Skip to content

R
RESSAC_Use_Case
Commit fffbf2ce authored by Claire Dross's avatar Claire Dross
Browse files
Options

SPARK layer2: describe activity of input/output analysis

parent 80703725
Show whitespace changes
Inline Side-by-side
Showing with 30 additions and 0 deletions
UseCaseDevelopment/Layer2_MMS_SW_SPARK/DESIGN.txt 0 → 100644
View file @ fffbf2ce
ACTIVITIES:
1 - Identification and validation of inputs / outputs:
* Design:
The specification is structured into a component based architecture. Each component and sub-component has identified inputs and outputs, which may have types, bounds... Information flows through these signals between components.
Each sub-component is a child package of its container. Inputs and outputs of components are translated as functions without parameters stored in specific child packages named Comp.Input and Comp.Output. Types for signals are stored at the root of the architecture, namely in mms.ads. They are as precise as we could make them, based on the specifications available.
Links between inputs and outputs of various components are made through renamings, or through expression functions when the mapping is more complex. Inputs and outputs are grouped together depending on where they are coming from/where they are going to.
* Checks:
We have checked by review that:
- Inputs and outputs of components are consistent, namely, if a component A has an input to another component B, the B must have an input from A and conversely.
+ Method: If a function F is in a group of inputs (resp. outputs) of a component Comp1 labelled From Comp2 (resp. To Comp2), where Comp2 is inside the same container as Comp1, check that Comp2.Output (resp. Comp2.Input) as a section To Comp1 (resp. From Comp1).
+ Result: Inconsistencies have been reported.
- Types (as well as bounds and units) are consistent between sources and destinations.
+ Method: This is enforced through static typing by turning the destination of a signal as a renaming of its origin.
+ Assumptions: When no information was supplied, we have made the following choices:
* Payload_Mass_Type is in kg with a precision of 0.1 and bounds of 1.0 and 5.0.
* [...]
- The component structure is well-formed, namely, information does not flow through the edge of components.
+ Method: This can be verified by reviewing use clauses inserted at the beginning of inputs or outputs packages. More precisely
* An input package Comp.Subcomp.Input can only reference outputs of siblings Comp.*.Output or inputs of parent Comp.Input.
* An output package Comp.Output can only reference its own inputs Comp.Input or outputs of its children Comp.Subcomp.Output.
+ Result: No inconsistency found.
2 - Review of the specification for translatability in Ada contracts:
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment