Project - Crazyflie design and analysis using AADL
Changelog
11/19/2017: added part 2,
- adjusted a few typos in part 1. Models from part 1 have been updated thanks to a report by one student. This had no impact on the questions;
- clarified deliverables list
11/12/2017: added part 1
11/5/2017: initial release of part 0
About this project
For this project, we aim at using AADL to analyze an existing design of a small UAV, the Crazyflie, and then to extend it to add new capabilities.
This project is organized in multiple parts:
Part 0 is an introduction to AADL and toolchain. It has the same content as HW#6, and is provided as a reference;
Part 1 is a walkthrough of the provided Crazyflie model, where you'll perform multiple analysis and then expand the model;
Part 2 revisits the Crazyflie models, with the objective to perform safety analysis.
PART 0 - AADL LANGUAGE AND TOOLCHAIN
PART 1 - Unboxing the Crazyflie
Part 1.1: Flow latency analysis
Q1: List all end-to-end flows in the model, and propose additional flows that may be missing. You will justify their inclusion and the associated configuration parameters.
Q2: Can you avoid modeling some end-to-end flows using the symmetry of the model?
Q3: Add these flows to the AADL models.
For each of them, you'll use specific notation to indicate the modified elements. Suggested annotation is to use AADL comments, like
Q4: The previous parts provided some high-level requirements for the end-to-end latency for some flows. Are these requirements valid? Does the current architecture meets these requirements?
Part 1.2 Simulation of the model
Q5: Simulate the model using the AADL Inspector simulator. Are all elements executed? How would you correct the system?
Q6: Does the execution match your expected behavior for this system? In particular, you want to assess whether all ports are correctly dimensioned, if a thread may miss its deadline, etc.
Part 1.3 Scheduling analysis of the model
Q7: Run scheduling analysis on the system, what can you conclude?
Q8: How would you relate flow analysis, simulation and scheduling analysis? What is their benefit in a complete Systems Engineering process?
Part 1.4 Adding new component: Flow Deck
Q9: Provide an expanded model with the Flow Deck integrated. Ensure all previous analysis are still feasible. You'll provide the rationale for all the updates you performed.
PART 2 - Safety Analysis
Q10: Update Crazyflie_Functional::Crazyflie_Functional_Chain.impl and its subcomponents with EMV2 properties to support the FHA. You may adjust the hazards considering only failure of hardware (CPU, memory, sensors, etc.) or mechanical elements only. We consider, for the moment that the pilot and the software are defect free.
Q11: Generate the corresponding FHA report using OSATE.
Note: you'll observe OSATE simply aggregates the elements from the model. The additional benefit is that the modeling language performs cross-check on the name of the failure modes, the coverage of modes etc. These ensure the report is consistent and complete.
Q12: What are the conditions for all elements to be either in the Operational or Failed modes? Extend the model accordingly. What is the failure probability you get, using the "Reliability Block Diagram" plug-in?
Q13: Update the model to capture all error sources in the functional chain, using the Accelero abstract component as a template.
Q14: Propose an update to the model that captures the following hypothesis on the fusion algorithm used: any error as input will translate as an error as output.
We may now consolidate all analysis
Q15: Run again the Reliability Block Diagram analysis, how does the value compared with the previous one? Is it expected?
Q16: The fault impact analysis plug-in allows one to see how an error propagated in the functional chain. Execute the plug-in and compare the output to your model. How can you link each element of the fault impact analysis to model elements.
Q17: For the moment, we mostly performed basic updates on the system. Complete the error model by adding failures on motors, and the propagation of error value through the controller.
Attachment:- Assignment File.rar