Space systems modeling using the Architecture Analysis & Design Language (AADL)

Abstract

Our interest focuses on how to accurately represent the behavior of complex flight and ground systems by properly selecting the key attributes particularly when model-based techniques are increasingly used for their development. Can new tools and technologies be used in future missions starting at earlier phases to reduce risk? The objective is to demonstrate the use of the Architecture Analysis & Design Language (AADL, SAE AS5506/A) to analyze quality attributes of integrated flight and ground systems software architecture in the context of verification and validation activities. AADL modeling has been used to accurately represent the behavior of complex systems in space missions starting at earlier phases to reduce risk. AADL model shows execution interactions between high-level system components and it enables early quality attribute analyses. AADL adds rigor and formalism to development lifecycle and assurance activities and as a result it reduces possibility of rework later in lifecycle. Formal semantics provide confidence at gateway reviews, by providing independent, semantically accurate analyses. Provision of not just software or hardware assurance but system assurance; therefore, mission assurance. AADL modeling is applicable to real-time embedded software systems - the types of systems NASA builds. This research is directly applicable to NASA missions. AADL models offer a way to make better decisions on system architectures ! especially during development phase (SMAP mission-architectural decisions made during the early design impact) and as a result risk is reduced. Examples of ground and flight systems architectures applicable to NASA missions will be shown including SMAP and Juno missions. For the Critical Design Review (CDR) of the JPL SMAP mission, the AADL team updated the AADL model to reflect the nontrivial re-architecture of the SMAP flight software and avionics hardware. In the process, we completed the Information Flow model and performed Data Latency Analysis (The particular value of this analysis to SMAP was to help model the science collection and data downlink rate). We have shown that the detailed design of SMAP FSW is continually consistent with the software architecture model. The re-architecting to a different baseline is also a testament to the flexibility of the AADL modeling approach. To summarize, ! these are the performance analyses we have performed: Bus Bandwidth Analysis, Memory Resource Analysis, Deadlock Analysis (UPPAAL), Reachability Analysis (UPPAAL). Furthermore, analysis results show how some Juno command errors could have been avoided if the AADL model had been in place before the Juno instruments checkout activities. By modeling the Juno spacecraft and applying new tools, some errors could have been revealed in real time. Some of the analyses that were performed for the Juno mission included: end-to-end data flow and data latency that revealed where command errors can occur. Data generation and memory analysis revealed the scenario when data overflow would occur which could have prevented loss of science data. Analysis results will be presented to show the potential that AADL has in order to model flight and ground systems architecture applied to space operations.