模型验证最佳实践 - PDF 免费下载

符合 ISO 26262 标准的模型验证杨兴 amy.yang@mathworks.cn MathWorks 中国 2014 The MathWorks, Inc. 1

日程 ISO 26262 和基于模型的设计验证模型还是代码 ISO 26262 对 MBD 软件开发的要求相关的软件验证活动 2

ISO 26262 标准中和基于模型的设计相关的章节 MBD 相关的章节 3

标准中有关基于模型的设计的解释 The seamless utilisation of models facilitates a highly consistent and efficient development. 4

基于模型的设计 5

验证模型, 还是代码 2014 The MathWorks, Inc. 6

ISO 26262-6 软件级别的产品设计验证 7

验证模型, 还是代码? 单元静态验证 If model-based development with automatic code generation is used, these properties apply to the model and need not apply to the source code. 8

验证模型, 还是代码? 单元静态验证 In the case of model-based software development the software unit specification design and implementation can be verified at the model level. 9

验证模型, 还是代码? 软件单元测试 For model-based development, software unit testing can be carried out at the model level followed by back-to-back comparison tests between the model and the object code. 11

验证模型, 还是代码? 软件单元测试 In the case of model-based development, the analysis of structural coverage can be performed at the model level using analogous structural coverage metrics for models. 12

验证模型, 还是代码? 软件集成测试 14

IEC 61508 中有关代码生成工具分类 Translator! 16

ISO 26262 有关软件开发的相关要求 ISO 26262 对开发工具的要求 ISO 26262 对开发活动的要求 2014 The MathWorks, Inc. 17

软件开发阶段所需的支持信息 18

软件工具的分级和资质工具分级工具资质审核工具的功能工具的影响工具错误的检测工具置信水平 ASIL 软件工具有引入错误或者不能检出错误的可能 UC 1..n TI 2 TD 3 TD 2 TD 1 无 / 低中高 TCL 3 TCL 2 为 TCL3 级的资质审核为 TCL2 级的资质审核增加审核需求 TI 1 TCL 1 无需额外的资质审核 Possibility that the tool can introduce errors or fail to detect them Confidence in error prevention and detection measures Classification of the software tool into confidence levels Tool Qualification Measures 19

MathWorks 的代码生成工具 E-Coder 如果遵守 IEC Certification Kit:Embedded Coder Reference Workflow 文档中提供的参照开发流程,Embedded Coder 可以被划分为 TCL1 这个等级如果遵守 IEC Certification Kit:Embedded Coder Reference Workflow 文档中提供的参照开发流程的一个合适的子集,Embedded Coder 可以被划分为 TCL2 这个等级 The required tool confidence level for the code generator is TCL1, provided that the reference workflow documented in IEC Certification Kit: Embedded Coder Reference Workflow is followed. The required tool confidence level for the code generator is TCL2, provided that a suitable subset of the reference workflow documented in IEC Certification Kit: Embedded Coder Reference Workflow is followed. 20

软件工具的资质 21

IEC Certification Kit ISO 26262 22

设计语言的选择标准 23

编码和建模规范 24

架构设计信息表达 26

架构设计信息表达 27

ISO 26262 对于软件架构的要求 28

架构设计时要考虑降低复杂度 29

软件架构的验证方法 31

Simulink 模型验证 32

软件单元设计的验证方法表 -9 仅限静态验证 Simulink 模型验证 33

软件单元测试 9.4.3 The software unit testing methods listed in Table 10 shall be applied to demonstrate that the software units achieve: compliance with the software unit design specification; compliance with the specification of the hardware-software interface; the specified functionality; confidence in the absence of unintended functionality; robustness; and sufficient resources to support their functionality. 34

软件单元测试测试用例的产生单元测试的覆盖率要求 35

Simulink 模型测试需求是否满足设计需求? 查看结果报告测试模型是否完全测试模型? 结构覆盖度报告 36

代码生成和等效性测试自动代码生成 (Code generation) 有利于保证代码的效率和一致性大幅提高工作效率等效性测试 (Equivalence testing) 软件在环测试 Software-in-the-Loop testing 处理器在环测试 Process-in-the-Loop testing 37

软件集成测试方法 10.4.3 The software integration test methods listed in Table 13 shall be applied to demonstrate that both the software components and the embedded software achieve: compliance with the software architectural design in accordance with Clause 7; compliance with the specification of the hardware-software interface in accordance with ISO 26262-4:2011, Clause 7; the specified functionality; robustness; sufficient resources to support the functionality. 38

基于模型设计相关的验证活动 2014 The MathWorks, Inc. 40

动手操作练习 Model Advisor 检查集的设置 Simulink Design Verifier 分析设计错误 Simulink Design Verifier 实现属性证明功能测试覆盖率信息的收集等效性测试测试用例及实现 Simulink Report Generator 实现模型比较 41

软件的层次化结构设计模块如何划分从功能上划分组件以发动机为例, 分为 : 点火进气油量计算怠速巡航等模型实现上 model reference 发动机控制点火控制进气计算燃油控制怠速控制巡航控制其他对复杂组件进一步划分为单元模块以发动机的怠速控制为例, 分为暖机怠速闭环速度控制扭矩请求等单元模型实现上 model reference 42

模型复杂度监测对单元模块进行复杂度监测 Model advisor 圈复杂度 43

建模标准 MAAB 建模标准高安全完整性系统的建模标准公司内部定义的建模标准 44

MAAB 及相关规范的检查 Model Advisor 实现建模规范检查定制检查集定制检查项 45

模型评审模型和需求的双向追溯模型需求需求模型 Simulink Report Generator 生成报告为非 Simulink 用户生成报告 Simulink Report Generator 实现不同版本模型比较 46

使用 Simulink Design Verifier 检查逻辑错误设定生成测试用例目标为 MC/DC 100% 覆盖生成测试用例逻辑错误导致无法生成 100% 覆盖的测试用例, 并提示错误逻辑 47

使用 Simulink Design Verifier 检查数据错误通过算术运算分析定位错误数据溢出被零除证明没有错误的运算 48

单元模块的功能测试仿真测试... 覆盖率分析 49

模型的集成测试模型的组件级集成测试模型的系统级测试模型在环测试快速原型 50

软件在环测试验证代码和用于代码生成的模型之间的等效性 Code Generation 软件在环测试使用的是 Visual C++ 或者 LCC 编译器 Compiled C Code S-Function (Windows DLL) 51

处理器在环测试验证代码在目标处理器的行为和模型的一致性 Code Generation 处理器在环测试使用的是目标编译器 Production Processor 52

Model Verification Tools Model Verification Discover design errors at design time Simulink, Requirements Mgmt Interface (SLV&V) Model Coverage (SLV&V) Simulink, Stateflow, Simulink Fixed Point Model Advisor (SLV&V) Design Error Detection (SLDV) Property Proving (SLDV) Ad-hoc Testing Simulink Traceability SLV&V Model Standards SLV&V Design Error Detection SLDV Testing by Simulation with Model Coverage SLV&V Property Proving SLDV 53

Code Generation & Verification Tools Traceability report (Embedded Coder), Bullseye code coverage (Embedded Coder) Code Verification Gain confidence in the generated code Test vector generation (SLDV), SIL/PIL testing / CGV (Embedded Coder) Traceability Report SLV&V Embedded Coder Test Vector Generation SLDV Equivalence Testing Simulink (SIL/PIL) Embedded Coder 3 rd Party Code Coverage Tool Embedde d Coder 54

MathWorks Change the world by Accelerating the pace of discovery, innovation, development, and learning in engineering and science 55