Reasoning About the Reliability of Multi-version, Diverse Real-Time Systems

This paper is concerned with the development of reliable real-time systems for use in high integrity applications. It advocates the use of diverse replicated channels, but does not require the dependencies between the channels to be evaluated. Rather it develops and extends the approach of Little wood and Rush by (for general systems) by investigating a two channel system in which one channel, A, is produced to a high level of reliability (i.e. has a very low failure rate), while the other, B, employs various forms of static analysis to sustain an argument that it is perfect (i.e. it will never miss a deadline). The first channel is fully functional, the second contains a more restricted computational model and contains only the critical computations. Potential dependencies between the channels (and their verification) are evaluated in terms of aleatory and epistemic uncertainty. At the aleatory level the events ''A fails" and ''B is imperfect" are independent. Moreover, unlike the general case, independence at the epistemic level is also proposed for common forms of implementation and analysis for real-time systems and their temporal requirements (deadlines). As a result, a systematic approach is advocated that can be applied in a real engineering context to produce highly reliable real-time systems, and to support numerical claims about the level of reliability achieved

A MDE-based optimisation process for Real-Time systems

The design and implementation of Real-Time Embedded Systems is now heavily relying on Model-Driven Engineering (MDE) as a central place to define and then analyze or implement a system. MDE toolchains are taking a key role as to gather most of functional and not functional properties in a central framework, and then exploit this information. Such toolchain is based on both 1) a modeling notation, and 2) companion tools to transform or analyse models. In this paper, we present a MDE-based process for system optimisation based on an architectural description. We first define a generic evaluation pipeline, define a library of elementary transformations and then shows how to use it through Domain-Specific Language to evaluate and then transform models. We illustrate this process on an AADL case study modeling a Generic Avionics Platform

HLA high performance and real-time simulation studies with CERTI

Our work takes place in the context of the HLA standard and its application in real-time systems context. Indeed, current HLA standard is inadequate for taking into consideration the different constraints involved in real-time computer systems. Many works have been invested in order to provide real-time capabilities to Run Time Infrastructures (RTI). This paper describes our approach focusing on achieving hard real-time properties for HLA federations through a complete state of the art on the related domain. Our paper also proposes a global bottom up approach from basic hardware and software basic requirements to experimental tests for validation of distributed real-time simulation with CERTI

Simulation of Real-Time Scheduling with Various Execution Time Models

Presented during the Work-in-Progress session (WiP session)International audienceIn this paper, we present SimSo, a simulator that aims at facilitating the design of experimental evaluations for real-time scheduling algorithms. Currently, more than twenty-five algorithms were implemented. Special attention is paid to the execution time model of tasks. We show that the worst-case execution time for experimental simulation can introduce a bias in evaluation and we discuss as a work in progress how cache effects could be taken into consideration in the simulation

A Generative Programming Framework for Adaptive Middleware

Historically, many distributed real-time and embedded (DRE) systems were developed manually from scratch, leading to stove-piped solutions that while correct in both functional and QoS properties were very expensive to develop and difficult to maintain and extend. First-generation middleware technologies such as CORBA 2.x [1], XML [2], and SOAP [3], served to shield application developers from low-level platform details, thus raising the level of abstraction at which distributed systems are developed and supporting reuse of infrastructure to amortize development costs over the lifetime of a system. However, interdependencies between services and object interfaces resulting from these programming models significantly limited the degree of reuse that could be achieved in practice. Component middleware technologies such as the CORBA Component Model (CCM) [4], J2EE [5], and .NET [6], were developed to address many of these limitations. In CCM, for example, standardization of component containers, ports, and homes offered a framework within which reuse of server as well as client infrastructure was facilitated. Component-oriented middleware has addressed a wide range of application domains, but unfortunately for DRE systems, the focus of these technologies has been primarily on functional and not QoS properties. For example, although CCM supports configuration of functional component attributes like their interconnections, key QoS attributes for DRE systems, such as execution times and invocation rates are inadequately configurable through conventional CCM [7]. Research on QoS-aware component models such as the CIAO project [8, 7] is showing significant promise in making QoS configuration a first-class part of the component pro-gramming model, thus further reducing accidental complex-ities of building DRE systems. However, it is important to note a fundamental difference between configuration of functional and QoS properties even within such a unified compo-nent model: the dominant decomposition of functional properties is essentially object-oriented, while the dominant decomposition of QoS properties is essentially aspect-oriented. That is, functional properties tend to be stable with respect to component boundaries and configuration lifecycle stages, while QoS properties tend to cross-cut component boundaries, and may be revised as more information is known in later configuration stages [7]. In this paper, we describe how a focus on aspect frameworks for configuring QoS properties both com-plements and extends QoS-aware component models. This paper makes three main contributions to the state of the art in DRE systems middleware. First, it describes a simple but representative problem for configuring QoS aspects that cross-cut both architectural layers and system lifecycle boundaries, which motivates our focus on aspect frameworks. Second, it provides a formalization of that problem using first order logic, which both guides the design of aspect configuration infrastructure, and offers a way to connect these techniques with model-integrated computing [9] approaches to further reduce the programming burden on DRE system developers. Third, it describes alternative mechanisms to ensure correct configuration of the aspects involved, and notes the phases of the DRE system lifecycle at which each such configuration mechanism is most appropriate

Reliability prediction in model driven development

Evaluating the implications of an architecture design early in the software development lifecycle is important in order to reduce costs of development. Reliability is an important concern with regard to the correct delivery of software system service. Recently, the UML Profile for Modeling Quality of Service has defined a set of UML extensions to represent dependability concerns (including reliability) and other non-functional requirements in early stages of the software development lifecycle. Our research has shown that these extensions are not comprehensive enough to support reliability analysis for model-driven software engineering, because the description of reliability characteristics in this profile lacks support for certain dynamic aspects that are essential in modeling reliability. In this work, we define a profile for reliability analysis by extending the UML 2.0 specification to support reliability prediction based on scenario specifications. A UML model specified using the profile is translated to a labelled transition system (LTS), which is used for automated reliability prediction and identification of implied scenarios; the results of this analysis are then fed back to the UML model. The result is a comprehensive framework for addressing software reliability modeling, including analysis and evolution of reliability predictions. We exemplify our approach using the Boiler System used in previous work and demonstrate how reliability analysis results can be integrated into UML models