Model-Based Engineering for the Development of ... - Julien Delange
28.11.2014 Views
Share Embed Flag

Model-Based Engineering for the Development of ... - Julien Delange

Model-Based Engineering for the Development of ... - Julien Delange

Model-Based Engineering for the Development of ... - Julien Delange

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
julien.gunnm.org

You also want an ePaper? Increase the reach of your titles

YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.

START NOW

<strong>Model</strong>-<strong>Based</strong> <strong>Engineering</strong> <strong>for</strong><br />

<strong>the</strong> <strong>Development</strong> <strong>of</strong> ARINC653<br />

Architectures<br />

SAE 2009 AeroTech<br />

Congress and Exhibition<br />

<strong>Julien</strong> <strong>Delange</strong><br />

Olivier Gilles<br />

Jérôme Hugues<br />

Laurent Pautet

Context<br />

ARINC653 systems<br />

• Time & space isolation across partitions<br />

• Avoid error propagation, limit damages<br />

Partition 1 Partition 2<br />

Rigorous development process<br />

ARINC kernel<br />

• Compliance with certification standards (DO178B)<br />

• Verify that implementation is compliant with specifications<br />

ARINC653 architectures development is still difficult<br />

• Manual translation <strong>of</strong> specifications to implementation<br />

• Huge costs <strong>of</strong> verification and certification<br />

2 AEROTECH09<br />

<strong>Model</strong>-<strong>Based</strong> <strong>Engineering</strong> <strong>for</strong> <strong>the</strong> <strong>Development</strong><br />

<strong>of</strong> ARINC653 Architectures

Addressing development process complexity<br />

<strong>Model</strong>-Driven <strong>Engineering</strong><br />

• Approaches/languages <strong>for</strong> modeling<br />

• Support <strong>for</strong> system verification<br />

• <strong>Model</strong>ing language as source language <strong>for</strong> implementation<br />

AADL, a modeling language <strong>for</strong> safety-critical systems<br />

• Safety-critical systems modeling<br />

• Describe hardware and s<strong>of</strong>tware concerns<br />

• Prone to system analysis<br />

• Used in several projects (AVSI, Flex-eWare, ASSERT, ...)<br />

3 AEROTECH09<br />

<strong>Model</strong>-<strong>Based</strong> <strong>Engineering</strong> <strong>for</strong> <strong>the</strong> <strong>Development</strong><br />

<strong>of</strong> ARINC653 Architectures

AADL, backbone language <strong>for</strong> 653 systems<br />

ARINC653 modeling<br />

• Partitions representation/specification<br />

• Time and space isolation modeling<br />

Requirements<br />

Verification<br />

(REAL)<br />

A A D L m o d e l s<br />

System verification<br />

• Check system requirements<br />

• Detect design errors at an early stage<br />

in <strong>the</strong> development process<br />

Implementation<br />

en<strong>for</strong>ces verified<br />

requirements<br />

Automatic<br />

Implementation<br />

(Ocarina/POK)<br />

Automatic implementation<br />

• En<strong>for</strong>ce specification requirements<br />

• Avoid errors <strong>of</strong> traditional development methods<br />

4 AEROTECH09<br />

<strong>Model</strong>-<strong>Based</strong> <strong>Engineering</strong> <strong>for</strong> <strong>the</strong> <strong>Development</strong><br />

<strong>of</strong> ARINC653 Architectures

ARINC653 system modeling with AADL<br />

ARINC653 module modeling with processor component<br />

• Specify partitions scheduling requirements<br />

(major frame, time slots and slots allocation)<br />

• Describe health monitoring (HM) configuration<br />

at module-level<br />

Requirements<br />

verification<br />

A A D L m o d e l s<br />

Partitions modeling with process and virtual processor<br />

• Process components represent partitions content<br />

• Virtual processor represent partition runtime<br />

• HM configuration at partition-level<br />

• Memory requirements (partition size ...)<br />

Task Task Task Task<br />

Partition process<br />

Automatic<br />

implementation<br />

Partition process<br />

ARINC653 annex <strong>of</strong> <strong>the</strong> AADL<br />

• Describe modeling patterns<br />

5 AEROTECH09<br />

Partition VP<br />

Partition VP<br />

ARINC653 module<br />

<strong>Model</strong>-<strong>Based</strong> <strong>Engineering</strong> <strong>for</strong> <strong>the</strong> <strong>Development</strong><br />

<strong>of</strong> ARINC653 Architectures

Requirements En<strong>for</strong>cement Analysis<br />

Language (REAL)<br />

Verification language <strong>for</strong> <strong>the</strong> AADL<br />

• Extension <strong>of</strong> <strong>the</strong> AADL ; annex language<br />

• Integrated in <strong>the</strong> Ocarina AADL toolsuite<br />

Requirements<br />

Verification<br />

(REAL)<br />

A A D L m o d e l s<br />

Verification with dedicated <strong>the</strong>orems<br />

• Formulas to check components specification<br />

• Theorems associated to AADL component<br />

• i.e: « I check that each process contains at least one thread »<br />

Automatic<br />

Implementation<br />

(Ocarina/POK)<br />

Verification <strong>of</strong> ARINC653 architectures<br />

• Set <strong>of</strong> <strong>the</strong>orems to check ARINC653 architectures with AADL<br />

6 AEROTECH09<br />

<strong>Model</strong>-<strong>Based</strong> <strong>Engineering</strong> <strong>for</strong> <strong>the</strong> <strong>Development</strong><br />

<strong>of</strong> ARINC653 Architectures

Verification patterns example (1)<br />

Partition-level scheduling correctness<br />

• Verification on each node <strong>of</strong> <strong>the</strong> distributed system<br />

• Check that sum <strong>of</strong> partitions time slots equals <strong>the</strong> major frame<br />

• Ensure that each partition is executed<br />

Partition 1<br />

needs 1 MB<br />

Timeslot : 100ms<br />

Partition 2<br />

needs 10 MB<br />

Timeslot : 200ms<br />

ARINC kernel<br />

available memory 5MB;major frame: 300ms<br />

Memory requirements<br />

• Partitions requirements (partition content < requested size)<br />

• Module requirements (module can allocate enough memory)<br />

7 AEROTECH09<br />

<strong>Model</strong>-<strong>Based</strong> <strong>Engineering</strong> <strong>for</strong> <strong>the</strong> <strong>Development</strong><br />

<strong>of</strong> ARINC653 Architectures

Verification patterns example (2)<br />

Error coverage<br />

• Errors that may be raised are handled<br />

• A recovery procedure is associated<br />

• The recovery procedure is correct<br />

(i.e: a task cannot restart <strong>the</strong> module)<br />

Recovering strategies trade-<strong>of</strong>f<br />

• Fault propagation analysis<br />

• Potential transient or permanent errors<br />

• Impact between different criticality levels<br />

Partition 1<br />

Criticality A<br />

Divide by Zero in partition 2 !<br />

Transient impact on partition 1 ?<br />

Permanent impact on partition 1?<br />

Partition 2<br />

Criticality B<br />

ARINC module<br />

8 AEROTECH09<br />

<strong>Model</strong>-<strong>Based</strong> <strong>Engineering</strong> <strong>for</strong> <strong>the</strong> <strong>Development</strong><br />

<strong>of</strong> ARINC653 Architectures

Automatic implementation <strong>of</strong> ARINC653 systems<br />

Specific toolchain <strong>for</strong> automatic implementation<br />

• Ocarina: AADL toolsuite with code generation facilities<br />

• POK: ARINC653 OS (BSD-license)<br />

En<strong>for</strong>ce specifications requirements<br />

• Specifications as source language<br />

• Avoid different specification interpretations<br />

Requirements<br />

Verification<br />

(REAL)<br />

A A D L m o d e l s<br />

Improve system confidence<br />

• Produce highly-criticaly code<br />

(ex: HM or scheduling configuration)<br />

• Specifications previously verified<br />

9 AEROTECH09<br />

<strong>Model</strong>-<strong>Based</strong> <strong>Engineering</strong> <strong>for</strong> <strong>the</strong> <strong>Development</strong><br />

<strong>of</strong> ARINC653 Architectures<br />

Automatic<br />

Implementation<br />

(Ocarina/POK)

From AADL specifications to ARINC653 code<br />

Generate module and partitions code<br />

• Configure partitions scheduling<br />

• Set memory requirements<br />

• Configure communications<br />

AADL model<br />

Ocarina<br />

Compilation with an ARINC653 OS<br />

• POK, highly configurable OS<br />

• Automatic configuration from AADL<br />

POK, ARINC653 OS<br />

Generated code<br />

Application<br />

code<br />

Integration <strong>of</strong> application-level code<br />

• Potentially from Simulink, Scade ...<br />

Compilation/Integration<br />

Binary<br />

10 AEROTECH09<br />

<strong>Model</strong>-<strong>Based</strong> <strong>Engineering</strong> <strong>for</strong> <strong>the</strong> <strong>Development</strong><br />

<strong>of</strong> ARINC653 Architectures

Generated code <strong>for</strong> safety-critical systems<br />

Analyze kernel and partitions<br />

• Generate minimal code<br />

• Remove unused services<br />

Compliance with safety-critical domain<br />

• No dynamic allocation<br />

• Low complexity algorithms<br />

Task Task Task Task<br />

Partition process<br />

Partition VP<br />

Partition VP<br />

ARINC653 module<br />

Partition process<br />

Code generation<br />

process<br />

Low memory footprint<br />

• Fit with safety-critical requirements<br />

Partition 1<br />

(~ 10 kB)<br />

ARINC kernel<br />

(~ 15 kB)<br />

Partition 2<br />

(~10 kB)<br />

11 AEROTECH09<br />

<strong>Model</strong>-<strong>Based</strong> <strong>Engineering</strong> <strong>for</strong> <strong>the</strong> <strong>Development</strong><br />

<strong>of</strong> ARINC653 Architectures

Conclusion<br />

AADL, backbone language <strong>for</strong> ARINC653 systems<br />

• Supports modeling, verification and<br />

automatic code generation<br />

• AADL annex <strong>for</strong> ARINC653 system modeling<br />

Improve implementation confidence<br />

• Implementation produced from specifications<br />

• Errors verified at model-level<br />

Ongoing work<br />

• Automatic code coverage analysis<br />

A A D L m o d e l s<br />

Requirements<br />

Verification<br />

(REAL)<br />

Automatic<br />

Implementation<br />

(Ocarina/POK)<br />

12 AEROTECH09<br />

<strong>Model</strong>-<strong>Based</strong> <strong>Engineering</strong> <strong>for</strong> <strong>the</strong> <strong>Development</strong><br />

<strong>of</strong> ARINC653 Architectures

Thanks <strong>for</strong> your attention<br />

Visit our AADL portal<br />

http://aadl.telecom-paristech.fr<br />

13 AEROTECH09<br />

<strong>Model</strong>-<strong>Based</strong> <strong>Engineering</strong> <strong>for</strong> <strong>the</strong> <strong>Development</strong><br />

<strong>of</strong> ARINC653 Architectures

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!