The System Verification Manager (SVM) A single portal into interconnected views of system requirements system architecture system models application of verification methods results of verification activities Target Users: Embedded system development teams in production environments advocating model-based methods 2
SVM Features Requirement traceability Associates requirements and system architecture with multiple external model representations Verification activity management identifies verification activities that need to be re-executed when changes are made Verification result management access to the status and results of requirements-driven verification activities Extensible, open framework Flexible definition and reuse of models and verification methods 3
The SVM Team CarnegieMellon The MathWorks 4 Bruce Krogh Ansgar Fehnker Zhi Han Jim Kapinski Rajesh Kumar Peter Feiler John Walker Gopalan Raghavachari Shiva N. Sivashankar Swami Gopalswamy Jit Ken Tan Bill Aldrich Eric Lim Mehran Mestchian
Use Scenarios Requirements -> architecture -> models -> verifications Start with a set of requirements Define the system architecture Develop/import models and associate with architecture Specify verifications of models against requirements Let SVM manage the application of verifications Model changes and additions Models -> architecture -> validation of requirements Import model structure from Simulink, C code, etc. Derive a common architecture Add application-specific signal flow information Validate architecture Validate models against architecture Specify and perform model verifications Manage model verifications as requirements validation 8
Fundamental Views in SVM Verification System Architecture System Models Consolidated Window 9
Importing Existing Simulink Models SVM extracts model information & library dependencies User identifies relevant verification parameters, inputs, and outputs 10
Deriving A System Architecture Create from single model Create from collection of models 11
Working With The System Architecture Specify domain semantics of signal flow Can be done for each model as well. 12
Working With The System Architecture Check for semantic connection inconsistencies ETC example: apparent signal type mismatch 13
Dealing With Multiple Models Multiple models for system architecture Associate multiple Simulink versions Associate Checkmate model Associate source code Maintain consistency between models Validate all models against architecture 14
Verification of Requirements Requirements from requirements documents Verification activity verification of requirement via a model verification status & results Organization of verifications verification folders & logic Organization of requirements Project phase specific verification 15
Instantiating a Verification Activity Choice of verification methods Model specific parameter values & data sets 16 Select a model
Performing the Verifications Automatic execution of verifications Recording result status and results Filtered views & viewing external result representations 17
Change Propagation & Reverification Recognize changes in external models Recognize changes in verification parameters & data sets Handle model & library dependencies Invalidate & reverify verification activities Identify potentially impacted related models 18
Project Support Methods library import/export Methods specification & registration Verification methods using external tools Project import/export Current predefined verification methods Step response analysis Comparative model simulation Model checking (SMV) Checkmate model Dymola simulation Batch simulation on datasets mex compile Model reduction 19
Predefined Methods: Model Checking Executing a modelchecking activity uses Cadence SMV user specifies input and output files activity returns true if all properties specified in SMV file are verified 20
Viewing Model Checking Results view result for activity counterexample 21
Dymola Model Simulation SVM - System Models (Power Window Project) Motor Model in Dymola 22
Ethereal-Sting Activities Design realization in MathWorks COTS toolset. Industrial benchmark for comparison purposes Graphical model developed in Simulink and Stateflow Code generation using RTW and RTW E-coder Entire signal analyzer coded as a single function Design analysis and verification using SVM Unit level comparisons of core operations Functional comparisons of feature extractors System level comparisons of complete analyzer 23
MathWorks Implementation Core blocks implemented in a Simulink library to allow centralized updates. Mixed Implementation to balance performance vs. complexity Core Simulink blocks for basic operations MathWorks DSP Blocks for FFT, etc. Stateflow for custom implementations. Feature extractors implemented in a separate library 24
E1 Refinements for Improved Performance Conditionally executed feature extractors controlled by the classifier (Implemented using Stateflow): Trigger the symbol rate feature extractor subsystem like a function Use an output of the subsystem 25
Technology Transition/Transfer Project members Emmeskay, MathWorks Industry potential end users through existing projects Ford, GM, Toyota, LM, GE, Honeywell, Delphi Standards SAE AADL standard (dependable real-time systems) HSIF Target platform support RTW & IMAGES TimeWeaver 26
System Verification Manager Website www.ece.cmu.edu/~webk/svm Beta release Jan 26, 2004 30