Formal semantics of behavior specifications in the architecture analysis and design language standard

In system design, an architecture specification or model serves, among other purposes, as a repository to share knowledge about the system being designed. Such a repository enables automatic generation of analytical models for different aspects relevant to system design (timing, reliability, security, etc.). The Architecture Analysis and Design Language (AADL) is a standard proposed by SAE to express architecture specifications and share knowledge between the different stakeholders about the system being designed. To support unambiguous reasoning, formal verification, high-fidelity simulation of architecture specifications in a model-based AADL design workflow, we have defined a formal semantics for the behavior specification of the AADL, the presentation of this semantics is the aim of this paper

Executing AADL models with UML/Marte

International audienceAADL and MARTE are two modeling formalisms supporting the analysis of real-time embedded systems. Since both cover similar aspects, a clear assessment of their respective strength and weakness is required. Building on previous works, we focus here on the time aspects of the two specifications. Relying on the MARTE Time Model and the operational semantics of its companion language CCSL we attempt to equipped UML activities with the execution semantics of an AADL specification. This is part of a much broader effort to build a generic simulator for UML models with the semantics explicitly defined within the model

Verification of AADL Models with Timed Abstract State Machines

National audienceThis paper presents a formal verification method for AADL (architecture analysis and design language) models by TASM (timed abstract state machine) translation. The abstract syntax of the chosen subset of AADL and of TASM are given. The translation rules are defined clearly by the semantic functions expressed in a ML-like language. Furthermore, the translation is implemented in the model transformation tool AADL2TASM, which provides model checking and simulation for AADL models. Finally, a case study of space GNC (guidance, navigation and control) system is provided

PROFILE- AND INSTRUMENTATION- DRIVEN METHODS FOR EMBEDDED SIGNAL PROCESSING

Modern embedded systems for digital signal processing (DSP) run increasingly sophisticated applications that require expansive performance resources, while simultaneously requiring better power utilization to prolong battery-life. Achieving such conflicting objectives requires innovative software/hardware design space exploration spanning a wide-array of techniques and technologies that offer trade-offs among performance, cost, power utilization, and overall system design complexity. To save on non-recurring engineering (NRE) costs and in order to meet shorter time-to-market requirements, designers are increasingly using an iterative design cycle and adopting model-based computer-aided design (CAD) tools to facilitate analysis, debugging, profiling, and design optimization. In this dissertation, we present several profile- and instrumentation-based techniques that facilitate design and maintenance of embedded signal processing systems: 1. We propose and develop a novel, translation lookaside buffer (TLB) preloading technique. This technique, called context-aware TLB preloading (CTP), uses a synergistic relationship between the (1) compiler for application specific analysis of a task's context, and (2) operating system (OS), for run-time introspection of the context and efficient identification of TLB entries for current and future usage. CTP works by (1) identifying application hotspots using compiler-enabled (or manual) profiling, and (2) exploiting well-understood memory access patterns, typical in signal processing applications, to preload the TLB at context switch time. The benefits of CTP in eliminating inter-task TLB interference and preemptively allocating TLB entries during context-switch are demonstrated through extensive experimental results with signal processing kernels. 2. We develop an instrumentation-driven approach to facilitate the conversion of legacy systems, not designed as dataflow-based applications, to dataflow semantics by automatically identifying the behavior of the core actors as instances of well-known dataflow models. This enables the application of powerful dataflow-based analysis and optimization methods to systems to which these methods have previously been unavailable. We introduce a generic method for instrumenting dataflow graphs that can be used to profile and analyze actors, and we use this instrumentation facility to instrument legacy designs being converted and then automatically detect the dataflow models of the core functions. We also present an iterative actor partitioning process that can be used to partition complex actors into simpler entities that are more prone to analysis. We demonstrate the utility of our proposed new instrumentation-driven dataflow approach with several DSP-based case studies. 3. We extend the instrumentation technique discussed in (2) to introduce a novel tool for model-based design validation called dataflow validation framework (DVF). DVF addresses the problem of ensuring consistency between (1) dataflow properties that are declared or otherwise assumed as part of dataflow-based application models, and (2) the dataflow behavior that is exhibited by implementations that are derived from the models. The ability of DVF to identify disparities between an application's formal dataflow representation and its implementation is demonstrated through several signal processing application development case studies

Applying patterns in embedded systems design for managing quality attributes and their trade-offs

Embedded systems comprise one of the most important types of software-intensive systems, as they are pervasive and used in daily life more than any other type, e.g., in cars or in electrical appliances. When these systems operate under hard constraints, the violation of which can lead to catastrophic events, the system is classified as a critical embedded system (CES). The quality attributes related to these hard constraints are named critical quality attributes (CQAs). For example, the performance of the software for cruise-control or self-driving in a car are critical as they can potentially relate to harming human lives. Despite the growing body of knowledge on engineering CESs, there is still a lack of approaches that can support its design, while managing CQAs and their trade-offs with noncritical ones (e.g., maintainability and reusability). To address this gap, the state-of-research and practice on designing CES and managing quality trade-offs were explored, approaches to improve its design identified, and the merit of these approaches empirically investigated. When designing software, one common approach is to organize its components according to well-known structures, named design patterns. However, these patterns may be avoided in some classes of systems such as CES, as they are sometimes associated with the detriment of CQAs. In short, the findings reported in the thesis suggest that, when applicable, design patterns can promote CQAs while supporting the management of trade-offs. The thesis also reports on a phenomena, namely pattern grime, and factors that can influence the extent of the observed benefits

Compilation de systèmes temps réel

I introduce and advocate for the concept of Real-Time Systems Compilation. By analogy with classical compilation, real-time systems compilation consists in the fully automatic construction of running, correct-by-construction implementations from functional and non-functional specifications of embedded control systems. Like in a classical compiler, the whole process must be fast (thus enabling a trial-and-error design style) and produce reasonably efficient code. This requires the use of fast heuristics, and the use of fine-grain platform and application models. Unlike a classical compiler, a real-time systems compiler must take into account non-functional properties of a system and ensure the respect of non-functional requirements (in addition to functional correctness). I also present Lopht, a real-time systems compiler for statically-scheduled real-time systems we built by combining techniques and concepts from real-time scheduling, compilation, and synchronous languages

Transformação assistida de modelos: mecanismo de suporte para o desenvolvimento de cyber-physical systems

Tese (doutorado) - Universidade Federal de Santa Catarina, Centro Tecnológico, Programa de Pós-Graduação em Engenharia de Automação e Sistemas, Florianópolis, 2014O termo Cyber-Physical System representa um dispositivo eletrome-mecânico controlado por um sistema baseado em computador, exemplos deste tipo de sistema incluem robôs, aviões, redes inteligentes, entre outros. Devido a natureza multidisciplinar dos Cyber-Physical Systems, eles normalmente são projetados utilizando diferentes modelos. A perspectiva "cibernética" deste tipo de sistema pressupõe a existência de: (i) um modelo matemático que representa a dinâmica do sistema físico, (ii) algoritmos de controle, e (iii) um projeto do sistema computacional embarcado. Dentro deste contexto, esta tese de doutorado investiga uma forma de abordar adequadamente o projeto do sistema computacional embarcado de um Cyber-Physical System baseada na modelagem funcional do mesmo. Buscando evitar desta forma a criação de modelos funcionais e arquitetônicos dissociados, e além disso, promover uma abordagem de projeto dirigido por modelos, proporcionando benefícios como a independência de plataforma, níveis de abstração mais altos, e a reutilização de informações. Como resultado da pesquisa realizada, e apresentada uma solução que ajuda a realizar a transição do modelo funcional para o modelo de arquitetura de software durante o processo de desenvolvimento de um Cyber-Physical System. Para isso, é sugerido como relacionar elementos de um modelo funcional com elementos de um modelo de arquitetura. A solução proposta, chamada de "Transformação Assistida de Modelos (AST)", fornece suporte para a transformação de modelos Simulink utilizados para a modelagem funcional em modelos arquitetônicos expressos em AADL, e aumenta a confiabilidade de que os modelos funcional e arquitetural são consistentes entre si, uma vez que diminui ocorrência de erros de inconsistência de interface (portas, tipos de dados e conexões) entre os mesmos. A AST contribui portanto, com a implantação/integração de aplicativos vericados em arquiteturas validadas tornando o processode desenvolvimento de Cyber-Physical Systems mais robusto. Durante os experimentos, realizados na forma de estudos de caso, os modelos gerados pela AST mostraram-se passíveis de análises sintáticas, verificações comportamentais, e análises de escalonabilidade e de la-tência de fluxos, o que serviu para reforçar a escolha pelo de o uso de modelos AADL durante o processo de desenvolvimento de CPS. Também foi implementado no escopo desta pesquisa, o protótipo de uma ferramenta computacional que automatiza a aplicação da solução proposta. O protótipo foi implementado utilizando a linguagem de programação Java, e empacotado como um plugin para ser usado dentro do ambiente OSATE (Open Source Architectural Environment Tool ), que é um processador de modelos AADL que roda dentro do Eclipse. O plugin em questão, chamado de AS2T, também pode ser considerado uma alternativa para estender a cadeia de transformação de modelos do ambiente TOPCASED, que é um ambiente OpenSource para desenvolvimento de sistemas embarcados críticos que também faz uso do OSATE.Abstract: Cyber-Physical System (CPS) is a denomination used to represent an electro-mechanical device controlled by a computerized system. Examples of CPS include robots, airplanes, smart grids, among others. Due to the multidisciplinary nature of CPSs, they are normally de-signed using different models. The "cybernetic" perspective assumes the existence of: (i) a mathematical model that represents the dynamics of the physical system, (ii) some control algorithms, and (iii) a design of the embedded computing system. In this context, this thesis investigates a way to adequately address the design of the architecture embedded computing system of a CPS based on apreliminary functional model. Looking forward to avoid the creation of decoupled functional and architectural models and aiming to promote a model-based design approach for CPS, the proposed approach targets using higher levels of abstraction and model-information reuse. The solution presented in this thesis is named "Assisted Transformation of Models" (AST), it focuses on discussing how to related elements of a functional model with the elements of an architectural model. AST provides support for the transformation of the Simulink models used for the functional modeling into architectural models expressed in AADL. As benets of using the proposed solution, one can see that it increases the reliability that the functional and architectonical models are consistent between themselves, especially when considering the connection interfaces between components (ports and connections data types). Experiments were conducted to validate the proposed transformation process. The generated models were analyzed in respect to the syntax correctness and also regarding additional model analyses, such as behavioral verication and schedulability analysis. The work provides a prototype tool that automates the proposed transformation process. Such tool can be used as plugin from OSATE (Open Source Architectural Environment Tool), which is an AADL processor that runs within Eclipse. The AS2T plugin can be considered an alternative to extend the chain of transformation of models of the TOPCASED environment, which is an OpenSource development environment of critical embedded systems that makes use of OSATE

Virtual prototyping AADL architectures in a polychronous model of computation ∗

While synchrony and asynchrony are two distinct concepts of concurrency theory, effective and formally defined embedded system design methodologies usually mix the best from both synchronous and asynchronous worlds by considering locally synchronous processes composed in a globally asynchronous way to form so called GALS architectures. In the avionics domain, for instance, the Architecture Analysis and Design Language (AADL) may be used to describe both the hardware and software architecture of an application at system-level. Yet, a synchronous design formalism might be preferred to model and validate each of the critical components of the architecture in isolation. In this paper, we illustrate the use of the polychronous (multi-clocked synchronous) paradigm to model partially asynchronous applications. The specification formalism SIGNAL is used to describe real-world avionic applications using concepts of Integrated Modular Avionics (IMA). We show how an AADL architecture can be automatically translated into a synchronous model in SIGNAL using these modeling concepts. We present a case study on the design of generic system architecture. The approach is being implemented in the framework of the ANR project TopCased.