Upload
ansys-inc
View
167
Download
8
Tags:
Embed Size (px)
Citation preview
© 2015 ANSYS, Inc. August 7, 20151 © Esterel Technologies - An ISO 9001:2008 Certified Company - Confidential & Proprietary
ANSYS SCADE®User Presentation
PIAGGIO Aerospace
Paris
October 17-18, 2013
MPA VCMS Application SoftwareSCADE Modeling & Testing
SCADE on BOARD
An aerospace company operating in the aircraft and engines business
o Founded in 1884
o First aircraft in 1922
A vertically integrated organization capable too design, develop and manufacture aircraft
o manufacture aero engines parts
o maintain, repair and overhaul aircraft and aero engines
Privately held, international & national shareholders
Italy located, with approximately 1,400 employees
o High presence of engineers (# 160)
o Full product lifecycle management capability
Over 90 years in the aerospace industry, Piaggio has designed and produced Engines, Propellers, Seaplanes, Helicopters, Record and Race Aircrafts, Military & Civil Utility aircrafts
Aircraft Production
Current products:
- P180 AVANTI II
- P166 DP1 (out of production)
Aircraft Customer Support
Supported aircraft:
- P.180 AVANTI I & II
- P.166 DL3 & DP1
EngineProduction
Manufacturing:
Honeywell: T55; P&W: PW100
PW200, F-135; Rolls Royce: RRTM
322
Complete Assembly/Test:
PW200
EngineMRO
Serviced engines:
Honeywell: T53, T55, LTP; P&W:
PW200; Rolls Royce: Allison 250,
Gem, Viper
Superior technology and unique design
o Advantage of the propulsion engines: enhanced aerodynamics and less noise in the cabin
o Jet-like speed: 745 km/hr
o Long range: 2,795 km
o Revolutionary 3 lifting surfaces: unique design for improved dynamics
o Reduced fuel consumption and reduced maintenance results in a lower operating cost
P180 boasts technical characteristics and performance which can only be compared with the entry level jets
o Superior class of aircraft in terms of performance, price and operating cost
New state of the art avionics
More cabin space for best-in-class passenger comfort
New, state-of-the-art Unmanned Aerial System (UAS) designedfor Intelligence, Surveillance and Reconnaissance (ISR) missions
Performance and operational characteristics is at the very topend of the UAS MALE category.
An unmatched combination of range, wide operative speeds, fastclimb gradient, high operative ceiling and variety of payloads,providing powerful yet flexible Defense System that outperformsother MALE Systems.
Suited for a wide range of ISR, Defense and Security missions,and defines an unsurpassed mission role flexibility and sets anew frontier of CONcept of OPerationS (CONOPS) for Defense.
Derived from the successful Piaggio Aero P.180 Avanti IIbusiness aircraft, the fastest twin turboprop aircraft in the worldwith a proven, uneventful, service record of more than 20 yearsand 800.000 flight hours.
Transform a conventional, manned aircraft in an unmanned airvehicle with a high degree of autonomy to operate beyond line ofsight
Design a Vehicle Command & Control architecture that can becertified against requirements that are not yet completelydefined
Support a design road map which foresees growingfunctionalities to support different operational roles
Do the job with a strictly controlled number of experts to limitthe management overhead
Collect the requirements from cabling diagrams, operators’ andpilots’ experience, flight manuals
Last but not least the task had to be completed, at least for theprototype phase, within a very short time frame
Vehicle Control and Management System (VCMS)◦ The brain, most critical system, of the air vehicle◦ Implement all the functions required for platform management in a
powered version of the Flight Control System
Partitioning techniques◦ Segregated environment where software applications of each function to
run without interfering each other, to avoid propagation of failures
Model Based methodology◦ Allow the system engineers to model each function autonomously◦ Check function behavior on a host computer before using the real
hardware
Automatically generate source code from the functions’ models◦ Minimize the effort required to verify that the source code corresponds to
the system model
Given these assumptions, SCADE looked like the perfect solution
Actuation Engines
Remote Interface Units
Flight Control Computer(IMA Platform)
Sensors
The P1HH VCMS manages:◦ The Flight Control System◦ The Propulsion System◦ The Electrical Power Generation & Distribution System◦ The Landing Gear System◦ The Braking System◦ The Ice detection/Ice protection System◦ The Navigation System◦ The Communication System
Achieved by providing an Integrated Flight ManagementSystem which coordinates all the above systems
Furthermore the VCMS provides◦ A Health Management System which monitor all the functions◦ In case of failure, reconfigure the whole system to limit
performance degradation
VCMS aircraft major functions are:◦ Flight Management System
◦ Flight Functions
◦ Engine Management
◦ Ground Functions
◦ Navigation
VCMS is an Integrated Modular Avionics System. ◦ An IMA applicaton is implemented for each aircraft function
◦ Each major function contains more minor functions: e.g. Engine Management contains Engine Logics, Fire Detection and Fuel Management
◦ Each minor function is defined using SCADE
All P1HH VCMS functions have to be implemented fromscratch
P1HH is a huge UAV: Safety Level will be DAL B at least, DAL Afor the most critical functions
P1HH program schedule is very aggressive, therefore it isnecessary to speed up the information flow from System toSoftware engineers. Fast prototyping is required for theprototype phase.
Software verification and validation activities take a lot oftime. This time has to be reduced
System integration and validation activities time on rig andaircraft has to be reduced using simulation
A new process, had to be put in place. High level requirements wereavailable in different formats:
◦ As Operational Requirements (Textual), where the systemEngineers were collecting all the informations – functions,interfaces, redundancy – required for each function
◦ As Operational Manuals (Textual), when instructions to operatethe aircraft were inherited from the P.180 (e.g. Pilot OperationalHandbook)
◦ As Matlab/Simulink models for Control Laws
The first step was to implement SCADE models based on functionalrequirements from the above documentation:
◦ Manually for textual requirements (done directly by systemengineers)
◦ (almost) Automatically via the Simulink Gateway
The SCADE models were used directly to generate, by KCG, thesource code which runs on the target computer
A/C SPECs or Pilot Procedures
VCMS Funct. XFRD
(Simulink)
Sub System XOperational
Requirements
Sub System YOperationalRequirement
…
…
VCMS Funct. YFRD
Spec. Model(SCADE)
VCMS Funct. XFRD
Spec. Model(SCADE)
APPLICATION
VCMS Funct. X
Src Code
VCMS Funct. Y
Src Code
…
Glue Code
SCADE KCG SCADE KCG
P1HH Development Process
VCMS Funct. ZHLR
Natural Language
Sub System ZOperational
Requirements
VCMS Funct. ZLLR
Natural Language
DEVELOPER
VCMS Funct. Z
Src Code
…
…
Test vectors were generated for each model. Formodels derived from Simulink models, testvectors have been translated from Simulink testvectors.
Test vectors were run to validate the SCADEModel by SCADE LifeCycle QTE (Qualified TestEnvironment)
Model coverage has been checked using SCADESuite MTC (Model Test Coverage)
Test vectors have been translated in the targetcomputer executable code to check eachapplication on the real hardware
Sub SystemOperationalRequirement
SimulinkTest
Vectors
SimulinkModel
SCADE
Simulink
Gateway
TranslatedSCADE Model
Test VectorsTranslation
SCADE Input Scenario/
Expected Results
QTE
Model ValidationTest Results
Goal : To be confident thatthe Translated SCADE Modelhas the same functionalbehavior of the input Simulink Model
Sub SystemOperational
Requirement & Simulink Models
VCMS Funct.FRD
Spec. Model (SCADE) SCADEInput Scenario
Test Results
DOORS Environment
Links from Test cases toOperational Reqs
Test Cases
QTE
SCADE RM GATEWAY
SCADE SemanticChecker
SCADE model validation Process
Verification activities described in theprevious slide exponentially increase◦ As the number of inputs of each model grows◦ As when more than one model is involved
The management of all the test vectors, interms of generation, validation andconfiguration, was quickly becoming an issue
The solution was found in the usage SCADELifeCycle QTE, still under test, whichautomates the verification of test results.
The project schedule did not allow, for the prototypephase, to perform all required DO-178 verification
At the same time some steps can be automated due to theusage of SCADE
One of the tasks that had to be performed anyway to provethe robustness of the software implementation was thestructural coverage.
MTC to analytically verify the structural coverage that thefunctional test performed by the test vectors.
Results gathered from the MTC tool were further analysedand, when the coverage was not deemed satisfactory,additional tests were designed and performed to providemore coverage
SCADEModel
QTE Input
QTE (MTC)
Model CoverageReport
Goal: To measure the Model Coverageachieved by the developed set of test cases in order tofullfil the DO-178B
Test cases are formalized in DOORS environment. For each test case are defined◦ Test steps
◦ Test case expected results
SCADE LifeCycle QTE input are generated, foreach test case starting from Test steps and Test cases expected results.
IMA Platform
SCADE Auto-code
SCADEInput scenario
Test Results
APPLICATION executable code TEST APPLICATION
SCADEExpected Results
IntegratedExp.Res. 1
SCADE model autocode validationon IMA platform
IntegratedTest Vect. 1
VCMS FunctExecutable
Code
SCADEInput scenario
translation
SCADEExpected results
translationSource Code
integration activities
Glue code
Models of the different functions have been progressivelyput together on host; this allowed to build a sort of virtualVCMS to check the correct integration of the applicationswell in advance with respect to System Integration.
Once System Integration took place, data from the realworld was used and fed into the test vectors to furtherverify the models
These verification activities allowed to identify and solvethe great majority of the design problems even beforeperforming System Integration. Thus, problems foundduring System Integration have been a very limitednumber and all of them are due to hardware interfaces(impedance adaptation, actuation delays etc).
System Integration Modeling -Virtual VCMS
BRK
FCS
CL
EL
FML
Interfaces
Models interactions
Ground Functions
Flight Management System
Engine Management
Navigation
Application source code produced ~ 125000 SLOC
Percentage of autogenerated SLOC 86%
Development time ~ 5 working months
Size of System Engineering team (peak) 10 engineers
Size of System Engineering team (average) 4 engineers
Size of SW development team 9 engineers
Number of test cases managed by QTE ~ 400
Average decision coverage obtained 95%
P1HH Demo Low Speed Taxi has been performed in February 2013
P1HH Demo First Flight has been performed on August 8th, 2013
P1HH prototype first flight is planned by the first quarter of 2014
P1HH configuration will grow through incremental software releases, each one adding new functionalities
Achievement of the P1HH full configuration is planned by 2015
Improve automatization of executable codevalidation on the target computer
Use SCADE System for VCMS system modeling
Complete the ‘virtual’ model of the VCMS,including all the computers, to allow extensivesimulation on host
Introduction of SCADE Display to support GroundControl Station synoptic pages development andcomplete the virtual VCMS by providing the realuser interface
Nice to have:
◦ Improved traceability interface
FACE Introduction
FACE Platform Example
FACE Technical Specification
SCADE Solutions for FACE
© 2015 ANSYS, Inc. August 7, 201529 © Esterel Technologies - An ISO 9001:2008 Certified Company - Confidential & Proprietary
Learn more on
ANSYS Systems & Embedded Software Solutions
Click Here
http://www.ansys.com/Products/Simulation+Technology/Systems+&+Embedded+Software