Software Engineering Practices And Simulink: Bridging The
Int J Softw Tools Technol TransferDOI 10.1007/s10009-017-0450-9REGULAR PAPERSoftware engineering practices and Simulink: bridging the gapVera Pantelic1 · Steven Postma1 · Mark Lawford1 · Monika Jaskolka1 ·Bennett Mackenzie1 · Alexandre Korobkine1 · Marc Bender1 · Jeff Ong1 ·Gordon Marks1 · Alan Wassyng1 Springer-Verlag Berlin Heidelberg 2017Abstract Although widely used in embedded systemsdesign, Matlab/Simulink is not considered a state-of-the-artdesign environment by the software engineering community.This paper is aimed at improving design with Simulink fromthe software engineering perspective by developing automated support for the application of some traditional softwareengineering principles when developing with Simulink. Wepresent four tools: the Signature Tool, the Reach/CoreachTool, the Data Store Rescope Tool, and the Auto LayoutTool. The Signature Tool extracts the interface of a Simulinksubsystem, enabling developers to better understand theBVera Pantelicpantelv@mcmaster.caSteven Postmasteven.m.postma@gmail.comMark Lawfordlawford@mcmaster.caMonika Jaskolkabialym2@mcmaster.caBennett Mackenziemackeb@mcmaster.caAlexandre Korobkinekorobkao@gmail.comMarc Bendermarc.mb.bender@gmail.comJeff Ongongjf2@mcmaster.caGordon Marksmarksgw@mcmaster.caAlan Wassyngwassyng@mcmaster.ca1McMaster Centre for Software Certification, Department ofComputing and Software, McMaster University, Hamilton,ON, Canadaimplicit data flow in Simulink models and use it more effectively, while also producing useful documentation. The DataStore Rescope Tool improves modularity of Simulink models by properly scoping data stores, the Simulink equivalentof variables in traditional languages. The Reach/CoreachTool highlights data and control dependencies in Simulinkmodels, making them easier to understand. Also, the tool supports debugging, reverse-engineering, refactoring, and staticanalysis of the models. Finally, the Auto Layout Tool automatically improves the layout of Simulink models, reducingthe effort developers invest in graphical layout to complywith modeling guidelines and improve readability of theirmodels.Keywords Model-based development · Simulink · Tools ·Software engineering · Refactoring · Model transformation ·Data flow · Model slicing1 IntroductionMatlab/Simulink is a model-based design environmentwidely used in embedded systems development in numerous domains, including automotive. Its popularity can beattributed to its rich modeling and simulation capabilities,automatic code generation, and availability of a large number of MathWorks and third-party tools that aid developmentwithin the environment (e.g., MathWorks’ Control SystemToolbox). While a major part of the code base running inmodern cars is automatically generated from Simulink, theenvironment still lacks proper support for the application ofsome traditional software engineering practices. For example, data stores, Simulink’s analog of variables in traditionalprogramming languages, cannot be declared read-only. Furthermore, Simulink lacks self-documenting capabilities of123
V. Pantelic et al.imperative programming languages. For instance, an analogof a module interface in C, as defined in C header files, doesnot exist in Simulink.1The main contribution of this work is the introductionof a set of tools which help developers apply some wellknown software engineering principles in development withSimulink. Proper automatic support is crucial for the successful application of these principles [10]. We also note thatit is not our intention to undertake a comprehensive analysisof how each software engineering principle is supported inSimulink, neither do we compare the model-based designof Simulink to more traditional development paradigms.Rather, we draw on our experience from working withproduction-scale Simulink models to suggest mechanismsand appropriate tool support to improve the application ofsome well-known software engineering practices and principles in development with Simulink. The toolset to bepresented in this paper helps a developer adhere to somewell-known software engineering practices in an automatedmanner, allowing for the proposed principles to be seamlesslyintegrated into an existing Simulink model-based softwaredevelopment process. We introduce four tools: the SignatureTool, the Reach/Coreach Tool, the Data Store Rescope Tool,and the Auto Layout Tool. The tools were developed as a resultof collaboration with an industrial partner, a large automotive OEM (Original Equipment Manufacturer); however, thetools are not automotive-specific but general in that they canbe applied in any model-based design with Simulink.The Signature Tool extracts a Simulink subsystem’s signature. A signature is a representation of a subsystem’s interface[2,3]. Signatures identify implicit data flow mechanisms inSimulink, enabling their more effective use in design, analysis, and testing. Furthermore, signatures can be used as anindication of the quality of modularization of a Simulinkdesign. Finally, the tool can be used to automatically generateparts of software documentation: our automotive industrialpartner uses it to automatically document subsystem interfaces as part of a subsystem’s software design description.The Reach/Coreach Tool highlights, for the specifiedSimulink blocks, the parts of the model which are affectedby the specified blocks (Reach functionality), or parts ofthe model that the specified blocks depend upon (Coreachfunctionality). The tool accounts for both data and controldependencies. To the best of our knowledge, there exist twoother tools for slicing Simulink models that take into accountboth data and control dependencies: the tool presented in[18], and MathWorks’ Model Slicer (available since Matlab R2015a as part of Simulink Design Verifier (SDV)). In1It might seem that the input and output signals of a block in Simulinkare obvious from the block diagram; however, there is hidden data flowin Simulink not evident on the diagram as will be discussed in Sect. 2.123Sect. 3.2.3, a detailed comparison between our tool and thetwo aforementioned tools is presented.The Data Store Rescope Tool (formerly the Data StorePush-Down Tool) properly scopes Simulink’s data stores.Data stores are analogous to variables in traditional programming languages, and algorithms exist for localizing theirusage in languages such as C [20,21]. Our tool identifies thedata stores that have scopes larger than necessary. Then, foreach identified data store, its declaration is “pushed down”the model hierarchy to the lowest level possible, such that allthe references to the data store are still within the data store’sscope. The push-down operation improves the modularity ofSimulink designs. The tool was introduced in [3] as the DataStore Push-Down Tool and was also used in [3] to illustratethe effectiveness of a software complexity metric introducedin that paper.Finally, the fourth tool to be presented in this paper focuseson increasing readability of Simulink models by improvingtheir layout. Surprisingly, there does not exist a comprehensive commercial automatic layout tool for Simulink models.While novel Simulink automatic layout algorithms have beenproposed (e.g., [7,11,12]), no tools based on these algorithmsare available for use in Simulink. Our approach with the AutoLayout Tool reuses a third-party graph drawing algorithmimplemented in the open-source tool Graphviz, and furtherbuilds on it to address Simulink-specific layout requirements,as well as to automate some useful transformations valuablein every-day design with Simulink (flattening a subsystem,transforming a signal line into a Goto/From connection andvice versa, etc.).This paper is an extended version of the conference paper[14]. The following contributions have been added to thework presented in [14]. Firstly, an industrial automotivemodel is used to illustrate the application and benefits of eachof the four tools. The use of the real-world industrial example demonstrates the diversity of the tools’ applications in amodel-based development process, and more importantly, itprovides evidence of the tools’ applicability and practicalityin an industrial setting. Additionally, a number of featureshave been added to the tools, and the current paper presentstheir applications and benefits in detail:– While the main idea behind the Signature Tool is to identify the data items that are contained within the interfaceof a Simulink subsystem, the current version of the toolenhances this interface by including the data types of eachof the data items contained in the signature.– The Data Store Rescope Tool now includes the DataStore Repair transformation: when one or more references to a data store are not within its scope, the datastore is properly rescoped. Further, the tool now generates information about the results of the its operations.More precisely, for each data store that was moved, its
Software engineering practices and Simulink.destination and source block are listed, as well as thetotal number of moved data stores in the model. Also,this paper demonstrates the application of the tool in thedetection of data stores that are declared, but unused.– When it comes to the Reach/Coreach Tool, the commonassumption for If/Switch Case blocks that all inputsaffect all outputs has now been removed. Consequently,the tool has been enhanced to identify the fine-graineddependencies between the blocks’ inputs and outputs.While the improvement is conceptually rather simple, ithas been shown to provide some subtle static analysis ofreal-world industrial models, as will be illustrated in thispaper. Furthermore, the Reach/Coreach Tool is shownto provide an additional data view whose application isdemonstrated when the tool is used as an impact analysis tool. Also, starting from Matlab R2015a, SimulinkDesign Verifier, a MathWorks’ Matlab/Simulink toolbox,includes Model Slicer which has capabilities similar tothose of the Reach/Coreach Tool. In this paper, we presenta detailed comparison between the capabilities of theReach/Coreach Tool and Model Slicer.– The Auto Layout Tool has been significantly extended.Firstly, it now supports a number of minor, yet verypractical transformations: transforming a From/Gotoconnection to a signal connection (and back), as wellas flattening of a model’s hierarchy. Secondly, the layoutengine itself has been significantly enhanced to increasemodel readability, while following some of the best practices for layout of Simulink models as prescribed by theMAAB guidelines [28].Also, it is worth noting that all four tools have been significantly improved in terms of usability. While they were initially Matlab command line functions, they are now invokeddirectly from the context menu. Furthermore, the SignatureTool and the Reach/Coreach Tool now feature simple graphical user interfaces. All the tools are available through MatlabCentral, under open-source licenses [1,5,16,19].All the tools have been successfully used on large industrial automotive models: the models contained between 3671and 73044 blocks, with hierarchy depths between 8 and 16.However, for simplicity of exposition, smaller examples havebeen chosen in this paper to illustrate the tools’ capabilities.The outline of this paper is as follows. Section 2 analysesdata flow in Simulink and presents an industrial model thatwill be used throughout the paper to demonstrate the application of the tools in an industrial setting. The Signature Tool,the Reach/Coreach Tool, the Data Store Rescope Tool, andthe Auto Layout Tool are presented in Sects. 3.1, 3.2, 3.3,and 3.4, respectively. For each of these tools, we explain andillustrate their main capabilities, implementation, and possible applications in model-based design with Simulink. Wealso present the execution times of the tools when run onvarious real-world industrial automotive models. The toolswere run on a Windows 7, Intel i3-2120 @ 3.30 GHz, 8.0 GBRAM machine. Section 4 summarizes the role of the tools inmodel-based development processes and their link with software engineering principles. Section 5 concludes the paper,with avenues for future work.2 Data flow in Simulink and exampleThis section first presents an analysis of data flow inSimulink, which will serve as the necessary backgroundknowledge for a reader to understand the tools’ capabilitiespresented in Sect. 3. Afterward, a real-world industrial modelis presented. This model will be used throughout the paper toillustrate the applicability of our tools in an industrial setting.2.1 Analysis of data flow in SimulinkThe notion of a subsystem is used in Simulink to represent systems inside systems in order to provide hierarchicalmodeling. A Simulink subsystem has inports and outports—explicit links to and from the subsystem, respectively. Weview inports and outports as the explicit interface of thesubsystem. However, there are hidden data dependencies inthe Simulink’s subsystem: we will refer to those as the subsystem’s implicit interface. Hidden dependencies stem fromtwo particular Simulink data mechanisms: data stores andGoto/From blocks.Data stores Data stores are used in Simulink as memoryand are analogous to variables in traditional programminglanguages. Data stores allow subsystems and referencedmodels2 to share data without having to use inports and outports to pass the data from subsystem to subsystem, or levelto level. A data store can be defined in Simulink using a DataStore Memory block. The data store is then referenced usingData Store Read blocks (for reading from the data store) orData Store Write blocks (for writing into the data store). Thescope of a data store is the subsystem where the Data StoreMemory block is located, and all the subsystems below it inthe model hierarchy, excluding referenced models. In Fig. 1,data store B is defined using Data Store Memory B block.The scope of this data store is the top level of the model andsubsystem Sub1. The data store is accessed using Data StoreWrite B at the same level where it is defined, and it is readusing Data Store Read B in subsystem Sub1 (the contents ofsubsystem Sub1 are shown in Fig. 2). Also, a data store canbe implemented in the base workspace using a signal object:it is then called a global data store as it can be accessedfrom anywhere in the model, including referenced models.2A referenced model is a model referenced from another model usinga Model block.123
V. Pantelic et al.ABData StoreMemory AData StoreMemory {Scoped1}Goto1zBUnit DelayData StoreWrite B{Scoped1}Goto TagVisibilityFig. 1 A Simulink modelnon-virtual subsystems as well. Non-virtual subsystems aresubsystems executed as a single unit (atomic execution). Avirtual subsystem, on the other hand, is flattened in order toderive the block update order, with Simulink ignoring thesubsystem’s boundaries when determining this order. That isto say, the subsystem’s boundaries do not impact the model’sbehavior.Goto/From mechanism Another mechanism for implicitdata flow in Simulink is the Goto/From mechanism. Thedata fed into a Goto block is passed to its correspondingFrom blocks (the From blocks with the same tag), without a signal line between them. Goto/From blocks are usedto implicitly connect blocks, simplifying the visual presentation of models. A single Goto block may have multipleFrom blocks, but a From block may only receive data froma single Goto block. The scope of the Goto block is determined by the Goto block’s Tag Visibility parameter, whichcan take on the following values:– Local: Goto and From blocks with the same tag are inthe same subsystem.– Scoped: The scope of the Goto block is determined bythe position of the corresponding Goto Tag Visibilityblock. The Goto block and its From blocks have to bein the same subsystem as the Goto Tag Visibility blockor lower in the model hierarchy, while not crossing anon-virtual subsystem boundary, i.e., the boundary of anatomic, conditionally executed or function-call subsystem, or a model reference. In Fig. 1, scoped tag Scoped1is defined using a Goto Tag Visibility block. This blockaffects the scope of the Goto block Scoped1, found to itsimmediate left at the same level, while the correspondingFrom is found in Sub1, as shown in Fig. 2.– Global: Goto and From blocks with the same tag canbe anywhere in the model, except in locations that spannon-virtual subsystem boundaries.2.2 Industrial exampleFig. 2 Subsystem Sub1 from Fig. 1There may also be multiple read and write blocks for a singleData Store Memory block within one simulation step. Thisintroduces issues with the order of access to a data store (foran explanation of order of access errors and correspondingMatlab’s diagnostics, an interested reader is referred to [25]).When a data store is located higher in the hierarchy thanthe current subsystem, it will be referred to as an inheriteddata store for the subsystem. It should be noted that whilesignatures have previously been defined only for virtual subsystems [2], the current implementation of the SignatureTool is extended to support the extraction of signatures of123This section introduces the obfuscated version of the industrial model that will be used as a running example in thispaper. The original model was obfuscated for confidentialitypurposes. The model is a subsystem of a larger model thatitself implements a portion of the gear selection functionalityin a hybrid electric vehicle. The model is shown in Fig. 3a–h.3 ToolsThis section presents the tools. For each tool, its basiccapabilities are presented in detail and illustrated on a toyexample. Afterward, the application of the tools is demonstrated on the industrial model. Using both the simple toy
Software engineering practices and Simulink.(a)(b)(c)(d)(f )(e)(g)Fig. 3 Industrial example Simulink model. a Subsystem Gear andMode Processing performing gear selection. b Subsystem Gear Processing from a. c Subsystem If Gear1 from b. d Subsystem If Gear2(h)from b. e Subsystem If Gear345 or Else from b. f Subsystem CurrentEntry from c. g Subsystem Current Entry from d. h Subsystem CurrentEntry from e123
V. Pantelic et al.model and the industrial model enables us to first show thebasic capabilities of the tools in a simple manner, and thenshowcase their applicability and practicality on a real-worldindustrial automotive model.3.1 The Signature ToolThe Signature Tool extracts the signature of a Simulink subsystem. The concept of signatures was first introduced in [2].A signature represents the interface of a Simulink subsystemby making all of the data flow into and out of the subsystemexplicit.Further building on this work, we now view globalFrom/Gotos and global data stores as special cases of scopedFrom/Gotos and data stores. This is due to the fact that globaltags can be replaced by scoped tags, with a corresponding visibility tag placed in the top-level subsystem. Likewise, globaldata stores can be replaced by normal data stores, with thecorresponding declaration moved to the top-level subsystem.3.1.1 SignatureThe signature identifies the elements of the interface for agiven Simulink subsystem:– Explicit interface: Inports and outports,– Implicit interface: Inherited data stores, and scoped tagsdefined higher up in the model hierarchy,– Imposed interface: Data stores and scoped tags definedin the subsystemThe Signature Tool identifies two useful signatures for asubsystem: the strong signature and the weak signature. Ingeneral, the strong signature identifies the data mechanismsthat are accessed by the subsystem or any of its children.The weak signature identifies the data mechanisms that asubsystem can access (those which are declared locally orhigher up in the hierarchy), but is not necessarily using. Notethat the question of whether or not these are in fact accessedduring the execution of a model is difficult, and requires deepanalysis of con
Simulink, neither do we compare the model-based design of Simulink to more traditional development paradigms. Rather, we draw on our experience from working with production-scale Simulink models to suggest mechanisms and appropriate tool support to improve the application of some well-known
ES360 Introduction to Controls Engineering MATLAB and SIMULINK Help Page 2 of 6 Starting SIMULINK SIMULINK can be started by: 1) Opening a SIMULINK model file (model files use the .mdl extension). 2) Starting MATLAB and clicking on the icon in the tool bar. The SIMULINK Library Browser SIMULINK
Introduction to Simulink Todd Atkins tatkins@mathworks.com. 4 Outline What is Simulink? Working with Simulink. How Simulink works. Continuous and discrete models Componentizing models. 5 Simulink Applications. 6 Simulink
Simulink and LEGO MINDSTORMS EV3 9 P a g e Project 1: Explore Simulink and LEGO MINDSTORMS EV3 P1.1 Get Started: Program EV3 Status Light with Simulink Motivation At the end of this project you will be able to program an EV3 brick from Simulink. Objective Create first model in Simulink Check hardware and software installation
Test Driven Development powered by MATLAB and Simulink 45 Model-Based Design –Simulink and Stateflow Manage Requirements –Simulink Requirements Author and Execute Tests –Simulink Test Measure Test Completeness –Simulink Coverage Refactor and Verify Compliance –Simulink Check
Engineering POLYTECHNIC UNIVERSITY OF BARI Why Simulink? Simulink Real-Time (formerly known as xPC Target), together with x86-based real-time systems, is an environment for simulating and testing Simulink and Stateflow models in real-time on the physical system. Simulink easily allows to de
Introduction to Simulink 1.1 Objective The objective of Experiment #1 is to familiarize the students with simulation of power electronic circuits in Matlab/Simulink environment. Please follow the instructions in the laboratory manual. 1.2 Simulink Basics Tutorial Simulink is a graphical e
Luigi Biagiotti Systems and Control Theory Introduction to Simulink-- 2 Simulink introduction Simulink (Simulation and Link) is an extension of MATLAB that offers modeling, simulation, and analysis of dynamical systems under a graphical user interface (GUI) environment. Simulink is based on block diagrams of Dynamic SystemsFile Size: 1MB
4) Simulink . Simulink is a program for simulating signals and dynamic systems. As an extension of Matlab, Simulink adds many features specific to the simulation of dynamic systems while retaining all of Matlab’s general purpose functionality. Simulink has two phases of use: mode
