AADL Isolette Example!

Similar documents
Fault Tree Analysis (FTA) Kim R. Fowler KSU ECE February 2013

Nicolas H. Malloy Systems Engineer

CanSat Competition PDR and CDR Guide

Processes and Responsibilities. ERA ETCS Conference on Testing and Certification Lille March 29 th 2011

UNCLASSIFIED R-1 ITEM NOMENCLATURE

Keywords: Traditional Medical Monitoring, Questionnaire, Weighted Average, Remote Medical Monitoring, Vital Signs.

PREMATURE INFANT INCUBATOR ALERT SYSTEM VIA SMS

Request for Proposals Feasibility Study: Tidal Sector Service Barge/Drydock

Setting a new standard for performance, safety and simplicity

Mission Threads: Bridging Mission and Systems Engineering

Isolette TI500 Neonatal Transport

COMMON AVIATION COMMAND AND CONTROL SYSTEM

PROJECT LIFE RAFT DESIGNING A LOWER COST INFANT INCUBATOR

CSE255 Introduction to Databases - Fall 2007 Semester Project Overview and Phase I

Verification of Specifications Data Flow Diagrams (DFD) Summary. Specification. Miaoqing Huang University of Arkansas Spring / 28

Bridging the Care Continuum. BSM-3500 Series bedside monitors

Jaipur National University, Jaipur

The Schematic Design of the Ward Temperature Regulation Based on Computer Remote Control

HYDROELECTRIC COMMUNICATION TECHNICIAN I HYDROELECTRIC COMMUNICATION TECHNICIAN II Range B55/B75 BOD 7/12/2017

icardea Project: Personalized Adaptive Care Planner

Writing Grant Proposals in the Natural Resources Sciences

Proclets in Healthcare

Health Management Information Systems: Computerized Provider Order Entry

Server, Desktop, Mobile Platforms Working Group (SDMPWG) Dated

ELEMENTS OF REQUEST FOR MARITIME SECURITY TRAINING COURSE APPROVAL

DISTRIBUTION STATEMENT A

Provide Safe and Effective Medicines Management in Primary Care

The Verification for Mission Planning System

ADMINISTRATIVE REVIEWS AND TRAINING (ART) GRANTS PROGRAM Proposal Response Guidance

Methicillin resistant Staphylococcus aureus transmission reduction using Agent-Based Discrete Event Simulation

Using the Systems Engineering Method to Design A System Engineering Major at the United States Air Force Academy

Full IP. nursecall and notification

smart technologies Neonatal incubator from standard to intensive care

NORTH CENTRAL TEXAS COUNCIL OF GOVERNMENTS METROPOLITAN PLANNING ORGANIZATION REQUEST FOR PROPOSALS

Electronic Health Record (EHR) Data Capture: Hopes, Fears, and Dreams

ALICE Policy for Publications and Presentations

Quality ID #424 (NQF 2681): Perioperative Temperature Management National Quality Strategy Domain: Patient Safety

Proposal for a CG Educational Content Online Submission and Reviewing System

STATE OF ALASKA RFP NUMBER 2514H002 AMENDMENT NUMBER ONE

Public Health Outreach Project Description

Mission Profile Analysis

Briefing for Industry

Available online at ScienceDirect. Procedia Computer Science 86 (2016 )

CENTRE FOR DISTANCE EDUCATION ANNA UNIVERSITY :: CHENNAI ATTENTION STUDY CENTRES

GE Healthcare. Timeless exc ellence. CARESCAPE * V100 - Vital Signs Monitor

Joint Distributed Engineering Plant (JDEP)

Research on Application of FMECA in Missile Equipment Maintenance Decision

Check-Plan-Do-Check-Act-Cycle

FREEWAT modeling platform: software architecture and state of development Iacopo Borsi TEA SISTEMI SpA

Fundamentals of Health Workflow Process Analysis and Redesign: Process Analysis

REQUEST FOR QUALIFICATIONS AND REQUEST FOR PROPOSALS FOR ARCHITECTURAL SERVICES CROMWELL BELDEN PUBLIC LIBRARY TOWN OF CROMWELL, CONNECTICUT

Test and Evaluation Strategies for Network-Enabled Systems

Aerial Weapon Scoring System (AWSS) NDIA 49 th Annual Targets, UAVs, and Range Operations Symposium

Executive Summary. Northern Virginia District (NOVA) Smart Travel Program. Virginia Department of Transportation. December 1999

Embedded Training Solution for the Bradley Fighting Vehicle (BFV) A3

ABCA ANALYSIS HANDBOOK

ESATAN/FHTS, ThermXL & ESARAD Current Status

Risk themes from ATAM data: preliminary results

COMPANY CONSULTING Terms of Reference Development of an Open Innovation Portal for UTFSM FSM1402 Science-Based Innovation FSM1402AT8 I.

*TM &P INTRODUCTION PAGE 1-1

WARFIGHTER MODELING, SIMULATION, ANALYSIS AND INTEGRATION SUPPORT (WMSA&IS)

Monnal T75. Tailor-made breathing.

Department of Defense DIRECTIVE. SUBJECT: Electronic Warfare (EW) and Command and Control Warfare (C2W) Countermeasures

Lessons Learned with the Application of MIL-STD-882D at the Weapon System Explosives Safety Review Board

Integrating quality improvement into pre-registration education

Request for Proposals (RFP) # School Health Transactional System. Release Date: July 24, 2018

Avicena Clinical processes driven by an ontology

No. 1-35/IT/A & N /2009 Andaman and Nicobar Administration Information Technology *** PRESS NOTE

Best Practice Model Determination: Oxygenator Selection for Cardiopulmonary Bypass. Mark Henderson, CPC, CCP,

SPECIAL SPECIFICATION 1849 ATM Switch Single-Mode OC-12 Module

Joint Warfare System (JWARS)

Impact Grant Application COVER SHEET

OBJECT ORIENTED SYSTEM MODELLING

Mediprise Final Project Presentation

RFID-based Hospital Real-time Patient Management System. Abstract. In a health care context, the use RFID (Radio Frequency

Visitors report. Contents. Relevant part of the HCPC Register. Speech and Language therapist. Date of visit 8 9 November 2016

Sharp HealthCare Safety Training 2015 Module 3, Lesson 2 Always Events: Line and Tube Reconciliation and Guardrails Use

Begin Implementation. Train Your Team and Take Action

Clinical Mobility CSOHIMSS 2011 Slide 0 October 21, 2011 Health Care Quality, Security and HIE Synergy 2011

NURS 102: Introduction to Nursing & the Nursing Process

UNCLASSIFIED. FY 2017 Base FY 2017 OCO. Quantity of RDT&E Articles Program MDAP/MAIS Code: 493

Health Technology for Tomorrow

Future military operations will require close coordination and information sharing

Goals of System Modeling:

International Journal of Advance Engineering and Research Development

COMMISSION DIRECTIVE 2011/18/EU

Amy S. Dillon 12/1/2013. School of Southern New Hampshire University

Open Data as Enabler for ITS Factory

Specifications, Performance & Submittal

ATTACHMENT B. 1. Intent to Bid/Bidder Contact Information Form. 2. Executive Summary. 3. Proposal Characteristics and Term Sheet

THE INSTITUTION OF ELECTRONICS AND TELECOMMUNICATION ENGINEERS

Copyright, Joint Commission International. Tracer Methodology

Service Manual. WorkCentre Multifunction Printer. WC5016 WC5020 Black-and-white. Multifunction Printer

ANALOG DESIGN CONTEST RULES FOR UNIVERSITY OF TEXAS AT DALLAS

Standard operating procedures for the conduct of outreach training and supportive supervision

UNCLASSIFIED FY 2016 OCO. FY 2016 Base

2017 Procure-to-Pay Training Symposium 2

Army Ground-Based Sense and Avoid for Unmanned Aircraft

ELECTRONICS TECHNICIAN I ELECTRONICS TECHNICIAN II

FoodTech Calibration Software for Windows 98 and up

Transcription:

AADL Isolette Example! Safety Critical Software SAnToS Laboratory Kansas State University John Hatcliff, Brian Larson

Objectives Understand how the functional architecture of the Isolette example from the FAA Requirements Engineering Handbook can be represented in AADL Become comfortable with using various AADL tools to specify simple architectural models

Isolette Example Isolate Thermostat for an infant incubator The purpose of the Isolette Thermostat is to maintain the air temperature of an Isolette within a desired range. It senses the Current Temperature of the Isolette and turns the Heat Source on and off to warm the air as needed. The Isolate example will be used as the primary running example in our lectures.

AADL Package Packages are used to organize component interface specifications (component types) and their blueprints (component implementations) into libraries. package isolette public with Base_Types,iso_variables; end isolette; Name of a package that will hold both component types and implementations for the Isolette. This package will import from other packages definitions for basic AADL types and for variables/types used throughout the Isolette example.

AADL System To describe the top-level structure of the Isolette device, we use the AADL System component category system isolette end isolette; system implementation isolette.single_sensor subcomponents connections end isolette.single_sensor; Define the component type named isolette using a system component. In this case, we have no features on our component interface because we are defining a wrapper for the entire system.

AADL System To describe the top-level structure of the Isolette device, we use the AADL System component category system isolette end isolette; system implementation isolette.single_sensor subcomponents connections end isolette.single_sensor; Define a component implementation impl for the component type isolette. A component implementation specifies properties/structure (but usually not the complete details) of a components implementation. In this case, we will use the implementation construct to specify the subcomponents of the isolette and the connections (communication) between them.

AADL System Implementation In the system implementation, we can define subcomponents corresponding to the subcomponent identified in the Isolette conceptual architecture from the FAA REMH. system implementation isolette.single_sensor subcomponents thermostat : system thermostat_single_sensor.impl; temperature_sensor : device Devices::temperature_sensor.impl; heat_source : device Devices::heat_source.impl; operator_interface : system operator_interface.impl; connections end isolette.single_sensor Name each of the subcomponents and associate each with a component category and implementation (declared elsewhere). Note: we don t have a subcomponent for Air because air is an entity of the environment (not an entity of the system to be implemented). We can, if we choose, also model the environment with AADL. This will be addressed elsewhere.

Other Components Some components in our models will represent hardware whose details we may choose not to specify (in which case, we leave the implementation empty). device temperature_sensor features air : in data port Iso_Variables::current_temperature current_temperature : out data port Iso_Variables::current_temperature end temperature_sensor; device implementation temperature_sensor.impl end temperature_sensor.impl; We leave the implementation of a component unspecified by using an empty body.

AADL Ports Component interfaces (types) have features that capture capabilities and means of interaction made available to other components ( clients of the component type being declared). device temperature_sensor features current_temperature : out data port Iso_Variables::current_temperature end temperature_sensor; Declare a port name, category ( out, data ), and type for the data that will be communicated on that port. Note: we use the device category to model the Temperature Sensor component.

AADL Ports The Thermostat component has a number of ports to capture its communication potential. system thermostat_th features current_temperature : in data port iso_variables::current_temperature; heat_control : out data port iso_variables::on_off; lower_desired_temperature : in data port iso_variables::lower_desired_temperature; upper_desired_temperature : in data port iso_variables::upper_desired_temperature; lower_alarm_temperature : in data port iso_variables::lower_alarm_temperature; upper_alarm_temperature : in data port iso_variables::upper_alarm_temperature; regulator_status : out data port iso_variables::status; monitor_status : out data port iso_variables::status; display_temperature : out data port iso_variables::measured_temperature_range; alarm : out data port iso_variables::on_off; end thermostat_th; We will see later that related ports (e.g., all the ports capturing operator settings) can be bundled together in an AADL Feature Group which is a useful abstraction mechanism.

AADL Data Type Modeling As our modeling effort unfolds, we maintain a package containing data types defined specifically for the Isolette system. isolette.aadl package isolette public with Base_Types, iso_variables; end isolette; iso_variables.aadl package iso_variables public with Base_Types, Data_Model; --range of Lower Desired Temperature data lower_desired_range properties Data_Model::Real_Range => 97.0.. 99.0; Data_Model::Measurement_Unit => "Fahrenheit"; end lower_desired_range; --range of Display Temperature data measured_temperature_range properties Data_Model::Real_Range => 68.. 105; Data_Model::Measurement_Unit => "Fahrenheit"; end measured_temperature_range; end iso_variables;

AADL Data Type Modeling As our modeling effort unfolds, we maintain a package containing data types defined specifically for the Isolette system. system thermostat_th features current_temperature : in data port Iso_variables::current_temperature; heat_control : out data port Iso_variables::on_off; lower_desired_temperature : in data port Iso_variables::lower_desired_temperature; upper_desired_temperature : in data port Iso_variables::upper_desired_temperature; lower_alarm_temperature : in data port Iso_variables::lower_alarm_temperature; upper_alarm_temperature : in data port Iso_variables::upper_alarm_temperature; regulator_status : out data port Iso_variables::status; monitor_status : out data port Iso_variables::status; display_temperature : out data port Iso_variables::display_temperature_range; alarm : out data port Iso_variables::on_off; end thermostat_th; (excerpt from iso_variables.aadl) Declaration of the display_temperature_range type used in the port declaration above. --range of Display Temperature data current_temperature properties Data_Model::Real_Range => 68.0.. 105.0; Data_Model::Measurement_Unit => "Fahrenheit"; end current_temperature;

AADL Connections In the system implementation, we can define connections representing the communication between each of the subcomponents system implementation isolette.impl subcomponents connections ct : port temperature_sensor.current_temperature -> thermostat.current_temperature; hc : port thermostat.heat_control -> heat_source.heat_control; ldt : port operator_interface.lower_desired_temperature -> thermostat.lower_desired_temperature; udt : port operator_interface.upper_desired_temperature -> thermostat.upper_desired_temperature; lat : port operator_interface.lower_alarm_temperature -> thermostat.lower_alarm_temperature; uat : port operator_interface.upper_alarm_temperature -> thermostat.upper_alarm_temperature; rs : port thermostat.regulator_status -> operator_interface.regulator_status; ms : port thermostat.monitor_status -> operator_interface.monitor_status; dt : port thermostat.display_temperature -> operator_interface.display_temperature; al : port thermostat.alarm -> operator_interface.alarm; end isolette.impl; A connection relates the port of one component to the port of another, representing the communication between the two components via the specified ports. The ports must be compatible (e.g., with respect to port types). E.g., ct names the port communication for Current Temperature.

Continuing We can continue in this manner to specify the thermostat architecture following the presentation in the FAA REMH In the following slides, we will illustrate the Regulate Temperature function, and leave the completion of the Monitor Temperature function as an exercise.

Decomposing Thermostat The FAA REMH decomposes the Isolette into a Regulate Temperature function that actually implements the controls of the system and a Monitor Temperature function that implements a safety system that will generate an alarm when certain error conditions arise. Decomposing the Thermostat into Regulate Temperature and Monitor Temperature functions.

Decomposing Thermostat The component implementation for the thermostat reveals the decomposition. system implementation thermostat_th.impl subcomponents regulate_temperature : process regulate_temperature_mt.impl; monitor_temperature : process monitor_temperature_mt.impl; connections end thermostat_th.impl The Thermostat implementation reveals a decomposition to components representing the Regulate Temperature and Monitor Temperature functions.

Regulate Temperature Consider the description of the Regulate Temperature function from the FAA REMH. We will proceed to illustrate how the components, external communication, and internal communication are modeled.

Regulate Temperature Interface We will now consider the modeling of the Regulate Temperature function process regulate_temperature_mt features upper_desired_temperature : in data port Iso_variables::upper_desired_temperature; lower_desired_temperature : in data port Iso_variables::lower_desired_temperature; regulator_status : out data port Iso_variables::status; displayed_temp : out data port Iso_variables::display_temperature_range; current_temperature : in data port Iso_variables::display_temperature_range; heat_control : out data port Iso_variables::on_off; end regulate_temperature_mt; Use an AADL process component category to indicate that the address space of Regulate Temperature is separate from that of Monitor Temperature. Declare a port for each type of external communication (for each data flow to/from the module)

Regulate Temperature Impl The internal function and data flows for Regulate Temperature specified in the FAA REMH are reflected in the component implementation process implementation regulate_temperature.impl subcomponents manage_regulator_interface : thread manage_regulator_interface_mri.impl; manage_heat_source : thread manage_heat_source_mhs.impl; manage_regulator_mode : thread manage_regulator_mode_mrm.impl; connections end regulate_temperature.impl; Declare a thread for each of the three functions of the Regulate Temperature component.

Regulate Temperature Impl The internal function and data flows for Regulate Temperature specified in the FAA REMH are reflected in the component implementation process implementation regulate_temperature_mt.impl subcomponents manage_regulator_interface : thread manage_regulator_interface_mri.impl; manage_heat_source : thread manage_heat_source_mhs.impl; manage_regulator_mode : thread manage_regulator_mode_mrm.impl; connections rudt : port upper_desired_temperature -> manage_regulator_interface.upper_desired_temp; rldt : port lower_desired_temperature -> manage_regulator_interface.lower_desired_temp; mudt : port upper_desired_temperature -> manage_heat_source.upper_desired_temperature; mldt : port lower_desired_temperature -> manage_heat_source.lower_desired_temperature; rrs : port manage_regulator_interface.regulator_status -> regulator_status; rdt : port manage_regulator_interface.displayed_temp -> displayed_temp; rcti : port current_temperature -> manage_regulator_interface.current_temperature; rcth : port current_temperature -> manage_heat_source.current_temperature; rhc : port manage_heat_source.heat_control -> heat_control; rdr : port manage_regulator_interface.desired_range -> manage_heat_source.desired_range; rrmh : port manage_regulator_mode.regulator_mode -> manage_heat_source.regulator_mode; rrmi : port manage_regulator_mode.regulator_mode -> manage_regulator_interface.regulator_mode; rctm : port current_temperature -> manage_regulator_mode.current_temperature; rif : port manage_regulator_interface.interface_failure -> manage_regulator_mode.interface_failure; end regulate_temperature_mt.impl; Note: The two desired temperature arcs in the subsystem are broken out into upper/lower values (so we end up with 14 connections compared to 12 arcs in the original diagram.

Manage Heat Source The Manage Heat Source function turns the heating element on/off based on the current temperature and the desired temperature range. thread manage_heat_source_mhs features heat_control : out data port Iso_Variables::on_off current_temperature : in data port Iso_Variables::current_temperature lower_desired_temperature : in data port Iso_Variables::lower_desired_temperature upper_desired_temperature : in data port Iso_Variables::upper_desired_temperature regulator_mode : in data port Iso_Variables::regulator_mode end manage_heat_source_mhs; thread implementation manage_heat_source_mhs.impl end manage_heat_source_mhs.impl; Note: we do not describe the details of the component at this point in development.

Manage Regulator Interface The Manage Regulator Interface function implements the interaction with the operator interface. thread manage_regulator_interface_mri features regulator_status : out data port Iso_Variables::status lower_desired_temp : in data port Iso_Variables::lower_desired_temperature upper_desired_temp : in data port Iso_Variables::upper_desired_temperature current_temperature : in data port Iso_Variables::current_temperature displayed_temp : out data port Iso_Variables::measured_temperature_range regulator_mode : in data port Iso_Variables::regulator_mode interface_failure : out data port Base_Types::Boolean end manage_regulator_interface_mri; thread implementation manage_regulator_interface_mri.impl end manage_regulator_interface_mri.impl;

Manage Regulator Mode The Manage Regulator Mode function determines the operating mode (Normal, Failure) of the Regulate Temperature function thread manage_regulator_mode_mrm features regulator_mode : out data port Iso_Variables::regulator_mode current_temperature : in data port Iso_Variables::current_temperature interface_failure : in data port Base_Types::Boolean internal_failure : in data port Base_Types::Boolean end manage_regulator_mode_mrm; thread implementation manage_regulator_mode_mrm.impl end manage_regulator_mode_mrm.impl; Note: we add a notion of interface failure (not specified in the REMH) to the notion of internal failure

AADL Data Type Modeling A separate package of data types is maintained for modeling data values communicated between Isolette components. Data types are defined using AADL data components. The name lower_desired_range can be used as a type in other sections of the AADL Isolette model. iso_variables.aadl package iso_variables public with Base_Types, Data_Model; We can use properties defined in the AADL Data Model to specify range constraints and units. --range of Lower Desired Temperature data lower_desired_range properties Data_Model::Real_Range => 97.0.. 99.0; Data_Model::Measurement_Unit => "Fahrenheit"; end lower_desired_range; --range of Display Temperature data display_temperature_range properties Data_Model::Real_Range => 68.0.. 105.0; Data_Model::Measurement_Unit => "Fahrenheit"; end display_temperature_range; end iso_variables;

Summary AADL is a natural vehicle for formalizing architectural elements introduced in the FAA REMH methodology. Applying AADL to the Isolette system, we are able to model: Components Interfaces Implementations (nested component structures) Communication between components In subsequent lectures, we will explore additional topics: Using BLESS to define component behaviors and behavioral constraints on components Using the AADL Error Annex to model sources and propagation of errors within the Isolette.

For You To Do Starting from the incomplete AADL model in the files isolette.aadl and iso_variables.aadl Give component types and implementations for the temperature sensor and heat source components Add data definitions corresponding to four definitions of variables in the internal variables Table A-12. lower_alarm_temp upper_alarm_temp alarm_range monitor_mode Give all the AADL definitions necessary to model the Monitor Temperature Function Make sure your models are syntactically correct by editing them in the OSATE AADL tool.

Acknowledgements The material in this lecture is based on The Isolette example used in the FAA DOT/FAA/AR-08/32, Requirements Engineering Management Handbook. David L. Lempia & Steven P. Miller. Various AADL tutorials available on the AADL website. Thanks to Brian Larson for constructing the AADL model of the Isolette used in this lecture.

2024 © careersdocbox.com Privacy Policy | Terms of Service | Feedback