model-based design and automatic code generation for ... · develop safety-critical software....
TRANSCRIPT
![Page 1: Model-Based Design and Automatic Code Generation for ... · develop safety-critical software. „TargetLink effortlessly fulfills the rigorous requirements for model-based development](https://reader034.vdocument.in/reader034/viewer/2022042911/5f43e7f1b73a8417d254e630/html5/thumbnails/1.jpg)
Model-Based Design and
Automatic Code Generation for
Safety-Critical Software Development
Michael Beine
dSPACE GmbH
MAE Conference · November 2009 · Reading, UK
![Page 2: Model-Based Design and Automatic Code Generation for ... · develop safety-critical software. „TargetLink effortlessly fulfills the rigorous requirements for model-based development](https://reader034.vdocument.in/reader034/viewer/2022042911/5f43e7f1b73a8417d254e630/html5/thumbnails/2.jpg)
MATLAB®, Simulink®, Stateflow®
Established modeling environment
Simulink, Stateflow for control design
TargetLink
Worldwide leading Autocode Generation tool
Direct implementation of your Simulink / Stateflow
control algorithm
Model-Based Development – Established Tool Chain
2
![Page 3: Model-Based Design and Automatic Code Generation for ... · develop safety-critical software. „TargetLink effortlessly fulfills the rigorous requirements for model-based development](https://reader034.vdocument.in/reader034/viewer/2022042911/5f43e7f1b73a8417d254e630/html5/thumbnails/3.jpg)
Recent Automotive Examples
Audi quattro with Active Sport Differential
Dynamic Performance Control in new BMW X6Cornering
Change
direction
Accelerate
clutch
open
clutch
open
clutch
active
clutch
active
3
![Page 4: Model-Based Design and Automatic Code Generation for ... · develop safety-critical software. „TargetLink effortlessly fulfills the rigorous requirements for model-based development](https://reader034.vdocument.in/reader034/viewer/2022042911/5f43e7f1b73a8417d254e630/html5/thumbnails/4.jpg)
TargetLink in the Aerospace Industry
TargetLink has been used successfully for many years to
develop safety-critical software.
„TargetLink effortlessly fulfills the rigorous
requirements for model-based
development issued by European and
American aviation authorities.“
„Using TargetLink, we have successfully
carried out several software developments
according to DO-178B that were certified
for safety level A.“
Andreas Alaoui, Nord-Micro
4
![Page 5: Model-Based Design and Automatic Code Generation for ... · develop safety-critical software. „TargetLink effortlessly fulfills the rigorous requirements for model-based development](https://reader034.vdocument.in/reader034/viewer/2022042911/5f43e7f1b73a8417d254e630/html5/thumbnails/5.jpg)
TargetLink for all algorithms (flight control, autopilot, flight management, calculation of
flight data, navigation, signal consolidation in the triplex redundant system)
45% of the source code of the flight control computer was generated automatically using
TargetLink
EADS Unmanned Aerial Vehicle (UAV) „Barracuda“
6
![Page 6: Model-Based Design and Automatic Code Generation for ... · develop safety-critical software. „TargetLink effortlessly fulfills the rigorous requirements for model-based development](https://reader034.vdocument.in/reader034/viewer/2022042911/5f43e7f1b73a8417d254e630/html5/thumbnails/6.jpg)
Certification of TargetLink
TÜV SÜD Automotive GmbH, German
certification authority, evaluated TargetLink,
with the following result:
TÜV granted the following certificate
1 EN 50128, standard for safety-related railway software, for example, is considered as a sector-specific standard
derived from IEC 61508.
TargetLink code generator is fit for purpose to
develop safety-related software according to
IEC 61508
ISO DIS 26262
derivative standards such as EN 5012811.
7
![Page 7: Model-Based Design and Automatic Code Generation for ... · develop safety-critical software. „TargetLink effortlessly fulfills the rigorous requirements for model-based development](https://reader034.vdocument.in/reader034/viewer/2022042911/5f43e7f1b73a8417d254e630/html5/thumbnails/7.jpg)
TargetLink Reference Workflow
TargetLink Reference Workflow for the
development of safety-critical systems
provides guidance on how to fulfill functional
safety requirements with model-based
development methods and tools
is based on best practices and experiences
from many different production projects
8
![Page 8: Model-Based Design and Automatic Code Generation for ... · develop safety-critical software. „TargetLink effortlessly fulfills the rigorous requirements for model-based development](https://reader034.vdocument.in/reader034/viewer/2022042911/5f43e7f1b73a8417d254e630/html5/thumbnails/8.jpg)
TargetLink Reference Workflow
Topics covered
Requirements Traceability
Software Architecture Considerations
Modeling and Coding Guidelines
Software Unit and Integration Testing
Mapping to IEC 61508 and ISO 26262
![Page 9: Model-Based Design and Automatic Code Generation for ... · develop safety-critical software. „TargetLink effortlessly fulfills the rigorous requirements for model-based development](https://reader034.vdocument.in/reader034/viewer/2022042911/5f43e7f1b73a8417d254e630/html5/thumbnails/9.jpg)
Model-Based Software Development
Control Design Implementation
obj
Requirements Controller model Implementation model Source code
Modeling Modeling Code
Generation
Compile
Link
Design and Implementation
From textual requirements via executable specifications and code generation to object
code
Design and Code Verification
Verification und validation of model and code
Obj. code
Design Verification Code Verification
10
![Page 10: Model-Based Design and Automatic Code Generation for ... · develop safety-critical software. „TargetLink effortlessly fulfills the rigorous requirements for model-based development](https://reader034.vdocument.in/reader034/viewer/2022042911/5f43e7f1b73a8417d254e630/html5/thumbnails/10.jpg)
Modeling Guidelines
Control Design Implementation
obj
Requirements Controller model Implementation model Source code
Modeling Modeling Code
Generation
Compile
Link
Obj. code
11
MISRA AC TL
Special focus on functional safety
Guidance for using TargetLink to avoid pitfalls on both,
model level and code level
Available at MISRA web store
see www.misra.org.uk
![Page 11: Model-Based Design and Automatic Code Generation for ... · develop safety-critical software. „TargetLink effortlessly fulfills the rigorous requirements for model-based development](https://reader034.vdocument.in/reader034/viewer/2022042911/5f43e7f1b73a8417d254e630/html5/thumbnails/11.jpg)
Modeling Guidelines
Select guidelines
From available standard guidelines documents
Determine project-specific guidelines
Document which guidelines have been selected
Ensure and document that guidelines are followed
Control Design Implementation
obj
Requirements Controller model Implementation model Source code
Modeling Modeling Code
Generation
Compile
Link
Obj. code
12
![Page 12: Model-Based Design and Automatic Code Generation for ... · develop safety-critical software. „TargetLink effortlessly fulfills the rigorous requirements for model-based development](https://reader034.vdocument.in/reader034/viewer/2022042911/5f43e7f1b73a8417d254e630/html5/thumbnails/12.jpg)
Tool Support for Automated Guideline Checking
Control Design Implementation
obj
Requirements Controller model Implementation model Source code
Modeling Modeling Code
Generation
Compile
Link
Obj. code
13
Model Examiner (MXAM) from Model
Engineering Solutions
Checks for MISRA AC TL, dSPACE
TargetLink and MAAB guidelines
Easy integration of project-specific
guidelines and model checks
Reports of all detected guideline violations
Further tools available,
e.g. StyleChecker from AFT
![Page 13: Model-Based Design and Automatic Code Generation for ... · develop safety-critical software. „TargetLink effortlessly fulfills the rigorous requirements for model-based development](https://reader034.vdocument.in/reader034/viewer/2022042911/5f43e7f1b73a8417d254e630/html5/thumbnails/13.jpg)
Coding Guidelines
Control Design Implementation
obj
Requirements Controller model Implementation model Source code
Modeling Modeling Code
Generation
Compile
Link
Obj. code
MISRA C:2004 guidelines
MISRA C Compliance Document for TargetLink
Commercial of the shelf MISRA C compliance
checker tools available
Legacy or handwritten code that is part of the
model is also checked
Violation in generated code have to be compared
to known and accepted violations described in
the MISRA C compliance document
14
![Page 14: Model-Based Design and Automatic Code Generation for ... · develop safety-critical software. „TargetLink effortlessly fulfills the rigorous requirements for model-based development](https://reader034.vdocument.in/reader034/viewer/2022042911/5f43e7f1b73a8417d254e630/html5/thumbnails/14.jpg)
Reports for Off-PC reviews
Model and Code Reviews
15
![Page 15: Model-Based Design and Automatic Code Generation for ... · develop safety-critical software. „TargetLink effortlessly fulfills the rigorous requirements for model-based development](https://reader034.vdocument.in/reader034/viewer/2022042911/5f43e7f1b73a8417d254e630/html5/thumbnails/15.jpg)
Code with hyperlinks to the model and data dictionary
Model and Code Reviews
16
![Page 16: Model-Based Design and Automatic Code Generation for ... · develop safety-critical software. „TargetLink effortlessly fulfills the rigorous requirements for model-based development](https://reader034.vdocument.in/reader034/viewer/2022042911/5f43e7f1b73a8417d254e630/html5/thumbnails/16.jpg)
Model-Based Software Development
Control Design Implementation
obj
Requirements Controller model Implementation model Source code
Modeling Modeling Code
Generation
Compile
Link
Implicit division into
Model level (Design)
Code level (Implementation)
Obj. code
Design Verification Code Verification
17
![Page 17: Model-Based Design and Automatic Code Generation for ... · develop safety-critical software. „TargetLink effortlessly fulfills the rigorous requirements for model-based development](https://reader034.vdocument.in/reader034/viewer/2022042911/5f43e7f1b73a8417d254e630/html5/thumbnails/17.jpg)
Verification of Code
Equivalence between model and generated code
Basics of Model-Based Verification and Validation
obj
Requirements Controller model Implementation model Source code
Modeling Modeling Code
Generation
Compile
Link
Obj. code
Design Verification Code Verification
Verification of the model
Model is correct, meets requirements, contains no unintended functionality
Result
Code is correct and meets requirements
18
![Page 18: Model-Based Design and Automatic Code Generation for ... · develop safety-critical software. „TargetLink effortlessly fulfills the rigorous requirements for model-based development](https://reader034.vdocument.in/reader034/viewer/2022042911/5f43e7f1b73a8417d254e630/html5/thumbnails/18.jpg)
Basics of Model-Based Verification and Validation
Simulation as basis for software test
obj
Requirements Controller model Implementation model Source code
Modeling Modeling Code
Generation
Compile
Link
Obj. code
Design Verification Code Verification
19
![Page 19: Model-Based Design and Automatic Code Generation for ... · develop safety-critical software. „TargetLink effortlessly fulfills the rigorous requirements for model-based development](https://reader034.vdocument.in/reader034/viewer/2022042911/5f43e7f1b73a8417d254e630/html5/thumbnails/19.jpg)
Verification of Code
Equivalence between model and generated code
Verification and Validation Methods
obj
Requirements Controller model Implementation model Source code
Modeling Modeling Code
Generation
Compile
Link
Obj. code
Design Verification Code Verification
Verification of the model
Model is correct, meets requirements, contains no unintended functionality
Result
Code is correct and meets requirements
Back-to-back Tests
Model (MIL) Code (SIL/PIL)
Requirements Based Test and Simulation
Formal Verification
20
![Page 20: Model-Based Design and Automatic Code Generation for ... · develop safety-critical software. „TargetLink effortlessly fulfills the rigorous requirements for model-based development](https://reader034.vdocument.in/reader034/viewer/2022042911/5f43e7f1b73a8417d254e630/html5/thumbnails/20.jpg)
Back-to-back Testing
Core testing method
Assure that the code correctly implements the verified model
21
![Page 21: Model-Based Design and Automatic Code Generation for ... · develop safety-critical software. „TargetLink effortlessly fulfills the rigorous requirements for model-based development](https://reader034.vdocument.in/reader034/viewer/2022042911/5f43e7f1b73a8417d254e630/html5/thumbnails/21.jpg)
Back-to-back Testing
Core testing method
Assure that the code correctly implements the verified model
22
![Page 22: Model-Based Design and Automatic Code Generation for ... · develop safety-critical software. „TargetLink effortlessly fulfills the rigorous requirements for model-based development](https://reader034.vdocument.in/reader034/viewer/2022042911/5f43e7f1b73a8417d254e630/html5/thumbnails/22.jpg)
Back-to-back Testing – Tool Support
EmbeddedTesterBASE
Automatic Test Execution & Regression
Automatic Test Evaluation
Automatic Regression Reporting
23
![Page 23: Model-Based Design and Automatic Code Generation for ... · develop safety-critical software. „TargetLink effortlessly fulfills the rigorous requirements for model-based development](https://reader034.vdocument.in/reader034/viewer/2022042911/5f43e7f1b73a8417d254e630/html5/thumbnails/23.jpg)
TargetLink
Structural Testing
Model Coverage
Simulink V&V
Toolbox
Code Coverage
Statement / Decision
MC / DCModified Condition/Decision Coverage
Test Vector Generation
24
![Page 24: Model-Based Design and Automatic Code Generation for ... · develop safety-critical software. „TargetLink effortlessly fulfills the rigorous requirements for model-based development](https://reader034.vdocument.in/reader034/viewer/2022042911/5f43e7f1b73a8417d254e630/html5/thumbnails/24.jpg)
TargetLink Reference Workflow
The complete Reference Workflow document is
available from dSPACE
Please contact your dSPACE representative
for a copy
![Page 25: Model-Based Design and Automatic Code Generation for ... · develop safety-critical software. „TargetLink effortlessly fulfills the rigorous requirements for model-based development](https://reader034.vdocument.in/reader034/viewer/2022042911/5f43e7f1b73a8417d254e630/html5/thumbnails/25.jpg)
Summary
Model-based development is widely applied in the industry
The TÜV certified Autocode generator TargetLink is used with success to develop safety-
critical software in several industries, including Aerospace and Defense
TargetLink Reference Workflow based on best practice industry experiences provides
guidance on the application of model-based development for safety-critical system
26
![Page 26: Model-Based Design and Automatic Code Generation for ... · develop safety-critical software. „TargetLink effortlessly fulfills the rigorous requirements for model-based development](https://reader034.vdocument.in/reader034/viewer/2022042911/5f43e7f1b73a8417d254e630/html5/thumbnails/26.jpg)
Thank you for listening!
Michael Beine
dSPACE GmbH · E-mail: [email protected]
MAE Conference · November 2009 · Reading, UK