The research paper published by IJSER journal is about Quantitative Metrics for validating the effectiveness of the Model based approach for indigenously developed SWS/AIC system 1

ISSN 2229-5518

Quantitative Metrics for validating the

effectiveness of the Model based approach for indigenously developed SWS/AIC system

Manju Nanda, Chinmayi S Jamadagni

AbstractThe aim of this paper is to validate the effectiveness of model-based approach for the indigenously devel- oped stall warning and aircraft interface computer system (SWS/AIC) by generating the software engineering process metrics and the development of the empirical relationship between the conventional and the model-based approach. The quantitative metrics for software analyzability, changeability, testability, stability, traceability, safety compliance, reliability, design time, de- bug time, upgrade time, reusability, readability, maintainability, modularity, reachability and availability is derived and generat- ed for the two approaches to demonstrate the effectiveness of the model-based approach. The empirical relationship developed helps in analyzing the reduction in effort for development of safety critical software using model-based approach.

The metrics generated and the empirical relationship derived between the two approaches proves the effectiveness of the model-based approach over the conventional approach. The results of this work are encouraging for incorporation of the model-based approach for the design, development and verification and validation of safety critical systems.

Index Terms— Formal methods, Model based approach, Verification and Validation, Safety critical systems, Metrics, Stall Warning System.

1 INTRODUCTION

—————————— ——————————

Development of critical systems for i.e. the aeronautics or automotive industry requires a strict interdisciplinary ap- proach and conformance to standards and specifications in order to ensure safe systems, since failures are often cata- strophic and with loss of life as a consequence.

The development of embedded systems with real-time and other critical constraints raises distinctive problems. In partic- ular, development teams have to make very specific architec- tural choices and handle key non-functional constraints relat- ed to, for example, real-time deadlines and to platform param- eters like energy consumption or memory footprint. The last
implementation, testing, maintenance and evolution. The use of mathematical techniques reduces the possible personal in- terpretation.
The paper discusses a pioneering framework in mak-
ing the engineering process effective. The framework includes model based approach for the design life cycle and demon- strates the effectiveness of the approach by generating metrics. The approaches adopted for the comparative case study are conventional and model based. The design cycle for the con- ventional and model based approaches is as shown in Fig 1.

Fig 1

few years have seen an increased interest in using model-
based engineering (MBE) techniques to capture dedicated ar-
chitectural and non-functional information in precise (and even formal) domain-specific models in a layered construction of systems. MBE techniques are interesting and promising because they allow to capture dedicated architectural and non- functional information in precise (and even formal) domain- specific models, and they support a layered construction of systems, in which the (platform independent) functional as- pects are kept separate from architectural and non-functional (platform specific) aspects, where the final system is obtained by combining these aspects later using model transformations.
Model based engineering approach is the formalized application of modeling support system requirements, design, analysis and V&V. Mathematical rigor enables users to analyze and verify these models at any part of the program life-cycle: requirements engineering, specification, architecture, design,

IJSER © 2012

http://www.ijser.org

Document-centric approach

REQUIREMENTS DESIGN

IMPLEMENTATION

TEST

Model-centric approach

REQUIREMENTS MODEL

DESIGN AUTO CODE

SYSTEM TEST

Model

TEST

The research paper published by IJSER journal is about Quantitative Metrics for validating the effectiveness of the Model based approach for indigenously developed SWS/AIC system 2

ISSN 2229-5518


Model-Based Design [3] with automatic code genera- tion is an important and established technology for develop- ing aerospace embedded control systems. Early verification,
validation, and test of models and generated code using soft- ware tools with accompanying workflows are increasingly used. Model-based design provides numerous advantages over the traditional design approach. Using the model-based approach, you reduce the risk of mistakes and shorten the de- velopment cycle by performing verification and validation testing throughout the development instead of only during the final testing stage. Design evaluations and predictions can be made much more quickly and reliably with a system model as a basis. This iterative approach results in improved designs,

28 VDC Ps Pt Tt

28 VDC ELEC.

SYSTEM

ADCU & AHRU

RAD ALT

ARINC-429

PILOT’S CONTROL WHEEL

SWS/AIC POWER SUPPLY

COPILOT’S CONTROL WHEEL

ARINC-429

ARINC-429/DISCRETE

EADI/PFD (PILOT SIDE) WITH EFIS

& ALT SELECT CAUTION WARNING

both in terms of performance and reliability. The cost of re- sources is reduced, because of reusability of models between design teams, design stages, and various projects and the re- duced dependency on physical prototypes. Development er- rors and overhead can be reduced through the use of automat- ic code generation techniques. These advantages translate to more accurate and robust control designs, shorter time to market, and reduced design cost.

2 STALL WARNING SYSTEM AND AIRCRAFT INTERFACE COMPUTER SYSTEM

The system under consideration is the Stall Warning System used in aircrafts. The purpose of the SWS/AIC system is to provide stall warning whenever the aircraft approaches stall angle of attack, display continuously the angle of attack information on the primary display, provide interface between Caution warning panel (CWP) and systems which require an interface for CWP and provide pitch trim function and moni- toring. The stall warning system is designed and modeled using both conventional process and model process and the metrics obtained are compared and analyzed in order to ob-

28 VDC Ps Pt Tt

FLAP SYSTEM

LG UNIT

FUEL SYSTEM

ADCU & AHRU

AOA SENSORS RT & LT THROTTLE

LEVER POSITION

DISCRETE INPUTS (WOW, AOA Heat. ETC.)

DUAL SWS/AIC

PROCESSORS (68060/68360)

INPUT SIGNAL MANAGEMENT

STALL ALGORITHM PROC.

AIC PROC

OUTPUT SIGNAL MGT.

SERVO & MON.

CONTROL

BIT

HYDRAULIC PRESS SENSOR

& ON/OFF SWITCH

Fig 2

COMMAND ENGAGE/DISENGAGE

SERVO COMMAND ENGAGE/DISENGAGE

ARINC-429

SWITCHES AND INDICATORS IN COCKPIT

SYSTEM

PITCH TRIM ACTUATOR SHAKER ACTUATOR

EADI/PFD (COPILOT SIDE) WITH EFIS

tain the footprints and figure of merit.
The model based approach [4] allows engineers to de-
sign embedded systems and simulate them on their desktop environment for analysis and design. Model-Based Design provides a variety of code generation capabilities that teams use to generate source code for many purposes including sim- ulation, rapid prototyping and hardware-in-the-loop testing. Model-Based Design promotes a requirements-oriented pro- ject view and greater integration and reuse between conceptu- al and detailed modeling and design work. The block diagram of the SWS/AIC is depicted in Fig 2.
The model based formal implementation of the stall warning system is done using Mathworks toolset (R2010a)[1]. After creating the model, it has to be tested extensively to en- sure that model is identical to the legacy source code. So the model validation and comparison of its outputs with the lega- cy source code becomes an important task in MBSE. MBSE uses a V- Model / Life Cycle for the model creation and its val- idation The Matlab/Simulink model of SWS is depicted in Fig
3. The SWS modeled in Simulink is simulated to check for
functionality and then auto code is generated for the model. The auto code generated is compared with the manual code, thus highlighting the advantages of model based approach over the conventional approach. The model is then verified using Simulink Design Verifier. The SDV generates Auto test cases for coverage of the model.

IJSER © 2012

http://www.ijser.org

The research paper published by IJSER journal is about Quantitative Metrics for validating the effectiveness of the Model based approach for indigenously developed SWS/AIC system 3


ISSN 2229-5518

Fig 3
The Stall warning system module is subjected to Sim- ulink Design Verifier which checks the model for compatibility and generates test cases for the functionality. The SDV in- cludes formal prover engine which proves the properties of
the model. The SDV report for the Landing gear module along with coverage metrics and test cases are discussed below. Fig 4 depicts the test unit for the landing gear module. The inputs from the harness unit are given to the test unit in the form of signal builder as shown in Fig 4. Depending upon the module, the SDV log gives compatible, partially compatible and in- compatible results. The landing gear module taken into con- sideration is compatible with the SDV. The SDV generates a test unit ( module that is compatible with the SDV) for verification purposes to which inputs are provided through signal builder block. The signal builder block serves as a tool for generation of test cases i.e. auto test cases for coverage analysis. The Test case explanation in document format can also be obtained from the tool. Once the auto test cases are obtained, they are run to generate the coverage report for fur- ther analysis.
Fig 4

3 SYSTEM PROPERTY METRICS

The performance metrics [2] for analyzing the system design and the process are carried out on the SWS/AIC sys- tem. The system is first developed using the conventional document centric approach and later the model based formal approach. The SWS/AIC system is modeled using the Sim- ulink 2010a toolset. The auto code generated is compared with the manual code generated using the conventional ap- proach. The two processes are compared and the metrics ob-

IJSER © 2012

http://www.ijser.org

The research paper published by IJSER journal is about Quantitative Metrics for validating the effectiveness of the Model based approach for indigenously developed SWS/AIC system 4

ISSN 2229-5518

tained are shown in TABLE I. Descriptive computation and the comparisons of the two approaches are shown in TABLE II. The system property metrics proposed and analyzed for the
case study are defined as follows and their interrelation is de- scribed formally as empirical formulae. The relationship be- tween the System Property Metrics and the performance met- rics can be described in the tree diagram with weighted meth- odologies in Fig 5.

Metrics Definition:

Reliability of a system can be defined as its ability to perform a given trial or probability that an item will last for a given period of time.[5]

Reachability can be attributed to analyzability and

traceability of a system .Hence an empirical relationship ex- ists between the former and later metrics.

Availability is attributed to analyzability and stabil- ity of a system.

Maintainability of a system is dependent on its

changeability, modularity, traceability, design time and up- grade time.

Safety is the most critical metric and cannot be com- pensated for in any approach. Safety critical systems are de- fined by this metric based on certain standards namely DO178B, DO178C etc... Safety metric is attributed to the testa- bility and modularity towards fault tolerance of a system.

Reusability defines the no of files that are being re- used during simulation and code generation.

Readability includes clarity in interfaces, uniformity

in appearance, coding and documentation.
A system is said to possess changeability if it is flexi-
ble, adaptable, scalable and modifiable [15].

Analyzability of a system is defined from the effort required to detect deficiencies and to modify it [6][7].

Testability of a system is satisfied if it is controllable, observable, isolatable, understandable, and automatable and offers heterogeneity [8].

Stability is defined as the ability of the system not to

hang, not to lose data, not to disrupt system functionality and
be predictable [16].

Modularity of a system defines its level of independ-

ence [11][12][13][14].

TABLE I

IJSER © 2012

http://www.ijser.org

The research paper published by IJSER journal is about Quantitative Metrics for validating the effectiveness of the Model based approach for indigenously developed SWS/AIC system 5

ISSN 2229-5518

PARAME- TER

CONVENTIONAL AP- PROACH

FORMAL APPROACH

There is a 32 % reduction in the number of lines of code compared to the conventional approach. This is a consid-

Approach Document based Model based

erable reduction factor when the complexity of the system

Readability Textual; Interface comply coding standards and design styles; documen- tation complies in house documentation stand- ards

Modular ; Interface com- increases. The effort for programming also reduces; hence de-

ply coding standards and signers can concentrate more on the other phases of the life

design styles; MAAB style cycle. From the data obtained from the case study, comparison

chart is developed for the property metrics in order to obtain
the improvement in the approach involving the formal meth-
ods as compared to the conventional approach.

Changeabil-

ity

Modification done at all

levels of design ; Scala-

ble : more effort; Manual

Modification done at top

level of the design

;Scalable by tool ; Auto- mated

Testability Driven by impact analy- sis; Code review; Func- tional isolation ; Manual

Driven by functionality of the model; Module isola- tion; Auto code generation

; Tool dependent

100%

80%

60%

appr oach

Analyzabil- ity Traceability

[9]

Manual ; Code reviews; Impact analysis Requirements Design

Code Report ; trace-

ability matrix generated

manually

Automated; Tool depend- ent

Require- mentsModeldesign codeReport ; traceability matrix generated by tool

reliabilityreachabilitayvailabilmityaintainabilitysafety

appr oach

Stability Stable Stable

FIG 6

Modularity Level of independence based on architecture ;

Level of independence based on modules; Interac-

From the above chart (Fig 6) it can be observed that

Interaction by means of

drivers; Specification based on configuration files; Coupling on control and data coupling

tion by means of function- the model-based approach provides an improvement of alities of models; Specifi- 16.34% in the proposed system property metrics keeping the cation based on inputs reliability factor intact. This further helps in obtaining an

;control and data coupling effective systems engineering framework that integrates for-

mal methodologies. The effect of the weighted methodologies

Safety Safe Safe

Design time More ; manual Less ; automated

on the system property metrics for both the approaches is de- picted in the charts given below. (Fig 7 a and Fig 7 b)

Verification

&Validation

Done at the end of the

cycle

Can be done at the start of

the cycle

Test cases Manual ; depends on functionality

Tool generated ; optimized

RBD

TABLE II

From the case study implemented, an empirical relation- ship is deduced between the two approaches.
Size of manual code ≥ 2 * (size of auto code generated)
Commented lines = exp (executable lines of code)
System property metrics for formal approach = 1.258 * ( conventional approach)
Development Effort is calculated from the statistical
model formula:

100%

80%

60%

40%

20%

0%

reliability reachability availability maintainability safety

analyz

ability

tracea bility

st abilit

y

modul

arity

change ability

test abi

lity

E = 5.2 * L^ 0.91;

L is the no of lines of code in thousands. (The formula is derived by Walston and Felix with a =5.2 and b=

0.91, constants obtained by regression analysis)

Fig
7(a)

IJSER © 2012

http://www.ijser.org

The research paper published by IJSER journal is about Quantitative Metrics for validating the effectiveness of the Model based approach for indigenously developed SWS/AIC system 6

ISSN 2229-5518

RBD

100%

80%

60%

40%

20%

0%

reliability reachability availabilitymaintainability safety

Fig 7(b)

analyza bility

traceab ility

stability

modula rity

change ability

testabil ity

ACKNOWLEDGMENT

We acknowledge Director CSIR-NAL to carry out this work.

REFERENCES

1. CONTROL ALGORITHM MODELING GUIDELINES USING MATLAB®, Simulink®, and Stateflow® Version 2.1 MathWorks Automotive Advisory Board (MAAB) July 27th, 2007.

2. “Comparison of software metrics tools” by Rüdiger Lincke, Jo- nas Lundberg and Welf Löwe. Software Technology Group, School of Mathematics and Systems Engineering, Växjö Univer- sity, Sweden.

3. “Measuring productivity and quality in model based design”:

excerpt from MATLAB digest; March 2006

4. “Model Based Design for DO178B with qualified tools” by Tom

Errkinen and Bill Potter; Mathworks Inc.

5. “A new approach to system reliability” by Go pal Chaudhri,

Kuolong Hu and Nader Afshar. (IEEE transactions on Reliabil- ity : March 2001)

4 CONCLUSION AND FUTURE WORK

Using Model-Based Design, verification and valida- tion activities occur throughout development. A number of new technologies have been introduced that assist with early model verification such as requirements traceability, model checking, model coverage, formal methods, and test case gen- eration. Continuous verification and validation of require- ments throughout the design life cycle reduced errors and development time.
The results obtained from the work not only helped in
deriving an empirical relationship between the model-based approach and the conventional approach but also highlighted its advantages over the conventional approach. The applica- tion of the model based approach in safety critical domain has proven to be effective and can be extended to more critical functionalities in the domain. The same approach can be im- plemented at design level which encourages V&V at the top most level of the design life cycle, thus ensuring correctness of the system right at the start of the life cycle. Also there are oth- er commercially available tools that support model based de- velopment involving formal techniques apart from Math- works. The other available tools can also be used for imple- menting the approach and a comparative analysis of tools can be done in order to find an effective tool for the particular ap- plication.

6. “Quantifying the analyzability of Software Architectures” by Er- ic Bouwers, Jos´e Pedro Correia, Arie van Deursen and Joost Visser (Delft University of technology ,Delft , Netherlands)

7. www.arisa.se/compendium/analyzability

8. IEEE standards glossary of software engineering technology

9. “On traceability for safety critical systems engineering” by Dr

Paul Mason ( Shinawatra University, Thailand)

10. “Creating Safety Requirements Traceability for Assuring and Recertifying Legacy Safety-Critical Systems” by Janice Hill and Scott Tilley ( IEEE International Requirement Engineering Co n- ference 2010)

11. “Modularity in Design of Products and Systems” by Chun-Che

Huang and Andrew Kusiak ( IEEE 1998)

12. Using Software Architecture Techniques to Support the Modu- lar Certification of Safety Critical Systems” by Tim Kelly (Un i- versity of York, UK)

13. “Meaning , Memory and Modularity” by Stephen Crain , Weijia Ni , Donald Shankweiler , Laura Conway and David Braze (University of Maryland and University of Connecticut)

14. “Measuring Software Design Modularity” by Yuanfang Cai and

Sunny Huynh (Drexel University , Philadelphia)

15. “Defining Changeability: Reconciling Flexibility, Adaptability

,Scalability, Modifiability and Robustness for maintaining Sys- tems Lifecycle value” by Adam M Ross , Donna H Rhodes and Daniel E Hastings ( Massachusetts Institute of technolo- gy,Cambrige)

IJSER © 2012

http://www.ijser.org

International Journal of Scientific & Engineering Research Volume 3, Issue 12, December-2012 7

ISSN 2229-5518

16. "Stability Monitoring and Analysis of Learning in Adaptive Sys­ tems" by Edgar Fuller, Bojan Cukic,Martin Mladenovski and Sam path Yerramalla (West Virginia University)

IJSER lb)2012

htt p://www .'lser. ora