• No results found

Autocoding for Verifiability

N/A
N/A
Info
Download
Protected

Academic year: 2022

Share "Autocoding for Verifiability"

Copied!
19
0
0

Loading.... (view fulltext now)

Download now ( 19 Page )

Full text

(1)

[email protected] – (314) 232-4417 [email protected] – (316) 523-2014

Autocoding for Verifiability

Tim Smith Vdot Santhanam

Session Number/Name Boeing Software Conference - 1 February 6-7, 2006 – Long Beach, CA

BSC-1

https://ntrs.nasa.gov/search.jsp?R=20070035128 2019-08-30T01:53:02+00:00Z

(2)

Overview

• Model-Based Control Law Development with Automatic Code Generation

• Source Verification Issues of Automatically Generated Code

• MXZ Code Generator

• Benefits and Limitations of MXZ

• Current State of the Tool

(3)

Model-Based Control Law Development

• Cost effective

• Easily traceable to software requirements

• Automatic code generation

(4)

NASA / Boeing Software Certification Study

• Identify and address hurdles to transitioning Intelligent Flight Control System (IFCS)

technology to the civil arena

• Focus was on the verifiability (DO-178B Level

A) of IFCS neural/adaptive control software

(5)

MATRIXx Autocode

• It was quickly realized that the software implementation of the neural/adaptive algorithms did not present any unique verification issues.

BUT...

• The Autocode contained many constructs that

hamper source verification.

(6)

MATRIXx Autocode

• Readability

– Package Proliferation – Package USE Clauses – Unnecessary With’s

– Frequent Use of Temporaries – I/O Variable Bundling

– Prolific Use of Pointers

(7)

MATRIXx Autocode

• Testability / Traceability

– Statement Coverage, Exception Handlers

• Type Safety

• Performance

(8)

The Zbra Subset

• Boeing developed, ‘safe subset’ of Ada 95

• Associated compiler – direct source to object mapping

• Translating MATRIXx autocode to Zbra

– Refactoring – SAGA based tool

– MATRIXx Template Programming Language

– A new automatic code generation tool MXZ

(9)

Initial Attempts

• Using MATRIXx Template Programming Language

– Unable to alter the interface convention

– National Instruments showed no interest in modifying the internals of code generator

• Refactoring (source to source conversion)

– Some of the clutter was eliminated

– I/O unbundling still posed a challenge

• A new autocoder seemed easier to build

(10)

MXZ

• MATRIXx script extracts model properties

• MXZ converts properties text file to Zbra compliant Ada

• Zbra compliant code addresses the

shortcomings cited above

(11)

MXZ Performance

• The study found both object code size and execution time improved on the host

(Windows) platform and the 68K target

6.7-7.2 ms 7.3-7.6 ms

Exec Time

17KB 42KB

Memory Target

(68040, Tartan Ada compiler)

42-49 µs 73-76 µs

Exec Time

47KB 292KB

Memory Host

(Windows, gnat compiler)

MATRIXx MXZ

(12)

MXZ Limitations

• Only block types used in the IFCS model are currently implemented.

• Fixed point arithmetic not implemented.

• Some blocks have restrictions placed on them.

– e.g.: Vector inputs are not permitted to Waveform – e.g.: Sequential execution Condition blocks are

not supported

(13)

What About MATLAB?

• MXZ generates code directly from a text file containing the model properties. Independent of the application that generated the properties file.

• A *.m file that can produce the model

properties text file for input to MXZ is all that

is needed to bridge the gap.

(14)

What About Other Languages?

• There are no inherent limitations in MXZ that will inhibit it from being adapted to generate C code or code in any contemporary

programming language.

• Zbra is a very limited subset of Ada 95 and can

be readily mapped to C, FORTRAN or Java.

(15)

Disclaimer

• Many I/CRAD and production programs have used MATRIXx’s Auocode capability to

develop highly reliable software that functions flawlessly in deployment.

• The authors believe that MXZ has the potential to provide cost savings in the source code

verification process.

(16)

Summary

• Boeing/NASA study to determine the certifiability of neural/adaptive flight control laws.

• One focus was on source code verification

• MATRIXx autocode deemed inadequate for

certification to DO-178B Level A, independent of the neural architecture

• Zbra compliant code greatly improves certifiability

• MXZ automatically generates Zbra compliant code

from the model properties description.

(17)

Name: Tim Smith

Key Technical Field: Systems And Flight Engineering Phone number: 314-232-4417

Fax number: 314-232-4141

E-mail: [email protected] Biography:

Tim Smith is a Guidance, Navigation and Controls engineer. In his five years with the Boeing Company, Tim has helped design and test the flight control laws for the Intelligent Flight Control System (IFCS) for the NASA NF-15B aircraft. Tim designed the pre-trained neural networks for the C-17 IFCS application. Tim recently participated in the NASA sponsored project concerning the verification and validation of adaptive software for the F-15 IFCS.

(18)

Name: Vdot Santhanam

Key Technical Field: High Integrity Software Engineering Phone number: 316-523-2014

Fax number: 316-526-2105

E-mail: [email protected] Biography:

Vdot is a Technical Fellow in the area of software with emphasis on software architecture for high-integrity applications. During his eighteen years with Boeing, Vdot has supported a number of crucial programs with software

technology that has led to significant cost savings and improved integrity. He assisted the 777 primary flight computer program with compiler selection, certification testing, code optimization and automated filtering for error-prone constructs. Vdot is the principal architect of the aerial refueling software for the 767 tanker. Vdot was the principal investigator on the NASA/FAA contract to study the tool qualification criteria for automated software verification tools and most recently led the verification and validation study of adaptive software for the F-15 Intelligent Flight Control System project, also sponsored by NASA.

(19)

Autocoding for Verifiability

BSC Session: ?

Program implementation: F-15 Intelligent Flight Control Systems, Adaptive Software Verification & Validation Study

Abstract: This presentation concerns an improved process for automatically generating source code that is more easily verifiable to DO-178B Level A

standards. MXZ automatically generates a safe-subset compliant Ada source code for a model-based design directly from a text file describing the properties of the model. MXZ was prototyped on a Boeing/NASA collaborative project

involving a MATRIXx/Simulink representation of the software requirements

implementation. MXZ generated code showed improvements in verifiability and performance over the MATRIXx generated code.

References

Download now ( PDF - 19 Page - 3.06 MB )

Related documents

Post-Socialist Dreamworlds: Housing Boom And Urban Development In Kazakhstan

the Kazakh state and aspiring middle classes in Kazakhstan based on the politics of mass aspiration which also stems from the people’s internalized drive and desire

Ginseng's BankDrop Creation Guide Version 2.0

They will ask you some verification questions (Mothers Maiden Name that you put when fulfilling the account info. Have your credit report and background check opened.. normaly only

Case 8:20-cv DOC-KES Document 55-1 Filed 09/28/20 Page 1 of 20 Page ID #:429

action, the manufacturer of allegedly defective building siding, having settled class action brought by end-users, sought an injunction in federal court barring a Minnesota

Innovations in Activities for the Elderly. Proceedings of the 1984 National Association of Activity Professionals Convention

COOK, BA, Former Staff Representative, Section of Activity Coordinators, American Health Care Association, Washington, D. CURLEY, COTA, Activities Consultant, Madison,

Validation of some engine combustion and emission parameters of a bioethanol fuelled DI diesel engine using theoretical modelling

The peak cylinder pressures of BMDE15 operation, both in the simulated and experimental results, are higher than those of diesel operation, due to longer ignition delay and better

Family Migration Decisions

tion of labor market experience of men and women may contribut to a decrease in migration rates of married couples, as well as to an increase in marital. instability of migrants as

Regional Trade and Growth in Asia and Latin America: the importance of Productive Complementarity. Renato Baumann *

According to Devlin & Ffrench-Davis (1998) 25 among the most common costs are: i) preferences among participating countries might divert trade flows from efficient

Cooperative routing for collision minimization in wireless sensor networks

The proposed algorithm in Chapter 5 is a sub-optimal routing due to the following reasons; (1) the optimal power allocation technique is decoupled from the optimal route selection