Korean Air Speeds UAV Flight Control Software Development and Verification with Model-Based Design
Challenge
Solution
Results
- 100% of run-time errors in handwritten code identified and eliminated
- Development effort reduced by 60%
- Costly flight tests minimized
Engineers developing high-integrity flight management and control software for unmanned aerial vehicles (UAVs) verify the software throughout development using a variety of techniques, including simulation, unit tests, formal tests, and hardware-in-the-loop (HIL) simulations. At Korean Air, engineering teams accelerate these verification steps, as well as the overall development of UAV flight control software, with Model-Based Design.
“Model-Based Design enabled our team to establish a process that can be used on multiple UAV platforms. That process includes modeling and simulating the system, automatically generating production code, and verifying that our generated and handwritten code is free of run-time errors,” says Jungho Moon, senior flight control system engineer at Korean Air. “As a result, we eliminated potentially critical errors early in development, increased development efficiency, and reduced development costs.”
Challenge
In the past, Korean Air engineers hand-coded UAV flight control software. The company identified several drawbacks to this approach, particularly when a single flight control system targeted multiple UAV platforms. First, the algorithms the team was developing were too complex to program in C by hand. Second, they needed to be able to deploy hardware specification changes and the latest control algorithms quickly. Third, manual code reviews and unit tests required too much time and effort to complete.
To meet an unmovable deadline for flight testing and certification, Korean Air needed to shorten development by simulating design models, automatically generating code, and verifying the generated and handwritten code.
Solution
Korean Air developed its new UAV flight control software using Model-Based Design.
In the early phases of development, the engineers developed a Simulink® model to refine and validate high-level requirements.
The engineers developed a dynamic model of the UAV, including landing gear dynamics for simulating automated take-off and landing, with Aerospace Blockset™. Later they used System Identification Toolbox™ to estimate model parameters for flight dynamics and performance verification.
The team designed flight control laws using Robust Control Toolbox™ and Control System Toolbox™ to compute optimal control gains.
The flight management and control system, including the automatic landing guidance subsystem, was modeled in Simulink and Stateflow®.
After running desktop simulations to verify the flight control laws and collect control response data, they analyzed the results, and later, flight test results, in MATLAB®.
Using Simulink Check™ and Simulink Coverage™, the engineers performed regular checks to ensure the model complied with the company’s modeling standards (based on MAAB guidelines) and to measure 100% MC/DC model coverage for their test suite.
The team generated more than 45,000 source lines of code from their models with Embedded Coder®. They integrated this C code with code they had handwritten for hardware drivers, and they reused test cases for model coverage to measure 100% MC/DC code coverage.
Using Polyspace Code Prover™, the team checked all the code for run-time errors, identifying several in the handwritten code that they subsequently corrected. No run-time errors were found in the generated code.
The team conducted real-time HIL simulations with Simulink Real-Time™. The HIL model, which contains more than 11,000 blocks in the flight control and flight dynamics submodels, was reused to create an operator training simulator for the UAV.
Korean Air engineers provided certification authorities with MC/DC coverage reports generated by Simulink Check and Simulink Coverage and testing reports generated by Polyspace Code Prover.
Korean Air completed development on schedule, and the UAV has received airworthiness certification from the Korean government.
Results
100% of run-time errors in handwritten code identified and eliminated. “Polyspace Code Prover is crucial for the development of safe software and eliminating critical errors that could occur in flight,” says Moon. “Polyspace found dozens of divide-by-zero and overflow errors in our handwritten code, and proved the absence of run-time errors in code generated by Embedded Coder.”
Development effort reduced by 60%. “The software we developed with MATLAB and Simulink had more functionality and verification coverage than projects that we hand-coded,” Moon says. “Model reuse, code generation, and reduced testing times with Model-Based Design cut development engineer-hours by 60%.”
Costly flight tests minimized. “A single flight test can cost more than $10,000,” says Moon. “With Model-Based Design, we know that if we simulate correctly, the UAV will fly correctly. For example, the autopilot performance and functions can be verified with just one-third the number of flight tests that were previously required.”