Professional Documents
Culture Documents
Ansys SCADE Solutions For Safe Rail Embedded Software
Ansys SCADE Solutions For Safe Rail Embedded Software
Bruno PRIVAT
Agenda
2
Best-of-breed simulation across all major physics
SEMICONDUCTOR MISSION-CRITICAL
FLUIDS STRUCTURES ELECTROMAGNETICS POWER EMBEDDED SOFTWARE OPTICAL
PLATFORM
3
The rail transportation industry is facing many challenges
Ensuring Functional
Safety and Security
4
Ansys Systems & Platform
DIGITAL TWIN
Build, Validate & Deploy Simulation-Based Digital Twins
Create simulation-based
PLATFORM digital twins–digital representations of
assets with real-world or virtual sensor inputs.
5
In the embedded software business, safety is not an option.
Personal
Computers Failure
Is KEY in the
Annoying SAFETY Embedded
Software Business
Embedded Failure
Computers
Catastrophic
6
Safety-critical embedded software has a huge development cost
The cost increases with the EN 50128 Safety Integrity Levels (SIL)
SIL 0 SIL 1 SIL 2 SIL 3 SIL 4
Level
Cost Cost Cost Cost Cost
Comparative Base SIL 1 SIL 2 SIL 3
Baseline
Cost* +10% +36% +80% +30%
Cost 100 110 150 270 350+
(*): Comparative Software Development Cost per SIL
Level, including Testing / Empirical data
7
Our Mission: Providing unique R.O.I for your Safety Critical Development
8
Agenda
9
The solution for safe embedded software is SCADE
The SCADE story in key dates
Created for Safety
Safety Critical Application Development Environment
Formally defined Portable and Full traceability
Embedded control Embedded HMI design Embedded ARINC 661 HMI synchronous Platform between System
design and code and code generation design and code generation language independent & Design levels
generation
Code SCADE
SCADE SCADE
generation Display
Solution
tool Suite for A661
Model-Based 2019
Systems SCADE
Engineering Architect
10
With Ansys SCADE
MODEL = CODE
With Traditional MBD Solutions
MODEL ≠ CODE
11
With Ansys SCADE
MODEL = CODE
NO SIL
NO NEED
NO CODE BACK-TO- NO CODE
FOR SAFE
REVIEWS BACK COVERAGE
SUBSET
TESTING
12
SCADE is agnostic to
• Any Processor
• Any GPU
•…
13
Ansys SCADE for Model-Based Software Design
14
Safety Critical Application Development Environment
15
Model-based SW with EN 50128 certified code generation
Embedded Systems & Software System System Safety Analysis System Simulation & Digital Twins
System & SW Architecture Architecture
Architecture
16
SCADE Ecosystem
Interoperability with Tools & Standards Presagis VAPS / VAPS XT
IBM Rhapsody ENSCO Idata
Sparx Enterprise Architect Adobe Photoshop
Mathworks Simulink Dassault Systèmes MagicDraw W3C SVG
Import
Import/ Import
Co-simulate Export Microsoft Word
IBM DOORS / DOORS NG Traceability Microsoft Excel
Jama PDF / HTML
Siemens Polarion
Dassault Systèmes Reqtify
Generate
FMI/FMU 2.0
Import/
AUTOSAR Export
FACE Generate IBM RTRT
AADL Test Harnesses
LDRA TestBed
ASAM ASAP2
Vector VectorCAST
HIL Mamouth
Hardware-in-the-Loop
Integrate / Deploy
17
Agenda
18
Our Customers in Rail Transportation
SCADE is used in many Railways Applications
22
Huge savings in software development with SCADE
Non-Safety
SIL 1 SIL 2 SIL 3 SIL 4
Level Related
Cost Cost Cost Cost Cost
Comparative SIL 1 SIL 2 SIL 3
Baseline Base +10%
Cost* +36% +80% +30%
Cost 100 110 150 270 350+
Cost with
100 100 120 160 175
SCADE
Savings with
SCADE
- 10% 20% 40% 50%
(*): Comparative Software Development Cost per SIL
Level, including Testing / Empirical data
Requirements
Integration testing
26
We could get rid of … a few things …. Thanks to SCADE
Requirements
Integration testing
27
SCADE-enabled EN-50128 SIL4 optimized workflow
Requirements
Certified
automatic code generation ✓ No need for additional tools
✓ Generate EN-50128 SIL4 certifiable code
Source Code ✓ Reduce development costs
✓ Reduce time-to market
Integration testing
28
Unique Benefits for Certification
• SCADE products and solutions are developed specifically to address critical system
and software applications
• SCADE Suite and Display KCG code generators are certifiable according to the
following international safety standards:
‐ EN 50128 certification up to SIL 3/4 – Rail Transportation
‐ IEC 61508 certification up to SIL 3 – Industrial & Energy
• IEC 60880 full compliance – Nuclear Instrumentation & Control
• IEC 62304 full compliance – Medical Systems
• EN 13849 full compliance – Industrial Machines Safety
‐ DO-178C qualification up to Level A – A&D
‐ ISO 26262 certification up to ASIL D – Automotive
• Same products qualified at the highest level of safety across 6 market segments by 10
safety authorities, worldwide
Multiple EN 50128 SCADE Suite
and Display KCG Tool certifications
by TÜV
• Contents:
‐ Development and verification steps of EN 50128 compliant software
• Model-based development with SCADE
Suite and SCADE Display
• Simulation and Model Test Coverage
• Formal verification
• Automatic code generation with KCG
• C compiler verification activities
‐ Set of guidelines for developing
efficient models, generating efficient
code, etc.
Where Time Goes in Embedded Software Projects?
Concept
Project
Phase Workload
Management
Definition
5%
Concept Definition 5% 10%
System Design (Requirements, Functions & System
12% Documentation System Design
Architecture) and Review (Requirements,
7% Functions & System
Systems Requirements allocated to SW (HLRs) 14% Architecture)
Software Design (LLRs) 15% Hardware /
12%
Coding 10% Software
Integration & Systems
Software Unit Testing (Low Level Testing) 10% Testing Requirements
allocated to SW
Software / Software Integration & Testing 7% 10%
(HLRs)
Hardware / Software Integration & Testing 10% 14%
Software / Software
Documentation and Review 7% Integration & Testing
Project Management 10% 7%
TOTAL 100% Software Design
Software Unit
Testing (Low Level (LLRs)
Testing) 15%
Coding
10%
10%
32
Where Time Goes in Embedded Software Projects?
Reference Cost Breakdown ANSYS Saving
Phase Comments Cost (ANSYS based GAIN
Breakdown process)
Concept Definition 5% 5% 0% Out of our Scope
System Design (Requirements, Functions & Functional & Architectural Definition, 12% 8% 35% Usage of SCADE Architect to model
System Architecture) System Safety Anaylsis function and architecture
Systems Requirements allocated to SW Control Law, Logic definition, HLRs (text, 14% 9% 35% Reuse from SCADE architect
(HLRs) equation…)
Software Design (LLRs) Detailed SW Architecture, Function Design, 15% 18% -20% Detailed SW architecture. Additional
Requirements-based tests creation formalization of SW detailed
specification, requirements traceability
Coding Detailed Coding 10% 2% 85% % of code automatically generated with
SCADE KCG
Software Unit Testing (Low Level Testing) Functional Unit Testing 10% 2% 85% Qualification of Code Generator
suppressed low level testing
Software / Software Integration & Testing Testing of the above 7% 1% 85% SW/SW integration testing fully
automated by SCADE for the application
part
Hardware / Software Integration & Testing Incl. on-target debugging 10% 5% 50% Models already debugged & tested.
Very short late changes cycles. Compiler
verif. Kit automates user context &
application tests on taget
Documentation and Review Design Documentation & Quality review 7% 1% 85% Doc for projet is automatically
generated by SCADE LifeCycle
Project Management 10% 5% 50% Automatic connection with Conf. Mngt
Tool, shortering project duration, better
requirements & traceability
TOTAL - 100% 50 50% -
33
SCADE Benefits and Value Proposition for Rail Transportation
STRATEGIC TECHNICAL ECONOMICAL
34
Why Ansys SCADE is the Solution
50 %
time-to-certification Virtual Reality environments
Up to
35
Why Ansys SCADE is the Solution
SCADE provides a common representation between systems and
Standards software teams sharing models.
Support Ansys has worldwide training and support capabilities in your language
36
Ansys SCADE : The True Model-Based Software Leader
for Safety Critical Applications
37