Presentation is loading. Please wait.

Presentation is loading. Please wait.

SCADE System SCADE Suite SCADE Display SCADE development modules

Similar presentations

Presentation on theme: "SCADE System SCADE Suite SCADE Display SCADE development modules"— Presentation transcript:

1 SCADE System SCADE Suite SCADE Display SCADE development modules
SCADE tools SCADE System SCADE Suite SCADE Display SCADE development modules

2 Model Based Development With SCADE Tools

3 SCADE SYSTEM a system architecture design and modeling tool that allows system engineers to model the design of system components and structure using SysML block diagrams. allows to extract parts of the main system model and exchange these subsystem software models with development teams. Software teams can then work on the subsystem software design with SCADE Suite. Comparison of system model versions is facilitated when the subsystem software model is reintegrated into the main system model SCADE LifeCycle Reporter allows systems engineers to automatically generate up-to-date documentation at any point in the development cycle.

4 SCADE Suite With native integration of the Scade language and its unified formal notation, SCADE Suite is the unique integrated design environment for critical applications spanning requirements management, model-based design, simulation, verification, qualifiable/certified code generation, and interoperability with other development tools and platforms

5 SCADE Suite Integrated Data Flow and SSM editors

6 SCADE Suite Simulator

7 SCADE Display SCADE Display is a flexible graphics design and code generation tool suite for the development of safety-critical embedded display systems. native support of the OpenGL SC standard, SCADE Display is the new generation display framework, spanning prototyping, display design, simulation, verification & validation, DO-178B certified code generation for level A software and smooth integration with other applications. tightly coupled with SCADE Suite® enabling unprecedented visibility from the deployed application to the end-user displays.

8 SCADE Suite& DISPLAY for SW development

9 SW design Process with SCADE Suite & Display

10 SW Coding Process with SCADE Suite & Display


12 SCADE code integration

13 Typical SW architecture for graphics

14 Timing Verifier integration in SCADE Suite

15 RT Vizu of SW Spec

16 ACG & Certification

17 Typical SW life-Cycle within D0178 context

18 Abbreviations SNCC =système numérique de contrôle commande
DCS= Digital Control System? SIF=Safety Instrument Function OSHA=Occupational Safety & Health Administration EPA=Environmental Protection Agency ISA= Instrumentation Systems and Automation Society IEC= International Electrotechnical Commission TMR = Triplicated Modular Redundant PLC = programmable logic Controller FMECA=Failure Mode, Effects, and Criticality Analysis AMDEC=Analyse des Modes de Défaillance, Effets et Criticité

19 SCADE at Airbus contents

20 System Modelling & Verification (SCADE Airbus)

21 SW Coding & Testing (SCADE Airbus)

22 A350 XWB Large interchangeable displays

23 Simulator Architecture (Ansaldo)

24 SCADE at Thales contents

25 Projects using SCADE Thales
THALES is leader in Cockpit Interactive Solutions AIRBUS A380 Cockpit Project developped by THALES

26 Projects using SCADE Thales

27 Projects using SCADE Thales

28 Why SCADE (Thales) text

29 SCADE at AREVA contents

30 AREVA Organisation

31 Why SCADE (Areva) Adapted to our deployed development process
SCADE formalism (node and data flow) is equivalent to the Structured Analysis SA-RT/SD method used at AREVA TA (Structured Analysis, Structured Design) Understood by both system and software engineers Improvement of mutual comprehension is required by the IEC60680:2006 standard Supporting our generic design policy SCADE cycle-based language is well adapted to the way embedded safety-critical software are designed at AREVA TA Easier to reach SIL4 than with the former classic development method SCADE simulator : early detection of errors in specification SCADE KCG : no unit testing at code level Less expensive deployment than other formal methods Only one week to design with the principal SCADE functions Improved software validation Formal proof techniques are enabled

32 SCADE integration in dev Process (AREVA)
SIL4 developments (and some SIL0) SCADE modelling of system specification : Definition of Interface functions and data flow between functions Traceability links between requirement specification and functions, using SCADE RM Gateway Functions allocation to subsystems Software SCADE Design : Software architecture design inherit from system model Refinement of requirement allocated to functions, Design of each function SCADE 6 : SSM and map/fold Restricted uses of imported node (efficiency or SCADE limits, reuse legacy code) V&V Check of modelling rules Check of requirements Node and function testing (Uses of SCADE Simulator and SCADE MTC), Integration and validation testing (on host machine prior to on-target) System integration and validation testing (on host machine prior to final equipment) Version control: distributed SCADE model development.

33 System Modelling with SCADE (AREVA)
Requirements modelling Physical and safety allocation of requirements Interfaces of each subsystem with its environment Traceability with functional specification (RM Gateway)

34 SW Design with SCADE (AREVA)
Refine the subsystems models (node and data flow) into full software architecture In the EN50128 process: Software Requirement and architecture specification (generated with the reporter function) Refine design to terminal node (full SCADE or imported) In the EN50128 process: Software and module design Use of KCG for code generation In the EN50128 process: Code Non SIL4 designer tests with simulator Good AREVA TA practice to improve model quality before V&V

35 System & SW Design Validation (AREVA)
The various V&V activities are: Requirement-based tests specification Tests scenarios : Define inputs and the waited output for all requirement in document and in tests files, Automatic launch of validation tests Compute the test, play the test and verify the outputs against the expected result Automatic tests reporter with AREVA TA tools Analysis of the test coverage score with SCADE MTC

36 System & SW Design Validation (AREVA)
Different simulations can be chosen: SCADE graphic simulator: Well suited to verify node during the design Cannot be used in an automatic test bench Interface is poor to achieve system testing with massive number of I/Os “Command line” mode: Same mode as the graphic one but with TCL language elements (functions and comments) Harder to use than graphical mode TCL script: Use of TCL instruction sequence to initialise input, verify waited values of outputs, increase cycle, flatten structure or array types, … Use TCL programming power: loop, generic sub-functions, … TCL scenario script can be call by another script; thus a « launcher » can sequence the scenarios. All I/O transitions can be recorded External simulator calling SCADE via a DLL interface Equivalent to TCL script but harder to use (continuity, support, …) Test bench based on TCL scripts to check check all software component For each component : Rebuild for each component a test program Play scenario and compare outputs to expected values, Generate a log file with principal script step information. Generate a log file with the history of the I/O transitions. For all the components : Compute an HTML report of validation with A link to log files, A validation success rate, A global model test coverage score

37 Research Infrastructure (DLR)

38 Development Process (DLR)
Integrated development process for the entire research infrastructure Stimulated by:Automatic launch of validation tests Domain-Engineering (e.g. virt. institute DeSCAS) Requirements Engineering (e.g. EU-Project CESAR) Service oriented architectures (SOA) Model-based development (e.g. SCADE)

39 Dominion Project (DLR)

40 SCADE at ASTRIUM contents

41 Dev Life-Cycle (ASTRIUM)

42 Formal proofs on the ATV safety Software (ASTRIUM)
The LESAR tool is developed by the VERIMAG laboratory Example of proven properties Specification of the environment by “regular expressions” cam_arm( on, arm, cam_cmd, tc, hltc ) =prefix( [-on, -arm, -cam_cmd, -tc, -hltc]*.[ on, -arm, -cam_cmd, -tc, -hltc].[-on, -arm, -cam_cmd, -tc, hltc]*.~~ ) ; Properties A “red button” implies eventually a CAM triggering before 4 cycles Real time property The two MSU chains can not triggered both a CAM at the same time Mutual exclusion property the same results has now been reached with Prover)

43 SCADE at POSCON contents

44 PSD System Diagram (POSDOM)

45 PSD System Diagram (POSDOM)

46 Development Process to Achieve SIL 3 RAMS System Life-Cycle

47 Development Process to Achieve SIL 3 PSD RAMS H/W Management

48 Development Process to Achieve SIL 3 PSD RAMS S/W Development(V Model method)

49 Development Process to Achieve SIL 3 PSD RAMS Project Output

50 SCADE at Liebherr Contents
Connecting the neutral SCADE model with the global PLC data

51 SCADE for SIL2 systems Liebherr
Connecting the neutral SCADE model with the global PLC data

52 PME1 control system (LiebHerr)
Central Intelligence Distributed IOs Real Time CAN Protocol Single synchronous Application Task Safety Level until SIL2 Massive reuse of software modules text

53 PME1 link data flow (LiebHerr)
Interface Config file with all variables of PLC system Clear Separation of responsibilities between Liebherr and Esterel Generates New textual operator “Integration Toplevel” Special C-Code with mappings SCADE liebherr

54 SCADE at Siemens Contents

55 From SysML to SCADE: SCADE system designer Siemens
Architecture Different views communications deployment use cases SCADE: Design language Embedded control Simulation

56 Timing analysis and SCADE Siemens
WCET computation Communication architecture – do we meet our timing requirements? What is the impact of different architecture alternatives regarding timing? Deeper understanding of system performance characteristics

57 Model-based worst-case timing approach Siemens
Abstract model of resources, processes, scheduling policies and communication pathways

58 Elicitation of system behavior by modeling Siemens

59 Model-based penetration into an existing target system architecture Siemens
SCADE Components

60 SCADE at Invensys Contents (Railway-TDMS (Train Data Mngt System))

61 TDMS Architectural Principals Simple Partitioning Invensys

62 SCADE TDMS Development: TDMS Partitioning - Partitions Invensys
Standard interface Communicate via Ports Partition mode Application Partitions System Partitions Similar to ARINC 653 Fault Handling Dual Redundant for availability Adapt by Adding/Removing Features/Partitions Requires agility

63 SCADE TDMS Development:Project Process: Evolved Agile Feature Driven Approach

64 SCADE at KEPCO Contents
SCADE for ISODE ( Integrated SW Dev Env) for NP Systems

65 ISODE Overview KEPCO

66 ISODE Overview KEPCO

67 Validation and Verification Process TEPCO
Design Verifier A property is implemented in a SCADE node called an Observer. As inputs, it receives the values the property focuses on. It has one output, which is true if and only if the property is true

68 Automatic Documentation Generation TEPCO

69 Target Importing Process TEPCO

70 Target Importing Process TEPCO

71 PPS Application-Bistable Module TEPCO

72 PPS Application-Coincidence Module TEPCO

73 title

Download ppt "SCADE System SCADE Suite SCADE Display SCADE development modules"

Similar presentations

Ads by Google