Presented by David LESENS Tuesday 29 November 2011 Hi-Lite project – Case Study ASTRIUM Space Transportation.

Slides:

Advertisements

Similar presentations

Carlos D. Rivera February 28, 2007 Design-by-Contract.

Advertisements

Seyedehmehrnaz Mireslami, Mohammad Moshirpour, Behrouz H. Far Department of Electrical and Computer Engineering University of Calgary, Canada {smiresla,

Introducing Formal Methods, Module 1, Version 1.1, Oct., Formal Specification and Analytical Verification L 5.

ECE 720T5 Fall 2012 Cyber-Physical Systems Rodolfo Pellizzoni.

Presented by David LESENS and Johannes KANIG Thursday, 16 May 2013 Astrium Space Transportation AdaCore Formal Validation of Aerospace Software DASIA 2013.

Slide: 1 Copyright © 2014 AdaCore Claire Dross, Pavlos Efstathopoulos, David Lesens, David Mentré and Yannick Moy Embedded Real Time Software and Systems.

ISBN Chapter 3 Describing Syntax and Semantics.

Automated creation of verification models for C-programs Yury Yusupov Saint-Petersburg State Polytechnic University The Second Spring Young Researchers.

Visual Traffic Simulation Thomas Fotherby. Objective To visualise traffic flow. –Using 2D animated graphics –Using simple models of microscopic traffic.

Software engineering as a model of understanding for learning and problem solving Paul Gibson and Jackie O’Kelly Computer Science Department NUI, Maynooth.

Encapsulation by Subprograms and Type Definitions

Programming Languages Structure

Overview of program analysis Mooly Sagiv html://

Chapter 1 Principles of Programming and Software Engineering.

1 ICS103 Programming in C Lecture 2: Introduction to C (1)

CSC 402, Fall Requirements Analysis for Special Properties Systems Engineering (def?) –why? increasing complexity –ICBM’s (then TMI, Therac, Challenger...)

November 18, 2004 Embedded System Design Flow Arkadeb Ghosal Alessandro Pinto Daniele Gasperini Alberto Sangiovanni-Vincentelli

Describing Syntax and Semantics

1 ES 314 Advanced Programming Lec 2 Sept 3 Goals: Complete the discussion of problem Review of C++ Object-oriented design Arrays and pointers.

Overview of program analysis Mooly Sagiv html://

A case study System to Software Integrity Matteo Bordin Jérôme Hugues Cyrille Comar, Ed Falis, Franco Gasperoni, Yannick Moy, Elie Richa.

02/06/05 “Investigating a Finite–State Machine Notation for Discrete–Event Systems” Nikolay Stoimenov.

PROGRAMMING LANGUAGES The Study of Programming Languages.

Modern Concurrency Abstractions for C# by Nick Benton, Luca Cardelli & C´EDRIC FOURNET Microsoft Research.

© Janice Regan, CMPT 128, Jan CMPT 128 Introduction to Computing Science for Engineering Students Creating a program.

Comp 245 Data Structures Software Engineering. What is Software Engineering? Most students obtain the problem and immediately start coding the solution.

ECE 720T5 Winter 2014 Cyber-Physical Systems Rodolfo Pellizzoni.

Designing a HEP Experiment Control System, Lessons to be Learned From 10 Years Evolution and Operation of the DELPHI Experiment. André Augustinus 8 February.

1. 2 Purpose of This Presentation ◆ To explain how spacecraft can be virtualized by using a standard modeling method; ◆ To introduce the basic concept.

Is Proof More Cost-Effective Than Testing? Presented by Yin Shi.

The Program Development Cycle

Agenda 1. Introduction 2. Overview of SU-MoVal 3. OCL-based Model Validation 4. QVT-based Transformations 5. Demo of SU-MoVal 6. Conclusion and Future.

Christian Heinzemann 11. Oktober 2015 Modeling Behavior of Self-Adaptive Systems Seminar Software Quality and Safety.

Porting Implementation of Packet Utilization Standard from ADA to JAVA Annelie Hultman (TEC-EME) Donata Pedrazzani (TEC-EMS) ESA/ESTEC 2004 JPUS de-briefing.

CSC-682 Cryptography & Computer Security Sound and Precise Analysis of Web Applications for Injection Vulnerabilities Pompi Rotaru Based on an article.

1 10/14/2015ã 2007, Spencer Rugaber The Waterfall Process Software plans and requirements Validation System feasibility Validation Product design Verification.

Nikos Kefalakis, John Soldatos, Efstathios Mertikas, Neeli R. Prasad Generating Business Events in an RFID Network.

© GMV S.A., 2004 Property of GMV S.A. All rights reserved 2004/05/13 XML in CCSDS CCSDS Spring Meeting - Montreal Fran Martínez GMVSA 4081/04.

Issues in (Financial) High Performance Computing John Darlington Director Imperial College Internet Centre Fast Financial Algorithms and Computing 4th.

1 Introduction to Software Engineering Lecture 1.

CS Data Structures I Chapter 2 Principles of Programming & Software Engineering.

High Integrity Ada in a UML and C world Peter Amey, Neil White Presented by Liping Cai.

FDT Foil no 1 On Methodology from Domain to System Descriptions by Rolv Bræk NTNU Workshop on Philosophy and Applicablitiy of Formal Languages Geneve 15.

2007 Science of Design (SoD) PI Meeting – Project Nuggets NSF SoD Award No: NSF SoD-HCER Project Title: Learning Based Programming Investigator.

1 © AdaCore under the GNU Free Documentation License Franco Gasperoni

MDD approach for the Design of Context-Aware Applications.

© 2006 Pearson Addison-Wesley. All rights reserved 2-1 Chapter 2 Principles of Programming & Software Engineering.

Imagine Creating Software Without a Single Line of Code!

Testing OO software. State Based Testing State machine: implementation-independent specification (model) of the dynamic behaviour of the system State:

Ch13-1 Chap 13 Introduction to Matlab 13.1 Introduction MATLAB : The MATrix LABoratory program Not only is the MATLAB programming language exceptionally.

Model Checking Ariane 5 Flight Program: Bozga, Mounier, FMICS 2001 I guess most of us remember when Ariane 5 rocket blew up on the sky. This happened on.

Computer Simulation of Networks ECE/CSC 777: Telecommunications Network Design Fall, 2013, Rudra Dutta.

XASTRO-2 Presentation CCSDS SAWG th November 2004.

1. 2 Purpose of This Presentation ◆ To explain how spacecraft can be virtualized by using a standard modeling method; ◆ To introduce the basic concept.

Globus: A Report. Introduction What is Globus? Need for Globus. Goal of Globus Approach used by Globus: –Develop High level tools and basic technologies.

From Natural Language to LTL: Difficulties Capturing Natural Language Specification in Formal Languages for Automatic Analysis Elsa L Gunter NJIT.

GLAST LAT ProjectCDR/CD-3 Review May 12-16, 2003 Document: LAT-PR Section 5 IOC Subsystem 1 GLAST Large Area Telescope: IOC Subsystems WBS: 4.1.B.

Software Systems Division (TEC-SW) ASSERT process & toolchain Maxime Perrotin, ESA.

Multi-disciplinary Approach for Industrial Phases in Space Projects Evolution of classic SE into MBSE Harald EisenmannAstrium Satellites Joachim Fuchs.

서울대한양대 ( 안 산 ) 충남대 1년1년 컴퓨터기초 (C) 컴퓨터프로그래밍 (C, Java) 컴퓨터프로그래밍 (C) 2. 봄 프로그래밍 원리 (Scheme, ML) Structure & Interpretation of Computer Programs 프로그래밍 방법론.

Software Engineering Algorithms, Compilers, & Lifecycle.

Principles of Programming and Software Engineering

Software Design Methodology

Levels of Software Assurance in SPARK

AdaCore Technologies for Cyber Security

Amir Taherkordi, Frank Eliassen, and Einar Broch Johnsen

Copyright 2007 Oxford Consulting, Ltd

Rail, Space, Security: Three Case Studies for SPARK 2014

Re- engineeniering.

System to Software Integrity

Presentation transcript:

Presented by David LESENS Tuesday 29 November 2011 Hi-Lite project – Case Study ASTRIUM Space Transportation

10/ 05/ p2p2 Overview  Introduction    Astrium Space Transportation Case study  SCADE modelling    Data handling    Numerical algorithm    Event driven    Feedbacks on Alfa    Gnatprove   Conclusion  

10/ 05/ p3p3 Astrium case study

10/ 05/ p4p4 Event drivenData flow driven & algorithms ECS EPC EAP ECS EPC EAP ECS EPC EAP Acquisition of measurement Sensors Send commands to actuators Actuators GNC Compute the commands Control Where shall I go ? Guidance Where am I ? Navigation EnvironmentEnvironment Data handling Middleware

10/ 05/ p5p5 Tools  gnatpro-7.1.0w i686-pc-mingw32-bin  hilite-0.1w i686-pc-mingw32-bin  gps i686-pc-mingw32  aunit i686-pc-mingw32  SCADE Suite version 6.3 beta (build i9)

10/ 05/ p6p6 Overview  Introduction    Astrium Space Transportation Case study  SCADE modelling    Data handling    Numerical algorithm    Event driven    Feedbacks on Alfa    Gnatprove   Conclusion  

10/ 05/ p7p7 Solar wing deployment Thermal knives Thermal knives The Flight Application Software powers thermal knives in order to deploy the solar wings Acyclic events Redundancy (FDIR) Automaton oriented  Software part modelled in SCADE

10/ 05/ p8p8 Software architecture in SCADE

10/ 05/ p9p9 Hierarchical automata

10/ 05/ p 1010 Mode automaton

10/ 05/ p 1111 Activation conditions

10/ 05/ p 1212 Automatic generated code

10/ 05/ p 1313 Overview  Introduction    Astrium Space Transportation Case study  SCADE modelling    Data handling    Numerical algorithm    Event driven    Feedbacks on Alfa    Gnatprove   Conclusion  

10/ 05/ p 1414 Data handling  ECSS-E-70-41A  “Space engineering – Ground systems and operations – Telemetry and telecommand packet Utilization”, 30 January 2003)  Ground / board communications  Vehicle management

10/ 05/ p 1515 Structure of telemetry / telecommand packets

10/ 05/ p 1616 Verification of telecommand packets

10/ 05/ p 1717 Definition of data bus

10/ 05/ p 1818 Access to the data bus

10/ 05/ p 1919 Monitoring list

10/ 05/ p 2020 Overview  Introduction    Astrium Space Transportation Case study  SCADE modelling    Data handling    Numerical algorithm    Event driven    Feedbacks on Alfa    Gnatprove   Conclusion  

10/ 05/ p 2121  Orientation of the ATV solar wings  Optimisation of energy  From SPARK to Alfa Algorithms

10/ 05/ p 2222 Mathematical library

10/ 05/ p 2323 Mathematical library with test cases  Is the test cases defined for Sin32 applicable

10/ 05/ p 2424 Mathematical library: matrix product definition  Classical “safe” way

10/ 05/ p 2525 Mathematical library: matrix product use  Quite complex type definition

10/ 05/ p 2626 Mathematical library: matrix product definition  Classical “unsafe” way / Hi-Lite “safe” way?  Simple type definition

10/ 05/ p 2727 Overview  Introduction    Astrium Space Transportation Case study  SCADE modelling    Data handling    Numerical algorithm    Event driven    Feedbacks on Alfa    Gnatprove   Conclusion  

10/ 05/ p 2828 Automata (1/2)

10/ 05/ p 2929 Automata (2/2)

10/ 05/ p 3030 Overview  Introduction    Astrium Space Transportation Case study  SCADE modelling    Data handling   Numerical algorithm   Event driven   Feedbacks on Alfa   Gnatprove   Conclusion 

10/ 05/ p 3131 Ambiguity to missing parenthesis detected

10/ 05/ p 3232 Overloading of operators possible

10/ 05/ p 3333 Difficulty to write a contract (precision)

10/ 05/ p 3434 Powerful contract

10/ 05/ p 3535 Extensions  Can this property be expressed as an invariant of the plan type?

10/ 05/ p 3636 Abstract variables

10/ 05/ p 3737 Abstract variables  In SPARK, an abstract global variable would be defined. The contracts will then specified than only the "Run_Time" subprogram can modify this global variable  In ALFA, such abstract global variables do not exist ++ mvm__obit__get_obit mvm-obit.ads:44 -- mvm__obit__run_time mvm-obit.ads:36 (unsupported construct) [Old attribute] ++ mvm__obit__get_obit mvm-obit.ads:44 -- mvm__obit__run_time mvm-obit.ads:36 (unsupported construct) [Old attribute]

10/ 05/ p 3838 Abstract variables: First solution  The OBIT variable should be private ++ mvm__obit__get_obit mvm-obit.ads:48 ++ mvm__obit__run_time mvm-obit.ads:40 ++ mvm__obit__get_obit mvm-obit.ads:48 ++ mvm__obit__run_time mvm-obit.ads:40

10/ 05/ p 3939 Abstract variables: Second solution ++ mvm__obit__get mvm-obit.ads:49 -- mvm__obit__run_time mvm-obit.ads:41 (unsupported construct) ++ mvm__obit__get mvm-obit.ads:49 -- mvm__obit__run_time mvm-obit.ads:41 (unsupported construct)

10/ 05/ p 4040 In this case, the contract is equivalent to the implementation

10/ 05/ p 4141 Overview  Introduction   Astrium Space Transportation Case study  SCADE modelling   Data handling   Numerical algorithm   Event driven   Feedbacks on Alfa   Gnatprove   Conclusion 

10/ 05/ p 4242 ********************************** Subprograms in Alfa : 68% (414/613)... already supported : 52% (321/613)... not yet supported : 15% ( 93/613) Subprograms not in Alfa : 32% (199/613) Subprograms not in Alfa due to (possibly more than one reason): unchecked conversion : 32% (194/613) ambiguous expr : 1% ( 7/613) Subprograms not yet supported due to (possibly more than one reason): generic : 39% (237/613) attribute : 5% ( 29/613) conversion : 4% ( 24/613) discriminant : 2% ( 11/613) slice : 2% ( 11/613) multi dim array : 0% ( 2/613) (...) Units with the largest number of subprograms in Alfa: ml-bits : 51% (197/389) ml : 100% (113/113) tmtc-data_pool : 85% (41/48) sgs-main : 100% (14/14) scade-ln1 : 100% (11/11) mvm-automaton : 100% (7/7) (...) Units with the largest number of subprograms not in Alfa: ml-bits : 49% (192/389) tmtc-data_pool : 15% (7/48) ********************************** Subprograms in Alfa : 68% (414/613)... already supported : 52% (321/613)... not yet supported : 15% ( 93/613) Subprograms not in Alfa : 32% (199/613) Subprograms not in Alfa due to (possibly more than one reason): unchecked conversion : 32% (194/613) ambiguous expr : 1% ( 7/613) Subprograms not yet supported due to (possibly more than one reason): generic : 39% (237/613) attribute : 5% ( 29/613) conversion : 4% ( 24/613) discriminant : 2% ( 11/613) slice : 2% ( 11/613) multi dim array : 0% ( 2/613) (...) Units with the largest number of subprograms in Alfa: ml-bits : 51% (197/389) ml : 100% (113/113) tmtc-data_pool : 85% (41/48) sgs-main : 100% (14/14) scade-ln1 : 100% (11/11) mvm-automaton : 100% (7/7) (...) Units with the largest number of subprograms not in Alfa: ml-bits : 49% (192/389) tmtc-data_pool : 15% (7/48) **********************************

10/ 05/ p 4343 ambiguous expr

10/ 05/ p 4444 Gnatprove  Number of specification not in Alfa is 0  Number of body not in Alfa is 199

10/ 05/ p 4545 Proof Project: ml gnatprove --mode=prove -P ml.gpr Phase 1 of 3: frame condition computation... Phase 2 of 3: translation to intermediate language... ml-bits.adb:1385:07: warning: types for unchecked conversion have different sizes … raised CONSTRAINT_ERROR : no element available because key not in map alfa_report C:\Users\david\Mes documents\Developpement\TMTC\ADA\src\OBJ\gnatprov e\gnatprove.alfad failed. Analysis performed in 18 seconds (0 h 0 mn 18 s) (Start at 28/11/2011, 22h51mn25s and end at 28/11/2011, 22h51mn43s) gnatprove : 16 seconds (0 h 0 mn 16 s) Project: ml gnatprove --mode=prove -P ml.gpr Phase 1 of 3: frame condition computation... Phase 2 of 3: translation to intermediate language... ml-bits.adb:1385:07: warning: types for unchecked conversion have different sizes … raised CONSTRAINT_ERROR : no element available because key not in map alfa_report C:\Users\david\Mes documents\Developpement\TMTC\ADA\src\OBJ\gnatprov e\gnatprove.alfad failed. Analysis performed in 18 seconds (0 h 0 mn 18 s) (Start at 28/11/2011, 22h51mn25s and end at 28/11/2011, 22h51mn43s) gnatprove : 16 seconds (0 h 0 mn 16 s)  Not yet investigated

10/ 05/ p 4646 Overview  Introduction   Astrium Space Transportation Case study  SCADE modelling   Data handling   Numerical algorithm   Event driven   Feedbacks on Alfa   Gnatprove   Conclusion 

10/ 05/ p 4747 Conclusion  Alfa safer than Ada  Alfa easier to use than SPARK  Alfa misses some constructs (compared to SPARK)

10/ 05/ p 4848 Always a great support from AdaCore