Architecture Modeling - SPES 2020

More documents

Recommendations

Info

Architecture Modeling • Logical components are allocated to a technical system that distinguishes software, processing and communication hardware, mechanical, hydraulic, and electrical components. • The technical components are finally allocated to a geometrical space. The design phases may be performed on different levels of abstraction, representing different refinements of the initial design. It should be noted that the SPESMM does not define a concrete design flow. For example, not all design phases have to be performed on all abstraction levels. Even the number of abstraction levels and perspectives may vary between different design processes. We can however identify a set of primitive design steps that are repeatedly applied during such design processes. More precisely, each design step identified in a certain process supported by the SPESMM can typically be broken into a sequence of such primitive steps: Decomposition Most component types defined in the SPESMM can be decomposed. That is, components are broken down into smaller parts, or sub-components. This includes for example functions that are decomposed into sub-functions, and the decomposition of logical components. Allocation Components within different perspectives of a design are entangled in that they represent (partly) the same system entities. Functions for example are allocated onto logical components. Realization During the design process, the same system may be represented at different levels of abstraction. We say, the system at a certain abstraction level (and the same perspective) realizes the system at the higher levels. Implementation Finally, components gets implemented. Depending on the perspective and abstraction level, implementations may be automata models, StateCharts, MatLab models, and even C-Code. Given a characterization of the responsibilities of a component and an implementation, does it satisfy the responsibilities? Each design step introduces a set of proof obligations clearly defining under which conditions all responsibilities of the involved design artifacts are satisfied. This in advance allows to define clear interfaces between the responsibilities of all engineers involved in a design process. In the following, the corresponding proof obligations and involved model artifacts for each identified primitive design step shall be discussed. 4.1 Formalizing Requirement Specifications with Contracts In order to define how modeling along the SPESMM supports the primitive design steps, it is important to understand the concept of contracts. In short, contracts characterize components following the assume/guarantee reasoning style: • The assumption of a contract defines under which environment conditions a component is expected to work, and • the guarantee characterizes ensured behavior of the component, given that the assumptions are satisfied. 46/ 156
Architecture Modeling Assume/guarantee reasoning is known for a long time. Various formal foundations exist providing means to validation and verification of a design, and to ensure validity of design steps such as decomposition and refinement. Contract based design with explicated assumptions is however also a design philosophy: • Contracts allow to differentiate responsibilities. A component is responsible to satisfy its guarantees. But contracts also define responsibilities of the environment of the component, that is, the conditions under which the guarantee holds. • Contracts enable reuse. When a component is designed, the contexts it is expected to work properly can be specified by means of (strong) assumptions. Given for example a braking system of a car, one could state the requirement that the component BrakingSystem must be able to absorb a certain amount of kinetic energy (depending, beside other, on the mass and maximum speed of the car) within some maximum time. Such requirement can be stated in terms of a contract. While the respective component is required to perform its action within a maximal time span, the requirement also states that this only holds for a certain maximum energy to absorb. Obviously, the component cannot (and should not) be responsible to bound the kinetic energy of the whole car, but only to absorb it fast enough. This indeed has also impact on the proof obligations for that component: For any implementation of that component for example, it does not have to be verified that it satisfies the requirement under all possible conditions, but only for those defined by the assumption. Moreover, the component, once validated for all possible environments defined by the assumption, can be used in any such context without further satisfaction validation. However, other proof obligations exist for such cases, as explained in Section 4.2. To be more formal, a contract C of a component as defined in the SPESMM is a triple C := (As,Aw,G) where As and Aw are the assumptions, and G is the guarantee of the contract. The distinction between strong (As) and weak assumptions (Aw) deviates from traditional assume/guarantee approaches, and affects two aspects when dealing with contracts: From a methodological point of view, it may be desired for contracts to distinguish two types of assumptions. Strong assumptions characterize the environment of the component to work correctly (strong assumptions). Such characterization may be further refined by weak assumptions, discriminating for example different contexts of the respective component (weak assumptions). In this sense, strong assumptions rather correspond to the traditional idea of assume/guarantee reasoning discussed before, while weak assumptions rather correspond to different settings in which the component is intended to be used. This shall become more clear by an example: • An air conditioning system of an airplane shall provide air of a certain quantity, temperature range and humidity to the fuselage. • A requirement may define for example the range of environmental conditions under which the air conditioning system shall operate, say at an altitude between 0 and 12500m. In our context, this requirement would be expressed as a strong assumption. • Other requirements typically discriminate different modes of operation. For example, the air temperature provided may be different when the air conditioning systems works in normal operation mode, and when some components have failures. 47/ 156
Page 1 and 2: Architecture Modeling ∗ Andreas B
Page 3 and 4: Contents 1 Introduction 1 2 Quick-T
Page 5 and 6: 1 Introduction This document propos
Page 7 and 8: Architecture Modeling allowing to m
Page 9 and 10: Architecture Modeling creating a vi
Page 11 and 12: Architecture Modeling the design it
Page 13 and 14: Architecture Modeling of the logica
Page 15 and 16: Architecture Modeling realization o
Page 17 and 18: Architecture Modeling can usually o
Page 19 and 20: 3 The Architecture Meta-Model In Se
Page 21 and 22: Abstraction-Levels (detail increase
Page 23 and 24: 3.2.2 Functional Perspective Archit
Page 25 and 26: Architecture Modeling The semantics
Page 27 and 28: Architecture Modeling expressed by
Page 29 and 30: Architecture Modeling computing cap
Page 31 and 32: 3.2.5 Geometrical Perspective Archi
Page 33 and 34: ShapeCompositionOperator intersecti
Page 35 and 36: Architecture Modeling The constrain
Page 37 and 38: Architecture Modeling of particular
Page 39 and 40: Architecture Modeling Shape that de
Page 41 and 42: Architecture Modeling Conjugation o
Page 43 and 44: RichComponent Architecture Modeling
Page 45 and 46: MultiplicityElement +part 0..* Rich
Page 47 and 48: ComponentC Architecture Modeling pa
Page 49: 4 Steps in Component-Based Design T
Page 53 and 54: Architecture Modeling When specifyi
Page 55 and 56: Architecture Modeling next selectio
Page 57 and 58: Architecture Modeling ports must ha
Page 59 and 60: established if (and only if): Archi
Page 61 and 62: 12°C < tempSelect < 35°C actTemp
Page 63 and 64: Architecture Modeling The component
Page 65 and 66: Architecture Modeling 4.3.2 Establi
Page 67 and 68: Architecture Modeling a mapping is
Page 69 and 70: Architecture Modeling Another impor
Page 71 and 72: 5 Using the Architecture Meta-Model
Page 73 and 74: Architecture Modeling Design proces
Page 75 and 76: Architecture Modeling abstraction l
Page 77 and 78: Pwr1 Pedal_Pos1 Pwr2 Pedal_Pos2 CMD
Page 79 and 80: Architecture Modeling Figure 5.4: O
Page 81 and 82: Architecture Modeling Figure 5.7: L
Page 83 and 84: Architecture Modeling Figure 5.9: T
Page 85 and 86: Architecture Modeling Figure 5.12:
Page 89 and 90: Architecture Modeling However this
Page 91 and 92: Architecture Modeling The considera
Page 97 and 98: Architecture Modeling tasks Command
Page 99 and 100: Architecture Modeling of the V, suc
Page 101 and 102:
Architecture Modeling thus decorate
Page 103 and 104:
Architecture Modeling In summary, P
Page 105 and 106:
Architecture Modeling OEMs are incr
Page 107 and 108:
Architecture Modeling provide effec
Page 109 and 110:
Architecture Modeling Figure 5.24:
Page 111 and 112:
Architecture Modeling patterns, cap
Page 113 and 114:
Architecture Modeling 6.1 Syntax an
Page 115 and 116:
6.1.1.1.1 Attribuute Definit tion a
Page 117 and 118:
Constrrain Eventts with Co ondition
Page 119 and 120:
These events used in the “and the
Page 121 and 122:
Formalization: whenever StartButton
Page 123 and 124:
Architecture Modeling Basic bloock
Page 125 and 126:
6.1.1.1.1.3 Conditions Conditions c
Page 127 and 128:
6.1.1.1.2.2 Seammless Con ncatenati
Page 129 and 130:
e3 && (clk==0) e1 idle pre e1 idle
Page 131 and 132:
Pattern whenever event occurs condi
Page 133 and 134:
If the brake force is above 80% for
Page 135 and 136:
Pattern S3: Failure shall not be ca
Page 137 and 138:
Pattern S9: failureCondition failur
Page 139 and 140:
Pattern R2: Event occurs each perio
Page 141 and 142:
idle e1 |clk:=0 e2 && (l
Page 143 and 144:
The function : allocates a singl
Page 145 and 146:
Examplees of clocks: • Run: {c=0@
Page 147 and 148:
Architecture Modeling 1. For σ ∈
Page 149 and 150:
Architecture Modeling Traces accord
Page 151 and 152:
Architecture Modeling Definition 6.
Page 153 and 154:
Architecture Modeling the one given
Page 155 and 156:
Architecture Modeling Decomposition
Page 157 and 158:
Bibliography [1] ARINC 653 - Avioni
Page 159 and 160:
Architecture Modeling [26] Holger G
show all

Architecture Modeling - SPES 2020

Create successful ePaper yourself

Delete template?

Save as template?