Upload
sebastian-fletcher
View
225
Download
0
Tags:
Embed Size (px)
Citation preview
CS Communication & Systèmes – Charte 20101
SCADE tools
SCADE System
SCADE Suite
SCADE Display
SCADE development modules
CS Communication & Systèmes – Charte 20102
Model Based Development With SCADE Tools
CS Communication & Systèmes – Charte 20103
SCADE SYSTEM
• a system architecture design and modeling tool that allows system engineers to model the design of system components and structure using SysML block diagrams.
• allows to extract parts of the main system model and exchange these subsystem software models with development teams.
• Software teams can then work on the subsystem software design with SCADE Suite.
• Comparison of system model versions is facilitated when the subsystem software model is reintegrated into the main system model
• SCADE LifeCycle Reporter allows systems engineers to automatically generate up-to-date documentation at any point in the development cycle.
CS Communication & Systèmes – Charte 20104
SCADE Suite
• With native integration of the Scade language and its unified formal notation, SCADE Suite is the unique integrated design environment for critical applications spanning
•requirements management,•model-based design,•simulation, •verification, •qualifiable/certified code generation,
•and interoperability with other development tools and platforms
CS Communication & Systèmes – Charte 20105
SCADE SuiteIntegrated Data Flow and SSM editors
CS Communication & Systèmes – Charte 20106
SCADE SuiteSimulator
CS Communication & Systèmes – Charte 20107
SCADE Display
• SCADE Display is a flexible graphics design and code generation tool suite for the development of safety-critical embedded display systems.
• native support of the OpenGL SC standard, SCADE Display is the new generation display framework, spanning
•prototyping, •display design, •simulation, •verification & validation, •DO-178B certified code generation for level A software and
•smooth integration with other applications.
• tightly coupled with SCADE Suite® enabling unprecedented visibility from the deployed application to the end-user displays.
CS Communication & Systèmes – Charte 20108
SCADE Suite& DISPLAY for SW development
CS Communication & Systèmes – Charte 20109
SW design Process with SCADE Suite & Display
CS Communication & Systèmes – Charte 201010
SW Coding Process with SCADE Suite & Display
CS Communication & Systèmes – Charte 201011
SCADE SCOPE
CS Communication & Systèmes – Charte 201012
SCADE code integration
CS Communication & Systèmes – Charte 201013
Typical SW architecturefor graphics
CS Communication & Systèmes – Charte 201014
Timing Verifier integration in SCADE Suite
CS Communication & Systèmes – Charte 201015
RT Vizu of SW Spec
CS Communication & Systèmes – Charte 201016
ACG & Certification
CS Communication & Systèmes – Charte 201017
Typical SW life-Cyclewithin D0178 context
CS Communication & Systèmes – Charte 201018
Abbreviations
SNCC =système numérique de contrôle commande
DCS= Digital Control System?
SIF=Safety Instrument Function
OSHA=Occupational Safety & Health Administration
EPA=Environmental Protection Agency
ISA= Instrumentation Systems and Automation Society
IEC= International Electrotechnical Commission
TMR = Triplicated Modular Redundant
PLC = programmable logic Controller
FMECA=Failure Mode, Effects, and Criticality Analysis
AMDEC=Analyse des Modes de Défaillance, Effets et Criticité
SNCC =système numérique de contrôle commande
DCS= Digital Control System?
SIF=Safety Instrument Function
OSHA=Occupational Safety & Health Administration
EPA=Environmental Protection Agency
ISA= Instrumentation Systems and Automation Society
IEC= International Electrotechnical Commission
TMR = Triplicated Modular Redundant
PLC = programmable logic Controller
FMECA=Failure Mode, Effects, and Criticality Analysis
AMDEC=Analyse des Modes de Défaillance, Effets et Criticité
CS Communication & Systèmes – Charte 201019
SCADE at Airbus
contents
CS Communication & Systèmes – Charte 201020
System Modelling & Verification
(SCADE Airbus)
CS Communication & Systèmes – Charte 201021
SW Coding & Testing(SCADE Airbus)
CS Communication & Systèmes – Charte 201022
A350 XWB Large interchangeable
displays
CS Communication & Systèmes – Charte 201023
Simulator Architecture(Ansaldo)
CS Communication & Systèmes – Charte 201024
SCADE at Thales
contents
CS Communication & Systèmes – Charte 201025
Projects using SCADEThalesTHALES is leader in Cockpit
Interactive Solutions
AIRBUS A380 Cockpit Project developped by THALES
CS Communication & Systèmes – Charte 201026
Projects using SCADEThales
CS Communication & Systèmes – Charte 201027
Projects using SCADEThales
CS Communication & Systèmes – Charte 201028
Why SCADE(Thales)
text
CS Communication & Systèmes – Charte 201029
SCADE at AREVA
contents
CS Communication & Systèmes – Charte 201030
AREVA Organisation
CS Communication & Systèmes – Charte 201031
Why SCADE(Areva)
Adapted to our deployed development process SCADE formalism (node and data flow) is equivalent to the
Structured Analysis SA-RT/SD method used at AREVA TA (Structured Analysis, Structured Design)
Understood by both system and software engineers Improvement of mutual comprehension is required by the IEC60680:2006 standard
Supporting our generic design policy
SCADE cycle-based language is well adapted to the way embedded safety-critical software are designed at AREVA TA
Easier to reach SIL4 than with the former classic development method SCADE simulator : early detection of errors in specification
SCADE KCG : no unit testing at code level
Less expensive deployment than other formal methods Only one week to design with the principal SCADE functions
Improved software validation Formal proof techniques are enabled
CS Communication & Systèmes – Charte 201032
SCADE integration in dev Process(AREVA)
SIL4 developments (and some SIL0)
SCADE modelling of system specification : Definition of Interface functions and data flow between functions
Traceability links between requirement specification and functions, using SCADE RM Gateway
Functions allocation to subsystems
Software SCADE Design : Software architecture design inherit from system model
Refinement of requirement allocated to functions,
Design of each function
SCADE 6 : SSM and map/fold
Restricted uses of imported node (efficiency or SCADE limits, reuse legacy code)
V&V Check of modelling rules
Check of requirements
Node and function testing (Uses of SCADE Simulator and SCADE MTC),
Integration and validation testing (on host machine prior to on-target)
System integration and validation testing (on host machine prior to final equipment)
Version control: distributed SCADE model development.
CS Communication & Systèmes – Charte 201033
System Modelling with SCADE (AREVA)
Requirements modelling
Physical and safety allocation of requirements
Interfaces of each subsystem with its environment
Traceability with functional specification (RM Gateway)
CS Communication & Systèmes – Charte 201034
SW Design with SCADE (AREVA)
Refine the subsystems models (node and data flow) into full software architecture
In the EN50128 process: Software Requirement and architecture specification (generated with the reporter function)
Refine design to terminal node (full SCADE or imported)
In the EN50128 process: Software and module design
Use of KCG for code generation In the EN50128 process: Code
Non SIL4 designer tests with simulator
Good AREVA TA practice to improve model quality before V&V
CS Communication & Systèmes – Charte 201035
System & SW Design Validation(AREVA)
The various V&V activities are:
Requirement-based tests specification Tests scenarios : Define inputs and the waited output for all requirement in
document and in tests files,
Automatic launch of validation tests Compute the test, play the test and verify the outputs against the expected
result
Automatic tests reporter with AREVA TA tools
Analysis of the test coverage score with SCADE MTC
CS Communication & Systèmes – Charte 201036
System & SW Design Validation(AREVA)Different simulations can be chosen:
SCADE graphic simulator: Well suited to verify node during the design
Cannot be used in an automatic test bench
Interface is poor to achieve system testing with massive number of I/Os
“Command line” mode: Same mode as the graphic one but with TCL language elements
(functions and comments)
Harder to use than graphical mode
TCL script: Use of TCL instruction sequence to initialise input, verify waited
values of outputs, increase cycle, flatten structure or array types, …
Use TCL programming power: loop, generic sub-functions, …
TCL scenario script can be call by another script; thus a « launcher » can sequence the scenarios.
All I/O transitions can be recorded
External simulator calling SCADE via a DLL interface Equivalent to TCL script but harder to use (continuity, support, …)
Test bench based on TCL scripts to check check all software componentFor each component :
•Rebuild for each component a test program
•Play scenario and compare outputs to expected values,
•Generate a log file with principal script step information.
•Generate a log file with the history of the I/O transitions.
For all the components :•Compute an HTML report of validation with
• A link to log files, • A validation success rate,• A global model test coverage
score
CS Communication & Systèmes – Charte 201037
Research Infrastructure(DLR)
CS Communication & Systèmes – Charte 201038
Development Process(DLR)
Integrated development process for the entire research infrastructure
Stimulated by:Automatic launch of validation tests
Domain-Engineering(e.g. virt. institute DeSCAS)
Requirements Engineering (e.g. EU-Project CESAR)
Service oriented architectures (SOA)
Model-based development(e.g. SCADE)
CS Communication & Systèmes – Charte 201039
Dominion Project(DLR)
CS Communication & Systèmes – Charte 201040
SCADE at ASTRIUM
contents
CS Communication & Systèmes – Charte 201041
Dev Life-Cycle(ASTRIUM)
CS Communication & Systèmes – Charte 201042
Formal proofs on the ATV safety Software
(ASTRIUM)
The LESAR tool is developed by the VERIMAG laboratory
Example of proven properties Specification of the environment by “regular expressions”
• cam_arm( on, arm, cam_cmd, tc, hltc ) =prefix( [-on, -arm, -cam_cmd, -tc, -hltc]*.[ on, -arm, -cam_cmd, -tc, -hltc].[-on, -arm, -cam_cmd, -tc, hltc]*.~~ ) ;
Properties
A “red button” implies eventually a CAM triggering before 4 cycles
• Real time property
The two MSU chains can not triggered both a CAM at the same time
• Mutual exclusion property
the same results has now been reached with Prover)
CS Communication & Systèmes – Charte 201043
SCADE at POSCON
contents
CS Communication & Systèmes – Charte 201044
PSD System Diagram(POSDOM)
CS Communication & Systèmes – Charte 201045
PSD System Diagram(POSDOM)
CS Communication & Systèmes – Charte 201046
Development Process to Achieve SIL 3
RAMS System Life-Cycle
CS Communication & Systèmes – Charte 201047
Development Process to Achieve SIL 3PSD RAMS H/W Management
CS Communication & Systèmes – Charte 201048
Development Process to Achieve SIL 3PSD RAMS S/W Development(V Model method)
CS Communication & Systèmes – Charte 201049
Development Process to Achieve SIL 3PSD RAMS Project Output
CS Communication & Systèmes – Charte 201050
SCADE at Liebherr
Contents
Connecting the neutral SCADE model with the global PLC data
CS Communication & Systèmes – Charte 201051
SCADE for SIL2 systemsLiebherr
Connecting the neutral SCADE model with the global PLC data
CS Communication & Systèmes – Charte 201052
PME1 control system(LiebHerr)
Central Intelligence
Distributed IOs
Real Time CAN Protocol
Single synchronous Application Task
Safety Level until SIL2
Massive reuse of software modules
text
CS Communication & Systèmes – Charte 201053
PME1 link data flow(LiebHerr)
Interface Config file with all variables of PLC system
Clear Separation of responsibilities between Liebherr and Esterel
Generates New textual operator “Integration Toplevel”
Special C-Code with mappings
liebherr
SCADE
CS Communication & Systèmes – Charte 201054
SCADE at Siemens
Contents
CS Communication & Systèmes – Charte 201055
From SysML to SCADE: SCADE system designer Siemens
SysML: Architecture
Different views
• communications
• deployment
• use cases
SCADE: Design language
Embedded control
Simulation
CS Communication & Systèmes – Charte 201056
Timing analysis and SCADESiemens
Timing analysis
WCET computation
Communication architecture – do we meet our timing requirements?
What is the impact of different architecture alternatives regarding timing?
Deeper understanding of system performance characteristics
CS Communication & Systèmes – Charte 201057
Model-based worst-case timing approachSiemens
Abstract model of resources, processes, scheduling policies and communication pathways
CS Communication & Systèmes – Charte 201058
Elicitation of system behavior by modeling Siemens
CS Communication & Systèmes – Charte 201059
Model-based penetration into an existing target
system architecture Siemens
SCADE Components
CS Communication & Systèmes – Charte 201060
SCADE at Invensys
Contents
(Railway-TDMS (Train Data Mngt System))
CS Communication & Systèmes – Charte 201061
TDMS Architectural Principals
Simple Partitioning Invensys
CS Communication & Systèmes – Charte 201062
SCADE TDMS Development: TDMS Partitioning - Partitions
InvensysStandard interface
Communicate via Ports
Partition mode
Application Partitions
System Partitions
Similar to ARINC 653
Fault Handling
Dual Redundant for availability
Adapt by Adding/Removing Features/Partitions
Requires agility
CS Communication & Systèmes – Charte 201063
SCADE TDMS Development:Project Process: Evolved Agile Feature Driven
Approach
CS Communication & Systèmes – Charte 201064
SCADE at KEPCO
Contents
SCADE for ISODE ( Integrated SW Dev Env) for NP Systems
CS Communication & Systèmes – Charte 201065
ISODE Overview KEPCO
CS Communication & Systèmes – Charte 201066
ISODE Overview KEPCO
CS Communication & Systèmes – Charte 201067
Validation and Verification Process TEPCODesign Verifier
A property is implemented in a SCADE node called an Observer.
As inputs, it receives the values the property focuses on.
It has one output, which is true if and only if the property is true
CS Communication & Systèmes – Charte 201068
Automatic Documentation Generation TEPCO
CS Communication & Systèmes – Charte 201069
Target Importing Process TEPCO
CS Communication & Systèmes – Charte 201070
Target Importing Process TEPCO
CS Communication & Systèmes – Charte 201071
PPS Application-Bistable Module TEPCO
CS Communication & Systèmes – Charte 201072
PPS Application-Coincidence Module TEPCO
CS Communication & Systèmes – Charte 201073
title