The increasing complexity of the control unit functions and/or of the individual automobile control units (electronic control units, ECU), but also the increasing networking and interaction of the control units and control unit functions in the vehicle composite system, as well as increased quality and safety requirements, make the verification of the software functions difficult and very complex. This also applies to the networking of control units and modules in other technical fields, such as machine tool manufacture, automation, etc. Currently, the software release for the individual systems is performed through systematic testing in the electronic composite system. Precisely in the field of automobiles, this is frequently only possible in the vehicle and is accordingly costly. In this case, under defined environmental conditions, fixed driving situation catalogs are run through in order to achieve the highest possible coverage during the software test. Since only very limited memory and run-time resources are available in standard control units for reasons of cost, the use of established test technologies, such as for code coverage analysis during the software release, is frequently not possible or is associated with increased costs.
This may be seen in German Published Patent Application No. 199 59 247 in that an additional code coverage memory is necessary for registering the code coverage. Thus, the invention in the unexamined patent application cited shows a microcomputer for use in a control and/or regulation unit for regulating a process in a motor vehicle. In order to be able to determine the code coverage of a control and/or regulation program of the microcomputer even while the motor vehicle is being driven, it is suggested that the microcomputer contain a code coverage memory, in addition and in parallel to the program memory and data memory, which is connected to the microprocessor via the address bus and the data bus. In this case, information may then be stored in the code coverage memory about which addresses of the program memory and/or the data memory are addressed in the framework of a write or read access during the execution of a control program from the program memory by the microcomputer while the motor vehicle is being driven. In this case, as a possible testing method for programs from the related art, the code coverage method for determining the code coverage is performed by a system execution analyzer. In this case, all addresses of the microprocessor applied to an external address bus result in an identifier in a memory overview. The address regions not identified at the end of the test were therefore not addressed in the framework of the performance of the program and the corresponding program parts were therefore not run. Through such an analysis of the test gaps, untested functions and faulty implementation of functional requirements may be recognized and corrected, for example.
However, if an additional code coverage memory and the corresponding computing time are not available, which is typical in a standard control unit, the method according to German Published Patent Application No. 199 59 247 is therefore not feasible. Then, except for the measurement of internal control unit variables, no access to the control unit software and/or the corresponding software functions is possible and the software functions may then only be tested as a black box. This situation leads to a goal conflict with the high real-time capability and reliability of the systems which is simultaneously required.
Since, in the near future, control unit software will also control and monitor safety-relevant driving functions, such as in X-by-wire systems, the quality requirements for software development and verification in embedded control systems will increase further.
The object of the present invention is to specify a method for verifying the software functions and/or the software code on the basis of an exactly defined, integrated function development process, using which the quality of the software may continue to be ensured, in order to optimize the situation resulting from the related art. For this purpose, besides the method, a system for verification and a corresponding computer program are also the object of the present invention.