Applying MDA in an Avionics Systems Environment

IanIan WilkieWilkie , Kennedy Carter, Kennedy Carter www.kc.comwww.kc.com

October 2005

K E N N E D Y C A R T E R2

Adopting MDA at BAE Systems

Domain ReuseDomain Reuse

Reuse of Ada Code Reuse of Ada Code

Generation RulesGeneration Rules

ComponentComponent

ReRe--engineeringengineering

ReRe--engineering of engineering of

existing component, existing component,

and automatic Ada and automatic Ada

Code Generation into Code Generation into

existing execution existing execution

environmentenvironment

RTSA to UMLRTSA to UML

Tool MigrationTool Migration

Automated translation Automated translation

of structured analysis of structured analysis

models in Teamwork models in Teamwork

tool to UML models in tool to UML models in

xUML toolxUML tool

K E N N E D Y C A R T E R4

ToolThe Teamwork CASE tool is unsupported.

MethodReal-Time Structured Analysis is no longer mainstream.

PlatformNeed to ensure that the software remains maintainab le and upgradeable during 25 years.

SkillsExperienced Ada programmers are an endangered species.

Challenges for the Project - Obsolescence

K E N N E D Y C A R T E R5

Assess feasibility of migrating of existing Teamwork Models into the new tool environment to allow ongoing maintenance of Real-Time Structured Analysis models as profiled UML models.The re-engineering of a significant component into executable UML (xUML) models.Demonstration of automatic code generation of Ada code from re-engineered xUML Models.Demonstration that software can be built with heterogeneous mixture of legacy and re-engineered components .

Project Goals

Adopting MDA

K E N N E D Y C A R T E R

The information contained in this document is the property of Kennedy Carter Limited.No part of it may be reproduced or used except by written permission.

The copyright and foregoing restrictions on reproduction and use extend to all the media in which the information may be embodied.

www.kc.com

Model Driven Architecture andxUML

K E N N E D Y C A R T E R8

The project decided to take te approach ofModel Driven Architecture (MDA)Model Driven Architecture (MDA)

which involves building

PlatformPlatform --Independent Models (Independent Models ( PIMsPIMs))from which we derive

PlatformPlatform --Specific Models (Specific Models ( PSMsPSMs))and/or

PlatformPlatform --Specific Implementations (Specific Implementations ( PSIsPSIs).).

The models are represented using the notation known as theUnifiedUnified ModelingModeling Language (UML).Language (UML).

Both the MDA process and the UML notationare owned by the non-profit consortium known as the

Object Management Group (OMG).Object Management Group (OMG).

Model Driven Architecture

K E N N E D Y C A R T E R9

Executable UML (xUML)

xUML is an implementation of the MDA processxUML is based around the idea of building PIMs that are precise, complete and executable (and therefore testable)xUML uses a subset of the UML formalism in order to achieve the required precision

“It’s like being a cook. You have to know how to use virtually all of the possible ingredients - just not all at the same time.”

Conversation with Jim Rumbaugh 1999

“It’s like being a cook. You have to know how to use virtually all of the possible ingredients - just not all at the same time.”

Conversation with Jim Rumbaugh 1999

xUML provides a specific view of the notion of “Pla tform” that is inherent in MDA.xUML also provides a coherent Process for the devel opment of systems of both small and large scale and of various degrees o f complexity.

Adopting MDA

K E N N E D Y C A R T E R

The information contained in this document is the property of Kennedy Carter Limited.No part of it may be reproduced or used except by written permission.

The copyright and foregoing restrictions on reproduction and use extend to all the media in which the information may be embodied.

www.kc.com

Component Re-Engineering

K E N N E D Y C A R T E R11

Re-Engineering Objectives

A demonstration that a significant software component can be re-engineered in xUML and that Ada code can be automatically generated from it.The automatically generated code is integrated back into the Radar SystemFunction and performance matches the code that it replaces.

K E N N E D Y C A R T E R12

Passive Objects (POs)

Ada Types

Drivers & OS

VM1 VM2 ...VM4VM3 VMn

Virtual Machines

The Data Processor is a multi-processor, multi-task ing application.It uses a bespoke mailbox mechanism for inter-task communication.

Component Re-engineering

K E N N E D Y C A R T E R13

Passive Objects (POs)

Ada Types

Drivers & OS

VM1 VM2 ...VM4VM3 VMn

Virtual Machines

Re-engineeredComponent

An Ada avionics component was re-engineered with xU ML.Ada code was generated from xUML, and integrated wi th existing code.

Re-engineered Component

K E N N E D Y C A R T E R14

Domains

Modelled in xUML

Legacy code Passive Objects (POs)

Ada Types

Drivers & OS

VM1

VM2

...

VM4

VM3

VMn

K E N N E D Y C A R T E R15

(part of) Class Model

Platform Independent Model Structure

Domain Model

(part of) State Model

K E N N E D Y C A R T E R16

Interfaces with Legacy Code

Interfaces to legacy code units are modelled using <<terminator>> classes

(Part of)Class

Collaboration Model

Legacy Ada Task

Legacy Ada Package

Re-engineered component

Existing component

Adopting MDA

K E N N E D Y C A R T E R

The information contained in this document is the property of Kennedy Carter Limited.No part of it may be reproduced or used except by written permission.

The copyright and foregoing restrictions on reproduction and use extend to all the media in which the information may be embodied.

www.kc.com

Process Migration

K E N N E D Y C A R T E R18

Process Migration : Elaboration vs. Translation

PSM

(OOD)

Processdefinition

Designpolicies

Codingrules

manually build a Platform Specific

Model …

manually code a Platform Specific Implementation

PSI

(Ada)

manually build a Platform Independent

Model …

PIM

(UML)

PSI

(Ada)

automatically generate a Platform

Specific Implementation using

PIM-PSI mappings

PIM-PSIMappings

(xUML)

manually specify mappings onto the

platform …

manually build a Platform Independent

Model …

PIM

(xUML)

Requirement Change impact

Technology Change impact

Before After

K E N N E D Y C A R T E R19

Formalised Application and Design Expertise

PSI

(Code)

PIM-PSIMappings

(xUML)

automatically generate a Platform

Specific Implementation using

PIM-PSI mappings

PSM

(UML)

Processdefinition

Designpolicies

Codingrules

manually build a Platform Specific

Model …

manually code a Platform Specific Implementation

PSI

(Code)

manually build a Platform Independent

Model …

PIM

(UML)

manually specify mappings onto the

platform …

manually build a Platform Independent

Model …

PIM

(xUML)

Rules and policies for organising

aircraft

Rules and policies for organising

software

K E N N E D Y C A R T E R20

The Ada experts

define mappings

onto Ada…

(part of) Generated Ada for Radar Domain

(part of) Ada Metamodel

Package

BodyVariable

SubprogramCall

Formalise the Formalisms

…the Ada mappings are applied to the Radar PIM objects to generate the Radar Ada

The radar experts instantiate the “xUML Metamodel” classes…

(part of) PIM for Radar Domain

(part of) xUML Metamodel

Class

Attribute

SignalGeneration

K E N N E D Y C A R T E R21

Generate the GeneratorxUML to Code Mappings in ASL

Project Code

Generator

Pre-Existing

Code Generator

(part of) xUML Metamodel

Class

Attribute

SignalGeneration

xUML Metamodels

Project Domain Models

Project Code

K E N N E D Y C A R T E R27

Maintainability vs. Executability

PSM

(OOD)

manually build a Platform Specific

Model …

manually code a Platform Specific Implementation

PSI

(Ada)

manually build a Platform Independent

Model …

PIM

(UML)

Before

Built for maintainability

and executability

In classic approaches, the PSI (code) must be built to be maintainable, typically by incorporating layering and encapsulation ……which have a detrimental effect on speed and size of the executing system

PSI

(Ada)

automatically generate a Platform

Specific Implementation using

PIM-PSI mappings

manually build a Platform Independent

Model …

PIM

(xUML)

After

Built for executability

Built for maintainability

In translation-based approaches, the maintained entity (the PIM) is built for

maintainability with layering and encapsulation…

…while the executable entity (the PSI) is optimised for execution efficiency

K E N N E D Y C A R T E R28

Re-Engineering : Findings

“Working with graphical representations meant that software structure was easily understood and maintained .”“Problems discovered during test were rectified in the PIM and the code regenerated.”“No problems were detected attributable to code generator.”“Code worked first time after Platform Independent Model modifications.”

Adopting MDA

K E N N E D Y C A R T E R

The information contained in this document is the property of Kennedy Carter Limited.No part of it may be reproduced or used except by written permission.

The copyright and foregoing restrictions on reproduction and use extend to all the media in which the information may be embodied.

www.kc.com

Tool Migration

K E N N E D Y C A R T E R30

RTSA modelheld in Teamwork

Migrating from RTSA Tool to UML Tool

UML modelheld in xUML Tool

Dataflow diagrams to UML class diagrams

Mealy state machines to Moore state machines

K E N N E D Y C A R T E R31

xUML ToolDatabase RTSA ModelRTSA ModelRTSA ModelRTSA Modelpopulate<<RTSA>>xUMLfrom xUML MMbuild, maintainand checkRTSA ModelDeveloperDeveloperDeveloperDeveloper

xUMLxUMLxUMLxUMLMetamodelMetamodelMetamodelMetamodelmapRTSA MM toxUML MMRTSARTSARTSARTSAMetamodelMetamodelMetamodelMetamodelmap CDIFto RTSAMMCDIFCDIFCDIFCDIFMetamodelMetamodelMetamodelMetamodelmap CDIFto CDIFMMRTSARTSARTSARTSAModelModelModelModel(in Teamwork)(in Teamwork)(in Teamwork)(in Teamwork)

Automated Migration of Avionics Teamwork models to UML Tool

K E N N E D Y C A R T E R32

DFD 0 v1 1.CalculateEngine RunDamage 2.ResetEngine RunDamage 3.UpdateTotal EngineDamageEngine Run Engine 4.DisplayEngineDamagePilot

Engine EngineSpeed EngineDamageExample Teamwork RTSA Model

K E N N E D Y C A R T E R34

The RTSA Metamodel

This model describes RTSA independently of the tool in

which it is held…

K E N N E D Y C A R T E R35

The RTSA to xUML Mapping

The inter model mapping is expressed as ASL operating on the meta-modelsThis sample of such ASL shows an operation provided by the "Data Flow Diagram" class in the RTSA meta-model…

# Map the data flow diagram.[] = DFD_TME2:mapDataFlowDiagramToXuml[sa_model, this.diagramNumber] on this

# Map the data dictionary entries.{data_dictionary_entries} = sa_model -> R26for data_dictionary_entry in {data_dictionary_entries} do

[] = DDE6:mapDdeOnDfdToXuml[this] on data_dictionary_entryendfor

# Map the data dictionary entry references.{dde_references} = {data_dictionary_entries} -> R18.Data_Dictionary_Entry_Referencefor dde_reference in {dde_references} do

[] = DDER2:mapDdeReferenceOnDfdToXuml[this] on dde_referenceendfor

# Map the nodes.{nodes} = this -> R5.Nodefor node in {nodes} do

[] = N3:mapNodeToXuml[sa_model, this] on nodeendfor

# Map the flows.{process_inputs} = this -> R5.Node_on_DFD -> R1.Process_Inputfor process_input in {process_inputs} do

[] = PI3:mapProcessInputToXuml[] on process_inputendfor{process_outputs} = this -> R5.Node_on_DFD -> R8.Process_Outputfor process_output in {process_outputs} do

[] = PO3:mapProcessOutputToXuml[] on process_outputendfor

K E N N E D Y C A R T E R36

Example RTSA Metamodel Objects metamodel metamodel metamodel metamodel objects for objects for objects for objects for the SA the SA the SA the SA modelmodelmodelmodelmetamodel metamodel metamodel metamodel classesclassesclassesclasses

DFD 0 v1 1.CalculateEngine RunDamage 2.ResetEngine RunDamage 3.UpdateTotal EngineDamageEngine Run Engine 4.DisplayEngineDamagePilotEngine EngineSpeed EngineDamage

K E N N E D Y C A R T E R37

Example RTSA Metamodel Objects

DFD 0 v1 1.CalculateEngine RunDamage 2.ResetEngine RunDamage 3.UpdateTotal EngineDamageEngine Run Engine 4.DisplayEngineDamagePilot

Engine EngineSpeed EngineDamagemetamodel metamodel metamodel metamodel objects for objects for objects for objects for the SA the SA the SA the SA modelmodelmodelmodel

K E N N E D Y C A R T E R38

Example RTSA to UML Mapping

The metamodel mappings are applied to generate an xUML model…

DFD 0 v1 1.CalculateEngine RunDamage 2.ResetEngine RunDamage 3.UpdateTotal EngineDamageEngine Run Engine 4.DisplayEngineDamagePilotEngine EngineSpeed EngineDamage

K E N N E D Y C A R T E R39

Mapping RTSA Models to UML Models

RTSAMetamodel

RTSA to UML Metamodel Mappings

xUMLxUMLxUMLxUMLMetamodelMetamodelMetamodelMetamodelRTSARTSARTSARTSAMetamodelMetamodelMetamodelMetamodelmapmapmapmapRTSA MM toRTSA MM toRTSA MM toRTSA MM toUML MMUML MMUML MMUML MMRTSA Model

Use RTSA model to Use RTSA model to Use RTSA model to Use RTSA model to populate RTSA populate RTSA populate RTSA populate RTSA metamodelmetamodelmetamodelmetamodelUML Model

Apply RTSAApply RTSAApply RTSAApply RTSA----UMLUMLUMLUMLMappings to RTSAMappings to RTSAMappings to RTSAMappings to RTSAmetamodel objects metamodel objects metamodel objects metamodel objects

K E N N E D Y C A R T E R40

xUMLMetamodel

xUML to Ada Metamodel Mappings

xUMLModel

AdaCode

Apply xUMLApply xUMLApply xUMLApply xUML----Ada Mappings to Ada Mappings to Ada Mappings to Ada Mappings to xUMLmetamodelxUMLmetamodelxUMLmetamodelxUMLmetamodel objects objects objects objects Spot the Difference: Mapping xUML Models to Ada Cod e

Use PIM model to populate Use PIM model to populate Use PIM model to populate Use PIM model to populate xUML metamodelxUML metamodelxUML metamodelxUML metamodelApplication

experts build

application PIMs

Design experts specify

mapping rules from UML

metamodel onto platform-

specific technologies

The platform-specific

implementation (code) is

automatically generated by applying the xUML-Ada

mapping rules

K E N N E D Y C A R T E R41

FormalisedIntellectualProperty

FormalisedIntellectualProperty

Generate AdaRadar Processing

Component

Build &Test xUML

models

RadarProcessing

Domain

Ada CodeGeneration

Domain

Platform-SpecificRadar Processing

Implementation

MDA Formalises Intellectual Property

This approach ensures that all the business intellectual property is formalised, and made reusable, in xUML.

K E N N E D Y C A R T E R42

Overcome the Method and Tool Obsolescence Issue.Simplify the Software Development Process by treating Application Analysis and Software Design as totally independent, decoupled operations.Protect intellectual investments in xUML Models against Platform Obsolescence.Capture the expertise of the best Computer Scientis ts and Ada Software Engineers in an automated tool.Adapt to a modern technology which fully supports maintenance and enhancements over the next 25 years or more .By addressing architectural issues separately from specification of behaviour, address issues of performance on any platform .

Benefits of Adopting MDA

K E N N E D Y C A R T E R45

Further Information

For more information contact:

Ian.Wilkie@kc.com

Wolfgang.George@kc.com

www.kc.com

Applying MDA in an Avionics Systems Environment

IanIan WilkieWilkie , Kennedy Carter, Kennedy Carter www.kc.comwww.kc.com

October 2005