apecs: an aadl and polychrony based embedded computing...
TRANSCRIPT
Problem and MotivationApproach
Current Project StatusRelated Work
Conclusion
APECS: An AADL and Polychrony basedEmbedded Computing System Design
Environment with an Elevator Control Case Study
Matthew Anderson and Sandeep K. ShuklaVirginia Tech.
Partially funded by US Air Force Research Labs
Matthew Anderson and Sandeep K. Shukla Virginia Tech.AADL and Polychrony based Embedded Computing System Design Environment 1/ 24
Problem and MotivationApproach
Current Project StatusRelated Work
Conclusion
Outline of the talk
1 Problem and Motivation
2 Approach
3 Current Project Status
4 Related Work
5 Conclusion
Matthew Anderson and Sandeep K. Shukla Virginia Tech.AADL and Polychrony based Embedded Computing System Design Environment 2/ 24
Problem and MotivationApproach
Current Project StatusRelated Work
Conclusion
Platform DesignSoftwarePolychrony
Presentation Outline
1 Problem and Motivation
2 Approach
3 Current Project Status
4 Related Work
5 Conclusion
Matthew Anderson and Sandeep K. Shukla Virginia Tech.AADL and Polychrony based Embedded Computing System Design Environment 2/ 24
Problem and MotivationApproach
Current Project StatusRelated Work
Conclusion
Platform DesignSoftwarePolychrony
Platform Design
Architecture Analysis and Design Language (AADL)SAE International standard and framework for model basedsoftware systems
AADL and its accompanying tool suites provide a modelingenvironment that allow for modeling:
Target hardware platformsComplete software hierarchiesStatic and Dynamic system properties
Real-Time SchedulabilityResource Utilization
Matthew Anderson and Sandeep K. Shukla Virginia Tech.AADL and Polychrony based Embedded Computing System Design Environment 3/ 24
Problem and MotivationApproach
Current Project StatusRelated Work
Conclusion
Platform DesignSoftwarePolychrony
Platform Design
Architecture Analysis and Design Language (AADL)SAE International standard and framework for model basedsoftware systems
AADL and its accompanying tool suites provide a modelingenvironment that allow for modeling:
Target hardware platformsComplete software hierarchiesStatic and Dynamic system properties
Real-Time SchedulabilityResource Utilization
Matthew Anderson and Sandeep K. Shukla Virginia Tech.AADL and Polychrony based Embedded Computing System Design Environment 3/ 24
Problem and MotivationApproach
Current Project StatusRelated Work
Conclusion
Platform DesignSoftwarePolychrony
Software Hierarchy
OcarinaAn AADL tool suite developed in Ada to support buildingDistributed Real-Time Embedded Systems
Syntactic and Semantic AnalysisAutomated Code GenerationSupports a variety of software languages
C/C++AdaLustre and Esterel
So, what’s missing?
Matthew Anderson and Sandeep K. Shukla Virginia Tech.AADL and Polychrony based Embedded Computing System Design Environment 4/ 24
Problem and MotivationApproach
Current Project StatusRelated Work
Conclusion
Platform DesignSoftwarePolychrony
Software Hierarchy
OcarinaAn AADL tool suite developed in Ada to support buildingDistributed Real-Time Embedded Systems
Syntactic and Semantic AnalysisAutomated Code GenerationSupports a variety of software languages
C/C++AdaLustre and Esterel
So, what’s missing?
Matthew Anderson and Sandeep K. Shukla Virginia Tech.AADL and Polychrony based Embedded Computing System Design Environment 4/ 24
Problem and MotivationApproach
Current Project StatusRelated Work
Conclusion
Platform DesignSoftwarePolychrony
Software Hierarchy
OcarinaAn AADL tool suite developed in Ada to support buildingDistributed Real-Time Embedded Systems
Syntactic and Semantic AnalysisAutomated Code GenerationSupports a variety of software languages
C/C++AdaLustre and Esterel
So, what’s missing?
Matthew Anderson and Sandeep K. Shukla Virginia Tech.AADL and Polychrony based Embedded Computing System Design Environment 4/ 24
Problem and MotivationApproach
Current Project StatusRelated Work
Conclusion
Platform DesignSoftwarePolychrony
Motivations for Polychrony
A lack of formal semantics in C/Ada make verification difficult
Lustre and Esterel have fully synchronous specifications.Software specifications still require a fine granularity, at thethread or function level.Thread synchronization
OversynchronizationDeadlock
What can be done?→ Extend the backend of Ocarina with support for polychronousspecifications from MRICDF sources.
Matthew Anderson and Sandeep K. Shukla Virginia Tech.AADL and Polychrony based Embedded Computing System Design Environment 5/ 24
Problem and MotivationApproach
Current Project StatusRelated Work
Conclusion
Platform DesignSoftwarePolychrony
Motivations for Polychrony
A lack of formal semantics in C/Ada make verification difficultLustre and Esterel have fully synchronous specifications.
Software specifications still require a fine granularity, at thethread or function level.Thread synchronization
OversynchronizationDeadlock
What can be done?→ Extend the backend of Ocarina with support for polychronousspecifications from MRICDF sources.
Matthew Anderson and Sandeep K. Shukla Virginia Tech.AADL and Polychrony based Embedded Computing System Design Environment 5/ 24
Problem and MotivationApproach
Current Project StatusRelated Work
Conclusion
Platform DesignSoftwarePolychrony
Motivations for Polychrony
A lack of formal semantics in C/Ada make verification difficultLustre and Esterel have fully synchronous specifications.Software specifications still require a fine granularity, at thethread or function level.
Thread synchronizationOversynchronizationDeadlock
What can be done?→ Extend the backend of Ocarina with support for polychronousspecifications from MRICDF sources.
Matthew Anderson and Sandeep K. Shukla Virginia Tech.AADL and Polychrony based Embedded Computing System Design Environment 5/ 24
Problem and MotivationApproach
Current Project StatusRelated Work
Conclusion
Platform DesignSoftwarePolychrony
Motivations for Polychrony
A lack of formal semantics in C/Ada make verification difficultLustre and Esterel have fully synchronous specifications.Software specifications still require a fine granularity, at thethread or function level.Thread synchronization
OversynchronizationDeadlock
What can be done?→ Extend the backend of Ocarina with support for polychronousspecifications from MRICDF sources.
Matthew Anderson and Sandeep K. Shukla Virginia Tech.AADL and Polychrony based Embedded Computing System Design Environment 5/ 24
Problem and MotivationApproach
Current Project StatusRelated Work
Conclusion
Platform DesignSoftwarePolychrony
Motivations for Polychrony
A lack of formal semantics in C/Ada make verification difficultLustre and Esterel have fully synchronous specifications.Software specifications still require a fine granularity, at thethread or function level.Thread synchronization
OversynchronizationDeadlock
What can be done?→ Extend the backend of Ocarina with support for polychronousspecifications from MRICDF sources.
Matthew Anderson and Sandeep K. Shukla Virginia Tech.AADL and Polychrony based Embedded Computing System Design Environment 5/ 24
Problem and MotivationApproach
Current Project StatusRelated Work
Conclusion
Modeling the PlatformSoftware Development
Presentation Outline
1 Problem and Motivation
2 Approach
3 Current Project Status
4 Related Work
5 Conclusion
Matthew Anderson and Sandeep K. Shukla Virginia Tech.AADL and Polychrony based Embedded Computing System Design Environment 5/ 24
Problem and MotivationApproach
Current Project StatusRelated Work
Conclusion
Modeling the PlatformSoftware Development
Elevator Design Study
APECS Design ApproachTop-down system model design illustrated using an ElevatorCase Study
Physical RequirementsCentralized ControlBank of four elevatorsService five floors
Safety and BehaviorTimely OperationSafe door operationFire emergency response
Matthew Anderson and Sandeep K. Shukla Virginia Tech.AADL and Polychrony based Embedded Computing System Design Environment 6/ 24
Problem and MotivationApproach
Current Project StatusRelated Work
Conclusion
Modeling the PlatformSoftware Development
Elevator Design Study
APECS Design ApproachTop-down system model design illustrated using an ElevatorCase Study
Physical RequirementsCentralized ControlBank of four elevatorsService five floors
Safety and BehaviorTimely OperationSafe door operationFire emergency response
Matthew Anderson and Sandeep K. Shukla Virginia Tech.AADL and Polychrony based Embedded Computing System Design Environment 6/ 24
Problem and MotivationApproach
Current Project StatusRelated Work
Conclusion
Modeling the PlatformSoftware Development
Elevator Design Study
APECS Design ApproachTop-down system model design illustrated using an ElevatorCase Study
Physical RequirementsCentralized ControlBank of four elevatorsService five floors
Safety and BehaviorTimely OperationSafe door operationFire emergency response
Matthew Anderson and Sandeep K. Shukla Virginia Tech.AADL and Polychrony based Embedded Computing System Design Environment 6/ 24
Problem and MotivationApproach
Current Project StatusRelated Work
Conclusion
Modeling the PlatformSoftware Development
Top-Level Systems
Matthew Anderson and Sandeep K. Shukla Virginia Tech.AADL and Polychrony based Embedded Computing System Design Environment 7/ 24
Problem and MotivationApproach
Current Project StatusRelated Work
Conclusion
Modeling the PlatformSoftware Development
Refining Systems
Matthew Anderson and Sandeep K. Shukla Virginia Tech.AADL and Polychrony based Embedded Computing System Design Environment 8/ 24
Problem and MotivationApproach
Current Project StatusRelated Work
Conclusion
Modeling the PlatformSoftware Development
Refining Systems Cont’d
Matthew Anderson and Sandeep K. Shukla Virginia Tech.AADL and Polychrony based Embedded Computing System Design Environment 9/ 24
Problem and MotivationApproach
Current Project StatusRelated Work
Conclusion
Modeling the PlatformSoftware Development
Door Behavior
State Table
State Machine
Matthew Anderson and Sandeep K. Shukla Virginia Tech.AADL and Polychrony based Embedded Computing System Design Environment 10/ 24
Problem and MotivationApproach
Current Project StatusRelated Work
Conclusion
Modeling the PlatformSoftware Development
MRICDF Door Control Process
Matthew Anderson and Sandeep K. Shukla Virginia Tech.AADL and Polychrony based Embedded Computing System Design Environment 11/ 24
Problem and MotivationApproach
Current Project StatusRelated Work
Conclusion
Modeling the PlatformSoftware Development
Clock Tree
Matthew Anderson and Sandeep K. Shukla Virginia Tech.AADL and Polychrony based Embedded Computing System Design Environment 12/ 24
Problem and MotivationApproach
Current Project StatusRelated Work
Conclusion
Modeling the PlatformSoftware Development
MRICDF Door Control Process
Matthew Anderson and Sandeep K. Shukla Virginia Tech.AADL and Polychrony based Embedded Computing System Design Environment 13/ 24
Problem and MotivationApproach
Current Project StatusRelated Work
Conclusion
Modeling the PlatformSoftware Development
Associating Software Behavior with AADL
process controllerFeatures
......
end controller
process implementation controller.cProperties
...source_name => "MRICDF_Controller";source_language => MRICDF;source_location => "../PATH";
end controller.c
Matthew Anderson and Sandeep K. Shukla Virginia Tech.AADL and Polychrony based Embedded Computing System Design Environment 14/ 24
Problem and MotivationApproach
Current Project StatusRelated Work
Conclusion
Modeling the PlatformSoftware Development
Ocarina Generation Frontend
Frontend (AADL v 1.0 & v 2.0)
Parse AADL filesSyntactic AnalysisSemantic Analysis
Matthew Anderson and Sandeep K. Shukla Virginia Tech.AADL and Polychrony based Embedded Computing System Design Environment 15/ 24
Problem and MotivationApproach
Current Project StatusRelated Work
Conclusion
Modeling the PlatformSoftware Development
Ocarina Generation Backend
Backend (Source Language)
ExpansionIntermediate TreeCode Generation
Matthew Anderson and Sandeep K. Shukla Virginia Tech.AADL and Polychrony based Embedded Computing System Design Environment 16/ 24
Problem and MotivationApproach
Current Project StatusRelated Work
Conclusion
Modeling the PlatformSoftware Development
Dynamically Adding Threads
Matthew Anderson and Sandeep K. Shukla Virginia Tech.AADL and Polychrony based Embedded Computing System Design Environment 17/ 24
Problem and MotivationApproach
Current Project StatusRelated Work
Conclusion
Modeling the PlatformSoftware Development
Dynamically Adding Threads Cont’d
Matthew Anderson and Sandeep K. Shukla Virginia Tech.AADL and Polychrony based Embedded Computing System Design Environment 18/ 24
Problem and MotivationApproach
Current Project StatusRelated Work
Conclusion
Modeling the PlatformSoftware Development
Dynamically Adding Threads Cont’d
Matthew Anderson and Sandeep K. Shukla Virginia Tech.AADL and Polychrony based Embedded Computing System Design Environment 19/ 24
Problem and MotivationApproach
Current Project StatusRelated Work
Conclusion
Platform Design
Presentation Outline
1 Problem and Motivation
2 Approach
3 Current Project Status
4 Related Work
5 Conclusion
Matthew Anderson and Sandeep K. Shukla Virginia Tech.AADL and Polychrony based Embedded Computing System Design Environment 19/ 24
Problem and MotivationApproach
Current Project StatusRelated Work
Conclusion
Platform Design
Status and Future Work
An extension has been written for Ocarina to accept codegenerated by MRICDFA new code generation option has been added for dynamicallyparsing and adding threads.
Planned Additions:Updates to MRICDF to streamline code generationInclusion of analysis for Real-time properties and codeverificationGenerate bus interface for distributed communication
Matthew Anderson and Sandeep K. Shukla Virginia Tech.AADL and Polychrony based Embedded Computing System Design Environment 20/ 24
Problem and MotivationApproach
Current Project StatusRelated Work
Conclusion
Platform Design
Status and Future Work
An extension has been written for Ocarina to accept codegenerated by MRICDFA new code generation option has been added for dynamicallyparsing and adding threads.Planned Additions:
Updates to MRICDF to streamline code generationInclusion of analysis for Real-time properties and codeverificationGenerate bus interface for distributed communication
Matthew Anderson and Sandeep K. Shukla Virginia Tech.AADL and Polychrony based Embedded Computing System Design Environment 20/ 24
Problem and MotivationApproach
Current Project StatusRelated Work
Conclusion
General ToolsOther Polychronous Developments
Presentation Outline
1 Problem and Motivation
2 Approach
3 Current Project Status
4 Related Work
5 Conclusion
Matthew Anderson and Sandeep K. Shukla Virginia Tech.AADL and Polychrony based Embedded Computing System Design Environment 20/ 24
Problem and MotivationApproach
Current Project StatusRelated Work
Conclusion
General ToolsOther Polychronous Developments
Related AADL tools
A lot of work has been done on creating tools for AADLdevelopment:
OSATE as an environment for textual and graphicaldevelopementOcarina supports code generation from modelsCheddar performs software schedulability analysisA number of model verification and analysis tools: COMPASSand BIP
Matthew Anderson and Sandeep K. Shukla Virginia Tech.AADL and Polychrony based Embedded Computing System Design Environment 21/ 24
Problem and MotivationApproach
Current Project StatusRelated Work
Conclusion
General ToolsOther Polychronous Developments
AADL to Signal
”Toward polychronous analysis and validation for timed softwarearchitectures in AADL”Y. Ma, H. Yu, T. Gautier, P. Le Guernic, J.P. Talpin, L.Besnard, and M. Heitz
Translates an entire AADL model into SignalFormally analyze the translated modelSimulate the behavior of the translated model
Instead APECS:Acts as an extension of the AADL development environmentIs aimed at generating executables for the targeted physicalplatform
Matthew Anderson and Sandeep K. Shukla Virginia Tech.AADL and Polychrony based Embedded Computing System Design Environment 22/ 24
Problem and MotivationApproach
Current Project StatusRelated Work
Conclusion
General ToolsOther Polychronous Developments
AADL to Signal
”Toward polychronous analysis and validation for timed softwarearchitectures in AADL”Y. Ma, H. Yu, T. Gautier, P. Le Guernic, J.P. Talpin, L.Besnard, and M. Heitz
Translates an entire AADL model into SignalFormally analyze the translated modelSimulate the behavior of the translated model
Instead APECS:Acts as an extension of the AADL development environmentIs aimed at generating executables for the targeted physicalplatform
Matthew Anderson and Sandeep K. Shukla Virginia Tech.AADL and Polychrony based Embedded Computing System Design Environment 22/ 24
Problem and MotivationApproach
Current Project StatusRelated Work
Conclusion
Presentation Outline
1 Problem and Motivation
2 Approach
3 Current Project Status
4 Related Work
5 Conclusion
Matthew Anderson and Sandeep K. Shukla Virginia Tech.AADL and Polychrony based Embedded Computing System Design Environment 22/ 24
Problem and MotivationApproach
Current Project StatusRelated Work
Conclusion
Conclusion
The APECS framework is based on the AADL developmenttools Osate / Ocarina and the polychronous tool EmCodeSynAPECS provides a environment for modeling end to endsystemsSoftware behavior is explicitly specified and formally verifiable
As opposed to informal specifications in C or AdaFree from additional synchronization constrainsts ofEsterel/Lustre
We illustrate this with the Elevator System
Matthew Anderson and Sandeep K. Shukla Virginia Tech.AADL and Polychrony based Embedded Computing System Design Environment 23/ 24
Any Questions?