arinc653 annex: examples
TRANSCRIPT
10/11/09
ARINC653 annex: examples
Julien Delange <[email protected]>
Laurent Pautet <[email protected]>
Peter Feiler <[email protected]>
page 2 direction ou services
Better understanding of ARINC653 systems
Help to understand ARINC653 architectures• Isolation services• Communication services• Health Monitoring
Understand the mapping to AADL• AADL components for ARINC653 architecture modeling• Use of new AADLv2 components• Dedicated properties
page 3 direction ou services
About the examples
Different modeling approaches• Architecture first, then application concerns• Application first, then architecture
Various origins• Designed for dedicated purpose
(ex: SIGAda09 for scheduling verification experiments)• From technical reports (ex: Integrated)• From existing projects (ex: Autopilot system)
Need industrial models• Feel free to send us materials to design new models!
page 4 direction ou services
Basic example
POK/Cheddar example• Two partitions with data exchange• Illustrate mapping of ARINC653
communication patterns to AADL
Inter-partition communication• Blackboard• Events
Inter-partition communication• Sampling ports
AADL Meeting @ AEROTECH095 Julien Delange, Laurent Pautet, Peter Feiler
Basic example
ARINC653 Event(intrapartition communication)
ARINC653 Buffer(intra-partition communication)
ARINC653 Sampling Port(inter-partition communication)
ARINC653 Process(AADL thread)
ARINC653 Partition(AADL process+virtual processor)
ARINC653 module (AADL processor) Main memory (ex: RAM)
Partitions memory segments
page 6 direction ou services
SIGAda09 example
Architecture first
• Three partitions
• Different scheduling requirements
Application then
• Data exchange
• Use different communication mechanisms(shared resources, blackboard, ...)
System Analysis
• Emphasis on scheduling feasability
• Demonstrate scheduling correctness at simulation AND execution
AADL Meeting @ AEROTECH097 Julien Delange, Laurent Pautet, Peter Feiler
Two partitions,same components ...
… but different scheduling policy
Shared resource Blackboard
SIGAda09 example
page 8 direction ou services
Ardupilot example
Application first• Autopilot system• Application that controls speed,
direction from position feedback
Then, architecture• Separate components into partitions• Partitions for application and each device
Application code from http://code.google.com/p/ardupilot/
AADL Meeting @ AEROTECH099 Julien Delange, Laurent Pautet, Peter Feiler
Control speedand direction
(devices)Position feedback
(device)
Compute new speed and direction
Autopilot example
page 10 direction ou services
Integrated model
SEI model example• Technical report available• Partitioned architecture
with AADLv1
System Analysis• Ressource analysis• Power Analysis• ...
http://www.aadl.info/aadl/currentsite/examplemodel.html
AADL Meeting @ AEROTECH0911 Julien Delange, Laurent Pautet, Peter Feiler
Integrated example
page 12 direction ou services
MILS model: special case of ARINC653 modeling
Example from POK• Generation of MILS architecture• Extension of ARINC653 annex• Security level isolation
System Analysis• Security analysis• Isolation enforcement• ...
AADL Meeting @ AEROTECH0913 Julien Delange, Laurent Pautet, Peter Feiler
Partitions enforcespace isolation
Partitions runtime providedifferent security levels
Network does not provideisolation between security levels
Partitions runtime providedifferent security levels
Partitions runtime providedifferent security levels
Partitions runtime providedifferent security levels
MILS example
page 14 direction ou services
About the examples
Different modeling approaches• Architecture then software concerns• Software then architecture concerns
Various origins• Designed specifically for the ARINC653 annex• Technical reports, feedback from users
Need industrial models• Feel free to send us materials for the design of new models!
page 15 direction ou services
Thank you
Examples available at• http://www.aadl.info • http://aadl.telecom-paristech.fr• http://pok.gunnm.org