自动化提高设计质量的最佳实践（PDF58页）

1©2015TheMathWorks,Inc.自动化提高设计质量的最佳实践吴菁2嵌入式系统日益增长的复杂性发动机管理传动控制前向摄像头电动助力转向智能接线盒电池管理推进电机控制DC/DCConverter信息娱乐系统HVAC控制导航仪表盘Vehicle-to-Infrastructure短距雷达UltrasonicSensor长距雷达稳定性控制气囊紧急制动自动泊车自适应巡航控制全驱4轮转向后备摄像头车身控制模块TirePressureMonitor语音识别自适应前向大灯电动窗电动座椅无钥匙进入电动尾门20002015LinesofCode16M2-3M6MSiemens,“FordMotorCompanyCaseStudy,”SiemensPLMSoftware,2014McKendrick,J.“Carsbecome‘datacentersonwheels’,carmakersbecomesoftwarecompanies,”ZDJNet,20133需求管理的匮乏Sources:ChristopherLindquist,FixingtheRequirementsMess,CIOMagazine,Nov2005为什么高达71%的嵌入式项目以失败告终?4要点在Simulink中创建，管理需求早期验证以便快速发现错误自动化手工验证任务遵循安全标准的流程“通过早期验证降低成本和项目风险，缩短认证系统的上市时间并提供第一时间即正确的高质量产品代码”MichaelSchwarz,ITKEngineering5RequirementsRequirements传统开发流程的挑战SpecificationSpecificationC/C++Handcode6将Simulink模型作为规范RequirementsRequirementsC/C++ExecutableSpecificationExecutableSpecificationHandcode7完整的基于模型的设计CodeGenerationRequirementsRequirementsExecutableSpecificationExecutableSpecificationModelusedforproductioncodegenerationModelusedforproductioncodegenerationSimulinkModelsC/C++Generatedcode8RequirementsRequirementsExecutableSpecificationExecutableSpecificationModelusedforproductioncodegenerationModelusedforproductioncodegenerationSimulinkModelsC/C++Generatedcode基于模型设计的验证流程ComponentandsystemtestingEquivalencetestingEquivalencecheckingReviewandstaticanalysis9来自需求的挑战需求在哪实现的?需求如何被测试?设计和需求一致吗?RequirementsRequirementsExecutableSpecificationExecutableSpecificationModelusedforproductioncodegenerationModelusedforproductioncodegenerationSimulinkModelsC/C++Generatedcode10需求和设计之间的缺口RequirementsRequirementsExecutableSpecificationExecutableSpecificationModelusedforproductioncodegenerationModelusedforproductioncodegenerationSimulinkModelsC/C++Generatedcode11SimulinkRequirementsAuthorTrackManage12RequirementsEditor13RequirementsEditor14Import从外部导入需求IBMRationalDOORSSimulinkRequirementsEditorMicrosoftWord15RequirementsPerspective16需求透视17关联需求，设计和测试`REQ3.1ENABLINGCRUISECONTROLCruisecontrolisenabledwhen…..18关联需求，设计和测试`REQ3.1ENABLINGCRUISECONTROLCruisecontrolisenabledwhen…..ENABLESWITCHDETECTIONIftheEnableswitchispressed……得到19关联需求，设计和测试`REQ3.1ENABLINGCRUISECONTROLCruisecontrolisenabledwhen…..ENABLESWITCHDETECTIONIftheEnableswitchispressed……实现于`得到20关联需求，设计和测试验证于TestCasexx`REQ3.1ENABLINGCRUISECONTROLCruisecontrolisenabledwhen…..ENABLESWITCHDETECTIONIftheEnableswitchispressed……实现于得到`21跟踪实现和验证PassedFailedNoResultMissingVerificationStatusImplementedJustifiedImplementationStatusMissing22对变更的响应Iftheswitchispressedandthecounterreaches50thenitshallberecognizedasalongpressoftheswitch.Iftheswitchispressedandthecounterreaches75thenitshallberecognizedasalongpressoftheswitch.ImplementsOriginalRequirementUpdatedRequirement23验证设计对指南和标准的遵循RequirementsRequirementsExecutableSpecificationExecutableSpecificationModelusedforproductioncodegenerationModelusedforproductioncodegenerationSimulinkModelsC/C++GeneratedcodeReviewandstaticanalysis设计创建的对吗?是不是太复杂?可以做代码生成吗?24使用静态分析进行自动化验证RequirementsRequirementsExecutableSpecificationExecutableSpecificationModelusedforproductioncodegenerationModelusedforproductioncodegenerationSimulinkModelsC/C++Generatedcode检查:•可读性和语义•性能和效率•Clones•更多……ModelAdvisorAnalysisModelAdvisorAnalysis25为走查和文档化工作生成报告RequirementsRequirementsExecutableSpecificationExecutableSpecificationModelusedforproductioncodegenerationModelusedforproductioncodegenerationSimulinkModelsC/C++GeneratedcodeModelAdvisorAnalysisModelAdvisorAnalysisModelAdvisorReportsModelAdvisorReports26导航到有问题的模块RequirementsRequirementsExecutableSpecificationExecutableSpecificationModelusedforproductioncodegenerationModelusedforproductioncodegenerationSimulinkModelsC/C++Generatedcode27用于解决问题或自动纠正的指南RequirementsRequirementsExecutableSpecificationExecutableSpecificationModelusedforproductioncodegenerationModelusedforproductioncodegenerationSimulinkModelsC/C++Generatedcode28内建的检查项，用于行业标准和准则的遵循RequirementsRequirementsExecutableSpecificationExecutableSpecificationModelusedforproductioncodegenerationModelusedforproductioncodegenerationSimulinkModelsC/C++Generatedcode•DO-178/DO-331•ISO26262•IEC61508•IEC62304•EN50128•MISRAC:2012•CERTC,CWE,ISO/IECTS17961•MAAB(MathWorksAutomotiveAdvisoryBoard)•JMAAB(JapanMATLABAutomotiveAdvisoryBoard)29配置和自定义分析RequirementsRequirementsExecutableSpecificationExecutableSpecificationModelusedforproductioncodegenerationModelusedforproductioncodegenerationSimulinkModelsC/C++Generatedcode30用形式化方法检测设计错误发现运行时设计错误:•整数溢出•死逻辑•被零除•数组越界•范围违规生成反例以重现错误RequirementsRequirementsExecutableSpecificationExecutableSpecificationModelusedforproductioncodegenerationModelusedforproductioncodegenerationSimulinkModelsC/C++Generatedcode31证明设计符合需求RequirementsRequirementsExecutableSpecificationExecutableSpecificationModelusedforproductioncodegenerationModelusedforproductioncodegenerationSimulinkModelsC/C++Generatedcode  使用形式化需求模型证明设计属性模型功能和安全要求生成用于分析和调试的反例32StaticAnalysisStaticAnalysis对标准和准则的检查经常要延迟执行RequirementsRequirementsExecutableSpecificationExecutableSpecificationModelusedforproductioncodegenerationModelusedforproductioncodegenerationSimulinkMode