For developing the next generation of electric power steering systems, HELLA relies on new test strategies and systems. In parallel to developing the steering system, HELLA and dSPACE Consulting are working on an innovative test strategy that meets the highest safety requirements. The test strategy relies exclusively on automated test sequences, which requires experience and expertise.
If you are committed to automated testing without compromise, simulation and test tools must be absolutely reliable. Thanks to the expert knowledge of dSPACE, we were able to ensure this.
Over the last years, HELLA has developed various electrical power steering (EPS) control units that are used in millions of vehicles all around the world. The growing demand for ECUs for partially automated driving (autonomous vehicles from Level 2) was the main reason for setting up an automated validation tool chain in cooperation with dSPACE Consulting. This tool chain had to comply with the standard for functional safety of E/E systems in road vehicles (ISO 26262) and today must provide the opportunity to develop steering systems suitable for highly automated driving up to Level 4 (figure 1). For this purpose, the test process and tool chain had to comply with ISO 26262 up to ASIL D (figure 2). ISO 26262 recommends the use of hardware-in-the-loop (HIL) tests for testing safety-critical functions, components, individual ECUs, and ECU networks, because HIL tests have been state of the art for years. They have been used for testing safety-critical functions for nearly the same amount of time. Test strategy and test environment must be seamlessly integrated and coordinated so that safety-critical systems can be tested and approved and the required test coverage achieved. To prove that this interaction is compliant with the standard, it is necessary to regularly verify that all components and processes involved in the test are suitable. The verification covers a wide range from calibration strategies for the hardware used to the qualification of the software tool chain according to ISO 26262. dSPACE experts quickly identified four areas in which they were able support HELLA:
- Creation of a technical safety concept
- Conceptual design and setup of a test infrastructure that includes several HIL systems
- Development of a tool chain for automated tests
- Compliance with the ISO 26262 standard
With the help of dSPACE, these tasks were carried out in parallel to ECU development and the test systems were put into operation and verified even before the actual tests – including the connection to existing configuration and requirements management tools. “This approach saves a tremendous amount of time, because it avoids detours and dead ends. The result is a comprehensible, standards-compliant process that will also make entirely new customer projects much easier in the future, even if they have completely different requirements,” explains Andreas Brentrup from HELLA.
Involved from the Start
“Since dSPACE consultants were involved at a very early stage, they were able to work out the test objectives in collaboration with HELLA very early on,” adds Biju Kollody from HELLA. The EPS control unit was still in the prototyping phase at the beginning of the project. The test plan was completely rewritten, which in this case required detailed knowledge of both functional safety and testing. To this end, all groups of people involved, such as testers, developers, system architects, and test engineers, were included in the process. The jointly developed validation strategy meets all functional safety requirements for EPS systems and was designed with a focus on easy testability.
Simulators and Test Bench – Fit for Purpose
HELLA trusts dSPACE not only for the preliminary work, but also for the actual tests with simulators and test benches. The test hardware consists of two simulators: a SCALEXIO standard rack system that accesses a specially prepared ECU at signal level, and a SCALEXIO full-size simulator that stimulates the ECU at power level. The simulator can also be connected to a dSPACE steering test bench. As a third test procedure, the test bench can stimulate the real engine of the EPS control unit. The FPGA-based dSPACE motor models allow for both realistic motor simulation for tests at signal and power level and closed-loop operation of the ECU. This flexible test infrastructure makes it possible to test different system components individually or in combination, allowing for efficiently implementing the integration and test processes required by ISO 26262. ISO 26262 requires regular calibration of the test systems. For this purpose, dSPACE has written a project-specific calibration manual.
Developing a validation strategy requires discussions with all parties involved. Whether developer, system architect, safety engineer, or test engineer – all must be equally involved. With the experts from dSPACE, we were able to get everyone on board and ensure reliable, ISO 26262-compliant validation.
Integration of Existing Tools
“An important requirement at the start of the project was that the software tool chain must work ‘from DOORS to DOORS’. This means that a test specification from IBM® Rational DOORS can be verified by the dSPACE tool chain and the result can be imported back into DOORS,” Kollody reports. For this purpose, HELLA connected the dSPACE data management software SYNECT to DOORS. The connection allows the test specification to be transferred automatically from DOORS to the dSPACE test automation environment. This enables test developers and test engineers to implement and execute the required tests while continuously maintaining traceability to the requirements. This ensures that requirements, test specifications, and test results are linked at all times. SYNECT then automatically executes the tests on the HIL simulators around the clock and displays the results. Testing an ECU in such a highly automated way is particularly efficient, but requires confidence in the simulation and the tools used.
The safety level of the EPS system meets the requirements for ASIL D (Automotive Safety Integrity Level D), the highest possible safety level for an automotive E/E system. To meet the requirements of ISO 26262, the dSPACE Consulting team compiled a safety manual that specifies workflows for the verification process. The software and the defined workflow were determined to be fit-for-purpose.
Conclusion and Outlook
“With the help of the dSPACE consultants, HELLA was able to master the challenges that a safety-related project poses for the process, tool chain, and test equipment at an early stage,” confirms Brentrup. The dSPACE tool chain has been successfully used to find errors in the prototyping phase. The fact that an automated test system was already available at that time greatly facilitated the transition to customer-specific development for HELLA. In the future, dSPACE will support HELLA in adapting the tool chain to the requirements of customer projects, ensuring that the working methods continue to be ISO 26262-compliant.
With the kind permission of HELLA GmbH & Co. KGaA
About the authors:
Head of the test laboratory at HELLA GmbH & Co. KGaA, Lippstadt, Germany, is responsible for the global test strategy for steering ECUs
Test manager at HELLA GmbH & Co. KGaA, Lippstadt, Germany, is responsible for the complete test management of steering ECUs.