1 © 2013 The MathWorks, Inc.

Reducing Design Errors in

Complex State Machines

using Model-Based Design

Fredrik Håbring

Senior Application Engineer

Embedded Control Systems

s1 s2

s3

2

Finding Errors Late in Project is Costly

“each delay in the detection and correction of a design

problem makes it an order of magnitude more

expensive to fix…” Clive Maxfield and Kuhoo Goyal

“EDA: Where Electronics Begins”

0%

10%

20%

30%

40%

50%

60%

SpecificationDesign

ImplementTest

60%

21%

12%

7%

8% 15%

22%

55%

Where Errors are Introduced… and Detected

Introduced

Detected

3

Power Window System Test and Verification on Prototype

4

Control

System

Power Window System Test and Verification using Models

Armature Current

+ - 12V

Up

Up Down

Down

V+ V-

H-Bridge DC Motor

s1 s2

s3

Switches

Mechanism

State machine (high complexity)

5

Test Coverage Analysis for Models

Coverage from

first simulation

Coverage from

second simulation Total coverage

Decision coverage

Condition coverage

MC/DC

Lookup table coverage

Signal range coverage

Supported coverage types

6

Many parts not

sufficiently tested

Full coverage

desirable

Not covered

Decision Coverage

MC/DC Coverage

1

1

1

1

1

1

1

1

1

2

1

1

1

1 1

1

1

2

1

1

1

3

2

1

1

2

2

4

1

1

2

3

1

1

1

5

1

1

2

1

4

2

1

3

1

6

1

1

4

2

1

2

3

1

1

1

7

5

1

3

2

3

1

8

4

1

4

9

2

1 10 11

1

12

4

3

1

2

When to Stop Testing? Measuring Coverage

7

Formalized

Requirements

Map of Testing Methods D

eg

ree

of a

uto

ma

tio

n

Relevance for requirements

Metrics Structural Coverage

Test Design (manual)

Random Test (Monte Carlo)

Test Analysis

Test Generation

Test Metrics

Legend

Man. Review (each test run)

Test Generation covering structure Autom. Analysis

(test case independant)

Test Generation covering requirements

Regression Test (expected values)

Abstract Checks

Recorded Tests from previous test drives

Metrics Reqs Coverage

Test generation with env. constraints

8

Power Window System Requirement Example

“Whenever an obstacle is detected,

the down command shall be given

for 1 second.”

9

Power Window System Formalized Requirement Example

… and EndStop is not pressed …

10

TRW Automotive Develops and Tests

Electric Parking Brake Using Simulink

and Simulink Design Verifier

Challenge Design tests for an electric parking brake control system

Solution Use Simulink Design Verifier to automatically generate

tests that maximize model coverage and enable

systematic design verification

Results Test development time reduced from days to hours

100 percent model coverage achieved

Formal testing begun two months into the project

“Everyone knows that errors are

much less expensive to fix when

you find them early. With Simulink

Design Verifier, we build on the

advantages of Model-Based Design

by performing formal testing in the

first phases of development."

Christoph Hellwig

TRW

Link to user story

Electronic parking brake control system.

11

Automatic Code Generation and Verification Reducing Efforts in Going from Design to Implementation

IMPLEMENTATION

Structured

Text VHDL, Verilog C, C++

MCU DSP FPGA ASIC PLC, PAC

DESIGN

REQUIREMENTS

TE

ST

& V

ER

IFIC

AT

ION

12

Automatic Code Generation and Verification Reducing Efforts in Going from Design to Implementation

IMPLEMENTATION

C, C++

MCU DSP

DESIGN

REQUIREMENTS

TE

ST

& V

ER

IFIC

AT

ION

C/C++ code verification using

Processor-in-the-Loop (PIL)

13

Automatic Code Generation and Verification Processor-in-the-Loop (PIL) Verification

Simulink

Embedded

Processor

Seria

l Serial

PIL Implementation

Code

Generation

Test

Signals Verifications

Controller

Model

C/C++ Code

14

Wärtsilä Automates Production Code

Generation for Large Industrial Embedded

Systems

Challenge Develop embedded controls for large diesel and

gas engines that lower emissions and increase

performance and reliability

Solution Use MathWorks tools for Model-Based Design to

design, test, and automatically generate embedded

code for innovative controller algorithms

Results Reusable models

20% faster code

200-300% increase in productivity

“Modern control features are

notoriously problematic to develop

and often involve extensive engine

testing. Simulink and Embedded

Coder let us design and optimize the

features early in our process, saving

a large amount of costly engine

tests.”

Johan Pensar

Wärtsilä

Wärtsilä engine.

Link to user story

15

Benefits of Model-Based Design

Design

with

Simulation

Executable

Specifications

Continuous

Test and

Verification

Automatic

Code Generation

Models

Models: Core of the Development Process

Unambiguous Description of Requirements (Executable Specification)

Fast Evaluation of Design Variants

Frontloading - Early Test and Verification

Automatic Code Generation

Better Cooperation, Communication and Collaboration

Higher Product Quality