SIGAda 2001, Bloomington

Ship System 2000, a Stable Architecture under

Continuous Evolution

Björn Källberg and Rei Stråhle, © SaabTech Systems AB, Sweden

(formerly CelsiusTech Systems,

before that: NobelTech Systems,

before that: Bofors Electronics,

before that: Philips Elektronikindustrier)

SIGAda 2001, Bloomington 2

Our Platforms and Track Record

3

Coastal Corvette Göteborg live

4

• Ship more stable than primitive rock• Incorrect symbol shown in 0.3 sec is a

category 1 fault (which prevents delivery)• Operator response time is 10 sec from detection of

missile(s) until own ship might be hit• Safety critical

• System is different• Many common component technologies can not

directly be applied

Performance Examples

5

What is an architecture?To create a logical sea!

physical viewcpu 2cpu 1

cpu n

LAN with BS2000

logical view

6

Göteborg class

7

• Layered structure

• Unit of distribution: Program

• Location independent

• Asynchronous messages

• Parametrised components

• MMI definition language

• COTS Operating system

• Ada (and some C, C++)

Software Architecture

8

Product Line Management

Dev proj 1. Dev proj 2.

SS2000 product line

Dev proj 3.

9

The Dual Life Cycle

The product lineor

the System Family

Thedevelopment

projects

10

Organisation then

Product line, Component development

Development projects

requirementsCsc:s

spr:s

RequirementsMMI-developmentIntegrationTesting

example: 8000 test cases. 15 man, 2 months

corrections

11

Organisation now

(Customer) project

Requirements

(Customer) project

Requirements

Product line, Component development, System backbone

(Customer) project

12

• Documentation

• Dead code

• Compartmentalisation

• Error corrections and releases

• Late system testing

• Parametrisation

• Complexity increase

• Not a trivial assembling process

Challenges

13

Reuse is not always appreciated by the customer

• Different shapes of not required code– Extra functionality that can be used– Functionality which can not be used– Code that executes, without any extra functionality– Code that is part of the system, but does not execute– Code that is removed before loading

• Disadvantages– Learning is difficult, risk of misuse– Performance is not optimal– Code may be excessively large– Maintenance problem

Dead Code

SIGAda 2001, Bloomington 14

Layered Structure

WCS, Weapons and sensors

C3, Command management system

MMI, Man machine interface

Base system, application support

Operating system, distributed system

Application interfaces

• Controlled

• Stable

• Documented

• Well known

Base for reuse

This part is OS dependent

15

Component Organisation

adinevha

adtyevhx

batyfddi

cocofise

dacoipco

ancoevpr

dbaijoco

dbarjocs

ditemath

dramnosu nosi

osfu ovpi posxopsy srma ssif stansyco syla syle taco tihasypa tipr

acco grpralhahaco

coobkema

ctpiloin

fomamaha

apsikeha

gcfumeha

grapmit

grenmmif

grmammiw

movi ppma rrsc sedt sortrrin surf surk tran tvco uitx vico wima

atdi gadeausu gaexcout gpsicrowhist

crypinpt

corr gposecsclora

ecsdlsnh

envimano matr

naai nade ospo ossi pattnase

pico

piut pldi plmapred rege sacc sati sddiresu sira syth tare tarp

brpoenco

bsco

guasdiirgula

dilagupa

diplraa6

diasguco

dirarasm

disushbo

ditr

twsm twtr

ditv

tipo trditrut velo vsbx xtcovisi

basesystem

MMI

sensorsand weapons

C3

unchanged

new / large modificationssmaller modifications

teha

removed

16

P2

P1

P4

P3 P6

P5

IPCO

Ada program

All programs in one pool

17

Library component

Library component

New componenta component is a set of Ada packages

Ada Component Structure (static)

SIGAda 2001, Bloomington 18

Program 2

Program 1 LAN messages

A message is always Within a component Between programs

Ada Program Structure

SIGAda 2001, Bloomington 19

Distributed MMIinterface database

P1P2 P..

Pn

General MMIprogram

Operator

Applicationprograms

MMI Architecture

20

Not an easy integration process

Blocks may be simple individually, but it takes a considerable skill and time to build a large system

• Parameter settings• Program allocation• Performance estimation• Complicated systems• Testing

21

Parametrisation

• Large number of parameters:– Parameterisation is used to adapt functionality– Versions not used– Also to set capacity, performance trimming– In place of understanding requirement,

deferring decisions

• Integration is difficult

22

• Error corrections can not be made directly

• Releases must be synchronised

• Working components may be changed

P1 P2 P3 Release

Release Handling

SIGAda 2001, Bloomington 23

Complexity: 200 70 400 7 200

• Assume: Total complexity ~ product of component complexity

Complexity Increase

24

• Ada development– Then: Rational hardware, Rational compilers– Now: PC and Unix based; Aonix, OC Systems, ACT

• Documentation– Then: VAX/VMS, – Now: Windows NT, RS6000 Aix, – Exco editor (hierarchy and links)– MS Word

• C-code– VAX/VMS and target– different compilers– PC and Unix

Development Environment

25

Education

• Since 1986 we have had >800 students in >120 courses (incl. basic Ada training, Ada95 & application)

• Only own employees or from company partners• Fundamental training in BaseSystem part of

ShipSystem starts with Error Handling, InterProgram Comm, Tactical Config, Parametrisation and MMI Programming

• Mandatory to follow Application Interface Standards• Ada Quality & Style is recommended• Deprogramming of C/C++ programmers is essential

SIGAda 2001, Bloomington 26

We have succeeded.Degree of reuse is high.

27

Summary

• The cost is high• A product line development is not easy

– Software is different from hardware

– It is not a production process, it is a development process

• The difficulties can be overcome– with hard work

• The result can be very good– but the domain must be limited

• Stable architecture from start of new project

SIGAda 2001, Bloomington 28

?Question time...