AADL and MDAaadl.sei.cmu.edu/aadl/documents/Yves LaCerte 05-02-07.pdf · AADL and MDA Early...
Transcript of AADL and MDAaadl.sei.cmu.edu/aadl/documents/Yves LaCerte 05-02-07.pdf · AADL and MDA Early...
AADL and MDAEarly Experience Applied to Aircraft-Weapon Integration
Yves LaCerte [email protected]
3 February 2005
2
Agenda
� Introduction� Weapon Management System - WMS� Embedded Systems� Plug and Play Concept� Architecture Analysis and Description
Language - AADL� Model Driven Architecture - MDA
3
Introduction
� The aircraft-weapon integration challenge is part of a larger integration problem, i.e.� Independent system-specific models often
create unsolvable interoperability problems
� Tower of Babel� Build a tower to the sky � Workers speak different languages� Cooperation collapsed
4
Introduction
� Semiotics, a field of linguistics� A science which studies the role of signs as part
of social life * � Syntax: structure of signs� Semantics: meaning of signs as captured by
syntax� Pragmatics: adaptable interpretation of signs
based on context
* Saussure, Ferdinand de, “Course in General Linguistics” (trans. Roy Harris), London: Duckworth, 1983
5
Agenda
� Introduction� Weapon Management System - WMS� Embedded Systems� Plug and Play Concept� Architecture Analysis and Description
Language - AADL� Model Driven Architecture - MDA
http://www.fas.org/man/dod-101/sys/ac/f-18.htm
6
Definition
NAVIGATION SYSTEM BI TSONO
SAFE
KILL
SAFE
INV
PORT
WICEO/IR
MSN
SYSCYZ
TAC
MCNAV RA D TMPS A/CTAP
LATIT UDE:
LONGITUDE:
ALTIT UDE:
AIR SP EED:
HEA DI NG:
X VELOCITY:
Y VELOCITY:
Z VELOCITY:
AZIMUT H:
PITCH:
ROLL:
WAN DE R A NGLE:
MESSAGE COU NT:
MESSAGE ERRO RS:
N42:°32’31.008”
W104°21’19.266”
18000 FT
295 KTS
45.0°T
0.111
0.222
0.333
10.0°
3.222°
1.000°
-45°
2300
1
LATIT UDE:
LONGITUDE:
ALTIT UDE:
AIR SP EED:
HEA DI NG:
X VELOCITY:
Y VELOCITY:
Z VELOCITY:
AZIMUT H:
PITCH:
ROLL:
WAN DE R A NGLE:
MESSAGE COU NT:
MESSAGE ERRO RS:
N42:°32’31.008”
W104°21’19.266”
18000 FT
295 KTS
45.0°T
0.111
0.222
0.333
10.0°
3.222°
1.000°
- 45°
3500
0
RIN U
1
BUS
A
BUS
B
RIN U
2
BUS
A
BUS
B
PortStarboard
XMIT
AIMS
SS- 3
POD
AVAIL
SLMRPRELNCH
STA 11 STA 13 CO OP STA 14 STA 16
INV
POD CONTROLSLAM ER POST LAUNCH
SONOSAFE
KILLSAFE
SYNCOFF
XMITHI
STRTTTV
ACPTTGT
PREVTGT
TRCKMODE
RJCTTGT
TOOASUW
FULLSCRN
09/1258:59
12/1259:59
12/1259:59
12 /1259 :59
12 /1259 :59
09/1258:59
12/1259:59
12/1259:59
12 /1259 :59
12 /1259 :59
09/1258:59
12/1259:59
12/1259:59
12 /1259 :59
12 /1259 :59
ARM HAZARD
KILL READY
SONO DISABLE
MASTER ARM BOMB BAY SRCH PWR
ON
OFF
OFF
ARM HAZARD RESET
ON OPEN
CLOSED
JET
TIS
ON
JET
TIS
ON
JET
TISO
N
JET
TI
SO
N
WING ONLY
ARM HAZARD
KILL READY
SONO DISABLE
MASTER ARM BOMB BAY SRCH PWR
ON
OFF
OFF
ARM HAZARD RESET
ON OPEN
CLOSED
JET
TIS
ON
JET
TIS
ON
JET
TISO
N
JET
TI
SO
N
WING ONLYWING ONLYWING ONLY
MissionSystem
Video
Radar
1553
RS-232
Video
Eth
A ircra ftD is cre tes
R IN U
1553
Racks 1760 ASI Legacy ASI
Weapons Bay
5 3 176 4 28
5 3 176 4 28
Weapons Bay
5 3 176 4 28
5 3 176 4 28 18
RA17
L RA16
L RA15
RA14
L RA18
RA18
RA17
L RA17
L RA16
L RA15
RA15
RA14
L RA14
L RA
Port Wing Stations18
RA18
RA17
L RA17
L RA16
L RA15
RA15
RA14
L RA14
L RA18
RA18
RA17
L RA17
L RA16
L RA15
RA15
RA14
L RA14
L RA
Port Wing Stations9
R A10
LR A11
LR A12
R A13
LR A9
R A10
LR A11
LR A12
R A13
LR A
Starboard Wing Stations9
R A10
LR A11
LR A12
R A13
LR A9
R A10
LR A11
LR A12
R A13
LR A
Starboard Wing Stations9
R A10
LR A11
LR A12
R A13
LR A9
R A10
LR A11
LR A12
R A13
LR A
Starboard Wing Stations
…
…
…
1553
RS-232
Video
Eth
Primary electrical, functional and logical interface between theMission Management Computer(s), weapons, launchers and
other equipment used to release and deliver stores
7
Motivation
� Today, $100M (typically)*
� 40% to 60% is software updates (typically)*
Platformsoftware
Aerodynamics
MissionPlanning
System Eng.Int. & Test
Misc.
* Source: AFRL/MN, 1999
8
Test and Integration Challenges
� Platform Perspective� Provide relevant
functions and data
� Observe resource, performance and timing constraints
� Do not change platform software
� Weapon Perspective *� Identify/define relevant
functions and data
� Identify/define resource, performance and timing constraints
* Weapon software does change over time, which may impact the platform
9
Cost / Schedule Perspective (Notional)
Do not change platform software
Traditional New
Weapon 1
Weapon 2
Weapon 3
New WMS
$
WMS Development Costs
TraditionalNew
Weapon 1
Weapon 2
Weapon 3
Number of Months to Integrate a New Weapon
No need to take down the whole
squadron
10
Agenda
� Introduction� Weapon Management System - WMS� Embedded Systems� Plug and Play Concept� Architecture Analysis and Description
Language - AADL� Model Driven Architecture - MDA
11
State of the Art
� Increasing complexity / decreasing productivity � six (or fewer!) lines per day *
� The inefficiency of the embedded software development process will prevent novel technologies from entering the marketplace in time
* Typical of embedded software industry
12
Characteristics
� Resource constrained� CPU, memory, size, weight and power
� Hard Real Time � Functional and non-functional aspects
� Safety Critical� Dependable / Certifiable
� Long Lifetime � Several upgrades / increasing complexity
13
Embedded Systems: Solutions / Trends
� Components � Less dedication to specific functions� Design - Improved abstraction� Synthesis - Auto code generation
� Models - Assess before final implementation� Specification languages
� Unambiguous representation of behavior and constraints - Rigorous semantics
� Widely accepted
14
Embedded Systems: Solutions / Trends
� Dynamic Reflective Systems� Change internal behavior depending upon
attached devices� Capable of integrating devices which provide
new functions� Capable of providing unforeseen functionality� Foundation of aspect-oriented programming
15
Embedded Systems: Solutions / Trends
� Semantic Interface Specification� Syntax can be performed by any type of
Interface Definition Language (IDL, XML) � Assess semantic properties of an interface by
an executable interface model� Assess interoperability by analyzing provided
and required interfaces, and contracts� Adapt interface to improve interoperability
AADL Semantic Interface Specification
16
Embedded Systems: Solutions / Trends
� Applied to Aircraft-Weapon Integration� Integrate new capabilities within a given design
space (domain)� Prevent waiting for an aircraft upgrade cycle to
integrate new weapons� But
� Likely difficult to implement a dynamic system that meets performance constraints
� Aircraft-Weapon interface standards is a recent development, change is slow
17
Agenda
� Introduction� Weapon Management System - WMS� Embedded Systems� Plug and Play Concept� Architecture Analysis and Description
Language - AADL� Model Driven Architecture - MDA
18
The Plug and Play Concept
� Demonstrate interoperability at design time� In terms of Functionality and Data
� Open system approach via standards
� In terms of Non-Functional Quality Attributes� Safety, real-time, reliability, fault tolerance, security….
� A system that can exchange information and services with multiple systems is more interoperable than one that can't� Assess the quality of interoperability� Formulate strategies to improve interoperability
Semantic Interface Specifications
19
Domain Model – Weapon Interface View
WMS
Select Missile
Configure
Select State
Get Status
Platform
The WMS accepts generic missile commands.These are subsequently passed on to the missile.
Missile
Apply power
Initialize
Set mission parameters
Set missile modes etc
Release
Jettison
IBIT
Get current configuration
20
Domain Model – Mission Interface View
WMSPlatform
Set Environment
Set Platform Characteristics
Set Target Acquisition
Set Mission Plan
The WMS offers mission services that are non-missile specific. Configuration data is subsequently passed on to the missile.
Missile
Configure
Configure
Configure
Configure
21
Domain Model - Life-Cycle View
Missile Selected
Standby
Setup
Identification
Initialization
Identification
Initialization
Status
IBIT On
IBIT Off
IBIT On
IBIT Off
Ready
Mission Configure
Ready for Release
Mission Configure
Ready for Release
Non Operational Mission Committed
Prepare to Release
Release Prepare to Release
Release
Failed
Missile Selected
Standby
Setup
Identification
Initialization
Identification
Initialization
Status
IBIT On
IBIT Off
IBIT On
IBIT Off
Ready
Mission Configure
Ready for Release
Mission Configure
Ready for Release
Non Operational Mission Committed
Prepare to Release
Release Prepare to Release
Release
Failed
Disabled JettisonDisabled Jettison
Executing Mission
Hung Flight
Detonation
Hung Flight
Detonation
Start Mission
System Off
22
Domain Model - Data View
Launch
Acceptability
Region
Weapon
23
State Machines
� Preferred for the specification of controllers
� Useful for� Verification against
requirements� Test-case generation� Automatic code
generationAPI and events used to cause state changes
Operational State
Progress to Jettison
IBIT Control
Progress To Release
Operational State
Jettison>Prepare for Jettison>
Running IBITNot Running IBIT>
Prepare For Release Release
Initialization>Off>
Non-Operational
Apply_Operational_Power
Remove_Operational_Power
Error
Remove_Operational_Power
24
Ports – Connectors – Contracts
Weapon requires power…. Power provided by WMS
Power
Connector
Contract
Pre and Post conditions
Parameter types
Synchronization constraints
QoS features
Required Interface
Weapon
«interface»Power
115 volts()
AC
3 phase
<<interface>> Power
WMS
Component
Port
Provided Interface
115 volts()
AC
3 phase
25
Agenda
� Introduction� Weapon Management System - WMS� Embedded Systems� Plug and Play Concept� Architecture Analysis and Description
Language - AADL� Model Driven Architecture - MDA
MissileMissile
LauncherLauncher
Weapon
ManagementSystem
External
Comm
Mission
PlanningSystem
LaserImagingSystem
NavigationSystem
Fire ControlSystem
Operator I/F
Power
Controller
Launcher
Weapon
1553_A
Discre
te_A
Generic
Power_A
1553_B
Power_B
Discrete_B
MissileMissile
LauncherLauncher
Weapon
ManagementSystem
External
Comm
Mission
PlanningSystem
LaserImagingSystem
NavigationSystem
Fire ControlSystem
Operator I/F
Power
Controller
Launcher
Weapon
1553_A
Discre
te_A
Generic
Power_A
1553_B
Power_B
Discrete_B
26
Platform Challenge
� Component models and supporting frameworks often rely on the specifics of the underlying platform
� There is a need for techniques to handle functional and non-functional properties of components and systems
AADL addresses non-functional properties
27
AADL Summary
� Purpose� Analyze embedded systems
� Focus � Software system architecture model of an
execution platform � Software components bound to hardware
components
Standardization Efforts SAE AS5506 UML profiles
28
Embedded
Systems
UML Profiles
UML 2.0
SysML
Parametric Diagrams
Requirement Diagrams
Activity Diagrams
Assembly Diagrams
AADL
29
AADL Components Types
UML 1.x and UML 2.0 profile… work in progress…
30
AADL Components Types
processor
memory
device
bus
ThreadGroup
Process
Thread
Subprogram
System
DataIcons from
SAE AS5506 AADL Annex
Physical devices that interface with an external environment Composition of
software and execution platform
components
Communication channels that can exchange control and data between processors, memories, and devices
Abstraction of hardware and software that is responsible for
scheduling and executing threads
Randomly accessible physical storage such as RAM or ROM
Static data in source text
Units of concurrent execution
Structural grouping of threads within a process
Space partitions in terms of virtual address spaces
Source text that is executed sequentially
31
System Example
32
System Construction Examplesystem MILSystem
end MILSystem ;
subcomponents
-- buses
Power_A : bus MILPower;
…
-- components
WMS1 : system WMS.WMS;
FCS : system FireControlSystem.FCS;
…
connections
-- bus access
bus access Power_A -> Power1.IFPower_A;
bus access Power_A -> WMS1.IFPower_A;
…
-- ports
port group WMS1.Out1553_A -> Launcher1.In1553_A;
…
system implementation MILSystem.MissilePlatform
subcomponents
…
connections
…
end MILSystem.MissilePlatform ;
33
System Construction Example
system FireControlSystem
features
IFGeneric: requires bus access MILGeneric;
InMission: port group Rx_Port;
OutMission: port group Tx_Port;
end FireControlSystem;
system implementation FireControlSystem.FCS
end FireControlSystem.FCS ;
Black BoxPower
Connector
Contract
Pre and Post conditions
Parameter types
Synchronization constraints
QoS features
Power
Connector
Contract
Pre and Post conditions
Parameter types
Synchronization constraints
QoS features
Required Interface
Weapon
«interface»Power
115 volts()
AC
3 phase
Required Interface
Weapon
«interface»Power
115 volts()
AC
3 phase
<<interface>> Power
WMS
Component
Port
Provided Interface
115 volts()
AC
3 phase
<<interface>> Power
WMS
Component
Port
Provided Interface
115 volts()
AC
3 phase
WMS
Component
Port
Provided Interface
WMS
Component
Port
Provided Interface
115 volts()
AC
3 phase
34
System Construction Examplesystem WMS
features
-- Buses
IF1553_A: requires bus access MIL1553;
IFGeneric: requires bus access MILGeneric;
IFPower_A: requires bus access MILPower;
IFDiscrete_A: requires bus access MILDiscrete;
-- Ports
In1553_A: port group Rx_Port;
Out1553_A: port group Tx_Port;
InDiscrete_A: port group Rx_Port;
OutDiscrete_A: port group Tx_Port;
OutPower_A: port group Tx_Port;
InMission: port group Rx_Port;
OutMission: port group Tx_Port;
end WMS ;
port group Rx_Port
features
Rx: in data port;
inverse of Tx_Port
end Rx_Port;
port group Tx_Port
features
Tx: out data port;
end Tx_Port;
Black Box
35
WMS System Implementation Example
system implementation WMS.WMS
subcomponents
…
connections
…
modes
…
end WMS.WMS ;
subcomponents
--- processors
--- processes
--- bindings
connections
--- port groups
modes
MainMode: initial mode;
BackupMode: mode;
Factory
Pattern
White Box
36
Process
process PlugandPlayDispatcher
features
InGeneric: port group Rx_Port;
OutGeneric: port group Tx_Port;
InLauncher: port group Rx_Port;
OutLauncher: port group Tx_Port;
InWeapon: port group Rx_Port;
OutWeapon: port group Tx_Port;
end PlugandPlayDispatcher;
37
Process Implementation
process implementation PlugandPlayDispatcher.WMS
subcomponents
Bus_Listener: thread Listener.Bus_Listen;
PnP_Dispatcher: thread PnPDispatcher.WMS;
connections
port group InGeneric -> Bus_Listener.Bus_Listener;
port group Bus_Listener.Buffer_Update -> PnP_Dispatcher.InPnP;
port group PnP_Dispatcher.OutLauncher -> OutLauncher;
port group InLauncher -> PnP_Dispatcher.InLauncher;
port group PnP_Dispatcher.OutWeapon -> OutWeapon;
port group InWeapon -> PnP_Dispatcher.InWeapon;
end PlugandPlayDispatcher.WMS;
38
Time-Space Partitioning
Processor
…Partition 1 Partition 2 Partition n
Processor PPC
End PPC;
Processor implementation PPC.two
Subcomponents
partition1: processor RMA.impl;
partition2: processor RMA.impl;
End PPC.two;
System implementation ESys.impl
Subcomponents
platform: processor PPC.two;
app: system userApp;
Properties
Binding => platform applies to app;
End ESys.impl;
A
Process
B
Process
N
Process…
39
Thread
thread Dispatcher
features
Buffer_Listener: port group Rx_Port;
Bus_Dispatcher: port group Tx_Port;
Buffer_2: requires data access Buffer;
properties
Source_Text => "abc";
Source_Code_Size => 100 kb;
Source_Data_Size => 10 kb;
Source_Stack_Size => 10 kb;
Source_Heap_Size => 10 kb;
Dispatch_Protocol => periodic;
Period => 100 ms;
Deadline => 100 ms;
Compute_Execution_Time=> 5ms;
Producer – Consumer
40
Trade-offsProducer – Consumer
Event-Driven with Publish-Subscribe
41
Tools - OSATE
� Open source AADL tool environment � Software Engineering Institute� www.aadl.info
� Set of plug-ins on top of Eclipse� www.eclipse.org
42
OSATE Plug-ins
� Analysis� Schedulability� System scalability� Safety
� End-to-end flow analysis
� AADL support from UML vendors
43
Agenda
� Introduction� Weapon Management System - WMS� Embedded Systems� Plug and Play Concept� Architecture Analysis and Description
Language - AADL� Model Driven Architecture - MDA
44
Approach to MDA
TE = Transformation Engine
CG = Code Generator
VE = Validation Engine
Domain
Domain
Requirements
Platform
Independent
Model
ProductInstance
Platform
Requirements
Platform
Specific
Model
ExecutableProduct
Executable
System
CG
ValidatedProduct
Validated
System
V
E
Application
Application
Requirements
Platform
Independent
Model
Core Reusable
CorporateAssets
TE
45
Approach to MDA / AADL
Product
Instance
Platform
Requirements
AADL
Model
TE
Product
Instance
Platform
Requirements
AADL
Model
TE
Executable
Product
Executable
System
CG
Executable
Product
Executable
System
CG
Validated
Product
Validated
System
AADL
Validated
Product
Validated
System
AADL
Prove system propertiesProve system properties
Product
Instance
Platform
Requirements
UML
Model
Executable
Product
Executable
System
CG
Derive system properties
46
MDA Work Products
Application
Application
Requirements
Platform
Independent
Model
Context ViewRequirements ViewAnalysis ViewDesign View
… Queries …
ProductInstance
Platform
Requirements
Platform
Specific
Model
TE
Guidelines and Rules
Platform Model
Libraries
Patterns
AADL Model ready for analysis
UML Model ready for code generation
47
MDA / AADL Expectation
Traditional New
Weapon 1
Weapon 2
Weapon 3
New MWS
$
Development Costs for New Weapons
MDA
Traditional New
Weapon 1
Weapon 2
Weapon 3
New WMS
$
Development Costs for New Weapons
Without
MDA