Guaranteed Component Assembly with Round Trip Analysis for Energy Efficient
High-integrity Multi-core Systems
Artemis-AAL day7 May, Budapest
1BME and AENSys
CONCERTO A direct continuation of the CHESS
project further enhance MDE based design and analysis techniues for multiple domains
Partners:
2Presentation Title and/or Meeting ReferenceBME and AENSys
What domains are we aiming?
Original CHESS domains mainly safety critical Telecom
• Ethernet Microwave system AeroSpace
• Avionics – AIRBUS case study• Space – ATRIUM satelite
Automotive• AUTOSAR
New domains would benefit from verification Petroleum
• Safety/Risk management system Medical
• Telecare
3Presentation Title and/or Meeting ReferenceBME and AENSys
CONCERTO Project Overview
Building Upon CHESS Achievements
Definition of a Multi-Concern Component Methodology and Toolset Provide a Multi-Concern Component Modeling Language and a
Graphical Modelling Environment that fits multiple industrial domains
Enable the specification of extra-functional properties of software components
Integrate tools for the verification of extra-functional properties
Preserve verified properties at run time
Adaptation of standards and open sources OMG modeling languages Eclipse Environment
ARTEMIS 4
CONCERTO Project Overview
The CHESS approach
Model-driven engineering Models as the central development artifacts Tool assisted automated development
Component based development Specialized to capture the extra-functional requirements
of components
Extra-functional properties of interest Real Time Dependability and Safety
ARTEMIS 5
CONCERTO Project Overview
Initial vision: MDA with separation of concerns and back-propagation
PIM
Platform description
Deployment information
PSM
Design space
Implementation / analysis space
1. You construct a PIM to represent your solution to your problem, independent of any specific implementation
2. You complement the PIM with information on the target platform and the deployment plan
3. The design environment generates a PSM automatically via model transformation
5. The back-end tool reports the analysis results back on to the PSM and attaches them to the corresponding entities in the PIM
6. You change entities’ attributes in the PIM as needed and iterate the analysis until the system is satisfactory in all the functional and extra-functional dimensions of interest
Analysis tool
4. A back-end tool extracts information from the PSM to feed specialized analysis tools (schedulability, dependability, etc…)
The PSM is read-only!
- This assures the relative consistency of PIM and PSM- And it shifts the responsibility of correctness from the designer to the transformation designer
ARTEMIS 6
Exec
utio
n en
viro
n m
ent
Impl
emen
tati
on
spac
e
Property – preserving Implementation
Execution platforms
Des
ign
spac
e
User model
Deployment view
Analysis view
Extra-functional
Functional view
Analysis view
Domain – specific views
PIMHW Description
Resources, #nodes, #cores, …
Read-only PSM
Model Transformation
Mod
el v
alid
ation
Analysis toolsModel Transformation
Model Transformation
source code parsing
monitoring
Back-propagation
Met
hodo
logy
executes on
Mod
elin
g la
ngua
ge Component
modelUML
MARTE SysML
CONCERTO Profile
defines
Code generation
A
B
E
C
D
CONCERTO Project Overview
Cross-domain challenges Furthering separation of concerns enacted by
design views Enriching the component model at the center of
the software architecture Support for component hierarchies Support for event-based integration with platform
middleware Support for modeling (and analysing) operation modes
Augmenting back-propagation capabilities from run-time observations What run-time information is useful to capture How to back propagate it to the user model space for
model assessment
ARTEMIS 9
CONCERTO Project Overview
Specialized needs Enriching safety modeling and analysis
Support for error simulation and enrichment of behavioral models
Support for instance-level safety modeling and refinement of metamodel
Model execution Provision of a PIM-level environment for the
verification of model behavior
Bridging the gap to system level Essential to increase take up of CONCERTO
solutions in production
ARTEMIS 10
CONCERTO Project Overview
Platform-specific challenges
Support for multicore targets How should the user be aware of multicore
platforms What code to generate for multicores
• What solutions for multicore scheduling and analysis
Run-time monitoring• For property preservation (enforcement)
Support for isolation via resource partitioning Directly on model level
ARTEMIS 11
Overview – Telecare demonstrator
13
Sensor 1 – 3rd party
Sensor 2 - Android
Sensor 3 – own constr.
Middleware – ODroid
Sever –Drools
Sensor 4 – prop.
3rd party – Smart home
ANT+
MQTT
BT - HDP
Prop.
HL7
HL7
BME and AENSys
Overview – Telecare demonstrator
14
Sensor 1
Sensor 2
Sensor 3
Middleware – ODroid
Sever –Drools
Sensor 4 Alarmmannen – Smart home
M2M Data Server
ANT+
MQTT
BT - HDP
Prop. Prop.
HL7
HL7
Common interface from sensor data to manipulation
Data migration and conversion
Sensor 1 – 3rd party
Sensor 2 - Android
Sensor 3 – own constr.
Sensor 4 – prop.
BME and AENSys
Our goals
First steps to a round-trip model based design and analysis approach for telecare Availablity/Timing analysis
• WCRT execution time estimation MAST• Safety-barrier analysis• Back-annotation using query-driven traceability
Allocation and reconfiguration of components run-time reallocation of tasks
Domain Specific Language for the telecare domain Direct code and configuration generation
CONCERTO Tooling Workflow based transformation chains
15BME and AENSys