A Model-based transformation process to validate and implement high-integrity systems

Despite numerous advances, building High-Integrity Embedded systems remains a complex task. They come with strong requirements to ensure safety, schedulability or security properties; one needs to combine multiple analysis to validate each of them. Model-Based Engineering is an accepted solution to address such complexity: analytical models are derived from an abstraction of the system to be built. Yet, ensuring that all abstractions are semantically consistent, remains an issue, e.g. when performing model checking for assessing safety, and then for schedulability using timed automata, and then when generating code. Complexity stems from the high-level view of the model compared to the low-level mechanisms used. In this paper, we present our approach based on AADL and its behavioral annex to refine iteratively an architecture description. Both application and runtime components are transformed into basic AADL constructs which have a strict counterpart in classical programming languages or patterns for verification. We detail the benefits of this process to enhance analysis and code generation. This work has been integrated to the AADL-tool support OSATE2

An implementation of the behavior annex in the AADL-toolset Osate2

AADL is a modeling language to design and analyze High-Integrity Distributed and Real-time systems. Embedded sub-languages published as AADL annexes extend an AADL model to enhance analysis. The behavior annex specifies the behavior of an AADL application model. An implantation of this annex allows to perform behavior analysis. In addition, as there are several AADL annexes, the implementation of generic mechanisms to support each one of them is challenging. The behavior annex is a valid candidate to illustrate these challenges by combining several sub-languages. In this paper we expose our experiment to support the behavior annex in the reference AADL toolset OSATE2. This one, supports the AADL version 2 by providing a front-end and a set of analysis plug-ins to analyze an AADL model

COntinuuM, a CO-modelling Methodology for the Integration of Real-time Architecture Models

International audienceThe design of Distributed Real-time Embedded (DRE) architecture models for complex and critical systems with safety, liveness, timeliness, dependability concerns, forces the use of formal languages. Because of the high level of criticity, proof techniques are required instead of model-checking with limitations relatively to the state space explosion problems. Proofs of these non-functional properties can only be established on the basis of formal languages with high verification capabilities (theorem provers).Therefore, we have concentrated our efforts on the development of a methodology that would better integrate formal aspects into the design of DRE architectures, which is usually based upon the use of (semi-formal) Architecture Design Languages (ADLs). This methodology has both to support the traceability of non-functional property proofs (from the requirements to the deployment of a DRE system) and the integration of formal and non formal modelling languages.The approach is bottom-up when the method states that each realization artifact, even hidden, has to be detected from the capture requirement stage (each possible realization artifact has to be identified during a prototype coding stage) As a consequence, language translations are not based on the MDA process that supposes some projections. These projections would be responsible for the gap between abstractions used to understand and describe the problem and those used for implementation. To bridge those gaps is the major aim of the methodology, so we called it “Continuum” as it would help to restore the development process continuity. The new aspects of this methodology (and its difficulties) are essentially the introduction of low level concepts (needed for the implementation stages) into the modeling language structures, usually more generic. The methodology application is the development of an algorithmic language translator that enable the generation of a safe code

A MDE-based process for the design, implementation and validation of safety critical systems

Distributed Real-Time Embedded (DRE) systems have critical requirements that need to be verified. They are either related to functional (e.g. stability of a furnace controller) or non-functional (e.g. meeting deadlines) aspects. Model-Driven Engineering (MDE) tools have emerged to ease DRE systems design. These tools are also capable of generating code. However, these tools either focus on the functional aspects or on the runtime architecture. Hence, the development cycle is partitioned into pieces with heterogeneous modeling notations and poor coordination. In this paper, we propose a MDE-based process to create DRE systems without manual coding. We show how to integrate functional and architecture concerns in a unified process. We use industry-proven modeling languages to design functional elements of the system, and automatically integrate them using our AADL toolchain

An off-line multiprocessor real-time scheduling algorithm to reduce static energy consumption

International audienceEnergy consumption of highly reliable real-time embedded systems is a significant concern. Static energy consumption tends to become more important than dynamic energy consumption. This paper aims to propose a new off-line scheduling algorithm to put as much as possible processors in low- power states instead of idling. In these states, energy consumption is reduced, enhancing the battery life-time of mission critical systems. However, no instruction can be executed and a transition delay is required to come back to the active state. Activating deeper low-power states requires to produce larger idle periods. As the processor usage is constant for a given task set, this objective implies reducing the number of idle periods. Our proposal is to modelize the processors idle time as an additional task. Then we formalize the problem as a linear equation system with the objective of reducing the number of preemptions (or executions) of this additional task. Simulations show that our algorithm is more energy efficient than existing algorithms

Modeling and Validation of ARINC653 architectures

International audienceAvionics systems must be carefully designed due to their criticality since fault may lead to loss of life. Thes e systems must be verified and certified. However, design of avionics arc hitectures becomes more and more complex due to an increasing demand of new functionalities. It makes very diffic ult to analyze systems and detect potential faults that may cause damages. This paper presents an approac h to model and validate avionics systems. Architecture requirements, properties and constraints are described with the Architecture Analysis and Design Language (AA DL) and its associated A RINC653 annex. Then, we apply validation rules to check system correctness and constraints enforcement. This approac h provides a high-level view of the system and eases the development of avionics system by validating their requirements at a model- level, before any implementation effort

Message from the General Chairs

REACTION 2014. 3rd International Workshop on Real-time and Distributed Computing in Emerging Applications. Rome, Italy. December 2nd, 2014.Publicad

Arbitration-Induced Preemption Delays

The interactions among concurrent tasks pose a challenge in the design of real-time multi-core systems, where blocking delays that tasks may experience while accessing shared memory have to be taken into consideration. Various memory arbitration schemes have been devised that address these issues, by providing trade-offs between predictability, average-case performance, and analyzability. Time-Division Multiplexing (TDM) is a well-known arbitration scheme due to its simplicity and analyzability. However, it suffers from low resource utilization due to its non-work-conserving nature. We proposed in our recent work dynamic schemes based on TDM, showing work-conserving behavior in practice, while retaining the guarantees of TDM. These approaches have only been evaluated in a restricted setting. Their applicability in a preemptive setting appears problematic, since they may induce long memory blocking times depending on execution history. These blocking delays may induce significant jitter and consequently increase the tasks\u27 response times. This work explores means to manage and, finally, bound these blocking delays. Three different schemes are explored and compared with regard to their analyzability, impact on response-time analysis, implementation complexity, and runtime behavior. Experiments show that the various approaches behave virtually identically at runtime. This allows to retain the approach combining low implementation complexity with analyzability