# MATLAB EXPO 2018

Automating Best Practices to Improve Design Quality

**Daniel Martins** 





# Why do 71% of Embedded Projects Fail?

# **Poor Requirements Management**

Sources: Christopher Lindquist, Fixing the Requirements Mess, CIO Magazine, Nov 2005 MATLAB EXPO 2018



#### **Key Takeaways**

- Author, manage requirements in Simulink
- Early verification to find defects sooner
- Automate manual verification tasks
- Workflow that conforms to safety standards



## **Challenge with Traditional Development Process**





#### **Simulink Models for Specification**





#### **Complete Model Based Design**





### **Model Based Design Verification Workflow**



📣 MathWorks<sup>.</sup>

### **Challenges with Requirements**





#### **Gap Between Requirements and Design**



# Simulink Requirements





**R**2017**b** 

A MathWorks

### **Import Requirements from External Sources**





### Link Requirements, Designs and Tests





### **Track Implementation and Verification**

|                     |     | a a 🔏 🗎 🛱 🗑 🤇                  |                                   | ₽×                         |  |
|---------------------|-----|--------------------------------|-----------------------------------|----------------------------|--|
| iew: Requirements 🔻 |     | Search                         |                                   |                            |  |
| ıdex                | ID  | Summary                        | Implemented                       | Verified                   |  |
| rs_req_func_spec*   | —   | -                              |                                   |                            |  |
| > 🗐 1               | #1  | Driver Switch Request Handling |                                   |                            |  |
| ✓                   | #19 | Cruise Control Mode            | Cruise Control Mode               |                            |  |
| > 🖹 2.1             | #20 | Disable Cruise Control system  | Disable Cruise Control system     |                            |  |
| > 🖹 2.2             | #24 | Operation mode determination   |                                   | ×                          |  |
|                     |     |                                |                                   |                            |  |
|                     |     |                                |                                   |                            |  |
| eady                |     |                                | diagnos                           | tics 190                   |  |
| Ready               | -   |                                | Implementation Status             | Verification Status        |  |
| eady                |     |                                |                                   |                            |  |
| eady                |     |                                | Implementation Status             | Verification Status        |  |
| eady                |     |                                | Implementation Status Implemented | Verification Status Passed |  |



### **Respond to Change**



14



### **Verify Design to Guidelines and Standards**





#### Automate verification with static analysis



Check for:

- Readability and Semantics
- Performance and Efficiency
- Clones
- And more.....





#### **Generate reports for reviews and documentation**



generation

**Generated code** 



### **Navigate to Problematic Blocks**

| Block                              | Plock<br>Type   | Code<br>generation<br>support | Recommendation for C/C++<br>production code deployment |
|------------------------------------|-----------------|-------------------------------|--------------------------------------------------------|
| /Intake Manifold/p0<br>= 0.589 bar | Integrator      | Yes <u>1</u> , <u>2</u>       | No                                                     |
| sldemo_fuelsys/Throttle<br>Command | Repeating table | Yes <u>3</u>                  | No                                                     |







# **Guidance Provided to Address Issues or Automatically Correct**

#### **Recommended Action**

Although Embedded Coder supports these blocks, they are not recommended for C/C++ production code deployment. Review the support notes for these blocks and follow the given advice.





#### Built in checks for industry standards and guidelines

- DO-178/DO-331 N
  - MISRA C:2012
  - CERT C, CWE, ISO/IEC TS 17961

• IEC 61508

**ISO 26262** 

•

- IEC 62304
- EN 50128

- MAAB (MathWorks Automotive Advisory Board)
- JMAAB (Japan MATLAB Automotive Advisory Board)





#### **Configure and customize analysis**





#### Checks for standards and guidelines are often performed late





# **Shift Verification Earlier With Edit-Time Checking**

- Highlight violations as you edit
- Fix issues earlier





## **Assess Quality with Metrics Dashboard**



- Consolidated view of metrics
  - Size
  - Compliance
  - Complexity
- Identify where problem areas may be

# **Grid Visualization for Metrics**



# R2018a

MathWorks<sup>®</sup>

- Visualize Standards Check Compliance
  - Find Issues
  - Identify patterns
  - See hot spots





#### **Detect Design Errors with Formal Methods**



- Find run-time design errors:
  - Integer overflow
  - Dead Logic
  - Division by zero
  - Array out-of-bounds
  - Range violations
- Generate counter example to reproduce error





#### **Prove That Design Meets Requirements**



- Prove design properties using formal requirement models
- Model functional and safety requirements
- Generates counter example for analysis and debugging





#### **Functional Testing**





# **Systematic Functional Testing**



A MathWorks

## **Manage Testing and Test Results**

| ew Open Save                                                                                  |                                                                                                    |                                    |                                              |
|-----------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------|------------------------------------|----------------------------------------------|
| • • • Paste • •                                                                               | top Report Visualize Highlight CEExport Help in Model                                              |                                    |                                              |
| FILE EDIT RUN                                                                                 |                                                                                                    |                                    |                                              |
| Test Browser Results and Artifacts                                                            | Start Page × Slow Accel ×                                                                          |                                    |                                              |
| Filter Tests                                                                                  | Slow Accel                                                                                         | C Epobled                          |                                              |
| ComponentTesting                                                                              |                                                                                                    | A Test Manager                     |                                              |
| General Performance Test     General and Response tests                                       | ComponentTesting > Functional and Regression tests > Signal Builder Baseline examples > Slow Accel | TESTS VISUALIZE FORMAT             |                                              |
| <ul> <li>Functional and Regression tests</li> <li>Signal Builder Baseline examples</li> </ul> | Baseline Test                                                                                      |                                    |                                              |
| Slow Accel                                                                                    | DESCRIPTION     REQUIREMENTS                                                                       | 🛛 📴 🕂 🗘 🦉                          |                                              |
| E Fast Accel                                                                                  | REQUIREMENTS     SYSTEM UNDER TEST                                                                 |                                    | end to Figure                                |
| Decel                                                                                         |                                                                                                    | • in Model                         |                                              |
| ExcelDrivenExamples                                                                           | ► PARAMETER OVERRIDES                                                                              | EDIT ZOOM & PAN MEASURE & TRACE    | SHARE                                        |
| Software-in-the-loop Testing                                                                  | ► CALLBACKS                                                                                        | Test Browser Results and Artifacts | 🖍 Start Page 🗙 📄 Slow Accel 🗙 🔀 Comparison 🗙 |
| SystemTesting                                                                                 | ► INPUTS                                                                                           |                                    |                                              |
| ExampleBaselineTesting                                                                        | ▶ OUTPUTS                                                                                          |                                    |                                              |
|                                                                                               | CONFIGURATION SETTINGS OVERRIDES                                                                   |                                    |                                              |
|                                                                                               | ▼ BASELINE CRITERIA                                                                                |                                    | 2 10                                         |
|                                                                                               |                                                                                                    | Signal Builder Baseline examples 2 | 2 1 8 third                                  |
|                                                                                               | SIGNAL NAME ABS TOL REL<br>SIGNAL NAME 0.00                                                        | E Slow Accol                       |                                              |
|                                                                                               |                                                                                                    | ▲ 🖹 Fast Accel 🛛                   |                                              |
|                                                                                               |                                                                                                    |                                    | second                                       |
|                                                                                               |                                                                                                    | 🔺 📓 Baseline Criteria Result 🛛 😒   |                                              |
|                                                                                               |                                                                                                    | 💿 gear 🛛 🗕 😣                       |                                              |
| ROPERTY VALUE                                                                                 |                                                                                                    | 🔿 throttle 🛛 🗛 😣                   | first                                        |
| ame 📄 Slow Accel                                                                              |                                                                                                    | 🔿 vehicle speed 🗕 😆                |                                              |
| /pe Baseline Test                                                                             |                                                                                                    | ▶ ∑ Sim Output (sf_car : normal)   |                                              |
| nabled C:\Users\moneil\Desi                                                                   | to                                                                                                 |                                    | None                                         |
| ierarchy ComponentTesting >                                                                   |                                                                                                    | ► Decel ⊘                          | 0 2 4 6 8 10 12 14 16 18 20 22 24 26 28      |
| odel sf_car                                                                                   |                                                                                                    |                                    | Tolerance Difference                         |
| mulation Mode [Model Settings]                                                                |                                                                                                    |                                    | 1.0                                          |
| irness Name SigBdriven                                                                        |                                                                                                    |                                    |                                              |
|                                                                                               |                                                                                                    |                                    | 0.8                                          |
|                                                                                               |                                                                                                    |                                    |                                              |
|                                                                                               |                                                                                                    | Name gear                          | 0.6                                          |
|                                                                                               |                                                                                                    |                                    |                                              |
|                                                                                               |                                                                                                    | Status 8                           | 0.4                                          |
|                                                                                               |                                                                                                    | Absolute Tolerance 0               |                                              |
|                                                                                               |                                                                                                    | Relative Tolerance 0.00 %          |                                              |
|                                                                                               |                                                                                                    | Block Path SigBdriven/shift_logic  | 0.2                                          |
|                                                                                               |                                                                                                    |                                    |                                              |



#### **Coverage Analysis to Measure Testing**





## **Test Case Generation for Functional Testing**



- Specify functional test objectives
  - Define custom objectives that signals must satisfy in test cases
- Specify functional test conditions
  - Define constraints on signal values to constrain test generator



The Generated Code is integrated with Other Code (Handwritten)



## **Static Code Analysis with Polyspace**

- Code metrics and standards
  - Comment density, cyclomatic complexity,...
  - MISRA and Cybersecurity standards
  - Support for DO-178, ISO 26262, ....
- Bug finding and code proving
  - Check data and control flow of software
  - Detect bugs and security vulnerabilities
  - Prove absence of runtime errors



Results from Polyspace Code Prover



#### **Equivalence Testing** Is all the Is the code code tested? functionally equivalent to model? Equivalence testing Equivalence checking **Simulink Models** Model used for Executable Requirements production code **Specification** generation **Generated code**



#### Equivalence Testing

- Software in the Loop (SIL)
  - Show functional equivalence, model to code
  - Execute on desktop / laptop computer
- Processor in the Loop (PIL)
  - Numerical equivalence, model to target code

- Re-use tests developed for model to test code
- Collect code coverage



Target Board



# **Qualify tools with IEC Certification Kit and DO Qualification Kit**

- Qualify code generation and verification products
- Includes documentation, test cases and procedures

KOSTAL Asia R&D Center Receives ISO 26262 ASIL D Certification for Automotive Software Developed with Model-Based Design



Kostal's electronic steering column lock module.

BAE Systems Delivers DO-178B Level A Flight Software on Schedule with Model-Based Design



Primary flight control computers from BAE Systems.



#### Lear Delivers Quality Body Control Electronics Faster Using Model-Based Design

#### Challenge

Design, verify, and implement high-quality automotive body control electronics

#### **Solution**

Use Model-Based Design to enable early and continuous verification via simulation, SIL, and HIL testing

#### Results

- Requirements validated early. Over 95% of issues fixed before implementation, versus 30% previously
- Development time cut by 40%. 700,000 lines of code generated and test cases reused throughout the development cycle
- Zero warranty issues reported MATLAB EXPO 2018



Lear automotive body electronic control unit.

"We adopted Model-Based Design not only to deliver betterquality systems faster, but because we believe it is a smart choice. Recently we won a project that several of our competitors declined to bid on because of its tight time constraints. Using Model-Based Design, we met the original delivery date with no problem."

- Jason Bauman, Lear Corporation



### **Customer References and Applications**



Airbus Helicopters Accelerates Development of DO-178B Certified Software with Model-Based Design Software testing time cut by two-thirds



LS Automotive Reduces Development Time for Automotive Component Software with Model-Based Design Specification errors detected early



Continental Develops Electronically Controlled Air Suspension for Heavy-Duty Trucks

Verification time cut by up to 50 percent

More User Stories: <u>www.mathworks.com/company/user\_stories.html</u> MATLAB EXPO 2018



### Summary

- 1. Author and manage requirements within Simulink
- 2. Find defects earlier
- 3. Automate manual verification tasks
- 4. Reference workflow that conforms to safety standards

