Date post: | 17-Jan-2016 |
Category: |
Documents |
Upload: | henry-richard |
View: | 213 times |
Download: | 0 times |
Presented by David LESENS
Tuesday 29 November 2011
Hi-Lite project – Case StudyASTRIUM Space Transportation
10/05/2011
p2
Overview
Introduction Astrium Space Transportation Case study
SCADE modelling Data handling Numerical algorithm Event driven
Feedbacks on Alfa Gnatprove Conclusion
10/05/2011
p3
Astrium case study
10/05/2011
p4
Event driven Data flow driven & algorithms
EC
S
EP
C
EA
P
EA
P
EC
S
EP
CEA
P
EA
P
EC
S
EP
CEA
P
EA
P
• Acquisition ofmeasurement
Sen
sors
• Send commandsto actuators
Actu
ators
GNC
• Compute thecommands
Control
• Where shall I go ?Guidance
• Where am I ?NavigationEn
viron
me
En
viron
me
nt
nt
En
viron
me
En
viron
me
nt
nt
Data handlingMiddleware
10/05/2011
p5
Tools
gnatpro-7.1.0w-20111122-45-i686-pc-mingw32-binhilite-0.1w-20111122-i686-pc-mingw32-bingps-5.1.0-i686-pc-mingw32aunit-3.3.1-i686-pc-mingw32
SCADE Suite version 6.3 beta (build i9)
10/05/2011
p6
Overview
Introduction Astrium Space Transportation Case study
SCADE modelling Data handling Numerical algorithm Event driven
Feedbacks on Alfa Gnatprove Conclusion
10/05/2011
p7
Solar wing deployment
Thermalknives
Thermalknives
The Flight Application SoftwareThe Flight Application Softwarepowers thermal knives in orderpowers thermal knives in orderto deploy the solar wingsto deploy the solar wings
• Acyclic events• Redundancy (FDIR)• Automaton oriented
Software part modelledin SCADE
10/05/2011
p8
Software architecture in SCADE
10/05/2011
p9
Hierarchical automata
10/05/2011
p10
Mode automaton
10/05/2011
p11
Activation conditions
10/05/2011
p12
Automatic generated code
10/05/2011
p13
Overview
Introduction Astrium Space Transportation Case study
SCADE modelling Data handling Numerical algorithm Event driven
Feedbacks on Alfa Gnatprove Conclusion
10/05/2011
p14
Data handling
ECSS-E-70-41A “Space engineering – Ground systems and operations – Telemetry
and telecommand packet Utilization”, 30 January 2003) Ground / board communications Vehicle management
10/05/2011
p15
Structure of telemetry / telecommand packets
10/05/2011
p16
Verification of telecommand packets
10/05/2011
p17
Definition of data bus
10/05/2011
p18
Access to the data bus
10/05/2011
p19
Monitoring list
10/05/2011
p20
Overview
Introduction Astrium Space Transportation Case study
SCADE modelling Data handling Numerical algorithm Event driven
Feedbacks on Alfa Gnatprove Conclusion
10/05/2011
p21
Orientation of the ATV solar wings Optimisation of energy
From SPARK to Alfa
Algorithms
10/05/2011
p22
Mathematical library
10/05/2011
p23
Mathematical library with test cases
Is the test cases defined for Sin32 applicable
10/05/2011
p24
Mathematical library: matrix product definition
Classical “safe” way
10/05/2011
p25
Mathematical library: matrix product use
Quite complex type definition
10/05/2011
p26
Mathematical library: matrix product definition
Classical “unsafe” way / Hi-Lite “safe” way?
Simple type definition
10/05/2011
p27
Overview
Introduction Astrium Space Transportation Case study
SCADE modelling Data handling Numerical algorithm Event driven
Feedbacks on Alfa Gnatprove Conclusion
10/05/2011
p28
Automata (1/2)
10/05/2011
p29
Automata (2/2)
10/05/2011
p30
Overview
Introduction Astrium Space Transportation Case study
SCADE modelling Data handling Numerical algorithm Event driven
Feedbacks on Alfa Gnatprove Conclusion
10/05/2011
p31
Ambiguity to missing parenthesis detected
10/05/2011
p32
Overloading of operators possible
10/05/2011
p33
Difficulty to write a contract (precision)
10/05/2011
p34
Powerful contract
10/05/2011
p35
Extensions
Can this property be expressed as an invariant of the plan type?
10/05/2011
p36
Abstract variables
10/05/2011
p37
Abstract variables
In SPARK, an abstract global variable would be defined. The contracts will then specified than only the "Run_Time" subprogram can modify this global variable
In ALFA, such abstract global variables do not exist
++ mvm__obit__get_obit mvm-obit.ads:44-- mvm__obit__run_time mvm-obit.ads:36 (unsupported construct) [Old attribute]
++ mvm__obit__get_obit mvm-obit.ads:44-- mvm__obit__run_time mvm-obit.ads:36 (unsupported construct) [Old attribute]
10/05/2011
p38
Abstract variables: First solution
The OBIT variable should be private
++ mvm__obit__get_obit mvm-obit.ads:48++ mvm__obit__run_time mvm-obit.ads:40
++ mvm__obit__get_obit mvm-obit.ads:48++ mvm__obit__run_time mvm-obit.ads:40
10/05/2011
p39
Abstract variables: Second solution
++ mvm__obit__get mvm-obit.ads:49-- mvm__obit__run_time mvm-obit.ads:41 (unsupported construct)
++ mvm__obit__get mvm-obit.ads:49-- mvm__obit__run_time mvm-obit.ads:41 (unsupported construct)
10/05/2011
p40
In this case, the contract is equivalent to the implementation
10/05/2011
p41
Overview
Introduction Astrium Space Transportation Case study
SCADE modelling Data handling Numerical algorithm Event driven
Feedbacks on Alfa Gnatprove Conclusion
10/05/2011
p42
**********************************Subprograms in Alfa : 68% (414/613) ... already supported : 52% (321/613) ... not yet supported : 15% ( 93/613)Subprograms not in Alfa : 32% (199/613)
Subprograms not in Alfa due to (possibly more than one reason): unchecked conversion : 32% (194/613) ambiguous expr : 1% ( 7/613)
Subprograms not yet supported due to (possibly more than one reason): generic : 39% (237/613) attribute : 5% ( 29/613) conversion : 4% ( 24/613) discriminant : 2% ( 11/613) slice : 2% ( 11/613) multi dim array : 0% ( 2/613)(...)
Units with the largest number of subprograms in Alfa: ml-bits : 51% (197/389) ml : 100% (113/113) tmtc-data_pool : 85% (41/48) sgs-main : 100% (14/14) scade-ln1 : 100% (11/11) mvm-automaton : 100% (7/7)(...)
Units with the largest number of subprograms not in Alfa: ml-bits : 49% (192/389) tmtc-data_pool : 15% (7/48)**********************************
**********************************Subprograms in Alfa : 68% (414/613) ... already supported : 52% (321/613) ... not yet supported : 15% ( 93/613)Subprograms not in Alfa : 32% (199/613)
Subprograms not in Alfa due to (possibly more than one reason): unchecked conversion : 32% (194/613) ambiguous expr : 1% ( 7/613)
Subprograms not yet supported due to (possibly more than one reason): generic : 39% (237/613) attribute : 5% ( 29/613) conversion : 4% ( 24/613) discriminant : 2% ( 11/613) slice : 2% ( 11/613) multi dim array : 0% ( 2/613)(...)
Units with the largest number of subprograms in Alfa: ml-bits : 51% (197/389) ml : 100% (113/113) tmtc-data_pool : 85% (41/48) sgs-main : 100% (14/14) scade-ln1 : 100% (11/11) mvm-automaton : 100% (7/7)(...)
Units with the largest number of subprograms not in Alfa: ml-bits : 49% (192/389) tmtc-data_pool : 15% (7/48)**********************************
10/05/2011
p43
ambiguous expr
10/05/2011
p44
Gnatprove
Number of specification not in Alfa is 0Number of body not in Alfa is 199
10/05/2011
p45
ProofProject: mlgnatprove --mode=prove -P ml.gprPhase 1 of 3: frame condition computation ...Phase 2 of 3: translation to intermediate language ...ml-bits.adb:1385:07: warning: types for unchecked conversion have different sizes…
raised CONSTRAINT_ERROR : no element available because key not in mapalfa_report C:\Users\david\Mes documents\Developpement\TMTC\ADA\src\OBJ\gnatprove\gnatprove.alfad failed.Analysis performed in 18 seconds (0 h 0 mn 18 s)(Start at 28/11/2011, 22h51mn25s and end at 28/11/2011, 22h51mn43s) gnatprove : 16 seconds (0 h 0 mn 16 s)
Project: mlgnatprove --mode=prove -P ml.gprPhase 1 of 3: frame condition computation ...Phase 2 of 3: translation to intermediate language ...ml-bits.adb:1385:07: warning: types for unchecked conversion have different sizes…
raised CONSTRAINT_ERROR : no element available because key not in mapalfa_report C:\Users\david\Mes documents\Developpement\TMTC\ADA\src\OBJ\gnatprove\gnatprove.alfad failed.Analysis performed in 18 seconds (0 h 0 mn 18 s)(Start at 28/11/2011, 22h51mn25s and end at 28/11/2011, 22h51mn43s) gnatprove : 16 seconds (0 h 0 mn 16 s)
Not yet investigated Not yet investigated
10/05/2011
p46
Overview
Introduction Astrium Space Transportation Case study
SCADE modelling Data handling Numerical algorithm Event driven
Feedbacks on Alfa Gnatprove Conclusion
10/05/2011
p47
Conclusion
Alfa safer than Ada
Alfa easier to use than SPARK
Alfa misses some constructs (compared to SPARK)
10/05/2011
p48
Always a great support from AdaCore