Model Driven Approaches to Firmware Development in Selex ES. 21 Jan. 2015

Size: px

Start display at page:

Download "Model Driven Approaches to Firmware Development in Selex ES. 21 Jan. 2015"

Isabella Shepherd
5 years ago
Views:

1 Model Driven Approaches to Firmware Development in Selex ES 21 Jan. 2015

2 Presentation Overview Selex ES Company Overview Firmware Engineering at Selex ES Edinburgh History of Model Driven Engineering within Selex ES Edinburgh Cross-Functional MDE Strategy Firmware-Specific MDE Workflow for DSP Design Future MDE Workflow for Joint Firmware/Software Design Do s and Don ts for Establishing a Model Driven Workflow 2

3 Selex ES Overview Mission Critical Systems and Defensive Aids Systems Integrated Networking Solutions for Netcentric Capabilities Sensors & Systems for Homeland Protection, Homeland Defence, ATC/ATM, VTMS 3

4 Firmware Engineering at Selex ES Edinburgh The Firmware Engineering discipline are responsible for providing FPGA expertise to a wide range of projects and products within the Radar and Advanced Targeting business based in Edinburgh. Designs include: Radar antenna control Control of aircraft self-protection systems Implementation of radar and image processing algorithms Control of electro-optic turrets 4

A Simplified V Diagram Modelling & Algorithm Development

and Evaluation Simulation Analysis & Design Modelling

Sub-system Model Integration and test Sub-system Model

5 A Simplified V Diagram Modelling & Algorithm Development Analysis & Requirements Capture Test & Qual System Execution and Evaluation Simulation Analysis & Design Modelling Repository System Integration and Test Sub-system Model Design Sub-system Model Integration and test Sub-system Model Implementation & Unit Test Framework Firmware, Software, And Hardware Implementation 5

Model Driven Engineering at Selex ES Edinburgh R13 SP1/2 R14

R2009b R2010a R2010b R2011a R2011b R2012b R2013b Motor control

mirror servo Fire Control radar Surveillance radar Adv.

6 Model Driven Engineering at Selex ES Edinburgh R13 SP1/2 R14 SP1 R14 SP2/3 R2006a R2006b R2007a R2007b R2008a R2008b R2009a R2009b R2010a R2010b R2011a R2011b R2012b R2013b Motor control Comms link UAV Imaging Suite Fast Jet Imaging Suite High perf. mirror servo Fire Control radar Surveillance radar Adv. IR Counter- Measure /4 6

7 MDE Workflows Defining an MDE workflow: A workflow must be designed, just like any other part of the system Workflows will usually contain elements of simulation and of implementation Workflows which use models as their basis have been consistently proven within our organisation to be more efficient, cheaper to implement and less prone to error Workflows should be flexible enough to respond to both innovation and unexpected events There is no one right MDE workflow, there is however a mindset that will ensure success! If you re failing to plan, you re planning to fail 7

8 Product Design the bad old days Software Engineering Static requirements Big Bang (high risk!) integration Cost of fixing errors increases to right Incompatible with previously presented V diagram Systems Engineering Firmware Engineering Integration Test & Qual Mechanical Engineering RF / Microwave or Optical Eng. requirements implementation 8

9 A new, more integrated strategy Teams are constantly interacting using the model as a reference Interactions are inherently bi-directional Errors and mistakes much more likely to be discovered early in the lifecycle Systems Engineering Integration Test & Qual requirements MODEL implementation Mechanical Engineering Firmware Engineering Software Engineering RF / Microwave or Optical Eng. 9

10 Firmware MDE Workflow Golden Reference Model 1 Initial, high-level capture of the system performance using Matlab scripts and functions. Functionality of subsequent stages is compared against this reference by means of automated testbenches Use of correct code structuring at this stage is essential. V E R I F I C A T I O N Simulink Floating-Point Model Simulink Fixed-Point Model Implementation Model Functionality of the Golden Reference Model transferred to Simulink environment using idealised all-double-precision representation. Convert the Simulink DSP functionality to a fixed-point implementation Implement the DSP elements using the target architecture (available BRAMs, etc.) Generate HDL or netlist for use with down-stream tools FPGA-In-the-Loop Testing 5 DSP functionality verified on target FPGA using custom Ethernet protocol (more later) 10

and Software elements (more later) Tools used: Matlab / Simulink Xilinx System Generator - (more recently, Simulink HDL coder) Xilinx ISE

11 Firmware MDE Workflow Additional Detail Workflow Background Primarily used to target DSP designs to Xilinx FPGAs by firmware engineering discipline Has recently been extended to including targeting capability to the new generation Xilinx Zynq architecture with both Firmware and Software elements (more later) Tools used: Matlab / Simulink Xilinx System Generator - (more recently, Simulink HDL coder) Xilinx ISE Examples of applications: Airborne imaging for UAV and Fast Jet applications Aircraft self-protection suite Fast Jet and Surveillance radar 11

power (db) Application Example Stabilised Mirror Controller 10 6 10 4 PSDs of

----khz) data IG original data PSD IG resampled data PSD OG resampled data PSD OG

data presented to model 10 0 10-2 10-4 0 X X X X X X Frequency (Hz) Matlab used

12 power (db) Application Example Stabilised Mirror Controller PSDs of original (--.---khz) and resampled ( khz) data IG original data PSD IG resampled data PSD OG resampled data PSD OG resampled data PSD 10 2 S S T G SERVO SYSTEMS a w q TECHNOLOGY GROUP Captured data presented to model X X X X X X Frequency (Hz) Matlab used for frequency domain analysis and Test vector abstraction All design / analysis and (component) testing done in Matlab / Simulink 12

13 1 2 Golden Reference Model (Matlab scripts/ functions) Simulink Model (floating-point Embedded Matlab) Combined Software/Firmware MDE Workflow Initial, high-level capture of the system performance using Matlab scripts and functions. Functionality of subsequent stages is compared against this reference by means of automated testbenches Use of correct code structuring at this stage is essential. Functionality of the Golden Reference Model transferred to Simulink environment using idealised all-doubleprecision representation. 3 Verification (Optional) Autocode ANSI C (PIL) Partitioning Decision Verification Optionally auto-code and test a Processor-In-the-Loop implementation of Simulink model. Allows an upper bound on execution times (as little to no optimisation will have been carried out on the generated code) and could inform the software/firmware partitioning decision. 4 Software Design (C/C++) Firmware Design (Fixed-Point Simulink Model) Firmware Implementation (SysGen/HDL Coder) DSP elements will be auto-coded from Simulink HDL Coder or a vendor-specific tool such as Xilinx System Generator. Autocode (tailoring currently required) for software elements 5 Function-byfunction verification (PIL) Full-software validation Firmware verification & validation (FIL) Firmware and software designs are tested in isolation of each other. Traceability against requirements demonstrated via PIL and FIL using the Golden Reference model This stage currently subject of ongoing work within SELEX 6 Full-system Hardware-In-the- Loop Testing Conduct a full-system hardware-in-the-loop test involving both processors and FPGAs. Compare to Golden Reference Model to ensure that the required functionality has been achieved 13

Xilinx Zynq 7000 Integrated FPGA & ARM SoC The Zynq 7000 is a complete Embedded Processing solution offering software and programmable logic processing in

14 Xilinx Zynq 7000 Integrated FPGA & ARM SoC The Zynq 7000 is a complete Embedded Processing solution offering software and programmable logic processing in a single device Embedded ARM Cortex A9 dual core Processor Firmware Programmable Logic High performance processing with low power consumption footprint 14

15 Application Example Zynq-based Embedded Tracker Requirements Captured in Golden Reference Matlab Simulink Model Implementation Code Auto generated and verified against Golden Reference Code implemented on Target Hardware and Verified against Golden Reference Complex Algorithms Implemented and Verified Directly on Hardware from System Model 15

16 MDE Workflow Developments Original Firmware MDE process is well established and is the go to process for developing new DSP functionality Toolset allows for very rapid design iterations Verification against a Golden Reference significantly improved traceability. New generation of combined processor/fpga devices (i.e. Zynq) motivating changes to the workflow Verification now covers FPGA-In-the-Loop and Processor-In-the-Loop, as well as a full System-In-the-Loop Advances in the toolset allows for increased use of autocoding for software DSP as well as firmware 16

17 MDE Workflows An ideal MDE workflow is : Not the preserve of a select few engineers Not focused only on modelling, or only on implementation Never more complex than it needs to be to achieve the workflow objective Capable of providing Intellectual Property protection where appropriate Easy to use: it s surprising how many people are looking for an excuse to switch off Most importantly: A workflow is no substitute for experience and (current) domain knowledge MDE is NOT push button in all but the most trivial cases, it is a way of thinking 17

18 Do s and Don ts for MDE, Part 1 Top 3 Do s Do: Tailor an approach to MDE which applies to your particular project Keep the models as simple as possible complexity for its own sake causes mistakes Implement continuous quality management features in your models 18

19 Do s and Don ts for MDE, Part 2 Top 3 Don ts Don t: Model for the sake of it some things are, literally, not worth the effort Assume that a MDE workflow will simply give you answers, or executable code. Domain knowledge is still required anyone who says otherwise is naïve at best Believe tool vendors claims without verifying everything via pilot projects, offline evaluations or independent corroboration. 19