Model-Based Development of Safety-Relevant Electronic Control Systems for Agricultural Machines

Model-based design of software running in electronic control units has been for years now a well-established technique in the automotive industry, since it naturally matches the requirements of functional safety international standards (e.g. IEC 61508, the father of all standards). Besides some specific details, all of these standards basically share the same approach to risk assessment and to the definition of a suitable "life cycle" for the development, validation and maintenance of control systems. This applies also to agricultural machines' new specific standard, i.e. ISO 25119, thus making the methodology appealing to the agricultural industry. A Simulink-AMESim co-simulation has therefore been implemented, to take full advantage of a model-based control in conjunction with a fully featured physical functional model of the controlled hydro-mechanical system, viz. the powertrain of an agricultural machine, including a "2D" vehicle. The Simulink environment has allowed an extensive hierarchical decomposition, an easy link between model parts and the corresponding design specifications, and a seamless automatic generation of control code for the final ECU. Furthermore, applying the control to the detailed AMESim model has provided the benefits of virtual prototyping, allowing to significantly refine and validate the design before building physical prototypes and starting test-field sessions.