ARINC653 toolset: Ocarina, Cheddar and POK

Similar documents
ARINC653 annex: examples

Model-Based Engineering for the Development of ARINC653 Architectures

ARINC653 and AADL. Julien Delange Laurent Pautet

Model-Based Engineering for the Development of ARINC653 Architectures

POK. An ARINC653-compliant operating system released under the BSD licence. Julien Delange, European Space Agency

ARINC653 AADL Annex. Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Julien Delange 07/08/2013

Involved subjects in this presentation Security and safety in real-time embedded systems Architectural description, AADL Partitioned architectures

POK User Guide. POK Team

The TASTE MBE development toolchain - update & case-studies

From MDD back to basic: Building DRE systems

POK, an ARINC653-compliant operating system released under the BSD license

Institut Supérieur de l Aéronautique et de l Espace Ocarina: update and future directions

Generating high-integrity systems with AADL and Ocarina. Jérôme Hugues, ISAE/DMIA

ARINC653 AADL Annex Update

Model Editing & Processing Tools. AADL Committee, San Diego February 4th, Pierre Dissaux. Ellidiss. Technologies w w w. e l l i d i s s.

The Ocarina Tool Suite. Thomas Vergnaud

AADL : about code generation

Learn AADL concepts in a pleasant way

Towards AADL to SystemC mapping for partitioned systems. Etienne Borde Laurent Pautet Marc Gatti

AADL to build DRE systems, experiments with Ocarina. Jérôme Hugues, ENST

AADL Inspector Tutorial. ACVI Workshop, Valencia September 29th, Pierre Dissaux. Ellidiss. Technologies w w w. e l l i d i s s.

RAMSES. Refinement of AADL Models for the Synthesis of Embedded Systems. Etienne Borde

Green Hills Software, Inc.

An Information Model for High-Integrity Real Time Systems

Investigation of System Timing Concerns in Embedded Systems: Tool-based Analysis of AADL Models

AUTOBEST: A United AUTOSAR-OS And ARINC 653 Kernel. Alexander Züpke, Marc Bommert, Daniel Lohmann

Model-Driven Engineering Approach for Simulating Virtual Devices in the OSATE 2 Environment

AADL Tools & Technology. AADL committee 22 April Pierre Dissaux. Ellidiss. T e c h n o l o g i e s. w w w. e l l i d i s s.

Executable AADL. Real Time Simulation of AADL Models. Pierre Dissaux 1, Olivier Marc 2.

Pattern-Based Analysis of an Embedded Real-Time System Architecture

Modelling Avionics Architectures

AADL performance analysis with Cheddar : a review

Title: Configuration and Scheduling tools for TSP systems based on XtratuM.

PDP 4PS : Periodic Delayed Protocol for Partitioned Systems

Testing Operating Systems with RT-Tester

Toolset for Mixed-Criticality Partitioned Systems: Partitioning Algorithm and Extensibility Support

AADL committee, Valencia October 2 nd, Pierre Dissaux (Ellidiss) Maxime Perrotin (ESA)

AUTOBEST: A microkernel-based system (not only) for automotive applications. Marc Bommert, Alexander Züpke, Robert Kaiser.

UML&AADL 11 An Implementation of the Behavior Annex in the AADL-toolset OSATE2

Automatic Selection of Feasibility Tests With the Use of AADL Design Patterns

Rapid Prototyping of Distributed Real-Time Embedded Systems Using the AADL and Ocarina

A Data-Centric Approach for Modular Assurance Abstract. Keywords: 1 Introduction

STRAST. UPMSat-2 On-board computers. Grupo de Sistemas de Tiempo Real y Arquitectura de Servicios Telemáticos Universidad Politécnica de Madrid.

A Real-Time Component Framework: Experience with CCM and ARINC-653

To cite this document

Implementing a High-Integrity Executive using Ravenscar

SAE Architecture Analysis and Design Language. AS-2C ADL Subcommittee Meeting June 6-9, 2011 Paris, France

An Implementation of the Behavior Annex in the AADL-toolset Osate2

Taming Multi-Paradigm Integration in a Software Architecture Description Language

Safety-critical Partitioned Software Architecture

This is an author-deposited version published in: Eprints ID: 3664

Modeling and verification of memory architectures with AADL and REAL

Crisis and paradox in distributed-systems development

Virtualización. Apolinar González Alfons Crespo

AADL Subsets Annex Update

Automatically adapt Cheddar to users need

This is an author-deposited version published in: Eprints ID: 10292

A Multi-Modal Composability Framework for Cyber-Physical Systems

Position Paper. Minimal Multicore Avionics Certification Guidance

ASIC world. Start Specification Design Verification Layout Validation Finish

Using the MPU with an RTOS to Enhance System Safety and Security

Update on Behavior Language for Embedded Systems with Software for Proof Based Analysis of Behavior

Applying MILS to multicore avionics systems

Ensuring Schedulability of Spacecraft Flight Software

Model-Based Design for High Integrity Software Development Mike Anthony Senior Application Engineer The MathWorks, Inc.

HAMES Review at SRI, 7 October 2008 partly based on Layered Assurance Workshop 13, 14 August 2008, BWI Hilton and based on Open Group, 23 July 2008,

Test Suite Coverage Measurement and Reporting for Testing an Operating System without Instrumentation

Don t Be the Developer Whose Rocket Crashes on Lift off LDRA Ltd

Error Detection by Code Coverage Analysis without Instrumenting the Code

Design and Implementation of Real-Time Distributed Systems with the ASSERT Virtual Machine

Enhanced Operating System Security Through Efficient and Fine-grained Address Space Randomization

SECURIFY: A COMPOSITIONAL APPROACH OF BUILDING SECURITY VERIFIED SYSTEM

XVIII. Software Testing. Laurea Triennale in Informatica Corso di Ingegneria del Software I A.A. 2006/2007 Andrea Polini

SPIN Operating System

Lecture Embedded System Security Introduction to Trusted Computing

European Component Oriented Architecture (ECOA ) Collaboration Programme: Architecture Specification Part 2: Definitions

Deos SafeMCTM. - Flight Software Workshop - Thursday December 7 th, Safety Critical Software Solutions for Mission Critical Systems

From the Prototype to the Final Embedded System Using the Ocarina AADL Tool Suite

An implementation of the AADL-BA Behavior Annex front-end: an OSATE2 Eclipse plug-in

This is an author-deposited version published in: Eprints ID: 9287

The BITX M2M ecosystem. Detailed product sheet

ACM SOSP 99 paper by Zuberi et al.

CODE / CONFIGURATION COVERAGE

Model Verification: Return of experience

Overview of Potential Software solutions making multi-core processors predictable for Avionics real-time applications

Real-Time Operating Systems Design and Implementation. LS 12, TU Dortmund

SOFT 437. Software Performance Analysis. Ch 7&8:Software Measurement and Instrumentation

Data Model Considerations for Radar Systems

Verification and Profiling tools

WHITE PAPER. 10 Reasons to Use Static Analysis for Embedded Software Development

CERTIFIED. Faster & Cheaper Testing. Develop standards compliant C & C++ faster and cheaper, with Cantata automated unit & integration testing.

Towards the integration of Overture and TASTE

A Model-Based Reference Workflow for the Development of Safety-Related Software

Integration of Mixed Criticality Systems on MultiCores: Limitations, Challenges and Way ahead for Avionics

The MILS Partitioning Communication System + RT CORBA = Secure Communications for SBC Systems

By V-cubed Solutions, Inc. Page1. All rights reserved by V-cubed Solutions, Inc.

TDDD07 Real-time Systems Lecture 10: Wrapping up & Real-time operating systems

SCADE. SCADE 19.2 Solutions for ARINC 661 Compliant Systems. The ARINC 661 Standard EMBEDDED SOFTWARE

Verification and Test with Model-Based Design

By Matthew Noonan, Project Manager, Resource Group s Embedded Systems & Solutions

Transcription:

ARINC653 toolset: Ocarina, Cheddar and POK Julien Delange <delange@enst.fr> Laurent Pautet <pautet@enst.fr> 09/11/09

Context ARINC653 systems Layered architecture Enforce isolation across partitions High-integrity, reliable and dependable Partition 1 Partition 2 Kernel Task scheduling Partition scheduling Strong requirements Hierarchical scheduling Requirements analysis and verification (memory,...) System analysis, isolation verification Certification requirements (cf. DO178B) 2 Julien Delange, Laurent Pautet

Problem and solutions ARINC653 systems Must be verified BEFORE implementation (save time, money) Careful design, error can have catastrophic consequence Must be validated against certification standards (DO178B) Our tools: Verify of the system BEFORE implementation Generate code validated requirements Ease certification (code coverage, scheduling analysis, execution traces) 3 Julien Delange, Laurent Pautet

Proposed approach Dedicated development process AADL, backbone language Verification, execution, certification «Libre» toolset Ocarina model analyzer, code generator Cheddar, scheduling simulator and analyzer POK, ARINC653-compliant runtime for the AADL Available under GPL or BSD licenses Ocarina Cheddar POK Requirements verification (ex: memory requirements) Scheduling Simulation Implementation Simulation traces Compare execution AGAINST simulation traces 4 Julien Delange, Laurent Pautet

Requirements verification Ensure requirements enforcement Memory requirements Fault tree (each potential fault will be recovered) Verify basic scheduling requirements Rely on Ocarina AADL toolsuite Model analysis REAL theorems for model validation Requirements verification (ex: memory requirements) See. Model-Based Engineering for the Development of ARINC653 Architectures», AEROTECH09 5 Julien Delange, Laurent Pautet

Scheduling simulation Verify scheduling requirements Deadlines can be met Use time isolation of ARINC653 architectures Simulate system scheduling Tasks activation time Shared resources utilization Scheduling Simulation Scheduling feasability Hierarchical scheduler handling Produce trace file XML file, can be reused later Reproduce the tasks activation diagram Simulation traces Scheduling diagram Verify graphical tasks execution 6 Julien Delange, Laurent Pautet

Automatic implementation Automatic code generation Enforce model requirements Minimal code, avoid potential overhead Implementation with POK Partitioned runtime for AADL Provides isolation across partitions Automatic instrumentation Trace system execution Output tasks activation time Generation of ARINC653-compliant code traces See «Code Generation Strategies for Partitioned Systems», RTSS08-WIP Reduce overhead Avoid traditional error Ensure requirements enforcement Verify system correctness Integration with devices and other nodes Trace equivalent to scheduling trace Potentially exploit other information (executed statements,...) 7 Julien Delange, Laurent Pautet

Compare simulation and execution Compare simulation and execution Task execution is similar Time isolation is well enforced Automatic process Driven by Can also check both execution diagrams Cheddar Scheduling Simulation Simulation traces Ocarina POK Implementation traces See «Validate, simulate and implement ARINC653 systems using the AADL», SIGAda09 Compare execution against simulation Tasks execution meets simulation? 8 Julien Delange, Laurent Pautet

Additional: ARINC653 XML generation ARINC653 OS are configured with XML files Configure module service Useful for some verification Lack of information for a complete analysis Really useful? Cannot generate the whole runtime system Generate configuration + runtime with AADL ensure requirements enforcement Ocarina ARINC653 XML deployment file Vendor-specific tools ARINC653 OS configuration 9 Julien Delange, Laurent Pautet

Going further: code coverage Code coverage? Check statement execution Verify evaluation of conditions See. statement coverage, MC/DC,... Fundamental requirement for avionics systems Requirement for DO178B certification Coverage level depends on criticality level All code MUST be covered Actually performed with code review and analysis 10 Julien Delange, Laurent Pautet

Automatic code generation Code coverage and code generation Partition 1 Partition 2 Code reflects architecture needs and requirements! Remove useless functions Avoid potential overhead Event ports Blackboards Event ports Intra-partition comm Intra-partition comm Thread management Thread management Partition 1 Partition 2 Partitions scheduler Time service Kernel Sampling ports Inter-partitions comm. 11 Julien Delange, Laurent Pautet

Going further: code coverage Coverage project Automatically analyze code coverage Deduced at system execution Goal: reach MC/DC code coverage Generation of ARINC653-compliant code Application to generated application Automatically perform coverage analysis Analyze impact of code generation from AADL Facilitate DO178B/C certification Actually, statement coverage = 95% See. Couverture: an Innovative Open Framework for Coverage Analysis of Safety Critical Applications», Ada User Journal Coverage analysis 12 Julien Delange, Laurent Pautet

Conclusion Past projects show the importance of the AADL System analysis Automatic code generation cf. ASSERT project (2007) Ongoing work open new perspectives Improved analysis tools Automatic generation and certification of layered architectures Verification of requirements enforcement at execution time cf. PARSEC, AVSI, COUVERTURE projects (2009) 13 Julien Delange, Laurent Pautet

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback