An implementation of the behavior annex in the AADL-toolset Osate2

AADL is a modeling language to design and analyze High-Integrity Distributed and Real-time systems. Embedded sub-languages published as AADL annexes extend an AADL model to enhance analysis. The behavior annex specifies the behavior of an AADL application model. An implantation of this annex allows to perform behavior analysis. In addition, as there are several AADL annexes, the implementation of generic mechanisms to support each one of them is challenging. The behavior annex is a valid candidate to illustrate these challenges by combining several sub-languages. In this paper we expose our experiment to support the behavior annex in the reference AADL toolset OSATE2. This one, supports the AADL version 2 by providing a front-end and a set of analysis plug-ins to analyze an AADL model

AADLib, A Library of Reusable AADL Models

The SAE Architecture Analysis and Design Language is now a well-established language for the description of critical embedded systems, but also cyber-physical ones. A wide range of analysis tools is already available, either as part of the OSATE tool chain, or separate ones. A key missing elements of AADL is a set of reusable building blocks to help learning AADL concepts, but also experiment already existing tool chains on validated real-life examples. In this paper, we present AADLib, a library of reusable model elements. AADLib is build on two pillars: 1/ a set of ready-to- use examples so that practitioners can learn more about the AADL language itself, but also experiment with existing tools. Each example comes with a full description of available analysis and expected results. This helps reducing the learning curve of the language. 2/ a set of reusable model elements that cover typical building blocks of critical systems: processors, networks, devices with a high level of fidelity so that the cost to start a new project is reduced. AADLib is distributed under a Free/Open Source License to further disseminate the AADL language. As such, AADLib provides a convenient way to discover AADL concepts and tool chains, and learn about its features

Cyber-physical systems design: transition from functional to architectural models

Normally, the design process of Cyber-Physical Systems (CPSs) starts with the creation of functional models that are used for simulation purposes. However, most of the time such models are not directly reused for the design of the architecture of the target CPS. As a consequence, more efforts than strictly necessary are spent during the CPS architecture design phase. This paper presents an approach called Assisted Transformation of Models (AST), which aims at transforming functional (simulation) models designed in the Simulink environment into architectural models represented in the Architecture Analysis and Design Language. Using AST, designers can perform a smooth transition between these two design phases, with an additional advantage of assuring the coupling between functional and architectural models. The use and benefits of AST are exemplified in the paper in a study devoted to for the design of a typical CPS: an Unmanned Aerial Vehicle.CAPE

Une approche intégrée pour la validation et la génération de systèmes critiques par raffinement incrémental de modèles architecturaux

The increasing complexity of distributed realtime and embedded (DRE) systems and their implication in various domains imply new design and development methods. In safety- criticial domains such as space, aeronautical, transport or medicine, their failure could result in the failure of the mission, or in dramatic damages such as human losses. This particular class of systems comes with strong requirements to satisfy safety, reliability and security properties. The Model-driven Engineering (MDE) introduces the concept of «model» - an abstract description of the system and a set of tools (editor, transformation engine, code generator) to simplify and automatize the design, the validation and the implementation of the system. Thus, various abstractions are realized using different domain-specific modeling languages in order to assess one particular aspect of the system and to re-use model-based analysis tools and generative technologies. These various representations may share some commonalities but the consistency between them is hard to validate (for example : Is the analyzed system the same as the generated one ?).This PhD thesis leverages MDE concepts and mechanisms, to enhance the reliability of the model-based development process of DRE systems. Our approach is based on the definition of the architectural and behavioral modeling language AADLHI Ravenscar, a restriction of AADL (Architecture Analysis & Design Language) and its behavioral annex. This subset of AADL constructs, comes up with a semantic close to the one of an imperative programming language, to drive both the analysis and the code generation of the application components and its relying execution platform (middleware) components...L’augmentation de la complexité des systèmes temps-réel répartis embarqués (TR2E) et leur implication dans de nombreux domaines de notre quotidien imposent de nouvelles mé thodes de réalisation. Dans les domaines dits critiques (transport, médecine...) ces systèmes doivent satisfaire des contraintes dures pour garantir leur bon fonctionnement et éviter toutes défaillances qui engendreraient des conséquences financières ou humaines dramatiques. L’Ingénierie Dirigée par les Modèles (IDM) introduit le “modèle” - i.e. une description abstraite du système - et un ensemble d’outils (édition, transformation...) permettant la simplification et l’automatisation des étapes de conception, de validation et de génération du système. Ainsi, différentes abstractions du système sont élaborées dans des formalismes spécifiques de manière à couvrir un aspect du système et à permettre la réutilisation des outils d’analyse et de génération existants. Cependant, ces multiples représentations évoluent à des niveaux d’abstractions différents et il n’est pas toujours évident de mettre en corrélation système analysé et système généré. Ce travail de thèse exploite les concepts et les mécanismes offerts par l’IDM pour améliorer la fiabilité du processus de réalisation des systèmes critiques basé sur les modèles. L’approche que nous avons définie repose sur la définition du langage de modélisation architecturale et comportementale AADL-HI Ravenscar - un sous-ensemble du langage AADL (Architecture Analysis & Design Language) et de son annexe comportementale - contraint pour permettre conjointement l’analyse et la génération de l’ensemble des composants de l’application y compris de son exécutif, avec une sémantique proche d’un langage de programmation impératif..

Transformação assistida de modelos: mecanismo de suporte para o desenvolvimento de cyber-physical systems

Tese (doutorado) - Universidade Federal de Santa Catarina, Centro Tecnológico, Programa de Pós-Graduação em Engenharia de Automação e Sistemas, Florianópolis, 2014O termo Cyber-Physical System representa um dispositivo eletrome-mecânico controlado por um sistema baseado em computador, exemplos deste tipo de sistema incluem robôs, aviões, redes inteligentes, entre outros. Devido a natureza multidisciplinar dos Cyber-Physical Systems, eles normalmente são projetados utilizando diferentes modelos. A perspectiva "cibernética" deste tipo de sistema pressupõe a existência de: (i) um modelo matemático que representa a dinâmica do sistema físico, (ii) algoritmos de controle, e (iii) um projeto do sistema computacional embarcado. Dentro deste contexto, esta tese de doutorado investiga uma forma de abordar adequadamente o projeto do sistema computacional embarcado de um Cyber-Physical System baseada na modelagem funcional do mesmo. Buscando evitar desta forma a criação de modelos funcionais e arquitetônicos dissociados, e além disso, promover uma abordagem de projeto dirigido por modelos, proporcionando benefícios como a independência de plataforma, níveis de abstração mais altos, e a reutilização de informações. Como resultado da pesquisa realizada, e apresentada uma solução que ajuda a realizar a transição do modelo funcional para o modelo de arquitetura de software durante o processo de desenvolvimento de um Cyber-Physical System. Para isso, é sugerido como relacionar elementos de um modelo funcional com elementos de um modelo de arquitetura. A solução proposta, chamada de "Transformação Assistida de Modelos (AST)", fornece suporte para a transformação de modelos Simulink utilizados para a modelagem funcional em modelos arquitetônicos expressos em AADL, e aumenta a confiabilidade de que os modelos funcional e arquitetural são consistentes entre si, uma vez que diminui ocorrência de erros de inconsistência de interface (portas, tipos de dados e conexões) entre os mesmos. A AST contribui portanto, com a implantação/integração de aplicativos vericados em arquiteturas validadas tornando o processode desenvolvimento de Cyber-Physical Systems mais robusto. Durante os experimentos, realizados na forma de estudos de caso, os modelos gerados pela AST mostraram-se passíveis de análises sintáticas, verificações comportamentais, e análises de escalonabilidade e de la-tência de fluxos, o que serviu para reforçar a escolha pelo de o uso de modelos AADL durante o processo de desenvolvimento de CPS. Também foi implementado no escopo desta pesquisa, o protótipo de uma ferramenta computacional que automatiza a aplicação da solução proposta. O protótipo foi implementado utilizando a linguagem de programação Java, e empacotado como um plugin para ser usado dentro do ambiente OSATE (Open Source Architectural Environment Tool ), que é um processador de modelos AADL que roda dentro do Eclipse. O plugin em questão, chamado de AS2T, também pode ser considerado uma alternativa para estender a cadeia de transformação de modelos do ambiente TOPCASED, que é um ambiente OpenSource para desenvolvimento de sistemas embarcados críticos que também faz uso do OSATE.Abstract: Cyber-Physical System (CPS) is a denomination used to represent an electro-mechanical device controlled by a computerized system. Examples of CPS include robots, airplanes, smart grids, among others. Due to the multidisciplinary nature of CPSs, they are normally de-signed using different models. The "cybernetic" perspective assumes the existence of: (i) a mathematical model that represents the dynamics of the physical system, (ii) some control algorithms, and (iii) a design of the embedded computing system. In this context, this thesis investigates a way to adequately address the design of the architecture embedded computing system of a CPS based on apreliminary functional model. Looking forward to avoid the creation of decoupled functional and architectural models and aiming to promote a model-based design approach for CPS, the proposed approach targets using higher levels of abstraction and model-information reuse. The solution presented in this thesis is named "Assisted Transformation of Models" (AST), it focuses on discussing how to related elements of a functional model with the elements of an architectural model. AST provides support for the transformation of the Simulink models used for the functional modeling into architectural models expressed in AADL. As benets of using the proposed solution, one can see that it increases the reliability that the functional and architectonical models are consistent between themselves, especially when considering the connection interfaces between components (ports and connections data types). Experiments were conducted to validate the proposed transformation process. The generated models were analyzed in respect to the syntax correctness and also regarding additional model analyses, such as behavioral verication and schedulability analysis. The work provides a prototype tool that automates the proposed transformation process. Such tool can be used as plugin from OSATE (Open Source Architectural Environment Tool), which is an AADL processor that runs within Eclipse. The AS2T plugin can be considered an alternative to extend the chain of transformation of models of the TOPCASED environment, which is an OpenSource development environment of critical embedded systems that makes use of OSATE

A development and assurance process for Medical Application Platform apps

Doctor of PhilosophyDepartment of Computing and Information SciencesJohn M. HatcliffMedical devices have traditionally been designed, built, and certified for use as monolithic units. A new vision of "Medical Application Platforms" (MAPs) is emerging that would enable compositional medical systems to be instantiated at the point of care from a collection of trusted components. This work details efforts to create a development environment for applications that run on these MAPs. The first contribution of this effort is a language and code generator that can be used to model and implement MAP applications. The language is a subset of the Architecture, Analysis and Design Language (AADL) that has been tailored to the platform-based environment of MAPs. Accompanying the language is software tooling that provides automated code generation targeting an existing MAP implementation. The second contribution is a new hazard analysis process called the Systematic Analysis of Faults and Errors (SAFE). SAFE is a modified version of the previously-existing System Theoretic Process Analysis (STPA), that has been made more rigorous, partially compositional, and easier. SAFE is not a replacement for STPA, however, rather it more effectively analyzes the hardware- and software-based elements of a full safety-critical system. SAFE has both manual and tool-assisted formats; the latter consists of AADL annotations that are designed to be used with the language subset from the first contribution. An automated report generator has also been implemented to accelerate the hazard analysis process. Third, this work examines how, independent of its place in the system hierarchy or the precise configuration of its environment, a component may contribute to the safety (or lack thereof) of an entire system. Based on this, we propose a reference model which generalizes notions of harm and the role of components in their environment so that they can be applied to components either in isolation or as part of a complete system. Connections between these formalisms and existing approaches for system composition and fault propagation are also established. This dissertation presents these contributions along with a review of relevant literature, evaluation of the SAFE process, and concludes with discussion of potential future work

Integrierte modell- und simulationsbasierte Entwicklung zur dynamischen Bewertung automobiler Elektrik/Elektronik-Architekturen

Die Automobilbranche befindet sich seit einigen Jahren im Wandel. Trends wie autonomes Fahren, Konnektivität, smarte Mobilität sowie die Elektrifizierung führen zu einer drastischen Erhöhung der Fahrzeugkomplexität. Diese Komplexität muss durch die zugrunde liegende Elektrik/Elektronik-Architektur (E/E-Architektur) beherrscht werden und ruft unmittelbare neue Herausforderungen an den Entwicklungsprozess hervor. Design-Entscheidungen der E/E-Architektur haben maßgeblichen Einfluss auf das Verhalten von Fahrzeugfunktionen und umgekehrt. Daher müssen sie möglichst frühzeitig analysiert und evaluiert werden, um kostspielige Fehlerkorrekturen in späten Entwicklungsphasen zu minimieren. Eine frühzeitige Einbindung von Simulationsmethoden ist dabei zentral. Die modellbasierte Architekturentwicklung und Simulation sind jedoch weitestgehend getrennt voneinander laufende Prozesse. Dies erschwert eine effiziente Analyse sowie Bewertung der bidirektionalen Abhängigkeiten zwischen Architektur und Verhalten. Um diese Schwächen zu adressieren, wird in dieser Arbeit eine integrierte Methodik zur modell- und simulationsbasierten Entwicklung von E/E-Architekturen vorgestellt, die sich in drei Teile gliedert. Es werden zunächst neue Methoden zur architekturzentrierten Verhaltensmodellierung eingeführt. Eine nachfolgende Synthese generiert daraus ein Simulationsmodell, welches automatisiert mehrere Abstraktionsebenen der E/E-Architektur miteinander verknüpft und so zu einer ganzheitlichen Betrachtung beiträgt. Mithilfe des integrierten Ansatzes wird zusätzlich ein Konzept entwickelt, das es gestattet, mehrere Architekturvarianten automatisiert bzgl. statischen und dynamischen Metriken gegenüberzustellen. Die Konzepte werden in das in der Automobilindustrie etablierte E/E-Architekturwerkzeug PREEvision® integriert, umgesetzt und anhand mehrerer Anwendungsfälle evaluiert