Alain Plantec

AADL modeling and analysis of hierarchical schedulers

A system based on a hierarchical scheduler is a system in which the processor is shared between several collaborative schedulers. Such schedulers exist since 1960 and they are becoming more and more investigated and proposed in real-life applications. For example, the ARINC 653 international standard which defines an Ada interface for avionic real time operating systems provides such a kind of collaborative schedulers. This article focuses on the modeling and the performance analysis of hierarchical schedulers. We investigate the modeling of hierarchical schedulers with AADL. Hierarchical scheduler timing and synchronization relationships are expressed with a domain specific language based on timed automata: the Cheddar language. With the meta CASE tool Platypus, we generate Ada packages implementing the Cheddar language. These Ada packages are part of Cheddar, a real time scheduling simulator. With these Ada packages, Cheddar is able to perform analysis by scheduling simulation of AADL systems composed of hierarchical schedulers. An AADL model of the ARINC 653 hierarchical scheduling is described as an illustration.

Validate, simulate, and implement ARINC653 systems using the AADL

Safety-critical systems are widely used in different domains and lead to an increasing complexity. Such systems rely on specific services such space and time isolation as in the ARINC653 avionics standard. Their criticality requires a carefully driven design based on an appropriate development process and dedicated tools to detect and avoid problems as early as possible. Model Driven Engineering (MDE) approaches are now considered as valuable approach for building safety-critical systems. The Architecture Analysis and Design Language (AADL) proposes a component-based language suitable to operate MDE that fits with safety-critical systems needs. This paper presents an approach for the modeling, verification and implementation of ARINC653 systems using AADL. It details a modeling approach exploiting the new features of AADL version 2 for the design of ARINC653 architectures. It also proposes modeling patterns to represent other safety mechanisms such as the use of Ravenscar for critical applications. This approach is fully backed by tools with Ocarina (AADL toolsuite), POK (AADL/ARINC653 runtime) and Cheddar (scheduling verification). Thus, it assists system engineers to simulate and validate non functional requirements such as scheduling or resources dimensioning.

Can We Increase the Usability of Real Time Scheduling Theory? The Cheddar Project

The Cheddar project deals with real time scheduling theory. Many industrial projects do not perform performance analysis with real time scheduling theory even if the demand for the use of this theory is large. The Cheddar project investigates why real time scheduling theory is not used and how its usability can be increased. The Cheddar project was launched at the University of Brest in 2002. This article presents a summary of its contributions and ongoing works.

Refactoring of an Ada 95 library with a Meta CASE tool

This paper presents the refactoring work of Cheddar, a set of Ada packages which aims at providing performance analysis tools for concurrent real time applications. CASE tools can be used for such a purpose. However, we chose to use a meta CASE tool called Platypus. It seems that few studies exist concerning Ada and meta-modelization. Then, in this paper, we investigate how to use a meta CASE tool in order to automatically produce some parts of an Ada 95 object oriented software.

Towards user-level extensibility of an Ada library: an experiment with cheddar

In this article, we experiment a way to extend an Ada library called Cheddar. Cheddar provides a domain specific language. Programs written with this domain specific language can be interpreted in order to perform real time scheduling analysis of real time systems. By the past, different projects showed that the Cheddar programming language is useful for the modeling of real time schedulers. But these experiments also showed that the interpreter is lacking of efficiency in case of large scheduling simulations. In this article, by designing a Cheddar meta-model, we investigate on how to compile such Cheddar programs in order to extend the Cheddar library. For such a purpose, we use Platypus, a meta CASE Tool based on EXPRESS. For a given Cheddar program and with a meta-model of Cheddar handled by Platypus, we can generate a set of Ada packages. Such Ada packages can be compiled and integrated as builtin schedulers into Cheddar. Then, the efficiency of scheduling simulations can be increased.

Synchronization of Models of Rich Languages with Triple Graph Grammars: an Experience Report *

We report our experience of using Triple Graph Grammars (TGG) to synchronize models of the rich and complex Architecture Analysis and Design Language (AADL), an aerospace standard of the Society of Automotive Engineers. A synchronization layer has been developed between the OSATE (Open Source AADL Tool Environment) textual editor and the Adele graphical editor in order to improve their integration. Adele has been designed to support editing AADL models in a way that does not necessarily follow the structure of the language, but is adapted to the way designers think. For this reason, it operates on a different meta-model than OSATE. As a result, changes on the graphical model must be propagated automatically to the textual model to ensure consistency of the models. Since Adele does not cover the complete AADL language, this must be done without re-instantiation of the objects to avoid losing the information not represented in the graphical part. The TGG language implemented in the MoTE tool has been used to synchronize the tools. Our results provide a validation of the TGG approach for synchronizing models of large meta-models, but also show that model synchronization remains a challenging task, since several improvements of the TGG language and its tool were required to succeed.

An Ada design pattern recognition tool for AADL performance analysis

This article deals with performance verification of architecture models of real-time embedded systems. Although real-time scheduling theory provides numerous analytical methods called feasibility tests for scheduling analysis, their use is a complicated task. In order to assist an architecture model designer in early verification, we provide an approach, based on real-time specific design patterns, enabling an automatic schedulability analysis. This analysis is based on existing feasibility tests, whose selection is deduced from the compliance of the system to a design pattern and other systems properties. Those conformity verifications are integrated into a schedulability tool called Cheddar. We show how to model the relationships between design patterns and feasibility tests and design patterns themselves. Based on these models, we apply a model-based engineering process to generate, in Ada, a feasibility test selection tool. The tool is able to detect from an architecture model which are the feasibility tests that the designer can apply. We explain a method for a designer willing to use this approach. We also describe the design patterns defined and the selection algorithm.

Enforcing software engineering tools interoperability: An example with AADL subsets

Model-Based Engineering is now a valuable asset to design complex real-time systems. Toolchains are assembled to cover the various stages of the process: high-level modeling, analysis and code generation. Yet tools put heterogeneous requirements on models: specific modeling patterns must be respected so that a given analysis is performed. This creates an interoperability paradox: models must be tuned not given system requirements, but to abide to tools capabilities. In this paper, we propose a systematic process to define the definition, comparison and enforcement of tools-specific subsets. Thus, we guide the user in selecting the tools that could support its engineering process. Our contribution is illustrated in the context of the AADL Architecture Design Language.

Comparison of Six Ways to Extend the Scope of Cheddar to AADL v2 with Osate

Cheddar is a framework dedicated to the specification of real-time schedulers, and to their analysis by simulation. It is developed in Ada. Some parts of its modular architecture are generated by Platypus, a software engineering tool based on the STEP standards. Cheddar owns a dedicated specification language. It can also process AADL v1 specifications. In order to extend the scope of Cheddar to AADL v2 specifications, we introduced a translation component called Dairy. It aims at creating valid Cheddar data from AADL v2 specifications. The frontend of Dairy comes from Osate v2. Hence, the backend of Dairy must produce Cheddar data from instances of the AADL metamodel that has been implemented into Osate. Both of Cheddar and Osate are legacy systems built with different frameworks, different standards and different languages. Hence, the design of Dairy poses the problem of their integration. We postulate that an implemented metamodel should neither be rewritten nor be duplicated in order to keep unchanged its legacy equipment. Then, integration should better rely on data interoperability standards. In this paper, we illustrate this idea by investigating six different designs of Dairy to perform the integration of Cheddar and Osate. We compare them with each other according to reusability, code generation, and transformation of metamodels.

Enforcing Applicability of Real-Time Scheduling Theory Feasibility Tests with the Use of Design-Patterns

This article deals with performance verifications of architecture models of real-time embedded systems. We focus on models verified with the real-time scheduling theory. To perform verifications with the real-time scheduling theory, the architecture designers must check that their models are compliant with the assumptions of this theory. Unfortunately, this task is difficult since it requires that designers have a deep understanding of the real-time scheduling theory. In this article, we investigate how to help designers to check that an architecture model is compliant with this theory. We focus on feasibility tests. Feasibility tests are analytical methods proposed by the real-time scheduling theory. We show how to explicitly model the relationships between an architectural model and feasibility tests. From these models, we apply a model-based engineering process to generate a decision tool what is able to detect from an architecture model which are the feasibility tests that the designer can apply.