MATLAB EXPO 2016 ZODIAC AEROTECHNICS
Page 1 – June 21st 2016 – Paris Proprietary document. All rights reserved.
Zodiac Aerospace
Model Based Design and DO Toolkit:
steps forward to certification of a fuel cell system control software
MATLAB EXPO 2016Paris
June 21st 2016
Loïc BOUILLO
MATLAB EXPO 2016 ZODIAC AEROTECHNICS
Page 2 – June 21st 2016 – Paris Proprietary document. All rights reserved.
Zodiac Aerospace belongs to World’s top 10 equipment
manufacturers
€4.9bn sales in 2014/15
35,000 employees worldwide
3 branches + 1 aftermarket activity Cabin, Seats, Systems + Zodiac Aerospace Services
Zodiac Aerospace at a glance
MATLAB EXPO 2016 ZODIAC AEROTECHNICS
Page 3 – June 21st 2016 – Paris Proprietary document. All rights reserved.
@ anode H2 2H+ + 2e-
Electrons flow through
electrical loads
@ cathode O2 + 4H+ + 4e-
2H2O + Heat
Introduction to fuel cell systems
MATLAB EXPO 2016 ZODIAC AEROTECHNICS
Page 4 – June 21st 2016 – Paris Proprietary document. All rights reserved.
Project Objectives
H2
Air / O2
Electricity
Heat
Water
Oxygen Depleted Air
MATLAB EXPO 2016 ZODIAC AEROTECHNICS
Page 5 – June 21st 2016 – Paris Proprietary document. All rights reserved.
Project Overview
Q3 Q4 Q1 Q2 Q3 Q4 Q1 Q2
Batch1
Batch2
Batch3
Planning
Valorization concepts definition Benshmarking and pre-design of valorization systems
Hydrogen production and logistics up to the airportlogistics inside the airport
and impact evaluation on
airport operation
Technical-and-economic
analysis
2014 2015 2016
Design at system level Design at sub-systems level Design at components level
Consortium
Objectives
Identify, evaluate and maturate technologies in order to design a
Galley in a single aisle aircraft equipped with an Integrated Fuel
Cell System (IFCS).
Assess how to valorize the fuel cell system by-products (Heat,
Water and Oxygen Depleted Air) to increase its total efficiency.
Prepare the market penetration strategy by analyzing the
hydrogen logistics in an airport and realize a technical-and-
economic analysis.
PACAERO is an R&T project co-funded
by the DGAC (French Civil Aviation
Authority) and executed by a consortium
composed of the following French
companies
WP1
WP2
WP3
MATLAB EXPO 2016 ZODIAC AEROTECHNICS
Page 6 – June 21st 2016 – Paris Proprietary document. All rights reserved.
Challenges
Fuel cell efficiency depends on many parameters
H2
MANAGEMENT
SYSTEM
AIR
MANAGEMENT
SYSTEM
ELECTRICAL
POWER
MANAGEMENT
SYSTEM
THERMAL
MANAGEMENT
SYSTEM
BY-PRODUCTS
MANAGEMENT
SYSTEM
Safety
issues
MATLAB EXPO 2016 ZODIAC AEROTECHNICS
Page 7 – June 21st 2016 – Paris Proprietary document. All rights reserved.
Challenges
H2
MANAGEMENT
SYSTEM
AIR
MANAGEMENT
SYSTEM
ELECTRICAL
POWER
MANAGEMENT
SYSTEM
THERMAL
MANAGEMENT
SYSTEM
BY-PRODUCTS
MANAGEMENT
SYSTEM
Safety
issues
MONITORING &
CONTROL
SYSTEM
MATLAB EXPO 2016 ZODIAC AEROTECHNICS
Page 8 – June 21st 2016 – Paris Proprietary document. All rights reserved.
Challenges
No real certification
but the future needs to be
prepared
R&T Project
ComplexSoftware
Safetyissues
MATLAB EXPO 2016 ZODIAC AEROTECHNICS
Page 9 – June 21st 2016 – Paris Proprietary document. All rights reserved.
Industrial standards for certification (1/2)
ARP4754A Process
AIRCRAFT
REQUIREMENTS
IDENTIFICATION
SYSTEM
REQUIREMENTS
IDENTIFICATION
ITEM
REQUIREMENTS
IDENTIFICATION
ITEM
DESIGN
ITEM
VERIFICATION
SYSTEM
VERIFICATION
AIRCRAFT
VERIFICATION
Aircraft Verification
System Verification
Item Verification
Validation
of requirements
Validation
of requirements
Validation
of requirements
SOFTWARE
DESIGN
HARDWARE
DESIGN
DO178C
DO254
X
MATLAB EXPO 2016 ZODIAC AEROTECHNICS
Page 10 – June 21st 2016 – Paris Proprietary document. All rights reserved.
Industrial standards for certification (2/2)
Requirements
Design Model
Source Code
Object Code
To System Verification
From System Design
HLR
LLR
Detailed design
Code generation
Code compilation
Code ValidationEOC Verification (PIL)
EOC Verification (PIL)
Formal proof…
Source Code
Verification
Design Model
Verification (Tests)Model Validation
X
XX
MATLAB EXPO 2016 ZODIAC AEROTECHNICS
Page 11 – June 21st 2016 – Paris Proprietary document. All rights reserved.
Proposed approach
Model Based Design & Code generation
TRL6
High complexity
Small team & short delays
Use of Mathworks tools for V&V activities
Traceabilityneeds
Preparingthe future
Safetyissues
MATLAB EXPO 2016 ZODIAC AEROTECHNICS
Page 12 – June 21st 2016 – Paris Proprietary document. All rights reserved.
Model Based Design
Needs analysis
Functional requirements
Functional architecture
Preliminary design
Detailed design
Elementary / Integration / Functional tests
State of the art, static, high
level model
Functional static models
Architecture dynamic model
Dynamic model for control Detailed models
Complete model with control & safety algorithms
Refine, understand
Optimize function
exchanges
Choose technical
solutions
Design control laws
Size components
Prepare verification
tests
MATLAB EXPO 2016 ZODIAC AEROTECHNICS
Page 13 – June 21st 2016 – Paris Proprietary document. All rights reserved.
System ModelSystem Control Model
Modular development approach (2/2)
H2
MANAGEMENT
SYSTEM
HMS
CONTROL
MODEL
AIR
MANAGEMENT
SYSTEM
AMS
CONTROL
MODEL
ELECTRICAL
POWER
MANAGEMENT
SYSTEM
EPMS
CONTROL
MODEL
Commands
Measurements
Commands
Measurements
Commands
Measurements
Use of model references
Unique parameters
initialization structure to
handle modeling
iterations through design
MATLAB EXPO 2016 ZODIAC AEROTECHNICS
Page 14 – June 21st 2016 – Paris Proprietary document. All rights reserved.
V&V Activities
Requirements
Design Model
Source Code
From System Design
HLR
LLR
Simulink - Stateflow
Embedded Coder
Code compilation
Simulink Code Inspector
Simulink Design Verifier
Simulink Validation VerificationModel Coverage
Simulink Code Inspector
Simulink Verification and ValidationRequirements Management Interface
MATLAB EXPO 2016 ZODIAC AEROTECHNICS
Page 15 – June 21st 2016 – Paris Proprietary document. All rights reserved.
V&V Activities
Step 1: Modeling Standard
Design Model
LLR
Modeling
standard
Verification of modeling rules
Customized version of Model Advisor
Reports generated
automatically
MATLAB EXPO 2016 ZODIAC AEROTECHNICS
Page 16 – June 21st 2016 – Paris Proprietary document. All rights reserved.
V&V Activities
Step 2: Project Blockset
Build limited blockset for the project, with
controlled options, to facilitate generated
code inspection and validate compliance
with standard
MATLAB EXPO 2016 ZODIAC AEROTECHNICS
Page 17 – June 21st 2016 – Paris Proprietary document. All rights reserved.
V&V Activities
Step 3: Design Model Validation
Requirements
Design Model
LLR
Detailed design
Requirements Management Interface
Reports generated automatically
HLRSimulink Verification and ValidationRequirements Management Interface
MATLAB EXPO 2016 ZODIAC AEROTECHNICS
Page 18 – June 21st 2016 – Paris Proprietary document. All rights reserved.
V&V Activities
Step 4: Design Model Verification
Requirements
Design Model
HLR
Identify Design ErrorsSimulink Design Verifier
LLR
Dead logic, Division by zero, Integer
overflow
Model Coverage Measurement
Verification of requirements
Reports generated automatically
Detailed designSimulink - Stateflow
Measure Model CoverageSimulink V&VModel coverage
MATLAB EXPO 2016 ZODIAC AEROTECHNICS
Page 19 – June 21st 2016 – Paris Proprietary document. All rights reserved.
V&V Activities
Step 5: Source Code Validation
Design Model
Source Code
LLRCode generation
Code Validation
Simulink Code Inspector
Structural equivalence between source
code and Design Model
Traceability between source code and
Design Model
Reports generated automatically
MATLAB EXPO 2016 ZODIAC AEROTECHNICS
Page 20 – June 21st 2016 – Paris Proprietary document. All rights reserved.
V&V Activities
Step 6: Source Code Verification
Design Model
Source Code
LLRCode generation
Source Code Verification (SIL)
Tests
Verification of High Level Requirements at
Source Code level
Reports generated automatically
Requirements
HLRDetailed design
MATLAB EXPO 2016 ZODIAC AEROTECHNICS
Page 21 – June 21st 2016 – Paris Proprietary document. All rights reserved.
V&V Activities
Synthesis
MBD: « understandable » HLR
System model to support Design Model
conception
V&V: Traceability between LLR and HLR is granted
Traceability between Source Code and LLR is
granted
No design errors in Design Model
Equivalence between Source Code and Design
model is proven
Design model & Source Code verified against HLR
Automation of the whole process
MATLAB EXPO 2016 ZODIAC AEROTECHNICS
Page 22 – June 21st 2016 – Paris Proprietary document. All rights reserved.
Successful handling of the whole process up to source code
verification and validation
Conclusion
MATLAB EXPO 2016 ZODIAC AEROTECHNICS
Page 23 – June 21st 2016 – Paris Proprietary document. All rights reserved.
Next Steps
Requirements
Design Model
Source Code
Object Code
To System Verification
From System Design
HLR
LLR
Detailed design
Code generation
Code compilation
Code Verification
Design Model Validation
EOC Verification (PIL)
Formal proof…
Direct use of
system modeling
activities
EOC and
System
Verification
MATLAB EXPO 2016 ZODIAC AEROTECHNICS
Page 24 – June 21st 2016 – Paris Proprietary document. All rights reserved.
Contact:
Loïc BOUILLO
61, rue Pierre Curie
78343 PLAISIR Cedex, FRANCE
Tel. +33 1 61 34 18 75
http://www.zodiacaerospace.com
Thank you for your attention