![Page 1: Model-Based Design for Safety Critical Applications · 3 ® ® Attributes of Safety Critical Process Complete and correct requirements Design standards are applied Coding standards](https://reader033.vdocuments.us/reader033/viewer/2022050105/5f43e203bb8cc140e40a815e/html5/thumbnails/1.jpg)
©20
07 T
he M
athW
orks
, Inc
.
® ®
Model-Based Design for Safety Critical ApplicationsBill PotterThe MathWorks
![Page 2: Model-Based Design for Safety Critical Applications · 3 ® ® Attributes of Safety Critical Process Complete and correct requirements Design standards are applied Coding standards](https://reader033.vdocuments.us/reader033/viewer/2022050105/5f43e203bb8cc140e40a815e/html5/thumbnails/2.jpg)
2
® ®
Attributes of Safety Critical Systems
Reliably perform intended functionContain no unintended functionImplemented with redundancyContain fault detectionRobust designRobust code
![Page 3: Model-Based Design for Safety Critical Applications · 3 ® ® Attributes of Safety Critical Process Complete and correct requirements Design standards are applied Coding standards](https://reader033.vdocuments.us/reader033/viewer/2022050105/5f43e203bb8cc140e40a815e/html5/thumbnails/3.jpg)
3
® ®
Attributes of Safety Critical Process
Complete and correct requirementsDesign standards are appliedCoding standards are appliedBi-directional traceabilityRequirements based testingRobustness verificationCoverage analysisSafety Analysis Failure Modes and Effects Analysis (FMEA)
![Page 4: Model-Based Design for Safety Critical Applications · 3 ® ® Attributes of Safety Critical Process Complete and correct requirements Design standards are applied Coding standards](https://reader033.vdocuments.us/reader033/viewer/2022050105/5f43e203bb8cc140e40a815e/html5/thumbnails/4.jpg)
4
® ®
Safety-Critical Model-Based Design Workflow and Activities
Controller Design
Simulate to Verify Design
Generated Source Code
Executable Object Code
Hardware
Design Process
Coding Process
Integration Process
• Controller design• Correct• Robust• Traceable• Conforms to standards• FMEA
• Generated code• Correct• Robust• Traceable• Conforms to standards
•Software-Software integration•Hardware-Software integration•Processor in-the-loop•SystemTest•Simulink Report Generator
• Compiled code• Correct• Robust• Coverage Analysis
•Real-Time Workshop® Embedded Coder•PolySpace Verifier•Simulink Report Generator
•MATLAB•Simulink/ Stateflow•Simulink Verification & Validation•Simulink Design Verifier•SystemTest•Simulink Report Generator
Goals• Requirements Document• Plant model• Complete• Correct• Test cases• Safety Analysis
Requirements
Simulate prototype to Validate Requirements
Requirements Process•DOORS, TCE, MSWord, etc•MATLAB®•Simulink®•Stateflow®•Simulink Report Generator
![Page 5: Model-Based Design for Safety Critical Applications · 3 ® ® Attributes of Safety Critical Process Complete and correct requirements Design standards are applied Coding standards](https://reader033.vdocuments.us/reader033/viewer/2022050105/5f43e203bb8cc140e40a815e/html5/thumbnails/5.jpg)
5
® ®
Requirements Process for Model-Based Design
Functional, operational, and safety requirementsExist one level above the modelModels trace to requirements
Requirements validationProve requirements are complete and correctSimulation is a validation technique Traceability can identify incomplete requirementsModel coverage can identify incomplete requirements
Requirements based test casesTraceability of tests to requirements
![Page 6: Model-Based Design for Safety Critical Applications · 3 ® ® Attributes of Safety Critical Process Complete and correct requirements Design standards are applied Coding standards](https://reader033.vdocuments.us/reader033/viewer/2022050105/5f43e203bb8cc140e40a815e/html5/thumbnails/6.jpg)
6
® ®
Simulation example – controller and plant
![Page 7: Model-Based Design for Safety Critical Applications · 3 ® ® Attributes of Safety Critical Process Complete and correct requirements Design standards are applied Coding standards](https://reader033.vdocuments.us/reader033/viewer/2022050105/5f43e203bb8cc140e40a815e/html5/thumbnails/7.jpg)
7
® ®
Requirements trace example – view from DOORS to Simulink
![Page 8: Model-Based Design for Safety Critical Applications · 3 ® ® Attributes of Safety Critical Process Complete and correct requirements Design standards are applied Coding standards](https://reader033.vdocuments.us/reader033/viewer/2022050105/5f43e203bb8cc140e40a815e/html5/thumbnails/8.jpg)
8
® ®
Requirements trace example – view from Simulink to DOORS
![Page 9: Model-Based Design for Safety Critical Applications · 3 ® ® Attributes of Safety Critical Process Complete and correct requirements Design standards are applied Coding standards](https://reader033.vdocuments.us/reader033/viewer/2022050105/5f43e203bb8cc140e40a815e/html5/thumbnails/9.jpg)
9
® ®
Requirements-based test trace example – view from Simulink Signal Builder block to DOORS
![Page 10: Model-Based Design for Safety Critical Applications · 3 ® ® Attributes of Safety Critical Process Complete and correct requirements Design standards are applied Coding standards](https://reader033.vdocuments.us/reader033/viewer/2022050105/5f43e203bb8cc140e40a815e/html5/thumbnails/10.jpg)
10
® ®
Model coverage report example
![Page 11: Model-Based Design for Safety Critical Applications · 3 ® ® Attributes of Safety Critical Process Complete and correct requirements Design standards are applied Coding standards](https://reader033.vdocuments.us/reader033/viewer/2022050105/5f43e203bb8cc140e40a815e/html5/thumbnails/11.jpg)
11
® ®
Requirements Process take-aways
Early requirements validationEliminates rework typically seen at integration on projects with poor requirements
Early test case developmentValidated requirements are complete and verifiable which results in well defined test cases
Requirements management and traceabilityRequirements management interfaces provide traceability for design and test cases
![Page 12: Model-Based Design for Safety Critical Applications · 3 ® ® Attributes of Safety Critical Process Complete and correct requirements Design standards are applied Coding standards](https://reader033.vdocuments.us/reader033/viewer/2022050105/5f43e203bb8cc140e40a815e/html5/thumbnails/12.jpg)
12
® ®
Design Process for Model-Based DesignModel-Based Design
Create the design - Simulink and Stateflow Modular design for teams - Model ReferenceModel architecture/regression analysis - Model Dependency ViewerDocumented design - Simulink Report Generator
Conformance to standardsDesign conforms to standards – Model Advisor
TraceabilityDesign to requirements - Requirements Management Interface
![Page 13: Model-Based Design for Safety Critical Applications · 3 ® ® Attributes of Safety Critical Process Complete and correct requirements Design standards are applied Coding standards](https://reader033.vdocuments.us/reader033/viewer/2022050105/5f43e203bb8cc140e40a815e/html5/thumbnails/13.jpg)
13
® ®
Example detailed design including model reference and subsystems
Subsystem Reference Model
Top Model
![Page 14: Model-Based Design for Safety Critical Applications · 3 ® ® Attributes of Safety Critical Process Complete and correct requirements Design standards are applied Coding standards](https://reader033.vdocuments.us/reader033/viewer/2022050105/5f43e203bb8cc140e40a815e/html5/thumbnails/14.jpg)
14
® ®
Model dependency viewer
![Page 15: Model-Based Design for Safety Critical Applications · 3 ® ® Attributes of Safety Critical Process Complete and correct requirements Design standards are applied Coding standards](https://reader033.vdocuments.us/reader033/viewer/2022050105/5f43e203bb8cc140e40a815e/html5/thumbnails/15.jpg)
15
® ®
Example Model Advisor report
![Page 16: Model-Based Design for Safety Critical Applications · 3 ® ® Attributes of Safety Critical Process Complete and correct requirements Design standards are applied Coding standards](https://reader033.vdocuments.us/reader033/viewer/2022050105/5f43e203bb8cc140e40a815e/html5/thumbnails/16.jpg)
16
® ®
Design Verification for Model-Based Design
Requirements based test casesAutomated testing using SystemTest/Simulink V&VTraceability using Requirements Management InterfaceCapability to inject faults for FMEA
Robustness testing and analysisBuilt in Simulink run-time diagnosticsFormal proofs using Simulink Design Verifier
Coverage AnalysisVerify structural coverage of modelVerify data coverage of model
![Page 17: Model-Based Design for Safety Critical Applications · 3 ® ® Attributes of Safety Critical Process Complete and correct requirements Design standards are applied Coding standards](https://reader033.vdocuments.us/reader033/viewer/2022050105/5f43e203bb8cc140e40a815e/html5/thumbnails/17.jpg)
17
® ®
SystemTest for requirements based testing
![Page 18: Model-Based Design for Safety Critical Applications · 3 ® ® Attributes of Safety Critical Process Complete and correct requirements Design standards are applied Coding standards](https://reader033.vdocuments.us/reader033/viewer/2022050105/5f43e203bb8cc140e40a815e/html5/thumbnails/18.jpg)
18
® ®
SystemTest – example reportData Plotting and expected
results comparisons
Summary of results
![Page 19: Model-Based Design for Safety Critical Applications · 3 ® ® Attributes of Safety Critical Process Complete and correct requirements Design standards are applied Coding standards](https://reader033.vdocuments.us/reader033/viewer/2022050105/5f43e203bb8cc140e40a815e/html5/thumbnails/19.jpg)
19
® ®
Signal Builder and Assertion Blocks
![Page 20: Model-Based Design for Safety Critical Applications · 3 ® ® Attributes of Safety Critical Process Complete and correct requirements Design standards are applied Coding standards](https://reader033.vdocuments.us/reader033/viewer/2022050105/5f43e203bb8cc140e40a815e/html5/thumbnails/20.jpg)
20
® ®
Model coverage report example – signal ranges
![Page 21: Model-Based Design for Safety Critical Applications · 3 ® ® Attributes of Safety Critical Process Complete and correct requirements Design standards are applied Coding standards](https://reader033.vdocuments.us/reader033/viewer/2022050105/5f43e203bb8cc140e40a815e/html5/thumbnails/21.jpg)
21
® ®
Simulink® Design Verifier – Coverage Test
Generated Test Cases
Model Test Report
![Page 22: Model-Based Design for Safety Critical Applications · 3 ® ® Attributes of Safety Critical Process Complete and correct requirements Design standards are applied Coding standards](https://reader033.vdocuments.us/reader033/viewer/2022050105/5f43e203bb8cc140e40a815e/html5/thumbnails/22.jpg)
22
® ®
Simulink Design Verifier – Objective Test
Generated Test Cases
Model with Constraints and Objectives Test Report
![Page 23: Model-Based Design for Safety Critical Applications · 3 ® ® Attributes of Safety Critical Process Complete and correct requirements Design standards are applied Coding standards](https://reader033.vdocuments.us/reader033/viewer/2022050105/5f43e203bb8cc140e40a815e/html5/thumbnails/23.jpg)
23
® ®
Simulink Design Verifier – Property Proving
Property to be proven
Model with Assumption and Objective Report
![Page 24: Model-Based Design for Safety Critical Applications · 3 ® ® Attributes of Safety Critical Process Complete and correct requirements Design standards are applied Coding standards](https://reader033.vdocuments.us/reader033/viewer/2022050105/5f43e203bb8cc140e40a815e/html5/thumbnails/24.jpg)
24
® ®
Design Process take-aways
Modular reusable implementationsPlatform independent design and codeScalable to large teams
Consistent and compliant implementationsCommon design language Automated verification of standards compliance
Efficient verification processDevelop verification procedures in parallel with designAutomated analysis techniquesCoverage analysis early in the process
![Page 25: Model-Based Design for Safety Critical Applications · 3 ® ® Attributes of Safety Critical Process Complete and correct requirements Design standards are applied Coding standards](https://reader033.vdocuments.us/reader033/viewer/2022050105/5f43e203bb8cc140e40a815e/html5/thumbnails/25.jpg)
25
® ®
Coding Process for Model-Based Design
Incremental code generationModel Reference
TraceabilityHTML Code Report
Source code verificationComplies with standards using PolySpace MISRA-C CheckerAccurate, consistent and robust using PolySpace Verifier
![Page 26: Model-Based Design for Safety Critical Applications · 3 ® ® Attributes of Safety Critical Process Complete and correct requirements Design standards are applied Coding standards](https://reader033.vdocuments.us/reader033/viewer/2022050105/5f43e203bb8cc140e40a815e/html5/thumbnails/26.jpg)
26
® ®
dependent models rebuilt
model changed and rebuilt
Incrementally Generate CodeIncremental code generation is supported via Model ReferenceWhen a model is changed, only models depending on it are subject to regeneration of their code
Reduces application build times and ensure stability of a project’s codeDegree of dependency checking is configurable
![Page 27: Model-Based Design for Safety Critical Applications · 3 ® ® Attributes of Safety Critical Process Complete and correct requirements Design standards are applied Coding standards](https://reader033.vdocuments.us/reader033/viewer/2022050105/5f43e203bb8cc140e40a815e/html5/thumbnails/27.jpg)
27
® ®
Add Links to Requirements
Requirements appear in the code
![Page 28: Model-Based Design for Safety Critical Applications · 3 ® ® Attributes of Safety Critical Process Complete and correct requirements Design standards are applied Coding standards](https://reader033.vdocuments.us/reader033/viewer/2022050105/5f43e203bb8cc140e40a815e/html5/thumbnails/28.jpg)
28
® ®
Compliance history of generated code• Our MISRA-C test suite consists of several example models
• Results shown for most frequentlyviolated rules
Improving MISRA-C compliance with each release, e.g.Eliminate Stateflow goto statements (R2007a)
Compliant parentheses option available (R2006b)
Generate default case for switch-case statements (R2006b)
MathWorks MISRA-C Compliance Package available upon request http://www.mathworks.com/support/solutions/data/1-1IFP0W.html
![Page 29: Model-Based Design for Safety Critical Applications · 3 ® ® Attributes of Safety Critical Process Complete and correct requirements Design standards are applied Coding standards](https://reader033.vdocuments.us/reader033/viewer/2022050105/5f43e203bb8cc140e40a815e/html5/thumbnails/29.jpg)
29
® ®
Coding Process take-aways
Reusable and efficient source codeTraceabilityMISRA-C complianceStatic verification and analysis
![Page 30: Model-Based Design for Safety Critical Applications · 3 ® ® Attributes of Safety Critical Process Complete and correct requirements Design standards are applied Coding standards](https://reader033.vdocuments.us/reader033/viewer/2022050105/5f43e203bb8cc140e40a815e/html5/thumbnails/30.jpg)
30
® ®
Integration Process for Model-Based Design
Executable object code generationANSI/ISO C or C++ compatible compilerMakefile generation capabilityRun-time libraries provided
Executable object code verificationCapability to build interface for Processor-In-the-Loop (PIL) testingAnalyze code coverage during PILAnalyze execution time during PIL
![Page 31: Model-Based Design for Safety Critical Applications · 3 ® ® Attributes of Safety Critical Process Complete and correct requirements Design standards are applied Coding standards](https://reader033.vdocuments.us/reader033/viewer/2022050105/5f43e203bb8cc140e40a815e/html5/thumbnails/31.jpg)
31
® ®
Processor-in-the-Loop (PIL) Verification- Execute Generated Code on Target Hardware
Embedded Target
Simulink
Plant ModelAlgorithm
(Software Component)
Cod
e G
ener
atio
n
Execution
• on host and target• non-real-time
Communication via one of
• data link e.g. serial, CAN, TCP/IP• debugger integration with MATLAB
![Page 32: Model-Based Design for Safety Critical Applications · 3 ® ® Attributes of Safety Critical Process Complete and correct requirements Design standards are applied Coding standards](https://reader033.vdocuments.us/reader033/viewer/2022050105/5f43e203bb8cc140e40a815e/html5/thumbnails/32.jpg)
32
® ®
Integration Process take-aways
Integration with multiple development environmentsEfficient processor in-the-loop test capability
![Page 33: Model-Based Design for Safety Critical Applications · 3 ® ® Attributes of Safety Critical Process Complete and correct requirements Design standards are applied Coding standards](https://reader033.vdocuments.us/reader033/viewer/2022050105/5f43e203bb8cc140e40a815e/html5/thumbnails/33.jpg)
33
® ®
Wrap-upTools to support the entire safety critical development process
RequirementsDesignCodeExecutableVerification
MathWorks is participating on SC-205/WG-71 committee which is working on Revision C of DO-178See the various demos in the exhibit area