RAMSES. Refinement of AADL Models for the Synthesis of Embedded Systems. Etienne Borde

Similar documents
Model-Based Engineering for the Development of ARINC653 Architectures

An Implementation of the Behavior Annex in the AADL-toolset Osate2

An implementation of the AADL-BA Behavior Annex front-end: an OSATE2 Eclipse plug-in

POK. An ARINC653-compliant operating system released under the BSD licence. Julien Delange, European Space Agency

ARINC653 and AADL. Julien Delange Laurent Pautet

ARINC653 AADL Annex. Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Julien Delange 07/08/2013

Executable AADL. Real Time Simulation of AADL Models. Pierre Dissaux 1, Olivier Marc 2.

UML&AADL 11 An Implementation of the Behavior Annex in the AADL-toolset OSATE2

Presentation of the AADL: Architecture Analysis and Design Language

Presentation of the AADL: Architecture Analysis and Design Language

Copyright 2018 Adventium Labs. 1

The Ocarina Tool Suite. Thomas Vergnaud

AADL : about code generation

AADL Subsets Annex Update

ARINC653 annex: examples

AADL committee, Valencia October 2 nd, Pierre Dissaux (Ellidiss) Maxime Perrotin (ESA)

AADL v2.1 errata AADL meeting Sept 2014

ARINC653 toolset: Ocarina, Cheddar and POK

Towards AADL to SystemC mapping for partitioned systems. Etienne Borde Laurent Pautet Marc Gatti

Workshop 1: Specification for SystemC-AADL interoperability

AADL to build DRE systems, experiments with Ocarina. Jérôme Hugues, ENST

Model-Based Engineering for the Development of ARINC653 Architectures

AADL performance analysis with Cheddar : a review

Schedulability Analysis of AADL Models

COTRE as an AADL profile

Institut Supérieur de l Aéronautique et de l Espace Constraints Annex Implementation Approach

AADL Requirements Annex Review

AADL Generative Implementation Annex

Generating high-integrity systems with AADL and Ocarina. Jérôme Hugues, ISAE/DMIA

The AADL Behavioural annex 1

European Component Oriented Architecture (ECOA ) Collaboration Programme: Architecture Specification Part 2: Definitions

Involved subjects in this presentation Security and safety in real-time embedded systems Architectural description, AADL Partitioned architectures

Architecture Description Languages. Peter H. Feiler 1, Bruce Lewis 2, Steve Vestal 3 and Ed Colbert 4

Using AADL in Model Driven Development. Katholieke Universiteit Leuven Belgium

Query Language for AADLv2, Jérôme Hugues, ISAE Serban Gheorghe, Edgewater

Architecture Analysis and Design Language (AADL) Part 2

Modelling of PnP Weapon Systems with AADL Protocol Behaviour

AADL Inspector Tutorial. ACVI Workshop, Valencia September 29th, Pierre Dissaux. Ellidiss. Technologies w w w. e l l i d i s s.

OSATE Analysis Support

Architecture Modeling in embedded systems

Institut Supérieur de l Aéronautique et de l Espace Ocarina: update and future directions

AUTOBEST: A United AUTOSAR-OS And ARINC 653 Kernel. Alexander Züpke, Marc Bommert, Daniel Lohmann

AUTOBEST: A microkernel-based system (not only) for automotive applications. Marc Bommert, Alexander Züpke, Robert Kaiser.

An Information Model for High-Integrity Real Time Systems

Architecture Analysis and Design Language (AADL) Part 3

From MDD back to basic: Building DRE systems

xuml, AADL and Beyond

Investigation of System Timing Concerns in Embedded Systems: Tool-based Analysis of AADL Models

Updates on the code generation annex. Jérôme Hugues, ISAE

Platform modeling and allocation

MODELING OF MULTIPROCESSOR HARDWARE PLATFORMS FOR SCHEDULING ANALYSIS

FPGAs: High Assurance through Model Based Design

System-level co-modeling AADL and Simulink specifications using Polychrony (and Syndex)

AADL Tools & Technology. AADL committee 22 April Pierre Dissaux. Ellidiss. T e c h n o l o g i e s. w w w. e l l i d i s s.

Learn AADL concepts in a pleasant way

Translating AADL into BIP Application to the Verification of Real time Systems

Model-Driven Engineering Approach for Simulating Virtual Devices in the OSATE 2 Environment

CSSE 490 Model-Based Software Engineering: Architecture Description Languages (ADL)

Impact of Runtime Architectures on Control System Stability

The Montana Toolset: OSATE Plugins for Analysis and Code Generation

AADS+: AADL Simulation including the Behavioral Annex

Main Points of the Computer Organization and System Software Module

From the Prototype to the Final Embedded System Using the Ocarina AADL Tool Suite

PDP 4PS : Periodic Delayed Protocol for Partitioned Systems

Introduction to AADL 1

Formal Verification of AADL models with Fiacre and Tina

Architecture Modeling and Analysis for Embedded Systems

ARINC653 AADL Annex Update

COTS software for the NET-centric C2 decision support and knowledge management

Distributed IMA with TTEthernet

A DSL for AADL Subsets Specification

Update on Behavior Language for Embedded Systems with Software for Proof Based Analysis of Behavior

Lab-STICC : Dominique BLOUIN Skander Turki Eric SENN Saâdia Dhouib 11/06/2009

SAE Architecture Analysis and Design Language. AS-2C AADL Subcommittee Meeting Feb 3-6, 2014 Toulouse, France

Software verification for ubiquitous computing

Design Space Exploration of Systems-on-Chip: DIPLODOCUS

Understanding the Relationship between AADL and Real-Time Embedded Systems Operating Systems

Flow Latency Analysis with the Architecture Analysis and Design Language (AADL)

Software Processes. Ian Sommerville 2006 Software Engineering, 8th edition. Chapter 4 Slide 1

AADL Graphical Editor Design

Update on AADLInspector and Cheddar : new interface and multiprocessors analysis

[IT6004-SOFTWARE TESTING] UNIT 2

Developing Enterprise Cloud Solutions with Azure

Software Engineering 2 A practical course in software engineering. Ekkart Kindler

SCADE AADL. Thierry Le Sergent, Adnan Bouakaz, Guilherme Goretkin (ANSYS)

Verifying Periodic Programs with Priority Inheritance Locks

Semantics-Based Integration of Embedded Systems Models

COMPASS: FORMAL METHODS FOR SYSTEM-SOFTWARE CO-ENGINEERING

Software Quality. Richard Harris

Prototyping of Distributed Embedded Systems Using AADL

A Modeling Framework for Schedulability Analysis of Distributed Avionics Systems. Pujie Han MARS/VPT Thessaloniki, 20 April 2018

DREMS: A Toolchain and Platform for the Rapid Application Development, Integration, and Deployment of Managed Distributed Real-time Embedded Systems

Pattern-Based Analysis of an Embedded Real-Time System Architecture

Tools for Formally Reasoning about Systems. June Prepared by Lucas Wagner

Using the AADL for mission critical software development paper presented at the ERTS conference, Toulouse, 21 January 2004

arxiv: v1 [cs.se] 2 Mar 2015

<Insert Picture Here> Lustre Development

Adapting models to model checkers, a case study : Analysing AADL using Time or Colored Petri Nets

Process Description and Control

1 Visible deviation from the specification or expected behavior for end-user is called: a) an error b) a fault c) a failure d) a defect e) a mistake

Transcription:

Refinement of AADL Models for the Synthesis of Embedded Systems Etienne Borde etienne.borde@telecom-paristech.fr

AADL: Architecture Analysis and Design Language We use AADL to model SCES architectures: It is standardized (by the SAE), which guarantees interoperability of different tools It provides a clear and precise semantics, which is also standardized It federates a community of users that focus on each of the aspect mentioned earlier: - Requirements specification - Models analysis - Code generation page 2

A simplified MDE process in a nutshell Requirements definition Rigorous yet abstract representation of the system Verification 1 2 Formal models Generated code 1: Transformation into verifiable properties and models 2: Code generation page 3

Issue with code generation Code generation implies an alteration of the software architecture Ports are mapped into variables identifying ports, Some connections are mapped into queues, potentially requiring protected resources, Modes may require additional threads to manage mode transitions, Health monitoring require faults detection and recovery mechanisms, etc, etc, etc Impact on analysis results? page 4

A simplified MDE process in a nutshell Impact of code generation on analysis results? Requirements definition Rigorous yet abstract representation of the system Verification 1 2 Formal models Generated code Conformance? Problem: consistency between 1 and 2? page 5

First contribution of Reduce the semantic gap between analysed model and deployed system Requirements definition AADL Rigorous yet abstract representation of the system Verification 2 1 Rigorous and (more) precise representation of the system AADL Formal models Generated code page 6

Example of input (ARINC653) AADL model ARINC partition Periodic task T1 Period = 20 Ms Priority = 5 Subprogram_Call: {op1} Sporadic task T4 Periodic Task T2 Period = 10 Ms Priority = 2 Subprogram_Call: {op2} Periodic task T3 Par$$on run$me Scheduling=FPS Bus Scheduling=RMS Scheduling=FPS page 7

First contribution of Requirements definition Verification AADL 2 This techniques paves the way for interleaving analysis and AADL-to-AADL transformations 1 Formal models AADL Generated code It is now implemented as a workflow, describing model transformations, analysis steps, and decisions. page 8

Example of refinement for code generation ARINC partition Periodic task T1 Period = 20 ms Priority = 5 Subprogram_Call: {op1} Periodic Task T2 Period = 10 ms Priority = 2 Subprogram_Call: {op2} ARINC partition Task T1 Priority = 5 Subprogram_Call: { op1;display_blackboard; PERIODIC_WAIT(20) } Periodic Task T2 Priority = 2 Subprogram_Call: { READ_BLACKBOARD;op2; PERIODIC_WAIT(10) } data Par$$on run$me Scheduling=FPS Par$$on run$me Scheduling=FPS page 9

Analysis precision ARINC partition Periodic task T1 Period = 20 ms Priority = 5 Subprogram_Call: {op1} Periodic Task T2 Period = 10 ms Priority = 2 Subprogram_Call: {op2} ARINC partition Task T1 Priority = 5 Subprogram_Call: { op1;display_blackboard; PERIODIC_WAIT(20) } Periodic Task T2 Priority = 2 Subprogram_Call: { READ_BLACKBOARD;op2; PERIODIC_WAIT(10) } data Par$$on run$me Scheduling=FPS Additional CPU consumptions Par$$on run$me Scheduling=FPS Additional memory consumptions page 10

Input semantics variability ARINC partition Periodic task T1 Period = 20 ms Priority = 5 Subprogram_Call: {op1} Periodic Task T2 Period = 10 ms Priority = 2 Subprogram_Call: {op2} Timing=>delayed Default output_rate property value Dequeue_protocol=>AllItems This subset of AADL can be implemented as a lock-free queue [ISORC2013] Removing the delayed property association to another value changes the implementation Similarly, changing the target platform from ARINC to OSEK requires to adapt the code generation. relies on model transformation design pattern to ensure adaptability (template method, strategy, adapter, etc ) [ICECCS2012] page 11

Model Transformations and code generation for AADL BA Code generator for the BA (subset) is integrated in the refinement process Periodic task T1 Period = 20 ms BA: {** **} S1 (initial, complete) Periodic task T1 Period = 20 ms Calls {entry_point} entry (initial) BA {** **} entry_point -[current_state=s1] / {f1();await_dispatch()} -[on dispatch]/f3() -[on dispatch]/f1() -[current_state=s2] / {f2();await_dispatch()} -[on dispatch]/f2() S3 (complete) S2 (complete) -[current_state=s3] / {f3();await_dispatch()} fini (initial) page 12

Consequences on the code generation part Code generation becomes a very simple application Generic code generation for data types, data subcomponents, subprograms, subprogram calls, etc Target specific code generation for initialization of OS data structures (tasks, routing of messages, etc ) ARINC partition Task T1 Priority = 5 Subprogram_Call: { op1;display_blackboard; PERIODIC_WAIT(20) } Periodic Task T2 Priority = 2 Subprogram_Call: { READ_BLACKBOARD;op2; PERIODIC_WAIT(10) } data page 13

Integration status of Directly integrated with the developemennt branch of OSATE (IDE) Open-source, available on our public svn Relies on OS with standardised APIs (uses APEX) Non regression tests based on the open source POK project OSATE, open-source project POK, open-source project page 14

Ongoing and future works Requirements driven selection of model transformations (design space exploration) Interactions with Lab-STICC and UPV on this topic Deployment of generated code on COTS commercial ARINC 653 Operating Systems Interactions with SEI and ISAE Improve the integration of and AADL Inspector Interactions with Ellidiss page 15

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback