The design supported by standard libraries will enable the system manufacturer to deliver functions according to the specifications and will ensure both horizontal consistency across modeling environments and vertical consistency across multiple layers of abstraction.

The design of control systems will benefit from a number of analysis tools supported by Matlab/Simulink and steady state control verification will be supported by off-the-shelf solutions in SimulationX environment.

The interactions of the algorithms for system management, health monitoring and fault detections with the system controls will be analyzed up to the level of the impact of the embedded HS/SW platform, with the goal of improving the overall robustness of the system during the design phase.

Additionally, the efficiency of the design-to-implementation flow will be increased by:

Automatic Code Generation (ACG): to guarantee the maximal exploitation of the potential benefits of the models, MISSION will enable ACG from the developed models through the deployment of the commercially available tools.

Automatic Test Generation (ATG): ATG techniques consist on the elaboration of models for the automatic synthesis of test vectors. In MISSION, last advances on ATG techniques will be used providing a framework for the automatic generation of test cases for the verification of design models and generated source code.

Certification & qualification of code. Regulatory organizations in avionics recently recognized model-based approaches as first class citizens for the development of avionics SW. The DO-178C and DO-331 annex provide direct guidance on the role and the usage of models and model-based technologies for certification of Airborne Software. MISSION model-based process & methods will be developed and designed to leverage the opportunities given by the recent standards such as ARP 4754A, DO-178C/DO-331 with the objective of reducing certification costs & time.

Virtual Testing

For virtual testing, the controller (ECU or just the control algorithm) is connected to a real-time or non-real-time simulation system simulating the plant (relevant parts of the vehicle) or even the whole vehicle. With the use of models for the verification of the system under test and maybe even models for the controller, the verification tasks can also profit from the already developed models or the generated code from the early development phases.

Another benefit of simulation based verification methods is the possibility of test automation. Automated tests increase test coverage and shorten testing times by running complete test suites and overnight tests. HIL systems for example testing 24 hours, 7 days per week independent from work periods or personal resources. Another measure taken by the OEMs is to transfer testing responsibility to the suppliers. Nowadays suppliers are more and more forced to perform early HIL tests far ahead of system integration. With the simulation based methods the share of components, models, scripts, test cases etc. is more efficient to manage and plan. This not only includes function tests during function design but also complete integration and acceptance tests. The need for suppliers and OEMs to exchange tests, test results, models, etc., is important in this context.

In addition to these measures it is important to optimize and streamline test processes in combination with appropriate non-real time test tools, HIL technology, and software tools required to manage and operate these, to manage all test artefacts and to enable simple traceability of test results to requirements by including test management and data management to get a centralized monitoring and planning of the overall process.

MISSION will put efforts on promoting the testing and conformance checks of the developed prototype towards certification. To achieve that purpose, it is important to define requirements using system agnostic specification languages that will enable a good predictability and reliability of the developed models throughout the system's design. Such a fact will provide the foundation of the virtual testing capabilities to be implemented within the MISSION platform providing evidence about whether requirements are respected at the end of each coding phase till the prototyping.

Part of the strategy of MISSION is to enable virtual testing relying on model qualification for certification. MISSION will engage with regulatory organizations such as EASA to investigate routes towards the certifiability of systems that have been partially virtually tested and show validation of critical regulatory properties of the developed models, in order to build a case for systems partial certification and discussions with regulatory organizations.

To this end, a hierarchical Modelica modeling library for virtual validation will be available following a similar approach as in previous Clean Sky activities. However, further developments will be required. To ensure that models can be used as substitutes of the physical world for testing purposes it is necessary to quantify the uncertainties and the validity domain of the models with respect to their physical, hardware or software counterpart. Moreover, interactions with regulatory organizations such as EASA will be conducted to identify and define, where appropriate, the regulatory requirements to enable model qualification for certification.

The following developments will be required:

Physical components: For virtual testing, the models of the physical components will be required to include the definition of its validity domain, e.g. in terms of ranges of variables and parameters, and the quantification of the model uncertainties with respect to the physical world, e.g. in terms of variability distribution of the model parameters. Validity domain and uncertainties will be required to be validated against physical data.

Software middleware: For virtual testing purposes, the models of software middleware will be required to include the quantification of the uncertainties with respect to the counterpart software middleware. The required uncertainties will be identified by the project and may include variability distribution of scheduling latencies and jitter, average and worst execution time, memory limitations, etc. A strategy for the validation of the software middleware models and their uncertainty quantification with respect to their actual implementation will be developed and specifications will be provided.

Communication network: As for the software middleware, the models of the communication network will be required to include the quantification with respect to the counterpart physical communication network. The required uncertainties will be identified by the project and may include variability distribution of message latencies, message loss probabilities, etc. A strategy for the validation of the communication network models and their uncertainty quantification with respect to their physical counterpart will be developed and specifications will be provided.

Interactions between software, communication and physical components: The interactions between the software middleware, communication network and physical components represent another important factor that has significant impact in the system correct operations. For virtual testing purposes, it is therefore necessary to model such interactions and quantify uncertainties with respect to their physical counterpart.

Other areas that will require developments are the following:

MISSION will enable the use of FMI in the virtual testing platform. However, despite the benefits of a standard like FMI there may be also a need to run models on different operating systems running at the same time on an integration and test platform. To address this, MISSION make use of such a multi OS capability when if required.

Another requirement is to emulate very early in the development phase control units including parts of the basic software component of a control unit. The aim of MISSION is to develop this capability for the virtual testing platform. As part of this effort, MISSION will define requirements for such models in order to prepare their use as models on real-time test platforms. Another aim is to enable the reuse of tools required for testing (e.g. test automation tools) seamlessly from running tests with emulated control units up to integration tests on HIL systems.

Another key task of MISSION is the optimization of testing processes in the overall verification process of OEMs and Suppliers in the aerospace domain by providing a framework which is suitable and qualified for these workflows and processes. By identifying the actual processes which are currently used in this domain like cooperation of suppliers and OEMs, the use of tool chains, models, interfaces and of course testing systems including the demanded work packages and stakeholders the MISSION framework will be optimized for this tasks, e.g. providing open interfaces and automatic test system configurations to increasing the share of automation and with that make the processes more efficient.

This article was adapted from SAE Technical Paper 2016-01-2052. To obtain the full technical paper and access more than 200,000 resources for the aerospace, automotive, and commercial vehicle industries, visit the SAE MOBILUS site at: here .