Guaranteed Component Assembly with Round Trip Analysis for Energy Efficient High-integrity Multi-core Systems Artemis-AAL day 7 May, Budapest BME and AENSys 1 CONCERTO A direct continuation of the CHESS project further enhance MDE based design and analysis techniues for multiple domains Partners: BME and AENSys Presentation Title and/or Meeting Reference 2 What domains are we aiming? Original CHESS domains mainly safety critical Telecom • Ethernet Microwave system AeroSpace • Avionics – AIRBUS case study • Space – ATRIUM satelite Automotive • AUTOSAR New domains would benefit from verification Petroleum • Safety/Risk management system Medical • Telecare BME and AENSys Presentation Title and/or Meeting Reference 3 Building Upon CHESS Achievements Definition of a Multi-Concern Component Methodology and Toolset Provide a Multi-Concern Component Modeling Language and a Graphical Modelling Environment that fits multiple industrial domains Enable the specification of extra-functional properties of software components Integrate tools for the verification of extra-functional properties Preserve verified properties at run time Adaptation of standards and open sources OMG modeling languages Eclipse Environment CONCERTO Project Overview 4 ARTEMIS The CHESS approach Model-driven engineering Models as the central development artifacts Tool assisted automated development Component based development Specialized to capture the extra-functional requirements of components Extra-functional properties of interest Real Time Dependability and Safety CONCERTO Project Overview 5 ARTEMIS Initial vision: MDA with separation of concerns and back-propagation 1. You construct a PIM to represent your solution to your problem, independent of any specific implementation Platform description PIM Deployment information 3. The design environment generates a PSM automatically via model transformation 4. A back-end tool extracts information from the PSM to feed specialized analysis tools (schedulability, dependability, etc…) 5. The back-end tool reports the analysis results back on to the PSM and attaches them to the corresponding entities in the PIM CONCERTO Project Overview 2. You complement the PIM with information on the target platform and the deployment plan Design space Implementation / analysis space PSM Analysis tool The PSM is read-only! - This assures the relative consistency of PIM and PSM - And it shifts the responsibility of correctness from the designer to the transformation designer 6. You change entities’ attributes in the PIM as needed and iterate the analysis until the system is satisfactory in all the functional and extrafunctional dimensions of interest 6 ARTEMIS CONCERTO Advancements and Objectives BME and AENSys Presentation Title and/or Meeting Reference 7 Modeling language MARTE SysML Component model UML A CONCERTO Profile defines Model validation Design space Back-propagation B E PIM HW Description Resources, #nodes, #cores, … Model Transformation Model Transformation Implement ation space Read-only PSM Execution environ ment Methodology User model Model Transformation Code generation Property – preserving Implementation executes on Execution platforms C source code parsing D monitoring Analysis tools Cross-domain challenges Furthering separation of concerns enacted by design views Enriching the component model at the center of the software architecture Support for component hierarchies Support for event-based integration with platform middleware Support for modeling (and analysing) operation modes Augmenting back-propagation capabilities from run-time observations What run-time information is useful to capture How to back propagate it to the user model space for model assessment CONCERTO Project Overview 9 ARTEMIS Specialized needs Enriching safety modeling and analysis Support for error simulation and enrichment of behavioral models Support for instance-level safety modeling and refinement of metamodel Model execution Provision of a PIM-level environment for the verification of model behavior Bridging the gap to system level Essential to increase take up of CONCERTO solutions in production CONCERTO Project Overview 10 ARTEMIS Platform-specific challenges Support for multicore targets How should the user be aware of multicore platforms What code to generate for multicores • What solutions for multicore scheduling and analysis Run-time monitoring • For property preservation (enforcement) Support for isolation via resource partitioning Directly on model level CONCERTO Project Overview 11 ARTEMIS Telecare BME and AENSys Presentation Title and/or Meeting Reference 12 Overview – Telecare demonstrator Sensor 1 – 3rd party Sensor 2 Android Sensor 3 – own constr. Sensor 4 – prop. BME and AENSys ANT+ Middleware – ODroid Sever – Drools HL7 MQTT BT HDP Prop. HL7 3rd party – Smart home 13 Overview – Telecare demonstrator Common interface from sensor data to manipulation Sensor 1 – 3rd party Sensor 2 Android Sensor 3 – own constr. Sensor 4 – prop. BME and AENSys ANT+ Middleware – ODroid Sever – Drools HL7 MQTT BT HDP Prop. Data migration and conversion Alarmmannen – Smart home Prop. HL7 M2M Data Server 14 Our goals First steps to a round-trip model based design and analysis approach for telecare Availablity/Timing analysis • WCRT execution time estimation MAST • Safety-barrier analysis • Back-annotation using query-driven traceability Allocation and reconfiguration of components run-time reallocation of tasks Domain Specific Language for the telecare domain Direct code and configuration generation CONCERTO Tooling Workflow based transformation chains BME and AENSys 15