Oct.10 Am - Bernard Dion - A Model-Based Approach For The Design of Avionics Systems and Embedded Software

A Model-Based Approach for the Design of Avionics Systems and Embedded Software
Bernard Dion CTO, Esterel Technologies SafeMOVE 2013 Beijing

1 2013 ANSYS, Inc. October 2, 2013 Esterel Technologies - An ISO 9001:2008 Certified Company - Confidential & Proprietary
Agenda
Challenges in Aerospace Simulation-Driven Product Development (SDPD) System Functional, Architecture, and Data Modeling Embedded Software Modeling, Implementation, and Certification (DO-178C) Physical Modeling and Co-simulation with the Embedded Software
Deployment of the Applications (IMA, ARINC 661, TTEthernet, etc.)

System Certification (ARP 4754A, ARP 4761, DO-297) Conclusions
Challenges in Aerospace
2013 ANSYS, Inc.
October 2, 2013
Esterel Technologies - An ISO 9001:2008 Certified Company - Confidential & Proprietary
Systems and Embedded Software Challenges in Aerospace

Embedded code and system simulation challenges:
Companies are faced with the need to develop software solutions with increasing functionalities and requirements, including Interactive Cockpit Displays and IMA compliant Controls applications Interdependency among subsystems and complexity drives the need for modelbased systems engineering solutions Need to incorporate hardware behavior (plant model) during software simulation, driving the need for integrated multi-physics and software simulation
Embedded code production/generation challenges:

High cost of manually producing millions of lines of embedded C code
High cost of testing and verifying manually generated code

High cost for obtaining DO-178B/C certification for mission-critical applications
October 2, 2013 Esterel Technologies - An ISO 9001:2008 Certified Company - Confidential & Proprietary
2013 ANSYS, Inc.
Software and Electronics Predominant in Product Architecture

Manage Complexity to design innovative, market leading products
Mechanical/Fluid Mechanical/Fluid Software
Coordinate Interdisciplinary Engineering to reduce design changes and development costs
Mechatronics
Electrical & Electronics Software Electrical & Electronics
Perform Early and Reliable verification to deliver high quality, safe, and reliable products to the market faster
2013 ANSYS, Inc.
October 2, 2013
Systems Engineering Practices

Systems Architects
Requirements and Functional Design Best Practices
Requirements analysis Requirements traceability Variant management Operational and usage analysis Functional decomposition Functional simulation Architectural design & selection Rapid prototyping Integration and Validation Best Practices Virtual: Virtual system integration & simulation 0D 3D co-simulation Reduced order modeling Physical: Component Hardware testing Calibration Mixed: SiL, HiL
Validation Groups Engineering Groups

Hardware Design CAD Single physics Multi-physics Optimization
6 2013 ANSYS, Inc. October 2, 2013
Detailed Design and Optimization Best Practices Software Design Electronics Design Model-based controls design ECAD Model-based display design EDA Automatic code generation and Circuit analysis certification 3D physics Software configuration Multi-physics Esterel Technologies An ISO 9001:2008 Certified Company - Confidential & Proprietary management Optimization
Simulation-Driven Product Development (SDPD)
2013 ANSYS, Inc.
October 2, 2013
Simulation-Driven Product Development

Systems Functional Engineering
Requirements and Specifications System Validation
Functional
Allocations
System Functional & Architectural Design
Sub-System Integ. & Verification
Sub-System Design MechanicalElectricalSoftware
Component Integration & Verification
Detailed Architecture Architecture

Detailed Design & Optimization
Software Engineering
Detailed 3D Multiphysics
Fluent
Simplorer
Maxwell
Mechanical
System Functional, Architecture, and Data Modeling
2013 ANSYS, Inc.
October 2, 2013
Typical Systems Engineering Documents

Requirements Functional Design Architectural Design
Functions & Interfaces Allocation

Physical interfaces
Function Float_CP EMERGENCY_ FLOATATION_ UNIT AMC2 Rh_ASU LL_AU WIS1
Functional interfaces Water_Immersion; Immersion_status Water_Immersion; Immersion_status; Height above water; ON_GND_Detection; Airspeed
DI_IPB_WATER_DETECTED RT_WIS1_SENSOR
To acquire inflation command To detect helicopter immersion To acquire the information to authorize or not the inflation To compute conditions to enable/disable inflation To inflate the floats
Data
LH Jettison
N/A N/A Trigger_Bottle Trigger_Bottle
RH Jettison PW_FRONT_LH_CARTRIDGE1
PW_FRONT_LH_CARTRIDGE2
10
2013 ANSYS, Inc.
October 2, 2013
System Functional and Architectural Modeling

SCADE System tool created in close collaboration with early adopters SysML subset selected Eclipse/Papyrus basis in Listerel laboratory UML complexity hidden from System Engineers Model API in Tcl, Java and OCL User interaction in AGeSys project System modeling aspects Functional modeling Architectural modeling Allocation of functions onto architecture components Data modeling Traceability to higher-level requirements 2013 ANSYS, Inc. October 2, 2013
11
Start from System Requirements

Requirements and Specifications
System Functional & Architectural Design
Typically stored in Word, DOORS, Excel, etc.
12
2013 ANSYS, Inc.
October 2, 2013
System Functional Modeling
13
2013 ANSYS, Inc.
October 2, 2013
System Architectural Modeling
Architectural decomposition Contains both physical and software blocks May have several levels Abstract Deployed on a particular architecture (e.g. IMA) Needs data modeling (see next slides)
14
2013 ANSYS, Inc.
October 2, 2013
Allocating Functions to Architecture Components

Allocations table have been implemented in SysML
15
2013 ANSYS, Inc.
October 2, 2013
SCADE System Allocations
16
2013 ANSYS, Inc.
October 2, 2013
Modeling System Data
Need for a Data-Based Representation Better independence between the architecture and the information managed by the system
The data may exist prior to the architecture design Industrial practice: ICD
(Interface Control Document)
Detailed Specification of the interfaces at all levels ICDs from previous projects reused to initialize new ones
Import/export of data between existing data bases and SCADE System is needed
17
2013 ANSYS, Inc.
October 2, 2013
Importing/Exporting Data Dictionaries

Interface to existing data bases through .csv format
- Creates data, - Binds names to existing information e.g. datatype
<Ctrl> c <Ctrl> v
18
2013 ANSYS, Inc.
October 2, 2013
Modeling System Data

Exchange of information between functions or architecture items
19
2013 ANSYS, Inc.
October 2, 2013
Traceability to Higher-Level Requirements

Link to Requirements Management (RM) tools and more generally to PLM/ALM tools
20
2013 ANSYS, Inc.
October 2, 2013
Embedded Software Modeling, Code Generation, and DO-178C Certification
21
2013 ANSYS, Inc.
October 2, 2013
Certified Embedded Software Implementation

SCADE for software modeling
Formally defined and fully deterministic notation Nested state machines and block diagrams Hierarchy and parallelism
Complete qualified toolchain for software implementation

Automatic source code generation from software model Model simulation Model coverage analysis Host and target testing
22
2013 ANSYS, Inc.
October 2, 2013
Code Generation with SCADE Suite KCG

<SM1> Lock Unselected WaitUnlock
[] void Button_ABC_N(inC_Button_ABC_N *inC, outC_Button_ABC_N *outC) {
/* ABC_N::Button::SM1::SSM_SM1_dispatch_sel */
SSM_Button_SM1_ST SSM_SM1_dispatch_sel;
b_none
bk_color
background
grey
bk_color
background
f _none
f r_color
f oreground
black
f r_color
f oreground
Unlock
2
Button
Any
Unlock
Preselected
Locked
y ellow
bk_color
background
green
bk_color
background
white
f r_color
f oreground
1
white
f r_color
f oreground
Lock
if (outC->init) { outC->init = kcg_false; SSM_SM1_dispatch_sel = SSM_SM1_Unselected__ABC_N; } else { SSM_SM1_dispatch_sel = outC->M_pre_; } switch (SSM_SM1_dispatch_sel) { case SSM_SM1_Locked__ABC_N : outC->foreground = white_ABC_N; outC->background = green_ABC_N; if (inC->Unlock) { outC->M_pre_ = SSM_SM1_Preselected__ABC_N; } else { outC->M_pre_ = SSM_SM1_Locked__ABC_N; } break; case SSM_SM1_WaitUnlock__ABC_N : outC->foreground = black_ABC_N; outC->background = grey_ABC_N; if (inC->Unlock) { outC->M_pre_ = SSM_SM1_Unselected__ABC_N; } else { outC->M_pre_ = SSM_SM1_WaitUnlock__ABC_N; } break; []
23
2013 ANSYS, Inc.
October 2, 2013
The New DO-178C Documents

OOT/RT (DO-332) TOOLS (DO-330)
Airborne (DO-178C)
Ground (DO-278A) FM
FAQ, DP MBDV (DO-248C)
(DO-333)
(DO-331)
24
2013 ANSYS, Inc.
October 2, 2013
SCADE Suite KCG DO-178C Certification Kit

The SCADE Suite KCG certification kit provides all the artifacts produced by Esterel Technologies during the development of the tool, and required by certification authorities in DO-178C for a software tool qualified at TQL-1 for DO-330:
o
o
o o o
o
o
Tool Qualification Plan (TQP) Tool Operational Requirements (LRM and KCG TOR) Tool Requirements (TR) Tool Installation Procedure (TIP) Version Content (VC) Tool Configuration Index (TCI) Tool Accomplishment Summary (TAS)
25
2013 ANSYS, Inc.
October 2, 2013
Physical Modeling and Cosimulation with the Embedded Software
26
2013 ANSYS, Inc.
October 2, 2013
Physical Systems Simulation

Need natural and flexible modeling Through acausal modeling based on conservative laws of physics Modeling can be achieved by connecting physical components Need to co-simulation physical and software models FMI provides efficient and standards co-simulation Need multi-disciplinary modeling
VHDL/AMS for the more electical/electronics components Modelica for the more mechanical components
Need multi-scale modeling Direct link to 3D simulation And Reduced Order Models (ROM) allow efficient multi-scale simulation
27
2013 ANSYS, Inc.
October 2, 2013
System Simulation with Simplorer

Co-Simulation C/C++ User Defined Model Matlab Matlab Simulink RBD Maxwell CFD
Simulation Data Bus/Simulator Coupling Technology

States:
Blocks:
Circuits:
Model Extraction: Equivalent Circuit, Impulse Response Extracted LTI, Stiffness Matrix Electromagnetic (FEA)
28 2013 ANSYS, Inc.
VHDL-AMS
IF (domain = quiescent_domain)
Mechanical (FEA)
October 2, 2013
Thermal (FEA/CFD)
Fluidic (CFD)
V0 == init_v;
ELSE
Current == cap*voltage'dot;
END USE;
Build the System Model
29
2013 ANSYS, Inc.
October 2, 2013
Couple 0D and 3D Accurate Simulation

Induction Electric Motor FEA (3D) coupled with Simplorer (0D)
G_R1 := SA.VAL G_S1 := SB.VAL G_S2 := -SB.VAL G_T1 := SC.VAL G_T2 := -SC.VAL 1400 rpm
Frequency controlled speed

3PHAS
A * sin (2 * pi * f * t + PHI + phi_u)
G_R2 := -SA.VAL
2L3_GTOS
PhaseA1 Rotor1
+ w
B6U +
D1 D3 D5
g_r1
g_s1
g_t1
PhaseA2
Rotor2
~ ~ ~
PHI = 0
PhaseB1
PHI = -120
PhaseB2 PHI = -240 D2 D4 D6 PhaseC1 g_r2 g_s2 g_t2
AMPLITUDE := 800 V FREQUENCY := 60 Hz
FREQ := 800 Hz AMPL := 800 PHASE := 0 deg FREQ := 50 Hz AMPL := 500 PHASE := -315 deg PHASE := -75 deg
ICA:
Fed by ac-dc-ac inverter
SA
SB
LL:=237.56u RA:=696.076m LDUM:=100m CDC:=10m LDC:=10m RDC:=10 VZENER:=650
PhaseC2 FEA
Name SIMPARAM1.RunTime [s] SIMPARAM1.TotalIterations
Value 111.29k 40.51k 10.00k
PHASE := -195 deg
SC
SIMPARAM1.TotalSteps FEA1.FEA_STEPS
300.00 200.00
Current
LA.I [A] LB.I [A] LC.I [A] 425.00
Torque
0
1.50k
1.00k
100.00 * LD.I [A] VDC.V [V]
Speed
0
-500.00 -200.00 -715.00 -297.50 0 50.00m 100.00m 0 50.00m 100.00m -500.00 0 50.00m 100.00m
30
2013 ANSYS, Inc.
October 2, 2013
Perform More Efficient Simulation with Reduced Order Models (ROM)

ROMs can be automatically generated for Mechanical, Fluids, Electromagnetism
31
2013 ANSYS, Inc.
October 2, 2013
Co-simulation between 0D Model and Embedded Software

Physics Models in Simplorer (VHDL/AMS), Software Models in SCADE, coupled through FMI
32
2013 ANSYS, Inc.
October 2, 2013
Simulation Driven Product-Development (SDPD)
33
2013 ANSYS, Inc.
October 2, 2013
Deploying the Applications

ARINC 653 (IMA) ARINC 661 TTEthernet etc.
34
2013 ANSYS, Inc.
October 2, 2013
SCADE Solutions for IMA
35
2013 ANSYS, Inc.
October 2, 2013
IMA Challenges
Manage complexity of system Integration Ensure determinism of the system behavior Manage System / Software communication and synchronization Capability to perform testing early in the process Automate IMA configuration tables generation
Certification according to DO-178B/C and DO-297 (IMA)
36
2013 ANSYS, Inc.
October 2, 2013
The Stakeholders in an IMA Program

System Architect Designer and Integrators
Architecture, Integration, Platform Acceptance, System Acceptance Application, Application Acceptance
Application Suppliers
IMA Platform Suppliers
Hardware resources and Software drivers

Ensure Time and space partitioning Access to hardware resources in an abstracted manner (APEX interfaces standard) Certification of Modules, Platform, Apps, System
ARINC 653 OS Suppliers

Certification Authorities
37
2013 ANSYS, Inc.
October 2, 2013
IMA Workflow
Manual or legacy Code
Application1
(e.g. FMS)
Application2
(e.g. FCS)
Application3
(e.g. TCAS)
Partitions
Partitions
Partitions
IMA Configuration Table

IMA Usage Domain (Plaform Constraints) IMA Platform provider
A653 API
IMA Operating System
IMA HW Platform (CPU, I/O, Networks: AFDX, ARINC 429)

SCADE Solutions for ARINC 661
39
2013 ANSYS, Inc.
October 2, 2013
The ARINC 661 Use Model
Binary Definition Files CDS SUPPLIER

0110101 0100011 1001010 1000101 0111101
UA1
(e.g. FMS)
UA2
(e.g. ATC)
UA3
(e.g. TCAS)
A R I N C
Set Parameter
A661 RunTime Server

Embedded Cockpit Display System (Graphics)
Notify
Embedded IMA System (Logics)
6 6 1
UA SUPPLIER
Pilot inputs
SCADE Solutions for ARINC 661

UA Logic (SCADE Suite)
Logic / Graphics Coupling
Cockpit Display System: Configurable ARINC 661 Server Generation

UA Page Creator
Custom A661 Widget Library
Widget Creator
+ Widget Library
SCADE Suite KCG

C
UA Adaptor
UA DF Generator
XML BIN
A661 Conf
Server Creator
(feat. SCADE Suite & Display KCG)
C
Code
DF
Custom A661 Widget Library
SCADE UA1
(e.g. FMS)
SCADE UA2
(e.g. TCAS)
Other UA3
(e.g. ATC)
Request /Notify
A R I N C 6 6 1
Configurable Embedded A661Server A661 Server
Custom A661 A661 Widget Widget Library Library
Embedded IMA System (Logics)
Embedded Cockpit Display System (Graphics)
UA SUPPLIER(s) / AIRFRAMER
CDS SUPPLIER / AIRFRAMER

SCADE Integration with TTEthernet
42
2013 ANSYS, Inc.
October 2, 2013
SCADE TTEthernet Implementation End System

SCADE System
Network Definition XML
TTE Plan
Software
SCADE Suite
TTE Build NC
TTE Build DC
P1 P2 P3 P4 P5 Px
VxWorks 653 Single Board Computer
Hardware
PMC card Binary
by TTTech
Achieving ARP 4754A System Objectives with SDPD
44
2013 ANSYS, Inc.
October 2, 2013
What is Systems Engineering?

Systems engineering is an interdisciplinary approach and means to enable the realization of successful systems. It focuses on defining customer needs and required functionality early in the development cycle, documenting requirements, and then proceeding with design synthesis and system validation while considering the complete problem: operations, cost and schedule, performance, training and support, test, manufacturing, and disposal. Systems engineering considers both the business and the technical needs of all customers with the goal of providing a quality product that meets the user needs. INCOSE (International Council on Systems Engineering)
ARP4754 Guidelines and the other Aeronautics Safety Standards

The global picture
46
2013 ANSYS, Inc.
October 2, 2013
ARP-4754A Integral Processes

Development Assurance Level Assignment Aircraft Function Development Certification Coordination
Safety Assessment
System Development
Requirements Capture
Requirements Validation
Item Development
Implementation Verification Configuration Management
Process Assurance
47
2013 ANSYS, Inc.
October 2, 2013
ARP-4754A: Development AND Safety

Safety Assessment Process
Aircraft Functions Safety Requirements
System Development Process

Aircraft Function Development
FHA
Functional Hazard Analysis
System Functions
Allocation of Aircraft Functions to Systems
Development of the System Architecture
PSSA Preliminary System Safety Assessment

SSA System Safety Assessment
Item Requirements
Allocation of System Requirements to Items
Implementation
System Implementation
Certification
48
2013 ANSYS, Inc.
October 2, 2013
ARP 4754: SCADE MBSE V-Cycle: Focus on Simulation Driven Product Development (SDPD)
Requirements Validation
Functional Decomposition
Architecture Validation
System Verification
Virtual
Architecture Definition
Allocation of Functions to Items Allocation of Requirements to Items Virtual
Integration
Simplorer
Simplorer
Modeling and Simulation of Items
Simulation Driven Product Development
49
2013 ANSYS, Inc.
October 2, 2013
Virtual Integration: Simplorer / SCADE

Simplorer
Co-Simulation
0 1
FBY
1
PWM1 PWM2
mod_counter
HallA
HallB
MOD_CNT_RIPPLE
6 0
new_pwm_cycle
PWM3 PWM4 drv ::BLDC_PWM PWM5 PWM6

1000
drv ::HALL
HallC
duty
HallA
1
read_ishunt
HallB HallC
drv ::SpeedCalc
speed
1
last 'duty_pid Init

1000
MEM Write
duty
new_pwm_cycle
read_ish unt
3
<ElectricTorqueRegul>
CurrentSet
PID
duty_pid
1 1000 1
Ishunt
3
Abs
BLDC Motor Controller In SCADE Suite

New System Engineering Handbook
51
2013 ANSYS, Inc.
October 2, 2013
Conclusions
52
2013 ANSYS, Inc.
October 2, 2013
Benefits of the proposed Model-Based System and Software Engineering Approach

Model-Based Systems Engineering Model-Based Embedded Controls development Integrated Multi-physics and Software simulation (SDPD) Automated Deployment of Applications Development Costs Reduction targeted
Product Development Process Improvements
50%
2X
Time-to-Certification Speed up targeted

54
2013 ANSYS, Inc.
October 2, 2013
Thank you!
55
2013 ANSYS, Inc.
October 2, 2013

Oct.10 Am - Bernard Dion - A Model-Based Approach For The Design of Avionics Systems and Embedded Software

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Oct.10 Am - Bernard Dion - A Model-Based Approach For The Design of Avionics Systems and Embedded Software

Uploaded by

Copyright:

Available Formats

A Model-Based Approach for the Design of Avionics Systems and Embedded Software

Bernard Dion CTO, Esterel Technologies SafeMOVE 2013 Beijing

Deployment of the Applications (IMA, ARINC 661, TTEthernet, etc.)

2013 ANSYS, Inc.

Esterel Technologies - An ISO 9001:2008 Certified Company - Confidential & Proprietary

Systems and Embedded Software Challenges in Aerospace

Embedded code production/generation challenges:

High cost of testing and verifying manually generated code

2013 ANSYS, Inc.

Software and Electronics Predominant in Product Architecture

Mechanical/Fluid Mechanical/Fluid Software

Coordinate Interdisciplinary Engineering to reduce design changes and development costs

2013 ANSYS, Inc.

Esterel Technologies - An ISO 9001:2008 Certified Company - Confidential & Proprietary

Systems Engineering Practices

Validation Groups Engineering Groups

Simulation-Driven Product Development (SDPD)

2013 ANSYS, Inc.

Esterel Technologies - An ISO 9001:2008 Certified Company - Confidential & Proprietary

Simulation-Driven Product Development

System Functional & Architectural Design

Sub-System Integ. & Verification

Sub-System Design MechanicalElectricalSoftware

Component Integration & Verification

Detailed Architecture Architecture

System Functional, Architecture, and Data Modeling

2013 ANSYS, Inc.

Esterel Technologies - An ISO 9001:2008 Certified Company - Confidential & Proprietary

Typical Systems Engineering Documents

Functions & Interfaces Allocation

N/A N/A Trigger_Bottle Trigger_Bottle

2013 ANSYS, Inc.

Esterel Technologies - An ISO 9001:2008 Certified Company - Confidential & Proprietary

System Functional and Architectural Modeling

Esterel Technologies - An ISO 9001:2008 Certified Company - Confidential & Proprietary

Start from System Requirements

System Functional & Architectural Design

Typically stored in Word, DOORS, Excel, etc.

2013 ANSYS, Inc.

Esterel Technologies - An ISO 9001:2008 Certified Company - Confidential & Proprietary

System Functional Modeling

2013 ANSYS, Inc.

Esterel Technologies - An ISO 9001:2008 Certified Company - Confidential & Proprietary

System Architectural Modeling

2013 ANSYS, Inc.

Esterel Technologies - An ISO 9001:2008 Certified Company - Confidential & Proprietary

Allocating Functions to Architecture Components

2013 ANSYS, Inc.

Esterel Technologies - An ISO 9001:2008 Certified Company - Confidential & Proprietary

SCADE System Allocations

2013 ANSYS, Inc.

Esterel Technologies - An ISO 9001:2008 Certified Company - Confidential & Proprietary

Modeling System Data

(Interface Control Document)

2013 ANSYS, Inc.

Esterel Technologies - An ISO 9001:2008 Certified Company - Confidential & Proprietary

Importing/Exporting Data Dictionaries

- Creates data, - Binds names to existing information e.g. datatype

2013 ANSYS, Inc.

Esterel Technologies - An ISO 9001:2008 Certified Company - Confidential & Proprietary

Modeling System Data

2013 ANSYS, Inc.

Esterel Technologies - An ISO 9001:2008 Certified Company - Confidential & Proprietary

[] void Button_ABC_N(inC_Button_ABC_N inC, outC_Button_ABC_N outC) {