model based design for fuel system development 4th october 2017 matlab expo - model‐based design...
TRANSCRIPT
4th October 2017 MATLAB EXPO - Model‐Based Design for Fuel System Development2
17,287Aircraft sold
60Produced monthly
25,000+Daily flights
10,561Delivered
54,000Employees
€49.2billionAnnual revenue*
6,726Backlog
400Operators
System Development Perimeter and Interfaces
4th October 2017 MATLAB EXPO - Model‐Based Design for Fuel System Development3
Fuel Pumps
Flamearrestor
Fuel Gauging& Control Computers
GaugingFuel Probes Level Sensors Temp
Sensors
Burst Discs
Pipes, Couplings
OPENL OUTR FEED 1 FEED 2 FEED 3 FEED 4 R OUTR
SHUT
REFUEL / DEFUEL VALVES
OPEN
SHUTL MID L INR TRIM CTR R INR R MID XFR
DEFUEL
MAN
REFUEL
OFFAUTO
REFUEL
MODE SELECT PRESELECT
INCREASE
DECREASE
27120 19860 13740 0 19860 27120
4000 20800 21840 21840 20800 4000 201000 kg
211000 kgAUTO REFUEL
L OUTR FEED 1 FEED 2 FEED 3 FEED 4 R OUTR
L MID L INR TRIM CTR R INR R MID
ACTUAL (FOB)
PRESELECT (PFQ) STATUS
HI LVL
HI LVL
FAULT OVERFLOW
POWER SUPPLY
BATTERY
NORMAL
SHUTOFF
TEST
APU EMERGENCY
SHUT
DOWN
Refuel Panel
Flammability Reduction
Cockpit displays
Air to Air
Refuelling
Valves
CompensatorsDensitometers
Engines
Electrical Interfaces
Functional
Requirement
Validation
Iron Bird
A300A320
A330/A340
A340-600
A380
A400M
A350
Model Use History
4th October 2017 MATLAB EXPO - Model‐Based Design for Fuel System Development4
Textual
Requirements
Model Based
V&V
Model Based Design
V&V Auto Test
& SLDV
Use
of m
od
els
(Am
ou
nt / F
ide
lity)
Textual
RequirementsTextual
Requirements
Model Based Design
Desktop simulator
Model Based Design
Model Based System Engineering
Fuel Virtual
Integration
Platform
Specific,
Targeted V&V CofG Calcs Time
MATLAB, Matrix-X,
Easy5,
Statemate
Fortran,
HP Basic
MATLAB,
Simulink,
Statemate
MATLAB,
Simulink, RTW,
Stateflow
SysML, MATLAB, Simulink,
Stateflow, SLDV,
Simscape, …
MATLAB,
Simulink,
Stateflow, SLDV
Towards Full MBSE
4th October 2017 MATLAB EXPO - Model‐Based Design for Fuel System Development5
System Requirement Authoring, Validation and Verification
Model Based Design Lifecycle
4th October 2017 MATLAB EXPO - Model‐Based Design for Fuel System Development
Systems
Equipments
MG5 MG7 MG9 MG11
A/C
Integration
Testing
Simulation
Multi-systems
Detailed
Design
Matlab Simulink for Fuel
Management SSRD
Req and detailed design
Desktop simulator for
Validation of requirement
and Verification of detailed
design
Desktop Simulator
Fuel Virtual Integration
Platform to support
system tests
FVIP
Suppliers s/w dev
Model translation for software
development
Architecture
Design
Fluid and
Thermal
modelling
Inerting Certification
using Modelling
Mission Distribution
0
2
4
6
8
10
12
14
16
0
1000
2000
3000
4000
5000
6000
7000
8000
9000
1000
0
Range 1000's NM
Nu
mb
er o
f M
issio
n in
200 n
m b
lock
AMO & FSP
for Test Rig
and A/CO
Aircraft 0
Tank Modelling:
- Output for Gauging & Fuel
Management
- Output for Wing design (stress, load,
etc.)
MG3
6
Model Based Design - In Practice
Develop models to specify system functionality
–Describes behavioural & functional aspects
Details become the System (and Sub-System)
Requirements
–Exercise the model to Validate
Requirements
Delivered to Fuel System Supplier
–Model contains Requirements and intent
–Model execution provides system
understanding
–Minimal Work to turn into Code
–Separate layer for independent validation
4th October 2017 MATLAB EXPO - Model‐Based Design for Fuel System Development
Page
7
Radar network
HF / VHFSATCOM RadarAir Traffic Control
SITA/ARINC network
3D positions
voice
&data
voice
&data
Environment TOP LEVEL REQ
FUNCTIONAL/
SYSTEM REQ
LOW LEVEL
EQUIP REQ
LOW LEVEL
EQUIP DEV
MBSE – Functional System Requirements
• MATLAB/Simulink/Stateflow Application
• Development of Control System Reqts
–Normal and Failure Operating Modes
–Crew Procedures
• Control Logic separated from Aircraft Environ
–System Designers focus on
– Control Functions
– HMI
– Robustness & Validation
–Specialist Modellers focus on:
– Aircraft & Environmental Simulation
– Physics (Fuel, Thermal)
– Auto-Test Capabilities
4th October 2017 MATLAB EXPO - Model‐Based Design for Fuel System Development8
MBSE – Stateflow for Requirements Authoring
• Aircraft Fuel System Statecharts:
• Linked Requirements
– System Requirements Documents Cascade
– Requirements Database (DOORS)
• Separate Chart for each Major A/C Function
– Allows for collaborative development
• Transition booleans calculated externally
– Input from Simulink
– Stateflow graphical function
• Driven behaviour of Stateflow logic separated from
driving conditions
– Allows easier readability and testing
4th October 2017 MATLAB EXPO - Model‐Based Design for Fuel System Development9
Model Based Design - Reuse
• Integrated Desktop Simulator
– Requirements & Environment Model
– AutoCode using Simulink Coder
– Optional Interfaces to Cockpit Display & Flight Warning
• OCASIME, VIP & Aircraft -1
– Entire Software Simulation
– Interfaces Identical to Full Flight Simulator
• Aircraft-0 (Iron Bird)
– Cockpit Avionics & Displays
– Integrated of Real & Simulated Systems
– Virtual Hosting of Supplier’s Code
• Full Flight Simulator
– Single model for all platforms
– Training Flight and Ground Crews
4th October 2017 MATLAB EXPO - Model‐Based Design for Fuel System Development10 4th October 2017 MATLAB EXPO - Model‐Based Design for Fuel System Development
• Model V&V has to go through several loops
– When the model is the requirements, the distinction
between “Model Verification” and “Requirements
Validation” is somewhat blurred
If a test fails, what is at fault?
– the requirement?
– the model?
– the test?
Model Development Test/Verification/Validation Cycle
4th October 2017 MATLAB EXPO - Model‐Based Design for Fuel System Development11
Requirements MODEL
TestObjectives
TestScripts
ModelValidation
ModelVerification
Test Script
Validation
Requirement
Validation
Model
Specification
Results &
Problems
Test Objective
Validation
Environment
Using Simscape to Model A350 Refuel System
4th October 2017 MATLAB EXPO - Model‐Based Design for Fuel System Development12
Component export, parameter estimation
And model simplification for Real Time performance
Use of Simscape
• Fuel Design Model Developed in Flowmaster
– Architecture and Component Performance
– Spec Model Only - not real-time
– Cannot produce C-Code or embedded simulations
• Exploiting new SimHydraulics Toolbox
• Mathworks Consultancy
– Airbus provision of core models and perf data
– Majority of development by Mathworks
4th October 2017 MATLAB EXPO - Model‐Based Design for Fuel System Development13
Flowmaster Diagram
Component Development
• Mapping of Flowmaster components to
Simscape/ SimHydraulics equivalents
– Most 1:1 equivalents
– Some required customisation from base library
• Curve Fitting Toolbox
– Fit source data to SimHydraulics block equations
– Saved as Matlab Script for re-use
4th October 2017 MATLAB EXPO - Model‐Based Design for Fuel System Development14
Library Construction and Parameterisation
4th October 2017 MATLAB EXPO - Model‐Based Design for Fuel System Development15
Component LibrarySystem Library
System Palette
• Component Library to customise standard
Hydraulic Library Components
• System Library contains “System Level”
Components
• Each System Palette contains Multiple
Components
– E.g. There are several different type of pumps
• System Palette constructed using MATLAB
scripts
– Self Documenting
– Re-run if design model updated
Model Simplification
• Design Model has ~900 individual Components
– A reduction of the number of blocks by a factor of 10 can potentially yield a simulation speed improvement by a factor of 1,000.
• Reduction Strategies
– Reduce multiple serially Connected Pipes/Bends/Losses to a single Equivalent pipe/loss combination
• Design Optimisation toolbox
– Established Equivalent Parameters
• Reduction in the number of components
– Pipe components reduced from 290 to 60
– Total Components reduced from 900 to 170
– So would expect ~120 x speed-up
4th October 2017 MATLAB EXPO - Model‐Based Design for Fuel System Development16
Model Reduction
• During Refuel or Defuel, certain valves are not in use
– Fluid network behind those closed valves do not contribute to pressure/flow calculations
– Therefore can be removed
• This can be repeated for each combination of tank that needs to be studied.
– The reduced model can be constructed automatically with MATLAB scripts that analysis network topology.
4th October 2017 MATLAB EXPO - Model‐Based Design for Fuel System Development17
Complete ModelReduced Model
Refuel from
Left Wing
Only
Simscape Summary of Results
• Two system-level models of the Defuel system created in
SimHydraulics
– One complete: all components required to model the system
behaviour included
– One simplified: all “isolated” components located behind closed
valves removed
• Performance of the simplified model sufficient for real-time
– Tested with Simulink Real Time on industrial PC
• Performance of the complete model not sufficient for real-time
implementation, despite simplifications made.
– Depends on the solver chosen to a large extent
– Improves substantially from with later Simscape versions
– Near real-time performance in exploiting Simscape local solver
• New blocks and demos added to SimHydraulics as a direct result of this
work
4th October 2017 MATLAB EXPO - Model‐Based Design for Fuel System Development18
Code Efficiencies and Performance Enhancement
4th October 2017 MATLAB EXPO - Model‐Based Design for Fuel System Development19
Fuel Temperature Prediction Software
Fuel Temperature Prediction for AirlinesAn Exercise in Code Efficiencies
• Low outside temperatures with long exposure times
• Fuel temperature may drop close to or below freezing point
– Software written in MATLAB
– Predict fuel temperatures given Flight Profiles & Global Air
Temperatures.4th October 2017 MATLAB EXPO - Model‐Based Design for Fuel System Development20
Inter-tank
Fuel Transfer
Solar radiation
Heating from earth
T∞
Emissivity from skin
Emissivity from skin
Earth
Sky Night/Day
Radiation network
external heatsource / sink
T∞
Convection
Conduction
Buoyancy
Comparison of Predicted and Measured Fuel Temperature
-40
-30
-20
-10
0
10
20
30
0 1000 2000 3000 4000 5000 6000 7000 8000
Distance (nm)
Tem
per
atu
re (
°C)
OUTER Meas
OUTER Pred
INNER 1/4 Meas
INNER 1/4 Pred
INNER 2/3 Meas
INNER 2/3 Pred
TRIM Meas
TRIM Pred
Fuel Temperature Prediction for AirlinesAn Exercise in Code Efficiencies
4th October 2017 MATLAB EXPO - Model‐Based Design for Fuel System Development21
Intended Usage
Flight Plan
Fuel Temperature
Prediction
Cold Fuel?
Y
Run-Time ~ 40 seconds (reasonable)
NFly
Route
Actual Usage
Flight PlanFlight PlanFlight PlanFlight PlanFlight PlanFlight PlanFlight PlanFlight Plann
Calculate
“Best”
Route
Up to 50 potential Routes Run-Time ~ 50 * 40 seconds = Half Hour…BAD!
Other Safety & Economic Factors
Fuel Temperature
Prediction
Fly Route
Using MATLAB Profiler to Identify Code Efficiency Bottlenecks
• Exploit MATLAB Profiler
• Built into MATLAB
profile on ; run program ; profile viewer
• Creates timing profiles of every function called
• Look at the “Self Time” for time spent within function
• Profile Report highlights most expensive L.O.C.
• Iterative process to increase code efficiencies.
4th October 2017 MATLAB EXPO - Model‐Based Design for Fuel System Development22
Code Optimisation Strategies
• Equation Vectorisation
• Loop Unrolling
• Switch…case statements
– Reduce volume of code inside each “case”
• Use c-mex for time-critical functions
– Check target platforms
• Minimise Globals
– Very slow in MATLAB
• Reduce calculations inside for loops
– Pre-calculate invariant parts of equations
4th October 2017 MATLAB EXPO - Model‐Based Design for Fuel System Development23
May Jun Jul Aug Sep Oct0
5
10
15
20
25
30
35
40
Ave
rag
e S
imu
lati
on
Tim
e p
er
Fli
gh
t (s
)
Run-Time Improvements of Fuel Temperature Prediction Module
Target Time
Keeping Track of Mathworks Release Cycles
4th October 2017 MATLAB EXPO - Model‐Based Design for Fuel System Development24
Industry Model Testing
Industry Model & Code Testing
• Aircraft Development 3-5 years, Mathworks upgrades every 6 months– One solution to reduce cost of (continuing) upgrade cycles
• Testing infrastructure utilising customer models and MATLAB scripts
– Release Compatibility
– Performance
Win-Win Situation:
• Value to Customers
– Reduced product upgrade cost
– Increased productivity
– Early knowledge of regression
• Value to Mathworks
– Compatibility testing
– Performance testing
– Increased tool adoption
4th October 2017 MATLAB EXPO - Model‐Based Design for Fuel System Development25
Establish
NDA
Package
Models/Scripts
Send
Package
Review and
Act on Results
Simple 4-step process
AFSME
Airbus Fuel System Modelling Environment
10
Flow Rates
9
Temp
8Tot Weight
7Mom Y
6Mom X
5
Mass
4Targ Cg
3XCg
2Altitude
1Jettison
Density
Vol 2 Mass
Engine Burn
APU Burn
Recirc Rate
Valve States
Transfer Mode
Tank Empty
Flow Rates
Valves_2_Flowrates
Mass
Temperature
Flow
Valves
Modes
Flight Profile
CG
Aux
Time Plotting
Volumes
Mach
Air Temp
Temperature
Temperature
Flow Rate
Leak Rate
Volume
Tank Empty
Tanks
Program AFSME 3.2 STR 465Date: Fri Jan 18 11:24:10 2002Ref: SCF/SYS/GEN/61/2623 Iss. 6
User Guide: SCF/SYS/GEN/61/2909
Leak
Leaks
[M]
[V]
[F]
[M]
[V]
[F]
Mass
Recirc_Inhibit
Engine Burn
APU Burn
Recirc Flow
Jettison
Altitude
Pitch
Roll
Mach
Air Temp
FP Mux
Flight_Profile
Simulation.Temperature
Enable Temperature
Simulation.CG
Enable CG Calc
Pitch
Roll
Mass
XCg
Targ_Cg
Mom X
Mom Y
Tot Weight
CG Mux
Cg_Calc
4Recirc Inhibit
3Auxiliary Plot
2Modes
1Valves
AFSME
Airbus Fuel System Modelling Environment
10
Flow Rates
9
Temp
8Tot Weight
7Mom Y
6Mom X
5
Mass
4Targ Cg
3XCg
2Altitude
1Jettison
Density
Vol 2 Mass
Engine Burn
APU Burn
Recirc Rate
Valve States
Transfer Mode
Tank Empty
Flow Rates
Valves_2_Flowrates
Mass
Temperature
Flow
Valves
Modes
Flight Profile
CG
Aux
Time Plotting
Volumes
Mach
Air Temp
Temperature
Temperature
Flow Rate
Leak Rate
Volume
Tank Empty
Tanks
Program AFSME 3.2 STR 465Date: Fri Jan 18 11:24:10 2002Ref: SCF/SYS/GEN/61/2623 Iss. 6
User Guide: SCF/SYS/GEN/61/2909
Leak
Leaks
[M]
[V]
[F]
[M]
[V]
[F]
Mass
Recirc_Inhibit
Engine Burn
APU Burn
Recirc Flow
Jettison
Altitude
Pitch
Roll
Mach
Air Temp
FP Mux
Flight_Profile
Simulation.Temperature
Enable Temperature
Simulation.CG
Enable CG Calc
Pitch
Roll
Mass
XCg
Targ_Cg
Mom X
Mom Y
Tot Weight
CG Mux
Cg_Calc
4Recirc Inhibit
3Auxiliary Plot
2Modes
1Valves
IRP_MODE_SELECTION
5.1.7(1)
GROUND_OPS/ 1
SURGE2
5.1.(1)
AUTO_REFUEL TRANSFER
5.1.4.(1)5.1.3.(1) 5.1.2.(1)
MANUAL_REFUEL
AR_
CONF
5.1.1.(1)
OFF_
CONFDF_
CONF
DEFUEL SOT OFF
5.1.5.(1) 5.1.6.(1)
GO_D = DELAY(d_t)
function
TR_
CONF
MR_
CONF
[XFER&...DELAY(D_GOS)]
[~XFER ...| SOT_INITIATED]
[AR &...DELAY(D_GOS)] [(~GND_SURGE_RELIEF_ACTIVE &...
~AR) | SOT_INITIATED][DELAY(D_GOS)][((AR | XFER |...
DF | IDLE) &...~GND_SURGE_RELIEF_ACTIVE) |...
SOT_INITIATED]
[MR | FAULT]/d_i=0; [AR]/d_i=0; [~AR][~MR] [~XFER] [XFER]/d_i=0;
[DF]/d_i=0; [IDLE]/d_i=0;[~IDLE][~DF]
[~IDLE ...| FAULT | SOT_INITIATED ][~DF | SOT_INITIATED]
[SOT_INITIATED]
[Mode_Status[TR_SOT_EXIT] &...~GND_SURGE_RELIEF_ACTIVE]
[IDLE &...DELAY(D_GOS)]
[DF &...DELAY(D_GOS)]
evaluate_conditions()function 5.1.(2)
{
AR= ...IRP_MODE[IRP_AUTO_REFUEL] & ...~IRP_MODE[IRP_MANUAL_REFUEL] & ...~IRP_MODE[IRP_TRANSFER] & ...~IRP_MODE[IRP_DEFUEL] & ...~IRP_MODE[IRP_OFF] &...~SOT_INITIATED;
XFER= ...IRP_MODE[IRP_TRANSFER] & ...~IRP_MODE[IRP_MANUAL_REFUEL] & ...~IRP_MODE[IRP_AUTO_REFUEL] & ...~IRP_MODE[IRP_DEFUEL] & ...~IRP_MODE[IRP_OFF] &...~SOT_INITIATED &...~GND_SURGE_RELIEF_ACTIVE;
DF= ...IRP_MODE[IRP_DEFUEL] & ...~IRP_MODE[IRP_MANUAL_REFUEL] & ...~IRP_MODE[IRP_AUTO_REFUEL] & ...~IRP_MODE[IRP_TRANSFER] & ...~IRP_MODE[IRP_OFF] &...~SOT_INITIATED &...~GND_SURGE_RELIEF_ACTIVE;
IDLE= ...IRP_MODE[IRP_OFF] & ...~IRP_MODE[IRP_MANUAL_REFUEL] & ...~IRP_MODE[IRP_AUTO_REFUEL] & ...~IRP_MODE[IRP_TRANSFER] & ...~IRP_MODE[IRP_DEFUEL] &...~SOT_INITIATED &...~GND_SURGE_RELIEF_ACTIVE;
MR= ...IRP_MODE[IRP_MANUAL_REFUEL] & ...~IRP_MODE[IRP_DEFUEL] & ...~IRP_MODE[IRP_AUTO_REFUEL] & ...~IRP_MODE[IRP_TRANSFER] & ...~IRP_MODE[IRP_OFF] &...~SOT_INITIATED;
FAULT= ...~AR & ~XFER & ~DF & ~IDLE & ~MR;}
IRP_MODE_SELECTION
5.1.7(1)
GROUND_OPS/ 1
SURGE2
5.1.(1)
AUTO_REFUEL TRANSFER
5.1.4.(1)5.1.3.(1) 5.1.2.(1)
MANUAL_REFUEL
AR_
CONF
5.1.1.(1)
OFF_
CONFDF_
CONF
DEFUEL SOT OFF
5.1.5.(1) 5.1.6.(1)
GO_D = DELAY(d_t)
function
TR_
CONF
MR_
CONF
[XFER&...DELAY(D_GOS)]
[~XFER ...| SOT_INITIATED]
[AR &...DELAY(D_GOS)] [(~GND_SURGE_RELIEF_ACTIVE &...
~AR) | SOT_INITIATED][DELAY(D_GOS)][((AR | XFER |...
DF | IDLE) &...~GND_SURGE_RELIEF_ACTIVE) |...
SOT_INITIATED]
[MR | FAULT]/d_i=0; [AR]/d_i=0; [~AR][~MR] [~XFER] [XFER]/d_i=0;
[DF]/d_i=0; [IDLE]/d_i=0;[~IDLE][~DF]
[~IDLE ...| FAULT | SOT_INITIATED ][~DF | SOT_INITIATED]
[SOT_INITIATED]
[Mode_Status[TR_SOT_EXIT] &...~GND_SURGE_RELIEF_ACTIVE]
[IDLE &...DELAY(D_GOS)]
[DF &...DELAY(D_GOS)]
IRP_MODE_SELECTION
5.1.7(1)
GROUND_OPS/ 1
SURGE2
5.1.(1)
AUTO_REFUEL TRANSFER
5.1.4.(1)5.1.3.(1) 5.1.2.(1)
MANUAL_REFUEL
AR_
CONF
5.1.1.(1)
OFF_
CONFDF_
CONF
DEFUEL SOT OFF
5.1.5.(1) 5.1.6.(1)
GO_D = DELAY(d_t)
function
TR_
CONF
MR_
CONF
[XFER&...DELAY(D_GOS)]
[~XFER ...| SOT_INITIATED]
[AR &...DELAY(D_GOS)] [(~GND_SURGE_RELIEF_ACTIVE &...
~AR) | SOT_INITIATED][DELAY(D_GOS)][((AR | XFER |...
DF | IDLE) &...~GND_SURGE_RELIEF_ACTIVE) |...
SOT_INITIATED]
[MR | FAULT]/d_i=0; [AR]/d_i=0; [~AR][~MR] [~XFER] [XFER]/d_i=0;
[DF]/d_i=0; [IDLE]/d_i=0;[~IDLE][~DF]
[~IDLE ...| FAULT | SOT_INITIATED ][~DF | SOT_INITIATED]
[SOT_INITIATED]
[Mode_Status[TR_SOT_EXIT] &...~GND_SURGE_RELIEF_ACTIVE]
[IDLE &...DELAY(D_GOS)]
[DF &...DELAY(D_GOS)]
evaluate_conditions()function 5.1.(2)
{
AR= ...IRP_MODE[IRP_AUTO_REFUEL] & ...~IRP_MODE[IRP_MANUAL_REFUEL] & ...~IRP_MODE[IRP_TRANSFER] & ...~IRP_MODE[IRP_DEFUEL] & ...~IRP_MODE[IRP_OFF] &...~SOT_INITIATED;
XFER= ...IRP_MODE[IRP_TRANSFER] & ...~IRP_MODE[IRP_MANUAL_REFUEL] & ...~IRP_MODE[IRP_AUTO_REFUEL] & ...~IRP_MODE[IRP_DEFUEL] & ...~IRP_MODE[IRP_OFF] &...~SOT_INITIATED &...~GND_SURGE_RELIEF_ACTIVE;
DF= ...IRP_MODE[IRP_DEFUEL] & ...~IRP_MODE[IRP_MANUAL_REFUEL] & ...~IRP_MODE[IRP_AUTO_REFUEL] & ...~IRP_MODE[IRP_TRANSFER] & ...~IRP_MODE[IRP_OFF] &...~SOT_INITIATED &...~GND_SURGE_RELIEF_ACTIVE;
IDLE= ...IRP_MODE[IRP_OFF] & ...~IRP_MODE[IRP_MANUAL_REFUEL] & ...~IRP_MODE[IRP_AUTO_REFUEL] & ...~IRP_MODE[IRP_TRANSFER] & ...~IRP_MODE[IRP_DEFUEL] &...~SOT_INITIATED &...~GND_SURGE_RELIEF_ACTIVE;
MR= ...IRP_MODE[IRP_MANUAL_REFUEL] & ...~IRP_MODE[IRP_DEFUEL] & ...~IRP_MODE[IRP_AUTO_REFUEL] & ...~IRP_MODE[IRP_TRANSFER] & ...~IRP_MODE[IRP_OFF] &...~SOT_INITIATED;
FAULT= ...~AR & ~XFER & ~DF & ~IDLE & ~MR;}
evaluate_conditions()function 5.1.(2)
{
AR= ...IRP_MODE[IRP_AUTO_REFUEL] & ...~IRP_MODE[IRP_MANUAL_REFUEL] & ...~IRP_MODE[IRP_TRANSFER] & ...~IRP_MODE[IRP_DEFUEL] & ...~IRP_MODE[IRP_OFF] &...~SOT_INITIATED;
XFER= ...IRP_MODE[IRP_TRANSFER] & ...~IRP_MODE[IRP_MANUAL_REFUEL] & ...~IRP_MODE[IRP_AUTO_REFUEL] & ...~IRP_MODE[IRP_DEFUEL] & ...~IRP_MODE[IRP_OFF] &...~SOT_INITIATED &...~GND_SURGE_RELIEF_ACTIVE;
DF= ...IRP_MODE[IRP_DEFUEL] & ...~IRP_MODE[IRP_MANUAL_REFUEL] & ...~IRP_MODE[IRP_AUTO_REFUEL] & ...~IRP_MODE[IRP_TRANSFER] & ...~IRP_MODE[IRP_OFF] &...~SOT_INITIATED &...~GND_SURGE_RELIEF_ACTIVE;
IDLE= ...IRP_MODE[IRP_OFF] & ...~IRP_MODE[IRP_MANUAL_REFUEL] & ...~IRP_MODE[IRP_AUTO_REFUEL] & ...~IRP_MODE[IRP_TRANSFER] & ...~IRP_MODE[IRP_DEFUEL] &...~SOT_INITIATED &...~GND_SURGE_RELIEF_ACTIVE;
MR= ...IRP_MODE[IRP_MANUAL_REFUEL] & ...~IRP_MODE[IRP_DEFUEL] & ...~IRP_MODE[IRP_AUTO_REFUEL] & ...~IRP_MODE[IRP_TRANSFER] & ...~IRP_MODE[IRP_OFF] &...~SOT_INITIATED;
FAULT= ...~AR & ~XFER & ~DF & ~IDLE & ~MR;}
Models
GUIs
Tests & Results
Models
Secure Models
Server
ITAR Rated Firewall
Summaries and Lessons Learnt
4th October 2017 MATLAB EXPO - Model‐Based Design for Fuel System Development26
Lessons Learnt
• Deployment of MBSE
– As much about Competences as Technologies
– Skillsets & Mindsets
– Integration of Functional & Non-Functional models
• Model Build Reveals Emergent Properties
– Validation for free
– System difficult to model will be difficult to build/test
• Validation/Verification Testing
– A test that is more complex than that being tested is
probably wrong
– Easy to be caught in the trap of “Test for Success”
– Testing for intentional but not unintentional
behaviour
– Automated Test/Analysis allows regression testing
– Formal Proof more thorough than test scripts
4th October 2017 MATLAB EXPO - Model‐Based Design for Fuel System Development27
• System Designers Focus on Designing the System
– The System Model is the System Requirements
– Extra functionality required to exercise the model are not
requirements
– Need to clearly identify what are requirements and what
are the extras
• Model Architecture
– Must match System Architecture
– Also conducive to multi-team development
• Easy for Designers can be Difficult for Simulators
– Engineers can be very “ingenious”
– Break downstream processes
– Model exchange with suppliers
– Automatic code generators
– Require adherence to Style Guidelines and Design Patterns