Increasing Design Confidence Model and Code Verification

Similar documents
Increasing Embedded Software Confidence Model and Code Verification. Daniel Martins Application Engineer MathWorks

Intro to Proving Absence of Errors in C/C++ Code

Leveraging Formal Methods Based Software Verification to Prove Code Quality & Achieve MISRA compliance

From Design to Production

Verification and Test with Model-Based Design

2015 The MathWorks, Inc. 1

Leveraging Formal Methods for Verifying Models and Embedded Code Prashant Mathapati Application Engineering Group

Static Analysis in C/C++ code with Polyspace

Automating Best Practices to Improve Design Quality

Automating Best Practices to Improve Design Quality

Developing AUTOSAR Compliant Embedded Software Senior Application Engineer Sang-Ho Yoon

Verification and Validation of High-Integrity Systems

Using Model-Based Design in conformance with safety standards

Standardkonforme Absicherung mit Model-Based Design

Automatización de Métodos y Procesos para Mejorar la Calidad del Diseño

Simulink 를이용한 효율적인레거시코드 검증방안

Jay Abraham 1 MathWorks, Natick, MA, 01760

Model-Based Design for High Integrity Software Development Mike Anthony Senior Application Engineer The MathWorks, Inc.

Simulink 모델과 C/C++ 코드에대한매스웍스의정형검증툴소개 The MathWorks, Inc. 1

Verification and Validation of Models for Embedded Software Development Prashant Hegde MathWorks India Pvt. Ltd.

Verification, Validation and Test in Model Based Design Manohar Reddy

Model-Based Design for Safety Critical Automotive Applications

Formal Verification and Automatic Testing for Model-based Development in compliance with ISO 26262

Production Code Generation and Verification for Industry Standards Sang-Ho Yoon Senior Application Engineer

WHITE PAPER. 10 Reasons to Use Static Analysis for Embedded Software Development

A Model-Based Reference Workflow for the Development of Safety-Related Software

Verification, Validation, and Test with Model-Based Design

Implementation and Verification Daniel MARTINS Application Engineer MathWorks

Simulation-based Test Management and Automation Sang-Ho Yoon Senior Application Engineer

정형기법을활용한 AUTOSAR SWC 의구현확인및정적분석

Formal Verification of Models and Code Prashant Mathapati Application Engineer Polyspace & Model Verification

Testing, Validating, and Verifying with Model-Based Design Phil Rottier

Simulink for AUTOSAR: Best Practices

DRYING CONTROL LOGIC DEVELOPMENT USING MODEL BASED DESIGN

Don t Be the Developer Whose Rocket Crashes on Lift off LDRA Ltd

Utilisation des Méthodes Formelles Sur le code et sur les modèles

Generating Industry Standards Production C Code Using Embedded Coder

Model-Based Design for Safety-Critical and Mission-Critical Applications Bill Potter Technical Marketing April 17, 2008

Model-Based Design: Design with Simulation in Simulink

GAIO. Solution. Corporate Profile / Product Catalog. Contact Information

Automatic Code Generation Technology Adoption Lessons Learned from Commercial Vehicle Case Studies

What s New with the MATLAB and Simulink Product Families. Marta Wilczkowiak & Coorous Mohtadi Application Engineering Group

Ein Modell - viele Zielsysteme

automatisiertensoftwaretests

IBM Rational Rhapsody. IBM Rational Rhapsody Kit for ISO 26262, IEC 61508, IEC and EN Overview. Version 1.9

Simulink Verification and Validation

AVS: A Test Suite for Automatically Generated Code

Verification and Validation

Workflow for Control System Design and Implementation

MATLAB/Simulink in der Mechatronik So einfach geht s!

Safety and Reliability of Software-Controlled Systems Part 14: Fault mitigation

Fault-Injection testing and code coverage measurement using Virtual Prototypes on the context of the ISO standard

Certification Authorities Software Team (CAST) Position Paper CAST-25

What functional safety module designers need from IC developers

Structural Coverage Analysis for Safety-Critical Code - Who Cares? 2015 LDRA Ltd 1

Ian Sommerville 2006 Software Engineering, 8th edition. Chapter 22 Slide 1

SCADE. SCADE Suite Tailored for Critical Applications EMBEDDED SOFTWARE

Part 5. Verification and Validation

Concurrency. State Models and Java Programs. Jeff Magee and Jeff Kramer. Concurrency: introduction 1. Magee/Kramer

What s New in Simulink Release R2016a and R2016b

StackAnalyzer Proving the Absence of Stack Overflows

Simulink to Embedded Hardware Paul Peeling MathWorks

New User: Quick Start Guide

By V-cubed Solutions, Inc. Page1. All rights reserved by V-cubed Solutions, Inc.

Static Analysis of Embedded Systems

ISO26262 This Changes Everything!

Development and Deployment of ECU based Control Systems through MBD. Imperative role of Model based design in System Engineering

People tell me that testing is

Better than Hand Generating Highly Optimized Code using Simulink and Embedded Coder

SOFTWARE QUALITY OBJECTIVES FOR SOURCE CODE

ISO Compliant Automatic Requirements-Based Testing for TargetLink

Software Verification and Validation

Objectives. Chapter 19. Verification vs. validation. Topics covered. Static and dynamic verification. The V&V process

Testing and Validation of Simulink Models with Reactis

Verification and Validation. Ian Sommerville 2004 Software Engineering, 7th edition. Chapter 22 Slide 1

Automated Requirements-Based Testing

Best Practices Process & Technology. Sachin Dhiman, Senior Technical Consultant, LDRA

Verifying source code

Designing and Analysing Power Electronics Systems Using Simscape and SimPowerSystems

ΗΜΥ 317 Τεχνολογία Υπολογισμού

Test and Evaluation of Autonomous Systems in a Model Based Engineering Context

Simulator in the-loop Environment for Autocode Verification

Failure Diagnosis and Prognosis for Automotive Systems. Tom Fuhrman General Motors R&D IFIP Workshop June 25-27, 2010

Report. Certificate Z

Certified Automotive Software Tester Sample Exam Paper Syllabus Version 2.0

Hardware-In-Loop Test Setup Automation

IDE for medical device software development. Hyun-Do Lee, Field Application Engineer

Reducing Design Errors in Complex State Machines using Model-Based Design

Coding Standards in FACE Conformance. John Thomas, Chris Edwards, and Shan Bhattacharya

Simulink as Your Enterprise Simulation Platform

Error Detection by Code Coverage Analysis without Instrumenting the Code

Accelerating Simulink Optimization, Code Generation & Test Automation Through Parallelization

Alexandre Esper, Geoffrey Nelissen, Vincent Nélis, Eduardo Tovar

Guidelines for deployment of MathWorks R2010a toolset within a DO-178B-compliant process

Development of an autonomous driving ECU platform for streamlining the development of autonomous driving vehicle applications

1 VehicleMode. Systemwdesign. Model-Based Testing with Simulink Design Verifier

T500 DUALTACH. JAQUET T500 DualTach. 2 channel measurement & monitoring instrument 2 CHANNEL TACHOMETER I N C H A R G E O F S P E E D.

Entwicklung zuverlässiger Software-Systeme, Stuttgart 30.Juni 2011

Experiences with CANoe-based Fault Injection for AUTOSAR

Verification and Validation Introducing Simulink Design Verifier

Transcription:

Increasing Design Confidence Model and Code Verification 2017 The MathWorks, Inc. 1

The Cost of Failure Ariane 5 $7,500,000,000 Rocket & payload lost 2

The Cost of Failure USS Yorktown 0 Knots Top speed 3

The Cost of Failure Therac-25 6 Casualties due to radiation overdose 4

Motivation It is easier and less expensive to fix design errors early in the process when they happen. Model-Based Design enables: 1. Early testing to increase confidence in your design 2. Delivery of higher quality software throughout the workflow 5

Confidence Gaining Confidence in our Design Ad-hoc testing Design error detection Functional & structural tests Modeling standards Model & code equivalence checks Code integration analysis Effort / Time 6

Application: Cruise Control Control speed according to setpoint 50 km/h 7

Legacy code Application: Cruise Control ECU 2 Cruise Control Module (MBD) 1 System Inputs ECU system Fuel Rate Control Module Outputs Shift Logic Control Module 8

Legacy code Application: Cruise Control ECU Cruise Control Module (MBD) System Inputs ECU system Fuel Rate Control Module Outputs Shift Logic Control Module 9

Application: Cruise Control Inputs Cruise_onoff Brake Speed Coast set Accel reset Cruise Control Module (MBD) Outputs Engaged Target speed 10

Confidence Gaining Confidence in our Design Ad-hoc testing Design error detection Functional & structural tests Modeling & coding standards Code equiv. & integration checks Effort / Time 11

Ad-hoc Tests Dashboard blocks facilitate early ad-hoc testing 12

Confidence Gaining Confidence in our Design Ad-hoc testing Design error detection Functional & structural tests Modeling & coding standards Code equiv. & integration checks Effort / Time 13

Finding Design Errors: Dead Logic 14

Finding Unintended Behavior Condition can never be false Dead logic due to uint8 operation on incdec/holdrate*10 Fix change the order of operation 10*incdec/holdrate 15

Confidence Gaining Confidence in our Design Ad-hoc testing Design error detection Functional & structural tests Modeling & coding standards Code equiv. & integration checks Effort / Time 16

Simulation Testing Workflow Requirements Did we meet requirements? Review functional behavior Design Did we completely test our model? Structural coverage report 17

Did We Completely Test our Model? Model Coverage Analysis Potential causes of less than 100% coverage: Missing requirements Over-specified design Design errors Missing tests 18

Requirements Based Functional Testing with Coverage Analysis All 14 requirements based test cases pass By analyzing model coverage results we find: Missing test cases for vehicle speed exit conditions, and Missing requirements (and test cases) for hold or continuous speed button input 19

Functional Testing with Added Requirements & Test Cases 20

Functional Testing with Added Requirements & Test Cases Added 2 new requirements for the hold case for speed setting input buttons Added 5 test cases to the original 14 requirements based test cases 3 test cases for the 2 new requirements 2 test cases for the missing test cases for the vehicle speed exist conditions 4/5 new functional test cases pass Failed test case showed overshoot beyond target speed limits Coverage analysis highlighted transitions with design errors Fixed comparison operators, (<) (<=), and (>) (>=) Now all (19) functional test cases pass with 100% model coverage! 21

Confidence Gaining Confidence in our Design Ad-hoc testing Design error detection Functional & structural tests Modeling standards Code equiv. & integration checks Effort / Time 22

Model Advisor Model Standards Checking 23

Confidence Gaining Confidence in our Design Ad-hoc testing Design error detection Functional & structural tests Modeling standards Model & code equivalence checks Effort / Time 24

Equivalence Testing: Model vs SIL or PIL Mode Testing Coverage 100% Model Testing SIL or PIL Mode Testing 25

Code Generation with Model-to-Code Traceability 26

Code Generation with Model-to-Code Traceability 27

Code Equivalence Check Results: Model vs Code 28

Code Equivalence Check Results: Model vs Code 29

Code Equivalence Check Results: Model vs Code Code Coverage 30

Code Equivalence Check Results: Model vs Code Code Coverage Re-used full coverage test vectors and harnesses from Model Verification testing Ran test vectors on generated code using Model Reference SIL mode Equivalence test performed in Simulink Test, including test execution, evaluation and presentation of the results Compared Model Coverage to Code Coverage using the SIL Code Coverage Report Successfully demonstrated code behavior matches model behavior! 31

Confidence Gaining Confidence in our Design Ad-hoc testing Design error detection Functional & structural tests Modeling standards Model & code equivalence checks Code integration analysis Effort / Time 32

Legacy code Code Integration Analysis ECU 2 Cruise Control Module (MBD) 1 System Inputs ECU system Fuel Rate Control Module Outputs Shift Logic Control Module 33

Legacy code Code Integration Analysis ECU Inputs Cruise_onoff Cruise Control Module (MBD) 2 Outputs Brake Speed Coast set Accel reset EGO Sensor ECU system Fuel Rate Control Module Gear Engaged Target speed Fuel Rate MAP Sensor Shift Logic Control Module 34

Legacy code Dead code Finding Dead Code During Integration ECU Inputs Cruise_onoff Cruise Control Module (MBD) 2 Outputs Brake Speed Coast set Accel reset EGO Sensor Inaccurate scaling for speed ECU system Fuel Rate Control Module Gear Engaged Target speed Fuel Rate MAP Sensor Shift Logic Control Module 35

Finding Dead Code with Polyspace Target speed parameter propagated to Cruise_ctrl.c [0 40] Maximum target speed = 90 Dead code 36

Root Cause for Dead Code: Speed Sensor Input Hand Code Changing analog-to-digital converter from 14 to 12-bit results in dead code MASK accounts for scaling down for new ADC from 14-bit to 12-bit CONV_FACTOR accounts for translating sensor input counts to mph Overlooked changing CONV_FACTOR for new ADC 37

Polyspace Code Analysis Start with C/C++ source code static void pointer_arithmetic (void) { int array[100]; int *p = array; int i; for (i = 0; i < 100; i++) { *p = 0; p++; } if (get_bus_status() > 0) { if (get_oil_pressure() > 0) { *p = 5; } else { i++; } } i = get_bus_status(); } if (i >= 0) { *(p - i) = 10; } 38

Polyspace Code Analysis Source code painted in green, red, gray, orange Green: reliable safe pointer access static void pointer_arithmetic (void) { int array[100]; int *p = array; int i; Red: faulty out of bounds error Gray: dead unreachable code Orange: unproven may be unsafe for some conditions for (i = 0; i < 100; i++) { *p = 0; } p++; variable I (int32): [0.. 99] assignment of I (int32): [1.. 100] if (get_bus_status() > 0) { if (get_oil_pressure() > 0) { *p = 5; } else { i++; } } i = get_bus_status(); Purple: violation MISRA-C/C++ or JSF++ code rules Range data tool tip } if (i >= 0) { *(p - i) = 10; } 39

Confidence Gaining Confidence in our Design Ad-hoc testing Design error detection Functional & structural tests Modeling standards Model & code equivalence checks Code integration analysis Effort / Time 40

Conclusion: Model-Based Design Verification Workflow Model Verification Discover design errors at design time Code Verification Gain confidence in the generated code Workflow approved by TÜV SÜD for development of safety-critical software in accordance with ISO 26262 (automotive), IEC 61508 (industrial), EN 50128 (railway), IEC 62304 (medical devices) 41

Conclusion It is easier and less expensive to fix design errors early in the process when they happen. Model-Based Design enables: 1. Early testing to increase confidence in your design 2. Delivery of higher quality software throughout the workflow 42

Change the world by Accelerating the pace of discovery, innovation, development, and learning in engineering and science 43

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback