

## Ellidiss Technologies

https:/www.ellidiss.com

Methods and Tools for critical software development

- HOOD design tools in use for major European aerospace projects:
  - Eurofighter/Typhoon; Airbus A380, A350, A400M, Tiger, European Robotic Arm for the ISS, ...
- AADL Modeling and Verification tools:
  - Stood for AADL: design process and graphical editor
  - AADL Inspector: static, real-time, safety and security analysis
  - Visual Studio Code extension for AADL
- In-house or collaborative R&D projects
  - Model processing technologies (LMP)
  - European Space Agency (TASTE)
  - H2020 (Space Robotics)









### Visual Studio Code Extension for AADL

https://marketplace.visualstudio.com/items?itemName=Ellidiss.aadl-ellidiss





### AADL 2.3

https://www.sae.org/standards/content/as5506d

- SW Architectural Analysis and Design Language.
  - Embedded and critical software (aerospace, transportation, medical, ...).
  - Supports multi-thread, multi-partitions, multi-core, multi-processor architectures
  - Core language with optional annexes (behavior, safety, security,...)
  - Supported by a variety of tools (open-source and commercial)
- Digital workflow continuity for SW intensive systems.
  - Need to bridge AADL:
    - Upstream with system engineering (FACE<sup>©</sup>, SysML, Capella, ...)
    - Downstream with source code and platform deployment (Ada, C, RTOS, middleware, ...)
  - Existing connections between SysML v1 and AADL
    - AADL profiles for SysML v1
    - SysML v1 to AADL transformation



## SysML v2 (System Modeling Language)

https://www.omgsysml.org/SysML-2.htm https://github.com/Systems-Modeling/SysML-v2-Release

- A few interesting topics in SysML v2:
  - Standardized textual representation.
    - Better interoperability (between humans and tools).
    - Better scalability
    - Better integration within development environments (e.g. svn, git)
  - Support of instance models.
    - Deeper static and dynamic analysis.
  - Extensible by domain libraries (Instead of UML profiles)
    - Portable: no need for tool-specific extension.
    - Flexible: easy to configure and maintain.
- This work introduces a SysML v2 Domain Library for AADL (work in progress)



### Illustrative AADL Example

Syntactic comparison of an AADL example and its SysML representation. One system with 1 processor, 1 process and 2 communicating threads.





## System and processor

#### SysML Parts and part definitions for AADL components.

#### Use of specialization of pre-defined System, Processor, ... part definitions.

```
package ex1 pkg public
                                                                     package ex1 pkg {
                                                                      import AADL::*;
 with Base Types;
 renames data Base Types::Integer;
                                                                      import ScalarValues::Integer;
system ex1 end ex1;
                                                                     part def ex1 specializes System;
                                                                     part def 'ex1.i' specializes ex1,
system implementation ex1.i
subcomponents
                                                                     SystemImplementation {
 hw : processor hw {
                                                                      part hw: Hw {
  Scheduling Protocol => (Rate Monotonic Protocol);
                                                                       redefines Scheduling Prototol = Rate Monotonic Protocol;
 };
 sw : process sw.i;
                                                                      part sw: 'sw.i';
properties
 Actual Processor Binding =>
                                                                      allocation sw to hw: Actual Processor Binding
  (reference(hw)) applies to sw;
                                                                        allocate sw to hw;
end ex1.i;
processor hw end hw;
                                                                     part def Hw specializes Processor;
```

#### AADL



**SysML** 

## Process first part

#### Use of SysML ports for AADL data port. Redefinition of SysML properties for AADL properties.

| process sw                        | part def sw specializes Process {                         |
|-----------------------------------|-----------------------------------------------------------|
| features                          |                                                           |
| i1 : <b>in data port</b> Integer; | in port i1: IntegerPort;                                  |
| o1 : out data port Integer;       | out port o1: IntegerPort;                                 |
| end sw;                           | }                                                         |
|                                   |                                                           |
| process implementation sw.i       | part def 'sw.i' specializes sw, ProcessImplementation     |
| Subcomponents                     | {                                                         |
|                                   |                                                           |
| th1 : thread t {                  | part th1: t {                                             |
| Dispatch_Protocol => Periodic;    | redefines Dispatch_Protocol = Periodic;                   |
| Period => 50ms;                   | <b>redefines</b> Period = 50 [ms];                        |
| Deadline => 50ms;                 | :>> Deadline = 50 [ms];                                   |
| Compute_Execution_Time => 2ms2ms; | <pre>:&gt;&gt; Compute_Execution_Time = 2[ms]2[ms];</pre> |
| };                                | }                                                         |

#### AADL



**SysML** 

## Process final part and thread

#### Named connections with redefined properties.

AADL Thread as specialization of SysML Thread part definition.

```
th2 : thread t { ... };
connections
 c1 : port i1 -> th1.i1;
 c2 : port th1.o1 -> th2.i1 {
  Timing => Sampled;
 };
 c3 : port th2.o1 -> o1;
end sw.i;
thread t
features
i1 : in data port Integer;
 o1 : out data port Integer;
end t;
end ex1 pkg;
```

```
part th2: t { ... }
```

```
connection c1: AADL::Connection
connect i1 to th1.i1;
connection c2: AADL::Connection
connect th1.o1 to th2.i1 {
  redefines Timing = Sampled;
  }
connection c3: AADL::Connection
```

```
connect th2.o1 to o1;
```

```
part def t specializes Thread {
```

```
in port i1: IntegerPort;
out port o1: IntegerPort;
```









# AADL Domain Library (1): Components and Features

SysML part defs for AADL component types and implementations.



# AADL Domain Library (2): Categories composition rules

#### Enforce composition constraints with SysML type system.

**SysML** 







## AADL Domain Library (3): others

#### AADL Connections

in port operand1 : FloatPort;
part calculator {
 out port i1: FloatPort;
}
connect (operand1, calculator.i1);

#### • AADL Properties

redefines Dispatch\_Protocol = Sporadic; redefines Deadline = 10 [ms];

#### • AADL Hardware/Software mapping

part cpu : CPU { redefines Scheduling\_Prototol = AADL::RM; }
part app: App;
allocation processes: AADL::Actual\_Processor\_Binding
allocate app to cpu;

#### • AADL Behaviour Specifications

state b: Behaviour {
 entry; then idle;
 state idle;
 accept Event via e1 do send 2 to o then idle;
}



## Work in progress

- Existing mapping elements should be evaluated considering both AADL and SysML v2 semantic rules.
- Evaluation of alternate mapping solutions:
  - Using attributes and attributes definitions for AADL Data instead of parts.
  - Using action and action definitions for AADL Subprograms instead of parts.
- AADL Abstract components and abstract Features have not been translated for now
  - Generic SysML v2 Parts and Ports may be well suited for that.
- Definition of a proper mapping for the other AADL constructs is in progress and subject to discussions.
- Development of SysML v2 parser/unparser components for the LMP toolbox to enable use of AADL Inspector processing tools for SysML v2 models





- Making the path between System Engineering and Software Engineering more seamless is a key issue to improve the continuity of the digital workflow.
- SysML v2 comes with a new modelling style (textual notation, domain libraries) that makes it more compatible with AADL.
- Current discussions within the standardization committees (SAE, OMG), as well as practical experiments with existing AADL tools, will determine the future of this approach.

