【OSATE学习笔记】AADL 样例 ARP4761 介绍

最新推荐文章于 2024-05-16 02:54:54 发布
最新推荐文章于 2024-05-16 02:54:54 发布
阅读量2.1k 收藏 9
点赞数 5
分类专栏: aadl开发工具Osate 文章标签: aadl ARP4761 OSATE
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/qq_37400312/article/details/122311471
版权

ARP4761介绍

本示例再现了ARP4761和AIR6110标准中描述的车轮制动系统。它最初是由卡耐基梅隆大学(CMU)的软件工程研究所(SEI)设计的,旨在展示OSATE的以下能力:

  • Fault Hazard Assesment(故障危害评估)
  • Fault Impact (FMEA/FMES)(故障影响(FMEA/FMES))
  • Fault Tree Analysis(故障树分析)

案例研究的完整描述见 AADL Fault Modeling and Analysis Within an ARP4761 Safety Assessment (CMU/SEI-2014-TR-020)
TR是基于早期版本的OSATE。本自述文件基于OSATE 2.7.1。

样例下载

CSDN资源下载:https://download.csdn.net/download/qq_37400312/74918049

示例的组织

这个项目包含两个模型。TR大部分使用的是simple文件夹下的aadl文件 (wbs.aadl是核心模块),其他特性在advanced文件夹中进行了声明。

创建图表

请添加图片描述

  • 要生成如上图的图表,在AADL Navigator视图中,右键单击wbs.aadl,然后选择Create Diagram…。
    在这里插入图片描述

  • 在图表中,选择全部的组件,右键Show Contents,选择All
    在这里插入图片描述

  • 然后在空白处右键,选中Layout,选中Layout Diagram
    在这里插入图片描述

  • 图表生成
    在这里插入图片描述

simple下部分aadl介绍

公共组件:common.aadl

  • common是一个公共组件,只是单纯的创建了一个车辆应该有的基本组件
  • 知识点:
    • bus总线的创建
    • bus总线的实现
    • data命令数据的创建
    • data命令数据的多种实现
package common
public

	-- 电源总线
	bus power
	end power;

	-- 电源总线开启的实现
	bus implementation power.generic
	end power.generic;

	-- 脉冲宽度调制总线
	bus pwm
	end pwm;

	-- 脉冲宽度调制总线开启的实现
	bus implementation pwm.generic
	end pwm.generic;

	-- 命令数据
	data command
	end command;

	-- 刹车命令数据的实现
	data implementation command.brake
	end command.brake;

	-- 打滑命令数据的实现
	data implementation command.skid
	end command.skid;

	-- 操纵杆命令数据的实现
	data implementation command.pedal
	end command.pedal;

	-- 宣布命令数据的实现
	data implementation command.announce
	end command.announce;


	-- 压力总线代表其他设备/泵 发送/接收 的压力
	bus pressure
	end pressure;
	
	-- 压力总线的实现
	bus implementation pressure.i
	end pressure.i;

end common;

踏板的短部件:pedals.aadl

  • 这是踏板的短部件,使用了上面的common包和公用的EMV2、ARP4761包
  • 知识点:
    • 项目内包的调用
    • 公共包的调用
    • system系统的创建
    • 对组件特征features进行描述
    • 输出数据端口out data port的使用
    • 软件包的调用
    • 对特征赋予其他软件包内组件的特征
    • 附录EMV2的使用
    • flow流的使用
    • properties属性的使用
    • 对组件转移transitions进行描述
package pedals

public

	-- 这个包调用了项目自己写的common包和公用的EMV2、ARP4761包
	with common;
	with EMV2;
	with ARP4761;

	--
	--  这是踏板的短部件
	-- 
	system pedals
		-- 有两个特征,signal1和signal2
		-- 都是输出端口,而且具有common包内命令数据command的实现pedal
		features
			signal1: out data port common::command.pedal;
			signal2: out data port common::command.pedal;
		-- 具有一个附录,这个附录具有EMV2的特性
		annex EMV2 {**
			-- 使用error_library库内的type
			use types error_library;
			-- 使用error_library库内simple组件的特性
			-- (simple组包含Operational和InternalFault两个状态)
			use behavior error_library::simple;
			
			-- 创建error propagations特性
			-- 具有两个NoService类型的输出signal1、signal2
			-- 具有两个流特征f1、f2,流数据来源于signal1、signal1
			error propagations
				signal1: out propagation {NoService};
				signal2: out propagation {NoService};
				flows
					f1: error source signal1 {NoService};
					f2: error source signal2 {NoService};
			end propagations;
			
			-- 创建component error behavior特性
			-- 具有一个叫InternalFault的error event,无初始值
			-- 具有一个叫nosignal的transition,赋值为InternalFault和simple组包含Operational两个状态的计算结果
			-- 具有两个叫p1、p2的propagation,并根据signal进行赋值
			component error behavior
				events
					InternalFault: error event;
				transitions
					nosignal: Operational -[InternalFault]-> Failed;
				propagations
					p1: Failed -[]-> signal1 {NoService};
					p2: Failed -[]-> signal2 {NoService};
			end component;
			
			-- 创建属性值
			-- 获取ARP4761包内的records列表hazards,并对列表内部分record进行赋值
			-- 获取EMV2内的records列表OccurrenceDistribution,并对部分record进行赋值
			properties
				ARP4761::hazards => ([
						crossreference => "TBD";
						failure => "No signal for the pedals so that the BSCU cannot produce any results for the brakes.";
						phases => ("TBD");
						description => "No signal from the pedals";
						FailureConditionClassification => Hazardous;
						QualitativeProbabilityObjective => ExtremelyRemote;
						comment => "Would be critical if both power supplies are lost";
					]) applies to signal1.NoService, signal2.NoService;
			
				EMV2::OccurrenceDistribution => [ProbabilityValue => 3.4e-5; Distribution => Fixed;] applies to Failed;
		**};
	end pedals;

	-- 对pedals进行实现的功能generic
	system implementation pedals.generic
	end pedals.generic;

end pedals;

通告设备:communication.aadl

  • 这个包包含一个通告设备和他的实现,当出现通信错误,并失去系统中的通知功能时,及时提醒
  • 这个功能可能会因为一个更复杂的错误而失效,但足以满足我们目前的需求,并且显示了传播到主系统的错误源
  • 知识点:
    • device设备的创建
    • device设备的实现
package communication

public
	-- 这个包调用了项目自己写的common包和公用的EMV2、ARP4761包
	with common;
	with EMV2;
	with ARP4761;

	--
	-- 这是一个通告设备,当出现通信错误,并失去系统中的通知功能时,及时提醒
	-- 这个功能可能会因为一个更复杂的错误而失效,但足以满足我们目前的需求,并且显示了传播到主系统的错误源
	-- 想知道更多错误引入FTA的信息可以参考ARP4761文档第199页,图L3
	-- 
	device annunciation
		-- 具有一个特征,输出数据端口,来抽象表示系统内的通信
		features
			information: out data port common::command.announce;
		-- 具有一个附录,这个附录具有EMV2的特性
		annex EMV2 {**
			-- 使用error_library库内的type
			use types error_library;
			-- 使用error_library库内simple组件的特性
			-- (simple组包含Operational和InternalFault两个状态)
			use behavior error_library::simple;
			
			-- 创建error propagations特性
			-- 具有一个NoService类型的输出information
			-- 具有一个流特征f1,流数据来源于information
			error propagations
				information: out propagation {NoService};
				flows
					f1: error source information {NoService};
			end propagations;
			
			-- 创建component error behavior特性
			-- 具有一个叫LossAnnunciation的error event,无初始值
			-- 具有一个叫t1的transition,赋值为LossAnnunciation和simple组包含Operational两个状态的计算结果
			-- 具有两个叫p1、p2的propagation,并根据information进行赋值
			component error behavior
				events
					LossAnnunciation: error event;
				transitions
					t1: Operational -[LossAnnunciation]-> Failed;
				propagations
					p1: Failed -[]-> information {NoService};
			end component;
			
			-- 创建属性值
			-- 获取EMV2内的records列表OccurrenceDistribution,并对部分record进行赋值
			-- 获取ARP4761包内的records列表hazards,并对列表内部分record进行赋值
			properties
				EMV2::OccurrenceDistribution => [ProbabilityValue => 1.00; Distribution => Fixed;] applies to LossAnnunciation;
				ARP4761::hazards => (
						[crossreference => "AIR6110 and ARP4761 - see ARP4761 figure 3 page 199";
						failure => "Loss of Annunciation";
						phases => ("all");
						description => "The system cannot annunce an error";
						FailureConditionClassification => Catastrophic;
						QualitativeProbabilityObjective => ExtremelyImprobable;
						comment => "";
					]) applies to LossAnnunciation;
		**};
	end annunciation;
	-- 对annunciation进行实现的功能i
	device implementation annunciation.i
	end annunciation.i;

end communication;

车轮系统:wheel.aadl

  • 知识点:
    • 多个system的创建
    • 多个system的实现
package wheel

public

	with common;

	-- 创建一个车轮系统
	system wheel
	end wheel;

 	--
 	-- 这是只有一个输入的轮子的例子。
 	-- 不代表这两个通道,而是把这两个通道抽象成一个单独的通道。
 	--
	system wheel_one_input extends wheel
		-- 有一个特征,input
		-- input是需求总线访问,具有common包内总线pressure的实现i
		features
			input: requires bus access common::pressure.i;
		-- 具有一个附录,这个附录具有EMV2的特性
		annex EMV2 {**
			-- 使用error_library库内的type
			use types error_library;
			-- 使用error_library库内simple组件的特性
			-- (simple组包含Operational和InternalFault两个状态)
			use behavior error_library::simple;
			
			-- 创建error propagations特性
			-- 具有一个NoService类型的输出input
			error propagations
				input: in propagation {NoService};
			end propagations;
			
			-- 创建component error behavior特性
			-- 具有一个叫t1的transition,赋值为input和simple组包含Operational两个状态的计算结果
			component error behavior
				transitions
					t1: Operational -[input {NoService}]-> Failed;
			end component;
		**};
	end wheel_one_input;

	-- 对wheel_one_input进行实现的功能i
	system implementation wheel_one_input.i
	end wheel_one_input.i;

 	--
 	-- 这是一个带有两个输入的车轮示例,每个通道是一个输入。
	-- 另一个system将两个泵抽象成一个总线。
	-- 该system明确表示了两个通道。
 	--
	system wheel_two_inputs extends wheel_one_input
		-- 有两个特征,green_input和blue_input
		-- 都是需求总线访问,具有common包内总线pressure的实现i
		features
			green_input: requires bus access common::pressure.i;
			blue_input: requires bus access common::pressure.i;
		-- 具有一个附录,这个附录具有EMV2的特性
		annex EMV2 {**
			-- 使用error_library库内的type
			use types error_library;
			-- 使用error_library库内simple组件的特性
			-- (simple组包含Operational和InternalFault两个状态)
			use behavior error_library::simple;
			
			-- 创建error propagations特性
			-- 具有两个NoService类型的输出green_input、blue_input
			error propagations
				green_input: in propagation {NoService};
				blue_input: in propagation {NoService};
			end propagations;
			
			
			-- 创建component error behavior特性
			-- 具有t1、t2两个transition,赋值为green_input、blue_input分别和simple组包含Operational状态的计算结果
			component error behavior
				transitions
					t1: Operational -[green_input {NoService}]-> Failed;
					t2: Operational -[blue_input {NoService}]-> Failed;
			end component;
		**};
	end wheel_two_inputs;

	-- 对wheel_two_inputs进行实现的功能i
	system implementation wheel_two_inputs.i
	end wheel_two_inputs.i;

end wheel;

平台模块:simple -> platform.aadl

  • 通用中央处理器的创建和多种架构的实现
  • 知识点:
    • 虚拟进程的创建
    • 虚拟进程的实现
    • 进程的创建
    • 进程的多种实现
    • 系统实现的子组件描述
package platform
public
	with EMV2;
	with ARP4761;

	--
	-- 将故障与分区层相关联,分区层是与管理/处理分区本身相关联的运行时。
	--
	virtual processor partition
		-- 使用附录特性描述该虚拟进程
		annex EMV2 {**
			use types error_library;
			use behavior error_library::simple;
			
			error propagations
				bindings: out propagation {SoftwareFailure, HardwareFailure};
				processor: in propagation {HardwareFailure};
				flows
					fsoft: error source bindings {SoftwareFailure};
					fhard: error path processor {HardwareFailure} -> bindings;
			end propagations;
			
			component error behavior
				events
					SoftwareFailure: error event;
				transitions
					Operational -[SoftwareFailure]-> Failed;
				propagations
					normal: Operational -[]-> bindings {NoError};
					p2: Failed -[]-> bindings {SoftwareFailure};
			end component;
			
			properties
				EMV2::severity => ARP4761::Major applies to SoftwareFailure;
				EMV2::likelihood => ARP4761::Probable applies to SoftwareFailure;
				ARP4761::hazards => ([crossreference => "TBD";
						failure => "";
						phases => ("all");
						description => "Software failure from the platform (OS exception, etc.)";
						FailureConditionClassification => Major;
						QualitativeProbabilityObjective => Probable;
						comment => "Impact all components that are controlled by this software";
					]) applies to SoftwareFailure;
				EMV2::OccurrenceDistribution => [ProbabilityValue => 1.35e-5; Distribution => Poisson;] applies to SoftwareFailure; --		EMV2::OccurrenceDistribution => [ ProbabilityValue => 6.75e-5 ; Distribution => Fixed;] applies to SoftwareFailure;
		**};
	end partition;

	-- generic实现虚拟进程
	virtual processor implementation partition.generic
	end partition.generic;

	--
	-- 这是通用的中央处理器。
	-- 在该模型中,这用于捕获处理器的物理部分。
	-- 然后,对于每个实现(federated and IMA),我们定义了适当的软件故障。
	--
	processor cpu
		-- 使用附录特性描述cpu进程
		annex EMV2 {**
			use types error_library;
			use behavior error_library::simple;
			
			--
			--  所有处理器的硬件故障将自动添加。
			--	
			error propagations
				bindings: out propagation {HardwareFailure};
				flows
					f1: error source bindings {HardwareFailure};
			end propagations;
			
			component error behavior
				events
					InternalFailure: error event;
				transitions
					Operational -[InternalFailure]-> Failed;
				propagations
					normal: Operational -[]-> bindings {NoError};
					pfail: Failed -[]-> bindings {HardwareFailure};
			end component;
			
			properties
				ARP4761::hazards => ([crossreference => "TBD";
						failure => "";
						phases => ("all");
						description => "Hardware Failure (processor, device, etc.)";
						FailureConditionClassification => Major;
						QualitativeProbabilityObjective => Probable;
						comment => "Impact all software components associated to the hardware";
					]) applies to InternalFailure;
				EMV2::OccurrenceDistribution => [ProbabilityValue => 1.35e-5; Distribution => Poisson;] applies to InternalFailure;
				EMV2::OccurrenceDistribution => [ProbabilityValue => 6.75e-5; Distribution => Fixed;] applies to f1;
		**};
	end cpu;

	--
	-- cpu的ima实现方法
	--
	processor implementation cpu.ima
		-- 进程实现方法内包含一个子组件
		-- 子组件内创建了四个虚拟进程partition.generic的实现
		subcomponents
			partition1: virtual processor partition.generic;
			partition2: virtual processor partition.generic;
			partition3: virtual processor partition.generic;
			partition4: virtual processor partition.generic;
	end cpu.ima;

	--
	-- 单一处理器用于联合架构实现方法
	--
	processor implementation cpu.single
		annex EMV2 {**
			use types error_library;
			use behavior error_library::simple;
			
			error propagations
				processor: out propagation {SoftwareFailure};
				flows
					fsoft: error source processor {SoftwareFailure};
			end propagations;
			
			component error behavior
				events
					SoftwareFailure: error event;
				transitions
					Operational -[SoftwareFailure]-> Failed;
				propagations
					normal: Operational -[]-> processor {NoError};
					psoft: Failed -[]-> processor {SoftwareFailure};
			end component;
			
			properties
				ARP4761::hazards => ([crossreference => "TBD";
						failure => "";
						phases => ("all");
						description => "Software failure from the platform (OS exception, etc.)";
						FailureConditionClassification => Major;
						QualitativeProbabilityObjective => Probable;
						comment => "Impact all components that are controlled by this software";
					]) applies to SoftwareFailure;
				EMV2::OccurrenceDistribution => [ProbabilityValue => 1.35e-5; Distribution => Poisson;] applies to SoftwareFailure; --		EMV2::OccurrenceDistribution => [ ProbabilityValue => 6.75e-5 ; Distribution => Fixed;] applies to SoftwareFailure;
		**};
	end cpu.single;

	-- 创建platform系统
	system platform
	end platform;

	--
	--  IMA平台架构实现
	--
	system implementation platform.ima
		-- 系统实现内包含一个子组件
		-- 子组件内创建了cpu的ima实现方法
		subcomponents
			cpu: processor cpu.ima;
	end platform.ima;

	--
	--  联合平台架构实现
	--
	system implementation platform.federated
		-- 系统实现内包含一个子组件
		-- 子组件内创建了两个cpu的single实现方法
		subcomponents
			cpu1: processor cpu.single;
			cpu2: processor cpu.single;
	end platform.federated;

end platform;

BSCU系统:simple -> bscu.aadl

  • 这是BSCU系统的实现, BSCU包含两个子系统。
  • 每个BSCU子系统都有以下接口:
    • 电源
    • 踏板
  • 每个BSCU子系统都有以下子组件:
    • 从踏板值产生数据的命令功能。
    • 指示值是否有效的监视功能。
  • 主BSCU接收数据和电力,并将其转发给每个子系统。
  • 此外,BSCU包含一个选择备用输出数据
  • 该数据指示我们应该使用第一个子系统(Select_Alternate == false)还是使用第二个(备用)子系统(Select_Alternate == true)。
  • 指挥系统是每个bscu子系统的一部分。
  • 它从制动踏板值产生数据。
  • 此组件是错误端的错误接收器,可能会因电源相关错误和维修相关错误(无踏板)而失败。
  • 知识点:
    • port特性的使用
    • system实现的继承
package bscu
public

	with common;
	with platform;
	with Base_Types;
	with error_library;
	with EMV2;
	with ARP4761;

	--
	-- 这是BSCU系统的实现
	-- BSCU包含两个子系统。
	-- 每个BSCU子系统都有以下接口:
    --     1.电源
	--     2.踏板
	-- 然后,每个BSCU子系统都有以下子组件:
    --     1.从踏板值产生数据的命令功能。
    --     2.指示值是否有效的监视功能。
	-- 主BSCU接收数据和电力,并将其转发给每个子系统。
	-- 此外,BSCU包含一个选择备用输出数据
    -- 该数据指示我们应该使用第一个子系统(Select_Alternate == false)还是使用第二个(备用)子系统(Select_Alternate == true)。
	-- 指挥系统是每个bscu子系统的一部分。
	-- 它从制动踏板值产生数据。
	-- 此组件是错误端的错误接收器,可能会因电源相关错误和维修相关错误(无踏板)而失败。
	-- 
	process command 
		-- 该进程具有两个输出特性brake、skid和一个输入特性pedalvalue
		-- 进程内的特性都从common包内的command的各种实现进行赋值
		features
			brake: out data port common::command.brake;
			skid: out data port common::command.skid;
			pedalvalue: in data port common::command.pedal;
	end command;

 	-- 对command进程创建实现发方法
	process implementation command.i
		annex EMV2 {**
			use types error_library;
			use behavior error_library::simple;
			
			error propagations
				pedalvalue: in propagation {NoService};
				brake: out propagation {NoValue};
				skid: out propagation {NoValue};
				processor: in propagation {SoftwareFailure, HardwareFailure};
				flows
					nopedal: error sink pedalvalue {NoService};
					noskid: error source skid {NoValue};
					nobrake: error source brake {NoValue};
					platformerr: error sink processor {SoftwareFailure, HardwareFailure};
			end propagations;
			
			component error behavior
				transitions
					terrfrompedal: Operational -[pedalvalue {NoService}]-> Failed;
					terrfromplatformsoft: Operational -[processor {SoftwareFailure}]-> Failed;
					terrfromplatformhard: Operational -[processor {HardwareFailure}]-> Failed;
				propagations
					--  Here, we can imply that the NoService error from pedalvalue
					--  is transformed into a NoValue on brake and skid features.
					--  So, basically, this should be shown in the FMEA/FaultImpact
					--  report. So, the report should show the error flows
					--  pedals/NoService -> commands/brake/skid/NoValue -> monitor/NoValue -> selector/NoValue 
					p1: Failed -[]-> brake {NoValue};
					p2: Failed -[]-> skid {NoValue};
			end component;
		**};
	end command.i;

 	-- 
	-- 监视器组件接收来自命令系统的值(brake和skid值),并检查系统是否有效。
	-- 我们每个BSCU都有一台显示器。
	-- 如果没有power,monitor可能会出现故障。
	--
	process monitor
		features
			brake: in data port common::command.brake;
			skid: in data port common::command.skid;
			valid: out data port Base_Types::Boolean;
	end monitor;

	-- 对monitor进程创建实现发方法
	process implementation monitor.i
		annex EMV2 {**
			use types error_library;
			use behavior error_library::simple;
			
			error propagations
				processor: in propagation {SoftwareFailure, HardwareFailure};
				brake: in propagation {NoValue};
				skid: in propagation {NoValue};
				valid: out propagation {NoValue};
				flows
					fsoft: error sink processor {SoftwareFailure, HardwareFailure};
					val: error source valid {NoValue};
					bsink: error sink brake {NoValue};
					ssink: error sink skid {NoValue};
			end propagations;
			
			component error behavior
				events
					InvalidReport: error event;
				transitions
					terrinvalidreport: Operational -[InvalidReport]-> Failed;
					noskid: Operational -[skid {NoValue}]-> Failed;
					nobrake: Operational -[brake {NoValue}]-> Failed;
					terrfromplatformsoft: Operational -[processor {SoftwareFailure}]-> Failed;
					terrfromplatformhard: Operational -[processor {HardwareFailure}]-> Failed;
				propagations
					p1: Failed -[]-> valid {NoValue};
			end component;
			
			properties
				ARP4761::hazards => ([crossreference => "TBD";
						failure => "Invalid Report from BSCU Monitor";
						phases => ("TBD");
						description => "Report from a Monitor that causes an invalid switch to the alternate mode";
						FailureConditionClassification => Minor;
						QualitativeProbabilityObjective => Probable;
						comment => "Minor Hazard";
					]) applies to InvalidReport;
		**};
	end monitor.i;

	-- 创建系统bscu_subsystem
	system bscu_subsystem
		features
			pwr: requires bus access common::power.generic;
			pedal: in data port common::command.pedal;
			cmd_skid: out data port common::command.skid;
			cmd_brk: out data port common::command.brake;
			valid: out data port Base_Types::Boolean;
	end bscu_subsystem;

	-- 队系统bscu_subsystem创建实现方法generic
	system implementation bscu_subsystem.generic
		-- 创建子组件
		subcomponents
			mon: process monitor.i;
			cmd: process command.i;
		-- 创建6个端口,用于对数据赋值
		connections
			pedaltocmd: port pedal -> cmd.pedalvalue;
			brakecmd: port cmd.brake -> mon.brake;
			brakecmd_ext: port cmd.brake -> cmd_brk;
			skidcmd_ext: port cmd.skid -> cmd_skid;
			skidcmd: port cmd.skid -> mon.skid;
			isvalid: port mon.valid -> valid;
		annex EMV2 {**
			use types error_library;
			use behavior error_library::simple;
			
			error propagations
				pwr: in propagation {NoPower};
				valid: out propagation {NoValue};
				flows
					nopwr: error path pwr {NoPower} -> valid {NoValue};
			end propagations;
			
			component error behavior
				transitions
					t1: Operational -[pwr {NoPower}]-> Failed;
				propagations
					p1: Failed -[]-> valid {NoValue};
			end component;
			
			composite error behavior
				states
					[mon.failed or cmd.failed]-> Failed;
					[mon.operational and cmd.operational]-> Operational;
			end composite;
			
			properties
				ARP4761::hazards => ([crossreference => "ARP4761 figure L4 page 215";
						failure => "Failure of the BSCU, either from the monitor, the command or both";
						phases => ("all");
						description => "Failure of a BSCU";
						FailureConditionClassification => Major;
						QualitativeProbabilityObjective => Probable;
						comment => "Would be critical if two subsystem (primary and redundant) are deffective";
					]) applies to Failed;
				EMV2::OccurrenceDistribution => [ProbabilityValue => 3.3e-5; Distribution => Fixed;] applies to Failed;
		**};
	end bscu_subsystem.generic;

	-- 
	-- 该system是一个二进制运算符,它根据两个输入产生一个输出。
	-- 如果第一个输入为真,则结果为假。否则,结果是真的。
	--
	system select_alternate
		features
			input1: in data port Base_Types::Boolean;
			input2: in data port Base_Types::Boolean;
			result: out data port Base_Types::Boolean;
		annex EMV2 {**
			use types error_library;
			use behavior error_library::simple;
			
			error propagations
				input1: in propagation {NoValue};
				input2: in propagation {NoValue};
				result: out propagation {NoValue};
				flows
					f1: error source result {NoValue};
					f2: error sink input1 {NoValue};
					f3: error sink input2 {NoValue};
			end propagations;
			
			--
			-- 我们认为组件可能具有不一致的行为,并在没有原因的情况下选择替代源。
			-- 我们用一个名为InternalError的事件捕捉到了这一点。
			--	
			component error behavior
				events
					InternalError: error event;
				transitions
					t1: Operational -[InternalError]-> Failed;
					-- 如果我们没有来自每个监视器的任何值,我们将无法再发送有效数据。
					t2: Operational -[input1 {NoValue} and input2 {NoValue}]-> Failed;
				propagations
					p1: Failed -[]-> result {NoValue};
			end component;
			
			properties
				EMV2::OccurrenceDistribution => [ProbabilityValue => 3.6e-6; Distribution => Poisson;] applies to InternalError;
			
				EMV2::severity => ARP4761::Hazardous applies to InternalError;
				EMV2::likelihood => ARP4761::ExtremelyImprobable applies to InternalError;
				ARP4761::hazards => ([crossreference => "ARP4761 figure L4 page 215";
						failure => "";
						phases => ("all");
						description => "BSCU validity monitor incorrectly report a Failure causing switch to alternate";
						FailureConditionClassification => Hazardous;
						QualitativeProbabilityObjective => ExtremelyImprobable;
						comment => "";
					]) applies to InternalError;
		**};
	end select_alternate;

	-- 创建bscu系统
	system bscu
		features
			pwr1: requires bus access common::power.generic;
			pwr2: requires bus access common::power.generic;
			pedal1: in data port common::command.pedal;
			pedal2: in data port common::command.pedal;
			Select_Alternate: out data port Base_Types::Boolean;
			cmd_nor: out data port common::command.skid;
			cmd_alt: out data port common::command.skid;
		annex EMV2 {**
			use types error_library;
			
			error propagations
				pwr1: in propagation {NoPower};
				pwr2: in propagation {NoPower};
				pedal1: in propagation {NoService};
				pedal2: in propagation {NoService};
			end propagations;
		**};
	end bscu;

	-- 创建bscu的实现方法basic
	system implementation bscu.basic
		annex EMV2 {**
			use types error_library;
			use behavior error_library::bscu;
			
			error propagations
				flows
					es1: error sink pwr1 {NoPower};
					es2: error sink pwr2 {NoPower};
			
			end propagations;
			
			component error behavior
				transitions
					nopower1: Operational -[pwr1 {NoPower}]-> Failed;
					nopower2: Operational -[pwr2 {NoPower}]-> Failed;
			end component;
			
			properties
				ARP4761::hazards => ([crossreference => "TBD";
						failure => "No power line";
						phases => ("TBD");
						description => "Permanent failure of power supply source";
						FailureConditionClassification => Catastrophic;
						QualitativeProbabilityObjective => ExtremelyImprobable;
						comment => "Would be critical if both power supplies are lost";
					]) applies to pwr1, pwr2;
		**};
	end bscu.basic;

	
	-- 创建bscu的实现方法generic
	system implementation bscu.generic
		subcomponents
			sub1: system bscu_subsystem.generic;
			sub2: system bscu_subsystem.generic;
			select: system select_alternate;

		connections
			sub1pwr: bus access pwr1 <-> sub1.pwr;
			sub2pwr: bus access pwr2 <-> sub2.pwr;
			sub1pedal: port pedal1 <-> sub1.pedal;
			sub2pedal: port pedal2 <-> sub2.pedal;
			selectvalid1: port sub1.valid -> select.input1;
			selectvalid2: port sub2.valid -> select.input2;
			selectvalidout: port select.result -> Select_Alternate;
			sub1skid: port sub1.cmd_skid -> cmd_nor;
			sub2skid: port sub2.cmd_skid -> cmd_alt;
		annex EMV2 {**
			use types error_library;
			use behavior error_library::bscu;
			
			component error behavior
				transitions
					nopower: Operational -[pwr1 {NoPower} and pwr2 {NoPower}]-> Failed;
			end component;
			
			composite error behavior
				states
					[sub1.Failed and sub2.Failed]-> Failed;
					[sub1.Failed and sub2.Operational]-> Alternate;
					[sub1.Operational and sub2.Operational and select.Failed]-> Alternate;
					[sub1.Operational and sub2.Operational and select.Operational]-> Operational;
			end composite;
			
			properties
				ARP4761::hazards => ([crossreference => "TBD";
						failure => "No power line";
						phases => ("TBD");
						description => "Permanent failure of power supply source";
						FailureConditionClassification => Hazardous;
						QualitativeProbabilityObjective => ExtremelyImprobable;
						comment => "Would be critical if both power supplies are lost";
					]) applies to pwr1, pwr2;
		**};
	end bscu.generic;

	-- 创建bscu的实现方法federated继承generic方法的全部特性
	system implementation bscu.federated extends bscu.generic
		subcomponents
			platform: system platform::platform.federated;
		properties
			Actual_Processor_Binding => (reference (platform.cpu1)) applies to sub1.cmd;
			Actual_Processor_Binding => (reference (platform.cpu1)) applies to sub1.mon;
			Actual_Processor_Binding => (reference (platform.cpu2)) applies to sub2.cmd;
			Actual_Processor_Binding => (reference (platform.cpu2)) applies to sub2.mon;
	end bscu.federated;


	-- 创建bscu的实现方法ima继承generic方法的全部特性
	system implementation bscu.ima extends bscu.generic
		subcomponents
			platform: system platform::platform.ima;
		properties
			Actual_Processor_Binding => (reference (platform.cpu.partition1)) applies to sub1.cmd;
			Actual_Processor_Binding => (reference (platform.cpu.partition2)) applies to sub1.mon;
			Actual_Processor_Binding => (reference (platform.cpu.partition3)) applies to sub2.cmd;
			Actual_Processor_Binding => (reference (platform.cpu.partition4)) applies to sub2.mon;
	end bscu.ima;

end bscu;

主程序:simple -> wbs.aadl

  • wbs.aadl是核心模块,通过调用其他包内的模块,实现了车轮制动系统
package wbs

public

	with bscu;
	with communication;
	with valves;
	with wheel;
	with pump;
	with power;
	with pedals;
	with ARP4761;
	with EMV2;

	--
	--  车轮制动系统的虚拟部件。
	--
	system wbs
	end wbs;

	-- 创建车轮制动系统虚拟部件的实现方法generic
	system implementation wbs.generic
		subcomponents
			-- 踏板系统
			pedals: system pedals::pedals.generic;

			-- 动力系统
			power: system power::power.generic;

			-- 图表顶部的两个泵
			blue_pump: system pump::pump.i;
			green_pump: system pump::pump.i;

			--  蓄压泵
			accumulator: system pump::pump.i;

			--  选择器子系统
			selector: system valves::selector;
			bscu: system bscu::bscu.generic;

			wheel: system wheel::wheel;

			-- 通知装置
			annunciation: device communication::annunciation.i;
		connections
			accu_to_sel: bus access selector.accumulator_input <-> accumulator.pressure_output;
			power1: bus access bscu.pwr1 <-> power.line1;
			power2: bus access power.line2 <-> bscu.pwr2;
			pedal1: port pedals.signal1 -> bscu.pedal1;
			pedal2: port pedals.signal2 -> bscu.pedal2;
		annex EMV2 {**
			-- WBS系统有以下错误状态::
			-- Operational操作性
			-- AnnunciatedTotalBrakingLoss通告的总制动损失
			-- UnannunciatedTotalBrakingLoss非相关总制动损失
			-- PartialBrakingLoss部分制动损失
			-- AsymmetricLoss不对称损失
			-- InadvertentBrake意外刹车
			use types error_library;
			use behavior error_library::wbs;
			
			composite error behavior
				states
					[bscu.Failed and accumulator.Failed and annunciation.Failed]-> AnnunciatedBrakingLoss;
					[blue_pump.Failed and green_pump.Failed and accumulator.Failed and
						annunciation.Failed]-> AnnunciatedBrakingLoss;
					[bscu.Failed and accumulator.Failed and annunciation.Failed]-> UnannunciatedBrakingLoss;
					[blue_pump.Failed and green_pump.Failed and accumulator.Failed and
						annunciation.Failed]-> UnannunciatedBrakingLoss;
			end composite;
			
			properties
				ARP4761::hazards => ([crossreference => "AIR6110 page 35 figure 17";
						failure => "Crew detect the failure when the brakes are operated (unanunciated) or select an appropaite landing spot (annunciated)";
						phases => ("Landing", "RTO");
						description => "Total Loss of Wheel Braking";
						FailureConditionClassification => Hazardous;
						QualitativeProbabilityObjective => ExtremelyImprobable;
						comment => "Reference to crew procedures for loss of normal and reserve modes";
					]) applies to AnnunciatedBrakingLoss, UnannunciatedBrakingLoss;
			
				ARP4761::hazards => ([crossreference => "AIR6110 page 35 figure 17";
						failure => "Crew detects the failure when brakes are used. Use available wheel braking, spoilers and thrust reverses to decelerate.";
						phases => ("Landing", "RTO");
						description => "Partial Symmetrical Loss of Wheel Braking";
						FailureConditionClassification => Hazardous;
						QualitativeProbabilityObjective => ExtremelyImprobable;
						comment => "Additional study required to determine classification";
					]) applies to PartialBrakingLoss;
			
				ARP4761::hazards => ([crossreference => "AIR6110 page 36 figure 17";
						failure => "Partial Symmetrical Loss of Wheel Braking";
						phases => ("Landing", "RTO");
						description => "Asymmetrical Loss of Wheel Braking";
						FailureConditionClassification => Catastrophic;
						QualitativeProbabilityObjective => ExtremelyImprobable;
						comment => "Decrease in braking performance. Tendency to veer off the runway.";
					]) applies to AsymmetricLoss;
			
				EMV2::likelihood => ARP4761::ExtremelyImprobable applies to InadvertentBrake;
				ARP4761::hazards => ([crossreference => "AIR6110 page 37 figure 17";
						failure => "Inadvertent wheel brake application";
						phases => ("Takeoff");
						description => "Undetected inadvertent wheel brake on one wheel without locking the wheel.";
						FailureConditionClassification => Catastrophic;
						QualitativeProbabilityObjective => ExtremelyImprobable;
						comment => "Crew cannot detect the failure by the asymmetry which is very small. Brake temperature can reach very high temperature.";
					]) applies to InadvertentBrake;
		**};
	end wbs.generic;

	-- 用选择器子系统抽象所有阀门的基本/初始版本。
	-- 该选择器子系统隐藏了选择器、关闭阀和仪表/防滑阀背后的物理逻辑。
	system implementation wbs.basic extends wbs.generic
		subcomponents
			bscu: refined to system bscu::bscu.basic;
			--  选择子系统
			selector: refined to system valves::selector_basic {Classifier_Substitution_Rule => Type_Extension;};
			wheel: refined to system wheel::wheel_one_input.i {Classifier_Substitution_Rule => Type_Extension;};
		connections
			blue_to_selector: bus access blue_pump.pressure_output <-> selector.blue_input;
			green_to_selector: bus access green_pump.pressure_output <-> selector.green_input;

			bscu_sel_to_selector: port bscu.Select_Alternate -> selector.Select_Alternate;
			bscu_cmdnor_to_selector: port bscu.cmd_nor -> selector.cmd_nor;
			bscu_cmdalt_to_selector: port bscu.cmd_alt -> selector.cmd_alt;

			selector_to_wheel: bus access selector.output <-> wheel.input;
	end wbs.basic;

	--
	--  版本有更多的实施细节,显示了液压系统的细节。
	-- 
	system implementation wbs.detailed extends wbs.generic
		subcomponents
			selector: refined to system valves::selector_detailed {Classifier_Substitution_Rule => Type_Extension;};
			shutoff: system valves::boolean_shutoff;
			green_skid: system valves::cmd_shutoff;
			blue_skid: system valves::cmd_shutoff;
			wheel: refined to system wheel::wheel_two_inputs.i {Classifier_Substitution_Rule => Type_Extension;};
		connections
			-- 我们将蓝色泵直接连接到选择阀。
			-- 对于绿色泵,我们将其连接到关闭阀,关闭阀随后连接到选择器阀。
			blue_to_selector: bus access blue_pump.pressure_output <-> selector.blue_input;
			green_to_shutoff: bus access green_pump.pressure_output <-> shutoff.input;
			shutoff_to_selector: bus access shutoff.output <-> selector.green_input;
			bscu_to_shutoff: port bscu.Select_Alternate -> shutoff.boolean_input;

			bscu_to_selector: port bscu.Select_Alternate -> selector.select_alternate;

			--  将来自BSCU的指令连接到滑动阀门
			bscu_to_gskid: port bscu.cmd_nor -> green_skid.cmd_input;
			bscu_to_bskid: port bscu.cmd_alt -> blue_skid.cmd_input;

			--  将选择器的输出压力连接到防滑部件上
			selector_to_gskid: bus access selector.green_output <-> green_skid.input;
			selector_to_bskid: bus access selector.blue_output <-> blue_skid.input;

			-- 将防滑系统连接到车轮上。在这个版本中,我们看到轮子有两条获得压力的路径。
			-- 我们认为这是一个物理模型,而不是逻辑模型。
			bskid_to_wheel: bus access blue_skid.output <-> wheel.blue_input;
			gskid_to_wheel: bus access green_skid.output <-> wheel.green_input;
	end wbs.detailed;

	system implementation wbs.federated extends wbs.detailed
		subcomponents
			bscu: refined to system bscu::bscu.federated;
	end wbs.federated;

	system implementation wbs.ima extends wbs.detailed
		subcomponents
			bscu: refined to system bscu::bscu.ima;
		annex resolute {**  
      		prove contain_two_power_supply()
      		prove contain_two_selector_valve() 
      		prove contain_two_bscu()
		**};
	end wbs.ima;

end wbs;
print_Hyon
关注
  • 5
    点赞
  • 9
    收藏
    觉得还不错? 一键收藏
  • 打赏
    打赏
  • 0
    评论
专栏目录
SAE_ARP4754A(发布版)_SAEARP4754A标准_arp4754中文版_ARP4754_
10-01
一种研制复杂航空系统的设备方法,包括研制计划等
ARP4761简介
09-10
ARP4761标准的简单介绍,有需要的可以参考,主要针对行业标准的内容概述
ARP4754A的需求分类V2(AIR6110版本)_arp 4754a标准的逻辑关系(3)
最新发布
2401_84904355的博客
05-16 773
首先回顾下ARP4754A中需求的定义:需求是功能规范的可识别要素,这种要素可以被确认,且其实现可被验证。功能的定义如下:功能是产品的一种行为,这种行为基于一系列与实现无关的需求。\1. 功能与需求的区别:功能不是需求,功能表示一系列需求的集合。2.功能与需求的联系:所有的需求都是对功能的描述,或者说所有的需求都是功能需求。3.功能与需求的研发顺序:先定义功能,再从功能分析需求。
SAE ARP4761
Archer460864915的博客
06-11 5965
SAE ARP4761SAE ARP4761 初探与入门民用飞机和系统安全性评估 初探与入门!如何开展飞机和系统级 "功能危险性评估"(FHA)?如何开展飞机系统级 "初步系统安全性评估"(PSSA)?如何开展民用飞机 "系统安全性评估"(SSA)?如何制定民用飞机“系统安全性工作计划”(SSPP)? 本文摘录自公众号: 民用飞机 SAE ARP4761 初探与入门 https://mp.weix...
适用AADL建模的例子,aadl文件,aaxl文件
04-28
包含了一系列SEI等的AADL建模的例子
aadl实现ARP4761系统
01-08
本项目为aadl实现ARP4761系统,是osate自带的样例,关于样例更多介绍参考https://blog.csdn.net/qq_37400312/article/details/122311471
AADL开发工具Osate官方样例
12-25
内含34个官方样例,下载地址:https://github.com/osate/examples
AADL开发工具OSATE的使用与语法
果乐果香
01-14 7096
第一章:软件介绍 1.OSATE:一个完整的建模工具,目前已经到3.xx的版本,但是各个版本的使用方法(拖图)还是有挺大差别的,在本次教程中选用OSATE2-2.2(也许你使用的的是3.xx但是他们的拖图方式可能不一样,但是语法还是差不多的) 2.OSATE:建模只要有两个部分通过图形界面建模、另外一个是用过编程语法进行建模。其实你要是想将语法和图形界面中的部件联系起来也挺容易,你可以先拖一个...
Eclipse开发的Osate插件项目入门样例
03-06
了解这些基础知识后,你可以开始搭建开发环境,按照Osate的文档和教程,逐步学习如何创建和使用Osate插件,以实现对AADL模型的定制化操作。同时,不断探索和实践,加深对Eclipse插件开发的理解,以及在实际项目中...
内含在eclipse上进行OSATE插件开发进阶样例
03-13
学习这个样例,开发者可以深入了解如何在Eclipse中创建自定义功能,扩展OSATE以满足特定需求,例如添加新的AADL模型元素,提供定制的编辑器,或者实现特定的分析工具。同时,通过实际操作,开发者还能提高对Eclipse...
aadl开发工具osate2-2.10.0-vfinal-win32.win32.x86_64安装包
12-26
osate2.10.0安装包,官网下载地址:https://osate-build.sei.cmu.edu/download/osate/stable/2.10.0/products/osate2-2.10.0-vfinal-win32.win32.x86_64.zip
OSATE安装及使用教程
06-07
OSATE是一个完整的建模环境,包括AADL和EMFTA,为描述AADL模型提供了支持。它由许多功能组成,用于建模和分析系统。此外,用户可以基于OSATE构建自己的工具,并扩展其初始功能。
pd68-win-ip1188-2_56-ea24.exe
07-30
佳能打印机ip1188驱动
AADL eclipse工程文件 osate-topcased
06-13
某次课程作业要求,使用osate-topcased(基于eclipse的插件),使用AADL语言模拟了GPS的工作机制。
基于AADL的模型设计与仿真分析技术
旋极智能的博客
08-19 3261
AADL(Architecture Analysis and Design language)是一种应用于嵌入式系统领域的体系结构建模语言,支持航空、航天、汽车等领域复杂实时的安全关键系统的设计与分析。AADL具有语法简单、功能强大、可扩展等优点,能够对嵌入式软件的功能和非功能属性进行建模与描述,在开发早期对系统进行分析与验证。 AADL组件类别 AADL提供了标准化的文本和图形描述,是一个用以...
OSATE学习笔记】插件开发入门
qq_37400312的博客
03-14 8653
本章介绍OSATE工具的插件开发基本方法。因为OSATE是基于eclipse平台开发的,他具有eclipse的基本特性,所以我们可以借助eclipse来进行插件的开发
OSATE学习笔记】失效模式与影响分析,FMEA(failure mode and effects analysis)
qq_37400312的博客
07-15 7628
失效模式与影响分析,简称FMEA (failure modes and effects analysis),由失效模式(FM)和影响分析(EA)两部分组成。
OSATE学习笔记AADL Property 属性
qq_37400312的博客
12-26 824
本文介绍了属性的查看方法,4种属性值的类别,6种属性状态的用法。
OSATE学习笔记】Error Model Annex介绍(内含样例
qq_37400312的博客
01-22 1205
本文对EMV2相关的部分名词进行枯燥的文字解释,同时用一系列样例辅助认识EMV2的各种语法,如error type,behavior,propagations,propagations,events,transitions,flows等。
aadl osate 中文
01-10
OSATE (Open Source AADL Tool Environment) 是一个开源的AADL工具环境,提供了一系列用于AADL模型分析和验证的功能。 AADL 是一种规范化的建模语言,旨在帮助工程师们对复杂系统进行详细描述和分析。它能够描述一...

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包

打赏作者

print_Hyon

你的鼓励将是我创作的最大动力

¥1 ¥2 ¥4 ¥6 ¥10 ¥20
扫码支付:¥1
获取中
扫码支付

您的余额不足,请更换扫码支付或充值

打赏作者

实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值