Ed Colbert Director, USC Software Engineering Certificate Program usc.edu (21 3)

Size: px

Start display at page:

Download "Ed Colbert Director, USC Software Engineering Certificate Program usc.edu (21 3)"

Benjamin Harrison
6 years ago
Views:

1 Ed Colbert Director, USC Software Engineering Certificate Program usc.edu (21 3) Based on presentation developed with Bruce Lewis, U.S. Amy Aviation and Missile Command (AMCOM) 0 Society of Automotive Engineers (SAE) is developing standard Avionics Architecture Description Language 0 Basic research funded by - U.S. Defense Advanced Research Projects Agency (DARPA) - Office of U.S. Secretary of Defense's Open Systems -Joint Task Force (0s - JTF) 0 Based on - MetaH Design by Honeywell for specification of real-time, fault-tolerant, securely partitioned, dynamically reconfigurable multi-processor system architectures - Unified Modeling language (UML) Object Management Group's (OMG) standard language for objectoriented software development

$'. r.-., *,..",,.& ji*.' - y,,.' w p' 7. --,*...s;y )- Z ' <;, - -,' ;id'.--\ " - ;-;:;;.. - c,"a.,.,.,,.. -,,.-:'Qutlim -.. :-...,.,. %.. C,'.' --" &,- J*W +. -' *-! -.,..-,.-..J :..?Z. 5.,.. S'C" - d4- - 6 Y.$ ' t 0 Problems Developing Embedded Real-Time Systems 0 How Avionics Architecture Description Language Will Help 0 Overview of AADL 0 Draft Language Elements 0 Extending UML 0 Draft UML Metamodel for

' t 0 Problems Developing Embedded Real-Time Systems 0 How Avionics Architecture Description Language Will Help 0 Overview of AADL 0 Draft Language Elements 0 Extending UML 0 Draft UML Metamodel for

Difficult to integrate 0 Few means of assessing impact of decisions early - Often, don't perceive that system exceeds processor resources until late Adding or changing resources is expensive, if

2 '. r.-., *,..",,.& ji*.' - y,,.' w p' 7. --,*...s;y )- Z ' <;, - -,' ;id'.--\ " - ;-;:;;.. - c,"a.,.,.,,.. -,,.-:'Qutlim -.. :-...,.,. %.. C,'.' --" &,- J*W +. -' *-! -.,..-,.-..J :..?Z. 5.,.. S'C" - d Y fl '%a... :<," *-. ' t 0 Problems Developing Embedded Real-Time Systems 0 How Avionics Architecture Description Language Will Help 0 Overview of AADL 0 Draft Language Elements 0 Extending UML 0 Draft UML Metamodel for AADL 0 AADUUML Generic Missile Example 0 SAE Standardization of AADL 0 Final Notes 311 1RW2 3 0 Reliability, safety, & performance are constant concerns 0 Wrong or late answer could be deadly 0 Difficult to integrate 0 Few means of assessing impact of decisions early - Often, don't perceive that system exceeds processor resources until late Adding or changing resources is expensive, if possible Many projects cut back on capabilities so software fits hardware - Despite increased costs of integration, maintenance, & upgrading 0 Typically very long lives & must be upgraded throughout - More capabilities required in each new system or upgrade e.g. multimedia, situation awareness, mission simulation & training - Capacity on original processors is soon exhausted as user needs increase f not exhausted when fielded - Hardware becomes obsolete - Re-hosting of software to new hardware is expensive

0 Current development process - Manual, paper intensive, error prone, resistant to change -

architecture is essential 0 Yet, [Garlan, Kompanek, et al.

centered on box-and-line diagrams, with explanatory prose - Visual conventions are

Cannot be analyzed for consistency or completeness Are only hypothetically related to

3 0 Current development process - Manual, paper intensive, error prone, resistant to change - Disjoint models - Models not kept up Requirements Analysls V lrm2 5 0 Well-designed architecture is essential 0 Yet, [Garlan, Kompanek, et al say that in practice - Most architectural descriptions are nformal documents Usually centered on box-and-line diagrams, with explanatory prose - Visual conventions are idiosyncratic & usually project-specific - Results Are only vaguely understood by developers Cannot be analyzed for consistency or completeness Are only hypothetically related to implementations - Properties cannot be enforced as system evolves Cannot be supported by tools to help software architects with their tasks LA ACM/EEE Ed Colbert

4 0 Problems Developing Embedded Real-Time Systems 0 How Avionics Architecture Description Language Will Help 0 Overview of AADL 0 Draft Language Elements 0 Extending UML 0 Draft UML Metamodel for AADL 0 AADUUML Generic Missile Example 0 SAE Standardization of AADL 0 Final Notes 0 Describe high-level designs Treats system as collection of connected components - Layout of components defines structure - Connectors define communication - Component interfaces are first-class citizens - Attributes narrowly defines Semantics for component interactions, Systemic behaviors, and Emergent properties 0 Does NOT describe algorithms, data structures or circuits

0 Provides notations that support domain-specific architectural style or styles -

specified using notation or notations 0 Models & methods to analysis - Estimate

software patterns 0 Library of configurablelgeneric components - Components that

taxonomy Architecture-based Requirements Analysis ~rchitecture-based System

5 0 Provides notations that support domain-specific architectural style or styles - Notations for common computation & communication paradigms - Architecture formally specified using notation or notations 0 Models & methods to analysis - Estimate characteristics - Verify product characteristics O Provideslsuppotts domain-specific software patterns 0 Library of configurablelgeneric components - Components that satisfy architecture guidelines for "plug-in" use - Components organized by some taxonomy Architecture-based Requirements Analysis ~rchitecture-based System ntegration Explicit Architecture Architecture-based Design and mplementation Predictable System

'W -" - y.. ' <.p,+.. '...,*,w!&..a. s i-.-,& H..:., m....4 Y/:s f*..- -r'.

-* T :- + +,-.; +.;-# $- A-.., **: *..>$+: 7 :!.. k. :. f>3f *-. ~.

Avionics Architecture Description Language Will Help 0 Overview of AADL 0

6 'W -" - y.. ' <.p,+.. '...,*,w!&..a. s i-.-,& H..:., m....4 Y/:s f*..- -r'.mo~del-bzised... +.* s..~ % ;- -&..:.? AAD~~:En+gr~-e.rinQ~r - -,*-. -* T :- + +,-.; +.;-# $- A-.., **: *..>$+: 7 :!.. k. :. f>3f *-. ~. -< >' a-.:,... L',.. * ~2 ' 6.:,: s Execut~ve Generation Componenl ntegration Architecture Design Memory Configuration Specific 0 Problems Developing Embedded Real-Time Systems 0 How Avionics Architecture Description Language Will Help 0 Overview of AADL 0 Language Elements 0 Draft Language Elements 0 Extending UML 0 Draft UML Metamodel for AADL 0 AADUUML Generic Missile Example 0 SAE Standardization of AADL 0 Final Notes -

%?y.d..",, 7...$@. '.a ".. -r. *' p'.:-".. * -i "., &. -.. 2,.".- -i- ;'.*..A- ' $.* - -' - + F'?. -.,.. SA,AADT. Based on Me1a.H....-- a -.b. b',~,' + 5-,"*.,: -,- 3 -.'... 'i - a *.

RT ~ arety~ion critical i i Extended law rak systems, event and dynamic arrhikctu~ i capabilities L....,.... ".

7 %?y.d..",, '.a ".. -r. *' p'.:-".. * -i "., & ,.".- -i- ;'.*..A- ' $.* - -' - + F'?. -.,.. SA,AADT. Based on Me1a.H a -.b. b',~,' + 5-,"*.,: -,- 3 -.'... 'i - a *.,..j 7, ,A ', : ;?. ' L.. &,.. &.. :*', *'. - *. Me- "-,f.'cd. i..- TOOLS./""... "..-" i Upgded andstandardim x! RT ~ arety~ion critical i i Extended law rak systems, event and dynamic arrhikctu~ i capabilities L....,.... "...,f Toolsets 0 ADL with supporting toolset for specifying, analyzing, & integrating computer control systems -Supports system architectures that are Real-time, Fault-tolerant Securely partitioned Dynamically reconfigurable Multi-processor 0 Design by Honeywell LA ACM/EEE Ed Colbert

8 0 Analyzes - Schedulability - Reliability - Safety 0 Generates integrated, environment-specific code for -Application components - Executive -"Architectural glue" Strong Partitioning Timing Protection OS Call Restrictions Memory Protection Portability Application Components Tailored MetaH Executive MetaH Kernel

Missile G&C reference architecture (AMCOM SED) Missile Re-engineering demonstration (AMCOM SED) Space Vehicle Attitude Control System (AMCOM SED)

fault tolerance (DARPA, CMU, Lockheed-Martin) ncremental Upgrade of Legacy Systems (AFRL, Boeing, Honeywell) Comanche study (AMCOM, Comanche PO,

Systems (DARPA, Honeywell) Avionics System Performance Management (AFRL, Honeywell) Ada Software ntegrated DevelopmenWerification (AFRL,

9 Missile G&C reference architecture (AMCOM SED) Missile Re-engineering demonstration (AMCOM SED) Space Vehicle Attitude Control System (AMCOM SED) Reconfigurable Flight Control (AMCOM SED) Hybrid automata formal verification (AFOSR, Honeywell) Missile defense (Boeing) Fighter guidance SW fault tolerance (DARPA, CMU, Lockheed-Martin) ncremental Upgrade of Legacy Systems (AFRL, Boeing, Honeywell) Comanche study (AMCOM, Comanche PO, Boeing, Honeywell) Tactical Mobile Robotics (DARPA, Honeywell, Georgia Tech) Advanced ntercept Technology CWE (BMDO, MaxTech) Adaptive Computer Systems (DARPA, Honeywell) Avionics System Performance Management (AFRL, Honeywell) Ada Software ntegrated DevelopmenWerification (AFRL, Honeywell) FMS reference architecture (Honeywell) JSF vehicle control (Honeywell) FMU reengineering (Honeywell) Total Project 50% P Port Phase Only 90%

10 p.,,, ;,.-A-. *-..,& -...&.,' i.. ' - p?'.,...--" ',.'$.:. * -.,:;.&.,; ,;- 4.c.-. " "'C '-*-,.*. '.? W '. -.,.?..- *,-: -,. -:&, 7. : i- 4- #. : '.....,. c',., s,?.,. ; ',.-."aoutlim.-- 0 Problems Developing Embedded Real-Time Systems - -<-, 0 How Avionics Architecture Description Language Will Help 0 Overview of AADL 0 Draft Language Elements 0 Extending UML 0 Draft UML Metamodel for AADL 0 AADUUML Generic Missile Example 0 SAE Standardization of AADL 0 Final Notes 0 UML provides modeling concepts & notations for typical software modeling projects O Users may need - Additional features and/or notations - Non-semantic information attached to models 0 UML core concepts can be extended or specialized by users - 3 built-in extension mechanisms Stereotype Constraint Tagged Value - Combine to form a Profile 0 Can extend UML rnetamodel by explicitly adding new metaclasses & other meta-constructs - Depends on modeling tools or use of meta-metamodel facility

O Problems Developing Embedded Real-Time Systems O How Avionics

Language Elements 0 Extending UML Draft UML Metamodel for AADL AADUUML

11 O Problems Developing Embedded Real-Time Systems O How Avionics Architecture Description Language Will Help O Overview of AADL Draft Language Elements 0 Extending UML Draft UML Metamodel for AADL AADUUML Generic Missile Example O SAE Standardization of AADL O Final Notes! Model-Element 1 i - name : Sehp - :$ Behavior ComponentClassifrer /, Feafure (horn Behaviors) --, (horn Cmponenb), (hrmfeahkes) - (from Prope*es)

12 System-nstance._ Component- Type +type;, (frcxn Component Types) - - -,< -- -' -' on type +mpkmentatim camp-* ; 0'. Component-nstance 1 cal.gwy Canpom-cslegoy - -*

UML 0 Draft UML Metamodel for AADL O AADUUML

13 Problems Developing Embedded Real-Time Systems O How Avionics Architecture Description Language Will Help Overview of AADL 0 Draft Language Elements 0 Extending UML 0 Draft UML Metamodel for AADL O AADUUML Generic Missile Example 0 SAE Standardization of AADL Final Notes

14 System Architecture software Missileln Flight CCAADL-system-type>> GMSLNT <caadl-mode-type>> software: MissilelnFlight Sensed-Body-Rates MissilePosition CCAADL-system-type>> 1 hardware: GMSLNT Fin-Actuator-Cmds RLTF / 1

Avionics Architecture Description Language csaadl-mode-type>> MissilelnFlight Ports Sensed-Body-Accelerations : out Vectors.Vector-3D-Type Ynsed-Bmy-Rates : out Vectors.

15 Avionics Architecture Description Language csaadl-mode-type>> MissilelnFlight Ports Sensed-Body-Accelerations : out Vectors.Vector-3D-Type Ynsed-Bmy-Rates : out Vectors.Vector-3D-Type Flighmme : out Standard.Float MissileAtt~tude : out Vectors.Vector-3D-Type MissileState : out Standardhteger ~lss~le~osition : out Vectors.Vector-3D-Type Fin-Actuator-Cmds : out Vecton.Vector-4D-Type RLTF : out Vectors.Vector-3D-Type LaunchVehlcleCrnd : n Standard.Bwlean - c<aadl-system-type>> Missile- Environment 1 <caadl-system-type>> Missile + Ports Sensed-w-Accelerations : out Vectors.Veclor-3D-Type Sensed-Body-Rates : out Vectors.Vector-3D-Type Flighmme : out Standard.Float MissileAtlitude : out Vectors.Vector-3D-Type Missilestate : out Standard.lnteger Miss~lePos~tion : out vectors.vector-3~-type Fin-Actuator-Cmds : out Veclors.VectorM4DMType RLTF : OJ~ vectors.vector_3~-t~~ LaunchVehicleCmd : in Standard.Boolean - Properties Allowed-Bindings = Nil Bindmgs = Nil BuildOptions = Nil Criliial~ty = Nil LA ACMfEEE Ed Colbert

16 LaunchVehicleCmd Accelerations 4 CCAADL-system-type>> l missile : Missile RLTF Fin-Actuator-Cmds <<AADL-system-implementation>> : Missile-Environment.AMCOM data-aquisition : Data-Aquisition 1 environment : Environment fln-aclualor- <caadl-pro~e~~-type>> Posibons 1 fin-control : 4 Fin-Actuator-Control Fin-Actuat~ Cmds

-. <<AADL-process-type>> Environment <<AADL-process-implementation>> Environment.AMCOM Ports *. Sensed Body-Accelerations : out Vectors.Veclor-3D-Type ** ~ensed~ody-~ates : out Vectors.

17 -. <<AADL-process-type>> Environment <<AADL-process-implementation>> Environment.AMCOM Ports *. Sensed Body-Accelerations : out Vectors.Veclor-3D-Type ** ~ensed~ody-~ates : out Vectors.Vector-3D-Type ' FlighlTime : out Standard.Floa1 MissileAttitude : out Vecton.Vector-3D-Type M~ssileSlate : out Slandard.lnteger M~ss~lePosition : out Vectors.Vector-3D-Type LaunchVehicleCmd : ln Standard.Boolean Fin-Actualor-Posillons : in port Vecton.Veclor-4D-Type Properties Deadline = 1000 us Heapsize = 8192 B period = 1000 us Se~i~eCapability = SHUT-DOWN SourceFile =... SourceMaxTime = 270 us SourceName = 'Environment' O Problems Developing Embedded Real-Time Systems O How Avionics Architecture Description Language Will Help O Overview of AADL O Draft Language Elements O Extending UML Draft UML Metamodel for AADL O AADUUML Generic Missile Example SAE Standardization of AADL O Final Notes LA ACM/EEE Ed Colbert

0 Requirements document (ARD5296) approved by SAE Spring 2001 - Based on Existing MetaH language, toolset Demo/evaluation projects 0 AADL Definition - v1.

0 standard by EOY 2005-6 (goal) Less critical requirements & those requiring research - Current draft (v0.

18 0 Requirements document (ARD5296) approved by SAE Spring Based on Existing MetaH language, toolset Demo/evaluation projects 0 AADL Definition - v1.0 standard by EOY 2003 (goal) Most critical requirement Balloting expected - September 2003 On track - v2.0 standard by EOY (goal) Less critical requirements & those requiring research - Current draft (v0.4) about 40-50% complete About 125 pages O Requesting funding for prototyping of new AADL features 311 1RW Bruce Lewis (U.S. Army AMCOM): SAE Chair, technology user 0 Ed Colbert (USC): AADL & UML Mapping 0 Peter Feiler (SE): Secretary, Co-author, Editor, technology user 0 Steve Vestal (Honeywell): Meta-H Originator, Co-author 0 Members - Boeing, Rockwell, Honeywell, Lockheed Martin, Raytheon, Smith ndustries, Dassault Aviation, Airbus, Axlog - NST, NAVAir, OSJTF, British MOD, Army, European Space Agency 0 Liaisons - COTRE, NATO, GOA, POSX, OPEN (informal), OMG (informal) 0 Relationships with other parties - Australian Avionics Lab: performance analysis

19 O Problems Developing Embedded Real-Time Systems O How Avionics Architecture Description Language Will Help O Overview of AADL Draft Language Elements O Extending UML O Draft UML Metamodel for AADL AADUUML Generic Missile Example SAE Standardization of AADL O Final Notes lll lmllt2 t7 0 AADL is Architecture Description Language & tools for embedded systems domain - Especially for avionics systems - Based on MetaH 0 AADL provides a means to: - Specify software & hardware architecture - ncrementally develop from prototype to specification - Analyze architecture formally - mplement final system ntegrating components with hardware & automatically generated system executive & glue code - Evolve system rapidly Within development Across lifecycle --

- 1.- : r.-',.... t..... /.,.-?& * -.i- 4.c.*..,.,.c-. -p.c# 2 -. ',---.. *..g* - A.,, (.- 3'fU.' -,SC 7 '. -.ThingS"AADL-*is.,.,. i; :* 7,,.

1 Specify detailed design of objects, classes, algorithms, or data structures - Basic UML can provide O GU Design - Can specify

O Web-based systems O Client-Server Systems - Research topic O Run-time software updates - Supports dynamic reconfiguration of

architecture & components for product line architecture - Create reusable components 0 Create adaptable workstation simulation

20 - 1.- : r.-',.... t..... /.,.-?& * -.i- 4.c.*..,.,.c-. -p.c# 2 -. ',---.. *..g* - A.,, (.- 3'fU.' -,SC 7 '. -.ThingS"AADL-*is.,.,. i; :* 7,,. _p ~ot-liitended,--, f, To. -.. Do; a. - <_. L. 1 Specify detailed design of objects, classes, algorithms, or data structures - Basic UML can provide O GU Design - Can specify GU component(s) & connections to other components - But not details of screens, data types, etc. O Web-based systems O Client-Server Systems - Research topic O Run-time software updates - Supports dynamic reconfiguration of designed components - But not addition or changes to generated configuration - Research topic 311 la Specify architecture & components for product line architecture - Create reusable components 0 Create adaptable workstation simulation that can be retargeted to tactical embedded system without loss of fidelity - Processing environment risk reduction (Software First). 0 Retargeting & re-engineering embedded systems 0 Analysis system performance of embedded RT systems - Schedule - Safety - Security O Generation architecture with separate component generation for rapidly evolvable systems 0 Build open architecture avionics systems with partitioned flight control - Reducing Validation & Verification cost 311 1R002 40

Architecture Description Languages. Peter H. Feiler 1, Bruce Lewis 2, Steve Vestal 3 and Ed Colbert 4

Architecture Description Languages An Overview of the SAE Architecture Analysis & Design Language (AADL) Standard: A Basis for Model-Based Architecture-Driven Embedded Systems Engineering Peter H. Feiler