An End-to-End Model Based Tool Chain for Architecture Exploration by Laroudie, D
HAL Id: hal-02269814
https://hal.archives-ouvertes.fr/hal-02269814
Submitted on 23 Aug 2019
HAL is a multi-disciplinary open access
archive for the deposit and dissemination of sci-
entific research documents, whether they are pub-
lished or not. The documents may come from
teaching and research institutions in France or
abroad, or from public or private research centers.
L’archive ouverte pluridisciplinaire HAL, est
destinée au dépôt et à la diffusion de documents
scientifiques de niveau recherche, publiés ou non,
émanant des établissements d’enseignement et de
recherche français ou étrangers, des laboratoires
publics ou privés.
An End-to-End Model Based Tool Chain for
Architecture Exploration
D Laroudie
To cite this version:
D Laroudie. An End-to-End Model Based Tool Chain for Architecture Exploration. Embedded Real
Time Software and Systems (ERTS2008), Jan 2008, Toulouse, France. ￿hal-02269814￿
 Page 1/6 
An End-to-End Model Based Tool Chain for Architecture 
Exploration 
D. Laroudie 
Geensys, 242 bd Jean Jaurès 92100 Boulogne-Billancourt - France 
  
  
  
 
 
 
Abstract: This paper will present how it is 
possible to federate the usage of the design tools 
around a framework based on an Eclipse Front-End 
to describe, simulate and test real time embedded 
systems enabling users to deeply explore their E/E 
designs. 
Keywords: Tools Chain, Model Based 
Development, E/E Architecture. 
1. Introduction 
In the world of E/E (Electrical/Electronic) design, the 
methodologies of the software development were for 
a long time established around different and 
complementary activities which follow in general the 
V cycle: System Design / General Design / Detailed 
Design / Implementation / Unitary Test / Integration 
Tests / Delivery.  
 
Engineers with different technical skills (System 
Architects, Software Designers, Test engineers,...) 
whom support the various engineering activities 
throughout the development cycle and more largely 
throughout the system development process, use 
various methodologies supported by various tools.  
 
Nowadays, in « Embedded World », engineers have 
to cope with the design of highly sophisticated 
systems whose the main features are: 
 
• Expected high level functionalities which are 
extremely complex, 
• Future systems integrating ready-to-use 
components  
(i.e. : IP component ; e.g. Autosar SWC), 
• Many software components communicating and 
distributed on many computation units (ECU..). 
 
In this situation, tasks previously sequential have to 
be performed in parallel. It also required for 
engineers to collaborate on tasks such: Design, 
Simulation, Test and Integration with intent to 
increase the re-use along the V cycle.  
 
Accordingly, the approach, which consists in 
federating the use of the tools of E/E model based 
design around a system level framework, is 
innovating.  
In particular, this paper will show how it makes it 
possible to increase the re-use, the quality and the 
automation of the low value and time consuming 
tasks.  
 
2. The E/E architecture 
 
The current embedded systems contain a collection 
of consistent electronic components realizing 
functions. The E/E architecture is the synthesis of 
this assembling. Each high level function supported 
by this architecture is based on: 
 
• A functional view,  
• A hardware view,  
• A mapping of the functional view on the 
hardware view. 
 
This collection of views is one of the possible 
representation of the targeted E/E architecture. 
These views can be described statically (e.g.: a 
sketch) and dynamically (e.g.: a behavioral model). 
They bring each a part of the response. Ones 
compared to the others have to be consistent to 
insure a correct design and associated to the « 
modeling/simulation » principle, each of the views 
can be validated. 
 
2.1 The functional view of the E/E architecture  
 
The static functional view can be described using 
tools like Visio, Word, PowerPoint, Simulink or 
StateMate (empty subsystems) or others, in a 
graphical way. Engineers can also use tabular based 
tools like Excel or others to describe such a view. 
 
Once this view has been described, some 
consistent rules can be applied at this level (e.g.: « 
No flow in the air ») to help designers to validate and 
verify this design level and improve the quality of this 
design step.  
 
 Page 2/6 
The dynamic functional view can be simulated by 
using tools like Simulink or StatMate. These latter 
are totally fitted to this task. 
 
 
Input #1 function #1
function #2
function #3
Input #2
Output #1
function #4
Output #2
Output #3
function #5
Input #3
 
Figure 1: Functional view 
(The functional view is mainly composed of functions 
and functional flows.) 
 
2.2 The hardware view of the E/E architecture 
  
As the functional view, the static hardware view can 
be described in a graphical way using tools like 
Visio, Word, PowerPoint and engineers can also use 
tabular based solutions. Some consistent rules can 
also be defined and applied (e.g.: « All ECUs 
connected to at least one network »). 
 
The simulation of such a view needs a dedicated tool 
which integrates behavioral models of ECUs, 
Sensors, Actuators, Networks and Wires. 
 
These models must describe accurately these 
components from the HW level (numerical/analogical 
behavior) to the SW one (low level software). These 
models should cover: 
 
• Power supply management, 
• ECU modes management,  
• Network modes management, 
• Network Interfaces management, 
• Wire Interfaces management, 
• Behavior of the networks, 
• Timing Aspects, 
• Faults injection components, 
• … 
 
A part of the models to handle can be designed in 
tools like Simulink or Statemate. But their integration 
has to be done in a dedicated tool of E/E System 
level, which integrates at entry-level, tailored libraries 
for this type of simulation (i.e.: event-driven). 
 
The simulation at this level enables, for example, to 
observe interaction between ECUs at E/E System 
level (ECU wake-up/reset, ECU Modes,…), to 
observe networks behaviors, to observe and validate 
the low level software,…To summarize: Simulate 
the HW architecture. 
 
ECU #1ECU #4 ECU #2
sensor #1
actuator #1
ECU #3
sensor #2
actuator #2
actuator #3
wire wire
wire
wire
wire
CAN Low Speed
CAN High Speed CAN Low Speed
 
Figure 2: Hardware view 
(The hardware view is mainly composed of ECUs, 
networks, sensors and actuators.) 
 
Anyway, the integration of E/E System level is not 
easy as soon as several ECUs and/or networks are 
present. It requires to integrate various models, often 
of different formats and each model of E/E System 
level is created by hand. Such a work is long, 
tedious and hardly repeatable many times and so 
validation of different HW architecture choices is 
therefore limited. One solution to achieve this task is 
to use automation -for such low value and time 
consuming tasks (construct models by hand)- by 
using technologies like model generation-
transformation. 
 
2.3 The mapping view of the E/E architecture 
 
This view summarizes how functions are allocated 
on ECUs (on tasks) and how flows inter-ECUs are 
allocated on Networks (on signals, in frames). As 
before, the static description can be achieved in a 
graphical way or by using tabular based solutions.  
 
Here, it is necessary to have a bridge with networks 
communication matrix and a tabular view seems to 
be well adapted to describe the set of mapping 
information: 
 
• Allocation of functions on tasks, 
• Allocation of flow on networks, 
• Selection of tasks activation period, 
• … 
 
Consistent rules can also be applied also (e.g.: « all 
functions have to be integrated into software tasks 
»). At this stage, the static design can be considered 
as finished. 
 
 Page 3/6 
The simulation of the mapping view needs a 
dedicated tool. It has to integrate at the same time, 
models from the functional and the hardware view. 
 
It has to be well-adapted to simulate both the 
functional level and the non-functional one (OS, 
networks, HW) and interaction between the two 
(i.e.:« the software on its platform »). Here, one of 
the use case is to proceed to one allocation choice 
to another very easily and without «breaking 
everything ». 
 
At this stage, it’s out of question to design E/E 
System level models by hand. To succeed in this 
task, only technologies like model generation-
transformation, can achieve this goal. 
 
ECU #4
Input #1
ECU #1
function #1
function #2
Output #1
actuator #1
CAN High 
Speed
wire
ECU #3
function #4
CAN Low 
Speed
Output #2
actuator #2
Output #3
actuator #3
wire
sensor #1
Input #2
ECU #2
function #3
function #5
CAN Low 
Speed
sensor #2
Input #3
wire
wire
wire
 
Figure 3: Mapping view 
(The mapping consists of allocating functions and 
functional flows on architecture elements.) 
 
3. A collaborative framework to describe, 
simulate and test E/E architecture. 
 
This collaborative System engineering framework is 
built on 4 great principles: flexibility, opening, facility 
of deployment and facility of maintenance and leans 
on 3 pillars:  
 
• A System level Authoring Tool,  
• A Simulation Tool,  
• A Test Authoring Tool.  
 
Each of them is supported by a data model (a UML 
meta-model) simply formalizing what a complex 
system, a simulation or a test is. A single XML-based 
data repository is used, which offers decisive 
advantages such as data consistency and 
reusability.  
 
This modeling/simulating/testing environment is 
based on an Eclipse (EMF) Front-End which easily 
enables not to re-enter existing project data. For 
fulfilled this task, it uses features like model 
importation (from Simulink, StateMate, Rhapsody, 
etc...), model generation/transformation, corporate 
data meta models.  
 
It provides a powerful environment to model, 
simulate, analyze and test real time systems 
(distributed or not) like the ones found in Automotive, 
Aerospace and Transportation areas. 
 
This solution brings answers to the general problem 
“Does the System fit in the box?” 
 
4. A well defined process 
 
This framework is based on a well defined process 
including the static and dynamic description of the 3 
complementary views of an E/E architecture 
(functional, hardware and mapping).  
 
The System Architect Tool leans on different 
descriptions including a Functional Description 
(functions and flows), a Hardware Description 
(ECUs, Networks, Sensors/actuators) and Mapping 
of the Functional Description on the Hardware one, 
not forgetting, the communication matrix and the 
interfaces of the behavioural description. 
 
This System tool has been designed to easily 
enable not to re-enter project data of the design 
process, but importing them from tools like 
Simulink, StateMate, Scade, Rhapsody, etc. This is 
the cornerstone of this tool.  
 
The System modelling phase primarily allows users 
to increase the quality by improving data consistency 
and re-use. The goals of such solution is to manage 
automatically the consistency of E/E System data 
and to easily enable activities like Design and 
Architecture Selection, function allocation,…The 
output of such an activities is a description of E/E 
architecture consistent and verified. 
 
In details, this System Tool is tabular based, 
contains the static data collection of the E/E 
architecture and enables: 
 
• To define the different components of a E/E 
architecture based on predefined elements in an 
UML meta-model (“data editor vision”), 
and/or 
• To import all or a part of this components 
definition (“data integrator vision”), 
• To verify a predefined set of rules on E/E 
architecture consistency (e.g.: « a produced 
signal has to be consumed »), 
• To prepare the simulation of this E/E architecture 
by defining a set of scenarios, observers and 
assertions.  
 
 Page 4/6 
The technical foundation of the tool is a UML 
metamodel containing the objects and their links 
(interrelation). This UML class model is designed to 
be closest possible from systems to represent. 
The model concepts group thus: 
 
• The notion of functional view, 
• The notion of hardware view, 
• The notion of mapping. 
 
The tool is developed in the Open source Eclipse 
(EMF) environment. 
 
 EE Data Editor 
Architecture
-Functional-
-Hardware-
Networks
Comm. Matrix Import Export
Models
Import 
Documentation
Automatic
Génération
XML
Entrée #1 fonction #1
fonction #2
fonction #3
Entrée #2
Sortie #1
fonction #4
Sortie #2
Sortie #3
fonction #5
Entrée #3
ECU #1ECU #4 ECU #2
capteur #1
actionneur #1
ECU #3
capteur #2
actionneur #2
actionneur #3
liaison filaire liaison filaire
liaison filaire
liaison filaire
liaison filaire
CAN Low Speed
CAN High Speed CAN Low Speed
ECU #4
Entrée #1
ECU #1
fonction #1
fonction #2
Sortie #1
actionneur #1
CAN High 
Speed
liaison filaire
ECU #3
fonction #4
CAN Low 
Speed
Sortie #2
actionneur #2
Sortie #3
actionneur #3
li aison 
filaire
capteur #1
Entrée #2
ECU #2
fonction #3
fonction #5
CAN Low 
Speed
capteur #2
Entrée #3
liaison 
filaire
liaison 
filaire
liaison 
filaire
(description of models interfaces)
CANdb OILFibex
???
 
Figure 4: System tool import/export capabilities 
 
This System tool is not a replacement of an existing 
solution but mainly a data integrator.  
 
Associated to the static description of the E/E 
system, the dynamic description gives the user the 
possibility to simulate the chosen E/E architecture by 
using models of different levels: 
 
● behavioral models of functions, 
● behavioral models of E/E System environment, 
● behavioral models of communication media, 
● behavioral models of ECUs.  
(E/E System/software vision) 
 
and by using engineering techniques of models 
transformation to generate the final model for 
simulation. 
 
To create this simulation model, the inputs are the 
static architecture and the behavioral descriptions 
(functional/non functional levels). The activities 
perform during the simulation phase covered tests 
for normal/damaged and dysfunctional modes by 
faults injection means, in summary: Performances 
Analysis and Architecture Exploration. 
 
5. The simulator 
 
The simulator used by the framework is based on 
Geensys’s solution: RT-Builder, which is a event-
driven simulator/debugger engine and allows users 
on one hand, to study by simulation the dynamic 
behaviour of their real time application software 
architecture (virtual prototype of the targeted 
application), on the other hand to reach early 
definition of optimal architecture choices 
(performances analysis). 
 
The simulation allows multiple iterations on system 
performance evaluations; in a quick, simple and 
cost-effective manner, performance estimations of 
different types can be assessed, at different stages 
in the development cycle. 
• Point to point response time, 
• CPUs loads, 
• Load estimation for communications. 
• …. 
 
Users can either help define performance budgets 
requested by project teams in the early phase of 
system specification or help reevaluate impact of 
ECOs on the overall system performance during 
downstream development phases. 
 
The comprehensive virtual prototype of the targeted 
application built by model generation, enable users 
to analyse various performance aspects of their 
system, eventually observe and “reason” on their 
application at different levels - functional level - un-
timed- as well as application execution level, taking 
into account functional and non functional 
architecture artefacts.  That is to say: 
 
• Monitor the execution of the functional parts,  
• Monitor the execution of the timed functional 
parts,  
• Do performances analysis. 
 
A fault injection mode further extends analysis 
capabilities at system level – RT-Builder fault 
analysis specifically looks at degraded modes and 
their effects on interactions between the application 
software and its execution platform (correlation 
between CPU states, networks and application), but 
also the nominal/degraded modes, do failures 
analysis and help in the diagnostic validation. 
 
6. Architecture Exploration and Performances 
analysis 
 
The RT-Builder event-driven simulator can be 
controlled interactively, randomly or by user 
scenarios. An integrated debugger gives the user 
possibilities like: step-by-step simulation, numerical 
 Page 5/6 
traces generation, breakpoints, tokens display and 
complex observer creation capabilities (assertions). 
A batch mode is also available. The debugger has 
also the possibility to monitor the flow of events 
and/or data between graphical components.  
 
6.1 Simulation of the Scheduling 
 
The simulation engine implemented in the tool is 
based on an event-driven simulation associated to 
simulated real time. In this context, GANT diagrams 
can be used to monitor the temporal behaviour of 
OS tasks, that is to say, the scheduling on the 
ECUs. It is possible to observe how the tasks are 
running, how the tasks are pre-empted, how the 
tasks are exchanging data, events… 
 
At this step, the simulator used in conjunction with 
the debbuger, can allow the user to detect inter-
locking problems because of the scheduling. 
 
 
Figure 1: Simulation of the real time scheduling on 
several ECUs. 
 
6.2 Simulation of the Communication 
 
The simulation of bus communications helps to 
emphasize frames transfer time, queuing time during 
transmission and reception in FIFOs, but also give 
the timing execution and bus load. As the 
communication impacts the task scheduling (e.g.: by 
locking a task which waits for an event), these 
information can, of course, concern the user who 
tries to optimize its task distribution on ECUs of its 
architecture. 
 
 
Figure 2 : Simulation of a Bus communication 
 
6.3 Simulation of the Application Level 
 
The possibility to import the functional description of 
the targeted application (algorithms for control and/or 
data flow) allows the user: 
 
• To highlight the global failures which are not 
visible in a pure functional view (e.g.: problems 
coming from services layer and/or communication 
ones which impact the functional level). 
• To highlight numerical degradation because of 
computations sequencing, task scheduling (when an 
OS is used), execution time of each function, data 
transmission delay across networks… 
• To compute the system first global time 
responses which can not be obtained from a pure 
functional view (i.e.: from Simulink and others). 
 
 
Figure 3 : Simulation of an application on its 
architecture. 
 
7. The Test Authoring Tool 
 
The Test oriented Authoring Tool leans on one idea, 
the re-usabililty: test cases created at the design 
step, have to be reusable during integration and 
validation phases.  
 
To enable this re-use, tests have to be written using 
a high-level language (a specification language and 
not a implementation one) ; a meta-model describing 
what a test case is, answers this requirement.  
 
This tool has automatic model transformation means 
to make scenarios usable at the same time, for 
simulation tools or test benchs. The test cases 
edition is driven by the model (Model Based 
Testing). 
 
This has as an interest to ease and make possible 
the test and the validation of the whole design model 
(thus containing models of ECUs -low and 
application levels- sensors, actuators, networks…) 
by System, Design, and Specification Engineers. It 
thus enables to perform definition works of test 
campaigns for the various levels of E/E architecture: 
 
• Functional tests , 
• Communication tests, 
• Services Layers tests, 
 Page 6/6 
• Nominal/Degraded tests,  
• Diagnostic tests. 
 
8. Positioning in the design flow 
 
The described framework is positioned at the frontier 
of different skills of the Embedded Electronics. 
System Engineers can simulate and analyze on its 
HW architecture model, the low level functions 
(communication, message switching, HW and SW 
modes, and middleware) and verify that the whole 
system behaves correctly. SW Design Engineers 
can test its design choices (grouping functions in a 
task, choice of the execution mode and the 
activation period of tasks…) and validate with 
Specification Engineers that the latter, do not have 
an influence on the functional requirements of the 
application. 
 
9. Proof of concept 
 
9.1 1st Experimentation: One ECU: “Virtual results 
against real ones” 
 
To validate the level of accuracy of the simulation 
kernel of RT-Builder, a standard control/command 
law has been developped in Simulink and prototyped 
on a dSPACE HW. 
 
Each function has been allocated to a task (event or 
timer-driven) and managed by a preemptive OS. The 
typical cycle time was the millisecond. 
 
The functional results obtained in RT-Builder were 
accurate at 10-12, compared to the ones obtained on 
the dSPACE HW. 
 
9.2 2nd Experimentation:  Several ECUs “Eases 
achievement of models of various configuration and 
distribution options very quickly.” 
 
This second example is based on a high level 
automotive application distributed on 6 ECUs, with 
30 dedicated frames on 3 networks. Such application 
took around one men-year of work to be modelled in 
an Authoring tool. This modelization included: 
 
• ECUs description (behaviour level) 
• Networks description (behaviour level) 
• Application level. 
 
The final model was very complex to maintain and 
was representative of only one possibility of 
implementation (one possible mapping has been 
tested). 
 
With the framework, such a work took around two 
month for one person to describe the whole system 
in the editor, to create the dedicated libraries and to 
generate a simulation model for RT-Builder. 
 
It was very simple to generate models based on 
different mapping hypothesis and run the related 
simulation once the E/E model has been created 
and/or imported in part. 
 
10. Conclusion 
 
This paper illustrated each of the prime technology 
concepts of this framework of models generation, 
system description, functional description, hardware 
architecture description and mapping. It highlighted 
how can the different concepts be used to define a 
simple but comprehensive system metamodel, which 
- when combined with multifaceted models – make it 
possible to very quickly simulate the complete 
system, run what if analysis on various configuration 
and distribution options and give control back to 
development teams.  
 
11. Glossary 
 
ECU: Electronic Control Unit 
CPU: Central Processing Unit 
FIFO: First In First Out 
EEPROM: Electrically Erasable Read Only Memory 
WCET: Worst Case Execution Time 
OS: Operating System 
EE: Embedded Electronics - Electrical/Electronic 
SW: Software 
HW: Hardware 
 
SCADE is a tool from Esterel Technologies,  
Simulink/Stateflow is a tool from The Mathworks, 
StateMate is a tool from I-Logix/Telelogic 
 
12. Biography 
 
Denis LAROUDIE 
(Author and Speaker) 
 
Denis is the pre-sales manager for “Model Based 
Design” products line in Geensys. He supports 
customers of Automotive, Aerospace, Defence and 
Space as an expert consultant and help them to 
deploy solutions around Verification and Validation 
concepts, offered by Geensys. 
denis.laroudie@geensys.com 
 
 
 
