SCADE tools - PowerPoint PPT Presentation

1 / 73
About This Presentation
Title:

SCADE tools

Description:

SCADE System SCADE Suite SCADE Display SCADE development modules Model Based Development With SCADE Tools SCADE SYSTEM SCADE Suite SCADE Suite Integrated Data Flow ... – PowerPoint PPT presentation

Number of Views:949
Avg rating:3.0/5.0
Slides: 74
Provided by: Mauric67
Category:

less

Transcript and Presenter's Notes

Title: SCADE tools


1
SCADE tools
  • SCADE System
  • SCADE Suite
  • SCADE Display
  • SCADE development modules

2
Model Based Development With SCADE Tools
3
SCADE SYSTEM
  • a system architecture design and modeling tool
    that allows system engineers to model the design
    of system components and structure using SysML
    block diagrams.
  • allows to extract parts of the main system model
    and exchange these subsystem software models with
    development teams.
  • Software teams can then work on the subsystem
    software design with SCADE Suite.
  • Comparison of system model versions is
    facilitated when the subsystem software model is
    reintegrated into the main system model
  • SCADE LifeCycle Reporter allows systems engineers
    to automatically generate up-to-date
    documentation at any point in the development
    cycle.

4
SCADE Suite
  • With native integration of the Scade language and
    its unified formal notation, SCADE Suite is the
    unique integrated design environment for critical
    applications spanning
  • requirements management,
  • model-based design,
  • simulation,
  • verification,
  • qualifiable/certified code generation,
  • and interoperability with other development tools
    and platforms

5
SCADE SuiteIntegrated Data Flow and SSM editors
6
SCADE SuiteSimulator
7
SCADE Display
  • SCADE Display is a flexible graphics design and
    code generation tool suite for the development of
    safety-critical embedded display systems.
  • native support of the OpenGL SC standard, SCADE
    Display is the new generation display framework,
    spanning
  • prototyping,
  • display design,
  • simulation,
  • verification validation,
  • DO-178B certified code generation for level A
    software and
  • smooth integration with other applications.
  • tightly coupled with SCADE Suite enabling
    unprecedented visibility from the deployed
    application to the end-user displays.

8
SCADE Suite DISPLAY for SW development
9
SW design Process with SCADE Suite Display
10
SW Coding Process with SCADE Suite Display
11
SCADE SCOPE
12
SCADE code integration
13
Typical SW architecturefor graphics
14
Timing Verifier integration in SCADE Suite
15
RT Vizu of SW Spec
16
ACG Certification
17
Typical SW life-Cyclewithin D0178 context
18
Abbreviations
SNCC systĆØme numĆ©rique de contrĆ´le commande
DCS Digital Control System? SIFSafety
Instrument Function OSHAOccupational Safety
Health Administration EPAEnvironmental
Protection Agency ISA Instrumentation Systems
and Automation Society IEC International
Electrotechnical Commission TMR Triplicated
Modular Redundant PLC programmable logic
Controller FMECAFailure Mode, Effects, and
Criticality Analysis AMDECAnalyse des Modes de
DƩfaillance, Effets et CriticitƩ
19
SCADE at Airbus
  • contents

20
System Modelling Verification(SCADE Airbus)
21
SW Coding Testing(SCADE Airbus)
22
A350 XWB Large interchangeable displays
23
Simulator Architecture(Ansaldo)
24
SCADE at Thales
  • contents

25
Projects using SCADEThales
  • THALES is leader in Cockpit Interactive Solutions
  • AIRBUS A380 Cockpit Project developped by THALES

26
Projects using SCADEThales
27
Projects using SCADEThales
28
Why SCADE(Thales)
  • text

29
SCADE at AREVA
  • contents

30
AREVA Organisation
31
Why SCADE(Areva)
  • Adapted to our deployed development process
  • SCADE formalism (node and data flow) is
    equivalent to the
  • Structured Analysis SA-RT/SD method used at AREVA
    TA (Structured Analysis, Structured Design)
  • Understood by both system and software engineers
  • Improvement of mutual comprehension is required
    by the IEC606802006 standard
  • Supporting our generic design policy
  • SCADE cycle-based language is well adapted to the
    way embedded safety-critical software are
    designed at AREVA TA
  • Easier to reach SIL4 than with the former classic
    development method
  • SCADE simulator early detection of errors in
    specification
  • SCADE KCG no unit testing at code level
  • Less expensive deployment than other formal
    methods
  • Only one week to design with the principal SCADE
    functions
  • Improved software validation
  • Formal proof techniques are enabled

32
SCADE integration in dev Process(AREVA)
  • SIL4 developments (and some SIL0)
  • SCADE modelling of system specification
  • Definition of Interface functions and data flow
    between functions
  • Traceability links between requirement
    specification and functions, using SCADE RM
    Gateway
  • Functions allocation to subsystems
  • Software SCADE Design
  • Software architecture design inherit from system
    model
  • Refinement of requirement allocated to functions,
  • Design of each function
  • SCADE 6 SSM and map/fold
  • Restricted uses of imported node (efficiency or
    SCADE limits, reuse legacy code)
  • VV
  • Check of modelling rules
  • Check of requirements
  • Node and function testing (Uses of SCADE
    Simulator and SCADE MTC),
  • Integration and validation testing (on host
    machine prior to on-target)
  • System integration and validation testing (on
    host machine prior to final equipment)
  • Version control distributed SCADE model
    development.

33
System Modelling with SCADE (AREVA)
  • Requirements modelling
  • Physical and safety allocation of requirements
  • Interfaces of each subsystem with its environment
  • Traceability with functional specification (RM
    Gateway)

34
SW Design with SCADE (AREVA)
  • Refine the subsystems models (node and data flow)
    into full software architecture
  • In the EN50128 process Software Requirement and
    architecture specification (generated with the
    reporter function)
  • Refine design to terminal node (full SCADE or
    imported)
  • In the EN50128 process Software and module
    design
  • Use of KCG for code generation
  • In the EN50128 process Code
  • Non SIL4 designer tests with simulator
  • Good AREVA TA practice to improve model quality
    before VV

35
System SW Design Validation(AREVA)
  • The various VV activities are
  • Requirement-based tests specification
  • Tests scenarios Define inputs and the waited
    output for all requirement in document and in
    tests files,
  • Automatic launch of validation tests
  • Compute the test, play the test and verify the
    outputs against the expected result
  • Automatic tests reporter with AREVA TA tools
  • Analysis of the test coverage score with SCADE MTC

36
System SW Design Validation(AREVA)
  • Different simulations can be chosen
  • SCADE graphic simulator
  • Well suited to verify node during the design
  • Cannot be used in an automatic test bench
  • Interface is poor to achieve system testing with
    massive number of I/Os
  • Command line mode
  • Same mode as the graphic one but with TCL
    language elements (functions and comments)
  • Harder to use than graphical mode
  • TCL script
  • Use of TCL instruction sequence to initialise
    input, verify waited values of outputs, increase
    cycle, flatten structure or array types,
  • Use TCL programming power loop, generic
    sub-functions,
  • TCL scenario script can be call by another
    script thus a launcher can sequence the
    scenarios.
  • All I/O transitions can be recorded
  • External simulator calling SCADE via a DLL
    interface
  • Equivalent to TCL script but harder to use
    (continuity, support, )
  • Test bench based on TCL scripts to check check
    all software component
  • For each component
  • Rebuild for each component a test program
  • Play scenario and compare outputs to expected
    values,
  • Generate a log file with principal script step
    information.
  • Generate a log file with the history of the I/O
    transitions.
  • For all the components
  • Compute an HTML report of validation with
  • A link to log files,
  • A validation success rate,
  • A global model test coverage score

37
Research Infrastructure(DLR)
38
Development Process(DLR)
  • Integrated development process for the entire
    research infrastructure
  • Stimulated byAutomatic launch of validation
    tests
  • Domain-Engineering(e.g. virt. institute DeSCAS)
  • Requirements Engineering (e.g. EU-Project CESAR)
  • Service oriented architectures (SOA)
  • Model-based development(e.g. SCADE)

39
Dominion Project(DLR)
40
SCADE at ASTRIUM
  • contents

41
Dev Life-Cycle(ASTRIUM)
42
Formal proofs on the ATV safety Software(ASTRIUM)
  • The LESAR tool is developed by the VERIMAG
    laboratory
  • Example of proven properties
  • Specification of the environment by regular
    expressions
  • cam_arm( on, arm, cam_cmd, tc, hltc ) prefix(
    -on, -arm, -cam_cmd, -tc, -hltc. on, -arm,
    -cam_cmd, -tc, -hltc.-on, -arm, -cam_cmd, -tc,
    hltc. )
  • Properties
  • A red button implies eventually a CAM
    triggering before 4 cycles
  • Real time property
  • The two MSU chains can not triggered both a CAM
    at the same time
  • Mutual exclusion property
  • the same results has now been reached with Prover)

43
SCADE at POSCON
  • contents

44
PSD System Diagram(POSDOM)
45
PSD System Diagram(POSDOM)
46
Development Process to Achieve SIL 3RAMS System
Life-Cycle
47
Development Process to Achieve SIL 3PSD RAMS H/W
Management
48
Development Process to Achieve SIL 3PSD RAMS S/W
Development(V Model method)
49
Development Process to Achieve SIL 3PSD RAMS
Project Output
50
SCADE at Liebherr
  • Contents
  • Connecting the neutral SCADE model with the
    global PLC data

51
SCADE for SIL2 systemsLiebherr
  • Connecting the neutral SCADE model with the
    global PLC data

52
PME1 control system(LiebHerr)
  • Central Intelligence
  • Distributed IOs
  • Real Time CAN Protocol
  • Single synchronous Application Task
  • Safety Level until SIL2
  • Massive reuse of software modules
  • text

53
PME1 link data flow(LiebHerr)
  • Interface
  • Config file with all variables of PLC system
  • Clear Separation of responsibilities between
    Liebherr and Esterel
  • Generates
  • New textual operator Integration Toplevel
  • Special C-Code with mappings
  • SCADE
  • liebherr

54
SCADE at Siemens
  • Contents

55
From SysML to SCADE SCADE system designer Siemens
  • SysML
  • Architecture
  • Different views
  • communications
  • deployment
  • use cases
  • SCADE
  • Design language
  • Embedded control
  • Simulation

56
Timing analysis and SCADESiemens
  • Timing analysis
  • WCET computation
  • Communication architecture do we meet our
    timing requirements?
  • What is the impact of different architecture
    alternatives regarding timing?
  • Deeper understanding of system performance
    characteristics

57
Model-based worst-case timing approachSiemens
  • Abstract model of resources, processes,
    scheduling policies and communication pathways

58
Elicitation of system behavior by modeling
Siemens

59
Model-based penetration into an existing target
system architecture Siemens
  • SCADE Components

60
SCADE at Invensys
  • Contents
  • (Railway-TDMS (Train Data Mngt System))

61
TDMS Architectural PrincipalsSimple Partitioning
Invensys
62
SCADE TDMS Development TDMS Partitioning -
Partitions Invensys
  • Standard interface
  • Communicate via Ports
  • Partition mode
  • Application Partitions
  • System Partitions
  • Similar to ARINC 653
  • Fault Handling
  • Dual Redundant for availability
  • Adapt by Adding/Removing Features/Partitions
  • Requires agility

63
SCADE TDMS DevelopmentProject Process Evolved
Agile Feature Driven Approach
64
SCADE at KEPCO
  • Contents
  • SCADE for ISODE ( Integrated SW Dev Env) for NP
    Systems

65
ISODE Overview KEPCO
66
ISODE Overview KEPCO
67
Validation and Verification Process TEPCO
  • Design Verifier
  • A property is implemented in a SCADE node called
    an Observer.
  • As inputs, it receives the values the property
    focuses on.
  • It has one output, which is true if and only if
    the property is true

68
Automatic Documentation Generation TEPCO
69
Target Importing Process TEPCO
70
Target Importing Process TEPCO
71
PPS Application-Bistable Module TEPCO
72
PPS Application-Coincidence Module TEPCO
73
title
Write a Comment
User Comments (0)
About PowerShow.com