Introduction Synoptic DSML Software Hardware Tool chain
Synoptic: a DSML for On-Board Real-Time Software Design
Conclusions
Alexandre CORTIER J.P. Bodeveix, M. Filali, G. Garcia, E. Morand , M. Pantel, A. Rugina, M. Strecker, J.P. Talpin 18-19 May 2010
Alexandre Cortier
SPaCIFY Project
1/ 23
Main concern : On-Board Flight Software
Introduction Synoptic DSML
Satellite System architecture is specialized according to the satellite mission. I Two main subsystems: I
Software
application equipment (speci�c scienti�c
instrumentation)
Hardware
I
platform:
�ight software, communication devices, thermal
regulation...
Tool chain Conclusions
payload:
Flight software is critical to the success of the mission: I space industries and agencies worked on engineering processes I Goal: increase reliability I Ex: standards on software engineering and on product
assurance (ECSS-Q-ST-80, ECSS-E-40)
BUT: These standards do not prescribe a speci�c process. I
They rather formalize documents, list requirements of the process and assign responsibilities to involved partners. Alexandre Cortier
SPaCIFY Project
2/ 23
GALS Systems
Introduction Synoptic DSML Software Hardware Tool chain Conclusions
Alexandre Cortier
SPaCIFY Project
3/ 23
SPaCIFY Project objectives
Introduction Synoptic DSML
The SPaCIFY ANR (French Research National Agency) exploratory project aims to de�ne a design process and supporting tools for On-Board Flight Software based on: I Model-Driven Engineering (MDE) I use models as a communication medium
Software
I to bene�t from tools and techniques of the domain
Hardware Tool chain
I
Formal Methods I multi-clock synchronous paradigm
Conclusions
I model-checking I transformations veri�cations
I
Globally Asynchronous Locally Synchronous System (GALS) paradigm I speci�cation of the services of an executive platform I executive platform supporting distribution, partitioning and
dynamic adaptation (middleware)
The associated tools are built upon the Topcased toolkit. (The Open-Source Toolkit for Critical Systems) Alexandre Cortier
SPaCIFY Project
4/ 23
SPaCIFY Process
Introduction Synoptic DSML Software Hardware Tool chain Conclusions
Alexandre Cortier
SPaCIFY Project
5/ 23
Synoptic
Introduction Synoptic DSML Software Hardware
Synoptic is the core language of the SPaCIFY process: I a graphical and textual DSML I provides high-level constructions to handle I multi-layers description (various modeling aspect)
Tool chain
I various granularity levels (iterative and re�nement
Conclusions
development) I modular approach
I
based on a synchronous semantics I formal and deterministic analysis and veri�cation I re�nement proof I transformation proof
Alexandre Cortier
SPaCIFY Project
6/ 23
Synoptic : multi-layers system speci�cation
Introduction Synoptic DSML
Synoptic is not fundamentally a new language but an integration of di�erent sources and concepts. I
Software
Software Architecture : Geneauto approach = safe subset of the Simulink/State�ow modelling language I structural feature: Data�ow models (�Blocks Diagrams�)
Hardware
I behavioral feature: Control Flow models (�Finite States
Tool chain
Machines�)
Conclusions
I real-time constraints: clock properties
I
Dynamic/Hardware Architecture : AADL approach Architecture Analysis & Design Language I Threads description I platform aspects (�components view�) I mappings: which component execute which functional blocks ? I I I
I
functional blocks → threads threads → hardware components (processor) ...
Components Models: CCM, Fractal Alexandre Cortier
SPaCIFY Project
7/ 23
Synoptic : multi-layers system speci�cation
Introduction Synoptic DSML Software Hardware Tool chain Conclusions
Alexandre Cortier
SPaCIFY Project
8/ 23
Synoptic : functional model
Introduction Synoptic DSML Software
I I
I a
Hardware
I 1
Tool chain Conclusions
Software architecture = blocks/nodes hierarchy A block in a block diagram has :
I I
blocktype blocktype → several implementations
a block type describes interaction ports (interface) di�erent kinds of implementations : I I I
data�ow : describes functional part automaton : describes behavioral part (modes) external/primitive : �black box�
Data�ow and automaton blocks are mutually nested.
Alexandre Cortier
SPaCIFY Project
9/ 23
Synoptic : functional model (block hierarchy)
Introduction
AUTOMATON
Synoptic DSML Software
Etat_1
transition
Etat_2
Hardware Tool chain
DATAFLOW
Conclusions
MACRO−ETAT
AUTOMATON Garde
Etat_1.1
Etat_1.2
Action
Macro−état 1.3
Alexandre Cortier
SPaCIFY Project
10/ 23
Synoptic : functional model (block I
Communication ports : in, out, inout event port, data port
Introduction
I Direction :
Synoptic DSML
I Type of ports :
I Properties : periodic, sporadic,...
Software Hardware Tool chain
type)
I
I
ex : � period=10 Hz �
Group of ports : I use to group heterogeneous ports
Conclusions
I
Implicit ports : I I I
reset : re-initialization (boolean port) trigger : block activation (event port) enable : block activation control (boolean port)
Alexandre Cortier
SPaCIFY Project
11/ 23
Synoptic : functional model (block
type)
Block type example : 1 Introduction Synoptic DSML Software Hardware Tool chain Conclusions
2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
-- declaration of a group of port p o r t group pg_datas
features
IMU_Data : i n data p o r t ; -- abstract descript STR_Data : i n data p o r t a r r a y 4 o f double ; DOR_Data : i n data p o r t a r r a y 4 o f double ; end pg_datas ; -- functional interface declaration b l o c k type SunPointing
features
MTQ_Cmd : out data p o r t a r r a y 3 o f double ; RW_Cmd : out data p o r t a r r a y 3 o f double ; -- port group instance inp2 : p o r t pg_datas � p e r i o d =20 ms � end myInt Alexandre Cortier
SPaCIFY Project
12/ 23
Synoptic : functional model (data�ow)
Introduction Synoptic DSML Software Hardware Tool chain Conclusions
Alexandre Cortier
SPaCIFY Project
13/ 23
Automaton
Introduction
I
I initial state, �nal states
Synoptic DSML
I macro-state
Software
I a state is de�ned as a block implementation : external,
Hardware Tool chain
States = modes
data�ow, automaton
I
Conclusions
Transitions I Guard : boolean expression I Actions of transition I I
I I I
strong transition weak transition
Actions : entry, exit and during actions History Shared blocks
Alexandre Cortier
SPaCIFY Project
14/ 23
Synoptic/MW : external variables
Introduction Synoptic DSML Software Hardware Tool chain
The Middleware has to abstract the asynchronous behavior of the system (bu�erisation,...). Interactions between MW and Synoptic models are handled using external variables concept. I external variables = sources / sinks of signals I external variables types: constants, TM, TC, global variables... I external variables contracts Usage contract
Conclusions
Client 1
Client 2
Synchronisation contract Persistence contract Syntactic Contract
Variable Remote access contract
External variables and associated contracts are used to con�gure the MW. Alexandre Cortier
SPaCIFY Project
15/ 23
System speci�cation system = hardware + software Introduction Synoptic DSML Software
Structuration of a system (clauses) : I components : hardware / software / dynamic architecture
data�ows, automaton, ... device, processor, bus, memory Dynamic architecture : threads : declaration of threads +
I Logical (Functional) architecture :
Hardware
I Hardware :
Tool chain
I
Conclusions
temporal properties.
I I
connections : speci�cation of the connections of hardware components mappings : speci�cation of the deployment of functional architecture → threads → processor signal → bus variable → memory
I functional blocks I threads I I
Alexandre Cortier
SPaCIFY Project
16/ 23
Tools chain : Meta-Model of Synoptic DSML
Introduction Synoptic DSML Software Hardware Tool chain Conclusions
I I
Meta-model of Synoptic describe using the formalism ECore ECore = metamodeling architecture in the Eclipse Modeling Framework (EMF) I
more or less aligned on OMG's metamodeling architecture MOF (Meta-Object Facility) Alexandre Cortier
SPaCIFY Project
17/ 23
Tools chain : Textual & Graphical editor
Introduction Synoptic DSML Software Hardware Tool chain Conclusions
I
Graphical editor prototyp (Anyware Technologies) : I based on the
I
EMF/Topcased framework
Textual syntax de�ned with TCS (Textual Concrete Syntax) I TCS is a DSL de�ned with a KM3 metamodel I can be used to: I I
parse text-to-model serialize model-to-text
I performed with
a single (bidirectional) speci�cation
Alexandre Cortier
SPaCIFY Project
18/ 23
Conclusions
Introduction Synoptic DSML Software Hardware Tool chain Conclusions
SPaCIFY project de�nes a design process for on-board �ight software based on: I Model Driven Engineering I GALS I Formal Methods: Synoptic equipped with a formal synchronous semantics A prototype tool chain based on the Eclipse Modeling Framework: I textual and graphical editor I OCL constraints (TOPCASED) have been encoded to check structural constraints on models I translation into SME (using Kermeta) and Altarica I code generation using the Polychrony platform I veri�cation of the coherence of modes using ARC and MEC (Altarica model-checker ) Alexandre Cortier
SPaCIFY Project
19/ 23
Work in progress (1)
Introduction
Case studies: I Thales Alenia Space use case : prove the utility of using Synoptic models as a unifying and unique design
Synoptic DSML
I structural aspects (deduce CCM model) I behavioral aspects (generate the implementation of CCM
Software Hardware Tool chain
components)
I
Conclusions
Astrium use case : Evaluation of Synoptic for early system engineering phases (Satellites �ying in formation) I model translated in Altarica I invariants (coherence of modes) veri�ed using ARC and MEC
I
CNES use case : Control/Command part of a Payload Manager I test the expressivity of the Synoptic language
I test if the components of the middleware can be modeled in
Synoptic I better understand the interconnection synchronous
islands/middleware (external variables)
Alexandre Cortier
SPaCIFY Project
20/ 23
Work in progress (2)
Introduction Synoptic DSML Software Hardware
Domain Speci�c Transformations : I Formal semantics of the language has been encoded in a typed sets Theory using the B Method I will be helpful to validate the existing transformation Synotic
→
SME models
I will be used to the formalization of domain speci�c
transformations
Tool chain
I
Conclusions
I I
re�nement transformations model reorganization automatic mapping of functional blocks to threads
Alexandre Cortier
SPaCIFY Project
21/ 23
Perspectives
Introduction Synoptic DSML Software
I I
Hardware Tool chain Conclusions
Implementation of a clock calculus for Synoptic Extend Synoptic with the formal concept of contracts (assume/guarantee) I re�nements
I
Improve the concept of components and blocks I genericity
I I
Improve code generation (modularity) Formal correctness proof and subsequent certi�cation of a code generator I under way in the GeneAuto project
Alexandre Cortier
SPaCIFY Project
22/ 23
Thank you.
Introduction Synoptic DSML Software Hardware Tool chain Conclusions
Thank You.
Alexandre Cortier
SPaCIFY Project
23/ 23
