Vision for Systematic V&V · Growing Complexity of Automotive Controls Engine Management...
Transcript of Vision for Systematic V&V · Growing Complexity of Automotive Controls Engine Management...
1© 2016 The MathWorks, Inc.
MathWorks Vision for Systematic
Verification and Validation
Bill Aldrich
Senior Development Manager
Simulink Verification and Validation, Simulink Design Verifier
2
Growing Complexity of Automotive Controls
Engine Management
Transmission Control
Forward Camera
Electric Power Steering
Smart Junction Box
Smart Junction Box
Battery Management
Propulsion Motor Control
DC/DC Converter
Stability Control
Infotainment
HVAC Control
Navigation
Instrument Panel
Vehicle-to-Vehicle
Vehicle-to-
Infrastructure
Short-Range Radar
Ultrasonic Sensor
Long-Range Radar
Stability Control
AirbagEmergency Braking
Automatic Parking
Adaptive Cruise Control
All-Wheel Drive
Active Damping
4-Wheel Steer
Back-up Camera
Body Control Module
Tire Pressure Monitor
Voice Recognition
Adaptive Front
Lighting
Power Window
Power Seat
Keyless Entry
Power Liftgate
E-Call
Source of graphic: http://360.here.com/2013/11/28/putting-firmly-drivers-seat/
3
Growing Complexity of Automotive Controls
Engine Management
Transmission Control
Forward Camera
Electric Power Steering
Smart Junction Box
Smart Junction Box
Battery Management
Propulsion Motor Control
DC/DC Converter
Stability Control
Infotainment
HVAC Control
Navigation
Instrument Panel
Vehicle-to-Vehicle
Vehicle-to-
Infrastructure
Short-Range Radar
Ultrasonic Sensor
Long-Range Radar
Stability Control
AirbagEmergency Braking
Automatic Parking
Adaptive Cruise Control
All-Wheel Drive
Active Damping
4-Wheel Steer
Back-up Camera
Body Control Module
Tire Pressure Monitor
Voice Recognition
Adaptive Front
Lighting
Power Window
Power Seat
Keyless Entry
Power Liftgate
E-Call
2000 2015Lines of Code
16 M
2-3M
6 M
Siemens, “Ford Motor Company Case Study,” Siemens PLM Software, 2014
McKendrick, J. “Cars become ‘datacenters on wheels’, carmakers become software companies,” ZDJNet, 2013
4
Growing Complexity of Automotive Controls
Engine Management
Transmission Control
Forward Camera
Electric Power Steering
Smart Junction Box
Smart Junction Box
Battery Management
Propulsion Motor Control
DC/DC Converter
Stability Control
Infotainment
HVAC Control
Navigation
Instrument Panel
Vehicle-to-Vehicle
Vehicle-to-
Infrastructure
Short-Range Radar
Ultrasonic Sensor
Long-Range Radar
Stability Control
AirbagEmergency Braking
Automatic Parking
Adaptive Cruise Control
All-Wheel Drive
Active Damping
4-Wheel Steer
Back-up Camera
Body Control Module
Tire Pressure Monitor
Voice Recognition
Adaptive Front
Lighting
Power Window
Power Seat
Keyless Entry
Power Liftgate
E-Call
2000 2015Lines of Code
16 M
2-3M
6 M500K
50M+
3-4M
100MToday cars
Ford Taurus
2012
Boeing 777
Space
Shuttle
Source:
https://interact.gsa.gov/sites/default/files/J3061%20JP%20presentation.pdf
5
Growing Complexity of Automotive Controls
Engine Management
Transmission Control
Forward Camera
Electric Power Steering
Smart Junction Box
Smart Junction Box
Battery Management
Propulsion Motor Control
DC/DC Converter
Stability Control
Infotainment
HVAC Control
Navigation
Instrument Panel
Vehicle-to-Vehicle
Vehicle-to-
Infrastructure
Short-Range Radar
Ultrasonic Sensor
Long-Range Radar
Stability Control
AirbagEmergency Braking
Automatic Parking
Adaptive Cruise Control
All-Wheel Drive
Active Damping
4-Wheel Steer
Back-up Camera
Body Control Module
Tire Pressure Monitor
Voice Recognition
Adaptive Front
Lighting
Power Window
Power Seat
Keyless Entry
Power Liftgate
E-Call
Source of graphic: http://360.here.com/2013/11/28/putting-firmly-drivers-seat/
6
Development Challenges
Representing complex systems
Coordinating work across teams
Working efficiently
Ensuring quality
7
Traditional Development Process
Textual
Requirements
Design
Specification
C/C++
Hand code
Object
code
Compilation
and Linking
Manual
Coding
8
Models for Specification
Textual
Requirements
C/C++
Hand code
Object
code
Compilation
and Linking
Manual
Coding
Executable
Specification
9
Model Abstraction – Work at an appropriate level of detail
Simulink
Simulink
Stateflow MATLAB
Simscape
Driveline
Simscape Multibody
Simscape Fluids
10
Complete Model Based Design Workflow, Concept to Code
Textual
Requirements
Generated
C/C++ code
Object
code
ModellingCompilation
and Linking
Code
Generation
Executable
Specification
Model used for
production code
generation
11
Complete Model Based Design Workflow, Concept to Code
Textual
Requirements
Executable
Specification
Model used for
production code
generation
Generated
C/C++ code
Object
code
ModellingCompilation
and Linking
Code
Generation
How do you ensure correctness?
12
Model-Based Design Maturity, Automotive Industry
0
20
40
60
80
100
Modeling
Simulation and Analysis
Implementation
Verification andValidation
Process, Toolsand Infrastructure
Enterprise Management
13
Model-Based Design Maturity, Automotive and Aerospace
0
20
40
60
80
100
Modeling
Simulation and Analysis
Implementation
Verification andValidation
Process, Toolsand Infrastructure
Enterprise Management
Automotive
Aerospace
14
Model Based Design Verification Workflow
Textual
Requirements
Executable
Specification
Model used for
production code
generation
Generated
C/C++ code
Object
code
ModellingCompilation
and Linking
Code
Generation
Component and system
testing
Review and
static analysis
Equivalence
testing
Equivalence
checking
15
Model Based Design Verification Workflow
Textual
Requirements
Executable
Specification
Model used for
production code
generation
Generated
C/C++ code
Object
code
ModellingCompilation
and Linking
Code
Generation
Component and system
testing
• Perform simulation
• Link and review requirements
• Isolate and test components
• Measure model coverage
• Address missing coverage
• Property proving
16
Ad-Hoc Simulation: Explore Behavior Virtually
17
Model Based Design Verification Workflow
Textual
Requirements
Executable
Specification
Model used for
production code
generation
Generated
C/C++ code
Object
code
ModellingCompilation
and Linking
Code
Generation
Component and system
testing
• Perform simulation
• Link and review requirements
• Isolate and test components
• Measure model coverage
• Generate tests for missing coverage
• Manage and organize tests
• Property proving
18
Test Harnesses
From any subsystem …
19
Test Harnesses
Isolate it with content it to
drive inputs and analyze
outputs
Can be embedded in design
model file.
From any subsystem …
Simulate
independently
20
Test Sequence Block
A test sequence block can drive
inputs
21
Test Sequence Block
A test sequence block can drive
inputs and asses outputs
22
Test Sequence Block Syntax
23
Test Sequence Block Syntax
Define
Inputs
24
Defining Pass/Fail Criteria
x
25
Model Coverage
Identify testing gaps:
• Untested switch positions
• Subsystems not executed
• Transitions not taken
• Many more …
26
Addressing Missing Coverage
Test Cases
Partial Coverage
27
Test
Generator
Simulink Design Verifier
Addressing Missing Coverage
Test Cases
Partial Coverage
28
Addressing Missing Coverage
Test Cases
Partial Coverage
Test
Generator
Simulink Design Verifier
New Test Cases
29
Addressing Missing Coverage
Test Cases
Full Coverage
New Test Cases
30
Model Based Design Verification Workflow
Textual
Requirements
Executable
Specification
Model used for
production code
generation
Generated
C/C++ code
Object
code
ModellingCompilation
and Linking
Code
Generation
Component and system
testing
• Perform simulation
• Link and review requirements
• Isolate and test components
• Measure model coverage
• Generate tests for missing coverage
• Manage and organize tests
• Property proving
31
Model Based Design Verification Workflow
Textual
Requirements
Executable
Specification
Model used for
production code
generation
Generated
C/C++ code
Object
code
ModellingCompilation
and Linking
Code
Generation
Review and
static analysis
• Manual review
• Standards compliance checking
• Design error detection
• Complexity analysis
Component and system
testing
32
Detecting Hidden Run-Time Design Errors
Design Model
Design error detection
Highlighted Model Integer overflow
Division by zero
Array out-of-bounds
Range violations
Dead Logic
33
Detecting Hidden Run-Time Design Errors
34
Detecting Hidden Run-Time Design Errors
35
Model Based Design Verification Workflow
Textual
Requirements
Executable
Specification
Model used for
production code
generation
Generated
C/C++ code
Object
code
ModellingCompilation
and Linking
Code
Generation
Equivalence
checking
• Perform SIL Testing
• Measure code coverage
• Verify code with Polyspace
• Verify consistency with Simulink
Code Inspector
Review and
static analysis
Component and system
testing
36
Coverage for Generated Code (R2016a)
Press Play
Generated Code Coverage
cruise_control
(SIL)
37
Coverage for Generated Code (R2016a)
Press Play
Can also be highlighted on model
cruise_control
(SIL)
38
Model Based Design Verification Workflow
Textual
Requirements
Executable
Specification
Model used for
production code
generation
Generated
C/C++ code
Object
code
ModellingCompilation
and Linking
Code
Generation
• Perform PIL Testing
• Perform HIL Testing
Equivalence
testingEquivalence
checkingReview and
static analysis
Component and system
testing
39
Model Based Design Verification Workflow
Textual
Requirements
Executable
Specification
Model used for
production code
generation
Generated
C/C++ code
Object
code
ModellingCompilation
and Linking
Code
Generation
Component and system
testing
Review and
static analysis
Equivalence
testing
Equivalence
checking
40
Systematic Verification
Simulink Design Verifier
Simulink Verification & Validation
Simulink Test
Ensure that verification
is systematically
performed across:
– All requirements
– Complete model structure
– Complete code structure
– All design behaviors
41
• Essential activity
Test and Verification
• Expensive to repeat
• Complex to execute
Pain Points
42
→ Faster
Test and Verification
• Essential
• Expensive
• Complex
→ More Complete
→ Simpler
Frequent,
Incremental
T&V
43
Thank You!