An ocarina extension for AADL formal semantics generation

International audienceThe formal veri cation has become a recommended practice in safety-critical software engineering. The hand-written of the for- mal speci cation requires a formal expertise and may become com- plex especially with large systems. In such context, the automatic generation of the formal speci cation seems helpful and reward- ing, particularly for reused and generic mapping such as hardware representations and real-time features. In this paper, we aim to formally verify real-time systems designed by AADL language. We propose an extension AADL2LNT of the Ocarina tool suite allowing the automatic generation of an LNT speci cation to draw a gateway for the CADP formal analysis toolbox. This work is illustrated with the Pacemaker case study

A Development Process for the Design, Implementation and Code Generation of Fault Tolerant Reconfigurable Real Time Systems

The implementation of hard real-time systems is extremely a hard task today due to safety and dynamic reconfiguration requirements. For that, whatever the taken precautions, the occurrence of faults in such systems is sometimes unavoidable. So, developers have to take into account the presence of faults since the design level. In this context, we notice the need of techniques ensuring the dependability of real-time distributed dynamically reconfigurable systems. We focus on fault-tolerance, that means avoiding service failures in the presence of faults. In this paper, we have defined a development process for modeling and generating fault tolerance code for real-time systems using aspect oriented programming. First, we integrate fault tolerance elements since the modeling step of a system in order to take advantage of features of analysis, proof and verification possible at this stage using AADL and its annex Error Model Annex. Second, we extend an aspect oriented language and adapt it to respect real-time requirements. Finally, we define a code generation process for both functional preoccupations and cross-cutting ones like fault tolerance and we propose an extension of an existent middleware. To validate our contribution, we use AADL and its annexes to design a landing gear system as an embedded distributed one

A formal approach to AADL model-based software engineering

Formal methods have become a recommended practice in safety-critical software engineering. To be formally verified, a system should be specified with a specific formalism such as Petri nets, automata and process algebras, which requires a formal expertise and may become complex especially with large systems. In this paper, we report our experience in the formal verification of safety-critical real-time systems. We propose a formal mapping for a real-time task model using the LNT language, and we describe how it is used for the integration of a formal verification phase in an AADL model-based development process. We focus on real-time systems with event-driven tasks, asynchronous communication and preemptive fixed-priority scheduling. We provide a complete tool-chain for the automatic model transformation and formal verification of AADL models. Experimentation illustrates our results with the Flight control system and Line follower robot case studies

Configuration et déploiement d'applications temps-réel réparties embarquées à l'aide d'un langage de description d'architecture

Building distributed real-time embedded systems (DRE) is a tedious task. In addition, real-time applications must satisfy hard constraints to ensure they work correctly (meeting deadlines...). The use of architecture description languages aims at reducing the development cost of these applications. AADL (Architecture Analysis & Design Language) belongs to this family of languages. It uses the concept of ``component'' (hardware or software) whose well defined semantics makes possible the description of many aspects of DRE systems. The various constraints that must be met are integrated into the AADL model as properties. This thesis work exploits the features offered by AADL to specify the exact requirements of a DRE application and automatically generate its code. The production process we propose (1) automatically produces the code to integrate the applicative components to the runtime platform, (2) automatically produces a significant part of the middleware components customised for the application and (3) automatically deploys the applicative and middleware components to get a system which is strongly dedicated to the application. In particular, the AADL executive is itself statically configured. The adopted approach reduces the development time and allows for an customised and analyzable code. The configuration and deployment (often separated from the development process) are now automated and integrated into the production chain.La production de systèmes temps-réel répartis embarqués (TR2E) est une opération lourde en temps et en coût de développement. De plus, les applications temps-réel doivent satisfaire des contraintes dures pour assurer leur bon fonctionnement (respect des échéances temporelles...). L'utilisation des langages de description d'architecture vise à réduire le coût de développement de ces applications. AADL (Architecture Analysis & Design Language) fait partie de cette famille de langages. Il propose la notion de ``composant'' (matériel ou logiciel) dont la sémantique bien définie permet de décrire plusieurs aspects d'un système TR2E. Les différentes contraintes qui doivent être satisfaites sont intégrées dans le modèle AADL sous forme de propriétés. Ce travail de thèse exploite les fonctionnalités offertes par AADL pour spécifier les besoins exacts d'une application AADL afin de la produire automatiquement. En effet, le processus de production que nous proposons (1) génère automatiquement le code pour intégrer les composants applicatifs à la plate-forme d'exécution, (2) génère automatiquement une importante partie des composants intergiciels taillés sur mesure pour l'application et (3) déploie automatiquement les composants applicatifs et intergiciels afin d'obtenir un système fortement dédié à l'application. Notamment, la plate-forme d'exécution supportant les composants AADL est elle même configurée statiquement en fonction des propriétés spécifiées. L'approche adoptée réduit le temps de développement et permet d'obtenir un code personnalisé et analysable. La configuration et le déploiement (souvent séparés du processus de développement) sont désormais automatiques et intégrés à la chaîne de production

Configuration et déploiement d'applications temps-réel réparties embarquées à l'aide d'un langage de description d'architecture

La production de systèmes temps-réel répartis embarqués (TR2E) est une opération lourde en temps et en coût de développement. De plus, les applications temps-réel doivent satisfaire des contraintes dures pour assurer leur bon fonctionnement (respect des échéances temporelles...). L'utilisation des langages de description d'architecture vise à réduire le coût de développement de ces applications. AADL (Architecture Analysis & Design Language) fait partie de cette famille de langages. Il propose la notion de composant'' (matériel ou logiciel) dont la sémantique bien définie permet de décrire plusieurs aspects d'un système TR2E. Les différentes contraintes qui doivent être satisfaites sont intégrées dans le modèle AADL sous forme de propriétés. Ce travail de thèse exploite les fonctionnalités offertes par AADL pour spécifier les besoins exacts d'une application AADL afin de la produire automatiquement. En effet, le processus de production que nous proposons (1) génère automatiquement le code pour intégrer les composants applicatifs à la plate-forme d'exécution, (2) génère automatiquement une importante partie des composants intergiciels taillés sur mesure pour l'application et (3) déploie automatiquement les composants applicatifs et intergiciels afin d'obtenir un système fortement dédié à l'application. Notamment, la plate-forme d'exécution supportant les composants AADL est elle même configurée statiquement en fonction des propriétés spécifiées. L'approche adoptée réduit le temps de développement et permet d'obtenir un code personnalisé et analysable. La configuration et le déploiement sont désormais automatiques et intégrés à la chaîne de production.Building distributed real-time embedded systems (DRE) is a tedious task. In addition, real-time applications must satisfy hard constraints to ensure they work correctly (meeting deadlines...). The use of architecture description languages aims at reducing the development cost of these applications. AADL (Architecture Analysis & Design Language) belongs to this family of languages. It uses the concept of component'' (hardware or software) whose well defined semantics makes possible the description of many aspects of DRE systems. The various constraints that must be met are integrated into the AADL model as properties. This thesis work exploits the features offered by AADL to specify the exact requirements of a DRE application and automatically generate its code. The production process we propose (1) automatically produces the code to integrate the applicative components to the runtimeplatform, (2) automatically produces a significant part of the middleware components customised for the application and (3) automatically deploys the applicative and middleware components to get a system which is strongly dedicated to the application. In particular, the AADL executive is itself statically configured. The adopted approach reduces the development time and allows for an customised and analyzable code. The configuration and deployment (often separated from the development process) are now automated and integrated into the production chain.PARIS-Télécom ParisTech (751132302) / SudocSudocFranceF

Code Generation Strategies from AADL Architectural Descriptions Targeting the High Integrity Domain

International audienceDistributed Real-time Embedded (DRE) systems are increasingly used in critical domains such as avionics, vehicle and industrial control as well as in medical systems. They must be designed carefully and have to provide safety properties because a failure could mean loss of life. For these reasons, it is recommended to automatically generate a significant part of the code from the models describing the critical aspects. In our approach, we automatically generate two kinds of code from architectural models. The first one plugs the user functional code in the middleware, the second one provides a significant part of the middleware functions. Both rely on a hand coded written middleware that provides the minimal facilities to plug the generated code and to resolve portability issues. In this paper, we present our code generator and the middleware designed to generate High Integrity (HI) systems. We demonstrate via several use-cases how we succeeded in meeting the requirements of DRE systems (small memory footprint, no dead-code, etc...)

Towards a formal specification for an AADL behavioural subset using the LNT language

The analysis of real-time systems designed by architectural languages such as architecture analysis and design language (AADL) is a challenging research topic. In such a context, formal methods become an advocated practice in software engineering for rigorous analysis. Yet, they are applied on specific formalisms to be analysed on dedicated tools. This paper studies the formal verification of real-time systems modelled with the AADL language and its behaviour annex. We define a formal semantics of an AADL behavioural subset using the LNT language. This work is illustrated with a robot case study

Efficient Parallel Multi-Objective Optimization for Real-time Systems Software Design Exploration

International audienceReal-time embedded systems may be composed of a large number of time constrained functions. When such systems are implemented on top of multitasks real-time operating systems (RTOS), the functions have to be assigned to tasks of the target RTOS. This is a challenging work due to the large number of valid candidate functions to tasks assignment solutions. Moreover, the impact of the assignment on the system performance criteria (often conflicting) should be taken intoaccount in the architecture exploration. The automation of the software design exploration by the use of metaheuristics such as multi-objective evolutionary algorithm (MOEA) is a suitable way to help the designers. Indeed, MOEAs approximate near optimal alternatives at a reasonable time when compared to an exhaustive and exact search method. However, for large scale systems (i.e having a huge number of functions) even a MOEA method is impractical due to the increased time required to solve a problem instance. This may raise a threat to the scalability of the software design exploration method. To tackle this problem, we present in this article a parallel implementation of the Pareto Archived Evolution Strategy (PAES) algorithm used as a MOEA for the software design exploration. The proposed parallelization method is based on the well-known master-slave paradigm. Additionally, it involves a new selection scheme in the PAES algorithm. Results of experimentations provide evidence that, on one hand, the parallel approach can considerably speed up the design exploration and the optimization processes. On the other hand, the proposed selection strategy improves the quality of obtained solutions as compared to the original PAES selection schema