Date post: | 06-Feb-2018 |
Category: |
Documents |
Upload: | nguyentram |
View: | 213 times |
Download: | 0 times |
UML Profile for the Society of Automotive Engineers’ Avionics Architecture Description Language
7/7/2003
Real-Time and Embedded Systems Workshop, July 2003 -- Ed Colbert 1
UML Profile for the Society of Automotive Engineers’ Avionics
Architecture Description Language
UML Profile for the Society of Automotive Engineers’ Avionics
Architecture Description Language
Ed ColbertPresident, Absolute Software Co., [email protected], (760) 929-0612
Senior Research Associate, USC Center for Software Engineering
[email protected], (213) 821-1240
(Based on presentation developed with Bruce Lewis,U.S. Army Aviation and Missile Command (AMCOM), Chair of SAE AS2C ADL Subcommittee)
27 July 2003
AADL OverviewAADL Overview
Society of Automotive Engineers (SAE) is developing standard Avionics Architecture Description Language
Basic research funded by– U.S. Defense Advanced Research Projects Agency (DARPA)
– Office of U.S. Secretary of Defense’s Open Systems – Joint Task Force (OS – JTF)
Based on – MetaH
• Design by Honeywell for specification of real-time, fault-tolerant, securely partitioned, dynamically reconfigurable multi-processor system architectures
– Unified Modeling language (UML) • Object Management Group’s (OMG) standard language for object–
oriented software development
UML Profile for the Society of Automotive Engineers’ Avionics Architecture Description Language
7/7/2003
Real-Time and Embedded Systems Workshop, July 2003 -- Ed Colbert 2
37 July 2003
OutlineOutline
Problems Developing Embedded Real-Time Systems
How Avionics Architecture Description Language Will Help
Overview of AADL
Text Language Examples
Extending UML
Draft UML Domain Model for AADL
AADL/UML Generic Missile Example
SAE Standardization of AADL
Final Notes
47 July 2003
Problems Developing Embedded Real-Time Systems
Problems Developing Embedded Real-Time Systems
Reliability, safety, & performance are constant concernsWrong or late answer could be deadlyDifficult to integrate Few means of assessing impact of decisions early– Often, don’t perceive that system exceeds processor resources until late
• Adding or changing resources is expensive, if possible• Many projects cut back on capabilities so software fits hardware
– Despite increased costs of integration, maintenance, & upgrading
Typically very long lives & must be upgraded throughout– More capabilities required in each new system or upgrade
• e.g. multimedia, situation awareness, mission simulation & training
– Capacity on original processors is soon exhausted as user needs increase• If not exhausted when fielded
– Hardware becomes obsolete
– Re-hosting of software to new hardware is expensive
UML Profile for the Society of Automotive Engineers’ Avionics Architecture Description Language
7/7/2003
Real-Time and Embedded Systems Workshop, July 2003 -- Ed Colbert 3
57 July 2003
Problems Developing Embedded Real-Time Systems (cont.)
Problems Developing Embedded Real-Time Systems (cont.)
Current development process– Manual, paper intensive, error prone, resistant to change– Disjoint models– Models not kept up
Requirements Analysis Design Implementation Integration
67 July 2003
Problems Developing Embedded Real-Time Systems (cont.)
Problems Developing Embedded Real-Time Systems (cont.)
Well–designed architecture is essential
Yet, [Garlan, Kompanek, et al. 2000] say that in practice– Most architectural descriptions are
• Informal documents• Usually centered on box-and-line diagrams, with explanatory prose
– Visual conventions are idiosyncratic & usually project-specific
– Results• Are only vaguely understood by developers
• Cannot be analyzed for consistency or completeness
• Are only hypothetically related to implementations– Properties cannot be enforced as system evolves
• Cannot be supported by tools to help software architects with their tasks
UML Profile for the Society of Automotive Engineers’ Avionics Architecture Description Language
7/7/2003
Real-Time and Embedded Systems Workshop, July 2003 -- Ed Colbert 4
77 July 2003
OutlineOutline
Problems Developing Embedded Real-Time Systems
How Avionics Architecture Description Language Will Help
Overview of AADL
Text Language Examples
Extending UML
Draft UML Domain Model for AADL
AADL/UML Generic Missile Example
SAE Standardization of AADL
Final Notes
87 July 2003
What is an Architecture Description Language?
What is an Architecture Description Language?
Describe high-level designs
Treats system as collection of connected components– Layout of components defines structure– Connectors define communication
– Component interfaces are first-class citizens
– Attributes narrowly defines• Semantics for component interactions,
• Systemic behaviors, and
• Emergent properties
Does NOT describe algorithms, data structures or circuits
UML Profile for the Society of Automotive Engineers’ Avionics Architecture Description Language
7/7/2003
Real-Time and Embedded Systems Workshop, July 2003 -- Ed Colbert 5
97 July 2003
Avionics ADL Is Domain-specific Architecture Description LanguageAvionics ADL Is Domain-specific
Architecture Description LanguageProvides notations that support domain-specific architectural style or styles– Notations for common computation & communication paradigms– Architecture formally specified using notation or notations
Models & methods to analysis – Estimate characteristics– Verify product characteristics
Provides/supports domain-specific software patterns
Library of configurable/generic components– Components that satisfy architecture guidelines for “plug-in” use– Components organized by some taxonomy
107 July 2003
Avionics ADLAvionics ADL
Specification of– Real-time– Embedded– Fault-tolerant– Securely partitioned– Dynamically configurable
Software task and communication architecturesBound to– Distributed multiple processor hardware architectures
UML Profile for the Society of Automotive Engineers’ Avionics Architecture Description Language
7/7/2003
Real-Time and Embedded Systems Workshop, July 2003 -- Ed Colbert 6
117 July 2003
Architecture-based Requirements
Analysis
Architecture-based Design and
Implementation
Architecture-based System Integration
Model-Based AADL ProcessModel-Based AADL Process
Rapid Integration Predictable System Upgradeability
Explicit ArchitectureEngineering Model
127 July 2003
Navigation
WarheadFusing
Communi-cation& ProtocolTelemetry
Sensor& SignalProcessing
SoftwareEngineer
Real-Time Architecture ModelSoftware Hardware
System Build• Executive Generation• Component Integration
DomainSpecific
Hardware
MemoryConfiguration
BusDesign
ProcessorArchitecture
Model-Based AADL EngineeringModel-Based AADL Engineering
Generated Components
Generated Components
Generated Components
AutomaticTargetRecognition
Guidance& Control
Domain Specific Languages
Hand Coded Components
Hand Coded Components
Analyses• Schedulability• Reliability• Fault Tolerance
UML Profile for the Society of Automotive Engineers’ Avionics Architecture Description Language
7/7/2003
Real-Time and Embedded Systems Workshop, July 2003 -- Ed Colbert 7
137 July 2003
OutlineOutline
Problems Developing Embedded Real-Time Systems
How Avionics Architecture Description Language Will Help
Overview of AADL
Text Language Examples
Extending UML
Draft UML Domain Model for AADL
AADL/UML Generic Missile Example
SAE Standardization of AADL
Final Notes
147 July 2003
MetaH
ADL
TOOLS
-ANALYZERS (Schedulabilty, Reliability, Safety, Security)
-SYSTEM CONSTRUCTION (Auto-generates scheduler and compiles/links all software for integrated production system)
AADLStandardization In-Progress
Real-Time Safety/Mission-Critical
Architectures (e.g., Avionics, Space, Control)
Upgraded and Standardized RT Safety/Mission Critical
Extended Large scale systems, event and dynamic architecture
capabilities
Future Production Toolsets
SAE AADL Based on MetaHSAE AADL Based on MetaH
UML Profile for the Society of Automotive Engineers’ Avionics Architecture Description Language
7/7/2003
Real-Time and Embedded Systems Workshop, July 2003 -- Ed Colbert 8
157 July 2003
What is MetaH?What is MetaH?
ADL with supporting toolset for specifying, analyzing, & integrating computer control systems
– Supports system architectures that are• Real-time,• Fault-tolerant• Securely partitioned• Dynamically reconfigurable • Multi-processor
Design by Honeywell
167 July 2003
MetaH ToolsetMetaH Toolset
Analyzes– Schedulability– Reliability– Safety
Generates integrated, environment-specific code for – Application components– Executive– “Architectural glue”
(Going to describe generation 1st)
UML Profile for the Society of Automotive Engineers’ Avionics Architecture Description Language
7/7/2003
Real-Time and Embedded Systems Workshop, July 2003 -- Ed Colbert 9
177 July 2003
Code Integration/GenerationCode Integration/Generation
Automatically configures system executive
– Generates
• Time-driven dispatcher for periodic processes & messages
• Code to vector events for event-driven processes, messages, & mode changes
– Tailors an API to services required by & authorized for each process
Performs compiles, links, & loads
187 July 2003
MetaH Generated Partitioned Architecture
MetaH Generated Partitioned Architecture
Strong Partitioning • Timing Protection• OS Call Restrictions• Memory Protection
Portability• Application Components• Tailored MetaH Executive• MetaH Kernel
Operating Environment
Software Component
Software Component
Software Component
Embedded Hardware Target
SoftwareComponent
MetaH Executive
MetaH Kernel
Fault Recovery, Execution Control, Mode Control, Timing Control, Data Synchronization,
Interprocess Communication
UML Profile for the Society of Automotive Engineers’ Avionics Architecture Description Language
7/7/2003
Real-Time and Embedded Systems Workshop, July 2003 -- Ed Colbert 10
197 July 2003
Multi-Processor StructureMulti-Processor Structure
Applicationprocess
Applicationprocess
Applicationprocess
Applicationprocess
Applicationprocess
Automatically generatedMetaH executive components
MetaH executive library componentstarget-specific library components
Run-time or RTOS
Processor BProcessor A
One downloadable image file is generated for each processor.
207 July 2003
Schedulability AnalysisSchedulability Analysis
Given– Process/processor & message/channel bindings– Process periods, deadlines, criticalities– Sequence of modules executed by a process– Module nominal & worst-case compute times– Processor & channel overheads
Compute– Processor & channel schedulability– Processor, channel, process, module utilizations– Parametric compute time sensitivity analysis
UML Profile for the Society of Automotive Engineers’ Avionics Architecture Description Language
7/7/2003
Real-Time and Embedded Systems Workshop, July 2003 -- Ed Colbert 11
217 July 2003
Reliability & SafetyReliability & Safety
Stochastic Automata Fault Model
Fault-Tolerance & Safety Features
Reliability Analysis
Partition Isolation Analysis
227 July 2003
Stochastic Automata Fault ModelStochastic Automata Fault Model
Component error models are specified as stochastic automataError propagation synchronizations can be determined from– Architecture specification– Voting protocol specifications
For Poisson rates, Markov chain system model can be generated
error_free
failed
permanentfault
propagate
processor
error_free
failed
permanentfault
propagate
processor
error propagationsynchronization
UML Profile for the Society of Automotive Engineers’ Avionics Architecture Description Language
7/7/2003
Real-Time and Embedded Systems Workshop, July 2003 -- Ed Colbert 12
237 July 2003
Fault-Tolerance and Safety FeaturesFault-Tolerance and Safety Features
Process may be time & space partitioned
Safety/design assurance level may be specified for any component
Hazardous run-time capabilities enabled on per-process basis
Executive consensus protocol is plug-replaceable
Message data errors detected & reported (but not corrected)
Process error handling semantics are defined
Model generates human-readable output, structured models
Capture data from top-down hazard analysis
Capture data from bottom-up failure modes & effects analysis
Enable multiple integrated system safety checks & analyses
247 July 2003
Reliability AnalysisReliability Analysis
Given– Possible fault types, arrival rates & error states– System architecture
• Potential propagation paths
– Consensus/voting planes– Operational versus failed system configurations– Mission duration
Compute– Pr(fail)
UML Profile for the Society of Automotive Engineers’ Avionics Architecture Description Language
7/7/2003
Real-Time and Embedded Systems Workshop, July 2003 -- Ed Colbert 13
257 July 2003
Partition Isolation AnalysisPartition Isolation Analysis
Given– Time-and-space partitions in architecture
– Safety/assurance level (A..E) for each component
Verifies– No error in component with lower safety level can
propagate to component with higher safety level
267 July 2003
MetaH Evaluation, Demonstrations Projects Starting 1992
MetaH Evaluation, Demonstrations Projects Starting 1992
Missile G&C Reference Architecture (AMCOM SED)Missile Re-engineering Demonstration (AMCOM SED)Space Vehicle Attitude Control System (AMCOM SED)Reconfigurable Flight Control (AMCOM SED)Hybrid Automata Formal Verification (AFOSR, Honeywell)Missile Defense (Boeing)Fighter Guidance SW Fault Tolerance (DARPA, CMU, Lockheed-Martin)Incremental Upgrade of Legacy Systems (AFRL, Boeing, Honeywell)Comanche Study (AMCOM, Comanche PO, Boeing, Honeywell)Tactical Mobile Robotics (DARPA, Honeywell, Georgia Tech)Advanced Intercept Technology CWE (BMDO, MaxTech)Adaptive Computer Systems (DARPA, Honeywell)Avionics System Performance Management (AFRL, Honeywell)Ada Software Integrated Development/Verification (AFRL, Honeywell)FMS Reference Architecture (Honeywell)JSF Vehicle Control (Honeywell)IFMU Reengineering (Honeywell)
UML Profile for the Society of Automotive Engineers’ Avionics Architecture Description Language
7/7/2003
Real-Time and Embedded Systems Workshop, July 2003 -- Ed Colbert 14
277 July 2003
Effort Saved on AMCOM Generic Missile Project Using MetaH
Effort Saved on AMCOM Generic Missile Project Using MetaH
Total Project 50%Port Phase Only 90%
Review 3-DOF Trans-late
6-DOF RT-6DOF
Trans-form
Test6DOF
RT-Missile
BuildDebug
Debug Port
MetaH
Current
CurrentApproach
UsingMetaH0
1000
2000
3000
4000
5000
6000
7000
8000
Cum
ulative Man H
ours
MetaH Current
287 July 2003
OutlineOutline
Problems Developing Embedded Real-Time Systems
How Avionics Architecture Description Language Will Help
Overview of AADL
Text Language Examples
Extending UML
Draft UML Metamodel for AADL
AADL/UML Generic Missile Example
SAE Standardization of AADL
Final Notes
UML Profile for the Society of Automotive Engineers’ Avionics Architecture Description Language
7/7/2003
Real-Time and Embedded Systems Workshop, July 2003 -- Ed Colbert 15
297 July 2003
System Type & ImplementationSystem Type & Implementation
system type Nav isend Nav;
system implementation Nav.Blended isA: system GPS;B: system INS;
Both: initial mode (A, B);A_Only: mode (A);B_Only: mode (B);
behaviorsBoth -[ A.Failure ]-> B_Only;Both -[B.Failure ]-> A_Only;
end Nav.Blended;
307 July 2003
Thread ExampleThread Example
thread type Collect_Samples isInput_Sample : in data Sampling’Sample;
requiresSampleSet : data Sampling’Sample_Set ;
end Collect_Samples ;
thread implementation Collect_Samples.Batch_Update isrefines
Input_Sample: in data Sampling’Sample {Source_Data_Size => 16 B} ;end Collect_Samples.Batch_Update ;
UML Profile for the Society of Automotive Engineers’ Avionics Architecture Description Language
7/7/2003
Real-Time and Embedded Systems Workshop, July 2003 -- Ed Colbert 16
317 July 2003
Process ExampleProcess Example
process Sample_Manager isInput_Sample: in data Sampling’Sample;
end Sample_Manager ;
process implementation Sample_Manager.Slow_Update isSamples: data Sampling’Samples;Collect_Samples: thread Collect_Samples(SampleSet => Samples).Batch_Update;
end Sample_Manager.Slow_Update ;
process implementation Sample_Manager.Fast_Updateextends Sample_Manager.Slow_Update is
refinesSamples: data Sampling’Dynamic_Sample_Set ;
end Sample_Manager.Fast_Update ;
327 July 2003
Process with Subprograms ExampleProcess with Subprograms Example
process type File_Server isserver Open, Close: subprogram (filename: string);
end File_Server;
process type Resizeable_File_Server extends File_Server isrequires
server Reserve_Resource: subprogram (diskname: string, disksize: size);
end Resizeable_File_Server;
process implementation File_Server.Basic isFile_System_Directory : data FSLib’directory;
end File_Server.Basic;
UML Profile for the Society of Automotive Engineers’ Avionics Architecture Description Language
7/7/2003
Real-Time and Embedded Systems Workshop, July 2003 -- Ed Colbert 17
337 July 2003
Package Type & Implementation ExamplePackage Type & Implementation Example
package type Shared_Data isGet_State, Set_State: subprogram;
end Shared_Data;
package implementation Shared_Data.PowerPC isGet_State : subprogram {Compute_Time => 15us..20us};Set_State : subprogram {Compute_Time => 20us..30us};
propertiesSource_Text => “shared_data_powerpc.ads”,
“shared_data_powerpc.adb”;end Shared_Data.PowerPC;
347 July 2003
OutlineOutline
Problems Developing Embedded Real-Time Systems
How Avionics Architecture Description Language Will Help
Overview of AADL
Text Language Examples
Extending UML
Draft UML Domain Model for AADL
AADL/UML Generic Missile Example
SAE Standardization of AADL
Final Notes
UML Profile for the Society of Automotive Engineers’ Avionics Architecture Description Language
7/7/2003
Real-Time and Embedded Systems Workshop, July 2003 -- Ed Colbert 18
357 July 2003
Benefits of Extending UMLBenefits of Extending UML
Architects can represent system architecture graphically using commonly available UML toolsUML tool developers can add advance support for AADL to existing tools rather than developing new tools– e.g. safety analysisSoftware designers can take defined architecture & refine software components– rather than common practice of re–creating architecture in software
development toolsSystem integrators should have easier time integrating– Software components generated by UML tools, or hand–code based
on UML specification– Executive and architectural glue code that is generated by AADL
tool– Target hardware.
367 July 2003
OutlineOutline
Problems Developing Embedded Real-Time Systems
How Avionics Architecture Description Language Will Help
Overview of AADL
Text Language Examples
Extending UML
Draft UML Domain Model for AADL
AADL/UML Generic Missile Example
SAE Standardization of AADL
Final Notes
UML Profile for the Society of Automotive Engineers’ Avionics Architecture Description Language
7/7/2003
Real-Time and Embedded Systems Workshop, July 2003 -- Ed Colbert 19
377 July 2003
UML Model of AADL v0.9 (draft)
OverviewUML Model of AADL v0.9 (draft)
Overview
Core Concepts
Extension Sets
An AADL Architecture
387 July 2003
UML Model of AADL v0.9 (draft)
Core ConceptsUML Model of AADL v0.9 (draft)
Core Concepts
Model-Element+ name : String
Behavior(from Behavio...
Component_Classifier(from Componen...
System_Instance(from Systems)
Feature(from Features)
Parameter(from Subprograms)
Relation(from Relations)Component_Instance
(from Components)
Mode(from Behaviors)
Library(from Librari...
Property_Type(from Property Typ...
Property(from Properties)
Property_Set(from Extension Sets)
UML Profile for the Society of Automotive Engineers’ Avionics Architecture Description Language
7/7/2003
Real-Time and Embedded Systems Workshop, July 2003 -- Ed Colbert 20
397 July 2003
UML Model of AADL v0.9 (draft)
AADL SpecificationUML Model of AADL v0.9 (draft)
AADL Specification
Property_Set(from Extension Sets)
Component_Classifier(from Components)
System_Instance(from Systems)
AADL_Specification
0..*
0..*+property_sets
0..*
0..*
0..*
0..*
+classifiers0..*
0..*
1
1
+system1
1
Library(from Libraries)
0..*
0..*
0..*+libraries
0..*
407 July 2003
UML Model of AADL v0.9 (draft)
SystemUML Model of AADL v0.9 (draft)
System
Property(from Properties)
Component_Type(from Component Types)
Component_Implementation(from Component Implementations)
System_Instance
0..*
1
+properties
0..*
1
1
+type1
1
+implementation
1
Component type and implementation must be systems or platforms
UML Profile for the Society of Automotive Engineers’ Avionics Architecture Description Language
7/7/2003
Real-Time and Embedded Systems Workshop, July 2003 -- Ed Colbert 21
417 July 2003
UML Model of AADL v0.9 (draft)
ComponentsUML Model of AADL v0.9 (draft)
Components
Component_Category(from Model Data Types)
<<enumeration>>
Component_Type(from Component Typ...
Component_Implementation(from Component Implementatio...
1 0..n+type1
+implementation0..n
realized by
Property(from Properti...
Component_Instance+ category : Component_Category
0..1
0..*
+type0..1
+instance
0..*
instance of
0..1
0..*
+implementation0..1
+instance0..*
instance of
1
0..*
+container1
#subcomponents0..*
composed of
0..*
1
+properties0..*
1
has
1
0..*
+target1 refines
0..*
Component_Classifier+ category : Component_Category
0..10..*
+parent0..1
extends
+child0..*
Feature(from Featur... 0..*
+features0..*
+ownerhas
1
0..*
+target1
refines
0..*
427 July 2003
UML Model of AADL v0.9 (draft)
Component TypesUML Model of AADL v0.9 (draft)
Component Types
Software-Type(from Software Types)
Hardware-Type(from Hardware Types)
Composite-Type(from Composite Types)
Component_Type
UML Profile for the Society of Automotive Engineers’ Avionics Architecture Description Language
7/7/2003
Real-Time and Embedded Systems Workshop, July 2003 -- Ed Colbert 22
437 July 2003
UML Model of AADL v0.9 (draft)
Software TypesUML Model of AADL v0.9 (draft)
Software Types
Software-Type
Thread-TypeProcess-Type
Package-Type
Data-Type
Subprogram-Type
447 July 2003
UML Model of AADL v0.9 (draft)
Hardware TypesUML Model of AADL v0.9 (draft)
Hardware Types
Hardware-Type
Processor-TypeMemory-TypeDevice-TypeBus-Type
UML Profile for the Society of Automotive Engineers’ Avionics Architecture Description Language
7/7/2003
Real-Time and Embedded Systems Workshop, July 2003 -- Ed Colbert 23
457 July 2003
UML Model of AADL v0.9 (draft)
Composite TypesUML Model of AADL v0.9 (draft)
Composite Types
Composite-Type
System-Type Platform-Type
467 July 2003
UML Model of AADL v0.9 (draft)
FeatureUML Model of AADL v0.9 (draft)
Feature
Port(from Ports)
Subprogram(from Subprograms)
Feature Property(from Properties)1
0..*+owner
1
+properties0..*has
Data-Subcomponent(from Data Subcomponents)
UML Profile for the Society of Automotive Engineers’ Avionics Architecture Description Language
7/7/2003
Real-Time and Embedded Systems Workshop, July 2003 -- Ed Colbert 24
477 July 2003
UML Model of AADL v0.9 (draft)
PortsUML Model of AADL v0.9 (draft)
Ports
487 July 2003
UML Model of AADL v0.9 (draft)
Sample ConstraintsUML Model of AADL v0.9 (draft)
Sample ConstraintsComponent_Classifierinv: -- parent & child of Extends
relation must be same subclass
Component_Typeinv:-- only package, bus, or memory
sub-components are allowed
Component_Implementationinv:-- category must equal type’s
category
Component_Instanceinv:-- if has a type, category must equal
type’s categoryinv:-- if has a implementation, category
must equal implementation’s category
Package_Type-- Inherits from Component_Typeinv:-- category must be Packageself.category = package
inv:-- Only package components allowedself.components->forAll ( category =
package )
UML Profile for the Society of Automotive Engineers’ Avionics Architecture Description Language
7/7/2003
Real-Time and Embedded Systems Workshop, July 2003 -- Ed Colbert 25
497 July 2003
UML Model of AADL v0.9 (draft)
Stereotype Mapping for Component TypesUML Model of AADL v0.9 (draft)
Stereotype Mapping for Component Types
AADLBusType<<stereotype>>
AADLDeviceType<<stereotype>>
AADLErrorModelType<<stereotype>>
AADLMemoryType<<stereotype>>
AADLPlatformType<<stereotype>>
AADLPackageType<<stereotype>>
AADLProcessType<<stereotype>>
AADLProcessorType<<stereotype>>
AADLSystemType<<stereotype>>
AADLThreadType<<stereotype>>
Classifier(from UML Meta-Mod...
<<metaclass>>
<<stereotype>> <<stereotype>><<stereotype>> <<stereotype>>
<<stereotype>>
<<stereotype>>
<<stereotype>>
<<stereotype>>
<<stereotype>>
<<stereotype>>
507 July 2003
OutlineOutline
Problems Developing Embedded Real-Time Systems
How Avionics Architecture Description Language Will Help
Overview of AADL
Text Language Examples
Extending UML
Draft UML Domain Model for AADL
AADL/UML Generic Missile Example
SAE Standardization of AADL
Final Notes
UML Profile for the Society of Automotive Engineers’ Avionics Architecture Description Language
7/7/2003
Real-Time and Embedded Systems Workshop, July 2003 -- Ed Colbert 26
517 July 2003
AMICOM System TypeClass Diagrams
AMICOM System TypeClass Diagrams
<<AADL-system-type>>
AMCOM
527 July 2003
AMICOM.GMSLNT System ImplementationClass Diagrams
AMICOM.GMSLNT System ImplementationClass Diagrams
System Architecture
Composite pattern
<<AADL-system-implementation>>
AMCOM.GMSLNT
<<AADL-system-type>>
MissileInFlight<<AADL-platform-type>>
GMSLNT
application1
execution_platform1
UML Profile for the Society of Automotive Engineers’ Avionics Architecture Description Language
7/7/2003
Real-Time and Embedded Systems Workshop, July 2003 -- Ed Colbert 27
537 July 2003
AMICOM.GMSLNT System ArchitectureObject Diagram
AMICOM.GMSLNT System ArchitectureObject Diagram
Graphical port representation
<<AADL-platform-type>>
/ execution_platform:GMSLNT
Sensed_Body_AccelerationsSensed_Body_Rates
FlightTimeMissileAttitudeMissileState
MissilePosition
Fin_Actuator_Cmds
RLTF
LaunchVehicleCmd<<AADL-system-implementation>>
AMCOM.GMSLNT
<<AADL-system-type>>
/ application: MissileInFlight
547 July 2003
MissileInFlight Mode TypeClass Diagram
MissileInFlight Mode TypeClass Diagram
<<AADL-system-type>>
MissileInFlightPorts
Sensed_Body_Accelerations : out Vectors.Vector_3D_TypeSensed_Body_Rates : out Vectors.Vector_3D_TypeFlightTime : out Standard.FloatMissileAttitude : out Vectors.Vector_3D_TypeMissileState : out Standard.IntegerMissilePosition : out Vectors.Vector_3D_TypeFin_Actuator_Cmds : out Vectors.Vector_4D_TypeRLTF : out Vectors.Vector_3D_TypeLaunchVehicleCmd : in Standard.Boolean
UML Profile for the Society of Automotive Engineers’ Avionics Architecture Description Language
7/7/2003
Real-Time and Embedded Systems Workshop, July 2003 -- Ed Colbert 28
557 July 2003
MissileInFlight.AMCOM Mode ImplementationClass Diagram
MissileInFlight.AMCOM Mode ImplementationClass Diagram
<<AADL-system-type>>
MissileInFlight <<AADL-system-implementation>>
MissileInFlight.AMCOMPorts
Sensed_Body_Accelerations : out Vectors.Vector_3D_TypeSensed_Body_Rates : out Vectors.Vector_3D_TypeFlightTime : out Standard.FloatMissileAttitude : out Vectors.Vector_3D_TypeMissileState : out Standard.IntegerMissilePosition : out Vectors.Vector_3D_TypeFin_Actuator_Cmds : out Vectors.Vector_4D_TypeRLTF : out Vectors.Vector_3D_TypeLaunchVehicleCmd : in Standard.Boolean
PropertiesAllowed_Bindings = NilBindings = NilBuildOptions = NilCriticality = Nil
1
1<<AADL-system-type>>
Missile
<<AADL-system-type>>
Missile_Environment
<<AADL-system-type>>
Mode_Monitor 1
567 July 2003
MissileInFlight.AMCOM Mode ImplementationObject Diagram
MissileInFlight.AMCOM Mode ImplementationObject Diagram
Sensed_Body_Accelerations
Sensed_Body_Rates
FlightTime
MissileAttitudeMissileState
MissilePosition
Fin_Actuator_CmdsRLTF
LaunchVehicleCmd
<<AADL-system-implementation>>
: MissileInFlight.AMCOM
<<AADL-system-type>>/ missile : Missile
<<AADL-system-type>>/ missile_environment : Missile_Environment
<<AADL-system-type>>: Mode_Monitor
UML Profile for the Society of Automotive Engineers’ Avionics Architecture Description Language
7/7/2003
Real-Time and Embedded Systems Workshop, July 2003 -- Ed Colbert 29
577 July 2003
Missile_Environment.AMCOM System Implementation
Object Diagram
Missile_Environment.AMCOM System Implementation
Object Diagram
Sensed_Body_AccelerationsSensed_Body_Rates
FlightTime
MissileAttitude
MissileState
MissilePosition
Fin_Actuator_Cmds
RLTFLaunchVehicleCmd
<<AADL-system-implementation>>: Missile_Environment.AMCOM
<<AADL-process-type>>/ fin_control :
Fin_Actuator_Control
<<AADL-process-type>>/ environment : Environment
<<AADL-process-type>>/ data_aquisition :Data_Aquisition
Fin_Actuator_Positions
<<AADL-monitor-type>>: Mode_Monitor
587 July 2003
Environment.AMCOM Process ImplementationClass Diagram
Environment.AMCOM Process ImplementationClass Diagram
<<AADL-process-type>>
Environment
PortsSensed_Body_Accelerations : out Vectors.Vector_3D_TypeSensed_Body_Rates : out Vectors.Vector_3D_TypeFlightTime : out Standard.FloatMissileAttitude : out Vectors.Vector_3D_TypeMissileState : out Standard.IntegerMissilePosition : out Vectors.Vector_3D_TypeLaunchVehicleCmd : in Standard.BooleanFin_Actuator_Positions : in port Vectors.Vector_4D_Type
PropertiesDeadline = 1000 usHeapSize = 8192 BPeriod = 1000 usServiceCapability = SHUT_DOWNSourceFile = ...SourceMaxTime = 270 usSourceName = "Environment"SourceTime = 240 us
<<AADL-process-implementation>>
Environment.AMCOM
UML Profile for the Society of Automotive Engineers’ Avionics Architecture Description Language
7/7/2003
Real-Time and Embedded Systems Workshop, July 2003 -- Ed Colbert 30
597 July 2003
OutlineOutline
Problems Developing Embedded Real-Time Systems
How Avionics Architecture Description Language Will Help
Overview of AADL
Text Language Examples
Extending UML
Draft UML Domain Model for AADL
AADL/UML Generic Missile Example
SAE Standardization of AADL
Final Notes
607 July 2003
AADL Standard ScheduleAADL Standard Schedule
Requirements document (ARD5296) approved by SAE Spring 2001– Based on
• Existing MetaH language, toolset• Demo/evaluation projects
AADL Definition– v1.0 standard by EOY 2003 (goal)
• Most critical requirement• Balloting expected ~ September 2003• On track
– v2.0 standard by EOY 2005-6 (goal) • Less critical requirements & those requiring research
– Current draft (v0.9) about 90% complete• About 185 pages
Requesting funding for prototyping of new AADL features
UML Profile for the Society of Automotive Engineers’ Avionics Architecture Description Language
7/7/2003
Real-Time and Embedded Systems Workshop, July 2003 -- Ed Colbert 31
617 July 2003
AADL StandardAADL Standard
Architecture modeling notation– Core– Annexes
• Ada source programming language• C/C++ source programming language• POSIX• UML Profile• System safety• ARINC 653 (under discussion)• XML exchange representation (under discussion)
Runtime system API– AwaitDispatch, RaiseEvent, etc.
Interchange representation– XML based
• Under consideration as Annex
627 July 2003
AADL Tool StrategyAADL Tool Strategy
AADL ToolInterchange
TextualAADL
GraphicalAADL
ViaUML
Profile
As XMLSchema
CommonAADL
Front-end
ImplementationTool Implementation
Tool
UMLTool
UML Profile for the Society of Automotive Engineers’ Avionics Architecture Description Language
7/7/2003
Real-Time and Embedded Systems Workshop, July 2003 -- Ed Colbert 32
637 July 2003
Key PlayersKey Players
Bruce Lewis (U.S. Army AMCOM): SAE Chair, technology user
Ed Colbert (Absolute Software & USC CSE): AADL & UML Mapping
Peter Feiler (SEI): Secretary, Co-author, Editor, technology user
Steve Vestal (Honeywell): Meta-H Originator, Co-author
Members– Boeing, Rockwell, Honeywell, Lockheed Martin, Raytheon, Smith Industries,
Dassault Aviation, Airbus, Axlog
– NIST, NAVAir, OSJTF, British MOD, Army, European Space Agency, Joint Logistics Commanders Aging Aircraft
Liaisons– COTRE, NATO, GOA, POSIX, OPEN (informal), OMG (informal)
Relationships with other parties– Australian Avionics Lab: performance analysis
647 July 2003
OutlineOutline
Problems Developing Embedded Real-Time Systems
How Avionics Architecture Description Language Will Help
Overview of AADL
Text Language Examples
Extending UML
Draft UML Domain Model for AADL
AADL/UML Generic Missile Example
SAE Standardization of AADL
Final Notes
UML Profile for the Society of Automotive Engineers’ Avionics Architecture Description Language
7/7/2003
Real-Time and Embedded Systems Workshop, July 2003 -- Ed Colbert 33
657 July 2003
AADL SummaryAADL Summary
AADL is Architecture Description Language & tools for embedded systems domain– Especially for avionics systems– Based on MetaH
AADL provides a means to:– Specify software & hardware architecture– Incrementally develop from prototype to specification– Analyze architecture formally – Implement final system
• Integrating components with hardware & automatically generated system executive & glue code
– Evolve system rapidly • Within development • Across lifecycle
667 July 2003
Things AADL Is Not Intended To DoThings AADL Is Not Intended To Do
Specify detailed design of objects, classes, algorithms, or data structures– Basic UML can provide
GUI Design– Can specify GUI component(s) & connections to other
components– But not details of screens, data types, etc.
Web-based systems
UML Profile for the Society of Automotive Engineers’ Avionics Architecture Description Language
7/7/2003
Real-Time and Embedded Systems Workshop, July 2003 -- Ed Colbert 34
677 July 2003
Things You Can Do With The AADLThings You Can Do With The AADL
Specify architecture & components for product line architecture– Create reusable components
Create adaptable workstation simulation that can be retargeted to tactical embedded system without loss of fidelity– Processing environment risk reduction (Software First).
Retargeting & re-engineering embedded systems
687 July 2003
Things You Can Do With The AADL (cont.)Things You Can Do With The AADL (cont.)
Analysis system performance of embedded RT systems– Schedule– Safety– Security
Generation architecture with separate component generation for rapidly evolvable systems
Build open architecture avionics systems with partitioned flight control– Reducing Validation & Verification cost
UML Profile for the Society of Automotive Engineers’ Avionics Architecture Description Language
7/7/2003
Real-Time and Embedded Systems Workshop, July 2003 -- Ed Colbert 35
697 July 2003
Things You Can Do With The AADL (cont.)Things You Can Do With The AADL (cont.)
Safe update of software at run-time – Supports dynamic reconfiguration of designed components– Addition or changes to generated configuration
• Must be compatible with original architecture specified or update specification & analysis
– Research on implementation of partial re-loading at run-time
Build Real-Time, Safety-Critical, Client-Server System– V1:
• inc. Bound port queues, RPC’s• Implementer or user to supply scheduling mechanism• Research on
– Scheduling RPC’s– Certify for Level A
– V2: • Research topic
– On nearly co-coincident events/procedure calls
707 July 2003
More Information or HelpMore Information or Help
Join SAE Aviation Architecture Description Language Task Group– Call Bruce Lewis (SAE Chair, U.S. Army AMCOM)
at 256-876-3224
Information & evaluation copy of MetaH– Application form is on www.htc.honeywell.com/metah
Two to Three day training course on MetaH – Call Steve Vestal (Honeywell) at 612-951-7049
Integrated use of AADL with UML– Call Ed Colbert (Absolute Software) at 760-929-0612,
www.abssw.com
UML Profile for the Society of Automotive Engineers’ Avionics Architecture Description Language
7/7/2003
Real-Time and Embedded Systems Workshop, July 2003 -- Ed Colbert 36
717 July 2003
Next SAE AADL MeetingNext SAE AADL Meeting
Society of Automotive Engineers Avionic Systems Division, AS-5 Embedded Computing Systems, ADL Subcommittee
Date: 20-22 October 2003– Monday — Wednesday
Location:– Nashville, Tennessee
Website– http://forums.sae.org/access/dispatch.cgi/TEAAS5_pf– Click Future Meetings
727 July 2003
ReferencesReferences
AS-5 Embedded Computing Systems ADL Subcommittee (2003). AVIONICS ARCHITECTURE DESCRIPTION LANGUAGE (AADL) AS5506, 0.9 (Draft) ed., Society of Automotive Engineers.
Colbert, E., Lewis, B., et al. (2000). “Developing Evolvable, Embedded, Time–Critical Systems with MetaH”, 34th International Conference on Technology of Object-Oriented Languages and Systems (TOOLS 34) Proceedings. Santa Barbara, CA: IEEE Computer Society.
Garlan, D., Kompanek, A. J., et al. (2000). “Reconciling the Needs of Architectural Description with Object-Modeling Notations”, (submitted for publication).
Vestal, S. (1998). MetaH User’s Manual, 1.27 ed., Honeywell Technology Center: Minneapolis, MN.