Guaranteed Component Assembly with Round Trip Analysis for Energy Efficient

High-integrity Multi-core Systems

Artemis-AAL day7 May, Budapest

1BME and AENSys

CONCERTO A direct continuation of the CHESS

project further enhance MDE based design and analysis techniques for multiple domains

Partners:

2Presentation Title and/or Meeting ReferenceBME and AENSys

What domains are we aiming? Original CHESS domains mainly safety critical

Telecom• Ethernet Microwave system

AeroSpace• Avionics – AIRBUS case study• Space – ATRIUM satelite

Automotive• AUTOSAR

New domains would benefit from verification Petroleum

• Safety/Risk management system Medical

• Telecare

3Presentation Title and/or Meeting ReferenceBME and AENSys

CONCERTO Project Overview

Building Upon CHESS Achievements Definition of a Multi-Concern Component Methodology and

Toolset Provide a Multi-Concern Component Modeling Language and a

Graphical Modelling Environment that fits multiple industrial domains

Enable the specification of extra-functional properties of software components

Integrate tools for the verification of extra-functional properties

Preserve verified properties at run time Adaptation of standards and open sources

OMG modeling languages Eclipse Environment

ARTEMIS 4

CONCERTO Project Overview

The CHESS approach Model-driven engineering

Models as the central development artifacts Tool assisted automated development

Component based development Specialized to capture the extra-functional requirements

of components Extra-functional properties of interest

Real Time Dependability and Safety

ARTEMIS 5

CONCERTO Project Overview

Initial vision: MDA with separation of concerns and back-propagation

PIM

Platform description

Deployment information

PSM

Design space

Implementation / analysis space

1. You construct a PIM to represent your solution to your problem, independent of any specific implementation

2. You complement the PIM with information on the target platform and the deployment plan

3. The design environment generates a PSM automatically via model transformation

5. The back-end tool reports the analysis results back on to the PSM and attaches them to the corresponding entities in the PIM

6. You change entities’ attributes in the PIM as needed and iterate the analysis until the system is satisfactory in all the functional and extra-functional dimensions of interest

Analysis tool

4. A back-end tool extracts information from the PSM to feed specialized analysis tools (schedulability, dependability, etc…)

The PSM is read-only!

- This assures the relative consistency of PIM and PSM- And it shifts the responsibility of correctness from the designer to the transformation designer

ARTEMIS 6

CONCERTO Advancements and

Objectives

7Presentation Title and/or Meeting ReferenceBME and AENSys

Exec

utio

n en

viro

n m

ent

Impl

emen

tati

on

spac

e

Property – preserving Implementation

Execution platforms

Desig

n sp

ace

User model

Deployment view

Analysis view

Extra-functional

Functional view

Analysis view

Domain – specific views

PIMHW Description

Resources, #nodes, #cores, …

Read-only PSM

Model Transformation

Mod

el v

alid

ation

Analysis toolsModel Transformation

Model Transformation

source code parsing

monitoring

Back-propagation

Met

hodo

logy

executes on

Mod

elin

g la

ngua

ge Component

modelUML

MARTE SysML

CONCERTO Profile

defines

Code generation

A

B

E

C

D

CONCERTO Project Overview

Cross-domain challenges Furthering separation of concerns enacted by

design views Enriching the component model at the center of

the software architecture Support for component hierarchies Support for event-based integration with platform

middleware Support for modeling (and analysing) operation modes

Augmenting back-propagation capabilities from run-time observations What run-time information is useful to capture How to back propagate it to the user model space for

model assessment

ARTEMIS 9

CONCERTO Project Overview

Specialized needs Enriching safety modeling and analysis

Support for error simulation and enrichment of behavioral models

Support for instance-level safety modeling and refinement of metamodel

Model execution Provision of a PIM-level environment for the

verification of model behavior Bridging the gap to system level

Essential to increase take up of CONCERTO solutions in production

ARTEMIS 10

CONCERTO Project Overview

Platform-specific challenges Support for multicore targets

How should the user be aware of multicore platforms

What code to generate for multicores• What solutions for multicore scheduling and

analysis Run-time monitoring

• For property preservation (enforcement) Support for isolation via resource

partitioning Directly on model level

ARTEMIS 11

Telecare

12Presentation Title and/or Meeting ReferenceBME and AENSys

Overview – Telecare demonstrator

13

Sensor 1 – 3rd party

Sensor 2 - Android

Sensor 3 – own constr.

Middleware – ODroid

Sever –Drools

Sensor 4 – prop.

3rd party – Smart home

ANT+

MQTT

BT - HDP

Prop.

HL7

HL7

BME and AENSys

Overview – Telecare demonstrator

14

Sensor 1

Sensor 2

Sensor 3

Middleware – ODroid

Sever –Drools

Sensor 4 Alarmmannen – Smart home

M2M Data Server

ANT+

MQTT

BT - HDP

Prop. Prop.

HL7

HL7

Common interface from sensor data to manipulation

Data migration and conversion

Sensor 1 – 3rd party

Sensor 2 - Android

Sensor 3 – own constr.

Sensor 4 – prop.

BME and AENSys

Our goals First steps to a round-trip model based design

and analysis approach for telecare Availability/Timing analysis

• WCRT execution time estimation MAST• Safety-barrier analysis• Back-annotation using query-driven traceability

Allocation and reconfiguration of components run-time reallocation of tasks

Domain Specific Language for the telecare domain Direct code and configuration generation

CONCERTO Tooling Workflow based transformation chains

15BME and AENSys