Peter H. Feiler

Software process development and enactment: concepts and definitions

A core set of concepts for the software process is defined. These concepts are intended to facilitate communications and to provide a framework for further definitions. The definitions focus on essential concepts; however, they do not represent a comprehensive glossary of common software process terms. Following an initial overview, the basic process concepts which underlie the definitions are outlined. The definitions are grouped in four sets: a framework for process definition, an engineering of process, an enactment of process, and process properties. The use of these concepts in several domains is illustrated. Some observations on the definition process are offered.<<ETX>>

Intelligent assistance for software development and maintenance

An environment is described, called Professor Marvel, that provides early error checking and answers questions about the program under development. The environment has a certain understanding of the systems being developed and how to use tools to produce software. It aids individual programmers and helps coordinate programming teams. The key components of Marvel are a database that stores data represented as objects, as in object-oriented languages, and a model of the development process that imposes a structure on programming activities. Marvels support of insight and of opportunistic processing is discussed at length, as is the handling of side effects. A sample session is described.<<ETX>>

The SAE Architecture Analysis & Design Language (AADL) a standard for engineering performance critical systems

The Society of Automotive Engineers (SAE) Architecture Analysis & Design Language, AS5506, provides a means for the formal specification of the hardware and software architecture of embedded computer systems and system of systems. It was designed to support a full Model Based Development lifecycle including system specification, analysis, system tuning, integration, and upgrade over the lifecycle. It was designed to support the integration of multiple forms of analyses and to be extensible in a standard way for additional analysis approaches. A system can be automatically integrated from AADL models when fully specified and when source code is provided for the software components. Analysis of large complex systems has been demonstrated in the avionics domain.

An Overview of the SAE Architecture Analysis & Design Language (AADL) Standard: A Basis for Model-Based Architecture-Driven Embedded Systems Engineering

Architecture Description Languages provide significant opportunity for the incorporation of formal methods and engineering models into the analysis of software and system architectures. A standard is being developed for embedded real-time safety critical systems which will support the use of various formal approaches to analyze the impact of the composition of systems from hardware and software and which will allow the generation of system glue code with the performance qualities predicted. The SAE AADL standard (International Society for Automotive Engineers (SAE) Architecture Analysis & Design Language) is based on the MetaH language developed under DARPA and US Army funding and on the model driven architectural based approach demonstrated with this technology over the last 12 years. The SAE AADL standard is aimed at supporting avionics, space, automotive, robotics and other real-time concurrent processing domains including safety critical applications.

Software management of Cm*: a distributed multiprocessor

This paper describes the software system being developed for Cm*, a distributed multi-microprocessor. This software provides for flexible, yet controlled, sharing of code and data via a capability addressed virtual memory, creation and management of groups of processes known as task forces, and efficient interprocess communication. Both the software and hardware are currently under construction at Carnegie-Mellon University.

Aspects in the industry standard AADL

Aspect-Oriented Modeling is aimed at reducing the complexity of models by separating its different concerns. In model-based development of embedded systems this separation of concerns is more important given the multiple non-functional concerns addressed by embedded systems. These concerns can include timeliness, fault-tolerance, and security to name a few. The Architecture Analysis and Design Language (AADL) is a standard architecture description language to design and evaluate software architectures for embedded systems already in use by a number of organizations around the world. In this paper we discuss our current effort to extend the language to include new features for separation of concerns. These features not only include constructs to describe design choices but also routines to verify the proper combination of constructs from different concerns. This verification includes techniques and tools from the formal methods arena integrated into the AADL development tool providing a seamless design flow. We believe that work in this direction is fundamental to tackle the potential combinatorial explosion problem of verifying the merging of multiple concerns into a final system.

Architecture Fault Modeling with the AADL Error-Model Annex

Safety-Critical systems, as used in the automotive, avionics, or aerospace domains, are becoming increasingly software-reliant to the extent that the system cannot function without the software. On one hand the software system provides an integrated set of functionality to operate the system and manage failure and unsafe conditions. Current best safety engineering practices, such as DO178B/C or SAE ARP4761, are labor intensive and are only performed as part of the system engineering process. At the same time increased interaction complexity of the embedded software with the hardware platform and mechanical system has resulted in the software to be a major source of defects with potentially fatal consequences. To address these issues, the SAE Architecture Analysis & Design Language (AADL) standard has been extended with an Error Model Annex to support architecture fault modeling and automated safety analysis. In this paper we introduce the concepts of the revised Error Model (EMV2) Annex and a fault propagation ontology to support such architecture fault models at three levels of abstraction focusing on fault propagation, failure behavior of individual components, and composite failure behavior of a system in terms of its components. Such specifications reflect fault tolerance strategies assumptions made by fault impact, fault tree and reliability analysis about the safety system component. We illustrate their use on a dual redundant flight guidance system and discuss the automation of different safety analysis methods in use by the SAE ARP4761, emphasizing on automation benefits.

Consistency in dynamic reconfiguration

This paper examines issues relating to the impact of change in real-time control applications. In particular Simplex-based systems are considered, a technology that supports the dependable upgrade of systems in a fault tolerant manner through the concept of analytic redundancy. Such systems provide flexibility to real-time systems for dynamic reconfiguration and dependable incremental and online upgrade. The paper focuses on offline analysis to determine inconsistencies in configurations and identify reconfiguration paths to recover to consistent configurations. The results are used by runtime configuration management to avoid such configurations. Identification of inconsistent configurations is improved through modeling of application semantics in the control domain and utilizing them in the analysis. The same analysis supports design time analysis of potential impact of changes.

Validating Safety and Security Requirements for Partitioned Architectures

Design and validation of safety-critical systems are crucial because faults or security issues could have significant impacts (loss of life, mission failure, etc.). Each year, millions of dollars are lost due to these kinds of issues. Consequently, safety and security requirements must be enforced. Systems must be validated against these requirements to improve safety and security and to make them more reliable and robust. We present our approach to avoid such issues by modeling safe and secure systems with both safety and security requirements. We rely on a modeling language (AADL) to model and design partitioned systems with their requirements and constraints. We then validate these models to ensure security and safety enforcement. We also discuss how this approach can be used to automatically generate and build safe and secure partitioned systems.

Challenges in Validating Safety-Critical Embedded Systems

The embedded software has played an increasing role in safety-critical systems. At the same time the current development process of “build, then integrate” has proven unaffordable for the Aerospace industry. This paper outlines challenges in safety-critical embedded systems in addressing system-level faults that are currently discovered late in the development life cycle. We then discuss an architecture-centric approach to model-based engineering, i.e., to complement the validation of systems with analysis of different operational quality aspects from an architecture model. A key technology in this approach is the Architecture Analysis & Design Language (AADL), an SAE International standard for embedded software system. It supports analysis of operational qualities such as responsiveness, safety-criticality, security, and reliability through model annotations. A number of industry initiatives have been underway to demonstrate the feasibility of using this technology in industrial practice.