Download the full version of the ebook at ebookfinal.

com

Automotive Software PT 127 Jurgen

https://ebookfinal.com/download/automotive-software-
pt-127-jurgen/

OR CLICK BUTTON

DOWNLOAD EBOOK

Download more ebook instantly today at https://ebookfinal.com

Instant digital products (PDF, ePub, MOBI) available
Download now and explore formats that suit you...

Metallic Biomaterial Interfaces 1st Edition Jurgen Breme

https://ebookfinal.com/download/metallic-biomaterial-interfaces-1st-
edition-jurgen-breme/

ebookfinal.com

China s Automotive Industry Automotive Industry in

Emerging Markets S Mark Norcliffe

https://ebookfinal.com/download/china-s-automotive-industry-
automotive-industry-in-emerging-markets-s-mark-norcliffe/

ebookfinal.com

Advances in Chemical Physics Volume 127 1st Edition Ilya

Prigogine

https://ebookfinal.com/download/advances-in-chemical-physics-
volume-127-1st-edition-ilya-prigogine/

ebookfinal.com

PostgreSQL Replication 2nd Revised edition Edition Hans-

Jurgen Schonig

https://ebookfinal.com/download/postgresql-replication-2nd-revised-
edition-edition-hans-jurgen-schonig/

ebookfinal.com
European Union Enlargement A Comparative History 1st
Edition Jurgen Elvert

https://ebookfinal.com/download/european-union-enlargement-a-
comparative-history-1st-edition-jurgen-elvert/

ebookfinal.com

Geometric and Combinatorial Aspects of Commutative Algebra

1st Edition Jurgen Herzog

https://ebookfinal.com/download/geometric-and-combinatorial-aspects-
of-commutative-algebra-1st-edition-jurgen-herzog/

ebookfinal.com

Automotive Antenna Design and Applications Victor

Rabinovich

https://ebookfinal.com/download/automotive-antenna-design-and-
applications-victor-rabinovich/

ebookfinal.com

Automotive Electricity and Electronics 2nd Edition Edition

Santini

https://ebookfinal.com/download/automotive-electricity-and-
electronics-2nd-edition-edition-santini/

ebookfinal.com

Modern Automotive Technology 9th Edition James E. Duffy

https://ebookfinal.com/download/modern-automotive-technology-9th-
edition-james-e-duffy/

ebookfinal.com
AUTOMOTIVE SOFTWARE

PT-127

Edited by

Ronald K. Jurgen

Published by
SAE International
400 Commonwealth Drive
Warrendale, PA 15096-0001
U.S.A.
Phone (724)776-4841
Fax (724)776-0790
All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in
any form or by any means, electronic, mechanical, photocopying, recording, or otherwise, without the prior
written permission of SAE.

For permission and licensing requests contact:

SAE Permissions
400 Commonwealth Drive
Warrendale, PA 15096-0001-USA
Email: permissions@sae.org
Fax: 724-776-3036
Tel: 724-772-4028

Global Mobility Database"

All SAE papers, standards, and selected
books are abstracted and indexed in the
Global Mobility Database.

For multiple print copies contact:

SAE Customer Service

Tel: 877-606-7323 (inside USA and Canada)
Tel: 724-776-4970 (outside USA)
Fax: 724-772-0790
Email: CustomerService@sae.org

ISBN 0-7680-1714-9
Library of Congress Catalog Number: 2005937533
SAE/PT-127
Copyright © 2006 SAE International

Positions and opinions advanced in this publication are those of the author(s) and not necessarily those of SAE.
The author is solely responsible for the content of the paper. A process is available by which discussions will be
printed with the paper if it is published in SAE Transactions.

Printed in USA
 TABLE OF CONTENTS

Introduction
Complexity Mandates Rapid Software Development V
Ronald K. Jurgen, Editor

Overviews
Upfront Analysis in the Product Development Process (2005-01-1563) 3
Suchit Jain, Tin Bui, Jason Frick, Alain Khella, John Mason,
Richard Naddaf and Stewart Prince

A Software Component Architecture for Improving Vehicle

Software Quality and Integration (2005-01-0327) 11
Brendan Jackman and Shepherd Sanyanga

Why Switch to an OSEK RTOS and How to Address the

Associated Challenges (2005-01-0312) 21
Thierry Rolina and Nigel Tracey

Constraint-Driven Simulation-Based Automatic Task

Allocation on ECU Networks (2004-01-0757) 27
Paolo Giusto and Gary Rushton

Solving the Technology Strategy Riddle - Using TRIZ

to Guide the Evolution of Automotive Software
and Electronics (2004-01-0719) 35
Alex Shoshiev and Victor Fey

A Backbone in Automotive Software Development Based

on XML and ASAM/MSR (2004-01-0295) 45
Bernhard Weichel and Martin Herrmann

Development of Modular Electrical, Electronic, and

Software System Architectures for Multiple Vehicle
Platforms (2003-01-0139) 53
Gary Rushton, Armen Zakarian and Tigran Grigoryan

A New Calibration System for ECU Development (2003-01-0131) 63

Andre Rolfsmeier, Jobst Richert and Robert Leinfellner

Extensible and Upgradeable Vehicle Electrical, Electronic,

and Software Architectures (2002-01-0878) 73
Peter Abowd and Gary Rushton

A Rapid Prototyping Methodology for the Decision Making

Algorithms in Automotive Electronic Systems (2002-01-0754) 77
Michèle Ornato, Rosanna Bray, Massimo Carignano,
Valter Quenda and Francesco Mariniello
 Software in Embedded Control Systems
Entire Embedded Control System Simulation Using a Mixed-Signal
Mixed-Technology Simulator (2005-01-1430) 87
Ken G. Ruan

Effective Application of Software Safety Techniques for Automotive

Embedded Control Systems (2005-01-0785) 95
Barbara J. Czerny, Joseph G. D'Ambrosio,
Brian T. Murray and Padma Sundaram

Evolutionary Safety Testing of Embedded Control Software by

Automatically Generating Compact Test Data Sequences (2005-01-0750) 107
Hartmut Pohlheim, Mirko Conrad and Arne Griep

Supporting Model-Based Development with Unambiguous

Specifications, Formal Verification and Correct-By-Construction
Embedded Software (2004-01-1768) 119
Wolfram Hohmann

Managing the Challenges of Automotive Embedded Software

Development Using Model-Based Methods for Design
and Specification (2004-01-0720) 125
Mark Yeaton

A Development Method for Object-Oriented Automotive Control

Software Embedded with Automatially Generated Program
from Controller Models (2004-01-0709) 131
Kentaro Yoshimura, Taizo Miyazaki, Takanori Yokoyama,
Toru Irie and Shinya Fujimoto

Development of an Engineering Training System in Hybrid

Control System Design Using Unified Modeling
Language (UML) (2004-01-0707) 139
Hisahiro Miura, Masahiro Ohba, Masashi Tsuboya,
Atsuko Higashi and Masayuki Shoji

Building Blocks Approach for the Design of Automotive

Real-Time Embedded Software (2004-01-0360) 145
Thierry Rolina

Integrated Modeling and Analysis of Automotive Embedded

Control Systems with Real-Time Scheduling (2004-01-0279) 153
Zonghua Gu, Shige Wang, Jeong Chan Kim and Kang G. Shin

A Practical, C Programming Architecture for Developing

Graphics for In-Vehicle Displays (2004-01-0270) 161
Michael T. Juran

Robust Embedded Software Begins with High-Quality

Requirements (2002-01-0873) 169
Ronald P. Brombach, James M. Weinfurther,
Allen E. Fenderson and Daniel M. King
 Virtual Prototypes and Computer Simulation Software
Optimization of Accessory Drive System of the V6
Engine Using Computer Simulation and Dynamic
Measurements (2005-01-2458) 185
Jaspai S. Sandhu, Antoni Szatkowski,
Brad A. Rose and Fong Lau

A Tool for the Simulation and Optimization of the Damping

Material Treatment of a Car Body (2005-01-2392) .191
M. Danti, D. Vigè and G. V. Nierop

How to Do Hardware-in-the-Loop Simulation Right (2005-01-1657)........... 201

Susanne Kôhl and Dirk Jegminat

Virtual Prototypes as Part of the Design Flow of Highly

Complex ECUs (2005-01-1342) 211
Joachim Krech, Aibrecht Mayer and Gerlinde Raab

Nonlinear FE Centric Approach for Vehicle Structural

Integrity Study (2004-01-1344) 219
Cong Wang and Narendra Kota

Virtual Aided Development Process According

to FM VSS201U (2004-01-0188) 233
Christoph Knotz and Bernd Mlekusch

A Semi-Analytical Method to Generate Load Cases for CAE

Durability using Virtual Vehicle Prototypes (2003-01-3667) 237
Joselito Menezes da Cruz, Ivan Lima do Espirito Santo
and Adilson Aparecido de Oîiveira

Tools for Integration of Analysis and Testing (2003-01-1606) 243

Shawn You, Christoph Leser and Eric Young

Simulation Based Reliability Assessment of

Repairable Systems (2003-01-1217) 251
Animësh Dey, Robert Tryon and Loren Nasser

ACE Driving Simulator and Its Applications to Evaluate

Driver Interfaces (2003-01-0124) ....257
Vivek Bhise, Edzko Smid and James Dowd

Development and Correlation of Internal Heat Test Simulation

Using CFD (2003-01-0647).... 267
Corey T. Halgren and Frances K. Hilburger

Virtual Reality Technology for the Automotive

Engineering Area (2002-01-3388) 271
Antonio Valerio Netto, Arnaldo Marin Penachio
and Anésio Tarcisio Anitelle
Enabling Rapid Design Exploration through Virtual
Integration and Simulation of Fault Tolerant
Automotive Application (2002-01-0563) 277
Thilo Demmeler, Barry O'Rourke and Paolo Giusto

Safety Critical Applications

Software Certification for a Time-Triggered Operating
System (2005-01-0784) 291
Peter S. Groessinger

Survey of Software Failsafe Techniques for Safety-Critical

Automotive Applications (2005-01-0779) 297
Eldon G. Leaphart, Barbara J. Czerny, Joseph G. D'Ambrosio,
Christopher L Denlinger and Deron Littlejohn

An Adaptable Software Safety Process for Automotive

Safety-Critical Systems (2004-01-1666) . 313
Barbara J. Czerny, Joseph G. D'Ambrosio, Paravila O. Jacob,
Brian T. Murray and Padma Sundaram

A Design Methodology for Safety-Relevant Automotive

Electronic Systems (2004-01-1665) 323
Stefan Benz, Elmar Diiger, Werner Dieterle and Klaus D. Muller-Glaser

Preserving System Safety Across the Boundary between System

Integrator and Software Contractor (2004-01-1663) 335
Jeffrey Howard

Development of Safety-Critical Software Using Automatic

Code Generation (2004-01-0708) 347
Michael Beine, Rainer Otterbach and Michael Jungmann

Software for Modeling

A Dynamic Model of Automotive Air Conditioning
Systems (2005-01-1884).... ....357
Zheng David Lou

Advances in Rapid Control Prototyping

- Results of a Pilot Project for Engine Control- (2005-01-1350) 365
Frank Schuette, Dirk Berneck, Martin Eckmann and Shigeaki Kakizaki

AutoMoDe ~ Notations, Methods, and Tools for Model-Based

Development of Automotive Software (2005-01-1281) 375
Andreas Bauer, Manfred Broy, Jan Romberg,
Bernhard Schâtz, Peter Braun, Ulrich Freund,
Nuria Mata, Robert Sander and Dirk Ziegenbein

Formal Verification for Model-Based Development (2005-01-0781) 383

Amar Bouali and Bernard Dion
Model Reduction for Automotive Engine to Enhance Thermal
Management of European Modern Cars (2005-01-0700) 395
C. Gamier, J. Bellettre, M. Tazerout,
R. Haller and G. Guyonvarch

Running Real-Time Engine Model Simulation with

Hardware-in-the-Loop for Diesel Engine Development (2005-01-0056) 405
P. J. Shayler, A. J. Allen and A. L. Roberts

Feasibility of Reusable Vehicle Modeling:

Application to Hybrid Vehcles (2004-01-1618) 413
A. Rousseau, P. Sharer and F. Besnier

Model-based Testing of Embedded Automotive Software

using MTest (2004-01-1593) 423
Klaus Lamberg, Michael Beine, Mario Eschmann,
Rainer Otterbach, Mirko Conrad and Ines Fey

integration of a Common Rail Diesel Engine Model into an

industrial Engine Software Development Process (2004-01-0900) 433
J. Baumann, D. D. Torkzadeh, U. Kiencke,
T. Schlegl and W. Oestretcher

A Model for Electronic Control Units Software Requirements

Specification (2004-01-0704) 441
Massimo Annunziata, Ferdinando De Cristofaro,
Carlo Di Guiseppe, Agostino Natale and Stefano Scala

Model-Based System Development ~ Is it the Solution

to Control the Expanding System Complexity
in the Vehicle? (2004-01-0300) 447
Roland Jeutter and Bernd Heppner

Modeling of Steady and Quasi-Steady Flows within a

Flat Disc Type Armature Fuel Injector (2003-01-3131) 455
M. H. Shojaeefard and M. Shariati

Three Dimensional Finite Element Analysis of Crankshaft

Torsional Vibrations using Parametric Modeling
Techniques (2003-01-2711) 465
Ravi Kumar Burla, P. Seshu, H. Hirani,
P. R. Sajanpawar and H. S. Suresh

Defect Identification with Model-Based Test

Automation (2003-01-1031).... 473
Mark Blackburn, Aaron Nauman,
Bob Busser and Bryan Stensvad

Model Based System Development in Automotive (2003-01-1017) 481

Martin Mutz, Michaela Huhn,
Ursula Goltz and Carsten Krornke
Implementation-Conscious Rapid Control Prototying Platform
for Advanced Model-Based Engine Control (2003-01-0355) 491
Minsuk Shin, Wootaik Lee and Myoungho Sunwoo

Software for Testing

integrated Test Platforms: Taking Advantage of Advances in
Computer Hardware and Software (2005-01-1044) 499
Mark D. Robison

Next Generation Instrumentation and Testing Software

Built from the .NET Framework (2005-01-1041) 503
Steven E. Kuznicki

The Bus Crusher and the Armageddon Device -

Part I (2004-01-1762) 509
Ronald P. Brombach

A New Environment for Integrated Development and

Management of ECU Tests (2003-01-1024) 521
Klaus Lamberg, Jobst Richert and Rainer Rasche

Software Source Codes

Verifying Code Automatically Generated from an
Executable Model (2005-01-1665) ....533
Cheryl A. Williams, Michael A. Kropinski,
Onassis Matthews and Michael A. Steele

Automatic Code Generation and Platform Based Design

Methodology: An Engine Management System Design
Case Study (2005-01-1360) 539
Alberto Ferrari, Giovanni Gaviani, Giacomo Gentile,
Monti Stefano, Luigi Romagnoli and Michael Beine

A Source Code Generator Approach to implementing

Diagnostics in Vehicle Control Units (2004-01-0677) 547
Christoph Râtz

Auto-Generated Production Code Development for Ford/Think

Fuel Cell Vehicle Programme (2003-01-0863) 553
C. E. Wartnaby, S. M. Bennett, M. Ellims, R. R. Raju,
M. S. Mohammed, B. Patel and S. C. Jones

Miscellaneous Software Applications

Noise Cancellation Technique for Automotive Intake Noise
Using a Manifold Bridging Technique (2005-01-2368) 567
Colin Novak, Helen Ule and Robert Gaspar
A Benchmark Test for Springback: Experimental Procedures
and Results of a Slit-Ring Test (2005-01-0083)... 575
Z. Cedric Xia, Craig E. Miller, Maurice Lou, Ming F. Shi,
A. Konieczny, X. M. Chen and Thomas Gnaeupel-Herold

Intelligent Fault Diagnosis System of Automotive

Power Assembly Based on Sound Intensity
Identification (2004-01-1656) 583
Chen Xiaohua, Wei Shaohua, Zhang Bingjun and Zhu Xuehua

Highly Responsive Mechatronic Differential for

Maximizing Safety and Drive Benefits of Adaptive Control
Strategies (2004-01 -0859) 587
Stuart Hamilton amd Mircea Gradu

Optimization and Robust Design of Heat Sinks for Automotive

Electronics Applications (2004-01-0685) 601
Fatma Kocer, Sid Medina, Balaji Bharadwaj,
Rodolfo Palma and Roger Keranen

Automotive Body Structure Enhancement for Buzz, Squeak

and Rattle (2004-01-0388) 607
Raj Sohmshetty, Ramana Kappagantu,
Basavapatna P. Naganarayana and S. Shankar

Software Tools for Programming High-Quality

Haptic Interfaces (2004-01-0383) 615
Christophe Ramstein, Henry da Costa and Danny Grant

Software Development Process and Software-Components

for X-by-Wire Systems (2003-01-1288) 623
Andreas Kriiger, Dietmar Kant and Markus Buhlmann

The Software for a New Electric Clutch Actuator

Concept (2003-01-1197) 631
Reinhard Ludes and Thomas Pfund

Future Software Trends

Software's Ever Increasing Role 639
Ronald K. Jurgen, Editor
OVERVIEWS
 2005-01-1563

Upfront Analysis in the Product Development Process

Suchit Jain
Analysis Products, SolidWoks

Tin Bui, Jason Frick, Alain Khella, John Mason, Richard Naddaf and Stewart Prince
California State University, Northridge

Copyright © 2005 SAE International

ABSTRACT back room to run on high-powered workstations that

displayed 3D images rather than numeric data. Analysis
Companies in industries from automotive to consumer was, however, still mainly the domain of specialized
products have infused analysis software into their design analysts who did nothing else except analyze designs.
cycle the same way writers use spell check to prepare
documents. Analysis tools, closely integrated with 3D Though it was an improvement over the mainframe days,
CAD applications, help catch errors earlier in the design it was still an awkward system. Analysts would suggest
cycle and optimize designs for better performance and modifications to the design, but designers would not
more efficient material use. The direct involvement of always know how to apply those modifications.
design engineers in analyzing their own designs allows
for quick turnaround times and ensures that modifications The picture improved dramatically in the mid '90s. As
indicated by analysis results are promptly implemented in desktop CAD became a design industry staple, software
the design process. Used properly, it yields trustworthy vendors responded by integrating analysis with CAD
results that are already driving efficiencies and cost software so users could model and test designs in the
savings. This paper will describe the analysis process same environment. That eliminated re-creating a design
and the benefits of sophisticated analysis functionality in an analysis application, which was time consuming and
that is available to engineers of any skill level. It will often caused errors.
showcase a case study of the Formula SAE (FSAE) team
at California State University, Northridge (CSUN) and
how they utilized the computational capabilities of
integrated 3D CAD and design analysis software to Design Prototype testing Production
design, analyze and simulate a formula race car.

INTRODUCTION
1st
Most analysis software on the market today employs
the finite element analysis (FEA) method. The FEA
process consists of subdividing all systems into individual
components or "elements" whose behavior is easily
understood and then reconstructing the original system
from these components. This is a natural way performing Figure 1 - Design-prototype-test iterations.
analyses in engineering and even in other analytical
fields, such as economics. The approach of using NOMENCLATURE
discrete components to solve full systems has been used FEA - Finite Element Analysis, CAD - Computer Aided
in structural mechanics since early 1940s, and the term Design, CAE - Computer Aided Engineering, CFD -
FEA was first used in 1950s. Aerospace engineers Computational fluid Dynamics, CSUN - California State
adopted FEA in the 1960s to analyze aircraft designs. University, Northridge,

FEA moved from manual calculations in the '50s to

FORTRAN applications running on mainframes and Cray
supercomputers during the 1960s and 70s. Analysts ran
design data through the applications, which yielded
numeric results the analysts would interpret for the
designers. By the '80s, analysis software came out of the
CHANGING ROLE OF DESIGNERS AND ENGINEERS
For many years, design analysis was the exclusive
domain of highly specialized analysts who would
analyze designs after an engineer had finished his or her
work. This approach wasted a lot of time with back-and-
forth interaction between designers and analysts,
especially when solid models had to be recreated in a
separate analysis package.

But in recent years, the benefits of using design

analysis as part of conceptual design have become
obvious. When properly trained to use today's modern,
integrated analysis systems, design engineers are better
positioned than analysts to leverage analysis results to
modify solid models as design iterations progress.
Design engineers have far greater product expertise and
are closer to the product development process than Figure 3 - FEA mesh for front suspension assembly
analysts. of a snowmobile in COSMOSWorks and SolidWorks.
The direct involvement of design engineers in
analyzing their own designs speeds turnaround times However, there were problems with these automatic
and ensures that design modifications indicated by meshers in meshing just any geometry. Very small
analysis results are promptly implemented into the geometric features such as small holes and fillets
design in progress. caused mesh failures. The geometry's source, such as
the CAD systems it was created in, representation in
A growing number of companies are asking their NURBS (Non uniform rational B-spline) or analytical
designers and engineers to do more than just design format, also lead to mesh failures. A bunch of utility
work. These designers and engineers are being tasked software program sprung up in early '90s which would
to come up with better designs not only for form and fit, take the raw geometry and "heel" it for meshing
but also to meet functional specifications. Analysis purposes. These heeling software programs would try to
software has started to show up on desks of industrial remove geometric inaccuracies such as gaps between
designers and project managers. surfaces and slivers and make the model air tight for
meshing.
ADVANCES IN FEA TECHNOLOGY MAKING THESE
CHANGES POSSIBLE Modern FEA software has reduced the complex art
of meshing to simple push of a button. All the heeling is
Meshing incorporated inside the mesher and is done in the
background. Meshing problems have been reduced
FEA software breaks a solid model down into drastically allowing many more designers to start
geometric "elements," which are mathematically conducting analysis on their models.
represented on the computer as a 3D mesh overlaying
and permeating the solid model, to solve differential
equations that govern physical phenomena as they
apply to simulated geometries. Each element is
represented by a bunch of "nodes" connected via
element "edges."

In earlier days of FEA meshing was limited to

manually creating nodes and element connectivity by
specifying x, y, and z coordinates of the nodes. This
painstakingly laborious method limited users to
analyzing very simple geometries such as plates or rods.
FEA technology took a giant leap when automatic
meshers were developed which could mesh complex
geometries, allowing analysts to conduct analysis on
real life models.

4
 Figure 7 - Simulating a pin connection in
COSMOSWorks is as simple as selecting the two
Figure 4 - FEA mesh of cell phone cover. Small cylindrical faces of the two arms of the pliers. Inset
geometry and slivers are automatically heeled by the shows the complex procedure by defining beams in
mesher. traditional FEA software.

Future trend in FEA software is to build load and Solution Speeds

restraint templates which can be customized by
company experts. These templates will provide a The computing power of the mainframe computers
framework for less experienced users to conduct of the 1980s is now available on the desktop at a
analysis and reduce errors in defining loads and fraction of the original price. The developments of fast
restraints. equation solvers have enabled users to take advantage
of the availability of affordable computing power and
Assembly Analysis reap the benefits of FEA. Today fast iterative solvers are
standard in any professional FEA software and can
Analyzing assemblies is more complex than single solve several million degrees of freedom simulation in
parts as the analysis needs to take into account the hours if not minutes on a laptop. Quick solution times
interaction between the different components. Since have allowed engineers to study performance of very
each part can deform, the stresses developed in the complex parts and large assemblies with finer geometric
whole assembly depend on how the parts are connected details in matter of minutes. Specialized techniques and
to each other. For example, in an assembly different abstract concepts developed by FEA vendors to speed
parts can be welded, bolted, joined by a pin. They can up solution times, such symmetry concepts of slicing
also come in contact which each other upon loading. models into halves for analysis or removing fillets or
Modern FEA software provides easy ways of modeling small geometric details, are no longer required.
these interactions between parts easily and intuitively. FEA solvers are now also optimized to take
Contact analysis which used to be the domain of advantage of dual processors and distributed computing
specialized analysts is now available standard in most systems.
FEA software.

Modern FEA software allow user to directly input or

simulate connections such as pins, springs, bearings,
bolts in one step rather than using combination of
several inputs.

5
 Figure 8 - Stresses in a housing structure for an
Figure 9 - Drop test simulation inside
aircraft engine lubricating pump developed by
COSMOSWorks of a propane tank when dropped in
Nichols Aircraft Division. This part had nearly 1.7
different orientations.
million degrees of freedom and was meshed and
solved in couple of hours.
RACECAR DESIGN FOR FORMULA SAE
COMPETETION
From General Purpose to Specialized Tasks
One of the graduation requirements for the
mechanical engineering degree at California State
Other emerging trends include the customization
University, Northridge (CSUN) is to undergo a senior
of analysis technology to address specific tasks and the
design project. This is where senior students take all the
adoption of FEA by non-traditional industries. Until
theoretical learning from past courses and apply it to a
recently, FEA technology has been packaged as a
practical problem over the course of two semesters or
general-purpose tool that can simulate the behavior of
about 9 months. One such problem that a group of 15
just about any type of product design. While some
students encountered was the design and fabrication of
analysis applications provide specific physics
formula style racecar for the annual Formula SAE
functionality, such as mechanical, thermal, and
(FSAE) competition held in Detroit, Michigan.
computational fluid dynamics (CFD), specialization
Normally in the automotive industry, the typical time
within each of these areas is increasing and will continue
frame to design and build a working prototype is to 3 - 5
at an accelerated rate. Just as consumers are
years. Unfortunately, the CSUN FSAE team has only 9
demanding customization in everything from
months to design, build, and race a formula racecar.
automobiles to computers, engineers require analysis
The only way that the CSUN FSAE team and other
capabilities that address a narrow range of problems
teams across the world are able to complete this
that are particular to their specific industry.
assignment is through the use of advanced
computational aided engineering (CAE) programs. The
By focusing analysis technology on specific 2003 - 2004 CSUN FSAE team utilized the
tasks, such as "drop test" analysis for hand-held
computational capabilities of SolidWorks®,
products, cooling analysis for electronics systems
COSMOSFIoWorks™, COSMOSWorks®, and
design, and multiphysics interaction analysis
COSMOSMotion™ to design, analyze, simulate, and
(mechanical, thermal, and electromagnetic) for micro-
build a formula racecar.
electromechanical systems (MEMS) design, analysis
vendors are pushing advances in ease of use even
further. When addressing specific types of problems, What is FSAE?
analysis developers can leverage interface wizards to
automate analysis setup and effectively reduce what The FSAE competition is an annual competition
might require several steps with a general-purpose FEA spread out over five days in May. The competition is
package to a single step. hosted by the Society of Automotive Engineers (SAE)
and sponsored by DaimlerChrysler, Ford Motor
Company, and General Motors. Solidworks is also a
main sponsor of the event.
The competition challenges student's creativity,
imagination, and knowledge to build a working prototype
that meets the rules and regulations of the competition.
The engine displacement is limited to 610cc and many

6
restrictions are placed on chassis design. The
competition consists of static and dynamic events.
The competition begins with the static events, which
consist of the cost analysis, sales presentation, and
engineering design events. The second half of the
competition begins the dynamic events, which include
the acceleration run, skidpad, autocross, and endurance
coupled with fuel economy. The total amount of possible
points is 1000.

Modeling of a Formula Race Car

The CSUN FSAE team mirrors industry in the way

the design process is commonly used. The team will
begin the semester with a preliminary design event
(PDR) followed by an internal design event (IDR). The
critical design event (CDR) is held at the end of the fall
semester where the team presents all final designs and
analysis for approval. The spring semester begins the
manufacturing phase with design for manufacturing
(DFM) to weight the benefits of manufacture vs. buy.
The CSUN FSAE team structure also mirrors
industry with a CEO filled by the faculty advisor and a
project manager reporting to the CEO and overseeing
seven different departments making up the racecar.
Each department will model their respective parts and
assemble all required components including hardware.
Then the project manager will combine the entire sub -
assemblies to a top level assembly to produce what will
be the model for the racecar as shown in figure 10.

Figure 11a (top) - Isometric view of rear end of

racecar including drivetrain, suspension, and
chassis departments. Figure 11b (bottom) - Rear
Figure 10 - Top level assembly of racecar with 7 view of vehicle detailing the aluminum moncoque
main sub - assemblies and over 1000 parts! box, aluminum differential inside of box, and the
suspension components.
The chassis department implemented a new design
from traditional designs. Most of teams at the Analysis of a Formula Race Car
competition use a steel space frame consisting of tubes
welded together. The new design is a hybrid space With students designing intricate parts, the task of
frame/monocoque that consisted of a steel space frame analyzing these parts by hand becomes complicated
in the front and mid - sections of the racecar with an and cumbersome. This is where the COSMOS® suite of
aluminum box in the rear that mounts to the engine. The analysis products is effectively utilized to reduce design
use of SolidWorks aided with the modeling of all of the time and perform thousands of calculations in fractions
components that make up the hybrid chassis design and of a second. With the short learning curve of
integrating components from other departments that COSMOS®, students were able to learn how to use the
connect to the hybrid chassis. Figure 11 below shows software in about one week and begin their analysis.
the hybrid chassis design.
The formula racecar was designed to last the whole
race and nothing more to make it as light as possible. In

7
this case, the most critical event is the endurance event In addition to FEA stress analysis, the CFD
which lasts about thirty minutes. The formula racecar capabilities of COSMOSFIoWorks were also utilized.
was designed to survive this event and not for infinite Several components on the engine carry airflow, and
life. optimization of these designs helps improve maximum
After the aluminum box was modeled and fit into the horsepower.
assembly, the question of can the aluminum box One rule specific to the FSAE competition is the
withstand the forces succumbed during the endurance use of an engine restrictor. As the airflow moves
event was addressed. The aluminum box consists of 5 through this restriction, the airflow accelerates greatly,
plates bolted together. COSMOSWorks® was used to making compressibility and boundary layer effects very
design the aluminum box as well as other parts significant. While some analysis could be performed by
designed by students that were subjected to high hand as the geometry of the design becomes
stresses. Figure 12 below shows a deflection plot, which increasingly complex, CFD is the only feasible option.
allowed the calculation of the torsional rigidity of the Fig 14 show the pressure and velocity plots for the
monocoque. converging-diverging restrictor designed using
COSMOSFIoWorks.

[
TTTTT!

Figure 12 - COSMOSWorks deflection plot of

rear monocoque section.

Another innovative design that was featured on

the formula car was an aluminum differential housing.
Once again by using COSMOSWorks, a very
complicated geometry was able to be analyzed and
optimized within the very short time frame of the FSAE
competition.

Figure 14b - Velocity plot for the air flowing

through the engine restrictor using
COSMOSFIoWorks.

In addition to both FEA and CFD analysis, a

kinematics package was also required in order to reduce
the amount of time required to design linkages and
mechanisms. Using COSMOSMotion, every mechanism
from the suspension to the shifter was able to be
analyzed and optimized in an amazingly short time.
Accuracy also improved as the motion was shown in full
Fig 13 - COSMOSWorks deflection plot of the 3-D, as opposed to a 2-D approximation used to simplify
differential as the car undergoes maximum
acceleration.
8
hand calculations. Below in figure 15 is an image of the
shifter linkage, showing the restraints and joints as
defined through COSMOSMotion.

Figure 16 - The 2003 - 2004 CSUN FSAE team at

the conclusion of the competition in Detroit in May
2004.

Figure 15 - COSMOSMotion analysis of the

have to balance a range of design variables and options,
shifter linkage.
from the properties of available materials to size, weight,
and loading constraints. Quick and easy design analysis
Competition Results
results, even if they only show the approximate
deflection or stresses instead of the exact results
At the beginning of the spring semester, all of the
demanded by analysts, can help designers make
designs and analysis was complete. The spring
prudent decisions at the beginning of the design cycle
semester marked the beginning of the critical
that minimize problems, delays, and costs later on.
manufacturing and testing phase. The formula racecar
This paper has talked about some of the
was fabricated within three months with about one
advancements in technology which has moved up FEA
month of testing time. The CSUN FSAE team arrived at
in the initial design stages and is enabling increasing
the annual competition in Detroit with the necessary
number of product designers and engineers to verify
skills and preparation for success. At the conclusion of
their design. However, there are products and designs
the competition, the CSUN FSAE team scored its
which require more specialized and in-depth analysis
highest ever points in history with 683.599 points. This
and need someone specialized in those fields.
earned the team a 14th place finish out of 140 schools
worldwide, which was CSUN's third best finish in history.
The team also earned 3rd place in the Ricardo
REFERENCES
Powertrain award for the excellent designs in the engine
and drivetrain. 1. Suchit Jain, 2003, "Making the business case
for analysis software", 17th Reliability, Stress
The CSUN FSAE team arrived in Detroit with
Analysis and Failure Prevention Conference,
confidence in their engineering designs as evidenced by
Chicago, IL, vice president of analysis products,
the team's success. The use of CAE software provided
SolidWorks corporation
novice students with the ability to design and analyze
parts within three months efficiently and quickly. The 2. Suchit Jain, 2004, "The changing role of FEA in
skills learned by the students working with the CAE product development process", 2004 ASME
software will be carried for years to come in their International Mechanical Engineering Congress,
professional careers and has become an invaluable part Anaheim, CA, vice president of analysis
of their collegiate career. products, SolidWorks corporation
3. Mason, John. Formula SAE Fall Semester
CONCLUSION Engine Design Report. CSUN, 2003
4. Bauer, Horst. Bosch Automotive Handbook.
As analysis software is becoming easier to use,
more people in product development who are not Robert Bosch GmbH, 2000
experts at analysis are using it. This is especially true 5. SolidWorks Corporation,
for product designers who create the initial part and http://www.solidworks.com/
assembly models. By using analysis during the initial 6. SRAC, http://www.cosmosm.com/
design stage, designers not only minimize the probability
of failure but also can leverage analysis results to design 7. CSUN FSAE, http://www.ecs.csun.edu/sae
better products, faster, and at lower cost. Effective
product design requires much more than simply creating
a geometric shape for a particular function. Designers
 2005-01-0327

A Software Component Architecture for Improving Vehicle

Software Quality and Integration
Brendan Jackman
Centre for Automotive Research, Waterford Institute of Technology

Shepherd Sanyanga
TRW Automotive

Copyright © 2005 SAE International

ABSTRACT INTRODUCTION

It is estimated that the software which monitors the health Figure 1 depicts the typical information flow between a
of an ECU now takes up about 60% of the total ECU vehicle manufacturer and Tier 1 supplier during the
software code to monitor, diagnose and announce the development of an ECU subsystem. Due to the fact that
problems an ECU may have during its normal or abnormal early-on during the development of a vehicle the OEM is
operational modes. It is the abnormal operation of the still unclear on what the final vehicle architecture will be in
system which is the constant problem for vehicle OEMs terms of requirements, the requirements will continuously
because this side of the system operation is not easily evolve as the program progresses. This tends to be
defined or simulated. The integration of Failure Mode and problematic for suppliers, since they need a static view of
Effects Analysis (FMEA) to normal design is now the vehicle architecture in order to give realistic system
becoming central to tackling these issues head-on, such that quotations and time scales for their ECU development. To
FMEA is now used as part of the integration process. manage this situation, most suppliers take a snapshot of
Having between 10 and 20 different ECUs on a vehicle requirements and quote based on that version of
network still leaves the integration of software from many requirements. However this still does not mitigate the
different suppliers a difficult task. The main issues are suppliers' costs in the development phase, so budget over­
incompatible interfaces, misunderstandings of vehicle OEM runs are common.
internal software requirements and a general lack of time to
carry out rigorous and methodological integration testing at Requirements
the Data and Physical Layers before proper vehicle
production commences.
System Specification
The vehicle OEMs have attempted to alleviate these Vehicle Manufacturer .- ' \
problems by specifying common ECU infrastructures,
providing standard outsourced software modules to their
suppliers and by taking part in standardisation efforts such
as OSEK/VDX and AUTOSAR. However due to location,
perception and language differences, this has not reaped the
benefits that were being sought and has created a new set of
problems.

This paper describes an object-oriented component-based

approach to vehicle software development to try to better
solve the above issues. The work of the Object
Management Group (OMG) is examined, and it is shown
how the Object Request Broker (ORB) concept can be
applied to existing real-time embedded automotive software
External Software House e.g in As
systems to ease integration and simulation. The Object
Request Broker concept has been successful in enabling
reusable software components in the commercial software
world. An ORB architecture supports integration and reuse
of legacy software by separating component interfaces from Figure 1. Information Flow and Interaction between OEMs and Supplier.
their definition.

11
These budget overruns happen because most suppliers detected and solutions are sought. These problems may take
follow a methodological approach to their ECU system the following form: Interface compatibility issues due to
design process. This is usually called the ' V cycle mode of distributed functions; timing and data latency problems
ECU development, and is shown in Figure 2. It is after the caused by incorrectly coded OEM supplied standardized
architecture partition phase that suppliers identify where the software modules; harness connectivity issues; data
standardized OEM software modules are going to be co- corruption issues due to current and voltage distortion slew
located in their subsystem design. It is at the module testing rates; ECU software configuration issues due to ECUs with
stage that inconsistencies between operational requirements the wrong level of software functionality on a network;
and the OEM supplied modules are first seen. This also vehicle ignition start-up and shut-down issues due to
includes problems related to interface links to the supplier's incorrect implementation of network management procedure
proprietary code. To resolve these conflicts and to requirements and ignition after-run requirements.
implement these amended requirement changes, suppliers
end up expending extra resources to ensure that all parts of
the design are updated with these final agreed code changes. AUTOMOTIVE SOFTWARE INITIATIVES
In most systems with the OEM the cost implication of these
changes can be potentially under-estimated in the agreed The rapid increase in software functionality and additional
piece cost of the ECU subsystem. ECUs being added to vehicles brings additional complexity
to the system integration process. System integration can
be eased by managing the complexity of the distributed
Systems Requirements
Capture
Complete System
Integration Test
vehicle control system. A common approach to the
management of complexity has traditionally been
standardization, the use of interchangeable parts that provide

•Q. O compatible interfaces and services. OEMs have usually

standardized aspects such as the choice of microprocessors,
ROM/RAM size, development tools and programming
Module Functional
Integration
languages to simplify ECU application development and
facilitate software reuse between ECUs and vehicle variants.
ECU component standardization has also meant big cost
reductions for suppliers.

Various industry-wide attempts at standardization have been

initiated over the past decade with varying degrees of
System Architecture
Partition ECU Module Test success. The widespread use of Matlab/Simulink as an
application modeling and development tool has been a large
factor in the proliferation of vehicle software functions.
Matlab/Simulink allows engineers to model new
applications graphically and therefore more productively
ECU Module
Development Hardware
than using conventional programming languages.
& Software Matlab/Simulink is well supported by Hardware in the Loop
(HIL) tools and automatic code generators, allowing
X" production ECU code to be generated directly from the
application models. Furthermore, Simulink models can be
Figure 2. "V Cycle" ECU Subsystem Development Process.
easily shared and reused between applications.

The use of high- and low-speed CAN as a standard vehicle

network has allowed for the easy exchange of data between
ECUs that were previously interconnected with OEM
proprietary serial point-to-point protocols such as IS09141
SYSTEM INTEGRATION (equivalent to K-line), UBP (UART-Based Protocol).
Higher levels of vehicle control are now possible by
The vehicle OEM usually builds what is termed a bench car. exchanging data between several existing subsystems. For
This is the electrical & electronic architecture representation example, Vehicle Stability Control (VSC) systems depend
of the final vehicle with all the electrical components that on the interactions between Traction Control, ABS and
will exist on the real vehicle. This bench car integrates all Engine Management systems for successful operation.
ECU subsystems on every network communication on the
target vehicle platform. This is the first time that the vehicle In 1993 some major German automotive companies formed
manufacturer is able to see how each ECU on the vehicle the OSEK group [1] with the purpose of defining a common
will interact with its neighbour and hence serves as an a software standard for ECU operating systems and associated
early warning system to program teams of vehicle system network interfaces. The idea was to specify an open system
problems. This bench car is very important, especially for standard that software vendors can comply with. OSEK
suppliers, since it is used to develop the ECU subsystem essentially provides a set of microprocessor-independent
software for the different ECUs before the pre-production services to ECU application software. Services include a
prototype vehicles become available, as well as provide a real-time task scheduling system, interrupt handling,
platform for suppliers to really test their software in a real Alarm/Event handling and an inter-task communications
vehicle environment. mechanism that allows tasks on the same or different ECUs
to exchange data. OSEK has been widely adopted in Europe
Due to the complexity of the vehicle architecture network and has significant support from independent software
and its interaction with its operating environment, it is here vendors. OSEK is also addressing the need for fault-tolerant
where the majority of vehicle system-wide problems are

12
and time-triggered services in subsequent versions of the requirements are known and properly understood. This early
standard. decision on hardware configurations has a detrimental
constraining effect on the resulting software architecture. In
The biggest weakness in the OSEK concept has been the effect, the choice of hardware predetermines the software
lack of hardware device driver standards. A lot of ECU architecture, since it influences the functional partitioning
application code is required to interact with microprocessor across the available ECUs and therefore dictates the network
peripherals, and this is still the biggest differentiating factor communications requirements. The emphasis is currently
among microprocessors. So although OSEK goes a long on hardware module design rather than software function
way towards increasing the portability and reusability of design. While the hardware design costs have to be
ECU application software, the onus is still very much on restrained because of the large volumes involved, there is a
the software designer to decouple the device handlers from growing realization among OEMs that software costs are
the application code. The success with which this is done more significant than hardware costs. What must be
determines the level of application portability and reuse. considered is not just the software development cost alone,
but the total software cost across the life cycle of the
The ASAM group [2] has been successful in defining a set vehicle. This should include test and calibration costs,
of standards for implementing measurement, calibration and reprogramming/flashing costs, warranty costs and the
diagnostic systems. The CAN Calibration Protocol (CCP) potential cost of poor customer satisfaction caused by
and its successor XCP is widely used for calibration and software failures. Surveys increasingly show that the
flash programming of vehicle ECUs. Standards such as majority of vehicle breakdowns are caused by software or
these help the system integration process by providing a electronic faults, not mechanical failures. The goal therefore
single data exchange format for calibrating and diagnosing must be to achieve a high level of robustness in the vehicle
all ECUs in a distributed vehicle control system. software/electronic systems.

The International Standards Organization (ISO) has provided What many OEMs lack is a software architecture for their
a set of standards for retrieving diagnostic data from ECUs vehicles. While they may have an Electrical/Electronic
across K-Line, LIN and CAN networks. The most widely (E/E) Architecture, this is not quite the same thing. In the
used standards are KWP2000 (ISO 14230, 1-4) and first instance, E/E architectures are not completely portable
Diagnostics on CAN (ISO 15765, 1-4). between different vehicle variants because of differences in
body types and vehicle features. If software functions are
The latest standardization initiative is AUTOSAR [3], closely coupled to individual ECU hardware, and a specific
founded in 2003, which is made up of some of the largest ECU cannot be fitted to a vehicle variant, then all associated
OEMs and a whole host of Tier-1 suppliers. The goal of software functions are lost to that vehicle variant. Usually
AUTOSAR is to establish an open standard for automotive some of the software functionality is required, which the
Electrical/Electronic architecture. AUTOSAR intends to supplier then tries to integrate onto a different ECU with
provide a complete run-time environment for ECU resulting cost and integration problems. If the software
application software that will provide complete hardware architecture is completely independent of the hardware
independence. This run-time environment will be architecture, then none of these problems would arise. The
compatible with and make use of established automotive OEM would just choose the subset of software functions to
standards such as OSEK and CAN. One of the most be delivered on the vehicle variant and partition the
significant aspects of the AUTOSAR proposal is the functions across whichever vehicle ECUs are available. For
development of software interface standards for all functional this scheme to work there must be a software infrastructure
aspects of a vehicle. For example, there will be a set of available to decouple the software functions from the ECU
predefined software interfaces for powertrain control hardware and vehicle network. The remainder of this paper
functions. This will ensure a high level of compatibility outlines ideas for such a software infrastructure based on
between different suppliers' systems and simplify the existing software standards.
interchange and integration of these software systems. The
first validation tests for AUTOSAR are expected in 2006. OBJECT-ORIENTED DEVELOPMENT

These standardization efforts have brought the advantages of Most automotive software is developed using structured or
simplification and cost reduction to many OEMs and procedural approaches (usually written in C) which view the
suppliers. However, the integration of co-operating ECUs software as a collection of separate code functions that share
on a distributed vehicle network is still a major issue in some common data. These code functions tend to be tightly
terms of network message interpretation, bus loading, and coupled to the shared data and to each other so that any
proper handling of system failure modes. The AUTOSAR requirements change has a significant impact on the structure
standardization effort holds much promise, but widespread of the software.
agreement and tool support for the standard, if successful,
cannot be realistically expected until the end of the decade. Object-Oriented development is the process of developing
In the meantime OEMs and suppliers cannot stand still in software systems by considering the system to be made up
the face of increasing vehicle software complexity driven by of a set of co-operating objects. An object contains a set of
customer demand and hence must look to alternative data values called attributes that describe the object, together
approaches to contain the integration problems. with a set of methods or services that can be invoked on the
object.
AUTOMOTIVE SOFTWARE ARCHITECTURE
Objects invoke the methods of other objects to carry out the
One of the main causes of integration problems has been the functionality of the system. The overall system
piecemeal development of system ECUs in isolation from functionality is thus shared among the various objects in
one another. The vehicle control systems are usually much the same way that work is shared among the
partitioned into a set of networked ECUs early on in the employees of a company. Objects are a natural, intuitive
vehicle design cycle before the complete software system way to view software systems, particularly systems that

13
interact with real world objects. Software objects can be
developed to represent each real world object being
manipulated. For example, an engine control ECU could Fuel Injector
have a separate object for each fuel injector being controlled.
Each fuel injector object would have attributes detailing the
injector firing angles and duration, plus methods to fire and startAngie : float
switch off the injector. The methods are in effect the
responsibilities of the object. It should be noted that an
duration : int
object represents a specific instance, so that a fuel injector currerrtlyQrt : Boolean
object represents a specific fuel injector. If an engine ECU
is controlling four fuel injectors, then it would have four
Fuel Injector objects, one for each physical injector. Object-
Oriented methodologies use the concept of a class to
int fire( duration : float )
generalize about objects, so the fuel injector class would int stopO
represent the common traits (attributes and methods) of all
fuel injector objects. Another way of looking at it is that Boolean isOn()
classes represent the static structure of the system, whereas
objects provide a dynamic, run-time view.
Figure 4. UML Class Representation.

ENCAPSULATION

Objects support the idea of encapsulation or information

hiding. This means that an object's attributes are not
directly accessible by other objects. An object's attributes
may only be read from or written to by the methods of that
object. This provides a complete separation of interface
from implementation, allowing the data types of attributes
and the implementation algorithms of methods to be
modified without affecting client objects that invoke an
object's methods. As long as the method interface remains
unchanged the client object remains unaffected. This
powerful mechanism allows software objects to be easily
upgraded without impacting the rest of the system. The
objects are very much self-contained and loosely coupled
with one another.

Figure 3. Object Structure and Method Invocation

INHERITANCE

When defining systems in terms of objects it is quickly

The Unified Modeling Language (UML) is widely used for realized that many objects are very similar to other objects.
object-oriented modeling of systems. The use of object- The concept of inheritance allows one class to be specified
oriented modeling techniques for automotive real-time in terms of another class. The new class is known as a
systems has been investigated by Volvo [4] and subtype of the existing base class and only additional
DaimlerChrysler [5]. A detailed treatment of UML and attributes and methods over and above those in the base
object-oriented software development can be found in the class need to be specified for the new class. This is a
many books available on the subject, such as the one by powerful technique for describing variants in ECUs and
Craig Larman [6]. Figure 4 shows an example of how the vehicles.
fuel injector class would be modeled in UML.

14
 Driver Door Module
Door Module
CANbusStatus : ml

wiratowStatus : fcnt
mirrorStatus : int int remoteLockDoort doorld : int}
int remoteUnlockDoor( doorld : int}
doorStalus : int
int remoteOpenWindow{ windowld: int, amount : int )
int remoteCloseWindowf windowld : int. amount : int}
nt tockDoorQ int remotemoveMirrorf direction : in!, amount : int)
nt unlockDoorO int lockDoori)
int uniockDor>r()
nt openWindow{ amount : int ) int openWindow{ amount : int )
nt closeWindowf amount : int} int closeWindow( amount : int )
int moveMtrrori direction : int, amount : int)
int moveMrrrorf direction : int, amount : int)

"is a type o f

Driver Door Module

windowStatus int
mirrorStatus : snt
doorStatus : int * Driver Door Module
CANbusStatus : int
/ object encapsulates
int lockOootO
a Door Module object.
tnt unlockDoorO
nt openWindow{ amount : int )
nt remoteLockDoorj doorld : int ) nt cioseWindowf amount : int}
nt moveMirrrxÊ direction : int, amount : int)
int remoteUrtockDoor( doorld : int )
int remoteOpenWindow{ wtndowid: int, amount : int )
nt remoieCloseWindowf windowld : int, amount : int} Figure 6. Aggregation between UML Classes.
nt remotemoveMirrort direction : int amount : int)

Figure 5. Inheritance between UML Classes.

POLYMORPHISM

Polymorphism is a feature of object-oriented systems that

allows the same method name to be used in more than one
In Figure 5 UML notation is used to show that a driver's class of object. For example, the method stop could be
door module is a specialization of a standard door module. used with various classes such as Motor, Engine, Fuel
Inheritance is an easy way to reuse software objects. Only Injector and so on. Polymorphism allows the name stop to
the additional functionality needs to be added to the be used with all of these classes. The correct piece of code is
subclass. In the Driver Door Module example, when executed based on the class of object in question.
developing the Driver Door Module class just the additional
functionality over and above the Door Module class needs to Polymorphism has a number of advantages for the software
be implemented. developer. First of all, meaningful names can be given to
methods regardless of whether the name has already been
AGGREGATION used. Secondly, the developer can generalize methods in the
base class of an inheritance hierarchy without knowing in
advance what subtypes may be defined. This makes the
Aggregation is the process of using existing objects in the
implementation of new objects. It is an alternative to resulting objects more reusable.
inheritance for reusing objects. Aggregation is similar in
concept to an assembly-subassembly type structure.
Aggregation has the advantage over inheritance as a reuse
mechanism because the reused objects are completely SOFTWARE COMPONENTS
encapsulated within the new object and are not exposed to
any client objects. With inheritance the methods of any Component-based software extends the object-oriented
inherited class may also be called by client objects, even if concept to software applications as a whole. It is at a higher
that is not the intention. Figure 6 illustrates the use of level of granularity, such that a single software user function
aggregation in UML, where the Driver Door Module class exhibits the same characteristics as a software object. That
contains an instance of a Door Module class. Notice how is, it has certain well-defined interfaces that can be invoked,
the Driver Door Module class now needs to have a more and it is possible that multiple instances of the software
comprehensive interface, since it no longer inherits the component exist. It should be emphasized that even though
interface of the Driver Door Module class. a software component has an object-oriented behavior it does
not have to be implemented using an object-oriented
programming language. The internal implementation could
be in a language such as C or even Simulink code such as
S-functions.

15
The Object Management Group (OMG) [7] is an industry The key to integrating application objects is the
consortium whose goal is to define a set of interfaces for specification of standard interfaces using the Interface
interoperable software. It has been in existence since 1989 Definition Language (IDL). The IDL is the mechanism that
and has specified the Common Object Request Broker separates interface from implementation, and it provides for
Architecture (CORBA) that defines a high-level facility for communication between objects that is independent of
distributed computing. CORBA uses an object-oriented programming language, hardware platform, networking
approach to hide the differences in programming languages, protocols and physical location.
operating systems and object location in a distributed
application. It provides an open distributed computing
INTERFACE DEFINITION LANGUAGE (IDL)
environment that facilitates component integration and
reuse. The IDL is a notation for defining application programming
interfaces. It is independent of programming languages and
The central component of CORBA is the Object Request defines the boundary between client code and object
Broker (ORB) which works as a software bus that implementations of services. The IDL is a fundamental part
transparently relays object requests across the various of OMG standards and provides platform-independent
implementation technologies. Application objects interact definitions of software interfaces.
only with the ORB in a client-server fashion. A client
object locates the required server object, invokes operations The OMG has defined standard language bindings for the
on it and is notified of the occurrence of any errors through a IDL that enable an automatic translation of IDL
standard exception handling mechanism. The ORB is specifications to programming languages such as C, Java,
responsible for routing the request from the client object to C++, Ada etc. The IDL is a pure specification language and
the server object and returning any results. CORBA can does not dictate the implementation of the software object.
handle both synchronous and asynchronous requests. A The object may be implemented as a library function on the
component may act as both a client and server same computer as the client object, or may even be
simultaneously. The ORB implementations include code implemented on a remote networked computer. As long as
stubs and skeletons known as Object Adaptors that map the the client and server objects adhere to the IDL specifications,
object interfaces to specific implementation languages. communication will be successful. The following is an
Figure 7 shows the structure of a CORBA-based software example of IDL for the door module objects.
application. module VehicleDoorSystems {
i n t e r f a c e Door_Module {
// a t t r i b u t e declaration
a t t r i b u t e unsigned long windowStatus;
a t t r i b u t e unsigned long m i r r o r S t a t u s ;
a t t r i b u t e unsigned long doorStatus;
/ / p o s s i b l e exceptions t h a t may be
/ / r a i s e d when executing methods
enum Faults { DoorFaultDetected,
mirrorFaultDetected } ;
/ / method d e c l a r a t i o n
unsigned long lockDoor();
r a i s e s ( DoorFaultDetected );
unsigned long unlockDoor()
r a i s e s ( DoorFaultDetected );
unsigned long openwindow (
in unsigned long amount );
unsigned long closeWindow (
Figure 7. CORBA Distributed Application Structure.
in unsigned long amount );
enum Direction {UP, DOWN, LEFT, RIGHT};
unsigned long moveMirror (
in Direction directionToGo,
in unsigned long amount )
r a i s e s ( MirrorFaultDetected );

/ / define Driver Door Module t o be a subtype

The OMG has defined a range of object interfaces for / / of the basic Door Module
commonly used services such as Object Location and
Naming, Event Notification, Persistence, Concurrency, i n t e r f a c e Driver_Door_Module : Door_Module {
Transactions etc. These are known as CORBAservices and / / a d d i t i o n a l a t t r i b u t e s t o basic door
are provided by ORB vendors. CORBAservices are similar / / module
attribute unsigned long CANbusStatus;
to many of the services provided by operating systems.
There is also a set of object standards called // additional methods
CORBAfacilities that define functionality that would be enum DoorType { PASSENGER, DRIVER, ALL };
enum WindowType ( PASSENGER, DRIVER, ALL,
common across many types of application. Examples are BACKLEFT, BACKRIGHT } ;
Printing, Task Management and User Interface. There are unsigned long remoteLockDoor(
also standards known as CORBAdomains that define in DoorType door )
raises ( DoorFaultDetected ) ;
objects that would be useful in specific vertical markets. unsigned long remoteUnlockDoor(
Some of the domains currently addressed include Air Traffic in DoorType door )
Control, Telecommunications, Data Acquisition and raises ( DoorFaultDetected ) ;
unsigned long remoteOpenWindow (
Computer Aided Design. in WindowType windowed,
in unsigned long amount ) ;
unsigned long remoteCloseWindow (
in WindowType windowed,
in unsigned long amount ) ;

16
The example illustrates the use of enumerated types in IDL The key feature that underpins CORBA is the IDL
to define allowable values for items such as door types and specification. The authors suggest that most of the benefits
windows types. Using enumerated types in the IDL of simplified integration and portability can be achieved by
definitions provides greater clarity on the expected usage of using IDL to specify software interfaces. Vehicle software
parameters. IDL also has an exception handling mechanism components can be defined at a subsystem level using IDL
that allows methods to raise exceptions when an operational early on in the design process. The structure and
error occurs. The client application is notified of server or interactions among components can be verified functionally
ORB exceptions synchronously through the calling at an early stage using IDL and object-oriented specification
interface. methodologies without regard to the communication
mechanisms. The software components could be
The use of IDL provides a hardware-independent interface functionally simulated on a PC using stub components.
between the software functions and thereby simplifies the Once the OEM is satisfied, the subsystems can then be
task of integrating software components. The quality of the further decomposed into sets of software components (also
IDL designs is very important for ensuring that the specified in IDL) to be allocated to suppliers. The result is
components are interoperable with one another and are that the interactions among the components have already
widely reusable. For example, although the IDL will define been functionally verified and failure mode responses
the number and types of method parameters, the client and explored before the supplier implements the software
server objects must both agree on the semantics of how the component. As long as the IDL interfaces remain
parameters are used. CORBA and IDL do give the unchanged, the process of integrating the finished
immediate advantage of hardware independence for the components should be much easier. Using IDL as part of
vehicle software architecture. Even ECU device drivers the requirements specification process removes much of the
could be given an IDL object interface to make them part of ambiguity of natural language specification, since the IDL is
the software architecture, free to be implemented on the a compilable notation. The IDL can be supplemented with
appropriate ECU. The principles of high cohesion and loose UML sequence diagrams that indicate the dynamic use of
coupling between IDL-defined objects will ensure greater the software components. Software modules delivered by
reusability. Design patterns for use with object-oriented suppliers can be verified against the IDL specification using
technology are well documented [6]. software test harnesses.

AUTOMOTIVE OBJECT R E Q U E S T B R O K E R Once the overall software requirements have been defined
and expressed using IDL, the next step is to map the
The CORBA standards grew out of a need to provide software components to the hardware architecture. Some
seamless interfaces between the heterogeneous technologies components may have to be mapped to a specific ECU
used to implement enterprise-wide applications. The use of because of sensor or other hardware requirements.
the internet and client-server computing paradigms as a Techniques such as cluster analysis [9] can be used to map
means of implementing distributed applications motivated remaining software modules to available ECUs. In this way
the design of the platform-independent CORBA architecture. the allocation of software to ECUs is neither predetermined
CORBA has been hugely successful in the enterprise nor constrained.
computing domain, and it has delivered on the promises of
reusability, portability and simplified integration. The issue of mapping IDL calls to specific implementation
languages and tools needs to be addressed. The main
The CORBA specifications were originally designed with problem to be overcome is the mapping of the dynamic run­
network servers and a PC environment in mind, but this time ORB operation to the static run-time operation of
does not mean that the concepts are not applicable to real­ automotive ECUs. The Object Request Broker normally
time distributed computing applications. Indeed, there is a includes facilities to dynamically locate server objects, to
subcommittee of the OMG tasked with the application of invoke additional server objects to deal with increased
CORBA to real-time applications. The result is two loading and to dynamically prioritize client requests.
additional specifications; the Minimum CORBA Sufficient computing resources do not exist for this highly
specification and the Real-Time CORBA specification. The dynamic mode of operation in an automotive environment.
Minimum CORBA specification describes the basic features On the other hand, the software components to be used in an
needed to implement CORBA on resource-limited systems automotive system are static and are defined during the
such as embedded systems. The Real-Time CORBA software design phase, so the client-server object interactions
specification describes an implementation of CORBA on are also known in advance. This prior knowledge allows the
systems where end-to-end request timing constraints must Object Request Broker implementation to be hard-coded to
be met and where real-time task scheduling policies are optimize the use of resources. This can be accomplished
used. Although these specifications are a step in the right using a software configuration process prior to the final
direction for showing how CORBA can be used in software build, in the same way that OSEK systems are
automotive applications, currently available real-time ORBs statically configured at build time using the OSEK
such as Borland's VisiBroker-RT [8] seem to be limited to Implementation Language (OIL) file. This process is
the real-time Linux, Windows CE and VxWorks operating summarized in Figure 8.
systems. As such they are not directly usable with OSEK
systems that are typically used on vehicle ECUs. They
might however be useful for vehicle infotainment and
telematics applications where more computing power is
usually available.

17
 desired communication mechanism. For example,
if the server object is on the same ECU as the
client, then a simple library call might be
sufficient. If the server is located on another ECU
then the stub would have to map the IDL call to a
network message using OSEK COM or direct CAN
messages, transmit the request to an ORB request
handler on the remote ECU, and wait for a response
before returning control to the client application.
The mapping of CORBA requests to CAN
messages has already been addressed in existing
research [10].

3. Server Skeleton generation. The server side of the

ORB implementation consists of code that unpacks
the IDL parameters from remote CAN-based
requests or else maps IDL parameters from local
client requests to the correct calling interface for the
server code. The skeleton code is responsible for
returning any results to the client object according
to the IDL specification. Various approaches may
be taken to implement server code. Where only
one instance of an object exists, the
implementation can exist as a library routine in
ROM. Where more than one instance of an object
exists, the methods of the object could be
implemented as reentrant routines in ROM with
object-specific attribute values and other data stored
in RAM. Techniques for mapping UML object-
oriented designs to procedural C code have been
described by James Rumbaugh [11]. The server
object methods may be implemented in any
suitable language. The skeleton code does the
mapping from the object-oriented IDL interface to
the ECU-specific implementation.
Figure 8. Development Process using CORBA/IDL.
4. Target system build. The generated client stubs
and server skeletons are linked with the application
software functions for each ECU in the vehicle.
The vendors of CORBA technology normally
The process of configuring the Object Request Broker provide implementations of CORBAservices and
consists of the following activities CORBAfacilities with their ORB implementations.
While most of these services are of little use in an
1. ECU software assignment. The assignment of automotive environment, one that is quite useful is
individual software functions to ECUs must be the Event Notification service. This provides a
carried out first so that the system generation publish-and-subscribe type interface between event
process knows whether each IDL call is to a server sources and event consumers. It provides both
object on the same ECU or to a different ECU on push and pull type interfaces to event sources and
the network. The actual client and server source event consumers. This service could be developed
code does not need to be changed as a result of as a custom implementation based on the CAN
reassigning software functions to different ECUs bus. The result of doing this would be a hardware-
because the following process steps will take care independent distributed event notification service
of the interfacing details. Thus a significant that would further decouple software functions in a
simplification of ECU software integration can be predominately event-driven environment. A
realized using IDL interfaces. description of a CAN-based CORBA Event
Notification service is described by Finocchiaro et
2. Client Stub generation. CORBA IDL calls al [12].
contained within client application code must be
replaced with appropriate stub code that converts
the IDL call to a proper call of the server object The OMG has specified a standard mapping of IDL to C and
code. This works like a normal pre-compilation provides basic implementations of stubs and skeletons
process by replacing IDL references in application (Object Adaptors) that can be used as the basis for custom
code with appropriate stub routine calls. In a full- implementations.
featured ORB the standard stub would call the
ORB library, which would in turn locate and call CONCLUSION
the server object. In a custom static automotive
implementation the configuration tool would This paper has examined the problems of software
generate code based on the target server object integration of ECUs on a vehicle network. Most of the
identification, the server object location and the problems are due to the tight coupling between the software

18
functions and ECU hardware. The integration problems are Model into Real-Time CORBA". IEEE Proceedings of
compounded by the fact that the integration between ECUs the International Parallel and Distributed Processing
currently takes place at the CAN network layer by means of Symposium 2003.
message transfer. Integration testing occurs at a very low 1 1. Rumbaugh, J. et al. Object-Oriented Modeling and
level, i.e. at the Physical Layer, which is in turn constrained
Design. Prentice Hall. ISBN 0-13-630054-5.
by what information can be deduced, mapped and translated
to the higher level network layer faults. This is further 12. Finocchiara, R., Lankes, S. and Jabs, A. "Design of a
hampered by the fact that the Physical Layer has its own Real-Time CORBA Event Service customised for the
inherent problems due to its electrical characteristics in CAN Bus". IEEE Proceedings of the 18' International
terms timing, transmission errors, latency problems, so it is Parallel and Distributed Processing Symposium 2004.
difficult to debug and understand the problems at the higher
layers due to the masking effect of these lower level issues.
Using the techniques suggested in this paper, the integration
process can be moved up to a higher application level where
ECU software interactions take the form of client-server CONTACT
requests and responses. At this level the software design is
easier to understand and debug. In addition, the intended
Brendan Jackman B.Sc. M.Tech.
operation of the system can be simulated and the failure
mode operation analyzed and understood prior to
programming. Using object-oriented modeling techniques Brendan is the founder and Director of the Centre for
for designing the software architecture will help achieve Automotive Research at Waterford Institute of Technology,
more flexible and reusable vehicle software functions. where he supervises postgraduate students working on
automotive software development, diagnostics and vehicle
networking research.. Brendan also lectures in Automotive
It is hoped that the suggestions described in this paper for Software Development to undergraduates on the B.Sc. in
implementing CORBA technology in an automotive Applied Computing Degree at Waterford Institute of
environment might be considered for future AUTOSAR and Technology. Brendan has extensive experience in the
OSEK standardization, thereby bringing the associated implementation of real-time control systems, having worked
benefits to a wider group of automotive software developers. previously with Digital Equipment Corporation, Ireland and
Logica BV in The Netherlands.
REFERENCES
Email: bjackmanftiwit.ie
1 · http://www.osek-vdx.com. OSEK Specifications.
2. http://www.asaivt.de. ASAM Specifications. Website: http://www.wit.ie/car
3. http://www.autosar.org. AUTOSAR group details.
4. Axelsson, J., "Holistic Object-Oriented Modelling of
Distributed Automotive Real-Time Control
Applications". IEEE 1999. Proceedings of 2" IEEE Shepherd Sanyanga (BEng BSc MSc PhD CEng
Symposium on Object-Oriented Real-Time Distributed Eurlng MIEE)
Computing.
5 . http://www.dc-cc.com. Automotive UML. Shepherd is a Technical Specialist in the design of
DaimlerChrysler Competence Centre. Subsystem Communication Protocols & Diagnostics and
6. Larman, C. (2002). Applying UML and Patterns. the verification of such systems at TRW Automotive in the
Prentice Hall PTR. ISBN 0-13-092569-1. United Kingdom, working with the major OEMs in Europe
and North America. He has had extensive experience in the
7 . http://www.omg.org. OMG, CORBA, IDL
system design of real-time embedded control systems for
information and specifications. safety critical and comfort applications in both the
8 . http://www.borland.com/visibroker. VisiBroker-RT Automotive and Aerospace industry. He has worked in
ORB product information. organizations such the United Nations, Lucas Aerospace
9. Rushton, G., Zakarian, A. and Grigoryan, T. Systems, Sagem Automotive and Ford Motor Company. He
"Development of Modular Electrical, Electronic, and is also an external examiner at an automotive research
Software System Architectures for Multiple Vehicle establishment in Ireland which runs MSc research courses
Platforms". SAE paper 2003-01-0139. for the automotive industry.
10. Lankes, S., Jabs, A. and Bemmerl, T. "Integration of a
CAN-based Connection-oriented Communication Email: shepherd.sanyanga@trw.com

19
 2005-01-0312

Why Switch to an OSEK RTOS and How to Address

the Associated Challenges
Thierry Rolina
ETAS Inc.

Nigel Tracey
LiveDevices (ETAS Group)

Copyright © 2005 SAE International

ABSTRACT communication, and network management of distributed

embedded real-time systems. While OSEK
Most automotive software systems are still built today standardization efforts have been successful and are
using a cyclical scheduler that runs tasks at fixed time ongoing, the automotive industry has not yet
intervals. This approach provides excellent insight into implemented many of the OSEK standards. In this paper
and control of the real-time behavior of a system, as we will show why using the OSEK approach to
tasks repeatedly run one at a time and in the same developing real-time embedded software offers great
order. advantages over the traditional approach.

Given that so many operating systems are using an THE AUTOMOTIVE SUPPLY CHAIN
approach that provides the necessary real-time control
and transparency, why change to an OSEK operating The automotive industry builds vehicles in large
system? In other words, what value does an OSEK quantities (up to tens of millions of units in some cases).
operating system deliver compared to one that uses the Small problems may therefore have a great impact,
traditional approach to task scheduling? since they have the potential of manifesting themselves
in a great number of vehicles. If we assume a population
In this paper, we answer precisely that question. An of 1 million vehicles, with each vehicle being used 1
OSEK OS can offer significant efficiency advantages that hour a day, 300 days a year, the potential impact of a
ultimately save cost in development and production. small problem becomes obvious. A quick calculation
However, an organization faces certain challenges when leads to 300 million hours of use per year, which poses
it decides to replace its traditional OS with an OSEK OS. a heavy functional reliability constraint on any system. To
We identify and discuss these challenges. ascertain good functional reliability for their products,
OEMs usually assign the task of function specification
INTRODUCTION design to their own engineers. The task of implementing
these functions, however, is usually outsourced to
"We build a lot of software today, and we just keep on suppliers.
doing it. Over, and over, and over again," Stephen Mellor
rightly complained in a recent article in Embedded
f u n c t i o n a l Specification
Computing Design.(1) In his remark, Mellor points out
that application software is often redone rather than
reused, and that this is due to the fact that application
software code is bound to all the layers the software System or Sub-sy*t*tr
relies on. Mellor suggested that a new way of thinking
about application software is necessary in order to put an
end to the waste of time and money in development. The
solution according to Mellor is to view and value
application software as an asset.

Ten years ago, the OSEK initiative reflected similar

Similarly, OEMs define the performance requirements
thinking in terms of non-application software. Those who
created OSEK saw a need to specify uniform services, that embedded systems intended for their vehicles must
interfaces, and protocols for the operating system, fulfill. Then the OEMs' suppliers must provide evidence

21
that their embedded systems satisfy their throughput
requirements, or that they will respond to inputs within
the allocated response time.
interrupts, which would result in faster response to an
external event. The following illustrates "sequential
computing":

void main(void)
{
do_init();
while (1) {
tl();
t2();
t3();
delay_until_cycle_start();
}
}
Functions are computed sequentially, providing a clean
and simple software implementation. If we now add a
periodic interrupt, the system is almost fully loaded (see
figure 2.). Since 3ms defines the "timing granularity",
every function must be processed every 3ms. The load
can then be calculated from the requirements table:

TIME
Figure 1. Task Sample Processing Requirement Effective
rate time load
To put it in general terms, automotive OEMs specify the T1 3ms 0.5ms 16.6% 16.6%
systems and suppliers implement them. Integration is T2 6ms 0.75ms 12.5% 25%
done later at the OEM or the supplier. In the area of 41.7%
T3 14ms 1.25ms 8.9%
powertrain controls in North America, both the hardware
platform (microcontroller) and infrastructure software isr 10ms 0.5ms 5% 16.6%
(scheduler API, HWIL) are specified by the OEM. In Total 48% 99.9%
other areas, such as chassis or body controls, a different CPU
distribution of tasks gives suppliers greater flexibility. The load
reason for this distribution of development tasks in the
automotive industry comes from the necessity to reduce In its simplest form of cyclic implementation, the system
costs. is fully loaded after adding the interrupt service routine,
and can no longer accommodate new functionality.
A WELL PROVEN APPROACH? Adding new functionality will require hardware
modifications.
Embedded real-time automotive software runs on
microcontrollers, i.e., silicon. Function developers,
however, typically model the functions that will later run
on a microcontroller in a PC environment. Controls
engineers implement these functions, and software i — i — i — i — i — i — i — i — i — i — i — i — i — r
engineers fit them into the confined environment of a
microcontroller, where instruction size, memory size,
CPU load, etc. are at a premium.

Most embedded real-time systems use a simple

microcontroller that repeatedly runs one main loop:
Whenever external inputs request some activity, the
program code branches off to service each request and
then returns to the main loop. This structure is commonly
called "sequential organization". In real life, we most
often see systems dependent on multiple interrupts. The
advantage here is to eliminate the tedious polling of
Figure 3.
22
 needs to be carefully designed and controlled.
There are more sophisticated implementations of the
cyclic scheduler using the concept of major and minor
cycles. In our example, a major/minor cycle approach
would free some CPU because the less demanding
tasks (T2 and T3) would not be required to run at the Function
3ms rate. As we are freeing the CPU, adding new
functionality becomes possible, but it will have to be Cfl 1
partitioned so that it fits into the available cycles. We
must also point out that a tight connection between Network Driver
software and hardware exists in such an implementation,
making any retargeting to a different processor difficult,
and reuse of application code impossible. It is also very
difficult to deal with requirement changes from the
customer which often lead to patching the scheduler as
well. On the positive side, the cyclic implementation is
free, and the source code is available. Also, in such an
implementation, design will always meet performance
requirements. / __ .._J JL-. _. f\
< Vehicle Network *>
TOWARD A MORE FLEXIBLE APPROACH: \ 1/
OSEK SCHEDULING Figure 5.
The answer to such problems is to separate the Scheduling is a vital component of infrastructure
application software from the infrastructure. It will be software. Careful scheduling enables the ECU to meet
especially important, because distribution of functionality its performance requirements. It is the heart of the
has made its way into vehicles, causing the number of system. An often cited argument against using an RTOS
devices to grow considerably over the years. Distribution is that writing and debugging the application will increase
of functionality is achieved though data networks such as in complexity and most developers want to stay away
CAN, LIN, Flexray..., which introduce another level of from error-prone complexity. Another argument against
complexity. using an RTOS is that it comes at a price, while other
operating systems are free.

However, as we will reinforce in the return on investment

analysis, the advantages of using an RTOS clearly
outweigh the drawbacks. An RTOS comes with a set of
validated API routines that are ready to use, giving
everybody the opportunity to use the same language,
regardless of what microcontroller they use. An RTOS
also provides the embedded software engineers with a
higher level of abstraction, allowing them to focus on
their task, i.e., the application. The OSEK-VDX initiative
specifies all this.

ECU

Figure 4.

Each module connected to a network has to include

specific network drivers. For simple ECUs, an
architecture where direct hardware and network access
has been granted to the application software may still be
appropriate (figure 5). Such an approach certainly falls
short with more complex ECUs, where the software load

<M= Wehtcfe H*&*atk.

Figure 6.
P
23
 THE CHALLENGES OF USING AN OSEK RTOS
Figure 6 illustrates the more complex ECU mentioned Using an OSEK scheduler offers a lot of benefits, the
previously. The application layer now accesses hardware biggest ones probably being the increased traceability
and network resources though abstract layers, allowing from the specification to the implementation, and the
designers to build more abstract and reusable ability to design software at a level that is less target-
application components. dependent. On the other hand, when selecting a
scheduler, consideration must be given to the following
OSEK Scheduling facts. Using preemption introduces memory overheads,
which could drive the price of the ECU up. Also, the
The OSEK scheduling mechanism is based on events, RTOS is now part of the ECU performance equation.
which will guarantee the most efficient processing of
interrupts in the application. Instead of polling, the ECU Memory Overheads
responds to a set of events, where time is simply one
particular type of event. The OSEK RTOS specifies a Preemption requires RAM space, because each time a
scheduler that uses a fixed priority scheduling policy. high priority task preempts a lower priority task, the
Under this policy, each task is assigned a fixed priority. context of the low priority task must be saved on the
The scheduler will always run the highest priority task stack so it can be restored later. In some OSEK RTOS
that is ready. The higher priority task will then preempt implementations, the RAM demand will grow
any lower priority task running at that time. When the proportionally to the number of tasks. This could be a
higher priority task is finished, the lower priority task is problem, especially if production cost is an issue, since
resumed at the point of preemption. Interrupts are RAM is costly. This is particularly true for RTOSs that
processed in the same manner. If we now go back to the have not been engineered so that all the tasks can share
3 tasks system described in 2 (T1 running every 3ms, T2 a single stack. This will be an important point in the
every 6ms, T3 every 14ms, and isr everylOms), an production cost section of our return on investment
OSEK scheduler will process the various tasks at their analysis.
required rate, thereby freeing up CPU time. This CPU
time is available for additional tasks that may have to be
Systems' Performance Determination
implemented in response to modifications made to the
function requirements.
The other area where software engineers must be
careful is the overall performance of the system, as the
system's performance is dependent on the RTOS
OSEK vs Cyclic performance. Figure 8 shows an example of preemption
where the scheduler has to run in addition to the
performance hit caused by the high priority task switch in
and task switch out. Special care must be taken here,
and one must make sure that the scheduler's
performance data have been published, that it is
deterministic, and that the implementation is efficient
enough to allow the user to take advantage of the RTOS
flexibility. We have actually seen instances where the
RTOS implementation was so inefficient that users could
not use any of the system services. Overall, the RTOS
implementation should provide an improved system
Figure 7. response compared to a cyclic implementation.

In addition, the OSEK scheduling is scalable. Notions

such as multiple task activations are supported, giving
the ability to retrigger functions if need be. Tasks can
also wait for events. This can be particularly useful in
applications where a higher degree of user interaction is
required. For lower-end applications, the basic set of
attributes provides the necessary capabilities to run with
full preemption, even in an 8-bit environment. Alarms are
the mechanism by which OSEK scheduling handles
periodic behavior. Again, looking at time is just looking at
a different type of event. Sporadic behavior is handled
via interrupts which could be done inside or outside the
RTOS. Support of critical sections can be handled by
using resources, and safe access to resources is
handled via a priority ceiling protocol (best response/no
deadlocks). Figure 8.

24
A quick comparison of how response time is determined • Minimizing development time.
in both cyclic and priority-based scheduling reveals which
approach leads to the best system response time. In • Minimizing the cost of infrastructure
cyclic scheduling, the response time (R) of each task is development, since the latter is not part of the
simply given by: core business.
• Improving the product integration phase.
R = C + Polling_delay, where C is the computation time.
The size and quality of the software will have an impact
The system will meet its performance requirements if all on the overall production cost when
the tasks meet their performance requirements. It is
typical to poll more frequently in such designs, as this is • the application or the infrastructure software
the only possible way to improve the system's response demands a large amount of RAM and when
time. Frequent polling will increase the interrupt rate, and • system performance response becomes
will decrease the system's overall throughput. unpredictable due to added functionality.

With a priority-based scheduler, the response time is a In both cases, the solution involves over engineering,
function of the RTOS, plus any interference (preemption) either by adding unnecessary RAM space, or by running
and blocking (if resources are used) caused to the task: at a higher clock speed (which could affect other parts of
the system). We will consider these factors in the context
R = C+ f(RTOS) + I + B of our return on investment analysis at the end of this
paper.
Research shows that OSEK scheduling fulfils the
assumptions of the deadline monotonie theory (2). This Using a Cyclic Scheduler
mathematical approach to preemptive scheduling gives
us the ability to compute the response time ( Rt ) for each
task: As we highlighted previously, a cyclic scheduler may be
appropriate for small applications. It will quickly fall short
with more complex systems as the functionality has to be
R,= St +B, *Cn.+ X \RiITk\Ciw + Ck) split to fit into the scheduler's time slices. With this
approach, the application software will be less reusable.
Where: Reusability is also reduced by the more hardware-
• Ci is the worst case execution time of a given dependent nature of the application software. On the
task Ci process side, it will be more difficult to use modern
• Tk is the period of task k approaches to software design, especially autocoding.
• Csw is the cost of switching to and back from a And, as we outlined earlier, a cyclic approach makes
preempting task inefficient use of the CPU. To conclude, opting for a
• Bi is the blocking time of task i cyclic scheduler comes at a price after all, as this
• Si is the scheduler overhead for task i seemingly smart decision will drive up the cost of
• Hp is the set of tasks of higher priority than task i developing and producing embedded systems

Assuming that we have access to the performance data Using an OSEK Scheduler
of the scheduler, i.e. Csw, we are now able to determine
the response time of each task in the system, and hence An OSEK-based implementation offers organizations a
the overall performance of the system. better approach to software design. Distributed
development is possible because the architecture is
THE COST OF BUILDING EMBEDDED REAL­ typically in place at the beginning of the project. A
number of teams can then work on the various
TIME SOFTWARE
subsystems. Since all the teams share the same insight
into the scheduler, requirement changes can be easily
There are two cost components when building ECU assessed. In addition, this approach promotes reusability
software: development cost - which covers design, of the software, as its design is less target-dependent.
implementation, and testing - and production cost. In the Using an OSEK scheduler makes the development cost
automotive industry, development cost constitutes a of the ECU software manageable.
significant amount of the overall cost. We will examine
this issue in the return on investment analysis at the end
On the production side, implementation of an OSEK OS
of this paper. Minimizing development cost will imply:
can increase the cost (larger RAM and increased
execution time). To evaluate an OSEK-based approach,
• Minimizing the impact of requirement changes at it is imperative to answer the following questions:
all stages (this can be done by reducing the
• How has the OSEK RTOS been designed to
interdependency of infrastructure software and
handle preemption with respect to RAM usage?
application software).

25
 • What is the inherent performance of the The total cost for this project will be $12.96 Million.
scheduler (especially in terms of context
switches)? OSEK-RTOS

The following table sums up the pros and cons of each Let us next look at an OSEK-based implementation.
implementation. Restructuring software will take 1 day/change, which
leads to a total cost of $2,000. It will not be necessary to
Cyclic OSEK-RTOS
test software for timing problems if the proper design tool
Infrastructure effort some none suite is used, and it will not be necessary to tune the
Maintenance Difficult easy software to avoid timing problems. Additional tasks do
Reuse Limited high not increase RAM requirements.
Verification/Validation In-house Certified
testing Tools will be necessary to support this approach, so
CPU requirements high Should be low there will an infrastructure cost. For this project, it will be
Memory Initially low, Should below $100,000.
requirements increases with change little
maintenance with the The total cost for the changes will be $2000, if we
number of consider the infrastructure cost part of the initial
tasks development.

Comparison of scheduler possibilities The total cost for this project will be $10.5 Million.

When doing such an ROI analysis, it is imperative to look

at both the development and the production cost of
A RETURN ON INVESTMENT ANALYSIS (ROI) embedded software. In our OSEK-based approach, we
were able to save a tremendous amount of money and
Let us take a look at a concrete example. The following time to release the production software, as each
sample project is based on past experience with a modification of functionality can be assessed, and
customer project. We will look at the development and implemented without disturbing the overall ECU
production of an ECU (including application software): performance.

• Development takes 5 man years at $80k/year =

CONCLUSION
$400k.
• Production will be 1 Million ECUs/year for 5
This paper described the advantages of using an OSEK-
years. based approach to scheduling real-time embedded
• Microcontroller cost is $2/ECU. software. This approach is time and cost effective. It
The total baseline cost will be $10.4M. We will assume promotes reusability, and provides control on the overall
no differences in application development between the system's performance.
cyclic and OSEK-based approaches. We will assume
that we have 5 requirement changes throughout the REFERENCES
project.
1. "Software as assets", fall 2004 Embedded computing
Cyclic implementation design
http://www.embeddedcomputing.com/articles/mellor/
Let us first look at the cyclic implementation.
Restructuring software involves identifying now functions 2. Deadline Monotonie Analysis
can be split up to meet the performance requirements of http://www.embedded.com/2000/0006/0006feat1.ht
the system. If we assume 2 man weeks/change, this will ID.
require a total of 10 man weeks, or $20,000. Tuning the
software to remove timing problems takes 4 man 3. OSEK-VDX http://www.osek-vdx.org
weeks/changes, so it will require 20 man weeks, or
$40,000. Finally, an upgrade to a more powerful
controller will be necessary. If the cost is $0.5/controller, CONTACT
total CPU upgrade cost is 5x1Mx0.5= $2.5 Million.
Thierry Rolina is Business Development Manager for the
There is no infrastructure cost involved (purchasing Software Components product line of ETAS in North
tools, training...). America. He can be reached at Thierry.rolina@etas.us
We estimate that the total cost for the changes will be Dr. Nigel Tracey is Director of Product Management at
$2.56 Million. LiveDevices (ETAS group). He can be reached at
N iqel .tracey(5)livedevices .com

26
 2004-01-0757

Constraint-Driven Simulation-Based Automatic

Task Allocation on ECU Networks
Paolo Giusto
Automotive Team - Cadence Design Systems, Inc.

Gary Rushton
E/E Vehicle Systems - Visteon Corporation

Copyright © 2004 SAE International

ABSTRACT
Engine
With the increasing number of ECUs in modern Control
automotive applications (70 in high end cars), designers
CAN network
are facing the challenge of managing complex design
tasks, such as the allocation of software tasks over a
network of ECUs. The allocation may be dictated by Basic Function
Control Loop
different attributes ( performance, cost, size, etc.). The
task of validating a given allocation can be achieved
either via static analysis (e.g., for cost, size) and/or
dynamic analysis (e.g. via performance simulation - for
timing constraints). This paper brings together two key
concepts: algorithmic and optimization techniques to be ACC, Driving-Dynamics
used during static analysis and virtual integration Control Loop
platforms for simulation-based exploration. The two
concepts together provide the pillars for a constraint-
driven / simulation-based approach, tailored to optimize Figure 1: Adaptive Cruise Control
the entire ECU network according to a cost function bandwidth requirements (10Mbs for a dependable fault
defined by the user. tolerant communication protocol).

Electronic Module Trends

INTRODUCTION
35
30
In order to satisfy different drivers' needs such as 25
performance, comfort, safety, and to meet stringent time 20
-Luxury Level
to market and cost requirements, the automotive - Mid Level
15
industry is increasingly using configurable platforms Entry Level
10
(mechanical, electrical/electronic) to implement safety-
5
critical sophisticated applications such as adaptive
0
cruise controls (Figure 1). These applications are
1990 1995 2000 2005
implemented on complex distributed architectures where
Year
data messages are exchanged between Electronic
Control Units (ECUs) via high-speed, fault-tolerant,
serial buses (e.g., Flexray, TTP). The
Figure 2: Electronic Module Trends
increasing functional complexity and chassis
requirements (sensors/actuators allocation) have led to
In this paper, we have identified two design issues. First,
an increase in the number of ECUs (between 6 for a
the OEM system architect often decides the distributed
low-end and 35 for a high-end model, see Figure 2) and
target electronic architecture (ECUs, buses, sensors,
to the usage of multiple buses in terms of different

27
actuators, etc) very early in the design cycle, when not Virtual Prototyping
much information is available (HW is often not
available), while the validation of it is performed quite Application SW Plant Models
late, only after sub-systems' HW/SW implementations Models
become available. Thus, integration issues are
discovered when changes are very expensive. OSEK BCC2 OSEK Ftcom
Model Model
Moreover, resilience to faults can only be checked via
expensive and not easily repeatable tests on physical CAN Model M FlexRayModel
prototypes. Secondly, the communication between the
car manufacturers (OEM) - playing the role of system ECU Model Library
integrator once the sub-systems have been delivered -
and the providers of the sub-systems (e.g. engine ack^An notation
control), is often a source of misunderstandings
regarding the intended functional and non-functional M a pp | n a
requirements the sub-system has to provide in terms of
Distributed Architecture Analysis
timing, cost, and safety.

Besides, OEM and Tierl system architects are facing Distributed Fault Injection and
the challenge of managing complex design tasks, such Analysis
as the allocation of software tasks over a network of
ECUs (SW binding). The trend toward the
standardization of SW platform APIs consistent with
OSEK specifications for communication among ECUs
(e.g. COM and FTCom) and with application software
\z Export

Figure 3: Cadence Automotive Platform

processing and scheduling (e.g. OSEK Time) makes it
possible to distribute the functionality (application SW)
across different ECUs. • A design shift from physical integration to virtual
integration of models (Figure 4)
When looking at the vehicle as a system, the distributed
The extension of a single ECU model-based system
nature of these applications also provides potential for
design paradigm, in which the transformation from a
optimizations that can be achieved via an efficient use of
design representation to its implementation is automatic.
HW resources (e.g. a smaller number of ECUs). This
optimization, carried out by system architects, is
applicable to both OEM and Tierl suppliers. While the Physical Prototyping
and Analysis
Tierl goal is to provide an optimized platform that can
be re-used for different products by different OEMs, the Validation Variation
OEM is more concerned with creating a platform that
Fault A.
can be shared across vehicles. injection
Sub-Systems
Development
In this paper we illustrate how two key concepts,
algorithmic and optimization techniques for static Physical
analysis [1][2][3], and simulation-based virtual Integration

integration platforms [4][5][6] coupled together, provide

the pillars for a constraint-driven and simulation-based Physical Prototype Physical Prototype
approach, tailored to optimize the entire ECU network
according to a cost function defined by the user. In the
rest of the paper, we describe the concepts and the
technologies aimed at realizing such an approach into Figure 4: Design Shift
an innovative tool flow in more detail.
The separation between executable models of
THE VIRTUAL INTEGRATION PLATFORM control algorithms and the high level/abstract
performance/functional models of the
In [6], the concept of a virtual integration platform was architectural resources including the network
introduced. In a nutshell, the Cadence Automotive communication stack
System Design Platform (Figure 3) supports a
distributed model-based system design process based Binding control algorithm tasks to HW resources
upon several orthogonal concepts:
Binding functional abstract communications
(signals and shared variables) to network
protocol stack models

28
 Select Vehicle Configurations
Generic System Requirements Model mtymktoam&f*'9&&,t™''*·'* ' ~ ' ' " " ■-«*'* 'WaJK
f * frcw 9 »

* *&%
V«M*1 Ftwe«jR U«î!Jt>S

System om» «J κ ^*""* w—t... . j

^™™™™_^~™. ^

Requirements Model * .- v » .«.iv ,™*-^ -, r^:.."■-,„ v.«^^*^^i

1
G>msm
φ^- Λπφτ*,-,,
&»*»«*»,
CaH^H^ Î&VM»» I itotw*
1
I
,-fcw. Hpwi|ftt»g'· "" "^ ψ ^Τ-* Λ
1
ί
I

i; ! » 1
W**"*"' lêssSSlKl jè£25E5ft

Function - Function Interaction Matrix Modular System Architecture Matrix

HffMHMBM.BMW ιΐ'ΓιΙιΙΙιΠ
0 I = i e & * View Syaen Wndow M p
«id» J*«l
': i - i-i - I S C ft ■■ - ·■
Qa-U ICI I C I »
1 . t C m a . B 4>*.rv«enj h H n * ! ■ 8»&N>)
■ IncKlence M ByfuncWft

-Ι^ϋΊΤΤΓΤΤΤΠ System Optimization

Algorithms

Si U i ! Π Ο

Figure 5: ISDO Tool Automotive Platform itself and the Visteon Integrated
System design and Optimization (ISDO) static analysis
• Automatically annotating the control algorithm tool (described in the next section). This aspect is
tasks and communications with timing detailed later in the paper.
performance formulae for dynamic computation
(at simulation time) of the message transmission
latencies over the network bus as well as the
SW scheduling execution times due to shared ISDO TOOL FLOW
resources (buses, CPUs)
In [3], new approaches and software algorithms were
• Simulating the bound virtual platform (e.g. presented that allow vehicle Electrical, Electronic and
representing a possible candidate distribution of Software (EES) system design engineers to develop
functionality over the network) for verification modular architectures / modules that can be shared
purposes under regular conditions and/or with across vehicle platforms (for OEMs) and across OEMs
fault injection (e.g. data corruption, abnormal (for suppliers). The methodology uses matrix clustering
task delay, etc) and graph-based techniques. The ISDO software tool
(Figure 5) allows system design experts to build a low
Notice that the virtual integration platform relies on cost EES architecture that can be shared across multiple
providing library elements for both functionalities and vehicle platforms. The ISDO software builds an optimal
architectural resources. The platform provides links with system architecture for a given set of system features
the most popular tools for algorithmic development and and feature take rates by grouping (integrating) system
simulation, thus enabling the seamless import of such functions into physical modules and determining the best
models and their composition in the overall distributed possible tradeoffs between system overhead costs, give
complex control function. The platform also provides away costs, and wiring costs. Also in [3], a new
models of popular communication protocols such as approach is presented that allows system developers to
CAN. One important aspect, the XML-based identify common modules in EES architectures that can
programming capabilities provided by the platform, be shared across multiple vehicle platforms. In a
constitutes the core of the linkage between the Cadence nutshell, the ISDO tool flow can be described as follows:

29
 • Import the system requirements model into a decomposition and function interface definition
specified database using predefined templates (signals and shared variables)
to create various vehicle configurations
Next, the ISDO tool is used to allocate functions
• Automatic creation of the function-function to modules
interaction matrix once the requirements for
each vehicle configuration are identified Next, the allocation is exported by the ISDO tool
and imported by the Cadence Automotive
• User pre-defined, or carryover, modules: the Platform environment and simulated
user can select functions from the incidence
matrix and group them into predefined modules. If the simulation results are satisfactory, the
This step makes sure that in the final vehicle designer can (optionally) refine the design,
architecture the functions of carryover, or provided that he/she does not modify the
predefined modules, will appear in a single function interfaces, by replacing the coarse grain
cluster/module. functional models used during the simulation in
the Cadence Automotive Platform with more
• Applying optimization algorithms to the function- detailed models imported from other tools (e.g.
function interaction matrix to identify optimal Simulink) and re-importing them with the
functional grouping in the vehicle architecture. Cadence Platform

I Tools' Exporters>-

I Translators J>
Model Generator
>
i Merger " | ^ >

I Manual E d i t i n g ^ ·

Model Visitor

XML-BASED DESIGN REPRESENTATION

Figure 6: XML-Based Design Representation
INTEGRATED TOOL FLOW In the Cadence Automotive Platform, a design is
represented in an isomorphic fashion. First, an XML-
The Cadence Automotive Platform and the Visteon based representation is used to describe the
ISDO tool are complementary in that, while the former functionality (excluding the primitive block models), the
provides a powerful dynamic analysis environment, the architecture, the software execution architecture (SEA),
latter provides powerful static allocation mechanisms. meaning the set of tasks with their activation policies
Therefore, good results are produced when the tools are and priorities, the software and communication binding
coupled together in the following sequence: information, the fault scenarios' descriptions, and the
simulation set-up. The XML representation is
manipulated via a Cadence-defined scripting language,
• The system design expert starts from a
to, for instance, define/update/change a binding of tasks
description of the overall complex control
to a set of ECUs. Once all the needed manipulations
algorithm by performing the functional
have been performed, the XML representation is then

30
 Powcrtrain Wireless Fuel Wiper/Washer
Control User
Information System Svstem Windows
System
and
Mirrors
WIRELESS
\
\
USER
REQUIS" 1"5
T
AntiLock ENGINE FUEL
HEATH.)
Brake DATA o i i m r r s w l R E L E S S \ USER
REAR
Svstem -ANTILOCK INPITS \ FEEDBACK, WINDOWRESTRAINT Restraint
BRAKE <T>MMANDCONTROL - Control
STATUS STATUS Svstem

BRAKE Exterior
Brake
-PEDALS- and
Pedals 0 1 r\ X f~i
Interior
Lights
HORN IGNITION
-COMMAND SWITCH
T STATUS ~""~—- Steering
Horn SEAT ATMOSPHERIC Wheel and
SPEED MPLIFIED ,FI T CONDmONS
CONTROL AUDIO CONDITIONED m Column
AND TRUNK VACUUM COCKPIT

Speed
• STATE
/
AIR
L
STATU:
\ I
"" TRUNK OOMMAND*RESSl^lIZED
AIR CONDITIONS

Control Doors Operating

Passenger Vacuum
System Speakers and
Compartment Svstem Environment
Trunk

Figure 6: Top Level Hierarchical Context Diagram

YOURDON DE MARCO REPRESENTATION

compiled into a simulatable representation (Figure 6) [6]. In the ISDO tool, a design is translated from hierarchical
Notice that the XML-based representation includes context diagrams (Yourdon-DeMarco methodology)
information about the functions' interfaces with their (Figures 7-8) to an XML-based format. The hierarchy is
activation mechanisms (via signals or periodic timers) used to manage complexity. Notice that the context
and shared variables. A very important piece of diagrams are not executable, since the wired
information is represented by the Software Execution connections between functions do not have any
Architecture (SEA). In fact, in order to be scheduled and execution semantics (e.g. hardware interrupts). They
simulated, the functions have to be assigned to tasks, are meant to represent the logical flow of data
which in turn, are assigned to ECU scheduler models (information, material, or energy) between functions.
during the binding step (OsekTime for the Cadence Moreover, there is no definition of SEA and no
Automotive Platform). Once the user has programmed executable models for the functions themselves. Since
with scripting language the type of communication the purpose of the Visteon ISDO tool is to perform static
protocol model that has to be used to simulate the analysis and allocation of functions to modules
network traffic, the Cadence Automotive Platform engine (hereafter either the term modules or ECUs are used
automatically determines the network bus with the same meaning) the tool does not need
communication matrix. In fact, at this point of the design executable semantics for its design representation, since
flow, it is known which messages are sent by an ECU to no simulation is performed. It is therefore important to
which other ECUs, because the software tasks that send implement a linkage between the ISDO design
messages to the bus controllers and receive them from representation and the Cadence Platform representation
them have been assigned to the ECUs themselves to simulate a given allocation. This is explained in the
within the Visteon ISDO tool. The engine provides the next section.
user with an automatic configuration of the network. For
each bus cluster, a communication cycle with arbitration
is provided, while each frame is activated via a triggering
mechanism. Notice that the user can modify the
configuration, as part of the XML manipulations, via the
scripting language.

31
Figure 8: Next Level Hierarchical Context Diagram Second, the allocation is transformed by the
ISDO tool into an equivalent XML-based
COMMUNICATION MATRIX IMPORT communication matrix

An efficient way of importing the Visteon ISDO design Third, the designer annotates (for instance with
representation to simulate a given functional allocation is an XML editor of choice or via Java API based
via the communication matrix import. The command) the messages in the communication
communication matrix is a representation that does not matrix with activation policy information (e.g.
take into account the original design hierarchy - the periodic vs. triggered): this is needed in order to
communications are represented with respect to the simulate the network traffic.
ECUs instantiated in the network cluster. Therefore, if
one is able to annotate the communication matrix by Fourth, the Cadence Automotive Platform reads
itself with information about the activation policy of the in the communication matrix and compiles into a
messages being broadcast, then this representation can set of XML based representations (again see
be used to automatically create a simulatable design in Figure 9)
the Cadence Automotive Platform. Notice that the usage
of the communication matrix is equivalent to flattening o An architecture XML that represents a
the original design hierarchy - which was irrelevant for single-cluster network of ECUs
simulation purposes anyway, since it was only used for connected via a network bus
managing design complexity. Therefore, we envision the (ECU=Module)
following flow (Figure 9 at the end of the paper) between
the two environments:
o A functional XML that represents a trivial
functional network, in which a set of
• First, the ISDO tool determines the allocation of transactor behaviors are used to
functions to modules generate network traffic, one transactor
per ECU

32
 o A SEA XML that represents the trivial ACKNOWLEDGMENTS
assignment of one transactor to a task
The authors would like to thank Pascal Bornât and Jean-
o A binding XML that represents the Yves Brunei from Cadence Design Systems, Velizy,
mapping of each single transactor task France, Alberto Ferrari from Parades, Rome, and
to one ECU Luciano Lavagno from Politecnico di Torino, Turin, Italy
for their contributions to the paper.
o A simulation set-up XML initially empty,
later on updated to include any probing REFERENCES
of given metrics (e.g. bus load)
1. Zakarian, A. and Rushton G. J. (2001),
• Fifth, the five XML representations are compiled "Development of Modular Electrical Systems",
into a simulatable representation and the IEEE/ASME Transaction on Mechatronic,
simulation with data collection and analysis can 2. Rushton, G., Zakarian, A., and Grigoryan, T. (2002),
take place. "Algorithms and Software for Development of
Modular Vehicle Architectures", SAE World
Notice that in this flow design exploration is provided Congress 2002-01-0140.
with respect to analyzing a given allocation of
3. Rushton, G., Zakarian, A., and Grigoryan, T. (2003),
functionality vs. specific attributes of interest, such as
"Development of Modular Electrical, Electronic, and
the network traffic. It is important to notice that since the
Software System Architectures for Multiple Vehicle
original hierarchy is not preserved, should the user want
Platforms ", SAE 2003-01-0139
to explore a different task organization, this step must be
performed in the Visteon ISDO tool. The steps described 4. Thilo Demmeler, Paolo Giusto (2001), "A Universal
above should then be repeated. However, it is also Communication Model for an Automotive System
important to note that, since there is no function Integration Platform", Design Automation and Test
executable specification in ISDO, once a specific Europe Congress 2001
allocation has been validated via simulation, it makes 5. Thilo Demmeler, Barry O'Rourke, Paolo Giusto
sense to refine the coarse grain transactor models by (2002) "Enabling Rapid Design Exploration through
importing finer models from a tool such as Virtual Integration and Simulation of Fault Tolerant
Mathworks/Simulink via dSPACE Target Link code Automotive Application", SAE World Congress 2002,
generation. At this point, the designer would be able to SAE 02AE-76.
explore different software execution architectures and 6. Paolo Giusto, Jean-Yves Brunei, Alberto Ferrari,
further refine the target implementation model. Note also Eliane Fourgeau, Luciano Lavagno, Alberto
that the flow is independent of the communication Sangiovanni Vincentelli (2003), "Virtual Integration
protocol model being used for the simulation - the user Platforms for Automotive Safety Critical Distributed
can replace a general yet highly programmable model Applications", Conference International Su les
such as the Universal Communication Model (UCM) [4] Systèmes Temps Reel (RTS) 2003
with a more refined model for CAN (included in the
Cadence Automotive Platform) and utilize error injection
capabilities provided by the Cadence Automotive
Platform. CONTACTS

Paolo Giusto has a Bachelor Degree in Computer

CONCLUSION
Science from the University Of Turin, Italy and a Masters
Degree in Information Technology from CEFRIEL, Milan,
In this paper, we have presented a novel flow that Italy. He has over 12 years of industrial experience and
couples together a static analysis tool for functional is currently working as the Automotive Team marketing
allocation and a simulation environment to verify a given director with Cadence Design Systems. Previously, with
allocation. The flow is aimed at reducing the design Magneti Marelli, he visited the EECS Department at
cycle time by using highly integrated and programmable University of California at Berkeley as an Industrial
simulation models and algorithms for static allocation. Fellow, working on hw-sw co-design methodologies for
The final result is a validated functional allocation that embedded systems. Previously, with Cadence, he
can be handed over to sub-system software developers. worked as technical leader on system level design
We are envisioning extending the automatic generation methodologies and tool sets with particular focus on
of the simulatable design to multi-cluster networks (e.g. safety-critical automotive distributed applications.
LIN plus CAN) by incrementally importing (qiusto(a)cadence.com).
communication matrixes and composition via gateways
to realize a complete virtual car analysis environment.
Gary Rushton has over 18 years of commercial and
military electrical/electronic systems engineering
experience. He has an MS in Automotive Systems
Engineering from the University of Michigan. He is
currently working as an electrical/electronic systems

33
engineering technical fellow with Visteon Corporation. architectures, and cockpit system design. Previously,
As an engineer with Visteon Corporation, he has worked with General Dynamics, he worked on avionics systems
on audio software, subsystem product for the F-16 and vetronics systems for the Abrams M1A2
development/design, diagnostics, vehicle system tank, (qrushtongjvisteon.com).

Figure 9: The Novel Flow

34
 2004-01-0719

Solving the Technology Strategy Riddle - Using TRIZ to Guide

the Evolution of Automotive Software and Electronics
Alex Shoshiev
Yazaki North America

Victor Fey
The TRIZ Group, LLC

Copyright © 2004 SAE International

ABSTRACT Making a wrong decision may therefore be costly. With

an always-limited R&D budget, money spent on a
Significant resources are spent by the OEMs and "wrong" feature is taken away from the "right" feature
suppliers to determine the most promising directions for that is not developed at just the right time.
the development of next-generation vehicle electronics
and software. Existing technology planning methods, Here are some features that have been recently floating
while useful, still leave a large margin of error. around in the automotive community:

The authors describe a new structured approach to 42V - after enthusiastic introduction and considerable
technology and product planning based on TRIZ expenditures by many OEMs and suppliers, the
methodology. This approach largely removes guesswork development has stagnated, allegedly due to a slow
from pinning down the next most likely evolutions of economy. However, recently it has been questioned if
automotive software and electronics and provides 42V is ever going to be realized as a platform, or it will
objective justification for investment decisions. be passed over towards higher-voltage systems?

INTRODUCTION Software tools vendors have been promoting code

generation tools for several years. Proposed benefits are
In a nonstop race to conquer the market, automotive acceleration of the software development, creation of
companies seek answers to key questions like: verifiable executable models, and reduction of the
overall software effort. The tools are expensive, as is
1. What new vehicle features may please our related training, and many are opposed to the idea. Is
customers? this a right direction for the OEMs and suppliers?
2. How should the existing features be improved to
boost their customer appeal? Answers to these and similar product planning questions
3. How can we make sure that our R&D efforts will have been highly subjective - they are, essentially,
provide a robust competitive advantage? individual opinions. Various existing product planning
tools process these opinions in different ways, but do not
Various methods are used to answer these questions: change their subjective nature.
market research, competitive benchmarking, customer
clinics, QFD, just to name a few. These methods work There is a tangible need in a systematic approach to
reasonably well for incremental improvements, but they evaluate future technological opportunities. Such an
are rarely effective when used to predict radically new approach exists, and it is called TRIZ
innovations.
TRIZ TECHNOLOGY AND PRODUCT PLANNING
Delay in the development and introduction of a new
market-grabber may cost a company dearly. Although not yet widely used in the US, TRIZ is not a
Considering that an automotive product development newcomer among product development methods. It has
cycle runs 2-4 years, an OEM that first introduced a been developed for over 50 years in Russia by Genrikh
successful feature could enjoy healthy non-competitive Altshuller and his followers [1-3], verified and perfected
profits for at least that long. Speed to market has in military and space programs there. Over the last few
become increasingly key as a strategic advantage. years, TRIZ has been rapidly gaining popularity in the
West. It has helped several leading companies in the

35
US, Japan, and Europe to develop many new product In the qualitative formula in Fig. 1.2, functionality refers
and technology innovations [4]. to the number of functions performed by the system and
to the level of performance of these functions. "Cost"
TRIZ is a Russian acronym for Theory of Inventive means all expenditures (monetary and others (e.g., parts
Problem Solving. The main postulate of TRIZ is that count, weight, etc)) associated with the system's
evolution of technological systems is governed by creation and maintenance. Problems are measurable
objective laws. Just like laws of nature, laws of parameters, such as level of noise, intensity of wear, as
technology evolution operate regardless of our well as intangible ones (complexity of operation,
knowledge about them. These laws describe "life tracks" discomfort, etc).
of a system's evolution. Knowing the current system's
design, the most likely future designs can be predicted
using the laws. Functionality
Degree of Ideality =
By analyzing tens of thousands of patented and X Costs + X Problems
commercialized product and process innovations, and
selecting and examining the most effective designs,
Fig. 1.2. Degree of ideality.
Altshuller formulated several laws of technological
system evolution (or laws of evolution for short). These
laws of evolution make up a theoretical base of the This law shows the prevailing dynamics of the benefit-to-
comprehensive TRIZ methodology that contains cost ratio: as systems evolve, we pay less for the
numerous powerful tools for resolving conflicts between improved old and added new functions. Today's cars are
system elements, tools for developing conceptual more powerful and much more comfortable than cars
designs, methods for problem formulation, etc. made a few decades ago, yet they cost (in dollars
adjusted to inflation) less than their predecessors.
TRIZ is both a theory of technology evolution and a
methodology for effective development of new This law also implies that for a new system to survive a
technological systems. It contains two major market selection process (in the long run), its degree of
components: tools to identify and develop next- ideality has to be higher than that of the incumbent
generation technologies and products, and methods for system. The law of ideality in TRIZ plays a role similar to
developing conceptual system designs. The structure of that of the compass in navigation. As the compass
TRIZ is shown in Fig. 1.1 provides a traveler with a sense of direction, the law of
ideality shows a principal vector, along which the best
solutions can be found. Most other laws of evolution can
Tools for identification be compared to meridians that lead to these best
Tools for
and development of solutions and converge at the "ideality pole."
development of
next-generation
conceptual designs
technologies/products
From the formula in Fig 1.2, it is clear that the system's

Ideality Pole
Laws of
technological
system evolution

Fig. 1.1: The structure of TRIZ.

Due to its limited scope, this paper describes the subset

of tools of TRIZ that can be used to predict the evolution
of automotive software and electronics.

LAW OF INCREASING DEGREE OF IDEALITY

This law states that evolution of technological

systems proceeds in the direction of increasing their
degree of ideality. Law of Evolution
The degree of ideality is a ratio of the system's Fig 1.3 Laws of evolution and ideality.
functionality to the sum of expenditures associated with
building and making the system function. In essence, it
degree of ideality can be changed by the following three
is a benefit-to-cost ratio.
approaches:

36
• Increasing system functionality (i.e., the number of its To use the law of non-uniform evolution of subsystems,
functions and/or level of their performance), while we recommend the following steps:
keeping the cost of the system unchanged.
1. Identify the major components of your system and
• Reducing the cost, while maintaining its functionality. the primary functions they perform.
2. Select a component of interest and mentally improve
• Integration of the first two approaches. its primary function significantly.
3. Identify problems (resulting from this improvement)
LAW OF NON-UNIFORM EVOLUTION OF in other components. Formulate system conflicts.
SUBSYSTEMS 4. If necessary, repeat the previous steps for other
major components.
This law states that systems components evolve at
different paces; the more complicated the system is,
the more non-uniform the evolution of its Example 3.
components.
Consider the vehicle power distribution system. Delivery
of power is the main function of this vehicle subsystem.
The disparity of rates of development of different Suppose that we want to double the budget for vehicle
components produces a situation in which improving one power (for features like electrical power steering, air
component (function) makes some other components conditioner, or the like) - a task that is challenging
(functions) inadequate. Such a situation is called in TRIZ today's vehicle designers. Doubling the power budget
a system conflict. would mean doubling the output capacity of the
alternator. This will increase the size of the alternator,
A problem associated with a system conflict can be causing it to fight for space inside the tightly packed
solved either by finding a compromise between engine compartment (system conflict #1). If the
opposing demands, or by satisfying them. Compromises alternator technology doesn't change, power losses in
or trade-offs are perceived to be so unavoidable that the alternator would also increase, possibly requiring a
finding the most optimal trade-offs is a typical part of move from the air to liquid cooling (system conflict #2). If
many system engineering activities! Trade-offs do not we then try not to increase the power distribution losses
eliminate system conflicts, but rather alleviate them. and retain the conventional 12V system voltage, the wire
Conflicting requirements keep "stretching" the system. and contact resistance would need to be reduced
Then the time comes when further improvement of the fourfold (P=I2*R). That, in its turn, would cause an
system's performance becomes impossible without unacceptable increase in the wire's size and mass and
eliminating the system conflict. complicate wire harness routing (system conflict #4). If
we decide to move to a higher system voltage (e.g., to
From a TRIZ standpoint, to make a breakthrough means the proposed 42V system), we face a different set of
to resolve a system conflict by satisfying all of the conflicts: 42V light bulbs do not withstand vehicle
opposing demands. TRIZ offers several methods for vibration (system conflict #5); disconnecting "live"
compromise-free system conflict resolutions. connectors causes arcs that destroy the terminals
(system conflict #6). Issues of jump start and external
Example 1. infrastructure would also need to be addressed (system
conflict #7).
The earliest cars had a start-stop handle and no
windshield - they were moving slowly. Increased car All of these system conflicts are known today, but they
speed created a system conflict between the speed and could have been foreseen and investigated much earlier
the need to stop quickly, as well as between the speed had the law of non-uniform evolution of subsystems
and comfort of the occupants (wind in the face). been used.
Resolution of those conflicts resulted in introduction of
the brake system and the windshield.

Example 2.

When embedded software was limited in functionality

and size, all software testing was done by hand.
Increase in size and complexity of the software resulted
in the exponential increase in the magnitude of software
testing. That system conflict was resolved by the
development of a system that performs auto- generation
of test vectors and auto-test execution of embedded
software.

37
LAW OF INCREASING FLEXIBILITY model" was soon introduced. (Fig. 1.5) In this model,
software development was allowed to move into the next
This law states that technological systems evolve toward
increasing adaptation to changing environmental Requirements
conditions and varying performance regimes. The law
reveals itself through several "lines of increasing
flexibility". We will describe one of these lines called "the
line of transition to continuously variable systems."
Coding
A new system is usually developed to perform a
particular set of functions in a specific environment. It is
a "rigid," one-state system. As the environment changes,
the system adapts to new or additional usage, and
becomes multi-state. Ultimately it becomes continuously
variable, i.e., a system with - theoretically - an infinite
number of states.

Example 4 Fig 1.4 Waterfall model

At first automotive modules with embedded

microprocessors had programs stored in a "maskable" phase after most of the work in the current phase has
PROM. Software engineers were sending the code been completed. Thus, the software development could
containing the program to the microprocessor span two, or sometimes three phases, depending on the
manufacturer, where the "mask" was created and the application.
code was "burned-in" into the microcontroller chip during
microprocessor production. Once burned in, the code
could not been changed. The process was very rigid - in Requirements
case of a software defect, the whole microprocessor had
to be scrapped, and a new mask had to be developed.
The process was also slow - it would take some 12
weeks between code submission and microprocessor
release.

To accelerate development and reduce product

development expenses, microprocessor vendors
introduced OTPs - one-time programmable micros. That
allowed microprocessors to be programmed at the
supplier's manufacturing plant, thus slashing 12 weeks
from the development cycle time. Next, introduction of
flash memory allowed multiple reprogramming of the
microprocessor memory, significantly reducing expenses Maintenance

caused by software defects. Now instead of removing

and replacing the module, the dealer could simply re-
program it using service tools at the dealership. Fig. 1.5 Modified Waterfall model

Example 5
Further evolution led to the introduction of a multitude of
life-cycles, each adapted toward specific software
One of the earlier software development processes was
development circumstances.
the model called "waterfall." In this process, the software
development progressed through well-defined phases:
Requirements, Design, Coding, Test, and Maintenance. LAW OF TRANSITION TO HIGHER-LEVEL SYSTEMS
(Fig. 1.4) The process was rigid - the software
development could only be in one of the phases at any This law describes the evolution of systems from simple
time. For example, if the requirements were not fully to more complex (higher-level) ones by merging various
gathered, organized and reviewed, the Design phase objects. The law states that technological systems
could not begin. If a design mistake was found during evolve from mono-systems to bi- or poly-systems.
the Coding phase, the project would be returned to the
Design phase and all coding stopped until the design A mono-system performs one primary function; two or
was fixed and reviewed. more mono-systems (similar or different) can merge to
create bi- and poly-systems. In other words, as systems
Such a rigid process was impractical for many software evolve, they absorb functions that were previously
applications and a "modified waterfall" or "sashimi performed by other systems. This makes bi- and poly-

38
systems have the higher degree of ideality than that of control purposes, required an additional "peripheral"
the constituent mono-systems. circuitry on the board. Most of this circuitry soon moved
onto the microprocessor silicon, thus giving birth to the
Example 6. microcontroller.

Automotive electronics modules used to employ three

mono-systems: a voltage regulator providing 5V power MOSFET
to the microcontroller; a watchdog - to reset the Gate
microcontroller in the event it gets "stuck" or enters an Driver
"endless" loop; and a CAN or J1850 transceiver
(Physical Layer protocol interface) to assure proper
communications. Originally these functions were
implemented on separate chips. Then the voltage
regulator was combined with the watchdog, and lately all
three functions have been integrated into one chip. This
integration allowed power consumption of the circuitry to
be reduced in sleep mode through on-chip coordination
between the components (Fig. 1.6) Thermal
Management Current
Measurement
Voltage
Regulator

Voltage
Regulator

Watchdog Watchdog

CAN
Transceiver

CAN Gate
Transceiver
Status Output-1
Currento

Fig 1.6 Service components integration

Example 7. Fig. 1.7 FET Integration

Similar transitions are happening in the power

semiconductor field, too. Originally, FETs (Field Effect Example 9.
Transistors), used to switch power, required a multitude
of peripheral logic to protect them from over-current, The same law of evolution is largely "responsible" for
reverse voltage, etc. Addition of those devices was shaping modern software development tools. The first
complicating the board layout and was also costly. The programs were written directly in the machine language.
latest FETs (sometimes called Pro-FETs or smart-FETs) Those programs could be executed directly, but to
integrate this logic on the same silicon with the FETs. create a program the software developer had to
This integration allows for instantaneous on-chip thermal remember multitudes of codes. That practice was
protection, current measuring capabilities, and other acceptable as long as programs were short, limited in
functions, while saving real estate on the PCB board and functionality, and were run on a few types of computers.
the cost of multiple packages. (Fig. 1.7) The situation became cumbersome and error-prone
when both program size and complexity increased.
Example 8. Assembler language came to the rescue. It allowed the
software developer to write programs not in binary digits
Microprocessors in general went down a similar path of but in mnemonic expressions more meaningful to
development. First microprocessors, used for industrial humans. To be executed on the computer, the
39
programs were "assembled" - translated (by a special elements". Gradually these "human elements" are
program) line-by-line from the mnemonic language into eliminated, being replaced by technological components
the machine language. The computer not only did the performing the same or enhanced functions.
translation but also checked the program's syntax.
Example 10.
Next came compilers and high-level languages. Unlike Consider the evolution of the side-view mirror
Assembler, one statement in a high-level language could adjustment. The primary function of a side-view mirror is
represent many instructions in the machine language. to expand the driver's field of view. This, naturally,
The software developer was now writing shorter makes the mirror a "working means." For many years
programs in more English-language-like fashion. the driver had to change the field of view by reaching out
Preparing programs for a computer also became faster. through the window and move the mirror in horizontal
Compilers then translated the source code into and vertical directions. (Fig. 1.9) Thus, the driver
instructions in Assembler, and then an Assembler ("human element") performed functions of the other
program converted the instructions into the machine principal parts of the mirror adjusting system - "engine,"
language. In addition to syntax and data type checking "transmission," and "control means."
provided by a compiler, programs became machine-
independent: the same high-level language program
could potentially run on many computers - adaptation of
the program to the specific computer was done by
Compiler and Assembler programs.

Recently we witnessed the emergence of the first code-

generation tools. Provided that software design is done
in a certain predefined fashion, these tools can generate
the source code by themselves. This will eliminate the
whole class of coding-related errors and allow the
software developer to concentrate on the software
design. At the moment these tools are not yet perfect -
they only work adequately for limited applications, but
that was also true of the first compilers.
Fig 1.9 Manual adjustment mirror
LAW OF COMPLETENESS
Next came "remote" mirror adjustment - a cable became
Automation (i.e., elimination of human involvement) is a "transmission", while the "engine" and "control means"
one of the prevailing trends of technological evolution. remained unchanged. (Fig. 1.10)
The law of completeness states that to be fully
autonomous, any technological system should have
four principal parts: a "working means,"
"transmission," "engine," and "control means." (Fig.
1.8)

Technological
Control system
Means

>' >' >f

Energy Working
Transmissior
- ^ means
)

Fig. 1.8 Autonomous system

A "working means" is a component that directly performs Fig. 1.10 Remote adjustment mirror
the primary function of the system. A "transmission"
transforms the energy produced by the "engine" into the
energy that controls the "working means." A "control
means" allows the user to vary the performance Subsequent introduction of an electric motor ("engine")
parameters of the other principal parts. left only the function of control still performed by the
"human element."(Fig. 1.11)
In early stages of a system's evolution, some of these
principal components are performed by "human
40
 Since the primary goal of this paper is to describe the
tools of TRIZ used for technology planning, next we will
describe Steps 1 and 2 of this process. Steps 3 and 4
are described in [5].

PRODUCT POSITIONING

No technology develops at an even pace. Introduction

of a technology is usually slow - there are many
unknowns, the development is expensive, efforts
frequently fail, and supporters are few. More often than
not, during the initial stages, costs (development,
operational, etc.) far outweigh benefits. Then, at some
point, the technology gets acceptance and undergoes a
phase of rapid growth - critical issues have been
resolved, investors sponsor further development, and
the technology enters the markets. After a while, the rate
of growth slows down - the manufacturing processes
have been perfected, and available market niches have
been filled. The technology has matured. Finally, the
technology stagnates and frequently disappears, being
overtaken by a new, more beneficial one.

Fig. 1.11 Power adjustment mirror The plot shows the dynamic "performance-to-cost ratio"
(or "benefit-to-cost ratio") is shaped as a "lazy" S, and is
In some of today's cars, the mirror is adjusted commonly called the S-curve. There are distinctive
automatically in certain situations (e.g., when shifting points on the curve marking milestones in the
into reverse). As the functionality of the side-view mirror technology's life cycle.
continues to advance, the mirror adjustment system will
become fully autonomous. "Renaissance"
Y /■
Saturation

Decline
TRIZ TECHNOLOGY FORECASTING

PROCESS SUMMARY
Next-generation system
Just as X-ray machines fundamentally changed the field
of medicine, the use of the laws of evolution can
dramatically change product-planning processes, Time
including those in the automotive industry. It is now Infancy Rapid growth Maturity
possible to see the inner workings of a technology's
evolution and predict where it will go next. Fig 2.1 S-Curve plot
A technology planning process using TRIZ involves the The non-uniform rate of technology development has
following steps: been discussed in business literature for some time.
Richard Foster uses the term "limit" as related to the
1. Product Positioning: Analysis of the past and current barrier, beyond which a particular technology cannot be
states of the product's evolution (determining where improved. The closer the technology is to the limit, the
the product's technology is in relation to its limits). harder it is to improve it. "If you are at the limit, no matter
2. Setting Directions - Identification of high-potential how hard you try you cannot make progress. As you
directions for the evolution of technology. approach limits, the cost of making progress accelerates
3. Concept Development - TRIZ concept development dramatically. Therefore, knowing the limit is crucial for a
methods are applied to develop the most promising company if it is to anticipate change or at least stop
concepts that will move the technology along the pouring money into something that can't be improved.
identified directions. The problem for most companies is that they never know
4. Concept Selection -Various technical and business their limits". [6]
criteria, as well as risk mitigation tools, are used to
select the best concepts. Most companies cannot be blamed for not knowing the
limits of their technologies:

41
 "Mistakes can be made, even by scientists, about limits SETTING DIRECTIONS
- particularly the limits of a competitor's technologies.
Even if the limits are clearly defined, the breakthrough
Having reliably positioned the current product on its S-
idea about how to reach them may be missing." [6]
curve, the company can now proceed to the next step -
determining the directions for improvement. Depending
To help position a technology on its S-curve, TRIZ uses on whether the product needs to be improved
a correlation between the technology's life cycle and incrementally or radically, certain changes need to be
inventive activity that was discovered by Altshuller. He envisioned: How do we move the product up its S-
suggested that all inventions (both patented and curve? or What new product technology may replace the
otherwise) be classified into 5 novelty levels: current one?

[j Level 1 - Slight modifications of the existing system For an OEM it is usually useful to start with the concept
L Level 2 - Solutions derived from similar systems. of domination of higher-level systems: Evolutionary
U Level 3 - Breakthroughs within a single engineering trends of a system (e.g., an automobile) determine the
discipline. directions of evolution of its components (i.e., vehicle
L Level 4 - Radical developments stemming from subsystems). Determining what new features and what
multi-discipline approaches. performance the next automobile will have will determine
L Level 5 - Pioneering inventions resulting from new which subsystems will be involved in the delivery of
scientific discoveries (radio, laser, etc.) these features and what level of performance each
subsystem should achieve.
Altshuller showed that for any given technology, both
invention activity (number of inventions) and levels of The main activity at this step is applying the laws of
invention closely correlate with the technology's S-curve: technological system evolution to the features
u (functions) and/or subsystems of the vehicle. First, the
The plot "number of inventions vs. time" (Fig. 2.2) current state of the selected feature is identified (with
has two inflection points. Point A is associated with respect to any law of evolution). Then conceptual
efforts to promote the technology from a concept to changes "prescribed" by this law are visualized.
production; point C reflects the drop of interest after
unsuccessful attempts to improve the stagnating Consider, for example, the "cruise control" feature and
technology. the law of increasing flexibility. From a standpoint of this
After pioneering inventions gave birth to a new law, conventional cruise control is a "rigid" system: it's
breakthrough, the levels of invention drop and then either "On" or "Off." The law instructs us that the next-
rise again (point A in Fig. 2.2). This dynamic is due generation system has to be more adaptive: the vehicle
to the resolution of significant problems that were should adjust its speed according to the distance to the
keeping the concept from becoming a viable vehicle ahead. This requires a capability to determine
product. Once the technology goes into production distances. Recent advances in radar technology may
(the idea turns into a product), the main provide just that. In fact, some OEMs have already
development efforts shift to resolving relatively started introduction of an adaptive cruise control.
smaller issues (increasing efficiency, minimizing
costs, etc.), and the level of invention drops.
After the feature/product has been forecasted using one
law of evolution, the next step is to apply another law to
By conducting inventive activity analysis, described the same feature/product, and then another law, and so
above, on the company's technology/product as well as on. The more laws of evolution that are used, the better
on those of its competitors, the company can reliably the "opportunity space" will be explored.
determine their positions on the respective S-curves.
Then the management can decide whether incremental
improvement of the product will be adequate or a leap to CONCLUSION
another technology is required.
Like a radar in the fog, the TRIZ method helps managers
of technology to dramatically reduce the uncertainty of
the decision process when navigating in the ever shifting
S-curve A A C technology landscape. This allows the company to
objectively justify its technology plan and lower the risks
of technology investments.
lm

Number of Inventions f Introduction of TRIZ in automotive product planning

processes would help the industry to remove guesswork
a»
from the "fuzzy front end" of product and technology
forecasting. Judicious use of the laws of evolution would
Level of Inventions significantly improve the effectiveness of new feature
development.

Fig 2.2 S-Curve and Inventions correlation 42

TRIZ does not provide information on when the 5. Clausing, D., Fey, V. (2004). Effective Innovation: The
predicted change of technology will take place. Time of Development of Winning Technologies, NY: ASME
the development depends on many non-technological Press.
factors: economic situation, influence of special 6. Foster, R., (1986) Innovation: the attacker's
interests, etc. Those forces can delay evolution, but they advantage, NY: Summit Books
cannot change its principal direction.
CONTACT
REFERENCES
Victor Fey has over 25 years of experience in the fields
1. Altshuller, G.S., Shapiro, R.B. (1956). On the of TRIZ research and application. He was a student and
psychology of engineering creativity, in Problems of close collaborator of Genrikh Altshuller, has had
Psychology, Vol. 6, pp. 37-49 (in Russian). numerous successful projects in the area of new product
2. Altshuller, G.S. (1988). Creativity as an Exact and technology development with leading corporations
Science, New York: Gordon and Breach. and has conducted courses for industry and academia.
3. Altshuller, G.S. (1999). The Innovation Algorithm, He is an Adjunct Professor at Wayne State University
Worcester, MA: The Altshuller Institute for TRIZ Studies. and is a partner in The TRIZ Group, LLC. He can be
4. Raskin, A. (2003). A Higher Plane of Problem-Solving, reached at 248-538-0136 and fey@trizgroup.com.
Business 2.0, June, pp. 54-56.

43
 2004-01-0295

A Backbone in Automotive Software Development Based on

XML and ASAM/MSR
Bernhard Weichel and Martin Herrmann
Robert Bosch GmbH

Copyright © 2004 SAE International

ABSTRACT exchange format are outlined. The paper finally gives a

particular example.
The development of future automotive electronic sys­
tems requires new concepts in the software architecture, EDC/ME(D)17 SOFTWARE ARCHITECTURE
development methodology and information exchange.
The Bosch software architecture of electronic control
At Bosch an XML and MSR based technology is applied units (ECU) for gasoline and diesel engines
to achieve a consistent information handling throughout EDC/ME(D)17 [3] supports the development process in
the entire software development process. This approach several ways:
enables the tool independent exchange of information
and documentation between the involved development • consequent separation of the application software
partners. and the base software
• clear modularity of the application software, accord­
This paper presents the software architecture, the speci­ ing to the vehicle domain model (CARTRONIC [4])
fication of software components in XML, the process • definition of interfaces for the system's components
steps, an example and an exchange scenario with an
external development partner. The development process of ECU software is character­
ized by different roles and groups within appropriate
INTRODUCTION phases of the development process. These different
roles have their own view on the system and therefore
The amount of software in vehicle control units is grow­ require an appropriate representation of the software
ing for years. Software covers more and more system according to the process step in question.
functionality. This growing complexity of functional re­
quirements as well as non functional requirements of the The EDC/ME(D)17 software architecture supports this
automobile industry such as integration capabilities, re­ requirement by functional view, dynamic view and static
usability and portability require new concepts in software view of the software system (see figure 1 ).
architecture but also in development methodology, in
particular regarding data exchange and documentation. Static view
• SW components
Body
• dependencies
More and more specific components have to be inte­
grated into e.g. engine software, some from companies
with particular know-how, some from OEM to apply a
maker specific "branding" to the vehicle. To support this
Dynamic view Functional view
trend and the accompanying requirements of black box
integration and the protection of intellectual property, it
• scheduling
• finite state machine
dBESBe • signal flow
• functional relations
must be possible to exchange tailored information at dif­
IBiéëËBflRL-
ferent steps during the development process. IBiiiSeîBI-'

The structure of this paper is as follows. First the soft­

ware architecture of the engine control unit is illustrated.
Subsequently the usage of XML [1] and MSR [2] as an Figure 1 : The different views on the software system

45
Exploring the Variety of Random
Documents with Different Content
key was intended. Presently the Prince applied it and opened the
lock, whereupon the door of a palace gave admittance, and when
the twain entered they found it more spacious than the first pavilion
and all illumined with a light which dazed the sight; yet not a wax-
candle lit it up nor indeed was there a recess for lamps. Hereat they
marvelled and meditated and presently they discovered eight
images[22] of precious stones, all seated upon as many golden
thrones, and each and every was cut of one solid piece; and all the
stones were pure and of the finest water and most precious of price.
Zayn al-Asnam was confounded hereat and said to his mother,
“Whence could my sire have obtained all these rare things?” And the
twain took their pleasure in gazing at them and considering them
and both wondered to see a ninth throne unoccupied, when the
Queen espied a silken hanging whereon was inscribed:—O my son,
marvel not at this mighty wealth which I have acquired by sore
stress and striving travail. But learn also that there existeth a Ninth
Statue whose value is twenty-fold greater than these thou seest and,
if thou would win it, hie thee again to Cairo-city. There thou shalt
find a whilome slave of mine Mubárak[23] hight and he will take thee
and guide thee to the Statue; and ’twill be easy to find him on
entering Cairo: the first person thou shalt accost will point out the
house to thee, for that Mubarak is known throughout the place.
When Zayn al-Asnam had read this writ he cried, “O my mother, ’tis
again my desire to wend my way Cairo-wards and seek out this
image; so do thou say how seest thou my vision, fact or fiction, after
thou assurest me saying:—This be an imbroglio of sleep? However,
at all events, O my mother, now there is no help for it but that I
travel once more to Cairo.” Replied she, “O my child, seeing that
thou be under the protection of the Apostle of Allah (whom may He
save and assain!) so do thou fare in safety, while I and thy Wazir will
order thy reign in thine absence till such time as thou shalt return.”
Accordingly the Prince went forth and gat him ready and rode on till
he reached Cairo where he asked for Mubarak’s house. The folk
answered him saying, “O my lord, this be a man than whom none is
wealthier or greater in boon deeds and bounties, and his home is
ever open to the stranger.” Then they showed him the way and he
followed it till he came to Mubarak’s mansion where he knocked at
the door and a slave of the black slaves opened to him.——And
Shahrazad was surprised by the dawn of day and ceased to say her
permitted say.

Now when it was the Five Hundred and First

Night,
Quoth Dunyazad, “O sister mine, an thou be other than sleepy, tell
us one of thy fair tales, so therewith we may cut short the waking
hours of this our night;” and quoth Shahrazad:——It hath reached
me, O King of the Age, that Zayn al-Asnam knocked at the door
when a slave of Mubarak’s black slaves came out to him and opening
asked him, “Who[24] art thou and what is it thou wantest?” The
Prince answered, “I am a foreigner from a far country, and I have
heard of Mubarak thy lord that he is famed for liberality and
generosity; so that I come hither purposing to become his guest.”
Thereupon the chattel went in to his lord and, after reporting the
matter to him, came out and said to Zayn al-Asnam, “O my lord, a
blessing hath descended upon us by thy footsteps. Do thou enter,
for my master Mubarak awaiteth thee.” Therewith the Prince passed
into a court spacious exceedingly and all beautified with trees and
waters, and the slave led him to the pavilion wherein Mubarak was
sitting. As the guest came in the host straightway rose up and met
him with cordial greeting and cried, “A benediction hath alighted
upon us and this night is the most benedight of the nights by reason
of thy coming to us! So who art thou, O youth, and whence is thine
arrival and whither is thine intent?” He replied, “I am Zayn al-Asnam
and I seek one Mubarak, a slave of the Sultan of Bassorah who
deceased a year ago, and I am his son.” Mubarak rejoined, “What
sayest thou? Thou the son of the King of Bassorah?” and the other
retorted, “Yea, verily I am his son.”[25] Quoth Mubarak, “In good
sooth my late lord the King of Bassorah left no son known to me!
But what may be thine age, O youth?” “Twenty years or so,” quoth
the Prince, presently adding, “But thou, how long is it since thou
leftest my sire?” “I left him eighteen years ago,” said the other; “but,
O my child Zayn al-Asnam, by what sign canst thou assure me of thy
being the son of my old master, the Sovran of Bassorah?” Said the
Prince, “Thou alone knowest that my father laid out beneath his
palace a souterrain,[26] and in this he placed forty jars of the finest
green jasper, which he filled with pieces of antique gold, also that
within a pavilion he builded a second palace and set therein eight
images of precious stones, each one of a single gem, and all seated
upon royal seats of placer-gold.[27] He also wrote upon a silken
hanging a writ which I read and which bade me repair to thee and
thou wouldst inform me concerning the Ninth Statue whereabouts it
may be, assuring me that it is worth all the eight.” Now when
Mubarak heard these words, he fell at the feet of Zayn al-Asnam and
kissed them exclaiming, “Pardon me, O my lord, in very truth thou
art the son of my old master;” adding, presently, “I have spread, O
my lord, a feast[28] for all the Grandees of Cairo and I would that thy
Highness honour it by thy presence.” The Prince replied, “With love
and the best will.” Thereupon Mubarak arose and forewent Zayn al-
Asnam to the saloon which was full of the Lords of the land there
gathered together, and here he seated himself after stablishing Zayn
al-Asnam in the place of honour. Then he bade the tables be spread
and the feast be served and he waited upon the Prince with arms
crossed behind his back[29] and at times falling upon his knees. So
the Grandees of Cairo marvelled to see Mubarak, one of the great
men of the city, serving the youth and wondered with extreme
wonderment, unknowing whence the stranger was.——And
Shahrazad was surprised by the dawn of day and ceased to say her
permitted say.

Now when it was the Five Hundred and

Second Night,
Quoth Dunyazad, “O sister mine, an thou be other than sleepy, tell
us one of thy fair tales, so therewith we may cut short the waking
hours of this our night,” and quoth Shahrazad:——It hath reached
me, O King of the Age, that Mubarak fell to waiting upon Zayn al-
Asnam the son of his old lord, and the Grandees of Cairo there
sitting marvelled to see Mubarak, one of the great men of the city,
serving the youth and wondered with extreme wonderment,
unknowing whence the stranger was. After this they ate and drank
and supped well and were cheered till at last Mubarak turned
towards them and said, “O folk, admire not that I wait upon this
young man with all worship and honour, for that he is the son of my
old lord, the Sultan of Bassorah, who bought me with his money and
who died without manumitting me. I am, therefore, bound to do
service to his son, this my young lord, and all that my hand
possesseth of money and munition belongeth to him nor own I
aught thereof at all, at all.” When the Grandees of Cairo heard these
words, they stood up before Zayn al-Asnam and salamed to him with
mighty great respect and entreated him with high regard and
blessed him. Then said the Prince, “O assembly, I am in the
presence of your worships, and be ye my witnesses. O Mubarak,
thou art now freed and all thou hast of goods, gold and gear erst
belonging to us becometh henceforth thine own and thou art
endowed with them for good each and every. Eke do thou ask
whatso of importance thou wouldst have from me, for I will on no
wise let or stay thee in thy requiring it.” With this Mubarak arose and
kissed the hand of Zayn al-Asnam and thanked him for his boons,
saying, “O my lord, I wish for thee naught save thy weal, but the
wealth that is with me is altogether overmuch for my wants.” Then
the Prince abode with the Freedman four days, during which all the
Grandees of Cairo made act of presence day by day to offer their
salams as soon as they heard men say, “This is the master of
Mubarak and the monarch of Bassorah.” And whenas the guest had
taken his rest he said to his host, “O Mubarak, my tarrying with thee
hath been long;” whereto said the other, “Thou wottest, O my lord,
that the matter whereinto thou comest to enquire is singular-rare,
but that it also involveth risk of death, and I know not if thy valour
can make the attainment thereto possible to thee.” Rejoined Zayn al-
Asnam, “Know, O Mubarak, that opulence is gained only by blood;
nor cometh aught upon mankind save by determination and
predestination of the Creator (be He glorified and magnified!); so
look to thine own stoutness of heart and take thou no thought of
me.” Thereupon Mubarak forthright bade his slaves get them ready
for wayfare; so they obeyed his bidding in all things and mounted
horse and travelled by light and dark over the wildest of wolds,
every day seeing matters and marvels which bewildered their wits,
sights they had never seen in all their years, until they drew near
unto a certain place. There the party dismounted and Mubarak bade
the negro slaves and eunuchs abide on the spot, saying to them,
“Do ye keep watch and ward over the beasts of burthen and the
horses until what time we return to you.” After this the twain set out
together afoot and quoth the Freedman to the Prince, “O my lord,
here valiancy besitteth, for that now thou art in the land of the
Image[30] thou camest to seek.” And they ceased not walking till they
reached a lake, a long water and a wide, where quoth Mubarak to
his companion, “Know, O my lord, that anon will come to us a little
craft bearing a banner of azure tinct and all its planks are of
chaunders and lign-aloes of Comorin, the most precious of woods.
And now I would charge thee with a charge the which must thou
most diligently observe.” Asked the other, “And what may be this
charge?” Whereto Mubarak answered, “Thou wilt see in that boat a
boatman[31] whose fashion is the reverse of man’s; but beware, and
again I say beware, lest thou utter a word, otherwise he will at once
drown us.[32] Learn also that this stead belongeth to the King of the
Jinns and that everything thou beholdest is the work of the
Jánn.”——And Shahrazad was surprised by the dawn of day and
ceased to say her permitted say.

Now when it was the Five Hundred and Third

Night,
Quoth Dunyazad, “O sister mine, an thou be other than sleepy, tell
us one of thy fair tales, so therewith we may cut short the waking
hours of this our night,” and quoth Shahrazad:——It hath reached
me, O King of the Age, that Mubarak and Zayn al-Asnam came upon
a lake where, behold, they found a little craft whose planks were of
chaunders and lign-aloes of Comorin and therein stood a ferryman
with the head of an elephant while the rest of his body wore the
semblance of a lion.[33] Presently he approached them and winding
his trunk around them[34] lifted them both into the boat and seated
them beside himself: then he fell to paddling till he passed through
the middle of the lake and he ceased not so doing until he had
landed them on the further bank. Here the twain took ground and
began to pace forwards, gazing around them the while and
regarding the trees which bore for burthen ambergris and lign-aloes,
sandal, cloves and gelsemine,[35] all with flowers and fruits bedrest
whose odours broadened the breast and excited the sprite. There
also the birds warbled, with various voices, notes ravishing and
rapturing the heart by the melodies of their musick. So Mubarak
turned to the Prince and asked him saying, “How seest thou this
place, O my lord?” and the other answered, “I deem, O Mubarak,
that in very truth this be the Paradise promised to us by the Prophet
(whom Allah save and assain!).” Thence they fared forwards till they
came upon a mighty fine palace all builded of emeralds and rubies
with gates and doors of gold refined: it was fronted by a bridge one
hundred and fifty cubits long to a breadth of fifty, and the whole was
one rib of a fish.[36] At the further end thereof stood innumerous
hosts of the Jann, all frightful of favour and fear-inspiring of figure
and each and every hent in hand javelins of steel which flashed to
the sun like December leven. Thereat quoth the Prince to his
companion, “This be a spectacle which ravisheth the wits;” and
quoth Mubarak, “It now behoveth that we abide in our places nor
advance further lest there happen to us some mishap; and may
Allah vouchsafe to us safety!” Herewith he brought forth his pouch
four strips of a yellow silken stuff and zoning himself with one threw
the other over his shoulders;[37] and he gave the two remaining
pieces to the Prince that he might do with them on like wise. Next
he dispread before either of them a waist shawl[38] of white sendal
and then he pulled out of his poke sundry precious stones and
scents and ambergris and eagle-wood;[39] and, lastly, each took seat
upon his sash, and when both were ready Mubarak repeated the
following words to the Prince and taught him to pronounce them
before the King of the Jann:—“O my lord, Sovran of the Spirits, we
stand within thy precincts and we throw ourselves on thy
protection;” whereto Zayn al-Asnam added, “And I adjure him
earnestly that he accept of us.” But Mubarak rejoined, “O my lord, by
Allah I am in sore fear. Hear me! An he determine to accept us
without hurt or harm he will approach us in the semblance of a man
rare of beauty and comeliness but, if not, he will assume a form
frightful and terrifying. Now an thou see him in his favourable shape
do thou arise forthright and salam to him and above all things
beware lest thou step beyond this thy cloth.” The Prince replied, “To
hear is to obey,” and the other continued, “And let thy salam to him
be thy saying, O King of the Sprites and Sovran of the Jann and Lord
of Earth, my sire, the whilome Sultan of Bassorah, whom the Angel
of Death hath removed (as is not hidden from thy Highness) was
ever taken under thy protection and I, like him, come to thee suing
the same safeguard.”——And Shahrazad was surprised by the dawn
of day and ceased to say her permitted say.

Now when it was the Five Hundred and Fourth

Night,
Quoth Dunyazad, “O sister mine, and thou be other than sleepy, tell
us one of thy fair tales, so therewith we may cut short the waking
hours of this our night,” and quoth Shahrazad:——It hath reached
me, O King of the Age, that Mubarak fell to lessoning Zayn al-Asnam
how he should salute the King of the Jinns, and pursued, “Likewise,
O my lord, if he hail us with gladsome face of welcome he will
doubtless say thee:—Ask whatso thou wantest of me! and the
moment he giveth thee his word do thou at once prefer thy petition
saying, O my lord, I require of thy Highness the Ninth Statue than
which is naught more precious in the world, and thou didst promise
my father to vouchsafe me that same.” And after this Mubarak
instructed his master how to address the King and crave of him the
boon and how to bespeak him with pleasant speech. Then he began
his conjurations and fumigations and adjurations and recitations of
words not understanded of any, and but little time elapsed before
cold rain down railed and lightning dashed and thunder roared and
thick darkness veiled earth’s face. Presently came forth a mighty
rushing wind and a voice like an earthquake, the quake of earth on
Judgment Day.[40] The Prince, seeing these horrors and sighting that
which he had never before seen or heard, trembled for terror in
every limb; but Mubarak fell to laughing at him and saying, “Fear
not, O my lord: that which thou dreadest is what we seek, for to us
it is an earnest of glad tidings and success; so be thou satisfied and
hold thyself safe.”[41] After this the skies waxed clear and serene
exceedingly while perfumed winds and the purest scents breathed
upon them; nor did a long time elapse ere the King of the Jann
presented himself under the semblance of a beautiful man who had
no peer in comeliness save and excepting Him who lacketh likeness
and to Whom be honour and glory! He gazed at Zayn al-Asnam with
a gladsome aspect and a riant, whereat the Prince arose forthright
and recited the string of benedictions taught to him by his
companion and the King said to him with a smiling favour, “O Zayn
al-Asnam, verily I was wont to love thy sire, the Sultan of Bassorah
and, when he visited me ever, I used to give him an image of those
thou sawest, each cut of a single gem; and thou also shalt presently
become to me honoured as thy father and yet more. Ere he died I
charged him to write upon the silken curtain the writ thou readest
and eke I gave promise and made covenant with him to take thee
like thy parent under my safeguard and to gift thee as I gifted him
with an image, to wit, the ninth, which is of greater worth than all
those viewed by thee. So now, ’tis my desire to stand by my word
and to afford thee my promised aid.”——And Shahrazad was
surprised by the dawn of day and ceased to say her permitted say.
 Now when it was the Five Hundred and Fifth
Night,
Quoth Dunyazad, “O sister mine, an thou be other than sleepy, tell
us one of thy fair tales, so therewith we may cut short the waking
hours of this our night,” and quoth Shahrazad:——“It hath reached
me, O King of the Age, that the Lord of the Jann said to the Prince, I
will take thee under my safeguard and the Shaykh thou sawest in
thy swevens was myself and I also ’twas who bade thee dig under
thy palace down to the souterrain wherein thou sawest the crocks of
gold and the figures of fine gems. I also well know wherefore thou
art come hither and I am he who caused thee come and I will give
thee what thou seekest, for all that I would not give it to thy sire.
But ’tis on condition that thou return unto me bringing a damsel
whose age is fifteen, a maiden without rival or likeness in loveliness;
furthermore she must be a pure virgin and a clean maid who hath
never lusted for male nor hath ever been solicited of man;[42] and
lastly, thou must keep faith with me in safeguarding the girl whenas
thou returnest hither and beware lest thou play the traitor with her
whilst thou bringest her to me.” To this purport the Prince sware a
mighty strong oath adding, “O my lord, thou hast indeed honoured
me by requiring of me such service, but truly ’twill be right hard for
me to find a fair one like unto this; and, grant that I find one
perfectly beautiful and young in years after the requirement of thy
Highness, how shall I weet if she ever longed for mating with man
or that male never lusted for her?” Replied the King, “Right thou art,
O Zayn al-Asnam, and verily this be a knowledge whereunto the
sons of men may on no wise attain. However, I will give thee a
mirror[43] of my own whose virtue is this. When thou shalt sight a
young lady whose beauty and loveliness please thee, do thou open
the glass[44], and, if thou see therein her image clear and undimmed,
do thou learn forthright that she is a clean maid without aught of
defect or default and endowed with every praiseworthy quality. But
if, contrariwise, the figure be found darkened or clothed in
uncleanness, do thou straightway know that the damsel is sullied by
soil of sex. Shouldst thou find her pure and gifted with all manner
good gifts, bring her to me but beware not to offend with her and do
villainy, and if thou keep not faith and promise with me bear in mind
that thou shalt lose thy life.” Hereupon the Prince made a stable and
solemn pact with the King, a covenant of the sons of the Sultans
which may never be violated.——And Shahrazad was surprised by
the dawn of day and ceased to say her permitted say.

Now when it was the Five Hundred and Sixth

Night,
Quoth Dunyazad, “O sister mine, an thou be other than sleepy, tell
us one of thy fair tales, so therewith we may cut short the waking
hours of this our night,” and quoth Shahrazad:——It hath reached
me, O King of the Age, that the Prince Zayn al-Asnam made a stable
and trustworthy compact to keep faith with the King of the Jann and
never to play traitor thereto, but to bring the maid en tout bien et
tout honneur to that potentate who made over to him the mirror
saying, “O my son, take this looking-glass whereof I bespake thee
and depart straightway.” Thereupon the Prince and Mubarak arose
and, after blessing him, fared forth and journeyed back until they
made the lakelet, where they sat but a little ere appeared the boat
which had brought them bearing the Jinni with elephantine head and
leonine body, and he was standing up ready for paddling.[45] The
twain took passage with him (and this by command of the King of
the Jann) until they reached Cairo and returned to their quarters,
where they abode whilst they rested from the travails of travel. Then
the Prince turned to his companion and said, “Arise with us and
wend we to Baghdad[46]-city that we may look for some damsel such
as the King describeth!” and Mubarak replied, “O my lord, we be in
Cairo, a city of the cities, a wonder of the world, and here no doubt
there is but that I shall find such a maiden, nor is there need that
we fare therefor to a far country.” Zayn al-Asnam rejoined, “True for
thee, O Mubarak, but what be the will and the way whereby to hit
upon such a girl, and who shall go about to find her for us?” Quoth
the other, “Be not beaten and broken down, O my lord, by such
difficulty: I have by me here an ancient dame (and cursed be the
same!) who maketh marriages, and she is past mistress in wiles and
guiles; nor will she be hindered by the greatest of obstacles.”[47] So
saying, he sent to summon the old trot, and informed her that he
wanted a damsel perfect of beauty and not past her fifteenth year,
whom he would marry to the son of his lord; and he promised her
sumptuous Bakhshish and largesse if she would do her very best
endeavour. Answered she, “O my lord, be at rest: I will presently
contrive to satisfy thy requirement even beyond thy desire; for under
my hand are damsels unsurpassable in beauty and loveliness, and all
be the daughters of honourable men.” But the old woman, O Lord of
the Age, knew naught anent the mirror. So she went forth to wander
about the city and work on her well-known ways.——And Shahrazad
was surprised by the dawn of day and ceased to say her permitted
say.

Now when it was the Five Hundred and

Seventh Night,
Quoth Dunyazad, “O sister mine, an thou be other than sleepy, tell
us one of thy fair tales, so therewith we may cut short the waking
hours of this our night,” and quoth Shahrazad:——It hath reached
me, O King of the Age, that the old woman went forth to work on
her well-known ways, and she wandered about town to find a
maiden for the Prince Zayn al-Asnam. Whatever notable beauty she
saw she would set before Mubarak; but each semblance as it was
considered in the mirror showed exceeding dark and dull, and the
inspector would dismiss the girl. This endured until the crone had
brought to him all the damsels in Cairo, and not one was found
whose reflection in the mirror showed clear-bright and whose
honour was pure and clean, in fact such an one as described by the
King of the Jann. Herewith Mubarak, seeing that he had not found
one in Cairo to please him, or who proved pure and unsullied as the
King of the Jann had required, determined to visit Baghdad: so they
rose up and equipped them and set out and in due time they made
the City of Peace where they hired them a mighty fine mansion
amiddlemost the capital. Here they settled themselves in such
comfort and luxury that the Lords of the land would come daily to
eat at their table, even the thirsty and those who went forth
betimes,[48] and what remained of the meat was distributed to the
mesquin and the miserable; also every poor stranger lodging in the
Mosques would come to the house and find a meal. Therefore the
bruit of them for generosity and liberality went abroad throughout
the city and won for them notable name and the fairest of fame; nor
did any ever speak of aught save the beneficence of Zayn al-Asnam
and his generosity and his opulence. Now there chanced to be in
one of the cathedral-mosques an Imám,[49] Abu Bakr hight, a ghostly
man passing jealous and fulsome, who dwelt hard by the mansion
wherein the Prince and Mubarak abode; and he, when he heard of
their lavish gifts and alms deeds, and honourable report, smitten by
envy and malice and hatred, fell to devising how he might draw
them into some calamity that might despoil the goods they enjoyed
and destroy their lives, for it is the wont of envy to fall not save
upon the fortunate. So one day of the days, as he lingered in the
Mosque after mid-afternoon prayer, he came forwards amidst the
folk and cried, O ye, my brethren of the Faith which is true and who
bear testimony to the unity of the Deity, I would have you to weet
that housed in this our quarter are two men which be strangers, and
haply ye have heard of them how they lavish and waste immense
sums of money, in fact moneys beyond measure, and for my part I
cannot but suspect that they are cutpurses and brigands who
commit robberies in their own country and who came hither to
expend their spoils.——And Shahrazad was surprised by the dawn of
day and ceased to say her permitted say.
Now when it was the Five Hundred and Eighth
Night,
Quoth Dunyazad, “O sister mine, an thou be other than sleepy, tell
us one of thy fair tales, so therewith we may cut short the waking
hours of this our night,” and quoth Shahrazad:——It hath reached
me, O King of the Age, that the Imam in his jealousy of Zayn al-
Asnam and Mubarak said to the congregation, “Verily they be
brigands and cutpurses;” adding, “O believers of Mohammed, I
counsel you in Allah’s name that ye guard yourselves against such
accurseds; for haply the Caliph shall in coming times hear of these
twain and ye also shall fall with them into calamity,[50] I have
hastened to caution you, and having warned you I wash my hands
of your business, and after this do ye as ye judge fit.” All those
present replied with one voice, “Indeed we will do whatso thou
wishest us to do, O Abu Bakr!” But when the Imam heard this from
them he arose and, bringing forth ink-case and reed-pen and a sheet
of paper, began inditing an address to the Commander of the
Faithful, recounting all that was against the two strangers. However,
by decree of Destiny, Mubarak chanced to be in the Mosque
amongst the crowd when he heard the address of the blameworthy
Imam and how he purposed applying by letter to the Caliph. So he
delayed not at all but returned home forthright and, taking an
hundred dinars and packing up a parcel of costly clothes, silver-
wrought all, repaired in haste to the reverend’s quarters and
knocked at the door. The preacher came and opened to him, but
sighting Mubarak he asked him in anger, “What is’t thou wantest and
who art thou?” Whereto the other answered, “I am Mubarak and at
thy service, O my master the Imam Abu Bakr; and I come to thee
from my lord the Emir Zayn al-Asnam who, hearing of and learning
thy religious knowledge and right fair repute in this city, would fain
make acquaintance with thy Worship and do by thee whatso
behoveth him. Also he hath sent me to thee with these garments
and this spending-money, hoping excuse of thee for that this be a
minor matter compared with your Honour’s deserts; but, Inshallah,
after this he will not fail in whatever to thee is due.” As soon as Abu
Bakr saw the coin and gold[51] and the bundle of clothes, he
answered Mubarak saying, “I crave pardon, O my lord, of thy master
the Emir for that I have been ashamed of waiting upon him and
repentance is right hard upon me for that I failed to do my devoir by
him; wherefore I hope that thou wilt be my deputy in imploring him
to pardon my default and, the Creator willing, to-morrow I will do
what is incumbent upon me and fare to offer my services and proffer
the honour which beseemeth me.” Rejoined Mubarak, “The end of
my master’s wishes is to see thy worship, O my lord Abu Bakr, and
be exalted by thy presence and therethrough to win a blessing.” So
saying he bussed the reverend’s hand and returned to his own place.
On the next day, as Abu Bakr was leading the dawn-prayer of Friday,
he took his station amongst the folk amiddlemost the Mosque and
cried, “O, our brethren the Moslems great and small and folk of
Mohammed one and all, know ye that envy falleth not save upon the
wealthy and praiseworthy and never descendeth upon the mean and
miserable. I would have you wot, as regards the two strangers
whom yesterday I misspoke, that one of them is an Emir high in
honour and son of most reputable parents, in lieu of being (as I was
informed by one of his enviers) a cutpurse and a brigand. Of this
matter I have made certain that ’tis a lying report, so beware lest
any of you say aught against him or speak evil in regard to the Emir
even as I heard yesterday; otherwise you will cast me and cast
yourselves into the sorest of calamities with the Prince of True
Believers. For a man like this of exalted degree may not possibly
take up his abode in our city of Baghdad unbeknown to the
Caliph.”——And Shahrazad was surprised by the dawn of day and
ceased to say her permitted say.

Now when it was the Five Hundred and Ninth

Night,
Quoth Dunyazad, “O sister mine, an thou be other than sleepy, tell
us one of thy fair tales, so therewith we may cut short the waking
hours of this our night,” and quoth Shahrazad:——It hath reached
me, O King of the Age, that Abu Bakr the Imam uprooted on such
wise from the minds of men the evil which he had implanted by his
own words thrown out against the Emir Zayn al-Asnam. But when he
had ended congregational prayers and returned to his home, he
donned his long gaberdine[52] and made weighty his skirts and
lengthened his sleeves, after which he took the road to the mansion
of the Prince; and, when he went in, he stood up before the stranger
and did him honour with the highmost distinction. Now Zayn al-
Asnam was by nature conscientious albeit young in years; so he
returned the Imam Abu Bakr’s civilities with all courtesy and, seating
him beside himself upon his high-raised divan, bade bring for him
ambergris’d[53] coffee. Then the tables were spread for breakfast and
the twain ate and drank their sufficiency, whereafter they fell to
chatting like boon companions. Presently the Imam asked the
Prince, saying, “O my lord Zayn al-Asnam, doth thy Highness design
residing long in this our city of Baghdad?” and the other answered,
“Yes indeed,[54] O our lord the Imam; ’tis my intention to tarry here
for a while until such time as my requirement shall be fulfilled.” The
Imam enquired, “And what may be the requirement of my lord the
Emir? Haply when I hear it I may devote my life thereto until I can
fulfil it.” Quoth the Prince, “My object is to marry a maiden who must
be comely exceedingly, aged fifteen years; pure, chaste, virginal,
whom man hath never soiled and who during all her days never
lusted for male kind: moreover, she must be unique for beauty and
loveliness.” The Imam rejoined, “O my lord, this be a thing hard of
finding indeed, hard exceedingly; but I know a damsel of that age
who answereth to thy description. Her father, a Wazir who resigned
succession and office of his own freewill, now dwelleth in his
mansion jealously overwatching his daughter and her education; and
I opine that this maiden will suit the fancy of thy Highness, whilst
she will rejoice in an Emir such as thyself and eke her parents will be
equally well pleased.” The Prince replied, “Inshallah, this damsel
whereof thou speakest will suit me and supply my want, and the
furtherance of my desire shall be at thy hands. But, O our lord the
Imam, ’tis my wish first of all things to look upon her and see if she
be pure or otherwise; and, as regarding her singular comeliness, my
conviction is that thy work sufficeth and thine avouchment is
veridical. Of her purity, however, even thou canst not bear sure and
certain testimony in respect to that condition.” Asked the Imam,
“How is it possible for you, O my lord the Emir, to learn from her
face aught of her and her honour; also whether she be pure or not:
indeed, if this be known to your Highness you must be an adept in
physiognomy.[55] However, if your Highness be willing to accompany
me, I will bear you to the mansion of her sire and make you
acquainted with him, so shall he set her before you.”——And
Shahrazad was surprised by the dawn of day and ceased to say her
permitted say.

Now when it was the Five Hundred and Tenth

Night,
Quoth Dunyazad, “O sister mine, an thou be other than sleepy, tell
us one of thy fair tales, so therewith we may cut short the waking
hours of this our night,” and quoth Shahrazad:——It hath reached
me, O King of the Age, that the Imam Abu Bakr took the Prince and
passed with him into the mansion of the Wazir; and, when they
entered, both salam’d to the house-master and he rose and received
them with greetings especially when he learned that an Emir had
visited him and he understood from the Imam that Zayn al-Asnam
inclined to wed his daughter. So he summoned her to his presence
and she came, whereupon he bade her raise her face-veil; and,
when she did his bidding, the Prince considered her and was amazed
and perplexed at her beauty and loveliness, he never having seen
aught that rivalled her in brightness and brilliancy. So quoth he in his
mind, “Would to Heaven I could win a damsel like this, albeit this
one be to me unlawful.” Thinking thus he drew forth the mirror from
his pouch and considered her image carefully when, lo and behold!
the crystal was bright and clean as virgin silver and when he eyed
her semblance in the glass he saw it pure as a white dove’s. Then
sent he forthright for the Kazi and witnesses and they knotted the
knot and wrote the writ and the bride was duly throned. Presently
the Prince took the Wazir his father-in-law into his own mansion, and
to the young lady he sent a present of costly jewels and it was a
notable marriage-festival, none like it was ever seen; no, never. Zayn
al-Asnam applied himself to inviting the folk right royally and did
honour due to Abu Bakr the Imam, giving him abundant gifts, and
forwarded to the bride’s father offerings of notable rarities. As soon
as the wedding ended, Mubarak said to the Prince, “O my lord, let us
arise and wend our ways lest we lose our time in leisure, for that we
sought is now found.” Said the Prince, “Right thou art;” and, arising
with his companion, the twain fell to equipping them for travel and
gat ready for the bride a covered litter[56] to be carried by camels
and they set out. Withal Mubarak well knew that the Prince was
deep in love to the young lady. So he took him aside and said to
him, “O my lord Zayn al-Asnam, I would warn thee and enjoin thee
to keep watch and ward upon thy senses and passions and to
observe and preserve the pledge by thee plighted to the King of the
Jann.” “O Mubarak,” replied the Prince, “an thou knew the love-
longing and ecstasy which have befallen me of my love to this young
lady, thou wouldst feel ruth for me! indeed I never think of aught
else save of taking her to Bassorah and of going in unto her.”
Mubarak rejoined, “O my lord, keep thy faith and be not false to thy
pact, lest a sore harm betide thee and the loss of thy life as well as
that of the young lady.[57] Remember the oath thou swarest nor
suffer lust[58] to lay thy reason low and despoil thee of all thy gains
and thine honour and thy life.” “Do thou, O Mubarak,” retorted the
Prince, “become warden over her nor allow me ever to look upon
her.”——And Shahrazad was surprised by the dawn of day and
ceased to say her permitted say.
 Now when it was the Five Hundred and
Eleventh Night,
Quoth Dunyazad, “O sister mine, an thou be other than sleepy, tell
us one of thy fair tales, so therewith we may cut short the waking
hours of this our night,” and quoth Shahrazad:——It hath reached
me, O King of the Age, that Mubarak, after warning Zayn al-Asnam
to protect the virgin-bride against himself, fell also to defending her
as his deputy: also he prevented the Prince from even looking upon
her. They then travelled along the road unto the Island of the Jann,
after[59] they had passed by the line leading unto Misr.[60] But when
the bride saw that the wayfare had waxed longsome nor had beheld
her bridegroom for all that time since the wedding-night, she turned
to Mubarak and said, “Allah upon thee; inform me, O Mubarak, by
the life of thy lord the Emir, have we fared this far distance by
commandment of my bridegroom Prince Zayn al-Asnam?” Said he,
“Ah, O my lady, sore indeed is thy case to me, yet must I disclose to
thee the secret thereof which be this. Thou imaginest that Zayn al-
Asnam, the King of Bassorah, is thy bridegroom; but, alas! ’tis not
so. He is no husband of thine; nay, the deed he drew up was a mere
pretext in the presence of thy parents and thy people; and now thou
art going as a bride to the King of the Jann who required thee of the
Prince.” When the young lady heard these words, she fell to
shedding tears and Zayn al-Asnam wept for her, weeping bitter tears
from the excess of his love and affection. Then quoth the young
lady, “Ye have nor pity in you nor feeling for me; neither fear ye
aught of Allah that, seeing in me a stranger maiden ye cast me into
a calamity like this. What reply shall ye return to the Lord on the Day
of Reckoning for such treason ye work upon me?” However her
words and her weeping availed her naught, for that they stinted not
wayfaring with her until they reached the King of the Jann, to whom
they forthright on arrival made offer of her. When he considered the
damsel she pleased him, so he turned to Zayn al-Asnam and said to
him, “Verily the bride thou broughtest me is exceeding beautiful and
passing of loveliness; yet lovelier and more beautiful to me appear
thy true faith and the mastery of thine own passions, thy marvellous
purity and valiance of heart. So hie thee to thy home and the Ninth
Statue, wherefor thou askedst me, by thee shall be found beside the
other images, for I will send it by one of my slaves of the Jann.”
Hereupon Zayn al-Asnam kissed his hand and marched back with
Mubarak to Cairo, where he would not abide long with his
companion but, as soon as he was rested, of his extreme longing
and anxious yearning to see the Ninth Statue, he hastened his travel
homewards. Withal he ceased not to be thoughtful and sorrowful
concerning his maiden-wife and on account of her beauty and
loveliness, and he would fall to groaning and crying, “O for my lost
joys whose cause wast thou, O singular in every charm and
attraction, thou whom I bore away from thy parents and carried to
the King of the Jann. Alas, and woe worth the day!”——And
Shahrazad was surprised by the dawn of day and ceased to say her
permitted say.

Now when it was the Five Hundred and

Twelfth Night,
Quoth Dunyazad, “O sister mine, an thou be other than sleepy, tell
us one of thy fair tales, so therewith we may cut short the waking
hours of this our night,” and quoth Shahrazad:——It hath reached
me, O King of the Age, that Zayn al-Asnam fell to chiding himself for
the deceit and treason which he had practised upon the young lady’s
parents and for bringing and offering her to the King of the Jann.
Then he set out nor ceased travelling till such time as he reached
Bassorah, when he entered his palace; and, after saluting his
mother, he apprized her of all things that had befallen him. She
replied, “Arise, O my son, that we may look upon the Ninth Statue,
for I rejoice with extreme joy at its being in our possession.” So both
descended into the pavilion where stood the eight images of
precious gems and here they found a mighty marvel. ’Twas this. In
lieu of seeing the Ninth Statue upon the golden throne, they found
seated thereon the young lady whose beauty suggested the sun.
Zayn al-Asnam knew her at first sight and presently she addressed
him saying, “Marvel not for that here thou findest me in place of that
wherefor thou askedst; and I deem that thou shalt not regret nor
repent when thou acceptest me instead of that thou soughtest.” Said
he, “No, by Allah, O life-blood of my heart, verily thou art the end of
every wish of me nor would I exchange thee for all the gems of the
universe. Would thou knew what was the sorrow which surcharged
me on account of our separation and of my reflecting that I took
thee from thy parents by fraud and I bore thee as a present to the
King of the Jann. Indeed I had well nigh determined to forfeit all my
profit of the Ninth Statue and to bear thee away to Bassorah as my
own bride, when my comrade and councillor dissuaded me from so
doing lest I bring about my death and thy death.” Nor had Zayn al-
Asnam ended his words ere they heard the roar of thunderings that
would rend a mount and shake the earth, whereat the Queen-
mother was seized with mighty fear and affright. But presently
appeared the King of the Jinns who said to her, “O my lady, fear not!
’Tis I, the protector of thy son whom I fondly affect for the affection
borne to me by his sire. I also am he who manifested myself to him
in his sleep; and my object therein was to make trial of his valiance
and to learn an he could do violence to his passions for the sake of
his promise, or whether the beauty of this lady would so tempt and
allure him that he could not keep his promise to me with due
regard.”——And Shahrazad was surprised by the dawn of day and
ceased to say her permitted say.

Now when it was the Five Hundred and

Thirteenth Night,
Quoth Dunyazad, “O sister mine, an thou be other than sleepy, tell
us one of thy fair tales, so therewith we may cut short the waking
hours of this our night,” and quoth Shahrazad:——It hath reached
me, O King of the Age, that the King of the Jann said to the Queen-
mother, “Indeed Zayn al-Asnam hath not kept faith and covenant
with all nicety as regards the young lady, in that he longed for her to
become his wife. However, I am assured that this lapse befel him
from man’s natural and inherent frailty albeit I repeatedly enjoined
him to defend and protect her until he concealed from her his face. I
now accept[61] this man’s valour and bestow her upon him to wife,
for she is the Ninth Statue by me promised to him and she is fairer
than all these jewelled images, the like of her not being found in the
whole world of men save by the rarest of chances.” Then the King of
the Jann turned to the Prince and said to him, “O Emir Zayn al-
Asnam, this is thy bride: take her and enjoy her upon the one
condition that thou love her only nor choose for thyself another one
in addition to her; and I pledge myself that her faith thee-wards will
be of the fairest.” Hereupon the King of the Jann disappeared and
the Prince, gladdened and rejoicing, went forth with the maiden and
for his love and affection to her he paid to her the first ceremonious
visit that same night[62] and he made bride-feasts and banquets
throughout his realm and in due time he formally wedded her and
went in unto her. Then he stablished himself upon the throne of his
kingship and ruled it, bidding and forbidding, and his consort
became Queen of Bassorah. His mother left this life a short while
afterwards and they both mourned and lamented their loss. Lastly
he lived with his wife in all joyance of life till there came to them the
Destroyer of delights and the Separator of societies.——And
Shahrazad was surprised by the dawn of day and ceased to say her
pleasant[63] say.
 THE TALE OF ZAYN AL-ASNAM.
(TURKISH.)

NOTE I.

I. The following version has been kindly made for me by Mr. E. J. W.

Gibb, of Glasgow, author of “Ottoman Poems,” the “Story of Jewad,”
and an excellent translation of the “Book of the Forty Wazirs.” It is
alluded to in Vol. i., p. 46, of “Popular Tales and Fictions” (London:
Blackwoods, 1887), etc., etc., by my collaborator, Mr. W. A. Clouston,
a most valuable recueil, with whose dedication he honoured me. I
now proceed to quote from Mr. Gibb’s “Foreword.”
The book from which the following story has been translated was
printed at Constantinople in A.H. 1268; and is entitled Mukhayyalāt-i
Ledun-i illāhī-i Giridli ‘Ali ‘Aziz Efendi. = Phantasms from the Divine
Presence, by ‘Ali ‘Aziz Efendi of Crete. The printer has given the
following note at the beginning of the volume; it appears to have
occurred in the MS. copy which he had.

“Phantasms from the Divine Presence, of ‘Ali ‘Aziz Efendi the Cretan. 1211 (=
1796–7).

“In the year aforesaid did the above-named Efendi complete this book; and at that
(same) time he went to Prussia along with an embassy, and there he passed away.
As he was versed in the mystic and philosophic sciences, and mighty in giving
answers, clear and silencing, on obscure questions in every branch of learning, he
arranged and wrote down, in the form of a special treatise, the erudite replies
which he afforded to the interrogations of certain distinguished persons among the
philosophers of Europe, concerning the revolving of the spheres, the strata of the
elements, and other matters natural: such (a work was it) that from the perusal
thereof the extent of his learning might have been known unto men of science.
And he had a work on mysticism, entitled Vāridāt, and other writings (as well). But
his heirs knowing not their value, destroyed and lost them; however, some among
them came into the hands of certain of his friends, who have edited and published
them.”
“Such is written on the back of this book.”

This last line is the printer’s note.

The Author’s Preface may be translated as follows:—
“Rolling up the observances of preamble and cancelling the rules of
entitulation, it is humbly declared that, while for a certain season
turning over the sheets of these pages of revelations and
inspirations, in the college of desire and the library of imagination, a
well-worn book with a lengthy appendix, entitled Khulāsat-al-Khayāl,
(compiled) from the Syriac and Hebrew and other languages laid by
in the vault of oblivion, was seen of my warning-beholding eye.
When it had been entirely perused and its strange matter
considered, as they would form an esoteric scrip, a philosophic
volume, such as would cause heedfulness and consideration, and
yield counsel and admonition, like the ·Ibret-Numā of Lami’ī and the
Elf Leyle of Asma’ī, certain of the strange stories and wonderful tales
of that book were selected and separated, and having been
arranged, dervish-fashion, in simple style, were made the adornment
of the reed-pen of composition, and offered to the notice of them of
penetration. For all that this book is of the class of phantasms, still,
as it has been written in conformity with the position of the readers
of (these) times, it is of its virtues that its perusal will of a surety
dispel sadness of heart; and when this has been proved, saying:—
Unworthy though the reed-pen’s labour be,
A blessing may it gain, ‘Azíz! for thee,

I implore that my poor name be raised aloft on the tongues of

prayers.”
Then come the three Mukhayyalāt, or Phantasms, each consisting of
a principal story with several subordinate tales.
The First Mukhayyal is largely made up of incidents from the
following stories in the Thousand and One Nights: Kamer-uz-Zemān,
Zeyn ul Esnām, Prince Amjad, and the Enchanted Horse. Here are all
woven into one connected whole, along with a lot about a king of
the Jinn and the City of Jábulqá, and some stories that are new to
me.
The Second Mukhayyal I have translated and published under the
title of the “Story of Jewád.”
The Third consists of a number of stories that I have never met
before.
The object of the entire work appears to be the exaltation of the
supernatural powers claimed by holy men. I meditate making a
complete translation some day. Meanwhile the following is my
version of

THE TALE OF ZAYN AL-ASNAM.

Then he (‘Abd-us-Samed, King of Serendib or Ceylon) requested the

Prince Asīl, first to go along with him to the harem in order that he
might show him a strange thing. The Prince consented; so they
entered through the harem door, and after crossing the vestibule
and hall they came to a garden at the end of which was the door of
a subterranean vault, whither they went. The door was of hard steel;
and the king drew the key thereof from his pocket and opened it,
and they descended by twelve steps into the interior of the vault.
Then they entered a place in the midst thereof shaped like the
cupola of a bath; and the Prince saw that in the middle of this place
was a circular tank, some fifteen cubits round, wrought and
fashioned of Cathayan jasper, and filled to overflowing with
diamonds and emeralds, and spinels and red rubies, the very least of
which were a rarity of the age. And round about the tank were ten
bejewelled stands, on each of which (save one) was set an image,
every one more splendid than the other, and all of pure gold. And
they were adorned with thousands of costly jewels, treasures of the
age, such that all the gems that were in the tank could not have
bought those upon one image. While they were looking at these
things, King ‘Abd-us-Samed, with utmost lowliness, begged the
Prince to accept this treasure; but as he replied, saying, “Let us go
forth and think about it,” they went out and returned to their
chamber. Again the King urged the Prince to accept it; but the latter,
turning the conversation into another course, said: “My King, while
the stands be ten, the images are nine; how comes it that one stand
has no image? Have you given it to anyone?” The King replied, “My
Lord, my Prince, it is a wondrous tale.” And as the Prince begged
him to relate it, King ‘Abd-us-Samed thus began to speak:
 THE STORY OF ‘ABD-US-SAMED, KING OF
CEYLON.
“I, your slave, Sultan of this Ceylon, am son of the late Murtazá
Sháh. I was twenty years old when I ascended my ancestral throne
on the death of my father, I strove earnestly in the ordinance of the
realm, and wrought manfully and skilfully to perform the duties of
kingship. One night my father came (in a vision) to my side and
addressed me, saying, ‘My son, I have a last request to make of
thee; but I will not tell it thee save thou undertake to accomplish it
without knowing what it be; but if thou swear by God to accomplish
it, I will declare it to thee.’ As it is beyond doubt that fathers or
mothers would not urge their children to unbecoming deeds, I
without hesitation swore to accomplish it. Then my father took me
by the hand and led me to the treasure which thou hast seen. When
I beheld it I abode bewildered at the greatness of the riches. On
that empty stand was a paper in my father’s handwriting; this I took
and read, and these words were inscribed thereon: ‘My son, in that
thou hast undertaken to fulfil it, if thou accomplish not this my last
request, be my two hands upon thy collar. Thou shalt go hence to
Cairo; there in the Roumelia Square, hard by the Erdebíl Fountain, is
a revered personage whom they call the Shaykh Mubarak. He is
master of the secret sciences, and he it is who hath given me all this
treasure. Lay thy face in the dust at his feet, and with uttermost
humbleness beg of him this lacking image; for the image which still
remains is worth many treasures like to this. If thou sit upon my
throne without having procured that image, thou shalt be a rebel
against me.’ I marvelled at these words of my father, and seeing he
had heaped up such vast riches, he should still even after his death
be so driven as to urge upon me the toils of a journey and the many
dangers that must attend it, only that that stand might not remain
empty. But as no escape was possible, I constrainedly determined to
set out, and having appointed my vezir regent, I disguised myself
and started for Cairo.
“When I reached Cairo, I went to the aforesaid place, and having
enquired for the Shaykh Mubarak, went up to his door, at which I
knocked. A slave-girl came and opened the door, and taking me in,
led me into the presence of the Shaykh. I saw him to be a man of
about five-and-forty years of age, from whose countenance beamed
the rays of the light of God. I went forward and kissed his feet
reverently, whereon he said, ‘Upon thee be peace, my son ‘Abd-us-
Samed; I rejoice for that thou hast fulfilled the last request of thy
father, well done!’ And he motioned me to be seated. Straightway
they brought food, and after I had eaten and been nobly entreated,
he, leaving not to me the need of declaring my want, said, ‘My son,
thy desire will not be withheld; but thy father rendered me many
services ere he gained that treasure, and until thou likewise have
done me a service, thou canst not win to thy wish. I have a service
for thee to perform; if thou be able to perform it, I will give thee the
image that thou seekest. What sayest thou?’ I replied, ‘Do thou
command; whatsoever thy service be, I shall not fail to strive therein
so far as in me lies.’ He answered, ‘Good; but if thou act contrary to
my pleasure, then thou shalt die.’ When I had likewise undertaken
not to act contrary to his pleasure, he continued, ‘Thou shalt abide
three days in Cairo, then thou shalt go forth and wander from
country to country, and from city to city, and from village to village,
until thou find an exceeding fair and pure girl in her fourteenth or
fifteenth year, who, besides being a virgin, has never so much as
longed for the pleasures of love: and thou shalt bring her to me
without ever letting even thy hand touch hers; and I will give thee
the image. But if thou purpose treachery, or to obtain delight by
returning not to me, know that thy death is certain.’ I made answer,
‘I may seek and find the things visible; but I am not skilled in the
secrets of the heart that I should know that no impure thoughts
have ever come into the mind; this part of the matter is hard.’
Thereon he gave into my hand a mirror and a purse, and said,
‘When thou hast found a girl answering in beauty and other such
particulars to my description, hold this mirror to her face, and if it
become clouded, she is not the desired one, for her mind is sullied;
but if the mirror remain bright, she is the chaste one we desire.
However, the accomplishment of this matter will require much
outlay, so spend from this purse; with God’s permission it will not
become exhausted.’
“Accordingly, I took the mirror and the purse, and having kissed the
Shaykh’s feet, and bade him farewell, and after resting three days in
a Khan, I set out on the road to Damascus. I wandered through
Damascus, Aleppo, Syria, the islands of the Mediterranean,
Constantinople, Rumelia, Frankland, and many many kingdoms and
cities; and although I found some perfect in beauty, I found none
whose chastity could abide the trial of the mirror. A certain man told
me that there were in Baghdād many beauties perfect in loveliness,
and said, ‘If you go thither, belike you may find the fair one whom
you seek.’ So I went to Baghdād and rented a house in a certain
quarter and having taken up my abode there, began the search. The
Imām of the quarter was an old man named Haji Bekr, who used to
come to my house at nights to converse with me. One night I told
him the secret of my heart and said, ‘If thou canst find a girl such as
I wish, that is, such as were acceptable to my taste, I will give thee
ten purses; and from that may be judged how I shall treat the girl
and her relations. But even if, through the favour of God Most High,
she be found, I may not marry her until I have gone and kissed the
feet of my father who is grand Vezir of Egypt. If they will give me
the girl whom I approve with this condition, I will cover her parents
and relations with favours.’ Then the Imām, after pondering a while,
thus made answer, ‘The Khalif has a Vezir named Nāsir, whom he
dismissed from his service, having been displeased at certain of his
actions; this Vezir has for a long time sat in the nook of retirement,
and he has fallen a prey to exceeding poverty and indigence. He has
a daughter named Mihr-i-Dil,[64] who is now in her fourteenth or
fifteenth year. She is well known among the women, who say that
her like has never been created upon earth. If she suit your taste,
she may do; if not, it will be vain to look for another, hoping to find
one better than she.’ When I heard these words I put ten florins into
the Imām’s hand, saying, ‘Be this shoe-money: go to-morrow to the
girl’s father and tell him of the affair; and if he be willing to give her,
bring me word.’
“He came next day and told me that he had spoken to the girl’s
father, that he was willing, and that they were awaiting my going to
their house. So I straightway set out in all haste for the desired
quarter, and reached their abode. After I had met her father and
conversed with him, he took me into another room where his
daughter was standing covered with a veil. Her father went up to
her, and when he had raised the veil from his daughter’s face, I saw
that she was a loveling of the soul, such that not merely was the
Shaykh’s description insufficient, but that never heart or imagination
had conceived her like. The glance of her eyes was a disturber of the
world such that with one look it made my soul like to hell through
the fire of love, and maddened me, taking me out of myself.
Forthwith I pulled out the mirror and held it to her face, and when I
saw that there was thereon no trace of dullness, even as the Shaykh
had said, I made sure of her chastity. When I came forth I kissed
her father’s hand and prayed him to accept me to son-in-law, and he
blessed me, saying, ‘There is no refusal; may the Lord of the worlds
grant to both of you life and fortune.’ The Imām, the Mu’ezzin and
the assembly were straightway summoned, and when the marriage-
ceremony was completed, I gave the ten purses I had promised, and
also ten thousand sequins for the wedding expenses, and things
proper to women to the value of two hundred purses, which I had
prepared before hand. I took from the purse to the amount of about
two hundred purses, and giving it to the Imām Efendi, sent him off
with it, that they might buy whatsoever dresses they should wish.
And I gave them notice, saying, ‘I may not tarry longer than a week,
then I must set out whither I mean to go; let them be ready.’
“When I had delivered poor Nāsir and his belongings from all need, I
got ready all things necessary for the journey, and we started on the
way to Egypt. While on the journey, I assisted the maiden in
mounting into and alighting from the litter and as the poor girl
thought I was her husband, she took no heed but disclosed her fair
face to me, whereupon my wit and understanding were ravished,
and passion and longing brought me to such a pass that I would
have abandoned wealth and hoard, image and treasure, nay, even
the world itself, but that dread of the Shaykh and fear for my life
held me back from accomplishing my desire; for I knew that if I
touched but so much as her hand with mine, my death was certain.
Accordingly I endured it as I might, and sighed and groaned night
and day. When we were come to within an hour’s journey of Cairo, I
went up to the side of the girl’s litter, and caused her to alight. I
made them pitch a sun-tent in the shade of which we sat down, and
then I laid bare to her the secret that was in my heart, and told her
that I was taking her for the Shaykh; whereupon her wailing and
lamentations ascended to the heavens, and she fainted and became
senseless. We placed her in this plight in the litter; and when we
reached the Shaykh’s house I knocked at the door thereof. Again a
slave-girl came and opened the door and took us in. I caused the
girl to alight, and took her into the presence of the Shaykh, whose
feet I kissed. He said, ‘Upon thee be peace, my son; thy service is
accepted and thy endeavour thanked; lo, manfulness is the name of
this. I rejoice exceedingly for that thou has borne up against the
urging of passion in such a case. Thou shalt live long and reap great
good from this service.’ Then he asked for the purse and the mirror,
which I laid before him. He continued, ‘Now, do thou again abide in
Cairo during three days, and then go to thine own country and thou
shalt find the wished for image placed upon the empty stand.’
“Again I kissed his feet and bade him farewell, and after tarrying for
three days in Cairo, returned to my own country. When I arrived
there I foregathered with my mother, and after I had related to her
all that had happened, we hastened together to the buried treasure.
We opened the door, and when we entered we saw upon that oft
mentioned stand my darling, my beloved, Mihr-i-Dil. My senses and
understanding forsook me, and I abode for a while confounded.
When she saw me she arose; and there was a paper in her hand
which she presented to me. It was signed with the Shaykh’s