Space 4.0 and the Belgian start-up ecosystem by Omar Mohout
Model-Driven Engineering for Embedded Control Systems
1. CONFIDENTIAL
Model Based Design for Embedded Control Systems
Koenraad Rombaut
Coordinator applied physics & systems
Koenraad.rombaut@verhaert.com
Michiel De Paepe
Consultant applied physics & systems
Michiel.depaepe@verhaert.com
26.10.2012
Slide 1
2. CONFIDENTIAL
Content
Model Based Design in general:
• What ?
• Why ?
• How ?
A model based design case study:
• Case study
• Models
• Conclusions & demonstration
26.10.2012
Slide 2
3. CONFIDENTIAL
What ? Model driven engineering ?
Model based development ?
Plant / Process
Build model
Model space
Product design
Concepts
Design
Verification
Code space
Product code
Implement
Testing
Model = system + control + environment + stimuli
Multi-domain = control + system behaviour
Coupling / transformations models design
requirements design implementation test scenario
26.10.2012
Slide 3
4. CONFIDENTIAL
Why ?
Why ?
• Cheaper & faster
• Higher reliability
• Better definition
When ?
• Complex processes / designs
Complex control strategies
• High reliability
• Early validation
• Fast developments
• Changing requirements
Outputs:
• design inputs
• insights
• derisk
26.10.2012
Slide 4
5. CONFIDENTIAL
Why : definition
Needs (what do we want) vs. Communication
specifications (how do we define) between disciplines,
Specifying new (innovating) products with customer & subcontractors,
and subsystems over project phases
Changing requirements Re-use of subsystems
Safety factor for (sw) budget &
schedule
Needs Requirements Specs Design Implementation Documentation
26.10.2012
Slide 5
6. CONFIDENTIAL
Why simulation : early validation
Traditional:
Benefits • sequential = lengthy
• validation on hw = late
• More and faster iterations
• Parallel hw & sw development Device
Requirements
Device
Validation
• Multiple off-nominal and fault
testing (non feasible tests)
• Early full system validation System System
and risk mitigation without hw Design Verfication
• Less real-life testing
(= the poor man’s approach)
Subsystem Functional
• More optimal system design requirements Test
by sw-physics co-simulation
• Improved communication &
design specification Detailled Component
Design Test
=> time & cost reduction
Model based:
• Parallel = fast
• validation on model = early
26.10.2012
Slide 6
7. CONFIDENTIAL
Why early: cost vs. freedom
Virtual Lab Field
model model model
• Design & test
• Cost (project,
freedom
build,
• Unlimited measurement,
measurements change)
in simulation
Risk / Effort
• Real world
• Lots of risks representation
• Number of
people
involved
Time
26.10.2012
Slide 7
8. CONFIDENTIAL
How ?
Re-use proven tools from high reliability
domains?
• Space, aeronautics, nuclear, automotive,
chemical plants
• Domain specific tools
• Tool cost not an issue
• Long learning curve, less flexibility
Need for a new toolchain
• affordable
• flexible, scalable
for generic developments
• easy learning (graphical ?)
• open (no vendor lock-in)
• automatic transformations
26.10.2012
Slide 8
9. CONFIDENTIAL
How: examples Some research projects
• Modelisar: Modelica +
Autosar
• Destecs: co-sim CT + DE
• Deploy: B for dependable
sw
Multi domain tools:
• Matlab/Simulink +
SimMech+StateFlow
+ RTW + AutoSar
• Dymola / Modelica
• LabView
• SysML / Raphsody
26.10.2012
Slide 9
10. CONFIDENTIAL
How : Modelisar / Autosar ? Customer needs
Adaptive Cruise Control
Lane Departure
Warning
Application sw Advanced Front
Lighting System
standardized
Autosar = Using standards
Communication Stack
Automotive OSEK
hw interface HW-specific Diagnostics
CAN, FlexRay
Hardware
Modelica =
Plant modelling
26.10.2012
Slide 10
11. CONFIDENTIAL
Case study : excavator with Destecs
Complex
• manual operations
• => inherent fault tolerant design
• 3D dynamic motion, digging map & boundaries
• unknown soil conditions
• multidomain: hydraulics, mechanics, sw
Well known case
• Manual operator as a reference
• Scalable & testable
Destecs differentiators:
• discrete event (sw) & continuous time (physics)
• fault injection & error checking
• open
26.10.2012
Slide 11
12. CONFIDENTIAL
Content
Model Based Design in general:
• What ?
• Why ?
• How ?
A model based design case study:
• Case study introduction
• Models
• Scale model
• Continuous time model
• Discrete event model
• Conclusions & demonstration
26.10.2012
Slide 12
13. CONFIDENTIAL
DESTECS inspiration
• Inspiration
• Use collaborative multidisciplinary design of Embedded Systems
• Rapid construction and evaluation of system models
• Evaluated on industrial applications
• Need because of Embedded Systems
• More demanding functional & non-functional requirements
• Reliability, Fault Tolerance
• Increasingly distributed
• More design possibilities, and faults
• Communication between physics and control
26.10.2012
Slide 13
14. CONFIDENTIAL
DESTECS approach
• Methods and Open tools
• Model-based approach for collaborative design of ECS
• Co-simulation
• Different tools, reflecting relevant aspects of design
• Rapid, consistent analysis & comparison of models
• Advances needed in
• Continuous time modeling
• Discrete event modeling
• Fault modeling and fault tolerance
• Open tool frameworks
26.10.2012
Slide 14
15. CONFIDENTIAL
Dredging
• Dredging
= Underwater excavation
• No visual
• Introducing semi automated control
26.10.2012
Slide 15
17. CONFIDENTIAL
Actuators
Full scale Hydraulic pistons
vs.
Scale model Electric linear actuators
12V full speed out
0V no movement
-12V full speed retract
26.10.2012
Slide 17
18. CONFIDENTIAL
Sensors
Incremental encoders
2 shifted square waves
Step and direction information
Driving step counter (up and down)
1 index pulse / revolution
Absolute positioning
26.10.2012
Slide 18
19. CONFIDENTIAL
Continuous Time model
26.10.2012
Slide 19
20. CONFIDENTIAL
3D Model
• STL-files for visualisation
• Mass & Inertia
• Dimmensions
26.10.2012
Slide 20
21. CONFIDENTIAL
Discrete Event model
26.10.2012
Slide 21
22. CONFIDENTIAL
Excavator model
26.10.2012
Slide 22
24. CONFIDENTIAL
Safety unit
• Redundant system
• In normal circumstances, no action
• Overrules controller at controller failure
Software bug,
unforeseen situation,
hardware failure
• If triggered, 3 actions:
Trigger emergency state on controller
Overrule output and thereby stop all motion
Cut off power to the motors (unimplemented, slows down CT)
26.10.2012
Slide 24
28. CONFIDENTIAL
Conclusions
• Ability to implement large level of complexity at both sides:
Physics and Controller
• Currently it’s an academic tool, not mature.
• Steep learning curve, only for large and complex projects
26.10.2012
Slide 28
29. CONFIDENTIAL
Excavator : current practice
System design
• requirements doc
• architecture doc
• design specs doc
Detailed design
actuator
Mechanics Hydraulics Electronics control sw
• 3D CAD • 1D model • schematic • C-code
sensor Build &
Integration
Final product
• Test & verification
26.10.2012
Slide 29
30. CONFIDENTIAL
Excavator : with DESTECS
Co-Sim IF
• version tracking
• co-sim solver
• design space exploration
• fault injection
20sim VDM++
• continuous time • discrete event
• multi-disciplinary • inherent condition checking
• graphical • formal
• open libraries with • graphical (via UML)
validated components • support for sw methods
• from high level to detailed • C-code generation
26.10.2012
Slide 30
31. CONFIDENTIAL
Time for a demonstration
26.10.2012
Slide 31
33. CONFIDENTIAL
VERHAERT MASTERS IN INNOVATION®
Headquarters
Hogenakkerhoekstraat 21
9150 Kruibeke (B)
tel +32 (0)3 250 19 00
fax +32 (0)3 254 10 08
ezine@verhaert.com
More at www.verhaert.com
VERHAERT MASTERS IN INNOVATION®
Netherlands
European Space Innovation Centre
Kapteynstraat 1
VERHAERT MASTERS IN INNOVATION® helps companies and governments to innovate. 2201 BB Noordwijk (NL)
We design products and systems for organizations looking for new ways to provide value Tel: +31 (0)633 666 828
for their customers. willard.vanderheijden@verhaert.com
We are a leading integrated product innovation center; creating technology platforms, More at www.verhaert.com
developing new products and business in parallel, hence facilitating new-growth strategies
for our clients.
26.10.2012
Slide 33