1. Field of the Invention
This invention generally relates to simulation technology, and more particularly to a simulation technology that improves efficiency during verification operations.
2. Description of Background
Traditionally multiprocessor systems, such as those used in scientific fields that require complex computations, include multiple processors. In handling such complex computations, many application programs are created that need to be then allocated to individual processors. The processors, in turn, not only have to handle the processing task but also perform other functions such as simultaneously communicating with one another. The complexity of such an arrangement creates many challenges. Since system reliability is key, accuracy and process execution has to be tested and ensured but doing so is often cost prohibitive.
In recent years, simulation has provided a more cost effective option when designing and testing such complex operations. The technological advancements in the field enables incorporation of better tools that aid such simulation. For example, simulation software can be used in robotics, mechatronics and even plant operations in a variety of industries including but not limited to automotive and aeronautic industries. This is especially relevant when electronic components are involved as those used in a robot, an automobile, or even an airplane. These electronic components can easily be duplicated or design controlled by simulation.
Even when the products are largely mechanical in nature, the still incorporate large amounts of control software that can be simulated ahead of time. Therefore, simulation can help both in shortening the long development cycle and reduce enormous cost and resource needs (i.e. large pool of manpower) associated with a variety of product development cycles.
A conventional simulation technique, used particularly in product testing, is known as “Hardware In the Loop Simulation” or (HILS). In automotive and other similar industries, HILS can be used to test all electronic control units (ECUs). Such an application is often referenced as a full-vehicle HILS. In full-vehicle HILS, a test is conducted in a laboratory according to a predetermined scenario that involves connecting a real ECU to a dedicated hardware device that emulates a variety of components, for example, an engine or a transmission mechanism. The output from the ECU is then used as an input to a monitoring computer, which is ultimately displayed, such as on a display device, to allow checking of any abnormal activities.
One shortcoming of prior art, especially as associated with techniques like HILS, is that actual and often dedicated hardware devices still needs to be used in the testing process. In addition, hardware devices have to be physically wired to the real ECUs, which provides particular challenges as preparation time and procedural steps can become extensive. Furthermore, some tests require the replacement of one or more ECUs with others, during the testing process, requiring the device and the ECU to be physically reconnected one or more time. This causes further delays and necessitates additional resources, at cost, to be used during the overall process. Most such tests also use real components such as ECUs that add even additional time and expense to the testing process.
To reduce the time and resources needs, including hardware device needs, software oriented programs and algorithms have been used more extensively in conjunction with simulation. One such popular simulation is known as is Software In the Loop Simulation or SILS. SILS uses software simulation to configure components to be mounted in the ECU, such as a microcomputers, I/O circuits, engines, transmissions and such that is necessary for control operations of processes used in a number of applications including design and manufacturing plants. SILS enables the necessary tests to be conducted without hardware requirements such as existence of ECUs.
A number of simulation modeling systems can also be utilized to provide operating and a system support for SILS. One such example is MATLAB®/Simulink® available from Mathworks Inc. FIG. 1B is a prior art illustration of a system, such as MATLAB®/Simulink®, used to provide support for SILS. In this example, functional blocks are arranged on a screen through a graphical interface as shown in the figure. The flow of processing as indicated by arrows is specified, thereby enabling the creation of a simulation program. The diagram of these blocks represents processing for one time step of simulation. This step can be then repeated at predetermined times so that the time-series behavior of the system to be simulated can be obtained with some accuracy.
After the block diagram of the functional blocks is created, it can be further converted to source code selectively in a computer language of choice, such as C. In one example, this can be easily achieved by using functionality from available products such as Real-Time Workshop®, as known to those skilled in the art. This C or other such source code is then compiled such that simulation process can be performed as SILS on another computer system.
The above solutions while providing alternative solutions to design and production cycle issues, still does not describe and address the safety testing concerns. The safety of the entire system as well as one or many of the created multiple functional blocks thus created and designed needs to be tested or somehow ensured before implementing it on a real machine. For example, a slight inaccuracy in an engine design can cause a rapid rise in its revolution, affecting the safety and reliability of the whole system (i.e. vehicle etc.)
To understand the importance of this concept, FIGS. 1A and 1B are block diagrams designed to pinpoint such issues. FIG. 1B shows an example of an unsafe system having a controller block 110 and a plant block 112. In the system of FIG. 1B, an actual output 116 diverges with time from an expected output 114 as shown. If such an unsafe condition occurs in a control system for an engine or brake, it means that a dangerous situation will be created. Therefore, there is a need for a technique for predetermining that the simulation system is unsafe.
FIG. 1A, by contrast, depicts a desired system that can operate safely. As shown, the example of FIG. 1A provides for a controller block 102 and a plant block 104. In the system of FIG. 1A, an actual output 108 once deviates from an expected output 106 as shown, and converges with time to follow the expected output. According to the modern control theory, the safety of the simulation system can be determined without operating the real machine. It would be desirous, therefore to have such a system as indicated earlier.
Prior art has struggled with providing practical solutions that can duplicate the theoretical approach shown in FIG. 1a. Prior art FIGS. 2-5 as will be discussed relate to such unsuccessful attempts.
FIG. 2, is an illustration of a prior art attempt that unfortunately only provides a solution in a limited number of cases. To provide an understanding of problems associated with FIG. 2, it needs to be examined in conjunction with FIG. 3. Referring back to FIG. 2, however, a discussion of the system needs to first be made.
In FIG. 2, a system is provided having a controller block 202, an actuator block 204 and a plant block 206. Output 210 is provided and compared with respect to an expected output 208. As shown, the controller block 202 and the actuator block 204 are converted into a flow graph 212 based on the block description. Here, “u” reflects the input and “y” is the output. Subsequently, a state matrix 214 is determined relating to the operation of the simulation system in the form of a matrix differential equation which is a function of time. The state matrix 214 is then converted into an eigenvalue matrix 216 according to a predetermined algorithm, and the simulation system is determined to be safe if the real parts of diagonal elements in the eigenvalue matrix 216 are all zero or less. Unfortunately, this application only provides accurate safety predictions in case of linear control systems as will be discussed now in relation to FIG. 3.
FIG. 3 illustrates a block diagram having a system with a controller block 302, an actuator block 304, a saturation block 306 and a plant block 308. The system operates such as to provide an actual plant output 312 with respect to an expected output 310. However, the plant output 312 diverges as shown. It is thus impossible to apply the safety determination method of FIG. 2 with any expectation of accurate safety prediction to this scenario. This is because of the existence of the nonlinear saturation block 306. Hence, as suggested earlier, the state matrix as a prediction tool is only usable in applications having linear control systems.
Some prior art methodology attempt to resolve this issue by utilizing a switched linear system method such as depicted in prior art FIG. 4. However, as will be discussed, this solution also has its own set of problems.
FIG. 4, is a block diagram illustration of a prior art system attempting to resolve the nonlinear system problems by dividing the nonlinear elements in the model into multiple regions (sometimes known as plural linear regions.) This results in a state transition diagram 310 that includes a portion 312 having three states 314, 316 and 318. Each state corresponds to cases with different values (equations) provided respectively to portion 312 of the state transition diagram 310. Of special importance is the value x2 that is inputted into the nonlinear block 306, to determine what state the nonlinear block 306 can take. In this way, the system of FIG. 4 can be considered to include three quasi-linear state transition diagrams. This is to provide safety determinations using the state matrix with three state transition diagrams. Thus, the system of FIG. 4 alternates between a safe state 314, an unsafe state 316 and another unsafe state 318 depending on the input value x2 as provided to the nonlinear block 306. In this way, even if a nonlinear block is included in the system (since plural state matrices are created depending on the conditions), safety conditions can be determined somewhat accurately.
Nonetheless, this solution still leaves another problem. Generally in most systems, there are multiple nonlinear blocks in one simulation system. The example of such a system is provided by way of example in FIG. 5 to aid understanding.
In FIG. 5, blocks 502, 504 and 506 are each representative of nonlinear block arrangement. Let us assume that each nonlinear block can be approximated in a switched linear system (for switching among three states.) In such an example, if the number of nonlinear blocks is N, the number of states will be 3N. Therefore, the number of transitions among states is 3N(3N−1). Even if N=5, the number of transitions among states will be about 3.4×109, a number that is too high to provide for actual practical testing of the variations. In reality, in case of most actual systems to be tested, the number of nonlinear blocks is often much more than the value discussed (N=5). Thus, a significant challenge emerges regarding how to conduct a reasonable test in a simulation system including multiple nonlinear blocks. Unfortunately, no known technique are currently known or presented by the prior art that can overcome such a combinatorial explosion problem.
Consequently, a system and method is desired that can test for simulation systems with multiple linear blocks efficiently.