350 likes | 479 Views
Modélisation des Logiciels Temps Réel. Telecom Bretagne 3 octobre 2011. Pierre Dissaux. Plan de l’exposé. Introduction - Enjeux - Langages et Modèles Présentation de AADL - Généralités - Modélisation Temps-Réel Cas d’étude: patrons temps-réels en AADL - Flots de données synchrones
E N D
Modélisation des Logiciels Temps Réel Telecom Bretagne 3 octobre 2011 Pierre Dissaux
Plan de l’exposé • Introduction - Enjeux - Langages et Modèles • Présentation de AADL - Généralités - Modélisation Temps-Réel • Cas d’étude: patrons temps-réels en AADL - Flots de données synchrones - Envoi de messages asynchrones - Données partagées - Client-serveur (Rendez-vous)
Les logiciels temps-réel: une part quantitativement faible... logiciels temps-réels logiciels critiques logiciels scientifiques & industriels tous développements logiciels
2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 Safety oriented systems ATV ISS-VTC ISS-VTC Evolution ATV Evolution Aurora CTV FLPP Availability orientedsystems Ariane 2010 Aurora Rosetta Reliability orientedsystems MetOp Goce ADM-Aeolus Venus Express Eddington Mars Express Smart 1 TerraSar FuegoSat Smart3 Darwin JWST Envisat Lisa Smart2 CryoSat Herschel Aurora Xeus Integral EarthCare Spectra Wales Ace+ EGPM Swarm Planck Corot Aurora MSG-1 Proba1 Galileo Solar Orbiter GSTB V2 Gaïa Bepi Colombo Ground technology oriented systems ISS-Payload ISS-Payload ISS-Payload Smos Cost oriented systems Proba 3 Proba2 Small Sat depending on opportunities Les logiciels temps-réel: ...mais qualitativement forte Sécurité Disponibilité Fiabilité
User Reqs Product System Analysis Integration Unit Tests SW Design 60% du coût Code Les logiciels temps-réel: processus de développement traditionnel Garantir la sécurité, la disponibilité et la fiabilité: • respect des échéances temporelles: flots de contrôle • respect de l'intégrité des données: flots de données • Moyens: • standardisation du processus: ex. ECSS pour le spatial • certification: ex. DO-178 pour l'avionique
User Reqs Product System Analysis Integration SW Modeling and Verification Les logiciels temps-réel: amélioration du processus de développement Ingénierie des modèles (IdM-MDE) Modélisation: • gestion de la complexité: abstractions ou simplifications • gestion de la conformité: anticipation des problèmes • Exploitation des modèles: • gestion de la qualité : vérifications en amont • gestion de la productivité: génération automatique de code et doc
fonctions données comportement Modèles et langages traits généraux et tendances Evolution des langages • assembleur • langage C • langage Ada • langages d'architecture: ADL • Ingeniérie des modèles (MDE) • modéliser au lieu de coder • méta-modèles et transformations • personnalisations d’un langage généraliste (profils UML) • langages de modélisation spécialisés (DSML) • Techniques de modélisation • orienté fonctions (f): ex. SADT • orienté objets (f,d): ex. UML • orienté composants (f,d,c): ex. HOOD, AADL
Modèles et langages spécificités du Temps-Réel Logiciel applicatif • Exigences fonctionnelles => modélisation focalisée sur les fonctions • Exigences non fonctionnelles (performances) => assertion de propriétés (exemple: Deadline) • Maîtrise du système complet => utilisation de modèles d’instances • Environnement d’exécution • - Gestion de la distribution => architecture matérielle • Gestion de la concurrence => notion de tâche • Gestion des communications inter-tâches => Synchronisation et échange des données • Solutions offrant l’ensemble de ces possibilités • Au niveau programmation => Ada • Au niveau modélisation => AADL
AADL Architecture Analysis and Design Language Standardinternational de la SAE (http://www.sae.org) - v1.0 (AS5506) publiée en novembre 2004 - annexes (AS5506/1) publiées en juin 2006 - v2.0 (AS5506A) publiée en janvier 2009 • annexes (AS5506/2) publiées en janvier 2011 • géré par un comité ouvert (majoritairement USA-Europe) et mixte académiques/industriels Utilisations: • nombreux projets collaboratifs de R&D • forte implication des industriels du secteur Aéronautique/Espace/défense Outils: • modélisation: Osate, Adele, Stood, … • vérification:Ocarina, Furness, Cheddar, AADL Inspector, … http://www.aadl.info
AADL Language definition Definition of the syntax: • BNF grammar: .aadl files • XMI model serialisation: .aaxl files • UML/Marte mapping • graphical notation Definition of the semantics: • Static constraints: Legality rules • Temporal semantics: State models
AADL Notations graphical notation Human readable textual notation: .aadl processimplementation ProdCons.default subcomponents theProd: thread Prod.Impl; theCons: thread Cons.Impl; connections EventConnection1: eventport start -> theProd.start; DataConnection1: dataport theProd.val -> theCons.val; end ProdCons.default; Tool interchange textual notation: .aaxl <processImpl name="ProdCons.default" compType="//processType[@name=ProdCons]"> <connections> <eventConnection name="EventConnection1" ... /> <dataConnection name="DataConnection1" ... /> </connections> <subcomponents> <threadSubcomponent name="theProd" classifier="//threadImpl[@name=Prod.Impl]"/> <threadSubcomponent name="theCons" classifier="//threadImpl[@name=Cons.Impl]"/> </subcomponents> </processImpl>
Contains Contains instances of AADL overview Specification Packages Property_sets Components Properties Features Annexes, Flows, Calls, Modes Connections
Components overview component features sibling connections parent-child connections subcomponents
Components abstraction layers predefined semantics Categories implements instanciates classifiers Types Implementations extends instanciates interface internals Subcomponents instances
Categories hardware and composite bus memory processor virtual processor device virtual bus system
Categories software and abstract process data thread group thread subprogram subprogram group abstract
Classifiers component types GPS GPS_secure GPS.basic GPS.handheld GPS_secure.handheld component implementations
in data port out data port in out data port provides subprogram access requires subprogram access in event port out event port in out event port provides data/bus access requires data/bus access feature group in event data port out event data port in out event data port in abstract feature out abstract feature provides subprogram group access requires subprogram group access Features data flows calls control flows shared data/bus messages
System Sub program Thread group Thread Process Data subpr access port data access bus access subpr access port data access Subpr access port data access Subpr access port data access provides out port parameter subpr access data access subpr access data access bus access requires subpr access data access subpr access data access subprg access data access subpr access data access processor; bus; memory; device; process; data (sub)system data thread thread grp subprogram data subprogram data subprogram data thread thread grp subprogram includes AADL software components
Real-Time Modeling AADL processor
Suspended Call remote subprogram Dispatch Ready Preempt Awaiting Return Resume Running Return remote subprogram Complete Unblock due to Release Resource Block due to Get Resource Awaiting Resource Real-Time Modeling AADL thread states
Real-Time Modeling AADL thread dispatch protocols
Real-Time Modeling AADL thread features
Real-Time Modeling AADL thread properties
Real-Time Modeling AADL feature and data properties
Real-Time Modeling AADL behavior annex The AADL behavior annex defines an action language to describe the internal behavior of a thread or a subprogram ANNEX Behavior_Specification {** states s : initial complete final state; transitions t : s -[on dispatch]-> s { buffer !<; computation(2 ms); send !; buffer !> }; **};
AADL example: Process + Threads + Data
thread StoreData features flush : in event port; input : in event data port RawData; output : requires data access File; end StoreData; thread implementation StoreData.Fast properties Dispatch_Protocol => Periodic; Period => 20 ms; end StoreData.Fast; thread AcquireData features output : out event data port RawData; end AcquireData; AADL example: Threads
data File features open : subprogram access OpenFile; close : subprogram access CloseFile; end StoreData; data implementation File.Binary subcomponents name : data String; size : data Int; end File.Binary; subprogram OpenFile features me : in parameter File; rw : in parameter Prot; status : out parameter Int; end OpenFile; AADL example: Data
process DataManager features start : in event port; end DataManager; process implementation DataManager.FileStorage subcomponents file : data File.Binary; store : thread StoreData.Fast; acquire : thread AcquireData; connections event port start -> store.flush; data access file -> store.output; eventdata port acquire.output -> store.input; end DataManager.FileStorage; AADL example: Process
Case Studies: Real-Time patterns • Modelling and analysis process: • - build the architectural model with Stood • - generate the AADL specification • - simulate within AADL Inspector • Real-Time communication patterns: • - Synchronous dataflow • - Message sending • - Shared data • - Client-server
Synchronous dataflow PACKAGE synchronous PUBLIC WITH HW; SYSTEM synchronous END synchronous; SYSTEM IMPLEMENTATION synchronous.others SUBCOMPONENTS my_process : PROCESS my_process.others; my_platform : SYSTEM HW::RMA_board; PROPERTIES Actual_Processor_Binding => ( reference(my_platform.cpu) ) applies to my_process; END synchronous.others; PROCESS my_process END my_process; PROCESS IMPLEMENTATION my_process.others SUBCOMPONENTS T1 : THREAD a_thread { Dispatch_Protocol => Periodic; Compute_Execution_Time => 5 ms .. 5 ms; Period => 25 ms; }; T2 : THREAD a_thread { Dispatch_Protocol => Periodic; Compute_Execution_Time => 5 ms .. 5 ms; Period => 20 ms; }; T3 : THREAD a_thread { Dispatch_Protocol => Periodic; Compute_Execution_Time => 5 ms .. 5 ms; Period => 15 ms; }; CONNECTIONS PORT T1.output -> T2.input; PORT T2.output -> T3.input; END my_process.others; THREAD a_thread FEATURES input : IN DATA PORT Base_Types::integer; output : OUT DATA PORT Base_Types::integer; END a_thread; END synchronous;
Message sending PACKAGE messages PUBLIC WITH Behavior_Properties; WITH HW; SYSTEM messages END messages; SYSTEM IMPLEMENTATION messages.others SUBCOMPONENTS my_platform : SYSTEM HW::RMA_board; my_process : PROCESS my_process.others; PROPERTIES Actual_Processor_Binding => ( reference(my_platform.cpu) ) applies to my_process; END messages.others; PROCESS my_process END my_process; PROCESS IMPLEMENTATION my_process.others SUBCOMPONENTS sender : THREAD sender.others; receiver : THREAD receiver; CONNECTIONS PORT sender.send -> receiver.receive; END my_process.others; THREAD sender FEATURES send : OUT EVENT PORT; END sender; THREAD IMPLEMENTATION sender.others PROPERTIES Dispatch_Protocol => Periodic; Compute_Execution_Time => 5ms..7ms; Period => 20ms; ANNEX Behavior_Specification {** states s : initial complete final state; transitions t : s -[on dispatch]-> s { computation(3 ms); send !;computation(3 ms);send ! }; **}; END sender.others; THREAD receiver FEATURES receive : IN EVENT PORT { Dequeue_Protocol => OneItem; Queue_Size => 5; }; PROPERTIES Dispatch_Protocol => Sporadic; Compute_Execution_Time => 2ms..2ms; Period => 21ms; END receiver; END messages;
Shared data PACKAGE shared_data PUBLIC WITH HW; -- PROCESS IMPLEMENTATION my_process.others SUBCOMPONENTS T1 : THREAD T.i1; D1 : DATA D { Concurrency_Control_Protocol => PRIORITY_CEILING_PROTOCOL; }; D2 : DATA D { Concurrency_Control_Protocol => PRIORITY_CEILING_PROTOCOL; }; T2 : THREAD T.i2; CONNECTIONS DATA ACCESS D1 -> T1.D1; DATA ACCESS D2 -> T1.D2; DATA ACCESS D1 -> T2.D1; DATA ACCESS D2 -> T2.D2; END my_process.others; THREAD T FEATURES D1 : REQUIRES DATA ACCESS D; D2 : REQUIRES DATA ACCESS D; END T; THREAD IMPLEMENTATION T.i1 PROPERTIES Dispatch_Protocol => Periodic; Compute_Execution_Time => 5ms..5ms; Period => 15 ms; ANNEX Behavior_Specification {** states s : initial complete final state; transitions t : s -[on dispatch]-> s { D1 !<; computation(3 ms);D2 !<;D2 !>; D1 !> }; **}; END T.i1; DATA D END D; THREAD IMPLEMENTATION T.i2 PROPERTIES Dispatch_Protocol => Periodic; Compute_Execution_Time => 5ms..5ms; Period => 20 ms; ANNEX Behavior_Specification {** states s : initial complete final state; transitions t : s -[on dispatch]-> s { D2 !<; computation(5 ms); D1 !<; D1 !>; D2 !> }; **}; END T.i2; END shared_data;
Client-server ACKAGE client_server PUBLIC WITH HW; SYSTEM client_server END client_server; SYSTEM IMPLEMENTATION client_server.others SUBCOMPONENTS my_platform : SYSTEM HW::RMA_board; my_process : PROCESS my_process.others; PROPERTIES Actual_Processor_Binding => ( reference(my_platform.cpu) ) applies to my_process; END client_server.others; PROCESS my_process END my_process; PROCESS IMPLEMENTATION my_process.others SUBCOMPONENTS client_T : THREAD client_T.others; server_T : THREAD server_T; CONNECTIONS SUBPROGRAM ACCESS server_T.start -> client_T.start; END my_process.others; THREAD client_T FEATURES start : REQUIRES SUBPROGRAM ACCESS start; END client_T; THREAD IMPLEMENTATION client_T.others PROPERTIES Dispatch_Protocol => Periodic; Compute_Execution_Time => 5ms..7ms; Period => 15 ms; ANNEX Behavior_Specification {** states s : initial complete final state; transitions t : s -[on dispatch]-> s { computation(2 ms); start !; computation(4 ms) }; **}; END client_T.others; THREAD server_T FEATURES start : PROVIDES SUBPROGRAM ACCESS start { Compute_Execution_Time => 3ms..3ms; }; PROPERTIES Dispatch_Protocol => Sporadic; Compute_Execution_Time => 2ms..4ms; Period => 5 ms; END server_T; SUBPROGRAM start END start; END client_server;