Clafer: Lightweight Modeling of Structure, Behaviour, and Variability

Embedded software is growing fast in size and complexity, leading to intimate mixture of complex architectures and complex control. Consequently, software specification requires modeling both structures and behaviour of systems. Unfortunately, existing languages do not integrate these aspects well, usually prioritizing one of them. It is common to develop a separate language for each of these facets. In this paper, we contribute Clafer: a small language that attempts to tackle this challenge. It combines rich structural modeling with state of the art behavioural formalisms. We are not aware of any other modeling language that seamlessly combines these facets common to system and software modeling. We show how Clafer, in a single unified syntax and semantics, allows capturing feature models (variability), component models, discrete control models (automata) and variability encompassing all these aspects. The language is built on top of first order logic with quantifiers over basic entities (for modeling structures) combined with linear temporal logic (for modeling behaviour). On top of this semantic foundation we build a simple but expressive syntax, enriched with carefully selected syntactic expansions that cover hierarchical modeling, associations, automata, scenarios, and Dwyer's property patterns. We evaluate Clafer using a power window case study, and comparing it against other notations that substantially overlap with its scope (SysML, AADL, Temporal OCL and Live Sequence Charts), discussing benefits and perils of using a single notation for the purpose

The SMART Project: Multi-Agent Scheduling Simulation of Real-time Architectures

International audienceThe ongoing SMART collaborative project addresses modeling and analysis techniques for software intensive real-time systems. The AADL modeling language has been selected to describe multithread, multi-partition, multi-processor and multi-core architectures. This paper focuses on the use of the Marzhin simulator that is based on a Multi-Agent technology for providing scheduling analysis results of real-time systems. This simulator is integrated in the AADL Inspector product and can also be used to animate realistic 3D animations

Requirements Analysis of a Quad-Redundant Flight Control System

In this paper we detail our effort to formalize and prove requirements for the Quad-redundant Flight Control System (QFCS) within NASA's Transport Class Model (TCM). We use a compositional approach with assume-guarantee contracts that correspond to the requirements for software components embedded in an AADL system architecture model. This approach is designed to exploit the verification effort and artifacts that are already part of typical software verification processes in the avionics domain. Our approach is supported by an AADL annex that allows specification of contracts along with a tool, called AGREE, for performing compositional verification. The goal of this paper is to show the benefits of a compositional verification approach applied to a realistic avionics system and to demonstrate the effectiveness of the AGREE tool in performing this analysis.Comment: Accepted to NASA Formal Methods 201

A synthesis of logic and bio-inspired techniques in the design of dependable systems

Much of the development of model-based design and dependability analysis in the design of dependable systems, including software intensive systems, can be attributed to the application of advances in formal logic and its application to fault forecasting and verification of systems. In parallel, work on bio-inspired technologies has shown potential for the evolutionary design of engineering systems via automated exploration of potentially large design spaces. We have not yet seen the emergence of a design paradigm that effectively combines these two techniques, schematically founded on the two pillars of formal logic and biology, from the early stages of, and throughout, the design lifecycle. Such a design paradigm would apply these techniques synergistically and systematically to enable optimal refinement of new designs which can be driven effectively by dependability requirements. The paper sketches such a model-centric paradigm for the design of dependable systems, presented in the scope of the HiP-HOPS tool and technique, that brings these technologies together to realise their combined potential benefits. The paper begins by identifying current challenges in model-based safety assessment and then overviews the use of meta-heuristics at various stages of the design lifecycle covering topics that span from allocation of dependability requirements, through dependability analysis, to multi-objective optimisation of system architectures and maintenance schedules

Special Session on Industry 4.0

No abstract available

SOFTWARE TESTABILITY MEASURE FOR SAE ARCHITECTURE ANALYSIS AND DESIGN LANGUAGE (AADL)SOFTWARE TESTABILITY MEASURE FOR SAE ARCHITECTURE ANALYSIS AND DESIGN LANGUAGE (AADL)

Testability is an important quality attribute of software, especially for critical systems such as avionics, medical, and automotive. Improvement in the early testability of software architecture, the first artifact of the software system, will help reduce issues and costs later in the development process. AADL, an architecture analysis description language suitable for critical embedded, real-time systems, can be used for design documentation, analysis and code generation. Because the capability of AADL can be extended, it is possible to add new analyses to its core language. Tools such as the Open Source AADL Tool Environment (OSATE) provide plugins for processing AADL models. Although adding new plugins in OSATE extends AADL, there currently exists no AADL extension for testability measurement. The purpose of this thesis is to propose such a method to measure the testability of AADL models as well as to develop a testability plugin in OSATE. Much research has been conducted on testability of hardware, software and embedded systems, resulting in several approaches for measuring this quality attribute. Among them, the approach measuring testability as a product of controllability and observability using information transfer graph (ITG) is the most applicable for measuring the testability of AADL models. This thesis proposes a method applying this approach to AADL models. A complete testability measure plugin for OSATE was developed based on this approach and detailed examples are given in this thesis to demonstrate its applicability

Model-based Safety and Security Co-analysis: a Survey

We survey the state-of-the-art on model-based formalisms for safety and security analysis, where safety refers to the absence of unintended failures, and security absence of malicious attacks. We consider ten model-based formalisms, comparing their modeling principles, the interaction between safety and security, and analysis methods. In each formalism, we model the classical Locked Door Example where possible. Our key finding is that the exact nature of safety-security interaction is still ill-understood. Existing formalisms merge previous safety and security formalisms, without introducing specific constructs to model safety-security interactions, or metrics to analyze trade offs

Tom-based tools to transform EMF models in avionics context

International audienceModel Driven Engineering (MDE) is now widely used in many industrial contexts (such as AeroSpace) which require a high level of system safety. Model-checking is one of the formal techniques which are used to assess a system compliance to its requirements. It relies on verification dedicated languages to model the system under verification and the expected properties. In order to ease the use of these tools, model transformations are provided that translate the end user provided system model to the formal languages than can be verified. In order to rely on these activities for system certification, the correctness of these transformation steps must be assessed (qualification of the development and verification tools). One of the goal of our work is to provide tools to implement the transformation steps between end user source languages used for the system development and target languages used for formal verification. This paper present the {Tom} rule-based approach used in a research project involving industrial partners: Airbus and Ellidiss