Design Space Exploration: Bridging the Gap Between High­‐Level Models and Virtual ExecutionPlatforms

International audienceThispaper presents a novel embedded systems modeling framework that fills the gap betweenhigh-­‐level AADL models and low-­‐level hardware virtual execution platforms. This approach allows refinement and improvement of system performance through exploration of architectures at different levels of abstraction. The aim of the proposed approach is to achieve virtual prototyping of the complete system in order to allow validation to begin early in the design flow, thereby accelerating its development while improving system performances

An Adaptive Design Methodology for Reduction of Product Development Risk

Embedded systems interaction with environment inherently complicates understanding of requirements and their correct implementation. However, product uncertainty is highest during early stages of development. Design verification is an essential step in the development of any system, especially for Embedded System. This paper introduces a novel adaptive design methodology, which incorporates step-wise prototyping and verification. With each adaptive step product-realization level is enhanced while decreasing the level of product uncertainty, thereby reducing the overall costs. The back-bone of this frame-work is the development of Domain Specific Operational (DOP) Model and the associated Verification Instrumentation for Test and Evaluation, developed based on the DOP model. Together they generate functionally valid test-sequence for carrying out prototype evaluation. With the help of a case study 'Multimode Detection Subsystem' the application of this method is sketched. The design methodologies can be compared by defining and computing a generic performance criterion like Average design-cycle Risk. For the case study, by computing Average design-cycle Risk, it is shown that the adaptive method reduces the product development risk for a small increase in the total design cycle time.Comment: 21 pages, 9 figure

Extending ASSERT for HW/SW Co-design

Embedded systems are commonly designed by specifying and developing hardware and software systems separately. On the contrary, the hardware/software (HW/SW) co-development exploits the trade-offs between hardware and software in a system through their concurrent design. HW/SW Codevelopment techniques take advantage of the flexibility of system design to create architectures that can meet stringent performance requirements with a shorter design cycle. This paper presents the work done within the scope of ESA HWSWCO (Hardware-Software Co-design) study. The main objective of this study has been to address the HW/SW co-design phase to integrate this engineering task as part of the ASSERT process (refer to [1]) and compatible with the existing ASSERT approach, process and tool, Advances in the automation of the design of HW and SW and the adoption of the Model Driven Architecture (MDA) [9] paradigm make possible the definition of a proper integration substrate and enables the continuous interaction of the HW and SW design paths

Functional Validation of AADL Models via Model Transformation to SystemC with ATL

6 pagesInternational audienceIn this paper, we put into action an ATL model transformation in order to automatically generate SystemC models from AADL models. The AADL models represent electronic systems to be embedded into FPGAs. Our contribution allows for an early analytical estimation of energetic needs and a rapid SystemC simulation before implementation. The transformation has been tested to simulate an existing video image processing system embedded into a Xilinx Virtex5 FPGA

Expérimentation d'une suite d'outils pour automatiser le passage d'une conception basée sur un modèle vers la réalisation d'une implémentation, en passant par l'exploration architecturale

RÉSUMÉ Aujourd’hui, les systèmes embarqués sont de plus en plus complexes à développer surtout s’il s’agit de systèmes temps réel. Ces projets intègrent des technologies à la fine pointe de la recherche, qui sont compliquées à mettre en place. La complexité de conception de ces systèmes repose sur la nécessité de trouver un équilibre entre la puissance de calcul requise, la surface de carte et le nombre de ressources matérielles utilisées, ou encore la consommation du circuit. En ajoutant à tout cela des temps de mise en marché de plus en plus stricts pour ce genre de systèmes, les besoins d’outils et de flots de conception efficaces deviennent de plus en plus pressants. Dans cette optique, de nombreux langages de spécification de système ont été mis au point. Ils sont échelonnés à différents niveaux d’abstraction allant des langages de haut niveau d’abstraction comme sysML ou AADL jusqu’au bas niveau RTL en passant par des spécifications pour ESL (Electronic system level) comme SystemC. Ces langages sont liés à des méthodologies basées sur les modèles. Le projet de recherche présenté dans ce mémoire consiste à mettre en avant une méthodologie de conception d’un système embarqué. Cette méthodologie s’illustre au travers d’un flot de conception utilisant le langage de description de système AADL ainsi que la plateforme de codesign SpaceStudio. Elle vise à développer en parallèle des applications logicielles ainsi que les plateformes matérielles sur lesquelles ces applications doivent s’exécuter. Le défi de ce projet consiste donc à réaliser la jonction entre le langage AADL et la plateforme SpaceStudio. L’outil chargé de réaliser cette jonction compile du code AADL et génère un script python. Ce script est lu par l’API du logiciel SpaceStudio qui permet de générer un projet sur sa plateforme de coconception. L’outil créé durant ce projet et nommé AADL2Space est testé à travers un exemple de modèle AADL disponible sur Internet. Par la suite, une application de décodage vidéo MJPEG est utilisée pour illustrer le flot de conception. Un modèle AADL de cette application a été développé afin de fournir la description architecturale du système. La partie applicative du système a été codée en C et associée au modèle AADL. Ainsi, un système complet est compilé par AADL2Space pour ainsi générer un projet SpaceStudio. Une fois le projet instancié sur la plateforme de coconception, celui-ci est simulé et analysé afin d’obtenir des métriques permettant de valider ou non l’architecture. De cette façon, plusieurs architectures sont testées afin de satisfaire les contraintes d’ordonnancement temps réel, de taux d’utilisation des processeurs, d’utilisation des ressources matérielles, etc. L’architecture choisie est enfin synthétisée pour être implémentée sur carte. Ce projet a conduit à l’écriture d’un article de conférence à EEE international Symposium on Rapid System Prototyping (RSP)----------ABSTRACT Nowadays, embedded systems are increasingly complex to design. These system’s design complexity is based on the need to find a balance between the required power, the used area on ship and hardware resources, and the system consumption. This issue mainly occurs for real-time systems. For such systems, times to market are more and more demanding. Consequently, new tools and design flows are definitely needed. This project bridges and validates two of these technologies. To reach our goal, numerous system description languages and libraries have been worked out. They have different abstraction levels from high abstraction level languages as SysML or AADL, to low level abstraction RTL, through ESL (Electronic system level) as systemC. The aim of the research project introduced in this work is to show an embedded system design methodology. This methodology is illustrated through a design flow using the description language AADL and the SpaceStudioTM HW/SW co-design platform. It targets a parallel design of software applications and hardware platform on which applications will be executed. This project’s challenge is to fill the gap between the description language AADL and SpaceStudio platform. SpaceStudio is a scriptable tool. All the graphic manipulations can also be achieved through a Python script. The proposed tool filling this gap acts as a compiler of an AADL code and generate a Python script that can be used as an input description of SpaceStudio. The created tool called AADL2Space is tested thanks to an AADL model example available on Internet. Next, an MJPEG video decoder application is used to illustrate the design flow. An AADL model of this application has been designed to provide the system’s architectural description. The software part of the system has been coded in C language and bound to the AADL model. Thereby, a complete system is compiled by the designed tool and generated as a SpaceStudio project. Once the project has been instantiated on the co-design platform, it is simulated and analyzed to validate metric performances. Different architecture configurations are tested to meet system’s constraints as real time scheduling, processor’s use rate, use of hardware resources, etc. The chosen architecture configuration is finally synthetized to be implemented on a FPGA

MARTE for CPS and CPSoS: Present and Future, Methodology and Tools

International audienceCyber-Physical Systems (CPS) combine discrete computing elements together with physical devices in uncertain environment conditions. There have been many models to capture different aspects of CPS. However, to deal with the increasing complexity of these ubiquitous systems, which invade all the part of our lives, we need an integrated framework able to capture all the different views of such complex systems in a consistent way. We also need to combine tools to analyze their expected properties and guarantee safety issues. Far from handing out a full-fledge solution, we merely explore a possible path that could bring part of the solution. We advocate for relying on uml models as a unifying framework to build a single-source modeling environment with design, exploration and analysis tools. We comment on some useful extensions of UML, including MARTE and SysML, and show how they can together capture different views of CPS. We also report on some recent results obtained and discuss possible evolutions in a near future

Dependability modeling and evaluation – From AADL to stochastic Petri nets

Conduire des analyses de sûreté de fonctionnement conjointement avec d'autres analyses au niveau architectural permet à la fois de prédire les effets des décisions architecturales sur la sûreté de fonctionnement du système et de faire des compromis. Par conséquent, les industriels et les universitaires se concentrent sur la définition d'approches d'ingénierie guidées par des modèles (MDE) et sur l'intégration de diverses analyses dans le processus de développement. AADL (Architecture Analysis and Design Language) a prouvé son aptitude pour la modélisation d'architectures et ce langage est actuellement jugé efficace par les industriels dans de telles approches. Notre contribution est un cadre de modélisation permettant la génération de modèles analytiques de sûreté de fonctionnement à partir de modèles AADL dans l‘objectif de faciliter l'évaluation de mesures de sûreté de fonctionnement comme la fiabilité et la disponibilité. Nous proposons une approche itérative de modélisation. Dans ce contexte, nous fournissons un ensemble de sous-modèles génériques réutilisables pour des architectures tolérantes aux fautes. Le modèle AADL de sûreté de fonctionnement est transformé en un RdPSG (Réseau de Petri Stochastique Généralisé) en appliquant des règles de transformation de modèle. Nous avons implémenté un outil de transformation automatique. Le RdPSG résultant peut être traité par des outils existants pour obtenir des mesures de sûreté de fonctionnement. L'approche est illustrée sur un ensemble du Système Informatique Français de Contrôle de Trafic Aérien. ABSTRACT : Performing dependability evaluation along with other analyses at architectural level allows both predicting the effects of architectural decisions on the dependability of a system and making tradeoffs. Thus, both industry and academia focus on defining model driven engineering (MDE) approaches and on integrating several analyses in the development process. AADL (Architecture Analysis and Design Language) has proved to be efficient for architectural modeling and is considered by industry in the context presented above. Our contribution is a modeling framework allowing the generation of dependability-oriented analytical models from AADL models, to facilitate the evaluation of dependability measures, such as reliability or availability. We propose an iterative approach for system dependability modeling using AADL. In this context, we also provide a set of reusable modeling patterns for fault tolerant architectures. The AADL dependability model is transformed into a GSPN (Generalized Stochastic Petri Net) by applying model transformation rules. We have implemented an automatic model transformation tool. The resulting GSPN can be processed by existing tools to obtain dependability measures. The modeling approach is illustrated on a subsystem of the French Air trafic Control System

Model to code generation of UML/SysML activity diagrams for ARM CortexM MCUs

The complexity in embedded systems has been increased in the last years. To overcome the system complexity various methodologies have been presented. Both in industry and academia, Model-Based design has been accepted to be the best solution to solve this problem. Model-Based Design is a technique for developing embedded system applications and cyber-physical systems based on a hierarchy of reusable design blocks. SysML/UML activity diagrams are widely used for the modelling and analysis of complex systems, and they have become the de facto standard for software and embedded systems. Previously in our group, we formalized SysML activity diagrams by developing a calculus called New Activity Calculus (NuAC). In this work, we redefined NuAC terms to support RTX (Keil Real-Time Operating System) and present an automated SysML/UML activity diagram to RTX code generator, using mapping rules expressed in NuAC. To achieve this goal, we proposed a set of mapping rules that were used in mapping a SysML/ UML activity diagram into a suitable code to be executed on ARM CortexM processor family. To automate the process of code generation, we presented a JAVA application that uses the proposed rules to automatically generate the RTX code from the input activity diagram model. To demonstrate the capability of the developed tool, we use it to implement a train control algorithm on an ARM Cortex-M4 device. The implemented model is run on the target platform and the correct functionality of the system is verified

Automated validation of minimum risk model-based system designs of complex avionics systems

Today, large civil aircraft incorporate a vast array of complex and coupled subsystems with thousands of electronic control units and software with millions of lines of code. Aircraft suppliers are challenged to provide superior products that are developed at a minimum time and cost, with maximum safety and security. No single person can understand the complex interactions of such a system of systems. Finding an optimal solution from large sets of different possible designs is an impossible task if done manually. Thus, written, non-executable specifications carry a high degree of product uncertainty. As a result, more than two-thirds of all specifications need to be reworked. Since most specification flaws are discovered and resolved at a late stage during development, when expenditures for redesign are at a maximum, the development approach currently used has a high probability of project cost and time overruns or even project failure, thus maximizing the risk of development. It is the aim of this work, to develop a model- and simulation-based systems engineering method with associated design and validation environment that minimizes the risk of development for complex systems, e.g. aircraft. The development risk is a minimum, if all development decisions are validated early against the services of a product at mission level by the final customer. To do so, executable specifications are created during design and validated against the requirements of system services at mission level. Validated executable specifications are used and updated for all decisions from concept development through implementation and training. In addition, virtual prototypes are developed. A virtual prototype is an executable system specification that is combined with human machine interface concept models to include usability requirements in the overall design and to enable interactive specification validation and early end user training by means of interactive user-driven system simulation. In a first step, so called executable workflows and simulation sets are developed to enable the execution of sets of structured and coupled simulation models. In a second step, a model- and simulation-based development and validation process model is developed from concept design to specification development. In a final step, two different validation processes are developed. An automated validation process based on executable specifications and an interactive validation process based on virtual prototypes. For the development of executable specifications and virtual prototypes, plug-and-play capable model components are developed. The developed method is validated for examples from civil aircraft development with focus on avionics and highly configurable and customizable cabin systems.Große zivile Flugzeuge umfassen eine hohe Anzahl von komplexen und gekoppelten Subsystemen mit Tausenden von elektronischen Steuergeräten und Software mit Millionen von Codezeilen. Keine einzelne Person kann die komplexen Wechselwirkungen eines solchen Systems von Systemen verstehen. Daher beinhalten geschriebene, nicht ausführbare Spezifikationen einen hohen Grad an Produktunsicherheit. Infolgedessen müssen mehr als zwei Drittel aller Spezifikationen überarbeitet werden. Da die meisten Spezifikationsfehler zu einem späten Zeitpunkt entdeckt und gelöst werden, wenn Aufwände für Überarbeitungen maximal sind, hat der gegenwärtige Entwicklungsansatz eine hohe Wahrscheinlichkeit für Kosten- und Zeitüberschreitungen oder führt zum Fehlschlagen von Projekten. Hierdurch wird das Entwicklungsrisiko maximiert. Es ist das Ziel dieser Arbeit, eine modell- und simulationsbasierte Entwicklungsmethode mit zugehöriger Entwurfs- und Validierungsumgebung zu entwickeln, welche das Risiko der Entwicklung für komplexe Systeme minimiert. Das Entwicklungsrisiko ist minimal, wenn alle Entwicklungsentscheidungen frühzeitig vom Endkunden gegen die Leistungen eines Produktes auf Missionsebene validiert werden. Dazu werden ausführbare Spezifikationen während des Entwurfs erstellt und anhand der Anforderungen auf Missionsebene validiert. Validierte ausführbare Spezifikationen werden für alle Entscheidungen von der Konzeptentwicklung bis zur Implementierung verwendet und aktualisiert. Darüber hinaus werden virtuelle Prototypen entwickelt, welche ausführbare Spezifikationen mit Konzeptmodellen für Mensch-Maschine-Schnittstellen kombinieren, um Usability-Anforderungen in den Gesamtentwurf aufzunehmen. Dies ermöglicht eine interaktive Validierung sowie frühes Endbenutzertraining mittels benutzergesteuerter Systemsimulation. Es werden ausführbare Arbeitsabläufe und Simulation Sets entwickelt, welche die Ausführung von strukturierten und gekoppelten Simulationsmodellen ermöglichen. Anschließend wird ein modell- und simulationsbasiertes Entwicklungs- und Validierungsprozessmodell vom Konzeptdesign bis zur Spezifikationsentwicklung entwickelt. Hierfür werden zwei verschiedene Validierungsprozesse verwendet. Ein automatisierter Validierungsprozess basierend auf ausführbaren Spezifikationen und ein interaktiver Validierungsprozess basierend auf virtuellen Prototypen. Für die Entwicklung von ausführbaren Spezifikationen und virtuellen Prototypen werden Modellkomponenten entwickelt. Die entwickelte Methode wird mithilfe von Beispielen aus der zivilen Flugzeugentwicklung validiert, insbesondere in Hinblick auf Avionik sowie hoch konfigurierbare und anpassbare Kabinensysteme

Contracts for Systems Design: Methodology and Application cases

Recently, contract based design has been proposed as an ”orthogonal” approach that can beapplied to all methodologies proposed so far to cope with the complexity of system design. Contract baseddesign provides a rigorous scaffolding for verification, analysis and abstraction/refinement. Companionreport RR-8759 proposes a unified treatment of the topic that can help in putting contract-based design in perspective.This paper complements RR-8759 by further discussing methodological aspects of system design withcontracts in perspective and presenting two application cases.The first application case illustrates the use of contracts in requirement engineering, an area of system designwhere formal methods were scarcely considered, yet are stringently needed. We focus in particular to thecritical design step by which sub-contracts are generated for suppliers from a set of different viewpoints(specified as contracts) on the global system. We also discuss important issues regarding certification inrequirement engineering, such as consistency, compatibility, and completeness of requirements.The second example is developed in the context of the Autosar methodology now widely advocated inthe automotive sector. We propose a contract framework to support schedulability analysis, a key step inAutosar methodology. Our aim differs from the many proposals for compositional schedulability analysisin that we aim at defining sub-contracts for suppliers, not just performing the analysis by parts—we knowfrom companion paper RR-8759 that sub-contracting to suppliers differs from a compositional analysis entirelyperformed by the OEM. We observe that the methodology advocated by Autosar is in contradiction withcontract based design in that some recommended design steps cannot be refinements. We show how tocircumvent this difficulty by precisely bounding the risk at system integration phase. Another feature ofthis application case is the combination of manual reasoning for local properties and use of the formalcontract algebra to lift a collection of local checks to a system wide analysis