Search Results

This paper presents a demonstrator developed in the European CleanSky2 project MISSION (Modelling and Simulation Tools for Systems Integration on Aircraft). Its scope is the development towards a seamless integrated, interconnected toolchain enabling more efficient processes with less rework time in todays, highly collaborative aerospace domain design applications. The demonstration described here, consists of an open, modular and multitool platform implementation, using specific techniques to achieve fully traceable (early stage) requirements verification by virtual testing. The most promising approach is a model based integration along the whole process from requirements definition to the verified, integrated (and certified) system. Extending previous publications in this series, the paper introduces the motivation and briefly describes the technical background and a potential implementation of a workflow suitable for that target.

This paper presents an overview of a project called “Modelling and Simulation Tools for Systems Integration on Aircraft (MISSION)”. This is a collaborative project being developed under the European Union Clean Sky 2 Program, a public-private partnership bringing together aeronautics industrial leaders and public research organizations based in Europe. The provision of integrated modeling, simulation, and optimization tools to effectively support all stages of aircraft design remains a critical challenge in the Aerospace industry. In particular the high level of system integration that is characteristic of new aircraft designs is dramatically increasing the complexity of both design and verification. Simultaneously, the multi-physics interactions between structural, electrical, thermal, and hydraulic components have become more significant as the systems become increasingly interconnected.

Increasing productivity along the development and verification process of safety-related projects is an important aspect in today’s technological developments, which need to be ever more efficient. The increase of productivity can be achieved by improving the usability of software tools and decreasing the effort of qualifying the software tool for a safety-related project. For safety-critical systems, the output of software tools has to be verified in order to ensure the tools’ suitability for safety-relevant applications. Verification is particularly important for test automation tools that are used to run hardware-in-the-loop (HIL) tests of safety-related software automatically 24/7. This qualification of software tools requires advanced knowledge and effort. This problem can be solved if a tool is suitable for developing safety-related software. This paper explains how this can be achieved for a COTS test automation tool.

To make the development of complex aircraft systems manageable and economical, tests must be performed as early as possible in the development process. The test goals are already set in advance before the first hardware for the ECUs exists, to be able to make statements about the system functions or possible malfunctions. This paper describes the requirements on and solutions for test systems for ECUs that arise from these goals. It especially focuses on how a seamless workflow and consistent use of test systems and necessary software tools can be achieved, from the virtual test of ECUs, which exist only as models, up to the test of real hardware. This will be shown in connection with a scalable, fully software-configurable hardware-in-the-loop (HIL) technology. The paper also covers the seamless use of software tools that are required for HIL testing throughout the different test phases, enabling the reuse of work products throughout the test phases.

Model-based development is the established way of developing embedded control algorithms, especially for safety-critical applications. The aim is to improve development efficiency and safety by developing the software at a high abstraction level (the model) and by generating the implementation (the C code) automatically from the model. Although model-based development focuses on the models themselves, downstream artifacts such as source code or executable object code have to be considered in the verification stage. Safety standards such as ISO 26262 require upper bounds to be determined for the required storage space or the execution time of real-time tasks, and the absence of run-time errors to be demonstrated. Static analysis tools are available which work at the code level and can prove the absence of such errors. However, the connection to the model level has to be explicitly established.

Embedded software in the car is becoming increasingly complex due to the growing number of software-based controller functions and the increasing complexity of the software itself. Model-based development with Simulink combined with TargetLink for automatic code generation helps significantly to improve the quality of the embedded software. The development of large-scale Simulink models in distributed teams is a challenging task, especially when developing safety-critical software that must fulfill requirements stated in the ISO 26262 [1] safety standard. In practice, many questions on how to avoid the pitfalls of distributed model-based development remain open, such as how to define an appropriate model architecture, handle model complexity, and achieve compliance with ISO 26262. The intent of this paper is threefold. Firstly, we summarize those requirements of ISO 26262 that are relevant for developing complex software in a distributed environment.

The essential task of a battery management system (BMS) is to consistently operate the high-voltage battery in an optimum range. Due to the safety-critical nature of its components, prior testing of a BMS is absolutely necessary. Hardware-in-the-loop (HIL) simulation is a cost-effective and efficient tool for this. Testing the BMS on a HIL test bench requires an electronics unit to simulate the cell voltages and a scalable real-time battery model. This paper describes a HIL system that enables comprehensive testing of BMS components. Hardware and software solutions are proposed for the high requirements of these tests. The individual components are combined to make a modular system, and safety-critical aspects are examined. The paper shows that the system as developed fulfills all the requirements derived from the different test scenarios for BMS systems.

Model-based software development and automatic code generation have become increasingly established in recent years. The automotive industry has widely adopted and successfully deployed these methods in many different series production programs worldwide. This brought various benefits, such as a reduction in development times, improved quality due to more precise specifications, and early verification and validation by means of simulation. At the same time, more and more safety-related and safety-critical systems have been - and will be -introduced into modern vehicles. Common examples are active front steering, adaptive cruise-control, and integrated chassis control. This leads to the question, if and how model-based design and automatic production code generation can be applied to the development of safety-critical systems.

This paper will first introduce and classify the basic principles of architecture-driven software development and will briefly sketch the presumed development process. This background information is then used to explain extensions which enable current behavior modeling and code generation tools to operate as software component generators. The generation of AUTOSAR software components using dSPACE's production code generator TargetLink is described as an example.

In future cars, mechanical and hydraulic components will be replaced by new electronic systems (x-by-wire). A failure of such a system constitutes a safety hazard for the passengers as well as for the environment of the car. Thus electronics and in particular software are taking over more responsibility and safety-critical tasks. To minimize the risk of failure in such systems safety standards are applied for their development. The safety standard IEC 61508 has been established for automotive electronic systems. At the same time, automatic code generation is increasingly being used for automotive software development. This is to cope with today's increasing requirements concerning cost reduction and time needed for ECU development combined with growing complexity. However, automatic code generation is hardly ever used today for the development of safety-critical systems.

This paper discusses the standards that can currently be applied to production code generators and examines five standards in detail: OSEK/VDX, MISRA C, ISO/IEC 15504 (SPiCE), which is compared to ‘CMM for Software’, and IEC 61508. The issues involved in meeting these standards or integrating them in production code generators are discussed. The suitability of automatic production code generation in safety-critical applications is described, taking the TargetLink production code generator from dSPACE as an example.