Presentation is loading. Please wait.

Presentation is loading. Please wait.

Presented by David LESENS Tuesday 29 November 2011 Hi-Lite project – Case Study ASTRIUM Space Transportation.

Published byHenry Richard Modified over 9 years ago

Similar presentations

Presentation on theme: "Presented by David LESENS Tuesday 29 November 2011 Hi-Lite project – Case Study ASTRIUM Space Transportation."— Presentation transcript:

1 Presented by David LESENS Tuesday 29 November 2011 Hi-Lite project – Case Study ASTRIUM Space Transportation

2 10/ 05/ 20 11 p2p2 Overview  Introduction    Astrium Space Transportation Case study  SCADE modelling    Data handling    Numerical algorithm    Event driven    Feedbacks on Alfa    Gnatprove   Conclusion  

3 10/ 05/ 20 11 p3p3 Astrium case study

4 10/ 05/ 20 11 p4p4 Event drivenData flow driven & algorithms ECS EPC EAP ECS EPC EAP ECS EPC EAP Acquisition of measurement Sensors Send commands to actuators Actuators GNC Compute the commands Control Where shall I go ? Guidance Where am I ? Navigation EnvironmentEnvironment Data handling Middleware

5 10/ 05/ 20 11 p5p5 Tools  gnatpro-7.1.0w-20111122-45-i686-pc-mingw32-bin  hilite-0.1w-20111122-i686-pc-mingw32-bin  gps-5.1.0-i686-pc-mingw32  aunit-3.3.1-i686-pc-mingw32  SCADE Suite version 6.3 beta (build i9)

6 10/ 05/ 20 11 p6p6 Overview  Introduction    Astrium Space Transportation Case study  SCADE modelling    Data handling    Numerical algorithm    Event driven    Feedbacks on Alfa    Gnatprove   Conclusion  

7 10/ 05/ 20 11 p7p7 Solar wing deployment Thermal knives Thermal knives The Flight Application Software powers thermal knives in order to deploy the solar wings Acyclic events Redundancy (FDIR) Automaton oriented  Software part modelled in SCADE

8 10/ 05/ 20 11 p8p8 Software architecture in SCADE

9 10/ 05/ 20 11 p9p9 Hierarchical automata

10 10/ 05/ 20 11 p 1010 Mode automaton

11 10/ 05/ 20 11 p 1111 Activation conditions

12 10/ 05/ 20 11 p 1212 Automatic generated code

13 10/ 05/ 20 11 p 1313 Overview  Introduction    Astrium Space Transportation Case study  SCADE modelling    Data handling    Numerical algorithm    Event driven    Feedbacks on Alfa    Gnatprove   Conclusion  

14 10/ 05/ 20 11 p 1414 Data handling  ECSS-E-70-41A  “Space engineering – Ground systems and operations – Telemetry and telecommand packet Utilization”, 30 January 2003)  Ground / board communications  Vehicle management

15 10/ 05/ 20 11 p 1515 Structure of telemetry / telecommand packets

16 10/ 05/ 20 11 p 1616 Verification of telecommand packets

17 10/ 05/ 20 11 p 1717 Definition of data bus

18 10/ 05/ 20 11 p 1818 Access to the data bus

19 10/ 05/ 20 11 p 1919 Monitoring list

20 10/ 05/ 20 11 p 2020 Overview  Introduction    Astrium Space Transportation Case study  SCADE modelling    Data handling    Numerical algorithm    Event driven    Feedbacks on Alfa    Gnatprove   Conclusion  

21 10/ 05/ 20 11 p 2121  Orientation of the ATV solar wings  Optimisation of energy  From SPARK to Alfa Algorithms

22 10/ 05/ 20 11 p 2222 Mathematical library

23 10/ 05/ 20 11 p 2323 Mathematical library with test cases  Is the test cases defined for Sin32 applicable

24 10/ 05/ 20 11 p 2424 Mathematical library: matrix product definition  Classical “safe” way

25 10/ 05/ 20 11 p 2525 Mathematical library: matrix product use  Quite complex type definition

26 10/ 05/ 20 11 p 2626 Mathematical library: matrix product definition  Classical “unsafe” way / Hi-Lite “safe” way?  Simple type definition

27 10/ 05/ 20 11 p 2727 Overview  Introduction    Astrium Space Transportation Case study  SCADE modelling    Data handling    Numerical algorithm    Event driven    Feedbacks on Alfa    Gnatprove   Conclusion  

28 10/ 05/ 20 11 p 2828 Automata (1/2)

29 10/ 05/ 20 11 p 2929 Automata (2/2)

30 10/ 05/ 20 11 p 3030 Overview  Introduction    Astrium Space Transportation Case study  SCADE modelling    Data handling   Numerical algorithm   Event driven   Feedbacks on Alfa   Gnatprove   Conclusion 

31 10/ 05/ 20 11 p 3131 Ambiguity to missing parenthesis detected

32 10/ 05/ 20 11 p 3232 Overloading of operators possible

33 10/ 05/ 20 11 p 3333 Difficulty to write a contract (precision)

34 10/ 05/ 20 11 p 3434 Powerful contract

35 10/ 05/ 20 11 p 3535 Extensions  Can this property be expressed as an invariant of the plan type?

36 10/ 05/ 20 11 p 3636 Abstract variables

37 10/ 05/ 20 11 p 3737 Abstract variables  In SPARK, an abstract global variable would be defined. The contracts will then specified than only the "Run_Time" subprogram can modify this global variable  In ALFA, such abstract global variables do not exist ++ mvm__obit__get_obit mvm-obit.ads:44 -- mvm__obit__run_time mvm-obit.ads:36 (unsupported construct) [Old attribute] ++ mvm__obit__get_obit mvm-obit.ads:44 -- mvm__obit__run_time mvm-obit.ads:36 (unsupported construct) [Old attribute]

38 10/ 05/ 20 11 p 3838 Abstract variables: First solution  The OBIT variable should be private ++ mvm__obit__get_obit mvm-obit.ads:48 ++ mvm__obit__run_time mvm-obit.ads:40 ++ mvm__obit__get_obit mvm-obit.ads:48 ++ mvm__obit__run_time mvm-obit.ads:40

39 10/ 05/ 20 11 p 3939 Abstract variables: Second solution ++ mvm__obit__get mvm-obit.ads:49 -- mvm__obit__run_time mvm-obit.ads:41 (unsupported construct) ++ mvm__obit__get mvm-obit.ads:49 -- mvm__obit__run_time mvm-obit.ads:41 (unsupported construct)

40 10/ 05/ 20 11 p 4040 In this case, the contract is equivalent to the implementation

41 10/ 05/ 20 11 p 4141 Overview  Introduction   Astrium Space Transportation Case study  SCADE modelling   Data handling   Numerical algorithm   Event driven   Feedbacks on Alfa   Gnatprove   Conclusion 

42 10/ 05/ 20 11 p 4242 ********************************** Subprograms in Alfa : 68% (414/613)... already supported : 52% (321/613)... not yet supported : 15% ( 93/613) Subprograms not in Alfa : 32% (199/613) Subprograms not in Alfa due to (possibly more than one reason): unchecked conversion : 32% (194/613) ambiguous expr : 1% ( 7/613) Subprograms not yet supported due to (possibly more than one reason): generic : 39% (237/613) attribute : 5% ( 29/613) conversion : 4% ( 24/613) discriminant : 2% ( 11/613) slice : 2% ( 11/613) multi dim array : 0% ( 2/613) (...) Units with the largest number of subprograms in Alfa: ml-bits : 51% (197/389) ml : 100% (113/113) tmtc-data_pool : 85% (41/48) sgs-main : 100% (14/14) scade-ln1 : 100% (11/11) mvm-automaton : 100% (7/7) (...) Units with the largest number of subprograms not in Alfa: ml-bits : 49% (192/389) tmtc-data_pool : 15% (7/48) ********************************** Subprograms in Alfa : 68% (414/613)... already supported : 52% (321/613)... not yet supported : 15% ( 93/613) Subprograms not in Alfa : 32% (199/613) Subprograms not in Alfa due to (possibly more than one reason): unchecked conversion : 32% (194/613) ambiguous expr : 1% ( 7/613) Subprograms not yet supported due to (possibly more than one reason): generic : 39% (237/613) attribute : 5% ( 29/613) conversion : 4% ( 24/613) discriminant : 2% ( 11/613) slice : 2% ( 11/613) multi dim array : 0% ( 2/613) (...) Units with the largest number of subprograms in Alfa: ml-bits : 51% (197/389) ml : 100% (113/113) tmtc-data_pool : 85% (41/48) sgs-main : 100% (14/14) scade-ln1 : 100% (11/11) mvm-automaton : 100% (7/7) (...) Units with the largest number of subprograms not in Alfa: ml-bits : 49% (192/389) tmtc-data_pool : 15% (7/48) **********************************

43 10/ 05/ 20 11 p 4343 ambiguous expr

44 10/ 05/ 20 11 p 4444 Gnatprove  Number of specification not in Alfa is 0  Number of body not in Alfa is 199

45 10/ 05/ 20 11 p 4545 Proof Project: ml gnatprove --mode=prove -P ml.gpr Phase 1 of 3: frame condition computation... Phase 2 of 3: translation to intermediate language... ml-bits.adb:1385:07: warning: types for unchecked conversion have different sizes … raised CONSTRAINT_ERROR : no element available because key not in map alfa_report C:\Users\david\Mes documents\Developpement\TMTC\ADA\src\OBJ\gnatprov e\gnatprove.alfad failed. Analysis performed in 18 seconds (0 h 0 mn 18 s) (Start at 28/11/2011, 22h51mn25s and end at 28/11/2011, 22h51mn43s) gnatprove : 16 seconds (0 h 0 mn 16 s) Project: ml gnatprove --mode=prove -P ml.gpr Phase 1 of 3: frame condition computation... Phase 2 of 3: translation to intermediate language... ml-bits.adb:1385:07: warning: types for unchecked conversion have different sizes … raised CONSTRAINT_ERROR : no element available because key not in map alfa_report C:\Users\david\Mes documents\Developpement\TMTC\ADA\src\OBJ\gnatprov e\gnatprove.alfad failed. Analysis performed in 18 seconds (0 h 0 mn 18 s) (Start at 28/11/2011, 22h51mn25s and end at 28/11/2011, 22h51mn43s) gnatprove : 16 seconds (0 h 0 mn 16 s)  Not yet investigated

46 10/ 05/ 20 11 p 4646 Overview  Introduction   Astrium Space Transportation Case study  SCADE modelling   Data handling   Numerical algorithm   Event driven   Feedbacks on Alfa   Gnatprove   Conclusion 

47 10/ 05/ 20 11 p 4747 Conclusion  Alfa safer than Ada  Alfa easier to use than SPARK  Alfa misses some constructs (compared to SPARK)

48 10/ 05/ 20 11 p 4848 Always a great support from AdaCore

Download ppt "Presented by David LESENS Tuesday 29 November 2011 Hi-Lite project – Case Study ASTRIUM Space Transportation."

Similar presentations

Carlos D. Rivera February 28, 2007 Design-by-Contract.

Carlos D. Rivera February 28, 2007 Design-by-Contract.
Seyedehmehrnaz Mireslami, Mohammad Moshirpour, Behrouz H. Far Department of Electrical and Computer Engineering University of Calgary, Canada {smiresla,

Seyedehmehrnaz Mireslami, Mohammad Moshirpour, Behrouz H. Far Department of Electrical and Computer Engineering University of Calgary, Canada {smiresla,
Introducing Formal Methods, Module 1, Version 1.1, Oct., 1998 1 Formal Specification and Analytical Verification L 5.

Introducing Formal Methods, Module 1, Version 1.1, Oct., Formal Specification and Analytical Verification L 5.
ECE 720T5 Fall 2012 Cyber-Physical Systems Rodolfo Pellizzoni.

ECE 720T5 Fall 2012 Cyber-Physical Systems Rodolfo Pellizzoni.
Presented by David LESENS and Johannes KANIG Thursday, 16 May 2013 Astrium Space Transportation AdaCore Formal Validation of Aerospace Software DASIA 2013.

Presented by David LESENS and Johannes KANIG Thursday, 16 May 2013 Astrium Space Transportation AdaCore Formal Validation of Aerospace Software DASIA 2013.
Slide: 1 Copyright © 2014 AdaCore Claire Dross, Pavlos Efstathopoulos, David Lesens, David Mentré and Yannick Moy Embedded Real Time Software and Systems.

Slide: 1 Copyright © 2014 AdaCore Claire Dross, Pavlos Efstathopoulos, David Lesens, David Mentré and Yannick Moy Embedded Real Time Software and Systems.
ISBN 0-321-33025-0 Chapter 3 Describing Syntax and Semantics.

ISBN Chapter 3 Describing Syntax and Semantics.
Automated creation of verification models for C-programs Yury Yusupov Saint-Petersburg State Polytechnic University The Second Spring Young Researchers.

Automated creation of verification models for C-programs Yury Yusupov Saint-Petersburg State Polytechnic University The Second Spring Young Researchers.
Visual Traffic Simulation Thomas Fotherby. Objective To visualise traffic flow. –Using 2D animated graphics –Using simple models of microscopic traffic.

Visual Traffic Simulation Thomas Fotherby. Objective To visualise traffic flow. –Using 2D animated graphics –Using simple models of microscopic traffic.
Software engineering as a model of understanding for learning and problem solving Paul Gibson and Jackie O’Kelly Computer Science Department NUI, Maynooth.

Software engineering as a model of understanding for learning and problem solving Paul Gibson and Jackie O’Kelly Computer Science Department NUI, Maynooth.
Encapsulation by Subprograms and Type Definitions

Encapsulation by Subprograms and Type Definitions
Programming Languages Structure

Programming Languages Structure
Overview of program analysis Mooly Sagiv html://www.cs.tau.ac.il/~msagiv/courses/wcc05.html.

Overview of program analysis Mooly Sagiv html://
Chapter 1 Principles of Programming and Software Engineering.

Chapter 1 Principles of Programming and Software Engineering.
1 ICS103 Programming in C Lecture 2: Introduction to C (1)

1 ICS103 Programming in C Lecture 2: Introduction to C (1)
CSC 402, Fall 20001 Requirements Analysis for Special Properties Systems Engineering (def?) –why? increasing complexity –ICBM’s (then TMI, Therac, Challenger...)

CSC 402, Fall Requirements Analysis for Special Properties Systems Engineering (def?) –why? increasing complexity –ICBM’s (then TMI, Therac, Challenger...)
November 18, 2004 Embedded System Design Flow Arkadeb Ghosal Alessandro Pinto Daniele Gasperini Alberto Sangiovanni-Vincentelli

November 18, 2004 Embedded System Design Flow Arkadeb Ghosal Alessandro Pinto Daniele Gasperini Alberto Sangiovanni-Vincentelli
Describing Syntax and Semantics

Describing Syntax and Semantics
1 ES 314 Advanced Programming Lec 2 Sept 3 Goals: Complete the discussion of problem Review of C++ Object-oriented design Arrays and pointers.

1 ES 314 Advanced Programming Lec 2 Sept 3 Goals: Complete the discussion of problem Review of C++ Object-oriented design Arrays and pointers.
Overview of program analysis Mooly Sagiv html://www.math.tau.ac.il/~msagiv/courses/wcc03.html.

Overview of program analysis Mooly Sagiv html://

Similar presentations

Ads by Google