The SynchAADL2Maude Tool Demo - The Maude...

The SynchAADL2Maude Tool Demo

Kyungmin Bae1, Peter Ölveczky2, Abdullah Al-Nayeem1, and José Meseguer1

1University of Illinois at Urbana-Champaign2University of Oslo

Bae, Ölveczky, et al. (UIUC, UiO) 1 / 35

Outline

1 Basic OSATE

2 Invoking SynchAADL2Maude

3 Synchronous AADL Constraints Checker

4 Code Generation and Simulation

5 Model Checking Synchronous AADL Models


Outline

1 Basic OSATE






OSATE

OSATE is atoolset for AADLgiven by a set ofEclipse plugins.

This is the firstscreen that youcan see when youexecute OSATE.


OSATE - Importing an Example (I)

We start with asimple example.

First, we willimport the ActiveStandby example.


OSATE - Importing an Example (II)

The activestandby examplein out toolwebpage can beimported as anexisting project.


The Active Standby Example - Text

Main.aadl is atop-level systemfile that shows abrief architecture.

SynchAADLproperties aredeclared here, toexpress that thissystem is inSynchronousAADL


The Active Standby Example - Graphic

The AADLgraphical model ofthe active standbyexample is alsogiven in the fileMain.aaxldi


The Active Standby Example - XML

The AADL XMLmodel of theactive standbyexample isautomaticallygenerated byOSATE in the fileMain.aaxl


The Active Standby Example - Instance Model

We can create aninstance modelfrom a systemimplementation bypressing theInstantiate

system button.

The top levelsystemimplementation ofthe active standbysystem isinstantiated here.


Outline

1 Basic OSATE






Invoking the SynchAADL2Maude Window

TheSynchAADL2-Maude windowcan be invokedfrom an AADLinstant model.


AADL Maude Property Editor Wizards

From the Filemenu, we cancreate an AADLMaude PropertyEditor file.


Creating an AADL Maude Property File

We can chooseany valid AADLinstance modelfrom the wizard.


The SynchAADL2Maude Window

This screen showsthe SynchAADL2-Maude window.

There are fourbuttons in thiswindow:Constraints

Check,Code

Generation,Perform

Simulation, andPerform

Verification.


Outline

1 Basic OSATE






Checking SynchAADL Constraints

We can checkSynchAADLconstraints byclicking on theConstraints

Check button.


SynchAADL Constraints - Erroneous Cases (I)

What if someSynchAADLconstraint is notsatisfied?

We add an invalidimmediateconnection, andsee whathappened.


SynchAADL Constraints - Erroneous Cases (II)

Our tool thennotifies errors.


Outline

1 Basic OSATE






The Active Standby Example

Let us go back tothe correct model.


Real-Time Maude Code Generation (I)

We canautomaticallycreate thecorrespondingReal-Time Maudemodel from aSynchronousAADL model byclicking on theCode Generation

button.


Real-Time Maude Code Generation (II)

We can find thegeneratedReal-Time Maudemodel on theAADL navigatorsidebar.


Maude Development Tool Setting

When a Maudefile is firstexecuted, theMDT settingwindow ispopped-up.

The correct pathsof both a Maudebinary file and aFull Maude fileshould beinserted.

If “logging to file”is enabled, weshould also inserta console logdirectory.


SynchAADL Simulation in Real-Time Maude

We can simulate agiven modelwithin somebound by pressingthe PerformSimulation

button.

The result will beshown in theMaude Console.


Outline

1 Basic OSATE






XML Property File (I)

AADL Maudeproperty files areactually XMLfiles.

We can see andmodify thecontent of the fileby clicking on theright tab at thebottom.


XML Property File (II)

The LTL formulascan be defined bydefinition tags.

The LTLspecifications tobe verified aredefined incommand tags.

Let us copy andpaste the propertydefinitions fromthe active standbyexample in thetool webpage.


Model Checking LTL Specifications (I)

The LTLspecification to beverified are shownin the AADLProperty

Requirement

table.


Model Checking LTL Specifications (II)

When we pressthe PerformVerification

button, the LTLproperties in thetable are modelchecked inReal-Time Maude.

The modelchecking resultwill be shown inthe MaudeConsole.


Model Checking LTL Specifications (III)

Here is the modelchecking result ofthe active standbyexample in alarger window.


Model Checking LTL Specifications (IV)

SynchAADL2-Maude creates theReal-Time Maudeverification modelfrom a XMLproperty file.

The verificationmodel can be alsofound in theAADL Navigatorsidebar.


Counterexamples (I)

If a given LTLproperty is notsatisfied in amodel, then acounterexample isgenerated.

We illustrate suchcounterexampleswith an incorrectLTL specificationfor the activestandby model.


Counterexamples (II)

Here is ageneratedcounterexample inSynchAADL2-Maude.

For each state, acomponent nameand its localvariables aredisplayed.


Thank you!


Basic OSATEInvoking SynchAADL2MaudeSynchronous AADL Constraints CheckerCode Generation and SimulationModel Checking Synchronous AADL Models

Date post:	04-Feb-2021
Category:	Documents
Upload:	others
View:	1 times
Download:	0 times

The SynchAADL2Maude Tool Demo - The Maude...

Documents