Confused by Simulink

The most common modelling tool in the automotive domain is Simulink. It started as a Matlab-based tool to graphically model and simulate differential equations needed in control design. Now it has expanded way beyond that to enable generation of production code for embedded controllers.

For someone like me, with a background in software and systems engineering and only the mandatory control engineering course, Simulink is confusing. Not the model elements as such, since it basically is an executable time-discrete data flow model. But the terminology used in the Simulink community is really confusing since they are using terms very common in software development, but with different meanings. I am not even sure the explanations below are valid...

Some examples:

• A layer in Simulink is not what what one usually calls a layer in software. What is called a layer in Simulink I would personally call a view since it adresss a specific concern, see some defintion of the J-MAAB layers here. But I have also seen a layer as something found at a certain level in a functional hierarchy (boxes in boxes...). Maybe these two even are the same in the Simulink world?
  A software layer would rather be called a subsystem in Simulink, but that is a generous interpretation from my side. (See Pattern-Oriented Software Architecture by Buschmann et al. for a definiton of software layer).
• There are classes and objects in Simulink. Data objects are used to "specify values, data types, tunability, value ranges, and other key attributes of block outputs and parameters", where blocks are the basic entities that one build the simulink model from.
  The Simulink software uses objects called data classes to define the properties of specific types of data objects." So in a sense the class is a template for the objects. On the other hand the data object does not specify a behaviour or input-output relationship. But classes seem also to be a special type of objects in thelast quote above. Ouch!
  Contrast this to common OO design where the class is the template for the object, which is the main item encapsulating both a behaviour and associated data. A block in Simulink most closely resembles a function in a procedural language such as C or Pascal.

Architectural modelling

To have a more formal definition of what I mean when talking about modelling an architecture (summarised from to IEEE 1471):

An architectural description is organized into one or more views.
A view may consist of one or more architectural models. Each such architectural model is developed using the methods established by its associated architectural viewpoint. An architectural model may participate in more than one view.
The viewpoint determines the languages (including notations, model, or product types) to be used to describe the view, and any associated modelling methods or analysis techniques to be applied to these representations of the view.

I am not against using models to represent architectural views, but there are some fallacies that often seem to happen when using various modelling approaches in architecture descriptions.

• The purpose of the architecture model is unclear (in 1471-terminology: It is not obvious what concerns the model addresses). UML is especially problematic since it provides notation that can be used for so many purposes. Read John Daniels paper Modeling with a Sense of Purpose as an introduction.
• Everything is modelled to the same level of detail. Not everything is equally important to know. For some parts of the system it is important for the architecture (and realisation of qualities) to know the details, for other parts it is not.
• Every part of the system must be represented in the architecture, for example if every class must be traceable from some element in the architecture. This could even be a rule of the architecture, "if it is not explicitly allowed it is forbidden". This reeks very much of waterfall mindset with the architects doing much of the design before any developers get involved. I think it is presumptuous  of the architects to claim to know everything that needs to be implemented.
• Modelling tools always demands a precision in notation, which is not always desirable when sketching an architecture. You cannot model "sort of a class", or "could be a function" when using a tool, which is possible on a whiteboard or a napkin. In a tool it has to be a class, a function or a package, not something in-between.

What is a model?

My previous post got me thinking about what a model is and why we model. I think everybody agrees that a text specification written in Word is not a model, while something in UML is.

The Cambridge Advanced Learner's Dictionary defines a model as

A representation of something, either as a physical object which is usually smaller than the real object, or as a simple description of the object which might be used in calculations.

I like the informal definition I heard from Jon Whittle last week: A model is an abstraction of the real thing for a specific purpose. However with this definition even a specification document written in Word will be a model and I don't think that makes sense.
Mellor et al. defines a model (Ludewig defines even more formal criteria):

A model is a coherent set of formal elements describing something (for example, a system, bank, phone, or train) built for some purpose that is amenable to a particular form of analysis, such as...

With this definition it is quite easy to exclude a Word document as a model, since it isn't composed of formal elements. It can incorporate diagrams based on a model, e.g. a class diagram from an UML model, but not the model itself.

In addition to this there should be a purpose with the model. John Daniels identifies three different types of models, each with a different purpose:

• Conceptual model
• Specification model
• Implementation model

When reading the article it is obvious that just by stating one has a UML model or a Simulink model really does not say anything about the purpose. What I am curios about is if one is using the same model for different purposes? Is it possible to use a model for completely different purposes with any degree of efficiency and quality? I am not talking about a transformation from one model to another, for example code generation or MDA. Do you use the same Simulink model for both conceptually understand the problem, specify properties of the solution and describe the implementation?

I had great help from my colleague Niklas Mellegård in his licentiate thesis Method and Tool Support for Automotive Software Engineering, which is defended on Thursday 30 September at 13:00 in room Torg 2, Patricia building, Lindholmen. Discussion leader will be Prof. Martin Törngren, Dept of Machine Design, Royal Institute of Technology.

Do you use model based development?

I heard an interesting keynote speech from Jon Whittle this morning with the title The Truth About Model-Driven Development: Who's doing it, how and why?
He presented some findings on experiences from using model-based development in industry from the EA-MDE project. I talked to him afterwards and there apparently had only been one automotive company in the study, and I personally think that the conclusions might have been different if they were more data from them. If you are working model-based in your company and want to participate in the study you can do so by answering the questionare on the project web site.
One benefit of model-based development which I expected to see in the study was that it allows domain experts to actually do implementation, for example can chassis control experts actually do code for use in ECUs.
Note: You can substitue model-based development with several other acronyms and Jon's study is still relevant; MDD, MBSE, MDA, ...

I find this study to be similar to what Sascha Kirstan is working on in the automotive industry. I participated in Sascha's study this spring and just got a report with preliminary results, which I haven't had the time to read yet. I sure hope these two researcher will look at each others result and see if they can corroborate their findings or if they are contradictions.

Jon concluded his talk with the top ten tips for companies wanting to adopt model-based development and here they are (but to truly utilise them you must know a lot more about the context where they were found):

1. Keep the domains (modelled, I assume) tight and narrow.
2. Target well known domains.
3. Put MDD on the critical path (he means that pilot projects never get sufficient attention and resources).
4. MDD works best form the ground up.
5. Be careful of gains that are offset elsewhere.
6. Don't obsess about code generation.
7. Not everyone can think abstractly.
8. Most projects fail at scale-up
9. Match tools and processes to the way people think, not the other way around
10. Ok, there was only 9...

Seminar: Development of AUTOSAR compliant Control Units with Model-Based Design

I have just attended a joint presentation from MathWorks and Vector about model-based development of AUTOSAR Software Components. Besides the fact that I won a t-shirt (I'm still unsure if it was for the most stupid question or the first really interesting question) it was very interesting to hear both what they had to say and what others in the 80+ crowd had for questions.

Here are some spontaneous observations I wrote down while listening to the speakers (the keyword is spontaneous):

• Vector works actively with the following OEMs to implement AUTOSAR in their vehicles: Audi, BMW, Daimler, VW and Volvo Group. The first vehicles will be on the market in 2010.
• Diagnostics is usually very hardware dependent. How can this be implemented as re-allocatable software components?
• A likely scenario is to have a hierarchy of S/W-C (i.e. composite components) and not a "flat" structure as one would believe by just reading the AUTOSAR specs.
• A prerequisite for ECU modelling are the defined system signals (what we would call the signal database at Volvo Cars). But one difference to what I think is most common now is that the "signals" as seen by the S/W does not need to agree name-wise with what is defined in the signal database.
• Structure begets function! For me as an architect this is completely natural, but there seemed to others in the audience who thought that was an unnatural way to do things (i.e. structure follows function instead). But suggested common process when starting afresh was to define the ECU structure of S/W components in daVinci and the import that into Simulink to fill it with behaviour (functionality).

I also had some tool specific observations:

• The tool and process demonstration was very focused on function development. Other aspects, such as variability, redundancy and memory management (non-volatile memory), was not discussed. My guess it has to do with the background of the companies and their products, e.g. none of these aspects can be addressed in Simulink.
• Structure is not defined in the simulation tool (i.e. Simulink) but is done before algorithms are defined.
• The vector tool DaVinci Developer takes the XML output from the AUTOSAR system configuration, it is not an system design tool but an ECU design tool.
• The AUTOSAR run-time environment (RTE) can only be approximated in Simulink and not simulated. So any simulation in Simulink is not telling much of how the software behaves on an actual ECU. But this is note very different from today, even if I know of people code-generating from Simulink believes otherwise.

I think all the presentations will be available on-line, if I understood the organisers correctly.

My suggestion is that anyone who has a background in programming embedded systems should (must) look at real examples of XML-files that are the result from the AUTOSAR process and the associated .c and.h-files for S/W-C and RTE. At least for me it made the difference of understanding what AUTOSAR is really about. And it makes even more sense if one remembers that AUTOSAR allows you to build your ECU with already compiled S/W-C, i.e. where the source code is not available. For controls-people only familiar with equations and Simulink I guess the threshold of understanding is quite steep.

I would also suggest anyone who wants a short pocket summary of AUTOSAR to order the booklet "AUTOSAR Glossary" from Vector (bilingual in English and German). I probably shot my credibility as an independent researcher by suggesting this...