Towards the systematic analysis of non-functional properties in Model-Based Engineering for real-time embedded systems

Guillaume Brau, Jérôme Hugues, Nicolas Navet
2018 Science of Computer Programming  
The real-time scheduling theory provides analytical methods to assess the temporal predictability of embedded systems. Nevertheless, their use is limited in a Model-Based Systems Engineering approach. In fact, the large number of applicability conditions makes the use of real-time scheduling analysis tedious and error-prone. Key issues are left to the engineers: when to apply a real-time scheduling analysis? What to do with the analysis results? This article presents an approach to systematize
more » ... nd then automate the analysis of non-functional properties in Model-Based Systems Engineering. First, preconditions and postconditions define the applicability of an analysis. In addition, contracts specify the analysis interfaces, thereby enabling to reason about the analysis process. We present a proof-of-concept implementation of our approach using a combination of constraint languages (REAL for run-time analysis) and specification languages (Alloy for describing interfaces and reasoning about them). This approach is experimented on architectural models written with the Architecture Analysis and Design Language (AADL). Contribution. In this article, we aim at systematizing and automating the analysis of non-functional properties of embedded systems at design time. The preconditions are the properties to be true in an input model prior to execute an analysis. The postconditions are the properties guaranteed on the model after the analysis execution. With preconditions and postconditions satisfied, an analysis is complete and sound. Concretely, a full analysis, including preconditions and postconditions, can be implemented by means of constraint languages, e.g. OCL on UML models [13] or REAL with AADL [14] . Then, we use contracts to automate the analysis process. A contract completely defines the interfaces of an analysis in terms of processed data and properties. Inputs/Outputs (I/O) describe input and output data. Assumptions/Guarantees (A/G) describe input and output properties. Specific methods can then be used to automatically reason about these interfaces, and answer complex questions about the analysis process such as: which analysis can be applied on a given model? Which are the analyses that meet a given goal? Are there analyses to be combined? Are there interferences between analyses? In practice, contracts can be defined with the help of a specification language such as Alloy [15] , and evaluated through associated SAT solvers. We present and experiment these concepts on an aerospace case study: the Paparazzi Unmanned Aerial Vehicle [16] . The experimental results presented in this paper can be reproduced from our tool prototype and AADL models available online 1 . Work hypotheses. The two following hypotheses fix the limits of our contributions. These hypotheses may be relaxed in future works as discussed at the end of this article: Design through architectural description languages. We focus on early design phases, especially the architectural design stage supported through Architecture Description Languages [17] . The models mentioned in this paper are written with the Architecture Analysis and Design Language (AADL) [18] and are part of the AADLib project [19] , our library of reusable AADL models accessible online. Real-time properties. We concentrate on real-time properties. We focus on a particular kind of analytical methods called real-time scheduling analyses [20] . Structure of the paper. The paper is organized as follows. Section 2 provides a general overview on architecture descriptions languages and discusses related works. Section 3 deals with the semantics of an analysis. We introduce contracts in section 4. Section 5 discusses potential extensions of our approach. We finally conclude in section 6. Background and related works Model-Based Systems Engineering is a paradigm that focuses on models in the engineering of complex systems. In a MBSE approach, activities such as specification, design, implementation, integration and verification systematically involve domain-specific models [21] .
doi:10.1016/j.scico.2017.12.007 fatcat:ri3wzlgnnbda7hloaw43h64wqe