Verification and Test with Model-Based Design

Similar documents
Intro to Proving Absence of Errors in C/C++ Code

Jay Abraham 1 MathWorks, Natick, MA, 01760

2015 The MathWorks, Inc. 1

Leveraging Formal Methods Based Software Verification to Prove Code Quality & Achieve MISRA compliance

From Design to Production

Simulink 모델과 C/C++ 코드에대한매스웍스의정형검증툴소개 The MathWorks, Inc. 1

Verification and Validation of Models for Embedded Software Development Prashant Hegde MathWorks India Pvt. Ltd.

Static Analysis in C/C++ code with Polyspace

Leveraging Formal Methods for Verifying Models and Embedded Code Prashant Mathapati Application Engineering Group

Increasing Design Confidence Model and Code Verification

Automating Best Practices to Improve Design Quality

Increasing Embedded Software Confidence Model and Code Verification. Daniel Martins Application Engineer MathWorks

Verification and Validation of High-Integrity Systems

Model-Based Design for High Integrity Software Development Mike Anthony Senior Application Engineer The MathWorks, Inc.

WHITE PAPER. 10 Reasons to Use Static Analysis for Embedded Software Development

Implementation and Verification Daniel MARTINS Application Engineer MathWorks

Automatización de Métodos y Procesos para Mejorar la Calidad del Diseño

Automating Best Practices to Improve Design Quality

Utilisation des Méthodes Formelles Sur le code et sur les modèles

Developing AUTOSAR Compliant Embedded Software Senior Application Engineer Sang-Ho Yoon

정형기법을활용한 AUTOSAR SWC 의구현확인및정적분석

Using Model-Based Design in conformance with safety standards

Model-Based Design for Safety Critical Automotive Applications

By V-cubed Solutions, Inc. Page1. All rights reserved by V-cubed Solutions, Inc.

Standardkonforme Absicherung mit Model-Based Design

Model-Based Design for Safety-Critical and Mission-Critical Applications Bill Potter Technical Marketing April 17, 2008

Verification, Validation, and Test with Model-Based Design

Guidelines for deployment of MathWorks R2010a toolset within a DO-178B-compliant process

By Jason Ghidella, PhD, and Pieter J. Mosterman, PhD. Left Elevator. actuator. hydraulic system 1 left outer. left inner

Automated Requirements-Based Testing

Formal Verification of Models and Code Prashant Mathapati Application Engineer Polyspace & Model Verification

Workflow for Control System Design and Implementation

Testing, Validating, and Verifying with Model-Based Design Phil Rottier

Verification, Validation and Test in Model Based Design Manohar Reddy

Verification and Validation Introducing Simulink Design Verifier

Simulink Verification and Validation

Reducing Design Errors in Complex State Machines using Model-Based Design

A Model-Based Reference Workflow for the Development of Safety-Related Software

Model-Based Design: Design with Simulation in Simulink

automatisiertensoftwaretests

Testen zur Absicherung automatisierter Transformationsschritte im Model-Based Design

Hybrid Verification in SPARK 2014: Combining Formal Methods with Testing

Test and Evaluation of Autonomous Systems in a Model Based Engineering Context

Better than Hand Generating Highly Optimized Code using Simulink and Embedded Coder

Don t Be the Developer Whose Rocket Crashes on Lift off LDRA Ltd

Deriving safety requirements according to ISO for complex systems: How to avoid getting lost?

Testing and Validation of Simulink Models with Reactis

Part 5. Verification and Validation

Principles of Software Construction: Objects, Design, and Concurrency (Part 2: Designing (Sub )Systems)

Introduction to Control Systems Design

Unit Testen en embedded software Fout injectie en Software varianten

Testing. ECE/CS 5780/6780: Embedded System Design. Why is testing so hard? Why do testing?

What s New with the MATLAB and Simulink Product Families. Marta Wilczkowiak & Coorous Mohtadi Application Engineering Group

Automatic Qualification of Abstract Interpretation-based Static Analysis Tools. Christian Ferdinand, Daniel Kästner AbsInt GmbH 2013

Ingegneria del Software Corso di Laurea in Informatica per il Management

Verifying source code

Static Analysis of Embedded Systems

Making the Most of your MATLAB Models to Improve Verification

Integrated Workflow to Implement Embedded Software and FPGA Designs on the Xilinx Zynq Platform Puneet Kumar Senior Team Lead - SPC

Pierce Ch. 3, 8, 11, 15. Type Systems

Objectives. Chapter 19. Verification vs. validation. Topics covered. Static and dynamic verification. The V&V process

Safety and Reliability of Software-Controlled Systems Part 14: Fault mitigation

ACCELERATING DO-254 VERIFICATION

Formal Verification and Automatic Testing for Model-based Development in compliance with ISO 26262

MATLAB/Simulink in der Mechatronik So einfach geht s!

Verification and Validation. Ian Sommerville 2004 Software Engineering, 7th edition. Chapter 22 Slide 1

Entwicklung zuverlässiger Software-Systeme, Stuttgart 30.Juni 2011

Verification and Validation

Verification and Validation

StackAnalyzer Proving the Absence of Stack Overflows

Verification and Validation

Topic: Software Verification, Validation and Testing Software Engineering. Faculty of Computing Universiti Teknologi Malaysia

Ian Sommerville 2006 Software Engineering, 8th edition. Chapter 22 Slide 1

Verification and Validation

Software Verification and Validation

Addressing Future Challenges in the Development of Safe and Secure Software Components The MathWorks, Inc. 1

Automatic Code Generation Technology Adoption Lessons Learned from Commercial Vehicle Case Studies

SOFTWARE QUALITY OBJECTIVES FOR SOURCE CODE

ISO compliant verification of functional requirements in the model-based software development process

Using Code Coverage to Improve the Reliability of Embedded Software. Whitepaper V

Three General Principles of QA. COMP 4004 Fall Notes Adapted from Dr. A. Williams

Verification & Validation of Open Source

Final Presentation AUTOCOGEQ GMV, 2017 Property of GMV All rights reserved UNCLASSIFIED INFORMATION

ISO Compliant Automatic Requirements-Based Testing for TargetLink

IDE for medical device software development. Hyun-Do Lee, Field Application Engineer

What's new in MATLAB and Simulink for Model-Based Design

An Eclipse Plug-in for Model Checking

Codegenerierung für Embedded Systeme leicht gemacht So geht s!

Software Quality Assurance & Testing

Best Practices Process & Technology. Sachin Dhiman, Senior Technical Consultant, LDRA

1 Visible deviation from the specification or expected behavior for end-user is called: a) an error b) a fault c) a failure d) a defect e) a mistake

CSE 403: Software Engineering, Fall courses.cs.washington.edu/courses/cse403/16au/ Unit Testing. Emina Torlak

Bounded Model Checking Of C Programs: CBMC Tool Overview

Applications of Program analysis in Model-Based Design

Certification Authorities Software Team (CAST) Position Paper CAST-25

Important From Last Time

Static program checking and verification

Simulink for AUTOSAR: Best Practices

Program Verification. Aarti Gupta

ABSTRACT INTERPRETATION

Transcription:

Verification and Test with Model-Based Design Flight Software Workshop 2015 Jay Abraham 2015 The MathWorks, Inc. 1

The software development process Develop, iterate and specify requirements Create high level and low level design components Requirements Design Coding Integration Convert design to source code (C/C++ software) Integrate software with complete system, commence system level tests 2

Relative number of errors detected Phase where errors are found 40 Errors are typically found late in the process! 30 20 10 Latent errors may remain in the software! 0 Requirements phase Design phase Coding phase Testing phase Source: How good is the software: A review of defect prevention techniques; Brad Clark, David Zubrow, Carnegie Mellon Software Engineering Institute; Software Engineering Symposium 2001 3

Model-Based Design Requirements Design Coding Integration RESEARCH REQUIREMENTS DESIGN Environmental Models Mechanical Electrical Control Algorithms Supervisory Logic IMPLEMENTATION (Coding) Models that describe your design Executable specification VHDL, Structured C, C++ Evaluate Verilogand test Text in simulation Integration (Test) Start finding problems early MCU Before DSP FPGAgetting ASIC PLC, to PAC code Before hardware is ready Continuous Verification and Validation 4

Modeling and simulation with Model-Based Design Reference: http://www.flightgear.org/ 5

Modeling and simulation with Model-Based Design Reference: http://www.flightgear.org/ 6

Simulation and modeling with Model-Based Design Now that you are done simulating, are you done? Can you generate code for your controller and go directly to hardware? Could there be other bugs in your design that could be detected earlier? Could there be hidden bugs lurking in your design? 7

Requirement errors and their consequences Requirements Design Coding Integration Missing or incomplete requirements Design may not meet customer needs Design lacks sufficient requirements Design may not work as expected Inconsistent requirements Design may exhibit unintended behavior 8

Finding and fixing requirement errors early Requirements Design Coding Integration Bi-directionally trace requirements From requirements to design and visa-versa Check that all requirements map to design components Confirm expected behavior with simulation-based tests Execute simulation-based tests that map to requirements Identify unintended behavior or deviations Complement testing with formal methods Prove that design meets safety requirements Use counter examples to debug design 9

Confirm requirements map to design Produce requirements trace reports Identify missing requirements! Design components that do not map to a requirement Indicative of incorrect design, or misinterpreting requirements Avoid finding unintended behaviors late in project phases Tool: Simulink Verification and Validation 10

Finding and fixing requirement errors early Requirements Design Coding Integration Bi-directionally trace requirements From requirements to design and visa-versa Check that all requirements map to design components Confirm expected behavior with simulation-based tests Execute simulation-based tests that map to requirements Identify unintended behavior or deviations Complement testing with formal methods Prove that design meets safety requirements Use counter examples to debug design 11

Execute functional tests in simulation Time series test vectors Define test vectors in Excel and other formats Pass / fail results Tool: Simulink Test 12

Execute functional tests in simulation Sequence based tests and assessments Requirement In the event of an failure condition of the position sensor or low hydraulic pressure, the Fault Detection Isolation and Recovery (FDIR) application shall select the primary actuator to isolated mode Tool: Simulink Test 13

Finding and fixing requirement errors early Requirements Design Coding Integration Bi-directionally trace requirements From requirements to design and visa-versa Check that all requirements map to design components Confirm expected behavior with simulation-based tests Execute simulation-based tests that map to requirements Identify unintended behavior or deviations Complement testing with formal methods Prove that design meets safety requirements Use counter examples to debug design 14

Complement testing with formal methods Graphical representation of safety requirements for thrust reverser If average airspeed > 150knots, deploy cannot be true If two WOW sensors are false, deploy cannot be true If either wheelspeed sensor < 10 knots, deploy cannot be true Tool: Simulink Design Verifier 15

Counter example test generation Tool: Simulink Design Verifier 16

Implementation errors and their consequences Requirements Design Coding Integration Example implementation errors Dead logic or unreachable states Overflow, divide by zero, other mathematical errors Consequences Incorrect operation when presented with abnormal inputs Design may fail catastrophically (design is not robust) 17

Finding and fixing implementation errors early Requirements Design Coding Integration With formal methods, prove absence of Dead logic or unreachable states (with model checking) Overflow, divide by zero, out of bound arrays (with abstract interpretation) 18

Confirm design is free of implementation errors Prove absence of dead logic, unreachable states Tool: Simulink Design Verifier 19

Confirm design is free of implementation errors Prove absence of overflow, divide by zero, and other design errors Overflow proven not to occur (colored GREEN) Overflow and divide by zero proven not to occur (colored GREEN) Tool: Simulink Design Verifier Overflow proven to occur (colored RED) 20

Finding and fixing implementation errors early Requirements Design Coding Integration Test completeness of design Simulation-based tests to confirm design testability All execution paths and conditions have been exercised Use coverage metrics to confirm design has been fully tested User defined input vectors System Under Test Coverage Report 21

Confirm design is fully tested Tool: Simulink Verification and Validation, Simulink Test 22

Generate additional tests with formal methods Top off functional tests with generated tests Use model checking to explore state space Generate missing test-cases to execute all paths Tests generated for decision, condition, MC/DC, table User defined input vectors Generate input vectors System Under Test Cumulative Coverage Report Tool: Simulink Design Verifier, Simulink Test 23

Consistency issues and their consequences Requirements Design Coding Integration Design fails to meet standards compliance Failure to certify development process and or software Design model and code do not match Functional behavior is different (e.g. timing, logic, etc.) Differences between floating point simulation vs. fixed point 24

Addressing consistency issues Requirements Design Coding Integration Check design compliance to standards E.g. do input signals specify min/max? Certification standard: ISO 26262, DO-178C Industry standards: MISRA, MAAB Equivalence testing of model and code Software In the Loop (SIL): test that code compiled on host computer matches simulation results Processor In the Loop (PIL): test that code executing on target processor matches simulation results 25

Check model complies with standards Tool: Simulink Verification and Validation 26

Test Vectors Compare Confirm design and code consistency Execute all tests to check equivalence of model to code Normal mode simulation model Code generated from model, compiled on host Tool: Simulink Test 27

Integrated code concerns Requirements Design Coding Integration Code generation automates coding process But generated code will be integrated with other code Examples: driver code, RTOS services, etc. Deployed code Consists of handwritten and generated code Important to consider the interfaces to avoid functional and robustness problems Potential issues to consider Runtime errors; non initialized variables, bad pointers, etc. 28

Finding runtime errors before production Requirements Design Coding Integration Formal methods based static code analysis Gain insight into the runtime behavior of the software Verify code without executing the software or running tests Confirm integrated code is robust Prove software free of critical bugs (with abstract interpretation) Find critical runtime errors 29

Verify robustness of integrated code Requirements Design Coding Integration Formal methods with Abstract Interpretation can prove: c = a + b; will never overflow j = arr[i]; i will always be within array bounds *ptr = 12; will never be an illegal dereference w = x / (y + z); y never equal to -z or visa versa (divide by zero) And many more 30

Verify robustness of integrated code Polyspace formal methods static analysis Green: reliable safe pointer access Red: faulty out of bounds error Gray: dead unreachable code Orange: unproven may be unsafe for some conditions static void pointer_arithmetic (void) { int array[100]; int *p = array; int i; for (i = 0; i < 100; i++) { *p = 0; p++; } if (get_bus_status() > 0) { if (get_oil_pressure() > 0) { *p = 5; } else { i++; } } i = get_bus_status(); Purple: violation code rules } if (i >= 0) { *(p - i) = 10; } Tool: Polyspace Code Prover 31

Summary of V&V with Model-Based Design Confirm requirements map to design Execute functional tests, perform formal verification, generate tests Requirements Design Coding Integration With testing, confirm model and design are consistent Verify robustness of integrated code 32

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback