AADL Code Generation for ARINC653

"How to generate code from models for ARINC653 systems"





Introduction

The following demonstration shows hos to integrate the generated code from models into commercial ARINC653 operating systems. AADL models are edited with the Open Source AADL Tool Environment (OSATE) toolset AADL toolset and the code is generated using the Ocarina AADL code generator tool. For this demonstration, we target two commercial ARINC653 operating systems: Deos from DDC-I and VxWorks653 from Windriver.

This demonstration is separated into two use cases:

  1. Generation of ARINC653 XML configuration and C partition code from AADL
  2. Integration of functional models (SCADE) with the code generated from AADL models

This demonstration shows the automation of code production from models. It also shows once the model is validated, the system can be automatically deployed on top of different operating systems while preserving the same characteristics validated when analyzing the model.


The ADIRU Example

The ADIRU model represents an Air Data Inertial Reference Unit (ADIRU) of the Boeing777-2H6ER plane, related to the hazardous accident of the Malaysian Air Flight 124 in 2005. The model has been presented during an AADL committee, you can read the slides.

The model is composed of four main partitions: one to simulate the sensors, two for the health monitoring and another one for the solver. The following picture show the graphical representation of the model.

The ADIRU AADL Model (full version)

The ADIRU model is then processed and the module configuration and partitions code are generated from the AADL model. The functional code (the one that corresponds to the subprograms) is captured using C code. The generated code auto-integrate it.

Inter-partitions communications use AADL data and event data ports, which are translated into ARINC653 queuing and sampling ports. The next video provides a walk through the AADL model and show how to generate code from it and integrate it with VxWorks653 or Deos.

Generating code from the ADIRU model

Integrating the generated code with Deos

Integrating the generated code with VxWorks


Generating Implementation from Functional (SCADE) and AADL Models

In this example, we generate code from SCADE that will be integrated on top of the code generated from the AADL model. The model is composed of several partitions:

  1. panel: simulates the joystick and onOff buttons from the panels that are sent to the SCADE node. We put the value 5.0 for the joystick and on for the button.
  2. sensors: simulates the sensors values sent to the panel. For this demo, we use a value for the left sensor of 500 and -200 for the right.
  3. roll-control: executes the code generated from SCADE with the inputs from the panel and sensors partitions and send the result to the display partition.
  4. display: simulates a display that shoes if there is a left or right warning. In the present case, according to the input values, the left warning should be activated.

The Roll Control AADL Model (full version)

All four partitions are then integrated on the same module. Inter-partitions communications are realized using sampling ports. The following demonstration provides a walkthrough the SCADE model, the AADL model, how to generate and integrate code for both Deos and VxWorks653.

Overview of the SCADE model

AADL model and Code Generation

Integrating the generated code from AADL and SCADE with Deos

Integrating the generated code from AADL and SCADE with VxWorks


Resources

This demo used mainly open source software and the model is publicly available on the github AADL examples repository. All tools are available publicly at no charge, except for Deos or VxWorks653 or SCADE which require a specific license. There is the list of all tools used for doing this demonstration:

  • OSATE: model design and analysis (safety, security). The model used in this demo is available on the github AADL examples repository under the file name core-examples/mils/twoparts-mils.aadl
  • Ocarina: code generation. A bridge between OSATE and Ocarina that invokes the code generation within OSATE is included in OSATE.
  • Deos: ARINC653 operating system from DDC-I that provides time and space isolation
  • VxWorks653: ARINC653 operating system from Windriver that provides time and space isolation
  • SCADE: SCADE from Ansys for modeling functional aspects of the system

If you have any question regarding this demonstration, please send an e-mail on the AADL mailing list.