isolette example
play

Isolette Example Safety Critical Software SAnToS Laboratory - PowerPoint PPT Presentation

AADL Isolette Example Safety Critical Software SAnToS Laboratory Kansas State University John Hatcliff, Brian Larson Obje ject ctive ives s Understand how the functional architecture of the Isolette example from the FAA


  1. AADL 
 Isolette Example � Safety Critical Software SAnToS Laboratory Kansas State University John Hatcliff, Brian Larson

  2. Obje ject ctive ives s  Understand how the functional architecture of the Isolette example from the FAA Requirements Engineering Handbook can be represented in AADL  Become comfortable with using various AADL tools to specify simple architectural models

  3. Iso sole lette Exa Examp mple le Isolate – Thermostat for an infant incubator “The purpose of the Isolette Thermostat is to maintain the air temperature of an Isolette within a desired range. It senses the Current Temperature of the Isolette and turns the Heat Source on and off to warm the air as needed. …” The Isolate example will be used as the primary running example in our lectures.

  4. AAD AADL Pa Packa ckage Packages are used to organize component interface specifications (component types) and their blueprints (component implementations) into libraries. Name of a package that will hold package isolette both component types and implementations for the Isolette. public with Base_Types,iso_variables; … This package will “import” from other packages definitions for end isolette; basic AADL types and for variables/types used throughout the Isolette example.

  5. AAD AADL Syst System m To describe the top-level structure of the Isolette device, we use the AADL System component category Define the component type named system isolette isolette using a system component. end isolette; In this case, we have no features on our component interface because we are defining a “wrapper” for the entire system. system implementation isolette.single_sensor subcomponents … connections … end isolette.single_sensor;

  6. AAD AADL Syst System m To describe the top-level structure of the Isolette device, we use the AADL System component category system isolette end isolette; system implementation isolette.single_sensor subcomponents … connections … end isolette.single_sensor; Define a component implementation impl for the component type isolette. A component implementation specifies properties/structure (but usually not the complete details) of a components implementation. In this case, we will use the implementation construct to specify the subcomponents of the isolette and the connections (communication) between them.

  7. AAD AADL Syst System m Imp mple leme mentatio ion In the system implementation, we can define subcomponents corresponding to the subcomponent identified in the Isolette conceptual architecture from the FAA REMH. system implementation isolette.single_sensor subcomponents thermostat : system thermostat_single_sensor.impl; temperature_sensor : device Devices::temperature_sensor.impl; heat_source : device Devices::heat_source.impl; operator_interface : system operator_interface.impl; connections … end isolette.single_sensor Name each of the subcomponents and associate each with a component category and implementation (declared elsewhere). Note : we don’t have a subcomponent for “Air” because air is an entity of the environment (not an entity of the system to be implemented). We can, if we choose, also model the environment with AADL. This will be addressed elsewhere.

  8. Other r Comp mponents s Some components in our models will represent hardware whose details we may choose not to specify (in which case, we leave the implementation empty). device temperature_sensor features air : in data port Iso_Variables::current_temperature current_temperature : out data port Iso_Variables::current_temperature end temperature_sensor; device implementation temperature_sensor.impl end temperature_sensor.impl; We leave the implementation of a component unspecified by using an empty body.

  9. AAD AADL Po Port rts s Component interfaces (types) have features that capture capabilities and means of interaction made available to other components (“clients” of the component type being declared). device temperature_sensor features … current_temperature : out data port Iso_Variables::current_temperature end temperature_sensor; Declare a port name, category (“out” , “data”), and type for the data that will be communicated on that port. Note : we use the “device” category to model the Temperature Sensor component.

  10. AADL Po AAD Port rts s The Thermostat component has a number of ports to capture its communication potential. system thermostat_th features current_temperature : in data port iso_variables::current_temperature; heat_control : out data port iso_variables::on_off; lower_desired_temperature : in data port iso_variables::lower_desired_temperature; upper_desired_temperature : in data port iso_variables::upper_desired_temperature; lower_alarm_temperature : in data port iso_variables::lower_alarm_temperature; upper_alarm_temperature : in data port iso_variables::upper_alarm_temperature; regulator_status : out data port iso_variables::status; monitor_status : out data port iso_variables::status; display_temperature : out data port iso_variables::measured_temperature_range; alarm : out data port iso_variables::on_off; end thermostat_th; We will see later that related ports (e.g., all the ports capturing operator settings) can be bundled together in an AADL Feature Group – which is a useful abstraction mechanism.

  11. AAD AADL Data Typ ype Mo Modelin ling As our modeling effort unfolds, we maintain a package containing data types defined specifically for the Isolette system. isolette.aadl iso_variables.aadl package isolette package iso_variables public public with Base_Types, Data_Model; with Base_Types, iso_variables; … … --range of Lower Desired Temperature data lower_desired_range end isolette; properties Data_Model::Real_Range => 97.0 .. 99.0; Data_Model::Measurement_Unit => "Fahrenheit"; end lower_desired_range; --range of Display Temperature data measured_temperature_range properties Data_Model::Real_Range => 68 .. 105; Data_Model::Measurement_Unit => "Fahrenheit"; end measured_temperature_range; … end iso_variables;

  12. AAD AADL Data Typ ype Mo Modelin ling As our modeling effort unfolds, we maintain a package containing data types defined specifically for the Isolette system. system thermostat_th features current_temperature : in data port Iso_variables::current_temperature; heat_control : out data port Iso_variables::on_off; lower_desired_temperature : in data port Iso_variables::lower_desired_temperature; upper_desired_temperature : in data port Iso_variables::upper_desired_temperature; lower_alarm_temperature : in data port Iso_variables::lower_alarm_temperature; upper_alarm_temperature : in data port Iso_variables::upper_alarm_temperature; regulator_status : out data port Iso_variables::status; monitor_status : out data port Iso_variables::status; display_temperature : out data port Iso_variables::display_temperature_range; alarm : out data port Iso_variables::on_off; end thermostat_th; (excerpt from iso_variables.aadl ) --range of Display Temperature Declaration of the data current_temperature display_temperature_range type used in properties the port declaration above. Data_Model::Real_Range => 68.0 .. 105.0; Data_Model::Measurement_Unit => "Fahrenheit"; end current_temperature;

  13. AADL Connect AAD ctio ions s In the system implementation, we can define connections representing the communication between each of the subcomponents system implementation isolette.impl subcomponents … connections ct : port temperature_sensor.current_temperature -> thermostat.current_temperature; hc : port thermostat.heat_control -> heat_source.heat_control; ldt : port operator_interface.lower_desired_temperature -> thermostat.lower_desired_temperature; udt : port operator_interface.upper_desired_temperature -> thermostat.upper_desired_temperature; lat : port operator_interface.lower_alarm_temperature -> thermostat.lower_alarm_temperature; uat : port operator_interface.upper_alarm_temperature -> thermostat.upper_alarm_temperature; rs : port thermostat.regulator_status -> operator_interface.regulator_status; ms : port thermostat.monitor_status -> operator_interface.monitor_status; dt : port thermostat.display_temperature -> operator_interface.display_temperature; al : port thermostat.alarm -> operator_interface.alarm; end isolette.impl; A connection relates the port of one component to the port of another, representing the communication between the two components via the specified ports. The ports must be “compatible” (e.g., with respect to port types). E.g., “ct” names the port communication for Current Temperature.

  14. Contin inuin ing…  We can continue in this manner to specify the thermostat architecture following the presentation in the FAA REMH  In the following slides, we will illustrate the Regulate Temperature function, and leave the completion of the Monitor Temperature function as an exercise.

  15. Deco comp mposin sing Thermo rmost stat The FAA REMH decomposes the Isolette into a Regulate Temperature function that actually implements the controls of the system and a Monitor Temperature function that implements a safety system that will generate an alarm when certain error conditions arise. Decomposing the Thermostat into Regulate Temperature and Monitor Temperature functions.

Recommend


More recommend