Upload
others
View
4
Download
0
Embed Size (px)
Citation preview
1© 2015 The MathWorks, Inc.
Increasing Design Confidence
Paolo Bizzarri
Principal Applications Engineer
3
The Cost of Failure…
4
Key Message
It is easier and less expensive to fix design
errors early in the process when they happen.
Model and code verification enable:
1. Early testing to increase confidence in your design
2. Delivery of higher quality software throughout the workflow
3. Greater safety!
5
Gaining Confidence in our Design
Effort / Time
Confidence
Ad-hoc testing
Design error detection
Functional& structural tests
Modeling standards
Model & code equivalence checks
Code integration analysis
C/C++ CODEMODEL
6
Application: Control of electromechanical systems
7
System
Inputs OutputsDiagnostics
FIltering
Overall
Control
Unit
Le
ga
cy c
od
e
ECU / Control Unit
Application: Motor Control
2Motor Control
(MBD)
1
8
System
Inputs OutputsDiagnostics
Filters
Le
ga
cy c
od
e
Application: Electromechanical Control System
Motor Control
(MBD)
Overall
Control
Unit
9
Application: Motor Control
Systems Inputs
• Motor On
• Command Type
• Command Value
Sensor Inputs
• Currents, Voltages
• Encoders
Inputs
Engaged
Target speed
Outputs
Motor Control
(MBD)
Position
Speed
Torque
10
Gaining Confidence in our Design
Effort / Time
Confidence
Ad-hoc testing
Design error detection
Functional& structural tests
Modeling & coding standards
Code equiv. & integration checks
11
Ad-hoc Tests New “Dashboard” blocks facilitate early ad-hoc testing
12
Gaining Confidence in our Design
Effort / Time
Confidence
Ad-hoc testing
Design error detection
Functional& structural tests
Modeling & coding standards
Code equiv. & integration checks
13
Finding Design Errors: Dead Logic
14
Gaining Confidence in our Design
Effort / Time
Confidence
Ad-hoc testing
Design error detection
Functional& structural tests
Modeling & coding standards
Code equiv. & integration checks
15
Simulation Testing Workflow
Design
Requirements
Did we meet
requirements?
Review functional
behavior
16
Did We Completely Test our Model?
Model Coverage
Analysis
Potential causes of less than 100%
coverage:
Missing requirements
Over/Under-specified design
Design errors
Missing tests
17
Requirements Based Functional Testing with Coverage Analysis
Sequence Test Editor
(Simulink Test)
18
Functional Testing with Added Requirements & Test Cases
19
Gaining Confidence in our Design
Effort / Time
Confidence
Ad-hoc testing
Design error detection
Functional& structural tests
Modeling standards
Code equiv. & integration checks
Found a major design problems thanks to Simulink
Design Verifier
– A positive number was always evaluated as less than zero
Functional test cases passed
– Simulink Test or Classic Signal Builder manage execution of
tests
Generated extra test cases for better understanding
how to pilot the control logic
– During test cases generation another defect was corrected
(% commented transition)
With some effort 100% model coverage was
reached!
20
Model Advisor – Model Standards Checking
21
Gaining Confidence in our Design
Effort / Time
Confidence
Ad-hoc testing
Design error detection
Functional& structural tests
Modeling standards
Model & code equivalence checks
22
Code Generation with Model-to-Code Traceability
23
Code Generation with Model-to-Code Traceability
CODESPECS MODEL
CONTROL AND MANAGE
COMPLEXITY
24
Equivalence Testing:
Model vs SIL or PIL Mode Testing
Model
Testing
SIL or PIL
Mode Testing
Coverage 100%
25
Code Equivalence Check Results:
Model vs CodeCode Coverage
Re-used full coverage test vectors and harnesses from Model Verification testing
Ran test vectors on generated code using Model Reference SIL mode
Model Coverage to Code Coverage using the SIL Code Coverage Report
Successfully demonstrated code behavior matches model behavior!
26
Gaining Confidence in our Design
Effort / Time
Confidence
Ad-hoc testing
Design error detection
Functional& structural tests
Modeling standards
Model & code equivalence checks
Code integration analysis
32
CODE VERIFICATION TOOLS: Bug Finder and Code Prover
Polyspace Code Analysis is STATIC CODE ANALYSIS
static void pointer_arithmetic (void) {
int array[100];
int *p = array;
int i;
for (i = 0; i < 100; i++) {
*p = 0;
p++;
}
if (get_bus_status() > 0) {
if (get_oil_pressure() > 0) {
*p = 5;
} else {
i++;
}
}
i = get_bus_status();
if (i >= 0) {
*(p - i) = 10;
}
}
Source code painted in green, red, gray, orange
Green: reliablesafe pointer access
Red: faultyout of bounds error
Gray: deadunreachable code
Orange: unprovenmay be unsafe for some
conditions
Purple: violationMISRA-C/C++ or JSF++
code rules
variable ‘I’ (int32): [0 .. 99]
assignment of ‘I’ (int32): [1 .. 100]
Range datatool tip
33
RESULTS OF BUG FINDER: errors and MISRA rules
MISRA 2012
MISRA 2012
34
RESULTS OF CODE PROVER: absolute absence of run time errors
NO RTE
(Run Time
Error
Code)
35
Effort / Time
Confidence
Ad-hoc testing
Design error detection
Functional& structural tests
Modeling standards
Model & code equivalence checks
Code integration analysis
Gaining Confidence in our Design
Bug Finder finds only two MISRA violations
These violations can be addressed with another transition
OR could be addressed with a different style of code generation
In both cases the re-validation is automatized
Code Prover initially finds possible overflows
If we run analysis with correct input ranges the code is “all green” no RTE
36
Polyspace Products proven on SOLAR IMPULSE
Visit me at the code verification demo booth …..
38
Conclusion
It is easier and less expensive to fix design
errors early in the process when they happen.
Model and code verification enable:
1. Early testing to increase confidence in your design
2. Delivery of higher quality software throughout the workflow
3. Greater safety!
39© 2015 The MathWorks, Inc.