uml profile for the society of automotive engineers ... · pdf fileuml profile for the society...

UML Profile for the Society of Automotive Engineers’ Avionics Architecture Description Language

7/7/2003

Real-Time and Embedded Systems Workshop, July 2003 -- Ed Colbert 1

UML Profile for the Society of Automotive Engineers’ Avionics

Architecture Description Language

UML Profile for the Society of Automotive Engineers’ Avionics

Architecture Description Language

Ed ColbertPresident, Absolute Software Co., [email protected], (760) 929-0612

Senior Research Associate, USC Center for Software Engineering

[email protected], (213) 821-1240

(Based on presentation developed with Bruce Lewis,U.S. Army Aviation and Missile Command (AMCOM), Chair of SAE AS2C ADL Subcommittee)

27 July 2003

AADL OverviewAADL Overview

Society of Automotive Engineers (SAE) is developing standard Avionics Architecture Description Language

Basic research funded by– U.S. Defense Advanced Research Projects Agency (DARPA)

– Office of U.S. Secretary of Defense’s Open Systems – Joint Task Force (OS – JTF)

Based on – MetaH

• Design by Honeywell for specification of real-time, fault-tolerant, securely partitioned, dynamically reconfigurable multi-processor system architectures

– Unified Modeling language (UML) • Object Management Group’s (OMG) standard language for object–

oriented software development


7/7/2003


37 July 2003

OutlineOutline

Problems Developing Embedded Real-Time Systems

How Avionics Architecture Description Language Will Help

Overview of AADL

Text Language Examples

Extending UML

Draft UML Domain Model for AADL

AADL/UML Generic Missile Example

SAE Standardization of AADL

Final Notes

47 July 2003



Reliability, safety, & performance are constant concernsWrong or late answer could be deadlyDifficult to integrate Few means of assessing impact of decisions early– Often, don’t perceive that system exceeds processor resources until late

• Adding or changing resources is expensive, if possible• Many projects cut back on capabilities so software fits hardware

– Despite increased costs of integration, maintenance, & upgrading

Typically very long lives & must be upgraded throughout– More capabilities required in each new system or upgrade

• e.g. multimedia, situation awareness, mission simulation & training

– Capacity on original processors is soon exhausted as user needs increase• If not exhausted when fielded

– Hardware becomes obsolete

– Re-hosting of software to new hardware is expensive


7/7/2003


57 July 2003

Problems Developing Embedded Real-Time Systems (cont.)


Current development process– Manual, paper intensive, error prone, resistant to change– Disjoint models– Models not kept up

Requirements Analysis Design Implementation Integration

67 July 2003



Well–designed architecture is essential

Yet, [Garlan, Kompanek, et al. 2000] say that in practice– Most architectural descriptions are

• Informal documents• Usually centered on box-and-line diagrams, with explanatory prose

– Visual conventions are idiosyncratic & usually project-specific

– Results• Are only vaguely understood by developers

• Cannot be analyzed for consistency or completeness

• Are only hypothetically related to implementations– Properties cannot be enforced as system evolves

• Cannot be supported by tools to help software architects with their tasks


7/7/2003


77 July 2003

OutlineOutline



Overview of AADL


Extending UML




Final Notes

87 July 2003

What is an Architecture Description Language?

What is an Architecture Description Language?

Describe high-level designs

Treats system as collection of connected components– Layout of components defines structure– Connectors define communication

– Component interfaces are first-class citizens

– Attributes narrowly defines• Semantics for component interactions,

• Systemic behaviors, and

• Emergent properties

Does NOT describe algorithms, data structures or circuits


7/7/2003


97 July 2003

Avionics ADL Is Domain-specific Architecture Description LanguageAvionics ADL Is Domain-specific

Architecture Description LanguageProvides notations that support domain-specific architectural style or styles– Notations for common computation & communication paradigms– Architecture formally specified using notation or notations

Models & methods to analysis – Estimate characteristics– Verify product characteristics

Provides/supports domain-specific software patterns

Library of configurable/generic components– Components that satisfy architecture guidelines for “plug-in” use– Components organized by some taxonomy

107 July 2003

Avionics ADLAvionics ADL

Specification of– Real-time– Embedded– Fault-tolerant– Securely partitioned– Dynamically configurable

Software task and communication architecturesBound to– Distributed multiple processor hardware architectures


7/7/2003


117 July 2003

Architecture-based Requirements

Analysis

Architecture-based Design and

Implementation

Architecture-based System Integration

Model-Based AADL ProcessModel-Based AADL Process

Rapid Integration Predictable System Upgradeability

Explicit ArchitectureEngineering Model

127 July 2003

Navigation

WarheadFusing

Communi-cation& ProtocolTelemetry

Sensor& SignalProcessing

SoftwareEngineer

Real-Time Architecture ModelSoftware Hardware

System Build• Executive Generation• Component Integration

DomainSpecific

Hardware

MemoryConfiguration

BusDesign

ProcessorArchitecture

Model-Based AADL EngineeringModel-Based AADL Engineering

Generated Components



AutomaticTargetRecognition

Guidance& Control

Domain Specific Languages

Hand Coded Components

Hand Coded Components

Analyses• Schedulability• Reliability• Fault Tolerance


7/7/2003


137 July 2003

OutlineOutline



Overview of AADL


Extending UML




Final Notes

147 July 2003

MetaH

ADL

TOOLS

-ANALYZERS (Schedulabilty, Reliability, Safety, Security)

-SYSTEM CONSTRUCTION (Auto-generates scheduler and compiles/links all software for integrated production system)

AADLStandardization In-Progress

Real-Time Safety/Mission-Critical

Architectures (e.g., Avionics, Space, Control)

Upgraded and Standardized RT Safety/Mission Critical

Extended Large scale systems, event and dynamic architecture

capabilities

Future Production Toolsets

SAE AADL Based on MetaHSAE AADL Based on MetaH


7/7/2003


157 July 2003

What is MetaH?What is MetaH?

ADL with supporting toolset for specifying, analyzing, & integrating computer control systems

– Supports system architectures that are• Real-time,• Fault-tolerant• Securely partitioned• Dynamically reconfigurable • Multi-processor

Design by Honeywell

167 July 2003

MetaH ToolsetMetaH Toolset

Analyzes– Schedulability– Reliability– Safety

Generates integrated, environment-specific code for – Application components– Executive– “Architectural glue”

(Going to describe generation 1st)


7/7/2003


177 July 2003

Code Integration/GenerationCode Integration/Generation

Automatically configures system executive

– Generates

• Time-driven dispatcher for periodic processes & messages

• Code to vector events for event-driven processes, messages, & mode changes

– Tailors an API to services required by & authorized for each process

Performs compiles, links, & loads

187 July 2003

MetaH Generated Partitioned Architecture

MetaH Generated Partitioned Architecture

Strong Partitioning • Timing Protection• OS Call Restrictions• Memory Protection

Portability• Application Components• Tailored MetaH Executive• MetaH Kernel

Operating Environment

Software Component

Software Component

Software Component

Embedded Hardware Target

SoftwareComponent

MetaH Executive

MetaH Kernel

Fault Recovery, Execution Control, Mode Control, Timing Control, Data Synchronization,

Interprocess Communication


7/7/2003


197 July 2003

Multi-Processor StructureMulti-Processor Structure

Applicationprocess

Applicationprocess

Applicationprocess

Applicationprocess

Applicationprocess

Automatically generatedMetaH executive components

MetaH executive library componentstarget-specific library components

Run-time or RTOS

Processor BProcessor A

One downloadable image file is generated for each processor.

207 July 2003

Schedulability AnalysisSchedulability Analysis

Given– Process/processor & message/channel bindings– Process periods, deadlines, criticalities– Sequence of modules executed by a process– Module nominal & worst-case compute times– Processor & channel overheads

Compute– Processor & channel schedulability– Processor, channel, process, module utilizations– Parametric compute time sensitivity analysis


7/7/2003


217 July 2003

Reliability & SafetyReliability & Safety

Stochastic Automata Fault Model

Fault-Tolerance & Safety Features

Reliability Analysis

Partition Isolation Analysis

227 July 2003

Stochastic Automata Fault ModelStochastic Automata Fault Model

Component error models are specified as stochastic automataError propagation synchronizations can be determined from– Architecture specification– Voting protocol specifications

For Poisson rates, Markov chain system model can be generated

error_free

failed

permanentfault

propagate

processor

error_free

failed

permanentfault

propagate

processor

error propagationsynchronization


7/7/2003


237 July 2003

Fault-Tolerance and Safety FeaturesFault-Tolerance and Safety Features

Process may be time & space partitioned

Safety/design assurance level may be specified for any component

Hazardous run-time capabilities enabled on per-process basis

Executive consensus protocol is plug-replaceable

Message data errors detected & reported (but not corrected)

Process error handling semantics are defined

Model generates human-readable output, structured models

Capture data from top-down hazard analysis

Capture data from bottom-up failure modes & effects analysis

Enable multiple integrated system safety checks & analyses

247 July 2003

Reliability AnalysisReliability Analysis

Given– Possible fault types, arrival rates & error states– System architecture

• Potential propagation paths

– Consensus/voting planes– Operational versus failed system configurations– Mission duration

Compute– Pr(fail)


7/7/2003


257 July 2003

Partition Isolation AnalysisPartition Isolation Analysis

Given– Time-and-space partitions in architecture

– Safety/assurance level (A..E) for each component

Verifies– No error in component with lower safety level can

propagate to component with higher safety level

267 July 2003

MetaH Evaluation, Demonstrations Projects Starting 1992

MetaH Evaluation, Demonstrations Projects Starting 1992

Missile G&C Reference Architecture (AMCOM SED)Missile Re-engineering Demonstration (AMCOM SED)Space Vehicle Attitude Control System (AMCOM SED)Reconfigurable Flight Control (AMCOM SED)Hybrid Automata Formal Verification (AFOSR, Honeywell)Missile Defense (Boeing)Fighter Guidance SW Fault Tolerance (DARPA, CMU, Lockheed-Martin)Incremental Upgrade of Legacy Systems (AFRL, Boeing, Honeywell)Comanche Study (AMCOM, Comanche PO, Boeing, Honeywell)Tactical Mobile Robotics (DARPA, Honeywell, Georgia Tech)Advanced Intercept Technology CWE (BMDO, MaxTech)Adaptive Computer Systems (DARPA, Honeywell)Avionics System Performance Management (AFRL, Honeywell)Ada Software Integrated Development/Verification (AFRL, Honeywell)FMS Reference Architecture (Honeywell)JSF Vehicle Control (Honeywell)IFMU Reengineering (Honeywell)


7/7/2003


277 July 2003

Effort Saved on AMCOM Generic Missile Project Using MetaH

Effort Saved on AMCOM Generic Missile Project Using MetaH

Total Project 50%Port Phase Only 90%

Review 3-DOF Trans-late

6-DOF RT-6DOF

Trans-form

Test6DOF

RT-Missile

BuildDebug

Debug Port

MetaH

Current

CurrentApproach

UsingMetaH0

1000

2000

3000

4000

5000

6000

7000

8000

Cum

ulative Man H

ours

MetaH Current

287 July 2003

OutlineOutline



Overview of AADL


Extending UML

Draft UML Metamodel for AADL



Final Notes


7/7/2003


297 July 2003

System Type & ImplementationSystem Type & Implementation

system type Nav isend Nav;

system implementation Nav.Blended isA: system GPS;B: system INS;

Both: initial mode (A, B);A_Only: mode (A);B_Only: mode (B);

behaviorsBoth -[ A.Failure ]-> B_Only;Both -[B.Failure ]-> A_Only;

end Nav.Blended;

307 July 2003

Thread ExampleThread Example

thread type Collect_Samples isInput_Sample : in data Sampling’Sample;

requiresSampleSet : data Sampling’Sample_Set ;

end Collect_Samples ;

thread implementation Collect_Samples.Batch_Update isrefines

Input_Sample: in data Sampling’Sample {Source_Data_Size => 16 B} ;end Collect_Samples.Batch_Update ;


7/7/2003


317 July 2003

Process ExampleProcess Example

process Sample_Manager isInput_Sample: in data Sampling’Sample;

end Sample_Manager ;

process implementation Sample_Manager.Slow_Update isSamples: data Sampling’Samples;Collect_Samples: thread Collect_Samples(SampleSet => Samples).Batch_Update;

end Sample_Manager.Slow_Update ;

process implementation Sample_Manager.Fast_Updateextends Sample_Manager.Slow_Update is

refinesSamples: data Sampling’Dynamic_Sample_Set ;

end Sample_Manager.Fast_Update ;

327 July 2003

Process with Subprograms ExampleProcess with Subprograms Example

process type File_Server isserver Open, Close: subprogram (filename: string);

end File_Server;

process type Resizeable_File_Server extends File_Server isrequires

server Reserve_Resource: subprogram (diskname: string, disksize: size);

end Resizeable_File_Server;

process implementation File_Server.Basic isFile_System_Directory : data FSLib’directory;

end File_Server.Basic;


7/7/2003


337 July 2003

Package Type & Implementation ExamplePackage Type & Implementation Example

package type Shared_Data isGet_State, Set_State: subprogram;

end Shared_Data;

package implementation Shared_Data.PowerPC isGet_State : subprogram {Compute_Time => 15us..20us};Set_State : subprogram {Compute_Time => 20us..30us};

propertiesSource_Text => “shared_data_powerpc.ads”,

“shared_data_powerpc.adb”;end Shared_Data.PowerPC;

347 July 2003

OutlineOutline



Overview of AADL


Extending UML




Final Notes


7/7/2003


357 July 2003

Benefits of Extending UMLBenefits of Extending UML

Architects can represent system architecture graphically using commonly available UML toolsUML tool developers can add advance support for AADL to existing tools rather than developing new tools– e.g. safety analysisSoftware designers can take defined architecture & refine software components– rather than common practice of re–creating architecture in software

development toolsSystem integrators should have easier time integrating– Software components generated by UML tools, or hand–code based

on UML specification– Executive and architectural glue code that is generated by AADL

tool– Target hardware.

367 July 2003

OutlineOutline



Overview of AADL


Extending UML




Final Notes


7/7/2003


377 July 2003

UML Model of AADL v0.9 (draft)

OverviewUML Model of AADL v0.9 (draft)

Overview

Core Concepts

Extension Sets

An AADL Architecture

387 July 2003


Core ConceptsUML Model of AADL v0.9 (draft)

Core Concepts

Model-Element+ name : String

Behavior(from Behavio...

Component_Classifier(from Componen...

System_Instance(from Systems)

Feature(from Features)

Parameter(from Subprograms)

Relation(from Relations)Component_Instance

(from Components)

Mode(from Behaviors)

Library(from Librari...

Property_Type(from Property Typ...

Property(from Properties)

Property_Set(from Extension Sets)


7/7/2003


397 July 2003


AADL SpecificationUML Model of AADL v0.9 (draft)

AADL Specification

Property_Set(from Extension Sets)

Component_Classifier(from Components)

System_Instance(from Systems)

AADL_Specification

0..*

0..*+property_sets

0..*

0..*

0..*

0..*

+classifiers0..*

0..*

1

1

+system1

1

Library(from Libraries)

0..*

0..*

0..*+libraries

0..*

407 July 2003


SystemUML Model of AADL v0.9 (draft)

System

Property(from Properties)

Component_Type(from Component Types)

Component_Implementation(from Component Implementations)

System_Instance

0..*

1

+properties

0..*

1

1

+type1

1

+implementation

1

Component type and implementation must be systems or platforms


7/7/2003


417 July 2003


ComponentsUML Model of AADL v0.9 (draft)

Components

Component_Category(from Model Data Types)

<<enumeration>>

Component_Type(from Component Typ...

Component_Implementation(from Component Implementatio...

1 0..n+type1

+implementation0..n

realized by

Property(from Properti...

Component_Instance+ category : Component_Category

0..1

0..*

+type0..1

+instance

0..*

instance of

0..1

0..*

+implementation0..1

+instance0..*

instance of

1

0..*

+container1

#subcomponents0..*

composed of

0..*

1

+properties0..*

1

has

1

0..*

+target1 refines

0..*

Component_Classifier+ category : Component_Category

0..10..*

+parent0..1

extends

+child0..*

Feature(from Featur... 0..*

+features0..*

+ownerhas

1

0..*

+target1

refines

0..*

427 July 2003


Component TypesUML Model of AADL v0.9 (draft)

Component Types

Software-Type(from Software Types)

Hardware-Type(from Hardware Types)

Composite-Type(from Composite Types)

Component_Type


7/7/2003


437 July 2003


Software TypesUML Model of AADL v0.9 (draft)

Software Types

Software-Type

Thread-TypeProcess-Type

Package-Type

Data-Type

Subprogram-Type

447 July 2003


Hardware TypesUML Model of AADL v0.9 (draft)

Hardware Types

Hardware-Type

Processor-TypeMemory-TypeDevice-TypeBus-Type


7/7/2003


457 July 2003


Composite TypesUML Model of AADL v0.9 (draft)

Composite Types

Composite-Type

System-Type Platform-Type

467 July 2003


FeatureUML Model of AADL v0.9 (draft)

Feature

Port(from Ports)

Subprogram(from Subprograms)

Feature Property(from Properties)1

0..*+owner

1

+properties0..*has

Data-Subcomponent(from Data Subcomponents)


7/7/2003


477 July 2003


PortsUML Model of AADL v0.9 (draft)

Ports

487 July 2003


Sample ConstraintsUML Model of AADL v0.9 (draft)

Sample ConstraintsComponent_Classifierinv: -- parent & child of Extends

relation must be same subclass

Component_Typeinv:-- only package, bus, or memory

sub-components are allowed

Component_Implementationinv:-- category must equal type’s

category

Component_Instanceinv:-- if has a type, category must equal

type’s categoryinv:-- if has a implementation, category

must equal implementation’s category

Package_Type-- Inherits from Component_Typeinv:-- category must be Packageself.category = package

inv:-- Only package components allowedself.components->forAll ( category =

package )


7/7/2003


497 July 2003


Stereotype Mapping for Component TypesUML Model of AADL v0.9 (draft)

Stereotype Mapping for Component Types

AADLBusType<<stereotype>>

AADLDeviceType<<stereotype>>

AADLErrorModelType<<stereotype>>

AADLMemoryType<<stereotype>>

AADLPlatformType<<stereotype>>

AADLPackageType<<stereotype>>

AADLProcessType<<stereotype>>

AADLProcessorType<<stereotype>>

AADLSystemType<<stereotype>>

AADLThreadType<<stereotype>>

Classifier(from UML Meta-Mod...

<<metaclass>>

<<stereotype>> <<stereotype>><<stereotype>> <<stereotype>>

<<stereotype>>

<<stereotype>>

<<stereotype>>

<<stereotype>>

<<stereotype>>

<<stereotype>>

507 July 2003

OutlineOutline



Overview of AADL


Extending UML




Final Notes


7/7/2003


517 July 2003

AMICOM System TypeClass Diagrams

AMICOM System TypeClass Diagrams

<<AADL-system-type>>

AMCOM

527 July 2003

AMICOM.GMSLNT System ImplementationClass Diagrams

AMICOM.GMSLNT System ImplementationClass Diagrams

System Architecture

Composite pattern

<<AADL-system-implementation>>

AMCOM.GMSLNT


MissileInFlight<<AADL-platform-type>>

GMSLNT

application1

execution_platform1


7/7/2003


537 July 2003

AMICOM.GMSLNT System ArchitectureObject Diagram

AMICOM.GMSLNT System ArchitectureObject Diagram

Graphical port representation

<<AADL-platform-type>>

/ execution_platform:GMSLNT

Sensed_Body_AccelerationsSensed_Body_Rates

FlightTimeMissileAttitudeMissileState

MissilePosition

Fin_Actuator_Cmds

RLTF

LaunchVehicleCmd<<AADL-system-implementation>>

AMCOM.GMSLNT


/ application: MissileInFlight

547 July 2003

MissileInFlight Mode TypeClass Diagram

MissileInFlight Mode TypeClass Diagram


MissileInFlightPorts

Sensed_Body_Accelerations : out Vectors.Vector_3D_TypeSensed_Body_Rates : out Vectors.Vector_3D_TypeFlightTime : out Standard.FloatMissileAttitude : out Vectors.Vector_3D_TypeMissileState : out Standard.IntegerMissilePosition : out Vectors.Vector_3D_TypeFin_Actuator_Cmds : out Vectors.Vector_4D_TypeRLTF : out Vectors.Vector_3D_TypeLaunchVehicleCmd : in Standard.Boolean


7/7/2003


557 July 2003

MissileInFlight.AMCOM Mode ImplementationClass Diagram

MissileInFlight.AMCOM Mode ImplementationClass Diagram


MissileInFlight <<AADL-system-implementation>>

MissileInFlight.AMCOMPorts

Sensed_Body_Accelerations : out Vectors.Vector_3D_TypeSensed_Body_Rates : out Vectors.Vector_3D_TypeFlightTime : out Standard.FloatMissileAttitude : out Vectors.Vector_3D_TypeMissileState : out Standard.IntegerMissilePosition : out Vectors.Vector_3D_TypeFin_Actuator_Cmds : out Vectors.Vector_4D_TypeRLTF : out Vectors.Vector_3D_TypeLaunchVehicleCmd : in Standard.Boolean

PropertiesAllowed_Bindings = NilBindings = NilBuildOptions = NilCriticality = Nil

1

1<<AADL-system-type>>

Missile


Missile_Environment


Mode_Monitor 1

567 July 2003

MissileInFlight.AMCOM Mode ImplementationObject Diagram

MissileInFlight.AMCOM Mode ImplementationObject Diagram

Sensed_Body_Accelerations

Sensed_Body_Rates

FlightTime

MissileAttitudeMissileState

MissilePosition

Fin_Actuator_CmdsRLTF

LaunchVehicleCmd

<<AADL-system-implementation>>

: MissileInFlight.AMCOM

<<AADL-system-type>>/ missile : Missile

<<AADL-system-type>>/ missile_environment : Missile_Environment

<<AADL-system-type>>: Mode_Monitor


7/7/2003


577 July 2003

Missile_Environment.AMCOM System Implementation

Object Diagram

Missile_Environment.AMCOM System Implementation

Object Diagram

Sensed_Body_AccelerationsSensed_Body_Rates

FlightTime

MissileAttitude

MissileState

MissilePosition

Fin_Actuator_Cmds

RLTFLaunchVehicleCmd

<<AADL-system-implementation>>: Missile_Environment.AMCOM

<<AADL-process-type>>/ fin_control :

Fin_Actuator_Control

<<AADL-process-type>>/ environment : Environment

<<AADL-process-type>>/ data_aquisition :Data_Aquisition

Fin_Actuator_Positions

<<AADL-monitor-type>>: Mode_Monitor

587 July 2003

Environment.AMCOM Process ImplementationClass Diagram

Environment.AMCOM Process ImplementationClass Diagram

<<AADL-process-type>>

Environment

PortsSensed_Body_Accelerations : out Vectors.Vector_3D_TypeSensed_Body_Rates : out Vectors.Vector_3D_TypeFlightTime : out Standard.FloatMissileAttitude : out Vectors.Vector_3D_TypeMissileState : out Standard.IntegerMissilePosition : out Vectors.Vector_3D_TypeLaunchVehicleCmd : in Standard.BooleanFin_Actuator_Positions : in port Vectors.Vector_4D_Type

PropertiesDeadline = 1000 usHeapSize = 8192 BPeriod = 1000 usServiceCapability = SHUT_DOWNSourceFile = ...SourceMaxTime = 270 usSourceName = "Environment"SourceTime = 240 us

<<AADL-process-implementation>>

Environment.AMCOM


7/7/2003


597 July 2003

OutlineOutline



Overview of AADL


Extending UML




Final Notes

607 July 2003

AADL Standard ScheduleAADL Standard Schedule

Requirements document (ARD5296) approved by SAE Spring 2001– Based on

• Existing MetaH language, toolset• Demo/evaluation projects

AADL Definition– v1.0 standard by EOY 2003 (goal)

• Most critical requirement• Balloting expected ~ September 2003• On track

– v2.0 standard by EOY 2005-6 (goal) • Less critical requirements & those requiring research

– Current draft (v0.9) about 90% complete• About 185 pages

Requesting funding for prototyping of new AADL features


7/7/2003


617 July 2003

AADL StandardAADL Standard

Architecture modeling notation– Core– Annexes

• Ada source programming language• C/C++ source programming language• POSIX• UML Profile• System safety• ARINC 653 (under discussion)• XML exchange representation (under discussion)

Runtime system API– AwaitDispatch, RaiseEvent, etc.

Interchange representation– XML based

• Under consideration as Annex

627 July 2003

AADL Tool StrategyAADL Tool Strategy

AADL ToolInterchange

TextualAADL

GraphicalAADL

ViaUML

Profile

As XMLSchema

CommonAADL

Front-end

ImplementationTool Implementation

Tool

UMLTool


7/7/2003


637 July 2003

Key PlayersKey Players

Bruce Lewis (U.S. Army AMCOM): SAE Chair, technology user

Ed Colbert (Absolute Software & USC CSE): AADL & UML Mapping

Peter Feiler (SEI): Secretary, Co-author, Editor, technology user

Steve Vestal (Honeywell): Meta-H Originator, Co-author

Members– Boeing, Rockwell, Honeywell, Lockheed Martin, Raytheon, Smith Industries,

Dassault Aviation, Airbus, Axlog

– NIST, NAVAir, OSJTF, British MOD, Army, European Space Agency, Joint Logistics Commanders Aging Aircraft

Liaisons– COTRE, NATO, GOA, POSIX, OPEN (informal), OMG (informal)

Relationships with other parties– Australian Avionics Lab: performance analysis

647 July 2003

OutlineOutline



Overview of AADL


Extending UML




Final Notes


7/7/2003


657 July 2003

AADL SummaryAADL Summary

AADL is Architecture Description Language & tools for embedded systems domain– Especially for avionics systems– Based on MetaH

AADL provides a means to:– Specify software & hardware architecture– Incrementally develop from prototype to specification– Analyze architecture formally – Implement final system

• Integrating components with hardware & automatically generated system executive & glue code

– Evolve system rapidly • Within development • Across lifecycle

667 July 2003

Things AADL Is Not Intended To DoThings AADL Is Not Intended To Do

Specify detailed design of objects, classes, algorithms, or data structures– Basic UML can provide

GUI Design– Can specify GUI component(s) & connections to other

components– But not details of screens, data types, etc.

Web-based systems


7/7/2003


677 July 2003

Things You Can Do With The AADLThings You Can Do With The AADL

Specify architecture & components for product line architecture– Create reusable components

Create adaptable workstation simulation that can be retargeted to tactical embedded system without loss of fidelity– Processing environment risk reduction (Software First).

Retargeting & re-engineering embedded systems

687 July 2003

Things You Can Do With The AADL (cont.)Things You Can Do With The AADL (cont.)

Analysis system performance of embedded RT systems– Schedule– Safety– Security

Generation architecture with separate component generation for rapidly evolvable systems

Build open architecture avionics systems with partitioned flight control– Reducing Validation & Verification cost


7/7/2003


697 July 2003

Things You Can Do With The AADL (cont.)Things You Can Do With The AADL (cont.)

Safe update of software at run-time – Supports dynamic reconfiguration of designed components– Addition or changes to generated configuration

• Must be compatible with original architecture specified or update specification & analysis

– Research on implementation of partial re-loading at run-time

Build Real-Time, Safety-Critical, Client-Server System– V1:

• inc. Bound port queues, RPC’s• Implementer or user to supply scheduling mechanism• Research on

– Scheduling RPC’s– Certify for Level A

– V2: • Research topic

– On nearly co-coincident events/procedure calls

707 July 2003

More Information or HelpMore Information or Help

Join SAE Aviation Architecture Description Language Task Group– Call Bruce Lewis (SAE Chair, U.S. Army AMCOM)

at 256-876-3224

Information & evaluation copy of MetaH– Application form is on www.htc.honeywell.com/metah

Two to Three day training course on MetaH – Call Steve Vestal (Honeywell) at 612-951-7049

Integrated use of AADL with UML– Call Ed Colbert (Absolute Software) at 760-929-0612,

www.abssw.com


7/7/2003


717 July 2003

Next SAE AADL MeetingNext SAE AADL Meeting

Society of Automotive Engineers Avionic Systems Division, AS-5 Embedded Computing Systems, ADL Subcommittee

Date: 20-22 October 2003– Monday — Wednesday

Location:– Nashville, Tennessee

Website– http://forums.sae.org/access/dispatch.cgi/TEAAS5_pf– Click Future Meetings

727 July 2003

ReferencesReferences

AS-5 Embedded Computing Systems ADL Subcommittee (2003). AVIONICS ARCHITECTURE DESCRIPTION LANGUAGE (AADL) AS5506, 0.9 (Draft) ed., Society of Automotive Engineers.

Colbert, E., Lewis, B., et al. (2000). “Developing Evolvable, Embedded, Time–Critical Systems with MetaH”, 34th International Conference on Technology of Object-Oriented Languages and Systems (TOOLS 34) Proceedings. Santa Barbara, CA: IEEE Computer Society.

Garlan, D., Kompanek, A. J., et al. (2000). “Reconciling the Needs of Architectural Description with Object-Modeling Notations”, (submitted for publication).

Vestal, S. (1998). MetaH User’s Manual, 1.27 ed., Honeywell Technology Center: Minneapolis, MN.

uml profile for the society of automotive engineers ... · pdf fileuml profile for the society...

Documents