BAE Systems Delivers DO-178B Level A Flight Software on Schedule with Model-Based Design

“When we generated code from our Simulink models with Embedded Coder, the team we handed it off to knew it was gold—that it was debugged and fully met the requirements—because we had run it through the Simulink test vectors supplied by our customer. That was a huge advantage on this program.”

Challenge

Develop flight-critical software for a midsized business jet in compliance with DO-178B Level A standards

Solution

Use Model-Based Design to model the software and systems, run simulations with customer-provided test vectors, trace requirements to model elements, and generate 200,000 lines of certified code

Results

  • Development efficiency doubled
  • Certification schedule maintained
  • Communication between teams facilitated
Primary flight control computers from BAE Systems.

When a series of storms swept through southern New York State in 2011, the BAE Systems facility in Johnson City was flooded with 16 million gallons of water. The resulting water damage destroyed computer systems, documentation, and entire work areas, threatening to derail numerous ongoing projects. These projects included developing flight control computer (FCC) software for the world’s first fly-by-wire (FBW) midsized business jet.

Model-Based Design helped the BAE Systems team get the project back on track and certify it to DO-178B Level A.

“In the aftermath of these severe weather events, Model-Based Design absolutely helped us stay on schedule,” says Mike Weaver, senior principal systems engineer at BAE Systems. “Because we lost much of our test equipment in the flood, running simulations in Simulink was a tremendous advantage, particularly when we used test vectors provided by our customer. Simulink enabled us to verify and integrate our designs on the desktop before we generated code.”

Challenge

In addition to the weather-related damage, BAE Systems engineers faced another unanticipated event. They were asked to take on a second project for the same aircraft: developing software for another flight-critical application. To fulfill the thousands of high-level requirements that their customer had provided for these applications, the team would need to produce almost 200,000 lines of code from Embedded Coder® that would integrate with manual code in the OS and the rest of the application.

BAE Systems uses a development approach that supported DO-178B Design Assurance Level A certification through simulation, requirements traceability, model coverage analysis, and code generation. This approach has to enable them to respond effectively to requirements changes and unforeseen events.

Solution

BAE Systems engineers developed these applications using Model-Based Design with MATLAB®, Simulink®, and Embedded Coder. They had used these tools previously to develop flight software according to DO-178 Level A for projects spanning both military and commercial aircraft applications.

Working from high-level requirements provided by the customer in IBM® Rational® DOORS®, the engineers created models in Simulink.

They used the Requirements Management Interface in and Requirements Toolbox™ to provide traceability between requirements in DOORS and design elements in Simulink models. This approach supported both the development process and certification activities.

For early integration of the models, the team ran simulations in Simulink using test vectors provided by the customer.

Using Simulink Coverage™ the team analyzed model coverage and identified untested elements of their models. They wrote additional test cases to cover any untested elements in preparation for flight tests.

The team integrated the smaller models into higher-level models that aligned with the software architecture, and used Embedded Coder to generate code for both applications.

Following a code review and formal verification, the aircraft’s flight-critical software received certification from the FAA, EASA, and another regulatory agency, and is now in production.

After the flood, the team took the opportunity to update their MATLAB, Simulink, and Embedded Coder software. They also established their best practices for modeling semantics to be in line with the current direction of the toolset, including the use of model reference and configuration sets. They have implemented these best practices on a new project that is roughly 10 times larger in scope than the business jet.

Results

  • Development efficiency doubled. “Model-Based Design is one-and-a-half to two times more efficient than our traditional hand-coding approach,” says Weaver. “That increase covers all aspects of the software life cycle, from high-level and low-level requirements to coding, integration, and verification.”

  • Certification schedule maintained. “Linking requirements to our models, running continuous tests in Simulink, and generating production code with Embedded Coder in compliance with DO-178B Level A were key to keeping the project on schedule despite setbacks,” says Maria Radecki, application software lead engineer at BAE Systems. “The ability to trace textual requirements to the model elements that implemented them was a huge hit with the certification authorities.”

  • Communication between teams facilitated. “Throughout the project we relied on Simulink as a communication medium,” notes Weaver. “Teams in the US, the UK, and Brazil worked on the project. The detailed, quantitative Simulink test vectors and models complemented the high-level requirements and made it easy for these geographically scattered teams to communicate with each other.”