CPSC 875 - Clemson University

Download Report

Transcript CPSC 875 - Clemson University 

CPSC 875
John D. McGregor
C 8 More Design
Blackboard style
Blackboard
• Violates several architecture principles
• Shared memory
• Used when fast access to lots of data is
needed to make a decision
• Robotics
• Situational awareness
• Perhaps automated driving
Feedback/Control Loop
Controller
Sensor
Actuator
Process
State machine architecture
• Reactive systems
• Each input determines a state
Design operator: Composition
Controller
Sensor
Actuator
Process
Add human controller
Controller
Sensor
Actuator
Process
Hazards
• Car uses old value for set point that causes
sudden acceleration
• Car does not disengage CC when commanded
• …
http://ocw.mit.edu/courses/aeronautics-and-astronautics/16-63j-system-safety-fall-2012/
lecture-notes/MIT16_63JF12_Class10STPA.pdf
State machine
Engine off
Recalculate
pedal
position
CC On
Engine on
CC off
Maintain
current speed
Set current
speed
resume
initial
engage
Inactive
speed set
Resume [setSpeed – currentSpeed< 5mph]/accelerate
apply brake
Syntax of state diagram
EventName [guard]/action
SetActive [speed>20mph]/set speed
MaintainSpeed[setPoint-current>3mph]/calculate pedal angle
SetIdle[]/no op
Cruise control
Adaptive CC
• http://auto.howstuffworks.com/cruisecontrol4.htm
ACC state machine
Controller
OR
OR
CACC
• http://www.path.berkeley.edu/sites/default/fi
les/publications/PRR-2011-01.pdf
resources
• https://wiki.sei.cmu.edu/aadl/images/6/62/Er
rorModelDiscussion-04202013.pdf
• https://github.com/osate/examples/blob/mas
ter/bugtrack-emv2/issue41/Isolette.aadl
• http://www.gpdisonline.com/presentations20
14/SE_67_AVSI-RedmanConsistencyCheckingInSAVI.pdf
• https://wiki.sei.cmu.edu/aadl/images/a/a9/Sa
fetyAnalysiswithEMV2-july2013.pdf
RDAL requirements
Context
http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6008765
DARWIN
Darwin Service Space
Prototyping
Next Steps
• Develop an AADL model of the adaptive cruise
control (ACC). Make the feedback loop(s)
explicit in your design.
• Include identified hazards, related
requirements, and the AADL design should
incorporate those requirements and a
complete error model.
• Submit by 11:59PM Feb 16th
State machine