Abstract
Keywords: AUTOSAR, Safety, Simulation
The method presented in this paper aids in the design of a safe AUTOSAR architecture. It does not try to fully automate the design of a safe system, as remarked by Leveson (1995) there is an inevitable folly associated with such an undertaking at this stage of system design.
The paper first looks at the Automotive Open System Architecture (AUTOSAR) standard, which is relatively new and backed by the some of the largest automotive companies, including BMW, Ford, Toyota, and many more (Fennel et al., 2006). A method is then shown how to convert an AUTOSAR architecture into a state where it may be simulated and tested.
By simulating a vehicle architecture, feedback can be gathered quickly on a given design, and allow alternative designs to be explored (Law & Kelton, 1991). The Mathworks Simulink simulation environment was selected, as it is a very powerful simulation package, and is used widely in the automotive and aerospace domains. To create the Simulation models the standard Simulink simulation blocks and SimEvents blocks were used. SimEvents is a discrete event simulation, which allows entities to be passed between blocks. Entities may contain a number of attributes, which can be checked and evaluated by other SimEvents blocks. This is similar to message passing and so may be used to simulate any form of Electric/Electronic (E/E) communication. In the simulation model presented entities are used to model Runtime Environment Events (RTE) events, runnables, Controller Area Network (CAN) frames and server calls.