DLR @ Scilab Conference 2018

Towards Model-based Design of Mission-Critical
Avionics using Scilab/Xcos
David Müller and Umut Durak
German Aerospace Center (DLR), Institute of Flight Systems

• Introduction:
• the 4th Revolution of Aeronautics and its challenge
• the ARGO project
• DLR‘s use case for ARGO
• introduction of Terrain Awareness and Warning Systems
• selected examples of the implementation in Scilab/Xcos
• our user experience
• The ARGO workflow
• X-in-the-Loop Testing
• Outlook
Outline
> Towards Model-based Design of Mission-Critical Avionics using Scilab/Xcos > David Müller > 20.11.2018DLR.de • Chart 2

The Evolution of Aeronautics
DLR.de • Chart 3
After realizing far reaching automation levels on aircraft, the aeronautics
is on the cusp of the 4th revolution, the “smart” and “connected” flight!
> Towards Model-based Design of Mission-Critical Avionics using Scilab/Xcos > David Müller > 20.11.2018

New methodologies and approaches are crucial to increase product performance
and boost productivity in development, while also maintaining safety levels.
The emerging challenge: Increasing complexity
DLR.de • Chart 4
J. P. Potocki De Montalk, "Computer software in civil aircraft," Computer Assurance, 1991. COMPASS '91, Systems Integrity, Software Safety and
Process Security. Proceedings of the Sixth Annual Conference on, Gaithersburg, MD, 1991, pp. 10-16.

2012 - EADS Innovation Works: utilization of multi-core systems in partitioned
environments
2013 – CASSIDIAN: application of multi-core architectures for a degraded vision
landing system for a helicopter
2014 – THALES: design principles of predictable and efficient multi-core
systems to meet embedded computer requirements in avionics
2014 - Saab Aeronautics: guaranteeing determinism for avionic applications
running on multiple cores and interacting through shared memory
Trend in Avionic Systems – recent research projects
DLR.de • Chart 5 > Towards Model-based Design of Mission-Critical Avionics using Scilab/Xcos > David Müller > 20.11.2018

All efforts concentrate on the applicability regarding the safety constraints of
the avionics domain.
• There is no reported effort that attacks the development
methodology for avionics application using multi-core architectures.
… how to boost productivity on development?
Something is missing here!

The rise of modeling and simulation based approaches has been phenomenal!
How can we apply modeling and simulation based approaches for
multi-core systems?
Modeling and Simulation Based Development

Developing embedded parallel real-time software for
multicore processors is time-consuming and error-
prone.
ARGO aims to help software developers in achieving
better utilization of the benefits of multiprocessor hardware platforms, regardless
of their level of experience with parallel programming
DLR’s role in ARGO: to develop a Terrain Awareness and Warning System
(TAWS) as a use case for the ARGO toolchain and integrate it into the A320
cockpit of AVES, DLR’s Air Vehicle Simulator.
This project has received funding from the European Union’s Horizon 2020 research and innovation
programme under grant agreement No 688131 — ARGO.
http://www.argo-project.eu/
The ARGO project
Worst Case Execution Time (WCET)-Aware PaRallelization of Model-Based
Applications for HeteroGeneOus Parallel Systems

A TAWS is a flight system (a supervisory controller) that creates visual and
aural warnings in order to avoid Controlled Flight into the Terrain.
Terrain Awareness and Warning System
Example Case
DLR.de • Chart 9
Basic Modes:
Mode 1: Excessive Descent Rate
Mode 2: Excessive Terrain Closure Rate
Mode 3: Altitude Loss After Take-off
Mode 4: Unsafe Terrain Clearance
Mode 5: Excessive Deviation Below Glideslope
Enhanced Features:
Terrain Awareness and Display (TAD) provides an image of the
surrounding terrain as well as warnings and cautions regarding terrain
interactions within the next 60 seconds of flight.

• DLR‘s A320 ATRA (Advanced Technology
Research Aircraft) is equipped with an
Enhanced Ground Proximity Warning System
(EGPWS) by Honeywell.
• The requirements on which we based our
replication of the original system were derived
from ATRA‘s FCOM
• Some other requirements are determined by
the interface to the AVES infrastructure
Where to start?

Integration of the ARGO TAWS into AVES
ARGO
Target platform: AURIX TC297B

Controller Modeling
DLR.de • Chart 12
Mode 1
Mode 2
Mode 3
Mode 4
Mode 5
TAD
Data Output
Management

• A TAWS is not a control system, it acts as a supervisor: no control loops, but
many logical operations on the signals
• In the Xcos model, there are…
• commonly used blocks:
• basic math operators:
• not so basic maths:
• and others:
Controller Modeling
Selection of used Scilab/Xcos elements

Controller Modeling
Basic Modes
DLR.de • Chart 14
Example Mode 1:
the limit altitudes (the reference
being the radio altitude) are
described as functions of other
parameters like airspeed or rate of
descent

Controller Modeling
Basic Modes

Controller Modeling
Enhanced Features
DLR.de • Chart 16
The terrain-based features are
implemented using Scilab scripts
• The digital elevation database has a
resolution of 3 arc seconds (∼90 m)
• Two-phase collision detection
• Broad phase:
• Uniform grids for spatial partitioning
• Narrow Phase:
• comparison of predicted flight path
with terrain elevation
• generate color coded terrain image
for Navigation Display

Plant Modeling
DLR.de • Chart 17
Simplified A320 Flight Dynamics Model
Mass Properties
Forces and MomentsControls
Pilot
Input
Equations of Motion
Output
Aerodynamic velocities

What we expect to get with future Scilab version:
• Scalability
• Number of blocks
• Number of levels
• Number of subsystems
• Automotive industry standard for a complex model is 15000 blocks, 700
subsystems and 16 levels
• EGPWS is …
• We need to push the boundaries of Scilab/Xcos scalibility
• (Re-)Usability
• Managing data flow (mux and busses)
• Model referencing, libraries and legacy code integration
• Automatic layout of models
Scilab/Xcos experience

ARGO Model-Based Design Workflow
DLR.de • Chart 19
Application Test
Cases
Xcos / Scilab
Application Models
Cross-layer
Programming Interface
Feedback&Control
Scheduling and High-Level
Decisions
Code Transformations for
Predictability
Enhancement
Data Management,
Synchronization and Code
Generation
Code-Level WCET
System-Level WCET
CPU
CPU CPU
CPU
Multicore
ArchitecturesIterative
Optimization
Front-End Tools
ADL Description
int m, n, p, q, c, d, k, sum = 0;
int first[10][10], second[10][10],
multiply[10][10];
for (c = 0; c < m; c++) {
for (d = 0; d < q; d++) {
for (k = 0; k < p; k++) {
sum = sum + first[c][k]*second[k][d];
}
multiply[c][d] = sum;
sum = 0;
}
}
Xcos
model
Scilab
script
Sequential
Code
Parallel
Code

• ePS is the commercialization platform for the outcomes of the ARGO project
Parallelization with emmtrix Parallel Studio

The conventional model-based design and simulation based verification:
X-in-the-Loop Testing

Simulation-Based Verification in ARGO
DLR.de • Chart 22
Open Loop Unit TestingClosed Loop Scenario Testing
Xcos
Model
Scilab
Script
Sequential
Code
Parallel
Code
scSILol, scSILcl, scSILm sSILol, sSILcl, sSILm PILol, PILcl, PILm, HIL
pCGsCGscCG
UT, MILcl, MILm

Kaner defines scenario testing as the testing of a credible story that would
happen in the real world
Closed-Loop Scenario Testing

Open-Loop Unit Testing

Flight tests with DLR‘s A320 pilots and the AURIX board integrated into AVES
infrastructure are scheduled for December
Outlook: Man-in-the-Loop Testing

Thank you for your attention!
Any questions?

DLR @ Scilab Conference 2018

More Related Content

What's hot

Similar to DLR @ Scilab Conference 2018

More from Scilab

Recently uploaded

DLR @ Scilab Conference 2018

Editor's Notes