DevEX - reference for building teams, processes, and platforms
Innovation day 2012 16. koenraad rombaut & michiel de paepe - verhaert - model based design; added value & case study destecs'
1. CONFIDENTIAL
26.10.2012
Slide 2
DESTECS - DREDGING EXCAVATOR - VERHAERT CASE STUDY
MODEL BASED DESIGN FOR EMBEDDED
CONTROL SYSTEMS
CONFIDENTIAL
Koenraad Rombaut, Michiel de Paepe
Applied physics & systems
Koenraad.rombaut@verhaert.com, michiel.depaepe@verhaert.com
2. CONFIDENTIAL
26.10.2012
Slide 3
Model Based Design in general:
• What ?
• Why ?
• How ?
A model based design case study:
• Case study
• Models
• Conclusions & demonstration
Content
3. CONFIDENTIAL
26.10.2012
Slide 4
What ? Model driven engineering ?
Model based development ?
Build model
Plant / Process
Product design
Design
Concepts
Verification
Implement
Product code
Testing
ModelspaceCodespace
Model = system + control + environment + stimuli
Multi-domain = control + system behaviour
Coupling / transformations models design
requirements design implementation test scenario
4. CONFIDENTIAL
26.10.2012
Slide 5
Why ?
Why ?
• Cheaper & faster
• Higher reliability
• Better definition
When ?
• Complex processes / designs
Complex control strategies
• High reliability
• Early validation
• Fast developments
• Changing requirements
Outputs:
• design inputs
• insights
• derisk
5. CONFIDENTIAL
26.10.2012
Slide 6
Why : definition
Communication
between disciplines,
with customer & subcontractors,
over project phases
Re-use of subsystems
Safety factor for (sw) budget &
schedule
Needs Requirements Specs Design Implementation Documentation
Needs (what do we want) vs.
specifications (how do we define)
Specifying new (innovating) products
and subsystems
Changing requirements
6. CONFIDENTIAL
26.10.2012
Slide 7
Why simulation : early validation
Benefits
• More and faster iterations
• Parallel hw & sw development
• Multiple off-nominal and fault
testing (non feasible tests)
• Early full system validation
and risk mitigation without hw
• Less real-life testing
(= the poor man’s approach)
• More optimal system design
by sw-physics co-simulation
• Improved communication &
design specification
=> time & cost reduction
Traditional:
• sequential = lengthy
• validation on hw = late
Model based:
• Parallel = fast
• validation on model = early
Device
Requirements
System
Design
Subsystem
requirements
Detailled
Design
Functional
Test
Component
Test
Device
Validation
System
Verfication
7. CONFIDENTIAL
26.10.2012
Slide 8
Why early: cost vs. freedom
• Design & test
freedom
• Unlimited
measurements
in simulation
• Lots of risks
• Cost (project,
build,
measurement,
change)
• Real world
representation
• Number of
people
involved
Lab
model
Field
model
Virtual
model
Risk/Effort
Time
8. CONFIDENTIAL
26.10.2012
Slide 9
Re-use proven tools from high reliability
domains?
• Space, aeronautics, nuclear, automotive,
chemical plants
• Domain specific tools
• Tool cost not an issue
• Long learning curve, less flexibility
Need for a new toolchain
• affordable
• flexible, scalable
for generic developments
• easy learning (graphical ?)
• open (no vendor lock-in)
• automatic transformations
How ?
9. CONFIDENTIAL
26.10.2012
Slide 10
How: examples
Multi domain tools:
• Matlab/Simulink +
SimMech+StateFlow
+ RTW + AutoSar
• Dymola / Modelica
• LabView
• SysML / Raphsody
Some research projects
• Modelisar: Modelica +
Autosar
• Destecs: co-sim CT + DE
• Deploy: B for dependable
sw
10. CONFIDENTIAL
26.10.2012
Slide 11
How : Modelisar / Autosar ?
Application sw
Hardware
standardized
HW-specific
Customer needs
Adaptive Cruise Control
Lane Departure
Warning
Advanced Front
Lighting System
Using standards
Communication Stack
OSEK
Diagnostics
CAN, FlexRay
Autosar =
Automotive
hw interface
Modelica =
Plant modelling
11. CONFIDENTIAL
26.10.2012
Slide 12
Case study : excavator with Destecs
Complex
• manual operations
• => inherent fault tolerant design
• 3D dynamic motion, digging map & boundaries
• unknown soil conditions
• multidomain: hydraulics, mechanics, sw
Well known case
• Manual operator as a reference
• Scalable & testable
Destecs differentiators:
• discrete event (sw) & continuous time (physics)
• fault injection & error checking
• open
12. CONFIDENTIAL
26.10.2012
Slide 13
Model Based Design in general:
• What ?
• Why ?
• How ?
A model based design case study:
• Case study introduction
• Models
• Scale model
• Continuous time model
• Discrete event model
• Conclusions & demonstration
Content
13. CONFIDENTIAL
26.10.2012
Slide 14
DESTECS inspiration
• Inspiration
• Use collaborative multidisciplinary design of Embedded Systems
• Rapid construction and evaluation of system models
• Evaluated on industrial applications
• Need because of Embedded Systems
• More demanding functional & non-functional requirements
• Reliability, Fault Tolerance
• Increasingly distributed
• More design possibilities, and faults
• Communication between physics and control
14. CONFIDENTIAL
26.10.2012
Slide 15
DESTECS approach
• Methods and Open tools
• Model-based approach for collaborative design of ECS
• Co-simulation
• Different tools, reflecting relevant aspects of design
• Rapid, consistent analysis & comparison of models
• Advances needed in
• Continuous time modeling
• Discrete event modeling
• Fault modeling and fault tolerance
• Open tool frameworks
24. CONFIDENTIAL
26.10.2012
Slide 25
Safety unit
• Redundant system
• In normal circumstances, no action
• Overrules controller at controller failure
Software bug,
unforeseen situation,
hardware failure
• If triggered, 3 actions:
Trigger emergency state on controller
Overrule output and thereby stop all motion
Cut off power to the motors (unimplemented, slows down CT)
28. CONFIDENTIAL
26.10.2012
Slide 29
Conclusions
• Ability to implement large level of complexity at both sides:
Physics and Controller
• Currently it’s an academic tool, not mature.
• Steep learning curve, only for large and complex projects
29. CONFIDENTIAL
26.10.2012
Slide 30
Excavator : current practice
Mechanics
• 3D CAD
System design
• requirements doc
• architecture doc
• design specs doc
Electronics
• schematic
Hydraulics
• 1D model
control sw
• C-code
Detailed design
Build &
Integration
Final product
• Test & verification
sensor
actuator
30. CONFIDENTIAL
26.10.2012
Slide 31
20sim
• continuous time
• multi-disciplinary
• graphical
• open libraries with
validated components
• from high level to detailed
Co-Sim IF
• version tracking
• co-sim solver
• design space exploration
• fault injection
VDM++
• discrete event
• inherent condition checking
• formal
• graphical (via UML)
• support for sw methods
• C-code generation
Excavator : with DESTECS
33. CONFIDENTIAL
26.10.2012
Slide 34
VERHAERT MASTERS IN INNOVATION®
Headquarters
Hogenakkerhoekstraat 21
9150 Kruibeke (B)
tel +32 (0)3 250 19 00
fax +32 (0)3 254 10 08
ezine@verhaert.com
More at www.verhaert.com
VERHAERT MASTERS IN INNOVATION®
Netherlands
European Space Innovation Centre
Kapteynstraat 1
2201 BB Noordwijk (NL)
Tel: +31 (0)633 666 828
willard.vanderheijden@verhaert.com
More at www.verhaert.com
VERHAERT MASTERS IN INNOVATION®
helps companies and governments to innovate.
We design products and systems for organizations looking for new ways to provide value
for their customers.
We are a leading integrated product innovation center; creating technology platforms,
developing new products and business in parallel, hence facilitating new-growth strategies
for our clients.
Editor's Notes
ask background of public: sw or non-sw
models are used in most development for analysis
model based = tight coupling between model and design
during implementation, models are often not kept uptodate, because cost is higher than benefit.
Cost is high because keeping them aligned (updating info in 2 places) often has to be done manually = labour intensive, error prone
! for good abstract modelling, languages need to be domain specificUML = general purpose, has not proven to be succesfull, on the contrary, some succesfull examples have been realised with domain specific modelling languages
First: Put your process and your design in a model
Second: Verify your design against your requirements by simulation
Next: do some iterations if needed
Finally: Implement your proven design
Explicit modelling
Using most appropriate modelling languages (formalisms)
Automating transformations
(for analysis, for simulation, for code synthesis, for testing)
Example: inverted pendulum / Segway, complex processes / designs, reliability
Modelling:
requirements
design
implemenation
test scenario
Cartoon: communication, validation, conflict between physics and software
Cartoon: everybody knows, everybody laughs because everybody recognises => real problem (“give me something with 2 ropes where I can sit on, you know ? Yes, I know”)
First show cartoon and ask some questions, then show rest of slide
Communication: between customer & contractor + between disciplines
Testing = the poor man’s approach
ask public
Segway : model based control algorithms (Matlab / Simulink), but approval for public road use is hard to get
ask background of public: sw or non-sw
The Vienna Development Method (VDM) is one of the longest-established Formal Methods for the development of computer-based systems.
Computing systems may be modeled in VDM-SL at a higher level of abstraction than is achievable using programming languages, allowing the analysis of designs and identification of key features, including defects, at an early stage of system development. Models that have been validated can be transformed into detailed system designs through a refinement process. The language has a formal semantics, enabling proof of the properties of models to a high level of assurance. It also has an executable subset, so that models may be analyzed by testing and can be executed through graphical user interfaces, so that models can be evaluated by experts who are not necessarily familiar with the modeling language itself.