Validate implementation correctness using simulation: the TASTE approach

High-integrity systems operate in hostile environment and must guarantee a continuous operational state, even if unexpected events happen. In addition, these systems have stringent requirements that must be validated and correctly translated from high-level specifications down to code. All these constraints make the overall development process more time-consuming. This becomes especially complex because the number of system functions keeps increasing over the years. As a result, engineers must validate system implementation and check that its execution conforms to the specifications. To do so, a traditional approach consists in a manual instrumentation of the implementation code to trace system activity while operating. However, this might be error-prone because modifications are not automatic and still made manually. Furthermore, such modifications may have an impact on the actual behavior of the system. In this paper, we present an approach to validate a system implementation by comparing execution against simulation. In that purpose, we adapt TASTE, a set of tools that eases system development by automating each step as much as possible. In particular, TASTE automates system implementation from functional (system functions description with their properties – period, deadline, priority, etc.) and deployment(processors, buses, devices to be used) models. We tailored this tool-chain to create traces during system execution. Generated output shows activation time of each task, usage of communication ports (size of the queues, instant of events pushed/pulled, etc.) and other relevant execution metrics to be monitored. As a consequence, system engineers can check implementation correctness by comparing simulation and execution metrics

Clafer: Lightweight Modeling of Structure, Behaviour, and Variability

Embedded software is growing fast in size and complexity, leading to intimate mixture of complex architectures and complex control. Consequently, software specification requires modeling both structures and behaviour of systems. Unfortunately, existing languages do not integrate these aspects well, usually prioritizing one of them. It is common to develop a separate language for each of these facets. In this paper, we contribute Clafer: a small language that attempts to tackle this challenge. It combines rich structural modeling with state of the art behavioural formalisms. We are not aware of any other modeling language that seamlessly combines these facets common to system and software modeling. We show how Clafer, in a single unified syntax and semantics, allows capturing feature models (variability), component models, discrete control models (automata) and variability encompassing all these aspects. The language is built on top of first order logic with quantifiers over basic entities (for modeling structures) combined with linear temporal logic (for modeling behaviour). On top of this semantic foundation we build a simple but expressive syntax, enriched with carefully selected syntactic expansions that cover hierarchical modeling, associations, automata, scenarios, and Dwyer's property patterns. We evaluate Clafer using a power window case study, and comparing it against other notations that substantially overlap with its scope (SysML, AADL, Temporal OCL and Live Sequence Charts), discussing benefits and perils of using a single notation for the purpose

Multi-Dimensional Model Based Engineering for Performance Critical Computer Systems Using the AADL

International audienceThe Architecture Analysis & Design Language, (AADL), Society of Automotive Engineers (SAE), AS5506, was developed to support quantitative analysis of the runtime architecture of the embedded software system in computer systems with multiple critical operational properties, such as responsiveness, safety-criticality, security, and reliability by allowing a model of the system to be annotated with information relevant to each of these quality concerns and AADL to be extended with analysis-specific properties. It supports modelling of the embedded software runtime architecture, the computer system hardware, and the interface to the physical environment of embedded computer systems and system of systems. It was designed to support a full Model Based Engineering lifecycle including system specification, analysis, system tuning, integration, and upgrade by supporting modelling and analysis at multiple levels of fidelity. A system can be automatically integrated from AADL models when fully specified and when source code is provided for the software components

Model-based dependability analysis : state-of-the-art, challenges and future outlook

Abstract: Over the past two decades, the study of model-based dependability analysis has gathered significant research interest. Different approaches have been developed to automate and address various limitations of classical dependability techniques to contend with the increasing complexity and challenges of modern safety-critical system. Two leading paradigms have emerged, one which constructs predictive system failure models from component failure models compositionally using the topology of the system. The other utilizes design models - typically state automata - to explore system behaviour through fault injection. This paper reviews a number of prominent techniques under these two paradigms, and provides an insight into their working mechanism, applicability, strengths and challenges, as well as recent developments within these fields. We also discuss the emerging trends on integrated approaches and advanced analysis capabilities. Lastly, we outline the future outlook for model-based dependability analysis

Supporting model based safety and security assessment of high assurance systems

Doctor of PhilosophyDepartment of Computer ScienceJohn M HatcliffModern embedded systems are more complex than ever due to intricate interaction with the physical world in a system environment and sophisticated software in a resource-constrained context. Cyber attacks in software-reliant and networked safety-critical systems lead to consideration of security aspects from the system’s inception. Model-Based Development (MBD) is one approach that has been an effective development practice because of the abstraction mechanism that hides the complicated lower-level details of software and hardware components. Standards play an essential role in embedded development to ensure the safety of the users and environment. In safety-critical domains like avionics, automotive, and medical devices, standards provide best practices and consistent approaches across the community. The Analysis and Design Language (AADL) is a standardized modeling language that includes patterns that reflect best architectural practices inspired by multiple safety-critical domains. The work described in this dissertation comprises numerous contributions that support a model analysis framework for AADL that aims to help developers design and assure safety and security requirements and demonstrate system conformance to specific categories of standards. This first contribution is Awas - an open-source framework for performing reachability analysis on AADL models annotated with information flow annotations at varying degrees of detail. The framework provides highly scalable interactive visualizations of flows with dynamic querying capabilities. Awas provide a simple domain-specific language to ease posing various queries to check information flow properties in the model. The second contribution is a process for integrating risk management tasks of ISO 14971 - the primary risk management standard in the medical device domain — with AADL modeling, specifically with AADL’s error modeling (EM) of fault and error propagations. This work uses an open-source patient-controlled analgesic (PCA) pump - the largest open-source AADL model to illustrate the integration of risk management process with AADL and provides the first mapping of AADL EM to ISO 14971 concepts. It also provides industry engineers, academic researchers, and regulators with a complex example that can be used to investigate methodologies and methods of integrating MBD and risk management. The third contribution is a technique to model and analyze security properties such as confidentiality, authentication, and resource partitioning within AADL models. This effort comprises an AADL annex language to model multi-level security domains along with classification of system elements and data using those domains and a tool to infer security levels and check information leaks. The annex language and the tools are evaluated and integrated into the AADL development environment for a seamless workflow

Integrating AADL and FMI to Extend Virtual Integration Capability

Virtual Integration Capability is paramount to perform early validation of Cyber Physical Systems. The objective is to guide the systems engineer so as to ensure that the system under design meets multiple criteria through high-fidelity simulation. In this paper, we present an integration scheme that leverages the FMI (Functional Mock-Up interface) standard and the AADL architecture description language. Their combination allows for validation of systems combining embedded platform captured by the AADL, and FMI components that represent physical elements, either mechanical parts, or the environment. We present one approach, and demonstrator case studies

A Time-Triggered Constraint-Based Calculus for Avionic Systems

The Integrated Modular Avionics (IMA) architec- ture and the Time-Triggered Ethernet (TTEthernet) network have emerged as the key components of a typical architecture model for recent civil aircrafts. We propose a real-time constraint-based calculus targeted at the analysis of such concepts of avionic embedded systems. We show our framework at work on the modelisation of both the (IMA) architecture and the TTEthernet network, illustrating their behavior by the well-known Flight Management System (FMS)

System-level Co-simulation of Integrated Avionics Using Polychrony

International audienceThe design of embedded systems from multiple views and heterogeneous models is ubiquitous in avionics as, in partic- ular, different high-level modeling standards are adopted for specifying the structure, hardware and software components of a system. The system-level simulation of such composite models is necessary but difficult task, allowing to validate global design choices as early as possible in the system de- sign flow. This paper presents an approach to the issue of composing, integrating and simulating heterogeneous mod- els in a system co-design flow. First, the functional behavior of an application is modeled with synchronous data-flow and statechart diagrams using Simulink/Gene-Auto. The system architecture is modeled in the AADL standard. These high- level, synchronous and asynchronous, models are then trans- lated into a common model, based on a polychronous model of computation, allowing for a Globally Asynchronous Lo- cally Synchronous (GALS) interpretation of the composed models. This translation is implemented as an automatic model transformation within Polychrony, a toolkit for em- bedded systems design. Simulation, including profiling and value change dump demonstration, has been carried out based on the common model within Polychrony. An avionic case study, consisting of a simplified doors and slides control system, is presented to illustrate our approach