Guaranteed Component Assembly with
Round Trip Analysis for Energy Efficient
High-integrity Multi-core Systems
Artemis-AAL day
7 May, Budapest
BME and AENSys
1
CONCERTO
 A direct continuation of the CHESS
project  further enhance MDE based
design and analysis techniues for
multiple domains
 Partners:
BME and AENSys
Presentation Title and/or Meeting Reference
2
What domains are we aiming?
 Original CHESS domains  mainly safety critical
 Telecom
• Ethernet Microwave system
 AeroSpace
• Avionics – AIRBUS case study
• Space – ATRIUM satelite
 Automotive
• AUTOSAR
 New domains  would benefit from verification
 Petroleum
• Safety/Risk management system
 Medical
• Telecare
BME and AENSys
Presentation Title and/or Meeting Reference
3
Building Upon CHESS Achievements

Definition of a Multi-Concern Component Methodology and
Toolset





Provide a Multi-Concern Component Modeling Language and a
Graphical Modelling Environment that fits multiple industrial
domains
Enable the specification of extra-functional properties of
software components
Integrate tools for the verification of extra-functional
properties
Preserve verified properties at run time
Adaptation of standards and open sources


OMG modeling languages
Eclipse Environment
CONCERTO Project
Overview
4
ARTEMIS
The CHESS approach
 Model-driven engineering
 Models as the central development artifacts
 Tool assisted automated development
 Component based development
 Specialized to capture the extra-functional requirements
of components
 Extra-functional properties of interest
 Real Time
 Dependability and Safety
CONCERTO Project
Overview
5
ARTEMIS
Initial vision: MDA with separation of concerns
and back-propagation
1. You construct a PIM to
represent your solution to
your problem, independent of
any specific implementation
Platform
description
PIM
Deployment
information
3. The design environment
generates a PSM automatically
via model transformation
4. A back-end tool extracts
information from the PSM to
feed specialized analysis tools
(schedulability, dependability,
etc…)
5. The back-end tool reports
the analysis results back on
to the PSM and attaches them
to the corresponding entities
in the PIM
CONCERTO Project
Overview
2. You complement the PIM with
information on the target platform
and the deployment plan
Design space
Implementation
/ analysis space
PSM
Analysis
tool
The PSM is read-only!
- This assures the relative
consistency of PIM and PSM
- And it shifts the responsibility of
correctness from the designer to
the transformation designer
6. You change entities’ attributes in the PIM as
needed and iterate the analysis until the system
is satisfactory in all the functional and extrafunctional dimensions of interest
6
ARTEMIS
CONCERTO Advancements
and
Objectives
BME and AENSys
Presentation Title and/or Meeting Reference
7
Modeling
language
MARTE
SysML
Component
model
UML
A
CONCERTO
Profile
defines
Model validation
Design space
Back-propagation
B
E
PIM
HW Description
Resources, #nodes,
#cores, …
Model Transformation
Model
Transformation
Implement
ation
space
Read-only PSM
Execution
environ
ment
Methodology
User model
Model Transformation
Code
generation
Property – preserving Implementation
executes on
Execution platforms
C
source code parsing
D
monitoring
Analysis
tools
Cross-domain challenges
 Furthering separation of concerns enacted
by design views
 Enriching the component model at the
center of the software architecture
 Support for component hierarchies
 Support for event-based integration with
platform middleware
 Support for modeling (and analysing) operation
modes
 Augmenting back-propagation capabilities
from run-time observations
 What run-time information is useful to capture
 How to back propagate it to the user model
space for model assessment
CONCERTO Project
Overview
9
ARTEMIS
Specialized needs
 Enriching safety modeling and analysis
 Support for error simulation and enrichment
of behavioral models
 Support for instance-level safety modeling
and refinement of metamodel
 Model execution
 Provision of a PIM-level environment for the
verification of model behavior
 Bridging the gap to system level
 Essential to increase take up of CONCERTO
solutions in production
CONCERTO Project
Overview
10
ARTEMIS
Platform-specific challenges
 Support for multicore targets
 How should the user be aware of multicore
platforms
 What code to generate for multicores
• What solutions for multicore scheduling and
analysis
 Run-time monitoring
• For property preservation (enforcement)
 Support for isolation via resource
partitioning
 Directly on model level
CONCERTO Project
Overview
11
ARTEMIS
Telecare
BME and AENSys
Presentation Title and/or Meeting Reference
12
Overview – Telecare demonstrator
Sensor 1 –
3rd party
Sensor 2 Android
Sensor 3 –
own constr.
Sensor 4 –
prop.
BME and AENSys
ANT+
Middleware –
ODroid
Sever –
Drools
HL7
MQTT
BT HDP
Prop.
HL7
3rd party –
Smart home
13
Overview – Telecare
demonstrator
Common interface
from sensor data to
manipulation
Sensor 1 –
3rd party
Sensor 2 Android
Sensor 3 –
own constr.
Sensor 4 –
prop.
BME and AENSys
ANT+
Middleware –
ODroid
Sever –
Drools
HL7
MQTT
BT HDP
Prop.
Data migration
and conversion
Alarmmannen
– Smart home
Prop.
HL7
M2M Data
Server
14
Our goals
 First steps to a round-trip model based
design and analysis approach for telecare
 Availablity/Timing analysis
• WCRT execution time estimation  MAST
• Safety-barrier analysis
• Back-annotation using query-driven traceability
 Allocation and reconfiguration of components
 run-time reallocation of tasks
 Domain Specific Language for
the telecare domain
 Direct code and configuration generation
 CONCERTO Tooling
 Workflow based transformation chains
BME and AENSys
15