EADS Military Aircraft ASAAC Modelling with AADL André Windisch SAE AS-2 Meeting on AADL Edinburgh, July 2004
EADS Military Aircraft
ASAAC Modelling with AADL
André WindischSAE AS-2 Meeting on AADL
Edinburgh, July 2004
ASAAC Modelling, SAE AS-2 Meeting, Edinburgh, July 2004Page 2
EADS Military Aircraft
Contents
• The AADL Notation• ASAAC Platform Modelling• ASAAC Application Modelling• ASAAC Refinement Approach• Summary
ASAAC Modelling, SAE AS-2 Meeting, Edinburgh, July 2004Page 3
EADS Military Aircraft
Platform
Composite
Software
AADL Graphical Primitives >> Components
Process
Thread
Data
System
Processor
Device
Memory Bus
ASAAC Modelling, SAE AS-2 Meeting, Edinburgh, July 2004Page 4
EADS Military Aircraft
Connections
AADL Graphical Primitives >> Features
Subprograms
Ports
<name>
Data Port
Event Port
Event Data Port
Immediate
Delayed
call server
Server Subprogram Binding
ASAAC Modelling, SAE AS-2 Meeting, Edinburgh, July 2004Page 5
EADS Military Aircraft
Contents
• The AADL Notation• ASAAC Platform Modelling • ASAAC Application Modelling• ASAAC Refinement Approach• Summary
ASAAC Modelling, SAE AS-2 Meeting, Edinburgh, July 2004Page 6
EADS Military Aircraft
ASAAC Platform >> Module Types
MSU
DP
NIU
RU MSU
GP
NIU
RU MSU
SP
NIU
RU
MSU
MM
NIU
RU MSU
NS
NIU
RU MSU
PC
NIU
RU
DPGPSPMMNSPC
… Data Processing… Graphics Processing… Signal Processing… Mass Memory… Network Switch… Power Conversion
ASAAC Modelling, SAE AS-2 Meeting, Edinburgh, July 2004Page 7
EADS Military Aircraft
ASAAC Platform >> Data Processing Module (DPM)
PBCBMSB
DPFC
ATM
ETN FC ATM
MSU
DP
NIU
RU
MSURUNIUDP
… Module Support Unit… Routing Unit… Network Interface Unit… Data Processing (Payload)
ASAAC Modelling, SAE AS-2 Meeting, Edinburgh, July 2004Page 8
EADS Military Aircraft
ASAAC Platform >> Module Software Layers
OS Layer (OSL)
Application Layer(AL)
Module Support(MSL)
Module Support Package &Network Independent Interface (NII)
MOS
Operating System& Extensions
SM
OS
SMBP
APOS
App #1 App #2 App #3
ConfigManager
(CM)
BlueprintManager
(BPM)
App ErrorHandling
Generic System Management (GSM)
APOSMOSSMOSSMBP
… Application to Operating System Interface… Module to Operating System Interface… System Management to Operating System Interface… System Management to Blueprint Interface
ASAAC Modelling, SAE AS-2 Meeting, Edinburgh, July 2004Page 9
EADS Military Aircraft
ASAAC Platform >> Module Software Integration
OS Layer (OSL)
Application Layer(AL)
Module Support(MSL)
CBMSB
DPFC
ATM
FC ATM
NiiMslHandler
MOS
OS & GSM
PB
APOS
Application
BufferHandler
MessageRouter
ASAAC Modelling, SAE AS-2 Meeting, Edinburgh, July 2004Page 10
EADS Military Aircraft
ASAAC Platform >> Modelling Approach
App
P2(Abstract) P2
(Refined)
P1(Abstract) P1
(Refined)
P0(Base)
Step 1Refinement of system component P2
Step 1Refinement of system component P2
Step 2Refinement of system component P1
Step 2Refinement of system component P1
ASAAC Modelling, SAE AS-2 Meeting, Edinburgh, July 2004Page 11
EADS Military Aircraft
ASAAC Platform >> Modelling Example
Application.RW
Reader WriterVirtual Channel
Platform.Abstract
DPM_APOS(Abstract Processor)
DPM_APOS(Abstract Processor)
Transfer Connections (Logical Bus)
APOS ServicesAPOS Services
APOS ServicesAPOS Services
ASAAC Modelling, SAE AS-2 Meeting, Edinburgh, July 2004Page 12
EADS Military Aircraft
ASAAC Platform >> Remaining Questions
• The proposed modelling approach assumes that ASAAC applications can be captured by AADL processes, threads, connections, and ports. Is this feasible?
• How can the ASAAC inherent system configuration feature be modelled?
• How can reconfiguration be modelled?
ASAAC Modelling, SAE AS-2 Meeting, Edinburgh, July 2004Page 13
EADS Military Aircraft
Contents
• The AADL Notation• ASAAC Platform Modelling• ASAAC Application Modelling• ASAAC Refinement Approach• Summary
ASAAC Modelling, SAE AS-2 Meeting, Edinburgh, July 2004Page 14
EADS Military Aircraft
ASAAC Threads >> Definition
• No particular scheduling policy imposed by ASAAC Standard
• Soft or hard deadline
• Periodic or bounded aperiodic release, defined by blueprints
WaitingReady
Dormant
Running
resumeThread
suspendThread
stopThreadstopThread
startThread
sleepwaitForSemaphore
terminateSelf
schedule
ASAAC Modelling, SAE AS-2 Meeting, Edinburgh, July 2004Page 15
EADS Military Aircraft
AADL Thread
complete activation
performing threadactivation
thread enter(Mode)dispatch activationt = 0
performingthread deact.
complete deactivation
complete initialization
complete computation
thread unrecoverableerror detected
performing thread computation
thread unrecoverableerror detected
thread exit(Mode)
threadhalted
thread exit(Mode)thread enter(Mode)
thread abort
loaded(process)
stop(process) stop(processor)stop(system)
suspendedawaiting dispatch
Wait_For_Dispatch
stop(process) stop(processor)stop(system)abort(process)
abort(processor)abort(system)
Raise error event
performing threadfinalize
abort(process) abort(processor)abort(system)
initial mode
¬initial mode
performing thread initialization
suspendedawaiting mode
? Enabled(t)dispatch computation
t ← 0
ASAAC Threads >> Modelling
WaitingReady
Dormant
Running
suspendThread
resumeThread
stopThreadstopThread
startThread
sleepwaitForSemaphore
rcvMessage
terminateSelf
schedule
abort(process) abort(processor)abort(system)
Dispatch
unblock on releaseResource
Awaitingresource
Awaitingreturn
Awaitingresume
block on getResource
backgroundexit(Mode)
call serversubprogram
return serversubprogram
backgroundenter(Mode)
preempt
resumeready
completeRunning
errordetected
Executing
ASAAC Modelling, SAE AS-2 Meeting, Edinburgh, July 2004Page 16
EADS Military Aircraft
ASAAC Processes >> Definition
• Denotes an address space that contains executable code for one or more threads, one main thread
• Is NOT subject to scheduling and does not have attributable temporal characteristics
• Always executes on a single processor
WaitingReady
Dormant
Running
WaitingReady
Dormant
Running
Thread #1 (Main) Thread #n
. . .
ASAAC Modelling, SAE AS-2 Meeting, Edinburgh, July 2004Page 17
EADS Military Aircraft
ASAAC Processes >> Modelling
process implementation <pname>subcomponents
-- the main thread of the process which is always activet1 : thread <tname_1>; -- all other threads which have to be started by t1t2 : thread <tname_2> in modes { config1; config2 }. . .tn : thread <tname_n> in modes { config2 }
connections-- mode specific connections which correspond to the-- different configurations of this process
modesstarted : initial mode;config1 : mode;config2 : mode;started –[ t1.startThread_t2 ]-> config1;started, config1 –[ t1.startThread_tn ]-> config2;started, config2 –[ t1.stopThread_tn ]-> config1;. . .
end <pname>
T1(Main)
process <pname>
T2 Tn
Moding Behaviour
. . .
• All threads started / stopped by main thread via startThread and stopThread APOS calls
• Modelled in terms of AADL events and moding
ASAAC Modelling, SAE AS-2 Meeting, Edinburgh, July 2004Page 18
EADS Military Aircraft
ASAAC Virtual Channels >> Definition
• Means for asynchronous communication between threads
• Unidirectional and data oriented, i.e. one data structure per vc
• 1:N communication scheme with send / receive buffers in FIFO or LIFO mode; M:N variant for signal processing domain
• Configuration defined by blueprint
• Reconfigurable in the case of a system error
SenderThread #2
ReceiverThread #1
ReceiverThread #2
Virtual Channel
TransferActivity
local Buffers
ASAAC Modelling, SAE AS-2 Meeting, Edinburgh, July 2004Page 19
EADS Military Aircraft
ASAAC Virtual Channels >> Modelling
• Modelled in terms of AADL connections and AADL data ports
• 1:N Virtual Channel modelled by set of <N> data connections
• AADL ports provide for buffering mechanism and policy
• (Re)configuration captured in terms of moding (see process)
• Network mapping defined by means of AADL connection binding
T1(Main)
process <pname>
T2
Moding Behaviour
. . .
Tn
vc <id>
ASAAC Modelling, SAE AS-2 Meeting, Edinburgh, July 2004Page 20
EADS Military Aircraft
ASAAC System Startup
• Initial startup of Generic System Manager (GSM)
• Dynamic creation of processes, threads, and VCs
• Synchronised start of overall system
CM
HM
FM
Process #1
Process #2
<run configuration>
Generic System Manager Application
ASAAC Modelling, SAE AS-2 Meeting, Edinburgh, July 2004Page 21
EADS Military Aircraft
ASAAC System Reconfiguration
• Error detection by GSM on a resource element (RE)
• Decision on reconfiguration action at integration area (IA)
• Synchronised reconfiguration across effected REs
IA-GSM
<error>
Integration Area
RE-GSM RE-GSM
<reconfig>
<run config>
<done>
<done>
Integration Area
Resource Element Resource Element
RE-GSM RE-GSM
IA-GSM
ASAAC Modelling, SAE AS-2 Meeting, Edinburgh, July 2004Page 22
EADS Military Aircraft
Contents
• The AADL Notation• ASAAC Platform Modelling• ASAAC Application Modelling• ASAAC Refinement Approach• Summary
ASAAC Modelling, SAE AS-2 Meeting, Edinburgh, July 2004Page 23
EADS Military Aircraft
Refinement Approach >> Introduction
Application.RW
Reader WriterVirtual Channel
Platform.Abstract
DPM_APOS(Abstract Processor)
DPM_APOS(Abstract Processor)
Transfer Connections (Logical Bus)
APOS ServicesAPOS Services
APOS ServicesAPOS Services
ASAAC Modelling, SAE AS-2 Meeting, Edinburgh, July 2004Page 24
EADS Military Aircraft
Refinement Approach >> Platform
DPM_APOS(Abstract Processor)
APOS
• Abstract processor refined to HW/SW system
• Interface subprograms assigned to SW comps
• Refined communications
Transfer Connections
DPM_APOS.Refined
DPM_MOS(Abstract Processor)
CommMgmt
Timers
APOS::C
omm
s
APOS::Tim
ing
SMOS::Timing ConfigMgmt
SMOS::Comms
Module to Operating System Interface (MOS)
Network Connections (e.g. ATM Channel)
Refined
ASAAC Modelling, SAE AS-2 Meeting, Edinburgh, July 2004Page 25
EADS Military Aircraft
Refinement Approach >> Application & Comms
Application.RWReader Writer
Platform.Refined
Network Connections (e.g. ATM Channel)
DPM_APOS.Refined
DPM_MOS
DPM_APOS.Refined
DPM_MOS
TransferConnection
APOS::CommsAPOS::CommsAPOS::CommsAPOS::Comms
ASAAC Modelling, SAE AS-2 Meeting, Edinburgh, July 2004Page 26
EADS Military Aircraft
Contents
• The AADL Notation• ASAAC Platform Modelling• ASAAC Application Modelling• ASAAC Refinement Approach• Summary
ASAAC Modelling, SAE AS-2 Meeting, Edinburgh, July 2004Page 27
EADS Military Aircraft
Summary
• ASAAC configuration and reconfiguration behaviour modelled in terms of AADL events and moding
• ASAAC application modelling based on AADL processes, threads, data ports, and connections– Formalisation of translation scheme
– Provision of templates for ASAAC modelling
• Platform modelling based on hierarchical refinement (as suggested by Peter Feiler)– Formalise refinement approach for incorporation into tools
• Application and communication refinement according to OSI reference model– Covers data flow – control flow transformation
– Applicable for 2 adjacent protocol layers only
• Synchronisation with ARINC modelling required