Oct.10 Am - Bernard Dion - A Model-Based Approach for the Design of Avionics Systems and Embedded Software

A Model-Based Approach for the Design of Avionics Systems and Embedded SoftwareBernard Dion CTO, Esterel Technologies SafeMOVE 2013 Beijing 1 © 2013 ANSYS, Inc. October 2, 2013 © Esterel Technologies - An ISO 9001:2008 Certified Company - Confidential & Proprietary Agenda • Challenges in Aerospace • Simulation-Driven Product Development (SDPD) • System Functional, Architecture, and Data Modeling • Embedded Software Modeling, Implementation, and Certification (DO-178C) • Physical Modeling and Co-simulation with the Embedded Software • Deployment of the Applications (IMA, ARINC 661, TTEthernet, etc.) • System Certification (ARP 4754A, ARP 4761, DO-297) • Conclusions 2 © 2013 ANSYS, Inc. October 2, 2013 © Esterel Technologies - An ISO 9001:2008 Certified Company - Confidential & Proprietary Challenges in Aerospace 3 © 2013 ANSYS, Inc. October 2, 2013 © Esterel Technologies - An ISO 9001:2008 Certified Company - Confidential & Proprietary Systems and Embedded Software Challenges in Aerospace Embedded code and system simulation challenges: • Companies are faced with the need to develop software solutions with increasing functionalities and requirements, including Interactive Cockpit Displays and IMA compliant Controls applications Interdependency among subsystems and complexity drives the need for modelbased systems engineering solutions Need to incorporate hardware behavior (plant model) during software simulation, driving the need for integrated multi-physics and software simulation • • Embedded code production/generation challenges: • High cost of manually producing millions of lines of embedded C code • • 4 High cost of testing and verifying manually generated code High cost for obtaining DO-178B/C certification for mission-critical applications October 2, 2013 © Esterel Technologies - An ISO 9001:2008 Certified Company - Confidential & Proprietary © 2013 ANSYS, Inc. Software and Electronics Predominant in Product Architecture Manage Complexity • to design innovative, market leading products Mechanical/Fluid Mechanical/Fluid Software Coordinate Interdisciplinary Engineering • to reduce design changes and development costs Mechatronics Electrical & Electronics Software Electrical & Electronics Perform Early and Reliable verification • to deliver high quality, safe, and reliable products to the market faster 5 © 2013 ANSYS, Inc. October 2, 2013 © Esterel Technologies - An ISO 9001:2008 Certified Company - Confidential & Proprietary 2013 Detailed Design and Optimization Best Practices Software Design Electronics Design • Model-based controls design • ECAD • Model-based display design • EDA • Automatic code generation and • Circuit analysis certification • 3D physics • Software configuration • Multi-physics © Esterel Technologies An ISO 9001:2008 Certified Company .Systems Engineering Practices Systems Architects Requirements and Functional Design Best Practices • • • • • • • • Requirements analysis Requirements traceability Variant management Operational and usage analysis Functional decomposition Functional simulation Architectural design & selection Rapid prototyping Integration and Validation Best Practices Virtual: • Virtual system integration & simulation • 0D – 3D co-simulation • Reduced order modeling Physical: • Component Hardware testing • Calibration Mixed: SiL. HiL Validation Groups Engineering Groups Hardware Design • CAD • Single physics • Multi-physics • Optimization 6 © 2013 ANSYS.Confidential & Proprietary management • Optimization . October 2. Inc. Confidential & Proprietary . Inc.An ISO 9001:2008 Certified Company .Simulation-Driven Product Development (SDPD) 7 © 2013 ANSYS. October 2. 2013 © Esterel Technologies . Inc. 2013 © Esterel Technologies .Simulation-Driven Product Development Systems Functional Engineering Requirements and Specifications System Validation Functional Allocations System Functional & Architectural Design Sub-System Integ. & Verification Sub-System Design MechanicalElectricalSoftware Component Integration & Verification Detailed Architecture Architecture Detailed Design & Optimization Software Engineering Detailed 3D Multiphysics Fluent Simplorer Maxwell Mechanical 8 © 2013 ANSYS.An ISO 9001:2008 Certified Company .Confidential & Proprietary . October 2. 2013 © Esterel Technologies . Inc. Architecture. October 2.Confidential & Proprietary .System Functional. and Data Modeling 9 © 2013 ANSYS.An ISO 9001:2008 Certified Company . Immersion_status Water_Immersion.Confidential & Proprietary .An ISO 9001:2008 Certified Company .Typical Systems Engineering Documents Requirements Functional Design Architectural Design Functions & Interfaces Allocation Physical interfaces Function Float_CP EMERGENCY_ FLOATATION_ UNIT AMC2 Rh_ASU LL_AU WIS1 Functional interfaces Water_Immersion. Immersion_status. ON_GND_Detection. Airspeed DI_IPB_WATER_DETECTED RT_WIS1_SENSOR  To acquire inflation command To detect helicopter immersion To acquire the information to authorize or not the inflation To compute conditions to enable/disable inflation To inflate the floats    Data LH Jettison  N/A N/A Trigger_Bottle Trigger_Bottle RH Jettison PW_FRONT_LH_CARTRIDGE1  PW_FRONT_LH_CARTRIDGE2 10 © 2013 ANSYS. Height above water. 2013 © Esterel Technologies . October 2. Inc. 2013 11 © Esterel Technologies . Java and OCL • User interaction in AGeSys project System modeling aspects • Functional modeling • Architectural modeling • Allocation of functions onto architecture components • Data modeling • Traceability to higher-level requirements © 2013 ANSYS. October 2.Confidential & Proprietary .An ISO 9001:2008 Certified Company .System Functional and Architectural Modeling SCADE System tool created in close collaboration with early adopters • SysML subset selected • Eclipse/Papyrus basis in Listerel laboratory • UML complexity hidden from System Engineers • Model API in Tcl. Inc. Excel®. 2013 © Esterel Technologies .An ISO 9001:2008 Certified Company .Confidential & Proprietary .Start from System Requirements Requirements and Specifications System Functional & Architectural Design Typically stored in Word®. Inc. DOORS®. 12 © 2013 ANSYS. etc. October 2. October 2.Confidential & Proprietary .An ISO 9001:2008 Certified Company . 2013 © Esterel Technologies . Inc.System Functional Modeling 13 © 2013 ANSYS. IMA) • Needs data modeling (see next slides) 14 © 2013 ANSYS. 2013 © Esterel Technologies .g.An ISO 9001:2008 Certified Company .Confidential & Proprietary . Inc.System Architectural Modeling Architectural decomposition • Contains both physical and software blocks • May have several levels – Abstract – Deployed on a particular architecture (e. October 2. Inc.Allocating Functions to Architecture Components Allocations table have been implemented in SysML 15 © 2013 ANSYS. October 2.Confidential & Proprietary . 2013 © Esterel Technologies .An ISO 9001:2008 Certified Company . SCADE System Allocations 16 © 2013 ANSYS.An ISO 9001:2008 Certified Company . Inc. October 2. 2013 © Esterel Technologies .Confidential & Proprietary . 2013 © Esterel Technologies .An ISO 9001:2008 Certified Company .Confidential & Proprietary .Modeling System Data Need for a “Data-Based” Representation • Better independence between the architecture and the information managed by the system • The data may exist prior to the architecture design • Industrial practice: ICD (Interface Control Document) –Detailed Specification of the interfaces at all levels –ICDs from previous projects reused to initialize new ones Import/export of data between existing data bases and SCADE System is needed 17 © 2013 ANSYS. October 2. Inc. Binds names to existing information e.Confidential & Proprietary . . 2013 © Esterel Technologies . Inc.g.Importing/Exporting Data Dictionaries Interface to existing data bases through . October 2.An ISO 9001:2008 Certified Company .Creates data.csv format . datatype <Ctrl> c <Ctrl> v 18 © 2013 ANSYS. An ISO 9001:2008 Certified Company . October 2. 2013 © Esterel Technologies . Inc.Modeling System Data Exchange of information between functions or architecture items 19 © 2013 ANSYS.Confidential & Proprietary . An ISO 9001:2008 Certified Company .Traceability to Higher-Level Requirements Link to Requirements Management (RM) tools and more generally to PLM/ALM tools 20 © 2013 ANSYS.Confidential & Proprietary . October 2. 2013 © Esterel Technologies . Inc. Code Generation. Inc. 2013 © Esterel Technologies .Embedded Software Modeling. October 2.An ISO 9001:2008 Certified Company . and DO-178C Certification 21 © 2013 ANSYS.Confidential & Proprietary . An ISO 9001:2008 Certified Company . October 2. 2013 © Esterel Technologies .Certified Embedded Software Implementation SCADE for software modeling • Formally defined and fully deterministic notation • Nested state machines and block diagrams • Hierarchy and parallelism Complete qualified toolchain for software implementation • Automatic source code generation from software model • Model simulation • Model coverage analysis • Host and target testing 22 © 2013 ANSYS. Inc.Confidential & Proprietary . October 2. b_none bk_color background 1 grey bk_color background f _none f r_color f oreground 1 black f r_color f oreground Unlock 2 Button Any 2 Unlock Preselected 1 Locked y ellow bk_color background green bk_color background white f r_color f oreground 1 white f r_color f oreground Lock if (outC->init) { outC->init = kcg_false.Code Generation with SCADE Suite KCG <SM1> Lock Unselected WaitUnlock […] void Button_ABC_N(inC_Button_ABC_N *inC. Inc. outC->background = green_ABC_N. outC_Button_ABC_N *outC) { /* ABC_N::Button::SM1::SSM_SM1_dispatch_sel */ SSM_Button_SM1_ST SSM_SM1_dispatch_sel. } break. 2013 © Esterel Technologies .Confidential & Proprietary . if (inC->Unlock) { outC->M_pre_ = SSM_SM1_Unselected__ABC_N. if (inC->Unlock) { outC->M_pre_ = SSM_SM1_Preselected__ABC_N. } switch (SSM_SM1_dispatch_sel) { case SSM_SM1_Locked__ABC_N : outC->foreground = white_ABC_N. […] 23 © 2013 ANSYS. } else { outC->M_pre_ = SSM_SM1_Locked__ABC_N. } else { outC->M_pre_ = SSM_SM1_WaitUnlock__ABC_N. } break.An ISO 9001:2008 Certified Company . } else { SSM_SM1_dispatch_sel = outC->M_pre_. SSM_SM1_dispatch_sel = SSM_SM1_Unselected__ABC_N. case SSM_SM1_WaitUnlock__ABC_N : outC->foreground = black_ABC_N. outC->background = grey_ABC_N. October 2.The New DO-178C Documents OOT/RT (DO-332) TOOLS (DO-330) Airborne (DO-178C) Ground (DO-278A) FM FAQ. DP MBDV (DO-248C) (DO-333) (DO-331) 24 © 2013 ANSYS. Inc.Confidential & Proprietary .An ISO 9001:2008 Certified Company . 2013 © Esterel Technologies . Inc.SCADE Suite KCG DO-178C Certification Kit • The SCADE Suite KCG certification kit provides all the artifacts produced by Esterel Technologies during the development of the tool. October 2. and required by certification authorities in DO-178C for a software tool qualified at TQL-1 for DO-330: o o o o o o o Tool Qualification Plan (TQP) Tool Operational Requirements (LRM and KCG TOR) Tool Requirements (TR) Tool Installation Procedure (TIP) Version Content (VC) Tool Configuration Index (TCI) Tool Accomplishment Summary (TAS) 25 © 2013 ANSYS.Confidential & Proprietary .An ISO 9001:2008 Certified Company . 2013 © Esterel Technologies . October 2.An ISO 9001:2008 Certified Company .Confidential & Proprietary . Inc.Physical Modeling and Cosimulation with the Embedded Software 26 © 2013 ANSYS. 2013 © Esterel Technologies . 2013 © Esterel Technologies .An ISO 9001:2008 Certified Company .Confidential & Proprietary . October 2.Physical Systems Simulation Need natural and flexible modeling • Through acausal modeling based on conservative laws of physics • Modeling can be achieved by connecting physical components Need to co-simulation physical and software models • FMI provides efficient and standards co-simulation Need multi-disciplinary modeling • VHDL/AMS for the more electical/electronics components • Modelica for the more mechanical components Need multi-scale modeling • Direct link to 3D simulation • And Reduced Order Models (ROM) allow efficient multi-scale simulation 27 © 2013 ANSYS. Inc. END USE. Impulse Response Extracted LTI.An ISO 9001:2008 Certified Company . Inc. ELSE Current == cap*voltage'dot. Stiffness Matrix Electromagnetic (FEA) 28 © 2013 ANSYS.System Simulation with Simplorer Co-Simulation C/C++ User Defined Model Matlab  Matlab Simulink RBD Maxwell CFD Simulation Data Bus/Simulator Coupling Technology States: Blocks: Circuits: Model Extraction: Equivalent Circuit. 2013 Thermal (FEA/CFD) Fluidic (CFD) V0 == init_v. VHDL-AMS IF (domain = quiescent_domain) Mechanical (FEA) October 2.Confidential & Proprietary . © Esterel Technologies . October 2. 2013 © Esterel Technologies .Build the System Model 29 © 2013 ANSYS.Confidential & Proprietary .An ISO 9001:2008 Certified Company . Inc. October 2.VAL G_T2 := -SC.00m 0 50.I [A] LB.VAL 2L3_GTOS PhaseA1 Rotor1 + w B6U + D1 D3 D5 g_r1 g_s1 g_t1 PhaseA2 Rotor2 ~ ~ ~ PHI = 0° V PhaseB1 PHI = -120° PhaseB2 PHI = -240° D2 D4 D6 PhaseC1 g_r2 g_s2 g_t2 AMPLITUDE := 800 V FREQUENCY := 60 Hz FREQ := 800 Hz AMPL := 800 PHASE := 0 deg FREQ := 50 Hz AMPL := 500 PHASE := -315 deg PHASE := -75 deg ICA: Fed by ac-dc-ac inverter SA SB LL:=237.00 * LD.Couple 0D and 3D Accurate Simulation Induction Electric Motor FEA (3D) coupled with Simplorer (0D) G_R1 := SA.56u RA:=696.TotalIterations Value 111.29k 40.00m 100.076m LDUM:=100m CDC:=10m LDC:=10m RDC:=10 VZENER:=650 PhaseC2 FEA Name SIMPARAM1.00m 30 © 2013 ANSYS.00k PHASE := -195 deg SC SIMPARAM1.I [A] LC.TotalSteps FEA1.V [V] 0 Speed 0 -500.FEA_STEPS 300.00 0 50.I [A] VDC.00 200.00 Current LA.VAL G_T1 := SC.50k 1.I [A] 425.VAL 1400 rpm Frequency controlled speed 3PHAS A * sin (2 * pi * f * t + PHI + phi_u) G_R2 := -SA.VAL G_S1 := SB.00m -500.00 Torque 0 1.00k 100.00 -715. 2013 © Esterel Technologies .00m 100. Inc.50 0 50.Confidential & Proprietary .RunTime [s] SIMPARAM1.00 -297.VAL G_S2 := -SB.00 -200.51k 10.An ISO 9001:2008 Certified Company .00m 100. 2013 © Esterel Technologies . Fluids.Confidential & Proprietary . Inc. October 2.Perform More Efficient Simulation with Reduced Order Models (ROM) ROMs can be automatically generated for Mechanical. Electromagnetism 31 © 2013 ANSYS.An ISO 9001:2008 Certified Company . An ISO 9001:2008 Certified Company .Confidential & Proprietary . 2013 © Esterel Technologies .Co-simulation between 0D Model and Embedded Software Physics Models in Simplorer (VHDL/AMS). October 2. Inc. coupled through FMI 32 © 2013 ANSYS. Software Models in SCADE. An ISO 9001:2008 Certified Company .Confidential & Proprietary .Simulation Driven Product-Development (SDPD) 33 © 2013 ANSYS. Inc. October 2. 2013 © Esterel Technologies . Confidential & Proprietary . 34 © 2013 ANSYS. 2013 © Esterel Technologies .An ISO 9001:2008 Certified Company . Inc.Deploying the Applications ARINC 653 (IMA) ARINC 661 TTEthernet etc. October 2. Inc.SCADE Solutions for IMA 35 © 2013 ANSYS. October 2. 2013 © Esterel Technologies .An ISO 9001:2008 Certified Company .Confidential & Proprietary . Confidential & Proprietary . Inc. 2013 © Esterel Technologies .An ISO 9001:2008 Certified Company .IMA Challenges • Manage complexity of system Integration • Ensure determinism of the system behavior • Manage System / Software communication and synchronization • Capability to perform testing early in the process • Automate IMA configuration tables generation • Certification according to DO-178B/C and DO-297 (IMA) 36 © 2013 ANSYS. October 2. Integration.The Stakeholders in an IMA Program • System Architect Designer and Integrators – Architecture.An ISO 9001:2008 Certified Company . Platform.Confidential & Proprietary . Apps. October 2. Inc. Application Acceptance • Application Suppliers – • IMA Platform Suppliers – Hardware resources and Software drivers Ensure Time and space partitioning Access to hardware resources in an abstracted manner (APEX interfaces standard) Certification of Modules. Platform Acceptance. System • ARINC 653 OS Suppliers – – • Certification Authorities – 37 © 2013 ANSYS. System Acceptance Application. 2013 © Esterel Technologies . An ISO 9001:2008 Certified Company .g. Networks: AFDX.IMA Workflow Manual or legacy Code Application1 (e.g. FMS) Application2 (e. ARINC 429…) 38 © 2013 ANSYS. I/O.g. Inc. TCAS) Partitions Partitions Partitions IMA Configuration Table IMA Usage Domain (Plaform Constraints) IMA Platform provider A653 API IMA Operating System IMA HW Platform (CPU.Confidential & Proprietary . FCS) Application3 (e. 2013 © Esterel Technologies . October 2. 2013 © Esterel Technologies . October 2. Inc.SCADE Solutions for ARINC 661 39 © 2013 ANSYS.Confidential & Proprietary .An ISO 9001:2008 Certified Company . 2013 Pilot inputs © Esterel Technologies .An ISO 9001:2008 Certified Company . ATC) UA3 (e.g.g. TCAS) A R I N C Set Parameter A661 RunTime Server Embedded Cockpit Display System (Graphics) Notify Embedded IMA System (Logics) 6 6 1 UA SUPPLIER 40 © 2013 ANSYS.Confidential & Proprietary .g. FMS) UA2 (e. Inc.The ARINC 661 Use Model Binary Definition Files CDS SUPPLIER 0110101 0100011 1001010 1000101 0111101 UA1 (e. October 2. SCADE Suite & Display KCG) C Code DF Custom A661 Widget Library SCADE UA1 (e. Inc.SCADE Solutions for ARINC 661 UA Logic (SCADE Suite) Logic / Graphics Coupling Cockpit Display System: Configurable ARINC 661 Server Generation UA Page Creator Custom A661 Widget Library Widget Creator + Widget Library SCADE Suite KCG C UA Adaptor UA DF Generator XML BIN A661 Conf Server Creator (feat.An ISO 9001:2008 Certified Company .g. FMS) SCADE UA2 (e. ATC) Request /Notify A R I N C 6 6 1 Configurable Embedded A661Server A661 Server Custom A661 A661 Widget Widget Library Library Embedded IMA System (Logics) Embedded Cockpit Display System (Graphics) UA SUPPLIER(s) / AIRFRAMER 41 © 2013 ANSYS.g. October 2.g. 2013 CDS SUPPLIER / AIRFRAMER © Esterel Technologies .Confidential & Proprietary . TCAS) Other UA3 (e. An ISO 9001:2008 Certified Company . October 2.Confidential & Proprietary .SCADE Integration with TTEthernet 42 © 2013 ANSYS. Inc. 2013 © Esterel Technologies . Inc. 2013 © Esterel Technologies .SCADE – TTEthernet Implementation End System SCADE System Network Definition XML TTE Plan Software SCADE Suite TTE Build NC TTE Build DC P1 P2 P3 P4 P5 … Px VxWorks 653 Single Board Computer Hardware PMC card Binary © by TTTech 43 © 2013 ANSYS. October 2.Confidential & Proprietary .An ISO 9001:2008 Certified Company . Confidential & Proprietary . Inc.An ISO 9001:2008 Certified Company . 2013 © Esterel Technologies .Achieving ARP 4754A System Objectives with SDPD 44 © 2013 ANSYS. October 2. cost and schedule. and disposal. Inc. performance.Confidential & Proprietary . training and support.  and then proceeding with design synthesis and system validation  while considering the complete problem: operations. October 2. manufacturing. • Systems engineering considers both the business and the technical needs of all customers with the goal of providing a quality product that meets the user needs.  documenting requirements. test. 2013 © Esterel Technologies . • It focuses on defining customer needs and required functionality early in the development cycle.What is Systems Engineering? • “Systems engineering is an interdisciplinary approach and means to enable the realization of successful systems.An ISO 9001:2008 Certified Company .” INCOSE (International Council on Systems Engineering) 45 © 2013 ANSYS. Inc.An ISO 9001:2008 Certified Company . 2013 © Esterel Technologies .Confidential & Proprietary . October 2.ARP4754 Guidelines and the other Aeronautics Safety Standards • The global picture 46 © 2013 ANSYS. October 2. 2013 © Esterel Technologies . Inc.An ISO 9001:2008 Certified Company .Confidential & Proprietary .ARP-4754A Integral Processes Development Assurance Level Assignment Aircraft Function Development Certification Coordination Safety Assessment System Development Requirements Capture Requirements Validation Item Development Implementation Verification Configuration Management Process Assurance 47 © 2013 ANSYS. Inc.ARP-4754A: Development AND Safety Safety Assessment Process Aircraft Functions Safety Requirements System Development Process Aircraft Function Development FHA Functional Hazard Analysis System Functions Allocation of Aircraft Functions to Systems Development of the System Architecture PSSA Preliminary System Safety Assessment SSA System Safety Assessment Item Requirements Allocation of System Requirements to Items Implementation System Implementation Certification 48 © 2013 ANSYS.Confidential & Proprietary . October 2.An ISO 9001:2008 Certified Company . 2013 © Esterel Technologies . October 2.Confidential & Proprietary .An ISO 9001:2008 Certified Company . Inc.ARP 4754: SCADE MBSE V-Cycle: Focus on Simulation Driven Product Development (SDPD) Requirements Validation Functional Decomposition Architecture Validation System Verification Virtual Architecture Definition Allocation of Functions to Items Allocation of Requirements to Items Virtual Integration Simplorer Simplorer Modeling and Simulation of Items Simulation Driven Product Development 49 © 2013 ANSYS. 2013 © Esterel Technologies . Inc. October 2.Virtual Integration: Simplorer / SCADE Simplorer Co-Simulation 0 1 1 FBY 1 PWM1 PWM2 1 1 mod_counter HallA HallB MOD_CNT_RIPPLE 6 0 new_pwm_cycle PWM3 PWM4 drv ::BLDC_PWM PWM5 PWM6 1000 drv ::HALL HallC duty HallA 1 read_ishunt HallB HallC drv ::SpeedCalc speed 1 last 'duty_pid Init 1000 MEM Write duty new_pwm_cycle read_ish unt 3 <ElectricTorqueRegul> CurrentSet PID duty_pid 1 1000 1 Ishunt 3 Abs 3 1 0 BLDC Motor Controller In SCADE Suite 50 © 2013 ANSYS. 2013 © Esterel Technologies .An ISO 9001:2008 Certified Company .Confidential & Proprietary . Inc.Confidential & Proprietary . 2013 © Esterel Technologies .New System Engineering Handbook 51 © 2013 ANSYS. October 2.An ISO 9001:2008 Certified Company . An ISO 9001:2008 Certified Company .Confidential & Proprietary .Conclusions 52 © 2013 ANSYS. 2013 © Esterel Technologies . October 2. Inc. October 2.An ISO 9001:2008 Certified Company .Benefits of the proposed Model-Based System and Software Engineering Approach • Model-Based Systems Engineering • Model-Based Embedded Controls development • Integrated Multi-physics and Software simulation (SDPD) • Automated Deployment of Applications • Development Costs Reduction targeted Product Development Process Improvements 50% 2X 53 © 2013 ANSYS.Confidential & Proprietary . 2013 • Time-to-Certification Speed up targeted © Esterel Technologies . Inc. Confidential & Proprietary . October 2. 2013 © Esterel Technologies .An ISO 9001:2008 Certified Company .54 © 2013 ANSYS. Inc. Thank you! 55 © 2013 ANSYS. October 2.Confidential & Proprietary . 2013 © Esterel Technologies .An ISO 9001:2008 Certified Company . Inc.