AADL Generative Implementation Annex

Similar documents
Updates on the code generation annex. Jérôme Hugues, ISAE

AEROSPACE STANDARD ARCHITECTURE ANALYSIS & DESIGN LANGUAGE (AADL) V2 PROGRAMMING LANGUAGE ANNEX DOCUMENT

Query Language for AADLv2, Jérôme Hugues, ISAE Serban Gheorghe, Edgewater

AADL : about code generation

Institut Supérieur de l Aéronautique et de l Espace Ocarina: update and future directions

The Ocarina Tool Suite. Thomas Vergnaud

Presentation of the AADL: Architecture Analysis and Design Language

Presentation of the AADL: Architecture Analysis and Design Language

From MDD back to basic: Building DRE systems

Institut Supérieur de l Aéronautique et de l Espace Constraints Annex Implementation Approach

AADL to build DRE systems, experiments with Ocarina. Jérôme Hugues, ENST

AADL Subsets Annex Update

To cite this document

Generating high-integrity systems with AADL and Ocarina. Jérôme Hugues, ISAE/DMIA

0. Overview of this standard Design entities and configurations... 5

An implementation of the AADL-BA Behavior Annex front-end: an OSATE2 Eclipse plug-in

An Implementation of the Behavior Annex in the AADL-toolset Osate2

The Object Model Overview. Contents. Section Title

Learn AADL concepts in a pleasant way

AO4AADL Compiler. Sihem Loukil. June 2011

AADS+: AADL Simulation including the Behavioral Annex

RAMSES. Refinement of AADL Models for the Synthesis of Embedded Systems. Etienne Borde

This is an author-deposited version published in: Eprints ID: 3664

Modelling of PnP Weapon Systems with AADL Protocol Behaviour

Ocarina. A Compiler for the AADL for Ocarina 2.0w, 11 November Jér^ome Hugues, Thomas Vergnaud, Bechir Zalila

An Extensible Open Source AADL Tool Environment (OSATE)

AADL Graphical Editor Design

Binding and Variables

This is an author-deposited version published in: Eprints ID: 10292

Copyright 2018 Adventium Labs. 1

AADL Simulation and Performance Analysis in SystemC

Short Notes of CS201

Architecture Analysis and Design Language (AADL) Part 2

CS201 - Introduction to Programming Glossary By

Model-Based Engineering for the Development of ARINC653 Architectures

An Information Model for High-Integrity Real Time Systems

Project Report. Using the AADL to support the ASSERT modeling process

AADL Tools & Technology. AADL committee 22 April Pierre Dissaux. Ellidiss. T e c h n o l o g i e s. w w w. e l l i d i s s.

ARINC653 AADL Annex. Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Julien Delange 07/08/2013

CSC 533: Organization of Programming Languages. Spring 2005

Transformation rules from AO4AADL to AspectJ

Index. object lifetimes, and ownership, use after change by an alias errors, use after drop errors, BTreeMap, 309

Document Version: 0.6 Document Date: 15 April 2011 Prepared by: Y. Ermoline for ATLAS Level-1Calorimeter Trigger

The MPI Message-passing Standard Practical use and implementation (I) SPD Course 2/03/2010 Massimo Coppola

A DSL for AADL Subsets Specification

ARINC653 and AADL. Julien Delange Laurent Pautet

Target Definition Builder. Software release 4.20

Modeling and verification of memory architectures with AADL and REAL

POK. An ARINC653-compliant operating system released under the BSD licence. Julien Delange, European Space Agency

UML&AADL 11 An Implementation of the Behavior Annex in the AADL-toolset OSATE2

MODELING OF MULTIPROCESSOR HARDWARE PLATFORMS FOR SCHEDULING ANALYSIS

Executable AADL. Real Time Simulation of AADL Models. Pierre Dissaux 1, Olivier Marc 2.

AADL performance analysis with Cheddar : a review

Oracle PLSQL. Course Summary. Duration. Objectives

Chapter 5. Names, Bindings, and Scopes

Introduction to Visual Basic and Visual C++ Introduction to Java. JDK Editions. Overview. Lesson 13. Overview

Lecture 7. Log into Linux New documents posted to course webpage

Tokens, Expressions and Control Structures

Software Architectures. Lecture 6 (part 1)

GBIL: Generic Binary Instrumentation Language. Language Reference Manual. By: Andrew Calvano. COMS W4115 Fall 2015 CVN

JAVASCRIPT AND JQUERY: AN INTRODUCTION (WEB PROGRAMMING, X452.1)

Protection Levels and Constructors The 'const' Keyword

HIERARCHICAL DESIGN. RTL Hardware Design by P. Chu. Chapter 13 1

Outline HIERARCHICAL DESIGN. 1. Introduction. Benefits of hierarchical design

Software Architecture

The New C Standard (Excerpted material)

Extending SystemVerilog Data Types to Nets

The New C Standard (Excerpted material)

1. Describe History of C++? 2. What is Dev. C++? 3. Why Use Dev. C++ instead of C++ DOS IDE?

Java for Non Majors. Final Study Guide. April 26, You will have an opportunity to earn 20 extra credit points.

Fundamentals of Programming Languages

Programming Languages Third Edition. Chapter 7 Basic Semantics

Involved subjects in this presentation Security and safety in real-time embedded systems Architectural description, AADL Partitioned architectures

OSEK/VDX. Communication. Version January 29, 2003

Cpt S 122 Data Structures. Introduction to C++ Part II

AADL committee, Valencia October 2 nd, Pierre Dissaux (Ellidiss) Maxime Perrotin (ESA)

VALLIAMMAI ENGINEERING COLLEGE

Lab5. Wooseok Kim

Understanding the Relationship between AADL and Real-Time Embedded Systems Operating Systems

Platform modeling and allocation

Translating AADL into BIP Application to the Verification of Real time Systems

Chapter 6 Introduction to Defining Classes

DDS for LwCCM June 2013

AP Computer Science Chapter 10 Implementing and Using Classes Study Guide

CPS 506 Comparative Programming Languages. Programming Language

11/29/17. Outline. Subprograms. Subroutine. Subroutine. Parameters. Characteristics of Subroutines/ Subprograms

CSci Introduction to Distributed Systems. Communication: RPC

AADL v2.1 errata AADL meeting Sept 2014

Object-Oriented Programming Concepts

Outline. Java Models for variables Types and type checking, type safety Interpretation vs. compilation. Reasoning about code. CSCI 2600 Spring

Graphical Interface and Application (I3305) Semester: 1 Academic Year: 2017/2018 Dr Antoun Yaacoub

The TASTE MBE development toolchain - update & case-studies

Chapter 5: Procedural abstraction. Function procedures. Function procedures. Proper procedures and function procedures

Intended status: Standards Track Expires: April 27, 2015 Q. Zhao Huawei Technology D. King Old Dog Consulting J. Hardwick Metaswitch October 24, 2014

PolyORB High Integrity User s Guide

CSSE 490 Model-Based Software Engineering: Architecture Description Languages (ADL)

BLM2031 Structured Programming. Zeyneb KURT

Microsoft. Microsoft Visual C# Step by Step. John Sharp

Pattern-Based Analysis of an Embedded Real-Time System Architecture

From the Prototype to the Final Embedded System Using the Ocarina AADL Tool Suite

Transcription:

Institut Supérieur de l Aéronautique et de l Espace AADL Generative Implementation Annex Jérôme Hugues, ISAE

Key question answered by the annex How to implement a subprogram, and bind it to an AADL model? page 2

Scope of the annex document > Traceability back to the AADL requirement document (ARD 5296): Validate and Generate complex systems > Scope of the annex» Define the user interface to the AADL runtime» Allow for efficiency expected by users > Outside the scope: usage of RTOS resources» Do not mandate an implementation Mapping of AADL threads onto RTOS threads Use of synchronization primitives for event ports, Use of memory for buffering page 3

Current status > Latest draft submitted in January 2013» Written up to 90%» Need to clarify the mapping of AADL runtime services > Implementation prototype available as part of Ocarina, for both C and Ada» Targeting regular RTOS, and ARINC653 > Also similar effort is implemented through the RAMSES plug-in by Telecom ParisTech» More up-to-date to ARINC653» Support also OSEK runtimes (automotive domain) page 4

Outline of the annex document 1. Naming conventions» Mapping of AADL identifiers onto target language identifiers» Mapping of AADL packages 2. Mapping of data types» Link with the Data Modeling Annex document 3. Mapping of AADL subprograms» Variations given AADL modeling patterns 4. Using the AADL runtime services > Use of a basic flight management system to cover most situations defined in the annex document page 5

1. Naming convention > Mostly mapping rules of AADL identifiers to source code» Rationale: avoid naming collisions with keyword, etc.» Derived from CORBA IDL mapping specifications > Ada language». must be replaced by underscores _.» Two consecutive underscores must be replaced by _U_.» AADL_ prefix for identifiers that clash with an Ada keyword. > C language» (C RM 6.4.2.1), identifiers derived from AADL are lowercase.» aadl_ prefix for identifiers that clash with a C keyword.» Additional rules for collision with underlying C API (RTOS, ) page 6

Mapping of AADL packages > Ada language» Hierarchy of AADL packages are mapped onto an equivalent hierarchy of Ada packages. E.g. foo::bar is mapped onto package foo.bar > C language» AADL hierarchy is mapped onto a single name, where dots are placed with two consecutive underscores. E.g. Foo::Bar is mapped onto Foo Bar page 7

2. Mapping of data types > The Data Modeling Annex is defining precise semantics for all property values for basic types: size, (un)signed» Map to the corresponding language type» Proposed mapping for types from Base_Types package All kind of integers, float, etc. as a reference > Composite types (arrays, records, ) are given detailed mapping rules, following examples from the annex document» See A.5.3 for details» Note that arrays, records have two possible modeling patterns Need to support both page 8

3. Mapping of subprograms > Rely on CORBA IDL mapping specifications for mapping AADL subprograms to equivalent C or Ada code > Follow parameters names, in/out, etc > Yet, it depends on the actual usage of the source program» Are we defining an AADL model for a library E.g. subprogram groups?» Or the subprogram to be executed in a thread? page 9

3. Mapping of subprograms > Different modeling patterns may occur» Both ports connect to parameters as part of a call sequence entrypoint» A thread has a Compute_Entrypoint T: T.impl T: T.impl» In port connected to subprogram parameter T: T.impl T: T.impl» Subprogram attached to a port page 10

3. Mapping of subprograms: easy part > Different modeling patterns may occur» Both ports connect to parameters as part of a call sequence entrypoint T: T.impl T: T.impl 1.» Have A thread the runtime has a Compute_Entrypoint call the user subprogram with corresponding value or 2. User call the AADL runtime T: T.impl» In port connected to subprogram parameter (1) Implemented in Ocarina, easy solution for integrating legacy code, or code generated from 3 rd part tools T: T.impl» Subprogram attached to a port page 11

3. Mapping of subprograms: tricky part > Different modeling patterns may occur These» Both patterns ports require connect visibility to parameters on the AADL runtime for T: T.impl manipulating port variables as part of a call sequence entrypoint» A thread has a Compute_Entrypoint T: T.impl» In port connected to subprogram parameter T: T.impl» Subprogram attached to a port T: T.impl page 12

3. Mapping of subprograms: other considerations > Two instances of the same thread» Same features, compute entrypoint» Need to distinguish at runtime level Ports variables, access, subcomponents, P.impl 5ms 5ms T1: T.impl T2: T.impl > Solution:» Introduce an instance specific context record» Gives access to all internals and externals visible in this particular context» Passed as parameters to code executed by the userprovided code page 13

Context for subprograms > Concept borrowed from CORBA CCM» Widely used in many component-oriented frameworks > Context give access to all entities visible from the subprogram perspective» User-code hosted by a thread» Thread component type has visibility on Features, data, subprograms, > Similar syntax used to dereference all elements» Features: self.<port>» Data: self.<data>» Subprograms: self.<spg> page 14

Context for subprograms (cont d) thread Landing_Gear_T features Dummy_In : in event port {Compute_Entrypoint_Source_Text => on_dummy_in";}; end Landing_Gear_T; void on_dummy_in( aadl_ctx *self) { aadl_send_output (self->landing_gear_local_ack,&request); } > This self parameter would be used by the AADL runtime to route the request to proper destination > Resolution: no need to say more about aadl_ctx type, it is up 1. to this the context code generator info need to to be define passed it, and in all instantiate cases to be it > Options consistent, and reduce code adaptation Or» this context info need to be passed in all cases to be 2. Property consistent, set for and specifying reduce code whether adaptation we want context info passed or not: Code_Generation_Pragmas::Convention => (AADL legacy); page 15

Modeling patterns for accessors > Is there an agreement on the following pattern? > Update is an accessor» Requires access to data» One instance part of data» Connected to particular members subprogram Update features this : requires data access POS.Impl; value : in out parameter POS_Internal_Type; end Update; subprogram implementation Update.Impl end Update.Impl; data POS features Update : provides subprogram access Update.Impl; end POS; Resolution: YES/NO? Resolution#2: Do we need access to Get/Release_Resourc e? data implementation POS.Impl subcomponents spgupdate : subprogram Update.Impl; Field : data POS_Internal_Type; connections Cnx_Pos_1 : subprogram access SpgUpdate -> Update; end POS.Impl; page 16

The trouble with AADL runtime services > Those are loosely defined > Many parts implementation defined, cannot follow the proposed mapping» Notion of exception» Useless parameters > Would also impact the core of the standard Resolution: suppress AADL signature from the core, keep only the semantics being defined as abstract functions, not AADL subprograms page 17

Extending runtime services > Issue: need of specific device drivers» Rely on implemented_as property to pass additional components (threads, subprograms, buffers,..)» How can a device driver thread send events to other threads? Resolution: extend AADL context type to the process level Add another level Producer of indirection Comm. Dev BUS Consummer aadl_send_output (ctx->thread->port, (void *)data); Get_Parent_Context new runtime service to fetch context handle CPU1 CPU2 Comm. Dev page 18

Semantics of runtime services > AADL runtime services may send «exception» > Issue: what does it mean? Resolution: An exception means an error is triggered, corresponding error handler called Get_Error_Code service can be called from within handler, return a value for the corresponding enumerator, e.g. NoValue page 19

Handling ports and ports queues > Issue: AADL services are implementation-defined subprogram Send_Output features OutputPorts: in parameter <implementation-dependent port list>; -- List of ports whose output is transferred SendException: out event data; -- exception if send fails to complete end Send_Output; > Issue#1: why would someone put a value in a port variable, but not send it? What is the rationale? > Add helper routines: Set_Send (self.<port>);» Dual of the Updated runtime-service, use Updated?» Then call Send_Output, parameter-less, procedure? page 20

AADL guidelines for code generation 1. Avoid X_Source_Text properties» Issue: have to guess actual implementation language» Prefer classifier-based properties Define language, source_name, source_text in a clear way Resolution: suggested additional legality rules 1. Connect the ports?» Default is that all ports must be connected. Required_connection property applied to feature Property to relax this rule on a per connection basis» Shall we relax this rule for subprograms in threads? No resolution? impacts AADLv2.1 core (!) page 21

Advanced topics: prototypes > Shall we define rules about prototypes?» we may allow subprograms with prototypes to have user-provided implementation e.g. C++ template, Ada generic, even some limited support in C» no need for code generated: simply generate the instantiated subprogram Does the instantiation process trashes the prototype? Resolution: additional legality rules only allows for limited types of prototypes: type parameterization, Ada style Avoid subprogram passed as prototypes page 22

Last tricky construct: modes > About modes» If explicitly modeled using port communication, we rely on standard mechanisms» What about runtime services? What is implementation-specific? Actual representation? Way to name modes? subprogram Current_System_M ode features M odeid: out parameter <i mpl ement or-specific>; -- I D of t he mode end Current_System_M ode; Resolution: additional legality rules User needs not worry about modes: simply provides different entrypoint, one per mode page 23

Roadmap > Have resolution for all issues for end of March > Final document for the April meeting page 24

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback