![Page 1: Automating Best Practices to Improve Design Quality](https://reader033.vdocuments.us/reader033/viewer/2022051520/627f2dbfa5684d3959312f15/html5/thumbnails/1.jpg)
1© 2015 The MathWorks, Inc.
Automating Best Practices to
Improve Design Quality
Magnus Jung, MathWorks
![Page 2: Automating Best Practices to Improve Design Quality](https://reader033.vdocuments.us/reader033/viewer/2022051520/627f2dbfa5684d3959312f15/html5/thumbnails/2.jpg)
2
Growing Complexity of Embedded Systems
Engine Management
Transmission Control
Forward Camera
Electric Power Steering
Smart Junction Box
Smart Junction Box
Battery Management
Propulsion Motor Control
DC/DC Converter
Stability Control
Infotainment
HVAC Control
Navigation
Instrument Panel
Vehicle-to-Vehicle
Vehicle-to-
Infrastructure
Short-Range Radar
Ultrasonic Sensor
Long-Range Radar
Stability Control
AirbagEmergency Braking
Automatic Parking
Adaptive Cruise Control
All-Wheel Drive
Active Damping
4-Wheel Steer
Back-up Camera
Body Control Module
Tire Pressure Monitor
Voice Recognition
Adaptive Front
Lighting
Power Window
Power Seat
Keyless Entry
Power Liftgate
E-Call
2000 2015Lines of Code
Siemens, “Ford Motor Company Case Study,” Siemens PLM Software, 2014
McKendrick, J. “Cars become ‘datacenters on wheels’, carmakers become software companies,” ZDJNet, 2013
2-3M
6 M
16 M
![Page 3: Automating Best Practices to Improve Design Quality](https://reader033.vdocuments.us/reader033/viewer/2022051520/627f2dbfa5684d3959312f15/html5/thumbnails/3.jpg)
3
Key Topics
How to:
▪ Handle project complexity
▪ Enable early detection of defects
▪ Automate verification activities
▪ Ensure conformance to safety standards
High Level
Design
Detailed
Design
Coding
Integration
Testing
Unit
Testing
Verified & Validated
SystemSystem
Requirements
“Reduce costs and project risk through early
verification, shorten time to market on a certified
system, and deliver high-quality production code
that was first-time right” Michael Schwarz, ITK
Engineering
![Page 4: Automating Best Practices to Improve Design Quality](https://reader033.vdocuments.us/reader033/viewer/2022051520/627f2dbfa5684d3959312f15/html5/thumbnails/4.jpg)
4
Requirements
Development Process
Specification C/C++
Hand code
![Page 5: Automating Best Practices to Improve Design Quality](https://reader033.vdocuments.us/reader033/viewer/2022051520/627f2dbfa5684d3959312f15/html5/thumbnails/5.jpg)
5
Development Process with Model Based Design
Code
Generation
RequirementsExecutable
Specification
Model used for
production code
generation
Simulink Models
C/C++
Generated code
![Page 6: Automating Best Practices to Improve Design Quality](https://reader033.vdocuments.us/reader033/viewer/2022051520/627f2dbfa5684d3959312f15/html5/thumbnails/6.jpg)
6
Poor Requirements Management
Sources: Christopher Lindquist, Fixing the Requirements Mess, CIO Magazine, Nov 2005
Why do 71% of Embedded Projects Fail?
![Page 7: Automating Best Practices to Improve Design Quality](https://reader033.vdocuments.us/reader033/viewer/2022051520/627f2dbfa5684d3959312f15/html5/thumbnails/7.jpg)
7
Gap Between Requirements and Design
RequirementsExecutable
Specification
Model used for
production code
generation
Simulink Models
C/C++
Generated code
![Page 8: Automating Best Practices to Improve Design Quality](https://reader033.vdocuments.us/reader033/viewer/2022051520/627f2dbfa5684d3959312f15/html5/thumbnails/8.jpg)
8
Challenges with Requirements
Where are
requirements
implemented?
How are
they tested?
Is design and
requirements
consistent?
RequirementsExecutable
Specification
Model used for
production code
generation
Simulink Models
C/C++
Generated code
![Page 9: Automating Best Practices to Improve Design Quality](https://reader033.vdocuments.us/reader033/viewer/2022051520/627f2dbfa5684d3959312f15/html5/thumbnails/9.jpg)
9
Track Implementation and Verification
![Page 10: Automating Best Practices to Improve Design Quality](https://reader033.vdocuments.us/reader033/viewer/2022051520/627f2dbfa5684d3959312f15/html5/thumbnails/10.jpg)
10
Working with Requirements
View
Track Manage
![Page 11: Automating Best Practices to Improve Design Quality](https://reader033.vdocuments.us/reader033/viewer/2022051520/627f2dbfa5684d3959312f15/html5/thumbnails/11.jpg)
11
Import
Import Requirements from External Sources
IBM Rational DOORS
Simulink Requirements EditorMicrosoft Word
![Page 12: Automating Best Practices to Improve Design Quality](https://reader033.vdocuments.us/reader033/viewer/2022051520/627f2dbfa5684d3959312f15/html5/thumbnails/12.jpg)
12
Link Requirements, Designs and Tests
Verified
By
Test Case
x
REQ 3.1 ENABLING CRUISE CONTROL
Cruise control is enabled
when …..
ENABLE SWITCH DETECTION
If the Enable switch is
pressed ……
Implemented
By
Derives
![Page 13: Automating Best Practices to Improve Design Quality](https://reader033.vdocuments.us/reader033/viewer/2022051520/627f2dbfa5684d3959312f15/html5/thumbnails/13.jpg)
13
Requirements Perspective
![Page 14: Automating Best Practices to Improve Design Quality](https://reader033.vdocuments.us/reader033/viewer/2022051520/627f2dbfa5684d3959312f15/html5/thumbnails/14.jpg)
14
Track Implementation and Verification
Passed
Failed
No Result
Missing
Verification Status
Implemented
Justified
Implementation Status
Missing
![Page 15: Automating Best Practices to Improve Design Quality](https://reader033.vdocuments.us/reader033/viewer/2022051520/627f2dbfa5684d3959312f15/html5/thumbnails/15.jpg)
15
Respond to Change
If the switch is pressed and the counter reaches 50then it shall be recognized as a long press of the switch.
If the switch is pressed and the counter reaches 75then it shall be recognized as a long press of the switch.
ImplementsOriginal Requirement
Updated Requirement
![Page 16: Automating Best Practices to Improve Design Quality](https://reader033.vdocuments.us/reader033/viewer/2022051520/627f2dbfa5684d3959312f15/html5/thumbnails/16.jpg)
16
Design Review for Complex Designs
RequirementsExecutable
Specification
Model used for
production code
generation
Simulink Models
C/C++
Generated code
Review and
static analysis
![Page 17: Automating Best Practices to Improve Design Quality](https://reader033.vdocuments.us/reader033/viewer/2022051520/627f2dbfa5684d3959312f15/html5/thumbnails/17.jpg)
17
Verify Design to Guidelines and Standards
RequirementsExecutable
Specification
Model used for
production code
generation
Simulink Models
C/C++
Generated code
Designed to
best practices?
Component
Size and
Complexity?
Optimized
for Code
Generation?
![Page 18: Automating Best Practices to Improve Design Quality](https://reader033.vdocuments.us/reader033/viewer/2022051520/627f2dbfa5684d3959312f15/html5/thumbnails/18.jpg)
18
Verify Design to Guidelines and Standards
RequirementsExecutable
Specification
Model used for
production code
generation
Simulink Models
C/C++
Generated code
Typically:
• Too Late
• Impossible to review consistently
• Heavy manual work
![Page 19: Automating Best Practices to Improve Design Quality](https://reader033.vdocuments.us/reader033/viewer/2022051520/627f2dbfa5684d3959312f15/html5/thumbnails/19.jpg)
19
Automate verification with static analysis
RequirementsExecutable
Specification
Model used for
production code
generation
Simulink Models
C/C++
Generated code
Check for:
• Readability and Semantics
• Performance and Efficiency
• Clones
• …Model Advisor Analysis
![Page 20: Automating Best Practices to Improve Design Quality](https://reader033.vdocuments.us/reader033/viewer/2022051520/627f2dbfa5684d3959312f15/html5/thumbnails/20.jpg)
20
Generate reports for reviews and documentation
RequirementsExecutable
Specification
Model used for
production code
generation
Simulink Models
C/C++
Generated code
Model Advisor Analysis Model Advisor Reports
![Page 21: Automating Best Practices to Improve Design Quality](https://reader033.vdocuments.us/reader033/viewer/2022051520/627f2dbfa5684d3959312f15/html5/thumbnails/21.jpg)
21
Built in checks for industry standards and guidelines
RequirementsExecutable
Specification
Model used for
production code
generation
Simulink Models
C/C++
Generated code
• DO-178/DO-331
• ISO 26262
• IEC 61508
• IEC 62304
• EN 50128
• MISRA C:2012
• CERT C, CWE, ISO/IEC TS 17961
• MAAB (MathWorks Automotive Advisory Board)
• JMAAB (Japan MATLAB Automotive Advisory Board)
![Page 22: Automating Best Practices to Improve Design Quality](https://reader033.vdocuments.us/reader033/viewer/2022051520/627f2dbfa5684d3959312f15/html5/thumbnails/22.jpg)
22
Custom checks for Your Best Practices and Guidlines
RequirementsExecutable
Specification
Model used for
production code
generation
Simulink Models
C/C++
Generated code
![Page 23: Automating Best Practices to Improve Design Quality](https://reader033.vdocuments.us/reader033/viewer/2022051520/627f2dbfa5684d3959312f15/html5/thumbnails/23.jpg)
23
Static
Analysis
Checks for standards and guidelines are often performed late
RequirementsExecutable
Specification
Model used for
production code
generation
Simulink Models
C/C++
Generated code
Rework
![Page 24: Automating Best Practices to Improve Design Quality](https://reader033.vdocuments.us/reader033/viewer/2022051520/627f2dbfa5684d3959312f15/html5/thumbnails/24.jpg)
24
Static
Analysis
Edit-Time
Checking
Shift Verification Earlier With Edit-Time Checking
RequirementsExecutable
Specification
Model used for
production code
generation
Simulink Models
C/C++
Generated code
• Highlight violations as you edit
• Fix issues earlier
• Avoid rework
![Page 25: Automating Best Practices to Improve Design Quality](https://reader033.vdocuments.us/reader033/viewer/2022051520/627f2dbfa5684d3959312f15/html5/thumbnails/25.jpg)
25
Find Compliance Issues as you Edit with Edit-Time Checking
![Page 26: Automating Best Practices to Improve Design Quality](https://reader033.vdocuments.us/reader033/viewer/2022051520/627f2dbfa5684d3959312f15/html5/thumbnails/26.jpg)
26
Assess Quality with Metrics Dashboard
• Consolidated view of
metrics
• Size
• Compliance
• Complexity
• Identify where problem
areas may be
![Page 27: Automating Best Practices to Improve Design Quality](https://reader033.vdocuments.us/reader033/viewer/2022051520/627f2dbfa5684d3959312f15/html5/thumbnails/27.jpg)
27
Grid Visualization for Metrics
▪ Visualize Standards
Check Compliance
– Find Issues
– Identify patterns
– See hot spots
Red: Fail
Orange: Warning
Green: Pass
Gray: Not run
Legend:
![Page 28: Automating Best Practices to Improve Design Quality](https://reader033.vdocuments.us/reader033/viewer/2022051520/627f2dbfa5684d3959312f15/html5/thumbnails/28.jpg)
28
Systematic Functional Testing
RequirementsExecutable
Specification
Model used for
production code
generation
Simulink Models
C/C++
Generated code
Does the
design meet
requirements?
Is it functioning
correctly?
Is it
completely
tested?
![Page 29: Automating Best Practices to Improve Design Quality](https://reader033.vdocuments.us/reader033/viewer/2022051520/627f2dbfa5684d3959312f15/html5/thumbnails/29.jpg)
29
Test Case
Main Model
Systematic Functional Testing
AssessmentsInputs
Test Sequence
Signal Builder
MAT file (input) MAT file (baseline)
Test Assessment
MATLAB Unit TestTest Harness
Excel fileExcel file
![Page 30: Automating Best Practices to Improve Design Quality](https://reader033.vdocuments.us/reader033/viewer/2022051520/627f2dbfa5684d3959312f15/html5/thumbnails/30.jpg)
30
Manage Testing and Test Results
![Page 31: Automating Best Practices to Improve Design Quality](https://reader033.vdocuments.us/reader033/viewer/2022051520/627f2dbfa5684d3959312f15/html5/thumbnails/31.jpg)
31
Assess Test Completness
Measure Structural Coverage
- Condition
- Decision
- MCDC
- …
![Page 32: Automating Best Practices to Improve Design Quality](https://reader033.vdocuments.us/reader033/viewer/2022051520/627f2dbfa5684d3959312f15/html5/thumbnails/32.jpg)
32
Assess Test Completness – Coverage Analysis
Simulink• Identify testing gaps
• Missing requirements
• Unintended FunctionalityStateflow
Generated Code
![Page 33: Automating Best Practices to Improve Design Quality](https://reader033.vdocuments.us/reader033/viewer/2022051520/627f2dbfa5684d3959312f15/html5/thumbnails/33.jpg)
33
Continuous Automated Feedback
RequirementsExecutable
Specification
Model used for
production code
generationC/C++
Generated code
Continuous Integration
Static
ChecksStatic
Checks
Static
ChecksStatic
Checks
![Page 34: Automating Best Practices to Improve Design Quality](https://reader033.vdocuments.us/reader033/viewer/2022051520/627f2dbfa5684d3959312f15/html5/thumbnails/34.jpg)
34
C/C++Requirements
Executable
Specification
Model used for
production code
generation
Simulink Models
C/C++
Generated code
Is the code
compliant
to MISRA?
Is integrated
code free of
run-time
errors?
Other code
Is interface between
generated and other
code fully tested?
The Generated Code is integrated
with Other Code (Handwritten)
![Page 35: Automating Best Practices to Improve Design Quality](https://reader033.vdocuments.us/reader033/viewer/2022051520/627f2dbfa5684d3959312f15/html5/thumbnails/35.jpg)
35
Static Code Analysis with Polyspace
▪ Code metrics and standards
– Comment density, cyclomatic complexity,…
– MISRA and Cybersecurity standards
– Support for DO-178, ISO 26262, ….
▪ Bug finding and code proving
– Check data and control flow of software
– Detect bugs and security vulnerabilities
– Prove absence of runtime errors
Results from Polyspace Code Prover
![Page 36: Automating Best Practices to Improve Design Quality](https://reader033.vdocuments.us/reader033/viewer/2022051520/627f2dbfa5684d3959312f15/html5/thumbnails/36.jpg)
36
Equivalence Testing
RequirementsExecutable
Specification
Model used for
production code
generation
Simulink Models
C/C++
Generated code
Is the code
functionally
equivalent to
model?
Is all the
code tested?
![Page 37: Automating Best Practices to Improve Design Quality](https://reader033.vdocuments.us/reader033/viewer/2022051520/627f2dbfa5684d3959312f15/html5/thumbnails/37.jpg)
37
Equivalence Testing
▪ Processor in the Loop (PIL)
– Numerical equivalence, model to target code
– Execute on target board
▪ Re-use tests developed for model to test code
▪ Collect code coverage
RequirementsExecutable
Specification
Model used for
production code
generation
Simulink Models
C/C++
Generated code
Target
Board
▪ Software in the Loop (SIL)
– Show functional equivalence, model to code
– Execute on desktop / laptop computer
Desktop
Computer
PIL
SIL
![Page 38: Automating Best Practices to Improve Design Quality](https://reader033.vdocuments.us/reader033/viewer/2022051520/627f2dbfa5684d3959312f15/html5/thumbnails/38.jpg)
38
Qualify tools with IEC Certification Kit and DO Qualification Kit
▪ Qualify code generation and verification products
▪ Includes documentation, test cases and procedures
BAE Systems Delivers DO-178B Level A Flight
Software on Schedule with Model-Based Design
KOSTAL Asia R&D Center Receives ISO 26262
ASIL D Certification for Automotive Software
Developed with Model-Based Design
![Page 39: Automating Best Practices to Improve Design Quality](https://reader033.vdocuments.us/reader033/viewer/2022051520/627f2dbfa5684d3959312f15/html5/thumbnails/39.jpg)
39
Summary
▪ Handle project complexity
▪ Enable early detection of defects
▪ Automate verification activities
▪ Ensure conformance to safety standards
RequirementsExecutable
Specification
Model used for
production code
generation
Simulink Models
C/C++
Generated code
Component
and system
testing
Equivalence
testing
Equivalence
checking
Review and
static analysis
![Page 40: Automating Best Practices to Improve Design Quality](https://reader033.vdocuments.us/reader033/viewer/2022051520/627f2dbfa5684d3959312f15/html5/thumbnails/40.jpg)
40
Thank You!