model based development and advanced verification technologies · 2015-03-05 · modeling...

AdVa Software Engineering GmbH

Model Based Development and

Advanced Verification

Technologies

AdVa Software Engineering - Company Presentation

01.10.2014

AdVa Software Engineering – independent consultancy company

and service provider that offers support in setting up model based

development processes and advance verification technologies.

10 Engineers

2 Locations

◦ Munich, Germany

◦ Timisoara, Romania

Introduction – Who we are


“Using the technology of tomorrow to model today’s reality"

Modeling (MATLAB®, Simulink®, Stateflow®, IBM Rational

Statemate®, IBM Rational Rhapsody®),

Autocoding (TargetLink®, IBM Rational Statemate MicroC® , IBM

Rational Rhapsody in C®),

Advanced formal verification and test generation (BTC

EmbeddedSpecifier®, BTC EmbeddedValidator®, BTC

EmbeddedTester®, IBM Rational Rhapsody TestConductor®).

Introduction – Our focus


“Constant model simulation of functional behavior results in robust software designs"

Providing consulting on model based development and testing

process improvements in order to comply to ISO 26262, DO178B/C,

MISRA C, AUTOSAR standards.

Supporting the organizations to roll-out the model-based

technologies and safety standards in new projects.

Managing and executing projects in the area of model based

development and advance verification methods.

Introduction – What we do

“Automatic code generation speeds the development of safety-critical embedded software"


Model Based Development - Motivation


Model Based Testing– Errors and Fix Efforts

Model Based Development enables testing at earlier phases

Find and fix error where they are induced and easier to fix


Advanced Verification Technologies in the

Model-based Development Process

Requirement

Capturing

Model

Implementation

Unit Test

Integration

Test

System Test

Code

Implementation

MIL

SILSIL/PIL

PIL

SiL/PiL/HIL

Formal

Specification

Structural,

Functional and

Interface Testing

Formal

Verification

HIL


Requirements-Based Testing

8


ISO 26262 - Requirements based testing

The standard highly recommends the use of test cases that are derived from requirements

Testing should be performed on all possible execution platforms MIL/SIL/PIL


Requirements Coverage Report based on the link between the textual requirements and model (V&V toolbox or TargetLink block comments)

Requirements traceability and coverage is done automatically, regardless of the source of the tests: functional (imported) or structural (generated).

Bi-directional traceability from requirements to tests and from tests to requirements.

Requirements status (fulfilled or broken), dependant of the corresponding coverage test results (passed / failed).

Reporting: Requirements Coverage Report


Reporting of Condition, Decision, MC/DC, Transitions and States model coverage for Simulink and Stateflow charts.

Cumulative Model Coverage for hierarchical testing methods (coverage is cumulated for runs on different model hierarchy levels).

Intuitive Graphical Colouring of Simulink and Stateflow charts, including separate colouring of Transition Decision, Conditions and MC/DC Coverage.

Reporting: Model Coverage Report


Global Code Coverage (Coverage Statistics, Condition, Decision, C/DC,

MC/DC, Switch and Function Coverage)

Detailed Code Coverage (UID for test properties, links to the code and model

parts)

Coloured Code Coverage (Source Code with Coloured Coverage Indication)

Reporting: Code Coverage Analyse Report


Structural Test Generation and Back-to-Back Testing

13


ISO 26262 – Back-to-back testing and structural test generation

Standard highly recommends the use back to back testing for ASIL C and D

Test should be performed on all possible execution platforms MIL/SIL/PIL

MC/DC coverage highly recommended for ASIL level D


Structural Test Coverage Goal


Equivalence Class Test and Boundary Test (Out of Bound) are recommended and highly recommended test methods in ISO 26262 standard

Both at software unit test level and integration test level

ISO 26262 – Interface test with Equivalence Class

and Boundary Test


Equivalence Class Test Extension

Generates a C-Observer based on user selected signals type and a range interval (specified in percent)

Measurement of the observer coverage indicates how good the signal range is covered with test cases

Additional test cases for maximum equivalence class coverage can be generated

Generate Equivalence Class Test Observer


Range Violation (Out of Bound) Test Extension

Generates a C-Observer based on user selected signals

Observer indicates if the signal is in the defined Min/Max range

Can be used to generate additional test cases / formal verify if the signal can

be brought out of bound (range violation)

Generate Range Violation Test Observer


Formal Specifications, Formal Verification and

Requirements Test Generation with C-Observers

19


Formal Specification


Formal Verification


Benefits of Model Based Testing

Functional testing finds about 20-40% of the problems.

30-40% of the software problems can be directly found by using the structural

testing and back-to-back comparison.

Formal verification is relevant for testing of high level safety-critical software.

22

* Metrics Source: German Automotive OEM – Model Based Project.

Combination of test methods is recommended to achieve the high quality

ISO 26262 provided guidelines on the test methods to be used for each ASIL


Model Based Unit and Integration Testing

Rhapsody TestConductor enables Unit and integration Testing of a software

model

Model Based Automatic Test Generation

Rhapsody ATG generates test

cases with high model and

requirements coverage


Customer: German/Japanese Automotive Supplier

Context: Electronic Steering Column Lock (ASIL D)

Task: Model based development and unit testing of the main and

safety microcontrollers software

Standards: AUTOSAR, ISO26262

Tools: Doors, Matlab, Simulink, Stateflow, TargetLink,

EmbeddedTester, QAC.

Duration: 19 months ++

Team Size: up to 6 software engineers

Projects Experience


Customer: German Automotive Supplier

Context: Keyless Go and Remote-Key (ASIL B)

Task: Unit and Integration Test of Rhapsody models and generated

code

Standards: AUTOSAR, ISO26262 Tools: Rhapsody, Rhapsody

TestConductor.

Duration: 10 months.


Projects Experience


Customer: German Automotive Supplier

Context: Electric Power Steering (ASIL D)

Task: Advance formal verification of main and monitor safety code


Tools: Matlab, Simulink, EmbeddedTester.



Projects Experience


Customer: German Automotive OEM

Context: Battery Management Systems (ASIL B)

Task: Back to back testing


Tools: Matlab, Simulink, Stateflow, EmbeddedTester.


Team Size: 1 software engineer

Projects Experience


Customer: German Automotive OEM

Context: Transmission Systems (ASIL B)

Task: Automatic Test Case Generation for TargetLink and ASCET

code

Standards: ISO26262

Tools: EmbeddedTester.


Team Size: 1 software engineer

Projects Experience


We give our customers efficient and high qualitative work results in

line with the model based and safety development and verification

standards.

With AdVa Software Engineering as your reliable partner, any

endeavor in the world of embedded software development can

become a success.

Our commitment


"Model based software engineering - The future ... today"

Thanks for your attention!

Address: AdVa Software Engineering GmbH

Agnes-Pockels-Bogen 1

80992 München

Germany

Phone: +49 1577 597 2626

Email: [email protected]

Web: www.adva-software.com



model based development and advanced verification technologies · 2015-03-05 · modeling...

Documents