RESSAC/RESSAC_Use_Case
1
0
Fork 0
mirror of http://172.16.200.102/RESSAC/RESSAC_Use_Case.git synced 2025-11-30 21:27:58 +01:00
Code Issues Projects Releases Wiki Activity

Layer2_MMS_SW_SPARK: take into account answers for #22

Browse Source
This commit is contained in:
Claire Dross
2017-06-28 15:51:57 +02:00
parent a069f7a017
commit e82c73fadd
7 changed files with 126 additions and 94 deletions
Download Patch File Download Diff File Expand all files Collapse all files

57
UseCaseDevelopment/Layer2_MMS_SW_SPARK/mms-f_pt-f_fc-behavior.ads
View File

@@ -21,6 +21,16 @@ package MMS.F_PT.F_FC.Behavior with SPARK_Mode is
Global => Private_State, Global => Private_State,
Pre => Mission_State = RUNNING; Pre => Mission_State = RUNNING;
function Operating_Point return Operating_Point_Type with
Global => Private_State;
--------------------------
-- Properties on Inputs --
--------------------------
function Operating_Point_Changed return Boolean with
Global => Private_State;
---------------------- ----------------------
-- Estimated Values -- -- Estimated Values --
---------------------- ----------------------
@@ -36,9 +46,7 @@ package MMS.F_PT.F_FC.Behavior with SPARK_Mode is
function Mission_State return Mission_State_Type with function Mission_State return Mission_State_Type with
Global => Private_State; Global => Private_State;
type Phase_State_Type is (CLIMB, CRUISE, DESCENT); function Flight_Phase_State return Flight_Phase_Type with
function Phase_State return Phase_State_Type with
Global => Private_State, Global => Private_State,
Pre => Mission_State = RUNNING; Pre => Mission_State = RUNNING;
@@ -56,7 +64,7 @@ package MMS.F_PT.F_FC.Behavior with SPARK_Mode is
-- From 6.7.3.2 -- From 6.7.3.2
function In_Safety_Envelope return Boolean is function In_Safety_Envelope return Boolean is
(case Phase_State is (case Flight_Phase_State is
when CLIMB => when CLIMB =>
Q_Dot in MMS.F_PT.F_FC.Data.Qdot_MinCl .. MMS.F_PT.F_FC.Data.Qdot_MaxCl Q_Dot in MMS.F_PT.F_FC.Data.Qdot_MinCl .. MMS.F_PT.F_FC.Data.Qdot_MaxCl
and Q < MMS.F_PT.F_FC.Data.Q_MaxCl, and Q < MMS.F_PT.F_FC.Data.Q_MaxCl,
@@ -70,10 +78,13 @@ package MMS.F_PT.F_FC.Behavior with SPARK_Mode is
with Pre => Mission_State = RUNNING; with Pre => Mission_State = RUNNING;
function Time_Since_In_Safety_Escape return Time_Type with function Time_Since_In_Safety_Escape return Time_Type with
Global => Private_State; Global => Private_State,
Pre => (Mission_State = RUNNING and then not In_Safety_Envelope)
or else Mission_State = ABORTED;
function Fast_Evolving_Safety_Escape return Boolean with function Fast_Evolving_Safety_Escape return Boolean with
Global => Private_State; Global => Private_State,
Pre => Mission_State = RUNNING and then not In_Safety_Envelope;
function Time_Since_Stopped return Time_Type with function Time_Since_Stopped return Time_Type with
Global => Private_State, Global => Private_State,
@@ -86,7 +97,9 @@ package MMS.F_PT.F_FC.Behavior with SPARK_Mode is
procedure Read_Inputs with procedure Read_Inputs with
-- Read values of inputs once and for all and update the current state -- Read values of inputs once and for all and update the current state
Global => (In_Out => Private_State, Global => (In_Out => Private_State,
Input => External.State); Input => External.State),
Post => Operating_Point_Changed =
(Operating_Point'Old /= Operating_Point);
procedure Write_Outputs with procedure Write_Outputs with
-- Compute values of outputs from the current state -- Compute values of outputs from the current state
@@ -96,6 +109,9 @@ package MMS.F_PT.F_FC.Behavior with SPARK_Mode is
procedure Run with procedure Run with
Global => (In_Out => Private_State), Global => (In_Out => Private_State),
Contract_Cases => Contract_Cases =>
-- ??? All these are guesses...
(Mission_State = INIT (Mission_State = INIT
and then Start_Take_Off and then Start_Take_Off
=> =>
@@ -124,8 +140,20 @@ package MMS.F_PT.F_FC.Behavior with SPARK_Mode is
Mission_State = Mission_State'Old), Mission_State = Mission_State'Old),
Post => Post =>
(if In_Safety_Envelope'Old then Time_Since_In_Safety_Escape = 0
else Time_Since_In_Safety_Escape > Time_Since_In_Safety_Escape'Old) -- Changes in the operating point provoque termination of the current
-- cruise phase and activate a transient climb or descent phase to
-- capture the new operating point (see 6.6.4 4. Cruise).
(if Operating_Point_Changed then Flight_Phase_State in CLIMB | DESCENT)
-- Time_Since_In_Safety_Escape is the number of seconds since the first
-- occurrence of safety escapes.
and then
(if not In_Safety_Envelope then
(if In_Safety_Envelope'Old then Time_Since_In_Safety_Escape = 0
else Time_Since_In_Safety_Escape > Time_Since_In_Safety_Escape'Old))
-- 6.7.4 Propulsion braking mutual exclusion -- 6.7.4 Propulsion braking mutual exclusion
@@ -133,8 +161,10 @@ package MMS.F_PT.F_FC.Behavior with SPARK_Mode is
(if Mission_State = RUNNING and then Mission_State'Old = RUNNING then (if Mission_State = RUNNING and then Mission_State'Old = RUNNING then
(case Engine_State'Old is (case Engine_State'Old is
when PROPULSION => when PROPULSION =>
(if Time_Since_In_Safety_Escape > MMS.F_PT.F_FC.Data.Hazard_Duration (if not In_Safety_Envelope
or else Fast_Evolving_Safety_Escape and then
(Time_Since_In_Safety_Escape > MMS.F_PT.F_FC.Data.Hazard_Duration
or else Fast_Evolving_Safety_Escape)
then Engine_State = WAITING_BRAK then Engine_State = WAITING_BRAK
and then Time_Since_Stopped = 0 and then Time_Since_Stopped = 0
else Engine_State = PROPULSION), else Engine_State = PROPULSION),
@@ -146,8 +176,9 @@ package MMS.F_PT.F_FC.Behavior with SPARK_Mode is
else Engine_State = BRAKING), else Engine_State = BRAKING),
when WAITING_PROP => when WAITING_PROP =>
(if Time_Since_In_Safety_Escape > MMS.F_PT.F_FC.Data.Hazard_Duration (if not In_Safety_Envelope
or else Fast_Evolving_Safety_Escape and then (Time_Since_In_Safety_Escape > MMS.F_PT.F_FC.Data.Hazard_Duration
or else Fast_Evolving_Safety_Escape)
then Engine_State = BRAKING then Engine_State = BRAKING
elsif Time_Since_Stopped > MMS.F_PT.F_FC.Data.Commutation_Duration elsif Time_Since_Stopped > MMS.F_PT.F_FC.Data.Commutation_Duration
then Engine_State = PROPULSION then Engine_State = PROPULSION

68
UseCaseDevelopment/Layer2_MMS_SW_SPARK/mms-f_pt-f_fc-data.ads
View File

@@ -2,7 +2,7 @@ with MMS.F_PT.Data;
with Types; use Types; with Types; use Types;
package MMS.F_PT.F_FC.Data is package MMS.F_PT.F_FC.Data with SPARK_Mode is
-- ??? Types need to be precisely defined. -- ??? Types need to be precisely defined.
@@ -12,7 +12,7 @@ package MMS.F_PT.F_FC.Data is
-- From 6.7.2.3 -- From 6.7.2.3
Flight_Domain_Mesh : Flight_Domain_Mesh_Type (1 .. 100, 1 .. 100); -- ??? bounds Flight_Domain_Mesh : constant Flight_Domain_Mesh_Type (1 .. 100, 1 .. 100); -- ??? bounds
function Climb_Gains function Climb_Gains
(S : Flight_Speed_Center; (S : Flight_Speed_Center;
@@ -47,28 +47,58 @@ package MMS.F_PT.F_FC.Data is
-- From 6.7.3.2 -- From 6.7.3.2
Qdot_MinCl : Angular_Speed_Type; -- in angle.s-1 Qdot_MinCl : constant Angular_Speed_Type; -- in angle.s-1
Qdot_MaxCl : Angular_Speed_Type; -- in angle.s-1 Qdot_MaxCl : constant Angular_Speed_Type; -- in angle.s-1
Q_MaxCl : Angle_Type; -- in angle Q_MaxCl : constant Angle_Type; -- in angle
Qdot_MinCr : Angular_Speed_Type; -- in angle.s-1 Qdot_MinCr : constant Angular_Speed_Type; -- in angle.s-1
Qdot_MaxCr : Angular_Speed_Type; -- in angle.s-1 Qdot_MaxCr : constant Angular_Speed_Type; -- in angle.s-1
Q_MinCr : Angle_Type; -- in angle Q_MinCr : constant Angle_Type; -- in angle
Pdot_MaxCr : Speed_Type; -- in km/h Pdot_MaxCr : constant Speed_Type; -- in km/h
Qdot_MinDs : Angular_Speed_Type; -- in angle.s-1 Qdot_MinDs : constant Angular_Speed_Type; -- in angle.s-1
Qdot_MaxDs : Angular_Speed_Type; -- in angle.s-1 Qdot_MaxDs : constant Angular_Speed_Type; -- in angle.s-1
Q_MaxDs : Angle_Type; -- in angle Q_MaxDs : constant Angle_Type; -- in angle
Escape_Time : Time_Type; -- in s Escape_Time : constant Time_Type; -- in s
-- From 6.7.4 -- From 6.7.4
Commutation_Duration : Time_Type; -- in s Commutation_Duration : constant Time_Type; -- in s
Hazard_Duration : Time_Type; -- in s Hazard_Duration : constant Time_Type; -- in s
Recovery_Speed : Integer; -- in m.s Recovery_Speed : constant Integer; -- in m.s
J0 : Integer; -- in kg.m2 J0 : constant Integer; -- in kg.m2
L : Integer; -- in m L : constant Integer; -- in m
M0 : Integer; -- in kg M0 : constant Integer; -- in kg
private
pragma SPARK_Mode (Off);
Flight_Domain_Mesh : constant Flight_Domain_Mesh_Type (1 .. 100, 1 .. 100) :=
(others => (others => <>));
Qdot_MinCl : constant Angular_Speed_Type := 0.0; -- in angle.s-1
Qdot_MaxCl : constant Angular_Speed_Type := 0.0; -- in angle.s-1
Q_MaxCl : constant Angle_Type := 0.0; -- in angle
Qdot_MinCr : constant Angular_Speed_Type := 0.0; -- in angle.s-1
Qdot_MaxCr : constant Angular_Speed_Type := 0.0; -- in angle.s-1
Q_MinCr : constant Angle_Type := 0.0; -- in angle
Pdot_MaxCr : constant Speed_Type := 0.0; -- in km/h
Qdot_MinDs : constant Angular_Speed_Type := 0.0; -- in angle.s-1
Qdot_MaxDs : constant Angular_Speed_Type := 0.0; -- in angle.s-1
Q_MaxDs : constant Angle_Type := 0.0; -- in angle
Escape_Time : constant Time_Type := 0; -- in s
-- From 6.7.4
Commutation_Duration : constant Time_Type := 0; -- in s
Hazard_Duration : constant Time_Type := 0; -- in s
Recovery_Speed : constant Integer := 0; -- in m.s
J0 : constant Integer := 0; -- in kg.m2
L : constant Integer := 0; -- in m
M0 : constant Integer := 0; -- in kg
end MMS.F_PT.F_FC.Data; end MMS.F_PT.F_FC.Data;

2
UseCaseDevelopment/Layer2_MMS_SW_SPARK/mms-f_pt-f_fc-output.ads
View File

@@ -24,4 +24,6 @@ package MMS.F_PT.F_FC.Output is
function Current_Altitude return Current_Altitude_Type with Global => Output_State; function Current_Altitude return Current_Altitude_Type with Global => Output_State;
function Current_Flight_Phase return Flight_Phase_Type with Global => Output_State;
end MMS.F_PT.F_FC.Output; end MMS.F_PT.F_FC.Output;

11
UseCaseDevelopment/Layer2_MMS_SW_SPARK/mms-f_pt-f_mm-behavior-guarantees.ads
View File

@@ -16,15 +16,16 @@ package MMS.F_PT.F_MM.Behavior.Guarantees with SPARK_Mode is
and then On_State = RUNNING and then On_State = RUNNING
and then Running_State = TAKE_OFF); and then Running_State = TAKE_OFF);
function Energy_Check_Succeed return Boolean is function Initial_Energy_Check_Succeeded return Boolean is
(Power_State = ON (Power_State = ON
and then On_State = INIT and then On_State = INIT
and then Energy_Compatible_With_Mission); and then Energy_Compatible_With_Mission);
function Energy_Check_Fail return Boolean is function In_Flight_Energy_Check_Failed return Boolean is
(Power_State = ON (Power_State = ON
and then On_State = RUNNING and then On_State = RUNNING
and then Running_State = CRUISE and then Running_State = FLIGHT
and then Current_Flight_Phase = CRUISE
and then not Energy_Compatible_With_Mission); and then not Energy_Compatible_With_Mission);
function Mission_Cancelled return Boolean is function Mission_Cancelled return Boolean is
@@ -42,7 +43,7 @@ package MMS.F_PT.F_MM.Behavior.Guarantees with SPARK_Mode is
-- incompatible with mission completion. -- incompatible with mission completion.
(if In_Take_Off_State and then not In_Take_Off_State'Old then (if In_Take_Off_State and then not In_Take_Off_State'Old then
Energy_Check_Succeed'Old) Initial_Energy_Check_Succeeded'Old)
-- 6.6.3.B Any mission cancellation is signaled to CP and GS. -- 6.6.3.B Any mission cancellation is signaled to CP and GS.
@@ -55,6 +56,6 @@ package MMS.F_PT.F_MM.Behavior.Guarantees with SPARK_Mode is
and then and then
(if Mission_Cancelled and then not Mission_Cancelled'Old then (if Mission_Cancelled and then not Mission_Cancelled'Old then
Energy_Check_Fail'Old); In_Flight_Energy_Check_Failed'Old);
end MMS.F_PT.F_MM.Behavior.Guarantees; end MMS.F_PT.F_MM.Behavior.Guarantees;

77
UseCaseDevelopment/Layer2_MMS_SW_SPARK/mms-f_pt-f_mm-behavior.ads
View File

@@ -45,6 +45,12 @@ package MMS.F_PT.F_MM.Behavior with SPARK_Mode is
function Current_Altitude return Current_Altitude_Type with function Current_Altitude return Current_Altitude_Type with
Global => Private_State; Global => Private_State;
function Current_Flight_Phase return Flight_Phase_Type with
Global => Private_State,
Pre => Power_State = ON
and then On_State = RUNNING
and then Running_State = FLIGHT;
----------------------------------------- -----------------------------------------
-- States of the automaton in Figure 3 -- -- States of the automaton in Figure 3 --
----------------------------------------- -----------------------------------------
@@ -60,7 +66,7 @@ package MMS.F_PT.F_MM.Behavior with SPARK_Mode is
Global => Private_State, Global => Private_State,
Pre => Power_State = ON; Pre => Power_State = ON;
type Running_State_Type is (TAKE_OFF, CLIMB, CRUISE, DESCENT, LANDING); type Running_State_Type is (TAKE_OFF, FLIGHT, LANDING);
function Running_State return Running_State_Type with function Running_State return Running_State_Type with
Global => Private_State, Global => Private_State,
@@ -111,7 +117,8 @@ package MMS.F_PT.F_MM.Behavior with SPARK_Mode is
Global => Private_State, Global => Private_State,
Pre => Power_State = ON Pre => Power_State = ON
and then On_State = RUNNING and then On_State = RUNNING
and then Running_State = DESCENT; and then Running_State = FLIGHT
and then Current_Flight_Phase = DESCENT;
function Landed return Boolean is function Landed return Boolean is
(Current_Speed = 0 and Current_Altitude = 0) (Current_Speed = 0 and Current_Altitude = 0)
@@ -121,19 +128,6 @@ package MMS.F_PT.F_MM.Behavior with SPARK_Mode is
and then On_State = RUNNING and then On_State = RUNNING
and then Running_State = LANDING; and then Running_State = LANDING;
function Operating_Point_Changed return Boolean with
Global => Private_State,
Pre => Power_State = ON
and then On_State = RUNNING
and then (Running_State in CLIMB | CRUISE | DESCENT)
and then Navigation_Mode = RP;
function Cruise_Altitude_Reached return Boolean with
Global => Private_State,
Pre => Power_State = ON
and then On_State = RUNNING
and then (Running_State in CLIMB | DESCENT);
---------------- ----------------
-- Properties -- -- Properties --
---------------- ----------------
@@ -142,7 +136,8 @@ package MMS.F_PT.F_MM.Behavior with SPARK_Mode is
Global => Private_State, Global => Private_State,
Pre => Power_State = ON Pre => Power_State = ON
and then On_State in INIT | RUNNING and then On_State in INIT | RUNNING
and then (if On_State = RUNNING then Running_State = CRUISE); and then (if On_State = RUNNING then
Running_State = FLIGHT and then Current_Flight_Phase = CRUISE);
function Mission_Parameters_Defined return Boolean is function Mission_Parameters_Defined return Boolean is
(USB_Key_Present (USB_Key_Present
@@ -205,11 +200,9 @@ package MMS.F_PT.F_MM.Behavior with SPARK_Mode is
Global => (In_Out => Private_State), Global => (In_Out => Private_State),
Post => Post =>
Operating_Point_Changed = (Operating_Point /= Operating_Point'Old)
-- RP mode enables modification of range parameter before take-off. -- RP mode enables modification of range parameter before take-off.
and then
(if not (Power_State'Old = ON (if not (Power_State'Old = ON
and then On_State'Old = INIT and then On_State'Old = INIT
and then Navigation_Mode'Old = RP) and then Navigation_Mode'Old = RP)
@@ -296,7 +289,7 @@ package MMS.F_PT.F_MM.Behavior with SPARK_Mode is
=> =>
Power_State = ON Power_State = ON
and then On_State = RUNNING and then On_State = RUNNING
and then Running_State = CLIMB, and then Running_State = FLIGHT,
Power_State = ON Power_State = ON
and then On_State = RUNNING and then On_State = RUNNING
@@ -311,7 +304,8 @@ package MMS.F_PT.F_MM.Behavior with SPARK_Mode is
Power_State = ON Power_State = ON
and then On_State = RUNNING and then On_State = RUNNING
and then Running_State = CRUISE and then Running_State = FLIGHT
and then Current_Flight_Phase = CRUISE
and then Power_On and then Power_On
and then not Mission_Abort_Received and then not Mission_Abort_Received
and then not Energy_Compatible_With_Mission and then not Energy_Compatible_With_Mission
@@ -323,7 +317,8 @@ package MMS.F_PT.F_MM.Behavior with SPARK_Mode is
Power_State = ON Power_State = ON
and then On_State = RUNNING and then On_State = RUNNING
and then Running_State = DESCENT and then Running_State = FLIGHT
and then Current_Flight_Phase = DESCENT
and then Power_On and then Power_On
and then not Mission_Abort_Received and then not Mission_Abort_Received
and then Descent_Over and then Descent_Over
@@ -334,49 +329,17 @@ package MMS.F_PT.F_MM.Behavior with SPARK_Mode is
Power_State = ON Power_State = ON
and then On_State = RUNNING and then On_State = RUNNING
and then (Running_State in CLIMB | CRUISE | DESCENT) and then Running_State = FLIGHT
and then Power_On
and then not Mission_Abort_Received
and then Navigation_Mode = RP
and then
(if Running_State = CRUISE then Energy_Compatible_With_Mission)
and then
(if Running_State = DESCENT then not Descent_Over)
and then Operating_Point_Changed
=>
Power_State = ON
and then On_State = RUNNING
and then (Running_State in CLIMB | DESCENT),
Power_State = ON
and then On_State = RUNNING
and then (Running_State in CLIMB | DESCENT)
and then Power_On
and then not Mission_Abort_Received
and then (if Navigation_Mode = RP then not Operating_Point_Changed)
and then (if Running_State = DESCENT then not Descent_Over)
and then Cruise_Altitude_Reached
=>
Power_State = ON
and then On_State = RUNNING
and then Running_State = CRUISE,
Power_State = ON
and then On_State = RUNNING
and then (Running_State in CLIMB | DESCENT | CRUISE)
and then Power_On and then Power_On
and then not Mission_Abort_Received and then not Mission_Abort_Received
and then and then
(if Running_State = CRUISE then Energy_Compatible_With_Mission) (if Current_Flight_Phase = CRUISE then Energy_Compatible_With_Mission)
and then (if Navigation_Mode = RP then not Operating_Point_Changed)
and then and then
(if Running_State in CLIMB | DESCENT then (if Current_Flight_Phase = DESCENT then not Descent_Over)
not Cruise_Altitude_Reached)
and then (if Running_State = DESCENT then not Descent_Over)
=> =>
Power_State = ON Power_State = ON
and then On_State = RUNNING and then On_State = RUNNING
and then Running_State = Running_State'Old, and then Running_State = FLIGHT,
Power_State = ON Power_State = ON
and then On_State = RUNNING and then On_State = RUNNING

3
UseCaseDevelopment/Layer2_MMS_SW_SPARK/mms-f_pt-f_mm-input.ads
View File

@@ -64,6 +64,9 @@ package MMS.F_PT.F_MM.Input is
function Current_Altitude return Current_Altitude_Type function Current_Altitude return Current_Altitude_Type
renames MMS.F_PT.F_FC.Output.Current_Altitude; renames MMS.F_PT.F_FC.Output.Current_Altitude;
function Current_Flight_Phase return Flight_Phase_Type
renames MMS.F_PT.F_FC.Output.Current_Flight_Phase;
--------------- ---------------
-- From F_EM -- -- From F_EM --
--------------- ---------------

2
UseCaseDevelopment/Layer2_MMS_SW_SPARK/mms-f_pt.ads
View File

@@ -22,4 +22,6 @@ package MMS.F_PT is
type Payload_Mass_Grid_Type is array (Payload_Mass_Center range <>) type Payload_Mass_Grid_Type is array (Payload_Mass_Center range <>)
of Payload_Mass_Type; of Payload_Mass_Type;
type Flight_Phase_Type is (CLIMB, CRUISE, DESCENT);
end MMS.F_PT; end MMS.F_PT;