Mission-critical cloud and virtualization solutions based ...
Model-Based Design for Safety-Critical and Mission-Critical … · Requirements based test cases...
Transcript of Model-Based Design for Safety-Critical and Mission-Critical … · Requirements based test cases...
![Page 1: Model-Based Design for Safety-Critical and Mission-Critical … · Requirements based test cases Automated testing using SystemTest™ and Simulink Verification and Validation Traceability](https://reader034.fdocuments.net/reader034/viewer/2022042316/5f0569b57e708231d412d6cd/html5/thumbnails/1.jpg)
©20
08 T
he M
athW
orks
Lim
ited
® ®
Model-Based Design for Safety-Critical and Mission-Critical Applications
Bill PotterTechnical MarketingMay 2, 2008
![Page 2: Model-Based Design for Safety-Critical and Mission-Critical … · Requirements based test cases Automated testing using SystemTest™ and Simulink Verification and Validation Traceability](https://reader034.fdocuments.net/reader034/viewer/2022042316/5f0569b57e708231d412d6cd/html5/thumbnails/2.jpg)
2
® ®
Safety-Critical Model-Based Design Workflow
Requirements
Model
Source Code
Object Code
Validate
Simulink®
&Stateflow®
Trace:RMI
Verify:SystemTest
SLDV Property ProvingModel Coverage
Conformance:Model Advisor
Real-Time Workshop®
Embedded Coder™Conformance:PolySpace™ Products
Embedded IDE
Verify:SLDV Test Generation
Embedded IDE Link XXX
Verify:SystemTest™
Embedded IDE Link™ XXX
Trace:Model/Code Trace Report
![Page 3: Model-Based Design for Safety-Critical and Mission-Critical … · Requirements based test cases Automated testing using SystemTest™ and Simulink Verification and Validation Traceability](https://reader034.fdocuments.net/reader034/viewer/2022042316/5f0569b57e708231d412d6cd/html5/thumbnails/3.jpg)
3
® ®
Requirements Process for Model-Based Design
� Functional, operational, and safety requirements� Exist one level above the model� Models trace to requirements
� Requirements validation - complete and correct� Simulation is a validation technique � Traceability can identify incomplete requirements� Model coverage can identify incomplete requirements
� Requirements based test cases� Test cases trace to requirements
Requirements
Validate
![Page 4: Model-Based Design for Safety-Critical and Mission-Critical … · Requirements based test cases Automated testing using SystemTest™ and Simulink Verification and Validation Traceability](https://reader034.fdocuments.net/reader034/viewer/2022042316/5f0569b57e708231d412d6cd/html5/thumbnails/4.jpg)
4
® ®
Simulation example – controller and plant
![Page 5: Model-Based Design for Safety-Critical and Mission-Critical … · Requirements based test cases Automated testing using SystemTest™ and Simulink Verification and Validation Traceability](https://reader034.fdocuments.net/reader034/viewer/2022042316/5f0569b57e708231d412d6cd/html5/thumbnails/5.jpg)
5
® ®
Requirements trace example – view from DOORS® to Simulink
![Page 6: Model-Based Design for Safety-Critical and Mission-Critical … · Requirements based test cases Automated testing using SystemTest™ and Simulink Verification and Validation Traceability](https://reader034.fdocuments.net/reader034/viewer/2022042316/5f0569b57e708231d412d6cd/html5/thumbnails/6.jpg)
6
® ®
Requirements trace example – view from Simulink to DOORS
![Page 7: Model-Based Design for Safety-Critical and Mission-Critical … · Requirements based test cases Automated testing using SystemTest™ and Simulink Verification and Validation Traceability](https://reader034.fdocuments.net/reader034/viewer/2022042316/5f0569b57e708231d412d6cd/html5/thumbnails/7.jpg)
7
® ®
Requirements based test trace example – view from Simulink Signal Builder block to DOORS
![Page 8: Model-Based Design for Safety-Critical and Mission-Critical … · Requirements based test cases Automated testing using SystemTest™ and Simulink Verification and Validation Traceability](https://reader034.fdocuments.net/reader034/viewer/2022042316/5f0569b57e708231d412d6cd/html5/thumbnails/8.jpg)
8
® ®
Model coverage report example
![Page 9: Model-Based Design for Safety-Critical and Mission-Critical … · Requirements based test cases Automated testing using SystemTest™ and Simulink Verification and Validation Traceability](https://reader034.fdocuments.net/reader034/viewer/2022042316/5f0569b57e708231d412d6cd/html5/thumbnails/9.jpg)
9
® ®
Requirements Process take-aways
� Early requirements validation� Eliminates rework typically seen at integration on
projects with poor requirements
� Early test case development� Validated requirements are complete and verifiable
which results in well defined test cases
� Requirements management and traceability� Requirements management interfaces provide
traceability for design and test cases
Requirements
Validate
![Page 10: Model-Based Design for Safety-Critical and Mission-Critical … · Requirements based test cases Automated testing using SystemTest™ and Simulink Verification and Validation Traceability](https://reader034.fdocuments.net/reader034/viewer/2022042316/5f0569b57e708231d412d6cd/html5/thumbnails/10.jpg)
10
® ®
Design Process for Model-Based Design
� Model-Based Design� Create the design - Simulink and Stateflow®
� Modular design for teams - Model Reference� Model architecture/regression analysis - Model
Dependency Viewer� Documented design - Simulink Report Generator� Requirements traceability using Simulink Verification
and Validation™� Design conforms to standards using Model Advisor
Requirements
Model
Simulink&
Stateflow
Trace:RMI
Conformance:Model Advisor
![Page 11: Model-Based Design for Safety-Critical and Mission-Critical … · Requirements based test cases Automated testing using SystemTest™ and Simulink Verification and Validation Traceability](https://reader034.fdocuments.net/reader034/viewer/2022042316/5f0569b57e708231d412d6cd/html5/thumbnails/11.jpg)
11
® ®
Example detailed design including model reference and subsystems
Subsystem Reference Model
Top Model
![Page 12: Model-Based Design for Safety-Critical and Mission-Critical … · Requirements based test cases Automated testing using SystemTest™ and Simulink Verification and Validation Traceability](https://reader034.fdocuments.net/reader034/viewer/2022042316/5f0569b57e708231d412d6cd/html5/thumbnails/12.jpg)
12
® ®
Model dependency viewer
![Page 13: Model-Based Design for Safety-Critical and Mission-Critical … · Requirements based test cases Automated testing using SystemTest™ and Simulink Verification and Validation Traceability](https://reader034.fdocuments.net/reader034/viewer/2022042316/5f0569b57e708231d412d6cd/html5/thumbnails/13.jpg)
13
® ®
Example Model Advisor report
![Page 14: Model-Based Design for Safety-Critical and Mission-Critical … · Requirements based test cases Automated testing using SystemTest™ and Simulink Verification and Validation Traceability](https://reader034.fdocuments.net/reader034/viewer/2022042316/5f0569b57e708231d412d6cd/html5/thumbnails/14.jpg)
14
® ®
Design Verification for Model-Based Design
� Requirements based test cases� Automated testing using SystemTest™ and Simulink
Verification and Validation� Traceability using Simulink Verification and Validation
� Robustness testing and analysis� Built in Simulink run-time diagnostics� Formal proofs using Simulink Design Verifier™
� Coverage Analysis� Verify structural coverage of model� Verify data coverage of model
Requirements
Model
Simulink&
Stateflow
Verify:SystemTest
SLDV Property ProvingModel Coverage
![Page 15: Model-Based Design for Safety-Critical and Mission-Critical … · Requirements based test cases Automated testing using SystemTest™ and Simulink Verification and Validation Traceability](https://reader034.fdocuments.net/reader034/viewer/2022042316/5f0569b57e708231d412d6cd/html5/thumbnails/15.jpg)
15
® ®
SystemTest for requirements based testing
![Page 16: Model-Based Design for Safety-Critical and Mission-Critical … · Requirements based test cases Automated testing using SystemTest™ and Simulink Verification and Validation Traceability](https://reader034.fdocuments.net/reader034/viewer/2022042316/5f0569b57e708231d412d6cd/html5/thumbnails/16.jpg)
16
® ®
SystemTest – example reportData Plotting and expected
results comparisons
Summary of results
![Page 17: Model-Based Design for Safety-Critical and Mission-Critical … · Requirements based test cases Automated testing using SystemTest™ and Simulink Verification and Validation Traceability](https://reader034.fdocuments.net/reader034/viewer/2022042316/5f0569b57e708231d412d6cd/html5/thumbnails/17.jpg)
17
® ®
Signal Builder and Assertion Blocks
![Page 18: Model-Based Design for Safety-Critical and Mission-Critical … · Requirements based test cases Automated testing using SystemTest™ and Simulink Verification and Validation Traceability](https://reader034.fdocuments.net/reader034/viewer/2022042316/5f0569b57e708231d412d6cd/html5/thumbnails/18.jpg)
18
® ®
Model coverage report example – signal ranges
![Page 19: Model-Based Design for Safety-Critical and Mission-Critical … · Requirements based test cases Automated testing using SystemTest™ and Simulink Verification and Validation Traceability](https://reader034.fdocuments.net/reader034/viewer/2022042316/5f0569b57e708231d412d6cd/html5/thumbnails/19.jpg)
19
® ®
Simulink Design Verifier – Coverage Test
Generated Test Cases
ModelTest Report
![Page 20: Model-Based Design for Safety-Critical and Mission-Critical … · Requirements based test cases Automated testing using SystemTest™ and Simulink Verification and Validation Traceability](https://reader034.fdocuments.net/reader034/viewer/2022042316/5f0569b57e708231d412d6cd/html5/thumbnails/20.jpg)
20
® ®
Simulink Design Verifier – Objective Test
Generated Test Cases
Model with Constraints and ObjectivesTest Report
![Page 21: Model-Based Design for Safety-Critical and Mission-Critical … · Requirements based test cases Automated testing using SystemTest™ and Simulink Verification and Validation Traceability](https://reader034.fdocuments.net/reader034/viewer/2022042316/5f0569b57e708231d412d6cd/html5/thumbnails/21.jpg)
21
® ®
Simulink Design Verifier – Property Proving
Property to be proven
Model with Assumption and ObjectiveReport
![Page 22: Model-Based Design for Safety-Critical and Mission-Critical … · Requirements based test cases Automated testing using SystemTest™ and Simulink Verification and Validation Traceability](https://reader034.fdocuments.net/reader034/viewer/2022042316/5f0569b57e708231d412d6cd/html5/thumbnails/22.jpg)
22
® ®
Design Process take-aways� Modular reusable implementations
� Platform independent design� Scalable to large teams
� Consistent and compliant implementations� Common design language � Automated verification of standards compliance
� Efficient verification process� Develop verification procedures in parallel with design� Coverage analysis early in the process� Automated testing and analysis Requirements
Model
Simulink&
StateflowTrace:RMI
Verify:SystemTest
SLDV Property ProvingModel Coverage
Conformance:Model Advisor
![Page 23: Model-Based Design for Safety-Critical and Mission-Critical … · Requirements based test cases Automated testing using SystemTest™ and Simulink Verification and Validation Traceability](https://reader034.fdocuments.net/reader034/viewer/2022042316/5f0569b57e708231d412d6cd/html5/thumbnails/23.jpg)
23
® ®
Coding Process for Model-Based Design
� Automatic code generation� Real-Time Workshop Embedded Coder
� Traceability� HTML Code Traceability Report
� Source code verification� Complies with standards using PolySpace MISRA-C®
checker� Accurate, consistent and robust using PolySpace™
verifier Model
Source Code
Real-Time WorkshopEmbedded coder Conformance:
PolySpace Products
Trace:Model/Code Trace Report
![Page 24: Model-Based Design for Safety-Critical and Mission-Critical … · Requirements based test cases Automated testing using SystemTest™ and Simulink Verification and Validation Traceability](https://reader034.fdocuments.net/reader034/viewer/2022042316/5f0569b57e708231d412d6cd/html5/thumbnails/24.jpg)
24
® ®
dependent models rebuilt
model changed and rebuilt
Incrementally Generate Code
� Incremental code generation is supported via Model Reference
� When a model is changed, only models depending on it are subject to regeneration of their code
� Reduces application build times and ensure stability of a project’s code
� Degree of dependency checking is configurable
![Page 25: Model-Based Design for Safety-Critical and Mission-Critical … · Requirements based test cases Automated testing using SystemTest™ and Simulink Verification and Validation Traceability](https://reader034.fdocuments.net/reader034/viewer/2022042316/5f0569b57e708231d412d6cd/html5/thumbnails/25.jpg)
25
® ®
Add Links to Requirements
Requirements appear in the code
![Page 26: Model-Based Design for Safety-Critical and Mission-Critical … · Requirements based test cases Automated testing using SystemTest™ and Simulink Verification and Validation Traceability](https://reader034.fdocuments.net/reader034/viewer/2022042316/5f0569b57e708231d412d6cd/html5/thumbnails/26.jpg)
26
® ®
Code to Model Trace Report
![Page 27: Model-Based Design for Safety-Critical and Mission-Critical … · Requirements based test cases Automated testing using SystemTest™ and Simulink Verification and Validation Traceability](https://reader034.fdocuments.net/reader034/viewer/2022042316/5f0569b57e708231d412d6cd/html5/thumbnails/27.jpg)
27
® ®
Compliance history of generated code• Our MISRA-C test suite consists of several example models
• Results shown for most frequentlyviolated rules
� Improving MISRA-C compliance with each release, e.g.� Eliminate Stateflow goto statements (R2007a)
� Compliant parentheses option available (R2006b)
� Generate default case for switch-case statements (R2006b)
� MathWorks MISRA-C Compliance Package available upon request http://www.mathworks.com/support/solutions/data/1-1IFP0W.html
![Page 28: Model-Based Design for Safety-Critical and Mission-Critical … · Requirements based test cases Automated testing using SystemTest™ and Simulink Verification and Validation Traceability](https://reader034.fdocuments.net/reader034/viewer/2022042316/5f0569b57e708231d412d6cd/html5/thumbnails/28.jpg)
28
® ®
Simulink Integration with PolySpace ProductsSimulink Integration with PolySpace ProductsInput1Input1�� EntriesEntries�� varying from varying from --
500 to 500500 to 500
K1 and K2K1 and K2�� ConstantsConstants�� Can be tuned Can be tuned
from from --297 to 297 to 303303
Lookup tablesLookup tables�� Maps, surfaces,Maps, surfaces,
algorithms, algorithms, extrapolationsextrapolations
�� Adjusted, tunedAdjusted, tuned
Math operationsMath operations�� Divide, add, Divide, add,
min/max, min/max, product, product, substractsubstract,,sumsum……
![Page 29: Model-Based Design for Safety-Critical and Mission-Critical … · Requirements based test cases Automated testing using SystemTest™ and Simulink Verification and Validation Traceability](https://reader034.fdocuments.net/reader034/viewer/2022042316/5f0569b57e708231d412d6cd/html5/thumbnails/29.jpg)
29
® ®
See results in the modelSee results in the model
�� Change the modelChange the model�� Generate the production codeGenerate the production code�� Run PolySpace softwareRun PolySpace software
PolySpace detected an error herePolySpace detected an error here(after having analyzed the generated code)(after having analyzed the generated code)
![Page 30: Model-Based Design for Safety-Critical and Mission-Critical … · Requirements based test cases Automated testing using SystemTest™ and Simulink Verification and Validation Traceability](https://reader034.fdocuments.net/reader034/viewer/2022042316/5f0569b57e708231d412d6cd/html5/thumbnails/30.jpg)
30
® ®
Coding Process takeaways
� Reusable and platform independent source code� Traceability� MISRA-C compliance� Static verification and analysis
Model
Source Code
Real-Time WorkshopEmbedded coder Conformance:
PolySpace Products
Trace:Model/Code Trace Report
![Page 31: Model-Based Design for Safety-Critical and Mission-Critical … · Requirements based test cases Automated testing using SystemTest™ and Simulink Verification and Validation Traceability](https://reader034.fdocuments.net/reader034/viewer/2022042316/5f0569b57e708231d412d6cd/html5/thumbnails/31.jpg)
31
® ®
Integration Process for Model-Based Design
� Executable object code generation� ANSI® or ISO® C or C++ compatible compiler� Run-time libraries provided
� Executable object code verification� Test generation using Simulink Design Verifier� Capability to build interface for Processor-In-the-Loop
(PIL) testing� Analyze code coverage during PIL� Analyze execution time during PIL� Analyze stack PIL
Requirements
Model
Source Code
Object Code
Embedded IDE
Verify:SLDV Test Generation
Embedded IDE Link XXX
Verify:SystemTest
Embedded IDE Link XXX
![Page 32: Model-Based Design for Safety-Critical and Mission-Critical … · Requirements based test cases Automated testing using SystemTest™ and Simulink Verification and Validation Traceability](https://reader034.fdocuments.net/reader034/viewer/2022042316/5f0569b57e708231d412d6cd/html5/thumbnails/32.jpg)
32
® ®
Processor-in-the-Loop (PIL) Verification- Execute Generated Code on Target Hardware
Embedded Target
Simulink
Plant ModelAlgorithm
(Software Component)
Cod
e G
ener
atio
n
Execution
• on host and target• non-real-time
Communication via one of
• data link e.g. serial, CAN, TCP/IP• debugger integration with MATLAB
![Page 33: Model-Based Design for Safety-Critical and Mission-Critical … · Requirements based test cases Automated testing using SystemTest™ and Simulink Verification and Validation Traceability](https://reader034.fdocuments.net/reader034/viewer/2022042316/5f0569b57e708231d412d6cd/html5/thumbnails/33.jpg)
33
® ®
Integration Process Takeaways
� Integration with multiple development environments
� Test cases and harnesses generated automatically
� Efficient processor in-the-loop test capability
Requirements
Model
Source Code
Object Code
Embedded IDE
Verify:SLDV Test Generation
Embedded IDE Link XXX
Verify:SystemTest
Embedded IDE Link XXX
![Page 34: Model-Based Design for Safety-Critical and Mission-Critical … · Requirements based test cases Automated testing using SystemTest™ and Simulink Verification and Validation Traceability](https://reader034.fdocuments.net/reader034/viewer/2022042316/5f0569b57e708231d412d6cd/html5/thumbnails/34.jpg)
34
® ®
Wrap-up
� Tools to support the entire safety critical development process
� Participation on SC-205/WG-71 committee for DO-178C� Safety-Critical/DO-178B guideline document
� Available to licensed customers with Real-Time Workshop Embedded Coder
� Contact Bill Potter ([email protected]) or Tom Erkkinen ([email protected])