Model-Based Engineering for the Development of ARINC653 Architectures

Similar documents
ARINC653 toolset: Ocarina, Cheddar and POK

Model-Based Engineering for the Development of ARINC653 Architectures

ARINC653 annex: examples

POK. An ARINC653-compliant operating system released under the BSD licence. Julien Delange, European Space Agency

Involved subjects in this presentation Security and safety in real-time embedded systems Architectural description, AADL Partitioned architectures

ARINC653 and AADL. Julien Delange Laurent Pautet

Generating high-integrity systems with AADL and Ocarina. Jérôme Hugues, ISAE/DMIA

ARINC653 AADL Annex. Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Julien Delange 07/08/2013

Institut Supérieur de l Aéronautique et de l Espace Ocarina: update and future directions

POK, an ARINC653-compliant operating system released under the BSD license

POK User Guide. POK Team

The TASTE MBE development toolchain - update & case-studies

Towards AADL to SystemC mapping for partitioned systems. Etienne Borde Laurent Pautet Marc Gatti

From MDD back to basic: Building DRE systems

RAMSES. Refinement of AADL Models for the Synthesis of Embedded Systems. Etienne Borde

To cite this document

This is an author-deposited version published in: Eprints ID: 3664

An Implementation of the Behavior Annex in the AADL-toolset Osate2

UML&AADL 11 An Implementation of the Behavior Annex in the AADL-toolset OSATE2

AADL : about code generation

This is an author-deposited version published in: Eprints ID: 10292

Model Editing & Processing Tools. AADL Committee, San Diego February 4th, Pierre Dissaux. Ellidiss. Technologies w w w. e l l i d i s s.

Learn AADL concepts in a pleasant way

AADL to build DRE systems, experiments with Ocarina. Jérôme Hugues, ENST

Modeling and verification of memory architectures with AADL and REAL

AUTOBEST: A United AUTOSAR-OS And ARINC 653 Kernel. Alexander Züpke, Marc Bommert, Daniel Lohmann

ARINC653 AADL Annex Update

Executable AADL. Real Time Simulation of AADL Models. Pierre Dissaux 1, Olivier Marc 2.

The Ocarina Tool Suite. Thomas Vergnaud

System-level co-modeling AADL and Simulink specifications using Polychrony (and Syndex)

AUTOBEST: A microkernel-based system (not only) for automotive applications. Marc Bommert, Alexander Züpke, Robert Kaiser.

PROCESS VIRTUAL MEMORY. CS124 Operating Systems Winter , Lecture 18

Fiji VM Safety Critical Java

Certification Authorities Software Team (CAST) Position Paper CAST-25

AADL Subsets Annex Update

AADL committee, Valencia October 2 nd, Pierre Dissaux (Ellidiss) Maxime Perrotin (ESA)

Update on Behavior Language for Embedded Systems with Software for Proof Based Analysis of Behavior

Simulink 모델과 C/C++ 코드에대한매스웍스의정형검증툴소개 The MathWorks, Inc. 1

An Information Model for High-Integrity Real Time Systems

Model-Driven Engineering Approach for Simulating Virtual Devices in the OSATE 2 Environment

PDP 4PS : Periodic Delayed Protocol for Partitioned Systems

Combining SysML and AADL for the Design, Validation and Implementation of Critical Systems

Commercial Real-time Operating Systems An Introduction. Swaminathan Sivasubramanian Dependable Computing & Networking Laboratory

Virtualización. Apolinar González Alfons Crespo

Query Language for AADLv2, Jérôme Hugues, ISAE Serban Gheorghe, Edgewater

This is an author-deposited version published in: Eprints ID: 13515

From the Prototype to the Final Embedded System Using the Ocarina AADL Tool Suite

SPIN Operating System

AADL Tools & Technology. AADL committee 22 April Pierre Dissaux. Ellidiss. T e c h n o l o g i e s. w w w. e l l i d i s s.

Verification and Test with Model-Based Design

MATLAB 에서작업한응용프로그램의공유 : App 에서부터웹서비스까지

AADL Inspector Tutorial. ACVI Workshop, Valencia September 29th, Pierre Dissaux. Ellidiss. Technologies w w w. e l l i d i s s.

Chapter 8: Memory- Management Strategies. Operating System Concepts 9 th Edition

A Model-Based Reference Workflow for the Development of Safety-Related Software

Using SCADE to Develop Mission-critical High-quality Radar Application Software

Rapid Prototyping of Distributed Real-Time Embedded Systems Using the AADL and Ocarina

An implementation of the AADL-BA Behavior Annex front-end: an OSATE2 Eclipse plug-in

TASTE-Linux distribution documentation v1.1

Pattern-Based Analysis of an Embedded Real-Time System Architecture

This is an author-deposited version published in: Eprints ID: 10939

Parallel Assertion Processing using Memory Snapshots

Functional Safety and Safety Standards: Challenges and Comparison of Solutions AA309

Choosing IP-XACT IEEE 1685 standard as a unified description for timing and power performance estimations in virtual platforms platforms

Chapter 39: Concepts of Time-Triggered Communication. Wenbo Qiao

STRAST. UPMSat-2 On-board computers. Grupo de Sistemas de Tiempo Real y Arquitectura de Servicios Telemáticos Universidad Politécnica de Madrid.

Modelling Avionics Architectures

Separating Access Control Policy, Enforcement, and Functionality in Extensible Systems. Robert Grimm University of Washington

Towards the integration of Overture and TASTE

SECURIFY: A COMPOSITIONAL APPROACH OF BUILDING SECURITY VERIFIED SYSTEM

Segmentation with Paging. Review. Segmentation with Page (MULTICS) Segmentation with Page (MULTICS) Segmentation with Page (MULTICS)

Workshop 1: Specification for SystemC-AADL interoperability

Crisis and paradox in distributed-systems development

Sub-capacity (Virtualization) License Counting Rules

Design and Implementation of Real-Time Distributed Systems with the ASSERT Virtual Machine

Advanced Memory Management

SCADE AADL. Thierry Le Sergent, Adnan Bouakaz, Guilherme Goretkin (ANSYS)

Update on AADL Requirements Annex

AADL performance analysis with Cheddar : a review

Operating Systems. 09. Memory Management Part 1. Paul Krzyzanowski. Rutgers University. Spring 2015

This is an author-deposited version published in: Eprints ID: 9287

Tessellation: Space-Time Partitioning in a Manycore Client OS

FDS and Intel MPI. Verification Report. on the. FireNZE Linux IB Cluster

virtual memory Page 1 CSE 361S Disk Disk

Redundancy in fault tolerant computing. D. P. Siewiorek R.S. Swarz, Reliable Computer Systems, Prentice Hall, 1992

Towards a Resilient Operating System for Wireless Sensor Networks

Engineering of Reliable Software Systems

Taming Multi-Paradigm Integration in a Software Architecture Description Language

A Component Model and Software Architecture for CPS

CS 261 Fall Mike Lam, Professor. Virtual Memory

Computer Fundamentals: Operating Systems, Concurrency. Dr Robert Harle

Chapter 8: Memory- Management Strategies. Operating System Concepts 9 th Edition

Chapter 8: Memory- Management Strategies

Platform modeling and allocation

Compute Node Linux (CNL) The Evolution of a Compute OS

International Journal of Current Research and Modern Education (IJCRME) ISSN (Online): ( Volume I, Issue II, 2016

Memory management. Last modified: Adaptation of Silberschatz, Galvin, Gagne slides for the textbook Applied Operating Systems Concepts

SEI/CMU Efforts on Assured Systems

198:231 Intro to Computer Organization. 198:231 Introduction to Computer Organization Lecture 14

INTEGRATING SYSTEM AND SOFTWARE ENGINEERING FOR CERTIFIABLE AVIONICS APPLICATIONS

Model Verification: Return of experience

Transcription:

Model-Based Engineering for the Development of ARINC653 Architectures SAE 2009 AeroTech Congress and Exhibition Julien Delange Olivier Gilles Jérôme Hugues Laurent Pautet

Context ARINC653 systems Time & space isolation across partitions Avoid error propagation, limit damages Partition 1 Partition 2 Rigorous development process ARINC kernel Compliance with certification standards (DO178B) Verify that implementation is compliant with specifications ARINC653 architectures development is still difficult Manual translation of specifications to implementation Huge costs of verification and certification 2 AEROTECH09

Addressing development process complexity Model-Driven Engineering Approaches/languages for modeling Support for system verification Modeling language as source language for implementation AADL, a modeling language for safety-critical systems Safety-critical systems modeling Describe hardware and software concerns Prone to system analysis Used in several projects (AVSI, Flex-eWare, ASSERT,...) 3 AEROTECH09

AADL, backbone language for 653 systems ARINC653 modeling Partitions representation/specification Time and space isolation modeling Requirements Verification (REAL) System verification Check system requirements Detect design errors at an early stage in the development process A A D L m o d e l s Implementation enforces verified requirements Automatic Implementation (Ocarina/POK) Automatic implementation Enforce specification requirements Avoid errors of traditional development methods 4 AEROTECH09

ARINC653 system modeling with AADL ARINC653 module modeling with processor component Specify partitions scheduling requirements (major frame, time slots and slots allocation) Describe health monitoring (HM) configuration at module-level A A D L m o d e l s Requirements verification Partitions modeling with process and virtual processor Process components represent partitions content Virtual processor represent partition runtime HM configuration at partition-level Memory requirements (partition size...) Task Task Task Task Partition process Automatic implementation Partition process ARINC653 annex of the AADL Describe modeling patterns 5 AEROTECH09 Partition VP Partition VP ARINC653 module

Requirements Enforcement Analysis Language (REAL) Verification language for the AADL Extension of the AADL ; annex language Integrated in the Ocarina AADL toolsuite Requirements Verification (REAL) Verification with dedicated theorems Formulas to check components specification Theorems associated to AADL component i.e: «I check that each process contains at least one thread» A A D L m o d e l s Automatic Implementation (Ocarina/POK) Verification of ARINC653 architectures Set of theorems to check ARINC653 architectures with AADL 6 AEROTECH09

Verification patterns example (1) Partition-level scheduling correctness Verification on each node of the distributed system Check that sum of partitions time slots equals the major frame Ensure that each partition is executed Partition 1 needs 1 MB Timeslot : 100ms Partition 2 needs 10 MB Timeslot : 200ms ARINC kernel available memory 5MB;major frame: 300ms Memory requirements Partitions requirements (partition content < requested size) Module requirements (module can allocate enough memory) 7 AEROTECH09

Verification patterns example (2) Error coverage Errors that may be raised are handled A recovery procedure is associated The recovery procedure is correct (i.e: a task cannot restart the module) Recovering strategies trade-off Fault propagation analysis Potential transient or permanent errors Impact between different criticality levels Partition 1 Criticality A Divide by Zero in partition 2! Transient impact on partition 1? Permanent impact on partition 1? Partition 2 Criticality B ARINC module 8 AEROTECH09

Automatic implementation of ARINC653 systems Specific toolchain for automatic implementation Ocarina: AADL toolsuite with code generation facilities POK: ARINC653 OS (BSD-license) Enforce specifications requirements Specifications as source language Avoid different specification interpretations A A D L m o d e l s Requirements Verification (REAL) Improve system confidence Produce highly-criticaly code (ex: HM or scheduling configuration) Specifications previously verified 9 AEROTECH09 Automatic Implementation (Ocarina/POK)

From AADL specifications to ARINC653 code Generate module and partitions code Configure partitions scheduling Set memory requirements Configure communications AADL model Ocarina Compilation with an ARINC653 OS POK, highly configurable OS Automatic configuration from AADL POK, ARINC653 OS Generated code Application code Integration of application-level code Potentially from Simulink, Scade... Compilation/Integration Binary 10 AEROTECH09

Generated code for safety-critical systems Analyze kernel and partitions Generate minimal code Remove unused services Compliance with safety-critical domain No dynamic allocation Low complexity algorithms Task Task Task Task Partition process Partition VP Partition VP ARINC653 module Partition process Code generation process Low memory footprint Fit with safety-critical requirements Partition 1 (~ 10 kb) ARINC kernel (~ 15 kb) Partition 2 (~10 kb) 11 AEROTECH09

Conclusion AADL, backbone language for ARINC653 systems Supports modeling, verification and automatic code generation AADL annex for ARINC653 system modeling Improve implementation confidence Implementation produced from specifications Errors verified at model-level Ongoing work Automatic code coverage analysis A A D L m o d e l s Requirements Verification (REAL) Automatic Implementation (Ocarina/POK) 12 AEROTECH09

Thanks for your attention Visit our AADL portal http://aadl.telecom-paristech.fr 13 AEROTECH09

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback