"Everyone knows that errors are much less expensive to fix when you find them early. With Simulink Design Verifier, we build on the advantages of Model-Based Design by performing formal testing in the first phases of development."
Christoph Hellwig, TRW
TRW Automotive’s electric parking brake (EPB) offers many advantages over traditional parking brakes. By eliminating the need for a parking brake lever or pedal, the EPB provides greater flexibility in the vehicle’s interior design. The EPB’s onboard computer can be integrated with the vehicle’s stability control system. For example, it can be configured to release the brake when the vehicle accelerates, activate the brake when the driver’s door opens, and prevent the vehicle from rolling backward when starting from a stop.
Because the EPB is a critical part of the parking application, TRW had to test every operation and branch of the control software. TRW used MathWorks tools for Model-Based Design to model and simulate the control system of the IEC 61508–certified EPB. With Simulink Design Verifier™ TRW engineers automatically generated tests, an approach that helped the group achieve 100 percent coverage of their Simulink® and Stateflow® models.
"Simulink Design Verifier enabled us to bring the formal testing of our software in-house and verify our design in the first phases of development, when defects are easier and less costly to fix," notes Christoph Hellwig, team lead at TRW.
On previous projects, an external vendor manually wrote and performed tests on TRW’s code. Using the test results, TRW developers analyzed and debugged their code. The process was expensive and prone to miscommunication and delays. Further, manual testing left some portions of the designs uncovered by tests. “We decided to bring this process in-house, not only to reduce costs, but also to develop this type of software verification expertise within our organization,” says Hellwig.
TRW sought to improve its test process and provide meaningful and actionable feedback to developers much earlier in the development cycle.
The software development group at TRW had used MATLAB® and Simulink to develop a detailed software design specification, which enabled them to change their test process.
TRW engineers used Simulink Design Verifier to generate tests that enabled them to meet their customer’s requirement for 100 percent coverage on the EPB control system model.
Ling Zhu, test engineer at TRW, used Simulink Design Verifier to automatically generate tests from the same models that were used for development of code.
The test engineers then ran the generated test cases to review the test results. They also used Simulink Verification and Validation™ to generate model coverage reports that highlighted untested elements of the EPB design and provided developers with insight into areas of the model that were not being exercised. Developers use these reports to shorten the time needed to resolve defects.
Once the test harnesses were complete, the TRW development group converted the specification into a fixed-point model and generated C code. Ling reran the tests generated by Simulink Design Verifier against the C code and compared the test results to identify any problems introduced by the conversion process. This technique made it easy to find time-shift errors in the design as well as unreachable pathways in the code.
TRW is developing a more configurable version of the EPB for the general automotive market, and is expanding its use of Simulink Verification and Validation to link requirements to its designs, tests, and generated code.
Design tests for an electric parking brake control system
Use Simulink Design Verifier to automatically generate tests that maximize model coverage and enable systematic design verification