

Description

None

#### Rational/Comment/Justification

At least a note can be attached to the model explaining the effects of a selected solution on other elements. However, this is a general modeling topic and is not in the scope of the project TIMMO-2-USE.

# 4.1.139 VTEC#0014 - Tool support for comparing alternative timing solutions

Status

The requirement has not been revised.

Description

None

Rational/Comment/Justification

None

*4.1.140* VTEC#0015 - Methodology support for change management

Status

The requirement has been changed. The status of the requirement is set to "Rejected".

Description

None

Rational/Comment/Justification

This requirement is a general modeling topic and is not in the scope of the project TIMMO-2-USE.

# 4.1.141 VTEC#0016 - Definition of dependency

#### Status

The requirement has not been changed.

Description

None

## Rational/Comment/Justification

The requirement is still not clear and need to be revised. See also subsection 4.1.142.

# *4.1.142 VTEC#0017 - Identification of dependency*

Status

The requirement has not been changed.

Description

None

Rational/Comment/Justification

The requirement is still not clear and need to be revised. See also subsection 4.1.141.

# 4.1.143 VTEC#0018 - Reduction of design iteration

Status

The requirement has not been changed.

Description

None

Rational/Comment/Justification

None

# *4.1.144 VTEC#0019 - Continuous time specifications*

Status

The requirement has not been changed.

Description

None

Rational/Comment/Justification

The requirement mentions some periods like settling time, rise time, etc. but it is not really clear what is meant by those times. For example a settling time (duration, time interval) can be specified by events, event chains and timing requirements imposed on the event chain.

See also subsection 4.1.15.

# 4.1.145 VTEC#0020 - Time delays for control applications

Status

The requirement has been changed. The status of the requirement is set to "Implemented".

#### None

Rational/Comment/Justification

The requirement request that the language shall be capable of specifying time delays, latency times, within control loops. The language provides means the element "Delay Constraint" for this purpose.

Another interpretation of this requirement is that the project TIMMO-2-USE shall provide a list of root causes that contribute to delaying the occurrence of events. And thus may lead to violating timing constraints.

# 4.1.146 VTEC#0021 - Traceability between continuous and discrete time specifications

Status

The requirement has been changed. The status of the requirement is set to "Implemented".

Description

None

Rational/Comment/Justification

The EAST-ADL provides means to specify "traces" between such specifications.

See also subsection 4.1.17.

# *4.1.147* VTEC#0022 - Conversion from continuous time to discrete time

Status

The requirement has been changed. The status of the requirement is set to "Implemented".

Description

None

Rational/Comment/Justification

The EAST-ADL provides means to specify "traces" between such specifications. This results an unambiguous relationship between a continuous and discrete time specification/constraint.

See also subsection 4.1.17.

4.1.148 VTEC#0023 - Verification of component mapping

Status

The requirement has been revised. The status of the requirement is set to "Implemented".

None

Rational/Comment/Justification

None

4.1.149 VTEC#0024 - Optimization of component mapping

Status

The requirement has been revised. The status of the requirement is set to "Implemented".

Description

None

Rational/Comment/Justification

None

# 4.1.150 VTEC#0025 - Model integration

Status

The requirement has not been changed.

Description

None

Rational/Comment/Justification

None

4.1.151 VTEC#0026 - Internal and external triggers

Status

The requirement has been changed. The status of the requirement is set to "Rejected".

Description

None

Rational/Comment/Justification

The language is used to specify events, a.k.a. triggers, but not to "use" them. However, the language element "Event" should reference locations in the hardware model (HDA) at which the occurrences of the specified event are observable.

See also subsections 4.1.30, 4.1.118 and 4.1.127.

4.1.152 VTEC#0027 - Schedulability analysis

#### Status

The requirement has been changed. The status of the requirement is set to "Implemented".

None

Rational/Comment/Justification

See also subsection 4.1.34.

# 4.1.153 VTEC#0028 - Timing information and variability

Status

The requirement has been changed. The status of the requirement is set to "Implemented".

Description

None

Rational/Comment/Justification

The main use case "Specify Variability and Timing Information" (UC#0006) addresses this topic. Work package 4 "Methodology" regards this topic as cross-cutting concern.

See also subsection 4.1.61.

# 4.1.154 VTEC#0029 - Configuration at the vehicle level

Status

The requirement has been changed. The status of the requirement is set to "Rejected".

Description

None

Rational/Comment/Justification

This requirement is not in the scope of the project TIMMO-2-USE. The EAST-ADL provides capabilities to describe vehicle configurations, a.k.a. variants, on the Vehicle Level.

# 4.1.155 VTEC#0030 - Exploitation of vehicle configurations

#### Status

The requirement has been changed. The status of the requirement is set to "Rejected".

Description

None

Rational/Comment/Justification

This requirement is not in the scope of the project TIMMO-2-USE.

4.1.156 VTEC#0031 - Scheduling based on vehicle configuration

Status

The requirement has been changed. The status of the requirement is set to "Rejected".

Description

None

Rational/Comment/Justification

This requirement is not in the scope of the project TIMMO-2-USE. The EAST-ADL provides capabilities to describe variability on all levels of abstraction and how the variants on the levels of abstraction depend on each other.

4.1.157 VTEC#0032 - Infrastructure-independent timing information

Status

The requirement has not been changed.

Description

None

Rational/Comment/Justification

None

4.1.158 VTEC#0033 - Methods for timing characterization of behavior/algorithm

Status

The requirement has not been revised.

Description

None

Rational/Comment/Justification

None

*4.1.159* VTEC#0034 - Application-independent timing information

Status

The requirement has not been changed.

Description

None

Rational/Comment/Justification

None

4.1.160 VTEC#0035 - Methods for timing characterization of hardware

Status

The requirement has been changed. The status of the requirement is set to "Rejected".

Description

None

Rational/Comment/Justification

The research on methods for characterizing hardware's timing behavior is not in the scope of the project TIMMO-2-USE.

# 4.1.161 VTEC#0036 - Support of flexible timing definition

Status

The requirement has not been changed.

Description

None

Rational/Comment/Justification

It has to be checked whether the EAST-ADL provides means to specify binding times for specific language elements and their values.

See also subsection 4.1.88.

## 4.1.162 VTEC#0037 - Methodology for development

Status

The requirement has been changed. The status of the requirement is set to "Rejected".

Description

None

Rational/Comment/Justification

The originator has withdrawn this requirement, because it is a vague requirement.

# 4.1.163 VTEC#0038 - Tool integration

Status

The requirement has been changed. The status of the requirement is set to "Implemented".

Description

None

Rational/Comment/Justification

See also subsection 4.1.62.

# 4.1.164 VTEC#0039 - AUTOSAR compliance

Status

The requirement has not been changed.

Description

None

Rational/Comment/Justification

By and large, this is an activity conducted until the end of the TIMMO-2-USE project because AUTOSAR started to work on the Release 4.0.4 beginning of 2012.

# 4.1.165 VTEC#0040 - EAST-ADL compliance

Status

The requirement has been changed. The status of the requirement is set to "Implemented".

Description

None

Rational/Comment/Justification

None

## 4.1.166 VTEC#0041 - Model parameters

Status

The requirement has been changed. The status of the requirement is set to "Rejected".

Description

None

Rational/Comment/Justification

This requirement is a modeling topic and is not in the scope of the project TIMMO-2-USE.

#### 4.1.167 VTEC#0042 - Automatic model reuse

Status

The requirement has been changed. The status of the requirement is set to "Rejected".

Description

None

#### Rational/Comment/Justification

This requirement is a modeling and model transforming topic and is not in the scope of the project TIMMO-2-USE. In general, model-to-

model transformation is a large field and it is not in the scope of the project TIMMO-2-USE.

WP1 Recommendation: The specific use cases dealing with the transition from one level of abstraction to another should address this topic.

# 4.1.168 VTEC#0043 - System parameters

Status

The requirement has been changed. The status of the requirement is set to "Rejected".

Description

None

Rational/Comment/Justification

None

## 4.1.169 VTEC#0044 - Analysis of the synchronization constraint

Status

The requirement has not been changed.

Description

None

Rational/Comment/Justification

The main use case "Specify Synchronization Timing Constraints" (UC#0010) addresses this topic.

See also subsection 4.1.171.

4.1.170 VTEC#0045 - Signal age

Status

The requirement has been changed. The status of the requirement is set to "Implemented".

Description

None

Rational/Comment/Justification

The language provides a constraint that imposes an age constraint on a given event chain. The term "Signal" is used as a synonym for the term "Event".

# 4.1.171 VTEC#0046 - Methodology for synchronization issues

Status

The requirement has not been changed.

None

Rational/Comment/Justification

The main use case "Specify Synchronization Timing Constraints" (UC#0010) addresses this topic.

See also subsection 4.1.169.

# 4.1.172 VTEC#0047 - Specification of probabilistic timing information

Status

The requirement has been revised.

Description

None

#### Rational/Comment/Justification

The main use case "Specify Probabilistic Timing Properties" (UC#0011) addresses this topic.

See also subsection 4.1.96.

4.1.173 VTEC#0048 - Analysis of probabilistic timing specifications

Status

The requirement has not been changed.

Description

None

Rational/Comment/Justification

The specific use case "Capture, Analyze, and Utilize Uncertain Timing Information" addresses this topic.

See also subsection 4.1.174.

4.1.174 VTEC#0049 - Methodology to work with probabilistic timing specifications

Status

The requirement has not been changed.

Description

None

Rational/Comment/Justification

The specific use case "Capture, Analyze, and Utilize Uncertain Timing Information" addresses this topic.

See also subsection 4.1.173.

# 4.1.175 VTEC#UC0001 to VTEC#UC0011

## Status

These requirements have not been changed.

Description

None

# Rational/Comment/Justification

For every requirement, VTEC#UC0001 to VTEC#UC0011, a corresponding main use case has been specified. Those main uses cases are subject to any work conducted in the work package 4 "Methodology".

# 5 Use Cases

An important work product of the work package 1 is the definition of relevant use cases for the TIMMO-2-USE project. During the phase 2 of the work package 1 the defined use cases have been reviewed and revised accordingly. In the following the revised use cases are listed including a justification for revising them.

- 1. The main use case "Change Existing Timing Information" has been renamed to "Revise Erroneous Timing Information" in order to indicate the primary reason for changing existing timing information.
- 2. The specific use case "Perform FlexRay Simulation" has been removed due to the fact that this is now covered by the specific use case "Process Timing Information for HIL-based Simulation".
- 3. The specific use case "Process Timing Information for SIL-based Simulation" has been removed. This use case was introduced as a possible extension at the beginning of the TIMMO-2-USE project. During the course of phase 1 it became obvious that this specific use case is no longer important.
- 4. The description of the specific use case "Process Timing Information for HIL-based Simulation" has been completed. The primary purpose of the use case is to focus on performing FlexRay communication bus simulation as part of the HIL-based simulation.
- 5. The description of the specific use case "Generate Test bench for Non-functional Properties" has been completed.
- 6. The specific use case "Derive Timing Requirements from Closed-Loop Algorithms" has been removed. The originator of this use case decided to support the team dealing with the use case "UC#0005 - Develop Control Applications" by answering the question how to derive timing requirements from closed-loop control algorithms in this context.
- 7. The specific use case "Derive Timing Requirements from Open-Loop Control Algorithms" has been removed without substitution. The originator of this use case decided to support the team dealing with the use case "UC#0005 - Develop Control

Applications" by answering the question how to derive timing requirements from open-loop control algorithms in this context.

- 8. The specific use case "Perform Time-based Offline Simulation" has been removed without substitution.
- 9. The specific use case "Perform Time-based Online Simulation" has been removed without substitution.
- 10. The description of the specific use case "Develop Cruise Control following Top-down Approach" still has to be completed.

In addition, the main use cases listed in the following have been added.

- The main use case "UC#0012 Integrate Re-usable Component" has been added. The use case was introduced during discussions on the specific use case "Integrate Re-usable SW-Component". It became obvious that a re-usable SW-Component requires the integration of corresponding components on higher levels of abstraction namely Design, Analysis and Vehicle Level.
- The main use case "UC#0013 Specify System Dimensions" has been added. The use case was proposed by one of the OEM's representatives in the OEM Advisory board.

#### Use Cases Document

For more details about the use cases reviewed and revised refer to deliverable D9.2 [6].

# 6 State-of-the-Art Analysis

A state-of-the-art survey/analysis has been performed in the context of work package 1. The purpose of the state-of-the-art survey/analysis is to identify existing models, languages, and tools available to solve problems arising in the domain of modeling timing requirements, constraints, and properties at various levels of abstraction and in different steps of the design process of automotive software-intensive embedded systems.

#### State-of-the-Art Document

For more details about the revised state-of-the-art survey/analysis refer to deliverable D9.3 [7].

# 7 TIMMO-2-USE Models

All requirements and use cases have been recorded in UML models using the Enterprise Architect.

For more details about the TIMMO-2-USE models and their contents refer to deliverable D9.4 [8].

# 8 References

- [1] Full Project Proposal Annex TIMMO-2-USE, TIMing MOdel TOols, algorithms, languages, methodology, USE cases, Daniel Karlsson, Birgit Plaßmann, 2010-11-09, Version 3.0, TIMMO-2-USE Consortium.
- [2] Specification of Timing Extensions 4.0.2, 2010-11-03, AUTOSAR Development Cooperation.
- [3] EAST-ADL Domain Model Specification Deliverable D 4.1.1, 2010-06-30, ATESST2 Consortium.
- [4] EAST-ADL Profile Specification, Internal Deliverable 4.1.1, 2010-06-30, ATESST2 Consortium.
- [5] TIMMO-2-USE D9.1 Requirements, 2012-01-16, TIMMO-2-USE Consortium.
- [6] TIMMO-2-USE D9.2 Use Cases, 2012-01-16, TIMMO-2-USE Consortium.
- [7] TIMMO-2-USE D9.3 State-of-the-Art Analysis Report, 2012-01-16, TIMMO-2-USE Consortium.
- [8] TIMMO-2-USE Models, Enterprise Architect Project file, 2012-01-16, TIMMO-2-USE Consortium.
- [9] TIMMO-2-USE D1, Version 1.0, 2011-02-21, TIMMO-2-USE Consortium.
- [10] TIMMO-2-USE D1.1 Requirements, Version 1.0, 2011-02-21, TIMMO-2-USE Consortium.
- [11] TIMMO-2-USE D1.2 Use Cases, Version 1.3, 2011-03-27, TIMMO-2-USE Consortium.
- [12] TIMMO-2-USE D1.3 State-of-the-Art Analysis Report, Version 1.0, 2011-03-30, TIMMO-2-USE Consortium.
- [13] Getting Started with Enterprise Architect and Requirements, Version 0.17, 2012-01-03, TIMMO-2-USE Consortium.