@ -10,6 +10,9 @@
@@ -10,6 +10,9 @@
with Types ; use Types ;
with External ;
with MMS.F_PT.F_MM.Data ;
private with MMS.F_PT.F_MM.State ;
with MMS.F_PT.Data ;
package MMS.F_PT.F_MM.Behavior with SPARK_Mode is
pragma Unevaluated_Use_Of_Old ( Allow ) ;
@ -18,36 +21,60 @@ package MMS.F_PT.F_MM.Behavior with SPARK_Mode is
@@ -18,36 +21,60 @@ package MMS.F_PT.F_MM.Behavior with SPARK_Mode is
- - Inputs - -
- - - - - - - - - - - -
function Navigation_Mode_From_CP return Navigation_Mode_Type with
Global => Private _ State ;
function Power_On return Boolean ;
function Payload_Bay_Closed return Boolean with
Pre => Power_State = ON
and then On_State = INIT ;
function Payload_Mass_Given return Boolean with
Pre => Power_State = ON ;
- - ? ? ? Should we assume that Payload_Mass is always given after takeoff ?
function Payload_Mass return Payload_Mass_Type with
Pre => Power_State = ON
and then Payload_Mass_Given ;
function Navigation_Mode_From_CP return Navigation_Mode_Type ;
function Navigation_Mode_From_GS_Received return Boolean ;
function Navigation_Mode_From_GS return Navigation_Mode_Type with
Global => Private _ State ;
Pre => Navigation_Mode_From_GS_Received ;
function Operating_Point_From_GS_Received return Boolean with
Global => Private _ State ;
function Operating_Mode_From_CP return Navigation_Option_Type ;
function Operating_Point_From_GS return Operating_Point_Type with
Global => Private _ State ;
function Operating_Mode_From_GS_Received return Boolean ;
function USB_Key_Present return Boolean with
Global => Private _ State ;
function Operating_Mode_From_GS return Navigation_Option_Type with
Pre => Operating_Mode_From_GS_Received ;
function Operating_Point_From_USB_Key return Operating_Point_Type with
Global => Private _ State ;
function Navigation_Parameters_From_GS_Received return Boolean ;
function Current_Range return Current_Range _Typewith
Global => Private _ State ;
function Navigation_Parameters_From_GS return Navigation_Parameters _Typewith
Pre => Navigation_Parameters_From_GS_Received ;
function Current_Speed return Current_Speed_Type with
Global => Private _ State ;
function USB_Key_Present return Boolean ;
function Current_Altitude return Current_Altitude_Type with
Global => Private _ State ;
function Navigation_Parameters_From_USB_Key return Navigation_Parameters_Type
with
Pre => USB_Key_Present ;
function Mission_Abort_Received return Boolean with
Pre => Power_State = ON ;
function Start_Or_Go_Received return Boolean with
Pre => Power_State = ON
and then On_State = INIT ;
function Current_Range return Current_Range_Type ;
function Current_Speed return Current_Speed_Type ;
function Current_Altitude return Current_Altitude_Type ;
function Current_Flight_Phase return Flight_Phase_Type with
Global => Private _ State ,
Pre => Power_State = ON
Pre => Power_State = ON
and then On_State = RUNNING
and then Running_State = FLIGHT ;
@ -73,39 +100,11 @@ package MMS.F_PT.F_MM.Behavior with SPARK_Mode is
@@ -73,39 +100,11 @@ package MMS.F_PT.F_MM.Behavior with SPARK_Mode is
Pre => Power_State = ON
and then On_State = RUNNING ;
function Navigation_Mode return Navigation_Mode_Type
is ( if Navigation_Mode_From_CP = A then A
else Navigation_Mode_From_GS )
with
Global => Private _ State ,
Pre => Power_State = ON
and then On_State in INIT | RUNNING ;
function Operating_Mode return Navigation_Option_Type with
Global => Private _ State ,
Pre => Power_State = ON
and then On_State = RUNNING
and then Navigation_Mode = RP ;
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - Guards of the automaton in Figure 3 - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - Properties and Entities - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - -
function Power_On return Boolean with
Global => Private _ State ;
function Power_Off return Boolean with
Global => Private _ State ,
Post => Power_Off ' Result = not Power_On ;
function Mission_Abort_Received return Boolean with
Global => Private _ State ,
Pre => Power_State = ON ;
function Start_Or_Go_Received return Boolean with
Global => Private _ State ,
Pre => Power_State = ON
and then On_State = INIT ;
function Power_Off return Boolean is ( not Power_On ) ;
function Take_Off_Over return Boolean with
Global => Private _ State ,
@ -117,68 +116,86 @@ package MMS.F_PT.F_MM.Behavior with SPARK_Mode is
@@ -117,68 +116,86 @@ package MMS.F_PT.F_MM.Behavior with SPARK_Mode is
Global => Private _ State ,
Pre => Power_State = ON
and then On_State = RUNNING
and then Running_State = FLIGHT
and then Current_Flight_Phase = DESCENT ;
and then Running_State = FLIGHT ;
function Landed return Boolean is
( Current_Speed = 0 and Current_Altitude = 0 )
with
Global => Private _ State ,
Pre => Power_State = ON
and then On_State = RUNNING
and then Running_State = LANDING ;
- - - - - - - - - - - - - - - -
- - Properties - -
- - - - - - - - - - - - - - - -
function Mission_Range_From_Navigation_Parameters
return Current_Range_Type ;
- - with Pre => Mission_Parameters_Defined ;
- - Fetch distance from State . Navigation_Parameters and do the appropriate
- - conversion .
function Operating_Point_From_Navigation_Parameters
return Operating_Point_Type ;
- - with Pre => Mission_Parameters_Defined ;
- - Fetch altitude and speed from State . Navigation_Parameters and do the
- - appropriate conversions .
function Energy_Compatible_With_Mission return Boolean with
function Navigation_Mode return Navigation_Mode_Type with
Global => Private _ State ,
Pre => Power_State = ON
and then On_State in INIT | RUNNING
and then ( if On_State = RUNNING then
Running_State = FLIGHT and then Current_Flight_Phase = CRUISE ) ;
Pre => Power_State = ON
and then On_State in INIT | RUNNING ;
function Mission_Parameters_Defined return Boolean is
( USB_Key_Present
or else ( Navigation_Mode_From_CP = RP
and then Operating_Point_From_GS_Received ) )
with
function Operating_Mode return Navigation_Option_Type with
Global => Private _ State ,
Pre => Power_State = ON
and then On_State = INIT ;
Pre => Power_State = ON
and then On_State = RUNNING
and then Navigation_Mode = RP ;
function Payload_Bay_Closed return Boolean with
function Initial_Energy_Compatible_With_Mission return Boolean with
Global => Private _ State ,
Pre => Power_State = ON
and then On_State = INIT ;
- - and then Mission_Parameters_Defined
- - and then Payload_Mass_Given ;
function Mission_Cancellation_Signaled return Boolean with
Global => Private _ State ;
function In_Flight_Energy_Compatible_With_Mission return Boolean with
Global => Private _ State ,
Pre => Power_State = ON
and then On_State = RUNNING
and then Running_State = FLIGHT ;
- - and then Current_Flight_Phase = CRUISE ;
- - - - - - - - - - - - -
- - Outputs - -
- - - - - - - - - - - - -
function Mission_Parameters_Defined return Boolean is
( USB_Key_Present
or else ( Navigation_Mode_From_CP = RP
and then Navigation_Parameters_From_GS_Received ) ) ;
function Ready_For_Takeoff return Boolean is
( Payload_Bay_Closed
and then Payload_Mass_Given
and then Mission_Parameters_Defined
and then Energy_Compatible_With_Mission )
and then Initial_ Energy_Compatible_With_Mission)
with
Global => Private _ State ,
Global => ( Private _ State , Input_State ) ,
Pre => Power_State = ON
and then On_State = INIT ;
- - ? ? ? Should be sent to F_CM but the corresponding flag is disabled for
- - now . . .
function Emergency_Landing return Boolean with
function Emergency_Landing return Boolean is
( On_State = CANCELLED )
with
Global => Private _ State ,
Pre => Power_State = ON
and then On_State = CANCELLED ;
Pre => Power_State = ON ;
- - ? ? ? Should be ABORTED maybe ?
function Mission_Range return Current_Range_Type with
Global => Private _ State ;
- - Pre => Mission_Parameters_Defined ;
function Operating_Point return Operating_Point_Type with
Global => Private _ State ;
- - Pre => Mission_Parameters_Defined ;
function Mission_Cancellation_Signaled return Boolean with
Global => Private _ State ;
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - Behavioural Specification of F_MM - -
@ -186,7 +203,7 @@ package MMS.F_PT.F_MM.Behavior with SPARK_Mode is
@@ -186,7 +203,7 @@ package MMS.F_PT.F_MM.Behavior with SPARK_Mode is
procedure Read_Inputs with
- - Read values of inputs once and for all and update the current state
Global => ( In_ Out=> Private _ State ,
Global => ( Outp ut => Input_ State,
Input => External . State ) ;
procedure Write_Outputs with
@ -198,7 +215,7 @@ package MMS.F_PT.F_MM.Behavior with SPARK_Mode is
@@ -198,7 +215,7 @@ package MMS.F_PT.F_MM.Behavior with SPARK_Mode is
- - Do :
- - - Compute the new state of the automaton
Global => ( In_Out => Private _ State ) ,
Global => ( In_Out => Private _ State , Input => Input_State ) ,
Post =>
- - RP mode enables modification of range parameter before take - off .
@ -206,7 +223,9 @@ package MMS.F_PT.F_MM.Behavior with SPARK_Mode is
@@ -206,7 +223,9 @@ package MMS.F_PT.F_MM.Behavior with SPARK_Mode is
( if not ( Power_State ' Old = ON
and then On_State ' Old = INIT
and then Navigation_Mode ' Old = RP )
then Mission_Range = Mission_Range ' Old )
then Mission_Range = Mission_Range ' Old
elsif Mission_Parameters_Defined
then Mission_Range = Mission_Range_From_Navigation_Parameters )
- - RP mode enables modification of altitude and speed parameters at any
- - time ( but not at landing , it is frozen . . . ) .
@ -308,7 +327,7 @@ package MMS.F_PT.F_MM.Behavior with SPARK_Mode is
@@ -308,7 +327,7 @@ package MMS.F_PT.F_MM.Behavior with SPARK_Mode is
and then Current_Flight_Phase = CRUISE
and then Power_On
and then not Mission_Abort_Received
and then not Energy_Compatible_With_Mission
and then not In_Flight_ Energy_Compatible_With_Mission
=>
Power_State = ON
and then On_State = CANCELLED
@ -333,7 +352,8 @@ package MMS.F_PT.F_MM.Behavior with SPARK_Mode is
@@ -333,7 +352,8 @@ package MMS.F_PT.F_MM.Behavior with SPARK_Mode is
and then Power_On
and then not Mission_Abort_Received
and then
( if Current_Flight_Phase = CRUISE then Energy_Compatible_With_Mission )
( if Current_Flight_Phase = CRUISE then
In_Flight_Energy_Compatible_With_Mission )
and then
( if Current_Flight_Phase = DESCENT then not Descent_Over )
=>
@ -371,23 +391,243 @@ package MMS.F_PT.F_MM.Behavior with SPARK_Mode is
@@ -371,23 +391,243 @@ package MMS.F_PT.F_MM.Behavior with SPARK_Mode is
private
- - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - Definitions of Inputs - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - -
function Power_On return Boolean is
( State . Input_On_OFF_Push_Button ) ;
function Payload_Bay_Closed return Boolean is
( State . Input_Bay_Switch = CLOSED ) ;
function Payload_Mass_Given return Boolean is
( State . Input_Payload_Mass / = 99 ) ;
function Payload_Mass return Payload_Mass_Type is
( State . Input_Payload_Mass ) ;
function Navigation_Mode_From_CP return Navigation_Mode_Type is
( State . Input_Mode_Switch ) ;
function Navigation_Mode_From_GS_Received return Boolean is
( State . Input_Navigation_Mode . Present ) ;
function Navigation_Mode_From_GS return Navigation_Mode_Type is
( State . Input_Navigation_Mode . Content ) ;
function Operating_Mode_From_CP return Navigation_Option_Type is
( ALTITUDE ) ; - - ? ? ? what is the default operating mode in A mode ?
function Operating_Mode_From_GS_Received return Boolean is
( State . Input_Navigation_Option . Present ) ;
function Operating_Mode_From_GS return Navigation_Option_Type is
( State . Input_Navigation_Option . Content ) ;
function Navigation_Parameters_From_GS_Received return Boolean is
( State . Input_Navigation_Parameters . Present ) ;
function Navigation_Parameters_From_GS return Navigation_Parameters_Type is
( State . Input_Navigation_Parameters . Content ) ;
function USB_Key_Present return Boolean is
( State . Input_USB_Key . Present ) ;
function Navigation_Parameters_From_USB_Key return Navigation_Parameters_Type is
( State . Input_USB_Key . Content ) ;
function Mission_Abort_Received return Boolean is
( State . Input_Mission_Abort ) ;
function Start_Or_Go_Received return Boolean is
( State . Input_Go or State . Input_Start_Push_Button ) ;
function Current_Range return Current_Range_Type is
( State . Input_Current_Range ) ;
function Current_Speed return Current_Speed_Type is
( State . Input_Current_Speed ) ;
function Current_Altitude return Current_Altitude_Type is
( State . Input_Current_Altitude ) ;
function Current_Flight_Phase return Flight_Phase_Type is
( State . Input_Current_Flight_Phase ) ;
- - - - - - - - - - - - - - - - - - -
- - Task s of F_MM - -
- - - - - - - - - - - - - - - - - - -
function Navigation_Parameters return Navigation_Parameters_Type is
( State . Navigation_Parameters ) ;
- - with Pre => Mission_Parameters_Defined ;
procedure Management_Of_Navigation_Mode with
- - Compute the value of Navigation_Mode / Options / Parameters ( see 6.9 . 4 )
Post => Navigation_Mode =
- - In case of conflict on the navigation mode , CP prevails over GS .
( if Navigation_Mode_From_CP = A
or else not Navigation_Mode_From_GS_Received
then Navigation_Mode_From_CP
- - If CP states the mode to RC then GS can choose the navigation mode .
else Navigation_Mode_From_GS )
and then Operating_Mode =
( if Navigation_Mode = A
or else not Operating_Mode_From_GS_Received
then Operating_Mode_From_CP
else Operating_Mode_From_GS )
and then
( if Mission_Parameters_Defined then
Navigation_Parameters =
( if Navigation_Mode = A
or else not Navigation_Parameters_From_GS_Received
then Navigation_Parameters_From_USB_Key
else Navigation_Parameters_From_GS ) ) ;
procedure Operating_Point_Update_Management with
- - Compute the value of Operating_Point
Global => ( In_Out => Private _ State ) ,
Contract_Cases =>
( Navigation_Mode_From_CP = A
or else not Operating_Point_From_GS_Received
=>
Operating_Point = Operating_Point_From_USB_Key ,
Pre =>
Mission_Parameters_Defined
and then Power_State = ON
and then On_State in INIT | RUNNING ,
Navigation_Mode_From_CP = RP
and then Operating_Point_From_GS_Received
=>
( if Power_State = ON
- - F_MM ensures freeze of the operating point once landing is activated .
Post =>
( if Power_State = ON
and then On_State = RUNNING
and then Running_State = LANDING
then Operating_Point = Operating_Point ' Old
else Operating_Point = Operating_Point_From_GS ) ) ;
then Operating_Point = Operating_Point ' Old
else Operating_Point = Operating_Point_From_Navigation_Parameters ) ;
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - Mission_Viability_Logic - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
function Mission_Profile return Mission_Profile_Type with
- - Assemble the mission profile
Pre => Power_State = ON ,
- - and then Mission_Parameters_Defined
- - and then Payload_Mass_Given ,
Post => Mission_Profile ' Result =
( Mass => Payload_Mass ,
Distance => Current_Range ,
Altitude => Current_Altitude ,
Speed => Current_Speed ) ;
function Appropriate_Tabulating_Function return Viability_Domain_Mesh_Type
- - Select the tabulated function corresponding to the navigation mode
with
Pre => Power_State = ON
and then On_State in INIT | RUNNING ,
Post => Appropriate_Tabulating_Function ' Result =
( if On_State = INIT and then Navigation_Mode = A
then Data . Amode_Initial_Domain_Mesh
elsif On_State = INIT and then Navigation_Mode = RP
then Data . RPmode_Initial_Domain_Mesh
elsif Navigation_Mode = A
then Data . Amode_Cruise_Domain_Mesh
else Data . RPmode_Cruise_Domain_Mesh ) ;
function Distance_With_Neighbour
( Neighbour : Mission_Profile_Type ) return Mission_Profile_Distance_Type
with
Pre => Power_State = ON
and then On_State in INIT | RUNNING ;
- - and then Mission_Parameters_Defined
- - and then Payload_Mass_Given ;
- - Compute the distance between Mission_Profile and its Neighbour .
function Nearest_Neighbours return Neighbour_Mission_Profile_Array_Type with
- - Compute the nearest neighbous of Mission_Profile in
- - Appropriate_Tabulating_Function , and the distance of Mission_Profile to
- - its nearest neignbours .
Pre => Power_State = ON
and then On_State in INIT | RUNNING ,
- - and then Mission_Parameters_Defined
- - and then Payload_Mass_Given ,
Post =>
( for all Neighbour_Center of Nearest_Neighbours ' Result =>
Neighbour_Center . Mission_Profile . M in
MMS . F_PT . Data . Payload_Mass_Grid ' Range
and then Neighbour_Center . Mission_Profile . D in
Appropriate_Tabulating_Function ' Range ( 1 )
and then Neighbour_Center . Mission_Profile . A in
Appropriate_Tabulating_Function ' Range ( 2 )
and then Neighbour_Center . Mission_Profile . S in
Appropriate_Tabulating_Function ' Range ( 3 )
and then Neighbour_Center . Distance =
Distance_With_Neighbour
( Mission_Profile_Type '
( Mass =>
MMS . F_PT . Data . Payload_Mass_Grid
( Neighbour_Center . Mission_Profile . M ) ,
Distance =>
Appropriate_Tabulating_Function
( Neighbour_Center . Mission_Profile . D ,
Neighbour_Center . Mission_Profile . A ,
Neighbour_Center . Mission_Profile . S ) . Distance ,
Altitude =>
Appropriate_Tabulating_Function
( Neighbour_Center . Mission_Profile . D ,
Neighbour_Center . Mission_Profile . A ,
Neighbour_Center . Mission_Profile . S ) . Altitude ,
Speed =>
Appropriate_Tabulating_Function
( Neighbour_Center . Mission_Profile . D ,
Neighbour_Center . Mission_Profile . A ,
Neighbour_Center . Mission_Profile . S ) . Speed ) ) ) ;
function Extract_Energy_Level_For_Neighbour
( Neighbour : Center_Mission_Profile_Type ) return Energy_Level_Type
- - Extract energy level for the neighbour .
with
Pre => Power_State = ON
and then On_State in INIT | RUNNING ,
Post => Extract_Energy_Level_For_Neighbour ' Result =
( if On_State = INIT and then Navigation_Mode = A
then Data . Viability_Amode_Initial ( M => Neighbour . M ,
D => Neighbour . D ,
A => Neighbour . A ,
S => Neighbour . S )
elsif On_State = INIT and then Navigation_Mode = RP
then Data . Viability_RPmode_Initial ( M => Neighbour . M ,
D => Neighbour . D ,
A => Neighbour . A ,
S => Neighbour . S )
elsif Navigation_Mode = A
then Data . Viability_Amode_Cruise ( M => Neighbour . M ,
D => Neighbour . D ,
A => Neighbour . A ,
S => Neighbour . S )
else Data . Viability_RPmode_Cruise ( M => Neighbour . M ,
D => Neighbour . D ,
A => Neighbour . A ,
S => Neighbour . S ) ) ;
procedure Mission_Viability_Logic with
- - Compute the value of Initial_Energy_Compatible_With_Mission and
- - In_Flight_Energy_Compatible_With_Mission .
Pre => Power_State = ON
and then On_State in INIT | RUNNING
and then ( if On_State = INIT
then Mission_Parameters_Defined
and then Payload_Mass_Given
else Running_State = FLIGHT
and then Current_Flight_Phase = CRUISE ) ;
end MMS.F_PT.F_MM.Behavior ;
Claire Dross
8 years ago