



# Model-Based System and Software Analysis and Development Tools

Gui Goretkin  
Senior Application Engineer – ANSYS SCADE  
[guilherme.goretkin@ansys.com](mailto:guilherme.goretkin@ansys.com)

Thierry Le Sergent  
SCADE Architect Product Manager  
[Thierry.lesergent@ansys.com](mailto:Thierry.lesergent@ansys.com)

October 2019



# Content

- AADL is not an island !
- SCADE solution for AADL

# AADL is not an island !



# AADL is not an island !



# AADL is not an island

## *Bridges with the other models*

- Possible means
  - A. **Traceability between objects**
    - Supported by most tools
    - Allows for completion checks
  - B. **“Allocations” between objects**
    - Straightforward when several kind of models supported in the same tool
    - Ease checks, tables, reports, ...
  - C. **“Synchronization” of models**
    - Automated model transformation where it make sense
    - Example:
      - AADL - FACE mapping specified in AADL FACE Annex
      - SW Architecture components - SCADE Suite operators
- **SCADE Architect supports all these means**

# SCADE capabilities for MBSE workflows





# SCADE solution for AADL

- AADL is an SAE International standard dedicated to **real-time embedded systems**
  - Modeling **software and hardware resources for V&V**
  - Powerful Property Sets extension concept
- AADL Support with SCADE
  - **Full compatibility with AADL v2.2 standard**
    - Allows for legacy models import
    - Allows for export to third party analyzers
  - **Easy to use**
    - AADL expressiveness simplified: just concrete components
    - Nice graphical interface & diagrams
  - **Benefit from SCADE tools ecosystem**
    - Bi-directional synchro with SCADE Suite for SW component development, verification & certification
    - Traceability through SCADE ALM gateway
    - Same IDE as for SysML and FACE modeling (mixed designed supported)

# SCADE solution for AADL: graphical interface & diagrams



# SCADE solution for AADL: ease of use

- Support for AADL “instance-based modeling”: much simpler model understanding



# Import AADL files in SCADE AADL

1. Merge component type and implementation in a single object
2. SCADE Architect replication mechanism for immediate instantiation of components.

```
subprogram SP
  features
    p : in parameter Base_Types::Boolean;
  end SP;

thread T
  features
    f: in data port Base_Types::Unsigned_16;
  end T;

thread implementation T.impl
  subcomponents
    func: subprogram SP;
  end T.impl;

process P
end P;

process implementation P.impl
  subcomponents
    thread1 : thread T.impl;
    thread2 : thread T.impl;
  end P.impl;
```



# Case study

A simple self-driving car example. "AADL In Practice", Julien Delange: <http://www.aadl-book.com>



# Case study

- Export self-driving car example from SCADE AADL to textual aadl file

```
end T;
package aadlbook::integration
public
  with aadlbook::platform;
/cut
  system implementation integration_functional.Impl
    subcomponents
      image_acquisition: process aadlbook::software::image_acquisition::image_acquisition.Impl;
      obstacle_detection: process aadlbook::software::obstacle_detection::obstacle_detection.Impl;
/cut
    connections
      c21: port tire_pressure.pressure -> panel_controller.tire_pressure_in;
      c04: port wheel_sensor.speed -> speed_voter.wheel_sensor;
/cut
    flows
      radar_to_brake: end to end flow obstacle_radar.f0 -> c02 -> obstacle_detection.f1 -> c03 -> speed_ctrl.f10 -> c09 -> brake.f0 {
        Latency => 100ms .. 300ms;};
      panel_to_accel: end to end flow panel.f80 -> c11 -> panel_controller.f99 -> c13 -> speed_ctrl.f02 -> c08 -> acceleration.f0 {
        Latency => 40ms .. 50ms;};
    end integration_functional.Impl;
/cut
```

# Case study

- Analysis example
  - End-to-end latency analysis result from Open Source tool OSATE

integration\_integration\_variation2\_Impl\_Instance\_latency\_AS-MF-DL-EQ.xls [Compatibility Mode] - Excel

Adnan Bouakaz

| Latency analysis for end-to-end flow 'root_function.panel_to_accel' of system 'integration_variation2.impl' with preference settings AS-MF-DL-EQ |                                                                                                                                |                     |                   |          |                     |                   |                                                                |
|--------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------|---------------------|-------------------|----------|---------------------|-------------------|----------------------------------------------------------------|
| Contributor                                                                                                                                      | Min Specified                                                                                                                  | Min Value           | Min Method        | Max Spec | Max Value           | Max Method        | Comments                                                       |
| device root_function.panel                                                                                                                       |                                                                                                                                | 0.0ms               | first sampling    |          | 0.0ms               | first sampling    | Initial 0.0ms sampling latency not added                       |
| device root_function.panel                                                                                                                       |                                                                                                                                | 0.0ms               | no latency        |          | 0.0ms               | no latency        |                                                                |
| (bus can1)                                                                                                                                       | 1.0ms                                                                                                                          | 1.0ms               | specified         | 1.0ms    | 1.0ms               | specified         | Using specified bus latency                                    |
| Connection                                                                                                                                       |                                                                                                                                | 1.0ms               | no latency        |          | 1.0ms               | no latency        | Adding latency subtotal from protocols and bus - shown with () |
| thread root_function.panel_controller.thr                                                                                                        |                                                                                                                                | 0.0ms               | sampling          |          | 0.0ms               | sampling          | Best case 0 ms worst case 0.0ms (period) sampling delay        |
| thread root_function.panel_controller.thr                                                                                                        |                                                                                                                                | 0.0ms               | queued            |          | 0.0ms               | queued            | Assume best case empty queue                                   |
| thread root_function.panel_controller.thr                                                                                                        |                                                                                                                                | 0.0ms               | no latency        |          | 0.0ms               | no latency        |                                                                |
| Connection                                                                                                                                       |                                                                                                                                | 0.0ms               | no latency        |          | 0.0ms               | no latency        |                                                                |
| thread root_function.speed_ctrl.accel_thr                                                                                                        |                                                                                                                                | 5.0ms               | sampling          |          | 5.0ms               | sampling          | Min: Round up to sampling period 5.0ms                         |
| thread root_function.speed_ctrl.accel_thr                                                                                                        |                                                                                                                                | 0.0ms               | no latency        |          | 5.0ms               | deadline          |                                                                |
| (bus can2)                                                                                                                                       | 1.0ms                                                                                                                          | 10.001ms            | transmission time | 1.0ms    | 30.01ms             | transmission time | Using data transfer time                                       |
| Connection                                                                                                                                       |                                                                                                                                | 10.001ms            | no latency        |          | 30.01ms             | no latency        | Adding latency subtotal from protocols and bus - shown with () |
| device root_function.acceleration                                                                                                                |                                                                                                                                | 0.0ms               | sampling          |          | 2.0ms               | sampling          | Best case 0 ms worst case 2.0ms (period) sampling delay        |
| device root_function.acceleration                                                                                                                |                                                                                                                                | 0.0ms               | no latency        |          | 2.0ms               | deadline          |                                                                |
| Latency Total                                                                                                                                    | 2.0ms                                                                                                                          | 16.00099999999998ms |                   | 2.0ms    | 45.01000000000005ms |                   |                                                                |
| End to End Latency                                                                                                                               |                                                                                                                                | 40.0ms              |                   |          | 50.0ms              |                   |                                                                |
| End to end Latency Summary                                                                                                                       |                                                                                                                                |                     |                   |          |                     |                   |                                                                |
| WARNING                                                                                                                                          | Minimum specified flow latency total 2,00ms less than expected minimum end to end latency 40,0ms (better response time)        |                     |                   |          |                     |                   |                                                                |
| WARNING                                                                                                                                          | Minimum actual latency total 16,0ms less than expected minimum end to end latency 40,0ms (faster actual minimum response time) |                     |                   |          |                     |                   |                                                                |
| SUCCESS                                                                                                                                          | Maximum actual latency total 45,0ms is less or equal to expected maximum end to end latency 50,0ms                             |                     |                   |          |                     |                   |                                                                |
| WARNING                                                                                                                                          | Jitter of actual latency total 16,0..45,0ms exceeds expected end to end latency jitter 40,0..50,0ms                            |                     |                   |          |                     |                   |                                                                |

# Integration with Adventium for AADL Analysis

- Invoke Adventium backend tools directly from SCADE Architect to run AADL analysis such as generating and analyzing ARINC 653 scheduling
- Integrated with Architect checker to report timing error

```
Output
Schedule results parsed! UUID: _VVAHES4gEemq2tNDqw3LTg
Partition vspart31 schedule:
  start: 35000us duration: 6000us
Partition vspart20 schedule:
  start: 28000us duration: 2000us
  start: 98000us duration: 2000us
  start: 148000us duration: 2000us
  start: 178000us duration: 2000us
Partition vspart16 schedule:
  start: 34000us duration: 1000us
  start: 156000us duration: 1000us
Partition vspart29 schedule:
  start: 3000us duration: 4000us
  start: 32000us duration: 1000us
  start: 53000us duration: 2000us
  start: 97000us duration: 1000us
  start: 103000us duration: 3000us
  start: 147000us duration: 1000us
  start: 153000us duration: 2000us
  start: 182000us duration: 1000us
Partition vspart22 schedule:
  start: 33000us duration: 1000us
  start: 155000us duration: 1000us
```



# SCADE solution for AADL: Workflow to DO-178C certified code



# Synchronization ANSYS SCADE AADL – ANSYS SCADE Suite



## 1) Define synchronization settings



## 2) Select model objects to synchronize





# Synchronization ANSYS SCADE AADL – ANSYS SCADE Suite



- **Bi-directional synchronization**
  - AADL threads, devices and subprograms with SCADE Suite operators
  - AADL data with SCADE Suite datatypes
- **Behavior implementation in SCADE Suite**
  - Simulation, certified C/Ada code generation,
  - Test procedures and model coverage with SCADE Test





# AADL - FACE models synchronization

- New AADL “FACE Annex”
- SCADE Architect AADL – FACE models synchronization



# AADL - FACE models synchronization

- Implements the AADL “FACE annex”
  - AADL thread group  $\leftarrow \rightarrow$  FACE UoP
- Bottom-up way
  - Allows for AADL systems analysis from existing FACE components
- Top-down way
  - Allows for FACE data model initialization from AADL software architecture specification



# ANSYS SCADE solution for AADL - CONCLUSION

- **Full compatibility with AADL v2.2 standard**
  - Allows for legacy models import
  - Allows for export to third party analyzers
- **Easy to use**
  - Nice graphical interface & diagrams;
  - AADL expressiveness simplified
- **Large ecosystem**
  - Modeling SysML, AADL and FACE in the same IDE
  - Import/Export tables with Excel; Model API for scripting
  - Traceability to requirements management tools
  - Synchronization with SCADE Suite for SW component development, V&V, DO-178C certification

# ANSYS SCADE solution for AADL - distribution

- Product packaging
  - Included in SCADE product installation.
  - Latest release: “SCADE 2019R3”
  - License “SCADE Avionics Package” and “SCADE AADL modeler”
- Sales manager: [brian.rachele@ansys.com](mailto:brian.rachele@ansys.com)



Thank you

