AADLib, A Library of Reusable AADL Models

The SAE Architecture Analysis and Design Language is now a well-established language for the description of critical embedded systems, but also cyber-physical ones. A wide range of analysis tools is already available, either as part of the OSATE tool chain, or separate ones. A key missing elements of AADL is a set of reusable building blocks to help learning AADL concepts, but also experiment already existing tool chains on validated real-life examples. In this paper, we present AADLib, a library of reusable model elements. AADLib is build on two pillars: 1/ a set of ready-to- use examples so that practitioners can learn more about the AADL language itself, but also experiment with existing tools. Each example comes with a full description of available analysis and expected results. This helps reducing the learning curve of the language. 2/ a set of reusable model elements that cover typical building blocks of critical systems: processors, networks, devices with a high level of fidelity so that the cost to start a new project is reduced. AADLib is distributed under a Free/Open Source License to further disseminate the AADL language. As such, AADLib provides a convenient way to discover AADL concepts and tool chains, and learn about its features

PRISE: An Integrated Platform for Research and Teaching of Critical Embedded Systems

In this paper, we present PRISE, an integrated workbench for Research and Teaching of critical embedded systems at ISAE, the French Institute for Space and Aeronautics Engineering. PRISE is built around state-of-the-art technologies for the engineering of space and avionics systems used in Space and Avionics domain. It aims at demonstrating key aspects of critical, real-time, embedded systems used in the transport industry, but also validating new scientific contributions for the engineering of software functions. PRISE combines embedded and simulation platforms, and modeling tools. This platform is available for both research and teaching. Being built around widely used commercial and open source software; PRISE aims at being a reference platform for our teaching and research activities at ISAE

Leveraging Ada 2012 and SPARK 2014 for assessing generated code from AADL models

Modeling of Distributed Real-time Embedded systems using Architecture Description Language provides the foundations for various levels of analysis: scheduling, reliability, consis- tency, etc.; but also allows for automatic code generation. A challenge is to demonstrate that generated code matches quality required for safety-critical systems. In the scope of the AADL, the Ocarina toolchain proposes code generation towards the Ada Ravenscar profile with restrictions for High- Integrity. It has been extensively used in the space domain as part of the TASTE project within the European Space Agency. In this paper, we illustrate how the combined use of Ada 2012 and SPARK 2014 significantly increases code quality and exhibits absence of run-time errors at both run-time and generated code levels

Analysis as first-class citizens – an application to Architecture Description Languages

Architecture Description Languages (ADLs) support modeling and analysis of systems through models transformation and exploration. Various contributions made proposals to bring verification capabilities to designers through model-based frame- works and illustrated benefits to the overall system quality. Model-level analyses are usually performed as an exogenous, unidirectional and semantically weak transformation towards a third-party model. We claim such process can be incomplete and/or inefficient because gathered results lead to evolution of the primary model. This is particularly problematic for the design of Distributed Real-Time Embedded (DRE) systems that has to tackle many concerns like time, security or safety. In this paper, we argue why analysis should no longer be considered as a side step in the design process but, rather, should be embedded as a first-class citizen in the model itself. We review several standardized architecture description languages, which consider analysis as a goal. As an element of solution, we introduce current work on the definition of a language dedicated to the analysis of models within the scope of one particular ADL, namely the Architecture Analysis and Design Language (AADL)

Exploring AADL verification tool through model transformation

International audienceArchitecture Analysis and Design Language (AADL) is often used to model safety-critical real-time systems. Model transformation is widely used to extract a formal specification so that AADL models can be verified and analyzed by existing tools. Timed Abstract State Machine (TASM) is a formalism not only able to specify behavior and communication but also timing and resource aspects of the system. To verify functional and nonfunctional properties of AADL models, this paper presents a methodology for translating AADL to TASM. Our main contribution is to formally define the translation rules from an adequate subset of AADL (including thread component, port communication, behavior annex and mode change) into TASM. Based on these rules, a tool called AADL2TASM is implemented using Atlas Transformation Language (ATL). Finally, a case study from an actual data processing unit of a satellite is provided to validate the transformation and illustrate the practicality of the approach

Design and implementation of a modular scheduling simulator for aerospace applications

Tese de mestrado em Engenharia Informática, apresentada à Universidade de Lisboa, através da Faculdade de Ciências, 2012Sistemas tempo-real têm de produzir os resultados esperados de cada tarefa atempadamente de acordo com a urgência de cada uma. Desde os anos 70 tentam-se obter formas de coordenar a execução das tarefas para cumprir todos os prazos através de algoritmos de escalonamento. Na sua maioria estes algoritmos apesar de terem requerido um extensivo trabalho por parte de quem os criou são simples de compreender. Um dos mais antigos é o algoritmo “Earliest Deadline First”, que consiste em dar maior prioridade às tarefas mais urgentes. Alguns sistemas devido às suas características particulares obedecem a modelos mais complexos. É o caso dos sistemas aeronáuticos onde é necessário manter o isolamento entre as funcionalidades. As funções são agrupadas logicamente em contentores denominados partições. Para garantir essa separação no domínio do tempo introduz-se um esquema de escalonamento a dois níveis. Um primeiro que determina as janelas temporais a dar a cada partição e um segundo nível onde estão as partições e respectivas funções. Os algoritmos de escalonamento utilizados em cada nível não tem de ser iguais; no segundo nível, cada partição pode usar um algoritmo diferente. Após estudar o que actualmente existe decidimos orientar o nosso trabalho para partições e escalonamento hierárquico pois é de onde poderemos vir a obter melhores resultados e soluções para sistemas futuros. Fazendo uso de padrões de desenho, bem como características do Java, tais como herança e polimorfismo conseguimos obter uma solução que após implementada permite aos seus utilizadores simularem a execução de um sistema que estes definam. Permite também obter os eventos e com estes mostrar ao utilizador o que o simulador fez em cada momento do sistema podendo estes resultados ser exibidos em formato textual ou fazer uso de outras aplicações de visualização de resultados.Real-time systems are required to produce results from each task in time, according to the urgency of each one. Since the 1970s researchers try to obtain ways to coordinate the execution of tasks to meet all deadline, by using scheduling algorithms. Although the majority of these algorithms required an extensive work from those who created them, they are simple to understand. One of the oldest is the Earliest Deadline First algorithm, which attributes higher priority to the most urgent tasks. Due to their characteristics, some systems obey to more complex models; this is the case of aerospace systems. These systems require full isolation between functionalities. The functions, composed of tasks (processes), are logically grouped into partitions. To ensure separation in the time domain, a two level scheduling scheme is introduced. The first level determinates the time windows to assign to each partition; in the second level, tasks in each partition compete among them for the execution time assigned to the latter. The scheduling algorithms used in each level do not need to be the same; in the second level, each partition may even employ a different algorithm to schedule its tasks. After studying what currently exists we have decided to guide our work to partitions and hierarchical scheduling because it is where we see producing better results and solutions for future systems. Using design patterns as well as Java properties such as inheritance and polymorphism we were able to obtain a solution that after implemented allows users to simulate the execution of a system defined by them. The tool allows obtaining events and showing them to the user and giving feedback, these events represent the basic functionalities of a real-time system, such as, job launch and job deadline miss and others. These results can be shown in textual form or use other applications of results visualization

Diseño del software de control de un UUV para monitorización oceanográfica usando un modelo de componentes y framework con despliegue flexible

Los vehículos submarinos no tripulados (Unmanned Underwater Vehicles, UUVs) se diseñan para misiones de monitorización, inspección e intervención. En estudios oceanográficos y de monitorización ambiental son cada vez más demandados por las innumerables ventajas que presentan con respecto a las tecnologías tradicionales. Estos vehículos son desarrollados para superar los retos científicos y los problemas de ingeniería que aparecen en el entorno no estructurado y hostil del fondo marino en el que operan. Su desarrollo no solo conlleva las mismas dificultades que el resto de los robots de servicio (heterogeneidad en el hardware, incertidumbre de los sistemas de medida, complejidad del software, etc.), sino que además se les unen las propias del dominio de aplicación, la robótica submarina: condiciones de iluminación, incertidumbre en cuanto a posición y velocidad, restricciones energéticas, etc. Este artículo describe el UUV AEGIR, un vehículo utilizado como banco de pruebas para la implementación de estrategias de control y misiones oceanográficas. También describe el desarrollo de una cadena de herramientas que sigue un enfoque dirigido por modelos, utilizada en el diseño del software de control del vehículo, así como un framework basado en componentes que proporciona el soporte de ejecución de la aplicación y permite su despliegue flexible en nodos, procesos e hilos y pre-verificación del comportamiento concurrente. Su diseño ha permitido desarrollar, comprobar y añadir los componentes que proporcionan el comportamiento necesario para que el UUV AEGIR pudiera completar con éxito distintos tipos de misiones oceanográficas.Este trabajo ha sido parcialmente financiado por el proyecto financiado por la CICYT del Gobierno Español DIVISAMOS (ref. DPI2009-14744-C03-02) y ViSelTR (ref. TIN2012-39279), así como por el proyecto financiado por la Fundación Séneca de la Región de Murcia MISSION-SICUVA (ref. 15374/PI/10) y el proyecto “Coastal Monitoring System for the Mar Menor Coastal Lagoon (PEPLAN 463.02-08 CLUSTER de la Región de Murcia. Francisco Sánchez Ledesma agradece la financiación recibida por parte del programa de becas FPU del MEC (beca AP2009-5083). Por último, los autores quieren agradecer también a la Armada Española la cesión del vehículo UUV y su posterior ayuda en su reconstrucción

Multi-signal Anomaly Detection for Real-Time Embedded Systems

This thesis presents MuSADET, an anomaly detection framework targeting timing anomalies found in event traces from real-time embedded systems. The method leverages stationary event generators, signal processing, and distance metrics to classify inter-arrival time sequences as normal/anomalous. Experimental evaluation of traces collected from two real-time embedded systems provides empirical evidence of MuSADET’s anomaly detection performance. MuSADET is appropriate for embedded systems, where many event generators are intrinsically recurrent and generate stationary sequences of timestamp. To find timinganomalies, MuSADET compares the frequency domain features of an unknown trace to a normal model trained from well-behaved executions of the system. Each signal in the analysis trace receives a normal/anomalous score, which can help engineers isolate the source of the anomaly. Empirical evidence of anomaly detection performed on traces collected from an industrygrade hexacopter and the Controller Area Network (CAN) bus deployed in a real vehicle demonstrates the feasibility of the proposed method. In all case studies, anomaly detection did not require an anomaly model while achieving high detection rates. For some of the studied scenarios, the true positive detection rate goes above 99 %, with false-positive rates below one %. The visualization of classification scores shows that some timing anomalies can propagate to multiple signals within the system. Comparison to the similar method, Signal Processing for Trace Analysis (SiPTA), indicates that MuSADET is superior in detection performance and provides complementary information that can help link anomalies to the process where they occurred

Investigating the usability of real-time scheduling theory with the Cheddar project

International audienc