Simulink Verification and Validation

Similar documents
Verification and Validation of Models for Embedded Software Development Prashant Hegde MathWorks India Pvt. Ltd.

Model-Based Design for High Integrity Software Development Mike Anthony Senior Application Engineer The MathWorks, Inc.

WHITE PAPER. 10 Reasons to Use Static Analysis for Embedded Software Development

Developing AUTOSAR Compliant Embedded Software Senior Application Engineer Sang-Ho Yoon

Model-Based Design for Safety-Critical and Mission-Critical Applications Bill Potter Technical Marketing April 17, 2008

Software Testing. Software Testing

Implementation and Verification Daniel MARTINS Application Engineer MathWorks

18-642: Unit Testing 1/31/ Philip Koopman

Testing, Validating, and Verifying with Model-Based Design Phil Rottier

Verification and Test with Model-Based Design

Verification and Validation Introducing Simulink Design Verifier

Software Testing. 1. Testing is the process of demonstrating that errors are not present.

Verification and Validation. Assuring that a software system meets a user s needs. Verification vs Validation. The V & V Process

Jay Abraham 1 MathWorks, Natick, MA, 01760

Testing and Validation of Simulink Models with Reactis

The testing process. Component testing. System testing

Computer Science and Software Engineering University of Wisconsin - Platteville 9-Software Testing, Verification and Validation

Lecture 18: Structure-based Testing

Verification and Validation. Ian Sommerville 2004 Software Engineering, 7th edition. Chapter 22 Slide 1

Intro to Proving Absence of Errors in C/C++ Code

1 Visible deviation from the specification or expected behavior for end-user is called: a) an error b) a fault c) a failure d) a defect e) a mistake

Automated Requirements-Based Testing

Manuel Oriol, CHCRC-C, Software Testing ABB

Automating Best Practices to Improve Design Quality

Verification and Validation of High-Integrity Systems

Leveraging Formal Methods for Verifying Models and Embedded Code Prashant Mathapati Application Engineering Group

Leveraging Formal Methods Based Software Verification to Prove Code Quality & Achieve MISRA compliance

Part 5. Verification and Validation

Simulation-based Test Management and Automation Sang-Ho Yoon Senior Application Engineer

Topic: Software Verification, Validation and Testing Software Engineering. Faculty of Computing Universiti Teknologi Malaysia

18-642: Unit Testing 9/18/ Philip Koopman

Testen zur Absicherung automatisierter Transformationsschritte im Model-Based Design

Utilisation des Méthodes Formelles Sur le code et sur les modèles

Guidelines for deployment of MathWorks R2010a toolset within a DO-178B-compliant process

By V-cubed Solutions, Inc. Page1. All rights reserved by V-cubed Solutions, Inc.

By Jason Ghidella, PhD, and Pieter J. Mosterman, PhD. Left Elevator. actuator. hydraulic system 1 left outer. left inner

XVIII. Software Testing. Laurea Triennale in Informatica Corso di Ingegneria del Software I A.A. 2006/2007 Andrea Polini

Object Oriented Software Design - I

Static Analysis in C/C++ code with Polyspace

Simulink 모델과 C/C++ 코드에대한매스웍스의정형검증툴소개 The MathWorks, Inc. 1

Evidence-based Development coupling structured argumentation with requirements development.

Objectives. Chapter 19. Verification vs. validation. Topics covered. Static and dynamic verification. The V&V process

From Design to Production

Lecture 15 Software Testing

Using Model-Based Design in conformance with safety standards

Software testing. Ian Sommerville 2006 Software Engineering, 8th edition. Chapter 23 Slide 1

O B J E C T L E V E L T E S T I N G

Best Practices Process & Technology. Sachin Dhiman, Senior Technical Consultant, LDRA

Team-Based Collaboration in Simulink

Verification, Validation and Test in Model Based Design Manohar Reddy

Chapter 10. Testing and Quality Assurance

2015 The MathWorks, Inc. 1

Part I: Preliminaries 24

Moving MATLAB Algorithms into Complete Designs with Fixed-Point Simulation and Code Generation

Using Code Coverage to Improve the Reliability of Embedded Software. Whitepaper V

Lecture 26: Testing. Software Engineering ITCS 3155 Fall Dr. Jamie Payton

Verification and Validation. Ian Sommerville 2004 Software Engineering, 7th edition. Chapter 22 Slide 1

Software Testing. Software Testing. in the textbook. Chapter 8. Verification and Validation. Verification and Validation: Goals

Overview. State-of-the-Art. Relative cost of error correction. CS 619 Introduction to OO Design and Development. Testing.

Topics in Software Testing

Ian Sommerville 2006 Software Engineering, 8th edition. Chapter 22 Slide 1

Verification and Validation

Verification and Validation

Reducing Design Errors in Complex State Machines using Model-Based Design

Architecture-driven development of Climate Control Software LMS Imagine.Lab Embedded Software Designer Siemens DF PL

People tell me that testing is

Increasing Design Confidence Model and Code Verification

Using VectorCAST/C++ with Test Driven Development. Whitepaper V

Verification and Validation

Program Correctness and Efficiency. Chapter 2

Formal Verification of Models and Code Prashant Mathapati Application Engineer Polyspace & Model Verification

Software Quality Assurance. David Janzen

Software Testing CS 408

Certitude Functional Qualification with Formal Verification. Jean-Marc Forey November 2012

Software Engineering (CSC 4350/6350) Rao Casturi

Static Analysis Techniques

Applications of Program analysis in Model-Based Design

Introducing Simulink Release 2012b for Control System Development Mark Walker MathWorks

What s New in Simulink in R2015b and R2016a

Software Engineering Fall 2015 (CSC 4350/6350) TR. 5:30 pm 7:15 pm. Rao Casturi 11/10/2015

Software Verification and Validation

Model-Based Design for Safety Critical Automotive Applications

Integration and Testing. Uses slides from Lethbridge & Laganiere, 2001

Darshan Institute of Engineering & Technology for Diploma Studies

Software Engineering Fall 2014

Software Engineering

In this Lecture you will Learn: Testing in Software Development Process. What is Software Testing. Static Testing vs.

ECE 587 Hardware/Software Co-Design Lecture 11 Verification I

Testing: Test design and testing process

Fault-Injection testing and code coverage measurement using Virtual Prototypes on the context of the ISO standard

Examination Questions Time allowed: 1 hour 15 minutes

Verification and Validation

Software Testing. Lecturer: Sebastian Coope Ashton Building, Room G.18

ΗΜΥ 317 Τεχνολογία Υπολογισμού

All the subjective part of 2011 papers solved complete reference numbers

ISO compliant verification of functional requirements in the model-based software development process

Sample Exam Syllabus

(From Glenford Myers: The Art of Software Testing)

Chapter 8 Software Testing. Chapter 8 Software testing

Testing is executing a system in order to identify any gaps, errors, or missing requirements in contrary to the actual requirements.

Transcription:

Simulink Verification and Validation Mark Walker MathWorks 7 th October 2014 2014 The MathWorks, Inc. 1

V Diagrams 3

When to Stop? A perfectly tested design would never be released Time spent on V&V is finite May be small or large How can I make the best use of this time? Early Effective 4

Early V&V The earlier a defect is discovered, the cheaper it is to fix Relative Cost to Fix Defects per Phase Found 50 45 40 35 Defect Type Requirements Design Code Test Requirements Design Code Phase Found Test 30 25 20 15 10 5 0 Relative Cost to Fix Test Code Design Requirements Source: Return on Investment for Independent Verification & Validation, NASA, 2004. 5

Effective V&V My design is well tested because I have run lots of test cases The good test cases are a small subset of the possible ones Development processes, such as DO-178C, deliver reliability Isn t this expensive to do? Bugs are expensive on all projects Simulink Verification and Validation helps automate your V&V Automated techniques are efficient, not expensive to apply They are accessible to all projects not just people making planes How can V&V be applied effectively to models 6

3 Key DO-178 Concepts Requirements traceability Testing or inspecting a design in the most important places Using analysis to show a design is testable 7

DO-178 Principle: Requirements Traceability Requirements are shown to trace completely A complete trace between higher level designs and lower level implementation is independent evidence. Every part of a design or implementation must trace Granularity of this traceability can vary A provenance for every line of code Simulink Verification and Validation helps you establish, report on and measure this linkage 8

Requirements Linking When using models, traceability = linking Requirement: Increment a clock function by 1ms Must handle years, months, days, hours, seconds and milliseconds Does not need to handle leap seconds (non-requirements) Show that the implementation is complete and error free MATLAB s addtodate can be used as a reference Alternatively, we would be reviewing results for correct answer. 9

<Demo: addtodate_early_example> 10

Design Evolution System Requirements Allocated to Software Add 1 millisecond to the time and return the result, matching the behaviour of MATLAB s addtodate function. The inputs and outputs will be in calendar form, i.e. yy:mm:dd:hr:ss:ms The resolution in each field shall be 1 unit, i.e. 1 year or 1 millisecond. Invalid dates, such as 2014:09:31:24:60:999 shall be rejected by the function. The function shall always return a valid calendar form. Additional Requirements The function will return all zeros if presented with an invalid date. January is represented by mm = 1. The first day of the month is represented by dd = 1. Midnight is represented by hr = 0. Year zero is a leap year. Years 9999 and below are valid. 11

<demo: add_to_date_early_example - Establishing links> 12

Design Evolution Invalid dates, such as 2014:09:31:24:60:999 shall be rejected by the function. Q: What should happen if the input is invalid? A: Derived requirement The function will return all zeros if presented with an invalid date. 13

<demo: Model requirements highlight and traceability report> 14

Reporting Traceability Generate reports from your traceability Identify gaps Quickly inspect for correct linkage 15

DO-178 Principle: Testing in the Right Place Every possible input: Total word width = 72 Input combinations = 2 72 = 2x10 21 Testing all at 1000/second = 150 billion years Much of the input space is invalid 2014:09:31:25:65:63:1012 Test out of range behaviour once and focus on in-range only Input combinations reduced to 3.2x10 14 (approx: 10000 x 365.25 x 24 x 60 x 60 x 1000) Testing time reduced to 10,000 years 16

Model Coverage Most of the time this function is very boring 99.9% of valid inputs Just add 1 to the millisecond value 0.1% of valid inputs Add 1 to the millisecond value and 1 to the second value 0.00167% of valid inputs Add 1 to the millisecond, second and minute values As with out of range, only need to test these once How do I find the interesting values? 17

Model Coverage Definitions of coverage: Cyclomatic Complexity Condition Coverage (CC) Decision Coverage (DC) Lookup Table Coverage Modified Condition/Decision Coverage (MCDC) Relational Boundary Coverage Saturate on Integer Overflow Coverage Signal Range Coverage Signal Size Coverage Simulink Design Verifier Coverage 18

Model Coverage Definitions of coverage: Cyclomatic Complexity Condition Coverage (CC) Decision Coverage (DC) Lookup Table Coverage Modified Condition/Decision Coverage (MCDC) Relational Boundary Coverage New in R2014b Saturate on Integer Overflow Coverage Signal Range Coverage Signal Size Coverage Simulink Design Verifier Coverage 19

Boundary Values Test for not a leap year if mod(timevec_plus_one_ms.years,4) >= uint16(1) mod(timevec_plus_one_ms.years,4) could be wrong >= could be wrong 1 could be wrong Interesting places: 0 >= 1 FALSE (Leap year) 1 >= 1 TRUE (Not a leap year) 2 >= 1 TRUE (Not a leap year) We should inspect for correct behaviour at all these conditions 0 >= 1 and 1 >= 1 sufficient for Condition Coverage Tests achieve 100% Boundary Value Coverage 20

Creating Tests Where can Boundary Coverage Complete tests come from? Write tests from the requirements + Fully independent - Needs very complete requirements Write tests from the design + Easier to work out the test cases - Need an independent way to show requirements are satisfied Tests can also be generated from requirements (if executable) and designs Be careful about independence 21

Testing for Expected Behaviour addtodate.m is our independent reference Model uses a verification subsystem to assert this behaviour Reviewing results manually against requirements would also be valid Key: Each requirement traces to a test 22

Testing for Expected Behaviour Tests link to requirements in the same way as the design 23

24

DO-178 Principle: Using analysis to show a design is testable Simulink Design Verifier What is it? Design Error Detection Test Generation Property Proving If something is testable, I get a test case. If not, SLDV proves that no test case exists The objective is unreachable <demo: test gen on add_to_date_early_example> 25

Generating Tests (Early) 3 unsatisfiable Impossible to test 26

Generating Tests (Early) Fail on Boundary Coverage and MC/DC (redundant logic) 27

Generating Tests (Early) A: Replace repeated leap year test with a single if. Q: How should I refactor this code to make it more testable? 28

Generating Tests (Early) A: Make the boundaries explicitly testable Q: How should I refactor this code to make it more testable? 29

Generating Tests (Later) 2x10 21 down to 121 30

Running the Tests We now have: A set of effective tests A means of automatically checking if they pass <demo: add_to_date_mid_example test gen and harness run> 31

Running the Tests 32

Design Evolution Invalid dates, such as 2014:09:31:24:60:999 shall be rejected by the function. Feb cases handled for rollover, but not input. 33

<demo: add_to_date test gen and coverage run> 34

Running the Tests 100% Boundary Coverage and no assertions 35

What did we find? Edge cases not handled correctly How: establishing traceability between models and requirements The implementation was not fully testable How: test generation with Simulink Design Verifier The implementation contained mistakes How: simulating at boundary coverage points and checking for expected behaviour 36

Summary Early: Good V&V helps discover defects earlier Invest in testing right from the start of development Effective: Good tool support makes advanced techniques more costeffective All projects can benefit, not just High Integrity applications 37

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback