modélisation des logiciels temps réel

Modélisation des Logiciels Temps Réel

Telecom Bretagne3 octobre 2011

EllidissTechnologiesw w w . e l l i d i s s . c o m

Pierre Dissaux

Plan de l’exposé

1. Introduction - Enjeux- Langages et Modèles

2. Présentation de AADL- Généralités- Modélisation Temps-Réel

3. Cas d’étude: patrons temps-réels en AADL- Flots de données synchrones- Envoi de messages asynchrones- Données partagées- Client-serveur (Rendez-vous)



tous développements logiciels

logiciels scientifiques & industriels

logiciels critiques

logiciels temps-réels

Les logiciels temps-réel:une part quantitativement faible...


Les logiciels temps-réel:...mais qualitativement forte

02/2002 General presentation

A complete range of aircraft

300

200

1002750 16000

Seats

Range (Km)A319

A320

A321

A380

A330-300

A330-200A300

A310

A318

A340-300

400

500

600

A340-500

A340-600

.

A 380

2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015

GSTB V2 Galileo

Herschel

Proba2

DarwinLisa

Smos

ISS-VTC ATV ISS-VTC EvolutionATV Evolution

CTV FLPP

Ariane 2010

Envisat

ISS-Payload ISS-Payload ISS-Payload

Small Sat depending on opportunities

Aurora

Aurora

Aurora

Bepi Colombo

Rosetta

Proba1

Smart 1

Proba 3

Safety orientedsystems

Availabilityoriented systems

Reliabilityoriented systems

Ground technology

oriented systems

Cost orientedsystems

Venus ExpressMetOpMars Express

IntegralMSG-1

Goce ADM-Aeolus

CryoSat Smart2EarthCareSpectraWales

Ace+EGPMSwarm

FuegoSatTerraSar

Corot

Eddington

Gaïa

Planck

JWST

Solar Orbiter

Xeus

Aurora

Smart3

SécuritéDisponibilité

Fiabilité

EllidissTechnologiesw w w . e l l i d i s s . c o m Les logiciels temps-réel:

processus de développement traditionnel

SW Design

Code

Unit Tests

Integration

Product

SystemAnalysis

UserReqs

Moyens:- standardisation du processus: ex. ECSS pour le spatial- certification: ex. DO-178 pour l'avionique

Garantir la sécurité, la disponibilité et la fiabilité:- respect des échéances temporelles: flots de contrôle- respect de l'intégrité des données: flots de données

60% du coût

EllidissTechnologiesw w w . e l l i d i s s . c o m Les logiciels temps-réel:

amélioration du processus de développement

SW Modeling and Verification

Integration

Product

SystemAnalysis

UserReqs

Exploitation des modèles:- gestion de la qualité : vérifications en amont- gestion de la productivité: génération automatique de code et doc

Modélisation:- gestion de la complexité: abstractions ou simplifications- gestion de la conformité: anticipation des problèmes

Ingénierie des modèles (IdM-MDE)


Modèles et langagestraits généraux et tendances

Techniques de modélisation- orienté fonctions (f): ex. SADT- orienté objets (f,d): ex. UML- orienté composants (f,d,c):

ex. HOOD, AADL

Evolution des langages - assembleur- langage C - langage Ada- langages d'architecture: ADL

Ingeniérie des modèles (MDE)- modéliser au lieu de coder- méta-modèles et transformations- personnalisations d’un langage généraliste (profils UML)- langages de modélisation spécialisés (DSML)

fonctions

donnéescomportement


Modèles et langagesspécificités du Temps-Réel

Logiciel applicatif - Exigences fonctionnelles =>

modélisation focalisée sur les fonctions- Exigences non fonctionnelles (performances) =>

assertion de propriétés (exemple: Deadline) - Maîtrise du système complet =>

utilisation de modèles d’instances

Environnement d’exécution- Gestion de la distribution => architecture matérielle- Gestion de la concurrence => notion de tâche- Gestion des communications inter-tâches =>

Synchronisation et échange des données

Solutions offrant l’ensemble de ces possibilités- Au niveau programmation => Ada- Au niveau modélisation => AADL


AADLArchitecture Analysis and Design Language

Standard international de la SAE (http://www.sae.org)- v1.0 (AS5506) publiée en novembre 2004- annexes (AS5506/1) publiées en juin 2006- v2.0 (AS5506A) publiée en janvier 2009- annexes (AS5506/2) publiées en janvier 2011- géré par un comité ouvert (majoritairement USA-Europe)

et mixte académiques/industriels

Outils:- modélisation: Osate, Adele, Stood, …- vérification: Ocarina, Furness, Cheddar, AADL Inspector, …

Utilisations:- nombreux projets collaboratifs de R&D- forte implication des industriels du secteur Aéronautique/Espace/défense

http://www.aadl.info


AADLLanguage definition

Definition of the syntax:- BNF grammar: .aadl files- XMI model serialisation: .aaxl files- UML/Marte mapping- graphical notation

Definition of the semantics:- Static constraints: Legality rules- Temporal semantics: State models

Category Type Implementation

thread

Features: server subprogram port port group provides data access requires data access flow specifications:

yes properties: yes

Subcomponents: data Subprogram calls: yes Connections: yes Flows: yes Modes: yes Properties: yes


AADLNotations

<processImpl name="ProdCons.default" compType="//processType[@name=ProdCons]"> <connections> <eventConnection name="EventConnection1" ... /> <dataConnection name="DataConnection1" ... /> </connections> <subcomponents> <threadSubcomponent name="theProd" classifier="//threadImpl[@name=Prod.Impl]"/> <threadSubcomponent name="theCons" classifier="//threadImpl[@name=Cons.Impl]"/> </subcomponents></processImpl>

process implementation ProdCons.default subcomponents theProd: thread Prod.Impl; theCons: thread Cons.Impl; connections EventConnection1: event port start -> theProd.start; DataConnection1: data port theProd.val -> theCons.val;end ProdCons.default;

Human readable textual notation: .aadl

Tool interchange textual notation: .aaxl

graphical notation


AADLoverview

Packages Property_sets

PropertiesComponents

Features Annexes, Flows, Calls, Modes

Specification

ContainsContains instances of

Connections

EllidissTechnologiesw w w . e l l i d i s s . c o m Components

overviewfeatures

subcomponents

sibling connections

parent-child connections

component

EllidissTechnologiesw w w . e l l i d i s s . c o m Components

abstraction layers

Categories

Implementations

Subcomponents

predefined semantics

internals

instances

classifiers

extends

implements instanciates

instanciates

Types

interface

EllidissTechnologiesw w w . e l l i d i s s . c o m Categories

hardware and composite

processor

virtual processor

memory

device

bus

virtual bus

system

EllidissTechnologiesw w w . e l l i d i s s . c o m Categories

software and abstract

process

thread

thread group

subprogram group

subprogram

data

abstract

EllidissTechnologiesw w w . e l l i d i s s . c o m Classifiers

GPS GPS_secure

GPS.basic GPS.handheld GPS_secure.handheld

component types

component implementations

EllidissTechnologiesw w w . e l l i d i s s . c o m Features

in data portout data portin out data port

provides subprogram accessrequires subprogram access

in abstract featureout abstract feature

data flows

in event portout event portin out event portco

ntro

l flo

ws

in event data portout event data portin out event data port

messages

calls

provides data/bus accessrequires data/bus access

shared data/bus

provides subprogram group accessrequires subprogram group access

feature group

EllidissTechnologiesw w w . e l l i d i s s . c o m AADL

software components

prov

ides

requ

ire

sin

clud

es

subpr accessportdata accessbus access

subpr accessdata accessbus access

processor; bus;memory; device; process; data(sub)system

System

subpr accessportdata access

subpr accessdata access

datathreadthread grpsubprogram

Process


datasubprogram

Data

out portparameter

Subprogram

subprg accessdata access

Subpr accessportdata access


Threadgroup

datathreadthread grpsubprogram

Subpr accessportdata access


Thread

datasubprogram

Real-Time ModelingAADL processor


Supported Scheduling Protocols

Rate_Monotonic_Protocol each thread must have a Period

Deadline_Monotonic_Protocol each thread must have a Deadline

POSIX_1003_Highest_Priority_First_Protocol

each thread must have a Priority

Real-Time ModelingAADL thread states


Suspended

Ready

Running

Awaiting Resource

Awaiting Return

Dispatch

Resume

Preempt

Block due to Get Resource

Complete

Unblock due to Release Resource

Call remote subprogram

Return remote subprogram

Real-Time ModelingAADL thread dispatch protocols


Supported Dispatch Protocols

Periodic dispatched periodically with specified Period

Aperiodic dispatched by received events

Sporadic same as Aperiodic, with a minimum inter-arrival time (Period)

Timed same as Aperiodic, with a timeout

Hybrid disjunction of Periodic and Aperiodic dispatch conditions

Background dispatched when the processor is free

Real-Time ModelingAADL thread features


Supported Thread Features

Event Port used to dispatch Aperiodic, Sporadic, Timed and Hybrid threads

Event Data Port same as Event Port

Provides Subprogram Access

same as Event Port

Requires Subprogram Access

used to express a remote subprogram call

Requires Data Access

used to express a remote data access

Real-Time ModelingAADL thread properties


Supported Thread Properties

Period required for Periodic, Sporadic, Timed and Hybrid threads

Deadline required when the scheduling protocol is Deadline_Monotonic_Protocol

Priority required when the scheduling protocol isPOSIX_1003_Highest_Priority_First_Protocol

Compute_Execution_Time

required when no behaviour annex is specified

Real-Time ModelingAADL feature and data properties


Supported Feature Properties

Queue_Size specifies the maximum number of stored events (default is 1)

Dequeue_Protocol may be OneItem or AllItems

Supported Data Properties

Concurrency_Control_Protocol can be used to ensure mutually exclusive access with: Priority_Ceiling_Protocol

Real-Time ModelingAADL behavior annex


Supported Behavior Annex Actions

Computation specify use of the processor for a given duration

!< specify lock of a shared data (GetResource)

!> specify unlock of a shared data (ReleaseResource)

! specify send of an out event or call of a subprogram

The AADL behavior annex defines an action language to describe the internal behavior of a thread or a subprogram

ANNEX Behavior_Specification {** states s : initial complete final state; transitions t : s -[on dispatch]-> s { buffer !<; computation(2 ms); send !; buffer !> };**};


AADLexample: Process + Threads + Data


AADLexample: Threads

thread StoreDatafeatures

flush : in event port;input : in event data port RawData;output : requires data access File;

end StoreData;

thread implementation StoreData.Fastproperties

Dispatch_Protocol => Periodic;Period => 20 ms;

end StoreData.Fast;

thread AcquireDatafeatures

output : out event data port RawData;end AcquireData;


AADLexample: Data

data implementation File.Binarysubcomponents

name : data String;size : data Int;

end File.Binary;

data Filefeatures

open : subprogram access OpenFile;close : subprogram access CloseFile;

end StoreData;

subprogram OpenFile features

me : in parameter File;rw : in parameter Prot;status : out parameter Int;

end OpenFile;


AADLexample: Process

process DataManagerfeatures

start : in event port;end DataManager;

process implementation DataManager.FileStorage subcomponents

file : data File.Binary;store : thread StoreData.Fast;acquire : thread AcquireData;

connectionsevent port start -> store.flush;data access file -> store.output;event data port acquire.output -> store.input;

end DataManager.FileStorage;

EllidissTechnologiesw w w . e l l i d i s s . c o m Case Studies:

Real-Time patterns

Modelling and analysis process:- build the architectural model with Stood- generate the AADL specification- simulate within AADL Inspector

Real-Time communication patterns:- Synchronous dataflow- Message sending- Shared data- Client-server

http://www.univ-brest.fr/index.php

PACKAGE synchronousPUBLICWITH HW;

SYSTEM synchronousEND synchronous;

SYSTEM IMPLEMENTATION synchronous.othersSUBCOMPONENTS my_process : PROCESS my_process.others; my_platform : SYSTEM HW::RMA_board;PROPERTIES Actual_Processor_Binding => ( reference(my_platform.cpu) )

applies to my_process;END synchronous.others;

PROCESS my_processEND my_process;

PROCESS IMPLEMENTATION my_process.othersSUBCOMPONENTS T1 : THREAD a_thread { Dispatch_Protocol => Periodic; Compute_Execution_Time => 5 ms .. 5 ms; Period => 25 ms; }; T2 : THREAD a_thread { Dispatch_Protocol => Periodic; Compute_Execution_Time => 5 ms .. 5 ms; Period => 20 ms; }; T3 : THREAD a_thread { Dispatch_Protocol => Periodic; Compute_Execution_Time => 5 ms .. 5 ms; Period => 15 ms; };CONNECTIONS PORT T1.output -> T2.input; PORT T2.output -> T3.input;END my_process.others;

THREAD a_threadFEATURES input : IN DATA PORT Base_Types::integer; output : OUT DATA PORT Base_Types::integer;END a_thread;

END synchronous;

EllidissTechnologiesw w w . e l l i d i s s . c o m Synchronous dataflow

PACKAGE messagesPUBLICWITH Behavior_Properties;WITH HW;

SYSTEM messagesEND messages;

SYSTEM IMPLEMENTATION messages.othersSUBCOMPONENTS my_platform : SYSTEM HW::RMA_board; my_process : PROCESS my_process.others;PROPERTIES Actual_Processor_Binding => ( reference(my_platform.cpu) ) applies to my_process;END messages.others;


PROCESS IMPLEMENTATION my_process.othersSUBCOMPONENTS sender : THREAD sender.others; receiver : THREAD receiver;CONNECTIONS PORT sender.send -> receiver.receive;END my_process.others;

THREAD senderFEATURES send : OUT EVENT PORT;END sender;

THREAD IMPLEMENTATION sender.othersPROPERTIES Dispatch_Protocol => Periodic; Compute_Execution_Time => 5ms..7ms; Period => 20ms;ANNEX Behavior_Specification {** states s : initial complete final state; transitions t : s -[on dispatch]-> s { computation(3 ms); send !;computation(3 ms);send ! };**};END sender.others;

THREAD receiverFEATURES receive : IN EVENT PORT { Dequeue_Protocol => OneItem; Queue_Size => 5; };PROPERTIES Dispatch_Protocol => Sporadic; Compute_Execution_Time => 2ms..2ms; Period => 21ms;END receiver;

END messages;

EllidissTechnologiesw w w . e l l i d i s s . c o m Message sending

PACKAGE shared_dataPUBLICWITH HW;

--

PROCESS IMPLEMENTATION my_process.othersSUBCOMPONENTS T1 : THREAD T.i1; D1 : DATA D { Concurrency_Control_Protocol => PRIORITY_CEILING_PROTOCOL; }; D2 : DATA D { Concurrency_Control_Protocol => PRIORITY_CEILING_PROTOCOL; }; T2 : THREAD T.i2;CONNECTIONS DATA ACCESS D1 -> T1.D1; DATA ACCESS D2 -> T1.D2; DATA ACCESS D1 -> T2.D1; DATA ACCESS D2 -> T2.D2;END my_process.others;

THREAD TFEATURES D1 : REQUIRES DATA ACCESS D; D2 : REQUIRES DATA ACCESS D;END T;

THREAD IMPLEMENTATION T.i1PROPERTIES Dispatch_Protocol => Periodic; Compute_Execution_Time => 5ms..5ms; Period => 15 ms;ANNEX Behavior_Specification {** states s : initial complete final state; transitions t : s -[on dispatch]-> s { D1 !<; computation(3 ms);D2 !<;D2 !>; D1 !> };**};END T.i1;

DATA DEND D;

THREAD IMPLEMENTATION T.i2PROPERTIES Dispatch_Protocol => Periodic; Compute_Execution_Time => 5ms..5ms; Period => 20 ms;ANNEX Behavior_Specification {** states s : initial complete final state; transitions t : s -[on dispatch]-> s { D2 !<; computation(5 ms); D1 !<; D1 !>; D2 !> };**};END T.i2;

END shared_data;

EllidissTechnologiesw w w . e l l i d i s s . c o m Shared data

ACKAGE client_serverPUBLICWITH HW;

SYSTEM client_serverEND client_server;

SYSTEM IMPLEMENTATION client_server.othersSUBCOMPONENTS my_platform : SYSTEM HW::RMA_board; my_process : PROCESS my_process.others;PROPERTIES Actual_Processor_Binding => ( reference(my_platform.cpu) ) applies to my_process;END client_server.others;


PROCESS IMPLEMENTATION my_process.othersSUBCOMPONENTS client_T : THREAD client_T.others; server_T : THREAD server_T;CONNECTIONS SUBPROGRAM ACCESS server_T.start -> client_T.start;END my_process.others;

THREAD client_TFEATURES start : REQUIRES SUBPROGRAM ACCESS start;END client_T;

THREAD IMPLEMENTATION client_T.othersPROPERTIES Dispatch_Protocol => Periodic; Compute_Execution_Time => 5ms..7ms; Period => 15 ms;ANNEX Behavior_Specification {** states s : initial complete final state; transitions t : s -[on dispatch]-> s { computation(2 ms); start !; computation(4 ms) };**};END client_T.others;

THREAD server_TFEATURES start : PROVIDES SUBPROGRAM ACCESS start { Compute_Execution_Time => 3ms..3ms; };PROPERTIES Dispatch_Protocol => Sporadic; Compute_Execution_Time => 2ms..4ms; Period => 5 ms;END server_T;

SUBPROGRAM startEND start;

END client_server;


Client-server

modélisation des logiciels temps réel

Documents