use specification models for requirements-凯发k8网页登录
this example shows how to use a specification model to model and test formal requirements on a model of an aircraft autopilot controller. the specification model uses two requirements table blocks to model the required inputs and outputs of the aircraft autopilot controller model. you generate tests from the specification model, and then run those tests on the aircraft autopilot controller model. the model that you test is the design model.
for more information on how to define and configure requirements table blocks, see use a requirements table block to create formal requirements (requirements toolbox) and (requirements toolbox).
view the high-level requirements
open the requirements set, ap_controller_reqs, in the requirements editor.
slreq.open("ap_controller_reqs");the high-level requirements specify the outputs of the model and the autopilot controller mode. each requirement description uses high-level language that you can use to explicitly define the logic needed in the formal requirements.
view the first iteration of the specification model
open the specification model, spec_model_partial.
spec_model = "spec_model_partial";
open_system(spec_model); the model contains two requirements table blocks that define the formal requirements that translate the high-level requirements into testable logical expressions. the block ap_mode_determination specifies the formal requirements for the autopilot controller mode, and the block cmd_determination specifies the outputs of the controller.
to view the formal requirements, inspect each requirements table block.
requirements table block for controller mode
open ap_mode_determination. the block specifies the formal requirements for the autopilot controller mode. to determine the output data mode, ap_mode_determination specifies three requirements by using two input data:
ap_engage_switch— the autopilot engage switchhdg_engage_switch— the heading engage switch
each requirement uses a combination of the inputs to specify a unique output value for mode.
requirements table block for controller commands
open cmd_determination. cmd_determination specifies the requirements for the aileron command and roll reference command. cmd_determination uses four input data:
mode— theap_mode_determinationoutput,moderoll_ref_tk— the setting of the roll reference target knobroll_angle_phi— the actual aircraft roll anglehdg_ref_tk— the setting of the heading reference target knob
the block uses these input data to determine the controller output data:
roll_ref_cmd— roll reference commandail_cmd— aileron command
in this example, the expressions use constant data to define the ranges of values for roll_ref_tk and roll_angle_phi. you can also parameterize the values or use literal values. see (requirements toolbox). to view these values, open the symbols pane. in the modeling tab, in the design data section, click symbols pane.
in addition to requirements, cmd_determination also defines the assumptions for the design. see (requirements toolbox). in this example, the assumptions constrain the values for the roll angle and the roll reference target knob based on their physical limitations. the roll angle cannot exceed 180 or fall below -180 degrees, and the roll reference target knob cannot exceed 30 or fall below -30. in the table, click the assumptions tab.
you can also specify data range limitations in the minimum and maximum properties of the data or explicitly specify the range from the signal with blocks.
generate tests
simulink® design verifier™ automatically creates test objectives from the requirements defined in requirements table blocks. to generate tests, use the configuration parameter window or specify the tests programmatically. see . select different coverage objectives to determine if you want to minimize the number of tests generated, or if you want to improve test granularity and traceability.
in this example, generate tests with decision coverage and save the output to a mat-file.
opts = sldvoptions; opts.mode = "testgeneration"; opts.modelcoverageobjectives = "decision"; [~,files] = sldvrun(spec_model,opts,true);
simulink design verifier generates the test objectives and the tests from the requirements, however the requirements satisfy only seven of the test objectives.
to satisfy the test objectives, you must revise the specification model. in general, avoid generating tests from a specification model without confirming that the formal requirements are complete, consistent, and correspond to the high-level requirements. otherwise, the tests that you generate are less likely to satisfy the test objectives.
clear("files")investigate and update the specification model
investigate the specification model and update the formal requirements. in this example, the requirement set in cmd_determination is missing the formal requirement that corresponds to the third bullet of requirement 3.
open cmd_determination in the model spec_model_final to view the updated requirement set. the additional requirement has the index 2.2.4.
spec_model = "spec_model_final"; load_system(spec_model); open_system(spec_model "/cmd_determination");
finding issues in your requirement set can be challenging to do manually. you can use simulink design verifier to analyze the requirement set and identify inconsistencies and incompletenesses. for more information, see (requirements toolbox).
link high-level and formal requirements
loading the specification model loads the formal requirements in the requirements editor. closing the specification model also closes the associated requirement set. when developing your formal requirements, link formal requirements to the corresponding high-level requirement to track the requirements in the specification model. in this example, linking the requirements does not affect test generation or test results.
to link the first formal requirement to the corresponding high-level requirement:
in
spec_model_final, expand the requirement set named table1.right-click the formal requirement with the index of
1and select select for linking with requirement.expand the
ap_controller_reqsrequirement set.right-click the requirement with an id of
1and click create a link from "1: autopilot mode is off" to "1: high level: autopilot con...".
the link type defaults to related to. for more information on link types, see link types (requirements toolbox).
generate tests from the updated model
generate the tests from the updated specification model by using the options defined previously.
opts = sldvoptions; opts.mode = "testgeneration"; opts.modelcoverageobjectives = "decision"; [~,files] = sldvrun(spec_model,opts,true);
in this version of the specification model, the test objectives are satisfied.
run the tests on the design model
after you create tests that satisfy the test objectives, you can run the tests on the design model. in this example, the design model is the model for the aircraft autopilot controller, sldvexrollapcontroller.
before you run tests on the design model, you must interface the specification model with the design model. typically, the specification model does not produce or use the same signals as the design model. these differences can be simple or abstract. for example, the design model might use different input and output signal types than the specification model, or you may want to compare a scalar output from the design model against a range in the specification model. as a result, you need to construct an interface between the design model and the specification model.
interface the design model with the specification model
in this example, the specification model spec_model_final and design model sldvexrollapcontroller inputs can interface directly, but one of the outputs is different. spec_model_final represents the aileron command as a range of values, but the aileron command value produced by sldvexrollapcontroller is a scalar double. the interface uses a matlab function block to compare the aileron command values. the interface then verifies both outputs with assertion blocks. open the model, spec_model_test_interface, to view the interface.
test_interface = "spec_model_test_interface";
open_system(test_interface);
the matlab function block compares the two signals by using this code:
function y = fcn(design_val, spec_val) switch spec_val case ail_cmd.all y = true; case ail_cmd.zero y = (design_val == 0); otherwise y = false; end
run the updated tests on the design model
to test and verify the design model, create a harness model that contains the:
specification model
design model
test interface and verification model
in the harness model, attach the models together. then run the tests on the design model and verify the outputs correspond to the requirements in the harness model.
to view the harness model, open the model, sldvexdesignharnessfinal.
harness_model = "sldvexdesignharnessfinal";
open_system(harness_model);like with the interface model, not all design model inputs may directly correspond to specification model inputs. in this example, the harness model prepares the design model for testing with the five inputs specified by the specification model.
run the updated tests on the design model from within the harness model. use the function to run the tests and save the results. if you have simulink coverage™, you can view the results of the tests from the output of sldvruntest in a coverage report. view the coverage report by using the (simulink coverage) function.
cvopts = sldvruntestopts; cvopts.coverageenabled = true; [finaldata, finalcov] = sldvruntest(... harness_model,files.datafile,cvopts); cvhtml("finalcov",finalcov);
the coverage report shows that full coverage is achieved on the design model, sldvexrollapcontroller.
bdclose("all");
slreq.clear;see also
(requirements toolbox)
related topics
- what is a specification model?
- (requirements toolbox)
select a web site
choose a web site to get translated content where available and see local events and offers. based on your location, we recommend that you select: .
you can also select a web site from the following list:
americas
- (español)
- (english)
- (english)
europe
- (english)
- (english)
- (deutsch)
- (español)
- (english)
- (français)
- (english)
- (italiano)
- (english)
- (english)
- (english)
- (deutsch)
- (english)
- (english)
- switzerland
- (english)
asia pacific
- (english)
- (english)
- (english)
- 中国
- (日本語)
- (한국어)