Forschungs- & Entwicklungsinformationsdienst der Gemeinschaft - CORDIS

FP5

OMEGA Berichtzusammenfassung

Project ID: IST-2001-33522
Gefördert unter: FP5-IST
Land: France

Case study: the Ariane 5 flight program

The EADS ST case study presents the Flight Software of the European Ariane 5 Launcher and focuses on relevant real time behaviours. The objective of this Ariane 5 Flight Software is to control the launcher mission from lift-off to payload release. This software operates in a completely automatic mode and has to handle both the external disturbances and the hardware different failures that may occur during the flight. This case study presents the most relevant points required for such an embedded application and focuses on the real time critical behaviour.

EADS ST software merges in the same processor asynchronous behaviours (stage ignition and release, failure isolation and recovery) and cyclical synchronous behaviours (control/command of the vehicle, failure detection). The main difficulty in this case study was the combination of cyclic and acyclic behaviour, which leads to an explosion of the state space (caused by the execution of several thousands of cycles along the lifetime of the acyclic behaviour which takes around 1 hour). This has called to the application of some abstraction techniques:

Properties of the acyclic part have been initially verified by abstracting away the cyclic part manually. In order to verify properties, which involved both the acyclic and the cyclic part, we had to artificially reduce the duration of the mission from around 1h to around 1 minute. However, the relevant behaviours of both parts are fully preserved by this abstraction.

Another particular issue raised by the case study was the validation the scheduling policy used by the launcher software, which is based on a fixed-priority pre-emptive scheme. This has necessitated the construction of a model of the scheduler as well as the capturing of scheduling objectives by UML observers. Evaluation of results: EADS ST has developed its UML model under the Rational Rose tool and has then used the IFx/IF tools (semantics checker, simulator, model-checker) in order to validate it.

The great strength of the used tools is their compatibility with the OMEGA semantics and then the taking into account of the real time behaviour. The simulator has allowed correcting several errors in the model (mainly unexpected deadlocks), which have not been detected by manual revue. As the cost of a specification error during the validation phase is very high, these techniques have already proved their great interests. All the properties have been exhaustively proven correct. The model-checker allows increasing importantly our confidence in the model.

Verwandte Informationen

Ergebnis in Kürze

Kontakt

David LESENS, (Software R&D coordinator)
Tel.: +33-1-39066127
Fax: +33-1-39062797
E-Mail-Adresse
Folgen Sie uns auf: RSS Facebook Twitter YouTube Verwaltet vom Amt für Veröffentlichungen der EU Nach oben