Outline. 1. Introduction. 2. Model Based Control Design. 3. Software Development for Flight Control Algorithms. 4. Lessons Learned / Impacts

(1)

Wechselwirkungen zwischen GNC

Algorithmus und Software

Markus Hornauer, Falko Schuck und Florian Holzapfel

Rx2 active

[Rx1 healthy] [Rx1 fail] RSw second lane active

CSw first input active CSw second input active

RSw second lane active

Rx2 active [CSw fail]

Rx2 active [Rx2 healthy]

[Rx2 fail] CSw first input active

[RSw fail] [RSw healthy] Manual Control Loss of aircraft Loss of servo [CSw healthy] [RSw fail] [RSw healthy] [CSw healthy] [CSw fail] [CSw healthy] [Rx2 healthy] [Rx2 fail] [CSw fail] [CSw healthy] [CSw fail] CSw second input active

[Rx2 healthy] [Rx2 fail] Loss of servo Autopilot Control Manual Control Loss of servo Loss of aircraft Loss of aircraft Autopilot Control [Rx2 healthy] RSw first lane active

[Rx2 fail]

Rx1 active CSw first input active [CSw fail]

[CSw healthy] Loss of servo Autopilot Control Loss of servo Rx2 active

Assisted and Auto Mode

Loss of Aircraft

Bat1 fail Bat2 fail PSw1 fail PSw2 fail CSw 1-N fail RSw fail Rx1 fail Rx2 fail 0 0.5 1 1.5 2 2.5 3 -2 -1.5 -1 -0.5 0 0.5 1 1.5 2 0 0.2 0.4

(2)

Outline

1. Introduction

2. Model Based Control Design

3. Software Development for Flight Control Algorithms

4. Lessons Learned / Impacts

(3)

Institute of

Wechselwirkungen zwischen GNC

Motivation

• Continuity of development process:

From requirements capturing to verification on target system

• High level of reuse to increase efficiency

• Better requirements through pre-simulation

Challenge:

Software engineers are usually no control experts,

(4)

Introduction

TUM FSD - DA42M-NG – Flying test bed for the Free State of Bavaria

(5)

Institute of

Wechselwirkungen zwischen GNC

Development of an certifiable autopilot for CS-23 Aircraft using modular avionic components

 Optimization of Model-Based Software Development Methods and Techniques  Formal and Integral Process Definition for Model-Based Software Development  System and Software Requirements Synthesis, Capture and Validation

 Safety Assessment

 Functional Hazard Analysis  Safety Requirements Derivation

 (Preliminary) System Safety Assessment (FTA, FMEA, Simulation)

 System and Software Development

 Hardware and Software Architecture  Interfaces and Redundancy Management  Monitoring and Voting

 Autopilot / Flight Control Algorithms Development

 System and Software Integration, Test and Verification

 Requirement Based Testing  Hardware in the Loop (HIL)  System and Aircraft Integration  Flight Testing

 Analysis and Verification based on Flight Test Data

(6)

Outline

1. Introduction

2. Model Based Control Design

3. Software Development for Flight Control Algorithms

4. Lessons Learned / Impacts

(7)

Institute of

Wechselwirkungen zwischen GNC

Introduction



Flight Control Design is not a

single point issue but spans a

large operation envelope / domain

• Plant analysis

• Controller Design

• Gain Design



Controller assessment needs to

be automated

• Non-compliance

needs

to

be

detected automatically

• Reports and evaluations need to

be organized automatically

0 0.5 1 1.5 2 2.5 3 -2 -1.5 -1 -0.5 0 0.5 1 1.5 2 0 0.2 0.4

(8)

Analysis Results Design Model Transfer Function / Matrix (Inner Loops)

Software Development for Flight Control Algorithms

Control Algorithm Development Life Cycle

8

Plant Modelling Process

(Failure, Disturbance and Uncertainty Models) (Systems: Sensors and Actuation)

LOS Model Extraction Process (Trimming, Linearization, Reduction of Order)

System Analysis Process

Control Structure Design Process

Gain Design Process

Automated Assessment on reduced Model (classical: Linear)

Automated Assessment on High Fidelity Model

System Requirements Process (Flight Control System)

Verification of Plant Model Verification of Reduced Order System Controller Layout Design Validation Gain Parameters (and Ranges)

Loop Back from Software Process (System Engineering Process) Artifacts to Software Process Safety Assessment System Requirements Allocated to Flight Control

Algorithm High Fidelity Plant Model Reduced Order Plant Model Assessment Results

(Proof of Stability, etc.)

Assessment Results

(9)

Institute of

Wechselwirkungen zwischen GNC

Trim and Linearize

Trim applications:

Computation of performance data:

= p(1) = xS(1) = xS(2) = Haddad = Haddad = Haddad = Haddad = Haddad egal egal egal = p(2) = xS(3) = xS(4) = xS(5) = xS(6) x u V a b p q r F Q Y l m h x h z T d



x p



f r _S, r V& a& b& p & q& r& S x a b x h z T d p V h g Y& Haddad Constraint [ ]  Y  Q F & , , , , , , , , K K K HDV f r q p g b a a b g Y& V



x p



0 f r ! ,   _S

Nonlinear Equation solver

Numerical Linearization = r(1) = r(2) = r(3) = r(4) = r(5) = r(6) = 0 (auto) = 0 (auto) = p(4)(auto) egal egal x & V& a& b& p & q& r& F& Q& Y& l& m& g sin × V h&  FYB0 y u x h x u x f   ) , ( ) , ( & y y u u x x h x u u x x f d d d d d d        0 0 0 0 0 ) , ( ) , ( &             u x u x d d 0 0       y x d d&

Numerical Linearization:

linsys linsys linsys

Ax

u

x

&







linsys linsys linsys

Cx

Du

y





- Flight envelope parameter configurable (Altitude, Velocity, Center of gravity, flap configuration,…).

- Automated trim point calculation for each flight condition.

- Output of all important trim result data (trim success, used trim strategy, number of iterations, …) for evaluation of the trim results.

- Free configuration of the desired model parameters (States, Inputs, outputs), which shall be extracted from the nonlinear model.

- For each trim point, a linearized model of the nonlinear equation system is generated

(10)

10 Model Based Control Design

Example: DA42 Longitudinal Controller Design with MATLAB

10-1 100 101 102 -30 -20 -10 0 10 M a g n it u d e ( d B ) Frequency (rad/s) Config 1 Flaps = 0 Gear = 0

10-1 100 101 102 -30 -20 -10 0 10 P has e (deg) Frequency (rad/s) Config 2 Flaps = 27 Gear = 0

10-1 100 101 102 -30 -20 -10 0 10 Phas e (deg) Frequency (rad/s) Config 4 Flaps = 0 Gear = 1

10-1 100 101 102 -30 -20 -10 0 10 Phas e (deg) Frequency (rad/s) Config 6 Flaps = 42 Gear =1

10-1 100 101 102 -30 -20 -10 0 10 Frequency (rad/s) Ma g n it u d e (d B)

Bode - All borders combined

Config 1 Flaps = 0Gear = 0

Trim

Linearization

„qcom-CSAS“ Controller G (s) dS Stick-to-Command Shape

V0/g cosgsinF tanF qturn,c Aircraft q hcmd, el FP GA(s) -H F Kds,q qcmd Eq qMEAS hcmd hmec qcmd,s Prefilter Delay after FCC Delay to FCC Sensor Turn compensation Actuator Plant

Extended Plant Dynamics

Controller Design

0 0.05 0.1 0.15 0.2 0.25 0.3 0.35 0.4 0.45 0 0.2 0.4 0.6 0.8 1 1.2 1.4 Time (seconds) Am p li tu d e P e a k re sp o n se R ise ti m e

Pl

an

t

an

a

ly

si

s

H

Q

req

u

ir

eme

n

ts

10-1 100 101 102 -50 -40 -30 -20 -10 0 10 Actuator assumption Delay assumption

CAP

C*

BW

etc.

HQ Requirements

Automatic trim and

linearization for the whole

flight envelope (h

– Ma)

as well as all

configur-ations (gear, flaps)

Automatic HQ analysis

(Dropback, CAP, C*,

Neal Smith,

Band-width, ...) based on

w

₀

and T

_

(

z

= 0.71) for

desired short period

(11)

Institute of

Wechselwirkungen zwischen GNC

Example: DA42 Longitudinal Controller Design with MATLAB

„qcom-CSAS“ Controller G (s) dS Stick-to-Command Shape

V0/g cosgsinF tanF qturn,c

Aircraft q hcmd, el FP GA(s) -H F Kds,q qcmd Eq qMEAS hcmd hmec qcmd,s Prefilter Delay after FCC Delay to FCC Sensor Turn compensation Actuator Plant

Extended Plant Dynamics

Controller implementation -0.20 -0.1 0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.5 1 1.5 2 2.5 3 3.5 4 db/qss qma x /qs s Level 1 Level 2/3 Level 1/2 0 0.5 1 1.5 2 2.5 0 0.5 1 1.5 2 2.5 3 3.5 4

Gibson´s dropback criterion

 peak/qss qpeak /qss Exces_{sive (P} IO po_ssible) Accep_table -350 -300 -250 -200 -150 -100 -50 0 -30 -25 -20 -15 -10 -5 0 5 10 15 20 25 - 2 0 dB - 1 4 dB - 1 0 dB - 8 dB - 6 dB - 4 dB - 3 dB - 2 dB - 1 dB 0 dB 1 dB 2 dB 3 dB 6 dB -1 0° -2 0° -3 0° -4 0 ° -5 0 ° -6 0° -7 0° -8 0° -9 0 ° -1 00° -1 1 0° -1 20 ° -1 30 ° -1 40 ° -1 5 0° -1 6 0° -1 7 0° -1 8 0° -1 9 0° -2 0 0° -2 1 0° -2 20 ° -2 30 ° -2 40 ° -2 5 0° -2 60° -2 70° -2 80 ° -2 9 0° -3 0 0° -3 10° -3 20° -3 30 ° -3 40 ° -3 50 °

Phase des ORK [°]

F re q u e n z g a n g b e tr a g d e s O R K [ d B ] -40 -20 0 20 40 60 80 -2 0 2 4 6 8 10 12 14 16 Level 1 Level 2 Level 3  Lag Lead 

Pilot Phase Compensation [deg] at Omega = 3.5 rad/s

C lo s e d L o o p R e s o n a n c e [ d B ] 100 101 102 10-1 100 101 102 LEVEL 2 LEVEL 1 LEVEL 1 LEVEL 2 LEVEL 3 C la s . I, II -C ,I V C la s . II -L ,I II L E V E L 2 . C la s . I, II -C ,I V L E V E L 2 . C la s . II -L ,I II 0.096 0.15 3.6 10.0 Category C flight phases CAP boundaries

CAP

Note: The boundaries for values n/a

outside the range show n are defined by straight-line extensions n/a (g/rad) wn SP (rad/sec) 10-1 100 10-2 10-1 100

101 Category A & C flight phases (CAP - damping ratio boundaries)

zSP CAP LEVEL 1 LEVEL 2 LEVEL 3 -2 -1 0 1 2 3 q [° /s ]

Closed loop pull & release Open loop pull & release

0 2 4 6 8 10 -4 -2 0 2 4 Time [s] q [° /s ]

Closed loop doublet

0 2 4 6 8 10

Time [s] Open loop doublet

-20 -10 0 10 20 M a g n it u d e [ d B ] Mismatch - Amplitude 10-1 100 101 102 -150 -100 -50 0 50 100 150 Frequency [rad/s] P h a s e [ °] Mismatch - Phase

• Automatic controller

stability and Handling

Qualities analysis

featuring LOES (low

order system generation)

for all trim conditions and

configurations (~12000

points)

• Automatic Gain design

for the controller to

comply the requirements

for all 12000 points.

(12)

12 Model Based Control Design

Example: DA42 Longitudinal Controller Design with MATLAB

0 20 40 60 80 100 120 140 160 180 -10 -5 0 5 10 Time (s) g -T ra c k in g / g ( °) Tracking - Josef-Niederl-Run-09-2013-05-22-19-19-Con-act-1-K-stick-11.74-MC-grad-1200.mat Error-RMS: 1.5042 Error-rate-RMS: 164.8987 Finetracking-RMS: 0.29065

10-1 100 -30 -20 -10 0 10 20 Frequency (rad/s) M a g n itu d e ( d B ) YC / YCL / wco,AC = 0.89 rad/s YC YCL 10-1 100 0.2 0.4 0.6 0.8 1 Frequency (rad/s) K o h ä re n z Kohärenz 10-1 100 -20 -10 0 10 20 Frequency (rad/s) M a g n itu d e ( d B ) YP x YC wCO = 0.69193 wCO-A = 0.70578 Comp. Pursuit 10-1 100 0 0.2 0.4 0.6 0.8 1 Frequency (rad/s) K o h ä re n z Kohärenz 10-1 100 -10 0 10 20 30 Frequency (rad/s) M a g n itu d e ( d B ) YP - Pilotgain@co: 0.79 YP YP-pursuit 10-1 100 0 0.2 0.4 0.6 0.8 1 Frequency (rad/s) K o h ä re n z Kohärenz 0 20 40 60 80 100 120 140 160 180 -0.6 -0.4 -0.2 0 0.2 0.4 0.6 D e fl e c ti o n [ -] Time (s)

Stick - : 0.097974 RMS: 0.097972 Mittelw.: -4.7533e-005 Force-RMS: 8.9456 Speed-RMS: 0.30615

0 20 40 60 80 100 120 140 160 180 -50 -25 0 25 50 F o rc e [ N ] dS dKraft -Stick

• Simulator flight testing with 10 pilots

• Automatic data analysis of the simulation results with Matlab

• Export of the analysis results to Excel

Microsoft

Excel

Automatic simulation result analysis Export: • Analysis results. • Automatic report generator. • Automatic compliance matrix.

(13)

Institute of

Wechselwirkungen zwischen GNC

1. Introduction

2. Model Based Control Design

3. Software Development for Flight Control Algorithms

4. Lessons Learned / Impacts

(14)

Flight Control Computer & Flight Control Algorithms

Controller Algorithms (Design Model)

(DO-331 Example 5)

BSP, Drivers, Runtime- and Interface Framework ANSI C (DO-178C)

Real Time Operating System (DO-178C COTS)

Electronic Hardware COTS and Special Built (no FPGA)

Sensors

Actuators

Software Development for Flight Control Algorithms

Architecture of a Flight Control System

14

Input- / Output-Conditioning, Robustness and Interface Framework (Design Model)

(15)

Institute of

Wechselwirkungen zwischen GNC

DO-331 MB.1.6.3 Examples of Model Usage

Process that generates the life-cycle data

MB Example 1 MB Example 2 MB Example 3 MB Example 4

(See Note 1) MB Example 5 Software Coding Process Source Code Requirements from which the

Model is developed

Requirements allocated to

software

Source Code Source Code Source Code Source Code

Requirements from which the

Design Model

Design Model Requirements from which the

Model is developed Design Model Specification Model (See Note 2) Specification Model Textual description (See Note 3) Formalized Design System Requirement and System Design Process Software Requirement and Software Design Process Requirements from which the

Requirements from which the

(16)

Software Development for Flight Control Algorithms

Software Module Life Cycles

16

System Requirements allocated to Software

SW High Level Requirements,

SW Pre-Design and SW Module Interfaces

COTS SW Design (SW Low Level Requirements and Architecture) Manual Coding Design Model Automatic Code Generation Design Model Automatic Code Generation Software Integration Software – Hardware Integration

DO-178C DO-331 Flight Control Application (Example 5) Signal Conditioning and Data I/O Framework (Example 1) BSP, Drivers and Data Handling Framework RTOS

At least four SW modules:



one PSAC

(17)

Institute of

Wechselwirkungen zwischen GNC

Equipment Development Life Cycle

R – C – I – C – I – R –D – C - I

R – C – I

R – I

R –D – C - I

Software Product

System Requirements

Allocated to Software

Software Components:

Component W ..

Component X ..

Component Y ..

Component Z ..

Legend: R Requirements C Coding D Design I Integration Source:

(18)

Software Development for Flight Control Algorithms

Equipment Development Life Cycle – Pre-Development Step

Customer Specification

Preliminary SW/HW Design / SW/HW-Architecture / Coding /

Preliminary Testing (prelim. Test Cases)

18

SW / HW Planning Process SW / HW Requirements Process Incremental Development Process Demonstrator (Prototype) System RIG Testing Flight Testing Equipment Specification Software Requirements Document High Level Requirements Hardware Requirements Document High Level Requirements Safety Assessment Preliminary SW Documents Preliminary HW Documents PDR

(Preliminary Design Review) SW- and HW-Requirements Validation

Derived High Level Requirements Safety Requirements Preliminary DO-160F Environmental Testing Next Slide Design Model System Engineering Process (Flight Control System)

Derived Low Level Requirements

Development Workflow Generation of Artifacts

(19)

Institute of

Wechselwirkungen zwischen GNC

Structural Coverage Analysis Data Simulation Results Model Coverage Analysis Data

Equipment Development Life Cycle – Core Development Step

SW / (System) Requirements Update SW Design Process SW Coding, Integration and Pre-Testing HW Requirements Update HW Design Process HW Implementation HW Testing CDR

(Critical Design Review)

Software / (System) Requirements Review

SW Design Review Design Model Review Model Coverage Analysis

SW / (System) Requirements Document SW / Model Design Description Source Code HW / SW Integration Testing

(Req. Based Functional Testing Structural Coverage Analysis)

HW Requirements Document Qualification Testing (Functional and Environmental Testing) Series Production Final Product Previous Slide HW Conceptual Design HW Detailed Design Production Data CDR

(Critical Design Review)

HW Requirements Review HW Design Review Development Workflow Generation of Artifacts Code Review Documentation of Performed Reviews Additional Artifacts: Test Results

(20)

Software Development for Flight Control Algorithms

Tool Chain Structure and Workflow for Power PC

20

Model Development and Verification

• Embedded MATLAB, Simulink, Stateflow

• Simulink Model Advisor, Report Generator and Model Coverage

Source Code Development and Verification

• Simulink Embedded Coder • Simulink Code Inspector • PolySpace

• VerOCode and VeroSource (structural code coverage)

Debugging and Target Testing

• Lauterbach TRACE 32 Debugger (debugging and PIL) • Bernecker + Rainer (B&R) (hardware in the loop test bed)

Startup, Runtime, Robustness and Interface Framework ANSI C <hand coded>

Embedded Coder Source Code Object Code Target Deployment In-Circuit Debugging Integrated Debugging Hardware & Processor In the Loop

(HIL / PIL) Model Link Integrated Build Code Reference

+

Structural Coverage on Target Simulink Code Inspector

• Generation and deployment of

source and object code to target

environment

• Strategy on qualifiable

verification tools

• All tools in use in aerospace

(21)

Institute of

Wechselwirkungen zwischen GNC

High Performance Power PC Architecture:

• 670 MHz performance (available with separate graphic controller) • Double precision floating point unit

• High speed interface to I/O module

Cortex M I/O Interface Module

• Featuring two I/O processors

• Providing up to 10 UART interfaces, 4 ARINC 825 Interfaces, 2 ARINC 429 Interfaces, 4 12 bit analog inputs and multiple discrete I/Os

Extendable Platform Configuration

• Single string for simple applications

• Redundant system with high speed interface between two lanes • Fail operational triplex system with internal redundancy

Certification Aspects

• All used processors and complex elements already in use in aerospace systems (COTS)

• System was design to ensure easy testability

General Description

Development of a certifiable avionics platform for research and demonstration of algorithms in a closed to product environment together with industry partners. The focus is on a scalable and modular system which can be used in different applications.

(22)

Software Development for Flight Control Algorithms

Testing in Final Target Environment

22 DA42 Total System Simulation HIL

Actuator Test Bench Diamond DSIM

Flight Training Device

Aircraft Flight Test Installation

High Fidelity Aircraft Model on Automation PC

Processor In The Loop Test Bench

Traceability between Simulink and Trace32 Debugger Integration

in Simulink