Online Cycle Detection for Models with Mode-Dependent Input and Output Dependencies

In the fields of co-simulation and component-based modelling, designers import models as building blocks to create a composite model that provides more complex functionalities. Modelling tools perform instantaneous cycle detection (ICD) on the composite models having feedback loops to reject the models if the loops are mathematically unsound and to improve simulation performance. In this case, the analysis relies heavily on the availability of dependency information from the imported models. However, the cycle detection problem becomes harder when the model's input to output dependencies are mode-dependent, i.e. changes for certain events generated internally or externally as inputs. The number of possible modes created by composing such models increases significantly and unknown factors such as environmental inputs make the offline (statical) ICD a difficult task. In this paper, an online ICD method is introduced to address this issue for the models used in cyber-physical systems. The method utilises an oracle as a central source of information that can answer whether the individual models can make mode transition without creating instantaneous cycles. The oracle utilises three types of data-structures created offline that are adaptively chosen during online (runtime) depending on the frequency as well as the number of models that make mode transitions. During the analysis, the models used online are stalled from running, resulting in the discrepancy with the physical system. The objective is to detect an absence of the instantaneous cycle while minimising the stall time of the model simulation that is induced from the analysis. The benchmark results show that our method is an adequate alternative to the offline analysis methods and significantly reduces the analysis time.Comment: \c{opyright} 2021. This manuscript version is made available under the CC-BY-NC-ND 4.0 license http://creativecommons.org/licenses/by-nc-nd/4.0

A Semi-Automated Approach for the Co-Refinement of Requirements and Architecture Models

Requirements and architecture specifications are strongly related as the second provides a solution to a problem stated by the first. This coupling is typically realized by traceability links and maintaining such links becomes extremely difficult as both requirements and architecture specifications frequently evolve, and in particular when the architecture is refined providing an increasing level of details. In such case, not only the traceability must evolve but the requirements must be refined as well. We present a novel semi-automated approach to evolve non-functional requirements and their traceability links following system's architecture refinement in the context of design space exploration and automated code generation. The approach has been prototyped for AADL models refined with the RAMSES tool and for model transformations implemented as Story Diagrams

Formal semantics of behavior specifications in the architecture analysis and design language standard

In system design, an architecture specification or model serves, among other purposes, as a repository to share knowledge about the system being designed. Such a repository enables automatic generation of analytical models for different aspects relevant to system design (timing, reliability, security, etc.). The Architecture Analysis and Design Language (AADL) is a standard proposed by SAE to express architecture specifications and share knowledge between the different stakeholders about the system being designed. To support unambiguous reasoning, formal verification, high-fidelity simulation of architecture specifications in a model-based AADL design workflow, we have defined a formal semantics for the behavior specification of the AADL, the presentation of this semantics is the aim of this paper

Teaching Real-Time Scheduling Analysis with Cheddar

National audienceThis article is a presentation of the Cheddar toolset.Cheddar is a GPL open-source scheduling analysis tool.It has been designed and distributed to allow students to understand the main concepts of the real-time scheduling theory.The tool is built around a simplified ADL (Architecture Description Language)devoted to real-time scheduling theory. Students can directly build their real-time systems models with this ADL andits associated editor, however, it is expected that they use modeling tools to illustrate how scheduling analysis fits in an engineering process.In this article, we introduce the Cheddar ADL and the scheduling analysis features of Cheddar. We alsopresent how Cheddar is implemented and how it can be adapted to specific requirements.Two examples of use of Cheddar are then described.Finally, in the annex of this article, teachers may find a sample of hand-outs that may be used to illustrate real-time scheduling theory with their students

Configuration et Reconfiguration des Systèmes Temps-Reél Répartis Embarqués Critiques et Adaptatifs

Nowadays, more and more industrial systems rely on distributed real-time embedded software (DRES) applications. Implementing such applications requires answering to an important set of heterogeneous, or even conflicting, constraints. To satisfy these constraints, it is sometimes necessary to equip DRES with adaptation capabilities. Moreover, real-time applications often control systems of which failures can have dramatic economical - or worst human - consequences. In order to design such application, named critical applications, it is necessary to rely on rigorous methodologies, of which certain have already been used in industry. However, growth complexity of critical DRES applications requires proposing always new methodologies in order to answer to all of these stakes. Yet, as far as we know, existing design processes do not tackle the issue of adaptation mechanisms that require to modify deeply the software configuration. This PhD thesis work presents a new methodology that answers this problem by relying on the notion of operational mode : each possible behaviour of the system is represented by an operational mode, and a software configuration is associated to this mode. Modeling transition rules betwen these modes, it becomes possible to generate and analyze the reconfigurations of the software architecture that implement the system adaptations. The generated code respects the implementation requirements of critical systems, and relies on safe and analyzable adaptation mechanisms. To achieve this objective, we define a new architecture description language (COAL : Component Oriented Architecture Language), specific to this domain, that enables to profit from advantages of component-based software engineering (based on Lightweight CCM), and analysis, static deployment and configuration techniques that provides architecture description languages (and in particular AADL : Architecture Analysis and Design Language). This methodology also relies on a new component framework, MyCCM-HI (Make your Component Container Model - High Integrity), that exploits COAL constructs so as to (i) generate AADL models enabling static deployment and configuration of DRES applications, (ii) generate code to deploy and configure Lightweight CCM components, (iii) generate code implementing the system adaptation mechanisms, and (iv) formally analyse the behaviour of the system, including during adaptation. The adopted approach thus reduces complexity of development of adaptative and critical DRES by automating production of adaptation mechanisms while easing their analysis. These two steps, analysis and production, are then part of the automatic production tool chain pro- vided by MyCC-HI. This component framework is availabe under (L)GPL license at address http ://myccm-hi.sourceforge.net.Aujourd'hui, de plus en plus de systèmes industriels s'appuient sur des applications logicielles temps-réel réparties embarquées (TR2E). La réalisation de ces applications demande de répondre à un ensemble important de contraintes très hétérogènes, voire contradictoires. Pour satisfaire ces contraintes, il est presque toujours nécessaire de fournir à ces systèmes des capacités d'adaptation. Par ailleurs, certaines de ces applications pilotent des systèmes dont la défection peut avoir des conséquences financières - voire humaines - dramatiques. Pour concevoir de telles applications, appelées applications critiques, il faut s'appuyer sur des processus de développpement rigoureux capables de repérer et d'éliminer les erreurs de conception potentielles. Malheureusement, il n'existe pas à notre connaissance de processus de développement capable de traiter ce problème dans le cas où l'adaptation du système à son environnement conduit à modifier sa configuration logicielle. Ce travail de thèse présente une nouvelle méthodologie qui répond à cette problématique en s'appuyant sur la notion de mode de fonctionnement : chacun des comportements possibles du système est représenté par le biais d'un mode de fonctionnement auquel est associé une configuration logicielle. La spécification des règles de transition entre ces modes de fonctionnement permet alors de générer l'implantation des mécanismes de changement de mode, ainsi que des reconfigurations logicielles associées. Le code ainsi produit respecte les contraintes de réalisation des systèmes critiques et implante des mécanismes de reconfiguration sûrs et analysables. Pour ce faire, nous avons défini un nouveau langage de description d'architecture (COAL : Component Oriented Architecture Language) qui permet de bénéficier à la fois des avantages du génie logiciel à base de composants (de type Lightweight CCM), et des techniques d'analyse, de déploiement et de configuration statique, qu'apporte l'utilisation des langages de description d'architecture (et en particulier AADL : Architecture Analysis and Description Language). Nous avons alors réalisé un nouveau framework à composant, MyCCM-HI (Make your Component Container Model - High Integrity), qui exploite les constructions de COAL pour (i) générer le modèle AADL permettant de réaliser le déploiement et la configuration statique de l'application TR2E, (ii) générer le code de déploiement et de configuration des composants logiciels de type Lightweight CCM, (iii) générer le code correspondant aux mécanismes d'adaptation du système, et (iv) analyser formellement le comportement du système, y compris en cours d'adaptation. Ce framework à composant est disponible au téléchargement à l'adresse http ://myccm-hi.sourceforge.net

Multi-objectives Refinement of AADL Models for the Synthesis Embedded Systems (mu-RAMSES)

International audienceModel transformation has become now well established as an approach to control and automate the production of the software targeted at large or embedded systems. However, this approach still lacks the ability to be fully automated and to take into account the possibly very large number of Non Functional properties (NFPs) required by the system. Starting from a design written in an architecture description language (AADL), a large number of valid transformations are candidates to be applied, with the aim to refine this design, in a step wise manner, towards its implementation. These transformations may be interdependent, and their selection should take the complex dependency relation into account. The selection should also take into account the impact on NFPs, especially knowing that NFPs may very often be in conflict. In this paper, we propose an approach that automates (i) the identification of model transformation alternatives (MTAs) taking into account their dependencies, and (ii) the selection of MTAs, based on evolutionary algorithms (EAs), that produce the best output models with respect to NFPs. Experiments on a case study provide evidence that the approach can be successfully applied for code generation of real time embedded applications.</p

Automatic selection and composition of model transformations alternatives using evolutionary algorithms

International audienceThe design of software architectures requires to address a number of competing non-functional properties (NFPs): improving one NFP requires to degrade another one. As a consequence, software architects have to come up with several design alternatives, and select architectures answering at best the trade-off between NFPs. In this paper, we propose to (i) formalize design alternatives with model transformations in order to ease the estimation of NFPs (using models analysis techniques); (ii) structure these model transformations to compose and select them (using evolutionary algorithms); and (iii) identify which model transformation alternatives produce the best output models with respect to NFPs. Experiments on a placement problem provide evidence that the approach can successfully explore the design space and find good architectural solutions.</p

Translation of ATL to AGT and application to a code generator for Simulink

International audienc

PDP 4PS : Periodic-Delayed Protocol for Partitioned Systems

International audienc