Main Content

Check for Specified Minimum and Maximum Value Violations

During a design error detection analysis, the software checks the specified minimum and maximum values on intermediate signals throughout the model and on the output ports. These values define the design ranges.

The analysis checks for specified minimum and maximum values on:

  • Simulink® block outputs, with the exception of the limitations described in the next section

  • Simulink.Signal objects

  • Stateflow® data objects

  • MATLAB® for code generation data objects

  • Global data store writes

If the analysis detects that a signal exceeds the design range, the results identify where in the model the errors occurred. In addition, you can generate a harness model that contains test cases that demonstrate how the error occurred.

Limitations of Checking Specified Minimum and Maximum Value Violations

To analyze a model checking if specified minimum and maximum values are exceeded, select Specified minimum and maximum value violations under Signal Range Errors in Design Error Detection pane.

The software cannot check minimum and maximum values specified on:

  • Any Mux block with an output connected to a Selector block

  • Merge block inputs

    To work around this limitation, use a Simulink.Signal object on the Merge block output and specify the range on the Simulink.Signal object.

Note

For information about how a Simulink Design Verifier™ analysis handles specified minimum and maximum values on input ports, see Minimum and Maximum Input Constraints.

About This Example

In this section, you create and analyze a model that has specified design minimum and maximum values on:

  • The input ports

  • The output ports of two of the intermediate blocks

The design error detection analysis identifies blocks where the output values exceed the design range. If the analysis detects this error, this example demonstrates how the analysis uses the specified minimum and maximum values when continuing the analysis.

Create the Example Model

Create the model for this example:

  1. In the MATLAB toolstrip, on the Home tab, select New > Simulink Model.

  2. From the Simulink Commonly Used Blocks library, add the following blocks to the model and assign the indicated parameter values.

    BlockTabParameterValue
    InportSignal AttributesMinimum0
    InportSignal AttributesMaximum5
    GainMainGain5
    GainSignal AttributesOutput minimum0
    GainSignal AttributesOutput maximum20
    GainSignal AttributesOutput data typeint16
    SaturationMainUpper limit25
    SaturationMainLower limit-25
    SaturationSignal AttributesOutput minimum-25
    SaturationSignal AttributesOutput maximum25
    OutportNo changes
  3. Connect the four blocks as shown.

  4. To display the specified minimum and maximum values, on the Debug tab, select Information Overlays > Signal Data Ranges.

  5. On the Modeling tab, click Model Settings.

  6. In the Configuration Parameters dialog box, on the Solver pane, under Solver selection:

    1. Set Type to Fixed-step.

      The Simulink Design Verifier software does not support variable-step solvers.

    2. Set Solver to discrete (no continuous states).

  7. On the Design Verifier pane, set Mode to Design error detection.

  8. On the Design Verifier > Design Error Detection pane:

    1. Select Specified minimum and maximum value violations.

    2. Clear the Integer overflow and Division by zero parameters.

    In this example, you check only for intermediate minimum and maximum violations.

  9. To save these settings and exit the Configuration Parameters dialog box, click OK.

  10. Save the model and name it ex_interim_minmax.

Analyze the Model

To analyze the example model to identify any intermediate signals that violate the specified minimum and maximum values, perform design error detection analysis.

On the Design Verifier tab, click Detect Design Errors.

After the analysis is complete:

  • The software highlights the model with the analysis results.

  • The Simulink Design Verifier Results dialog box opens and displays a summary of the analysis.

Review the Analysis Results

Review Results on the Model

In the model window, the Gain block is colored red and the Saturation block is colored green. This indicates that:

  • At least one objective associated with the Gain block was falsified. For this example, the analysis falsified exactly one objective.

  • All objectives associated with the Saturation block were satisfied. For this example, the analysis satisfied exactly one objective.

To understand these results:

  1. Click the Gain block.

    The Simulink Design Verifier Results window shows that the design range for the output was [0..20], but the analysis detected an error and generated a test case that demonstrates that error. Because the design range for the input block is [0..5], when the input to the Gain block is 5, the output is 25, which exceeds the specified maximum value on that port.

    The analysis computes and displays the derived range to help you understand how the design range was exceeded.

  2. Click the Saturation block.

    The Simulink Design Verifier Results window shows that the output of the Saturation block never exceeded the design range [–25..25]. The input to the Saturation block never exceeded [0..25], which is the derived range that the analysis propagated from the Gain block.

Review the Harness Model

When the analysis completes, you can create a harness model that contains the test cases that result in errors.

For the example model, view the test case that caused the design range error in the Gain block:

  1. After the analysis completes and the model is highlighted, select the Gain block.

  2. In the Simulink Design Verifier Results window, click View counterexample.

    The software creates a harness model named ex_interim_minmax_harness and opens the Signal Editor block in the harness model that contains the counterexample.

    In the Signal Editor block, one test case, whose signal value is 5, caused the output of the Gain block to be 25, which exceeds the specified maximum of 20.

  3. Before you simulate this test case, in the Configuration Parameters dialog box, on the Diagnostics > Data Validity pane, set Simulation range checking to warning or error.

    Setting this parameter specifies the diagnostic action to take if Simulink detects signals that exceed specified minimum or maximum values during simulation.

    • If you specify warning, the Diagnostic Viewer displays a warning message and continues.

    • If you specify error, the Diagnostic Viewer displays an error message and stops.

  4. Click OK to save your change and close the Configuration Parameters dialog box.

  5. In the toolstrip for the harness model, click Run all to simulate the model with this counterexample.

    As expected, the simulation displays a warning or error in the MATLAB window that the output value of the Gain block exceeds the specified maximum.

Review the Analysis Report

You can also generate an HTML report containing detailed information about the analysis for the ex_interim_minmax model. To create this report, in the Simulink Design Verifier Results window, click HTML. The analysis report opens in a browser.

In the analysis report, the Design Error Detection Objectives Status chapter of the report provides detailed results in two categories:

  • Objectives Proven Valid — The output values for the Saturation block are always within the design range.

  • Objectives Falsified with Test Cases — The output values for the Gain block violated the design range.