Presentation is loading. Please wait.

Presentation is loading. Please wait.

QinetiQ in confidence © Copyright QinetiQ www.QinetiQ.com November 2008 Challenges Colin O’Halloran Aerospace Consulting Practice.

Published byNorman Lindsey Modified over 9 years ago

Similar presentations

Presentation on theme: "QinetiQ in confidence © Copyright QinetiQ www.QinetiQ.com November 2008 Challenges Colin O’Halloran Aerospace Consulting Practice."— Presentation transcript:

1 QinetiQ in confidence © Copyright QinetiQ www.QinetiQ.com November 2008 Challenges Colin O’Halloran Aerospace Consulting Practice

2 www.QinetiQ.com QinetiQ in confidence © Copyright QinetiQ OEM n Prime/Integrator eg Boeing, Ford, NG… OEM 1 e.g. NG, Bosch,… ||... || System Integration Competitive selection amongst suppliers worldwide Integration at a unit level Supplier A n Supplier B n Supplier X n … Supplier A 1 Supplier B 1 Supplier X 1 … ProcureProcure

3 www.QinetiQ.com QinetiQ in confidence © Copyright QinetiQ Hand code Overview and Rationale for linking design models with code Model Autocode Code System Requirements Development Verification Evidence for Certification DO178 Review Analysis Test Reduce to Validation and Hardware testing Exploit automated proof Typically compliance to Standards/process Typically only Analyse results of test Typically vast majority of effort Specification

4 www.QinetiQ.com QinetiQ in confidence © Copyright QinetiQ Overview of the Beacon/ClawZ Process Z Discharge proof Code Refinement Script Generator Supertac Z Producer Compliance Notation Tool ProofPower Verification Conditions Beacon Simulink Development Verification User Interface

5 www.QinetiQ.com QinetiQ in confidence © Copyright QinetiQ Example of BEACON code generation Specify BEACON code generation information –Each subsystem implemented by an Ada subprogram: ‘Step’, ‘Diff’ and ‘Int’

6 www.QinetiQ.com QinetiQ in confidence © Copyright QinetiQ Source code for Ada subprograms ‘Diff’ and ‘Int’ procedure Diff ( Input : in Real32_T ; Deriv : out Real32_T ; State : in out Real32_T ) is -- LOCAL data from section DEFAULT tmp1 : Real32_T ; begin -- -- UnitDelay: discrete/Diff/Unit Delay -- tmp1 := State; State := Input; -- -- Sum: discrete/Diff/Sum -- Deriv := Input - (tmp1); end Diff ; procedure Int ( Input : in Real32_T ; Integ : out Real32_T ; State : in out Real32_T ) is -- LOCAL data from section DEFAULT Prev_State : Real32_T ; begin -- -- UnitDelay: discrete/Int/Unit Delay -- Prev_State := State; -- -- Sum: discrete/Int/Sum -- Integ := Input + Prev_State; -- -- UnitDelay: discrete/Int/Unit Delay -- State := Integ; end Int ;

7 www.QinetiQ.com QinetiQ in confidence © Copyright QinetiQ Source code for Ada subprogram ‘Step’ procedure Step is -- LOCAL data from section DEFAULT D : Real32_T ; I : Real32_T ; P : Real32_T ; tmp1 : Real32_T ; begin -- -- Subsystem: pid/Diff -- Source: discrete/Diff -- Diff ( Input => Error, Deriv => tmp1, State => pid_Diff_State ); -- -- Product: pid/Sd -- D := Kd * tmp1; -- -- Product: pid/Si -- tmp1 := Error * Ki; -- -- Product: pid/Sp -- P := Error * Kp; -- -- Subsystem: pid/Int -- Source: discrete/Int -- Integ ( Input => tmp1, Integ => I, State => pid_Int_State ); -- -- Sum: pid/Sum -- Output := D + P + I; end Step ;

8 www.QinetiQ.com QinetiQ in confidence © Copyright QinetiQ Setup CLawZ analysis project

9 www.QinetiQ.com QinetiQ in confidence © Copyright QinetiQ Specify Simulink model files

10 www.QinetiQ.com QinetiQ in confidence © Copyright QinetiQ Identify parts of the Simulink model that correspond to program units For BEACON this can be done automatically using information embedded in.mdl files

11 www.QinetiQ.com QinetiQ in confidence © Copyright QinetiQ Specify the Ada source code files and define which subprograms to verify

12 www.QinetiQ.com QinetiQ in confidence © Copyright QinetiQ Perform analysis Link Simulink units with Ada subprograms –Automatic for BEACON Define interface between Simulink signals and Ada variables –Automatic for BEACON Run auto-verification Proof results reported –Verification condition failure provides the point of failure and the pre-condition information at that point

13 www.QinetiQ.com QinetiQ in confidence © Copyright QinetiQ Assigning Programs to Systems MW state machine n Stateflow/Simulink n Code n System Properties Stateflow/Simulink 1 Code 1 ⊑ MW state machine 1 ||... || ⊑ ⊑ ⊑ ⊑ ModelWorks to check high level design satisfies system properties plus analytical/simulation techniques for continuous control systems Refinement Conjecture With Deduction + MALPORTE healthiness checking Combination of Simulation, Deduction and Compositional Model Checking BEACON automatic code generation

14 www.QinetiQ.com QinetiQ in confidence © Copyright QinetiQ Challenges Prediction of Properties – capability to predict and check properties of system software components (both horizontally and vertically) –Customer – ability to control certain classes of risk, e.g. late discovery of inadequate performance –Supplier – invest in “libraries” of components with known properties Property Trade-offs – capability to assess the interactions between properties and to make informed trade-offs between those properties –Customer – ability to configure system to realise sufficient capability –Supplier – ability to control development risk Exploit model based development to produce assurable engineering artefacts to support the management of the supply chain

Download ppt "QinetiQ in confidence © Copyright QinetiQ www.QinetiQ.com November 2008 Challenges Colin O’Halloran Aerospace Consulting Practice."

Similar presentations

MDI 2010, Oslo, Norway Behavioural Interoperability to Support Model-Driven Systems Integration Alek Radjenovic, Richard Paige The University of York,

MDI 2010, Oslo, Norway Behavioural Interoperability to Support Model-Driven Systems Integration Alek Radjenovic, Richard Paige The University of York,
Configuration management

Configuration management
Test Yaodong Bi.

Test Yaodong Bi.
SAFe Automotive aRchItecture SAFARI. SAFARI_Presentation_Short_v1.ppt 2 / /P. Cuenot/ 2009.09.03 © Continental AG ARTEMIS/Call2 R&D Project Proposal Project.

SAFe Automotive aRchItecture SAFARI. SAFARI_Presentation_Short_v1.ppt 2 / /P. Cuenot/ © Continental AG ARTEMIS/Call2 R&D Project Proposal Project.
System Integration Verification and Validation

System Integration Verification and Validation
Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.

Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.
1 Translation Validation: From Simulink to C Michael RyabtsevOfer Strichman Technion, Haifa, Israel Acknowledgement: sponsored by a grant from General.

1 Translation Validation: From Simulink to C Michael RyabtsevOfer Strichman Technion, Haifa, Israel Acknowledgement: sponsored by a grant from General.
Software Modeling SWE5441 Lecture 3 Eng. Mohammed Timraz

Software Modeling SWE5441 Lecture 3 Eng. Mohammed Timraz
MotoHawk Training Model-Based Design of Embedded Systems.

MotoHawk Training Model-Based Design of Embedded Systems.
An Integration of Program Analysis and Automated Theorem Proving Bill J. Ellis & Andrew Ireland School of Mathematical & Computer Sciences Heriot-Watt.

An Integration of Program Analysis and Automated Theorem Proving Bill J. Ellis & Andrew Ireland School of Mathematical & Computer Sciences Heriot-Watt.
Formal Methods in Software Engineering Credit Hours: 3+0 By: Qaisar Javaid Assistant Professor Formal Methods in Software Engineering1.

Formal Methods in Software Engineering Credit Hours: 3+0 By: Qaisar Javaid Assistant Professor Formal Methods in Software Engineering1.
1 Steps for Production Code Generation Wind Turbine Pitch Controller 1. Generate test data and extract controller 2. Discretize Change integrator blocks.

1 Steps for Production Code Generation Wind Turbine Pitch Controller 1. Generate test data and extract controller 2. Discretize Change integrator blocks.
HORIZONT 1 ProcMan ® The Handover Process Manager Product Presentation HORIZONT Software for Datacenters Garmischer Str. 8 D- 80339 München Tel ++49(0)89.

HORIZONT 1 ProcMan ® The Handover Process Manager Product Presentation HORIZONT Software for Datacenters Garmischer Str. 8 D München Tel ++49(0)89.
Software testing.

Software testing.
Integrated Design and Analysis Tools for Software-Based Control Systems Shankar Sastry (PI) Tom Henzinger Edward Lee University of California, Berkeley.

Integrated Design and Analysis Tools for Software-Based Control Systems Shankar Sastry (PI) Tom Henzinger Edward Lee University of California, Berkeley.
Copyright © 2006 Software Quality Research Laboratory DANSE Software Quality Assurance Tom Swain Software Quality Research Laboratory University of Tennessee.

Copyright © 2006 Software Quality Research Laboratory DANSE Software Quality Assurance Tom Swain Software Quality Research Laboratory University of Tennessee.
10 th January 2007 www.QinetiQ.com QinetiQ in confidence © Copyright QinetiQ 1.

10 th January QinetiQ in confidence © Copyright QinetiQ 1.
© Copyright QinetiQ limited 2010 Formal Methods Tool Qualification for DO178B & DO178C Nick Tudor tel: +44 1684 894489

© Copyright QinetiQ limited 2010 Formal Methods Tool Qualification for DO178B & DO178C Nick Tudor tel:
The Systems Assurance Group Dr Jaspal Sagoo Systems Assurance Group QinetiQ Trusted Information Management Malvern Technology Centre.

The Systems Assurance Group Dr Jaspal Sagoo Systems Assurance Group QinetiQ Trusted Information Management Malvern Technology Centre.
Automated Tests in NICOS Nightly Control System Alexander Undrus Brookhaven National Laboratory, Upton, NY 11973 Software testing is a difficult, time-consuming.

Automated Tests in NICOS Nightly Control System Alexander Undrus Brookhaven National Laboratory, Upton, NY Software testing is a difficult, time-consuming.

Similar presentations

Ads by Google