Abstract
For emerging safety-critical systems, it is beneficial to cope with design validation, performance estimation, and design space exploration in early design stages. In this paper, we explore the architectural choices of an aircraft electric power system (EPS) controller using Ptolemy II and Metro II. The design is modeled in separate aspects: the functional aspect models the logics and behaviors that fulfill the functionality of the controller, and the architectural aspect models the behaviors of the platform that implements the controller. The co-design benefits from the rigorous Model of Computation (MoC) in Ptolemy II, which facilitates the analysis and validation of functional aspect, as well as the flexibility and expressiveness provided by Metro II, in which complex architectural models can be built with the flexibility of changing the mapping. Co-simulation integrates the functional model and the architectural model using Metro II semantics. By clearly separating the functional aspect and the architectural aspect, the performance can be estimated at an early design stage, and the architectural exploration can be done in a more efficient manner.We show the effectiveness and extensibility of our approach using experiments and results with example candidates for the aircraft EPS controller.