Project Report. Using the AADL to support the ASSERT modeling process

Size: px

Start display at page:

Download "Project Report. Using the AADL to support the ASSERT modeling process"

Robyn McCoy
5 years ago
Views:

1 Project Report Using the AADL to support the ASSERT modeling process Pierre Dissaux (Ellidiss) AADL committee Salt Lake City April 16, 2007 Copyright ASSERT Project 1

2 Goals Improve system-and-software development process for critical embedded real-time systems, in the Aerospace and Transportation domains. Identify and develop proven critical system families architecture, using a proof based development process supported by formal notations, component models, and innovative processes and tools. Develop associated building blocks that can be composed, tailored and verified in open frameworks that shall be reused and shared by European teams across multi domain projects. Copyright ASSERT Project 2

3 Framework IST program (funded by the E.C.) 3 years project: Sept 2005 > Dec partners; leader: European Space Agency Clusters: Technology: DVT (tooling) DDHRT (middleware) Pilot Projects: MA3S (launchers) HRI (satellites) MPC (formation flying) AADL and ASSERT: Some partners are member of the AADL committee Foreseen as a solution in the Technical Annex Using the AADL in ASSERT: "the AADL track" However, quite a lot of controversy... Copyright ASSERT Project 3

4 Modeling Views in AADL Data View: AADL Data components (data types) May be generated from ASN.1 Interface View: AADL System components (AP level containers) AADL Subprogram components (applicative functions) Concurrency View (VM level containers): AADL Thread components (periodic and sporadic) AADL Data components (protected objects) Generated from the interface view (vertical transfo.) Deployment View AADL Process components (partitions) AADL Processor, Memory and Bus components Copyright ASSERT Project 4

5 AADL for the MPC case study data types ASN.1 applicative functions (any language) non functional properties Data View Interface View AADL packages Concurrency View (AP) AADL systems AADL processes (VM) HRT-UML/RCM physical architecture HW-SW binding Deployment View AADL operational system OCARINA Copyright ASSERT Project 5

6 Data View MPC_ASN_Data DEFINITIONS AUTOMATIC TAGS ::= BEGIN Component_Type ::= INTEGER(0..255) Record_Type ::= SEQUENCE { x Component_Type, y Component_Type, z Component_Type } T_Event ::= BOOLEAN END ASN.1 AADL spec AADL diagram PACKAGE MPC_Data PUBLIC DATA Component_Type PROPERTIES ARAO::Data_Type => Integer; END Component_Type; DATA Record_Type read : SUBPROGRAM read { Source_Language => Ada95; Source_Name => MPC; }; update : SUBPROGRAM update { Source_Language => Ada95; Source_Name => MPC; }; END Record_Type; DATA IMPLEMENTATION Record_Type.others X : DATA Component_Type; Y : DATA Component_Type; Z : DATA Component_Type; END Record_Type.others; DATA T_Event END T_Event; SUBPROGRAM read XYZ : OUT PARAMETER Record_Type.others; END read; SUBPROGRAM update XYZ : IN PARAMETER Record_Type.others; END update; END MPC_Data Copyright ASSERT Project 6

7 Interface View APLC Provided Interface Required Interface Non functional properties Copyright ASSERT Project 7

8 "Detection" APLC Applicative function "detect" Required function Copyright ASSERT Project 8

9 "Observation" APLC Applicative function "add" Function parameter Applicative function "watch" Shared data Copyright ASSERT Project 9

10 AADL code generation (AP) SYSTEM MPC_AP END MPC_AP; SYSTEM IMPLEMENTATION MPC_AP.others SC1 : SYSTEM AP_Detection.others; SC2 : SYSTEM AP_Observation.others; SC3 : SYSTEM AP_Observation; EVENT PORT SC1.addObservation -> SC2.addObservation; EVENT PORT SC1.addObservation -> SC3.addObservation; END MPC_AP.others; SYSTEM AP_Detection detectobservation : IN EVENT PORT { Compute_Entrypoint => "Detect"; Assert_Properties::RCMoperation => REFERENCE Detect; Assert_Properties::RCMoperationKind => cyclic; }; addobservation : OUT EVENT PORT; Detect : SERVER SUBPROGRAM Detect; END AP_Detection; SYSTEM IMPLEMENTATION AP_Detection.others EVENT PORT Detect.addObservation -> addobservation; END AP_Detection.others; SUBPROGRAM Detect addobservation : OUT EVENT PORT; END Detect; AP-AADL code generation Interconnected APLCs "Detection" APLC "Observation" APLC SYSTEM AP_Observation addobservation : IN EVENT PORT { Compute_Entrypoint => "add"; Assert_Properties::RCMoperation => REFERENCE add; Assert_Properties::RCMoperationKind => sporadic; }; performobservation : IN EVENT PORT { Compute_Entrypoint => "watch"; Assert_Properties::RCMoperation => REFERENCE watch; Assert_Properties::RCMoperationKind => cyclic; }; watch : SERVER SUBPROGRAM watch; add : SERVER SUBPROGRAM add; END AP_Observation; SYSTEM IMPLEMENTATION AP_Observation.others LocalObject : DATA MPC_Data::Record_Type; DATA ACCESS LocalObject -> watch.localobject; DATA ACCESS LocalObject -> add.localobject; END AP_Observation.others; SUBPROGRAM watch LocalObject : REQUIRES DATA ACCESS MPC_Data::Record_Type; END watch; SUBPROGRAM add observation : IN PARAMETER MPC_Data::Record_Type; LocalObject : REQUIRES DATA ACCESS MPC_Data::Record_Type; END add; Copyright ASSERT Project 10

AADL code generation (VM) VM-AADL code generation SYSTEM MPC_AP END MPC_AP; SYSTEM IMPLEMENTATION MPC_AP.others SC1 : PROCESS AP_Detection.others; SC2 : PROCESS AP_Observation.

11 AADL code generation (VM) VM-AADL code generation SYSTEM MPC_AP END MPC_AP; SYSTEM IMPLEMENTATION MPC_AP.others SC1 : PROCESS AP_Detection.others; SC2 : PROCESS AP_Observation.others; SC3 : PROCESS AP_Observation.others; EVENT DATA PORT SC1.observation -> SC2.observation; EVENT DATA PORT SC1.observation -> SC3.observation; END MPC_AP.others; PROCESS AP_Detection observation : OUT EVENT DATA PORT MPC_Data::Record_Type; END AP_Detection; PROCESS IMPLEMENTATION AP_Detection.others AP_Detection_detectObservation : THREAD AP_Detection_detectObservation; EVENT DATA PORT AP_Detection_detectObservation.observation -> observation; END AP_Detection.others; Interconnected processes "Detection" Process PROCESS AP_Observation observation : IN EVENT DATA PORT MPC_Data::Record_Type; END AP_Observation; PROCESS IMPLEMENTATION AP_Observation.others LocalObject : DATA MPC_Data::Record_Type; AP_Observation_performObservation : THREAD AP_Observation_performObservation; AP_Observation_addObservation : THREAD AP_Observation_addObservation; EVENT DATA PORT observation -> AP_Observation_addObservation.observation; DATA ACCESS LocalObject -> watch.localobject; DATA ACCESS LocalObject -> add.localobject; END AP_Observation.others; "Observation" Process Copyright ASSERT Project 11

12 AADL code generation (VM) cont. SUBPROGRAM Detect observation : OUT PARAMETER MPC_Data::Record_Type; END Detect; Applicative function "detect" THREAD AP_Detection_detectObservation observation : OUT EVENT DATA PORT MPC_Data::Record_Type; END AP_Detection_detectObservation; THREAD IMPLEMENTATION AP_Detection_detectObservation.others CALLS { Detect : SUBPROGRAM Detect; }; PARAMETER Detect.observation -> observation; PROPERTIES Dispatch_Protocol => Periodic; END AP_Detection_detectObservation.others; Applicative function "add" Applicative function "watch" SUBPROGRAM add observation : IN PARAMETER MPC_Data::Record_Type; LocalObject : REQUIRES DATA ACCESS MPC_Data::Record_Type; END add; THREAD AP_Observation_addObservation observation : IN EVENT DATA PORT MPC_Data::Record_Type; LocalObject : REQUIRES DATA ACCESS MPC_Data::Record_Type; END AP_Observation_addObservation; THREAD IMPLEMENTATION AP_Observation_addObservation.others CALLS { add : SUBPROGRAM add; }; PARAMETER observation -> add.observation; DATA ACCESS LocalObject -> add.localobject; PROPERTIES Dispatch_Protocol => Sporadic; END AP_Observation_addObservation.others; "Detect" Periodic thread SUBPROGRAM watch LocalObject : REQUIRES DATA ACCESS MPC_Data::Record_Type; END watch; THREAD AP_Observation_performObservation LocalObject : REQUIRES DATA ACCESS MPC_Data::Record_Type; END AP_Observation_performObservation; THREAD IMPLEMENTATION AP_Observation_performObservation.others CALLS { watch : SUBPROGRAM watch; }; DATA ACCESS LocalObject -> watch.localobject; PROPERTIES Dispatch_Protocol => Periodic; END AP_Observation_performObservation.others; "Add" Sporadic thread "Watch" Periodic thread Copyright ASSERT Project 12

13 Concurrency View (from AADL code) Interconnected partitions "Detection" Process "Observation" Process Copyright ASSERT Project 13

Deployment View & AADL code (real) Bus Processor SYSTEM MPC END MPC; SYSTEM IMPLEMENTATION MPC.others MPC_Deployment : SYSTEM MPC_Deployment.others; MPC_AP : SYSTEM MPC_AP.

14 Deployment View & AADL code (real) Bus Processor SYSTEM MPC END MPC; SYSTEM IMPLEMENTATION MPC.others MPC_Deployment : SYSTEM MPC_Deployment.others; MPC_AP : SYSTEM MPC_AP.others; PROPERTIES Actual_Processor_Binding => REFERENCE MPC_Deployment.SC3_Proc APPLIES TO MPC_AP.SC3; Actual_Processor_Binding => REFERENCE MPC_Deployment.SC1_Proc APPLIES TO MPC_AP.SC1; Actual_Processor_Binding => REFERENCE MPC_Deployment.SC2_Proc APPLIES TO MPC_AP.SC2; END MPC.others; HW SW to HW binding SW Operational system SYSTEM MPC_Deployment END MPC_Deployment; SYSTEM IMPLEMENTATION MPC_Deployment.others SC1_Proc : PROCESSOR Leon2; SC1_SC2 : BUS SpaceWire; SC1_SC3 : BUS SpaceWire; SC2_Proc : PROCESSOR Leon2; SC3_Proc : PROCESSOR Leon2; BUS ACCESS SC1_SC2 -> SC1_Proc.SC1_SC2; BUS ACCESS SC1_SC3 -> SC1_Proc.SC1_SC3; BUS ACCESS SC1_SC2 -> SC2_Proc.SC1_SC2; BUS ACCESS SC1_SC3 -> SC3_Proc.SC1_SC3; END MPC_Deployment.others; PROCESSOR Leon2 SC1_SC2 : REQUIRES BUS ACCESS SpaceWire; SC1_SC3 : REQUIRES BUS ACCESS SpaceWire; END Leon2; BUS SpaceWire END SpaceWire; Copyright ASSERT Project 14

Deployment View & AADL code (demo) SYSTEM MPC END MPC; May have different deployment views for a given SW architecture SYSTEM IMPLEMENTATION MPC.others MPC_Demo : SYSTEM MPC_Demo.

15 Deployment View & AADL code (demo) SYSTEM MPC END MPC; May have different deployment views for a given SW architecture SYSTEM IMPLEMENTATION MPC.others MPC_Demo : SYSTEM MPC_Demo.others; MPC_AP : SYSTEM MPC_AP.others; PROPERTIES Actual_Processor_Binding => REFERENCE MPC_Demo.the_CPU APPLIES TO MPC_AP.SC3; Actual_Processor_Binding => REFERENCE MPC_Demo.the_CPU APPLIES TO MPC_AP.SC1; Actual_Processor_Binding => REFERENCE MPC_Demo.the_CPU APPLIES TO MPC_AP.SC2; END MPC.others; SYSTEM MPC_Demo END MPC_Demo; SYSTEM IMPLEMENTATION MPC_Demo.others the_cpu : PROCESSOR P4; END MPC_Demo.others; PROCESSOR P4 END P4; Copyright ASSERT Project 15

16 AADL and ASSERT: Conclusion As foreseen at the beginning of the project, the AADL fits well ASSERT modelling requirements. Use of a standard textual architectural language is a backbone to connect process activities: (i.e. ASN.1 to AADL; AADL to Scade; AADL to code;...). Semantical match is strong for Data, Functional, Concurrency, Physical and Deployment models (i.e. use of standard extension capabilities). "Could do better" for the Interface view (i.e. submit proposals to the AADL committee). The AADL can be an efficient way to disseminate ASSERT technology Copyright ASSERT Project 16

AADL committee, Valencia October 2 nd, Pierre Dissaux (Ellidiss) Maxime Perrotin (ESA)

AADL committee, Valencia October 2 nd, 2014 Pierre Dissaux (Ellidiss) Maxime Perrotin (ESA) what is TASTE? A tool-chain targeting heterogeneous, embedded systems, using a model-centric development approach