National Aerospace Laboratories Proves Benefits of Model-Based Design for DO-178B Flight Software Development

“Simulink and Model-Based Design reduced the effort needed to upgrade functionality, code analysis time, and design time for the safety-critical embedded system. The compatibility of Simulink with the DO-178 process gave us confidence to use Model-Based Design for our upcoming DO-178 projects.”

Challenge

Accelerate the development of DO-178B Level A certified flight software

Solution

Complete a stall warning system pilot project using Simulink and Embedded Coder, quantify improvements in development efficiency, and adopt Model-Based Design for future DO-178 projects

Results

  • Code analysis and design time cut in half
  • Integrated workflow established
  • Consistent, high-quality code generated

National Aerospace Laboratories is the only government aerospace R&D laboratory in India’s civilian sector. Established by the Council of Scientific and Industrial Research, CSIR-NAL has a threefold mandate: develop aerospace technologies with strong science content, design and build small and medium-sized civil aircraft, and support all national aerospace programs.

As part of this mandate, CSIR-NAL developed SARAS, a 14-seat, multirole light transport aircraft. SARAS is equipped with a state-of-the-art stall warning system and aircraft interface computer (SWS/AIC) that alerts pilots when the plane is in danger of stalling. Recently, CSIR-NAL engineers completed a SWS/AIC pilot project in which they quantified the advantages of Model-Based Design over their conventional approach for DO-178B Level A software development. Among other benefits, they found that Model-Based Design with MATLAB® and Simulink® reduced the effort needed to upgrade functionality by 75%.

“In the past, functional upgrades required manual iterations for design changes, code modifications, retesting, and report generation,” says J. Jayanthi, senior principal scientist at CSIR-NAL. “With Model-Based Design, upgrades become simple because the links between requirements, model, code, tests, and reports have already been established. We just make changes at the model level and everything—including the generated code—falls into place.”

Challenge

CSIR-NAL initially implemented the SARAS SWS/AIC system by hand-coding the algorithms in C. Although the software was ultimately certified to DO-178B Level A, the effort took longer than planned. The team attributed the delays to gaps between the requirements, the implemented code, and the tests conducted for verification. To bridge these gaps, the team had to perform numerous manual activities, including tracing code back to requirements, performing coverage analysis, and producing the documentation necessary for certification.

CSIR-NAL engineers sought to automate these manual activities within a workflow that incorporated their existing tools for requirements management and testing.

Solution

CSIR-NAL engineers completed the SWS pilot project using Simulink, Stateflow®, and Embedded Coder®.

They designed the SWS in Simulink, using Stateflow to model decision logic.

As they developed the model, they adhered to MathWorks Automotive Advisory Board (MAAB) and DO-178B high-integrity modeling standards. They used the model standards checks in Simulink Check™ to ensure compliance with the standards.

CSIR-NAL engineers used Simulink Design Verifier™ to generate test cases from the Simulink and Stateflow model and to perform model coverage analysis while running simulations to execute the tests.

The team generated about 5000 lines of C code from their model using Embedded Coder. For each SWS subsystem, they compared the generated code with the code that they had handwritten for the initial implementation.

With Requirements Toolbox™, the engineers linked elements of the SWS model with requirements in Microsoft® Word. The generated code included requirements labels as comments, enabling them to trace requirements to the model and the final code.

The team took advantage of the integration between Simulink and the LDRA tool suite to streamline code coverage analysis and other software-level testing activities, and to establish traceability between the model and test cases.

Finally, the team used Simulink Report Generator™ to document the model and code coverage results required for certification credit.

Based on the success of the pilot project, CSIR-NAL plans to use Model-Based Design for future DO-178B and DO-178C Level A projects.

Results

  • Code analysis and design time cut in half. “For the SWS pilot project we gathered metrics for comparison with our conventional approach,” says Manju Nanda, principal scientist. “In addition to a 75% reduction in the effort needed to upgrade functionality, we saw a 48% reduction in code analysis time and a 50% reduction in design time with Model-Based Design, enabling us to do more with fewer people.”

  • Integrated workflow established. “With Model-Based Design we have a well-defined DO-178 workflow that integrates with our existing tools,” says Jayanthi. “We can trace requirements in Word or Telelogic® DOORS® to Simulink models, generated code, and code-level tests in LDRA. And we can use Simulink Report Generator and DO Qualification Kit for DO-178 certification.”

  • Consistent, high-quality code generated. “The code generated with Embedded Coder was as good as our handwritten code, and often more compact as well,” says Jayanthi. “We can trace the code back to our model and requirements, and because it was generated from our model, it was more consistent and significantly easier to maintain than handwritten code.”