Synchronous modeling of avionics applications using the SIGNAL language

International audienceIn this paper, we discuss a synchronous, component-based approach to the modeling of avionics applications. The specification of the components relies on the avionics standard ARINC 653 and the synchronous language SIGNAL is considered as modeling formalism. The POLYCHRONY tool-set allows for a seamless design process based on the SIGNAL model, which provides possibilities of high level specifications, verification and analysis of the specifications at very early stages of the design, and finally automatic code generation through formal transformations of these specifications. This suits the basic stringent requirements that should be met by any design environment for embedded applications in general, and avionics applications in particular

System-level Co-simulation of Integrated Avionics Using Polychrony

International audienceThe design of embedded systems from multiple views and heterogeneous models is ubiquitous in avionics as, in partic- ular, different high-level modeling standards are adopted for specifying the structure, hardware and software components of a system. The system-level simulation of such composite models is necessary but difficult task, allowing to validate global design choices as early as possible in the system de- sign flow. This paper presents an approach to the issue of composing, integrating and simulating heterogeneous mod- els in a system co-design flow. First, the functional behavior of an application is modeled with synchronous data-flow and statechart diagrams using Simulink/Gene-Auto. The system architecture is modeled in the AADL standard. These high- level, synchronous and asynchronous, models are then trans- lated into a common model, based on a polychronous model of computation, allowing for a Globally Asynchronous Lo- cally Synchronous (GALS) interpretation of the composed models. This translation is implemented as an automatic model transformation within Polychrony, a toolkit for em- bedded systems design. Simulation, including profiling and value change dump demonstration, has been carried out based on the common model within Polychrony. An avionic case study, consisting of a simplified doors and slides control system, is presented to illustrate our approach

Modeling and analysis of power processing systems: Feasibility investigation and formulation of a methodology

A review is given of future power processing systems planned for the next 20 years, and the state-of-the-art of power processing design modeling and analysis techniques used to optimize power processing systems. A methodology of modeling and analysis of power processing equipment and systems has been formulated to fulfill future tradeoff studies and optimization requirements. Computer techniques were applied to simulate power processor performance and to optimize the design of power processing equipment. A program plan to systematically develop and apply the tools for power processing systems modeling and analysis is presented so that meaningful results can be obtained each year to aid the power processing system engineer and power processing equipment circuit designers in their conceptual and detail design and analysis tasks

Verifying the Safety of a Flight-Critical System

This paper describes our work on demonstrating verification technologies on a flight-critical system of realistic functionality, size, and complexity. Our work targeted a commercial aircraft control system named Transport Class Model (TCM), and involved several stages: formalizing and disambiguating requirements in collaboration with do- main experts; processing models for their use by formal verification tools; applying compositional techniques at the architectural and component level to scale verification. Performed in the context of a major NASA milestone, this study of formal verification in practice is one of the most challenging that our group has performed, and it took several person months to complete it. This paper describes the methodology that we followed and the lessons that we learned.Comment: 17 pages, 5 figure

The SIGNAL Approach to the Design of System Architectures

International audienceModeling plays a central role in system engineering. It significantly reduces costs and efforts in the design by providing developers with means for cheaper and more relevant experimentations. So, design choices can be assessed earlier. The use of a formalism, such as the synchronous language SIGNAL which relies on solid mathematical foundations for the modeling, allows validation. This is the aim of the methodology defined for the design of embedded systems where emphasis is put on formal techniques for verification, analysis, and code generation. This paper mainly focuses on the modeling of architecture components using SIGNAL. For illustration, we consider the modeling of a bounded FIFO queue, which is intended to be used for communication protocols. We bring out the capabilities of SIGNAL to allow specifications in an elegant way, and we check few elementary properties on the resulting model for correctness

Modeling and Analysis of Mixed Synchronous/Asynchronous Systems

Practical safety-critical distributed systems must integrate safety critical and non-critical data in a common platform. Safety critical systems almost always consist of isochronous components that have synchronous or asynchronous interface with other components. Many of these systems also support a mix of synchronous and asynchronous interfaces. This report presents a study on the modeling and analysis of asynchronous, synchronous, and mixed synchronous/asynchronous systems. We build on the SAE Architecture Analysis and Design Language (AADL) to capture architectures for analysis. We present preliminary work targeted to capture mixed low- and high-criticality data, as well as real-time properties in a common Model of Computation (MoC). An abstract, but representative, test specimen system was created as the system to be modeled

Extending the Real-Time Maude Semantics of Ptolemy to Hierarchical DE Models

This paper extends our Real-Time Maude formalization of the semantics of flat Ptolemy II discrete-event (DE) models to hierarchical models, including modal models. This is a challenging task that requires combining synchronous fixed-point computations with hierarchical structure. The synthesis of a Real-Time Maude verification model from a Ptolemy II DE model, and the formal verification of the synthesized model in Real-Time Maude, have been integrated into Ptolemy II, enabling a model-engineering process that combines the convenience of Ptolemy II DE modeling and simulation with formal verification in Real-Time Maude.Comment: In Proceedings RTRTS 2010, arXiv:1009.398

Advanced information processing system: The Army fault tolerant architecture conceptual study. Volume 1: Army fault tolerant architecture overview

Digital computing systems needed for Army programs such as the Computer-Aided Low Altitude Helicopter Flight Program and the Armored Systems Modernization (ASM) vehicles may be characterized by high computational throughput and input/output bandwidth, hard real-time response, high reliability and availability, and maintainability, testability, and producibility requirements. In addition, such a system should be affordable to produce, procure, maintain, and upgrade. To address these needs, the Army Fault Tolerant Architecture (AFTA) is being designed and constructed under a three-year program comprised of a conceptual study, detailed design and fabrication, and demonstration and validation phases. Described here are the results of the conceptual study phase of the AFTA development. Given here is an introduction to the AFTA program, its objectives, and key elements of its technical approach. A format is designed for representing mission requirements in a manner suitable for first order AFTA sizing and analysis, followed by a discussion of the current state of mission requirements acquisition for the targeted Army missions. An overview is given of AFTA's architectural theory of operation

Simulation of real-time systems with clock calculus

International audienceSafety–critical real-time systems need to be modeled and simulated early in the development of lifecycle. SIGNAL is a data-flow synchronous language with clocks widely used in modeling of such systems. Due to the synchronous features of SIGNAL, clock calculus is essential in compilation and simulation. This paper proposes a new methodology for clock calculus that takes data dependencies into consideration. In this way, simulation code can be directly generated by using a depth-first traversal algorithm. In addition, a clock insertion method based on clock-implication checking is presented to obtain an optimized control structure

A model-based rams estimation methodology for innovative aircraft on-board systems supporting mdo applications

The reduction of aircraft operating costs is one of the most important objectives addressed by aeronautical manufactures and research centers in the last decades. In order to reach this objective, one of the current ways is to develop innovative on-board system architectures, which can bring to lower fuel and maintenance costs. The development and optimization of these new aircraft on-board systems can be addressed through a Multidisciplinary Design Optimization (MDO) approach, which involves different disciplines. One relevant discipline in this MDO problem is Reliability, Availability, Maintainability and Safety (RAMS), which allows the assessment of the reliability and safety of aircraft systems. Indeed the development of innovative systems cannot comply with only performance requirements, but also with reliability and safety constraints. Therefore, the RAMS discipline plays an important role in the development of innovative on-board systems. In the last years, different RAMS models and methods have been defined, considering both conventional and innovative architectures. However, most of them rely on a document-based approach, which makes difficult and time consuming the use of information gained through their analysis to improve system architectures. On the contrary, a model-based approach would make easier and more accessible the study of systems reliability and safety, as explained in several studies. Model Based Systems Engineering (MBSE) is an emerging approach that is mainly used for the design of complex systems. However, only a few studies propose this approach for the evaluation of system safety and reliability. The aim of this paper is therefore to propose a MBSE approach for model-based RAMS evaluations. The paper demonstrates that RAMS models can be developed to quickly and more effectively assess the reliability and safety of conventional and innovative on-board system architectures. In addition, further activities for the integration of the model-based RAMS methodology within MDO processes are described in the paper