

## AADL和MBSE实践探讨

傅金泉 / SBU技术经理

**ANSYS** 



## 议程

- 1. AADL简要介绍
- 2. SysML和AADL混合MBSE流程思考
- 3. SCADE AADL方案
- 4. 例子演示



## 议程

- 1. AADL简要介绍
- 2. SysML和AADL混合MBSE流程思考
- 3. SCADE AADL方案
- 4. 例子演示



### Introduction

### ADL, Architecture Description Language:

- O Goal: modeling software and hardware architectures to master complexity ... to perform analysis
- O Concepts: components, connections, deployments.
- O Many ADLs: formal/non formal, application domain, ...
- AADL -- Architecture Analysis and Design Language is an ADL for realtime critical systems
- AADL objectives are "to model a system"
  - O With analysis in mind "certification credit"
  - O To ease transition from well-defined requirements to the final system : modeling, refinement, analysis, code production, ...





### **AADL: Architecture Analysis & Design Language**

### Standard promoted by SAE International, AS-2C committee, as AS-5506A

- O Version 1.0 published in 2004, v2 in 2009, v2.1 in 2012
- Committee driven by inputs from the avionics and space industry
- O Academics drive analysis capability, to ensure they match with modeling patterns
- O AADLv3 effort just started

### http://aadl.info list all resources around AADL

- O Public wiki with lot of resources: <a href="https://wiki.sei.cmu.edu/aadl/index.php/Main\_Page">https://wiki.sei.cmu.edu/aadl/index.php/Main\_Page</a>
- Include link to most research activities around AADL

### AADL is dedicated to real-time embedded domain

- O Modeling software and hardware resources for V&V
- O Extension & refinements concept to iterate down to generation

### Different representations

- O Graphical: high-level view of the system
- O Textual: to view all details
- O XML: to ease processing by 3rd party tool





## **AADL Different Representations**





## **AADL Components**











| Port Group<br>(as a feature of a thread)                                                | */         |
|-----------------------------------------------------------------------------------------|------------|
| Port Group Connection<br>(between two port groups that<br>are each a feature of system) |            |
| Port Group Bundle<br>(mixed directions and ports)                                       | Port group |





## **Data Connection Policies**

1. Sampling connection: takes the latest value

Problem: data consistency (lost or read twice)!



- 2. Immediate: receiver thread is immediately awaken, and will read data when emitter finishes
- 3. Delayed: actual transmission is delayed to the next time frame





### **AADL** model elements





## ERGENCE AADL — an example

Architecture helps you focusing on the actual system





## **Component type**

```
<category> foo [extends <bar>]
features
   -- list of features, interface
   -- e.g. messages, access to data, etc.
properties
   -- list of properties, e.g. priority
end foo;
Inherit features and
properties from parent

Some properties describing
non-functional aspect of the
component
```

```
-- Model a sequential execution flow
subprogram Spq
                                        -- Spg represents a C function,
features
                                        -- in file "foo.c", that takes one
  in param : in parameter foo data;
                                        -- parameter as input
properties
  Source Language => C;
  Source Text => ("foo.c");
end Spq;
-- Model a schedulable flow of control
thread bar thread
                                         -- bar thread is a sporadic thread :
features
                                         -- dispatched whenever it
  in data : in event data port foo data; -- receives an event on its port
properties
  Dispatch Protocol => Sporadic;
end bar thread;
```



## **Component implementation**

```
-- Model a schedulable flow of control
thread bar thread
                                         -- bar thread is a sporadic thread :
features
                                         -- dispatched whenever it
  in data : in event data port foo data; -- receives an event on its port
properties
  Dispatch Protocol => Sporadic;
end bar thread;
thread implementation bar thread.impl
                                         -- In this implementation, at each
calls
                                         -- dispatch we execute the "C" call
 C : { S : subprogram spq; };
                                         -- sequence. We pass the dispatch
connections
                                         -- parameter to the call sequence
 parameter in data -> S.in param;
end bar thread.impl;
```



## **AADL Property sets**



- Property: Typed attribute, associated to components
- Property sets: group property definitions.
  - O Property sets part of the standard, e.g. Communication Properties
  - O Or user-defined, e.g. for new analysis

```
process MFDProcess
  features
    MCPaltitude: out data port scade_real;
    MCPspeed: out data port scade_real;
    AutoPilot: out data port scade_bool;
  flows
    f0: flow source MCPaltitude {Latency => 5 ms .. 10 ms;};
    f1: flow source MCPspeed {Latency => 5 ms .. 10 ms;};
    f2: flow source AutoPilot {Latency => 5 ms .. 10 ms;};
    properties
    Period => 25 ms;
end MFDProcess;
```



## **AADL** Property sets



```
property set AADL Projects
                               --AADT<sub>2</sub>
is Time Units: type units (
                               --SAE Aerospace Standard AS5506B
                               --Appendix A: Predeclared Property Sets
    ps,
    ns => ps * 1000,
    us => ns * 1000,
                               property set Communication Properties is
    ms => us * 1000,
                                Time: type aadlinteger units Time Units;
    sec => ms * 1000,
                                Time Range: type range of Time;
    min => sec * 60,
                                Latency: Time Range
    hr => min * 60);
                                   applies to (flow, connection, virtual
                               bus, bus, processor, virtual processor,
end AADL Projects;
                               device, system, feature, memory);
```

```
flows
f0: flow source MCPaltitude {Latency => 5 ms .. 10 ms;};
f1: flow source MCPspeed {Latency => 5 ms .. 10 ms;};
```

f2: flow source AutoPilot {Latency => 5 ms .. 10 ms;};



### **About AADL annexes**

### • AS5506/2 (January 2011)

- O **Data Modeling Annex** provides guidance on a standard way of associating data models expressed in other data modeling notations (C or ASN.1) with architecture models expressed in AADL,
- O **Behavior Annex** enables modeling of component and component interaction behavior in a state-machine based annex sublanguage,
- O **ARINC653 Annex** provides guidance on a standard way of representing ARINC653 standard compliant partitioned embedded system architectures in AADL models.

### • AS5506/1A (October 2015)

- Code generation Annex defines language-specific rules for source text to be compliant with an architecture specification written in AADL;
- O Error Model Annex defines features to enable the specification of redundancy management and risk mitigation methods in an architecture, and enable qualitative and quantitative assessments of system properties such as safety, reliability, integrity, availability, and maintainability.



15



### **Model-based Assurance**



- Integration to a process: with SysML, SCADE, Simulink
- Architectural pattern checks:
  - MILS, ARINC, Ravenscar, Synchronous
- Model checking:
  - ☐ Timed/Stochastic/Colored Petri Nets
  - ☐ Timed automata et al.: UPPAAL, Versa, TASM
- Scheduling: MAST, Cheddar, CARTS

- Performance evaluation: real-time and network calculus
- Fault analysis: COMPASS, Stochastic Petri Nets, PRISM
- Simulation: ADeS, Marzhin
- **Energy consumption of SoC: OpenPeople project**
- Code generation: SystemC, C, Ada, RTSJ, Lustre
- WCET analysis: mapping to Bound-T



## 议程

- 1. AADL简要介绍
- 2. SysML和AADL混合MBSE流程思考
- 3. SCADE AADL方案
- 4. 例子演示



## **Mismatched Assumptions**

Impact – AADL integrates allowing analysis



Embedded SW System Engineer

Why do system level failures still occur despite fault tolerance techniques being deployed in systems?

Application Developer



## **Cooperative Engineering of System**

**Embedded Software** System Engineering **System Engineering AADL SysML Operational/Functional Application Software Analysis Runtime Architect** (People, Use case, Use scenario) (task & communication) **Physical System Abstract Design Architect** (Functional/Logic decomposition, architect) (Interface with SW/HW) **Computer Platform Architect Physical System Architect** (processors & networks) (Physical components: mechanical, electrical, heat and etc)



19



# System Engineering Process of INCOSE Systems Engineering

#### **Process input**

- Customer needs/ objectives/ requirements
  - Missions
  - Measures of effectiveness
  - Environments
  - Constraints
- Technology base
- Outputs from prior phase
- Program decision requirements
- Requirements applied through specifications and standards



### **Process output**

- Phase dependent
  - Decision support data
  - System architecture
  - Specifications and baselines

# MBSE Process OOSEM Approach - Selected Artifacts

**Major SE Development Activities** 

Analyze Needs

- Causal Analysis
- Top Level Domain Block Definition Diagram
- Mission Use Case Diagrams

Define System Requirements

- System Context
- System Scenario
- Input/Output Definitions

Optimize & Evaluate Alternatives

- Trade studies
- Parametric Diagrams

Define Logical Architecture

- Logical Hierarchy
- Logical Interconnection
- Logical Scenarios

Manage Requirements

- Spec Tree
- •Reqt's
- Traceability

Support Validation & Verification

- Test cases
- Test procedures

Synthesize Allocated Architecture •Allocations to HW,SW, Data Architecture

**Common Subactivities** 





## Cooperative Engineering of SysML and AADL





## 议程

- 1. AADL简要介绍
- 2. SysML和AADL混合MBSE流程思考
- 3. SCADE AADL方案
- 4. 例子演示



## **SCADE AADL Solution: Workflow**



24



### **AADL** meta model via UML

- AADL v2.2 meta model (ecore file)
  - O Loaded in SCADE Architect Configurator
- 2) AADL concepts
  - Inherits from SCADE Architect concepts
  - O Constraints allows model creation guidance







# AADL language expressiveness (& complexity)

### AADL language

Object-oriented inheritance mechanism:

*Prototypes* and *Abstract* components

later extended and refined into concrete category

Component types and Component implementation

An interface definition can have multiple implementations But definition mandatory before specifying implementation

### Instantiation:

Component instances are references to component implementation, that must be inlined for analysis

Inlining done as an explicit tool action in OSATE to get an instantiated model

### In SCADE: 2 simplifications

- AADL Abstraction & Inheritance inlining
- AADL instance based modeling





### **SCADE** solution for AADL

### Instance based modeling

### Benefit from SCADE Architect: Block Replica

O The whole content of Block Definition is replicated in each instance (SysML parts)

### Support for AADL "instance based modeling"

### O AADL objects:

- ✓ "ProcessTypes" (interface only),
- ✓ "ProcessImplementations" (content only),
- ✓ "ProcessSubcomponents" (empty instances)

### O Replaced by:

✓ "Process" definition: interface and full content,
automatically replicated in each AADL "Process instance"

### O Consequences

- ✓ Limitation: only "one Implementation per Type"
- ✓ But much simpler model understanding for end user





## **AADL** Property sets

### Automated conversion

O Can be imported from property set>.aadl

### Benefits

- O Reused SCADE IDE
- O Automated GUI to set properties on objects in a model





## AADL Example (Sept 2016)







# Synchronization SCADE AADL – SCADE Suite

### SCADE Suite ←→ AADL:

- Selected operators ← → choice to Thread and Subprogram (default Thread)
- O In/Out variable ←→ Port (default DataPort)
  - ✓ DataPort → In/Out variable <type>
  - ✓ EventPort → In/Out boolean variable
  - ✓ EventDataPort → In/Out variable {EDP\_Event:bool, EDP\_Data:<type>}
  - ✓ Port ArrayDimension N → N In/Out variable





## 议程

- 1. AADL简要介绍
- 2. SysML和AADL混合MBSE流程思考
- 3. SCADE AADL方案
- 4. 例子演示



## 感谢聆听

