Simulink Tester Issues
This section describes potential limitations, issues and associated guidance for using T-VEC with Simulink and Stateflow.
Test Vector Generation Failures
If test vector failures occur there are some general guidelines that apply to any type of model (TTM or Simulink). See VGS Issues and Guidelines.
S-Functions allow users to specify the semantics of new blocks for simulation and code generation through several programming languages, including MATLAB, C, C++, Ada, and Fortran. While the blocks’ semantics are necessary to support test generation for subsystems that reference the S-Function, these semantics are not accessible by the translator through the standard approach.
To support translation of S-Functions, the translator allows for the substitution of a Simulink subsystem in place of a S-Function. The subsystem that replaces the S-Function describes the functionality of the S-Function in terms of primitive Simulink blocks. The Simulink subsystem to be substituted for the S-Function is specified by entering a specially formated tag into the comment of the S-Function block.
The S Function must be created to use S Function Builder that can be supported by T-VEC.
S-functions are used by Simulink developers to write source code and include it in their Simulink models. We do not directly support using source code as an input to the T-VEC translator. That would defeat the main purpose of the sl2tvec/T-VEC process - which is to support model-based verification and testing. Source code is not a "model" and is the target that the user is supposed to be testing. It is not valid to generate test vectors directly from the source code being tested.
The way that we support S-functions is to allow the user to create an independent Simulink model that represents the input and output interface to the S-function and also represents the same functional semantics as the S-function. Then, the user can add a reference to the S-function in the block properties of the S-function block that names the external Simulink model. The sl2tvec translator then substitutes the external Simulink model for the S-function during translation. This way, the user can use S-functions for code efficiency or direct addressing of specific memory locations or for what ever reason they are necessary, but still use the sl2tvec/T-VEC processes on their model.
Embedded Matlab Language (EML) Translation: m-script guidelines
Support for the translation of Embedded Matlab Language (EML) functions will be available soon. Not all EML functions will be immediately available but they will be scheduled for implementation as requested. Only those EML functions that can be graphically represented using Simulink blocks can be implemented at this time. Support for other EML functions can be added but they may require a development contract. If there is a function you need please E-mail your request to firstname.lastname@example.org.
A majority of the m-script syntax will be supported. A list of the currently supported functions is included. Additionally there are a few programming shortcuts that are not supported. If your script uses those shortcuts then minor modification will be required.
Matrix field selection using a single parameter
Matrix indexing with 1 parameter is not supported.
x=m(2); % not supported
Instead, use row and column syntax for matrix indexing.
Defining a variable and using it outside of the block containing it
The following syntax is not supported.
s=3; % variable s is initialized inside the if block
a=x+s; %translation error: variable s is used before it has been initialized
Instead, declare variables in the scope they will be used.
s=0; % variable s is initialized at the function scope
s=3; % ok
Using the unsupported syntax will cause the following error to be generated:
ERROR SL0251: (Internal) Unknown variable found while processing embedded Matlab script.
This is usually caused when a variable is used outside of the scope it was declared within.
Variable will be grounded.
identifier : [identifier]
scope : [block location]
line: [line] pos: [column]
Supported EML syntax
We will be adding more function support with future releases. If you call an EML function that has not been implemented then you will see a message like:
ERROR SL0253: (Internal) No subsystem implementation found.
No subsystem implementation found for subsystem reference: acosd_15.
Please verify that your model passes the Matlab model check (CTRL+D).
If your model is correct then you could be calling a function that has not been implemented in the T-VEC Simulink tester.
If you believe this to be the case, please send an E-mail to email@example.com with the function name so that we can include it in a future release.
Flow control syntax
if, elseif, else
&&,&,||,|,xor %and, and, or, or, exclusive or
<, <=,==,~=,>,>= %less than, less than or equal, equal, not equal, greater than, greater than or equal
+,- %addition, subtraction
^ %power of
*,/ %mulitplication, division
[matrix]' %transpose matrix
% [...] - single line comment
[...] - multiline comment block
Line continuation syntax
... %line continuation
Supported EML functions
Below is a list of the currently supported EML functions.
floor ceil round fix
sin cos tan asin acos atan atan2 sinh cosh tanh asinh acosh atanh
exp log log10 sqrt power conj rdivide hypot rem mod
Simulation Test Drivers: State Data Initialization
Inlining and Coverage
Use of inlining Simulink subsystems can impact test and model coverage. If a model includes inlined subsystems, then the missing coverage may be related to situations where the model doesn't support taking one of the paths through the utilities (lower-level subsystem) based simply on the model's design.
Here's an example: Subsystem X is a utility that has an input A with two paths:
- A >= 0 then do something
- A < 0 then do something
Subsystem Y inlines subsystem X, but has references to Subsystem X only when the input associated with the signal A is >= 0. This means that there cannot be model or test coverage for the path when A < 0.
The only solution is to make sure they are treated as stand-alone atomic functions so that they may be tested in their own right.
Test Vector Generation Failures
T-VEC VGS analysis is exhaustive in the sense that for every DCP throughout the hierarchy of systems is model-checked, and a test vector is then produced. Most test vector generation failures result from model defects where the constraints of the DCP are not satisfiable throughout the hierarchy of DCPs of the subsystems.
However, there are possible situations where test vector generation fails when it is possible to find vectors. For example, when signal domains are left to their defaults. There are default settings for ranges values, but these may not be adequate for the application.
T-VEC does cover a large percentage of models that use standard blocks (see View | Library... from Simulink Tester GUI for the supported blocks), however, there are other situations where T-VEC may not produce vectors, for example
- dynamic array indexing
- spacial discontinuity coupled with circular dependent variable relationships
The Auto Rotate Convergence Fix Mode Test Vector Generation property is one of the mechanisms that can address some of these issues, and other internal mechanisms are applied automatically, independent of the specific convergence mode. The T-VEC test generation algorithms continue to evolve to deal with classes of these kind of situations, but there is no guarantee that such situations will not occur. For such situation contact firstname.lastname@example.org for additional assistance.
Signal Range Management
Changes in architectural decomposition may cause a signal name to be removed. For example, if a signal is defined as signal A in the hierarchical scope of subsystems x\y\z and subsystem y is removed, then that signal is undefined and is removed from the signal range file (with extension .srf).
The translator creates a backup copy of the signal range file (.srf) each time the translator is run. It creates a log file that details every change to the .srf file. It should be possible to recover from an unexpected change to the .srf file.
Model Coverage vs. Code Coverage
Test vector generation attempts to find test vectors for all of the paths (DCPs) in the model. Complete coverage means complete model coverage, however, complete model coverage does not guarantee coverage of code (e.g., MC/DC coverage), for example: code generators can put in code for checking and handling exceptional conditions (e.g., safety code around square root function). The Simulink Testers provides mechanisms such as assertions and coverage predicates that can be used to produce additional tests to cover many possible situations. Tools such as LDRA TBrun is integrated with the Simulink Tester and can provide test coverage measures to support organizations that may need evidence to support FAA certification.
Test Sequence Vectors: State Variable Initialization
Test Sequence Vectors (TSVs) are created by referencing the target subsystem multiple times. Special T-VEC subsystems are created based on a configuration file supplied to the translator. These TSV subsystems include one or more test sequences. Each test sequence includes one or more references to the target subsystem (i.e., the number of sample times being tested). It includes also a set of the target subsystem’s inputs for each time that the target subsystem is referenced. These input values have their respective subsystem reference appended to their name. Therefore, if a subsystem has two inputs, inputA and inputB, then a TSV subsystem that includes two references would include the inputs inputA_1, inputB_1, inputA_2 and inputB_2. Input values to each subsystem reference can be controlled through settings at the reference level, test sequence level or subsystem level.
Many blocks in Simulink have specific initial condition values, unit delays, integrators, etc. (and stateflow in terms of things like initial states of state machines). T-VEC has a mechanism for using these initial values during vector generation, and they include:
- T=0 - defines a point in time where all test vectors are generated as if the system is in the first cycle of execution
- T>=0 - test vectors are generated for things that take place after the first cycle and then continue for multiple cycles of the TSV
- T>0 - test vectors where the initial condition setting action is disabled and this forces the state variables to be solved for through convergence rather than be initilized or assigned
The default is to generate vectors for both cases, 2 vectors per DCP when no state variables are available, and 4 test vectors when state variables are available. This mechanism should be adequate to test control and logic associated with state data (See State Variable Inits Example).
Test Driver Generation
There are some situations where the object mapping information that relates a signal name to an implementation name must be defined manually to support test driver generation. This is applicable to a few types of Simulink blocks and some Stateflow modeling constructs. There are cases where it is simply not possible to predict variable names, function parameter orders, etc. There is no API for determining the choices made by the RTW to fully automate all aspects of test driver map file creation.
Project Differences when Translating with Mappings
By default the function name option for a subsystem is set to “Auto”. The routine RTW uses to derive these function names is unknown to sl2tvec. As a result, when translating from just the model file, the translator must guess what the function names are, but when translating with the model and RTW mappings file, the translator can determine from the mappings file what the function names are. In the case of reusable subsystems, the reusable subsystem definitions are only combined if they resolve to the same function name. Since the sl2tvec translator guesses at these function names, the reusable subsystems may be combined differently if the mappings file in included in translation. The result is that a project translated with mappings may have a different number of reusable subsystems (or different subsystem names) than a project translated without mappings.
Impact of Out of Date Signals
The translator uses the signal labels in a model to perform the translation process. Sometimes these labels can get out of date when signals are set to show their propagated names. This happens mainly a signal label is changed from one name to another, or when a library is moved from one location to another where the propagated signal label no longer applies. When the labels get out of date, the translator cannot properly translate the model and produces error messages such as this:
- Determining signal dimensions..ERROR SL0086:
- Signal dimensions are not consistent for block "Bus_Selector" in subsystem "example" (block expects an input labeled signal2, but could not find it in the input signal)
- WidthIndex 1, BusLabel signal1, Output signal2
- WidthIndex 2, BusLabel signal3, Output signal2
- ERROR SL0115: signal dimension is invalid for signal "signal2" from block "Bus_Selector" <dimension: 0>
- Translation Aborted!
To avoid this error message, make sure a model is up to date before exporting it by selecting the Edit | Update Diagram menu item or pressing Ctrl + D.