Model-Based Design For Safety-Critical And Mission-Critical . - MathWorks
Bill PotterTechnical MarketingMay 2, 2008 2008 The MathWorks LimitedModel-Based Design for Safety-Critical andMission-Critical Applications
Safety-Critical Model-Based Design WorkflowValidateVerify:SystemTest Embedded IDE Link XXXRequirementsTrace:RMISimulink &Stateflow Conformance:Model AdvisorModelTrace:Model/Code Trace ReportReal-Time Workshop Embedded Coder Verify:SystemTestSLDV Property ProvingModel CoverageConformance:PolySpace ProductsSource CodeVerify:SLDV Test GenerationEmbedded IDE Link XXXEmbedded IDEObject Code2
Requirements Process for Model-Based Design Functional, operational, and safety requirements Exist one level above the model Models trace to requirements Requirements validation - complete and correct Simulation is a validation technique Traceability can identify incomplete requirements Model coverage can identify incomplete requirements Requirements based test cases Test cases trace to requirementsValidateRequirements3
Simulation example – controller and plant4
Requirements trace example – view fromDOORS to Simulink5
Requirements trace example – view fromSimulink to DOORS6
Requirements based test trace example – viewfrom Simulink Signal Builder block to DOORS7
Model coverage report example8
Requirements Process take-aways Early requirements validation Eliminates rework typically seen at integration onprojects with poor requirements Early test case development Validated requirements are complete and verifiablewhich results in well defined test cases Requirements management and traceability Requirements management interfaces providetraceability for design and test casesValidateRequirements9
Design Process for Model-Based Design Model-Based Design Create the design - Simulink and Stateflow Modular design for teams - Model Reference Model architecture/regression analysis - ModelDependency Viewer Documented design - Simulink Report Generator Requirements traceability using Simulink Verificationand Validation Design conforms to standards using Model lConformance:Model Advisor10
Example detailed design including modelreference and subsystemsTop ModelSubsystemReference Model11
Model dependency viewer12
Example Model Advisor report13
Design Verification for Model-Based Design Requirements based test cases Automated testing using SystemTest and SimulinkVerification and Validation Traceability using Simulink Verification and Validation Robustness testing and analysis Built in Simulink run-time diagnostics Formal proofs using Simulink Design Verifier Coverage Analysis Verify structural coverage of model Verify data coverage of stSLDV Property ProvingModel CoverageModel14
SystemTest for requirements based testing15
SystemTest – example reportData Plotting and expectedresults comparisonsSummary of results16
Signal Builder and Assertion Blocks17
Model coverage report example – signal ranges18
Simulink Design Verifier – Coverage TestModelTest ReportGenerated Test Cases19
Simulink Design Verifier – Objective TestModel with Constraints and ObjectivesTest ReportGenerated Test Cases20
Simulink Design Verifier – Property ProvingModel with Assumption and ObjectiveReportProperty to be proven21
Design Process take-aways Modular reusable implementations Platform independent design Scalable to large teams Consistent and compliant implementations Common design language Automated verification of standards compliance Efficient verification process Develop verification procedures in parallel with design Coverage analysis early in the processRequirements Automated testing and e:Model AdvisorVerify:SystemTestSLDV Property ProvingModel Coverage22
Coding Process for Model-Based Design Automatic code generation Real-Time Workshop Embedded Coder Traceability HTML Code Traceability Report Source code verification Complies with standards using PolySpace MISRA-C checker Accurate, consistent and robust using PolySpace ModelverifierTrace:Model/Code Trace ReportReal-Time WorkshopEmbedded coderConformance:PolySpace ProductsSource Code23
Incrementally Generate Code Incremental code generationis supported via ModelReferencedependent models rebuilt When a model is changed,only models depending on itare subject to regenerationof their codemodel changed and rebuilt Reduces application buildtimes and ensure stability ofa project’s code Degree of dependencychecking is configurable24
Add Links to RequirementsRequirements appear in the code25
Code to Model Trace Report26
Compliance history of generated code Our MISRA-C testsuite consists ofseveral examplemodels Results shown formost frequentlyviolated rules Improving MISRA-C compliance with each release, e.g. Eliminate Stateflow goto statements (R2007a) Compliant parentheses option available (R2006b) Generate default case for switch-case statements (R2006b) MathWorks MISRA-C Compliance Package availableupon request 1IFP0W.html27
Simulink Integration with PolySpace ProductsInput1 Entries varying from 500 to 500K1 and K2 Constants Can be tunedfrom -297 to303Math operations Divide, add,min/max,product,substract,sum Lookup tables Maps, surfaces,algorithms,extrapolations Adjusted, tuned28
See results in the model Change the modelGenerate the production codeRun PolySpace softwarePolySpace detected an error here(after having analyzed the generated code)29
Coding Process takeaways Reusable and platform independent source codeTraceabilityMISRA-C complianceStatic verification and analysisModelTrace:Model/Code Trace ReportReal-Time WorkshopEmbedded coderConformance:PolySpace ProductsSource Code30
Integration Process for Model-Based Design Executable object code generation ANSI or ISO C or C compatible compiler Run-time libraries provided Executable object code verification Test generation using Simulink Design Verifier Capability to build interface for Processor-In-the-Loop(PIL) testing Analyze code coverage during PIL RequirementsVerify:SystemTest Analyze execution time during PILEmbedded IDE Link XXXModel Analyze stack PILSource CodeEmbedded IDEObject CodeVerify:SLDV Test GenerationEmbedded IDE Link XXX31
Processor-in-the-Loop (PIL) Verification- Execute Generated Code on Target HardwareSimulinkCodeGenerationAlgorithm(Software Component)Plant ModelExecution on host and targetnon-real-timeCommunication via one of data link e.g. serial, CAN, TCP/IPdebugger integration with MATLABEmbedded Target32
Integration Process Takeaways Integration with multiple developmentenvironments Test cases and harnesses generatedautomatically Efficient processor in-the-loop test capabilityRequirementsVerify:SystemTestEmbedded IDE Link XXXModelSource CodeEmbedded IDEObject CodeVerify:SLDV Test GenerationEmbedded IDE Link XXX33
Wrap-up Tools to support the entire safety critical developmentprocess Participation on SC-205/WG-71 committee for DO-178C Safety-Critical/DO-178B guideline document Available to licensed customers with Real-Time WorkshopEmbedded Coder Contact Bill Potter (bill.potter@mathworks.com) or Tom Erkkinen(tom.erkkinen@mathworks.com)34
Tools to support the entire safety critical development process Participation on SC-205/WG-71 committee for DO-178C Safety-Critical/DO-178B guideline document Available to licensed customers with Real-Time Workshop Embedded Coder Contact Bill Potter ( bill.potter@mathworks.com ) or Tom Erkkinen (tom.erkkinen@mathworks.com )
Bruksanvisning för bilstereo . Bruksanvisning for bilstereo . Instrukcja obsługi samochodowego odtwarzacza stereo . Operating Instructions for Car Stereo . 610-104 . SV . Bruksanvisning i original
10 tips och tricks för att lyckas med ert sap-projekt 20 SAPSANYTT 2/2015 De flesta projektledare känner säkert till Cobb’s paradox. Martin Cobb verkade som CIO för sekretariatet för Treasury Board of Canada 1995 då han ställde frågan
service i Norge och Finland drivs inom ramen för ett enskilt företag (NRK. 1 och Yleisradio), fin ns det i Sverige tre: Ett för tv (Sveriges Television , SVT ), ett för radio (Sveriges Radio , SR ) och ett för utbildnings program (Sveriges Utbildningsradio, UR, vilket till följd av sin begränsade storlek inte återfinns bland de 25 största
Hotell För hotell anges de tre klasserna A/B, C och D. Det betyder att den "normala" standarden C är acceptabel men att motiven för en högre standard är starka. Ljudklass C motsvarar de tidigare normkraven för hotell, ljudklass A/B motsvarar kraven för moderna hotell med hög standard och ljudklass D kan användas vid
LÄS NOGGRANT FÖLJANDE VILLKOR FÖR APPLE DEVELOPER PROGRAM LICENCE . Apple Developer Program License Agreement Syfte Du vill använda Apple-mjukvara (enligt definitionen nedan) för att utveckla en eller flera Applikationer (enligt definitionen nedan) för Apple-märkta produkter. . Applikationer som utvecklas för iOS-produkter, Apple .
och krav. Maskinerna skriver ut upp till fyra tum breda etiketter med direkt termoteknik och termotransferteknik och är lämpliga för en lång rad användningsområden på vertikala marknader. TD-seriens professionella etikettskrivare för . skrivbordet. Brothers nya avancerade 4-tums etikettskrivare för skrivbordet är effektiva och enkla att
Den kanadensiska språkvetaren Jim Cummins har visat i sin forskning från år 1979 att det kan ta 1 till 3 år för att lära sig ett vardagsspråk och mellan 5 till 7 år för att behärska ett akademiskt språk.4 Han införde två begrepp för att beskriva elevernas språkliga kompetens: BI
**Godkänd av MAN för upp till 120 000 km och Mercedes Benz, Volvo och Renault för upp till 100 000 km i enlighet med deras specifikationer. Faktiskt oljebyte beror på motortyp, körförhållanden, servicehistorik, OBD och bränslekvalitet. Se alltid tillverkarens instruktionsbok. Art.Nr. 159CAC Art.Nr. 159CAA Art.Nr. 159CAB Art.Nr. 217B1B
