Industrial-scale automotive control systems are developed using model-based design (MBD). In model-based design, the designer first captures the dynamical characteristics of the plant, such as the physical parts of the system using differential, logical, and algebraic equations. This is collectively called the plant model, and examples include: model of the turbo rotational dynamics, the thermodynamic model of sub-systems within the engine, and atmospheric turbulence models. Based on certain high-level and often vaguely defined requirements, the designer then writes an executable specification model of the controller using block diagrams. Examples of informal requirements include, “better fuel-efficiency,” “better performance,” “lower emissions,” and “resistance to turbulence.” This step is followed by system testing, normally done as extensive simulations of the closed-loop system, which includes the plant and the controller with the goal of determining the time (or frequency) domain responses of the closed-loop system to complex sets of time-varying inputs. The process of validation then ideally requires the designer to determine if the time (or frequency) domain responses of the closed-loop system are consistent with the design goals or requirements. Otherwise, the model is corrected so that it meets its requirements
In the MBD process, requirements are often either informally expressed in natural language or at times even left unspecified. It is usually assumed that the control designer has sufficient domain expertise to determine the quality of the design by simply looking at the simulation results. As a consequence, most formal validation approaches reduce to just checking code coverage against established coverage metrics for the controller code, while largely ignoring the closed-loop characteristics of the system.