MATLAB EXPO 2016 ZODIAC AEROTECHNICS

Page 1 – June 21st 2016 – Paris Proprietary document. All rights reserved.

Zodiac Aerospace

Model Based Design and DO Toolkit:

steps forward to certification of a fuel cell system control software

MATLAB EXPO 2016Paris

June 21st 2016

Loïc BOUILLO

MATLAB EXPO 2016 ZODIAC AEROTECHNICS

Page 2 – June 21st 2016 – Paris Proprietary document. All rights reserved.

Zodiac Aerospace belongs to World’s top 10 equipment

manufacturers

€4.9bn sales in 2014/15

35,000 employees worldwide

3 branches + 1 aftermarket activity Cabin, Seats, Systems + Zodiac Aerospace Services

Zodiac Aerospace at a glance

MATLAB EXPO 2016 ZODIAC AEROTECHNICS

Page 3 – June 21st 2016 – Paris Proprietary document. All rights reserved.

@ anode H2 2H+ + 2e-

Electrons flow through

electrical loads

@ cathode O2 + 4H+ + 4e-

2H2O + Heat

Introduction to fuel cell systems

MATLAB EXPO 2016 ZODIAC AEROTECHNICS

Page 4 – June 21st 2016 – Paris Proprietary document. All rights reserved.

Project Objectives

H2

Air / O2

Electricity

Heat

Water

Oxygen Depleted Air

MATLAB EXPO 2016 ZODIAC AEROTECHNICS

Page 5 – June 21st 2016 – Paris Proprietary document. All rights reserved.

Project Overview

Q3 Q4 Q1 Q2 Q3 Q4 Q1 Q2

Batch1

Batch2

Batch3

Planning

Valorization concepts definition Benshmarking and pre-design of valorization systems

Hydrogen production and logistics up to the airportlogistics inside the airport

and impact evaluation on

airport operation

Technical-and-economic

analysis

2014 2015 2016

Design at system level Design at sub-systems level Design at components level

Consortium

Objectives

Identify, evaluate and maturate technologies in order to design a

Galley in a single aisle aircraft equipped with an Integrated Fuel

Cell System (IFCS).

Assess how to valorize the fuel cell system by-products (Heat,

Water and Oxygen Depleted Air) to increase its total efficiency.

Prepare the market penetration strategy by analyzing the

hydrogen logistics in an airport and realize a technical-and-

economic analysis.

PACAERO is an R&T project co-funded

by the DGAC (French Civil Aviation

Authority) and executed by a consortium

composed of the following French

companies

WP1

WP2

WP3

MATLAB EXPO 2016 ZODIAC AEROTECHNICS

Page 6 – June 21st 2016 – Paris Proprietary document. All rights reserved.

Challenges

Fuel cell efficiency depends on many parameters

H2

MANAGEMENT

SYSTEM

AIR

MANAGEMENT

SYSTEM

ELECTRICAL

POWER

MANAGEMENT

SYSTEM

THERMAL

MANAGEMENT

SYSTEM

BY-PRODUCTS

MANAGEMENT

SYSTEM

Safety

issues

MATLAB EXPO 2016 ZODIAC AEROTECHNICS

Page 7 – June 21st 2016 – Paris Proprietary document. All rights reserved.

Challenges

H2

MANAGEMENT

SYSTEM

AIR

MANAGEMENT

SYSTEM

ELECTRICAL

POWER

MANAGEMENT

SYSTEM

THERMAL

MANAGEMENT

SYSTEM

BY-PRODUCTS

MANAGEMENT

SYSTEM

Safety

issues

MONITORING &

CONTROL

SYSTEM

MATLAB EXPO 2016 ZODIAC AEROTECHNICS

Page 8 – June 21st 2016 – Paris Proprietary document. All rights reserved.

Challenges

No real certification

but the future needs to be

prepared

R&T Project

ComplexSoftware

Safetyissues

MATLAB EXPO 2016 ZODIAC AEROTECHNICS

Page 9 – June 21st 2016 – Paris Proprietary document. All rights reserved.

Industrial standards for certification (1/2)

ARP4754A Process

AIRCRAFT

REQUIREMENTS

IDENTIFICATION

SYSTEM

REQUIREMENTS

IDENTIFICATION

ITEM

REQUIREMENTS

IDENTIFICATION

ITEM

DESIGN

ITEM

VERIFICATION

SYSTEM

VERIFICATION

AIRCRAFT

VERIFICATION

Aircraft Verification

System Verification

Item Verification

Validation

of requirements

Validation

of requirements

Validation

of requirements

SOFTWARE

DESIGN

HARDWARE

DESIGN

DO178C

DO254

X

MATLAB EXPO 2016 ZODIAC AEROTECHNICS

Page 10 – June 21st 2016 – Paris Proprietary document. All rights reserved.

Industrial standards for certification (2/2)

Requirements

Design Model

Source Code

Object Code

To System Verification

From System Design

HLR

LLR

Detailed design

Code generation

Code compilation

Code ValidationEOC Verification (PIL)

EOC Verification (PIL)

Formal proof…

Source Code

Verification

Design Model

Verification (Tests)Model Validation

X

XX

MATLAB EXPO 2016 ZODIAC AEROTECHNICS

Page 11 – June 21st 2016 – Paris Proprietary document. All rights reserved.

Proposed approach

Model Based Design & Code generation

TRL6

High complexity

Small team & short delays

Use of Mathworks tools for V&V activities

Traceabilityneeds

Preparingthe future

Safetyissues

MATLAB EXPO 2016 ZODIAC AEROTECHNICS

Page 12 – June 21st 2016 – Paris Proprietary document. All rights reserved.

Model Based Design

Needs analysis

Functional requirements

Functional architecture

Preliminary design

Detailed design

Elementary / Integration / Functional tests

State of the art, static, high

level model

Functional static models

Architecture dynamic model

Dynamic model for control Detailed models

Complete model with control & safety algorithms

Refine, understand

Optimize function

exchanges

Choose technical

solutions

Design control laws

Size components

Prepare verification

tests

MATLAB EXPO 2016 ZODIAC AEROTECHNICS

Page 13 – June 21st 2016 – Paris Proprietary document. All rights reserved.

System ModelSystem Control Model

Modular development approach (2/2)

H2

MANAGEMENT

SYSTEM

HMS

CONTROL

MODEL

AIR

MANAGEMENT

SYSTEM

AMS

CONTROL

MODEL

ELECTRICAL

POWER

MANAGEMENT

SYSTEM

EPMS

CONTROL

MODEL

Commands

Measurements

Commands

Measurements

Commands

Measurements

Use of model references

Unique parameters

initialization structure to

handle modeling

iterations through design

MATLAB EXPO 2016 ZODIAC AEROTECHNICS

Page 14 – June 21st 2016 – Paris Proprietary document. All rights reserved.

V&V Activities

Requirements

Design Model

Source Code

From System Design

HLR

LLR

Simulink - Stateflow

Embedded Coder

Code compilation

Simulink Code Inspector

Simulink Design Verifier

Simulink Validation VerificationModel Coverage

Simulink Code Inspector

Simulink Verification and ValidationRequirements Management Interface

MATLAB EXPO 2016 ZODIAC AEROTECHNICS

Page 15 – June 21st 2016 – Paris Proprietary document. All rights reserved.

V&V Activities

Step 1: Modeling Standard

Design Model

LLR

Modeling

standard

Verification of modeling rules

Customized version of Model Advisor

Reports generated

automatically

MATLAB EXPO 2016 ZODIAC AEROTECHNICS

Page 16 – June 21st 2016 – Paris Proprietary document. All rights reserved.

V&V Activities

Step 2: Project Blockset

Build limited blockset for the project, with

controlled options, to facilitate generated

code inspection and validate compliance

with standard

MATLAB EXPO 2016 ZODIAC AEROTECHNICS

Page 17 – June 21st 2016 – Paris Proprietary document. All rights reserved.

V&V Activities

Step 3: Design Model Validation

Requirements

Design Model

LLR

Detailed design

Requirements Management Interface

Reports generated automatically

HLRSimulink Verification and ValidationRequirements Management Interface

MATLAB EXPO 2016 ZODIAC AEROTECHNICS

Page 18 – June 21st 2016 – Paris Proprietary document. All rights reserved.

V&V Activities

Step 4: Design Model Verification

Requirements

Design Model

HLR

Identify Design ErrorsSimulink Design Verifier

LLR

Dead logic, Division by zero, Integer

overflow

Model Coverage Measurement

Verification of requirements

Reports generated automatically

Detailed designSimulink - Stateflow

Measure Model CoverageSimulink V&VModel coverage

MATLAB EXPO 2016 ZODIAC AEROTECHNICS

Page 19 – June 21st 2016 – Paris Proprietary document. All rights reserved.

V&V Activities

Step 5: Source Code Validation

Design Model

Source Code

LLRCode generation

Code Validation

Simulink Code Inspector

Structural equivalence between source

code and Design Model

Traceability between source code and

Design Model

Reports generated automatically

MATLAB EXPO 2016 ZODIAC AEROTECHNICS

Page 20 – June 21st 2016 – Paris Proprietary document. All rights reserved.

V&V Activities

Step 6: Source Code Verification

Design Model

Source Code

LLRCode generation

Source Code Verification (SIL)

Tests

Verification of High Level Requirements at

Source Code level

Reports generated automatically

Requirements

HLRDetailed design

MATLAB EXPO 2016 ZODIAC AEROTECHNICS

Page 21 – June 21st 2016 – Paris Proprietary document. All rights reserved.

V&V Activities

Synthesis

MBD: « understandable » HLR

System model to support Design Model

conception

V&V: Traceability between LLR and HLR is granted

Traceability between Source Code and LLR is

granted

No design errors in Design Model

Equivalence between Source Code and Design

model is proven

Design model & Source Code verified against HLR

Automation of the whole process

MATLAB EXPO 2016 ZODIAC AEROTECHNICS

Page 22 – June 21st 2016 – Paris Proprietary document. All rights reserved.

Successful handling of the whole process up to source code

verification and validation

Conclusion

MATLAB EXPO 2016 ZODIAC AEROTECHNICS

Page 23 – June 21st 2016 – Paris Proprietary document. All rights reserved.

Next Steps

Requirements

Design Model

Source Code

Object Code

To System Verification

From System Design

HLR

LLR

Detailed design

Code generation

Code compilation

Code Verification

Design Model Validation

EOC Verification (PIL)

Formal proof…

Direct use of

system modeling

activities

EOC and

System

Verification

MATLAB EXPO 2016 ZODIAC AEROTECHNICS

Page 24 – June 21st 2016 – Paris Proprietary document. All rights reserved.

Contact:

Loïc BOUILLO

61, rue Pierre Curie

78343 PLAISIR Cedex, FRANCE

Tel. +33 1 61 34 18 75

Loic.Bouillo@zodiacaerospace.com

http://www.zodiacaerospace.com

Thank you for your attention