Software dependability modeling using an industry-standard architecture description language

Performing dependability evaluation along with other analyses at architectural level allows both making architectural tradeoffs and predicting the effects of architectural decisions on the dependability of an application. This paper gives guidelines for building architectural dependability models for software systems using the AADL (Architecture Analysis and Design Language). It presents reusable modeling patterns for fault-tolerant applications and shows how the presented patterns can be used in the context of a subsystem of a real-life application

A synthesis of logic and bio-inspired techniques in the design of dependable systems

Much of the development of model-based design and dependability analysis in the design of dependable systems, including software intensive systems, can be attributed to the application of advances in formal logic and its application to fault forecasting and verification of systems. In parallel, work on bio-inspired technologies has shown potential for the evolutionary design of engineering systems via automated exploration of potentially large design spaces. We have not yet seen the emergence of a design paradigm that effectively combines these two techniques, schematically founded on the two pillars of formal logic and biology, from the early stages of, and throughout, the design lifecycle. Such a design paradigm would apply these techniques synergistically and systematically to enable optimal refinement of new designs which can be driven effectively by dependability requirements. The paper sketches such a model-centric paradigm for the design of dependable systems, presented in the scope of the HiP-HOPS tool and technique, that brings these technologies together to realise their combined potential benefits. The paper begins by identifying current challenges in model-based safety assessment and then overviews the use of meta-heuristics at various stages of the design lifecycle covering topics that span from allocation of dependability requirements, through dependability analysis, to multi-objective optimisation of system architectures and maintenance schedules

Model transformation for multi-objective architecture optimisation for dependable systems

Model-based engineering (MBE) promises a number of advantages for the development of embedded systems. Model-based engineering depends on a common model of the system, which is refined as the system is developed. The use of a common model promises a consistent and systematic analysis of dependability, correctness, timing and performance properties. These benefits are potentially available early and throughout the development life cycle. An important part of model-based engineering is the use of analysis and design languages. The Architecture Analysis and Design Language (AADL) is a new modelling language which is increasingly being used for high dependability embedded systems development. AADL is ideally suited to model-based engineering but the use of new language threatens to isolate existing tools which use different languages. This is a particular problem when these tools provide an important development or analysis function, for example system optimisation. System designers seek an optimal trade-off between high dependability and low cost. For large systems, the design space of alternatives with respect to both dependability and cost is enormous and too large to investigate manually. For this reason automation is required to produce optimal or near optimal designs.There is, however, a lack of analysis techniques and tools that can perform a dependability analysis and optimisation of AADL models. Some analysis tools are available in the literature but they are not able to accept AADL models since they use a different modelling language. A cost effective way of adding system dependability analysis and optimisation to models expressed in AADL is to exploit the capabilities of existing tools. Model transformation is a useful technique to maximise the utility of model-based engineering approaches because it provides a route for the exploitation of mature and tested tools in a new model-based engineering context. By using model transformation techniques, one can automatically translate between AADL models and other models. The advantage of this model transformation approach is that it opens a path by which AADL models may exploit existing non-AADL tools.There is little published work which gives a comprehensive description of a method for transforming AADL models. Although transformations from AADL into other models have been reported only one comprehensive description has been published, a transformation of AADL to petri net models. There is a lack of detailed guidance for the transformation of AADL models.This thesis investigates the transformation of AADL models into the HiP-HOPS modelling language, in order to provide dependability analysis and optimisation. HiP-HOPS is a mature, state of the art, dependability analysis and optimisation tool but it has its own model. A model transformation is defined from the AADL model to the HiP-HOPS model. In addition to the model-to-model transformation, it is necessary to extend the AADL modelling attributes. For cost and dependability optimisation, a new AADL property set is developed for modelling component and system variability. This solves the problem of describing, within an AADL model, the design space of alternative designs. The transformation (with transformation rules written in ATLAS Transformation Language (ATL)) has been implemented as a plug-in for the AADL model development tool OSATE (Open-source AADL Tool Environment). To illustrate the method, the plug-in is used to transform some AADL model case-studies

Exploring AADL verification tool through model transformation

International audienceArchitecture Analysis and Design Language (AADL) is often used to model safety-critical real-time systems. Model transformation is widely used to extract a formal specification so that AADL models can be verified and analyzed by existing tools. Timed Abstract State Machine (TASM) is a formalism not only able to specify behavior and communication but also timing and resource aspects of the system. To verify functional and nonfunctional properties of AADL models, this paper presents a methodology for translating AADL to TASM. Our main contribution is to formally define the translation rules from an adequate subset of AADL (including thread component, port communication, behavior annex and mode change) into TASM. Based on these rules, a tool called AADL2TASM is implemented using Atlas Transformation Language (ATL). Finally, a case study from an actual data processing unit of a satellite is provided to validate the transformation and illustrate the practicality of the approach

Characterizing the Identity of Model-based Safety Assessment: A Systematic Analysis

Model-based safety assessment has been one of the leading research thrusts of the System Safety Engineering community for over two decades. However, there is still a lack of consensus on what MBSA is. The ambiguity in the identity of MBSA impedes the advancement of MBSA as an active research area. For this reason, this paper aims to investigate the identity of MBSA to help achieve a consensus across the community. Towards this end, we first reason about the core activities that an MBSA approach must conduct. Second, we characterize the core patterns in which the core activities must be conducted for an approach to be considered MBSA. Finally, a recently published MBSA paper is reviewed to test the effectiveness of our characterization of MBSA

Issues of Architectural Description Languages for Handling Dynamic Reconfiguration

Dynamic reconfiguration is the action of modifying a software system at runtime. Several works have been using architectural specification as the basis for dynamic reconfiguration. Indeed ADLs (architecture description languages) let architects describe the elements that could be reconfigured as well as the set of constraints to which the system must conform during reconfiguration. In this work, we investigate the ADL literature in order to illustrate how reconfiguration is supported in four well-known ADLs: pi-ADL, ACME, C2SADL and Dynamic Wright. From this review, we conclude that none of these ADLs: (i) addresses the issue of consistently reconfiguring both instances and types; (ii) takes into account the behaviour of architectural elements during reconfiguration; and (iii) provides support for assessing reconfiguration, e.g., verifying the transition against properties.Comment: 6\`eme Conf\'erence francophone sur les architectures logicielles (CAL'2012), Montpellier : France (2012

Translation Of AADL To PNML To Ensure The Utilization Of Petri Nets

Architecture Analysis and Design Language (AADL), which is used to design and analyze software and hardware architectures of embedded and real-time systems, has proven to be a very efficient way of expressing the non-functional properties of safety-critical systems and architectural modeling. Petri nets are the graphical and mathematical modeling tools used to describe and study information processing systems characterized as concurrent and distributed. As AADL lacks the formal semantics needed to show the functional properties of such systems, the objective of this research was to extend AADL to enable other Petri nets to be incorporated into Petri Net Markup Language (PNML), an interchange language for Petri nets. PNML makes it possible to incorporate different types of analysis using different types of Petri net. To this end, the interchange format Extensible Markup Language (XML) was selected and AADL converted to AADL-XML (the XML format of AADL) and Petri nets to PNML, the XML-format of Petri nets, via XSLT script. PNML was chosen as the transfer format for Petri nets due to its universality, which enables designers to easily map PNML to many different types of Petri nets. Manual conversion of AADL to PNML is error-prone and tedious and thus requires automation, so XSLT script was utilized for the conversion of the two languages in their XML format. Mapping rules were defined for the conversion from AADL to PNML and the translation to XSLT automated. Finally, a PNML plug-in was designed and incorporated into the Open Source AADL Tool Environment (OSATE)

Modeling and Analysis of Mixed Synchronous/Asynchronous Systems

Practical safety-critical distributed systems must integrate safety critical and non-critical data in a common platform. Safety critical systems almost always consist of isochronous components that have synchronous or asynchronous interface with other components. Many of these systems also support a mix of synchronous and asynchronous interfaces. This report presents a study on the modeling and analysis of asynchronous, synchronous, and mixed synchronous/asynchronous systems. We build on the SAE Architecture Analysis and Design Language (AADL) to capture architectures for analysis. We present preliminary work targeted to capture mixed low- and high-criticality data, as well as real-time properties in a common Model of Computation (MoC). An abstract, but representative, test specimen system was created as the system to be modeled

Availability analysis of software architecture decomposition alternatives for local recovery

We present an efficient and easy-to-use methodology to predict—at design time—the availability of systems that support local recovery. Our analysis techniques work at the architectural level, where the software designer simply inputs the software modules’ decomposition annotated with failure and repair rates. From this decomposition, we automatically generate an analytical model (a continuous-time Markov chain), from which an availability measure is then computed, in a completely automated way. A crucial step is the use of intermediate models in the input/output interactive Markov chain formalism, which makes our techniques efficient, mathematically rigorous, and easy to adapt. In particular, we use aggressive minimization techniques to keep the size of the generated state spaces small. We have applied our methodology on a realistic case study, namely the MPlayer open-source software. We have investigated four different decomposition alternatives and compared our analytical results with the measured availability on a running MPlayer. We found that our predicted results closely match the measured ones