Verify control systems before committing to hardware

Embedded control system designers are being pushed to provide better performance and more features, all while meeting tight deadlines and keeping costs down. As these demands grow, traditional design and verification methodologies are falling short.

In a traditional design flow, designers are not able to determine if their controller works until late in the design effort, when hardware is available. This approach was often sufficient for systems developed in years past. System behaviour was predictable and the simplicity of the control scheme minimised opportunities for error. When problems did occur, they could often be solved by tuning the controller during verification.

With today’s multidomain systems, however, this process is no longer sufficient. As system complexity grows, the potential for errors and suboptimal designs increases. When design problems show up in the verification stage, they require difficult, costly changes — changes that often include time-consuming hardware fixes.

Additionally, the growing complexity of control systems makes it difficult to test all the corner cases in a design. Indeed, for many systems it is impractical or even dangerous to test the full operating envelope on production hardware. For these systems, traditional verification methods simply don’t work.

Leading system designers have recognised these challenges and are adopting a process of early verification with model-based design. This approach allows engineers to simulate the physical plant alongside the control algorithms and logic. Early verification allows designers to:

• quickly evaluate a variety of control strategies and optimise system behaviour
• catch errors early, before hardware is available
• use simulation to test the full operating envelope
• re-use models for real-time testing.

Model-based design

Figure 1 illustrates the traditional workflow, in which requirements are provided via paper specifications. Each subsystem — including mechanical, electronics, controls and software — is designed in separate design tools directly from the specifications, with very little coordination between the subsystem designs. This process calls for verification late in the design cycle, after the system has been integrated. It is only at this point that designers can fully observe the interaction between the system’s physical systems, control algorithms and logic.

Figure 1: In the traditional design workflow, verification occurs at the end of the design process, when changes are difficult and expensive.

This approach may be acceptable for low-performance systems, where the interaction between domains is simple and easy to characterise. However, the interaction between subsystems becomes more complex as designers add features and push for optimal performance. This makes it harder to design the controller and it increases the likelihood of design errors. The risk of errors is compounded because each part of the design — mechanical, hydraulic, controls and software — involves different ways of describing requirements, implementing solutions and testing designs. These differences make it easy to introduce conflicting requirements, misinterpret requirements during design and perform incomplete or extraneous testing.

If an error is not discovered early in the design process, the complex interaction between subsystems can make it difficult to trace the problem back to its root cause — and fixing this problem can be just as tricky. Errors related to incomplete, incorrect or conflicting requirements may even necessitate a fundamental redesign.

Model-based design addresses these challenges by enabling early verification. Verification is no longer treated as a final step, rather it becomes a continuous process that begins in the design phase and carries through real-time testing (see Figure 2).

Figure 2: Model-based design features continuous verification and validation that begins in the design phase and carries through to real-time testing.

Model-based design enables designers to build a mathematical model of the control software as well as the physical plant, including mechanical, electrical, hydraulic and other physical domains. By linking the model to the system requirements, the model becomes an executable specification that can be used for each subsystem and the system as a whole. It drives an unambiguous understanding of the requirements, which reduces the risk of design errors.

Model-based design tools create a common design and verification platform. As shown in Figure 3, engineers have an intuitive, graphical view of the system, providing a common environment for designers from different disciplines. Model-based design tools also facilitate the re-use of existing designs and engineering data by providing hooks into CAE tools, such as CAD, FEA and circuit emulation tools (including SPICE).

Figure 3: With model-based design tools, engineers use block diagrams to present an intuitive view of the system model.

The availability of an executable specification helps the control algorithm designer to better understand the system, which leads to better control design. Instead of designing against an inherently vague paper specification, designers can experiment with the model to fully understand the system’s behaviour. Designers can quickly try out different control strategies, allowing them to identify the strategy that optimises performance while meeting other design constraints.

Early verification

Control designers using a traditional workflow are normally unable to verify their designs until hardware becomes available, which is usually late in the design process. In contrast, model-based design enables designers to start testing against a model. This early verification capability saves time and reduces costs, while simultaneously improving design quality and performance.

The key benefit of early verification is that it allows designers to catch errors in the first stages of the development process, where they are easier and cheaper to fix.

Simulation helps designers to spot problems that would require hardware changes — a particularly valuable capability because hardware changes are much more expensive than software fixes.

Errors are also much easier to troubleshoot in simulation than they are in the field. When an error crops up in simulation, the designer can inspect the state and history of each component, with the ability to drop a scope at any point, run the simulation repeatedly under identical operating conditions to replicate the problem and to then ensure it was addressed by the fix. In the field the designer has much less data to work with.

Testing against a model also enables more thorough verification. Complex systems often have large operating envelopes with numerous operating modes, multiple failure modes and so on. Testing the full operating envelope on hardware can be impractical or even dangerous. It is much easier to achieve full test coverage with a simulation, and there are no concerns about equipment damage or other hazards.

Real-time testing

The same models used in early verification via desktop simulations can also be used to take the verification a step further with real-time testing. With model-based design, engineers can generate embedded code directly from the model to enable rapid prototyping and hardware-in-the-loop testing.

In rapid prototyping, the control algorithms are tested in real time with the physical plant hardware. By re-using the control models to generate the prototype code and running it on a generic test system, engineers can often complete real-time verification before deciding on the final controller platform. Additionally, because there is a direct connection between the design and implementation, it is easy to fix errors identified during testing. With rapid prototyping, an engineer can run through the same tests that were used in desktop simulations directly on the plant hardware. These tests will highlight any approximations or simplifications made when modelling the plant that have a significant impact on system performance. After working bugs out in the lab on prototype hardware, engineers can implement the design on production hardware with more confidence.

In hardware-in-the-loop testing, the production controller hardware is tested against a real-time simulation of the physical plant. This capability is useful in cases where the access to the actual physical system is limited or unavailable. Hardware-in-the-loop testing is also invaluable for projects on which it is dangerous to test the plant’s full operational envelope. Consider the risks of trying out a wind turbine control algorithm in the field. If something goes wrong, the system failure can damage equipment and endanger nearby personnel. It is much better to test the production controller against a real-time simulation of a wind turbine. This hardware-in-the-loop testing is safer and it can begin before the wind turbine is even constructed. Just as important, hardware-in-the-loop tests can fully exercise system diagnostics (for example, emergency condition detection and shutdown procedures), which might be difficult or impossible to test on the wind turbine itself.

Benefits

Early verification has proved itself in a broad range of applications, including industrial automation and machinery, office equipment, consumer goods, instruments, medical devices and process industries.

As just one example, manroland AG recently used model-based design tools to develop a precision printing controller. As the world’s second largest manufacturer of printing systems, manroland serves customers who demand continuing improvements in print quality. To meet these demands, manroland needed a new approach to design - one that would enable it to rapidly try out new design ideas. Model-based design met this need, allowing manroland to complete design iterations in minutes, not weeks. This allowed the manufacturer to cut development time by a year — an improvement of over 50%.

In short, early verification with model-based design results in shorter, less expensive design cycles. It also helps designers create more robust, better performing control systems. As control systems continue to grow ever more complex, verifying designs before committing to hardware will be not only a best practice, it will be imperative.

The MathWorks Australia
www.mathworks.com.au