Engineering Railway Systems with an Architecture-Centric Process - - PowerPoint PPT Presentation

engineering railway systems with an
SMART_READER_LITE
LIVE PREVIEW

Engineering Railway Systems with an Architecture-Centric Process - - PowerPoint PPT Presentation

Jul 31, 2023 34 likes •240 views

Engineering Railway Systems with an Architecture-Centric Process Supported by AADL and ALISA: an Experience Report Paolo Crisafulli , Dominique Blouin, Francoise Caron, Cristian Maxim ERTS 2020 30/1/2020 1 Context: ETCS on-board and EVC

slide-1
SLIDE 1

Engineering Railway Systems with an Architecture-Centric Process Supported by AADL and ALISA: an Experience Report

ERTS 2020 – 30/1/2020

1

Paolo Crisafulli, Dominique Blouin, Francoise Caron, Cristian Maxim

slide-2
SLIDE 2

Context: ETCS on-board and EVC

2

ERTMS: European Rail Traffic Management System ETCS: European Train Control System EVC: European Vital Computer

slide-3
SLIDE 3

AADL - Architecture Analysis and Design Language

3

slide-4
SLIDE 4

Our journey with AADL

4

TMR Design Model Requirements (Free text) Model Analyses Structured Requirements Model Verification Analyses Tests

Traceability

Prototype Scheduling Profiling / Budgets

  • Expressivity: TMR
  • Performance

Analyses: RT

  • Traceability and

requirements verification

  • Prototyping
  • Model refinement
slide-5
SLIDE 5

AADL Model: Software

5

slide-6
SLIDE 6

AADL Model: Hardware

6

slide-7
SLIDE 7

AADL Model: Bindings

7

slide-8
SLIDE 8

Some requirements for the EVC

Focus on performance requirements verification:

  • Latency < 300 ms
  • Incoming messages <= 1000 msg/s
  • Safety and availability:
  • THR of 0.67 x 10-9 dangerous failures/hour
  • 2oo3 (aka TMR) design
  • Verify some 2oo3 design constraints
  • Same threads shall run on each board
  • Boards shall be of the same model
  • Design rules (reusable good practices)
  • All input and output ports, physical or logical, shall be connected.
  • All threads shall be periodic

8

slide-9
SLIDE 9

Our journey with AADL

9

TMR Design Model Requirements (Free text) Model Analyses Structured Requirements Model Verification Analyses Tests

Traceability

Prototype Scheduling Profiling / Budgets

  • Expressivity
  • Performance

Analyses

  • Requirements

traceability and verification

  • Prototyping
  • Model refinement
slide-10
SLIDE 10

ALISA - Concepts and organisation

10 Organisation Stakeholders Goals Requirements Requirements Requirements AADL Package AADL classifier Property Set Verification plan Activities Osate plugins Resolute claim Java code Junit test plan AGREE Assurance Case Assurance Plan(s) Assurance Task(s)

Requirements Model Verification

slide-11
SLIDE 11

11

EVC Requirements - ALISA

slide-12
SLIDE 12

Iterative incremental approach with AADL

12

Design Model Requirements (Free text) Model Analyses Structured Requirements Model Verification Analyses Tests

Traceability

Prototype Scheduling Profiling / Budgets

  • Expressivity
  • Performance

Analyses

  • Requirements

traceability and verification

  • Prototyping
  • Model refinement
slide-13
SLIDE 13

Towards an agile engineering process

  • This tooling works fine for standalone development
  • How do we scale in requirements and team size ?
  • Incremental development (versions history)
  • Non regression
  • Keep track of verification results and KPIs

13

  • (Re)use the continuous integration paradigm
  • Define ALISA requirements for major design

and implementation choices

  • KPI Charts
slide-14
SLIDE 14

Building blocks

1 4

Git/Repo

Versioning system for the comprehensive source of all artifacts: ▪ Requirements ▪ Models and Code ▪ Verification activities ▪ Dockerfiles

Jenkins

Continuous integration Triggers verification check on any change to the artifacts

Osate/ALISA/AADL Inspector

AADL parsing, analysis and verification platform

Docker

Container platform Configuration management of the development, build and test environments

slide-15
SLIDE 15

Non regression: Verify requirements, design choices, implementation choices

Design TMR: all functions shall be redounded Requirements EVC response time shall be < 300 ms Implementation Divide pipeline period into 3 subperiods

slide-16
SLIDE 16

Keep track of the KPIs

16

slide-17
SLIDE 17

How it looks: build history

17

slide-18
SLIDE 18

How it looks: verification and performance history

18

slide-19
SLIDE 19

Conclusions

  • A showcase of how AADL and ALISA can support an agile architecture-centric

engineering process for a typical embedded system in the railway domain:

  • The continuous verification maintains the design within the solution space shaped by the set of

requirements

  • The KPIs computation and charting qualify, in terms of performance, its evolution and alternatives
  • ver time.
  • ALISA is currently still under stabilization, hence its usage cannot be

recommended for an engineering team facing hard delivery deadlines.

  • Nevertheless, this experiment illustrates where the AADL ecosystem of

companion languages and development environments is standing, opening the way to agile engineering of highly constrained systems, such as critical systems requiring a certification process.

  • Additional work: link to the overall system engineering process, SysCon 2020

19

slide-20
SLIDE 20

Thank you!

20