![Page 1: Presented by David LESENS Tuesday 29 November 2011 Hi-Lite project – Case Study ASTRIUM Space Transportation](https://reader034.vdocument.in/reader034/viewer/2022051621/5697bf8a1a28abf838c8a93b/html5/thumbnails/1.jpg)
Presented by David LESENS
Tuesday 29 November 2011
Hi-Lite project – Case StudyASTRIUM Space Transportation
![Page 2: Presented by David LESENS Tuesday 29 November 2011 Hi-Lite project – Case Study ASTRIUM Space Transportation](https://reader034.vdocument.in/reader034/viewer/2022051621/5697bf8a1a28abf838c8a93b/html5/thumbnails/2.jpg)
10/05/2011
p2
Overview
Introduction Astrium Space Transportation Case study
SCADE modelling Data handling Numerical algorithm Event driven
Feedbacks on Alfa Gnatprove Conclusion
![Page 3: Presented by David LESENS Tuesday 29 November 2011 Hi-Lite project – Case Study ASTRIUM Space Transportation](https://reader034.vdocument.in/reader034/viewer/2022051621/5697bf8a1a28abf838c8a93b/html5/thumbnails/3.jpg)
10/05/2011
p3
Astrium case study
![Page 4: Presented by David LESENS Tuesday 29 November 2011 Hi-Lite project – Case Study ASTRIUM Space Transportation](https://reader034.vdocument.in/reader034/viewer/2022051621/5697bf8a1a28abf838c8a93b/html5/thumbnails/4.jpg)
10/05/2011
p4
Event driven Data flow driven & algorithms
EC
S
EP
C
EA
P
EA
P
EC
S
EP
CEA
P
EA
P
EC
S
EP
CEA
P
EA
P
• Acquisition ofmeasurement
Sen
sors
• Send commandsto actuators
Actu
ators
GNC
• Compute thecommands
Control
• Where shall I go ?Guidance
• Where am I ?NavigationEn
viron
me
En
viron
me
nt
nt
En
viron
me
En
viron
me
nt
nt
Data handlingMiddleware
![Page 5: Presented by David LESENS Tuesday 29 November 2011 Hi-Lite project – Case Study ASTRIUM Space Transportation](https://reader034.vdocument.in/reader034/viewer/2022051621/5697bf8a1a28abf838c8a93b/html5/thumbnails/5.jpg)
10/05/2011
p5
Tools
gnatpro-7.1.0w-20111122-45-i686-pc-mingw32-binhilite-0.1w-20111122-i686-pc-mingw32-bingps-5.1.0-i686-pc-mingw32aunit-3.3.1-i686-pc-mingw32
SCADE Suite version 6.3 beta (build i9)
![Page 6: Presented by David LESENS Tuesday 29 November 2011 Hi-Lite project – Case Study ASTRIUM Space Transportation](https://reader034.vdocument.in/reader034/viewer/2022051621/5697bf8a1a28abf838c8a93b/html5/thumbnails/6.jpg)
10/05/2011
p6
Overview
Introduction Astrium Space Transportation Case study
SCADE modelling Data handling Numerical algorithm Event driven
Feedbacks on Alfa Gnatprove Conclusion
![Page 7: Presented by David LESENS Tuesday 29 November 2011 Hi-Lite project – Case Study ASTRIUM Space Transportation](https://reader034.vdocument.in/reader034/viewer/2022051621/5697bf8a1a28abf838c8a93b/html5/thumbnails/7.jpg)
10/05/2011
p7
Solar wing deployment
Thermalknives
Thermalknives
The Flight Application SoftwareThe Flight Application Softwarepowers thermal knives in orderpowers thermal knives in orderto deploy the solar wingsto deploy the solar wings
• Acyclic events• Redundancy (FDIR)• Automaton oriented
Software part modelledin SCADE
![Page 8: Presented by David LESENS Tuesday 29 November 2011 Hi-Lite project – Case Study ASTRIUM Space Transportation](https://reader034.vdocument.in/reader034/viewer/2022051621/5697bf8a1a28abf838c8a93b/html5/thumbnails/8.jpg)
10/05/2011
p8
Software architecture in SCADE
![Page 9: Presented by David LESENS Tuesday 29 November 2011 Hi-Lite project – Case Study ASTRIUM Space Transportation](https://reader034.vdocument.in/reader034/viewer/2022051621/5697bf8a1a28abf838c8a93b/html5/thumbnails/9.jpg)
10/05/2011
p9
Hierarchical automata
![Page 10: Presented by David LESENS Tuesday 29 November 2011 Hi-Lite project – Case Study ASTRIUM Space Transportation](https://reader034.vdocument.in/reader034/viewer/2022051621/5697bf8a1a28abf838c8a93b/html5/thumbnails/10.jpg)
10/05/2011
p10
Mode automaton
![Page 11: Presented by David LESENS Tuesday 29 November 2011 Hi-Lite project – Case Study ASTRIUM Space Transportation](https://reader034.vdocument.in/reader034/viewer/2022051621/5697bf8a1a28abf838c8a93b/html5/thumbnails/11.jpg)
10/05/2011
p11
Activation conditions
![Page 12: Presented by David LESENS Tuesday 29 November 2011 Hi-Lite project – Case Study ASTRIUM Space Transportation](https://reader034.vdocument.in/reader034/viewer/2022051621/5697bf8a1a28abf838c8a93b/html5/thumbnails/12.jpg)
10/05/2011
p12
Automatic generated code
![Page 13: Presented by David LESENS Tuesday 29 November 2011 Hi-Lite project – Case Study ASTRIUM Space Transportation](https://reader034.vdocument.in/reader034/viewer/2022051621/5697bf8a1a28abf838c8a93b/html5/thumbnails/13.jpg)
10/05/2011
p13
Overview
Introduction Astrium Space Transportation Case study
SCADE modelling Data handling Numerical algorithm Event driven
Feedbacks on Alfa Gnatprove Conclusion
![Page 14: Presented by David LESENS Tuesday 29 November 2011 Hi-Lite project – Case Study ASTRIUM Space Transportation](https://reader034.vdocument.in/reader034/viewer/2022051621/5697bf8a1a28abf838c8a93b/html5/thumbnails/14.jpg)
10/05/2011
p14
Data handling
ECSS-E-70-41A “Space engineering – Ground systems and operations – Telemetry
and telecommand packet Utilization”, 30 January 2003) Ground / board communications Vehicle management
![Page 15: Presented by David LESENS Tuesday 29 November 2011 Hi-Lite project – Case Study ASTRIUM Space Transportation](https://reader034.vdocument.in/reader034/viewer/2022051621/5697bf8a1a28abf838c8a93b/html5/thumbnails/15.jpg)
10/05/2011
p15
Structure of telemetry / telecommand packets
![Page 16: Presented by David LESENS Tuesday 29 November 2011 Hi-Lite project – Case Study ASTRIUM Space Transportation](https://reader034.vdocument.in/reader034/viewer/2022051621/5697bf8a1a28abf838c8a93b/html5/thumbnails/16.jpg)
10/05/2011
p16
Verification of telecommand packets
![Page 17: Presented by David LESENS Tuesday 29 November 2011 Hi-Lite project – Case Study ASTRIUM Space Transportation](https://reader034.vdocument.in/reader034/viewer/2022051621/5697bf8a1a28abf838c8a93b/html5/thumbnails/17.jpg)
10/05/2011
p17
Definition of data bus
![Page 18: Presented by David LESENS Tuesday 29 November 2011 Hi-Lite project – Case Study ASTRIUM Space Transportation](https://reader034.vdocument.in/reader034/viewer/2022051621/5697bf8a1a28abf838c8a93b/html5/thumbnails/18.jpg)
10/05/2011
p18
Access to the data bus
![Page 19: Presented by David LESENS Tuesday 29 November 2011 Hi-Lite project – Case Study ASTRIUM Space Transportation](https://reader034.vdocument.in/reader034/viewer/2022051621/5697bf8a1a28abf838c8a93b/html5/thumbnails/19.jpg)
10/05/2011
p19
Monitoring list
![Page 20: Presented by David LESENS Tuesday 29 November 2011 Hi-Lite project – Case Study ASTRIUM Space Transportation](https://reader034.vdocument.in/reader034/viewer/2022051621/5697bf8a1a28abf838c8a93b/html5/thumbnails/20.jpg)
10/05/2011
p20
Overview
Introduction Astrium Space Transportation Case study
SCADE modelling Data handling Numerical algorithm Event driven
Feedbacks on Alfa Gnatprove Conclusion
![Page 21: Presented by David LESENS Tuesday 29 November 2011 Hi-Lite project – Case Study ASTRIUM Space Transportation](https://reader034.vdocument.in/reader034/viewer/2022051621/5697bf8a1a28abf838c8a93b/html5/thumbnails/21.jpg)
10/05/2011
p21
Orientation of the ATV solar wings Optimisation of energy
From SPARK to Alfa
Algorithms
![Page 22: Presented by David LESENS Tuesday 29 November 2011 Hi-Lite project – Case Study ASTRIUM Space Transportation](https://reader034.vdocument.in/reader034/viewer/2022051621/5697bf8a1a28abf838c8a93b/html5/thumbnails/22.jpg)
10/05/2011
p22
Mathematical library
![Page 23: Presented by David LESENS Tuesday 29 November 2011 Hi-Lite project – Case Study ASTRIUM Space Transportation](https://reader034.vdocument.in/reader034/viewer/2022051621/5697bf8a1a28abf838c8a93b/html5/thumbnails/23.jpg)
10/05/2011
p23
Mathematical library with test cases
Is the test cases defined for Sin32 applicable
![Page 24: Presented by David LESENS Tuesday 29 November 2011 Hi-Lite project – Case Study ASTRIUM Space Transportation](https://reader034.vdocument.in/reader034/viewer/2022051621/5697bf8a1a28abf838c8a93b/html5/thumbnails/24.jpg)
10/05/2011
p24
Mathematical library: matrix product definition
Classical “safe” way
![Page 25: Presented by David LESENS Tuesday 29 November 2011 Hi-Lite project – Case Study ASTRIUM Space Transportation](https://reader034.vdocument.in/reader034/viewer/2022051621/5697bf8a1a28abf838c8a93b/html5/thumbnails/25.jpg)
10/05/2011
p25
Mathematical library: matrix product use
Quite complex type definition
![Page 26: Presented by David LESENS Tuesday 29 November 2011 Hi-Lite project – Case Study ASTRIUM Space Transportation](https://reader034.vdocument.in/reader034/viewer/2022051621/5697bf8a1a28abf838c8a93b/html5/thumbnails/26.jpg)
10/05/2011
p26
Mathematical library: matrix product definition
Classical “unsafe” way / Hi-Lite “safe” way?
Simple type definition
![Page 27: Presented by David LESENS Tuesday 29 November 2011 Hi-Lite project – Case Study ASTRIUM Space Transportation](https://reader034.vdocument.in/reader034/viewer/2022051621/5697bf8a1a28abf838c8a93b/html5/thumbnails/27.jpg)
10/05/2011
p27
Overview
Introduction Astrium Space Transportation Case study
SCADE modelling Data handling Numerical algorithm Event driven
Feedbacks on Alfa Gnatprove Conclusion
![Page 28: Presented by David LESENS Tuesday 29 November 2011 Hi-Lite project – Case Study ASTRIUM Space Transportation](https://reader034.vdocument.in/reader034/viewer/2022051621/5697bf8a1a28abf838c8a93b/html5/thumbnails/28.jpg)
10/05/2011
p28
Automata (1/2)
![Page 29: Presented by David LESENS Tuesday 29 November 2011 Hi-Lite project – Case Study ASTRIUM Space Transportation](https://reader034.vdocument.in/reader034/viewer/2022051621/5697bf8a1a28abf838c8a93b/html5/thumbnails/29.jpg)
10/05/2011
p29
Automata (2/2)
![Page 30: Presented by David LESENS Tuesday 29 November 2011 Hi-Lite project – Case Study ASTRIUM Space Transportation](https://reader034.vdocument.in/reader034/viewer/2022051621/5697bf8a1a28abf838c8a93b/html5/thumbnails/30.jpg)
10/05/2011
p30
Overview
Introduction Astrium Space Transportation Case study
SCADE modelling Data handling Numerical algorithm Event driven
Feedbacks on Alfa Gnatprove Conclusion
![Page 31: Presented by David LESENS Tuesday 29 November 2011 Hi-Lite project – Case Study ASTRIUM Space Transportation](https://reader034.vdocument.in/reader034/viewer/2022051621/5697bf8a1a28abf838c8a93b/html5/thumbnails/31.jpg)
10/05/2011
p31
Ambiguity to missing parenthesis detected
![Page 32: Presented by David LESENS Tuesday 29 November 2011 Hi-Lite project – Case Study ASTRIUM Space Transportation](https://reader034.vdocument.in/reader034/viewer/2022051621/5697bf8a1a28abf838c8a93b/html5/thumbnails/32.jpg)
10/05/2011
p32
Overloading of operators possible
![Page 33: Presented by David LESENS Tuesday 29 November 2011 Hi-Lite project – Case Study ASTRIUM Space Transportation](https://reader034.vdocument.in/reader034/viewer/2022051621/5697bf8a1a28abf838c8a93b/html5/thumbnails/33.jpg)
10/05/2011
p33
Difficulty to write a contract (precision)
![Page 34: Presented by David LESENS Tuesday 29 November 2011 Hi-Lite project – Case Study ASTRIUM Space Transportation](https://reader034.vdocument.in/reader034/viewer/2022051621/5697bf8a1a28abf838c8a93b/html5/thumbnails/34.jpg)
10/05/2011
p34
Powerful contract
![Page 35: Presented by David LESENS Tuesday 29 November 2011 Hi-Lite project – Case Study ASTRIUM Space Transportation](https://reader034.vdocument.in/reader034/viewer/2022051621/5697bf8a1a28abf838c8a93b/html5/thumbnails/35.jpg)
10/05/2011
p35
Extensions
Can this property be expressed as an invariant of the plan type?
![Page 36: Presented by David LESENS Tuesday 29 November 2011 Hi-Lite project – Case Study ASTRIUM Space Transportation](https://reader034.vdocument.in/reader034/viewer/2022051621/5697bf8a1a28abf838c8a93b/html5/thumbnails/36.jpg)
10/05/2011
p36
Abstract variables
![Page 37: Presented by David LESENS Tuesday 29 November 2011 Hi-Lite project – Case Study ASTRIUM Space Transportation](https://reader034.vdocument.in/reader034/viewer/2022051621/5697bf8a1a28abf838c8a93b/html5/thumbnails/37.jpg)
10/05/2011
p37
Abstract variables
In SPARK, an abstract global variable would be defined. The contracts will then specified than only the "Run_Time" subprogram can modify this global variable
In ALFA, such abstract global variables do not exist
++ mvm__obit__get_obit mvm-obit.ads:44-- mvm__obit__run_time mvm-obit.ads:36 (unsupported construct) [Old attribute]
++ mvm__obit__get_obit mvm-obit.ads:44-- mvm__obit__run_time mvm-obit.ads:36 (unsupported construct) [Old attribute]
![Page 38: Presented by David LESENS Tuesday 29 November 2011 Hi-Lite project – Case Study ASTRIUM Space Transportation](https://reader034.vdocument.in/reader034/viewer/2022051621/5697bf8a1a28abf838c8a93b/html5/thumbnails/38.jpg)
10/05/2011
p38
Abstract variables: First solution
The OBIT variable should be private
++ mvm__obit__get_obit mvm-obit.ads:48++ mvm__obit__run_time mvm-obit.ads:40
++ mvm__obit__get_obit mvm-obit.ads:48++ mvm__obit__run_time mvm-obit.ads:40
![Page 39: Presented by David LESENS Tuesday 29 November 2011 Hi-Lite project – Case Study ASTRIUM Space Transportation](https://reader034.vdocument.in/reader034/viewer/2022051621/5697bf8a1a28abf838c8a93b/html5/thumbnails/39.jpg)
10/05/2011
p39
Abstract variables: Second solution
++ mvm__obit__get mvm-obit.ads:49-- mvm__obit__run_time mvm-obit.ads:41 (unsupported construct)
++ mvm__obit__get mvm-obit.ads:49-- mvm__obit__run_time mvm-obit.ads:41 (unsupported construct)
![Page 40: Presented by David LESENS Tuesday 29 November 2011 Hi-Lite project – Case Study ASTRIUM Space Transportation](https://reader034.vdocument.in/reader034/viewer/2022051621/5697bf8a1a28abf838c8a93b/html5/thumbnails/40.jpg)
10/05/2011
p40
In this case, the contract is equivalent to the implementation
![Page 41: Presented by David LESENS Tuesday 29 November 2011 Hi-Lite project – Case Study ASTRIUM Space Transportation](https://reader034.vdocument.in/reader034/viewer/2022051621/5697bf8a1a28abf838c8a93b/html5/thumbnails/41.jpg)
10/05/2011
p41
Overview
Introduction Astrium Space Transportation Case study
SCADE modelling Data handling Numerical algorithm Event driven
Feedbacks on Alfa Gnatprove Conclusion
![Page 42: Presented by David LESENS Tuesday 29 November 2011 Hi-Lite project – Case Study ASTRIUM Space Transportation](https://reader034.vdocument.in/reader034/viewer/2022051621/5697bf8a1a28abf838c8a93b/html5/thumbnails/42.jpg)
10/05/2011
p42
**********************************Subprograms in Alfa : 68% (414/613) ... already supported : 52% (321/613) ... not yet supported : 15% ( 93/613)Subprograms not in Alfa : 32% (199/613)
Subprograms not in Alfa due to (possibly more than one reason): unchecked conversion : 32% (194/613) ambiguous expr : 1% ( 7/613)
Subprograms not yet supported due to (possibly more than one reason): generic : 39% (237/613) attribute : 5% ( 29/613) conversion : 4% ( 24/613) discriminant : 2% ( 11/613) slice : 2% ( 11/613) multi dim array : 0% ( 2/613)(...)
Units with the largest number of subprograms in Alfa: ml-bits : 51% (197/389) ml : 100% (113/113) tmtc-data_pool : 85% (41/48) sgs-main : 100% (14/14) scade-ln1 : 100% (11/11) mvm-automaton : 100% (7/7)(...)
Units with the largest number of subprograms not in Alfa: ml-bits : 49% (192/389) tmtc-data_pool : 15% (7/48)**********************************
**********************************Subprograms in Alfa : 68% (414/613) ... already supported : 52% (321/613) ... not yet supported : 15% ( 93/613)Subprograms not in Alfa : 32% (199/613)
Subprograms not in Alfa due to (possibly more than one reason): unchecked conversion : 32% (194/613) ambiguous expr : 1% ( 7/613)
Subprograms not yet supported due to (possibly more than one reason): generic : 39% (237/613) attribute : 5% ( 29/613) conversion : 4% ( 24/613) discriminant : 2% ( 11/613) slice : 2% ( 11/613) multi dim array : 0% ( 2/613)(...)
Units with the largest number of subprograms in Alfa: ml-bits : 51% (197/389) ml : 100% (113/113) tmtc-data_pool : 85% (41/48) sgs-main : 100% (14/14) scade-ln1 : 100% (11/11) mvm-automaton : 100% (7/7)(...)
Units with the largest number of subprograms not in Alfa: ml-bits : 49% (192/389) tmtc-data_pool : 15% (7/48)**********************************
![Page 43: Presented by David LESENS Tuesday 29 November 2011 Hi-Lite project – Case Study ASTRIUM Space Transportation](https://reader034.vdocument.in/reader034/viewer/2022051621/5697bf8a1a28abf838c8a93b/html5/thumbnails/43.jpg)
10/05/2011
p43
ambiguous expr
![Page 44: Presented by David LESENS Tuesday 29 November 2011 Hi-Lite project – Case Study ASTRIUM Space Transportation](https://reader034.vdocument.in/reader034/viewer/2022051621/5697bf8a1a28abf838c8a93b/html5/thumbnails/44.jpg)
10/05/2011
p44
Gnatprove
Number of specification not in Alfa is 0Number of body not in Alfa is 199
![Page 45: Presented by David LESENS Tuesday 29 November 2011 Hi-Lite project – Case Study ASTRIUM Space Transportation](https://reader034.vdocument.in/reader034/viewer/2022051621/5697bf8a1a28abf838c8a93b/html5/thumbnails/45.jpg)
10/05/2011
p45
ProofProject: mlgnatprove --mode=prove -P ml.gprPhase 1 of 3: frame condition computation ...Phase 2 of 3: translation to intermediate language ...ml-bits.adb:1385:07: warning: types for unchecked conversion have different sizes…
raised CONSTRAINT_ERROR : no element available because key not in mapalfa_report C:\Users\david\Mes documents\Developpement\TMTC\ADA\src\OBJ\gnatprove\gnatprove.alfad failed.Analysis performed in 18 seconds (0 h 0 mn 18 s)(Start at 28/11/2011, 22h51mn25s and end at 28/11/2011, 22h51mn43s) gnatprove : 16 seconds (0 h 0 mn 16 s)
Project: mlgnatprove --mode=prove -P ml.gprPhase 1 of 3: frame condition computation ...Phase 2 of 3: translation to intermediate language ...ml-bits.adb:1385:07: warning: types for unchecked conversion have different sizes…
raised CONSTRAINT_ERROR : no element available because key not in mapalfa_report C:\Users\david\Mes documents\Developpement\TMTC\ADA\src\OBJ\gnatprove\gnatprove.alfad failed.Analysis performed in 18 seconds (0 h 0 mn 18 s)(Start at 28/11/2011, 22h51mn25s and end at 28/11/2011, 22h51mn43s) gnatprove : 16 seconds (0 h 0 mn 16 s)
Not yet investigated Not yet investigated
![Page 46: Presented by David LESENS Tuesday 29 November 2011 Hi-Lite project – Case Study ASTRIUM Space Transportation](https://reader034.vdocument.in/reader034/viewer/2022051621/5697bf8a1a28abf838c8a93b/html5/thumbnails/46.jpg)
10/05/2011
p46
Overview
Introduction Astrium Space Transportation Case study
SCADE modelling Data handling Numerical algorithm Event driven
Feedbacks on Alfa Gnatprove Conclusion
![Page 47: Presented by David LESENS Tuesday 29 November 2011 Hi-Lite project – Case Study ASTRIUM Space Transportation](https://reader034.vdocument.in/reader034/viewer/2022051621/5697bf8a1a28abf838c8a93b/html5/thumbnails/47.jpg)
10/05/2011
p47
Conclusion
Alfa safer than Ada
Alfa easier to use than SPARK
Alfa misses some constructs (compared to SPARK)
![Page 48: Presented by David LESENS Tuesday 29 November 2011 Hi-Lite project – Case Study ASTRIUM Space Transportation](https://reader034.vdocument.in/reader034/viewer/2022051621/5697bf8a1a28abf838c8a93b/html5/thumbnails/48.jpg)
10/05/2011
p48
Always a great support from AdaCore