Translating AADL into BIP Application to the Verification of Real time Systems

Similar documents
Model Based Architecting and Construction of Embedded Systems

Schedulability Analysis of AADL Models

Prototyping of Distributed Embedded Systems Using AADL

The Montana Toolset: OSATE Plugins for Analysis and Code Generation

The AADL Behavioural annex 1

COTRE as an AADL profile

Component-based Construction of Heterogeneous Real-time Systems in BIP

Cyber Physical System Verification with SAL

AADS+: AADL Simulation including the Behavioral Annex

An Information Model for High-Integrity Real Time Systems

Introduction to AADL 1

Presentation of the AADL: Architecture Analysis and Design Language

Modeling Heterogeneous Real-time Components in BIP

Process-Algebraic Interpretation of AADL Models

WebGME-BIP: A Design Studio for Modeling Systems with BIP. Anastasia Mavridou, Joseph Sifakis, and Janos Sztipanovits

Executable AADL. Real Time Simulation of AADL Models. Pierre Dissaux 1, Olivier Marc 2.

Workshop 1: Specification for SystemC-AADL interoperability

Presentation of the AADL: Architecture Analysis and Design Language

An Implementation of the Behavior Annex in the AADL-toolset Osate2

The Architecture Analysis and Design Language and the Behavior Annex: A Denotational Semantics

Architecture Description Languages. Peter H. Feiler 1, Bruce Lewis 2, Steve Vestal 3 and Ed Colbert 4

Pattern-Based Analysis of an Embedded Real-Time System Architecture

Generating Petri Nets from AADL descriptions. Thomas Vergnaud

AADL to build DRE systems, experiments with Ocarina. Jérôme Hugues, ENST

A System Dependability Modeling Framework Using AADL and GSPNs

From MDD back to basic: Building DRE systems

arxiv: v1 [cs.se] 2 Mar 2015

ADeS presentation. a simulator for AADL v Amélie Schyn Romain Sezestre Jean-François Tilman

AADL Simulation and Performance Analysis in SystemC

RAMSES. Refinement of AADL Models for the Synthesis of Embedded Systems. Etienne Borde

Modelling of PnP Weapon Systems with AADL Protocol Behaviour

Architecture Modeling and Analysis for Embedded Systems

Formal Verification of AADL models with Fiacre and Tina

A Multi-Modal Composability Framework for Cyber-Physical Systems

Dealing with AADL end-to-end Flow Latency with UML Marte.

Using the AADL for mission critical software development paper presented at the ERTS conference, Toulouse, 21 January 2004

UML&AADL 11 An Implementation of the Behavior Annex in the AADL-toolset OSATE2

An Efficient Modeling and Execution Framework for Complex Systems Development

Programming Languages for Real-Time Systems. LS 12, TU Dortmund

How useful is the UML profile SPT without Semantics? 1

AADL performance analysis with Cheddar : a review

AADL Generative Implementation Annex

2. Introduction to Software for Embedded Systems

AADL : about code generation

Ada and Real-Time. Prof. Lars Asplund. Mälardalen University, Computer Science

Real Time & Embedded Systems. Final Exam - Review

Timing Analysis of Parallel Software Using Abstract Execution

CIS 1.5 Course Objectives. a. Understand the concept of a program (i.e., a computer following a series of instructions)

Synchronous Specification

Developing Dependable Software-Intensive Systems: AADL vs. EAST-ADL

Model Editing & Processing Tools. AADL Committee, San Diego February 4th, Pierre Dissaux. Ellidiss. Technologies w w w. e l l i d i s s.

Investigation of System Timing Concerns in Embedded Systems: Tool-based Analysis of AADL Models

SAE AADL Error Model Annex: Discussion Items

Scheduling Algorithm and Analysis

Fast and Accurate Source-Level Simulation Considering Target-Specific Compiler Optimizations

Real-Time Implementation of BIP: Clocks and Real-Time Constraints

Flow Latency Analysis with the Architecture Analysis and Design Language (AADL)

Promela and SPIN. Mads Dam Dept. Microelectronics and Information Technology Royal Institute of Technology, KTH. Promela and SPIN

Real-time operating systems and scheduling

Chapter 13. Concurrency ISBN

Reinhard v. Hanxleden 1, Michael Mendler 2, J. Aguado 2, Björn Duderstadt 1, Insa Fuhrmann 1, Christian Motika 1, Stephen Mercer 3 and Owen Brian 3

System-level Co-simulation of Integrated Avionics Using Polychrony

Embedded Software Programming

Update on Behavior Language for Embedded Systems with Software for Proof Based Analysis of Behavior

This is an author-deposited version published in: Eprints ID: 3664

Thirty one Problems in the Semantics of UML 1.3 Dynamics

An Introduction to UPPAAL. Purandar Bhaduri Dept. of CSE IIT Guwahati

6.1 Motivation. Fixed Priorities. 6.2 Context Switch. Real-time is about predictability, i.e. guarantees. Real-Time Systems

AADL Application modeling with MARTE Madeleine Faugère, Timothée Bourdeau THALES Research and Technology Robert de Simone INRIA Sébastien Gérard CEA

OMEGA2. Profile & tools for system modelling and verification with UML 2.x & SysML. Iulian OBER, Iulia DRAGOMIR IRIT / University of Toulouse

Tasks. Task Implementation and management

Implementing Scheduling Algorithms. Real-Time and Embedded Systems (M) Lecture 9

Model-Driven Engineering Approach for Simulating Virtual Devices in the OSATE 2 Environment

Operational Semantics. One-Slide Summary. Lecture Outline

Compositional Translation of Simulink Models into Synchronous BIP

Towards A Formal Theory of On Chip Communications in the ACL2 Logic

From AADL to Timed Abstract State Machine: A Certified Model Transformation

Adapting models to model checkers, a case study : Analysing AADL using Time or Colored Petri Nets

Definition, Semantics, and Analysis of Multirate Synchronous AADL

System-level co-modeling AADL and Simulink specifications using Polychrony (and Syndex)

Impact of Runtime Architectures on Control System Stability

TinyOS. Lecture Overview. UC Berkeley Family of Motes. Mica2 and Mica2Dot. MTS300CA Sensor Board. Programming Board (MIB510) 1.

Resource-bound process algebras for Schedulability and Performance Analysis of Real-Time and Embedded Systems

Processes (Tasks) and operating systems. Why multiple processes? Example: engine control

AO4AADL Compiler. Sihem Loukil. June 2011

Timing Analysis Enhancement for Synchronous Program

Editor. Analyser XML. Scheduler. generator. Code Generator Code. Scheduler. Analyser. Simulator. Controller Synthesizer.

On 17 June 2006, the editor provided the following list via an to the convener:

The Ocarina Tool Suite. Thomas Vergnaud

Improving Interrupt Response Time in a Verifiable Protected Microkernel

Proc. XVIII Conf. Latinoamericana de Informatica, PANEL'92, pages , August Timed automata have been proposed in [1, 8] to model nite-s

AADL Inspector Tutorial. ACVI Workshop, Valencia September 29th, Pierre Dissaux. Ellidiss. Technologies w w w. e l l i d i s s.

Chapter Machine instruction level 2. High-level language statement level 3. Unit level 4. Program level

TIMES A Tool for Modelling and Implementation of Embedded Systems

Model-based Analysis of Event-driven Distributed Real-time Embedded Systems

Automatically adapt Cheddar to users need

Platform modeling and allocation

FSP Language Specification

A System Performance in Presence of Faults Modeling Framework Using AADL and GSPNs

A discrete-event simulator for early validation of avionics systems

Transcription:

Toulouse, France (in conjunction with MODELS 2008) 1st International Workshop on Model Based Architecting and Construction of Embedded Systems (ACESMB 2008) Translating AADL into BIP Application to the Verification of Real time Systems M.Y.Chkouri, A.Robert, M.Bozga, J.Sifakis Laboratoire : VERIMAG Centre Équation - 2, avenue de Vignate 38610 GIÈRES 1

Motivation Provide a general methodology for transforming AADL models into BIP: AADL suffers from the absence of concrete operational semantics. Provide an execution environment for AADL models Enable the application of formal verification techniques already developed for BIP to AADL 2

Outline Overview of AADL Overview of BIP Translation AADL to BIP Case study Conclusion 3

Overview of AADL AADL = Architecture Analysis and Design Language Standardized by the SAE (Society of Automotive Engineers). Dedicated to the modeling and specification of complex Real time embedded systems. Describe the structure of component based system as an assembly of software components mapped onto an execution platform. 4

Component categories Software category Execution platform category Composite category Data Subprogram Process Thread Processor Memory Bus Device System 5

Software category (1/2) The data component type represents a data type in the source text that defines a representation and interpretation for instances of data. A subprogram component represents an execution entrypoint in source text. A subprogram call sequence is declared in a subprogram or thread implementation. data Person end Person; data implementation Person.impl subcomponents end Person.impl; Name : data string; Adress: data string; Age : data integer; subprogram operation features A: in parameter integer; B: in parameter integer; result: out parameter integer; end operation; 6

Software category (2/2) A thread represents a sequential ilflow of control that executes instructions i within a binary image produced from source text. A thread always executes within the virtual address space of a process; Several types of thread exist : Periodic, Sporadic, Aperiodic, Background. A process represents a virtual it address space. To be complete, the implementation of a process must contain at least one thread or thread group subcomponent. thread sensor features inp : in data port integer; outp : out event port; properties Dispatch protocol=>periodic; Period => 20ms; end sensor; process implementation Partition.Impl subcomponents Sensor_A : thread Sensor Thread.A; Data_Fusion: thread Fusion Thread.Impl; Alrm 1 : thread Alrm Thread.Impl; connections data port Sensor A.outp->Data Fusion.inpA; A; end Partition.Impl; event port Sensor A.launch alrm->alrm >Alrm.launch launch 7

Execution platform category A processor is the execution platform component that is capable of scheduling and executing threads. A memory component represents an execution platform component that stores binary images. A bus component represents an execution platform ltf component that t can exchange control and data between memories, processors, and devices. A device component represents an execution platform component that provides an interface with the external environment. 8

System A system component represents an assembly of software and execution platform components. It is the only composite category. system Platform end Platform; system implementation Platform.Impl subcomponents Part : process Partition.Impl; p : processor myprocessor ;... end Platform.Impl; 9

Connection & Port A connection is a linkage that represents communication i of data and control between components. Types of connections: Port connection Parameter connection A port is a logical lconnection point tbt between components that t can be used for the transfer of control and data. Three directions: input port (in) output port (out), bidirectional port (in out). Three types of port: data port, event port, event data port. 10

Outline Motivation Overview of AADL Overview of BIP Translation AADL to BIP Case study Conclusion 11

Overview of BIP Component based modeling: The BIP framework BIP = Behavior Interaction Priority BIP is a framework for modelling heterogeneous real-time components. Priorities (Memoryless Controller) Interaction Model (Connectors on typed ports) B E H A V I O R 12

BIP framework Atomic component Atomic component : An atomic component is composed of: a set of ports, e.g, {in, out} a set of control llocations, e.g, {Si, Sj} a set of variables, a set of transitions 13

BIP framework Composition A connector is a set of ports which can be involved in an interaction. Port types (complete, incomplete ) are used to distinguish i i between ports which may or must interact. tick1 tick2 tick3 out1 in2 in3 Interactions: {tick1,tick2,tick3},, {out1}, {out1,in2}, {out1,in3}, {out1,in2,, in3} 14

BIP Tools BIP Editor BIP Program BIP Compiler BIP MetaModel BIP Model Structural analysis BIP Transformations Code Generation deadlock detection invariant generation D-Finder Verification Model checking Exploration Engine Interactive Simulation execution, guided/exhaustive simulation 15

Outline Motivation Overview of AADL Overview of BIP Translation AADL to BIP Case study Conclusion 16

Translation from AADL to BIP Structural translation summary: AADL Software component: Subprogram Data Thread Process Hardware component: Processor (scheduling) Device System Connection Annex behavior BIP Atomic/Compound component Data : C/C++ structure Atomic component Atomic component Atomic component Atomic component Compound component Connector Behavior (state/transition) 17

Translation from AADL to BIP Structural translation summary: AADL Software component: Subprogram Data Thread Process Hardware component: Processor (scheduling) Device System Connection Annex behavior BIP Atomic/Compound component Data : C/C++ structure Atomic component Atomic component Atomic component Atomic component Compound component Connector Behavior (state/transition) 18

AADL subprogram : BIP model AADL : in parameter Annex behavior out parameter out event data port (thread or subprogram) BIP : call (parameter) return (parameter) IDLE return call data port Annex behavior 19

AADL thread : BIP model load stop abort get_exec req_exec complete preempt in_port out_port HALTED (in_data) (out_data) abort stop INIT load not_ready low<t<high ready complete SUSPENDED activation READY FINISH no more port get_exec RESUME preempt out_port get_exec COMPUTE OUTPUTS low<t<high deadline clock>deadline in_port in_port overflow ERROR 20

AADL Processor : BIP component dispatch ready finish IDLE IDS finish all_false(ids) finish i/ids[i].ready ready ready WAIT_END dispatch (SelectedID) CHOICE ready SelectedID 21

System : BIP compound component 22

Annex Behavior Specification The behavioral annex describes a transition system [ annex behavior_specification ifi {** [ state variables (Identifier : data_type;)+ ] [ initial (<assignment> ; )+ ] Included in the variables part Included in the Initialization part states (state_identifier : [initial] [return] [complete] state;)+ transitions ( <state_identifier> -[ <guard> ]-> <state_identifier> { <action>* }; )+ **}; ] 23

Guard AADL : <guard> ::= [on <expression> >] <event> [when<expression>] <expression> BIP : on <event> [provided <expression>] provided <expression> when part expresses a past condition over the data to be read. Action AADL : <action> ::= computation ( expression, expression ) ; delay ( expression, expression ); communication ; assignment ; if ( expression ) action (elsif ( expression ) action)* ( else action )? end if ; BIP : Transition Or Set of transition connected -- expresses use of the cpu for a non-deterministic period of time between min and max. -- expresses a suspension for a non-deterministic period of time between min and max. 24

Tool architechture 25

Outline Motivation Overview of AADL Overview of BIP Translation AADL to BIP Case study Conclusion 26

Case study (1/4) Flight computer : http://aadl.enst.fr/arc/doc/ 27

Case study (2/4) BIP Flight computer : 28

Case study (3/4) BIP Verification : BIP exploration engine, generates a Labeled Transition System (LTS). Model checking by Aldebaran: Checks for deadlock-freedom. Model checking with observers: Observers allow us to express in a simple manner most safety requirements. Verification of thread deadlines. Verification of synchronization between components: 29

Case study (4/4) BIP Flight computer : 30

Outline Motivation Overview of AADL Overview of BIP Translation AADL to BIP Case study Conclusion 31

Conclusion We provide a translation from AADL to BIP, which has an operational semantics formally defined in terms of labelled transition systems. Translation allows simulation of AADL models, as well as application verification techniques, such as state exploration (using IF toolset) or component based deadlock detection (D Finder tool). Limitation : there are AADL features ignored : bus, memory, Future work : incorporating features that will appear with V2.0 of the AADL standard. 32

Thank you 33

AADL subprogram subprogram sub 1 sub n Annex behavior Annex behavior parameter connexion out event data port connexion 34

BIP : Compound component sub 1 idle sub n idle return 1 call 1 data port return call data port n n 1 n Annex behavior Annex behavior call 1 return 1 call n return n call 1 return 1 call n return n return finish idle ( thread or subprogram ) call return return n wait_return n call n call wait_call 1 call 1 Call_sequence wait_call n return 1 wait_return 1 35

AADL Processes: BIP Component Process States and Transition 36

AADL thread : BIP model 37

AADL Processor : BIP component 38

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback