Model-based design of CANopen systems: mechatronics
Model-based design has become mainstream in the industry, but it has been used mostly for developing individual control functions or devices, not entire control systems. Current mechatronic systems are becoming more complex, and simultaneously, the requirements for quality, time-to-market, and costs have risen. An increasing number of systems are distributed, but development is typically done device by device and without systematic coordination of system structures. Approaches to manage distributed systems with written documents have led to inefficiency and inconsistent interfaces. Inconsistent interfaces have led to situations where it was easier and faster for the designers to write a new software component than reuse an existing one. Another typical occurrence is that significant interface adjustments have to be performed during integration testing of a system. Based on such experiences, there is a demand for standardized and semantically well-formed interfaces between multiple disciplines .
In typical mechatronic systems, multiple disciplines co-exist and none of them dominate. The multidisciplinary nature of design work makes it very difficult to utilize the modeling principles dedicated for software-oriented development, such as unified modeling language (UML) or system modeling language (SysML). Studies show that it is impossible to create a single tool that is optimal for all disciplines; instead, existing state-of-the art tools can be integrated into a working tool chain.
Traditional distributed automation
In a typical distributed system, one function may be divided into several devices, and one device may serve multiple functions. Node-centric development can be difficult because the exact functional distribution is not known prior to development. Application-centric development and simulation also provide limited efficiency because of limited testing capabilities . Software-centric development, without thorough system-level management, leads to serious interface inconsistencies. The old approach to managing communication interfaces is to embed communication descriptions into the application software . Historically, this works with very small systems, where there is only one instance of each type of device. When devices exist more than once in a system, this approach often leads to poor reuse of design artifacts or adoption of configuration management processes.
Model-based designs have become attractive because of the inefficiencies of the existing approaches. Although the requirement management in traditional software development has been document-centric, in some cases the requirements for the next version were collected from the source code of a previous version . It has also been documented that model-based designs can reduce the number of defects and wasted efforts produced by current approaches.
A separate design of the logical and physical structures causes challenges in managing the two parallel models and their connections without inconsistencies and still allowing incomplete models . In addition, if a model-based conceptual design was used, models can be manually converted into code, or control applications can be developed and tested separately, independent of each other. The main motivation for more systematic developments can be found in the assembly and service process, rather than in development, because of their higher significance . Systematic configuration management enables solving serious problems, for example, during system assembly and service . Systematic configuration management is required throughout the development process .
Existing modeling approaches
Increasing complexity of the systems requires increasing systematics during development . Most defects found during the last phases of the traditional processes were caused by failures in the requirement acquisition in the early phase of the processes  . The validation of specifications to models and model-to-code matching is easier with simulation models , and the use of automatic code generation with proven tools makes it possible to automate code verification and move the focus of reviews from code to models. Automatic code generation from simulation models improves the development of especially high-integrity systems   . The simulation model is actually an executable specification, from which certain documents can be generated    . Higher integrity with lower effort can be achieved by validating the basic blocks and maximizing their reuse . Conformance to corresponding standards helps to achieve required quality . Simulation models can also document interfaces between structural blocks, improving consistency and enabling parallel and co-development, improving overall efficiency   .
Old processes produce old results ; new development approaches, such as a model-based design, improve the design. New processes and tools are often needed to achieve maximum improvements. A new process with an existing, constrained design does not show benefits, but benefits can be found with new and more complex designs. A phase-by-phase approach is required to provide a learning curve. It is also important to be able to keep existing code compatible with the new code generated from models. Design reuse is one of the main things that improve productivity. The systematic management of both interfaces and behavior is mandatory in safety relevant system designs . Instead of using model-based tools as a separate overlay for the existing processes and tools, automated interfaces need to be implemented between tools . Connecting model-based tools with the existing legacy tools may require changes beyond the tools’ built-in capabilities, increasing the effort required to maintain, develop, and upgrade the tool chain.
Modeling tools, scope
The Simulink tool was used in the project because it is the de facto modeling tool in research and industry with open interfaces. It also solves most of the problems found in other modeling languages and approaches . One of the most significant benefits is the support of dynamic simulations. Unlike examples such as executable UML, Simulink models can be used for modeling disciplines other than software. The models can be simply made and based only on behavior. The physical structure can be included into the model by adjusting the hierarchy of the logical model. If required, the models can be developed to cover improved dynamics as well.
Because of the increasing time-to-market and functional safety requirements in machinery automation applications, higher productivity and support for model verification and reuse of designs became significant reasons for using Simulink. Features include linking to the requirement management, model analysis, support for continuous simulation during the design process, testing coverage analysis, and approved code generation capabilities . Using the Simulink models enables efficient reuse of the models for various purposes.
Using IEC 61131-3 programming languages for the evaluation is increasing because they are well standardized. Their use, especially in safety critical implementations, has increased because some of the IEC 61131-3 languages are recommended by functional safety standards . A standardized XML-based code import and export format has been published recently, further improving systematic design processes.
The presented approach is technology independent. CANopen was selected as an example integration framework because the CANopen standard family covers system management processes and information storage. It is supported by many commercial tool chains that can be seamlessly integrated. The management process fulfills the requirements set for design of safety relevant control systems  and defines how CANopen interfaces appear in IEC 61131-3 programmable devices . A managed process is required to reach the functional safety targets . There is also a wide selection of various types of off-the-shelf devices on the market that enable efficient industrial manufacturing and maintenance. Device profiles, in particular, help reuse common functions instead of developing them constantly. CANopen also offers extensive benefits in assembly and service when compared to other integration frameworks.
Relevant CANopen issues are reviewed first to enable readers to understand the process consuming the presented communication description. Next, the basic modeling principles are shown. After presenting the modeling principles, the communication interface description in the model and exporting of both application interfaces and behavior followed. Modeling details are not within the scope of this article.
The CANopen system management process defines the interface management through the system’s lifecycle from application interface description to spare part configuration download. The first task in the process is to define application software parameters and signal interfaces as one or more profile databases (CPD) . Next, node interfaces defined as electronic datasheet (EDS) files can be composed of the defined profile databases. The EDS files are used as templates for device configuration files (DCFs). These files are system position-specific and define the complete device configurations in a system. DCFs can be directly used in assembly and service as device configuration storage . In addition to the DCFs, system design tools produce a communication description as a de facto communication database format, which can be directly used in device or system analysis. A process with clearly distinguishable phases improves the resulting quality because a limited number of issues need to be covered in each step of the process .
Signals and parameters need to be handled differently  because of their nature . Signals are periodically updated and routed between network and applications through the process image  . The process image contains dedicated object ranges for variables supporting both directions and the most common data types. The same information can be accessed as different data types. Signals are typically connected to global variables as absolute IEC addresses . Signal declarations include metadata and connection information used for consumer side plausibility and validity monitoring. Metadata is used for plausibility checking and access path declaration. All the relevant application development information is automatically exported from the CANopen project to the software project of each application programmable device. Monitoring, troubleshooting, and rapid control prototyping (RCP) can be supported by the exported communication description. The completed CANopen project automatically serves the device configuration in assembly and service.
The process image located in the object dictionary also serves communication between the functions or applications inside the same device  and can be shared by different fieldbuses . Software layers above the process image are not necessarily required with CANopen. The internal object access type can be defined as RWx (read and write access) to enable bidirectional access inside the producer device. The external access type should be defined as RWR (read write on process input) to enable information distribution to the network. Access type RWW (read write on process output) should always be used for incoming signals, as they can be shared by multiple applications.
Parameters are stationary variables controlling the behavior of a software; their values are changed sporadically and in CANopen systems typically are stored locally in each device   .
Parameters of application programmable CANopen devices must always be located in a manufacturer-specific area of the object dictionary. The only exception occurs if device profile compliant behavior is included. Then parameters must be located according to the corresponding device profile. It is recommended to organize application-specific parameters as groups separated from the platform-specific objects; standards do not define the organization of parameter objects. Different approaches to access parameters exist, for example, linking global variables to objects or using access functions or function blocks.
– Dr. Heikki Saha, M.Sc Automation, Dr. Tech. Electronics, is chief technology officer, TK Engineering Oy; edited by Anisa Samarxhiu, digital project manager, email@example.com.
- Model-based design has become mainstream in the industry, but it has been used mostly for development of individual control functions or devices, not entire control systems.
- Model-based designs have become attractive because of the inefficiencies of the existing approaches.
- Using IEC 61131-3 programming languages for the evaluation is increasing because they are well standardized.
- The CANopen system management process defines the interface management through the system’s lifecycle from application interface description to spare part configuration download.
How would you use a model-based design?
See related articles below as well as other CAN in Automation articles.
 Laakso M., Distributed System Design Flow: Fieldbus Modeling, Master’s thesis, TUT, 2008, p. 78.
 Saha H., Improving development efficiency and quality of distributed IEC 61131-3 applications with CANopen system design, Proceedings of 13th iCC, CiA, 2012, pp. 10-15-10-21.
 Saha H., Benefits of intelligent sensors and actuators throughout the system’s life cycle, The Twelfth Scandinavian International Conference on Fluid Power, May 18-20, 2011, Tampere, Finland, ISBN-978-952-15-2517-9, pp. 169-181.
 Saha H., Wikman M., Nylund P., CANopen network design and IEC 61131-3 software design, CAN-Newsletter 3/2009, CiA, 2009, pp. 52-58.
 Tisserant E., Bessard L., Trelat G., Automated CANopen PDO Mapping of IEC 61131-3 Directly Represented Variables, Proceedings of 12th iCC, CiA, 2008, pp. 06-08-06-13.
 Rostan M., Hoppe G., Generic Fieldbus Application Program Interface for Windows, Proceedings of the 7th iCC, CiA, 2000, p. 7.
 Safety of machinery. Functional safety of safety-related electrical, electronic and programmable electronic control systems, EN 62061, p. 198.
 Additional application layer functions, Part 4: Network variables and process image, CiA-302-4, CiA.
 Conrad M., Verification and Validation According to ISO 26262: A Workflow to Facilitate the Development of High-Integrity Software, SAE.
 Murphy B., Wakefield A., Friedman J., Best Practices for Verification, Validation, and Test in Model-Based Design, SAE, 2008-01-1469.
 Thate J. M., Kendrick L. E., Nadarajah S., Caterpillar Automatic Code Generation, SAE World Congress, 2004-01-0894.
 Anthony M., Friedman J., Model-Based Design for Large Safety-Critical Systems: A Discussion Regarding Model Architecture.
 Nadarajah S., Large Scale Modeling and Simulation of Propulsion Systems, SAE, 2007-01-1645.
 Anthony M., Behr M., Model-Based Design for Large High Integrity Systems: A Discussion on Data Modeling and Management, AAS 10-023.
 Anthony M., Behr M., Jardin M., Ruff R., Model-Based Design for Large High-Integrity Systems: A Discussion on Verification and Validation.
 Markkula M., Rokala M., Palonen T., Alarotu V., Helminen M., Koskinen K. T., Utilization of the Hydraulic Engineering Design Information for Semi-Automatic Simulation Model Generation, Proceedings of The 12th Scandinavian International Conference on Fluid Power, 2011, ISBN 978-952-15-2522-3.
 Erkkinen T., Conrad M., Safety-Critical Development Using Automatic Production Code Generation, SAE 207-01-1493.
 Dillaber E., Kendrick L., Jin W., Reddy V., Pragmatic Strategies for Adopting Model-Based Design for Embedded Applications, SAE 2010-01-0935.
 Saha H., Accelerated transfers of CANopen projects into assembly and service, CAN Newsletter 4/2012, CiA, 2012, pp. 17-20.
 Saha H., Experimental CANopen EEC management, CAN Newsletter 1/2013, CiA, 2013, pp. 12-18.
See related articles from Control Engineering below.