a case study in formal system engineering with sysml
play

A case study in formal system engineering with SysML Iulia Dragomir 1 - PowerPoint PPT Presentation

A case study in formal system engineering with SysML Iulia Dragomir 1 , Iulian Ober 1 and David Lesens 2 1 IRIT - University of Toulouse 2 Astrium Space Transportation July 19, 2012 Iulia Dragomir (IRIT) A case study in formal system engineering


  1. A case study in formal system engineering with SysML Iulia Dragomir 1 , Iulian Ober 1 and David Lesens 2 1 IRIT - University of Toulouse 2 Astrium Space Transportation July 19, 2012 Iulia Dragomir (IRIT) A case study in formal system engineering with SysML July 19, 2012 1 / 25

  2. Outline 1 Full Model Driven Engineering development process 2 OMEGA SysML Profile & Toolset 3 The Automated Transfer Vehicle (ATV) case study 4 Validation results 5 Conclusions Iulia Dragomir (IRIT) A case study in formal system engineering with SysML July 19, 2012 2 / 25

  3. Outline 1 Full Model Driven Engineering development process Iulia Dragomir (IRIT) A case study in formal system engineering with SysML July 19, 2012 3 / 25

  4. � � � � Full Model Driven Engineering Process System design System design Papyrus or Rhapsody Papyrus or Rhapsody modeller modeller Formal with Omega profile with Omega profile proof Model transformation & refinement Software specification Software specification + Formal proof Generated Manual Code generator Implementation code Implementation code + Formal Generated Manual proof This project has been partially funded by the European Space Agency. Iulia Dragomir (IRIT) A case study in formal system engineering with SysML July 19, 2012 4 / 25

  5. Outline 2 OMEGA SysML Profile & Toolset Iulia Dragomir (IRIT) A case study in formal system engineering with SysML July 19, 2012 5 / 25

  6. The OMEGA Language SysML Profile for the specification and verification of real-time embedded systems Consists of: A large subset of SysML + Model coherence constraints + A formal operational semantics + Real-time & verification extensions Iulia Dragomir (IRIT) A case study in formal system engineering with SysML July 19, 2012 6 / 25

  7. The OMEGA Profile Structure SysML Block Definition Diagrams & Internal Block Diagrams Blocks with properties, operations and state machines, interconnection elements and relationships Structured data types and signals «block,root» System itsController 1 bank:Bank IBankController IBankController Bank2ATM Bank2ATM ATM2Bank ATM2Bank IControllerBank IControllerBank 1 atm:ATM «block» CashDispenser CTR4CD CTR4CD ATM2User ATM2User Attributes IConsoleUser, IConsole, IControllerConsole IConsoleUser, IConsole, IControllerConsole t:Timer IControllerCashDispenser IControllerCashDispenser 1 user:User User2ATM User2ATM IUserATM, IUserConsole, IVerifyPin, IUserTransaction, ICardReader IUserATM, IUserConsole, IVerifyPin, IUserTransaction, ICardReader CD2CTR CD2CTR Operations releaseMoney(amount:int) itsATM ICashDispenserController ICashDispenserController Iulia Dragomir (IRIT) A case study in formal system engineering with SysML July 19, 2012 7 / 25

  8. The OMEGA Profile Structure SysML Block Definition Diagrams & Internal Block Diagrams Blocks with properties, operations and state machines, interconnection elements and relationships Structured data types and signals Discrete behaviour State machines Asynchronous communication through operations and signals Idle /timeout(t) // begin releaseMoney/t.set(3) CD2CTR ! done() ; t.reset() end InUse Iulia Dragomir (IRIT) A case study in formal system engineering with SysML July 19, 2012 7 / 25

  9. The OMEGA Profile Structure SysML Block Definition Diagrams & Internal Block Diagrams Blocks with properties, operations and state machines, interconnection elements and relationships Structured data types and signals Discrete behaviour State machines Asynchronous communication through operations and signals Real time Clocks, time guards and transition urgency Discrete or continuous specified by the user Iulia Dragomir (IRIT) A case study in formal system engineering with SysML July 19, 2012 7 / 25

  10. The OMEGA Profile Structure SysML Block Definition Diagrams & Internal Block Diagrams Blocks with properties, operations and state machines, interconnection elements and relationships Structured data types and signals Discrete behaviour State machines Asynchronous communication through operations and signals Real time Clocks, time guards and transition urgency Discrete or continuous specified by the user Observers Objects monitoring the system (state and events) and giving verdicts about a safety property Iulia Dragomir (IRIT) A case study in formal system engineering with SysML July 19, 2012 7 / 25

  11. The IFx Toolset Goal: Early model validation and debugging Principle: Transforming to communicating extended timed automata (IF Language) Functionalities Simulation Static analysis: dead code/variable elimination, slicing, ... Model-checking: observers, state graph minimization, µ -calculus, ... Iulia Dragomir (IRIT) A case study in formal system engineering with SysML July 19, 2012 8 / 25

  12. Outline 3 The Automated Transfer Vehicle (ATV) case study Iulia Dragomir (IRIT) A case study in formal system engineering with SysML July 19, 2012 9 / 25

  13. The ATV Solar Generation System The ATV has been developed by Astrium Space Transportation for ESA. Iulia Dragomir (IRIT) A case study in formal system engineering with SysML July 19, 2012 10 / 25

  14. The Solar Generation System Architecture Main Main This document is the property of Astrium. It shall not be communicated to third parties without prior written agreement. Its content shall not be disclosed. processor processor PCDU PCDU PCDU SADE PCDU SADE CMU CMU SADM SADM TK TCU TK HDRS TCU TK TK HDRS TCU TK TK HDRS TCU TK HDRS TK WING 5 Iulia Dragomir (IRIT) A case study in formal system engineering with SysML July 19, 2012 11 / 25

  15. The system model Reverse engineered from the actual system for the purpose of FullMDE 4-layer architecture 20 block types - HW, SW, MM - and 95 block instances 348 (661) ports (instances) and 372 (504) connectors (instances) Iulia Dragomir (IRIT) A case study in formal system engineering with SysML July 19, 2012 12 / 25

  16. The system model Reverse engineered from the actual system for the purpose of FullMDE 4-layer architecture 20 block types - HW, SW, MM - and 95 block instances 348 (661) ports (instances) and 372 (504) connectors (instances) 18 interfaces for port types Iulia Dragomir (IRIT) A case study in formal system engineering with SysML July 19, 2012 12 / 25

  17. The system model Reverse engineered from the actual system for the purpose of FullMDE 4-layer architecture 20 block types - HW, SW, MM - and 95 block instances 348 (661) ports (instances) and 372 (504) connectors (instances) 18 interfaces for port types 1-fault tolerant 62 possible hardware failures Iulia Dragomir (IRIT) A case study in formal system engineering with SysML July 19, 2012 12 / 25

  18. Formal system requirement Property After 10 minutes since SGS start-up, all 4 wings are deployed and the Mission and Vehicle Management is aware of it. Iulia Dragomir (IRIT) A case study in formal system engineering with SysML July 19, 2012 13 / 25

  19. Formal system requirement Property After 10 minutes since SGS start-up, all 4 wings are deployed and the Mission and Vehicle Management is aware of it. SYSTEM_IS_OFF Reactions deployment_duration = 600000 /match informal "initialized" by ATV // clock.set(deployment_duration) [clock>=0]/clock.reset() «error» SYSTEM_IS_ON NOT_DEPLOYED [(ATV.SGS.WING1.LOCKING @ DEPLOYED ) and ( ATV.SGS.WING2.LOCKING @ DEPLOYED ) and ( ATV.SGS.WING3.LOCKING @ DEPLOYED ) and ( ATV.SGS.WING4.LOCKING @ DEPLOYED )] [ATV.MVM @ END]/ DEPLOYED «error» «success» clock.reset() [clock>=0]/clock.reset() NO_MISSION_EVENT MISSION_EVENT Iulia Dragomir (IRIT) A case study in formal system engineering with SysML July 19, 2012 13 / 25

  20. Outline 4 Validation results Iulia Dragomir (IRIT) A case study in formal system engineering with SysML July 19, 2012 14 / 25

  21. Verification by simulation Scenario length: 2400 steps and one minute execution Discovered modelling errors due to reverse engineering and omitted at model review: Iulia Dragomir (IRIT) A case study in formal system engineering with SysML July 19, 2012 15 / 25

  22. Verification by simulation Scenario length: 2400 steps and one minute execution Discovered modelling errors due to reverse engineering and omitted at model review: Unexpected message receptions for wing parts TK_IS_HEALTHY IS_ACTIVATED IS_OFF TK_CMD_ON ACTIVATE_TK NON_ACTIVATED TK_CMD_OFF to HDRS TK_CMD_ON to HDRS DEACTIVATE_TK IS_ON TK_CMD_OFF Iulia Dragomir (IRIT) A case study in formal system engineering with SysML July 19, 2012 15 / 25

  23. Verification by simulation Scenario length: 2400 steps and one minute execution Discovered modelling errors due to reverse engineering and omitted at model review: Unexpected message receptions for wing parts TK_IS_HEALTHY IS_ACTIVATED IS_OFF TK_CMD_ON ACTIVATE_TK NON_ACTIVATED TK_CMD_OFF to HDRS TK_CMD_ON to HDRS DEACTIVATE_TK IS_ON TK_CMD_ON TK_CMD_OFF TK_CMD_OFF Iulia Dragomir (IRIT) A case study in formal system engineering with SysML July 19, 2012 15 / 25

Recommend


More recommend