SAE Architecture Analysis and Design Language (AADL) Annex Volume 5: Annex A: ARINC653 Annex, Annex C: Code Generation Annex, Annex E: Error Model Annex
(1) This document contains three annexes to the SAE AS5506B Standard - the SAE Architecture Analysis and Description Language.
(2) The first annex, the Error-Model Language extends the AADL core language with a state machine-based notation. This notation allows for specification of different types of faults, fault behavior of individual system components, fault propagation affecting related components in terms of peer to peer interactions and deployment relationship between software components and their execution platform, aggregation of fault behavior and propagation in terms of the component hierarchy. The notation also allows for specification fault mitigation strategies expected to be implemented in the health monitoring and fault management component of the actual system – also known as Fault Detection, Isolation, and Recovery (FDIR). The actual design of this component is expressed in the AADL core model.
(3) The second annex, the ARINC653 Annex defines modeling patterns to use the AADL core language for the specification of Integrated Modular Avionics Architectures (IMA), as defined by the ARINC653 standard. It also introduces a dedicated property set to capture specific requirements of such architectures.
(4) The third annex, the Code Generation Annex, defines a mapping between the AADL core language and programming languages. It specifies, for each AADL component type, how to map it into executable code. As the AADL language targets safety-critical systems, the annex focuses on defining such a mapping for programming languages that are typically used to implement such systems. However, mapping rules and principles defined in this annex can be translated to other programming languages.
Rationale: The purpose of the annexes in this document are:
• To extend the core language in order to provide the ability to to specify error propagations and error behavior in the architecture
• To provide modeling guidelines to specify avionics architectures, as the ones used by the ARINC653 standard
• To define a binding between the AADL notations and existing programming languages used to develop safety-critical systems (such as Ada and C).