MultiPARTES
Towards Model-Driven Engineering for Mixed-Criticality Systems: MultiPARTES Approach
A. Alonso, C. Jouvray, S. Trujillo, M.A. de Miguel, C. Grepet, J. SimóWICERT 2013, March 22nd
2
Motivation and goals
Modern electronic systems used in industry (avionics, automotive, etc) combine applications:
– with real-time (hard and soft) & no real-time requirements– with different levels of security– that can be independently qualified (certified)
This trend can imply increased validation and certification costs
This extra cost can be reduced by:– Isolate the execution of different applications– Methodology with higher abstraction level
3
MultiPARTES goals
MultiPARTES– FP7, in the area of ICT– http://www.multipartes.eu
MultiPARTES goals:– To develop a multicore platform virtualization layer for
critical and secure embedded systems.– To propose a methodology to enforce the rapid
development of new applications based on partitioned systems
– To develop methods and tools to support the application development
4
Approach Overview
Design an embedded system composed by a set of applications
Execute this embedded system in a:– Partitioned execution environment– Multi-core platform
Supported by a virtualization layer
Heterogenous system– Different processors (+/- predictable, +/- powerful)
VLVL VLVL
ProcessorProcessor ProcessorProcessor
5
Hypervisor
Hypervisor based system permits to build partitioned systems where partition:
– Are temporal & spatial isolated
– Use the appropriated OS for each application
– Execute mono-core OSs in a multicore platform
6
XtratuM Hypervisor
Open source bare-metal hypervisor for critical real-time partitioned systems
Uses para-virtualization techniques– Strong temporal isolation: fixed cyclic scheduler– Strong spatial isolation: every partition is executed in
processor user mode and does not share memory. – Robust communication mechanisms (ARINC ports)– Robust error management via the Health-Monitor– Devices can be directly managed by partitions. Shared
devices can be organized in a IOServer– Resources are allocated statically through a Configuration
file (XML)
8
www.multipartes.eu
Development process
Methodology to enforce the rapid development and production of new applications based on partitioned systems
High level system model:Set of applications and interconnections •Mixed-criticallity•High level model of hardware resources:Types of devices and propertiesResources management models
Application constraints:criticality, time, device usageresource availability
9
MDE Approach
Model Driven Engineering (MDE) approach– facilitates to bridge the gap between design issues and
partitioning concerns– Models are the main development artifacts– Annotation for non-functional properties
Approach based on several metamodels
10
Toolset
Multipartestoolchain withUML profiles
11
Platform model
This model defines the relevant properties of the platform
12
HW Platform Metamodel
13
Application model
Described using UML Enriched with non-functional annotations
– Criticality requirements: in terms of safety levels– Time requirements: based on UML MARTE– Resource needs requirements: for guaranteeing QoS– Device usage requirements
3
Partitioning
Information to be used for partitioning Components that must be in the same partition (App) Level of criticality (App) Time requirements granularity (App) Requirements on OS (App) Components that must be executed on a processor (Par) Hardware platform (HW)
Defining a metamodel for the partitioning model
Requirements on partitioning that relates the platform and the application.
Deployment model for code and configuration generation
3
15
Reference platform
A heterogeneous platform based on– One Atom multicore processor (general platform)
• Less critical applications• Higher computation capabilities• General Purpose OSs
– Two LEON3 synthesized in FPGA • Higher predictability• More critical applications• Lower computation capabilities• Real-time OSs
16
Conclusions
Mixed-criticality systems are required for industry and are a challenging topic
MultiPARTES approach– Based on an XtratuM: hypervisor that provides spatial and
time isolation– MDE: basis to facilitate system development– Tool framework:
• Allows to define non-functional requirements related with partitioning
• Time and safety requirements are validated• Generation of code and configuration files
17
Questions?
More information:http://www.multipartes.eu