Test utility pattern: Simulink Test

As I have written about in previous posts I recommend the use of reusable test utilities.  When working in the text-based MATLAB environment how to create reusable utilities is easily understood; they are simply MATLAB functions.  However,  within the Simulink Test graphical environment, it may not be as clear.

Libraries and Functions

Fortunately, there is a solution; if there wasn’t there would be no post today.  Within the Simulink Test environment, calls can be made to functions.  The functions can be either return a value (or values) or directly set an assert or verify flag.


The functions are imported from a Simulink Library and can be constructed from MATLAB or Simulink Function blocks.


In the case of MATLAB functions that are placed in a Stateflow block with the functions export option selected.


So there you have it, a simple solution to reusable test utilities within the Simulink Test environment.


Model-Based Design: Return On Investment (ROI)

One of the rationales for adopting Model-Based Design is an expected Return On Investment (ROI).  This has three very natural questions

  1. What is the expected ROI?
  2. What is the timeframe for realizing the ROI?
  3. What is necessary to realize the ROI?

Unpacking the ROI questions

TheImage result for unpacking first thing to recognize is that the ROI will be dependent on the “level” of adoption of Model-Based Design.  The more processes of Model-Based Design that are used the greater the ROI, however, there is a corresponding delay in the realization of the ROI (see reference 1).

Further, the ROI is dependent on a having a defined implementation plan.  A full MBD process includes multiple tools and tasks, without a well-defined implementation plan the dependencies between these tasks will become muddled.

ROI Timeline

Assumingtimeline a well-defined implementation plan, Most companies will start to see a return on investment after 9 months to 1 year.  The majority of the ROI is generally realized after 3 years.


Hidden or “Negative” ROI

One aspect of Model-Based Design makes measuring ROI difficult, the fact that model-based approaches allow for the development of systems that are impossible (or at least extremely difficult) to develop using traditional approaches.  In these cases where MBD is used to create systems of high complexity, the measured ROI may be lower than actual ROI due to the inherent complexity of the system.

Expected ROI

Finally, what is the expected ROI?  From industry examples, ROI’s as high as 80% are known to be possible (see reference 2) with ROI’s of 30~40% are considered common.  Again, these results are dependent on having a good implementation plan.  Hopefully, this blog, or MathWorks, will help you develop that plan.


Image result for implementation


  1. What is the benefit of a model-based design of embedded software systems in the car industry?  By Manfred Broy Technical University Munich, Germany
  2. Measuring Return on Investment of Model-Based Design By Joy Lin, MathWorks
  3. Model-Based Design in Practice: A Survey of Outcomes for Engineers and Business Leaders. By Dr. Jerry Krasner Chief Analyst at Embedded Market Forecasters


Why you need noise in your tests

Short answer: the real world is noisy.  If you write tests that assume clean input data you are not exercising the system in a real environment.  So let us talk about noise.

Types of noise and sources of noise

ForImage result for noisy sine wave this article, I will define noise as signal data entering the system from the outside of the system.  Sources of noise include

  1. Resolution limits: all measuring devices have a limit to their resolution.  A ruler with 1/8th-inch markings cannot accurately measure 1/16th-inch resolution.
  2. External interference: Frequently there are secondary effects that change the measurement.  For example, when measuring a voltage it is common to have noise in the signal from other wires running nearby.  (Which is why for some sensitive measurements shielded cables are used)
  3. Dynamic property: In some instances, the value of the property being measured is changing rapidly; any given measurement may be an outlier.
  4. Human error: For devices that human operators, well we make mistakes in how we enter information…

TypesImage result for types of noise of noise, generally, map on to the sources of noise.

  1. Quantization (resolution): Characterized by “jumps” in the value.  In dynamic systems must be tolerant of the jumps.  For static (e.g. post-run analysis) the jumps can be “smoothed” using functions.
  2. White (external): Characterized by random values around the “actual” signal.  Generally can be filtered using standard transfer functions.
  3. Outlier (dynamic): Characterized by occasional values outside the trending values.  If the “standard” range is known then these outlier values can be ignored.
  4. Systematic (human): Characterized by systems being executed in a non-standard order.  Systems need to be made recoverable from non-standard execution order.


Testing the wild-noise

TheImage result for where the wild things are basic strategy for testing with noise is to “inject noise” into the system under test.  How we inject can again be mapped back to our 4 types of noise

  1. Floor functions (quantization): Use a floor function to resolve signals to the nearest value of the inputs resolution.
  2. White noise generator (white): White noise generators are common functions.  One important note, if the same “seed” is used for the white noise for all runs then this test has an inherent flaw.
  3. White noise generator (outlier): There is a special case of the white noise generator where signals are more episodic and, generally, of a larger value.   In these cases, a statistical model of the outlier signals is helpful in creating this white noise generator.
  4. Decision tree analysis (human): Creating test cases for human error can be the most difficult.  For state logic, it is possible to analyze the system to determine all possible paths.

In the end, including noise in your tests will result in more robust systems.

Global signal data in Simulink Models

Unlike many, this post is Simulink centric and deals with the question of global signal data within Simulink models. So first what is “signal data?”  Broadly speaking within a Simulink model data elements are broken into parameters (fixed) and signals (things that change).  Signals are either calculated or come in from the root level.


Within the model, the signal data is “scoped” to the line it is attached to, or in the case of a Stateflow chart or MATLAB function block, the scope of the chart/function.

The exception

Within Image result for simulink data storeSimulink, the exception to the rule is the Data Store.  With Data Store (read and write blocks) data can be shared in different parts of a model without the use of connecting signal lines.  Further, the data stores can be shared with Stateflow Charts and MATLAB functions.

In addition to acting as global data, Data Stores have the unique ability to be written to in multiple locations within a Simulink diagram.  Because of this ability, they must be fully defined with the data type, dimensions, and complexity when they are first created.

Global data bad……

GlobalImage result for discworld data is easy to work with, allows you to quickly share information between functions and to reduce interfaces.  At the same time, it makes debugging code more difficult (where was X set?) and reduces reusability of code by expanding the dependencies of a function.  But… there are times when global data is the correct solution.

When to use global data

So with these downsides when should global data be used? As a general rule of thumb, I advocate for 3 uses

  1. Error/Fault detection:  By their nature error flags can be set by multiple causes.  Because of this, the ability to write to an error flag in multiple locations is a valid rationale.  Additionally, since the error flags may be needed in multiple places in the model (more so than normal data) the ability to pass this without routing is important.
  2. Mode data: A system should respond to mode changes all within the same execution step.  Like error flags, Mode Data is shared across the full scope of a model.
  3. Reset flags: Reset flags are used to reset state behavior of integrators and transfer functions.

Image result for rule of thumb

Generated code

As a final note, the global property of data in Simulink models should not be confused with the scope of the data in the generated code.  The scope of the data in the generated code (for both parameters and signals) can either be determined automatically by Embedded Coder or controlled through Data Objects.  This will be covered in a future post.


At some point in the software development cycle, the question of single or multi-threading environment will come up.  With multi-core processors more common now in embedded devices this a more frequent issue.  Let’s take a look at some of the trade off’s between single and multi-threaded environments.  For additional information, I recommend the following links

Single threaded

It just works, the program runs from start to finish in a set order and you know what happens relative to everything else.  However, it may be slower than it needs to be if some of the operations can take place in parallel.  If you do not have timing constraints this is a fine option to take.

Image result for one thread


If single threading can be described as “just working” then multi-threading needs to be characterized in a different fashion.  We will start with some basic understanding of threads.  A thread is the smallest unit of execution that an OS can instantiate; they are either event-based or periodic (temporal).  Threaded operating systems can be either non-interpretable or interpretable.

Image result for timing diagram multi threading scheduler

Packaging your threads

Each thread should exhibit a high degree of independence from other threads; meaning the operations of “Thread A” should have a minimum dependence on the data from “Thread B.”  The key word here of course is “should.”  In the end the threads will need to exchange data and that is one of the complications of multi-threaded environments.

Data locking and synchronization

Image result for lock dataIn a multi-threaded environment, a lock (or mutex) is a method for ensuring that a memory resource is not in use by multiple threads at the same time.  E.g. if you have a shared memory space you do not want to threads writing to it at the same time (or one reading while the other is writing).

Locks provide a way of synchronizing data between threads, however, they slow down the process since the thread cannot continue until the data is unlocked.  In some instances, when the operation of one thread is dependent on the outputs from another, if the locking and data synchronization is not handled correctly a race condition can occur.

Debugging multithreaded environments

Bugs in multithreaded processors generally occur when the expected order of execution does not match the intended order of execution.  This can be either due to

  • A thread failing to start
  • A data synchronization failing
  • A thread taking longer than expected and preventing another thread from running

Image result for debugging multithreaded applications

Use of a debugger to “walk through” the code is often required to get to the root cause of the issue.  However, if the bug is due to an overrun issue then using the debugger may not catch the error because in the debugging mode you are not subject to the timing limitations. In this case, either a trace log or even an oscilloscope can be employed.

For more information on debugging multithreaded environments, I suggest these links


What is a comment?

Everyone knows that best practice tells us to put comments into our code/models; some of us do.  The question for today’s blog is “what makes a good comment?”

The good, the bad and the just simply useless

NOTE: all examples of “bad comments” are taken from real-world experience.

  1. Do not repeat the information in the model:  
    For the given line of code:
    output = input * 2;

    1. Bad comment: /* The output is equal to 2 times the input */
    2. Good comment: /* Investment pays two times the deposit */
    3. Useless: /* Multiplication operation */
  2. Explain why something is done in a given way:
    For the given line of code:
    bound = min(upper,max(lower,length));

    1. Bad comment: /* Run min/max functions on length */
    2. Good comment: /* Limit ouput between upper and lower bounds */
    3. Useless: /* Bound value is bound */
  3. Are clearly written:  Comments should be written in the native langue following standard grammatical rules.  Avoid slang and abbreviations.
  4. Are “as long as they need to be”:  Comments do not take the place of requirements.  They are in place to explain part of the model/code.  As such they should be written so they explain the concept and no more.

Why we comment?  What comments can’t do…

Comments aid people in understanding what the model or code is intended to do.  Comments need to be maintained as the source is updated; there is nothing worse then a 3 year old comment that has no relationship to the current object.  Finally, they cannot take the place of well-written code.    (In all honesty, I have no idea what the screenshot that follows does….)

Image result for obfuscated c

Aus München

Diese Woche hatte ich das Vergnügen, an der SDMD Konferenz in München teilzunehmen.  Neben zwei Papiere präsentieren hatte ich die Gelegenheit, mich sowohl auf der Konferenz als auch danach mit Menschen aus der Medizintechnikbranche zu treffen.  Was folgt, sind meine Beobachtungen.

Erinnerungen an vergangene Arbeit

Ich hatteImage result for back to the future 3 meine Arbeit mit MBD beginnen 25 jahr wenige mit General Motors; für deise Autoindustrie.  Auf das Zeit MBD war neu und ehrlich gesagt, waren die Werkzeuge weniger ausgereift.  Leute hatte eine Bedürfnis für Verbesserungen aber alles war nicht klar wie zu vorgangen.  Es war die “Wild West.”

Über Zeit,  Best Practices entwickeln von Industrie Erfahrung.  Durch den frühen 2000er Jahren moderne Prozesse waren vorhanden.

Dieser Zeit für die Medizinprodukteindustrie erinnert mich dieser Zeit Autoindustrie. (Aber mit die Werkzeuge ausgereift.)

Alt probleme, alt frage, neu antworten

Die Medizinprodukteindustrie Image result for old problemsist die gleiche Probleme sehen das Autoindustrie vor 20 Jahr; Zusätzlich zu, dass sie konfrontiert sind regulatorische Fragen.  Die Medizinprodukteindustrie ist, nur natralich, vorsichtig wann neue Prozesse übernehmen.  because of this “use cases” from other industries are required for validation of the process.

Letzte Worte

Drie ding: Erste für Alles das klar sind im meine im Deutsche schreiben; habe ich mein Mitarbeiter zu danken. Alles das sind nicht klar ich meine Entschuldigung gibt.  Zweite, München ist ein Stadt mit schöne Gebäude und wunderbare Menschen.  Letzt ich habe learnen zu essen das Brezeln für Frühstück und das war sehr gut.

Agile development and Model-Based Design

If in the heart of agile development can be seen in the concepts of quick iterations, leveraging test points for quality assurance coupled to a close team-based collaboration then Model-Based Design are the veins and blood that compose the body of your work.

Agile is a concept andImage result for circulatory system
a process; how that concept is implemented is up to the development team.

If we review the key concepts behind Model-Based Design and Agile Development then the mapping between is obvious.

Use models for architectural decomposition:  Models are used to break down large problems into smaller components.  These smaller components can easily be integrated into larger system-level models created by other people in the development team.  The use of models and a modeling architecture strongly supports close team-based collaboration.

Use of simulation: simulation is the younger brother of testing.  Using models developers can quickly and easily exercise their models to determine the functional correctness of system under test.  Once the initial models are “correct”  they can be locked down with a set of formal tests.  Those formal tests often are derived directly from simulation used for design.

Image result for there can be only one Model as the single truth: When we look at the elaboration process that a Model-Based Design process follows it is clear that the iterative nature of an agile process is a close fit.  Models can both provide a tight integration with requirements while allowing for the fast evolution of those requirements.  In fact, the use of simulation as part of the development process allows developers to quickly find issues with their requirements.

Final thoughts

Agile design processes are as good as the people who commit to them.  A good understanding of what is and what is not part of the agile development process is important to the success of the project.  (This is, of course, true of any product development.)  For another perspective on Agile development and Model-Based Design, this link provided a good overview.



Reusable software components…

This post is a companion post to the “Automation do’s and don’ts”.  Here I will examine organizational hurdles that stall the creation of reusable components.

The reuse of software is a common object stated by most companies, but, with exception of a set of narrow cases, most companies struggle with this objective.  In my experience, there are 6 reasons for this struggle

  1. Lack of ownership:  There isn’t a group (or person for smaller companies) who has the responsibility and authority to ensure this task succeeds.
    Note: often the lack of authority on the person/groups part is the larger part of the problem.
  2. Failure to allocate time:  Turning a component into a reusable component can add between 10% to 15% to the development time.  If time is not budgeted for the additional development a “buggy” reusable component is released.
  3. Lack of awareness/documentation: The greatest software tool is useless if no one knows about it or it is poorly documented.
  4. Narrow use case: The component is created and its’ use is so limited that only a few people will ever use it.
  5. Wide use cases: Wide use cases often lead to complex reuse components that either do nothing well or become so bloated that they are difficult to configure and maintain.
  6. Bugs: Every time a person uses a “reusable component” and it fails to do what it is supposed to do it encourages people to not look at reusable components.

So how do you avoid those pitfalls?

Image result for pitfall

What type of reuse?

I break down reuse into two categories, formal and informal.  Informal reuse is common for individuals and within small groups.  It is when a component is regularly used to perform a task by people who know how to use it well or are able to work with its’ “quirks.”

Informal reuse is a good practice however it should not be confused with formal reuse which is the topic of this post.  With formal reuse, the component is used by people who are not experts on the underlying assumptions and methods of the object.  Because of this they are not tolerant of “quirks” and need a solution that is dependable and documented.

It should be noted that many “failed” reuse attempts arise out of taking informal reusable components and treating them like formal reusable components.

Deciding when to reuse

Before I automate a process I ask myself the following questions to prevent the “to narrow” and “to wide” blocking issues.

  1. How often do I perform the task?
    Once a day? Once a week? Once a quarter?
  2. How long does the task take?
    How long does the task take both for my self and the system running the process?
  3. Do others perform this task?
    Do they follow the same process?  Does variance in the process cause problems?  Do you have a way to push the automation out to others?
  4. How many decision points are there in the process?
    Decision points are a measure of the complexity of the process.
  5. Is the process static?
    Is the process still evolving?  If so how often does it change?
  6. Is it already automated?
    Oddly enough if you found it worthwhile to automate someone else may have already done the work.

Image result for thumb war

Taking responsibility

Image result for i didn't do it memeIssues 1 (lack of ownership) 3 (lack of awareness and documentation, and 6 (bugs) can be addressed by having a person or group who has the task of creating and maintaining components

The maintenance of the component has three primary tasks.  First, the creation of test cases to ensure the component continues to work as expected.  Second, updating the component to support new use cases.  Third, knowing when to “branch” components to keep them from becoming to complicated.


For some organizations allocating time to the development process can be the greatest hurdle to creating reusable components.  The time invested does not show an immediate return on investment and there are pressing deadlines.  However, if the rules of thumb in “deciding when to reuse” are followed the long-term benefits will outweigh the short-term cost.

Image result for give yourself time

Final thoughts

The final topic is how to encourage engineers to actually reuse the components.  This is, in part, dependent on how well the components are documented and how easy they are to accesses.  In the end, they need to understand how it benefits them; e..g less time spent “reinventing the wheel” and more time to work on their actual projects.