Model-Based Design · AUTOSAR · SIL/HIL · ISO 26262
We develop, verify, and validate embedded control software across the full development workflow — from Simulink-based controller design and AUTOSAR architecture through SIL/HIL test campaigns, functional safety activities, and RTOS integration.
What We Do
Embedded software is increasingly the primary source of product differentiation — and the primary source of validation cost. Model-based design accelerates development by replacing hand-coded implementations with verified simulation models, while AUTOSAR architectures provide the standardised platform for software reuse. Our team covers the complete workflow from algorithm design through safety validation.
Key Problems We Solve
6 Service Types
Select a capability to explore the methodology, deliverables, and tools in detail.
ANALYSIS TYPE / 01
Simulink · controller design · automatic code generation
Developing embedded control algorithms in Simulink and Stateflow — from plant modelling and controller design through simulation verification and automatic production code generation, eliminating manual coding errors and compressing development cycles.
Key Aspects
Building accurate dynamic plant models in Simulink — capturing mechanical, electrical, thermal, and fluid behaviour to provide the virtual environment for closed-loop controller development.
Designing and tuning feedback controllers, state machines, and supervisory logic in Simulink/Stateflow — iterating rapidly against the plant model to meet performance and stability requirements.
Running model-in-the-loop (MIL) simulations to verify controller behaviour against requirements before any code is generated — catching algorithm errors at the lowest cost point.
Generating production-quality MISRA-compliant C/C++ code from verified Simulink models using Embedded Coder — eliminating manual coding, reducing errors, and maintaining model-code traceability.
ANALYSIS TYPE / 02
Classic & Adaptive · BSW configuration · SWC design
Architecting and implementing AUTOSAR Classic and Adaptive software stacks for automotive ECUs — configuring BSW modules, defining the software component architecture, and integrating application software into the AUTOSAR runtime environment for target ECU hardware.
Key Aspects
Defining the AUTOSAR software component (SWC) architecture — decomposing application functionality into components with clearly defined ports, interfaces, and runnable semantics.
Configuring Basic Software modules — OS, COM, DCM, DEM, NVM, and watchdog — to match ECU hardware constraints, network topology, and functional requirements.
Generating the Runtime Environment from the ARXML system description, integrating application SWCs, and verifying interface compatibility before compilation.
Designing and implementing Adaptive AUTOSAR service-oriented architectures for high-compute ECUs running POSIX-compliant OS — covering ara::com, execution management, and update & config management.
ANALYSIS TYPE / 03
automated test campaigns · code coverage · CI integration
Executing comprehensive Software-in-the-Loop test campaigns to verify embedded software behaviour against requirements before any hardware is available — automating test execution, measuring code coverage, and establishing the regression baseline for continuous integration workflows.
Key Aspects
Developing structured SIL test cases with explicit traceability to software requirements — covering nominal behaviour, boundary conditions, and safety-critical failure modes.
Automating test execution using TPT, CANoe, or custom Python frameworks — enabling overnight regression runs and rapid feedback on code changes.
Measuring structural coverage (statement, branch, MC/DC) against ISO 26262 or DO-178C targets — identifying untested code paths and driving additional test case development.
Integrating SIL test suites into CI pipelines — triggering automated test runs on every commit, reporting coverage trends, and blocking releases that fail coverage thresholds.
ANALYSIS TYPE / 04
real-time plant simulation · fault injection · closed-loop validation
Integrating developed ECU software with HIL simulation environments for closed-loop real-time testing — validating control algorithms against simulated plant models, injecting fault conditions, and verifying safety responses before vehicle integration.
Key Aspects
Configuring the HIL platform — signal conditioning, I/O mapping, real-time plant model deployment, and ECU stimulation — to replicate the target vehicle electrical environment.
Deploying high-fidelity real-time plant models on HIL hardware — ensuring model execution meets timing requirements and accurately represents the physical system's dynamic response.
Injecting electrical faults (short circuits, open lines, signal noise) and functional faults into the HIL environment to verify ECU diagnostic responses and safety reactions.
Running closed-loop test scenarios — including drive cycles, emergency manoeuvres, and boundary conditions — to validate end-to-end ECU behaviour against system requirements.
ANALYSIS TYPE / 05
ASIL decomposition · software safety · safety validation
Supporting functional safety activities for embedded software development — ASIL decomposition, software safety requirements, safety-oriented architecture design, dependent failure analysis, and safety validation activities aligned with ISO 26262 and IEC 61508.
Key Aspects
Deriving software safety requirements from the technical safety concept — specifying the safety mechanisms, error detection and handling behaviour, and ASIL classification for each software element.
Designing the software architecture to achieve freedom from interference between ASIL and QM partitions — applying spatial and temporal separation, error detection, and safe state mechanisms.
Performing dependent failure analysis (DFA) to confirm that ASIL decomposition assumptions are valid — evaluating common cause and cascading failures across software partitions.
Designing and executing software safety validation activities — including back-to-back testing between model and code, and regression testing of safety-relevant software changes.
ANALYSIS TYPE / 06
task scheduling · timing analysis · deterministic behaviour
Integrating and optimising embedded software on RTOS platforms — configuring task scheduling, managing shared resource conflicts, performing timing analysis to validate CPU load and worst-case execution times, and ensuring deterministic real-time behaviour under all operating conditions.
Key Aspects
Designing the task and interrupt architecture — defining task priorities, periods, and activation patterns to ensure timing requirements are met under full CPU load.
Analysing worst-case execution times for safety-critical tasks using static analysis tools — providing evidence that timing deadlines are met regardless of input conditions.
Identifying and resolving shared resource conflicts — configuring mutexes, semaphores, and priority inheritance to prevent priority inversion and deadlock.
Measuring runtime CPU load, interrupt latency, and context switch times on target hardware — identifying bottlenecks and optimising task scheduling to achieve required performance headroom.
Connect with our embedded software team to discuss model-based design, AUTOSAR implementation, or safety-compliant software development for your application.
