Analysis of WCET in an experimental satellite software development.

This paper describes a case study in WCET analysis of an on-board spacecraft software system. The attitude control system of UPMSat-2, an experimental micro-satellite which is scheduled to be launched in 2013, is used for an experiment on analysing the worst-case execution time of code automatically generated from a Simulink model. In order to properly test the code, a hardware-in-the-loop configuration with a simulation model of the spacecraft environment has been used as a test bench. The code has been analysed with RapiTime, with some modifications to the original instrumentation routines, in order to take into account the particularities of the test configuration. Results from the experiment are described and commented in the paper

An architectural approach with separation of concerns to address extra-functional requirements in the development of embedded real-time software systems

AbstractA large proportion of the requirements on embedded real-time systems stems from the extra-functional dimensions of time and space determinism, dependability, safety and security, and it is addressed at the software level. The adoption of a sound software architecture provides crucial aid in conveniently apportioning the relevant development concerns. This paper takes a software-centered interpretation of the ISO 42010 notion of architecture, enhancing it with a component model that attributes separate concerns to distinct design views. The component boundary becomes the border between functional and extra-functional concerns. The latter are treated as decorations placed on the outside of components, satisfied by implementation artifacts separate from and composable with the implementation of the component internals. The approach was evaluated by industrial users from several domains, with remarkably positive results

The CONCERTO methodology for model-based development of avionics SW

20th International Conference on Reliable Software Technologies - Ada-Europe 2015 (Ada-Europe 2015), 22 to 26, Jun, 2015, Madrid, Spain.The development of high-integrity real-time systems, including their certification, is a demanding endeavour in terms of time, skills and effort involved. This is particularly true in application domains such as the avionics, where composable design is to be had to allow subdividing monolithic systems into components of smaller complexity, to be outsourced to developers subcontracted down the supply chain. Moreover, the increasing demand for computational power and the consequent interest in multicore HW architectures complicates system deployment. For these reasons, appropriate methodologies and tools need to be devised to help the industrial stakeholders master the overall system design complexity, while keeping manufacturing costs affordable. In this paper we present some elements of the CONCERTO platform, a toolset to support the end-to-end system development process from system modelling to analysis and validation, prior to code generation and deployment. The approach taken by CONCERTO is demonstrated for an illustrative avionics setup, however it is general enough to be applied to a number of industrial domains including the space, telecom and automotive. We finally reason about the benefits to an industrial user by comparing to similar initiatives in the research landscape

Ada Ravenscar Code Archetypes for Component-based Development

We promote a model-driven software development that centres on component-orientation. In keeping with Dijkstra\u2019s principle of separation of concerns, we want the user design space to be limited to the internals of components \u2013 for which strictly sequential functional code is to be used \u2013 and the interfaces provided to and required from other components, where extra-functional requirements are declaratively specified by means of annotations. We want the user model to be directly amenable to response time analysis. To this end we prescribe that the component model must statically bind to a computational model that matches the analysis theory in use. We want to ensure semantic preservation across the entire transformation chain, from the user model, to the analysis model, to the implementation model (i.e., the code) and, eventually to the execution environment. The Ada Ravenscar Profile is an excellent candidate implementation language for use in our endeavour. In this paper we present a set of code archetypes written against the constraints of the Ravenscar Profile, which we developed in conformance with our notion of separation of concerns, to drive the model to code transformation step of our development infrastructure