Oct.10 Am - Bernard Dion - A Model-Based Approach for the Design of Avionics Systems and Embedded...

© 2013 ANSYS, Inc. October 2, 2013 1 © Esterel Technologies - An ISO 9001:2008 Certified Company - Confidential & Proprietary

A Model-Based Approach for the Design of Avionics Systems and Embedded Software

Bernard Dion

CTO, Esterel Technologies

SafeMOVE 2013

Beijing


Agenda

• Challenges in Aerospace

• Simulation-Driven Product Development (SDPD)

• System Functional, Architecture, and Data Modeling

• Embedded Software Modeling, Implementation, and Certification (DO-178C)

• Physical Modeling and Co-simulation with the Embedded Software

• Deployment of the Applications (IMA, ARINC 661, TTEthernet, etc.)

• System Certification (ARP 4754A, ARP 4761, DO-297)

• Conclusions


Challenges in Aerospace


Systems and Embedded Software Challenges in Aerospace

Embedded code and system simulation challenges:

• Companies are faced with the need to develop software solutions with increasing functionalities and requirements, including Interactive Cockpit Displays and IMA compliant Controls applications

• Interdependency among subsystems and complexity drives the need for model-based systems engineering solutions

• Need to incorporate hardware behavior (plant model) during software simulation, driving the need for integrated multi-physics and software simulation

Embedded code production/generation challenges:

• High cost of manually producing millions of lines of embedded C code

• High cost of testing and verifying manually generated code

• High cost for obtaining DO-178B/C certification for mission-critical applications


Software and Electronics Predominant in Product Architecture

Mechanical/Fluid

Electrical & Electronics

Software

Mechanical/Fluid Software

Electrical & Electronics

Mechatronics

Manage Complexity

• to design innovative, market leading products

Coordinate Interdisciplinary

Engineering

• to reduce design changes and development costs

Perform Early and Reliable verification

• to deliver high quality, safe, and reliable products to the market faster


Systems Engineering Practices Systems

Architects

Engineering Groups

Validation Groups

Requirements and Functional Design Best Practices

• Requirements analysis • Requirements traceability • Variant management • Operational and usage analysis • Functional decomposition • Functional simulation • Architectural design & selection • Rapid prototyping

Integration and Validation Best Practices

Virtual: • Virtual system integration &

simulation • 0D – 3D co-simulation • Reduced order modeling Physical: • Component Hardware testing • Calibration Mixed: SiL, HiL

Detailed Design and Optimization Best Practices

Hardware Design • CAD • Single physics • Multi-physics • Optimization

Electronics Design • ECAD • EDA • Circuit analysis • 3D physics • Multi-physics • Optimization

Software Design • Model-based controls design • Model-based display design • Automatic code generation and

certification • Software configuration

management


Simulation-Driven Product Development (SDPD)


Systems Functional Engineering

Functional Allocations

Detailed Architecture Architecture

Detailed 3D Multiphysics

Maxwell

Fluent

Mechanical

Simplorer

Software Engineering

Simulation-Driven Product Development

System Validation

Sub-System Integ. & Verification

Component Integration

& Verification

Requirements and Specifications

Sub-System Design

System Functional & Architectural Design

Mechanical Electrical Software

Detailed Design & Optimization


System Functional, Architecture, and Data Modeling


Typical Systems Engineering Documents

Function Float_CP EMERGENCY_ FLOATATION_ UNIT

AMC2 Rh_ASU LL_AU WIS1

To acquire inflation command

To detect helicopter immersion

To acquire the information to authorize or not the inflation

To compute conditions to enable/disable inflation

To inflate the floats

Physical interfaces Functional interfaces

DI_IPB_WATER_DETECTED Water_Immersion; Immersion_status

RT_WIS1_SENSOR

Water_Immersion; Immersion_status; Height above water; ON_GND_Detection; Airspeed

LH Jettison

N/A

RH Jettison

N/A

PW_FRONT_LH_CARTRIDGE1

Trigger_Bottle

PW_FRONT_LH_CARTRIDGE2

Trigger_Bottle

Functional

Design

Architectural

Design

Functions & Interfaces

Allocation

Requirements

Data


System Functional and Architectural Modeling

SCADE System tool created in close collaboration with early adopters

• SysML subset selected • Eclipse/Papyrus basis in Listerel

laboratory • UML complexity hidden from

System Engineers • Model API in Tcl, Java and OCL • User interaction in AGeSys

project

System modeling aspects

• Functional modeling • Architectural modeling • Allocation of functions onto

architecture components • Data modeling • Traceability to higher-level

requirements


System Functional & Architectural Design

Requirements and Specifications

Start from System Requirements

Typically stored in Word®, DOORS®, Excel®, etc.


System Functional Modeling


System Architectural Modeling

Architectural decomposition

• Contains both physical and software blocks

• May have several levels – Abstract – Deployed on a particular

architecture (e.g. IMA) • Needs data modeling (see next

slides)


Allocating Functions to Architecture Components

Allocations table have been implemented in SysML


SCADE System Allocations


Modeling System Data

Need for a “Data-Based” Representation

• Better independence between the architecture and the information managed by the system

• The data may exist prior to the architecture design

• Industrial practice: ICD (Interface Control Document) –Detailed Specification of the interfaces at all levels

–ICDs from previous projects reused to initialize new ones

Import/export of data between existing data bases and SCADE System is needed


Importing/Exporting Data Dictionaries

Interface to existing data bases through .csv format

- Creates data, - Binds names to existing information e.g. datatype

<Ctrl> c

<Ctrl> v


Modeling System Data

Exchange of information between functions or architecture items


Traceability to Higher-Level Requirements

Link to Requirements Management (RM) tools and more generally to PLM/ALM tools


Embedded Software Modeling, Code Generation, and DO-178C Certification


Certified Embedded Software Implementation

• Formally defined and fully deterministic notation

• Nested state machines and block diagrams

• Hierarchy and parallelism

SCADE for software modeling

• Automatic source code generation from software model

• Model simulation

• Model coverage analysis

• Host and target testing

Complete qualified toolchain for software implementation


Code Generation with SCADE Suite KCG […]

void Button_ABC_N(inC_Button_ABC_N *inC, outC_Button_ABC_N *outC)

{ /* ABC_N::Button::SM1::SSM_SM1_dispatch_sel */ SSM_Button_SM1_ST SSM_SM1_dispatch_sel; if (outC->init) { outC->init = kcg_false; SSM_SM1_dispatch_sel = SSM_SM1_Unselected__ABC_N; } else { SSM_SM1_dispatch_sel = outC->M_pre_; } switch (SSM_SM1_dispatch_sel) { case SSM_SM1_Locked__ABC_N : outC->foreground = white_ABC_N; outC->background = green_ABC_N; if (inC->Unlock) { outC->M_pre_ = SSM_SM1_Preselected__ABC_N; } else { outC->M_pre_ = SSM_SM1_Locked__ABC_N; } break; case SSM_SM1_WaitUnlock__ABC_N : outC->foreground = black_ABC_N; outC->background = grey_ABC_N; if (inC->Unlock) { outC->M_pre_ = SSM_SM1_Unselected__ABC_N; } else { outC->M_pre_ = SSM_SM1_WaitUnlock__ABC_N; } break; […]

<SM1>

Unselected

f _none

b_none

f oreground

background

Locked

f oreground

background

white

green

Preselected

y ellow

white

background

f oreground

WaitUnlock

grey background

black f oreground

1

Lock

bk_color

f r_color

1

Unlock

f r_color

bk_color

2

Any

1

Unlock2

Button

1

Lock

f r_color

bk_color

bk_color

f r_color


The New DO-178C Documents

Airborne (DO-178C)

OOT/RT

(DO-332)

MBDV

(DO-331)

FM

(DO-333)

TOOLS

(DO-330)

Ground (DO-278A)

FAQ, DP

(DO-248C)


SCADE Suite KCG DO-178C Certification Kit

• The SCADE Suite KCG certification kit provides all the artifacts produced by Esterel Technologies during the development of the tool, and required by certification authorities in DO-178C for a software tool qualified at TQL-1 for DO-330: o Tool Qualification Plan (TQP)

o Tool Operational Requirements (LRM and KCG TOR)

o Tool Requirements (TR)

o Tool Installation Procedure (TIP)

o Version Content (VC)

o Tool Configuration Index (TCI)

o Tool Accomplishment Summary (TAS)


Physical Modeling and Co-simulation with the Embedded Software


Physical Systems Simulation

• Through acausal modeling based on conservative laws of physics

• Modeling can be achieved by connecting physical components

Need natural and flexible modeling

• FMI provides efficient and standards co-simulation

Need to co-simulation physical and software models

• VHDL/AMS for the more electical/electronics components

• Modelica for the more mechanical components

Need multi-disciplinary modeling

• Direct link to 3D simulation

• And Reduced Order Models (ROM) allow efficient multi-scale simulation

Need multi-scale modeling


System Simulation with Simplorer

Simulation Data Bus/Simulator Coupling Technology

Matlab

C/C++

User Defined

Model

Circuits: States:

Electromagnetic

(FEA)

Mechanical

(FEA)

Model Extraction: Equivalent Circuit, Impulse

Response Extracted LTI, Stiffness Matrix

Fluidic

(CFD)

VHDL-AMS

IF (domain = quiescent_domain)

V0 == init_v;

ELSE

Current == cap*voltage'dot;

END USE;

Blocks:

Thermal

(FEA/CFD)

Matlab

Simulink

Co-Simulation

RBD

Maxwell

CFD


Build the System Model


Couple 0D and 3D Accurate Simulation

Induction Electric Motor FEA (3D) coupled with Simplorer (0D)

FEA

PhaseA1

PhaseA2

PhaseB1

PhaseB2

PhaseC1

PhaseC2

Rotor1

Rotor2

w +

ICA:

1400 rpm

LL:=237.56u

RA:=696.076m

B6U

D1 D3 D5

D2 D4 D6

2L3_GTOS

g_r1

g_r2

g_s1

g_s2

g_t1

g_t2

~

3PHAS

~

~

A * sin (2 * pi * f * t + PHI + phi_u)

PHI = 0°

PHI = -120°

PHI = -240°

LDUM:=100m

CDC:=10m

LDC:=10m

RDC:=10

VZENER:=650

AMPLITUDE := 800 V

FREQUENCY := 60 Hz

-297.50

300.00

-200.00

0

200.00

0 100.00m 50.00m

LA.I [A]

LB.I [A]

LC.I [A]

FREQ := 800 Hz

AMPL := 800

PHASE := 0 deg

AMPL := 500

PHASE := -315 deg

FREQ := 50 Hz

PHASE := -195 deg

PHASE := -75 deg

SA

SB

SC

G_R1 := SA.VAL

G_R2 := -SA.VAL

G_S1 := SB.VAL

G_S2 := -SB.VAL

G_T1 := SC.VAL

G_T2 := -SC.VAL

+

V

Name Value

SIMPARAM1.RunTime [s] 111.29k

SIMPARAM1.TotalIterations 40.51k

SIMPARAM1.TotalSteps 10.00k

FEA1.FEA_STEPS

-500.00

1.50k

0

1.00k

0 100.00m 50.00m

100.00 * LD.I [A]

VDC.V [V]

-715.00

425.00

-500.00

0

0 100.00m 50.00m

Current Torque

Speed

Fed by ac-dc-ac inverter

Frequency controlled speed


Perform More Efficient Simulation with Reduced Order Models (ROM)

ROMs can be automatically generated for Mechanical, Fluids, Electromagnetism


Co-simulation between 0D Model and Embedded Software

Physics Models in Simplorer (VHDL/AMS), Software Models in SCADE, coupled through FMI


Simulation Driven Product-Development (SDPD)


Deploying the Applications

- ARINC 653 (IMA) - ARINC 661 - TTEthernet - etc.


SCADE Solutions for IMA


IMA Challenges

• Manage complexity of system Integration

• Ensure determinism of the system behavior

• Manage System / Software communication and synchronization

• Capability to perform testing early in the process

• Automate IMA configuration tables generation

• Certification according to DO-178B/C and DO-297 (IMA)


• System Architect Designer and Integrators – Architecture, Integration, Platform Acceptance, System Acceptance

• Application Suppliers – Application, Application Acceptance

• IMA Platform Suppliers – Hardware resources and Software drivers

• ARINC 653 OS Suppliers – Ensure Time and space partitioning – Access to hardware resources in an abstracted manner (APEX interfaces

standard)

• Certification Authorities – Certification of Modules, Platform, Apps, System

The Stakeholders in an IMA Program


IMA Workflow

IMA HW Platform (CPU, I/O, Networks: AFDX, ARINC 429…)

IMA Operating System

IMA Configuration

Table

Application2 (e.g. FCS)

Application3 (e.g. TCAS)

Application1 (e.g. FMS)

Partitions

Manual or legacy Code

IMA Usage Domain (Plaform Constraints)

IMA Platform provider

Partitions

Partitions

A653 API


SCADE Solutions for ARINC 661


The ARINC 661 Use Model

UA SUPPLIER

Embedded IMA System (Logics)

Embedded Cockpit Display System

(Graphics)

A661 RunTime Server

UA2 (e.g. ATC)

UA3 (e.g. TCAS)

UA1 (e.g. FMS)

0110101

0100011

1001010

1000101

0111101

Binary Definition Files

Set Parameter

Notify

A

R

I

N

C

6

6

1

Pilot inputs

CDS SUPPLIER


Embedded IMA System (Logics)

SCADE Solutions for ARINC 661 Cockpit Display System: Configurable ARINC 661 Server Generation

Embedded

Cockpit Display System

(Graphics)

Request

/Notify

Widget

Creator

Embedded

A661Server

Configurable

A661 Server

+ Widget Library

UA SUPPLIER(s) / AIRFRAMER CDS SUPPLIER / AIRFRAMER

UA Logic

(SCADE Suite)

UA Page

Creator Logic /

Graphics

Coupling

Code

C

SCADE Suite

KCG

DF

XML BIN

SCADE

UA1 (e.g. FMS)

SCADE

UA2 (e.g. TCAS)

Other

UA3 (e.g. ATC)

Custom A661

Widget Library

Custom A661

Widget Library

C

Server Creator (feat. SCADE Suite & Display KCG)

A661

Widget

Library

Custom

A661 Widget

Library

A661 Conf

UA

Adaptor

UA DF

Generator

A

R

I

N

C

6

6

1

http://www.esterel-technologies.com/products/scade-suite/

http://www.esterel-technologies.com/products/scade-display/

http://www.esterel-technologies.com/products/scade-suite/

http://www.esterel-technologies.com/products/scade-display/


SCADE Integration with TTEthernet


SCADE – TTEthernet Implementation End System

SCADE System

TTE Plan Network Definition

XML

SCADE Suite

TTE Build NC

TTE Build DC

VxWorks 653

Single Board Computer

P1 P2 P3 P4 P5 … Px

PMC card Binary

Ha

rdw

are

S

oft

ware

© by TTTech


Achieving ARP 4754A System Objectives with SDPD


What is Systems Engineering?

• “Systems engineering is an interdisciplinary approach and means to enable the realization of successful systems.

• It focuses on defining customer needs and required functionality early in the development cycle, documenting requirements, and then proceeding with design synthesis and system

validation while considering the complete problem: operations, cost and

schedule, performance, training and support, test, manufacturing, and disposal.

• Systems engineering considers both the business and the technical needs of all customers with the goal of providing a quality product that meets the user needs.”

INCOSE (International Council on Systems Engineering)


ARP4754 Guidelines and the other Aeronautics Safety Standards

• The global picture


ARP-4754A Integral Processes Development Assurance

Level Assignment

Safety Assessment

Certification Coordination

Requirements Capture

Requirements Validation

Configuration Management

Process Assurance

Implementation Verification

Item Development

System Development

Aircraft Function Development


ARP-4754A: Development AND Safety

System Development Process Safety Assessment Process

FHA Functional

Hazard Analysis

PSSA Preliminary System Safety Assessment

SSA

System Safety Assessment

Certification

Aircraft Function Development

Allocation of System Requirements to Items

System Implementation

Allocation of Aircraft Functions to Systems

Development of the System Architecture

Implementation

Aircraft Functions

System Functions

Safety Requirements

Item Requirements


ARP 4754: SCADE MBSE V-Cycle: Focus on Simulation Driven Product Development (SDPD)

Requirements Validation

Architecture Validation

Architecture Definition

Functional Decomposition

Allocation of Functions to Items

Modeling and Simulation

of Items

Integration

System Verification

Virtual

Virtual

Simulation Driven Product

Development

Simplorer Simplorer

Allocation of Requirements to Items


Virtual Integration: Simplorer / SCADE

1

MOD_CNT_RIPPLE

6 0

1

drv ::BLDC_PWM

1000

PWM1

PWM2

PWM3

PWM4

PWM5

PWM6

1

drv ::HALL

HallA

HallB

HallC

FBY1

10

duty

new_pwm_cycle

1

MEM

1000

Init Write

new_pwm_cycle

duty

<ElectricTorqueRegul>read_ish

unt

read_ish

unt

duty_pid

Ishunt3

A bs

CurrentSet3

PID

3 1 0 1 1000 1

read_ishunt

last 'duty_pid

1

drv ::SpeedCalcHallB

HallC

HallA

speed

mod_countermod_counter

BLDC Motor Controller In SCADE Suite

Co-Simulation

Simplorer


New System Engineering Handbook


Conclusions


Benefits of the proposed Model-Based System and Software Engineering Approach

• Time-to-Certification Speed up

targeted 2X

• Development Costs Reduction

targeted 50%

• Model-Based Systems Engineering

• Model-Based Embedded Controls

development

• Integrated Multi-physics and Software

simulation (SDPD)

• Automated Deployment of Applications

Product

Development

Process

Improvements



Thank you!

Date post:	31-Dec-2015
Category:	Documents
Upload:	prakasa88
View:	26 times
Download:	4 times