A model-based approach for analysing network communication timeliness in IMA systems at concept level

Analyzing the resource adequacy of complex cyber-physical systems at concept development stage can be a challenging task since there are a lot of uncertainties about the system at this stage. In Integrated Modular Avionics (IMA) systems, with a life-cycle over several decades and potential functionality changes, we need to estimate resource needs at the early stage but leave capacity to absorb future modifications. Given an envisaged set of functions and a mapping to a candidate platform, one needs to assure that the selected network configuration will provide adequate resources to meet communication timeliness. In particular, whether the set of switches, the topology, and the available bandwidth are sufficient to meet the envisaged needs. In this paper, timeliness requirements are expressed as constraints on the freshness of data and a strict bounding of end-to-end latency. We support generation of UML/MARTE-based specifications by creating a domain-specific meta-model for IMA systems and a resource modelling approach for the study of time-critical systems. The instances of this model then specify the application requirements and various network configurations that can be formally analyzed. We present a tool, M2NC, for automatic derivation of a network calculus model through model transformation, and use the state-of-art NC tools for deriving the bounds for end-to-end timeliness. The approach is illustrated on an example avionics case study, consisting of 91 computational processes that exchange 629 different types of messages. The results of the analysis show that our approach can efficiently provide feedback on configurations that are compliant with the requirements imposed by the application and the toolchain provides a systematic mechanism to quickly identify potential future bottlenecks.