Considerations about Analysis and Modelling: Modelling_Guidelines.docx 1

[UweSteinkeFromSiemens]

I read your document and agree on most of it. I nonetheless have some questions.

1. In #REQ-SRS-Analysis-ETCS-Language-002#DEF#:
   • You map 2-31 bits integer to 32 bits integers. Are you loosing the precise range of each ETCS integer? The min-max values? I fear you are losing information (and some programming languages like Ada can easily represent precise integer ranges).
   • You say "Physical dimensions w. int resolution" are mapped to "real". What is "int" in this sentence? Integral? Integer? If integer, why not keep an integer on OBU? By "real", do you mean mathematical real, or computer's floating-point values that introduce impreciseness (e.g. values like 0.1 cannot be represented into IEEE 754 standard floating point)?
2. I strongly agree with

   REQ-SRS-Analysis-Self-Defined-Data-Types-002#DEF#, but in practice that might not be doable, e.g. if one needs to keep a precise computation on small time / small distance while computing only with integers for example. Wouldn't it preferable to say that the scaling should be attached to each value (or at the extreme use an implicit and unique scaling like in your proposal)? However, I do agree that some unit related information should be kept. Moreover, some languages like Ada can now represent units and check coherency of computations (http://www.adacore.com/adaanswers/gems/gem-136-how-tall-is-a-kilogram/). I don't want to over-constrain the model.

3. In #REQ-SRS-Analysis-Basic-Concepts-002#DEF#, you introduce the notion of "valid" flag. For me, this is clearly an implementation issue. The model should not deal with such issues. Ditto for #REQ-SRS-Analysis-Basic-Concepts-001#DEF#. The model should represent data structures of the needed dimensions. It is up to the safety critical implementation to map it to statically dimensioned data structures.

Having say that, I agree that we might have hard time to convert a very dynamic model to fixed data structures. So giving some rules might be preferable.

1. In #REQ-SRS-Analysis-Basic-Concepts-004#DEF#, what is the implication of "Models shall be created with the awareness that the models will be executed on a synchronously clocked platform"? What such "awereness" implies?

Best regards, david

[UweSteinkeFromSiemens]

@MERCEmentre, @VNuhaan :

As stated during the Berlin workshop, the guideline is written in the awareness a subsequent functional realization with the SysML/Papyrus => SCADE => C tool chain.

To 1.:

• By mapping of 2-32 bit integers to 32 bit integers leads to the loss of the exact integer precision and reduced range in language (like C) that are not able to manage integers of arbitrary bit with. If languages support these types explicitely (like ADA), the bitwiths could be preserved.
• "Physical dimensions w. int resolution" are mapped to "real": int stands for integer, real for computer's floating-point values (in C: float, double). Yes, scaling is an issue. For + and - operations, integer calculation is suitable. For more complex calculations: One option would be to rely on appropriate scaled integers and provide the required precision even in the case of small time / small distance. The other option is - as proposed - to convert such physical dimensions to float or - better - double and unburden the implementation of the more complex impact of integer arithmetic. But I agree, the decision should be made or each dimensions individually.

To 2:

• "valid"-Flag: Indeed, the "valid" flag is an implementation issue. I agree also, that implementation issues should not be handled on an abstract system level. On the other hand: if IDBs with data flows and ports between functions are used for system modelling, a methods is required to designate a datagram as just valid or just arrived or not yet present. My proposal is to achieve this in a standardized way by using the valid flag. Do you recomment a better method?
• "#REQ-SRS-Analysis-Basic-Concepts-004#DEF#, what is the implication of "Models shall be created with the awareness that the models will be executed on a synchronously clocked platform"?: During the Berlin workshop some concerns arised about the sequence of functions if circular interdependencies are caused by data flows in the models. Such feedback loops are not a problem in synchronously clocked systems. Therefore, the implication of #REQ-SRS-Analysis-Basic-Concepts-004#DEF# is: Don't be concerned about circular interdependencies on the system level.