Increasingly complex system designs need simulation, code generation tools - Interview with Dr. Jon Friedman, MathWorks

Story

April 11, 2011

I think automatic code generation, test vector generation, or property proving aren't about taking the human out of that process. They're about adding tools to the engineer's quiver.?So said our interviewee, Jon Friedman from MathWorks. In this exclusive interview, Friedman gives a?firsthand education in Model-Based Design and why it's becoming essential in air- and spacecraft systems. Edited excerpts follow.

I think automatic code generation, test vector generation, or property proving aren't about taking the human out of that process. They're about adding tools to the engineer's quiver. So said our interviewee, Jon Friedman from MathWorks. In this exclusive interview, Friedman gives a firsthand education in Model-Based Design and why it's becoming essential in air- and spacecraft systems. Edited excerpts follow.

 

What is Model-Based Design, and why is it important?

FRIEDMAN: Model-Based Design is the way the industry has been moving for a while, because sometimes (such as in the case of spacecraft), you can’t really stick a prototype up in space and start tweaking it. And with aircraft, nobody wants to fly in an aircraft that you’re changing the wings on as it flies. What’s taken hold probably in the last decade or so is the notion that modeling is an important part of all the system aspects including the physical, mechanical, electrical, or hydraulics components as well as the embedded software components.

At the center of Model-Based Design is an executable model that simulates the overall system-level design. So engineers start with an executable specification, linked back to the base-level requirements. And a lot of times those requirements are captured in the natural language environment such as Word, Excel, DOORS, or some requirements tool.

Why use Model-Based Design and what are the perhaps less-obvious benefits?

FRIEDMAN: There are two main things: One is that testing can start at the model level. Another is [handling] functional requirements, both in terms of how the system should perform and things the system should not do. Returning to our spacecraft example, the solar panels should not deploy until the vehicle is on orbit. That type of logic can start to be tested in a simulation environment, and worst-case, Monte Carlo, robustness, and many other types of simulations can be used. So [basically it’s] designing with simulation.

Where does automatic code generation fit in – or does it?

FRIEDMAN: Yes, it fits in. Since everything is in the model including the algorithm, the next step is to use automatic code generation technology. Automatic code generation technology has been around for probably about 10 or 15 years. And the idea there is that code can be generated from the physical models to do HIL [Hardware in the Loop] testing, or the algorithm code can be generated and used to do real-time testing. Then the same models can also be used for production code generation of the flight control or on a commercial aircraft for the avionics system. Because the models have links to the original requirements, the code that gets generated also contains those links. This capability is particularly important when engineers have to conform to DO-178B, where every line of code has to be traced back to a requirement. All that traceability is established automatically.

What about legacy code – does it work well in Model-Based Design environments?

FRIEDMAN: Yes. Many applications are built from both existing legacy code and automatically generated code. What engineers tend to do a lot is reuse existing designs and add or update parts of the design. For this work, they pull the legacy code into the modeling environment and create models of the new parts. They can then complete their design work in the modeling environment and code generated from the models. Next they can integrate the legacy code and generated code together and pull the application back into the modeling environment to make sure the integrated code still provides the same functionality that they designed and verified by performing model-in-the-loop testing. From the model-level testing, they will often move to hardware-in-the-loop testing in a real-time simulator to perform further verification.

What about testing with Model-Based Design?

FRIEDMAN: The testing and verification activity with Model-Based Design is paramount. Traditionally using a V or waterfall method, testing gets done at the end. Within Model-Based Design, when the executable specifications are created, requirements tests can be developed inside the modeling environment to ensure that requirements have been met. So engineers are testing continuously throughout the design process in the modeling environment. Then they can use those same tests at the code level by either linking to an IDE to enable PIL (Processor-in-the-Loop) testing – or engineers can pull code into the modeling environment and do software-in-the-loop testing.

Which MathWorks offerings provide Model-Based Design?

FRIEDMAN: Our platform product for Model-Based Design is called Simulink. It’s a graphical environment, which uses block diagrams to allow engineers to build up models. The models can be dynamic models built from predefined blocks in Simulink. In addition to a time-based engine, Simulink has an acausal solver that allows engineers to create mechanical, electrical, or hydraulic linkages without having to first solve the closed form differential equations. This means the solver figures out where the equilibrium point is and then starts time moving forward. Simulink has a finite state engine in it so engineers can model logic. For example, a logic state might include how a spacecraft needs to behave differently when in ascent mode or in station-keeping mode. The algorithm focuses on mode change, not how long the spacecraft is in a particular mode.

There’s also a discrete event engine inside of Simulink that allows queuing models such as communication protocols or air traffic control strategies to be constructed. The platform has these different engines all communicating with each other so the engine can sort of move time forward and backward in the simulation environment to let the logic engine, discrete event simulation engine, or acausal engine work in parallel.

Briefly remind our readers what MATLAB is, please.

FRIEDMAN: MATLAB is our technical computing environment. The best way to describe MATLAB is that it is a combination of a programming language and a powerful data analysis and visualization environment. Engineers will both build programs in MATLAB and deploy them. There’s a MATLAB complier for deploying outside of MATLAB, and there’s a lot of analysis that gets done inside MATLAB. And so engineers can use MATLAB to essentially pull data in, fit a model to it, test and analyze the model, and then sometimes deploy that model into Simulink as part of the modeling process.

Also, for verification tests, engineers can take all the data into MATLAB, write a script in MATLAB to analyze the data, and identify any anomalies or passing of the test. Engineers also write signal-processing algorithms sometimes inside of MATLAB because of its array processing capabilities.

Let’s switch gears and zero in on your recent announcement, the real purpose for today’s discussion.

FRIEDMAN: Sure. The announcement is about what the Swedish Space Corporation was able to achieve with the Prisma project, a civil mission. The important thing I would say about the Prisma project is that it’s actually the second project. Their first project, another civil mission, was the SMART-1 satellite of the European Space Agency, which they had also developed using Model-Based Design. When they went about developing SMART-1, they saved a tremendous amount of time and they were very happy with the results. And so they reused a lot of the models from SMART-1 in the Prisma project because both systems are general-purpose geostationary platforms.

How did the company use Model-Based Design for the satellites, technically speaking?

FRIEDMAN: The Swedish Space Corporation reused about 70 percent of the attitude control models that they developed for the SMART system. The other thing that they did [was to] generate code not just for production flight control, but [for] for real-time simulation. And on this particular project, the engineers generated code from the plant models, not just from the controller model, and deployed that to the MathWorks real-time environment called xPC Target. They were then able to run real-time simulations of the spacecraft control and to verify that it met the overall requirements and real-time constraints.

Where did the compiler fit in with the satellite project?

FRIEDMAN: In this case, the engineers built a MATLAB application to display and analyze some of their satellite flight data, and they used the MATLAB compiler to deploy that application. So that data coming in off the satellite was sent through a compiled MATLAB application, and displayed the analysis results to the engineers. This particular project also had a degree of difficulty because it was autonomous formation flying, where there were multiple satellites that needed to fly in a particular formation. The controller allowed them to verify that capability.

How would you contrast this methodology and this customer specifically with how, say, JPL would have done it with one of the Rovers?

FRIEDMAN: JPL engineers did use [automatic code generation] for the Mars Rovers Model-Based Design. And also for one of their earlier satellites, they used automatic code generation. I would describe JPL and those engineers as the leading edge.

This all sounds great, but are there any drawbacks, perceived or otherwise, in automating so much of the design process?

FRIEDMAN: Somebody once asked me, “These tools seem to automate a lot of things. Are you trying to automate out the engineer?” Not at all. That’s the furthest thing from our minds at MathWorks. It’s about trying to automate the things that can be automated so engineers can be freed up to be creative and solve problems and not have to redo everything over and over again. Traditionally, an engineer would build a simulation model of an algorithm, then hand it off to another engineer who would write the code for that algorithm. In this scenario, there’s potential for misunder-standing what was specified and there’s potential that the code is wrong. I think automatic code generation, test vector generation, and property proving aren’t about taking the human out of that process: They’re about adding tools to the engineer’s quiver.

Dr. Jon Friedman is the aerospace & defense and automotive industry marketing manager at MathWorks. Prior to joining MathWorks, he worked at Ford Motor Company and as an independent consultant on projects for Delphi, General Motors, Chrysler, and the U.S. Army Tank-automotive and Armaments Command (TACOM). He holds a B.S.E., M.S.E., and Ph.D. in Aerospace Engineering and a Masters in Business Administration, all from the University of Michigan. Contact him at [email protected].

MathWorks 508-647-7000 www.mathworks.com