1 LiSyC ENSIETA/DTN 02/04/2008 AADL execution semantics transformation for formal verification Joel Champeau, Thomas Abdoul, Pierre Yves Pillain, Philippe.

Slides:

Advertisements

Similar presentations

Embedded System, A Brief Introduction

Advertisements

INTERVAL Next Previous 13/02/ Timed extensions to SDL Analysis requirements –Assumptions on moments and duration Semantics with controllable time.

Profiles Construction Eclipse ECESIS Project Construction of Complex UML Profiles UPM ETSI Telecomunicación Ciudad Universitaria s/n Madrid 28040,

Introducing Formal Methods, Module 1, Version 1.1, Oct., Formal Specification and Analytical Verification L 5.

Timed Automata.

Eugene Syriani * † Hans Vangheluwe * ‡ Amr Al Mallah * † * ‡ Tuscaloosa, AL Montreal, Canada Antwerp, Belgium.

Sensor Network Platforms and Tools

A Brief Introduction. Acknowledgements  The material in this tutorial is based in part on: Concurrency: State Models & Java Programming, by Jeff Magee.

Automatic Verification of Component-Based Real-Time CORBA Applications Gabor Madl Sherif Abdelwahed

An Automata-based Approach to Testing Properties in Event Traces H. Hallal, S. Boroday, A. Ulrich, A. Petrenko Sophia Antipolis, France, May 2003.

1 Flexible Subtyping Relations for Component- Oriented Formalisms and their Verification David Hurzeler PhD Examination, 9/11/2004.

Architecture Modeling and Analysis for Embedded Systems Oleg Sokolsky CIS700 Fall 2005.

VERTAF: An Application Framework for Design and Verification of Embedded Real-Time Software Pao-Ann Hsiung, Shang-Wei Lin, Chih-Hao Tseng, Trong-Yen Lee,

Model Checking. Used in studying behaviors of reactive systems Typically involves three steps: Create a finite state model (FSM) of the system design.

Presenter : Shih-Tung Huang Tsung-Cheng Lin Kuan-Fu Kuo 2015/6/15 EICE team Model-Level Debugging of Embedded Real-Time Systems Wolfgang Haberl, Markus.

A Formal Model of Computation for Sensory-Based Robotics

1 Ivan Lanese Computer Science Department University of Bologna Italy Concurrent and located synchronizations in π-calculus.

Verifying Distributed Real-time Properties of Embedded Systems via Graph Transformations and Model Checking Gabor Madl

Model-based Analysis of Distributed Real-time Embedded System Composition Gabor Madl Sherif Abdelwahed

November 18, 2004 Embedded System Design Flow Arkadeb Ghosal Alessandro Pinto Daniele Gasperini Alberto Sangiovanni-Vincentelli

Simulation Waiting Line. 2 Introduction Definition (informal) A model is a simplified description of an entity (an object, a system of objects) such that.

Software Issues Derived from Dr. Fawcett’s Slides Phil Pratt-Szeliga Fall 2009.

System-Level Types for Component-Based Design Paper by: Edward A. Lee and Yuhong Xiong Presentation by: Dan Patterson.

Department of Electrical Engineering and Computer Sciences University of California at Berkeley The Ptolemy II Framework for Visual Languages Xiaojun Liu.

Deriving AO Software Architectures using the AO-ADL Tool Suite Luis Fernández, Lidia Fuentes, Mónica Pinto, Juan A. Valenzuela Universidad de Málaga

1 Presenter: Ming-Shiun Yang Sah, A., Balakrishnan, M., Panda, P.R. Design, Automation & Test in Europe Conference & Exhibition, DATE ‘09. A Generic.

Advances in Language Design

02/06/05 “Investigating a Finite–State Machine Notation for Discrete–Event Systems” Nikolay Stoimenov.

Cheng/Dillon-Software Engineering: Formal Methods Model Checking.

Multi-Agent Model to Multi-Process Transformation A Housing Market Case Study Gerhard Zimmermann Informatik University of Kaiserslautern.

Ryan McAlister CONNECTORS. Introduction Integration and interaction As important as developing functionality More challenging decisions Transfer control.

- 1 -  P. Marwedel, Univ. Dortmund, Informatik 12, 2005/6 Universität Dortmund Some general properties of languages 1. Synchronous vs. asynchronous languages.

November 21, 2005 Center for Hybrid and Embedded Software Systems Tivadar Szemethy, Institute for Software Integrated Systems, Vanderbilt University A.

An Introduction to Software Architecture

INRIA Sophia-Antipolis, Oasis team INRIA Rhône-Alpes, Vasy team Feria–IRIT/LAAS, SVF team Toulouse GET - ENST Paris, LTCI team FIACRE Models and Tools.

Assessing the Suitability of UML for Modeling Software Architectures Nenad Medvidovic Computer Science Department University of Southern California Los.

Copyright 2002 Prentice-Hall, Inc. Modern Systems Analysis and Design Third Edition Jeffrey A. Hoffer Joey F. George Joseph S. Valacich Chapter 20 Object-Oriented.

Formalizing the Asynchronous Evolution of Architecture Patterns Workshop on Self-Organizing Software Architectures (SOAR’09) September 14 th 2009 – Cambrige.

On the Representation of Intangible Objects such as Software in a Measurement Context Miguel Lopez Valérie Paulus Grégory Seront Simon Alexandre.

Institute e-Austria in Timisoara 1 Author: prep. eng. Calin Jebelean Verification of Communication Protocols using SDL ( )

Bulbul Rath EEL Embedded System Seminar Topic: Real Time Systems 02/14/

- 1 - Embedded Systems - SDL Some general properties of languages 1. Synchronous vs. asynchronous languages Description of several processes in many languages.

Selected Topics in Software Engineering - Distributed Software Development.

© 2012 xtUML.org Bill Chown – Mentor Graphics Model Driven Engineering.

Ch. 2. Specification and Modeling 2.1 Requirements Describe requirements and approaches for specifying and modeling embedded systems. Specification for.

Paper written by Flavio Oquendo Presented by Ernesto Medina.

An Ontological Framework for Web Service Processes By Claus Pahl and Ronan Barrett.

Software Engineering Prof. Ing. Ivo Vondrak, CSc. Dept. of Computer Science Technical University of Ostrava

Performance evaluation of component-based software systems Seminar of Component Engineering course Rofideh hadighi 7 Jan 2010.

C. André, J. Boucaron, A. Coadou, J. DeAntoni,

Welcome Experiences in the Use of MDA and UML in Developing NATO Standards 16 July 2008 Chris Raistrick, Kennedy KC.COM.

FDT Foil no 1 On Methodology from Domain to System Descriptions by Rolv Bræk NTNU Workshop on Philosophy and Applicablitiy of Formal Languages Geneve 15.

SWT - Diagrammatics Lecture 4/4 - Diagramming in OO Software Development - partB 4-May-2000.

Laboratory of Model Driven Engineering for Embedded Systems An Execution Framework for MARTE-based Models UML&AADL’2008 workshop Belfast, Northern Ireland.

A facilitator to discover and compose services Oussama Kassem Zein Yvon Kermarrec ENST Bretagne.

Chapter 5 System Modeling. What is System modeling? System modeling is the process of developing abstract models of a system, with each model presenting.

Architecture Analysis and Design Language: An Overview Drew Gardner.

Design-Directed Programming Martin Rinard Daniel Jackson MIT Laboratory for Computer Science.

CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur

SystemC Semantics by Actors and Reduction Techniques in Model Checking Marjan Sirjani Formal Methods Lab, ECE Dept. University of Tehran, Iran MoCC 2008.

Hardware/Software Co-Design of Complex Embedded System NIKOLAOS S. VOROS, LUIS SANCHES, ALEJANDRO ALONSO, ALEXIOS N. BIRBAS, MICHAEL BIRBAS, AHMED JERRAYA.

Automaton-Based Approach for Defining Dynamic Semantics of DSLs Ulyana Tikhonova St. Petersburg State Polytechnical University,

Lecture and laboratory No. 10 Modeling product as system Óbuda University John von Neumann Faculty of Informatics Institute of Applied Mathematics Master.

Software Design Methodology

The Extensible Tool-chain for Evaluation of Architectural Models

Shanna-Shaye Forbes Ben Lickly Man-Kit Leung

Chapter 20 Object-Oriented Analysis and Design

CS 501: Software Engineering Fall 1999

An Introduction to Software Architecture

Presentation transcript:

1 LiSyC ENSIETA/DTN 02/04/2008 AADL execution semantics transformation for formal verification Joel Champeau, Thomas Abdoul, Pierre Yves Pillain, Philippe Dhaussy, Jean Charles Roger LiSyC ENSIETA/DTN

2 LiSyC ENSIETA/DTN 02/04/2008 Context MDD approach for embedded systems MDD approach provides opportunity to develop or to couple analysis methods and tools. Multiformalism inputs for a same formal technique. Improvements of modeling techniques for this purpose: –View point dedicated to behavioral analysis. –Including execution models in metamodels

3 LiSyC ENSIETA/DTN 02/04/2008 Observer Based Prover (OBP) Environment Simulation & exploration of Transition system Property Observer Restriction Automata Context Automata System Composition IF-2 Programs Transformations Models (SDL, UML, AADL) Formal model (IF-2) Platform Models Diagnostic Models Diagnostics Plugging Eclipse / TopCased OBP platform is developed in the TOPCASED project context* Requirement and context Models (CDL) * Granded by French industry ministry

4 LiSyC ENSIETA/DTN 02/04/2008 Contents Introduction Used formalisms in the transformation –Target language : IF Language –Source language : AADL execution model AADL model transformation –Transformation context –Structure –Behavior –Execution semantics Experiments and analysis Conclusion

5 LiSyC ENSIETA/DTN 02/04/2008 Introduction Multiformalism approach context Capitalization on: –Formal verification technique based on Observer with a tool (OBP) –Design modular and reusable transformations Improve the execution semantic modeling in the metamodel.

6 LiSyC ENSIETA/DTN 02/04/2008 Contents Introduction Used formalisms in the transformation AADL model transformation Experiments and analysis Conclusion

7 LiSyC ENSIETA/DTN 02/04/2008 IF language If language is used in the IFx framework: –If simulator –Reachability graph for analysis –Time is discrete or dense. If language –The system entity is the root concept –A system is composed of active entities = process –The processes are timed automata –The processes interact with signal based on asynchronous communications. Advantages of the IF language –Timed behavior modeling –Asynchronous communication –Efficient tooling

8 LiSyC ENSIETA/DTN 02/04/2008 AADL language Based on hierarchical definition of components: –Software and hardware categories –Connection and port for communication –Behavior annex to describe the inside component behavior. NTIF language for our purpose, due to its clear and precise semantics. –Execution model precisely defined: Process and Thread management Concept of mode AADL properties –Adding dedicated information –Standard and custom properties Properties for execution model –Subprogram invocation = Server_Call_Protocol (Synchronous, half synchronous or asynchronous) –Dispatch_Protocol = period value for periodical Threads –Port mechanism with Queue_Size, Queue_Processing_Protocol, Overflow_Handling_Protocol

9 LiSyC ENSIETA/DTN 02/04/2008 AADL language Control automaton for Thread dispatch protocol –Without modes Thread initialization Wait For Dispatch Thread Computation complete initialization assert t <= Initialize_Deadline ? Enabled(t) Dispatch computation t<- 0 complete computation assert t <= Compute_Deadline t<- 0 Thread halted a b Buffer (Port a) Internal counter (Port b) AADL Thread 3 aaa b aa

10 LiSyC ENSIETA/DTN 02/04/2008 AADL language Control automaton for Thread dispatch protocol Thread initialization Wait For Dispatch Thread Computation complete initialization assert t <= Initialize_Deadline ? Enabled(t) Dispatch computation t<- 0 complete computation assert t <= Compute_Deadline t<- 0 Thread halted a b Buffer (Port a) Internal counter (Port b) AADL Thread 1 aa

11 LiSyC ENSIETA/DTN 02/04/2008 AADL language Control automaton for Thread dispatch protocol Thread initialization Wait For Dispatch Thread Computation complete initialization assert t <= Initialize_Deadline ? Enabled(t) Dispatch computation t<- 0 complete computation assert t <= Compute_Deadline t<- 0 Thread halted a b Buffer (Port a) Internal counter (Port b) AADL Thread 3 aaa b aa

12 LiSyC ENSIETA/DTN 02/04/2008 Contents Introduction Used formalisms in the transformation AADL model transformation Experiments and analysis Conclusion

13 LiSyC ENSIETA/DTN 02/04/2008 Transformation context Eclipse/EMF framework IF metamodel created –120 metaclasses with 17 abstract classes AADL metamodel –Standard Eclipse implementation –254 metaclasses with 56 abstract classes –NTIF metamodel created for behavior annex Kermeta metalanguage [INRIA/Triskell] –For complementary metamodeling –Transformation with Visitor pattern

14 LiSyC ENSIETA/DTN 02/04/2008 Structure transformation Validation purpose, focus on: –Behavior of software components –Process and Thread with port management Basic concept equivalences –AADL SystemImpl to IF System –AADL data types to IF types –Process and Thread to IF process Port and properties –Port management with Event and EventData to IF Signals with independent process –Time value of the thread Dispatch_Protocol property memorized and processed. Conclusion –Static structure mapped to the IF structure –Execution information via properties are memorized

15 LiSyC ENSIETA/DTN 02/04/2008 Behavior transformation Including : –Behavior description with the NTIF language –AADL Subprogram management Behavior description –NTIF and IF are closed –But NTIF provides high level instructions, like Select: Several transition out of a state to intermediate states with property on transitions AADL Subprogram –Property Server_Call_Protocol = HSER (synchronous call)

16 LiSyC ENSIETA/DTN 02/04/2008 Behavior transformation IF result for a subprogram call. state Producer_Receive; deadline eager; provided put_bitReceives = 7; fork process_subprogram_put(word,self); nextstate Producer_Receive_wait_put; …. endstate; state Producer_Receive_wait_put; deadline eager; input put_return(); task put_bitReceives := 0; nextstate Producer_End; endstate; state Producer_End; …. Endstate;

17 LiSyC ENSIETA/DTN 02/04/2008 Execution model transformation Execution model is not explicitly in the metamodel definition –Definition is splitted in several properties –Control automaton for thread management only in the standard Control automaton –States are added –IF clocks for transition guards –Thread computation state is the behavior of the thread Thread initialization Wait For Dispatch Thread Computation complete initialization assert t <= Initialize_Deadline ? Enabled(t) Dispatch computation t<- 0 complete computation assert t <= Compute_Deadline t<- 0 Thread halted

18 LiSyC ENSIETA/DTN 02/04/2008 Execution model transformation Port management and the dispatch protocol a b Internal buffer (Port a) Internal counter (Port b) 1 aabb aaa IF Dispatch Process aaa 2 IF ThreadProcess aa 1 « public » Control and data signals AADL Thread

19 LiSyC ENSIETA/DTN 02/04/2008 Execution model transformation To improve the execution model transformation: –2 metaclasses added: DispatchBehavior –Properties to control the dispatch mechanism. –Queue_Processing_Protocol, Queue_Processing_Protocol, Dispatch_Protocol, … Behavior –Entry point for the behavior –Execution deadline with the value of Thread_Comptutation_Deadline Control automaton management (3 versions) 1.Hard coded in the transformation 2.IF model loaded 3.Beginning of a metamodeled definition to complete the AADL metamodel

20 LiSyC ENSIETA/DTN 02/04/2008 Experiments and analysis Application on Sensor/Filter model –Real time application with different frequencies for the threads –Sporadic and period threads Transformation metrics –AADL model 417 objects from 62 metaclasses (out of 254, and 56 abstracts) –IF Model 512 objects from 59 metaclasses (out of 120 and 17 abstracts) IF model growing –The behavior transformation creates more transitions and states –The execution model is not explicitly defined in the source model. Execution model metaclasses instantiated before applying transformation. Modular transformation implementation based on 3 parts: –Structure –Behavior –Execution model

21 LiSyC ENSIETA/DTN 02/04/2008 Conclusion AADL to IF transformation –AADL metamodel analysis –Execution model analysis for our purpose –Modular and reusable implementation Using Kermeta: –Adding concepts by metamodel veawing. Any impact on the ECore “standard” implementation –Transformation implementation with the extended metamodel. Future works –Complete the transformation. –Test on other AADL models –Improve the execution model definition Adding the control automaton definition in the metamodel

22 LiSyC ENSIETA/DTN 02/04/2008 Questions ?