Bridging the tool gap for model-based design from flight control function design in Simulink to software design in SCADE

Abstract

Development processes of software for safety critical, complex aircraft systems, for example flight control systems, are very demanding. In the context of an aircraft certification, strict process guidelines and objectives from the Radio Technical Commission for Aeronautics according to the Development Assurance Level of the Software have to be complied to. Efficiency and compliance are important goals when defining processes from these requirements. Our approach to gain efficiency is, to reuse models from function design for code generation, and to use qualified tools. In control engineering, MATLAB, Simulink and Stateflow are widely used tools to build such models. The code generator Embedded Coder of the MathWorks tool chain is not available as qualifiable tool. Hence, it is common in the avionics domain to use SCADE Suite and its qualifiable code generator KCG for software design. To enable reuse of Simulink/Stateflow models for code generation with KCG it is necessary to translate them to Scade. In the project CERTT-FBW231 a feasibility study of the automatic translation from Simulink/Stateflow to Scade using the SCADE Suite Gateway for Simulink was performed. An existing control law model of an automatic flight control system was used as example. Due to its size and functionality it is a demanding and suitable example. To enable the translation of Simulink/Stateflow models, modeling guidelines were derived in the project MCAS2. We motivate our approach and show how it can be used effectively by automatic guideline checking and model repair. Our tool chain, the translation and configuration management processes are presented after briefly introducing the example model. A selection of guidelines and repair algorithms are shown, that helped to increase the translatability of our example.