Heterogeneous models and analyses in the design of real-time embedded systems - an avionic case-study

The development of embedded systems according to Model-Driven Development relies on two complementary activities: system mod- eling on the one hand and analysis of the non-functional properties, such as timing properties, on the other hand. Yet, the coupling be- tween models and analyses remains largely disregarded so far: e.g. how to apply an analysis on a model? How to manage the analysis process? This paper presents an application of our research on this topic. In particular, we show that our approach makes it possible to combine heterogeneous models and analyses in the design of an avionic system. We use two languages to model the system at di erent levels of abstraction: the industry standard AADL (Ar- chitecture Analysis and Design Language) and the more recent implementation-oriented CPAL language (Cyber-Physical Action Language). We then combine di erent real-time scheduling analy- ses so as to gradually de ne the task and network parameters and nally validate the schedulability of all activities of the system

An Empirical Investigation of Using Models During Requirements Engineering in the Automotive Industry

Context:The automotive industry is undergoing a major transformation from a manufacturing industry towards an industry that relies heavily on software. As one of the main factors for project success, requirements engineering (RE) plays a major role in this transition. Similar to other areas of automotive engineering, the use of models during RE has been suggested to increase productivity and tackle increasing complexity by means of abstraction. Existing modelling frameworks often prescribe a variety of different, formal models for RE, trying to maximise the benefit obtained from model-based engineering (MBE). However, these frameworks are typically based on assumptions from anecdotal evidence and experience, without empirical data supporting these assumptions.Objective:The overall aim of our research is to investigate the potential benefits and drawbacks of using model-based RE in an automotive environment based on empirical evidence. To do so, we present an investigation of the current industrial practice of MBE in the automotive industry, existing challenges in automotive RE, and potential use cases for model-based RE. Furthermore, we explore two use cases for model-based RE, namely the creation of behavioural requirements models for validation and verification purposes and the use of existing trace models to support communication.Method:We address the aims of this thesis using three empirical strategies: case study, design science and survey. We collected quantitative and qualitative data using interviews as well as questionnaires.Results:Our results show that using models during automotive RE can be beneficial, if restricted to certain aspects of RE. In particular, models supporting communication and stakeholder interaction are promising. We show that the use of abstract models of behavioural requirements are considered beneficial for system testing purposes, even though they abstract from the detailed functional requirements. Furthermore, we demonstrate that existing data can be understood as a model to uncover dependencies between stakeholders. Conclusions:Our results question the feasibility to construct and maintain large amounts of formal models for RE. Instead, models during RE should be used for a few, important use cases. Additionally, MBE can be used as a means to understand existing problems in software engineering

Towards Harmonizing Multiple Architecture Description Languages for Real-Time Embedded Systems

Abstract-The increasing complexity of real-time embedded systems requires appropriate methods and techniques to support the development including the specification and analysis of different architectural aspects. A large number of architectural description languages (ADL) have been proposed with varying focus and application domains. There is a need for harmonization of these ADLs. This can be from develoloping and understanding of how they differ or could be synergistically combined for increasing the overall development efficiency and fulfilling the ever increasing functional and non-functional requirements on a system. This paper addresses this issue and focuses on four different ADLs: EAST-ADL, AUTOSAR, AADL and Rubus. In this work we compare these ADLs, identify possible usage scenarios involving more than one ADL and discuss some of the underlying challenges. A representative industrial case study of a brake-by-wire system is used to support the work

Towards the Systematic Analysis of Non-Functional Properties in Model-Based Engineering for Real-Time Embedded Systems

The real-time scheduling theory provides analytical methods to assess the temporal predictability of embedded systems. Nevertheless, their use is limited in a Model-Based Systems Engineering approach. In fact, the large number of applicability conditions makes the use of real-time scheduling analysis tedious and error-prone. Key issues are left to the engineers: when to apply a real-time scheduling analysis? What to do with the analysis results?} This article presents an approach to systematize and then automate the analysis of non-functional properties in Model-Based Systems Engineering. First, preconditions and postconditions define the applicability of an analysis. In addition, contracts specify the analysis interfaces, thereby enabling to reason about the analysis process. We present a proof-of-concept implementation of our approach using a combination of constraint languages (REAL for run-time analysis) and specification languages (Alloy for describing interfaces and reasoning about them). This approach is experimented on architectural models written with the Architecture Analysis and Design Language (AADL)

A formal framework for specification-based embedded real-time system engineering

Thesis (Ph. D.)--Massachusetts Institute of Technology, Dept. of Aeronautics and Astronautics, 2008.Includes bibliographical references (v. 2, p. 517-545).The increasing size and complexity of modern software-intensive systems present novel challenges when engineering high-integrity artifacts within aggressive budgetary constraints. Among these challenges, ensuring confidence in the engineered system, through validation and verification activities, represents the high cost item on many projects. The expensive nature of engineering high-integrity systems using traditional approaches can be partly attributed to the lack of analysis facilities during the early phases of the lifecycle, causing the validation and verification activities to begin too late in the engineering lifecycle. Other challenges include the management of complexity, opportunities for reuse without compromising confidence, and the ability to trace system features across lifecycle phases. The use of models as a specification mechanism provides an approach to mitigate complexity through abstraction. Furthermore, if the specification approach has formal underpinnings, the use of models can be leveraged to automate engineering activities such as formal analysis and test case generation. The research presented in this thesis proposes an engineering framework which addresses the high cost of validation and verification activities through specification-based system engineering. More specifically, the framework provides an integrated approach to embedded real-time system engineering which incorporates specification, simulation, formal verification, and test-case generation. The framework aggregates the state-of-the-art in individual software engineering disciplines to provide an end-to-end approach to embedded real-time system engineering. The key aspects of the framework include: * A novel specification language, the Timed Abstract State Machine (TASM) language, which extends the theory of Abstract State Machines (ASM).(cont.) The TASM language is a literate formal specification language which can be applied and multiple levels of abstraction and which can express the three key aspects of embedded real-time systems - function, time, and resources. * Automated verification capabilities achieved through the integration of mature analysis engines, namely the UPPAAL tool suite and the SAT4J SAT solver. The verification capabilities provided by the framework include completeness and consistency verification, model checking, execution time analysis, and resource consumption analysis. * Bi-directional traceability of model features across levels of abstraction and lifecycle phases. Traceability is achieved syntactically through archetypical refinement types; each refinement type provides correctness criteria, which, if met, guarantee semantic integrity through the refinement. * Automated test case generation capabilities for unit testing, integration testing, and regression testing. Unit test cases are generated to achieve TASM specification coverage through the rule coverage criterion. Integration test case generation is achieved through the hierarchical composition of unit test cases. Regression test case generation is achieved by leveraging the bi-directional traceability of model features. The framework is implemented into an integrated tool suite, the TASM toolset, which incorporates the UPPAAL tool suite and the SAT4J SAT solver. The toolset and framework are evaluated through experimentation on three industrial case studies - an automated manufacturing system, a "drive-by-wire" system used at a major automotive manufacturer, and a scripting environment used on the International Space Station.by Martin Ouimet.Ph.D