OSATE Analysis Support Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 Julien Delange/Peter Feiler 07/08/2013
Overview of OSATE2 Eclipse-based AADL editor Support for AADLv2.1, up to date with latest standard revisions Support for behavior and error annexes Support for quantitative analysis SEI-based plug-ins (latency, performance, etc.) Third-party plug-ins (code generation, scheduling analysis) OSS development model Public SCM and bugtrack, open to external contribution Licensed under EPL license 2
Generic OSATE Support Report generation of Problem View Problem contains analysis results organized by Marker types HTML based report can be generated from Problems View Graphical viewer (IMV) Nested component hierarchy Flows, modes, and component/feature filters Bindings Propagations Error tagging Analysis Reports Many analyses produce detailed reports in CSV format Generated reports are maintained in Reports folder 3
Example Detailed Reports 4
Architecture consistency Required connection checking All ports with required connections are connected Binding consistency checking Does HW connection exist to support SW connections Data interchange consistency (port connection consistency) Data_Model::Measurement unit, base type, data size, data rate, (core)input/output rate ARINC429 protocol mapping consistency ARINC429::Word ID, First Bit, number of Bits Safety/security level checking SEI::SecurityLevel, SafetyCriticality in direction of port connection flow Stream miss rate checking SEI::StreamMissRate Confidentiality (Bell LaPadula) original Java-based in OSATE1.5 5
Architecture dependency Dependency Structure Matrix (DSM) import/export, Lattix Fault analyses FHA Fault impact Unhandled faults FTA RBD PRISM 6
Resource Analysis Electrical power distribution Multi-level power distribution (substations) Bus as power distribution unit Power providers and consumers Bus access with PowerSupply and PowerBudget properties SEI::PowerCapacity, PowerSupply, PowerBudget Weight/mass SEI::NetWeight, GrossWeight, WeightLimit Rollup and comparison against GrossWeight and WeightLimit at each level of the hierarchy RAM/ROM memory RAM/ROM actual, budget & capacity Totals and bound totals 7
Resource Analysis Processor MIPS SEI::MIPSCapacity, MIPSBudget For processor and virtual processor Virtual processor budget is its capacity System wide capacity and budget totals Resource specific capacity and budget totals based on bindings Accounts for virtual processor bindings No double counting of virtual processor and bound threads MIPS budget rollup for each level of hierarchy At thread level compares period and WCET against budget Accounts for processor speed Scaling based on MIPSCapacity ratios with respect to a specified ReferenceProcessor 8
Resource Analysis SEI::BandwidthCapacity, BandwidthBudget System wide totals (not very useful) Resource specific capacity and budget totals based on bindings Explicit connection bindings If not present, inferred bindings based on sender/receiver processor bindings Accounts for virtual bus bindings If specified compares period and port data size to bandwidth budgets 9
Resource allocation and scheduling analysis Priority inversion Periodic tasks with explicit priority assignment use of priority property (core) RMA/EDF for periodic tasks without shared logical resources Assumes bound threads Binpacking resource allocation Balanced processor load vs. minimal # of processors Minimized network traffic Accounts for binding and co-location constraints RMA/EDF schedulability Accounts for virtual processors ARINC653 Analyses LUTE based Configuration consistency Partition latency 10
Flow latency analysis Worst-case lower bound Incrementally increasing fidelity Flow spec based & based on actuals Sampling latency and port queue latency Thread-based and partition-based sampling latency Partitions based on properties & on virtual processor Immediate, sampling, and delayed connections Connection latency Based on latency property on connection Based on connection binding Connection binding derived from processor binding Explicit connection binding Bus latency based on transmission properties & data size 11
Fault impact analysis Utilizes error propagations and error flows System internal error source External error sources (incoming propagation of outermost system) Propagation paths for connection instances and bindings From all outgoing propagations up the hierarchy to the lowest level incoming propagation Handling of out only (to external) and in only (from external) connections Handling of processor and memory binding Error flows Paths and sinks Handling of subtypes of propagated type token Type mapping from error path source to target Detection of type token specific propagation cycles If absent, then use core model flows or to all outgoing propagations Handling of inherited propagation within feature group 12
Fault impact analysis Incomplete specifications Missing out propagation to handle incoming propagation Missing incoming propagations at connection destination Missing connections to handle outgoing propagation Type token not in type constraint Missing external out propagation at root system Coming up Handling of connection binding Handling of connection error source Interpretation of component error behavior State transitions triggered by incoming propagations and error events Out propagation conditions 13
Fault Impact Analysis Example Report 14
Copyright 2013 Carnegie Mellon University This material is based upon work funded and supported by the Department of Defense under Contract No. FA8721-05-C-0003 with Carnegie Mellon University for the operation of the Software Engineering Institute, a federally funded research and development center. NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN AS-IS BASIS. CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. This material has been approved for public release and unlimited distribution. This material may be reproduced in its entirety, without modification, and freely distributed in written or electronic form without requesting formal permission. Permission is required for any other use. Requests for permission should be directed to the Software Engineering Institute at permission@sei.cmu.edu. DM-0000087 15