Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

Model and Verify the architecture of a Satellite Central Flight Software -

advertisement 
AADL Subcommittee Meeting, Überlingen – 10. to 13. July 2006
Model and Verify the architecture of
a Satellite Central Flight Software
Dave Thomas (dave.thomas@astrium.eads.net)
EADS Astrium © 2006
The ArchiDyn study
• Goal: to use AADL (with the behavior annex provided by IRIT) to
describe the dynamics of satellite central flight software and analyze
the contribution of modeling techniques in its validation.
• Modeling part: three levels of abstraction corresponding to three
AADL models
– L0: functional architecture (specification)
– L1: logical architecture (design)
– L2: concrete architecture (detailed design / implementation).
• Process & Methodology exploration part: a model-based approach
for the construction and the validation of software architectures,
allowing to check as soon as possible and gradually the
implementation of satellite central software.
Page 2
Satellite central flight software modeling - AADL Subcommittee Meeting, Uberlingen - 2006/07/12
EADS Astrium © 2006
AADL modeling: Views and Concerns
ARCHITECTURE : Views
L0
ANALYSIS : Concerns
Dataflows View (URD)
L2
Structural View (SRD)
AOCS
ACC
Device
Logical behavior
Device
AOCS
Temporal behavior
AOCS_MGR
Ressource analysis
125ms
AOCS_CYCL
RQ
ICB_END_ACQ
DHS
ACC
AOCS_END_ACC
APFW_BASE
AVB_DORIS_ACQ
DO
L1
Page 3
TC_BUS
Dynamic View (ADD)
Satellite central flight software modeling - AADL Subcommittee Meeting, Uberlingen - 2006/07/12
EADS Astrium © 2006
Levels of abstractions
'
-
/
+
)
.
*&
&
'
'
,
'
'
%
!
$
Page 4
(
Satellite central flight software modeling - AADL Subcommittee Meeting, Uberlingen - 2006/07/12
"
#
EADS Astrium © 2006
L0 Level: Functional Architecture (specification)
•
AOCS
SYSTEM
Modes (L0.1)
Mode1
Mode1
Mode 2
Mode 2
– Communicating automata
Mode 2
– Mode switching procedures
PAYLOAD
Mode1
Mode 2
•
Structural / Data flow (L0.2)
– TM/TC
Mode1
Manager
– FDIR alarms
Mode 2
(mode
dependant)
FDIR Req
(mode
dependant)
– Devices
Req
REQ
handling
(mode dependant)
Page 5
FDIR
Strategy
Satellite central flight software modeling - AADL Subcommittee Meeting, Uberlingen - 2006/07/12
Functions
(mode
dependant)
TM
handling
TM
(mode dependant)
EADS Astrium © 2006
L0 Level: some AADL issues
•
Mode switch procedures: how to
describe actions to start when a
mode switch occurs
Composites states/modes
•
1
2.1
2.2
AOCS
SYSTEM
1
Mode1
Mode1
3
Mode 2
Mode 2
2.1
Mode 2
2.2
PAYLOAD
Mode1
1
2
3
3
Mode 2
2.1
2.2
Page 6
Satellite central flight software modeling - AADL Subcommittee Meeting, Uberlingen - 2006/07/12
EADS Astrium © 2006
L1 Model: dynamic architecture (design)
•
L1.0: semi-automatically generated
model from L0.2
– Support to design through the use of
patterns
SYSTEM
N0.2
MGR
RQ
T
C
N1.0
AOCS
20 ms
125ms
SYSTEM
AOCS
ASYNC
ASYNC
– Reuse L0 information through thread
binding mechanism
•
SYSTEM
20ms
125ms
CYCL
AOCS
ASYNC
ASYNC
CYCL1
125ms
CYCL2
20ms
125ms
CYCL
CYCL1
125ms
CYCL2
L1.1: temporal properties (L1.1)
– Dispatch protocol
– Compute execution time
– Deadline
•
Simulation possible using Cheddar
Page 7
Satellite central flight software modeling - AADL Subcommittee Meeting, Uberlingen - 2006/07/12
EADS Astrium © 2006
L1 Model: Thread binding
•
Traceability link: which thread executes a given function
SYSTEM
Mode
switching
T
C
Monitoring
AOCS
B
U
S
125ms
SYS_CYCL
Page 8
Satellite central flight software modeling - AADL Subcommittee Meeting, Uberlingen - 2006/07/12
EADS Astrium © 2006
L1 Model: how to model tasks synchronizations ?
•
T1
L1.2: Periodic tasks have to
synchronize with IO events
T2
– Tasks “with suspension”
125ms
Behaviour
Annex
125ms
Dispatch
Computation (5ms)
Complete
T1.1
125ms
T1.1
Synchro !
Computation (1ms)
T1.2
T1.2
Depends_Upon => (T1.1) ;
125ms
125ms
125ms
Dispatch
T2.1
&
?9
Page
Dispatch
Complete
T2.2
T2.1
Computation (2ms)
Depends_Upon
=> (T2.1, T1.1) ;
Synchro ?
Computation (2ms)
T2.2
Depends_Upon => (T2.1, T1.1) ;
Satellite central flight software modeling - AADL Subcommittee Meeting,
Uberlingen - 2006/07/12
EADS Astrium © 2006
L1 Model: modeling issues
Event combination
• Multiple deadlines
•
125ms
PLB_PL_ACQ
PF_END_ACC
AOCS_END_ACC
Page 10
PL_CYCL
RQ
1.9 ms
75.4 ms
ACC
3.8 ms
74.3 ms
DO
1.9 ms
114.7 ms
&
Satellite central flight software modeling - AADL Subcommittee Meeting, Uberlingen - 2006/07/12
EADS Astrium © 2006
L1 Model: Environment model (contracts ?)
– New properties to describe hypothesis on features
– Allow to simulate and verify step by step the model (even noncomplete)
– Unitary tests when ports are not connected (hypothesis on env.)
– Then port connections replace arrival laws (integration tests)
125ms
(38 ms, 79 ms)
AVB_HDLR
INIT
(38 ms, 79 ms)
125ms
ICB_AOCS_ACQ
(36 ms)
INT_IT
AOCS_CYCL
AVB_AOCS_ACQ
RQ
2.5 ms
ACC
20 ms
DO
2.5 ms
&
AVB_AOCS_ACQ
(38 ms)
INT_IT
(116 ms)
(116 ms)
AVB_DORIS_ACQ
AOCS_DAS
AVB_DORIS_ACQ
EOF_IT
EOF
Page 11
(79 ms)
Satellite central flight software modeling - AADL Subcommittee Meeting, Uberlingen - 2006/07/12
EADS Astrium © 2006
L2 model: Concrete architecture (detailed design)
SW static architecture + Platform
• Object-oriented design : objects,
FCT
methods, data => data components
• RTOS API, User libraries => packages SWR
& hierarchical data components
HAL
•
Page 12
MGR
Satellite central flight software modeling - AADL Subcommittee Meeting, Uberlingen - 2006/07/12
CTRL
THR_CTRL
Get_State
Switch_On
Switch_Of
EADS Astrium © 2006
L2 model: platform dependent design
•
Manage the way the architecture is implemented through
connections mapping
– Which object, mechanism or primitive provided by the execution platform is
used to implement the L1 model
AOCS
ARO_REQ
•
•
Can be semi-automatically generated
from L1 through implementation
patterns
PF
SYS
TC
TC_HDLR
SYS
PF
PF
TC_BUS
PF.GetFailed
Allow to detect a shared data that has
to be protected
PL
Receive_Primitive
=>
« PF.GetFailed »
AOCS
ARO_REQ
PF
TC
SYS
TC_HDLR
SYS
PF
PF
PL
TC_POOL
Page 13
Satellite central flight software modeling - AADL Subcommittee Meeting, Uberlingen - 2006/07/12
EADS Astrium © 2006
Process & Methodology: steps
• Identify functions & interactions
• Build a functional architecture
• Build a hardware architecture
L0
Functional
architecture
• Bind functional to hardware
• Specify / Design execution components (tasks)
• Choose / Customize execution platform (RTOS
and means of communication)
Page 14
Satellite central flight software modeling - AADL Subcommittee Meeting, Uberlingen - 2006/07/12
L1
Logical
architecture
L2
Concrete
architecture
EADS Astrium © 2006
Process & Methodology: steps
• Identify
functions & interactions
Objectives:
& Iterative approach
• Build aIncremental
functional architecture
using patterns
and refinements
• Build a hardware
architecture
between each increment or iteration
L0
Functional
architecture
• Bind functional to hardware
Go downward to code generation
• Specify / Design execution components (tasks)
progressive modeling, the model is
kept during all the life cycle
• Choose / Define execution platform (RTOS and
means of communication)
Page 15
Satellite central flight software modeling - AADL Subcommittee Meeting, Uberlingen - 2006/07/12
L1
Logical
architecture
L2
Concrete
architecture
EADS Astrium © 2006
AOCS
SYSTEM
Mode1
20 ms
RTC
Mode2
ICB
T
C
Processor
125ms
L0 -> L1 Patterns
SYSTEM
RTC_
HDLR
ASYNC
125ms
CYCL
AOCS
ASYNC
20ms
CYCL2
125ms
CYCL2
ANALYSIS
ICB_HDLR
Temporal characteristics
CPU Load
SYSTEM
RTC_
HDLR
4 ms
125ms
6 ms
63 %
AOCS
2500 ms
20ms
5 ms
125ms
33 ms
Critical tasks
scheduling
T1
T2
Ti
ICB_HDLR
Page 16
Satellite central flight software modeling - AADL Subcommittee Meeting, Uberlingen - 2006/07/12
EADS Astrium © 2006
Automata
(behavior refinement
SYSTEM
AOCS
RTC_
HDLR
20ms
T1
125ms
&
T2
0 "
Ti
125ms
ICB_HDLR
Data flows
SYSTEM
AOCS
RTC_
HDLR
20ms
125ms
"
125ms
ICB_HDLR
Concrete mechanisms
Implementation Patterns
SYSTEM
AOCS
RTC_
HDLR
20ms
,
'
125ms
Page 17
125ms
ICB_HDLR
Satellite central flight software modeling - AADL Subcommittee Meeting, Uberlingen - 2006/07/12
EADS Astrium © 2006
Progressive modeling
v1
v2
v3
N0
N1
N2
Page 18
Satellite central flight software modeling - AADL Subcommittee Meeting, Uberlingen - 2006/07/12
EADS Astrium © 2006
Models layout
URD/SRD
HW
ADD
CDD
OBSW
OBSW.v1
Page 19
OBSW.v2
OBSW.v3
Satellite central flight software modeling - AADL Subcommittee Meeting, Uberlingen - 2006/07/12
EADS Astrium © 2006
AADL Assessment: Benefits
• Currently no language is used to support Level 1 activities. AADL is
a very good candidate to improve them.
• System view : functional, software, hardware
• Modes: highly used in space systems
– AOCS modes
– System modes
– Hardware modes
• Reuse
– Components
– Patterns / Frameworks
Page 20
Satellite central flight software modeling - AADL Subcommittee Meeting, Uberlingen - 2006/07/12
EADS Astrium © 2006
AADL Assessment: some issues…
Modeling issues
• Structure Vs Behavior
• Linked threads or behavior
annex
• Logical / Concrete (dispatch,
protocols, …)
Wish list
• Composite states
• Mode dependent features
• Connection binding
• Interrupt handling (IT handlers)
• Thread dispatch refinement
• Nested port connections
Osate issues
• Multiple inheritance
• Subpackages
• Double-Port memory modeling
• Data subcomponent access
• Variable dequeue protocols
• …
• Event combination
Topcased issues
• Abstract ports
• Access connections
• Data subprogram reference
• Diagram export function
• …
Satellite central flight software modeling - AADL Subcommittee Meeting, Uberlingen - 2006/07/12
Page 21
EADS Astrium © 2006
• …
Limitations
• Tools
– Graphical editor
– Model transformation, links between models (binding),
– Analysis
• Language
– Behavior annex status
• Modeling
– Modeling rules for quality
– Version management (iterations, increments, …)
– Behavior description guidelines (several abstraction levels)
Page 22
Satellite central flight software modeling - AADL Subcommittee Meeting, Uberlingen - 2006/07/12
EADS Astrium © 2006
Perspectives: Model-based engineering at Astrium
• Objectives
– Support to system & software design (including reuse)
– Support to early V&V
– Support to automatic code generation (also for rapid prototyping)
• Perspectives
– L-1: Matlab/Simulink and UML
– L0: UML
– L1: AADL
– L2: we do not really require such a detailed model
Page 23
Satellite central flight software modeling - AADL Subcommittee Meeting, Uberlingen - 2006/07/12
EADS Astrium © 2006
AADL Subcommittee Meeting, Überlingen – 10. to 13. July 2006
Questions ?
EADS Astrium © 2006
Related documents
CpSc 871 MidTerm Exam
CpSc 871 MidTerm Exam
Document12289139 12289139
Document12289139 12289139
Taiwan`s space programs and Introduction to Spacecraft Attitude
Taiwan`s space programs and Introduction to Spacecraft Attitude
SYSE 802
SYSE 802
Download
advertisement