a complete solution to the nose gear challenge
play

A Complete Solution to the Nose Gear Challenge Yannick Moy Senior - PowerPoint PPT Presentation

May 02, 2023 •25 likes •285 views

A Complete Solution to the Nose Gear Challenge Yannick Moy Senior Software Engineer Slide: The Extended Nose Gear Challenge Slide: The Original Nose Gear Challenge HLR 1: when available, computed velocity should be close to actual velocity

  1. A Complete Solution to the Nose Gear Challenge Yannick Moy Senior Software Engineer Slide:

  2. The Extended Nose Gear Challenge Slide:

  3. The Original Nose Gear Challenge HLR 1: when available, computed velocity should be close to actual velocity HLR 2: computed velocity should be available most of the time Slide:

  4. Solutions from 2nd Workshop (2011) Best solution so far presented by Colin O'Halloran: from Simulink to SPARK with CLawZ Other solutions use contract-based specification / verification with SPARK to: • guarantee absence of run-time errors • prove that implementation conforms to contract Slide:

  5. The Extended Nose Gear Challenge COMPUTATION LOGGER GUI HLR 1: when available, computed velocity should be close to actual velocity HLR 2: computed velocity should be available most of the time HLR 3: a log of all events of the latest five minutes shall be saved HLR 4: the graphical user interface shall show 1. the estimated velocity computed 2. a warning message if the velocity is not available 3. all events collected Slide:

  6. A Solution Focused on Integrity Preservation Slide:

  7. System to Software Integrity Preservation Our main goal for the Nose Gear Challenge 6 ways to preserve integrity: 1. peer review at different levels (classical approach) 2. extensive testing at different levels and compare output (Simulink vs gen. code) 3. qualifiable automatic code generation (SCADE, GNAT Pro Simulink) 4. formalize requirement as source code contracts (Ada 2012, SPARK) 5. translate contracts across different levels (Simulink assertion to SPARK contract) 6. extract properties at different levels and compare them (CLawZ, Mathworks) Slide:

  8. System to Software Integrity Preservation HLR HLR formalised as formal AADL System Model assertions in BLESS preservation of integrity traceability LLR HLR formalised as model Architecture Simulink & verification blocks in Simulink AADL Ada 2012 assertions and assertions in Ada 2012 preservation of integrity traceability SRC HLR and LLR formalised as Ada 2012 & formal assertions SPARK 2014 preservation of integrity traceability Traceability study & Obj run-time monitoring Slide:

  9. Our Choice of Languages and Tools Languages: AADL architecture description language ● Simulink modeling language ● Ada 2012 programming language (with contracts) ● SPARK 2014 subset of Ada for formal verification ● Tools: • Ocarina code generator: AADL → Ada • GNAT Pro for Simulink (qualifiable ): Simulink → Ada • SPARK formal verification toolset: SPARK → proofs • CodePeer static analyzer: Ada → potential errors • GNAT Pro: Ada → executable • GNAT Dashboard: Ada → visualization of certification artifacts • Qualifying Machine (QM): artifacts → agile qualification management Slide:

  10. AADL System-level design SW Architecture design Code generation System & Software engineer GNAT Pro Simulink Qualifiable Code generation Control QM GNAT engineer Dashboard Information Certification broker for artifacts certification data SPARK 2014 quality Low-level design Formal verification Software engineer DER Project/Quality Certification Manager Manager QA Manager CodePeer Verification Software engineer Slide:

  11. AADL Improve communication System-level design SW Architecture between departments design Code generation System & Software engineer GNAT Pro Simulink Qualifiable Code generation Control QM GNAT engineer Dashboard Information Certification broker for artifacts certification data SPARK 2014 quality Low-level design Formal verification Software engineer DER Project/Quality Certification Manager Manager QA Manager CodePeer Verification Software engineer Slide:

  12. AADL System-level design SW Architecture design Code generation System & Software engineer Decrease V&V costs GNAT Pro Simulink Qualifiable Code generation Control QM GNAT engineer Dashboard Information Certification broker for artifacts certification data SPARK 2014 quality Low-level design Formal verification Software engineer DER Project/Quality Certification Manager Manager QA Manager CodePeer Verification Software engineer Slide:

  13. AADL System-level design SW Architecture design Code generation System & Software engineer GNAT Pro Simulink Qualifiable Code generation Control QM GNAT engineer Dashboard Information Certification broker for artifacts certification data SPARK 2014 quality Low-level design Formal verification Software engineer DER Project/Quality Ensure end-to-end Certification Manager Manager QA Manager property preservation CodePeer Verification Software engineer Slide:

  14. System-level Specification in AADL abstract Velocity_Calculation features NGRotations : in data port Integer; System I/O NGClickTime : in data port Date; Millisecs : in data port Date; estimatedGroundVelocity : requires data access Velocity; estimatedGroundVelocityIsAvailable : requires data access Boolean; properties Dispatch_Protocol => Periodic; Real-time properties Period => 500 Ms; and allocation Compute_Entrypoint => classifier (Velocity_Calculation_Spg); Compute_Execution_Time => 10 Ms .. 100 Ms; Slide:

  15. System-level Specification in AADL thread Velocity_Calculation ... assert HLR formalised <<hlr_availability: : as assertions (((Millisecs + NGClickTime^(-1)) - Timing_Properties::Period) <= 3000) iff estimatedGroundVelocityIsAvailable >> states s0 : initial state ; s1 : complete state ; transitions s0 -[ ]-> s1 {}; s1 -[ on dispatch ]-> s1 { Formal specification of Velocity_Calculation_Spg( behaviour (skeleton) plus verification of assertions NGRotations, NGClickTime, Millisecs, estimatedGroundVelocity, estimatedGroundVelocityIsAvailable) << hlr_availability() >> }; end Velocity_Calculation ; Slide:

  16. Simulink Model (LLR) Slide:

  17. Generated Code in SPARK Only code currently generated, contract manually translated In the future: contract generated from Simulink observer procedure nose_gear_comp (NGRotations : Unsigned_16; NGClickTime : Unsigned_16; Millisecs : Unsigned_16; estimatedGroundVelocity : out Long_Float; estimatedGroundVelocityIsAvailable : out Boolean) with Post => -- @llr Compute -- The ground velocity shall be available only if the time difference -- between the current calculation and the previous one is less than -- 2500. (EstimatedGroundVelocityIsAvailable = (Millisecs + 500 - Old_NGClickTime_memory <= 3000)); Slide:

  18. Formal Specification and Verification in SPARK HLR 3: a log of all events of the latest five minutes shall be saved events scheduled at rate of one every 500 ms → 600 events in 5 mn API of logger should give: • function to retrieve content of the log Log_Content • procedure to update content of the log Write_To_Log Most natural specification cannot be expressed as contract: “Log_Content returns the set of events that have been added to the log by calls to Write_To_Log” Use contract on Write_To_Log instead Slide:

  19. Formal Specification and Verification in SPARK procedure Write_To_Log (E : Log_Entry) -- @llr Write_To_Log with Contract_Cases => -- The logger component shall be able to accept a new logging message. -- For an old empty log, the new content is the new entry alone. (Is_Empty => Log_Content = Singleton_Log (E), -- For an old full log, the new content is the old one, with the -- oldest entry removed, plus the new entry. Is_Full => Log_Content = Log_Content'Old (Log_Content'Old'First + 1 .. Log_Content'Old'Last) & E, -- For an old log neither empty not full, the old content is -- preserved, and the new entry added. others => Log_Content = Log_Content'Old & E); Slide:

  20. Formal Specification and Verification in SPARK automatic formal verification of contract → verification of HLR 3 + automatic formal verification of absence of run-time errors work in progress, current tool limitation does not allow 100% proof… Slide:

  21. Summary of Verification Strategies for HLR 1 - 4 HLR 1: when available, computed velocity should be close to actual velocity → simulation in Simulink, same as done by Colin O’Halloran in 2011 HLR 2: computed velocity should be available most of the time → BLESS annotation in AADL → observer in Simulink → contract in SPARK → formally verified against implementation HLR 3: a log of all events of the latest five minutes shall be saved → contract in SPARK → formally verified against implementation HLR 4: the graphical user interface shall show … → tests Slide:

  22. Agile Management of Certification Artifacts Problem: “big - freeze” in certification Development is frozen after start of certification, due to high cost of manual certification activities Solution: automatic management of artifacts dependencies Demo of the Qualifying Machine Slide:

  23. Progress on Verification Activities Slide:

  24. Initial Experiments Use of static analysis (CodePeer) and formal verification (SPARK) detected errors in manually-written contracts... and one error (!) in the code generator: Sum_out_1 := Integer_32 ((NGRotations_out_1) - (Old_NGRotations_out_1)); should be Sum_out_1 := Integer_32 (NGRotations_out_1) - Integer_32 (Old_NGRotations_out_1); Slide:

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

SANIKA JOSHI(200601017 ) What is e-nose and e-tongue? An electronic nose (e-nose) is a device

SANIKA JOSHI(200601017 ) What is e-nose and e-tongue? An electronic nose (e-nose) is a device

Team F TANU JINDAL(200601014) SANIKA JOSHI(200601017 ) What is e-nose and e-tongue? An electronic nose (e-nose) is a device that identifies the specific components of an odor and analyzes its chemical makeup to identify it. The

855 views • 23 slides
Nose, Mouth, and Throat Randa M. Albusoul Anatomy Structure of the Nose: Function of the nose:

Nose, Mouth, and Throat Randa M. Albusoul Anatomy Structure of the Nose: Function of the nose:

Nose, Mouth, and Throat Randa M. Albusoul Anatomy Structure of the Nose: Function of the nose: 1- a site of inspiration and expiration. 2- filters, warms, and adds moisture to the air exchanged. 3-sensory organ for smell. 4-a site of

311 views • 29 slides
Artificial Nose Technology: The WI -Nose A Profitability and Market Analysis for the Development

Artificial Nose Technology: The WI -Nose A Profitability and Market Analysis for the Development

Artificial Nose Technology: The WI -Nose A Profitability and Market Analysis for the Development of Artificial Nose Technology to Monitor the Fermentation Process in Wine Shawna M. Linehan Sarosh N. Nizami What is an E-Nose? An artificial

1.36k views • 82 slides
Inverted Commas Complete Complete whiteboard. Complete 2 3 1 Challenge 1 Lesson 3

Inverted Commas Complete Complete whiteboard. Complete 2 3 1 Challenge 1 Lesson 3

Lesson 3 Character's Feelings shortburst writing slides.notebook June 05, 2020 Gold Use a Bronze Silver Inverted Commas Complete Complete whiteboard. Complete 2 3 1 Challenge 1 Lesson 3 Character's Feelings shortburst writing

152 views • 12 slides
Corporate Presentation Ablaze Polymer &amp; Lining We Supply a Complete Corrosion Solution

Corporate Presentation Ablaze Polymer &amp; Lining We Supply a Complete Corrosion Solution

Complete Corrosion Solution Corporate Presentation Ablaze Polymer &amp; Lining We Supply a Complete Corrosion Solution Products Complete Corrosion Solution About Us Ablaze Polymer and Lining is part of the 30-year-old Ablaze Group. The

605 views • 12 slides
ACE Design Project May 22 nd 2019 Team 43 1. Challenge 2. Solution 3. Final Remarks 1.

ACE Design Project May 22 nd 2019 Team 43 1. Challenge 2. Solution 3. Final Remarks 1.

TEAM 43 ACE Design Project May 22 nd 2019 Team 43 1. Challenge 2. Solution 3. Final Remarks 1. Challenge 2. Solution 3. Final Remarks Request For Proposal NYC is welcoming proposals for the expansion of the citys transportation

1.06k views • 37 slides
A solution to the PoplMark challenge in Isabelle/HOL Stefan Berghofer Technische Universit at

A solution to the PoplMark challenge in Isabelle/HOL Stefan Berghofer Technische Universit at

A solution to the PoplMark challenge in Isabelle/HOL Stefan Berghofer Technische Universit at M unchen = A solution to the PoplMark challenge in Isabelle/HOL 1 Motivation Many proofs about programming languages are .

465 views • 29 slides
THE COMPLETE SOLUTION FOR YOUR COMPANY. Meet M&amp;G Solues The M&amp;G Solues gather

THE COMPLETE SOLUTION FOR YOUR COMPANY. Meet M&amp;G Solues The M&amp;G Solues gather

THE COMPLETE SOLUTION FOR YOUR COMPANY. Meet M&amp;G Solues The M&amp;G Solues gather workforce from different areas, providing a full range of services with the purpose of attending companies from various sectors as food,

235 views • 4 slides
A Complete Solution for a Sustainable Future OZZI Mission OZZI is at the forefront of

A Complete Solution for a Sustainable Future OZZI Mission OZZI is at the forefront of

A Complete Solution for a Sustainable Future OZZI Mission OZZI is at the forefront of sustainability with a patented, comprehensive food collection system for replacing disposables, creating accountability and making a collective difference

391 views • 16 slides
The Mayors Challenge Please develop a Community solution to traffic and tourism management

The Mayors Challenge Please develop a Community solution to traffic and tourism management

The Mayors Challenge Please develop a Community solution to traffic and tourism management in Hahei or we will do it for you Hahei April 2017 Our Community welcomed the challenge and we have developed a comprehensive plan with

512 views • 16 slides
IoMT ABOUT US &amp; WHAT WE DO A complete solution for the IoMT with early application focus in

IoMT ABOUT US &amp; WHAT WE DO A complete solution for the IoMT with early application focus in

IoMT ABOUT US &amp; WHAT WE DO A complete solution for the IoMT with early application focus in research, clinical trials and precision medicine. The IO IOMT The Internet of Medical Things refers to the connected system of medical devices

495 views • 23 slides
Piper Arrow IV Landing Gear System Opera8on Overview St.

Piper Arrow IV Landing Gear System Opera8on Overview St.

Piper Arrow IV Landing Gear System Opera8on Overview St. Louis Flying Club 2/9/16 Landing Gear System Switches Gear Up/Down WARN Switch and

3.4k views • 14 slides
East Texas GEAR UP Advanced Placement, Concurrent Credit, and Dual Credit GEAR UPs parent

East Texas GEAR UP Advanced Placement, Concurrent Credit, and Dual Credit GEAR UPs parent

East Texas GEAR UP Advanced Placement, Concurrent Credit, and Dual Credit GEAR UPs parent messages for this quarter include: 1) earning college credit while still in high school and 2) financial literacy terms concerning postsecondary

510 views • 4 slides
A solution of Suns $520 challenge concerning 520 SIAM Annual Meeting, San Diego Symbolic

A solution of Suns $520 challenge concerning 520 SIAM Annual Meeting, San Diego Symbolic

A solution of Suns $520 challenge concerning 520 SIAM Annual Meeting, San Diego Symbolic Computation and Special Functions Armin Straub July 10, 2013 University of Illinois &amp; Max-Planck-Institut at UrbanaChampaign f ur

569 views • 53 slides
A Green Solution to Canadas Transport Challenge Airships to the Arctic V Symposium

A Green Solution to Canadas Transport Challenge Airships to the Arctic V Symposium

A Green Solution to Canadas Transport Challenge Airships to the Arctic V Symposium Calgary October 2009 Introduction The Hybrid Air Vehicles team have re-examined the basic principles behind Lighter-Than-Air Science and

672 views • 27 slides
An Enterprise offering complete customer solution 7/11/2018 RU V1 1 Organization Industry

An Enterprise offering complete customer solution 7/11/2018 RU V1 1 Organization Industry

An Enterprise offering complete customer solution 7/11/2018 RU V1 1 Organization Industry veterans come together to set up SISCOL Ravi Uppal Niladri Sarkar K . Rajagopal Designation: Director Marketing &amp; Designation: Chairman &amp; MD

573 views • 40 slides
GNATprove a Spark 2014 verifying compiler Florian Schanda, Altran UK 1 Tool architecture

GNATprove a Spark 2014 verifying compiler Florian Schanda, Altran UK 1 Tool architecture

GNATprove a Spark 2014 verifying compiler Florian Schanda, Altran UK 1 Tool architecture User view gnatprove Source Verdict 2 Tool architecture More detailed view... Encoding Source CVC4 gnat2why gnatwhy3 SMTLIB Z3 AltErgo

622 views • 24 slides
Easy Ada tooling with Libadalang Pierre-Marie de Rodat Raphal Amiard Software Engineers at

Easy Ada tooling with Libadalang Pierre-Marie de Rodat Raphal Amiard Software Engineers at

Easy Ada tooling with Libadalang Pierre-Marie de Rodat Raphal Amiard Software Engineers at AdaCore 1 The need In three bullet points A library that allows users to query/alter data about Ada sources Both low &amp; high level APIS:

360 views • 19 slides
Basalts and related mafic volcanics Basalt: Simple petrographic description: Fine-grained to

Basalts and related mafic volcanics Basalt: Simple petrographic description: Fine-grained to

Basalts and related mafic volcanics Basalt: Simple petrographic description: Fine-grained to porphyritic volcanic rock composed predominantly of subequal amounts of plagioclase and clinopyroxene (augite). Simple chemical definition: Volcanic rock

416 views • 9 slides
The Dawn of D I apologize that much of this was shown at the 2007 D Workshop and a

The Dawn of D I apologize that much of this was shown at the 2007 D Workshop and a

The Dawn of D I apologize that much of this was shown at the 2007 D Workshop and a University of D talk but the history is what it is. P . Grannis Last D Collaboration meeting June 10, 2014 A pictorial view a decade in 2

355 views • 24 slides
n ( n ( I ( i , j ) = i j minimize ... | {z } r r . . A . k 2 Youngsoo

n ( n ( I ( i , j ) = i j minimize ... | {z } r r . . A . k 2 Youngsoo

Spacetime least-squares PetrovGalerkin projection for nonlinear model reduction r ) + r ( P k minimize r ( v ; ) k 2 P r r v n ( n ( I ( i , j ) = i j minimize ... | {z } r r . .

751 views • 36 slides
CUDA/Ada An Ada binding to CUDA Reto B urki, Adrian-Ken R uegsegger University of Applied

CUDA/Ada An Ada binding to CUDA Reto B urki, Adrian-Ken R uegsegger University of Applied

Introduction Bindings in Ada CUDA/Ada Design CUDA Binding Conclusion CUDA/Ada An Ada binding to CUDA Reto B urki, Adrian-Ken R uegsegger University of Applied Sciences Rapperswil (HSR), Switzerland 1/16/2012 Master seminar: Program

469 views • 36 slides
Automated Testing of Debian Packages Holger Levsen debian@layer-acht.org Lucas Nussbaum

Automated Testing of Debian Packages Holger Levsen debian@layer-acht.org Lucas Nussbaum

Introduction Lintian and Linda Rebuilding packages Piuparts Structuring QA Conclusion Automated Testing of Debian Packages Holger Levsen debian@layer-acht.org Lucas Nussbaum lucas@debian.org Holger Levsen and Lucas Nussbaum Automated

1.38k views • 31 slides
Multiple Sequence Alignment using Profile HMM based on Chapter 5 and Section 6.5 from

Multiple Sequence Alignment using Profile HMM based on Chapter 5 and Section 6.5 from

0. Multiple Sequence Alignment using Profile HMM based on Chapter 5 and Section 6.5 from Biological Sequence Analysis by R. Durbin et al., 1998 Acknowledgements: M.Sc. students Beatrice Miron, Oana R at oi, Diana Popovici 1. PLAN

728 views • 36 slides

More recommend