verification techniques for model and code€¦ · –automate in continuous integration systems...
TRANSCRIPT
![Page 1: Verification Techniques for Model and Code€¦ · –Automate in Continuous Integration systems such as Jenkins Simulink Test. 10 Formal Verification: Proving Requirements Checks](https://reader033.vdocuments.us/reader033/viewer/2022050608/5faf88046706d902926840d8/html5/thumbnails/1.jpg)
1© 2015 The MathWorks, Inc.
Verification Techniques for Model
and Code
Paul Lambrechts
![Page 2: Verification Techniques for Model and Code€¦ · –Automate in Continuous Integration systems such as Jenkins Simulink Test. 10 Formal Verification: Proving Requirements Checks](https://reader033.vdocuments.us/reader033/viewer/2022050608/5faf88046706d902926840d8/html5/thumbnails/2.jpg)
2
Key Takeaway
A good design workflow leads to a good design,
but verification proves it!
Requirements
System
Design
Software
Design
Coding
Software
Integration
HW/SW
Integration
System
Integration
![Page 3: Verification Techniques for Model and Code€¦ · –Automate in Continuous Integration systems such as Jenkins Simulink Test. 10 Formal Verification: Proving Requirements Checks](https://reader033.vdocuments.us/reader033/viewer/2022050608/5faf88046706d902926840d8/html5/thumbnails/3.jpg)
3
![Page 4: Verification Techniques for Model and Code€¦ · –Automate in Continuous Integration systems such as Jenkins Simulink Test. 10 Formal Verification: Proving Requirements Checks](https://reader033.vdocuments.us/reader033/viewer/2022050608/5faf88046706d902926840d8/html5/thumbnails/4.jpg)
4
Model-Based Design and a Testing and Proving Workflow
Textual
Requirements
Executable
Specification
Object
code
Generated
C/C++ code
Model used for
production code
generation
Design
Verification & Validation
ModellingCompilation
and Linking
Code
Generation
![Page 5: Verification Techniques for Model and Code€¦ · –Automate in Continuous Integration systems such as Jenkins Simulink Test. 10 Formal Verification: Proving Requirements Checks](https://reader033.vdocuments.us/reader033/viewer/2022050608/5faf88046706d902926840d8/html5/thumbnails/5.jpg)
5
Start with Requirements
Textual
Requirements
Executable
Specification
Model used for
production code
generation
Generated
C/C++ code
Object
code
ModellingCompilation
and Linking
Code
Generation
Requirements for system
or software component
![Page 6: Verification Techniques for Model and Code€¦ · –Automate in Continuous Integration systems such as Jenkins Simulink Test. 10 Formal Verification: Proving Requirements Checks](https://reader033.vdocuments.us/reader033/viewer/2022050608/5faf88046706d902926840d8/html5/thumbnails/6.jpg)
6
Transform Requirements into Executable Specifications
Textual
Requirements
Executable
Specification
Modelling
• Simulink models for continuous or discrete time behavior
- Signal processing filters
- Control algorithms
• Stateflow for logic and discrete events control
- Start-up behavior, health checking
- Supervisory control
Model used for
production code
generation
Generated
C/C++ code
Object
code
Compilation
and Linking
Code
Generation
Requirements Traceability
![Page 7: Verification Techniques for Model and Code€¦ · –Automate in Continuous Integration systems such as Jenkins Simulink Test. 10 Formal Verification: Proving Requirements Checks](https://reader033.vdocuments.us/reader033/viewer/2022050608/5faf88046706d902926840d8/html5/thumbnails/7.jpg)
7
Bi-directionally Trace Requirements
Textual Requirements Design Model in Simulink
![Page 8: Verification Techniques for Model and Code€¦ · –Automate in Continuous Integration systems such as Jenkins Simulink Test. 10 Formal Verification: Proving Requirements Checks](https://reader033.vdocuments.us/reader033/viewer/2022050608/5faf88046706d902926840d8/html5/thumbnails/8.jpg)
8
Model used for
production code
generation
Test Early in Simulation
Textual
Requirements
Executable
Specification
Modelling
• Predict dynamic system behavior by simulation
- System & environment models
- Precision with floating point
• Use of simulation results for system design
- Fast What-/If studies
- Short iteration cycles
Generated
C/C++ code
Object
code
Compilation
and Linking
Code
Generation
Component and system
testing
![Page 9: Verification Techniques for Model and Code€¦ · –Automate in Continuous Integration systems such as Jenkins Simulink Test. 10 Formal Verification: Proving Requirements Checks](https://reader033.vdocuments.us/reader033/viewer/2022050608/5faf88046706d902926840d8/html5/thumbnails/9.jpg)
9
Functional Testing
Author test-cases that are derived from requirements
– Use test harness to isolate component under test
– Test Sequence to create complex test scenarios
Manage tests, execution, results
– Re-use tests for regression
– Automate in Continuous Integration
systems such as Jenkins
Simulink Test
![Page 10: Verification Techniques for Model and Code€¦ · –Automate in Continuous Integration systems such as Jenkins Simulink Test. 10 Formal Verification: Proving Requirements Checks](https://reader033.vdocuments.us/reader033/viewer/2022050608/5faf88046706d902926840d8/html5/thumbnails/10.jpg)
10
Formal Verification: Proving Requirements
Checks that design meets requirements
• Condition 1: Gear 2 always engages
• Condition 2: Gear 2 never engages
Simulink Design Verifier
![Page 11: Verification Techniques for Model and Code€¦ · –Automate in Continuous Integration systems such as Jenkins Simulink Test. 10 Formal Verification: Proving Requirements Checks](https://reader033.vdocuments.us/reader033/viewer/2022050608/5faf88046706d902926840d8/html5/thumbnails/11.jpg)
11
Formal Verification: Test Case Generation
Test Condition
Test Objective
•The Test Objective block defines the values of a signal that a test case must satisfy.
•The Test Condition block constrains the values of a signal during analysis.
Simulink Design Verifier
Automatically generate test cases for:
• Functional Requirements Testing
• Model Coverage Analysis
![Page 12: Verification Techniques for Model and Code€¦ · –Automate in Continuous Integration systems such as Jenkins Simulink Test. 10 Formal Verification: Proving Requirements Checks](https://reader033.vdocuments.us/reader033/viewer/2022050608/5faf88046706d902926840d8/html5/thumbnails/12.jpg)
12
Formal Verification: Proving Robustness
Detect overflows, divide by zero, and other robustness errors
• Proven that overflow does NOT occur
• Proven that overflow DOES occur
Simulink Design Verifier
![Page 13: Verification Techniques for Model and Code€¦ · –Automate in Continuous Integration systems such as Jenkins Simulink Test. 10 Formal Verification: Proving Requirements Checks](https://reader033.vdocuments.us/reader033/viewer/2022050608/5faf88046706d902926840d8/html5/thumbnails/13.jpg)
13
Coverage Analysis
Model used for
production code
generation
Object
code
Compilation
and Linking
Model Coverage
• Measure how much has been tested
- Find untested design elements
- Find dead logic and unreachable states
• Identify requirement issues early
- Missing functional requirements
- Inconsistent functional requirements
Textual
Requirements
Executable
Specification
Modelling
Generated
C/C++ code
Code
Generation
Other code
Code Coverage
![Page 14: Verification Techniques for Model and Code€¦ · –Automate in Continuous Integration systems such as Jenkins Simulink Test. 10 Formal Verification: Proving Requirements Checks](https://reader033.vdocuments.us/reader033/viewer/2022050608/5faf88046706d902926840d8/html5/thumbnails/14.jpg)
14
Coverage Analysis: also for self-written C/C++ in S-functions
Simulink Verification and Validation
![Page 15: Verification Techniques for Model and Code€¦ · –Automate in Continuous Integration systems such as Jenkins Simulink Test. 10 Formal Verification: Proving Requirements Checks](https://reader033.vdocuments.us/reader033/viewer/2022050608/5faf88046706d902926840d8/html5/thumbnails/15.jpg)
15
Static Code Analysis
Model used for
production code
generation
Object
code
Compilation
and Linking
Textual
Requirements
Executable
Specification
Modelling
Generated
C/C++ code
Code
Generation
Other code
• Code metrics and standards
- Comment density, cyclomatic complexity,…
- MISRA and security standards compliance
- Custom check authoring
• Bug Finding
- Data and control flow
- CERT C check for security vulnerabilities
• Code Proving
- Formal Methods / Abstract Interpretation
- No false negatives
![Page 16: Verification Techniques for Model and Code€¦ · –Automate in Continuous Integration systems such as Jenkins Simulink Test. 10 Formal Verification: Proving Requirements Checks](https://reader033.vdocuments.us/reader033/viewer/2022050608/5faf88046706d902926840d8/html5/thumbnails/16.jpg)
16
Static Code Analysis: Proving vs. Bug Finding
Polyspace Code Prover
Green implies absence of the most
important classes of run-time errors:
Formally Proven
![Page 17: Verification Techniques for Model and Code€¦ · –Automate in Continuous Integration systems such as Jenkins Simulink Test. 10 Formal Verification: Proving Requirements Checks](https://reader033.vdocuments.us/reader033/viewer/2022050608/5faf88046706d902926840d8/html5/thumbnails/17.jpg)
17
Equivalence Testing (Back to Back Testing)
Equivalence Testing
Model used for
production code
generation
Generated
C/C++ code
Object
code
ModellingCompilation
and Linking
Code
Generation
SIL – Software in the Loop
(prevention of unintended
functionality)
PIL – Processor in the Loop
(back to back testing)
Executable
Specification
Modelling
Textual
Requirements
![Page 18: Verification Techniques for Model and Code€¦ · –Automate in Continuous Integration systems such as Jenkins Simulink Test. 10 Formal Verification: Proving Requirements Checks](https://reader033.vdocuments.us/reader033/viewer/2022050608/5faf88046706d902926840d8/html5/thumbnails/18.jpg)
18
Software In the Loop (SIL) Testing
Test Vectors
Desktop Simulation(on PC)
Results
Model
Object Code Execution (on PC)
Results
Generated Code
Object File
EmbeddedCoder
PCCompiler
== ?
Compare
Show equivalence, model to code
Assess code execution time
Collect code coverage
![Page 19: Verification Techniques for Model and Code€¦ · –Automate in Continuous Integration systems such as Jenkins Simulink Test. 10 Formal Verification: Proving Requirements Checks](https://reader033.vdocuments.us/reader033/viewer/2022050608/5faf88046706d902926840d8/html5/thumbnails/19.jpg)
19
Processor In the Loop (PIL) Testing
Test Vectors
Desktop Simulation(on PC)
Results
Model
Object Code Execution (on target)
Results
Generated Code
Object File
EmbeddedCoder
CrossCompiler
== ?
Compare
Verify numerical equivalence
Assess target execution time
Collect on target code coverage
![Page 20: Verification Techniques for Model and Code€¦ · –Automate in Continuous Integration systems such as Jenkins Simulink Test. 10 Formal Verification: Proving Requirements Checks](https://reader033.vdocuments.us/reader033/viewer/2022050608/5faf88046706d902926840d8/html5/thumbnails/20.jpg)
20
Model-Based Design Reference Workflow (IEC 61508-3)
Textual
Requirements
Executable
Specification
Object
code
Generated
C/C++ code
Model used for
production code
generation
ModellingCompilation
and Linking
Code
Generation
Automotive (ISO 26262)
Aerospace(DO-178)
Rail
(EN 50128)
Medical(IEC 62304)
Industrial(IEC 61508)
![Page 21: Verification Techniques for Model and Code€¦ · –Automate in Continuous Integration systems such as Jenkins Simulink Test. 10 Formal Verification: Proving Requirements Checks](https://reader033.vdocuments.us/reader033/viewer/2022050608/5faf88046706d902926840d8/html5/thumbnails/21.jpg)
21
Training
Public
On-Site
Verification and Validation of Simulink Models
Testing Generated Code in Simulink
Polyspace for C/C++ Code Verification
Polyspace Bug Finder for C/C++ Code Analysis
![Page 22: Verification Techniques for Model and Code€¦ · –Automate in Continuous Integration systems such as Jenkins Simulink Test. 10 Formal Verification: Proving Requirements Checks](https://reader033.vdocuments.us/reader033/viewer/2022050608/5faf88046706d902926840d8/html5/thumbnails/22.jpg)
22
Key Takeaway
A good design workflow leads to a good design,
but verification proves it!
Requirements
System
Design
Software
Design
Coding
Software
Integration
HW/SW
Integration
System
Integration