Verification and Validation of Simulink Models

EXPLORE ENROLL
EXCET
Verificqtion qnd Volidotion

of Simulink Models
*MathWorks" Trøining Services

Table of Contents
Table of Gontents
Verification and Validation of Simulink@ Models
r ilril]t ilil ] ]il ]t¡il ]ilt ilil ll] ilil llll llll
slw417V1
@ 2017 by The MathnØorks, Inc. Verification and Validation of Simulink@ Modeis TOC - 1
Table of Contents
O COPYRIGHT 2010-201,7 by The MathWorks, Inc.
This Training Coutse Notebook, along with other Training Course Examples
and Exercises, shall at all times temain the intellecmal propetty of The
MathWorks, Inc. The Math\X/orks, Inc. reserves all rights in these materials.
No part of these materials may be photocopied, reproduced in any form, or
distributed without prior wdtten consent from The MathW'orks,.Inc.
The softwate descdbed in this document is furnished under a license

âgreement. The soft'uzarc tr:øy be used or copied only undet the terms of the
license âgreement.
@ 2017 by The Math\ü/orks, Inc. Verification and Validation of Simulinrk@ Models TOC - 2
Table of Contents
Table of Contents
L. Introduction
2. Verification and Validation in Model-Based Design
3. Developing Test Cases
4. AnalyzingTest Results
5. Building Test Suites
6. FormallyVedS'ingModels
7. Conclusion
Appendices
A 2U.7 by The Math\X/otks, Inc. Vedfication and Validation of Simufink@ Models TOC - 3
Table of Contents
Introduction
MathìØorks@ at a Glance . . . . . . 1-2
nØotldwide Off,ces 1-3
Math\Works@ Product Overview 1,-4
Diverse ljsers 1-5
Computer Setup 1-6
Course LearntngOutcomes. . . . 1. -7
Course Outline 1-8
@ 2017 by The MathWorks, Inc. Vedfication and Validation of Simulink@ Models TOC - 4
Table of Contents
Verification and Validation in

Model-Based Design
Oudine ') ,,
Chapter Leantng Outcomes ..2-3

Continuous Test and Verifi.cation ..2-4
Types of Vedfication. . . ..2-5
Simulation-B as ed Tes ting. ..2-6
Formal Verifi.cation ..2-7
Course Example: Electronic Throttle Contol ..2-8
Project Environment. . . . . to
System Requirements. . . . .2-10
TestPlans... .2 - 71.
Summaty.... .2-72
@ 201,7 by The Math\X/orks, Inc. Vedfi.cation and Validation of Simulink@ Models TOC - 5
Table of Contents
Developing Test Cases

Outline ..3-2
Chapter Leantng Outcomes ..3-5
Testing Simutink@ Models . . ..3-4
Test Harnesses . . ..3-5
Generatìng Test Hatnesses . . ..3-6
Managing Test Harnesses . . ..5-1
Loading Inputs ftom MATI-AB@ . . . . ..3-8
Formatting \ü/orkspace Input Data . . . ..3-9
Creating Test Inputs Graphically. . . . . .3-10
Loading Data from External Soutces . .3 - 11,
Logic-Based Tests. . . . . .3 - 1,2
Creating Test Sequences .3 - 1,3
Testing the PI Conttollet Model .3-15

Summary .3-16
Test Yout I{nowiedge . .3-17
@ 2017 by The Math\X/otks,Inc. Vedfication and Validation of Simulink@ Models TOC - 6

Table of Contents
Analyzing Test Results

Outline .4-2
Chaptet Learning Outcomes .4-3
Results Analvsis
J
.4-4
Anaþsis Apptoaches . . . . .4-5
Performing Exploratory Tests. .4-6
Run-Time Anaþsis with Model Verification Blocks. .4-7
Run-Time Anaþsis u¡ith Test Sequence Blocks . . . . .4-8
C onditionally Analy zng Re sults .4-9
Managing Test Sequences . . . 4-L0
Loggog Simulation Data. . . . 4-11
AccessingLogged Data. . . . . 4-12
Inspectinglogged Data. . . . . 4-13
Customizing Data Displays . . 4-1,4
Comparing Runs and Sþals.
Collecting Model Coverage
Viewing Model Coverage
Model Coverage Tips. . .
Summary.
Test Your Knowledge . .
@ 2017 by The Math\üØorks, Inc. Vedfication and Validation of Simulink@ Models TOC - 7
Table of Contents
Building Test Suites

Oudine <.)
Chapter Learning Outcomes. . . . . .5-3
OrganzngTests . .5-4
Test Manager .5-5
Sttuctute of a Test Case .5-6
Types of Tests .5 -7
Pedorming Simulation Tests . .5-8
Petforming Baseline Tests . . . .5-9
CreatingTest Iterations . . . . . 5-10
Performing Equivalence Tests 5- 1,1.
VrewrngTestResults . . . . . . . .5-12
Collecting Model Covetage . .
ReportingTest Results. . . . . . .5 - 1,4
Imptoving Test Petformafrce .5-15

Summary. .5-16
Test Yout Knowledge .5-17
@ 2017 by The Math\Works, Inc. Verification and Validation of Simulink@ Models TOC - 8
Table of Contents
Conclusion
Math\X/orks@ Product Overview '7 '.)
Math\X/orks@ Iøeb Resources. . . 7 -3

Online Technical Suppott . . . . . 7 -4
Further Training. 7 -5
Coutse Evaluation 7 -6
@ 2017 by The Math\X/orks,Inc. Vedfication and Validation of Simulink@ Models TOC - 10

Table of Contents
Formally Veri$'ing Models

Outline 6-2
Chapter Learntng Outcomes. . . 6-3
Petfotming Exhaustive Testing 6-4
Simulink@ Desþ Vetifi.er" \Wotkflow 6-5
Types of Fotmal Model Vedfi.cation 6-6
Checking Model C ompatibility 6-7
Generating Tests - Producing Full Covetage. . . . . 6-8
Generating Tests - Completing Missing Coverage. ....6-9
Generating Tests - Uset-Defined Obiectives. . . . . ...6,10
Ptoving Model Properties ...6-1,1,
Formally Checking Requirements . . ...6-12
Detecting Desþ Errors . . .6.- 13
Tips fot Formal Model Verification

Summaty.
TestYour Knowledge
@ 201,7 by The Math\X/orks, Inc. Verification and Validation of Simulirrk@ Models TOC - 9
Table of Contents
Appendices
Automating Verifi cation A ctivifies A
Inttoduction to Model Coverage. . B
Exetcises C
@ 2017 by The Math!Øorks, Inc. Verification and Validation of Simulink@ Models TOC - 11
lntroduction
lntroduction
I
¿
@ 2017 by The MathWorks, Inc. Verification and Validation of Simulink@ Models 7-7
lntroduction
MathWorks@ at a Glance
Mathlü/orks@ is the leading developer and suppliet of technical computing
software in the world. Founded tn 1984, it now employs ovet 3,000 people
worldwide with approximately 45o/o engaged in ptoduct development. The
company is privately held and has been ptofitable eveîy ye r since its inception.
Jack Litt1e and Cleve Moler, the founders of Mathrù(/orks, tecognized the need
among engineers and scientists for more powedul and ptoductive computation
environments beyond those provided by languages such as Fortran and C.
In response to that need, they combined their expertise in mathematics,
engineering, and computer science to develop M,{TLAB@, a high-petformance
technical computing environment. MATIAB combines comprehensive math
and graphrcs functions with a powerfrrl high-level language. In addition to
MATIAB, Maths7orks now develops and matkets Simulink@, a product for
simulating linear and nonlineat dynamic systems. Math\X/otks also develops
and markets an extensive family of add-on products to meet the application-
specific needs of scientists, engineets, and educators.
The guiding pdnciple at MathWorks is "Do the Right Thing." This means
doing what is best for our staff membets, customers, business pârtners, and Math\ülotks
communities for the long term, and believing that "right' answers exist. It
meafls measuring our success not merely in financial terms, but also by how
consistently we âct according to this princrple. Our mission and cote values
statements express what "doing the right thing" meâns in out day-to-day work.
MathlØorks also has a social mission: 'qWe will be active membets of out
communities, promote social responsibilit¡ and encorxage environmental
awareness." MathWotks people actively patticipate tn rcalning the social
mission.
Jack Little Cleve Moler

Ptesident Chief Mathematician
@ 2017 by The Math\X/otks, Inc. Verification and Validation of Simulink@ Models 1, -2

lntroduction
Worldwide Offices
Math\X/otks customers are over 1,000,000 of the world's technical leaders, in
over 175 countries on all seven continents (includingAntarcttca). These people
work at the wodd's most innovative technology companies, government
research labs, financial institutions, and ât more than 3,500 universities. They
reþ on Math\X/orks because MATIAB and Simulink have become the standard
throughout science and industry.
Math\X/orks supports its customers through a woddwide network of offices,

distributors, and resellets.
Headquarters Q.Jatick, MA USA)

508-647-7000
mathworks . com
w\^¡w.
support Gmathworks . com
Woddwide Of{ices
's topogtaphy on an equidistant cylinddcal projection, cteated with
For information on any of our worldwide offices, pleaqe go to the following MATLAB@ and Mapping Toolbox'"
location on Mathrü/otks \X/eb site and choose a country:
http : / / www. mathworks . com/company/worldwide/
@ 201,7 by The MathrX/orks, Inc. Verification and Validation of Simulink@ Models 1,-3
lntroduction
Math$Øorks@ Ptoduct Overview

Key Characteristics of Simutink@
Key Characteristics of the MAII-AB@ Language
A complete environment for modeling, simulating, and implementing dynamic
A user-friendl¡ intuitive syntax favodng btevity and simplicity without and embedded systems
comptomising intelligtbiJity
Desþ and test linear, nonlinear, discrete-time, condfluous-tìme, hybrid, and
The highest quality numedcal algorithms, based on close historical ties with multirate systems
the numerical analysis research community
Applications in controls, DSI communications, and systems engineering
Powerfirl, eâsy-to-us e graphics and visuali zation capabilities
Open architecture allows integration of models ftom other environments
A high-level language, making it possible to c^rry out computâtions in a line or
two that would require hundreds of lines of code in languages such as Fortran
orC
Easy extensibiliry by the user ot via packages of application-specific MÄII-AB

code and apps known as toolboxes
Real and complex vectors and matrices (including sparse .matrices) as

fundamental data types
A 2017 by The MathWorks, Inc. Verification and Validation of Simulink@ Models 1.-4
lntroduction
Diverse l]sers
In the last few years, Math\X/orks tools have been used to:
. Improve the safety and efficiency of spacecraft docking by developing

adaptive neurocontrol technology for â computer aided joystick control
system
. Advance the mapping of the human genome by developing algorithms for
DNA sequencing instruments
. Avert financíaI crises in emerging economies by building an econometric
model to predict significant volatiJity
'Advance the diagnosis and treatment of gastrointestinal ftact disorders by

. l:'
improving visual imaging of the smali intestine

. Test the dynamic position of ships in heaqr seas with simulations using scale
models in the Iabontory
' Veri$r the legality of currencyby scanningimages of the notes andidentifying . Teach computer progrâmming to undergraduates by developing a test and
the small fibers that they contain measurement laboratory that poses authentic engineering problems to the
students
. Improve the quality of next-generation network audio products by simulating
sþals transmitted over network . Create images ofunexplored underwater archeology and geology sites by
^
m,apping plankton density relative to wâter masses
. Enable temperâte crops to be grown ir dty coastal regions by designing a
gteenhouse that converts seawâteÍ into fresh water . Translate the distorted human voice in high-pressure environments by
lowedng the frequency and pitch of the sound made by the larynx
. Improve race car performance by designing a system for the automad.c
testing of suspension systems
@ 2017 by The MathrX/otks, Inc. Verification and Yaltdatton of Simulink@ Models 1-5
lntroduction
Computer Setup
To get ready for class, you need to install the examples and exercises from yout
course CD. Follow these steps:
Put the CD in the CD drive.
The installer application will open âutomattcaTly. If the installer application

does not open âutomaÚically, open the CD drive in \X/indows@ Explorer. Run
the file Englísh 2OXXRX MMM. exe.
Foilow the prompts in the installer t}rough the installation process. A shortcut
will be created on your desktop to start MATLAB for this class.
*lect CÐnrpÞüênt$
lulrich cornponents sfr*uld b* ànstalled?
In the installet, you have these options:
$elect tfie conrpcne*ts y*u v¡a¡l ts iïstatri; cl*ar the co,mpoÊsnts yç* dç not v¡ant t* . Choose a class toot directoty fot your course files.
ingcll. Çlick f'lerË e¡he* yc* vrc ready to contie*e.
. Choose the coutses for which you need to install the files. (Exampies and
ücurse Rslease 20lqRijps
exetcises for all of our courses are otL the CD.)
*11*Ê : MÅTl-48 f r¡üdäffi Ë$tô¡Ë 15.: l\'tB
) uUe-x, ffÅ f LåB Fundannentals for Åutû$ûtive Åpp¡ic8tíûns 4.6 M8 . Create a shortcut on the desktop to start MATLAB for this class. (This
ij *t-æ-ol fitÀTt"ÀÐ Funder*entðls frr åesû$.fãcÈ Alpl¡cü(islrs t*.9 M8
shortcut runs a s t a rt up . m file when starting MATI-AB that is customized
:-
j ¡+t-ee-s: trgATtÅF# for Llf€ sËientists 7.â M8
,
",
¡*t-C¡nt: CornrÌìunicätrüu STstsms üestçn qdith þlåTtÅB€: t.? M8 for the installed course files.)
,: j ¡¡¡-Ett*t g-'IATLA& t* t v¡ith lilÅTLAF tcd*r 14"5 M8
| ; ntlX: Tfttsrfacing A{¡\Tr,{Ë wilh C Cade *.ð M8
j''
-ì
n*r*: p4,4ït-4å
fcr lir¡anciaì ApÞlicntir$s s"? 1|{g
, : l*LgC¡ t!'tÅIlÅg$ fór Psr&lic ûptiñr¡rütiÕÈr 32.6 hfB *

&,rråñt selectiûn reqüireâ ¡t l*açt l.ê h'$g af di6k sFë€e"
'$:9S4-ä&34 Th* Mathwerlts, å¡r*. s Back T!{e[t >
A 2017 by The Mathrü/orks, Inc. Verification and Validation of Simulink@ Models 1-6
lntroduction
Course Learning Outcomes

The attendee will be able to:
. Identi$r the role of verification and validation in Model-Based Desþ.

. Cteate and run test cases for Simulink models.
. Ana)yze simulation results to verify the behavior of a model.
. Automate testing activities atd manage results.
' Complement simulation-based testing using formal verification techniques.

. Automatically generate artifacts to communicate results.
@ 201,7 by The Math\ü/orks, Inc. Verification and Validation of Simulink@ Models 1-7
lntroduction
Course Outline
. Introducdon
. Verifi.cation and Validation in Model-Based Desþ
. Developing Test Cases
. Analy ztngTest Results
' Building Test Suites

. Formally Ved$'ing Models
. Conclusion
Appendices
. Automating Verification -Activities

. Introduction to Model Coverage
. Exercises
@ 2017 by The Math!Øotks, Inc. Verifi.cation and Validation of Simulink@ Models 1-8
Verification and Validation in Model-Based Design
Verification and Validatlon in

Model-Based Design
@ 201.7 by The Math\ùØotks, Inc. Vedfication and Validation of Simulink@ Models 2-1
Outline
. Continuous test and vedfication
. Ty¡les of verification
. Electronic throttle conftol project
In this chapte4we will use the following Mathì7otks@ ptoducts
. MÄII-AB@
. Simulink@
. Simulink Verification and Validation'" (for requirements linking)
@ 2017 by The Math\X/orks, Inc. Verification and Validation of Simulink@ Models )',
Chapter Leatnitg Outcomes

. List common model verification and validation tasks.

. Compate simulation-based testing and formal verification.
. Associate model verification and validation tasks with supporting documents
and data files.
@ 2017 by The MathlüØorks, Inc. Vedfication and Validation of Simulink@ Models 2-3
Continuous Test and Verification

By desigmng your system with Simulink, you cân model your entire system and
test your desþ against requitements eatþ in the desþ pÍocess.
Apart ftom testing, additional verification tasks include Requirements

a
. Traceability - Tracing desþ artifacts between different stages of your / Confn¡rml
lisi
I i¡ì
1.t*; f.-
Ttace tLl
ìilLl
desþ \
. Confotmance - \
Implementing modeling standatds to ensure consistency
)r Model
and adherence to coding standards in automatical\y genented code
a
. Reporting - Generating documentation to communicate informadon about
I Confotm
Trace rl
your desþ \
\
This course covers verif,cation and validation of models in Simulink. Verifying Code
code (automarcally or manually genetated) is addressed in othet courses.
' TestingGeneraled Code ìn Sìnulink@
' PoþspaceØ for C/C++ Cod.e Verifcation Hardware

. Generating HDL Code fron S inulin,k@
Certification authority or
quality assurance
@ 2017 by The MatlilX/orks, Inc. Verification and Validation of Simulink@ Models 2-4
Types of Verification
There are two main types of verification tools avaiTable in Simulink. Test cases ate usuah created manually with the intent of validating system
requìrements. They do not guaran;tee fr;llinformation about the desþ errors
. Simulation-based testing - This apptoach consists of repeatedly simulating in a system. There may be hidden errors in a model that could be revealed with
a model under various scenalios, o! lesl cases, and analyzíngthe model outputs additional test câses.
for each test câse.
Formalvedfication removes the need fot manual desþ of test cases. Howevet,
formal verification tools typically
. Make assumptions or approximations about the system

+> +> . Support a proven subset of features (e.g., blocks, data types, etc.)
. Require manual division oÍ large models into smaller components
Test cases Results Because of these limitations, formal methods ate also îot gurúanteed to find
all desþ errors.
. Formal vetification - l]ses formal methods to veri4¡ the design of a Note Formal vedfication can be used to complement simulation-based testing.
Simutink model. Formal methods are mathematcalanalysis techniques that
c Ír produce tesults without test câses.
^vtomati."lly
-'ð
_ä;-t!;ü;;;r:; i .;.i l-l;;t- 'E
-:
. :
pñú7¿/9b&"r :"j
ir.iia c7üi hpd>þ¿€.1ì6ûF AffiVfL@g ì
bpd > bs Id T Þ¿&Þ Lffi¡c
l.r
+>
No test Mathematical
CASCS analysis of system
@ 201,7 by The Mathrü/orks, Inc. Verifi.cation and Validation of Simulink@ Models

,)\
Simulation-B as ed Testing
When testing a Simulink model, thete ate some broad steps that you will
typicaliy follow.
. Ptepare the model - Pdor to running âny tests, you should set up your
model so that you can run those tests. This might mean settìng solver opdons,
model inputs, or simulation logging options.
@
. Load test case - Define input sþal data and set paratrreteÍ values as
desired. Data must be formatted to be acceptable to the model. The soutce
of this data could be in a vanety of places, such as a spreadsheet or vrithin
the model file itself.
. Run test - A test could involve a single simulation, or more elaborate tasks
such as srñ,'eep or alineat analysis of the model.
^pzrametet
. Process tesults - A common anaiysis task is visualizing the simulation data.
However, more complex tasks, such as coveïage analysis ot detetmining
whether test results meet some desited cttteria, are also cornmon.
. Produce report - It is often important to document tests and their results.
Reports give information on whether the desþ was implemented cottecdy
and satisfies all its corresponding tequirements.
Each of these steps is described in detail in Chapters 3 t}rough 5
@ 201.7 by The Mathìü/orks, Inc. Verification and Validation of Simulink@ Models 2-6
Formal Vedfication
Simulink Desþ Velifi.er'" allows you to verify Simutink models using formal
methods. SØhen using this tool, there are some bròad steps that you will
typicatly follow.
. Ptepate the model - Prior to verification, you must ensure th¿t the model
implementation is compatible with the tool.
. Set options
speci$r which
- Because formal verification is an automatic process, you must
verification t¿sks to petform, which tesults to extrâct, arid how
to report them.
W Manual
. Analyze model - Once the modei incompatibilities have been addressed

and its options âre set, the vedfication task should complete automaticaþ
The three main tasks provided by Simulink Desþ Verifier are
. Desþ erot detection
. Automatic test generation
. Propetty ptoving
. Interpret tesults - You can hþhlþht desþ errors in the Simulink model, or
inspect the contents of automatically generated test câses, counterexamples,
reports, data objects, and log files.
Each of these steps is described in detail in Chapter 6.

Automatic
@ 2017 by The MathWotks, Inc. Verification and Validation of Simulink@ Models a'7
Course Example:
Electronic Throttle Control
The throttle of an engine is responsible for conftolling the amount of ztt that The diagram below shows the system components as they are architected
is allowed into the engine. This is done by opening and closing the throttle in Simulink. In this course, you will petfotm verif,cation and validation on
plate, thus allowing more or less air into the engine. comlionents within the completed model.
In an Electronic Throttle Control (ETC) system, the traditional mechanical The course Sinulink@ ModelManagemenl andArchilecTare discusses how to desþ
linkage between the pedal and throttle plate is replaced with electronic sensors and manage such a model in a collaborative project environment.
and actrators, and the control logic is impiemented in softwate. This allows
the desþer the freedom to modify the control strategy being implemented S:
depending on driving conditions or operator input. System design

documents
Pedal
:::::
sensof 11ngme ' Throttle hodY J
I Ì14
Input PVA4
scaling conversion
Pedal
Output
PI control
scaling
@ 2017 by The MathrüØorks, Inc. Verification and Validation of Simulink@ Models 2-8
Proiect Environment Try'

1ü7hen managþg a project in Simulink, 1lou will find it helpfrrl to orgatize O$en the 111
the files within the fi.le system. The throttle control system in this course is
otgantzed as shown below.
;.,
rJÐen Ële model, inspect lts lt.
)) efc
. data -Data files that ate needed by the models
. documents - System desþ documents, such as requirements and test You can also desþate a folder as a Sìmulink prEecT, which provides additional
plan documents features for collaborative development.
. l-ibraries - Simulink libtaty files The course fi.les are alrcady otgznized in a Simulink project. You can open the
. models - Simulink model files Simulink project interface by navigating to the ch2 folder and double-clicking
the ElectronicThrottleControl . prj file.
. work - Folder fot temporary, derived files or othet automattcally genetated
files
ElectronicThrottleControl . pr j
Simulink
project
I I
r. Ï Derived files in
,lf
. . Éf
,
t;
!¡
t¡ ,' i¡
tÈ
Àt
'**__j) Ë[
*-*-"""_ü; 'ç-t. [¡"
working foider
data document,s ].ibraries mode].s work
/
,-'; rJI. adcUti-Ls. -)rù:
controller. sIx
m ¡
busData.mat ffi'.,',
urt_ ^+-lt_t r m^^r^
^l a cò t_.1 -
,,1^
^4.-
s-Lx rü:
:
s controLlerData .m
t:t;!
ffi testPlan. doc -t: etc. sfx

P-'
t;"3-7
throttleData throttfeReqs . doc
l!-itFi
i piCtrl . sJ-x
{:ïl . mat
ffi' Sl
flj
pwmCnv. slx
A 201,7 by The Math\üØorks, Inc. Vedfication and Validation of Simulink@ Models to

ñItv
System Requirements
:
You can link requirements infotmation to components in your Simulink ,Þ) controLLer
models, or to lines of MATLAB code.
View ut_Scali'ng :and
Simuünk Verification and Validation supports linking to mâny different tlpes Ou p lrInçnv'
of requirements documents, including
. Text
There are severalways to view the requirements linked to a model ot subsystem.
. HTML For example,
. Microsoft@ \X/ord . Select Anatysis ) Requirements Traceability ) Highlight Model.
. Microsoft@ Excel@ Click the highlighted blocks and view the corresponding information in the
Requitements Details window.
. Adobe@ PDF
. Right-click block or model canvas and select Requirements Traceability
a
. IBM@ Rational@ DOORS@ database
from the context menu. Click the requirements, if any, that appear in the
following menu.
For a complete list of supported file qT)es, see the documentation.
Requrreme¡ts Tr¿<sbi¡i{y l. 'scêied datì fruet þe to Tu¡¡ af dàtà.
Li.eàr A.âÀìl5is l. -OJtpu't'¿:rge fo" eàch $g¡al ñusl be rc4¿f ¿ed."
N
Document Types' )
nsign Verifier
Li¡h lû Sele{lisn ¡r i!4,A11Àg
Li¡k lo Seleclion ¡tr fJa¡d
?vlodeì Àdïisâr Lìnfr tÐ Sefect;on ¡n !¡c€l
The linking is performed by the Requitements Management Intetface (RMI).
Prior to using the RMI, you should execute the command
. Navþate to â system that contains a System Requirements block fiom the
Simulink Verification and \älidation block library. This block will display the
requirements that ate linked to the model or subsystem it is in.
to configure the RMI for use with MATI-AB.
System Requirements
1" "Ðuty cycle n:ust be proporlional to controller output, when in a valid range."
2. "PWM torque should act ilr pasltive sense wi:en cantrolêer output ts positive or ter*."
3 "PWM torque should act in negative sense when csntroller ûu{ptit is tregative."
4. "Duty cycTe rnuså be in range from t to t ^"
@ 2017 by The Math\üØorks, Inc. Verification and Validation of Simulink@ Models 2-10
Test Plans
Details on tests that need to be run on a system are typicaþ contained in a
document, or test plan. For a Simulink model, a test plan can prowide details
on several arifacts, including
. Input sþals case

. Expected ouq)ut sþals (or sþal mettics, such as the standard deviad.on, or
upper and lower bounds)
. System parameters
. Model configuration pârameters (solver settings, simulation mode, etc.)
You can use Simulink Verification and Validation to link components in a Futthermore, you canlevenge MATLAB functionality to read extern¿l data
Simulink model ditectly to requirements inside a test plan document. files, such as Microsoft Excel spreadsheets, and use them âs test cases for
Simulink models. This ptocess is covered in alater chapter.
Pl Controller
2. Requirement - Ensure that integrator w¡ndup does not occur
Testdescription-Mãintainthepedal scafed-angÌe_scaledquantityasapos¡tive
v¿lue for a period of tjme wh¡le the output saturãtes änd the integral state would have a chance
towindups¡gnif¡cantly. Afterthattime,changelhepedat sÇateC-ang1e_scaied Í{
quantily to a negat¡ve value to ensure that the controller output is respons¡ve.
3" tinne pedal_scaled angle scaled
J ')
lnputs 5 L
pedal_scaled - 5 when simulat¡on t¡me is less than I seconds, then 0 when s¡mulat¡on
t¡me is greater than or equal to 3 seconds
3
J ] 2
ângle scaled - 2throughoutthesimuJation
t ?
Expected outputs 5 ü 2
contrçller_ori-lprrl -Outputshouldsaturateatsomepointw¡th¡nfirstSseconds" Then,
at I seconds, output should decrease, without any delay, foìlowed by a continual period of 6
reduction- Pl Teç* å FI T*.çl 2
Test plan Test case
@ 201,7 by The MathlüØorks, Inc. Vedfication and Validation of Simulink@ Models 2- 1.1,
Summaty
. Continuous test and vedfication
. Tlpes of verification
. Elecúonic throttle control project
@ 2017 by The Mathlü/otks, Inc. Verification and Vaüdation of Simutink@ Models 2-72
Ðeveloping Test Gases

@ 2017 by The Math\X/orks, Inc. Verification and Validation of Simulink@ Models 3-1,
Outline
. Defining test câses
. Genetating test harnesses
. Creating and importing test inputs
. Incorporating logic in tests
In this chapter, we will use the following Math\Øorks@ products
. rvl,t*ILAB@
. Simulink@
. Simulink TesC" (fot test hatnesses and Test Sequence blocks)
. Simulink Verification and Validation'" (for requirements linking)
@ 2017 by The Math\ü/otks,Inc. Verification and Validation of Simulink@ Models 3-2

Chapter Learning Outcomes

. State the options ava:/rable fot defining and storing test cases fot Simulink
models.
. Genetate and manage test hatnesses.
. Create test inputs manuall¡ from extetnal files, and using logic-based rules'
. Run â test câse and inspect the results.
@ 201,7 by The Math\ü/orks, Inc. Vedfi.cation and Validation of Simulink@ Models J-J
Testing Simulink@ Models T¡y
To test a Simulink model, you will need to take infotmation from a test plan Open the the ch
and convett it into data that is usable by Simulink. Test cases can consist of Review the t e file in the do
. Input signals - Can be loaded ftom

external ftles, created in NI,\*TLAB, rou 1
S¡gnal I There are two main approaches to create test cases for Simulink models.
or created using blocks ftom the ln1
Simulink > Sicnal Buìlder o Test harnesses - Simulink based approach
Input sþals should be desþed to Input signals -A.test harness is a model that wraps around the system undet test, passing
represent rcaI-ltfe scenarios such as inputs to it and retdeving ouÞut sþals. The primary benefit of test
user inputs, operating conditions, harnesses is that they are gtaphical and therefore eâsy to use.
and environmental effects.
1-D T(u)
. MATI-AB files - MATI-AB based approach
. Parameters Should tlpically Building NL{TLAB scrþts ot functions around models requires more
be tunable, i.e., referenced using
MATLÄB variable nâmes. This Gain
i_Í: effort and proficiency with MATI-AB; however, it provides more flexibility,
1-D Lookup Table automadon, and the abiJity to modifi' parameters as well as input sþals.
enables you to quickly modi$r them Parameters
for desþ iterations and testing. This chaptet shows how to cre te harness models. For more informadon on
. Other dependencies - For tests the MATIAB based approach, refet to Appendix A.
to be ftrlly reproducible, you may
choose to consider additional model
dependencies as p^rt of a test's Test case
inputs, such as model configutation
Test plan
parameters or theversion of Simulink Simulate
þased on IVL\*TLAB
being used.
requirements)
model
code
Test results are usually defined by a model's outputs. Model out¡ruts include
data visualization,logstg data to MATLAB for futther analysis, ot other
Simulink blocks that determine useful information about parttct:Jar sþals.
il* andf or ilt
*--ìb.- Test
w¿
W harness
@ 2017 by The Math\ü/orks, Inc. Verification and Validation of Simulink@ Models 3-4
Test l{arnesses
A. test harness tlpically consists of five parts. . Component under test (CUT) - Ar isoiated component or reference of
the model being tested.
. Input signals - Soutce blocks that define individual sþals, such as the
. Selection blocks - Blocks that take the output srgnal data and seiect the
Sþal Buildet block.
sþals of interest. These often include Bus Selector or Selector blocks.
. Convetsion blocks - Blocks that convert the raw srgnâl data of the input
sþals to the formatthe model under test requires. For instance, if the model ' Analysis blocks - Sink blocks that allow you to visualize the data, or perform
requires a bus sþal input, then a Bus Creator block might be used. other analysis tasks.
Test harness (Simulink model)
mï
f t
, .;...:......t.!
+
naøom
T^-l
Number
Component f'-' ' ;
å
LU
Sine Wave
Þ undef test ? Chêck
Statb Range
ln1 (CUÐ Orrtl

r*-'-{
Cmvert
1
J-'
r7=l S€nâl f
rl-_l Ðata Type Selæts Scope
Ccnversicn
Sþnal Builder
@ 2017 by The Math\'X/orks, Inc. Verification and Validation of Simulink@ Models 3-5
Generating Test Flarnesses Try

:::
You can use Simulink Test to automaticalJy cteate a test harness fot a model. Open fte Pv\lni:Cn model and ,cfe¿te â te.st Larness with def¿a1t seff]ltgs.
To do this, ::.:r,,,
The contain an Inpoit blookap,'t eþourÉe aod an
1. Select Anatysis ) Test Flarness ) Create for Model. âs
2. In the dialog that opens, specifr the options prior to cteating the test
hatness. These options include Note By default, test harnesses are saved in the same file as the component
. Information - Hatness nâme and descrþtion undet test. To cÍeate test harnesses in separate files, you carL enable the Save
test harnesses externally option. With this opd.on, an XML file will be created
. Sttucture - Source and sink blocks to add to the harness in the crrrent folder. This file contains metadata which links the component
. Configuration - Options for simulating and synchronizing the test under test to its external test harnesses.
hatness and component undet test
3. Select OK.
l0l { cúv
Abs Saturat¡cñ
Sasic Preperties
1
¡1oìor inpd5
mrÍq,in pL¡ts
llarner pwmfnv_llarness I
i* , Save tesl harnesses externally Ftare informatÌon Fo¡¡Jard

direclpn
-1
Sources and Sinks
Reveße ÐlR Switch
i,ier:á: u2 >* Thr€5ilål¿
lnþ,-,-,-,-,üi't Ctr4pÕnÊ.nt nnd*.r Teßt Inresh¡l{ C
t--, Add separute assessr¡ent blcclç

(l,
.+--ì 0pen harness after creation
ç¡ :, C¡rnel p\vrrrf4jv
1 c{$1rûl¡er_o¡JÞnt
cûnlmlÉr_0ìJtpul ildûr hputs
cûntrû[þr_ûutpüt rnoiÐr_inputs
@ 201,7 by The Math\ù7otks, Inc. Vedfication and Validation of Simulink@ Models 3-6
M aîagffrg Test Flarnesses

You can access test harnesses from the component under test by selecting tfre,
Anatysis ) Test Flatness ) Manage Test Flarnesses. Alternativel¡ you

cân use the perspectives control on the lowet right of the model ot subsystem,
as shown below.
Once the test harness is open, you cân modify it by selecting Analysis ) Test
Flarness ) Propeties. You can also click the harness badge on the lower
p*,mCnv_l-iarness pivmfinu left of the model.
r4erqç availa,ble.
üì€ t€st harness.
l¿a ri a bleStepûisrrete t"'* --;;-:1i'- t^ "''
þþ
Ted f-larnesç {nterface
Petspectives ¡{f þ
tr test harness nanre nnd
control VariableStepDiscrete
Opening test harnesses for a model From the test hatness, you can go to the Analysis ) Test Flatness menu
and then select
. Push ComponentandPanrneters to Main Model- Copy changes to the

hatness model workspace or confi.gutation parameters back into the main
model.
. Rebuild Fl¿rness from Main Model - Copy changes to the component
under test, wotkspa;ce, oÍ configuration pârameters to the test harness. This
operation also updates the conversion blocks, if necessary.
Subsy,sfem Iest h¿ rne-qses avail¡ hl e. . Detach and Export Flarness - Removes the test harness from the model
and exports it to an independent model file.
Opening test harnesses for a subsystem
Note The results of the options above are influenced by the harness
properties Update Configuration Patameters and Model Workspace data
on tebuild and Synchr onizatio¡ Mode.
A 201,7 by The MathWorks, Inc. Verification and Validation of Simutink@ Models .t- I
Loading Inputs from MATLAB@ ':T,,{y
A common method fot importing sþal data to a Simulink model is through

root-level Inpot blocks. This allows you to load data from the MATI-AB base
workspace when simulating the model.
An iinportant âspect of Simulink sþal inputs is that you must specify the
Root-level Inport and Ouçort blocks allow the model to be run as a refetenced
value of the input ovet time. To be used as zvahd Simulink sþal, you must
modei or à standalone model. Therefore, you cân also use this approach to
^s associate those values with the simulation time. Additionally, you may want to
test a model without separate test harness.
^ speci$' other attributes, as shown below.
. Data tlpe - doubl-e

. Dimensions - 1 (scalat)
inP
ffi* param
. Sþal qpe - real-
'Data- 11.1 2.3 2.4 2.8 3.2
t:::,
,,1. ,
'rt .Time- t0.0 0.1 0.3 0.4 L.2
Param There are m^ny wâys to define sþal data. Some options willbe discussed on
the next page.
To pass data into root-level Inpott biocks, you must specify a vanable name
in the Simulation ) Model Configutation Parametets ) Datalrnport/
Export ) Input option.
Select: l-sad fram &rÐrksFGCË

Soïver
¡i-:nnitia| state:
.
Optin*izaticn
n --H-.
@ 2017 by The Mathlù(/orks, Inc. Verification and Validation of Simulink@ Models 3-8
Formatting Workspace Input Data

The input vanable cathave many formats. The three most common ones âre
, Atay - A matdx where the lrst column is a time

vector, and subsequent columns ate data inputs.
,o;.1,"Ì*
.,-\ q
'/ ,{ui-cd¡R-
. Timeseries - object that inherently
-A.n
contains data over time. This could be created
using MATI-AB code or logged from previous tl I
The atay fotmat is the easiest to use. However, it can only be used if
simulations Ë fnWWÈ . Allinputs aterezland of double dataspe.
' All inputs share the same time values, since ali columns of the ârray must
have the same number of elements.
. There are rLo structured inputs, i.e., bus input sþals.
. Structure- Structute vanable with a time field
and a signals fie1d, which represents the data. Note The Root Inport Mapping tool can help you to interactively map
wotkspace data (or data from external files) to the input ports in a model To
open this tool, click the Connect Input button.
\\ rr
u
: 11.)1.
LLf ¿) f
Selecl: Load from workspace

Solver lø Xnput: ir¡p
i,üptlrnization i-i In[tial state: xlniiinl
@ 201,7 by The Math\ü7orks, Inc. Verification and Validation of Simulink@ Models 3-9
Creating Test Inputs Graphically Try

:, :!
...:
Creating inputs in MATL,{B and passing them into models via Inport blocks Qpen aÉd cteate a test hatness with a Srgnrt tsuddet
can be useful for scripting and automation. -Another approach is to graphically soufce Litrock.
cteàte input sþals. You can do this using a Sþal Builder block, which is one
of the source block options avatlable when creating test harnesses. . Yoir carL cte te additional line segments by holding the Shift key and left-
clicking the sþal.
Double-click the Sþal Builder block to open its dialog. Some tips for creating
test câses using this block include: . To create an addition¿l test case, select Group à Copy ftom the Stg"ul
Builder menu.
. Select a by left-clicking the sþal line. You can replace a sþal with
sþal . To change the time axes limits, select Axes ) Change Time Range from
standard or custom data using the Signal ) Replace with menu option.
the Sþai Builder menu.
. The markers on the srgnal break the sþal into separate line segments. You
. You can link system requirements to individual sþal groups by enabling the
can select an individual line segment by selecting the sþa1and then selecting
the line segment. The line segment can be tuned graphically or by using the
Show Verification Settings ( i.5"] ) option and right-clicking the box in the
edit boxes on the bottom of the window.
Requitements section that appears.
FifÊ Grou¡r Siqinal ;Axes !
ñm s|effi *r ,, ,* *!" J¡"'iffil.qî iS ið ffi ¡ il $ þ1¡ll *,þr

ÅÐt¡æ 6rtsp;
1
t3
Signal groups
at ü*s¡r.*ledjsü ã[**{:â :å*
r,¡erirfi catisn blük *,tt¡ ng s:
llû verifirãtían ìriútks

0.5
Group'1
pedalscaled
û Show
angle_scaled 'e.5 verification
a3d_sc.*l':d**nç l***ca 1*,J Sa rÊçujremeirts in Thls çroup
settings
Sþal Builder block
1-J
Shift+click to I
add new point 0 t.2 t.1 û.8
Tr*e {seÐ)
a2d_scal ad_an gl e_scal ed

l{ame: iâ2d scÂlàd_ædal .El
lndex: 1
@ 2017 by The MathWorks,Inc. Verification and Validation of Simulink@ Models 3-10

LoadingData from External Sources Trl'

1::
:.: 'a,,,' :
It is commofl to load test case data from external data sources, such as dat*.
spreadsheets or text files. The two main u/ays to do this are
. MATLAB based - Import functions such as xl-sread,

tJ;.e data using do
readtabf e, or textscan. Then, formatit so it can be used as a Simulink M¿ke.:
input.
. Simulink Load data fiom spreadsheets using
based - Sþal Builder or
Ftom Spreadsheet blocks (Simulink ) Soutces library).
The wt I*TLAB based approach, on the other hand, is more flexible. There is
Simulink biocks are graphical and therefore easier to use. These blocks work more funcdonality for different frle formats and data types. Additionail¡ you
rcan write M,\TLAB
especialiy well with spteadsheets containing numerical data in columns. code to preprocess rJ.:'e data; for example, fìlling in missing
data ot removing nonnumerical data such as header lines or descriptions.
Select fi?e t0 ;mpÕrt

Cirocae the data file to lrnport lü siçnâ¡ gu;:der.
tããe to trrnporl
B¡cr¡,xe,- AÉlive çrçup: :Fl TÈsl 1 v

wl¡" v
Cåtå ðfn Ð,,:(Èmenï fcr 'rì"riai:

A B c Chaaçe the daTa tÕ and holtr il should be 4
'rnprrt
l- r¡ me pedal_scaled angle:caled
aËp!¡ed tÕ Sígna| Ðuitrder"
2
l 05 a 0
3 ð] 2
Se|e¿l All
4 80 L
ests.xås
PI Teçt L
5 100 7 * :- il pedai-scaìed
6 I W angìe-scaìed
,1
ff Test L 2 0 ? 46 o
PI TÊst {$ .l4 Yl lest I Tme {sec}
r-4 pedal-scaåed
: ü ançle-scaled ilame: sedsl scaled
lndex; :'l ,.1 ì

far ûata: if
exrs{cr¡E €cnfirm Se¡€t¡ùn

m*u-r
plctrlTests. xls -*r Test harness
Ki,,'ì {
@ 2017 by The Math\üØotks, Inc. Verification and Validation of Simulink@ Models 3-1,1
Logic-Based Tests Try
alternative way to develop test cases is by using logic. This ptovides a more
-A.n Open the p:i UT r-L â û€:!¡¡
natwral ianguage to define tequirements-based tests. To do this, you can use a bk¡ck.I-eave
Test Sequence block ftom the Simulink Test block ltbtary.
Test Sequence blocks can be configured to have any number of inputs and
Test Sequence blocks enable you to graphically author test cases using a talnlar
ouq)uts. Therefore, you cân use these blocks to perform
list of sreps. Transiriozs between steps can be defined using comparisons or
temporal logic. . Open-loop tests (ouçuts only), which generate a predefined sequence of
steps governed by logic
Both the test actions and transitions are written using MATLAB syntax. In
addition, you can use test-specific syntax that pnmartly deals with temporal ' Closed-loop tests (inputs and outputs), which use information about the
logic and vedfîcation þass/fail) activities. test ouq)uts to modi!' the inputs
. Test assessments (inputs only), which use logic to analyze test outputs and
determine the test results. This will be covered in the next chapter.
-sÞ] Test harness (closed-loop)

-fl fl
Test harness (open-loop)
tr
A 20fl by The MathrüØorks, Inc. Ved{ication and Validation of Simulink@ Models 3-1,2
Creating Test Sequences

You will now modify the Test Sequence block to implement the foliowing The first line of any cell in the Step column is the name of that step. Any
integrator windup test logic: additionallines are MATIAB exptessions known as sleþ aclions. A1l step actions
are executed as soon as that step is entered.
1. Stand by for one second, ptoviding zeto inputs.
The Test Sequence block will move ftom one step to the next (defined in the
2. Create a positive step input by changing the pedal_scaled sþal to 1. Next Step column) when the logical expression in the Ttansition column is
3. Once the integrator state reaches its maximum value of 1, hold the control true.
input for three additional seconds.
pedal_scaled slgnâl back to - 1. You can right-click, or place your cursor over, any step or transition cell to
4. After waiting, change the
cÍe te additional steps, substeps, or transitions.
5. Go back to step 1 once the controller ouq)ut returns to zero, i.e., the
integrator winds down completely. Note To see a list of syntax fot Test Sequence blocks, go to the Simulink Test
) Logic-BasedTesting ) Syntax forTest Sequences andAsssessments
Double-click the Test Sequence block to open the Test Sequence Editor. section in the documentation.
Notice that the editot is already populated with some steps and infotmation.
$tep Transition ülext $tep

Standby 't. æfr*n{n,sec} Testtyafe T
aåd_scaled,pedx.f*scaled = *;
aäd_rr,cal*d"8ngle^sc8Ïed = *;
{. sûilïrollËr*output <= t Sta rrdbXr T

i,Ì/¡ ç*gr _ Á¡.:rç.
$teptlp 1. e*ntrÐl]ler_c,utput ]= {1 + Kp} Wait ?

s2d_e*åled.ped*lscu*ed * "1
;
Walt l" aft*(3,se*) $ieptrwn ?
$t*pilnwn
aÊdScaled.pedalsc*Íed = -1 ;
@ 201,7 by The MathrüØorks, Inc. Verification and Validation of Simuliflk@ Models 3-13
Creating Test Sequences (Continued) If"IT
:,..:: .
You can use the Data Symbols section on the left of the Test Sequence Editor Ädd Kp to the *iË:t blocK.'
to add, delete, or edit datain the Test Sequence blocks.
The types of data avalTzble arc To create data,placeyour crúsor over the coresponding section (for example,
Pararneter) and select Add data.
. Input -Data comes from a Simulink sþal.
. Output -Data is output to a Simulink sþal. Once you have defined the data, you cân place your cursor over it and select
Edit or Delete.
. Local -Data is local to the chzrtar-:d persistent between time steps. Can be
modified during simulation. Note You can also view all the data tn a Test Sequence block in the Model
. Constant - Similar to local data, but remains constant during simulation. Explorer by clicking the Model Exploret (ffi ) button.
. Patametet - Data is defined by a varialsle in the MÄILAB workspace

þehaves like other Simulink block parametets).
äy*trbolx
ûymb*ls $tep
Input
Standhy
1. controller_o*tput aäd.**caled.pedal_s*aled = ü;
tu$mt
a2d_*saled.angl*_s*nl*d * t;
tutput t e?rl r¡*l¿¡*
L ir;, aËd-scaled ñ Testty*le
Lnçal
:
ßonçtant
tonetant
Farameter
Fararnet*r
Fata $Ëcrs ßñernûry

Ssta Store
A 201.7 by The Math\ü/orks, Inc. Vedfi.cation and Validation of Simuünk@ Models 3-1,4
Testing the PI Controller Model

. ::::: : ::: ::
An advantaee of creating logic-based tests is that the test input can be made the test
robust to changes in the desþ. Fot example, if the controller gains or sample sþals.
time are modified, the time at which transitions occur will change accordingly.
re$ults.
To verify the behaviot of the Test Sequence block, you can view
the animation in the Test Sequence Editor while the simulation is
running.
The simulad.on controls ¿llow you to step forward and backward

through the simulation. In addition, you can create breakpoints by
tþht-clicking steps and transitions.
Simulation Animation
controls speed
m,s*Wffi '$ f, üt" Gv' *{'- å !, sä-

Y Step Transit[on
StepIJp Wait StePDown
Sequence
!ìtsnrlhu
-4'¡ -À41¿{ *,^¡rF.! ¡¡.4!è/r þt.-$lËi-i --.. il,
ìi.iii '
$cii. ù1idìtii.!:rjrtrciit !^Ji
.l ^ - ^-t^, -. ,1,., - -- tJ.
repeats A-.._iii.¿l lj .:.cJ r{. e_¡i(ir¡:tjJ
S tandbv TestCycle E iïe*tCvmls

\
Ðata used by
* ;$t*pUp
3^
t, Å;
$tepUp: >,r i.1 r. í{i:j
a2d_scafed
pedalscaÌed: 0
angle_scaled: 0
\\nit
ñ*qi;1it:li e,iìs; ir¡cc*i:riiii'v

^1i ð^-, -;,.,-.-t ^^¡rî -
.¡.i-^,.,i. . -..^.,. i,,.
!l ¡¡:¡t,^¡!!ç! ".- {tt f:,¡,.j: I
Break uhile executing step
A 201,7 by The Math\ü/orks, Inc. Verification and Validation of Simulink@ Models 3-15
Summaty
. Defining test cases
. Generating test harnesses
. Creating and importing test inputs
. Incorporating logic in tests
@ 2017 by The MathWotks, Inc. Verification and Validation of Sirnulink@ Models 3-1,6
Test Your Knowledge

1,. Q /Þ): \X/hen defining Simulink sgnal inputs into a model, you must define
both the input data and the time at which the input data should occrú.
2. SØhich Simulink block is commonly used to store multiple sþal inputs

within a Simulink model?
A. Inport
B. Sþal Buildet
C. Assertion
D. Sine Wave
3. Ç /Þ): Test Sequence blocks can only be connected in closed-loop

configurations, i.e., they must always h¿ve at least one input and one ouq)ut.
4. Which of the following techniques would be the best for ilrtoma;i1flg

^
pzraffreter sweep?
A. Test harness
B. MATLAB script
C. Neither
@ 2017 by The MathrüØorks, Inc. Verification and Validation of Simulink@ Models 3-17
Answers
1.7
2.8
3.F
4.8
)
@ 2017 by The MathWotks, Inc. Verification and Validation of Simulink@ Models 3-18
Analyzi nS Test Results

@ 2017 by The MathWorks, Inc. Verification andYaltdauon of Simulink@ Models 4-7

Outline
. Performing tequirements-based assessments
. Loggog, inspecting, and comparing test results
. Collecting model coverage
In this chapter, we will use the follouring MathnØotks@ ptoducts
. MÄTI,AB@
. Simulink@
. Simulink Test'" (fot test hatnesses and Test Sequence blocks)
. Simuliflk Verification and Validation'" (for tequirements linking and modei
covetage)
*-¡\
Raxn fest
\Ì @
@ 2017 by The MathrX/orks, Inc. Verification and Validation of Simulink@ Models 4-2
Chapte r Learnitg Outcomes

. State the various srgnal logstg fotmats and options.

. lJse Simulink blocks to mathematically ana)yze test tesults against
requirements.
. Visualize, inspect, and compare test tesults interactively.
. Collect and display model coverage from test cases.
@ 201.7 by The MathWotks, Inc. Verification and \älidation of Simulink@ Models 4-3
Results Anaþsis
Anzlyztng simulation test results typically involves inspecting simulation
outputs, with the goal being to better undetstand the system behavior.
Results anaþsis can be done both manually and automatically.
. Manual - Visualization of test results, and interactive anaþsis of the data.

Often, the analysis may be explotatory, with no predefined goals specified.
. Automated - Use of MÄII-AB code ot Simulink blocks to analyze the
data without the need for human involvement. Often, the analysis will have
predefined goals, and possibly sttict pass/ fajJ. cntena.
Is that the
coffect fesult?
Stç R6ponse
a.E
!'1-
:A-..--
+ 7l +
2.5
t o
@ 201,7 by The Math\ü/orks, Inc. Verification and Validation of Simulink@ Models 4-4
An"ly.is Approaches
Regarding Simulink model datz, fhere are two modes of anaþsis that arc
colnmofl.
You may find that oîe àppr.o ch is better suited for a particular task than the
Run-time analysis othet
Use Simulink blocks to analyze data during the

simulation. This is often done via the use of a test ¡
HÈr#¡tr¡{#åÈ
harness, so that you do not have to add analysis kffi,H&
+-----------+
blocks in yout actwal system modei.
Ct€ck
Static Range
Run-time analysis is often most usefirl if you'd like
to check some condition for every time step of the
simulation, or in other situations where it is more $T0p
î^turz,lLy modeled with Simutink blocks.
Post simulation analysis

3.9
Collect simulation data al;;d then atalyze the dat¿
3.7
after the simulation completes. This enables you to
analyze the entire set of results as a unit, and you 4
can perform the analysis arLy time you want.
^t
4.9
5.2
4.r
@ 2017 by The Math\X/orks, Inc. Verification and Validation of Simulink@ Models 4-5
Performing Explor atoty Tests

One way to perfotm nrn-tjme analysis is by simula(-g^ model and manually
exploring whether the model behaves as intended. This can be especially usefrrl
to test models whle they ate being developed.
A common way to perform exploratory analysis is to use blocks from the

Simulink )Dashboard library. These blocks can be used to create human-
machine interfaces (HMIÐ inside Simulink models.
Dashboard library blocks can be divided into two main categories.
. Control - lJsed to modify tunable pârâmeters andvariables in a model. This

includes knobs, sliders, buttons, and switches.
. Visualization - ljsed to visualize sþal values in a model. This includes
lamps, gauges, and scopes.
lnpÐt Pänei Analysis Panel
¡ <&qr ¡ <drd¡æ>
Control block Saturation Analysis blocks

lndìc€lor
a.ø0Ð0w
Ðúty Scðpe
Inpr
u
wwtï]î:Tîîtfiï
ronl 0 [ê r-outpll m oto r_inpuls
<d¡rectbn>
hputs
@ 2017 by The Math\X/orks, Inc. Verifi.cation and Validation of Simulink@ Models 4-6
Run-Time Analysis with Try

:
Model Verification Blocks Ðpen the pfimenv model. -A.dd bloeks t

harness to ensure that
Another run-time analysis zpproach is to mathemzncally analyze model
::: ,;:t r ' 1: : , '.: :':::, l
ouq)uts during simulation by adding blocks to the ouq)ut of a test harness. ,1r,The dnty
This wa¡ the analysis blocks are not part of the source model, thus separating
desþ and verification. 'Tþe dire 1
Some Simulink libraries that contain usefi.rl blocks for this include
duty sþal is between 0 and 1.
. Signal Routing - Contains blocks that you cân use to select the desired
sþals for analysis.
¡L ...
. Logic and Bit Opetations - Contains relational and iogical operators that
are usefr.rl as part of the analysis.
_Ë
Check
. Sinks - Contains display blocks that you cân use to visualize simulation data Static Range
during the simulation. <dut)Þ
. Model Verification - Contains blocks that check a sþal's rarLge, tate of

nìotor_inputs
--¡
<d¡recliûn>
change, or resolution. These blocks have the ability to stop the simulation Compare
and execute MATLAB commands (e.g., output error messages) if a sþal To Constant OR
violates a given condition. l-.ogical

OperatÖr Aseriion
This libtary also contai.ns the -A.ssertion block, which can stop the Cornpare
Tö Cons{ant1
simulation based on a logical input sþal. This allows you to create your
own run-time âssessmert logic and combine it with an Assertion block.
dlrect j-on sþal is either -1 or 1
If
yout test harness contains a Sþal Builder block, you cafl enable and disable
asserdons in Model Verification blocks for individual sþal groups. To do this,
An er¡:or occu::red while lunning the simulation and the
show the verifi.cation settings of the block and use the Verification block
simulati on was terminated
settings section.
Caused by:
Errcr evaluatínc ri-.-^,ri..,.a..,. cailback uf Checks SRanoeI
Note You can only toggle assertions for Model Verification blocks from a
Ìrlock (mask) 'pl,rnír.-,rJ;"uir*..r-ì.5.i1.í:.nl;.qlk... f--i-r.c:.-Li.c:..-å.::ì-ï-1e_Ç.'
Sig"ul Builder block if the Enable assertion option is disabled in that block. Duty outsi-de a-Ll.or..¡abì e range.
l.{)Íflr'i::'lÊr"' :i:rl, tl li. i i ì.ltrylfjtT $ i}iì\ iìi,.)i
@ 2017 by The Math\X/orks, Inc. Verification and Validation of Simulink@ Models 4-7
Analyzing Têst Results
Run-Time Analysis with

Test Sequence Blocks t a
b
In the previous chapter, you saw how the Test Sequence block could be
used to generate logic-based test inputs, either in open-loop or closed-loop fails.
configurations. This block can also be used to analyze the outputs of a test.
For example, suppose v/e'$/ant to use logic to stop the simuiation if any of the The fust two conditions carr be tested using the assert function. If the
following conditions are violated. conditions are false, the simulation will stop and ptoduce an eÍror message.
You can customize the error message in the second ârgument of the function.
. The value of the integral state must be less tban 1,.
. The value of the integral stâte must be greater than -1.. Generate Analyze
. After the input sþal changes to -1, the integrator state must take no more test inDuts. test results.
than one time step to unsâturate.
Since the controller also has a ptoportional btanch with gain Kp, the test /
conditions must account for this offset. Since the test inputs use a conttollet
input value of either 1. or -1, the conditions cân be tested as follows. aÊd sca&
. The controller ouq)ut must be less than ( 1+Kp ) .

Ted Sequeæe
. The controllet output must be greater than - ( 1+Kp ) .
. The controller outputmustbe less than (1-Kp) one tìme step (Ts) after
the pedal_scal-ed sþal steps down from 1 to -1.
les Sequsce lAsssent)
Note There is also a fourth condition that tests windup when the
pedal_scaled sþal steps up ftom -1 to 1. Howevet, this condition will
be þored to simplift the course example.
Step
Assæssm*rnf
as*ert{controller'_uurtput <= {1 + Kp}, '{Jpp*r b*ç"¡nd *x**md*d"-i;

assert{controller_outputt >= -{1 + Kpi, 'l-mwer b*u*d *xc*ed*d"');
@ 2017 by The Math\ü7orks, Inc. Verification and Validation of Simutink@ Models 4-8
Conditionally Analy zing Re sults

The third test condition is more diffrcult to check because it
. Requires information about the curtent state of the system - \X/hen is
the controller input-stepping down from 1 to 0?
. Needs to be checked aftet a certain time - In this case, one time step
after the conttoller input steps down.
To cteate this test assessment,
1. Add a second ouq)uq named steppingDown, to

the Test Sequence block that generates test inputs. a2d s€led cûntelþr oûtÊ'ut
2. Set the value of steppingDown to true when

the StepDown step is entered. Reset its value to
f af se when the Standby step is entered. Test Seqrmce
3. Use steppingDown as aninputintheassessment ¿
Test Sequence block.

Indicates when to stârt
4. Right-cJick the step in the block and enable the Test Se+Jence (Asæsment)
testing for integrator windup
When decomposition option. This allows the Slep
substeps of this step to execute conditionally based
$tandby
on a when condition. a2d_scaled"pedal*scaled = d:
5. Create two substeps as shown on the right. The

first substep executes when steppíngDown has Step
been true for a time of Ts or longer. To define
E TesiCycle EÏ Ássessment
stêp þeforè
this condition, use the duration function. asse*{controller_output <: {1 + Kp}. 'ì}pper
,4dd step añêr
The second substep has no when condition, and Qfenl ln a*sert{controller_output >- -{1 + Kp}, 'L*w*r Add suh-step
a2d_scaled.pedal_scaled = 1, Erase last step content
executes when no other when conditions âre ttue.
Wlndup Add iränsi'tion
This substep performs no actions. Wait
'l*f*gr*t*r ørindup detected at
Rêquîrerrrênts kaceability r
É = %f^',t);
Note The Windup substep uses the verify
key'word. This is similar to assert, except the $tepÞown Else Br€äk while exeÐuting stêp
simulation is not stopped when the exptession is false.
@ 2017 by The Math\ùØorks, Inc. Verification and Validation of Simulink@ Models 4-9
Managing Test Sequences

Documenting and tracing tests is anothet impottant step in the verification and to the â$sessf,'neût
and validation process. With the Test Sequence block, you can
;:,
I 'l i
. Add descriptions to steps. :to. ë *ctr t<
:.
tbe
.:
the Description Column t llJ I button to show or hide the

I-.tse eqs.
Description column in the Test Sequence block. In this column, you can
enter comments to document the behavior of the test. . Link and view tequitements.
Right-click a step and use the options under Requitements ttaceability to
crezte,view, or modift tequirements associated with that step.
Show/hide Show/hide
Highlight
Symbols Description In addition, you cân use the Toggle requirement links highlighting ( e-
requirements )
sidebar column button to highlight the steps that contain requirements links.
ñ6i"r
Srtj
frT
I t:t @ffi'&#iv ¡rã-
a -¿
Jl" Ì:.: ,?,-
e:-.- 1""'t ':",/
Step I Transition Nexf Step , Elescription

Checlt upper and
lower þounds ef the
1 controllen ouþut.
Check for integrator

Add step b€gorë
windup at the upper
Add siep affer limit.
Add sub-siep
Delete step
ãlse
Link to SËlecüon in MATL-AÐ trlfhën

Link to Êurrenf Test üase treãk
Lãnk t0 Selecï¡Ðn ¡n Wrrd
Lînk to Selection ¡n Exee¡
Sêlecl fcr tr-inking w¡th Simul¡nk
A 201.7 by The Mathlü/orks, Inc. Verification andYahdatton of Simulink@ Models 4-1,0

Logging Simulation Data

You can save model elements ftom a simulation for post-simulation anaþsis. To selectively save each qpe of element to the workspace, you can use the
Simulation ) Model Configuration Patameters ) Data Impott/Expott
. Outputs - A model's ouq)uts ate defined by its root-ievel Ouçott blocks. options shown below.
. States - Certain blocks contain condnuous ot discrete states, such as the
Integratot block or the LTnit Delay block. vp
ì
. Logged signals - You can desþate cettain sþals to be logged. This is yi
'l
1
the most flexible way of loggrog data, and supports all sþal data types. npul$ ä te
sarne data type?
Saturatíon
N1åx: 1 Seve to workspace ar file
+ l-4in: -"1
You can log a sþalby right-clicking Laçgi*g a*d accessibiiity 1 lrlTÍrne: tsut
+ 7
the sþal, selecting Properties, and !i:! I -!-
Test ìnputs ure the FlStates: xcr¡t
,,----i
yiû-ü
then enabling the Log signal data snÊ?e dêlå SËìe?
JI¡IY.'' IÞ
Logging name
option. A loggtng badge ( ,,:') vrill ;'i;.iûutput: yout
r next to the sþai to indicate it i i ts¡nãI crãrèé. n*l
^ppe
is being logged.
Signei logging: loçsaut
In addition, you can use the following blocks from the Simulink ) Sinks
Iibrary to ouq)ut simulation data.
l{srrnal
To enable loggog for multiple sþals ñ . To File

El 5¡mlilêlrtn uaË lñspec¡Qr
at the same time, you cân select sevetal g LsgÀr,4nøþzrr . To rüTorkspace
sþal lines and then click the Log
Selected Signals option as shown on
. Scope blocks Log dzta to the wotkspace using the Logging tab in the
-
the right. S Co**qure L*.gging-^ Configuration Properties dialog. This also works for sþal viewers.
\í,r rïe¡p.
"
@ 201,7 by The Math\ü/orks, Inc. Verification and Validation of Simulink@ Models 4-1,1
Accessing LoggedData
The format of data saved to the workspace cart diffet depending on what is
being saved and the format option you choose.
Common loggtg formats include
. Array - All data stored in a single matrix (no support for different data
types)
. Structure/Structure with time - Each ouq)ut stored within
different elements of a structure (no support for bus data tlpes)
. Dataset - Default loggrog format for outputs, states, and logged sþals.
Data sets contain variables that can be accessed using the getElement
function.
Sþal loggrg in Dataset format. For output and state logged
data is always
A summary of how to access data from the logged formats is shown in the data, you can choose the output format using the Format option under
table below. Simulation ) Model Configuration Parametets ) Data Impot/Expott.
Save ts workspece or *le

i* Time: tsut
t ., States: Forrnat: ÐEtåE€t
n øÉ^r,
f.!r r o.y
(dme, state, and
t I ^,.!
LL.'L-IL¡ - :ti Output: yûut
rz¡rrl.
v I vqv I I Finat stêtes: xFìn*l S*"** r*n'iplete Sivri5tahe finel *tat*
output onþ . ân
ü,Signal lcgging: logseut . CsnfÌgurç Signala åG l-?*,,, .. ì i i
Structure t yout signals. time; i i Deta stcres: d*r:rn*t

(tìme, state, and
v yout sígnals . val-ues; i ì Log Ðatasei data ts fìle: culmei
output only)
Dataset si g : getElement (logsout ,' sigName') ;
(alJ, data)
t sig. Values . Time;
v sig.Values.Data;
@ 201,7 by The MathV/orks, Inc. Verification and Validation of Simulink@ Models 4-1.2
Inspecting Logge dData

The SimulattonData Inspector provides an interactive interface for you to view
and compare simulatjon datz. Sþals marked for logging wjll automatically be
sent to the SimulationData Inspector.
To open the Simulation Data Inspector, t-;;

g_l IU,U ftBrn*l
select Simulation Data Inspector from
the menu shown.
Lngåc Anrlyr*r
After simulating the model, you will see t'
â ne\Ã7'run appear in the Simulation Data

CñnfigürË Lügging...
Inspector. You can view each sþal by Jã\
You can import data into the Simulation Data Inspector using the Impot
enabling its cotresponding check box.
button in the File section of the Visualize tab. Then, you cân select the
logged data objects that you want to analyze.
Irnport ?X
ir4$¡1 il.Ð€ sÈ¡ìsç CårÉ i¡,'r llÌ4 ¡#è Rlkrp¿¿:e ¡¡ ¿ â.ûI-llÞ
l*FÐat ù8¡i SEse lwftsÞaaè

o. ltIAT.!Tè C 1l¡ir't.J't5l r.tìt:ilér"i!].:lr r€iìi.lE\Þa¿iF:1:(Jplrti r.¡i h,
¡eld 1sì . liey rut

I ¡?d_sce'èd.pedal_sçãled t €¡Ïoll¿1*rllpul
ìñ3Nfr
1.1 : I r':i:
E2 æ¡ed:p4 dãi:s4¿fèd
- lrgÈôJi
]-1.:
r:d_9ffi iùd a¡{le*çièl¿d
cü¡Tcl¡sr_3lF l
t€dg,-¡ r e leC
É slt 6l ¡e¡_crd Þut
t))a/J"-i,ait\1iit
ffi Cã5131
¡larpf
ÐèssiÞtúÍ
nl
Ðá14 :stú$r-2ùr¡ 1f:¡.1.11
HBlel
íiiii¡UlÊÞ iilide : ¡ôr4ìj
St¡,1¡,,,*
glnr ¡i*È I
@ 201.7 by The MathrùØorks, Inc. Vedfrcation and Validation of Simulink@ Models 4-13
Cus tom izing D ata Displays

Below are some tips for customizing the view of your data in the Simulation 1a19ut.
Data Inspector.
-on fhe '-r,i.
,firÉ¡t set of
By default, sþals are grouped by data hietatcþ To change this grouping, of axes.
click on the gear icon inside the Inspect pâne and then select the Gtoup tab. ,, ,' '. ;.1 ;rìr ..
olrtf)utlíÍ'' 'i
Since there arc only three sþals in each run, you can remove all grouping by fufls. ì,
setting ali the dtop-down mefl.u options to None.

To configure the layout of the Simulation Data Inspector, use the Subplots
menu in the Views secdon of the Visualize tab. For each set of axes, you cân
I
click the'axes and then select which sþals you would like to add to the axes.
GrGrp
ÈrùspBV: Rli ¡ì3me

Add data cursors to your plots with the Data Cutsots menu in the Measure
ThÊß Eyì Nùne & Trace section of the Visualize tab.
ft€n By: rjùng - !
ThÈn E?i Ilçr: r 3i:ln'pg1 ¡4,
: Ëêg:i¡fÞ uçiãuits
q tr Ëortr-sllèr_ou(,ul ::r sfibêl¡è{_svlout

C¡içr!ét¿
To change the visual ptoperties of a logged srgnal (line style, colot,

etc.), select the signal and configure the options as shown below. - R0É 1ì ¡liÈtr.r,Hüæ$$
É2{_sÉã:Ë*.Ëedal_nãa lÊ{l
- Ril] 2: lmtlürled_Ðãta Á2d,sçäiÊd ëäglÉ...îüël?{ì
r: J*siã1Éi åñ!lÈ-sùåled .r' {çnlrçfÌei_ßu¡çd

ä-Z $_;úåied. þÈrål_s{sl4$
- Run Ur ht$srìÊd-nelî
ã2d_5 cå; êr'. a rr¡l ê*5aålê d
i
ã2¡J_5cà ed pù'Jàj_.ã!Èd 1 1 :J ! t I 'I
e ald-3älÈd FedaLtÉâ'Eú fi a2d-5aled

STiLË ']È-däi_3cËted
¡;'
tilËliâï' f m
L".,-d
i;åmg ,r¡i¡ìiìilì-Þ, _ç*itrlì,1
1ç
.ffiWffi.ÌìrWILiilLii
(¡ìa:e t.a 1.tI
¡.5
Ë'll:i_..ì.?Ísi¡
B Û¿I.i NÅöe
i
9i6iiFalh ri.'!1 ';"- ,,¿:- .r,5ù!
t
@ 20L7 by The Math\ùØotks, Inc. Verification and Validation of Simuünk@ Models 4-14
CompaÅng Runs and Signals

You can use the Simulation Data Inspector to compâre individual sþals and
sþais ftom different runs.
To compare simuiation results
1. Select the Compare tab inside the navþation pane.

2. Choose the runs or sþals you would like to compare.
Select runs or Global tolerance Perform
3. Click the Compate button.
op tons comp aflson
Selecting a sþal will display the sþal values for
q,q lrsl J
both runs on the first set of axes and the tolerance .g tw
I
and difference between the sþals on the second set

of axes.
a
þ5ieel
Bâ!Él're
¿a¡iî*,sls
Fiiir Ì. piiif_¡i¡fre;¡
Rf 2i lr'ìF$dÈij DrÈ
4lôJã ,¿¡.s lrlÈ{Eriæ
ãÈJ T.1lsGEiÊ-
i çlnir!ii I rYr Ìo,etìriè ù
You can specify the Abs To[ (absolute tolerance), : ú.rtàa *iefticA ¡ Ëcrùêll*r_rü$qi ll$D 'l: F¡Ct'_ÎañEõil Ll rrcnlrõlìÈr_âulF0t lRrn 2: ,ñÞ$rl€d_úilè: +: Tp'êr?rt:e
Rel Tol (relative tolerance), and Time Tol (tìme

tolerance) parameters for each sþal. These allow you
-ËwìËsR ìrÍ !þrlÐd_D* ñsn 1: Ëif, lrj_Fl* r¡ress
to determine whether two sþals match within some
Èa 14
specified tolerance. Tolerances can be set globally or

individually for each srgnal using the pârameters shown
on the right. Stg"ul tolerance
options
Note that you can also automattcalTy generate a report a 1¡|
I ûærÞrae : IúlÊrãlce
from the compadson results by clicking the Create
Report button. :n
U¡¡re iar¡Ìr*ììBi-ri¡riir:r
-rìriiÌ si
: rr, i, lí I l: r r
r}{ÈridÈ ßi4b€ì T4ìerâEæ
È.Í9¿ìûlÉ talerarcÞ
TùleriÈæ û l]3ì
Ìð,èËnr€ .l
T:iìrê
@ 2017 by The Math\ü/orks, Inc. Verification and Validation of Simulink@ Models 4-1,5

IJsing Simulink Vedfication and Validation, you carr collect coverage
information from a model. Model coverage is a measure of how thoroughly
the elements of a model have been tested. Analyztng coverage can often help
identifir missing test câses or defects in the desþ or requirements. oes 0-t
Only certain blocks in a model report coverage information. Tlpicall¡ it is

those blocks that have some finite set of stâtes or modes that the block could
To collect coverâge for a model, you can go to Simulation ) Model
be operating in (for instance, a Switch block can switch between two inputs).
Configuration Parametets ) Coverage. Then, check the Enable coverage
analysis option.
For firrther details about supported model elements and the different coverage
metrics avallable, refer to -A.ppendix B.
To collect coverage for specific components, you can use the Refetenced
models or Subsystems options.
You can enable specific metrics in the Coverage mettics section.

!¿ü vw
Red - Fuil coverage
Saturate black "Sxturaåi*n"
not reached Select: ,¡ì Enable cûverage analysis
U > ï-L was never false. Solver r-' Entire System

Green - Full Ful! Execution cûveråge. Data InrpaÊ/Expoû
covefage feached I Optimization ,e,,Referenced Models i5eÉecT Modelç,,.,
,' Diagnûstics .,,Subsystem S*iecT S*b*y*t*m...
Hardware Impleme,..
Model Referencing Include in anaãysis
lul
duly
Simulalion Target :';MATLAB files
Abs Saluratiryr
r. Code Generation j
Cqduly<1 ,ll C/C++ S-functions
1 Results Coverage metrics

m 0tar_inp¡Jts
mcÊoLinputs , HDL Code Generation Structurai coverage level Mndified Çqrìd¡tisn pçcisian (MCD[] -
,' Design Verifìer
¡ Other metrics
d¡rêctiÕn
¡ Advanced opticns
-l
Rev€fæ DIR S¡vitch

I _¡¡!Citã tr1 >= t hfcÈnñtA
Thr*shald: û
@ 201,7 by The Math\ùØorks, Inc. Vedfi.cation and Validation of Simulink@ Models 4-1.6
Analyzing Test Results lï
Viewing Model Coverage +
r Try
By default, model coverage results will appear in the Covetage Results Explorer coverâge the V ñ<1 rnes s hâffiess.
. .: :: :::
after simulation. You can control whether to show this tool using the Show
Results Explorer option under Coverage ) Results.
There are thtee other ways you can view coverage results. CsveraEe ûãta
, &i prvmCnv
¡;lodel versirn 1.185
. Model coloring # setliñgs
¡ :.-' Lurren( Lumutãç{ve Dðrä Author ]rlvitus
Coverage results are displayed on the block diagram itself, and you can Runl : st¡rted execulion 06-lul-2O16 13:10:20
interactively obtain more details about each block by selecting the block. ' i;ì¡ Ðeta *ep{rsit0ry Fle name: pwr*Cnv_Hamess_cvdata
Descript¡on
To enable model coloring, go to Coverage ) Results and enable the

TaE: Run
Display coverage tesults using model coloring option. You can also 1
select Highlight model with coverage results from the Coverage Results summary
Explorer. ùlodel H¡€ñrchy/ Complex¡ty
Deds¡on Exea$iÐn
1. 5 88o/c 1û0Yc
. HTML report l. n'Iodel "pwmCnv"
Produces an HTML document that summarizes the
coverage tesults. Ifetrls CoveÌågr {fLis obje(f) Cover?ge (iuc. dÊ-(eeil{i¡rf s)
Ci ùlolÐàtic Coupleriq,' 1 5
G€n€rate repûrt
Decision ¡I)iì S8',¡ (flE) decisioù sü¡colrès
Hi,:hlicht módel with cÕvêråÕÈ rÊsults
To enable the HTML report, go to Covetage ) Results Ere¿uliot NA lú0oo (6r6J Ðlrecti\r'
and then enable the Generate report automatically

rì;;;'l'i i;lt-, ö',;
SafüråÍe blú(k "SÊtamlisn"
aftet analysis option. You can also select Genetate
or ¡t:írl!¡de
report from the Coverage Results Explorer. .iìì-<tilÌr
PereDt; .:p",\ìpa-ìË
liscovered Liük5:
. Web view Ifetrir

C.YclÐÌuiic C otrlplÈ\itv
Corerag€
2
Produces a Model Coverage Web view, which allows you Deùision (Di) 7590 (3r4i deciriç¡ì outco$es
'10094 (ir'l) lul
Eaec$1iùt objectile oritÉöües duty
to view and share coverage results in a Web btowser. This
:,(isions Abs Saturation
requires a Simulink Report Genetator'" license. ìrput > lower liuír 509¿
Missing u<ûtiiy< t
To enable the \X/eb view, go to the Covetage Results true covefage

ilrÈut :'= uFper ii¡uir tù09á
Explorer and select Settings. Then, enable the Generate fa!se 13t,:l0cl
Web View Report option and click Apply The next time uìlÈ STttû01
you genefate a repoït, it will be a \x/eb vieu¡.
@ 201.7 by The Mathrù7orks, Inc. Verification and Validation of Simulink@ Models 4-77
Model Coverage Tips

Here are some tips for wotking with model coverage.
. Disable automatic report genetation and model Select; äi Show Results ExpÌorer
Solver i.i Display coverage results using model coloring

highlighting
Data Import/Export after
At times when you âre trlng to build â test câse to ' Optimization
t":
obtain coverage for a cefiain biock, you may find \ Diagnostics

il Save last run in workspace variable
the HTML report, \X/eb view, or model highlighting Hardware Impleme... Autosave data file name:
Model Referencing '$ModelName$*cvdata
obtrusive. lWhen you âre ready to generâte repott ot
^ Simulation Target
highlight the model with covetage results, you can do it r Code Generation Output directory:
from the Coverage Results Exploret slcov_outpuV$Model Name$
. IJse cumulative coverage data

If you are building test cases to obtain fi.rll coverage,
you may want the coverâge data ftom neu¡ tests CorerÊge Þatã
, ffi pwmCr,'v
accumulated u¡ith the coverage dztz from tests you Tag: Run 1,Run z.Rün 3
have abeady run. Ftom the Coverage Results Explorer, Summary
'* Run
you can choose to genefâte fepofts or highlight models ... RUtl ¿
1
Híffi nhy/Cønp¡ãitï
fiom individual tuns or from cumulative data. :
'¡tod€l
Ilsisiofi ExæutÍø
Ðata Rep$silory :
l.pwmcñv 5 1êtlYc 1ûOo/¡

'd
Run I
Note Cumulative data collection is enabled by a KUIì ¿
iS R*n 3
default. To change it, go to the Settings section of
the Covetage Results Explorer and use the Enable
collecting cumulative data option.
. Run all and produce coverage )¡tr -fru

You can obtain the accumulated coverage data for all'
Run alÍ and ut.Ë
test cases in your Stg"rl Builder block by clicking the
it'fi;button. This will simulate all test cases in your i=j3
r*ã.1 and produce accumulated coverage infotmation Vedficattcn H*rk
for the resulting simulations.
@ 201.7 by The MathWorks, Inc. Verificati.on and Validation of Simulink@ Models 4-1.8
Summaty
. Pedorming tequirements-based assessments
' Loggtg, inspecting, and comparing test tesults

. Collecting model coverâge
@ 2017 by The Math\X/orks, Inc. Verification and Validation of Simulink@ Models 4-1,9
Test Your Krrowledge

1. (Select all that appÐ Which of the following can be used fot run-dme
anaþsis of a model?
A. Model Verification blocks
B. Logging output/sþ aI data
C. Simulation D ata Inspector
D. Test Sequence block
E. Model coverage analysis
2. !Øhich Simulink libraries contain blocks that carr stop a simulation if a

certain condition is not met?
3. (Select alJ.thatapplÐ SØhich of the foliowing can be used for post simulation
analysis of a model?
Â. Model Verification blocks

B. Loggrng output/sþal data
C. Simulation Data Inspector
D. Test Sequence block
E. Model coverâge anaþsis
a. Q /): -All blocks in a model produce coverâge information.
@ 2017 by The Mathrü/orks, Inc. Verification and Validation of Simulink@ Models 4-21
Answers
1. A,D
2. Model Verification, Simulink Test
3. B,C,E
4.F
@ 2017 by The Mathlü/otks, Inc. Verifi.cati.on and Validation of Simulink@ Models 4-22
Building Test $ultes

ir
@ 201,7 by The Math$Øorks, Inc. Vedfi.cation and Validation of Simulink@ Models 5-1
Outline
. Creating test fi.les
. Confi.guring simulation, baseline, and equivalerìce tests
. Viewing and documenting test results
In this chaptet, we wjll use the following Math\7otks@ products
. MATLAB@
. Embedded Coder@ (for software-in-the-loop verifi.cation)
. Simulink@
. Simulink Test'" (for test hatnesses, Test Sequence blocks, and test managet)
. Simulink Verification and Validation'" (for requirements linking ¿nd model
covetage)
@ 2017 by The Math\X/otks, Inc. Verification and Validation of Simulink@ Models 5-2
Chapte r Learni.g Outcomes

. Gtoup test cases in a single executable test f,le.

. Identify and compate the thtee types of tests available in Simulink Test.
. Automatically generate documentadon ftom test results.
@ 2017 by The MathrX/orks, Inc. Verification and Validation of Simulink@ Models 5-3
Building Test Suites )
' )
Organizing Tests Tr,,f',. '": ,,.,
)
,::, .
:':::::' i
During the lifetime of a Simulink project, you may \Ã/ant to run tests on the the protect m^ foldet )
models at vatious dmes to ensure the tests are s :ll successful. )
)
To do this effectively, model tests should be desþed with the following goals
In this chaptet, you will learn how to orgatize and automate tests graphically )
in mind.
using the test managet in Simulink Test.
)
. Otganization - Tests should be grouped by functionality. This means that )
You can also build test ftameworks by running each test fiom u¡ithin its own
changes in desþs or requiremefl.ts can be easily mapped to a known set of
MATLAB function. This is discussed in -Appendix 4.. )
tests that may need to be rerun or modified.
)
. Repeatability - Tests should not leave a lasting effect on the model (ot
)
anything else, including the base workspace) unless it is explicitly intended.
)
. Self-containment - Tests, or groups of tests, should load all required
)
dependencies and perform any post ptocessing necessary.
)
)
)
-&l
ür¿il Models
)
ru )
A 201,7 by The Math\üØorks, Inc. Vedfication and Validation of Simulink@ Models 5-4
Test Manager lfv
To open the test manager, select Analysis ) Test Manager fiom the Simulink O¡en the bl¿nk test file, $ave it in the
menu or enter sltestmgr in the MATLAB CommandWindow. 'tolder âse t
From the toolstrip, select New ) Test File.
In the Test Browser pâne, you cân right-click any test case or test suite. The
context menu that appears enables you to perform the following actions on
Note that the Test Browser pane displays the following elements.
the selected item.
. Test file - A . mldatx file, which can contain test suites and test cases.
. ,A.dd, rename, delete, cop¡ and paste
. Test suite - Used to group functionally related tests. You can place test
. Temporarily enable ot disable
suites inside other test suites to create multiple levels of hierarchy.
. Test case - . Run individuai test câses or test suites
individual simulation-based test, which can be configured
-A.n as
shown on the next pâge. tÉ919
'*i Ë:r ¿i lrçøt t¡

Sõt*¡0 Pilãllr{ r*Þ
:,
dt . mldatx Re:rlb er:d ¡.tì{åt'-r ffi san eage Ìì I i,'-j !,¿ewlÈstcðs€ 't l
I :::r í,r.i.iì i:! r¡:: :tir ii T------""

:,,,, ,tlir i:lli:l i: ,rl : ¡ trúila<l
- ç: plcl$l3 New Test Case 'll
,i
' i: . Ne( lerlsl¡1e I 9: .i,.: . :, f, : J- ì .i. -
suite i:) ¡¡¿!T Ts31 Cose I l¡

äS tten ir Täb
:;RÙÙ ùtl+i ) ii!:-.:. -ì :'. 1.. ,
+
E¡Þand Ål
ll)
r ìì û il|' i:ì i:irì :: i :'r-l
CFllãpsè All
'$,
::
Test case i- Clt Ctn+X
& r*pv Õtf *Lì i,'ì,rrl*l ,I, üüêe i
req test i*
r' tna0,eð
I ijl.Ìr¡i..,itla ::Iìl!l I rlù¡ lìIj
ll* n '¡ai
ß *€¡erÈ
Test case
Requirements \Z I Edrl les'ltaEs
Ren:amë F2 r i-:ì :.i,:j:ii

links t0werl t! {T
t sui
A 201.7 by The N{ath\X/orks, Inc. Verification and Validation of Simulink@ Models 5-5
)
Structure of a Test Case )
All test cases in Simulink Test contain the following infotmation. )
)
. Tags )
. Description )
Documentadon
)
. Requirements links
)
)
. System under test
)
. Callbacks Note In many situations, you cafl equivalently configure test cases using
)
callbacks or overrides. Fot example, you can use both approaches to modi$r
MJ\*TLAB commands the value of avanable pdor to simulating a model. )
to run before or after )
the test Overddes for each test câse are cleated after the test case is finished running.
)
In other words, overrides do not influence the behavior of other tests because
Test defìnition . Overrides they cannot make permanent modifications to the MATLAB environment. )
Patameters, inputs, )
outputs, settings Callbacks are more flexible than overddes because you can rufl any Qpe of
)
¡uJ\-TLAB command as a callback. Because of this, callbacks areableto modify
. Iterations variables in the MATL,{B base workspace or even make changes to models (if
)
Repeat test u¡ith using the prcgramma;tic interface to Simulink). )
different overrides )
Therefote, callbacks can affect the rcpeatabiJity of tests but overddes cânnot.
)
Assessment critena Depends on t1,?e of test )
@ 2017 by The Math\ü/otks, Inc. Vedfication and Validation of Simulink@ Models 5-6
Types of Tests
You can cteate three different tt?es of tests using the test managet
. Simulation test Input Output

Simulates a model without any assessment cdteria. Recommended fot +
. Checking whether a model tuns without errors. -r+>
. Simulatjng models with built-in run-tjme analysis, e.g., Test Sequence
blocks ot blocks fiom the Model Verifrcation library. Simulation test
. Simulating models whose post simulation analysis is perfotmed outside
the test m^n^ger, e.g., coverage anaþsis or post processing scrþts.
Input Output
. Baseline test
Simulates a model and compares the results against a predetermined
+ +>
baseline set of data froma MÄI-file or Microsoft@ Excel@ spteadsheet.
Recommended for 4,*
i.l,
. Comparing simulation to a set of expected ouq)uts. Expected ouþut
File
. Performing tegtession tests.
Baseline test
. Equivalence test
Runs two simulations and compares their ouq)uts. Recommended for
. Comparing results from the same model under different test conditions.
Input :';;, Output
. Comparing results from two different models.
+ 9-l
L
Both baseline and equivalence tests petform srgnâl compatisons to be within
some specified absolute and relative toletance. This can be individually Input Output
configwed for each sþal. + +
Equivalence test
@ 201,7 by The Math\üØorks, Inc. Vedfication and Validation of Simulink@ Models 5 -7

-=ry )
Performing Simulation Tests )
As mentioned previousl¡ simulation tests ate used eithet to check whether )
Cte*ta a
the model runs without errors or when the analysis tasks (run-time or post )
simulation) are petformed outside the test managet. )
1.. Cieate a new simulation test in the test m^naget. )
The piCtrl_Logic test harness in the piCtrl model performs run-
time assessments using a Test Sequence block. This means you can create a 2. (Optional) Add a descrþtion and link the test to the system requirements )
simulation test to tun this test harness. associated with integrator windup in the PI controller. )
3. In the System Under Test section, set the Model to piCtrl. )
4. Expand the Test Flatness section and set the Flarness to )
piCtrl_Logic using the drop-down menu.
)
)
ÊÈsr¡ììs E{ld ÅÊifurÞ å urndçpiëst )1 ftt Start Page iì )
li ËnùblÉd )
Windup Test
)
r i'"'1 Fr,Sl"1 ù*nversrcn sj:sj.' ¡ : l':r,ri'ii+: t i': r:i¡:;l ::r-
* Èrl l:ÕÎiF.llÂr ar-..,.r--il^- -i:".r1
I
¡ :-:::,,,ri il.. r ,!jl i )
Y Si:..r it-t,Liiii1¡ :*
)
ÅdS v )
Linh Edilo¡
w:ì"JìI:l l.itii.: Ii:i iËiì:
Li;'rk ta Selection in f"IATLA*
l"ladel: piCS ttf Liñh t* Set€rtarr în Simulink
r -i ì l-i i",:.11.:Sú: Link ia Selecti*n in Ëxcet
LÌnk tc Sel*cf*n in DÕüft$

H*rnecç:
l :.:l,1rl1 ¡,îL!:ììr Ëiîi l{,:Í 1:r\ri [ii, ii,:E Jr
t i'¿!.iì. lllTi:!ì. ri.L,i:Fia il:ìËå
@ 2017 by The Math\ùØorks, Inc. Verification and Validation of Simulink@ Models 5-8
Performing Baseline Tests Try

':
Next, you will cteate a baseline test. Fot this test, you will check whether ,Creâte test that runs the piCtrl Harness test in the
overriding the Ki and Kp vadables causes the PI controller model's ouq)uts to .
match a set of expected ouq)uts.
1.. Crcate â new baseline test in the test m^flàgeÍ.

6. Finâily, go to the Baseline Cdteda section and select Add. Browse to the
2. (Optional) Add a description and link the test to the system requirements piExpectedOutputs.mat file in the tests folder.
associated with parameter tunabiïty in the PI contoller.
3. In the System Undet Test section, set the Model to piCtrl. Leave all the check boxes enabled, using an absolute tolerance of 0.001
and a rela:uve toletance of 0.05 (or 5o/o). This means the test will pass
4. Expand the Test Flatness section and set the Flarness to
only if the simulation results match the expected ouçuts within these
piCtrl_Harness using the drop-down menu.
toletances.
5. Go to the Parametet Overrides section and click Add. In the dialog that
opens, use the lfl bottotr to refresh the list of panmeters. Enable the i ai _':ì::
-.!,ìc
check box next to the Kp and Kí parameters, and click OK. : : Indudå þäsåliftÊ dal¿ in lest Fës811
Change Ki to 1 and Kp to 0 . 5 as shown below. - li piErpÈ*Ì,ldüuipuit i; il

I en!,e_sì:ã¡ed r:i
./ cnrtrrller_rrtpui ij iiii: .'
./ þedùl_rcated
* 'iid{i...
llã5e r,,irrlÈpãce L,t:Í...11?Í.!1 tt:

baf e trûrt 5p¿q9 rr-E'r-j¡tnei¿ ..
I
*.4dd - L: Herresn L I," ìr':i"-
ff llrhe paraffelers ìs ìûccmplete. cli,ck N* refer.h. Thi*',.,.111 eefripil* lhe m*dd,.

ìr-.:ri:-: -.1-:f:,.: !i .: :: li::,:
r{i r 3Ë2*¡{ base *;orkrpac*
Y.p û ûil[Ës: base',srr*spaee p¡|:trl_1.'lårnrås]'Þittrl
bas,e rurlilpace piCtrl_Flarnes.:
hase r.,*rkr,¡lace FiClrl_Harness, tr¡F
CanùeI
@ 201,7 by The MatliWorks, Inc. Vedfication and Validation of Simulink@ Models 5-9
)
Creating Test Iterations Ifv
)
)
Ifyou wânt to run multiple tests of the same tl1)e on a particular component, to the baseline ,tèst..:.... '':,bôth
s,ueh that ,14.
::r':,
,
I
you can cîe te iterations of a test case instead of building multiple separâte test te :
)
câses. )
The piCtrl_Harness test harness has two Sþai Builder groups. To )
\7ith iterations, you can reuse the same test definition under different test
creatÞ iterations of the baseline test such that both groups âre executed, take
settìngs. Test settings include )
the followrng steps.
)
. Assessment cdteria - Includes baseline or equivalence crttena, depending
1. In the Table Iterations section, use the Add button to creâte two itetations. )
on the type of test
2. For each iteration, change the entty in the Signal Builder Group column )
. Parameters - Usefü for patameter sweeps ot robustness testing as shown below. )
. Inputs - Includes external inputs passed through input ports, as well as
!1 i:: .: ,!t a.i
)
Sþal Buildet groups -
)
. Configuration sets - Can tun the same test with different configuratìon * iqllL.F- :l I-il qil'..,),¡:'
)
parâmeters, fot example, solver settings. : ;:.iri.l. iì. li.iì:ì.i ;il::-' ¡ !i:,Sr,.Ê:ii :;ilì'
)
Pl TËri Ì .;È:èi.iiii:"ifi¡r,i.
To create iterations, you can expand the Iterations section of a test case and Þl Tèsl l :i*i;,ìii rr,',';.t, .. 1ì.,tilr..l; .'fl:':r." .'i;t ,'.t
)
Fl T.æ1 i
use either the Table Iterations or Scrþted Iterations options. Table iterations )
Pì Test 2
are graphical, and. therefore easier to create, whereas sctþted iterations ate
more flexible but require you to write MATLAB code. E@ )
)
Test case :' Note You can also use the Auto Genetate button to quickly gefletateiterations
)
F
w
i__
CUT using combinations of avaúable test settìngs.
:.*.-.....]
To verify that you have cortectly created itetations for a test case, you can c]ick
the Show Iterations button. This will open â dialog with details about all the
,!
-* settings for each iteration.
irJ
Assessment Parameters Inputs Configuration

criteria sets
@ 2017 by The MathlùØorks, Inc. Verification and Validation of Simulink@ Models 5-10
Performing Equivalence Tests Try
The final test willbe an equivalence test. This test will check whether generating
code from the pwmCnv model causes âny unexpected differences in results. and
To test this, you will run the model tn software-in+he-loop (SIL) mode.
Note More details on in-the-loop verification can be found in the course

Tesrzng Generated Code in S imalin,þ@.
4. Expand the Simulation 2 section and click the Copy settings from
Simulation 1link. Change the Simulation Mode option as follows.
1,. Cteate a ne\Ãl equivalence test in the test suite for the PSTI\{ conversion
model. v ìii.ii- i lî: ì:rli æffi
2. Note that this test rufis two simulations, so there are two separate sections.
First, go to the Simulation L section. In the System Under Test section,
set the Model to pwmCnv. Ensure the Flatness option is set to None.
f'"fudel p!*staÌr n'"¡'û ã r
.i
| ; 1: l f;,j. ¡r, 1\ li l: !¡
3. This test does not use â test harness, so tfre model inputs need to ! rii |,i ì.i i.,:: i.:i.. ¡ S :ìi ¡,,: tì i. Ì", tì ¡ Fi t aj I iì
be overridden. Go to the Inputs section and map the inputs to the :5iïïHlå{iùn lr4sdË: lh'lûdËj $ettin$s
tests \pwmTestData. mat file as shown below lfi4ûd€l
gÊtlinEsl
I
: : gtärt T¡me:
fl¡0nral
-ltii:i i:ì å,cælerãtflr
1rÕF f rne
i lnclrúe sylemel rinpuLs/s¡gnãl bu¡idff ¿lala ¡n test resuli RåÞid AÈÈelÈÎãißr
S.ûfrlfårernlhe-LooF tSlLÌ
ãtop simulËlìDn atlãs1 iìn,È FÐÌñt r ln¡tiat Siate: lh
Prûcessotrrfi lhê-Lôùp IPILV
i cr:1r ¡Ês:l-lelâ nr¡ C..cla:sirzo i;l ên¡iecl
'þ.sdd 5. Expand the Equivalence Criteria section. click Capture to simulate the
i i Siçnal Éqild€re{cçÞ l1l.ql,(: l:i1 !:: ff1::t:
model and populate the list of sþals to compare.Lezve the tolerances at
File 1Þ¡Jnìïâst*âi,1. mfii n their default values of zero. This means that the test cân pass only if the
Ådd íiÉrsliûn€ tè flrn thís înFüt
v LriFUf lr'lÅFPl"lG
sþais are identical in both simulations.
lllapping lt"{*c'a ¡"4æp l¡ìpul5
-n-.:. Ll'1..:::i.,
- fi'lÁ.FPllt {ì S tETfJS
.Sr/rce¡; sfùT',l in å.?pèd r¡pr¡s. v-:
,lri.:
¡niì :!::: , I i fi r,t*r*inp6Is.duf,t I U Uil:f B
1 pvmün'røûnlrûllúr_autFilt s&ntÐller_ûl¡lp|'r,t ; ßrrtrri*¡nputs {ÍirÈr'liBn ù il Ìlila,,n 0
r Aû\rANtEn '*
C.afice¡
@ Lì+l¡L¡
@ 2017 by The Mathrü/orks, Inc. Verification and Validation of Simulink@ Models 5-11
Viewing Test Results

:
Tr,y,
:
Once you have created all the tests, you can run them by selecting the test frle Rgn the Ðc all the
and clicking the Run button in the toolstrip of the test mânâger.
The Results and Artifacts pane leverages the Simulation Data Inspector,
which was discussed in the previous chapter.
This means that the test màrraget has access to many capabilities of the
Simulation Data Inspector, including data cursors, view customizat)ons, and
n€5ulÌs ånd Å*:lä.:t5 exporting results to a MÄTL-A.B figure window.
v; Éliïestr
- ;'-i P!',,T',4 C.,lnrÊrci']n
t*.j SìL EqLri\,alÊnre Tetl
- ;*': P¡ üsntrüllÈr
*
iä.i \'1,ìndLlf"ì iBSt Rê3ulb: 2tiììJ-.-1,'lãtr24 T¡ 3r:ãfi H I cffiÞêrisff
6i Pxrarnxlxr TunehiliÞ,' Tesl rf¡j:{ntrù1,Èr_ruÞil1i8éâelireJ a[cünt{lle._sutpr*lacnp¿rels,]'r-tr8leråüce
:c
Once the tests have finished tunning, you will see tesults available in 19
the Results and Artifacts pâne of the test mânâget. The icons in the ¡1
Status column indicate the pass/fail stâtus of the test results.
- i&¡ !'ëüly åtãlËnìents s
fÈÈt , trMÈÊ {Âssssnl
Note The tests may initially take a long time to ruri because Simulink ¡ & Sìn OllpLll tFií.ld ffiell
8gÌç
has to genetate code from the pwmCnv model to run the simulation in - i:r Par*meler Tsnät¡ilit_v- Isi
SIL mode. -Assuming you do not modify the model, subsequent runs * g 3ìf¡ereoçe T -Djerançe
Y è SASH¡Ëè Lrl!èTê H6U¡I

will be faster as the code does not need to be regenerated. ,.1 : a2tl-rcal+d.ægle-scateú
,.::' â?ri-scâlâd ped¿l-sDaleC
,.ii ccntraÍler_ruttrjt
r n $im ûllpíi ipic¡1 : ñnmrå¡;
i ú itBralìwÈ ;:
,J
éèr,nr. 1¡11-'-¡.r-:q l_ ì
¿s 1!
@ 201,7 by The Math\ù7otks, Inc. Verification and Validation of Simulink@ Models 5-1.2

Besides testing fot model correctness and behavior, it is aiso important to test
for completeness. In the previous chapter, you have seen how model coverage
can provide information on whether the model has been fuliy explored.
You can directly enabie coverage collection in the test manâger by expanding
the Coverage Settings menu and using the options as shown below.
The test m^î^ger aggregates covefâge for all, test suites and test cases, so you The aggregated coverage will appear in the test results. For each component,
should configure the coverage options at the test file level. Then, you cân use you can click the icon in the Report column to open i.ts coverage report.
the Coverage To Collect options to locally disable coverage collection for any
test suites or test cases you v/ânt to exclude.
TÊsi grtì.rser
l:riìì.:t:rlt:irt I'iliirìàiàiìrv
âesillh and,q$iiå.!s etcTçata &t *ot",t Prg" r :L¡r
... I r:..i ::a.i::ì :lr :i:ìì : :: l:11 li rì.r: i::r:ì
* RÈsdts: 3{11-ñ1ar25 1?:55:43
. i': elcfe*r *tcTesls - * êtclests ¡l j, ?{} r F(llii:'F:ti
- Fì'ìÌ:lCc¡lers!*n -i HM L0ñ'ffi¡ffi ) irÊ'ti:llri¡ ltiì:!

' :i;l-:,s$
3¡L Liptia¡Ênce ¡esr l";f.l ilit!;l ( ¡riìL l
' ùl -,¡C;¡r ¡ l¡,1 i.r t..: fr
?-1 . FiC{ñVêtrer r :i1i1l - rl : Pi çeÍtrßltsr ts ?&

5i.L;:??j. iì:tfl;aT i:l
,!,.;rLi.. iì::i: i ì:;! !i:r ìi.rjÌl; N
i?t*úuî t9sí l,Yindup Tesi
-: i$ e¡clrj 1ùn-q.1æ
¡l Pàra:reterTurai:ili\ Tesi > [ Far*n*ler Tunabilíty Test
) ì:.i:...;i Jlä l i¡:::)ì ; : ffi nrvmcry s $*li, w,: iùùÊ.ç w
¡,:.. ... <. $] asæcrc * 'l'lù%m 1üC% re
?' r --l,,.:
: r:ji_'j :::t -
'.:iltj!iríri.r::'i.:
I Recsti ççær?iJÊ lff slslen ü'ìiJë legl
J llercrc ecwrage iûrreie¡eñ.Èd mcdeÌ$
|: "1i::íirlr"r::
Coverage Report for pwmcnv
li!ir: irì:i ü
I fiecis;i* r : CÊndi-iirìrÌ
Tnble of Contents
rJ,lËiü iocRup,:ìþìè
årEra{ FangÈ r : signãi Si¡e .

1. Analvsir Irrf*nnaTiol¡
l. 'I'ss¡s
S:nìrlitk ]È.ehc \le,¡fiÈf i Satçretcn rn à!ñri¿.$
intrr".ger _). Sru:¡r:ary
t DeTail.s
ÍìÈteiiönr: BË.!nü$
An rr l-vsis f n folrn ation
@ 2017 by The Math\X/otks, Inc. Verification and Validation of Simulink@ Models 5-1,3
Reporting Test Results

i
Once you are rcady to share your test results, you cân select the results and passed
click the Report button in the Tests tab of the toolstdp.
Note \7ith a Simulink Repott Generatot" license, you can use the
fÈ9i ärùs€Èr Res$fàs:
Customization section in the options to customize the generated report.
rî ,Íì i,1iìi:ç!
You can also use the Expott button to save test results to a .mldatx file.
f..ri{nn€ Any results you have saved in this format can be later loaded back into the test
m^n^ger using the Import button.
treate Tcst fresutt Rspnr{ ?X

This will open a new
Title PaEe Irf*rm¡linn
diaiog that allows you to litle; Thrlìttlè Clìrrtrül Tsåts Parameter ?unab¡¡¡ty Test
customize the report before
É,ilthrr: lrL¡rntng
it is automati.rlly generated. ./ lnclrrC* M{!Li.Y
',1ãìnItúfts
ïers¡LrÍ¡
Test Resutt Information
Some important options ÌnÈ¡ur¡e in R*pûn

Resull Type. Test Case Result
Farent. r J uul ![! utìGi
include iri:
ãèsullË
,Åll
Tç{ts Start Tirne- :Al ¡*¿*-:S '113.11 54
i J: îes't r+quirenlsnts End Tlrlre, ?017-Mar25 13:11:59
a Displayrng results fot J: Plùis rt cdisdâ ål]d ãÈsêsÈmeütÈ ûutcome- Failed
ot r'i Cause Of Te*i failed ßs iferê*i$ü lai'**f
passed tests, failed tests, Plûts fùr s,i*nLrlà¡ier ùtltpùi ¡nd b¿seline FaiNLrre
J: l',1ÅTLÅ8 figure: Descri¡:rtion

both J Errcr a*d loç nr*sages
. Hlpedinks J
to requirements
,
ì li
Sìnrillati*n mètÂdãtð
llû'rsr¡ì$è rpililt g
ü SimulãtÉ the PÌ mntrÐXler mÕdel !,,/ith pararrÉtÊr overr¡de\ and ÈúffFåre ìt tð expertèd oLÈtpdls.
documents ûulprr 0p1¡ens Test Case fnton¡ation

. Plots for simulation results FlXe F*mrat:
Nan¡e. Farameter Tr¡nabilit/ Test
and assessment cnteria Fi1e I'l¿rna: : ü:ìcl¡*sir¡orhlsþ,,ì'r'rhs'lnrTÉÈt;!..uitêìrne$ReFcñ. ¡ 5 Type. Baseline Test

Cu sîúm ¡rsÎ¡* * Test Case Requirernents
. Coverage results T*nrplate Fìl*. '¡ ...1..:r ..\i - i.
h DescriptÌ*n Proporlíonal and tnlegral Eains should be adiustabf+ and
trinable.
. Report location and format
Ë*prtt Cla-ss: Docurnenl. .-\docu¡nentsllhrolUeReqs doc
(HTML, PDF, or DOCÐ ffi Ì:ancÊt
@ 201.7 by The Math\ü/orks, Inc. Verification and Validation of Simulink@ Models 5-14
Improving Test Performance

There are several ways to speed up tests, including
- !ìf Ì:rÍli,i i.iirillq li:î'
. Accelerator mode
You can run simulations in accelerator mode instead 1.",f üdeli Fiì;tit t
of normal mode. Simulink will generate code for the Y îË i i ¡iËS'rljll'
model and use the compiled version of your model for
Ì $ lr,.,l I
j ì..ù i: i"¡l.i lì ã Ì lj li rì1ì
i l,:irË È:irr ; Ll,: È
the simulation.
SiRu¡stiÕÍ {rqrd4: {ir1orìel S*llingsjl
I{ote that there may be a delay prior to the first , : glart ïiste.
ifcl8úÈi 5e'ttjnqsl
Þlß{mal
execution of a modei in accelentor mode because the
code has to be built. Also, you canfl.ot collect coverage 5-J9p
'rne:
tesults when running a model in accelerator mode. S.Bür!ârÈ-inl[e-LÉaF iSlL]
¡nìtial gtåte:
Frûcåsåqr-in-thÈ-Lüfl p tF¡Llì
. Fast restart simulation
Allows you to simulate a model multiple times without
recompiling. SØhen fast restart is enabied, you cân
v iTÊR.{Tl*i'.lS''
change inputs and tunable pârameters. However, you
cannot make structural changes to the modei as this ; I.jri; lã. i ïË ËÅli r- ii :l
would require the model to recompile. ¡ ¡i:::i:Ë- iËü'i 'r --
Fâst restart simulation can be configured for tests ¿ 1i:rr i¡:t ,,.Jl *J :inr:rl ,;/ri i,'r.:lí : il f tf.;iiiìtr
with iterations, since changing inputs, pafâmetefs, or
Ruñ iìã.F1 itëråt¡ons in iësl re.sl*rt
assessment cnteria tlpically has no effect on the model.
. Parallel simulation
/ f
" simulations in parallel using
You can run individual
th. P¿d4c"-p"tirs T""lb""'". This is useful when
performing many simulations, such as pàtaÍneter
sweeps. To simulate models in parallel, enable the
Parallel option in the Tests tab of the test m^fl^get.
Note Eachparallel worker has its own separate

workspace, so you should make sure to load any
necessary data in setup or pre-load callbacks in the test
file, test sui.te, or test câse.
@ 2017 by The MathWorks,Inc. Verification and Validation of Simulink@ Models 5-15

Building Têst Suites
Summaty
. Creating test files
. Configuring simulation, baseline, and equivalence tests
. Viewing and documenting test results
@ 2017 by The Mathrü/orks, Inc. Vedfication and Validation of Simulink@ Models 5-1,6
Test Your Knowledge

1. w4rich type of test would be suitable for finding whether a model's outputs
ate within 70o/o of expected results?
A. Simulation
B. Baseline
C. Equivalence
2. \Øhich tipe of test would be suitable for a model that produces ân error
when a sþal exceeds a certain limit?
A. Simulation
B. Baseline
C. Equivalence
3. (Select allthat apply) w4rich of the following test case elements can modify
models and workspacevaríabIes, thus affecting test repeatability?
A. Input/ouþut overides
B. Callbacks
C. Parz¡meter overrides
D. Configuration settings overddes
a. G /Ð, Requirements links in tesr files are srored in the test file itself.
@ 2017 by The MathnØorks, Inc. Vedfication and Validation of Simulink@ Models 5-17
Answers
1.8
2.4
3.8
4.F
A 201,7 by The MathWotks, Inc. Verification and Validation of Simuünk@ Models 5 - 18

Formally Verifying Models

@ 201,7 by The MathIØorks, Inc. Verification and Validation of Simutiflk@ Models 6-1
Formal ly Verifying Models
Outline
. Using Simulink@ Desþ Vedfi.er"
. Automatically genetating tests
. Proving model properties
. Detecting desþ erÍors
In this chapter, we will use the follovdng MathN7otks@ products
. MATLAB@
. Simulink
. Simulink Desþ Verifier (fot formal model verification)
. Simulink Vedfication and Validation'" (for coverage analysis)
@ 2017 by The MathW'orks, Inc. Verification and Validation of Simulink@ Models 6-2
Chapter Learning Outcomes

'List the thtee model vedfication activities avaiTable in Simulink Desþ

Verifrer.
. Automatically generz;te tests to produce frrll model coverâge.
. Formally prove â component meets certain requirements.
. Detect unintended desþ errors in a model.
@ 2017 by The Math!Øorks, Inc. Verification and Validation of Simulink@ Models 6-3
Performing Exhaustive Testing

Depending on yorü model's complexit¡ you may have difficulty creating test
cases that fully test all operating modes of your model.
Fot instance, if the test cases you have defined do not provide full coverage
fot your modef then you may flot have explored your model's functionality
completely. This could either mean that more tests âre needed or that the
model contains some ufl.necessary elements.
In addition, the existing test ca.ses mây not be sufficient to identify all defects
and unexpected behaviors in the desþ.
Simulink Desþ Verifier allows you to analyze modeis usingformal merhods,

that is, to mathemaicalTy analyze models without simulating them.
Are these the right

fequifements?
Are my tests Does the model

sufficient? have defects?
How can I get

'tre results always
full coverage? as expected?
@ 201,7 by The MathnØotks, Inc. Vedfication and Validation of Simulink@ Models 6-4
Simulink@ Design Verifiet'' Síoddlow

The general workflow for using Simulink Desþ Verifier is as follours.
1. Prepare model
Cetain blocks or modeling constructs are not supported for use urith
Simulink Design Verifier. For inst¿nce, compatible models must use a
fixed-step solver, and contain no aþebraic loops or unsupported blocks.
2. Set obiectives
Set Simulink DesþVerifi.er options, such as coverâge goals or block
replacement options (for blocks thatarc not supported). You can also add
@ Manual
blocks to your model to speci$r test objectives.

3. Analyzemodel
Simulink Design Vedfier car' analyze your model in three ways. These are
discussed on the next pâge.
4. Generate tesults
After the anaiysis, there are several ways you can display the results.
. Highlight model - Color the model to indicate poteni-iâl issues.
. Create feport - Ctezte a document summarizing results.
' Cteate test harness - Create a model containing test cases that illusftate
tesults, e.g., frrll coverage ot falsified proof objectives.
Automatic
@ 201.7 by The MathlØorks, fnc. Verification and Validation of Simulink@ Models 6-5
Types of Formal Model Verification

Simulink Desþ Verifier dedves the possible rânges of sþai values without 'hodel
simulating the model. These values can be derived from
à
. Output data types -F,ach numeri.c datatype has upper and lowet limits. For
example, a sþal of data t1'pe uintB can have values between 0 and255. sigaal
. Signal range specification - Many blocks have Output minimum and
Output maximum parameters. Simulink Desþ Verifier can take these These derived srgnal fânges can be used to perform three differeflt tl?es of
values into account when deriving sþal ranges and analyzing models. anaþsis using Simulink Desþ Verifier.
. Generate tests - Generate test câses to meet specified objectives, such as

Main Signal Attributes
coverage objectives or sþal ranges.
tr üutput fr.¡r'rction calT
. Prove properties - Formally prove that sþals -ñ¡ithin yout model always
Minimunl: Maxlmum
stay within a specific set of values.
-t nfï L00
. Detect design effofs - -Automatically find unintended behavior, such as
tata type: intS
integer ovetflows, unreachable logic, or divisions by zeto-
The tipes of anaþsis shown above can be used to complement simulation-

. Block parameters - Some blocks, such as the Sine \ü/ave or Saturation based testing and frrrther improve the quality of your desþ early in the
block, have parameters that affect their ouçut sþal ranges. development cycle.
l4ain SrgnalÅttnibutes Derived signal ranges

Upper limit:
<¡ I
d
Lcu¡er fi¡,nit: b c
Outl
tn1
Sat¡.iration Bias
Gaìn
lvtå),, f uu Lawer LÌrnit; t
l"lpper Linril; 3*
[-100..100] [-s0..50] [0..30] [5..35]
@ 201,7 by The Math\)7orks, Inc. Verification and Validation of Simulink@ Models 6-6
Checking Model Compatibility Try

::
To see if a model is compatible with Simulink Desþ Verifier, you can select ,¡€p,e the SimulifT< projeat lrr &b
Analysis ) Design Vedfier à Check Compatibility ) Model from rhe
Simulink menu. t ri>l-I
:rjii
If the model is not compatible, then you will ger a message stating the thern
incompatibility.
Simulånk lesågn Verifier cannct be r¡sed r,,¡ith a

variabl-e-sLep salver- Ycu srust conflgure the
solver cptåons for a fixed-step solver"
.5-e-* d-ü:ç-uge$l'a L-¿¿¡ l-¡--
**r*¡.*n*rrt: sÌr¡:xlâ*k I taleç*ry: ***içn \¡*rifl*r **n:p*tihîlily *ir*r Compatible
If a model contains unsupported blocks, the model may be considered partiaþ

compatible. In this case, by default, Simuünk Desþ Verifier will autom¿ticatly
stub (replace) unsupported blocks, and so the anaþsis of your model might not
be ñrlly complete.
+ + ü
a
ParttdJy
compatible
Fot a complete list of incompatibilities and how you cân work around them,
see the documentation under the Concepts section of Simulink Design
Check
Verifier ) Systematic Model Verification ) Component Selection.
compatibility
Incompatible
@ 2017 by The Math\X/orks, Inc. Verification and Validation of Simulink@ Modeis 6-7
Generating Tests - Producing Full Try
Coverage Geeeraté të8t_Ë and
One of the capabilities of SimulinkDesþVerif,eris automatic testgeneration.

To automatically generâte tests for yout model, use the following steps:
and
1. Set objectives
Define the test generation objectives

Test ge*eration
by selecting the Analysis ) Design
Verifier ) Options menu. This Mudel coverage objectives:
opens the Confi.guration Parameters Test cor¡ditions: Blocks that contain

dialog. Test objectives: covefage objectives
f*laximum test case steps: 10ûsû
Select Design Yerifier ) Test
Test suite optir*ization :
Generation from the tree on
the left. The Model coverage
objectives option sets the test lul
r,
duty
genetation object for model Abs Saturation
covefâge. fi<du?'ii
2. Genetate tests 1
m otor_inputs
m(*orlnputs
1
SelectAnalysis ) Design Verifiet

) Generate Tests à Model ftom -1
d i€t-t¡oÐ
the Simulink menu to stârt test DIR Switch

generadon. Test geræratio¡l cçl¡pletpd narnrxliy.
írse¡Ì;; 12 >* fhreshckt
"ilr*slclc {}
e1'8 ctbjÊrt'rvès are saüsf¡ed.

Aftet the model has been analyzed,
you can create the results that you Resillts:
want (highlight model, detailed I H;üh,li*ht onå'vsiç res{.¡i8 *n nÌ,ixie1

t l¡'i*w lÈsi.s iirn SialuletiùÌr *elÞ ¡nrpffiül
report, test harness, etc.) using the 'I üeþilsd ÐÍã$ysis rÊFortl t4lgll {fül
t:3eäte heftiess IIjSdFl
links provided. . E)@nü lëFr ças€s lo Sirru{;n¡{ îr:sr.
lésbs en{t nto¡il r¡o ¡ mniel
@ 201,7 by The Math\X/otks, Inc. Verification and Validation of Simulink@ Models 6-8
Generating Tests - Completing Missing

Coverage
You may have akeady desþed test câses manually. If so, you can use automatic
test generâtion to complete any missing coverâge that was not produced by
running those test cases.
To do this for the piCtrl model,
1. Configure the existing test harness (piCtrJ-_Harness) to collect 4. Configure the piCtrI model to þore the covetage ptovided by the
coverâge from the piCtrl referenced model and open the Coverage existing test cases.
Results Explorer after simulation.
To do this, go to the Design Verifier ) Test Generation pane in the
2. Run all the test câses in the test harness using the Sþal Builder block.
Model Configuration Parameters dialog. Enable the Ignore obiectives
satisfied in existing coverage data option and browse to the fi,le you
)l¡ x gÀi *H tïî ¡ r']|
t_:J
previously saved.
a Desiçn Verifier
ßun alå and roduce
tsl*ck Replacements
ffiffi:mi: ìs
ParameterE
góLd
lferificati$n block se,ttings: Þesign Enûr Detecii0n J: Ignore objectives satisfied in exist'ng ccuerage data:
Pr0Þert'/ Provinû
Þa<¡ rlk CoveraEe data fiNe: tests\piCtrlCov.cr,.t
3. From the Coverage Results Explorer, save the cumulative data to a fiTe
Report
*bjective filter
named piCtrlCov. cvt in the tests folder of the project.
: .ftlpiCtrt 5. Finalt¡select Analysis ) Design Verifier ) Generate Tests ) Model
W s*ttinEs from the Simuünk menu to generâte tests.
¡
,: FI T*st L Save curnuîatíve ccverage data Note You can also generate
:t ^-- tests for missing coverage directly from the Test
PI {eS[ ¿
. f-i nñfä R*positcry
X Ëxc[¡de ntl fnnm rumulative data Manager by selecting Add Tests fot Missing Coverage from test results.
- Å¡.i ¡.] ï i: i::À.1 f U {ì íi\,iï 1ì Àii: f. ll ijlj i ì iS
¡
. ..." ::: .: :alrË:L' i;:.ì i.
Note that instead of manually saving the coverage file, you can also use the lLbt
picv¡ I 3 75s;è m, 1[tü%re
automafcally generated coverage files as specified in the Coverage ) Results d

section of the Model Configuration Parameters dialog. * Add Te€tç irlr ltliss¡n!¡ tot,Êiåge {f Frt,on
@ 2017 by The MathWorks, Inc. Verification and Validation of Simulink@ Models 6-9
Generating Tests - User-Defined i
Objectives that
tl*e
In addition to the coverage objectives infered from the blocks within your € _5.
model, you can add blocks specifically fot the pu4)ose of adding test objectives.
The two blocks you can use for this are in the Simulink Design Verifier )
Objectives and Constraints Jibrary. to
. Test Obiective > #,,1Wr >

Sets objectives to be met by one of the generated tests.
You can write the target sþal values in sevetal formats, such as a scalat, a two-
. Test Condition )ìm> element vector, a cel). auay, etc. Some examples include
Constrains slgnâl values in all of the generated tests.
. 5 - Obtain thevalue 5.
. [3,5] -Obtain avaluewithinthe closedtange ftom3 to 5.
. i3,5Ì -Define two objecdves - obtainingavalue of 3 and sepantely a
IJser-defìned Coverage IJser-defined value of 5.
test conditions objectives derived obj ecflves
. Sldv. Interval (3, 5,' [)' ) - Obtain avaluewithin therange 3
from blocks
to 5, including 3 but not including 5.
il, t\
lÞ
+
+
+ Proportiûnat Gain v outpul
åìe
'äf,Nis
s,?æå dåie X.pe'¿
l-5 5j
Sample Time lntegral Gain

+ yr
iilpuiâ *re Ìhg
x
Satu rat¡on
1
sâfie iìatä '¡iri =*

Sâr:li* tirïe : Ts
eft l1;fl: -1
@ 201,7 by The Math\)Øorks, Inc. Vedfication and Validation of Simulink@ Models 6- 1,0
Proving Model Properties

You can also use simulink Desþ verifier to prove properties in a model.
1. Set proof obiectives and assumptions

You can add the following blocks from the simulink Design verifier )
obiectives and const.ff" ltbnty to yorü model to specifii properties.
. Proof obiective )
ffiÞ >
sets the ranges that the sþal must have for the proof to be vedfied.
.Assumption )m>
consttains sþal values in property proofs to the specified raflges.
l*,"T1 ¡_{ lt sr
Ê Simul¡nk Ðesiçñ Veriier lngpector
f- duty
*ffi
direction
ffi ._,
'l
:,, & ?m
Proof
Saturatfon ##* pwmCnv/ Proof Objective
Objective: {0. rl \¡Åf-fe
Ü < dutY ": ^{
ÐlR Switch
2. Provepropenies
0r
You can attempt to prove the objectives by seiecting Analysis ) Design
Vedfier ) Ptove Propeties ) Model fiom the Srmulink menu.
Ädive Gwp:
" $iJ.dl-#
c0ctro¡tst_DrJfFùl
If objectives are proved, then you will get a messâge sâlng so. If some
al1 [ü r] t5
are disproved, then you are able to generâte test cases showing how the
proof objectives could be invalidated. )ffiþ 1.5
Counterexample
,
0 s,.{i0? ri.0û4 0.00$ Ð.0û8 o.rt
@ 2017 by The MathWorks, Inc. Verification and Validation of Simulink@ Models 6- 1L

Formally Checking Requirements ':" .;
::
!7hen adding test or proof objective blocks to your model, you can place to &e aad tåea pteate proof
all of the logic fot calculating the sþals of interest tn a aerifcation subslsTem.
This allows you to ensure that the logic you add to your model for desþ
verification is not included in any code you generate fot the model.
The Verification Subsystem block is located in the Simulink Design Verifier

) Verification Utilities Jibrary.
It is common to add logical blocks and temporal operators to help you System Requirements
calculate sþal values you wânt to vedfii. Some libraries of interest include
"l . "*uty cycle rnust he proportional tn ccntnçlfer autput, when in a valid rangê.'o
. Simulink à Logic & Bit Operations 2. 'PWM åorque shau[d a*t in posit[ve sense wf:en ccntrofler output is p*si[ive orzei-o."
. Simulink ) Model Verification 3" 'PWf\4 tnrque shcuåd act i* negatirre sense when cantrofler output Ís negative."
4. "*uty cy*le rnusÍ be in range fnam Û tn 'Ï."

. Simulink Design Vedfier ) Tempotal Operators
. Simulink Design Verifier ) Vedfication Utilities
'L
il L_
*T**-
lnierval Test
\# .:Ï -i<u<l ,{==> I
duty B
pwm_4
pwm_1
tÈ 4t lmolies
duty
lul
Relational
direction Abs
Operator
controller_output controller_output
<0
Verif ication Subsyslem
,4==> B A==> B
a B
p¡m_2 --4
pwm_3
==f lmpliesl lrnpIesZ
iF.iê
2
direction
@ 201,7 by The Math\X/orks, Inc. Verification and Validation of Simulink@ Models 6-1.2
Detectirg Design Errors

You can use Simuünk Desþ Verifier to automaticaþ detect potential issues
with your model, including
. Dead logic (also known as unreachable logic)

. Integer or fixed-point data overflows
. Divisions by zero
To detect these desþ errors, select Analysis ) Design Vedfier ) Detect

Design Errors à Model from the Simulink menu.
pwmCnv_v2lÅbsolute Valuel Ðivide
Note Dead logic cânnot be detected at the same time as the other tlpes of w Ðivísion by zero ËR"Rüft.- Viev¡ Èest cnse
desþ errors. To configure which desþ errors to detect, go to the Design z
È
Vedfiet ) Design Error Detection pane in the Model Configuration Ðerived Rangæ:
Patameters dialog. OuÈport 1: [-Inf .inf]
Run-time errors
You can review the results by generating example test cases, creating a report,
or coloring the model. If you highlight the model, the blocks that were tested
are colored either
[itto *umma¡y=]ç
' Green- Overflow or division-by-zeto errors are notpossible. controllerlCC_Logicj Logical ûperator Dead
Logic: input pcrt 1 T &üTãVf L#ffË#
. Red - Test cases were found that demonstrate overflow or Logic: input port 1 F ÅCTfWf $-*Sfü
logic
division-by - zero errors. Logic: input port 2 T nËÅff LûËIt
Logic: input port 2 F &{trf\dE :LüSft
. Otange -Result for block is undetermined. This can happen
if the analysis tìmes out, or as a result of automatic stubbing
þlock replacement). cc_outpl.ds <on_ofÞ
ÜR
pedal_scêled
à3 a2d_smled_cc
L*çical
a2d_scaled_cc
C*r*p*r* ûp*rêtor
T0 ßorlstänt iì:lii r:, : :.
i ,
:::: :ìr,i:: i
<ped al_sâa led >
a2d_scaled <¿ngþ_sælêd>
A 201.7 by The Math\X/orks, Inc. Verification and Validation of Simulink@ Models 6-13
Tips for Formal Model Verification

Models can often be difficult to analyze using Simulink Desþ Verifier. This . Block replacements
could be because the models are too large, complex, or contain too many You can cre te rules to replace unsupported blocks with functional
unsupported elements. equivalents that arc analyzable by Simulink Desþ Verifier. Block
replacement rules also allow you to automatically add constraints ¿nd
There are sevetal tools available to help you prepâre your models for analysis. objectives around certajn blocks.
. Test Generation Advisot Fot more information, refer to the documentation under Simulink Design
Performs a highJevel analysis of a model to help identify analyzable Verifier ) Complexity Management ) Block Replacement.
components. This includes suppotted components, time-consuming
components, or components that are unteachable due to dead logic.
1-D T{u}
For more infotmation, refer to the documentation under Simulink Design + 1 1
Vedfier ) Test Case Generation à Functional Requirements Testing ln1

Test Condition
OLrtl
) Use Test Generation Advisor to IdentiS' Analyzable Components. Math 1-Ð Lookup
Function Iabte
&ftd! ¡èr cüweìi æ
. Model Slicet
l* ¡: c¿'lrre.
À Allows you to visualize functional dependencies in large or complex
models. You can also use Model Slicer to creàte simplified standalone
Sarcøe,z .,# *¡e*¡':
models fiom larget models.
Fot mote information,

refer to the
documentation under
Simulink Design
Verifier ) Model
i..;*:*l Simplification with
Dependency Analysis
A 201.7 by The Mathrü7orks, Inc. Verification and Validation of Simulink@ Models 6 - 14

Summary
. IJsing Simulink Desþ Vedfi.er
. Automatica)ly generzting tests
. Proving model properties
. Detecting desþ errors
@ 201,7 by The MathnØorks, Inc. Verification and Validation of Simulink@ Models 6-15
@ 2017 by The MathW'orks, Inc. Verification and Validation of Simulhk@ Models 6-1,6
Test Your Knowledge

1. V{hen generating tests using Simutink Desþ verifier, which block forces
all generated tests to always have avalue within the specified range?
A. Test Objective
B. Assumption
C. Proof Objective
D. Test Condition
2. (Select alTthatappÐ !Øhich of the following blocks can be used to generâte

test objectives that must be met?
A. Test Objective
B. Constant
C. Check Static Upper Bound
D. Saturation
3. (Select all that applÐ Simuünk Desþ Verifier carl. a:utoma¡ti."1ly detect
potential
A. Integer overflows
B. Floating-point overflows
C. Divisions by zero
D. Deviations from modeling standards
4. Consider a, Proof Objective block with the proof value set to [0, 5 ]
To be provefl valid, the block input must
A. Oniy be able to atøin the values of 0 and 5.
B. Always stay within the range between 0 and 5.
C. Always zttain a value of 0 or 5 at some point in every simulation.
D. Be capable of attaining ali values between 0 and 5.
@ 2017 by The Math\X/orks, fnc. Verification and Validation of Simutink@ Models 6-1,7
Answers
1.D
2. A,C,D
3. A,C
4.8
@ 201.7 by The MathìØorks, Inc. Verification and Validation of Simulink@ Models 6 - 18

Conclusion
Conclusi0n
@ 201,7 by The Mathlüorks, fnc. Verification and Validation of Simulink@ Models 7 -7

Conclusion
MathWorks@ Product Overview

Key Charactedstics of the MATI-AB@ Language Key Characteristics of Simulink@
A user-friendl¡ intuitive syntax favoring brevity and simplicity without A complete environment for modeling, simulating, and implementing dynamic
compromising intelligibiJity and embedded systems
The highest quality numedcal aþorithms, based on close historical ties with Desþ and test Tinezt, nonlineat, discrete-time, condnuous-time, hybrid,
the numerical analysis research community and multirate systems
Powerfrrl, easy-to -us e graphic s and visualiz ation capabilitie s Applications in controls, DSP, communications, and systems engineedng
A highJevel language, making it possible to cafty out computations in a line ot Open architecture allows integration of models from other environments
two that would require hundreds of lines of code in languages such as Fortran
orC
Easy extensibility, by the user or via packages

of application-specifi.c MATI-AB code and
apps known as toolboxes
Real and complex vectors and matrices

(including spârse maftices) as fundamentaldata r-.---'
t)?es
ÐF':tg*f-tNlcAt
@ 201,7 by The MathWorks, Inc. Verification and Validation of Simulink@ Models 7 -2

Conclusion
MathWorks@ Web Resources

The MathWorks@ ì7eb site at \^/ww.mathworks. com contains a wealth
of resources beyond the materials provided for this course. First, you
should create a MathWorks account using the "Create Account" link on the
mathworks. com navigation bar. A Math\X/orks account will allow you to
view informad.on about your product licenses, receive technical support, and
particþate in the MathnØorks community.
. Products & services home . View and report bugs ' Create Math\7orks account
. Training schedule . Documentation ' Manage your account
. Downloads . Obtain product updates
4 ú¡-tsiå'år.ae il:.* -;** r,! .åii's s,åråti*

ffi| rtnlt** Sàsr*å Þ ì i1'¡nteî* i-r: i H*'c l* Ër¡ t"
tit I
Pr$dutt* ä $*rrui*e* $*l¡¡ii**m ,Âcsd*min $r*ü¡F*rt ä,J*fi1s t**rp*r:ry
. File exchange .'W'ebinars
. MATI-AB Newsgroup . Seminars

. M,{|fl-tB Answers . Conferences
. Biogs
@ 201.7 by The Math$Torks, fnc. Verification and Validation of Simulink@ Models t-3
Conclusion
Online Techn ical S upport

l7ith a Math!Øorks account, you cân request technical support, report product
bugs, and submit product enhancement requests from the Math\X/orks rü7eb
site.
To see the options, log in to your Math\X/orks account

from http z / /www. mathworks . com and click on the "My Account"
link. If you do not have a MathWotks account, you can create one by selecting
"Create Account."
The page that appears will contain information about the products you o\Ã/n âs
well as anavigatton bar on the left side with a number of links. To enter a new
support request, select "Cteate New Request" ftom the "My Support" section
of the navigation bar.
Then, select "Technical Support" from the Iist of request types and choose
a specific category of technical support request fiom the list that appeârs.
Now you c^î enter the information describing yout request and submit it to
technical support.
Other usefril \ü7eb-based technical support capabilities:

:.'::.
Communicate with MathWorks support staff
Attach related documents to a service request
Receive email notifications of new information about yout service requests
After the request has been satisfied, the system archives your entire
correspondence history for review at any time.
To learn more, go to http : / /www. mathworks . com/support/.
@ 201,7 by The Math\)7orks, Inc. Verification and Validation of Simulink@ Models 7 -4

Conclusion
Further Training
Math\Øorks Training Services can help you use our products to succeed in ..:,
your work. Our training courses ate deveioped around the core responsibilities
a
of engineers, scientists, and educators. Our trainers focus on your goals and
how to use Mathrü/orks tools to achieve them. a Teltng
Math\)7orks offers introductory and intermediate courses in MATI-AB,

Simulink, and Stateflow, as well as advanced courses in subjects such as control
desþ, sþal and image processing, test and measurement, opdmization,
statistics, and financial analysis.
Public instuctor-led training
Public instructor-led courses are offered in North -A.medca, Europe, and Asia.
In addition, rlralay of our distributors offer training at other international sites.
So, whether you are in NØinnipeg or rùØien, you can find hands-on training near
you.
On-site instructor-led raining
Math\X/orks also offers custom training courses, which can be taught at your
own facility. our engineers can incorporate company- or industry-specific
examples into a curriculum of your choosrng.
E-learning: instructor-led or self-paced
Ali of our training courses (except those requfuing specialized hardware)

are also offered over the \7eb. You get the same quality instruction with the
convenience of being in your home or office. Our e-learning courses are also
typically run with fewer students, on â more flexible schedule. Additionally, a Don't see it on the scheduie? Contact us and we'll make it happen:
limited number of our courses ar.e avaiTable in a self-paced format. Take the trainingGmathworks . com
courses whenever you choose and complete them on your schedule.
@ 2017 by The Math\X/orks, Inc. Verification and Validation of Simulink@ Modeis 7 -5

Conclusion
Course Evaluation
Thank you for attending Math\7orks training! If needed, zn alternate method of starting the evaluation is through the
following IJRL:
Please take a moment to fill out abtief couÍse evaluation.
http ; / /www. mathworks . com/services/trainin g / eval
Tlpe the following at the MÄTI-AB command line:
Note Please enter the email address that you used to register for this course.
I'ì.ìtllJr: I l:¡rrìtll{ L..V;å¡i.ì"'ìllrirl
Generàl trfliormõtiûn dnd KÌawledge
1. wh¡ch of these beJt descr¡bes your pr¡måry ôpplicat¡on?
FrÊf'err*d
, :-I-91""t qlç: :
2. Hou did you learn ðbout th¡5 course?
Eqail ug*el ioT çlå.qs fâU,istration: Ll [,t¿thlTDrks t+Êb site
O m¡thu,iorks traini¡g c¿t¡loq
Franç {11 tuar'lmouth {e.g. eollÉ¿gue, mènê!srlsupervisùr, etc )
crf
'lis t
--¡ f¡¡thworkç e-r¡¿il
Deutsch Plèåse rÈ-iyFè your email *ddr*çs: 'll,J sales representali're
Españo I
{i HarLre oiqest
It alia n o Ù other; ple¿se speclfl
IKnrean] Treî*i$R rFo'nç'¡r Bff¡cs:

3. Horu {rould you råte your ðb¡l¡ty to use the product{s) covered ¡n training?
Ithine s e]
S/üanada Low Hiqh
i*::,.:ir'
ûß$rfie TyÈrS: Cla$s tsnd 72i¿5ó: 10
daì!Ë:
f:..Ï:*.-.--1- Before 14ðthûûrks trBi¡inq Ì.,: {::1 {"- () (,) {: i'-i ,.-l ijr t:.)
lFublrr
{-J
|
ruru-,r-::f l:nn¡
t--- il
:J
After MèthWDrk! trðini¡q i.:l i:î .-. (ìi .i i,ì i.r i:,: í-1 X
I Crntinue t0 oaoe 2 0f 4
baúfi l
Ifyou have any further questions following the training, please contâct your
mstfuctor.
@ 201,7 by The Mathrü/orks, Inc. Verification and Validation of Simulink@ Models 7 -6

Appendix A: Automating Verification Activities
Appendix A:
Automati ng Verification Activities
@ 201,7 by The Math\ùØorks, Inc. Verification and Validation of Simulink@ Models A-1
Outline
. Authoring tests in lvlr\*TI-AB@
. Building harnes ses progtarmmalically
. Automating test file creation and execution
. Collecting, reporting, and extending model coverage
. Scripting fotmal verification tasks
@ 2017 by The Math$Øorks, Inc. Verification and Validation of Simulink@ Models A-2
Creating Test Scripts rfy
You can write tvtt*TI-AB@ code to progrâmmarcaþ test models using the inùe. appA'foldet add $o to
same wotkflow discussed throughout the coutse. tests \ IILd
:::
L.Ld.TJ
'êdí t
test
Ð Ptocess results
Finally, retrieve the simuiation data using the get function on the simout
variable. For example, the following command returns the logged sþals in
the model.
Load test case
First, define the input data and parameters to be used by the model. You can
use MÄTI-AB to cteate variables in the base workspace prior to simulating the Once you have accessed the numerical data from the above vanable, you can
model. For example, useMATLAB to analyze it. Some cornmon analysis tasks include
' Saving - Save logged data, or any other datain the workspace, to various file
fotmats, including M-{f-files, text files, and spreadsheets.
. Yistabzation Use functions such as pJ-ot or stairs to visualize data
-
Run test vectors or timesedes variables.
. Range checking - Lise functions such as min and max to veriS' the range
Then, use the s im function to simulate the model from rvr,t*TLAB. \X4ren
using this function, you can store all of the simulation outputs (time, out¡ruts,
of a sþal.
logged sþals, etc.) into a single vanable. . Equivalence - Load previously saved data ftom files and then compare the
previous results to the current simulation outputs.
Any additional arguments to the s im function allow you to temporadþ
. Displays - Use functions such as disp, warning, and error to display
overide certain model parameters. The example below shows how you can
simulate a model whose input is defined tn øvartable named inp. your test results to users.
simout sim( 'model' ,

'LoadExternaflnput' , 'on' ,
'Externalfnput' r' inp' ) ;
@ 2017 by The Math\ü/orks, Inc. Verification and Validation of Simulink@ Models ,t-3
Running Tests Using Functions

.
çry.:..., ,
t:
-A disadvantage of using scripts is that they may have a lasting effect on the Go to the te sts of
base wotkspace. The best way to create tepeatable tests in Simulink is to run
each test from within its own funcTion.MÄTLAB functions have their own
fanction workspaces, so separate functions cannot interfete with one anothet.
>>, êdii.t Þ:.
To simulate a model from within a MÄTI-AB function, you must .. :
. Set soutce workspace

You should set the source workspace for the simulation to the function's
workspace. You can do this using the sim function with the syntax shown.
'SrcWorkspace' r' current' ),' function out : testl- (in)

. Define model data
You must load all of the data that is required by out : sim(tmodel', ...) ;
the model þus objects, model parameters, input
sþals, etc.) in the function's wotkspace.
end
If not loaded when the s im function is
a model is
load system (' model-' )
called, the function will load the model fot you. This
meâns the model's preload and postload callbacks, outl : testl (in1); Separate function
tf any, will execute and may overwdte important
variables.
ouL2 : test2 (in2) ; wofkspaces
close_syst.em ( ' modeL'
To make your test suite more tobust, you can add
code to it to load and close the Simulink models at function out : test2 (in)
the appropd¿te times. To do this, you can use the Test suite
load_system and clos e_s ystem functions
as shown on the dght.
out : sim('modeL' , ... );
end
@ 201,7 by The MathWorks, Inc. Verification and Validation of Simulink@ Models A-4
Improving Test Performance ,':,,
'i,,
There are several v¡ays to speed up test scrþts and functions, including
. Acceleratot mode
You can run simulations in acceletator mode instead of normal mode. )) edi teçt$a.j-teÀceel
Simulink will generate code for the model and use the compiled version of
your model for the simulation.
set_param('modeJ' ,
' SimulationMode' r'accelerator' ); Parallel sirad*tioas (in úe, pä ra¡, t êl- fbider) -.
!
+^^+1.
LCÞ L-L, )) e. :
t^^+4.
LEò LZ ¡
cf ose system ('model-') ; . Parallel simulations
You can run individual simulations in parallel using the Parallel Computing
Note that there may be a delay prior to the frst execution of a model in Toolbox'". This is useful when doing many simulad.ons, such as p^tameter
acceleratot mode because the code has to be built. Also, you cannot collect sweeps. To simulate models in parallel, you can place the simulations within
coverage results when running a model in accelentor mode. a parf or loop.
. Fast restart simulation
Allows you to simulate a model multiple times without recompiling. ì7hen parfor i : 1:3
fast restart is enabled, you can change inputs and tunable parameters. switch i
L-4.ì C
However, you cannot make sftuctural changes to the model as this would L
require the model to recompile. load_system(' model-' );

!^^rl.
Le> L-L t
set_param ('modeJ' , 'FastRestart' , 'on' ) ; close system ('model-') ;

r^^r1. )
LçÞLI, ^âeô
+^^ta.
LCÞ L-¿, load_system(' model-' );
t^^+4.
set_param('modeJ' , 'FastRestart' ,'off') ;
LYÐ LL I
cf ose system ('model-') ;
end
end
Note You can combine all of the above approaches.
@ 2017 by The Math\ùØorks, Inc. Verification and Validation of Simulink@ Models A-5
Comp añng Simulation Runs

Recall that the Simulation Data Inspector allows you to visualize and compare
sþals ftom different runs. This can also be done programrnattcally using the
following functions.
t
. Simul-ink. sdi . createRun - Create â run from z MATLAB vanable
or MAT-file.
. Simul-ink. sdi. compareRuns - Perform comparison between two
runs.
. Simulink. sdi. getSignal - Return a sþal from a patticulat tun
using a unique identifier number.
. Simulink. sdi. compareSignals - Perform comparison between
wo sþals.
Once you have perfotmed the comparison, you cân wdte M,{|LAB code Simulation Expected
to extract and analyze the results. You can find an example of this in the
piTestSDI
-*1 results outputs 4fi,
scrþt.
f,
Alternativel¡ you can open the Simulation Data Inspector from the
command line once you have performed multiple comparisons. -411 the
runs and comparisons you have created will be displayed so that you cân simulink. sdi. createRun simulink. sdí. createRun
manually view the results.
Simul-ink. sdi . compareRuns

For more information on using SimulattonD ztalnsp ector pr o gtamrnatrcally,
go to the Simulink ) Simulation ) Visualize and Evaluate Results
) Inspect and Compate Signal Data Progtarnrnatically section in
the documentation.
ffi
Comparison results object
@ 2017 by The Math\Øorks,Inc. Vedfi.cation and Validation of Simulink@ Models A-6

Generating Test Flarnesses

You can programm^tically generâte test harnesses for a model using the
sltest . harness . create function in Simulink Test".
The syntax below shows how to create a test harness from the pwmCnv model
and then simulate it. The test harness has a Sþal Builder source block and
Outpott sink block.
Anothet common task related to test harnesses is to modify Sþal Builder
tName' blocks at the command line. To do this, you can
r' harnessName' ,
'Source' , 'Signal Builder' ,
1. Seatch the test harness for any existing Sþal Builder blocks.
'Sink'r'Outport');
blockNames find_system(harnessName
'MaskType' , 'Sigbuilder bfock' );
:
block blockNames{1};
pwmCnv 2. rJse thesignal-builder function to modi4r the block. This includes
adding, deleting, or modiS'ing groups and sþals. You can also change the
contrcller_ouþüt motor_inpub
t_
contrcller_ouÞut mot3._inputs
mo{or_¡nputs
active sþal group in the block prior to simulating the test harness.
Hamess lnputs
For more information on using the SþalBuilder block progrânìmâtically, go

There are other usefrrl functions to interact with test harnesses. For more to the documentation page for the signalbuitder function.
information, refer to the Simulink Test ) Tests in Models ) Functions
section in the documentation.
@ 2017 by The MathWorks, Inc. Verification and Validation of Simulink@ Models A-7
Creating and Running Test Suites

:
Simulink Test also ptovides a command-line intedace for working with test .Go. to th¿ ä\ q
m uIanK'l' eet subfoldet of &" .ffrolect.
files in the test manager. Some common commands are described below. :
L.
Creating test files
. sltest Running test files

. testmanager. TestFile - Creates â flev/ test file, as wellas
aTes t Fi I e variable that you can use to interact with the file. . run - Runs a test file, test câse) of test suite. This function genefates a
. createTestSuite -Âdds a new test suite to â test f,le or test suite. Resultset variable that contains all the test tesults.
. createTestCase --{dds a new test câse to â test suite. This test case can . sltest . testmanager. report Generates a rcport from
^
be configured to be a simulation, baseline, or equivalence test. ResultSet vadable (obtained by calling the run function).
. ge t P r op e r t y/ se t P r op e r t y - -Allows you to query/modify properties Fot more information on the command-line interface to the test mânagef,
m test sultes of test câses. refer to the Simulink Test ) Systematic Testing and Reporting section in
. sltest. testmanager. Testlteration/addlteration - the documentation.
Creates a test iteration and adds it to a test case, tespectively.
ll .
Jt,
#&. sltest . testmanager . TestFile
"l
Test file createTestSuite

createTestCase
\
run
setProperty getProPertY \
// ffi Test results
sltest . testmanager . report

\
Irtteract with test files, Report
suites, and cases
@ 201,7 by The Math\X/orks, Inc. Verificati.on and Validation of Simulink@ Models A-8
Collecting Model Coverage 1::t:
You can m^îage model coverage settings and results using wr,I*TLAB code. Go to the lests\covera ¿.f ê sãb foltler bfi üe pfryE"t.,l
The typical command-line coverage workflow is as follows:
ü egvÍes rl :::
1. Create a test specification variable using the cvtest functjon. ü êõvles
4. Perform your anaþsis using the coverage results vadable. Some examples
2. Define coverâge options using the test specificattonvanable. For example, include
to enable coverâge settings for all referenced models, use the syntax . Saving and loading coverage results to . cvt files using cvsave and
cvload.
. Viewing coverage results by generating an HTML report (cvhtml) or
To enable decision and condition coverâge, you cân use by highlighting the model (cvmodelview).
. Extracting information about a parttcular qpe of coverage. Some
example functions include de c i s i o n i n f o, c o nd i t i o n i n f o, and
mcdcinfo.
3. Execute the test case using thecvs im function and referring to the test
specification vadable. Coverage results from the simulation are stored in a
coverage results vatízlsle, which is passed from cvs im as the first ouþut. Create and modifii
CVteSt
test specification
Note The cvsim function allows the same property name - property
value pair arguments as the s im function. For example, the foliowing
-
syntax will simulate a model for 10 seconds and collect coverage.
ç
Simulate and return
CVS 1M
model coverage
t ffi
Process results
CVSAVC
cvhtmf
cvmodelview
decisioninfo
conditioninfo
@ 2017 by The Math\X/orks, Inc. Verification and Validation of Simulink@ Models ¡,-9
Completing Missing Cove tage Ifv

o''
Simulink@ Desþ Verifi.er'" can help you to find test cases that fill covetage G'o to rhe tçet
gaps that might be left by manual testing. The process for doing this is
t
1. Define test objectives.
2. Test model and collect coverâge.
3. Use collected coverage as a starting point to automatic test generation. You can combine covefage results objects from multiple tests by adding them
together.
One way you can use preexisting coverage information as a starting point for
automatic test genetation is by using the command-line interface.
You can use the s ldvgencov function to generate coverage for a model. If you v/âflt to sâve a test harness with the generated tests, you can specify that
in an options structlrre (used as the second input argument).
To start with preexisting coverage, you can pâss a coverage results vanable
from cvsim as the fourth input to sldvgencov.
You can also obtain the coverage data of the tests genefâted by s ldvgencov
as shown below. You can then use the covetage results of the newly created
Note \ü/hen you close a model, the coverage results object becomes invalid, so test when you gerlerate a coverage report.
you must use it befote closing the model.
opts, true, cvdol*cvdo2) ;
A 201,7 by The Math\X/orks, Inc. Verification and Validation of Simulink@ Models A- 10

Formally Verifting Models ::ì:

...Try,
.l:::
:'
'
You can use the s ldvrun function to automate all Simulink

ìr,
Desþ Verifier Go to the,t esf s\rJesi

VVvv¿Yf! onverif ier subf'older bf .ihë ...
::::
tasks. The workflow is as follows. ':l
}# edi,t
¡:;
ii
1,. Create a desþ verification options vanable. To do this, you can use the >> edj ::
sldvoptions function. edå
4. IJse the sldvrun function to perform the analysis given the options
2. Configure the desþ verification task using the Mode property of the specif,ed.
desþ verification options vanable.
'PropertyProving' ,'
' DesignErrorDetection' ; To open the report at alater time, you cân use the Report property in
'TestGeneration' ; the f il-enames ouq)ut. Note that you can also set your own ouq)ut file
locad.on in s ldvoptions.
Note The default mode is TestGeneration. This is equivalent to
using sldvgencov as shou¡n on the previous page.
3. Configure other properties in the desþ verification options vadable.

For example, the following tu/o properties can be used to set up how the
results are displayed.
Note For more information, type doc sldvoptions to access tfre

documentation page. This page contains a list of all the ptoperties and
their allowable vaiues.
@ 2017 by The MathWorks, fnc. Verification and Validation of Simulink@ Models A-11
Summaty
. Authoring tests in MÄTI-AB
. Building harnesses progrâmmatically
. Automating test file creation and execution
. Collecting, repotting, and extending model coverage
. Scripting formal vedfication tasks
@ 201,7 by The MatlilüØotks, Inc. Verifi.cation and Validation of Simulink@ Models A - 12

Appendix B: lntroduction to Model Coverage
Appendix B:
lntroduction to Model Coverage
3
I
.
@ 2017 by The Math\X/orks, Inc. Verification and Validation of Simulink@ Models B-1
Outline
. Model coverage
. Model elements that receive coverâge
. Types of covetage
@ 2017 by The Math\X/orks, Inc. Vedfication and Validation of Simulink@ Models B -2

Model Coverage
Model coverage is used to determine whether cert¿in elements of models
have been firlly tested. This helps you determine whether your test câses âre
sufficient to vedfy a model.
If a modei does not achieve firll covetage, it could meanthat
. Additional test cases must be desþed to fully exercise the model.

. The requirements need to be modified to meet coverage goals.
. It is impossible to crelte a test case that will produce fi.rll covetage. In the
case of decision or condition coverâge, this means the model has dead logic.
Note If you awtofiaatically generating code ftom a Simulink'" model, fr.rll

^te
model coverage does not necessarìly grararLtee full code coverâge. You shouid
stjll collect and analyze code covetage.
A 20n by The MathìØorks,Inc. Verification and Validation of Simulink@ Models B-3

Model Elements that Receive Coverage

You can collect coverâge information ftom the following tgres of modeling
constructs
. Simulink blocks
. States and tansitions in Stateflow@ charts
. M.{|LAB@ code inside MATI-AB Function blocks
. C/C++ code in S-functions
For mote information on collecting coverage from Simulink models, as well as

lists of supported and unsupported modei elements, refet to the documentadon
under Simulink Vedfication and Validation ) Modet Coverage Analysis
) Coverag e Data Collection.
I :.Jncti31 oulil¡t = riìiiFc:ì iinput" sat_enal¡]*)

7
3
4 if {:npcÈ<* &.ç sag_enãblei
Simulink 5 {)ur::put. : i-i,' MATLAB
Á else
.x!_enabfe {rrûF[rt
blocks l \!:.ñr1+
vu LHu u -
¡^ñ.!Ê.
Function
8 end
blocks
Ðecisions
iulCl.:f! å,! uÍìÌ 5üo/ò
false t0ll10l
il¿.i..erftkiu
j:i1,1ìJ1.0;
Statefl.ow C/C++
charts Condifioas S-functions
Ðeserþtion: Tr¡re False
5û 5i
@ 201.7 by The Math\){/orks, Inc. Vedfication and Validation of Simulink@ Models B-4
Execution Coverage
Execution coverage is the most basic covetage metdc. Ä test case achieves fifl
coverage if every nonvirtual block in the model executes at least once during
the simulation.
rWhen coverage analysis for a model is enabled, execution coverage results are
always displayed.
Is every block
executed during
simulation?
Step
Inl tutl
Gain
Ernbbd Subsystern
@ 2017 by The MathìØorks, Inc. Vedfication and Validation of Simulink@ Models B-5
\:.t t:
Decision Coverage (DC) Try
Decision coverage (DC) examines items thât represent decision points in a the
model, such as a Switch block or Stateflow@ stâtes. For each item, decision
coverage determines the percentage of the total number of simulation paths
through the item that the simulation traversed. n
^ctvalfy
T and F?
I
Path taken?
X
T if ().{ & Y)
AND
Z Z = L;
LogÍcaf Switch
Operator else
z -1 f
I
Path taken? end
A 201,7 by The Mathrü(/orks, Inc. Verification and V¿lidation of Simulink@ Models B-6
Condition Coverage (CC)

Condition coverage (CC) examines blocks that output the logical combination
of their inputs (for example, the Logic block) and Stateflow transidons. A test
case achieves frrll coverage if it causes each input to each instance of a Logic
block in the model and each. condition on a ttansition to be true at least once
dudng the simulation and false at least once dunng the simulation.
Condition coverage anaþsis reports on each block in the model whether the
test câse fi;lly covered the block.
T and F? T and F? T and F?

1
X
T if (x&Y)
AND
Z Z = L;
Logicat
Switch
2
ûperator else
z -1 f
1
T and F? end
@ 2017 by The Math!Øotks, Inc. Verification and Validation of Simulink@ Models B-7
Appendix B: Introduction to Model Coverage
Modified Condition/Decision Coverage Try

(MCDC)
Modified condition/decision coverage (MCDC) examines blocks that ouçut
the logical combination of their inputs (for example, the Logic blocþ, and
Stateflow transitions to determine the extent to which the test case tests the
independence of logical block inputs and tansition conditions. ondi OV
Buildet
A test case achieves full coverâge fot a block if, for
every input, thete ís apalr of simulation times when
changing that input alone causes a change in the
blocks' ouq)ut. A test case achieves frrll covetage for
a transition if, for each condition on the transition, 1
there is at least one time when a change in the X

Affects Affects
T
condition triggets the transition.
AND 1
Z
(x&Y)to (x&v)to
In the example on the right, the table shows that Logical Swii¿h
be T and F? be T and F?
Operator
three test câses are sufficient to achieve MCDC I
Y
covefage.
-t
. TT þoth inputs are true)
. FT (input 1 is false, tnput2 is true)
. TF (input 1 is true, tnput2 is false)
Input l required to be true if
if (x&Y)
TT
Note that the TT test case is sufficient to ensure that output is to be true z L;
both inputs arc affectjng the output to be true, since
Input l required to be false if
if either one changed, the output would change.
ouq)ut is to be false
FT else
Additionaliy, the FF test case is not useful at z -1
achieving any MCDC coverage, since in that case Input 2 required to be ttue if TT
f
output is to be true
either input could change and the ouq)ut would not
change.
end
Input 2 requited to be false if
ouþut is to be false
TF
@ 201.7 by The Math\Øorks, Inc. Verification and Validation of Simulink@ Models B-8
Relatio îal B ound aty Coverage ttt t'ttl:

.,
r ,r: :"i
.: .., .
Reiational boundaty coverage checks fot possibie outcomes thztate considered Open the followiog nrãdel, simelâteit,anéanq.þeu.;$letelationalb'oundary
to be near the edge of an equivalence test (::, ), (:, etc.). cover¿ge. Then, reduce the relative toleranee to 0 ¡,001- end comp.are the
tesults.
The table below summarizes the different outcomes for. an equality operadon
(::) depending on the data types of the inputs. The floating-point outcomes
are süghtly different depending on the type of relational operator being tested.
l-to]. .0) +1 +LSB t

0 0
(0..toll -1 -LSB
intB
SineWave
LSB represents the least significant bit (or precision) of the fixed-point data Swilch 1
true. z.
Relational
-1 Operator
tol is computed based on absolute and relative tolerances, which can be intS
specified by selecting Analysis à Coverage ) Settings and going to the Step

Options tab.
tol : max ( absTol-, relTol*max ( | inputl l, I input2 | ) )
Floating-point Integer
relation relation
@ 201,7 by The Math\X/orks, Inc. Vedfication and Validation of Simulink@ Models B-9
Signal Range Coverage

Sþal range coverage reports the minimum and maximum values logged fot
each sþal in yout model.
Note Thete is also a sþal size coverage, which reports the minimum and
maximum dimensions fot variable-size sþals.
a
Signal Rnnges
ConsTant
trIier*rrhy l\lin l'Iax

condl d lonlsupCc'",
Step
Switch
2-D ï{u}
. . . Lookup Table iu-ü) 7.ût38,+ 18.9998
tØ
$tep tlme: 5 u1
-1
b u2
e
1
ûut1
. . . Srryitch -1 1
Constantl
Lookup . . . f,snstnnt x1
Table {n-D}
u1 bre*kp*ints - [-t, -l
, ¡! hrêrkr1^ìnrq - l-)
. " , ümrstar¿tl -1 -r
-1
Sine Wave
.".$i¡r*\Vavr -0.996165 û.999793
Âmplîtude:
Sias: ü
1
.".$t*p t1
@ 201,7 by The Math\){/orks, Inc. Verification and Validation of Simulink@ Models B - 10

Lookup Table (LUT) Covetage Try

...:
Lookup tabte (LUT) coverâge examines blocks, such as the 1-D Lookup Table simulate it, and analyze &e table co.rief?ge,
block, that output the result of looking up one or more inputs in a table of in tþle $enerated report. :: :
inputs and outputs, interpolating between or extrâpolating fiom table entlies

as necessâfy.
Lookup table coverage records the frequency that table lookups use at each
interpolation interval. A test case achieves full coverage if it executes each
intetpolation and extrapolation intemal at least once. For each LLT biock in
the model, the coverage report displays a colored map of the lookup table
indicating where each interpolation was performed.
Click graph for

rar'ge information.
Constant
lll]Ì1ilM
cond l d
(l!a*
Step
2-D I{u} Interpolation TO
liø¿ s. Switch u1
interval r- 10
u2
,Ø 1
Outl
11 -20
b
Constantl
Lookup
u¡ Jf
Table (n-D)
r4ñilun¡i5 - L-¿. - L U. I Ël
ilzl-30
Sine Wave
ul hreækpoínis - L-2. -1 , *, 1 21
Exact values ffi :t - 4s
Ân:plitude:
8îas: û
1
K >+o
@ 2011 by The Math\ù7orks, Inc. Verification and Validation of Simulink@ Modeis B- 11

Cyclomatic Complexity
Cyclomatic complexity is a measute of the structural complexity of a model.
It apptoximates the McCabe complexity meâsure for code generated ftom the
model. In genetal, the McCabe complexity meâsuÍe is slþhtly highet because
of erot checks that the model coverage anaþsis does not consider.
Model coverâge uses the following formula to compute the cyclomatic
complexity of an object (such as a block, chart, or state):
N
c ->(o"
1
-l)
In this formula, N is the number of decision points that the object represents
and oris the number of outcomes for the nù decision point. The tool adds 1
to the complexity number computed by this formula fot atomic subsystems
and Stateflov¡ charts.
Cyclomatic complexity can be reported in two ways:
. Go to the Settings section of the Coverage Results Explorer and enabie

the Include cyclomatic complexity numbets in summary and Include
cyclomatic complexity numbets in block details.
. Open ModelAdvisor and run the By Task ) Model Metrics ) Complexity
Metdcs à Cyclomatic complexity metric check.
@ 2017 by The Mathrü/orks, Inc. Verification and Validation of Simuünk@ Models B - 1,2
Summaty
. Model coverage
. Model elements that receive coveÍâge
. T¡>es of coverage
@ 201,7 by The MathÏØorks, Inc. Vedfication and Validation of Simulink@ Models B-13
Appendix C: Exercises
@ 201,7 by The MathWotks, fnc. Verification and Validation of Simulink@ Models c-1
Exercises
,4.11exetcise and solution files ate found in the ex subfoldet of the
C: \class\coursef iles\slvv folder created by the course installet.
Exercise Page Refetence
Cruise Control Test Flarness C-3 Chapter 3
Cruise Control Test Inputs C-5 Chaptet 3
Heating Model Harness C-7 Chapter 3
Throttle Control Run Compar{son C-9 Chaptet 4
Heating Model Verification C-1,1, Chaptet 4
Heating Model Covetage C-13 Chapter 4
Ctuise Control Test File C-15 Chapter 5
Throttle Control Patzmeter Sweep C-1,7 Chapter 5
Fixed-Point Equivalence Test C-21 Chapter 5
Cruise Conttol Test Genetation C-23 Chapter 6
Cruise Control Property Proving C-25 Chapter 6
Desþ Etror Detecton C-27 Chaptet 6
@ 201,7 by The MathnØorks, Inc. Verification and Validation of Simulink@ Models c-2
Cruise Control Test Flarness lfv

,i
,i
Refetence: Chapter 3 FdeS in the ex\cc test harne ¡> c tcilder. t::
Topics: Test harnesses, Loadingdata ftom external files .,lt . i
>Þ
In this exercise, you wili creãte a test harness for the ctuise control aþorithm El t.
I
l
in the cc_model file. The test câses will come from a Microsoft@ Excel@
spreadsheet.
L. Generate â test harness from the cruise control model, using a Sþal 3. Crcate requirement links between the sþal grol]psin Sþal Builder block
Builder source block and a Scope sink block. Modify the test harness so and the spreadsheet. To do this, select Gtoup ) Verification Settings
both output sþals are displayed on one Scope block. from the Sþal Builder block menu. Then, right-click the Requirements
section on the dght and select Open Link Editor.
2. Load test câses from the cc_test_vectors. xls spreadsheet. To do
this, double-click the Sþal Builder block and select File ) Import from 4. For both test cases, simulate the test harness and visualize the resuits using
File. the Scope blocks.
The cc_test_vectors. xl-s fi.le contains two sheets, each of which

corresponds to a test case. Import both test cases into the SþalBuilder
biock, replacing any existing data tn the block.
cc test vectors.xls Test harness
Load data
w",l:
-y>;
ffi f,
Link requitements
<ædai_eq!iv_scaled>
AND
LogEâl Switch a2d_scaled_cc

Operator i:iaieti lat la{tii\{
CC-DMble NOT
Cmdan! Logìcå¡
OÞe¡aid1
@ 201,7 by The MathWorks, fnc. Verification and Validation of Simulink@ Models c-3
Solution: Cruise Control Test Flarness |::

ta
lfl Ê1e
Te*2
tI Vc!¡fidion bìod(
-1
o ve.ifiÉiio¡ b,o.16 file
1
-i.:
0.5
o
2
pedãl-."sffiled
0
-2
1
o ffi
!e,ed{ile lc inpoi
cc_rcdeLsln
lhe data fi,e to in¡a^ to $gnal 8ui¡dEi.
'cc_tèst_vêdcrt*s r¿¡s read
titeb Ìnpo* of viorishæìir .¡
âème{s):
tesll
¿üi rl.j--t,te'iì lii Test2
Ch@se the dãta lo iÐ!lù{ ard hc* it !ÈouÈd bÈ åFpi¡ed io

ôf eaçna¡s pe. worksãeeti4
Builder
ffi
cc_14t_vBalort.Iis
B¿r,eis)ì
ped¿l_eaurv-råled
¡edê¡_{^led
ðng:e.saa:ed
lnputs
a0glê sæld
i.i ri-l: resr'r

: ü.peclaj-eqeil'-<alet1
lUndefì.€d ràne! sJl be fe$nedì
: iJl p*a:_*eìed
: 1l¡-1 angre_scaleC
:1-t ¡:ee¿:-eq¡ìv-scaìed
tsasic Froperties
ii-i peia:-scaleo
i/] ¡Ìql¿-sc¿ted
Narn*: fc HETness
li Savs test harnesses externally ¡4*re ínftrrnðti*n
Sources and Sinks

A Ð
t Time angte scaled Siqnal$uilder çÕruF*nent çmd*r Tmt Scope, r ".-
2 1 -2 0
1 0
4 3 -o.4 0 Add separnte assessrn*nt b[æk
5 5 3 0 B 0
5 3 1 0 0 iJ-j *pen hanness after creatisn
7 ð -0.5 1 3..2 0
R 10 -0,5 t 2 0
I
@ 2017 by The MathÏØotks, Inc. Verification and Validation of Simulink@ Models c-4
Cruise Control Test Inputs Try

t,-
Refetence: Chapter 3 Fiþ se,doldér.
Topics: Creating test câses in MATLAB@
, -,"1": '::
i
In this exercise, you will create MATIAB scripts that define test cases for the
cc_scaf ar_inp and cc_bus_inp models. Details of the two test cases
ate shown below.
saåLeé.. ..'CC DísabLe
No No Yes Yes
0
I
I
10 0
I
I
^t
u I lu u
^t
| _LU
+ + --t- true
4
I
I
4 false I
I
true true 3 2 -2 -1
u
Î
I ru 0
I
I
5
I
I
10 u
^t
i ru 0
I
I
10
--+- + + --+- + fal se
4 4 fal se
I
I true I
I true -l^
Jtz -2
I
I -1
1. Open the cc_scalar_inp modei. Modift the Interpolate data option

of each input port as described by the table. 4. (Bonus) Repeat steps 1 through 3 with the cc_bus_inp model.
2. Cteate two MÄTLAB scrþts where each script defines one of the test cases Hint Fot bus input sþals, you can create â structure of time series
shown above for the cc_scalar_inp model. variables as shown below.
3. Test both scripts to make sure they work. For each test case, simulate the
model and view the results in the srgnal viewers.
@ 2017 by The MathìØorks,Inc. Verification and Validation of Simulink@ Models c-5

Solution: Cruise Control Test Inputs
Test 1 Test2 >>

n',}Þ
È pedaå*eq'*:.-,r*s*a leC es
5:.*cfuaå**qr:.åw s*aå*S ÞÞi
| : [t; j_û] ; t - 10;1-01 ;
1r : i4;41 ; 1l : [{;4]; Bub
ingrl - tineseries {r¡o t} in¡rl = ti:aeseries {r¡, t} .'
'>>'
"'
i>
* *n**ff J-
^* ^SË >å ü t€'s
| : iO;5;101; t : îo;5;1ûl;
1¡ : [fal-se ; trr¡e ; trete] ; r¡ : [fa.]-se;true"'Ènre] ;
irrp2 : timeseries {t¡rt} ; 5-rrp2 : èi.æeseries{urt} ; 1
pedal_equiv_scafed
rå 5:*dæå*se).äìe$ :.: 5:e$al*s,*.ä.å*,S. i......i data
! : l$;101 ; t - ls¡10]; 2
r¡: [3;2]; 'r¡: [3;2]; on_off
5-np3 = tineseries{urt} "'

inp3 : Ëiseseries {urÈ} .'
CC_Disabte
ri anç:å**s*;rl"**. er a*çtåæ*x*rale{å
t : :[s;1û] ; r : tG;1_ûl;
Conslant
u : [-2;-L3; 1l : [-2;-1]; 4
inpll = tineseríes{u,t} in¡r4 : tineseries du.rÈ),'
"' pedalscaled
data
* {l*-Såse}¡le t f { îlaqåhtê
4
CC Ðåsab1e = fa1se; CC-Ðîsablle : true; angle_scaled
ti -t.it:i .t:
Lscd frcffi $rsrkspÊce

14Input: inp1,inp2,inp3,lnp4
J
åJJ 9iól;i .it är1illå s,:ili.iti
-r
^!
-if ?llr.:i r: r' Þeliill. !rir ¡Ìrj
:l:;l,il
ar2,j ia¡rlå¡ {4.,111i'19 !li-JIf, ii
l, :ilr*itial state: xlnitimÊ
.n
@ 2017 by The Math\X/otks, Inc. Vedfication and Validation of Simulink@ Models c-6
Heating Model Harness

Reference: Chapter 3 Files l: ,
Topics: Test harnesses, Logic-based testing ..:l

ii;
In this exercise, you will cteate a test harness for a room temperâture controller.
This controller implements the following des:
To test the control algorithm, take the following steps.
. If the room temperâture is greater than dT degrees above the seçoint, then
enable the cooler (heat_input heatingModel.
1. Open the model Crezte ¿ test harness for the
-1). Temperature Control subsystem using the following options.
. If the room temperature is less than dT degrees below the setpoint, then
enable the heater (heat_input 1).
' IJse a Test Sequence source block and no sepârâte assessment block.
. Modify the Test Sequence block such that it is in an open-loop
. Else, do nothing (heat_input 0). configuration, i.e., it has no inputs.
' Ensure that users cânnot modify the component under test inside the
test harness.
T_e*
2. Impiement the following test case in the Test Sequence block
TffipèÊ!æ
.IntrtaLz,e the test so that both desired temperature (T_des) and room
Ereretlêmgeøt!æ temperature (T) have a value of 6 0.
70 hsil€ Tea@tre
. r\ftet one second, transition to a step named CoolDown, which sets
Dæired
H HddhÂd
T_des to 56.
'Âfter three mote seconds, transition to a step named HeatUp. This
should have two substeps. The first substep should execute only once
and instantaneously changes T_de s to 6 0. The second substep should
condnuouslyincrement T_des by 1.
. Once T_des exceeds a p^r.^metet Tmax, transition back to the
J
CoolDown step.
3. Simulate the model and visualize the T_des, T, and heat_input

r:i: !.
ii,
sþals. Try modiftrng the values of dT and Tmax in the base workspace
and compare results.
@ 201,7 by The MathìØotks, Inc. Verification and Validation of Simulink@ Models c-7
Solution: Fleating Model Flarness Tty

l:, :::.r
Ì -L ':.
>i i:
T-des
Ff
rl h€aT inpu¡
I rrri' l: i il i
Cannot edit
subsystem
inside test
1
harness. ììi
heaL¡nput
a'ì
Cfftrol I Enable compo*ent editinE in harness nnadel
Sy*ìþo{s Step Traüsitiocr Next Step

Stãrt l. af'ter{1 ,sec} CsolDown T
ï_des = 60;
T=6S; ili-,
C¿¡afDcçvn t. after{3,sec} lleatUp v .]11
T_des = 56;
tonctant Ël $-$eat{.Jp 't. T des >= Try¡ax CoolÐswn v

Fararneter
Tmax t) I t:) i{"
lnstant#l'lanEe i. tn¡e RampHeat V

T_des = 60;
Rampl-leat
T des = T_des + 1.
@ 2017 by The Math\)7orks, Inc. Vedfication and Validation of Simutink@ Models c-8
Throttle Control Run Comparison Try tif 'i¡
':¡¡ l
.l=i a,t - ,.;,4
Reference: Chapter 4 CI@the Sírnulækprojeø tn the ex\etc folder.
Topics: Sþal l"ggog and comparison ,L]'
">> etc
In this will use the Simulation Data Inspector to inspect sþals
exercise, you
and compare runs in a throttle control system model.
4. Open the Simulation Data Inspector and petform the tasks belov¡.
1. Open the Simulink project in the ex\etc folder. Then, open the etc . Plot the angle_integer sþals in the same figure. Which of the
model. runs reaches the angle saturation upper limit?
2. Configure the model to 1og the bus sþals at the input and output of the . Find the differences in the controller ouq)ut sþals (duty_scaf ed
Controller Model block. and di rect ion_s caled) betweefl. runs.
3. Record the simulation ouq)ut and simulate the model with the following 5. (Optional) Try inspecting and comparing logged sþals and runs. lJse the
controller p arameters : Create Report option to automaticaþ generate reports fiom your results.
Run 1: Kp .0507, Ki : 0.3630

Run 2: Kp U . 01, Ki 0.3630
Run 3: Kp . 01, Ki 0.75
cc_orfp$ts
Log sþals
Cru,sêContaûl
coFrkoÌþr
dúl_a¡aþg dtu'ty_aãbg
Sqnãl 1 pedal ìúlts
L p€dal_vdts da_i¡pr.¡t ängle_mfts
a2d*or{pl-{
a2d_outprrt dire¿tkh_ãna@
arEle_vÕlts
Pedallrçut
B . Fodúf Eûl pÐlsed
Contrdlêr DigitêJ2,4¡alsg Throttle
AnalogaDis¡[al
'ì - Fe{i¿i} lùlfy iXdtr¡",¿rùJ] i Sr if.w ;¡ ç: I iiiì riiii# íÀi B ¡r ii-.,f ärÞj f H¿rd'**r"€ - ph¡sir:rzls,1:l;ari
FÍiKYiÊ-d ii.lÌrld¡r;ïè i s]í|,'yåre jnierl*öÈ]
@ 2017 by The MathWorks, Inc. Verification and Validation of Simuünk@ Models c-9
Solution: Throttle Control Run

Comparison
Select the bus sþals at the input and ouq)ut of the Controliet Model block If you look at the SimulationData Inspector ouq)ut below, the fust run is the
and select the Log Selected Signals option as shown below. only one whete the throttle plate angle does not teach its upper saturation
limit.
a iul tr3rsC¡eãl|ri.ald_autF{t.ãrgle-irieçet IB!!Creåtlr1s2d-quÞli.arE1É-lnlsg*r

x â¿ç üEâlçr: l.ã:{-ÉùtpulðEÈìe_irle6e.
-31¡P:r "
1cÐ
- Rìs 'l: efu
Bù¡ iiË?lûil.ä3d*ü!1Fìlì-ÍrËflal-i[lÉ9qt
945 Cieêl!!:1 ri_ouilrüts Br-ÈÍ 3n+
Sr! Cíeetçr. 1 tE:cùtFú1r.ÊÈdll-¿cùiy-s

isslÌ6ìler1 ÌJirÈ¿ti?n_.iÍa'sú
C !it-r¡llgr :. tr\,_scðled
- l?ür ¡: êtû
Ëûs Ð,êãl¡.:1.r:d-ûrirul.þûdê¡_ìËleücr
Bçs ¿rËë,1ür:'i.d'Ëuþüh.wL õrt ¡
BuÈ útÈ¿loÍl c ! 1f
Cart:Êl1er Ì.úsúio¡_îqsìql R tcfibêl¡ër: ì.dui!_ôælËd s t)ûfttsllèr:i.drtt-s¿alÈd * Conrgflsll.dsly-6æ¡Èd
t919çliÉr.l.dkf¡:sæ,é¡
v Ruñ f: Bir:
uï Ë åü.$ F*ç tiErìûr i.32¿f,ôilÞ1rlÈedál_lftlÞit*r:

Bv! lrBùìor ì.!i_iuÌp¡s tf_o1Ì
:ôB
-
U Simul*Èir:r-r ünt.o i*spertr*r
åìJ: Ê1È?tôi-Ì
tioif o Jier :.direal;ot_ìcäf çd
ffi L*rçå* Ånal¡rzr¡

tcn?ô11Èr.ì dú!-!¡:¿lÈjJ
ii
5¡
t
¡ñð ñcom$içx*re Ê-llgçinq,". ] t 1i)
]
dä¡1 l-åelp,."
t
@ 201,7 by The MathWotks, Inc. Verification and Validation of Simulink@ Models C - 10

Heating Model Verification ffy

::
:
.!
-i
.,1
i
- rlrr:
r'
{
li
l
Reference: Chapter 4 Files are i" F" ex \ rLernpChrl- ûô¡lder"

Topics: Test harnesses, Run-tìme analysis
,i
In this
1. Open the heatingVerif Start model andnavrgate to its test harness

heatingVerif Harness.
2. Addrun-time to the test hatness to check whether the room
remperarure stâys within an accpfblal6anSe.
. You can use Model Verification or Test
. The analysis cntena ate as follows, where
blocks.
Tptl Å"$fr,,^],
úo1 is the relative
T 3T¿¿r*tolxT
T 2Tasr-tol*T
. Stop the simulation with erÍor if the analysis cntern are violated.
^fl
3. Simulate the test harness with tolerance values of 5% (tol : 0 . 0 5)
and 10% (tol 0. 1-) and compâre the results.
T ext
If the tests fail, can you find a value of the dT p^rarr.eter such that the
T_ext heatingVeriiStart
requirements are met? From Workçace T ext
1
T des T Temperafure
T
70
T des
A 201,7 by The MathWorks, Inc. Verification and Validation of Simutink@ Modeis c-1.1
Solution: Fleating Model Verification Itv
The scope output on the right shows the analysis results for a L00/o relative
toletance.
The test passes with a 1.0o/o rcIaave tolerance but fails with a 5o/o relaÛve Tæst
tolerance unless you reduce the value of dT to about 1 . 5 or lower. ,Þ
Relative
Tolænce Upper Lmf
T_ext +..........._
.¡n ffitrËJ ìíi. iit
T_er{ heat¡ngvsìfSoln ì elt'r¡.'i:l'.3i irr e 1.-il il'i: i :. :l r .. .t'.'. 1...ì¡ r-ìll
Frw Wo*spaæ T_ql Su!Êract
T sg
I des f TempeËfute
Check
Ðymmic Range
70
T_des
¡¿
Assessment
Tmax=T*des+retTol.ï
assert{T {= Trnax.'[v{*xirnçra T*nrperæt*r* Fx*ææded') ;
*r 'l*nip*ri:i,;r*
Ut!F€r.Lìiliit
Lr:,,,1.Èa Lim¡l
Tmin=T_des-relTol-X i:i 'i
assertff >= Tmin, 'Minim¡¡m T*rnpær*ture Hx*e*d*d');
T_ert h€t¡ngv€rif Logic

Frw Vy'økspaæ ext
t' l, ¿.
ï des T€nperalúæ lôùéri imf

Tmi¡
Õ
L
7A 2
UpperLinil
fmax
Teg Sequsce
@ 201,7 by The Math\Øorks, Inc. Verification and Validation of Simulink@ Models C - 1'2
Heating Model Coverage Try
Reference: Chzpter 4
Topics: Test harnesses, Model coverage ':,1::
heaÈi c
In thisexetcise, you will collect coverage information from an existing test
harness for a room temperâture controller model.
1. Open the heatingHarness model. l'[avigate to the ctrlHarness

test harness in the Temperature ControÌ subsystem.
2. Configate the test harness to collect coverage information, such that
. Decision, condition, and MCDC coverage are collected.
. Coverage information is collected for the Temperature Control
subsystem only.
3. Simulate the test harness and view the coverage results. Is full coverâge
T_de5
achieved? \Øhy or why not?. T_des
H
T
l_des
¡-t 1
T hea{_input
-t
TeS Sequence
Fu1l coverage?
@ 201,7 by The Math\)7orks, Inc. Verification and Validation of Simulink@ Models c-1,3
Solution: Fleating Model Coverage .:
In the test to Simulation ) Model Configuration Parameters

harness, go
) Coverage. Enable the Subsystem option, click the Select Subsystem
button, and select the Temperature Control subsystem.
Select: i¡,r Enable coveraçe analysis

Solver
Entire Systen'r
Data Impor'$Export
, ûptirnizatiot't '", R.eferenced Models ¡>
T_dæ
' Dlagnostics o. Subsystem $çlect Subsystenr

héat_hput
hst_inp(lt
l-{a rdware Implenre... T
Model Referencing I¡'lclude in analysis Ianperalure

Sîmulation Target l IMATLAB files
Code Generation i¿ C/C++ S-functio*s
Results Ccverage metrícs
The existing test case does not fully cover the

temperâture control algodthm. There is 7 5o/o
decision coverâge and 7 50/o condition coverage. f f +
Rate <=-cl 1
Based on the results, there are two reasons for tn1?n < u 4 ìlîaY hæt
this: F
2
åivitch
. The desired temperatrúe T_de s is never below Rate
the allowable limit Tmin. I
. The error sþal (T_des-T) is never less

'* Lqvezge: údHãrêess
than or equai to -dT. Therefore, the cooler is -ffi
never enabled with this test case; that is, the subsystem blæk "teeÊg!3l9!igl,s8gÈ¡"
heat_input sþal is never -1.
Decision 75ù1o {6/8) Condition 75ôls {314) T0 Con*ânt1
Extrutian 100c,i, ( 12112)
0fi
@ 201,7 by The Math\Øorks, Inc. Verification andYaltdatton of SimuLink@ N[odels C - 1'4

Cruise Control Test File rry
Refetence: Chapter 5 Files afe 1n the av\ rn !^^+ Qlt I !^

folceL
:::.
Topics: Test files, Simulation and baseLine tests ',
..:: t
*hich
:
r:1
fpu t-s .ma€ :
In this exetcise, you will create a test file that leverages eústing test cases for a
cruise control model. To do this, take the foliowing steps.
3. Cteate another test suite that runs the cc Harness test harness in the
1. Open the test m^n^ger and create a new test file.
cc modef soln model.
. Configure the test case to run the Testl Sþal Builder group in the test
2. Create â test suite that runs the cc scalar soln model using two
harness.
different sirnulation test cases.
. The írtst test should execute the testl_scalar_inp scrþt prior to ' Make sure the test is a baseline test, whose ouq)uts are compared to a
baseline stored in the ccExpectedOutputs . mat file. This file can
simluating the model.
be found in the ex\cc_test_suite folder.
. The second test should execute the test2 scalar inp scrþtprior
' Use an absolute tolerance of 0 . 0 01 and telative toletance of 0 . 01
to simulating the model.
(70h) for all sþals except the on_of f sþal. Since this is a Boolean
. The cc_scal-ar_sol-n model is not configured to produce any (logical) sþal, setits tolerances to zero.
output data. For. both tests, override the model settings such that ouq)ut
4. Run the test file and explore the results. Generate â report, ensuring to
data is produced.
include results and plots from all tests þassed and failed).
Test
te st 1_s calar_inp
Simulation test rll &" rl* , \.,

-Ð-l
cc scafar soln
Simulation test il* * ¡¡* f,
test2 scalar inp
Baseline test ll* #; +__+þr cc_modeI_soln

(cc_Harne s s test harness )
ccExpectedOutput s . mat
@ 2017 by The Math'ü7orks, Inc. Verification and Validation of Simulink@ Models c-15
Solution: Cruise Control Test File

The simulation tests can be configured to run the input creation scripts in the tx
preload callbacks. In addition, you can override the ouçut settings as follows.
rìiIì,:
The baseline test fails because the cc_outputs. on_of f sþal becomes
lr{rdâli f,i-sìålär*s*lü tïue at a different time than in the expected results. This affects the value of
the a2d_scaled_cc. pedal_scaled sþal, which is why that baseline
Y lir::-"
w iii.r ii:'1..
i, ::;.i',f.]
comparison fails as well.
.i¡ì ûvs$rds nslgÌ,setti,Ìl-os test ]- Ec.õLa r_ iflp
ËÞãssttrreiÈ r¡ Ksl*r:-le rr ; ¡$c*pu,l*oo

/ -ry¡lË,ul ¡* ¿c-qi,hü?sÐn-ú$ r3åHlinÈi x ri-rulp3ts.*l-úf {ilÐtpE¡é Tsl
¡ Rerdts . 2íilt:4çt-22 14.32:. 1F: ;'s 18

The baseline test can be configuted with the following harness, inputs, and , t,¿ crT*stss*ln ;l'* 1S
: la fkress Tesf ûas* 'r*
bas eline criteria op tions.
, [!j Éaseìin> trileta e ?.?
{J *2d_ååãlêd pëd*l*,ìcâlà{a
î¡lì-ii., :.ii: ri r, :'_i r::ì â:d-s{alÐ{i.tr$È-s¿alry-i
f\,l$d€,1: a t_n õris l_-qs ln a
',: Èc_flrtpuls.psdalÈq$i!- .
n
it:- s:autFu¡Ê sr_ùl
ç r r:, i: $¡i1! ì:þi L n¡ÍrÊ¡aè lf TslårarcÐ
i: a2d.sealed_m.pedal_sca..
tiãtnÈsç: il âzd-srãlÐl-r c.as,fls-scå..
+.ådd ' :*:ì . ' Ë*lf*iir ,: l.:1; r FQ simûutp* ¡cr_noceþaln: rcmali

, f' 1 $tæd*ìrÉ Ï€st Ðåãs ---*l
ß ¡ gnäl Ëìl i¡dâr,Cinii,Fr t-
,¡ " '-.îrl:i;,ìì ) ¿ SrmUElÐf rÈSl I ¡ ì N
, g SiÀuf"Or"l"utZ
: Så\'€ b3s*ìifte date in :sst rs*¡llt
;1,Í.ì -'Í... Å -1
5 3 4 ? !
''.,''., 4 4!;al
tr_üutpill$.ú11_sfi ü ü .Jlt?;
ã2d slå¡ed *ì:.*,eCal :*eã¡€* Û.Xii 't.t"i1¡:
./ 3:d s{âl3d ri.ãnclå s:alFd

*2{i_$lâlÈ*. Fed ãl_se a]ed
; lt,'
Ådd.." lf ,CsptürÈ..
@ 2017 by The Math$Øorks, Inc. Verification and Validation of Simulink@ Models C - 1tr
Throttle Control Parameter Sweep

:tl
Reference: Chapter 5 in tlæ e

Topics: Test files, Iterations, Model coverage
In this exercise, you will

cîeate a test fi.le to perform a para;meter sweep and
4. Bnal>Ie decision, condition, MCDC, and lookup table covetage for the
collect the aggregated model coverage.
system under test and all refetenced models.
1. Open the Simulink project in the ex\etc folder. Then, open the etc 5. Run the test case and atalyze the results.
model. . View the a2d_output.pedal_integer and duty_scaled
2. Configxe the model to log the bus sþals at the input and ouq)ut of the sþals for all iteradons on two separâte subplots.
Controller Model block. . View the aggregated covetage results and find the blocks with missing
3. Create a test file consisting of a simulation test which runs the etc model covefâge.
using the following pârâmeter sets: 6. (Optional) Generate â report ftom the test results.
Iteration 1: Kp 0.0507, Ki : 0.3630

Iterz:d.on2., Kp 0.01, Ki 0.3630
Iteration 3: Kp: 0.01, Ki 0.75
cc ouþr.rts
Log signals
Crui,sêContrù¡
coñtrûller
dr.ùl_anaf¡E du¡l_anãbg
Sltnãl 1 pèdaLvúlts
----¡
p€dat_vdts da_nput dZLinpul angk-r¡ofis
Pedal lnpuf
Contrdler D¡g,taizArlalog Tlrrottie
tl .. l"oda! pÕl preDsûd Affilog2tlgital
'1
- FÊ{:!å} iìrIT Fri*,r{."{l {Ërfl!r.¿r*} isüf1yri$* i i'r.* r d,",/ âi* in ierlâ cÊJ {f-ià¡d'¡r*íe.. ph,isir¿ìi s{silÈr¡i
{11*rdaar+ i sritur'ar€ ii':?årfär:e}
@ 201,7 by The MathrJØorks, Inc. Verification and Validation of Simulink@ Models c-1.7
Solution: Throttle Control P ararneter

Sweep The test case is defined as follows in the test mânager.
Select the bus sþa1s at the input and output of the Controller Model block - $l ri$i[1Í i.ii!i--1!i"l iÍ]l i
¿nd select the Log Selected Signals option as shown below.
Itl¡:del nrlñry
t i.¡ri:il l- ir$lìilifL
) a i f ,i: rì l.4ll i,:lti rli: l-* ì lri ti'* t-': I ËÉÊ ì I ãf
,;¡ ¡:i b¿ .* 1roÉflir$.ai ËLds!-ü|rc,:it
,Y ¡çf: rl.*5ålT håss !îorþ;ãúa{* É,t,:,:iJi¡1r:rje{
-, iParamsierset2
J i.l5 bax* vr'orltgFa;e ütl¡lßñlrc: :Ët
0.üÌ base rryorit*F;as* , ,af
hês* vJ¿xlisËrate *ttiC,ir,i''*ìlÉr
I.üi n*se wcrl,pp.xs* #rjiì:nTrs.:ei
1#,tl
*.q** - ff R*fre*h ìil E:spsÍt ffi' ú*t*t-"
U$ Simulatinr¡ üab* Ëæsprrtmr
ffi Laqec Analyeer v rTf Fii-11:f 1iìil
- 1,ù*iã ìrËlATìir !ì
T i#i l:l;:iíÌ +
I rnË¿rF-.-ãî Íiìïå1È..
fu Confiqr¡ne Lcqqinq.". 1
J:lt*rübûn Farsmètãr Ssl i lisiåsiii
",r'.;irrr
Jitt*rsti*nt Prr,rnelilr Ssl 3 .:l rti". ij
"':'ftç
Jìneråti¡nr Faran*lsrSxt 3 iÍsib;iii; #ï¡ìt'
@ 201,7 by The Math\X/orks, Inc. Verification and Validation of Simulink@ Models C - 18

Solution: Throttle Control P alamieter ã:

rfv
::
J:
Sweep (Continued) Þå open eècFaraæSweep'..mldatx :
At the test fi.le level, go to the Coverage Settings section and enable the
options shown below.
Rs$L¡itiÈ ãrd ål-fil.ãe ls etrpotoFttr!æ€p m SËr.ilÊ ' i¡Viseli¿e .:
w.å2i_sritiu:.Êëú¿l,i¡ìsger * ¿3ii_îsÞ!tinðie_inþçer
L¡2C_alit'!r.¿r!lÊ*i¡tÈger îi .à:,ì_rüEul êf qiÈ_iîtegËr
- ç*'ì
elÈPa¡a¡nSv¡seF" *Ì*F*r*nrSr,ve*p - Ræults; 2Ëîâ'\1ar44 BfD6:&0
- i-' : Sysïerr-Level T*stl : -t,1,1i d,!,¡i( . -:_ €tcts3rams {æ}

:- - i*ì Srstem-Level Tæi¡ i,**
,è. i-'3rAf Èl?f D¿.'ÈeË
- [ PamelerSrep
¡ i,'riÍll:ìli lii..i. s¡?
- ¡] tteratì+r, ,ll
Þ : ^! .:. f .ft:.., n exrGl)

c._&lFrts Þedal Èqui'Ls.alÈd..*
r._urydr r,ì_v,r
-¡;ir,,;;1¡¡ ¡¡, r.;;
{ c
¡ I ã :.
,:.irì:'ü!;.:r-ri' i',.: !
' .ìf:tì..ì. !., .'
riùìr_s¿åled i .dutr_stsiêd s.drt/-x3:èd t.c!it_sa's'J
, J Ea; lrs ;¿vBrs!è f"1r srs'tåfn úndêr teÈ!
l Rec*rd ';i',,ëmçs l*f rÐlsrgfxrËrj nidÊls -m Eim Ðstp$ {et . rcn€i}

Èrri4puts. ¡:a!åléqu¡v_!Èåled ra!
r:t..,' :ii lr;f- +lf ¡.1',. ]
Èr_ol'lput E. rc_Èfi
I D**i-<iorr 'l Crn.litirn .a2S_Ðriipul. Fsifrl-iûtegs

,/ .ðzd_oùlpjl.asglè_mt€gä
*/ l.lcÐi ,1, Lcal Lt! T?D e
3
¡ I è Ê
Use the Results and Artifacts section to display

:;r:' ;:,,.1.{: iS¡,_ i
the a2d_output. pedal_integer - i:iüã ill
and
duty_scaled sþa1s. i i::'::,iÌ : I'
ffi ffintrsller ç 5 Xlll:l::::'ì srrc

1illlÌr'r
From the Aggregated Coverage Results section, #
ffi etr 2 J .:1 ;ja rli 1fiü1.ËF
you cân detetmine that none of the four models in the
hierarchy achieve full coverage with these tests.
!n ---.
t 3 1ttÍ" ru
ffi p".*nrcn"* ö 5 JSDI; M
@ 2017 by The Math\)üorks, Inc. Verification and Validation of Simulink@ Models c-1,9
@ 2017 by The Mathl7otks, Inc. Vedfication and Validation of Simulink@ Modeis C - 20

Fixed-Point Equivalence Test Try ,,,'' ., ,,.,.,-,,t..tt." '."

.
: l. ,,::::1"::'
:t, ,,
Reference: Chapter 5
,SPtn &e Simulink ¡rtoject
Topics: Test files, Equivalence tests
Note This exercise requires Fixed-Point Desþer'"

. ..::
In this exercise, you will compare a fi-xed-point implementation of the throttle 1,.'
PI controller with the original floating-point implementation. The goal is to
find a fixed-point desþ for the controller such that it matches the floating-
point desþ within a specified tolerance. :ÞÞ
Lre,¡1,'-v2
1. Open the Simuünk project in the ex\etc folder. ìi2
2. Open the test m^nagel and cteate a new test file.
3. In the test file, create a single equivalence test that compares the results 5. Run the test and view the results. Does the test pâss?
from the etc (floating-poinÐ and etc_v2 (fixed-point) system models.
4. Captarc equivalence ctttena by simulating the etc model. Set the absolute
Hint You can change the precision of the fi-red-point controller
implementation by going to the piCtrl_v2 model and modifying the
tolerance to 2 and the relative tolerance to 0 . 0 5 (5%).
Data Type Conversion blocks highlighted.
Hint The models are not configured to ouq)ut data to the base
The default datatype for these blocks is f ixdt (L, L6, 10 ) , which is a
wotkspace. Before running the tests, make sure you enable data logging
for the a2d_output bus sþal in both models.
sþed 16-bit data value with 10 fractional bits. Tty increasing the numbet
of fracional bits to f ixdt (L,76,12) and compâre the results.
pedaf_volls DataType Cûnversim
a2d_ortput
C¿nr¡ert
a2d_output
angle-votls
<pedaf saþd>
Analog2Digital
il"lsrdwer* 1 s*ftvç* r* intrerfac* j
Tyæ CcElvers¡en1
thange the *ñta t¡çe of

"N
these blocks and
cornpare results in thÊ
equ¡\¡alefice test.
@ 2017 by The Math\ü7orks, Inc. Verification and Validation of Simulink@ Models c-21
Solution: Fixed-Point Equivalence Test Ttv

--J .;
I
:.:
Create a simulation test and use the following models in the Simulation 1 aod Gã toùe tesès subfàldäc öf
Simulation 2 sections. ,. :i,
,
a."::1;i,-|) ¡:ì ) i:.ri1 ,:j
--li'r Iîãl¡i i.;i'iil[P ïlli' -f"iiÌii"ì j..

i-l-.¡i:fì -llii Jest 3 rlrlale r
fufu suc +¡e r f,' +-at:e r $cm¡ctison r
w ã:d_*utFùi.åBgÍq_iltetèr IBE$JÌÊel
& ê:d_rlllÞ!'.êñ!'1-j¡teq* ii9¡pâre tei
fu1ûr:l*l ÞdÐd,el: , gesüìls ' 2$15+:Þt-22 151t5 {¡ tC
¡ i'ì'ì ¿l¡Equi;Sçl*
/ i:j Fjxed rs Ffffiiql-F.ifl Êoti.dts
¿ ij] E{liraì¿ncÐ fxl
, S EcuililsrÈ&iterir I
After enabling 1"ggog fot the a2d_output sþals in both models, you cân
Rerll¡ tr
i-r' a2d-ù!ì Þul Þed;ìlinìeg€r i:
capture these sþals in the Equivalence Criteria section as shown below. ,S: ú*_elput ãrgle-iñtÊgø :1 ¡ i¡
r 3in Ð ?ife.9rç€ lï -:s1sÉ¡t€

bj D(ltÞrd 1 ièi.
, ffi si* ôup* z 1er,- 12 : îôruli
vî.'. si*r::,l =:f.:.
1.0 fracttonal
/' :: *ì"'t:
' ":ri;'1-
J â2d_0rrlput.p+rlal_i *teç*r : UJ'/ð
bits - Fail
/ å.:l_Õúlpijt..an.!lle_¡nlËgs r
ilF ÐsÞlr¡e..
ffisurla¡e r fiÇæparison r
* ?_ir{ete. iB*sel
The diagrams to the right show the equivalence crìteria results fot 10 fncttonal 9: C_È uiF u:.¿nÐl ine i
t s?d*û!1Þ!iãÕg,e-ir¡eger ,lf esã.e lc;

bits (f ixdt (1, L6,I0 )) and 1.2 fraclÚ'onal bits (f ixdt (7,16, tZ)). / Féirlts : 2015rflt-t2 1À:S2.tj¡
, ìi c?rìEq6,15s]n
Note that the increased precision makes the equivalence test pass. r i ll Fi^Ëd rË Fle€tinù-Pcinì CùnìÞ¡lèr
¡ tl ÊÈuìYåleñ.è -¡*t
¿ À tqu "¡ ente *les¡ rcsull
i:' a2c_aÈtpul pe¡àLintêgÊ¡
9:
ii ê3d-oulrut elgle-intÊger
I aife.g¡sÊ i r=ü'eraeae
' [i
Srñ ifrÌtpüt 1 têit ] nomal,l
) Ei SinÐslËul 2 lel._v2 : nomul)
1,2 ftacttonal
a;
bits - Pass
@ 201.7 by The Math\X/orks, Inc. Verification and Validation of Simulink@ Models C - 22

Cruise Control Test Generation ir'
rTrX
Reference: Chapter 6 the ë*\ L ;

!:
Topics: Model coverâge, Test generation ':t::'
a:
In this exercise, you will collect model coverage from an existing group of tests.
Then, you will automatically generate tests with Simulink Desþ Vetj.fi.er'" to
ptovide any missing covetage
3. Simulate the test harness with both sþal groups in the Sþal Buildet block
1. Open the cc_testgen model andnavtgate to the cc_Harness test and collect cumulative coverage. Ensure the coverage information is saved
harness. to a file.
2. Configxe the test harness to collect coverage information, such that 4. From the cc_testgen model, use Simulink Desþ Verifier to generate
tests that filIin the missing coverage. How do the generated tests differ if
. Decision, condition, and MCDC coverage are collected.
you do not use the generated covetage file?
. Coverage information is collected for the cc testgen referenced
model only.
cc oLûpds-pda,_@un_sc¿þd
cc_oillpúls_on_of
t_
lnpub
AND
p€dalscabd
Test
Logícal azd_scaled_cc
Switch a2d_scaled_cc
Ope€td CASCS
Coverage cc_d¡sble
NOT i:¡ilerìe
Âiñ^^!
-fu
1
r lr¡Jssirf¡
'ra -: ñ
file Operatø1
<pedalscâbd>
<dgle-scâled> f
SêtrEtiú
-5 <-_ u .:= 5
@ 2017 by The MathnØorks, Inc. Verification and V¿lidation of Simulink@ Models c-23
Solution: Cruise Control Test Generation

...:
First, configure the coverage settings in the cc_Harness test harness. s'o
.^l^+, i*rEnable *nalysìs

*tcLt-
As shown below, the numbet of objectives that need to be satisfied by the
Selver
Ðatä Imporvfxport ' : LnTtre generated tests is significantly reduced by including existing coverage data.
i) Ûptimizatìon Referenced l"lodels
: 'tt
Diagnestics ,
Ha¡dlvare lrnplementatlcn
j buf)sY$em
c | I cc-crLputs. pë dat*e{¡ ü;v.
^ led **--*-------*
-f -scä
-¿ ñ
Modei Reiere*cing Include in analysìs
sinìulati0E Tarç€t
, Code Geilerãtlon
i A.lATtAÐ f¡¡es 1
/ cov,€rôEê i__ì c/c++ S-functìpns ü

ô^^-.È^
Ke5UtÞ -l \7ith
1 F{ûL Cûdû GÊñer¿tiûn Cûverage n'le$ics
6
coverage file
Structi.¡rõl {eve1
Þ Other n¡etrics
t
¿
Ã Two test
0
-5 objectives
-'1û
Simulate all test cases in the harness and save the cumulative coverage to a fi,le. I
ftq
To do this, you cân use either the Coverage Resuits Explorer or the automatically t
0 û.üû5 û.s1 ü.ü15 U,U¿
generated coverâge file based on settings in the Covetage ) Results section Tirne {s*c}
of the Model Configuration Parameters dialog.
Finally, set up the cc_testgen model so its generated tests extend the
t ¿c"-euïpr.äiÊ. ped.ai-eq *rv
-1
coverage data you just collected. "2
1
t,5 ¿¿,È*lñulå. Õ:Ì*ofr

d C)€sìgfl VerifÈer
Blo{k RÈpla{ements
0 Without
6
Pårar*eters i'çlir::,.: ;^:h¡;:;ilir,r.'t r¡.:i.l:iíe$ f,¡3 ;:,llliiti1l iíj:i! r:ðl'r::;
4 e?cf*sc*led.pe*a 1....**aled coverage file
¿
Ex¡çting covsrage dðtå 0
Ðesiün ËrÏâr *etection
Prsperty ProvinE iÏ ignore *hjcctives sãt¡sfied in existiftE c*veraçe data: s
r"ì
Twelve test
ä2d*scåtêd "ängle*scaled
Covemge data fÌle: rcCovDõtã.c!"t mrs';"1 _q
-1Õ
objectives
1
û.s
0
0 ñ n.1 û,t: t.$3 0.t4 t.ü5
Time lsec)
@ 201,7 by The Math\){/orks, Inc. Verification andYahdatton of Simulink@ Models C - 24

Cruise Control Property Proving :,::
Try
Refetence: Chapter 6 Files are in the ex {bJdet

Topics: Property proving :::
In this exercise, you will use Simulink Desþ \rerifier to test the ciuise contiol
system using formalvenficai-lon instead of test cases.
3. Place the newly added blocks in aYenltcation Subsystem block.
1. Open the cc_prove model. Check that it is compatible with Simulink
Desþ Verifier and make any necessary modifications if it is not. HintMake the inputs to this block the cc_outputs and
a2d_scaled_cc sþals, and extract sþals using Bus Selector blocks.
2. lJsing Proof Objective blocks, prove the following properties about the
model. 4. Ptove the model propeties. If any of the objectives are falsif,ed, view the
counterexâmple using a teport or test harness. Can you add any assumptions
Objective 1:
to the model to change the results?
Thepedal_scaf ed sþalin the
a2d_scaled_cc bus is always
between -5 and 5.
Obiective: Obiective:
Objective 2:
If on_of f is true and on_off : true pedal_scaled always
CC_Disable is false, this implies between -5 and
and 5
that the pedal_scaled sþal in
the a2d_scaled_cc bus is equal
CC Disable : false
to the peda l_equiv_s ca l- ed
srgnal in the cc_outputs bus.
implies
AND
pedaì sæld
Logica¡ a2d scabd cc
a2d sâlêd cc
NOT
Opsâtor
pedal equiv scaled

is equal to
r
pedal scaled Satrratiflf
<pedal scad>
9Ðgþ_sæled>
j T
angþ scaled
Saiuration
@ 2017 by The Math\)Øorks, fnc. Verification and Validation of Simulink@ Models c -25
Solution: Cruise Control Property Proving Try ,i,,
,t
Not satisfied Satisfied

Only the pedal_scaled srgnal at the model input is saturated
between values of -5 and 5. If the pedal-equiv-scaled sþal
is selected, values outside the tange are possible.
CC Disable NOT
As the counterexâmple below shows, this can occur when the
AND
Constant LogÌcal on_of f srgnal is üue (i.e., cruise control is enabled), and the
Logical
0perator'1
Operator pedal_equiv_scaled sþal is outside the objective rânge.
A
A:> B (lomnterexnmple
<on_ofÞ tt
cc_oulputs lmplies
Time û
Lq Ã,!
Step I
L e *:
cc_outputs.pedal_equiv_scaled -6
<pedal scaled>
a2d scaled cc Relãt¡onal Operator cc_CIurputs.on_off 1
a2 d_sc a led.çreda1_sc aled 5
a2d scaled.angle scaled
You can change the results by adding an Assumption block to the

pedat_equiv_scaled sþal. If you constrain its range to be
<Þedal_eq uir'_s caled> Vs¡fiæliff Subsystem
within the saturation limits (-5 to 5), the property will not be falsified.
cc_dtputs
¡ND tvvl
pedaÌ_scaled
tìlr.;¿ir
t¡$æl Switch a2d_eald_cc
cc Ð¡sble NOl Operator <pedalequiv-scabd>
cc_oulputs <on_off>
@ 201,7 by The Math\ü7orks, Inc. Verification and Validation of Simulink@ Models C - 26

Design Error Detection

Reference: Chapter 6
:':t l',
&e ex\des"íg?.8 -rurs j,faeu
Topics: Desþ eror detection
In this exercise, you will use Simulink Desþ Verifier to detect vadous desþ
errors in a model.
1. Open the designErrorStart model.

2. Detect the foilowing desþ errors in the model.
' Integet overflow

. Division by zero
. Minimum and maximum values
3. \Mhen checking minimum and maximum values, Simulink Desþ Verifier
uses the Minimum and Maximum pârâmeters specified in the Signal
Attributes tab of block dialogs.
Modi$ the Minimum and Maximum pârâmeters in the input ports such
that integer overflows and division by zerc are not possible.
1
Hint The minimum and maximum values for uint B data arc 0 and ln1
f,s6âûi.! jinÌite: 4\
2 5 5, respectively.
Constânt Subtract
4. Detect dead logic in the model ?*sÇn limits.
tf-] tq{1
Modift the Saturation blocks in the model to remove any deadlogic you X
may find.
2
ln2
3Ê5çfl !im:ts: Add
f Divide
double
Data Type
-{
Saturatío¡1
1
Outl
Saturation
îü 2t5t nesi?n lirîìits: les¡gn:im¡tsi Conversion l-ztt..z*tl
li¡ l))J
I
2
Unit Delay
A 201,7 by The MathìØorks, fnc. Verification and Validation of Simulink@ Models c-27
Solution: Desigt Error Detection Try

I.
The model contains integet ovetflow and division by zero defects. The reasons
for these defects are
. If the fust input is less than 1,5, there is negative integer overflow.
Changing the minimum value of the second input to 1 means that the lower
. If the second input is greater thzn 1.28, adding the ouçut of the Unit Delay limit of the Saturation blockwill nevet be reached. This will thetefore
block (which can be as large as 127) may lezd to positive integer overflow. cre te dead logic in the model.
. If the ouq)ut of the S at u r at í on block is exactly 0, there will be a division In addition, the Saturationl- block also contains dead logic because the
by zero. value of a uint B sþal can never be negative.
uint8 uinlS
+ 1 t
u¡ntg
tnl ln1 u¡n18
lesíqfi limilå: 15 tes¡g* i¡rl1rÍs:
CÒ¡stant Constant Subtract

i,\ilsiûr ii.iìits lesisä linÌiis;
lu -rrJl
f
uin8 uintg
2 +
f 6 X
!
ü¡,{de
double
f 1
Outl
2
ln2 f
X
g
D¡vide
dÐuble
Data Type SùttÀT'átie*

1
Outl
Saturatiôrì Ðata ïypÊ Satural¡øì1 lJesql;fm;ts Add Sãturâtìùn
nËs¡ç-rì linÌils: çonveßion
¡U:1tr.I Conversion DËsiçn ltllits: tft .',aa
rn )qql
l 1
uìnt8 z uìn6 z
Un¡t Delay Unil Delay
255, You can resolve this by changing the lower limit of the Saturation block
You can resolve this by constaining the first input to be between 1,5 and
and by constraining the second input to be between 7 and 1.28.
to 1, and by changing the lowet limit of the Saturationl block to 0.
@ 201.7 by The Math\){/otks, Inc. Verification and Validation of Simulink@ Models C - 28

Verification and Validation of Simulink Models

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Verification and Validation of Simulink Models

Uploaded by

Copyright:

Available Formats

EXPLORE ENROLL

Verificqtion qnd Volidotion

*MathWorks" Trøining Services

O COPYRIGHT 2010-201,7 by The MathWorks, Inc.

The softwate descdbed in this document is furnished under a license

2. Verification and Validation in Model-Based Design

3. Developing Test Cases

5. Building Test Suites

Verification and Validation in

Chapter Leantng Outcomes ..2-3

Developing Test Cases

Logic-Based Tests. . . . . .3 - 1,2

Creating Test Sequences .3 - 1,3

Testing the PI Conttollet Model .3-15

@ 2017 by The Math\X/otks,Inc. Vedfication and Validation of Simulink@ Models TOC - 6

Analyzing Test Results

Test Your Knowledge . .

Building Test Suites

Imptoving Test Petformafrce .5-15

Math\X/orks@ Iøeb Resources. . . 7 -3

@ 2017 by The Math\X/orks,Inc. Vedfication and Validation of Simulink@ Models TOC - 10

Formally Veri$'ing Models

Tips fot Formal Model Verification

Jack Little Cleve Moler

@ 2017 by The Math\X/otks, Inc. Verification and Validation of Simulink@ Models 1, -2

Math\X/orks supports its customers through a woddwide network of offices,

Headquarters Q.Jatick, MA USA)

http : / / www. mathworks . com/company/worldwide/

Math$Øorks@ Ptoduct Overview

Easy extensibiliry by the user ot via packages of application-specific MÄII-AB

Real and complex vectors and matrices (including sparse .matrices) as

. Improve the safety and efficiency of spacecraft docking by developing

'Advance the diagnosis and treatment of gastrointestinal ftact disorders by

improving visual imaging of the smali intestine

Put the CD in the CD drive.

The installer application will open âutomattcaTly. If the installer application

, : l*LgC¡ t!'tÅIlÅg$ fór Psr&lic ûptiñr¡rütiÕÈr 32.6 hfB *

'$:9S4-ä&34 Th* Mathwerlts, å¡r*. s Back T!{e[t >

Course Learning Outcomes

. Identi$r the role of verification and validation in Model-Based Desþ.

' Complement simulation-based testing using formal verification techniques.

' Building Test Suites

. Automating Verification -Activities

Verification and Validatlon in

In this chapte4we will use the following Mathì7otks@ ptoducts

Chapter Leatnitg Outcomes

. List common model verification and validation tasks.

Continuous Test and Verification

Apart ftom testing, additional verification tasks include Requirements

' TestingGeneraled Code ìn Sìnulink@

' PoþspaceØ for C/C++ Cod.e Verifcation Hardware

. Make assumptions or approximations about the system

@ 201,7 by The Mathrü/orks, Inc. Verifi.cation and Validation of Simulink@ Models

Each of these steps is described in detail in Chapters 3 t}rough 5

. Analyze model - Once the modei incompatibilities have been addressed

Each of these steps is described in detail in Chapter 6.

depending on driving conditions or operator input. System design

Proiect Environment Try'

data document,s ].ibraries mode].s work

ffi testPlan. doc -t: etc. sfx

A 201,7 by The Math\üØorks, Inc. Vedfication and Validation of Simulink@ Models to

. Input sþals case

2. Requirement - Ensure that integrator w¡ndup does not occur

Test plan Test case

, : lLgC¡ t!'tÅIlÅg$ fór Psr&lic ûptiñr¡rütiÕÈr 32.6 hfB

ñm s|effi r ,, , !" J¡"'iffil.qî iS ið ffi ¡ il $ þ1¡ll ,þr

Walt l" aft(3,se) $ieptrwn ?

m,sWffi '$ f, üt" Gv' {'- å !, sä-

ñqi;1it:li e,iìs; ir¡cci:riiii'v