Read an Excerpt

Excerpt from:
Chapter 1

Simulation Engineering

1.1 Introduction

This book deals with the subject of simulation as it applies to the process of designing, developing, and testing complex dynamic embedded systems. A dynamic systems has behavior that is described by differential equations (for continuous-time systems) or by difference equations (for discrete-time systems). Dynamic embedded systems are dynamic systems that use computing resources to control their dynamic behavior. The number of applications for dynamic embedded systems is steadily increasing, and includes safety-critical systems and those that have the potential to cause large financial loss in the event of system failure. Because of these risks, system developers must provide a high level of assurance that the system hardware and software designs and implementations are free from serious errors. It is more important than ever to use development tools and processes that reduce the potential for serious design problems which may remain undetected until late in the development cycle or after the product is in customer hands.

Simulation is an approach that can significantly accelerate the product development cycle and provide higher quality in the final system. A simulation contains a set of mathematical models of one or more dynamic systems and the interactions between those systems and their environment. During execution, the simulation advances through time and solves the equations for all the models at each point in time. The equations that describe the behavior of complex systems are complex themselves - so the approach used in simulation is often the only way to solve them with an acceptable degree of accuracy. Simulation can play several roles during the development of a dynamic embedded system. It is useful for

• exploring design options,
• optimizing design parameters,
• as a tool for thoroughly testing the system under realistic conditions, and
• other applications such as failure analysis.

This book will discuss several ways simulation is used - including the use of real-time simulation for testing system hardware and software.

It is critically important that a simulation accurately reflect the behavior of the system and environment being simulated. It is crucial that each model in the simulation - as well as the complete simulation application itself - undergo a thorough procedure to demonstrate its accuracy. Chapter 7 is devoted to a discussion of simulation verification, validation, and accreditation, which are the processes used to demonstrate the degree to which each mathematical model (and the full simulation) are sufficiently correct and accurate for their intended uses.

Because simulation development and execution is commonly performed using an off-the-shelf simulation software package, Chapter 9 describes several current simulation tools and demonstrates the implementation of a simple yet nontrivial system simulation in each one. Demonstration versions of each of these packages, as well as others that are not discussed in this book, are generally available from vendors at no cost for a limited period. Developers considering which tool to buy should try out several and select the one that best meets their needs.

Before diving into the issues of modeling and simulating dynamic systems, it's important to discuss reasons why it is needed and identify some of tae benefits that accrue from the use of simulation.

1.2 Embedded Systems

Embedded systems are products that contain computing resources. These systems are becoming more complex as the power of computing hardware and software increases. Moore's Law2 states that the computing power of microprocessors doubles approximately every 18 months. As performance increases, the cost of computing power is decreasing. Therefore, it is becoming more feasible to implement high-performance, low-cost embedded computing technology into products. This abundance of computing capability can provide sophisticated new product features with low per-unit incremental cost. As always, the products that succeed in the marketplace will provide features that buyers want and are willing to pay for. The companies that succeed will make the best use of embedded computing power to develop products that become market leaders.

However, low-cost computing hardware is only one part of an embedded system. Before this hardware can do anything at all, someone must develop software to run on it. Embedded software must undergo a design, development, and testing process similar in many ways to

2. Gordon E. Moore, co-founder of Intel, made the observation in 1965 that the number of transistors per square inch on integrated circuits had doubled approximately every year since the integrated circuit was invented. In subsequent years, the pace slowed somewhat so that the current rate of transistor doubling is about every 18 months.

the hardware development process. As the complexity of the tasks performed by the software in an embedded system increases, so does the time and expense required for the development process. In many cases, the software development costs for an embedded project exceed the costs for hardware development, sometimes by a substantial amount [1]. Because of the large and growing percentage of product development resources expended on software, techniques for improving the software development process are becoming increasingly important.

In addition to the hardware and software development costs of a complex embedded product, hardware/software integration can also be a source of significant expense and risk. Often the hardware and software development efforts occur in parallel. This means that the software developers cannot run their code on the actual embedded hardware until a prototype becomes available, which may not occur until after completion of the bulk of the software development. As anyone who has worked on a sizable software project knows, debugging a large, untested chunk of software is vastly more difficult than developing and debugging it a little bit at a time. Projects can become bogged down in problems during the hardware/software integration phase, frequently leading to lengthy delays, exploding costs, and outright project failure. There is a critical need for techniques that can reduce the risks associated with parallel hardware and software development. Simulation is one way to reduce these risks.

Users will continue to demand more product capabilities causing developers of competing products to strive to provide solutions that meet those needs. To flourish in this environment, companies must adapt themselves and their processes to the realities dictated by complex dynamic embedded systems. These large software projects will require the use of the best available development and test methodologies to a) minimize the number of software problems that occur in fielded systems, and b) to minimize the negative effects of those problems should they appear. Simulation is a useful tool for meeting these goals.

Software problems can arise from many sources, for example

• incorrect algorithm implementation,
• accessing hardware devices improperly,
• and failing to handle exceptional conditions (e.g., division by zero) properly.

Other software-related problems can arise in the larger project context. One area where problems frequently occur is in the specification of software requirements. During the early project phases when software requirements are defined, it can be very difficult to envision all the circumstances under which an embedded system will operate. If the requirements are set "in stone" at this early phase, it may be difficult to identify and implement requirement changes that could lead to a better product.

An example of a software requirements-related system problem occurred in the Patriot missile system used in the Gulf War. On February 25, 1991, a Patriot missile battery in Saudi Arabia was unable to engage an incoming Scud missile due to an excessive amount of clock drift in its target tracking system. The Scud subsequently struck a warehouse in Dhahran and killed 28 U.S. soldiers. An investigation determined that the real-time clock in the Patriot targeting system steadily drifted away from the correct time due to rounding error [2]. When the system had been running continuously for a long time (over 100 hours, in the case of the failure), sufficient clock error would accumulate so that the system could not acquire a target.

After this failure, the system developers produced a software patch that fixed the clock drift problem. This led to the popular belief that the root cause of the problem was a software error. However, the problem may not have just been a slowly drifting real-time clock. The original requirements for the Patriot system apparently did not envision that the missile batteries would remain in a continuously operational state for more than a few hours at a time. During the Gulf War, Patriot missile batteries often remained in the operational state for several days at a time. This allowed the clock error to grow to the point that the targeting system would not function. The conclusion in this affair appears to be that the system met its original requirements (even with the clock drift present), but in the operational situation, it was used in a manner that was not compatible with those requirements. This resulted in the complete failure of the system to perform its intended task.

The root problem in this case may have been a combination of a limitation in the original system requirements and improper operation by the end users (possibly due to inadequate user training or poor system documentation). It does not appear to have been a problem of software design or implementation, because all real systems are specified in terms of error tolerances. The developer must meet those tolerances, but it is not appropriate to expend resources in an attempt to further minimize errors once the tolerances are satisfied. If the system meets the specifications but still does not function correctly, the specified tolerances may not be tight enough.

Software development practices and tools are steadily evolving to increase the efficiency and quality of the development process, but there are no breakthroughs on the horizon that would dramatically improve the situation. Incremental enhancements will occur as software tools become available that improve some aspects of the software development and test processes. Better developer and management practices will improve their ability to meet project goals. Even with the use of refined tools and practices, however, the development and testing of software is likely to remain a slow, labor-intensive process for years to come.

Software development and test complexity, hardware/software integration, and requirements analysis can be major problems in the development of complex dynamic embedded systems. Cost-effective approaches must be developed and implemented to deal with these issues in ways that reduce the risk of encountering expensive and difficult-to-fix system errors during development and particularly after development is completed. The earlier in the cycle that meaningful system-level testing can be performed, the easier and less risky final system integration will be. Any approach that allows earlier testing of embedded software can improve the chances for a successful, on-time, on-budget development effort. As you will see, simulation is a technique that meets this need.

7.3 Simulation

Simulation is a vital tool for dealing with the problems discussed in the previous section. A simulation is defined as the reproduction of a situation with the use of models. A model is a physical, mathematical, or other logical representation of a system, process, or phenomenon. In this book, I will consider the development and use of models and simulations as computer programs. Many different kinds of simulation are used in product development today. Examples of simulation types include:

• Circuit simulation (Will the circuit meet timing requirements?)
• Thermal simulation (Will any of the chips on the board get too hot?)
• Network simulation (Will congestion be a problem?)

The focus of this book will be on the use of simulation at the system level. A system-level simulation models the behavior of an overall system as it operates in a realistic, simulated environment. The modeling of subsystems and components may be simplified significantly for a system-level simulation - as long as the essential behaviors of all components of the system and its operational environment are accurately modeled. Some types of simulation used in the product design process (such as thermal simulation) may not need to be included at all in a typical system-level simulation. Dynamic system simulation focuses on the entire system as it operates in its intended environment. This type of simulation permits testing of the system in its designated operational modes as well as under dangerous emergency conditions without risking loss of life or valuable assets. Environmental conditions that may be difficult or impossible to reproduce for system tests (such as icy roads in the middle of summer, or the conditions of outer space) can be simulated using computers and appropriate software algorithms. Using simulation, we can perform intricate test sequences quickly and repeatably at relatively low cost.

We can test hardware and software at the subsystem level using hardware-in-the-loop (HIL) simulations long before a testable system prototype becomes available. HIL simulations run at real-time speeds and perform input/output operations with the system or subsystem so that the test item "thinks" it is operating as part of a real system in its operational environment. These systems or subsystems can then be tested under nominal conditions as well as beyond their intended operational boundaries. HIL simulation provides the ability to thoroughly test subsystems early in the development process. This can greatly reduce the debugging time and project risk compared to the alternative approach of waiting until a prototype is completed before performing integration and testing.

Many important ancillary issues must be addressed to gain the full set of potential benefits from a simulation effort. Two examples of these areas are simulation verification and validation. Verification is the process used to demonstrate that a simulation has been implemented according to its specifications. The validation process demonstrates that the simulation is a sufficiently good representation of the actual system it attempts to simulate. The primary goal of the verification and validation processes is to provide sufficient, convincing evidence of the correctness of the simulation so that even the most sceptical observers will agree that it is credible and accurate for its intended purposes.

Another issue involves the methods used to effectively analyze and process the large amounts of output data generated by a simulation. There must be adequate tools and techniques available for extracting useful information from all of the output data. Some of the data will need to be archived for later use for such purposes as regression testing (which verifies that the simulation continues to work correctly after undergoing significant modifications).

1.4 Complex Products

Dynamic embedded systems are constantly becoming more complex in terms of computing hardware and software. Many of these products become part of safety-critical systems such as aircraft, traffic signals, or medical instruments. Even for products that are not safety-critical, it is important that serious defects be identified and fixed before production begins. If a major problem is not detected until after the product is fielded, the effects can be financially devastating for the company that produced it. Many new products are being developed that would not be economically feasible without the availability of low-cost embedded computing power. One example is the handheld GPS...