1 © 2013 The MathWorks, Inc.
Reducing Design Errors in
Complex State Machines
using Model-Based Design
Fredrik Håbring
Senior Application Engineer
Embedded Control Systems
s1 s2
s3
2
Finding Errors Late in Project is Costly
“each delay in the detection and correction of a design
problem makes it an order of magnitude more
expensive to fix…” Clive Maxfield and Kuhoo Goyal
“EDA: Where Electronics Begins”
0%
10%
20%
30%
40%
50%
60%
SpecificationDesign
ImplementTest
60%
21%
12%
7%
8% 15%
22%
55%
Where Errors are Introduced… and Detected
Introduced
Detected
4
Control
System
Power Window System Test and Verification using Models
Armature Current
+ - 12V
Up
Up Down
Down
V+ V-
H-Bridge DC Motor
s1 s2
s3
Switches
Mechanism
State machine (high complexity)
5
Test Coverage Analysis for Models
Coverage from
first simulation
Coverage from
second simulation Total coverage
Decision coverage
Condition coverage
MC/DC
Lookup table coverage
Signal range coverage
Supported coverage types
6
Many parts not
sufficiently tested
Full coverage
desirable
Not covered
Decision Coverage
MC/DC Coverage
1
1
1
1
1
1
1
1
1
2
1
1
1
1 1
1
1
2
1
1
1
3
2
1
1
2
2
4
1
1
2
3
1
1
1
5
1
1
2
1
4
2
1
3
1
6
1
1
4
2
1
2
3
1
1
1
7
5
1
3
2
3
1
8
4
1
4
9
2
1 10 11
1
12
4
3
1
2
When to Stop Testing? Measuring Coverage
7
Formalized
Requirements
Map of Testing Methods D
eg
ree
of a
uto
ma
tio
n
Relevance for requirements
Metrics Structural Coverage
Test Design (manual)
Random Test (Monte Carlo)
Test Analysis
Test Generation
Test Metrics
Legend
Man. Review (each test run)
Test Generation covering structure Autom. Analysis
(test case independant)
Test Generation covering requirements
Regression Test (expected values)
Abstract Checks
Recorded Tests from previous test drives
Metrics Reqs Coverage
Test generation with env. constraints
8
Power Window System Requirement Example
“Whenever an obstacle is detected,
the down command shall be given
for 1 second.”
10
TRW Automotive Develops and Tests
Electric Parking Brake Using Simulink
and Simulink Design Verifier
Challenge Design tests for an electric parking brake control system
Solution Use Simulink Design Verifier to automatically generate
tests that maximize model coverage and enable
systematic design verification
Results Test development time reduced from days to hours
100 percent model coverage achieved
Formal testing begun two months into the project
“Everyone knows that errors are
much less expensive to fix when
you find them early. With Simulink
Design Verifier, we build on the
advantages of Model-Based Design
by performing formal testing in the
first phases of development."
Christoph Hellwig
TRW
Link to user story
Electronic parking brake control system.
11
Automatic Code Generation and Verification Reducing Efforts in Going from Design to Implementation
IMPLEMENTATION
Structured
Text VHDL, Verilog C, C++
MCU DSP FPGA ASIC PLC, PAC
DESIGN
REQUIREMENTS
TE
ST
& V
ER
IFIC
AT
ION
12
Automatic Code Generation and Verification Reducing Efforts in Going from Design to Implementation
IMPLEMENTATION
C, C++
MCU DSP
DESIGN
REQUIREMENTS
TE
ST
& V
ER
IFIC
AT
ION
C/C++ code verification using
Processor-in-the-Loop (PIL)
13
Automatic Code Generation and Verification Processor-in-the-Loop (PIL) Verification
Simulink
Embedded
Processor
Seria
l Serial
PIL Implementation
Code
Generation
Test
Signals Verifications
Controller
Model
C/C++ Code
14
Wärtsilä Automates Production Code
Generation for Large Industrial Embedded
Systems
Challenge Develop embedded controls for large diesel and
gas engines that lower emissions and increase
performance and reliability
Solution Use MathWorks tools for Model-Based Design to
design, test, and automatically generate embedded
code for innovative controller algorithms
Results Reusable models
20% faster code
200-300% increase in productivity
“Modern control features are
notoriously problematic to develop
and often involve extensive engine
testing. Simulink and Embedded
Coder let us design and optimize the
features early in our process, saving
a large amount of costly engine
tests.”
Johan Pensar
Wärtsilä
Wärtsilä engine.
Link to user story
15
Benefits of Model-Based Design
Design
with
Simulation
Executable
Specifications
Continuous
Test and
Verification
Automatic
Code Generation
Models
Models: Core of the Development Process
Unambiguous Description of Requirements (Executable Specification)
Fast Evaluation of Design Variants
Frontloading - Early Test and Verification
Automatic Code Generation
Better Cooperation, Communication and Collaboration
Higher Product Quality