Modélisation des Logiciels Temps Réel
description
Transcript of Modélisation des Logiciels Temps Réel
Modélisation des Logiciels Temps Réel
Telecom Bretagne3 octobre 2011
EllidissTechnologiesw w w . e l l i d i s s . c o m
Pierre Dissaux
Plan de l’exposé
1. Introduction - Enjeux- Langages et Modèles
2. Présentation de AADL- Généralités- Modélisation Temps-Réel
3. Cas d’étude: patrons temps-réels en AADL- Flots de données synchrones- Envoi de messages asynchrones- Données partagées- Client-serveur (Rendez-vous)
EllidissTechnologiesw w w . e l l i d i s s . c o m
EllidissTechnologiesw w w . e l l i d i s s . c o m
tous développements logiciels
logiciels scientifiques & industriels
logiciels critiques
logiciels temps-réels
Les logiciels temps-réel:une part quantitativement faible...
EllidissTechnologiesw w w . e l l i d i s s . c o m
Les logiciels temps-réel:...mais qualitativement forte
02/2002 General presentation
A complete range of aircraft
300
200
1002750 16000
Seats
Range (Km)A319
A320
A321
A380
A330-300
A330-200A300
A310
A318
A340-300
400
500
600
A340-500
A340-600
.
A 380
2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015
GSTB V2 Galileo
Herschel
Proba2
DarwinLisa
Smos
ISS-VTC ATV ISS-VTC EvolutionATV Evolution
CTV FLPP
Ariane 2010
Envisat
ISS-Payload ISS-Payload ISS-Payload
Small Sat depending on opportunities
Aurora
Aurora
Aurora
Bepi Colombo
Rosetta
Proba1
Smart 1
Proba 3
Safety orientedsystems
Availabilityoriented systems
Reliabilityoriented systems
Ground technology
oriented systems
Cost orientedsystems
Venus ExpressMetOpMars Express
IntegralMSG-1
Goce ADM-Aeolus
CryoSat Smart2EarthCareSpectraWales
Ace+EGPMSwarm
FuegoSatTerraSar
Corot
Eddington
Gaïa
Planck
JWST
Solar Orbiter
Xeus
Aurora
Smart3
SécuritéDisponibilité
Fiabilité
EllidissTechnologiesw w w . e l l i d i s s . c o m Les logiciels temps-réel:
processus de développement traditionnel
SW Design
Code
Unit Tests
Integration
Product
SystemAnalysis
UserReqs
Moyens:- standardisation du processus: ex. ECSS pour le spatial- certification: ex. DO-178 pour l'avionique
Garantir la sécurité, la disponibilité et la fiabilité:- respect des échéances temporelles: flots de contrôle- respect de l'intégrité des données: flots de données
60% du coût
EllidissTechnologiesw w w . e l l i d i s s . c o m Les logiciels temps-réel:
amélioration du processus de développement
SW Modeling and Verification
Integration
Product
SystemAnalysis
UserReqs
Exploitation des modèles:- gestion de la qualité : vérifications en amont- gestion de la productivité: génération automatique de code et doc
Modélisation:- gestion de la complexité: abstractions ou simplifications- gestion de la conformité: anticipation des problèmes
Ingénierie des modèles (IdM-MDE)
EllidissTechnologiesw w w . e l l i d i s s . c o m
Modèles et langagestraits généraux et tendances
Techniques de modélisation- orienté fonctions (f): ex. SADT- orienté objets (f,d): ex. UML- orienté composants (f,d,c):
ex. HOOD, AADL
Evolution des langages - assembleur- langage C - langage Ada- langages d'architecture: ADL
Ingeniérie des modèles (MDE)- modéliser au lieu de coder- méta-modèles et transformations- personnalisations d’un langage généraliste (profils UML)- langages de modélisation spécialisés (DSML)
fonctions
donnéescomportement
EllidissTechnologiesw w w . e l l i d i s s . c o m
Modèles et langagesspécificités du Temps-Réel
Logiciel applicatif - Exigences fonctionnelles =>
modélisation focalisée sur les fonctions- Exigences non fonctionnelles (performances) =>
assertion de propriétés (exemple: Deadline) - Maîtrise du système complet =>
utilisation de modèles d’instances
Environnement d’exécution- Gestion de la distribution => architecture matérielle- Gestion de la concurrence => notion de tâche- Gestion des communications inter-tâches =>
Synchronisation et échange des données
Solutions offrant l’ensemble de ces possibilités- Au niveau programmation => Ada- Au niveau modélisation => AADL
EllidissTechnologiesw w w . e l l i d i s s . c o m
AADLArchitecture Analysis and Design Language
Standard international de la SAE (http://www.sae.org)- v1.0 (AS5506) publiée en novembre 2004- annexes (AS5506/1) publiées en juin 2006- v2.0 (AS5506A) publiée en janvier 2009- annexes (AS5506/2) publiées en janvier 2011- géré par un comité ouvert (majoritairement USA-Europe)
et mixte académiques/industriels
Outils:- modélisation: Osate, Adele, Stood, …- vérification: Ocarina, Furness, Cheddar, AADL Inspector, …
Utilisations:- nombreux projets collaboratifs de R&D- forte implication des industriels du secteur Aéronautique/Espace/défense
http://www.aadl.info
EllidissTechnologiesw w w . e l l i d i s s . c o m
AADLLanguage definition
Definition of the syntax:- BNF grammar: .aadl files- XMI model serialisation: .aaxl files- UML/Marte mapping- graphical notation
Definition of the semantics:- Static constraints: Legality rules- Temporal semantics: State models
Category Type Implementation
thread
Features: server subprogram port port group provides data access requires data access flow specifications:
yes properties: yes
Subcomponents: data Subprogram calls: yes Connections: yes Flows: yes Modes: yes Properties: yes
EllidissTechnologiesw w w . e l l i d i s s . c o m
AADLNotations
<processImpl name="ProdCons.default" compType="//processType[@name=ProdCons]"> <connections> <eventConnection name="EventConnection1" ... /> <dataConnection name="DataConnection1" ... /> </connections> <subcomponents> <threadSubcomponent name="theProd" classifier="//threadImpl[@name=Prod.Impl]"/> <threadSubcomponent name="theCons" classifier="//threadImpl[@name=Cons.Impl]"/> </subcomponents></processImpl>
process implementation ProdCons.default subcomponents theProd: thread Prod.Impl; theCons: thread Cons.Impl; connections EventConnection1: event port start -> theProd.start; DataConnection1: data port theProd.val -> theCons.val;end ProdCons.default;
Human readable textual notation: .aadl
Tool interchange textual notation: .aaxl
graphical notation
EllidissTechnologiesw w w . e l l i d i s s . c o m
AADLoverview
Packages Property_sets
PropertiesComponents
Features Annexes, Flows, Calls, Modes
Specification
ContainsContains instances of
Connections
EllidissTechnologiesw w w . e l l i d i s s . c o m Components
overviewfeatures
subcomponents
sibling connections
parent-child connections
component
EllidissTechnologiesw w w . e l l i d i s s . c o m Components
abstraction layers
Categories
Implementations
Subcomponents
predefined semantics
internals
instances
classifiers
extends
implements instanciates
instanciates
Types
interface
EllidissTechnologiesw w w . e l l i d i s s . c o m Categories
hardware and composite
processor
virtual processor
memory
device
bus
virtual bus
system
EllidissTechnologiesw w w . e l l i d i s s . c o m Categories
software and abstract
process
thread
thread group
subprogram group
subprogram
data
abstract
EllidissTechnologiesw w w . e l l i d i s s . c o m Classifiers
GPS GPS_secure
GPS.basic GPS.handheld GPS_secure.handheld
component types
component implementations
EllidissTechnologiesw w w . e l l i d i s s . c o m Features
in data portout data portin out data port
provides subprogram accessrequires subprogram access
in abstract featureout abstract feature
data flows
in event portout event portin out event portco
ntro
l flo
ws
in event data portout event data portin out event data port
messages
calls
provides data/bus accessrequires data/bus access
shared data/bus
provides subprogram group accessrequires subprogram group access
feature group
EllidissTechnologiesw w w . e l l i d i s s . c o m AADL
software components
prov
ides
requ
ire
sin
clud
es
subpr accessportdata accessbus access
subpr accessdata accessbus access
processor; bus;memory; device; process; data(sub)system
System
subpr accessportdata access
subpr accessdata access
datathreadthread grpsubprogram
Process
subpr accessdata access
datasubprogram
Data
out portparameter
Subprogram
subprg accessdata access
Subpr accessportdata access
subpr accessdata access
Threadgroup
datathreadthread grpsubprogram
Subpr accessportdata access
subpr accessdata access
Thread
datasubprogram
Real-Time ModelingAADL processor
EllidissTechnologiesw w w . e l l i d i s s . c o m
Supported Scheduling Protocols
Rate_Monotonic_Protocol each thread must have a Period
Deadline_Monotonic_Protocol each thread must have a Deadline
POSIX_1003_Highest_Priority_First_Protocol
each thread must have a Priority
Real-Time ModelingAADL thread states
EllidissTechnologiesw w w . e l l i d i s s . c o m
Suspended
Ready
Running
Awaiting Resource
Awaiting Return
Dispatch
Resume
Preempt
Block due to Get Resource
Complete
Unblock due to Release Resource
Call remote subprogram
Return remote subprogram
Real-Time ModelingAADL thread dispatch protocols
EllidissTechnologiesw w w . e l l i d i s s . c o m
Supported Dispatch Protocols
Periodic dispatched periodically with specified Period
Aperiodic dispatched by received events
Sporadic same as Aperiodic, with a minimum inter-arrival time (Period)
Timed same as Aperiodic, with a timeout
Hybrid disjunction of Periodic and Aperiodic dispatch conditions
Background dispatched when the processor is free
Real-Time ModelingAADL thread features
EllidissTechnologiesw w w . e l l i d i s s . c o m
Supported Thread Features
Event Port used to dispatch Aperiodic, Sporadic, Timed and Hybrid threads
Event Data Port same as Event Port
Provides Subprogram Access
same as Event Port
Requires Subprogram Access
used to express a remote subprogram call
Requires Data Access
used to express a remote data access
Real-Time ModelingAADL thread properties
EllidissTechnologiesw w w . e l l i d i s s . c o m
Supported Thread Properties
Period required for Periodic, Sporadic, Timed and Hybrid threads
Deadline required when the scheduling protocol is Deadline_Monotonic_Protocol
Priority required when the scheduling protocol isPOSIX_1003_Highest_Priority_First_Protocol
Compute_Execution_Time
required when no behaviour annex is specified
Real-Time ModelingAADL feature and data properties
EllidissTechnologiesw w w . e l l i d i s s . c o m
Supported Feature Properties
Queue_Size specifies the maximum number of stored events (default is 1)
Dequeue_Protocol may be OneItem or AllItems
Supported Data Properties
Concurrency_Control_Protocol can be used to ensure mutually exclusive access with: Priority_Ceiling_Protocol
Real-Time ModelingAADL behavior annex
EllidissTechnologiesw w w . e l l i d i s s . c o m
Supported Behavior Annex Actions
Computation specify use of the processor for a given duration
!< specify lock of a shared data (GetResource)
!> specify unlock of a shared data (ReleaseResource)
! specify send of an out event or call of a subprogram
The AADL behavior annex defines an action language to describe the internal behavior of a thread or a subprogram
ANNEX Behavior_Specification {** states s : initial complete final state; transitions t : s -[on dispatch]-> s { buffer !<; computation(2 ms); send !; buffer !> };**};
EllidissTechnologiesw w w . e l l i d i s s . c o m
AADLexample: Process + Threads + Data
EllidissTechnologiesw w w . e l l i d i s s . c o m
AADLexample: Threads
thread StoreDatafeatures
flush : in event port;input : in event data port RawData;output : requires data access File;
end StoreData;
thread implementation StoreData.Fastproperties
Dispatch_Protocol => Periodic;Period => 20 ms;
end StoreData.Fast;
thread AcquireDatafeatures
output : out event data port RawData;end AcquireData;
EllidissTechnologiesw w w . e l l i d i s s . c o m
AADLexample: Data
data implementation File.Binarysubcomponents
name : data String;size : data Int;
end File.Binary;
data Filefeatures
open : subprogram access OpenFile;close : subprogram access CloseFile;
end StoreData;
subprogram OpenFile features
me : in parameter File;rw : in parameter Prot;status : out parameter Int;
end OpenFile;
EllidissTechnologiesw w w . e l l i d i s s . c o m
AADLexample: Process
process DataManagerfeatures
start : in event port;end DataManager;
process implementation DataManager.FileStorage subcomponents
file : data File.Binary;store : thread StoreData.Fast;acquire : thread AcquireData;
connectionsevent port start -> store.flush;data access file -> store.output;event data port acquire.output -> store.input;
end DataManager.FileStorage;
EllidissTechnologiesw w w . e l l i d i s s . c o m Case Studies:
Real-Time patterns
Modelling and analysis process:- build the architectural model with Stood- generate the AADL specification- simulate within AADL Inspector
Real-Time communication patterns:- Synchronous dataflow- Message sending- Shared data- Client-server
PACKAGE synchronousPUBLICWITH HW;
SYSTEM synchronousEND synchronous;
SYSTEM IMPLEMENTATION synchronous.othersSUBCOMPONENTS my_process : PROCESS my_process.others; my_platform : SYSTEM HW::RMA_board;PROPERTIES Actual_Processor_Binding => ( reference(my_platform.cpu) )
applies to my_process;END synchronous.others;
PROCESS my_processEND my_process;
PROCESS IMPLEMENTATION my_process.othersSUBCOMPONENTS T1 : THREAD a_thread { Dispatch_Protocol => Periodic; Compute_Execution_Time => 5 ms .. 5 ms; Period => 25 ms; }; T2 : THREAD a_thread { Dispatch_Protocol => Periodic; Compute_Execution_Time => 5 ms .. 5 ms; Period => 20 ms; }; T3 : THREAD a_thread { Dispatch_Protocol => Periodic; Compute_Execution_Time => 5 ms .. 5 ms; Period => 15 ms; };CONNECTIONS PORT T1.output -> T2.input; PORT T2.output -> T3.input;END my_process.others;
THREAD a_threadFEATURES input : IN DATA PORT Base_Types::integer; output : OUT DATA PORT Base_Types::integer;END a_thread;
END synchronous;
EllidissTechnologiesw w w . e l l i d i s s . c o m Synchronous dataflow
PACKAGE messagesPUBLICWITH Behavior_Properties;WITH HW;
SYSTEM messagesEND messages;
SYSTEM IMPLEMENTATION messages.othersSUBCOMPONENTS my_platform : SYSTEM HW::RMA_board; my_process : PROCESS my_process.others;PROPERTIES Actual_Processor_Binding => ( reference(my_platform.cpu) ) applies to my_process;END messages.others;
PROCESS my_processEND my_process;
PROCESS IMPLEMENTATION my_process.othersSUBCOMPONENTS sender : THREAD sender.others; receiver : THREAD receiver;CONNECTIONS PORT sender.send -> receiver.receive;END my_process.others;
THREAD senderFEATURES send : OUT EVENT PORT;END sender;
THREAD IMPLEMENTATION sender.othersPROPERTIES Dispatch_Protocol => Periodic; Compute_Execution_Time => 5ms..7ms; Period => 20ms;ANNEX Behavior_Specification {** states s : initial complete final state; transitions t : s -[on dispatch]-> s { computation(3 ms); send !;computation(3 ms);send ! };**};END sender.others;
THREAD receiverFEATURES receive : IN EVENT PORT { Dequeue_Protocol => OneItem; Queue_Size => 5; };PROPERTIES Dispatch_Protocol => Sporadic; Compute_Execution_Time => 2ms..2ms; Period => 21ms;END receiver;
END messages;
EllidissTechnologiesw w w . e l l i d i s s . c o m Message sending
PACKAGE shared_dataPUBLICWITH HW;
--
PROCESS IMPLEMENTATION my_process.othersSUBCOMPONENTS T1 : THREAD T.i1; D1 : DATA D { Concurrency_Control_Protocol => PRIORITY_CEILING_PROTOCOL; }; D2 : DATA D { Concurrency_Control_Protocol => PRIORITY_CEILING_PROTOCOL; }; T2 : THREAD T.i2;CONNECTIONS DATA ACCESS D1 -> T1.D1; DATA ACCESS D2 -> T1.D2; DATA ACCESS D1 -> T2.D1; DATA ACCESS D2 -> T2.D2;END my_process.others;
THREAD TFEATURES D1 : REQUIRES DATA ACCESS D; D2 : REQUIRES DATA ACCESS D;END T;
THREAD IMPLEMENTATION T.i1PROPERTIES Dispatch_Protocol => Periodic; Compute_Execution_Time => 5ms..5ms; Period => 15 ms;ANNEX Behavior_Specification {** states s : initial complete final state; transitions t : s -[on dispatch]-> s { D1 !<; computation(3 ms);D2 !<;D2 !>; D1 !> };**};END T.i1;
DATA DEND D;
THREAD IMPLEMENTATION T.i2PROPERTIES Dispatch_Protocol => Periodic; Compute_Execution_Time => 5ms..5ms; Period => 20 ms;ANNEX Behavior_Specification {** states s : initial complete final state; transitions t : s -[on dispatch]-> s { D2 !<; computation(5 ms); D1 !<; D1 !>; D2 !> };**};END T.i2;
END shared_data;
EllidissTechnologiesw w w . e l l i d i s s . c o m Shared data
ACKAGE client_serverPUBLICWITH HW;
SYSTEM client_serverEND client_server;
SYSTEM IMPLEMENTATION client_server.othersSUBCOMPONENTS my_platform : SYSTEM HW::RMA_board; my_process : PROCESS my_process.others;PROPERTIES Actual_Processor_Binding => ( reference(my_platform.cpu) ) applies to my_process;END client_server.others;
PROCESS my_processEND my_process;
PROCESS IMPLEMENTATION my_process.othersSUBCOMPONENTS client_T : THREAD client_T.others; server_T : THREAD server_T;CONNECTIONS SUBPROGRAM ACCESS server_T.start -> client_T.start;END my_process.others;
THREAD client_TFEATURES start : REQUIRES SUBPROGRAM ACCESS start;END client_T;
THREAD IMPLEMENTATION client_T.othersPROPERTIES Dispatch_Protocol => Periodic; Compute_Execution_Time => 5ms..7ms; Period => 15 ms;ANNEX Behavior_Specification {** states s : initial complete final state; transitions t : s -[on dispatch]-> s { computation(2 ms); start !; computation(4 ms) };**};END client_T.others;
THREAD server_TFEATURES start : PROVIDES SUBPROGRAM ACCESS start { Compute_Execution_Time => 3ms..3ms; };PROPERTIES Dispatch_Protocol => Sporadic; Compute_Execution_Time => 2ms..4ms; Period => 5 ms;END server_T;
SUBPROGRAM startEND start;
END client_server;
EllidissTechnologiesw w w . e l l i d i s s . c o m
Client-server