1 / 14

Challenges

Challenges. Colin O’Halloran Aerospace Consulting Practice. Supplier A n. Supplier A 1. Supplier B n. Supplier B 1. …. …. Supplier X n. Supplier X 1. Prime/Integrator eg Boeing, Ford, NG…. System Integration. Integration at a unit level. OEM 1 e.g. NG, Bosch,…. OEM n.

yaholo
Download Presentation

Challenges

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Challenges Colin O’Halloran Aerospace Consulting Practice

  2. Supplier An Supplier A1 Supplier Bn Supplier B1 … … Supplier Xn Supplier X1 Prime/Integrator eg Boeing, Ford, NG… System Integration Integration at a unit level OEM 1 e.g. NG, Bosch,… OEM n || . . . || Procure Competitive selection amongst suppliers worldwide

  3. System Requirements Code Development Verification Review Test Analysis Overview and Rationale for linking design models with code Hand code Autocode Specification Model Evidence for Certification DO178 Typically vast majority of effort Typically compliance to Standards/process Typically only Analyse results of test Reduce to Validation and Hardware testing Exploit automated proof

  4. Development Code Verification Z Verification Conditions Discharge proof Overview of the Beacon/ClawZ Process Beacon Simulink Z Producer User Interface Refinement Script Generator Compliance Notation Tool Supertac ProofPower

  5. Example of BEACON code generation • Specify BEACON code generation information • Each subsystem implemented by an Ada subprogram: ‘Step’, ‘Diff’ and ‘Int’

  6. Source code for Ada subprograms ‘Diff’ and ‘Int’ procedure Diff ( Input : in Real32_T ; Deriv : out Real32_T ; State : in out Real32_T ) is -- LOCAL data from section DEFAULT tmp1 : Real32_T ; begin -- -- UnitDelay: discrete/Diff/Unit Delay -- tmp1 := State; State := Input; -- -- Sum: discrete/Diff/Sum -- Deriv := Input - (tmp1); end Diff ; procedure Int ( Input : in Real32_T ; Integ : out Real32_T ; State : in out Real32_T ) is -- LOCAL data from section DEFAULT Prev_State : Real32_T ; begin -- -- UnitDelay: discrete/Int/Unit Delay -- Prev_State := State; -- -- Sum: discrete/Int/Sum -- Integ := Input + Prev_State; -- -- UnitDelay: discrete/Int/Unit Delay -- State := Integ; end Int ;

  7. Source code for Ada subprogram ‘Step’ procedure Step is -- LOCAL data from section DEFAULT D : Real32_T ; I : Real32_T ; P : Real32_T ; tmp1 : Real32_T ; begin -- -- Subsystem: pid/Diff -- Source: discrete/Diff -- -- Diff ( Input => Error , Deriv => tmp1 , State => pid_Diff_State ); -- -- Product: pid/Sd -- D := Kd * tmp1; -- -- Product: pid/Si -- tmp1 := Error * Ki; -- -- Product: pid/Sp -- P := Error * Kp; -- -- Subsystem: pid/Int -- Source: discrete/Int -- -- Integ ( Input => tmp1 , Integ => I , State => pid_Int_State ); -- -- Sum: pid/Sum -- Output := D + P + I; end Step ;

  8. Setup CLawZ analysis project

  9. Specify Simulink model files

  10. Identify parts of the Simulink model that correspond to program units • For BEACON this can be done automatically using information embedded in .mdl files

  11. Specify the Ada source code files and define which subprograms to verify

  12. Perform analysis • Link Simulink units with Ada subprograms • Automatic for BEACON • Define interface between Simulink signals and Ada variables • Automatic for BEACON • Run auto-verification • Proof results reported • Verification condition failure provides the point of failure and the pre-condition information at that point

  13. Assigning Programs to Systems ModelWorks to check high level design satisfies system properties plus analytical/simulation techniques for continuous control systems System Properties ⊑ Combination of Simulation, Deduction and Compositional Model Checking || . . . || MW state machine 1 MW state machine n ⊑ ⊑ BEACON automatic code generation Stateflow/Simulink n Stateflow/Simulink 1 ⊑ ⊑ Refinement Conjecture With Deduction + MALPORTE healthiness checking Code n Code 1

  14. Challenges • Prediction of Properties – capability to predict and check properties of system software components (both horizontally and vertically) • Customer – ability to control certain classes of risk, e.g. late discovery of inadequate performance • Supplier – invest in “libraries” of components with known properties • Property Trade-offs – capability to assess the interactions between properties and to make informed trade-offs between those properties • Customer – ability to configure system to realise sufficient capability • Supplier – ability to control development risk • Exploit model based development to produce assurable engineering artefacts to support the management of the supply chain

More Related