Architecture Modeling - SPES 2020

More documents

Recommendations

Info

Architecture Modeling flight incidents, the Code of Practice proposed by the Prevent Project using guiding questions to assess the completeness of requirements in the concept phase of the development of advanced driver assistance systems, use-case analysis methods as advocated for UML based development process, where an initial stakeholder based analysis is refined by scenarios capturing the typical interactions between actors and the system-under-development, and the various approaches based on rapid prototyping, including virtual reality based mock-ups. A common theme of these approaches is the intent to systematically identify those aspects of the environment of the system under development (SUD) (subsuming the physical environment, the operator of the system, and – for systems-of-systems – other “surrounding” systems) whose observability is necessary and sufficient to achieve the system requirements. As examples of extensions of systems parameters based on such heuristic approaches, we mention the need to observe, whether the aircraft is on-ground (as required to prevent inadvertent activation of reverse thrust of engines when in cruise flight), blind-spot detection coupled with lane change assistance systems warning against lane changes in critical traffic situations, or train-integrity control in ETCS-based train-safety systems. Once this perimeter of the system-under-development is identified, the challenge rests in characterizing those conditions on the environment, under which the system is expected to perform according to its requirements. For example, advanced driver assistance systems dependent on image processing for obstacle detection from video streams will be automatically de-activated or switched to a degraded mode in complex lighting conditions. As other classes of environment assumptions we mention assumed boundary values of physical parameters, such as maximal relative and absolute speed of vehicles, maximal acceleration, types of road conditions, curve radiuses on highways, traffic rules, average and worst case distributions of arrival processes of systems in the environment, etc. The approach taken by the Code of Practice can be generalized to other domains, using a Hazop-style analysis [45], where for each identified class of interaction between actor and SUD and for each viewpoint specific guide-words could be used to probe for undesired interactions or interferences, which should be excluded. An initial phase of refining requirements to contracts is an important step in the design methodology we describe in this paper. Based on a determined system boundary, responsibilities of achieving requirements are split into those to be established by the system-underdevelopment (the “guarantees” of the contract) and those characterizing admissible environments of the system-under-development (the “assumptions” of the contract). To further strengthen the capabilities for improving the quality of initial specifications, we advocate the use of formal specification languages for expressing these, where the particular shape of such formalizations is viewpoint and domain dependent. Examples include the usage of failure propagation models for safety contracts, the use of probabilistic timed automata to specify arrival processes, the use of live sequence charts for capturing scenarios in the interaction of actors and systems [44], or the pattern-based contract specification language initially developed by the integrated project SPEEDS, and further refined and elaborated to the RSL language presented in the Annex advocated for usage in SPES. All these enable what Harel called “playing out” for the particular case of live sequence charts, i. e. the use of formalized contract specifications to generate trajectories of interface observations compliant to the currently derived set of contracts. Such simulation capabilities turn out to be instrumental in further refining our specifications: typically, they will exhibit unexpected traces, e. g. due to an insufficient restriction of the environment, or only partially specified system reactions. Using contracts resting on logic based formalisms comes with the advantage, that such “spurious” unwanted behaviors can be excluded by “throwing in” additional contracts, or strengthening assumptions, or by considering additional cases for guarantees. A second advantage of such formalized contracts rests in the now available methods for checking for consistency: the formalism mentioned above do 102/ 156
Architecture Modeling provide effective tests, whether a set of contracts is realizable, or whether, in contrast, facets of these are inherently conflicting, and thus no implementation is feasible. 5.2.4 Coping with Multi-Layer Design Optimization System designs are often the result of modifications of previous designs with the attempt of minimizing risks and reducing delays and design costs. While this was an effective way of bringing new products to market in the past, with the increase in demand for new functionality and the advances of the implementation platforms, this strategy has yielded more problems than it has fixed. Hence, there has been a constant progression towards thinking through anew the requirements and the implementation strategies. However, there is a shared consensus that in most of the cases the designs are not optimized in the sense that the full exploitation of the new opportunities technology offers is not achieved and that having visibility of the available options and an evaluation framework for design alternatives are a sorely missing capability. An ideal scenario for optimization is to have access to the entire design space at the lowest possible level of abstraction and then run a global optimization algorithm that could select these components satisfying constraints and optimizing multiple criteria involving non-functional aspects of the design. Unfortunately this approach is obviously out of the question for most designs given the size of the design space and the capabilities of optimization algorithms. What is possible is to select solutions in a pre-selected design space where the number of alternatives to choose from is finite and searchable by state-of-the-art optimization programs. Indeed, the platform-based design paradigm offers scaffolding that would support this approach. In fact, at any abstraction layer, we need to optimize with respect to the components of the platform. The selection process will have to look only at feasible combinations of the components as dictated by the composability of contracts! If we take this argument further, we need also to formulate the optimization problem that has to be solved. The basic question to be asked is whether a particular legal composition of available components implements the given functionality and satisfies the constraints expressed by the contracts. The question is then one of how to assess whether the composition “covers” the functionality and of how to compute the non-functional quantities for the composition given the ones of the components. The second part of the question can be answered if analysis methods for non-functional aspects of components and there composition is available. The first question is more complex to answer since there is no evidence that the semantics of the global functionality and the one of the components be congruent. This aspect is at the heart of heterogeneous design. Several approaches have been tried but not in the optimization context. In the platform-based design context, there is a way of determining how to link functionality and solutions and to set up a generic optimization framework. This approach has been inspired by the optimization work done in logic synthesis, a mainstay of the design flow used in integrated circuit design. The mapping step is the core of platform-based design process, and greatly affects the performance of the implemented system. However, it has been performed manually for most test cases presented in literature. As the design methodology solidifies and design environments such as Metropolis [21] are built to support it, there is a clear need for automatic optimized mapping processes to increase productivity and design quality. To automate the mapping process, we need to formulate the optimization problem in rigorous mathematical terms. We proposed a mathematical formalism and a procedure for the PBD mapping process in [43]. To explain the basic ideas of the process, we consider first the analogous, but simpler case in the EDA domain, the classic logic synthesis flow [48]. In this flow, the behavioral portion of the design is captured using Register Transfer Languages (RTLs) such as Verilog and VHDL. 103/ 156
Page 1 and 2:
Architecture Modeling ∗ Andreas B
Page 3 and 4:
Contents 1 Introduction 1 2 Quick-T
Page 5 and 6:
1 Introduction This document propos
Page 7 and 8:
Architecture Modeling allowing to m
Page 9 and 10:
Architecture Modeling creating a vi
Page 11 and 12:
Architecture Modeling the design it
Page 13 and 14:
Architecture Modeling of the logica
Page 15 and 16:
Architecture Modeling realization o
Page 17 and 18:
Architecture Modeling can usually o
Page 19 and 20:
3 The Architecture Meta-Model In Se
Page 21 and 22:
Abstraction-Levels (detail increase
Page 23 and 24:
3.2.2 Functional Perspective Archit
Page 25 and 26:
Architecture Modeling The semantics
Page 27 and 28:
Architecture Modeling expressed by
Page 29 and 30:
Architecture Modeling computing cap
Page 31 and 32:
3.2.5 Geometrical Perspective Archi
Page 33 and 34:
ShapeCompositionOperator intersecti
Page 35 and 36:
Architecture Modeling The constrain
Page 37 and 38:
Architecture Modeling of particular
Page 39 and 40:
Architecture Modeling Shape that de
Page 41 and 42:
Architecture Modeling Conjugation o
Page 43 and 44:
RichComponent Architecture Modeling
Page 45 and 46:
MultiplicityElement +part 0..* Rich
Page 47 and 48:
ComponentC Architecture Modeling pa
Page 49 and 50:
4 Steps in Component-Based Design T
Page 51 and 52:
Architecture Modeling Assume/guaran
Page 53 and 54:
Architecture Modeling When specifyi
Page 55 and 56: Architecture Modeling next selectio
Page 57 and 58: Architecture Modeling ports must ha
Page 59 and 60: established if (and only if): Archi
Page 61 and 62: 12°C < tempSelect < 35°C actTemp
Page 63 and 64: Architecture Modeling The component
Page 65 and 66: Architecture Modeling 4.3.2 Establi
Page 67 and 68: Architecture Modeling a mapping is
Page 69 and 70: Architecture Modeling Another impor
Page 71 and 72: 5 Using the Architecture Meta-Model
Page 73 and 74: Architecture Modeling Design proces
Page 75 and 76: Architecture Modeling abstraction l
Page 77 and 78: Pwr1 Pedal_Pos1 Pwr2 Pedal_Pos2 CMD
Page 79 and 80: Architecture Modeling Figure 5.4: O
Page 81 and 82: Architecture Modeling Figure 5.7: L
Page 83 and 84: Architecture Modeling Figure 5.9: T
Page 85 and 86: Architecture Modeling Figure 5.12:
Page 89 and 90: Architecture Modeling However this
Page 91 and 92: Architecture Modeling The considera
Page 97 and 98: Architecture Modeling tasks Command
Page 99 and 100: Architecture Modeling of the V, suc
Page 101 and 102: Architecture Modeling thus decorate
Page 103 and 104: Architecture Modeling In summary, P
Page 105: Architecture Modeling OEMs are incr
Page 111 and 112: Architecture Modeling patterns, cap
Page 113 and 114: Architecture Modeling 6.1 Syntax an
Page 115 and 116: 6.1.1.1.1 Attribuute Definit tion a
Page 117 and 118: Constrrain Eventts with Co ondition
Page 119 and 120: These events used in the “and the
Page 121 and 122: Formalization: whenever StartButton
Page 123 and 124: Architecture Modeling Basic bloock
Page 125 and 126: 6.1.1.1.1.3 Conditions Conditions c
Page 127 and 128: 6.1.1.1.2.2 Seammless Con ncatenati
Page 129 and 130: e3 && (clk==0) e1 idle pre e1 idle
Page 131 and 132: Pattern whenever event occurs condi
Page 133 and 134: If the brake force is above 80% for
Page 135 and 136: Pattern S3: Failure shall not be ca
Page 137 and 138: Pattern S9: failureCondition failur
Page 139 and 140: Pattern R2: Event occurs each perio
Page 141 and 142: idle e1 |clk:=0 e2 && (l
Page 143 and 144: The function : allocates a singl
Page 145 and 146: Examplees of clocks: • Run: {c=0@
Page 147 and 148: Architecture Modeling 1. For σ ∈
Page 149 and 150: Architecture Modeling Traces accord
Page 151 and 152: Architecture Modeling Definition 6.
Page 153 and 154: Architecture Modeling the one given
Page 155 and 156: Architecture Modeling Decomposition
Page 157 and 158:
Bibliography [1] ARINC 653 - Avioni
Page 159 and 160:
Architecture Modeling [26] Holger G
show all

Architecture Modeling - SPES 2020

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?