Utilization of Simulink Verification and Validation (V&V) and Simulink Design Verifier (SDV) for HVAC Controls Software

Similar documents
2010 The MathWorks, Inc. Model-Based Design for High Integrity Software and Hardware

Automation framework for converting legacy application to AUTOSAR System using dspace SystemDesk

Development of AUTOSAR Software Components with Model-Based Design

Shenoy R K Senior Vice President, Powertrain Electronics Robert Bosch Engineering and Business Solutions ltd.

Applying Model-Based Design to Commercial Vehicle Electronics Systems

Software Tools. Mechatronics, Embedded Control System Design, CAD, Finite Element Analysis, Information Technology and Big Data Areas.

Simulink as Your Enterprise Simulation Platform

PREEvision 7.0. Roadmap and new Features. 3 th of March 2014

PC-Based Validation of ECU Software

Challenges in Thermal Management

Model Based Design in a Seamless Embedded Software Process

TLM-Driven Design and Verification Time For a Methodology Shift

Saber Automotive Overview

Evolution of MATLAB for Diesel Engine System Performance Development

Model-Based Design for High Integrity Software Development Mike Anthony Senior Application Engineer MathWorks Tucson, AZ USA

The Impact of Modelling and Simulation in Airbus Product Development

The Rise of Engineering-Driven Analytics

Model-Based Design for Controls The MathWorks, Inc. 1

Vector Software. Understanding Verification and Validation of software under IEC :2010 W H I T E P A P E R

ISEB ISTQB Sample Paper

Modeling & Simulation Virtual commissioning

Measurement, simulation, virtualization

21 ST CENTURY AUTOMOTIVE ENGINEERING HCL ERS AUTOMOTIVE ENGINEERING SERVICES

Leading tier one supplier reduces controls development time by 75 percent with LMS Imagine.Lab Amesim

Jack Weast. Principal Engineer, Chief Systems Engineer. Automated Driving Group, Intel

The Verification Company. Software Development and Verification compliance to DO-178C/ED-12C

A View on Tool Interoperability Solutions at Ford Motor Company

THE CHALLENGE OF ISO FOR COMPLEX SOFTWARE MODELS Oliver Collmann

Banyan Air Service November 18, 2011 AVE Aviation and Commerce Center Building 1 Miami, FL

Software verification services for aerospace. »» Unit and integration testing. »» Timing analysis and optimization»» System and acceptance testing

Ideas for Successful Model Integration with Standardized Software Architectures

architecture (SAFE) Project Presentation SAFE project partners

CaliAV. Guided-Calibration for INCA Concept Overview. By Nithin Nath ETAS/STI

Press Release. ETAS Rolls Out New Solutions for Simulink Users

Model Sharing to leverage customer cooperation in the ECU software development

Building Controls Strategies Conference. Retro-Commissioning with BAS Overview. 10 March Steve Brown, CAP ESD Controls Team Leader

1 Public ETAS/SIN ETAS GmbH All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as

What s New with the PlantPAx Distributed Control System

EXPLORE ENROLL EXCEL 2017

Erol Simsek, isystem. Qualification of a Software Tool According to ISO /6

Successful Service Virtualization

SE420 Software Quality Assurance

Introduction to Data Analytics with MATLAB

Chilled Water System Optimization

ROUND LAKE AREA SCHOOLS DISTRICT 116: LIMITED COMMISSIONING GUIDELINES INTRODUCTION

Implementation & Testing Plan. CS 307: Software Engineering Pascal Meunier

Case Study: Global Banking Company Transforms Testing Approach to Overcome Challenges of Shortening Development Cycles

» Software in Tractors: Aspects of Development, Maintenance and Support «

Test s in i g n I Week 14

Systems Integration: Effective DOD Test & Evaluation

Service Virtualization

Maru and Toru: Item-specific logistics solutions based on ROS. Moritz Tenorth, Ulrich Klank and Nikolas Engelhard

Seminar 06 Chapter 5 - Part 1

VectorCAST Presentation AdaEurope 2017 Advanced safety strategies for DO178C certification Massimo Bombino, MSCE

Compliance driven Integrated circuit development based on ISO26262

Big Data and Machine Learning for Predictive Maintenance

Project Summary. Acceptanstest av säkerhetskritisk plattformsprogramvara

ISTQB CTFL BH0-010 Exam Practice Question Paper

Y-HEAT THERMAL MANAGEMENT SYSTEM FOR OVEN, FURNACE, VACUUM FURNACE, AND CRYOGENIC CHAMBER SYSTEMS. Product Overview and Specifications

Development Tools for Active Safety Systems: PreScan and VeHIL

Surviving the Top Ten Challenges of Software Testing

Novedades de las últimas versiones de MATLAB y Simulink

Smart Strategic Approach for Functional Safety Implementation. Chandrashekara N Santosh Kumar Molleti

CHAPTER 2 LITERATURE SURVEY

Brief Summary of Last Lecture. Model checking of timed automata: general approach

Vector Software W H I T E P A P E R. Using VectorCAST for Software Verification and Validation of Railway Applications

Data Analysis with MATLAB Dr. Frank Graeber MathWorks Germany

COSYSMO: A Systems Engineering Cost Model

Functional Safety: ISO26262

SystemDesk 3.0

Testing 2. Testing: Agenda. for Systems Validation. Testing for Systems Validation CONCEPT HEIDELBERG

Optimization of Building Energy Management Systems

Integrating MATLAB Analytics into Enterprise Applications

Novelty Testing Measures and Defect Management in Automotive Software Development

Model Based Design for Fuel System Development. Christopher Slack, Airbus 04 October 2017

Safe and Secure by Design: Systems Engineering Best Practices for Connected Vehicles

André Baresel DaimlerChrysler AG Alt-Moabit 96a Berlin / Germany

CaliAV - Guided Calibration for INCA Autopilot to efficient best-practice MCD

Chapter 6: Software Evolution and Reengineering

Verifying and Validating Software in a Regulated Environment

What is Continuous Integration. And how do I get there

The Functional. Mockup-Interface: Innovation through. Open Standards. Hubertus Tummescheit, Modelon

Architecture-led Incremental System Assurance (ALISA) Demonstration

Testing. CxOne Standard

1 Descriptions of Function

Secondary Loop System for Automotiv HVAC Units Under Different Climatic Conditions

THE PILOT 4D LINE OF FLYING PROBE TEST SYSTEMS ADDRESSES THE FOURTH DIMENSION OF TEST: TIME

Guide to Modernize Your Enterprise Data Warehouse How to Migrate to a Hadoop-based Big Data Lake

Book Outline. Software Testing and Analysis: Process, Principles, and Techniques

ADL Automotive. Joubin Adl Zarrabi

Just a few clicks away from a heating system

INCA. Integrated tool environment for measurement, ECU calibration and diagnostic. At a glance

2B. Performance Advantages of Alerton BACnet. 1. Alerton Overview

Optimizing BAS Information for Operator Effectiveness and Optimal Control

Advanced Machine Monitoring. Whitepaper

2016 INFORMS International The Analytics Tool Kit: A Case Study with JMP Pro

7. Model based software architecture

Guided and automated calibration and validation of powertrain systems

Data Analytics with MATLAB Adam Filion Application Engineer MathWorks

Joined-up Requirements: Business Goals to System Tests

Transcription:

Utilization of Simulink Verification and Validation (V&V) and Simulink Design Verifier (SDV) for HVAC Controls Software Arun Chakrapani Rao, Rupesh Kakade, Mohan Murugesan HVAC Controls Algo And Readiness, Electronic Controls and Software Engineering, General Motors Technical Centre India Pvt. Ltd., Bengaluru, India 1 1

Outline Readiness Testing and Core Algorithm work overview HVAC Production-oriented testing (ECU, model) What is structural coverage? Why use it? What are model coverage metrics? Overview of work done and results Recommendations for incremental improvements Potential for Automatic Test case Generation Potential for Property Proving Current challenges and some proposed workflows 2 2

HVAC Control Software Regulates the air temperature, flow rate and moisture throughout the vehicle interior (by considering the effects of ambient temperature, sun load, and heat transfer mechanisms) in real-time Challenges overcome using Model-Based Designs in Development Unit level and integrated software verified early Same software deployed to many different vehicles by simply calibrating parameters such as vehicle dimensions Same s/w also deployed to multiple controllers with varying hardware and software architecture (Non-standard or standard ones like AUTOSAR) Integration of legacy software and the model-based software possible for vehicles nearing production Parallel development of several components possible Production code auto-generated, compiled and targeted efficiently and accurately 3 3

HVAC Control Software Example Components Aero Shutter Control Combinational logic for on/off control of magnetically driven set of flaps which close front end airflow paths to enhance vehicle aerodynamics Cabin Air Recirculation Control Physics-based design to ensure minimal compressor work while maintaining thermal comfort of the occupants Repeated calculations (physical properties) implemented by creating and using our own library blocks Functional verification using approximate plant model for closedloop simulation Standard test inputs derived from requirements and vehicle like scenarios (vehicle test data) 4 4

Current Testing in Production Peer Reviews Simulation Model Testing CPP Unit Testing Regression, Delta Change, Acceptance Testing (Hardware Bench/HIL) Test cases mainly guided by Requirements Both Manual and Automated Testing 5 5

Core Algorithm Modeling Group Development and testing of various Core Algo HVAC component models Simulation Model Testing Performed at the unit level Closed-loop simulation of the control system with approximate plant model Detailed functional verification based on requirements, internal standards and over several vehicle like scenarios Performed using standard test inputs developed once CPP Unit Testing Simulation model I/Os are automatically translated using a MATLAB M-script Verifies interface between the automatically generated code from the model and the wrapper interface code and the buried conversion mathematics Performs acceptance check for example, requirements, rounding errors etc. with the use of CPP asserts Plant models for closed-loop simulation Simulation and early verification possible 6 6

Readiness Group Testing of HVAC components at the integrated ECU Readiness Regression Test Detailed Component level verification Performed once on a Model Year Software Performed using automated test scripts on dspace HIL Delta Change Verification Verifies the specific delta change on every release Manual / automated test scripts Acceptance Test Verifies the system level functionalities on every release Performed using automated test scripts on dspace HIL 7 7

Shift towards early model-based V&V 8 8

Structural Coverage The output shall be set to 100 times the sensor input. I 1-5 I 1 40 O Sample inputs: -15, 10, 45 Boundary values: -5, -4.9, 40, 40.1 If sensor input is valid, the output shall be 100 times, else a fail safe value of 180 should be output. I 2 I 1 O Valid and invalid cases also Choices of input values affect the calculations done downstream Overall coverage gets influenced by such choices! 9 9

Structural Coverage Req1 Req2.. ReqN Real-life Requirements: Numerous ; In Natural Language i 1 i 2 more inputs more conditions. complex conditions.. more simulation paths more outputs o 1 o 2 o 8 i 20 Real-life Code or Model Tested enough? Irrespective of the test design techniques, in real-life scenario, model coverage assessment becomes necessary and crucial! 10 10

Why Structural Coverage? Find out gaps in requirements-based test cases Identify gaps in requirements Identify unreachable parts of the model (or code) Identify unintended functionality ISO/FDIS 26262-6:2010(E) 11 11

Structural Coverage Assessment Principle Practice for Production Relevant Mathworks toolbox: Simulink Verification and Validation toolbox (V&V toolbox) 12 12

Model Coverage Metrics Condition Coverage Condition Coverage Analyzes blocks that output logical combinations of their inputs Logical Operator blocks, Stateflow transitions V1 c1 V2 c2 c3 2 AND blocks; 2*2, 3*2 V3 c4 13 13

Model Coverage Metrics Condition Coverage V4 k1 k2 c5 V5 c6 k3 Cal value was T in all test cases 14 14

Model Coverage Metrics Condition Coverage V6 V7 V8 k4 k5 k6 k7 k8 V9 V10 k9 k10 V11 k11 No True for one of the AND conditions => making it T will cover 2 more conditions (for the AND, OR together) 15 15

Model Coverage Metrics Decision Coverage Analyzes model elements that represent decision points Switch block, Stateflow states V12 V13 V15 V14 16 16

Model Coverage Metrics MCDC Independence of logical block inputs and transition conditions FUNC=f1 FUNC=F; V1_Err < K1_Min &&.. K1_Max > V2 FUNC=T; INIT -> NORMAL /* T1_2 */ [(Mode1!= C1) &&... (Mode2!= C2) &&... (Mode2!= C3) &&... ( (V1_Err > 0)... f1()...!f2() )] CC 75% (3/4) C1 V1_Err < K1_Min C2 K1_Max > V2 DC 100% (2/2) MCDC 50% (1/2 conditions reveresed the outcome) T F Stateflow Graphical Function with a condition of the form C1 && C2 C1 V1_Err < K1_Min C2 K1_Max > V2 Out C1 && C2 T Out F Out C1 TT Fx C2 TT (TF) 17 17

C12 S1 S11 C1 S111 S1111 S1112 S1113 S1114 S1115 S11151 S11152 S1116 S11161 S11162 S112 S1121 S1122 S113 S2 S21 S22 S23 S3 S31 S32 S33 Overview of automation done around V&V toolbox Internal tool for test automation Excel sheet textual description of steps MATLAB M Scripts for automation around the utilization of the Simulink V&V toolbox for structural coverage assessment COVERAGE ANALYSIS REPORT Project name : HVAC Tester Name : Arun Rao Requirements HVAC Control - C12 Test Document Cases: C12 Test Cases - adapted from HIL test cases Component : C12 Test Cases - adapted from HIL test cases Software V1, V1.1 (new) Date : 27-Jun-11 Condition Coverage 100 90 80 70 V1=f1 V1_Err < K1_Min &&.. K1_Max > V2 V1=F; CC 75% (3/4) C1 V1_Err < K1_Min C2 K1_Max > V2 V1=T; INIT -> NORMAL /* T1_2 */ [(Mode1!= C1) &&... (Mode2!= C2) &&... (Mode2!= C3) &&... ( (V1_Err > 0)... f1()...!f2() )] T F Srl. No. Recommendation Expected effect 1 Set V1 > K1 function f1 will get 100% CC (See sheet f1) 2 Set V2_MinMxAirSetPt > K2 function f2 gets 100% CC (See sheet Other Graphical Funcs 50%) 3 Set V3_MaxMxAirSetPt > K3-C1 function f3 gets 100% CC (See sheet Other Graphical Funcs 50%) 4 V4 >= K4 function f4 will get 100% CC (See sheet f4) 6 Set V5 to 9, 12, 20 and 28 Distribution modes D5, D7, D8 and D12 will be reached 1 Modify speed values in Test 6 Sub Test 9 Covers Transition TRANSxyz 2 Change Validity value V5 to True from False in Test 7 SubTest 2 Achieves the goals for this test case 3 Look into cal. and/or validity values for Test 7 SubTests 3 to 10 Reaches various substates of STATEabc 60 Correction needed for test cases Test 3 SubTest 50 1: K1 is being set to 100000 but it's max. is DC 100% (2/2) 1 defined as 15000 in the spec. 40 CC MCDC 50% (1/2 conditions reveresed the outcome) 30 K2 has to be set to 0 for some test cases so that states transitions such as from STATE_S1 to 20 C1 V1_Err < K1_Min STATE_COOL_DOWN, STATE_COOL_DOWN to 10 C2 K1_Max > V2 STATE_NORMAL, STATE_NORMAL to STATE_INIT Out C1 && C2 T Out F Out 0 1 become possible. Additional state coverage Recommendations to C1 TT improve Fx test cases C2 TT (TF) 18 18

C12 S1 S11 C1 S111 S1111 S1112 S1113 S1114 S1115 S11151 S11152 S1116 S11161 S11162 S112 S1121 S1122 S113 S2 S21 S22 S23 S3 S31 S32 S33 Report Overview sheet Project name : HVAC Tester Name : Arun Rao Requirements HVAC Control - C12 Test Document Cases: C12 Test Cases - adapted from HIL test cases Component : C12 Test Cases - adapted from HIL test cases Software V1, V1.1 (new) Date : 27-Jun-11 COVERAGE ANALYSIS REPORT 100 Condition Coverage 90 80 70 60 50 40 CC 30 20 10 0 Low coverage here! 19 19

Recommendations Sample recommendations for C12, C8, C2, C1 Srl. No. Recommendation Expected effect 1 Set V1 > K1 function f1 will get 100% CC (See sheet f1) 2 Set V2_MinMxAirSetPt > K2 function f2 gets 100% CC (See sheet Other Graphical Funcs 50%) 3 Set V3_MaxMxAirSetPt > K3-C1 function f3 gets 100% CC (See sheet Other Graphical Funcs 50%) 4 V4 >= K4 function f4 will get 100% CC (See sheet f4) 6 Set V5 to 9, 12, 20 and 28 Distribution modes D5, D7, D8 and D12 will be reached 1 Modify speed values in Test 6 Sub Test 9 Covers Transition TRANSxyz 2 Change Validity value V5 to True from False in Test 7 SubTest 2 Achieves the goals for this test case 3 Look into cal. and/or validity values for Test 7 SubTests 3 to 10 Reaches various substates of STATEabc 1 Correction needed for test cases Test 3 SubTest 1: K1 is being set to 100000 but it's max. is defined as 15000 in the spec. 1 K2 has to be set to 0 for some test cases so that states transitions such as from STATE_S1 to STATE_COOL_DOWN, STATE_COOL_DOWN to STATE_NORMAL, STATE_NORMAL to STATE_INIT become possible. Additional state coverage 20 20

Coverage for various components Srl. No. Component Ver Total test cases CC Cyclomatic Complexity Total Conditions in the Model Conditions Covered by Test Cases 1 C1 v2 15 94 7 54 51 2 C2 v1 25 83 37 36 30 3 C3 v2 3 83 49 196 162 4 C4 v2 32 66 55 412 270 5 C5 v2 6 65 57 54 35 6 C6 v2 10 76 94 130 99 7 C7 v2 30 86 100 404 346 8 C8 v1 60 57 101 116 66 9 C9 v2 28 48 130 164 78 10 C10 v1 21 76 139 372 283 11 C11 v2 55 65 211 674 437 12 C12 v1 47 83 234 316 262 13 C13 v2 14 70 275 858 604 14 C14 v2 55 68 302 302 204 15 C15 v2 165 51 322 528 268 16 C16 v1 53 61 353 758 460 21 21

Coverage for various components 22 22

Some learnings Simulink V&V toolbox Original test cases created for the hardware bench/hil Extra effort to recreate test cases; capture intention of the tester Solution for the future: Model-level test cases to be updated/created/maintained for Readiness testing Utilization of the results requires some extra effort and time from component owners Ideally suited for independent V&V activities to assist Production work and teams initially 23 23

Some key take-always Some components might have a very good coverage already > 80% Condition Coverage Small models/low complexity: C1, C2, C3 Test cases have evolved well over time: C7, C12 Some components have lower coverage Only around (50%-60%) Larger models/higher complexity Much large number of test cases also haven t helped; so, gaps are important Irrespective of the above, structural coverage assessment is necessary! Improvements can only happen after assessment! 24 24

Simulink Design Verifier (SDV) toolbox SDV Automatic Test Generation (ATG) The toolbox can generate test cases automatically as per userdefined coverage requirements SDV Property Proving (PP) A technique to check if the model satisfies critical requirements without writing numerous test cases 25 25

SDV - ATG Use Simulink Design Verifier for Automatic Test case Generation!! 26 26

SDV - ATG Use Simulink Design Verifier ATG capability to improve test cases further 27 27

Some points to note ATG test cases to supplement existing test cases First assess coverage of existing test cases Identify gaps to increase coverage via self-designed test cases if desired Use SDV ATG for even further improvements Existing models May have unsupported constructs; Use automatic stubbing May encounter some scalability issues Use ATG for selective models/subsystems Where complexity is involved To find out if any parts of the model are unreachable 28 28

Design Verification Principle Practice for Production Relevant Mathworks toolbox: Simulink Design Verifier (SDV) 29 29

Some Example Properties for Proving Aero Shutter is never closed if the speed is less than 50 kmph. Always, if the Aero Shutter is closed, it implies that the coolant temperature is less than some defined maximum (92 degc). Once ON, heater coolant pump should remain ON for at least 30s even if the request becomes FALSE in the meantime. 30 30

Demos Indicate some workflows for V&V and SDV toolboxes through short demos 31 31

Final Conclusions Structural coverage assessment using the V&V toolbox important to improve on test cases Standards recommend it - not just for critical applications Workflows could be tailored and adopted to suit particular production environments SDV toolbox capabilities could be used to improve test cases via ATG for uncovered objectives In addition, Property Proving feature of the SDV toolbox complements traditional testing approaches to increase overall confidence 32 32

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback