Page 1 11/2001 This document is the property of EADS LAUNCH VEHICLES and shall not be communicated to third parties and/or reproduced without prior written.

Slides:



Advertisements
Présentations similaires
Les Cases Cachées 3 2 Les Verbes ER Tu/ manger Je/ parler Elles/
Advertisements

[number 1-100].
1. Résumé 2 Présentation du créateur 3 Présentation du projet 4.
THALES Communications Les informations contenues dans ce document sont la propriété exclusive du Groupe THALES. Elles ne doivent pas être divulguées sans.
Distance inter-locuteur
CORP VG G G 1 P&WC PROPRIETARY DATA 1 Charles Litalien PWC - Bureau de la Technologie Charles Litalien Août 2002 Conception & Développement dune.
CORP VG G G 1 P&WC PROPRIETARY DATA 1 Charles Litalien PWC - Bureau de la Technologie Charles Litalien Août 2002 Conception & Développement dune.
(Nom du fichier) - D1 - 01/03/2000 FTR&D/VERIMAG TAXYS : a tool for the Development and Verification of RT Systems a joint project between France Telecom.
1 La bibliométrie pour l'évaluation stratégique des institutions de recherche : usages et limites Indicators for strategic positioning of the research.
Les numéros
ACTIVITES Les fractions (10).
Est Ouest Sud 11 1 Nord 1 Laval Du Breuil, Adstock, Québec I-17-17ACBLScore S0417 Allez à 1 Est Allez à 4 Sud Allez à 3 Est Allez à 2 Ouest RndNE
Sud Ouest Est Nord Individuel 36 joueurs
Revenir aux basiques !. 1 Revenir aux basiques Processus Nécessité daméliorer la Maîtrise les Offres et Projets: lanalyse des causes racines montre un.
interaction in the .LRN platform
Status report SOLEIL April 2008
TP2 ... MVC ? JList JLabel JSlider ImageLibrary Contrôleur Vue Modèle
La diapo suivante pour faire des algorithmes (colorier les ampoules …à varier pour éviter le « copiage ») et dénombrer (Entoure dans la bande numérique.
1 Efficient Data and Program Integration Using Binding Patterns Ioana Manolescu, Luc Bouganim, Francoise Fabret, Eric Simon INRIA.
Analyse de la variance à un facteur
Analyse de la variance à deux facteurs (données déséquilibrées) Michel Tenenhaus.
Minimisation Techniques 1 Assimilation Algorithms: Minimisation Techniques Yannick Trémolet ECMWF Data Assimilation Training Course March 2006.
What is todays date and when is your birthday Ask someone what star sign they are and answer Say and ask for the time Say what you do for your birthday.
2 1. Vos droits en tant quusagers 3 1. Vos droits en tant quusagers (suite) 4.
Révision (p. 130, texte) Nombres (1-100).
Reading an analog clock
XGKS et XUV XGKS and XUV 25/10/2003 V1.0 Conception d une application sans contact How to design a RFID application Comment raccorder un système OSIVIEW.
Mr: Lamloum Med LES NOMBRES PREMIERS ET COMPOSÉS Mr: Lamloum Med.
Français I Leçon 2B Une semaine au lycée Au Debut #7 (for the dates of November 5 and 6) Please Translate the Following: 1. I love the math course. (Adorer.
Navigation aérienne François RICHARD-BÔLE (DSNA)
Second part Album Keet.
1 of 46 2 of 46 UPDATE UPDATE ON TV ANTENNAS SINCE LAST BOARD MEETING SINCE LAST BOARD MEETING HELD ON FEBRUARY 25, 2010, YOUR BOARD HAS MADE MORE PROGRESS.
This document is the property of EADS CCR. It may not be communicated to any third parties and/or reproduced without the prior written consent of EADS.
TM.
Application des algorithmes génétiques
le profil UML en temps réel MARTE
Quelle heure est-il? What time is it?.
L’Heure Telling Time.
Defence Research and Development Canada Recherche et développement pour la défense Canada Canada 11-1.
1 of of 40 UPDATE UPDATE ON TV ANTENNAS SINCE LAST BOARD MEETING SINCE LAST BOARD MEETING HELD ON FEBRUARY 25, 2010, YOUR BOARD HAS MADE MORE PROGRESS.
La compilation logicielle dEsterel v5 Gérard Berry Chaire Algorithmes, machines et langages Collège de France Cours 4, 23 avril 2013.
1 SERVICE PUBLIC DE LEMPLOI REGION ILE DE France Tableau de bord Juillet- Août 2007.
Fire prevention in Luxembourg Performance based fire prevention (Project of Fire engineering Guidelines) Guy Weis Service dIncendie et dAmbulance de la.
1 Guide de lenseignant-concepteur Vincent Riff 27 mai 2003.
BURDET Georges CORRIGNAN Yoann GALLOIS Jean Claude
SEG 3601 Élaboration de cas d'utilisation avec UCEd
Magnets fiche projet / project sheet IAFACTORY THE MAGNETIC FACTORY magnets. IAFACTORY | conseil en architecture de linformation | |
F Copyright © Oracle Corporation, Tous droits réservés. Créer des programmes avec Procedure Builder.
PURCHASING PHASE REVIEW Cornerstones of Purchase baseline
Notre calendrier français MARS 2014
Utilisation de la CFD dans l’industrie spatiale à EADS-ST
C'est pour bientôt.....
Donnez l’heure “Time”… it’s a ticking!.
Les nombres.
ECOLE DES HAUTES ETUDES COMMERCIALES MARKETING FONDAMENTAL
Study & revise the numbers carefully.
Quelle heure est-il? What time is it ?.
Modélisation des données Niveau conceptuel DON-2 V0-0.
CALENDRIER-PLAYBOY 2020.
1. Présentation générale du système
The Solar Orbiter A high-resolution mission to the Sun and inner heliosphere.
Ministère de l’Éducation, du Loisir et du Sport Responsables des programmes FLS et ELA: Diane Alain et Michele Luchs Animateurs: Diane Alain et Michael.
Slide 1 of 39 Waterside Village Fête ses 20 ans.
SM C Ce document est la propriété d’Aerospatiale Matra Missiles. Il ne peut être communiqué à des tiers et /ou reproduit sans l’autorisation préalable.
Les Chiffres Prêts?
Médiathèque de Chauffailles du 3 au 28 mars 2009.
Répondons 1 2 vends 2 3 L e s C a s e s C a c h é e s Je/ perdre Elles/ entendre Nous/ répondre Tu/ vendre Les Verbes RE.
To practice: Quantities Un, une, des, de Du, de la, de l’, de Le, la, l’, les.
Transcription de la présentation:

Page 1 11/2001 This document is the property of EADS LAUNCH VEHICLES and shall not be communicated to third parties and/or reproduced without prior written agreement. Its contents shall not be disclosed. - EADS LAUNCH VEHICLES PSLC Conception des logiciels critiques dans le domaine spatial Du système au logiciel... Retour dexpérience sur les méthodes formelles David LESENS EADS LAUNCH VEHICLES, Route de Verneuil BP 2, F Les Mureaux Cedex – France

Page 2 11/2001 This document is the property of EADS LAUNCH VEHICLES and shall not be communicated to third parties and/or reproduced without prior written agreement. Its contents shall not be disclosed. - EADS LAUNCH VEHICLES PSLC Plan EADS LAUNCH VEHICLES Qui nous sommes Méthodologie de développement dun système véhicule Développement Validation Les méthodes formelles de spécification logicielle Pourquoi Comment Retour dexpérience LAutomatic Transfer Vehicle Spécification du logiciel MSU Bilan

Page 3 11/2001 This document is the property of EADS LAUNCH VEHICLES and shall not be communicated to third parties and/or reproduced without prior written agreement. Its contents shall not be disclosed. - EADS LAUNCH VEHICLES PSLC EADS : Un acteur majeur de lindustrie aéronautique et de défense n° 3 mondial - n° 1 européen CA 2000* : 24,2 Mds Prise de commandes 2000*: 49,3 Mds * valeur pro forma Boeing Lockheed-Martin EADS Bae-Systéms Raytheon Northrop Thales

Page 4 11/2001 This document is the property of EADS LAUNCH VEHICLES and shall not be communicated to third parties and/or reproduced without prior written agreement. Its contents shall not be disclosed. - EADS LAUNCH VEHICLES PSLC European Aeronautics Defence and Space company LAUNCH VEHICLES

Page 5 11/2001 This document is the property of EADS LAUNCH VEHICLES and shall not be communicated to third parties and/or reproduced without prior written agreement. Its contents shall not be disclosed. - EADS LAUNCH VEHICLES PSLC Activités phares dEADS LAUNCH VEHICLES Systèmes stratégiques M4 / M5 M51 Maîtrise dœuvre systèmes complets Transport spatial Ariane 4 Ariane 5 ATV Soyuz Lanceurs complémentaires ARD ARES THEMIS Equipements Equipements spatiaux Produits satellites Produits technologiques et divers

Page 6 11/2001 This document is the property of EADS LAUNCH VEHICLES and shall not be communicated to third parties and/or reproduced without prior written agreement. Its contents shall not be disclosed. - EADS LAUNCH VEHICLES PSLC 697,7 Millions 50 Millions 295,8 Millions CA 2000 : 1043,5 Millions 67% Transport spatial civil 5% Equipements 28% Lanceurs stratégiques Chiffre daffaires par activité

Page 7 11/2001 This document is the property of EADS LAUNCH VEHICLES and shall not be communicated to third parties and/or reproduced without prior written agreement. Its contents shall not be disclosed. - EADS LAUNCH VEHICLES PSLC Plan EADS LAUNCH VEHICLES Qui nous sommes Méthodologie de développement dun système véhicule Développement Validation Les méthodes formelles de spécification logicielle Pourquoi Comment Retour dexpérience LAutomatic Transfer Vehicle Spécification du logiciel MSU Bilan

Page 8 11/2001 This document is the property of EADS LAUNCH VEHICLES and shall not be communicated to third parties and/or reproduced without prior written agreement. Its contents shall not be disclosed. - EADS LAUNCH VEHICLES PSLC Développement dun logiciel spatial Spécification véhicule Conception véhicule Spécification équipements Spécification logicielles Développement Simulateur Développement Gestion de mission Communication Thermique Puissance Propulsion Algorithmes navigation, guidage, control Panneaux solaires Développement I/F

Page 9 11/2001 This document is the property of EADS LAUNCH VEHICLES and shall not be communicated to third parties and/or reproduced without prior written agreement. Its contents shall not be disclosed. - EADS LAUNCH VEHICLES PSLC Validation du logiciel Le premier vol est un vol de qualification Logiciel réel Simulateurs des équipements Simulateur de lenvironnement Equipements réels Simulation dun vol complet

Page 10 11/2001 This document is the property of EADS LAUNCH VEHICLES and shall not be communicated to third parties and/or reproduced without prior written agreement. Its contents shall not be disclosed. - EADS LAUNCH VEHICLES PSLC Objectif de la spécification logicielle Capturer le besoin système Spécialistes métiers Servir dentrée à lactivité de développement Cohérence Complétude Référence pour la validation fonctionnelle Exigences validables

Page 11 11/2001 This document is the property of EADS LAUNCH VEHICLES and shall not be communicated to third parties and/or reproduced without prior written agreement. Its contents shall not be disclosed. - EADS LAUNCH VEHICLES PSLC Plan EADS LAUNCH VEHICLES Qui nous sommes Méthodologie de développement dun système véhicule Développement Validation Les méthodes formelles de spécification logicielle Pourquoi Comment Retour dexpérience LAutomatic Transfer Vehicle Spécification du logiciel MSU Bilan

Page 12 11/2001 This document is the property of EADS LAUNCH VEHICLES and shall not be communicated to third parties and/or reproduced without prior written agreement. Its contents shall not be disclosed. - EADS LAUNCH VEHICLES PSLC Pourquoi utiliser des méthodes formelles ? Raffinement Etudes SystèmesQualification Spécification Technique Conception Développement Tests Unitaires Intégration Validation Fonctionnelle Diminution des corrections tardives Ecriture des spécifications en méthode formelle Reprise immédiate Spécification « validable » Génération de tests

Page 13 11/2001 This document is the property of EADS LAUNCH VEHICLES and shall not be communicated to third parties and/or reproduced without prior written agreement. Its contents shall not be disclosed. - EADS LAUNCH VEHICLES PSLC 1 er objectif des méthodes formelles de spécification Augmenter la formalisation de notre spécification Standard de communication Pour des informaticiens Pour des non informaticiens Différents types dapplication Synchrone et/ou Asynchrone et/ou Algorithmique

Page 14 11/2001 This document is the property of EADS LAUNCH VEHICLES and shall not be communicated to third parties and/or reproduced without prior written agreement. Its contents shall not be disclosed. - EADS LAUNCH VEHICLES PSLC 2 nd objectif des méthodes formelles de spécification Détecter les erreurs en phase amont de développement Validation de la spécification Cohérence de la spécification Complétude de la spécification Preuve sur la spécification Test Prototypage rapide Simulation de la spécification

Page 15 11/2001 This document is the property of EADS LAUNCH VEHICLES and shall not be communicated to third parties and/or reproduced without prior written agreement. Its contents shall not be disclosed. - EADS LAUNCH VEHICLES PSLC 3 ième objectif des méthodes formelles de spécification Faciliter le raffinement de la spécification vers une conception Réutilisation des tests de simulation de la spécification Ecriture dune conception à laide dune méthode formelle ? Génération de code Séquentiel ou multitâche Langage cible Embarquable ?

Page 16 11/2001 This document is the property of EADS LAUNCH VEHICLES and shall not be communicated to third parties and/or reproduced without prior written agreement. Its contents shall not be disclosed. - EADS LAUNCH VEHICLES PSLC Et en pratique ? Soyons pragmatiques ! Retour dexpérience Les méthodes formelles sont lourdes à utiliser Utiliser selon les besoins Modélisation statique Type SADT ou SART Vérification de la cohérence des flots de données Modélisation dynamique Mieux comprendre un point dur Simulation / validation Spécification Développement complet Spécification véhicule ou code embarquable Choix de la méthode En support dune spécification ou dune analyse

Page 17 11/2001 This document is the property of EADS LAUNCH VEHICLES and shall not be communicated to third parties and/or reproduced without prior written agreement. Its contents shall not be disclosed. - EADS LAUNCH VEHICLES PSLC Quelles méthodes « formelles » choisir? Système véhicule Etudes algorithmiques Simulink James SDL, StateCharts Spécification logicielle Conception logicielle Codage Scade Signal Esterel Méthode B Exemples dapplications UML

Page 18 11/2001 This document is the property of EADS LAUNCH VEHICLES and shall not be communicated to third parties and/or reproduced without prior written agreement. Its contents shall not be disclosed. - EADS LAUNCH VEHICLES PSLC Plan EADS LAUNCH VEHICLES Qui nous sommes Méthodologie de développement dun système véhicule Développement Validation Les méthodes formelles de spécification logicielle Pourquoi Comment Retour dexpérience LAutomatic Transfer Vehicle Spécification du logiciel MSU Bilan

Page 19 11/2001 This document is the property of EADS LAUNCH VEHICLES and shall not be communicated to third parties and/or reproduced without prior written agreement. Its contents shall not be disclosed. - EADS LAUNCH VEHICLES PSLC Retours dexpérience à EADS Launch Véhicles Spécification système Chaîne de sécurité ATV Sol / Système de communication Pool dordinateurs de bord / bus / liens filaires Système de sécurité (MSU) et logiciel associé Spécification logicielle Architecture du GNC Ariane 5 Cyclique / synchrone Multi-fréquence, condition d activation Séquentiel Ariane 5 Asynchrone couplé au synchrone Logiciel MSU Sécurité ATV / ISS Etudes amont En SDL Etudes amont Rétro ingénierie en SCADE Etudes amont Rétro ingénierie en SDL Développement opérationnel en SCADE

Page 20 11/2001 This document is the property of EADS LAUNCH VEHICLES and shall not be communicated to third parties and/or reproduced without prior written agreement. Its contents shall not be disclosed. - EADS LAUNCH VEHICLES PSLC The Automated Transfer Vehicle (ATV) context One of the European contributions to the International Space Station (ISS). It will supply from 2004 onward the following services to the ISS: Refuelling, ISS orbit correction, Freight delivery, ISS trash destruction.

Page 21 11/2001 This document is the property of EADS LAUNCH VEHICLES and shall not be communicated to third parties and/or reproduced without prior written agreement. Its contents shall not be disclosed. - EADS LAUNCH VEHICLES PSLC ATV safety chain and Collision Avoidance maneuver Health status Reset MSU 1 Safety Chain MSU 2 Sensors Thrusters Responsible of ISS safety by triggering a CAM 2 redundant chains Coded in ADA No ADA exception Single task DPU 1 FTCP DPU 2 DPU 3 Rendezvous monitoring Red button

Page 22 11/2001 This document is the property of EADS LAUNCH VEHICLES and shall not be communicated to third parties and/or reproduced without prior written agreement. Its contents shall not be disclosed. - EADS LAUNCH VEHICLES PSLC How the MSU software is specified ? GNC algorithms Algorithms Reference Documents Technical Specification of the MSU SW State automaton MSU SW architecture CAM sequencer SCADE modeling Non functional requirements Functional requirements FrameMaker editor +

Page 23 11/2001 This document is the property of EADS LAUNCH VEHICLES and shall not be communicated to third parties and/or reproduced without prior written agreement. Its contents shall not be disclosed. - EADS LAUNCH VEHICLES PSLC Contains of the MSU SW SCADE model Navigation Monitoring Control Activation condition Data flow description Post-CAM CAM Hierarchical decomposition FBY 2 Data ageing Synchronous and cycle architecture

Page 24 11/2001 This document is the property of EADS LAUNCH VEHICLES and shall not be communicated to third parties and/or reproduced without prior written agreement. Its contents shall not be disclosed. - EADS LAUNCH VEHICLES PSLC Formal semantics Validation of a SCADE specification Formal proof Specification Complete Coherent Implementable No ambiguous Easy to understand (graphic) Well accepted by the participants Semantics verifier Executable specification Spec validation Code generation Simulation Validation improprement Exhaustiveness Automatic

Page 25 11/2001 This document is the property of EADS LAUNCH VEHICLES and shall not be communicated to third parties and/or reproduced without prior written agreement. Its contents shall not be disclosed. - EADS LAUNCH VEHICLES PSLC Formal proofs on the MSU SW TS SCADE model SCADE model Environment description Environment description Logical Property Logical Property Exhaustive verification LESAR tools True property Diagnostic LESAR tool is developed by the VERIMAG laboratory

Page 26 11/2001 This document is the property of EADS LAUNCH VEHICLES and shall not be communicated to third parties and/or reproduced without prior written agreement. Its contents shall not be disclosed. - EADS LAUNCH VEHICLES PSLC Properties description Use of synchronous observer, specified In SCADE In LUSTRE Using regular expression Observed software Environment Properties Inputs Outputs Environment oracle Properties oracle

Page 27 11/2001 This document is the property of EADS LAUNCH VEHICLES and shall not be communicated to third parties and/or reproduced without prior written agreement. Its contents shall not be disclosed. - EADS LAUNCH VEHICLES PSLC Proof by model checking Construction of a mathematical model of the SCADE model Computation of the reachable states Comparison with the forbidden states Forbidden states Initial states SCADE model SCADE model Mathematical model

Page 28 11/2001 This document is the property of EADS LAUNCH VEHICLES and shall not be communicated to third parties and/or reproduced without prior written agreement. Its contents shall not be disclosed. - EADS LAUNCH VEHICLES PSLC Property examples A CAM test can only be triggered by a red button signal true_after_false( CAM_TEST_TRIG ) RED_BUTTON No assertion is required from the environment to satisfy this property. When the initialisation of the two MSU chains is correct, they can not triggered both a CAM at the same time #( MSU1_CAM_TRIG, MSU2_CAM_TRIG ) It is satisfied only when the initialisation of the 2 MSU is correct cam_arm( SWITCH_ON_MSU1, ARM_MSU1, SWITCH_ON_MSU2, ARM_MSU2, RED_BUTTON ) on1arm1on2arm2 InitS1S1 S2S2 S3S3 S4S4

Page 29 11/2001 This document is the property of EADS LAUNCH VEHICLES and shall not be communicated to third parties and/or reproduced without prior written agreement. Its contents shall not be disclosed. - EADS LAUNCH VEHICLES PSLC Conclusion on formal method use for ATV Improve the quality of the TS of the MSU Software Improve the quality of the TS of the MSU Software - Description of a MSU cyclic and synchronous architecture - Formal semantics (no ambiguity, no incoherence). Data flow / Activation condition. Data obsolescence description - MSU SW TS easy to understand - Semantics verification / Formal proof Not usable for a complex software Not usable for a complex software - Non adapted for asynchronous software - Limited to small, cyclic, synchronous software - Start of the MSU software design

Page 30 11/2001 This document is the property of EADS LAUNCH VEHICLES and shall not be communicated to third parties and/or reproduced without prior written agreement. Its contents shall not be disclosed. - EADS LAUNCH VEHICLES PSLC Complex software (1): level of description ? Data update Communication system Algorithms GNC TCTMTC Data update Algorithms TM cmd ack Synchronous specificationAsynchronous specification Communication system GNC

Page 31 11/2001 This document is the property of EADS LAUNCH VEHICLES and shall not be communicated to third parties and/or reproduced without prior written agreement. Its contents shall not be disclosed. - EADS LAUNCH VEHICLES PSLC Measurement Bus frame Software Complex software (2): synchronous hypothesis (1) Algo Cmd Cycle n Cycle n-1Cycle n+1 Algo period Algo

Page 32 11/2001 This document is the property of EADS LAUNCH VEHICLES and shall not be communicated to third parties and/or reproduced without prior written agreement. Its contents shall not be disclosed. - EADS LAUNCH VEHICLES PSLC Complex software (2): synchronous hypothesis (2) Bus frame Software Measurement Cmd Algo Cycle n Cycle n-1Cycle n+1 Algo period

Page 33 11/2001 This document is the property of EADS LAUNCH VEHICLES and shall not be communicated to third parties and/or reproduced without prior written agreement. Its contents shall not be disclosed. - EADS LAUNCH VEHICLES PSLC Algo Complex software (2): synchronous hypothesis (3) Bus frame Software Measurement Cmd Cycle n Cycle n-1Cycle n+1 Algo period

Page 34 11/2001 This document is the property of EADS LAUNCH VEHICLES and shall not be communicated to third parties and/or reproduced without prior written agreement. Its contents shall not be disclosed. - EADS LAUNCH VEHICLES PSLC Plan EADS LAUNCH VEHICLES Qui nous sommes Méthodologie de développement dun système véhicule Développement Validation Les méthodes formelles de spécification logicielle Pourquoi Comment Retour dexpérience LAutomatic Transfer Vehicle Spécification du logiciel MSU Bilan

Page 35 11/2001 This document is the property of EADS LAUNCH VEHICLES and shall not be communicated to third parties and/or reproduced without prior written agreement. Its contents shall not be disclosed. - EADS LAUNCH VEHICLES PSLC Conclusion: Comment utiliser les méthodes formelles En rétro-ingénierie Développement dun modèle formel A partir dune spécification logicielle Pour analyser un point particulier Trois étapes en développement Spécification Quand débuter le développement ?Maturité du besoin Précision de la description ?Positionnement dans le cycle Validation de la spécification Nouvelle activité à planifier et à financer Raffinement vers du code Evolution du cycle de développement

Page 36 11/2001 This document is the property of EADS LAUNCH VEHICLES and shall not be communicated to third parties and/or reproduced without prior written agreement. Its contents shall not be disclosed. - EADS LAUNCH VEHICLES PSLC Prospectives (1) Amélioration des techniques utilisées Des techniques de spécification Mixer synchrone et asynchrone Raffiner de lasynchrone vers du synchrone... Des techniques de preuve Spécification des propriétés Puissance des outils... Des techniques de conception Langages de compilation Architectures multi-tâches...

Page 37 11/2001 This document is the property of EADS LAUNCH VEHICLES and shall not be communicated to third parties and/or reproduced without prior written agreement. Its contents shall not be disclosed. - EADS LAUNCH VEHICLES PSLC Prospectives (2) Amélioration de la méthodologie Etendre lapproche formelle au système véhicule Utilisation par des non informaticiens Raffinement Rendre systématique lapproche formelle Utilisation dans les futures projets Systèmes critiques et moins critiques Culture dentreprise

Feed-back: Politique de confidentialité Feed-back
Do Not Sell My Personal Information
Notre projet: SlidePlayer Les conditions d'utilisation

© 2024 SlidePlayer.fr Inc. All rights reserved.