Architecture Description Language Research Articles

Behavior modeling and verification of movement authority scenario of Chinese Train Control System using AADL

Train control systems like most digital controllers are, by definition, hybrid systems as they interact with or try to control some aspects of the physical world. Detailed behavior modeling with constraints specifica-tion and formal verification, required for reliability prediction, is a great challenge for hybrid system designers. Train control systems further intensify this challenge with extensive interaction between computing units and their physical environment and their mutual dependence on each other. In this paper, we investigate behavior modeling and formal verification of Chinese Train Control System Level 3 (CTCS-3) using Architectural Anal-ysis & Design Language (AADL) to cope with this challenge. AADL is an architecture description language for embedded systems and is based on model-based engineering paradigm. Along with structural modeling of em-bedded systems using the core language constructs, AADL also provides support for language extension through annex sublanguages. In system requirements specification document, the behavior of the CTCS-3 is specified as a set of basic operation scenarios that cooperate with each other to achieve safe and secure functionality of trains. Movement Authority (MA) scenario, explored in this paper, is considered as a basic and most crucial scenario to prevent trains from colliding with each other. The detailed discrete behavior of control system is modeled and verified using the Behavior Language for Embedded Systems with Software (BLESS) annex sublanguage of AADL, and the continuous behavior of train with the cyber-physical interaction (communication between train and control system) is modeled using the Hybrid annex sublanguage. The behavior of the MA scenario at system level is verified using the Hybrid Hoare Logic theorem prover. Behavior constraints are specified as assertions using first-order logic formulas augmented with a simple temporal operator.

On the verification of architectural reconfigurations

In a reconfigurable system, the response to contextual or internal change may trigger reconfiguration events which, on their turn, activate scripts that change the system׳s architecture at runtime. To be safe, however, such reconfigurations are expected to obey the fundamental principles originally specified by its architect. This paper introduces an approach to ensure that such principles are observed along reconfigurations by verifying them against concrete specifications in a suitable logic. Architectures, reconfiguration scripts, and principles are specified in Archery, an architectural description language with formal semantics. Principles are encoded as constraints, which become formulas of a two-layer graded hybrid logic, where the upper layer restricts reconfigurations, and the lower layer constrains the resulting configurations. Constraints are verified by translating them into logic formulas, which are interpreted over models derived from Archery specifications of architectures and reconfigurations. Suitable notions of bisimulation and refinement, to which the architect may resort to compare configurations, are given, and their relationship with modal validity is discussed.

Model-Based Analysis and Engineering of Automotive Architectures with EAST-ADL

Modern cars have turned into complex high-technology products, subject to strict safety and timing requirements, in a short time span. This evolution has translated into development processes that are not as efficient, flexible and agile as they could or should be. This paper presents the main aspects and capabilities of a rich model-based design framework, founded on EAST-ADL. EAST-ADL is an architecture description language specific to the automotive domain and complemented by a methodology compliant with the functional safety standard for the automotive domain ISO26262. The language and the methodology are used to develop an information model in the sense of a conceptual model, providing the engineer the basis for specifying the various aspects of the system. Inconsistencies, redundancies, and partly even missing system description aspects can be found automaticlally by advanced analyses and optimization capabilities to effectively improve development processes of modern cars.

Contemporary Computer Supported Collaboration: Systems, Technologies, Algorithms, and Applications

Contemporary Computer Supported Collaboration: Systems, Technologies, Algorithms, and Applications

Towards a verified transformation from AADL to the formal component-based language FIACRE

During the last decade, aadl is an emerging architecture description languages addressing the modeling of embedded systems. Several research projects have shown that aadl concepts are well suited to the design of embedded systems. Moreover, aadl has a precise execution model which has proved to be one key feature for effective early analysis.In this paper, we are concerned with the foundational aspects of the verification support for aadl. More precisely, we propose a verification toolchain for aadl models through its transformation to the Fiacre language which is the pivot verification language of the TOPCASED project: high level models can be transformed to Fiacre models and then model-checked. Then, we investigate how to prove the correctness of the transformation from AADL into Fiacre and present related elementary ingredients: the semantics of aadl and Fiacre subsets expressed in a common framework, namely timed transition systems. We also briefly discuss experimental validation of the work.

A Model for Run-Time Software Architecture Adaptation

Since the global demand for software systems and constantly changing environments and systems is increasing, the adaptability of software systems is of significant importance. Due to the architecture of software system is a high-level view of the system and makes the modifiability possible at an overall level, the adaptability of the software can be considered an effective approach to adapt software systems by changing architecture configuration. In this study, the architecture configuration is modified through xADL language which is a software architecture description language with a high flexibility. Software architecture reconfiguration is done based on existing rules of rule-based system, which are written with respect to three strategies of load balancing, fixed bandwidth and fixed latency. The proposed model of the study is simulated based on samples of client-server system, video conferencing system and students’ grading system. The proposed model can be used in all types of architecture, include Client Server Architecture, Service Oriented Architecture and etc.

Incorporating Architectural Modeling with State-based Reliability Evaluation

In the system development, it is quite important to evaluate non-functional property qualities on the architecture for making early adjustment decisions. However, in current practice, functional architectural modelling and non-functional quality evaluation are often implemented separately. And most architecture description languages fail to specify architecture evolution to implement adjustment. It is essential to propose a mechanism implementing architecture level evaluation, and supporting architecture evolution. With these considerations, we present an architecture reliability evaluation and evolution framework, which is based on the architecture description language - Breeze/ADL. First, by using Breeze/ADL, the system architecture is specified with reliability properties. Second, Breeze/ADL specifications are turned into a state view Markov chain (MC) model. This model helps to evaluate the reliability and conduct importance analysis to identify the critical module. Third, based on the evaluation result, the evolution mechanism by Breeze/ADL will raise an adjustment solution to improve the reliability.

Leveraging Ada 2012 and SPARK 2014 for assessing generated code from AADL models

Modeling of Distributed Real-time Embedded systems using Architecture Description Language provides the foundations for various levels of analysis: scheduling, reliability, consistency, etc.; but also allows for automatic code generation. A challenge is to demonstrate that generated code matches quality required for safety-critical systems. In the scope of the AADL, the Ocarina toolchain proposes code generation towards the Ada Ravenscar profile with restrictions for High-Integrity. It has been extensively used in the space domain as part of the TASTE project within the European Space Agency. In this paper, we illustrate how the combined use of Ada 2012 and SPARK 2014 significantly increases code quality and exhibits absence of run-time errors at both run-time and generated code levels.

Modelling large-scale information systems using ADLs – An industrial experience report

An organisation that had developed a large information system wanted to embark on a programme that would involve large-scale evolution of it. As a precursor to this, it was decided to create a comprehensive architectural description to capture and understand the system's design. This undertaking faced a number of challenges, including a low general awareness of software modelling and software architecture practices. The approach taken by the software architects tasked with this project included the definition of a simple, very specific, architecture description language. This paper reports our experience of the project and a simple ADL that we created as part of it.

Design and Implementation of Binary Utilities Generator

This paper presents a framework for generating assembler and disassembler from ADL (architecture description language), which enables processor architecture designers to explore a large design space by quickly modifying the architecture description written in high abstraction level ADL. We present our ADL: GADL(GNU tool chain based ADL) and propose the binary utilities generation algorithms for GADL. Some issues are discussed and resolved which have not been covered by related research. We have implemented the binary utilities generator with the proposed algorithms and used it to generate the binary utilities for a DSP we are designing, which shows the efficiency of the algorithms.

An Aspect-oriented Software Architecture Description Language AO-ADL Based on XYZ

Aspect-Oriented Programming (AOP) can resolve the code tangling problem in ObjectOriented Programming (OOP) via using the technology of separation of concerns. Software architecture is becoming an important part in the phase of software design, it has the ability of helping designer to handle the structure and the complexity of large software systems, and Aspect-Oriented Software Development (AOSD) is a new paradigm proposed to manage the complexity by crosscutting concerns in the whole software life-cycle. In order to adequately specify aspect-oriented design, Aspect-Oriented Architecture Description Languages (AOADL) are needed. XYZ/ADL is an architecture description language which is based on temporal logic language XYZ/E. XYZ/ADL separates computation and communication into two different architecture elements – component and connector, but lacks some appropriate support to represent these crosscutting behaviors. So, XYZ/ADL must be extended to resolve the problem above by adding a kind of new elements – Aspect and modifying the former component and connector. At last, we illustrate them on an example of the Hotel Management System (HMS) via using AO- ADL.

Formalizing and verifying stochastic system architectures using Monterey Phoenix

The analysis of software architecture plays an important role in understanding the system structures and facilitate proper implementation of user requirements. Despite its importance in the software engineering practice, the lack of formal description and verification support in this domain hinders the development of quality architectural models. To tackle this problem, in this work, we develop an approach for modeling and verifying software architectures specified using Monterey Phoenix (MP) architecture description language. MP is capable of modeling system and environment behaviors based on event traces, as well as supporting different architecture composition operations and views. First, we formalize the syntax and operational semantics for MP; therefore, formal verification of MP models is feasible. Second, we extend MP to support shared variables and stochastic characteristics, which not only increases the expressiveness of MP, but also widens the properties MP can check, such as quantitative requirements. Third, a dedicated model checker for MP has been implemented, so that automatic verification of MP models is supported. Finally, several experiments are conducted to evaluate the applicability and efficiency of our approach

From AADL to Timed Abstract State Machines: A verified model transformation

Architecture Analysis and Design Language (AADL) is an architecture description language standard for embedded real-time systems widely used in the avionics and aerospace industry to model safety-critical applications. To verify and analyze the AADL models, model transformation technologies are often used to automatically extract a formal specification suitable for analysis and verification. In this process, it remains a challenge to prove that the model transformation preserves the semantics of the initial AADL model or, at least, some of the specific properties or requirements it needs to satisfy. This paper presents a machine checked semantics-preserving transformation of a subset of AADL (including periodic threads, data port communications, mode changes, and the AADL behavior annex) into Timed Abstract State Machines (TASM). The AADL standard itself lacks at present a formal semantics to make this translation validation possible. Our contribution is to bridge this gap by providing two formal semantics for the subset of AADL. The execution semantics provided by the AADL standard is formalized as Timed Transition Systems (TTS). This formalization gives a reference expression of AADL semantics which can be compared with the TASM-based translation (for verification purpose). Finally, the verified transformation is mechanized in the theorem prover Coq.

Analysis of a Complex Architectural Style C2 Using Modeling Language Alloy

Software architecture plays an important role in the high level design of a system in terms of components, connectors, and configuration. The main building block of software architecture is an architectural style that provides domain specific design semantics. Although many architectural descrip- tion languages (ADLs) are available in literature for modeling notations to support architecture based development, these ADLs lack proper tool support in terms of formal modeling and visualization. Hence formal methods are used for modeling and verification of architectural styles. In this study, an attempt has been made to formalize one complex style i.e., C2 ( component and connector) using formal specification language Alloy. For consistency checking of modeling notations, the model checker Alloy Analyzer is used. It automatically checks properties such as compatibility between components and connectors, satisfiability of predicates over the architectural structure, and consistency of a style. For modeling and verification of C2 architectural style, one case study on cruise control system has been considered. At the end of this study performance evaluation among different SAT solvers associated with Alloy Analyzer has been performed in order to assess the quality.

SAMM: an architecture modeling methodology for ship command and control systems

Ship command and control systems (SCCSs) are composed of large-scale, complex, real-time and software-intensive systems that complete tasks collaboratively. Open architecture has been introduced to design the architecture of SCCSs and has been refined into functional architecture (FA) and technical architecture (TA) to meet architectural requirements such as adapting fast-speed functional and technical changes. Thereby, specifying the architecture of SCCSs, based on FA and TA, becomes a key issue for stakeholders of the domain. In this paper, we propose an architecture modeling methodology (named as SAMM) for describing the architecture of SCCSs. SAMM is derived by following a systematic and generic framework--modeling Goal, domain-specific Conceptual model, architecture Viewpoint, and architecture description Language (GCVL), which guides domain experts to devise domain-specific architecture modeling methodologies of large-scale software-intensive systems. SAMM contains three viewpoints and 22 models, and a UML/SysML-based architecture description language. An industrial application of SAMM, along with the subsequent application of the derived SAMM architecture model (i.e., a deployed SCCS prototype) was conducted to evaluate SAMM. A questionnaire-based survey was also conducted to subjectively evaluate whether SAMM meets the modeling goals and its applicability. Results show that SAMM meets all modeling goals and is easy to apply.

Actions and Events in Concurrent Systems Design

In this work, having in mind the construction of concurrent systems from components, we discuss the difference between actions and events. For this discussion, we propose an(other) architecture description language in which actions and events are made explicit in the description of a component and a system. Our work builds from the ideas set forth by the categorical approach to the construction of software based systems from components advocated by Goguen and Burstall, in the context of institutions, and by Fiadeiro and Maibaum, in the context of temporal logic. In this context, we formalize a notion of a component as an element of an indexed category and we elicit a notion of a morphism between components as morphisms of this category. Moreover, we elaborate on how this formalization captures, in a convenient manner, the underlying structure of a component and the basic interaction mechanisms for putting components together. Further, we advance some ideas on how certain matters related to the openness and the compositionality of a component/system may be described in terms of classes of morphisms, thus potentially supporting a compositional rely/guarantee reasoning.

Applying of component system development in object methodology

Applying of component system development in object methodology

AO4AADL: Aspect oriented extension for AADL

Abstract Managing embedded system complexity and scalability is one of the most important problems in software development. To better address this problem, it is very recommended to have an abstraction level high enough to model such systems. Architectural description languages (ADLs) intend to model complex systems and manage their structure at a high abstraction level. Traditional ADLs do not normally provide appropriate formalisms to separate any kind of crosscutting concerns. This frequently results in poor descriptions of the software architectures and a tedious adaptation to constantly changing user requirements and specifications. AOSD (Aspect Oriented Software Development) deals with these problems by considering crosscutting concerns in software development. The effectiveness of considering an aspect-oriented architectural design appears when aspect concepts are taken into account early in the software’s life-cycle. In this paper, we propose a new aspect language called AO4AADL that adequately manipulates aspect oriented concepts at architecture level in order to master complexity and ensure scalability. The abstract nature of our proposed language allows the generation of aspect code for several programming languages and platforms.

Customised soft processor design: a compromise between architecture description languages and parameterisable processors

Processor customisation is an effective technique to enhance performance across an application domain. In this study, the authors present a new customised soft processor development environment called polytechnique customised soft processor (PolyCuSP), which bridges the gap between architecture description languages (ADLs) and extensible soft processors. The main objective of this environment is to facilitate rapid design space exploration while preserving a wide range of customisation flexibility. For this purpose, PolyCuSP offers full flexibility in instruction-set description, while limiting the datapath customisation to a predefined set of tunable microarchitectural parameters. The environment avoids extensive datapath description that is unnecessary for usual microarchitectural customisation techniques in order to simplify the development process. A new XML-based description format is introduced for instruction-set modelling. Experimental results evaluate and compare the design and customisation complexities offered by PolyCuSP with competitive approaches. Results demonstrate the efficiency of applying customisation techniques in the proposed environment. For the Sobel edge detection algorithm, the results show that microarchitectural tuning and instruction-set architecture customisation improve the performance-per-cost ratio by an average of 44 and 27%, respectively. Furthermore, in a case study of a tone-mapping algorithm, PolyCuSP achieves an average improvement of 38% in performance-per-cost ratio over an ADL-based design applying the same customisations.

Automatic optimisation of system architectures using EAST-ADL

There are many challenges which face designers of complex system architectures, particularly safety–critical or real-time systems. The introduction of Architecture Description Languages (ADLs) has helped to meet these challenges by consolidating information about a system and providing a platform for modelling and analysis capabilities. However, managing this wealth of information can still be problematic, and evaluation of potential design decisions is still often performed manually. Automatic architectural optimisation can be used to assist this decision process, enabling designers to rapidly explore many different options and evaluate them according to specific criteria. In this paper, we present a multi-objective optimisation approach based on EAST-ADL, an ADL in the automotive domain, with the goal of combining the advantages of ADLs and architectural optimisation. The approach is designed to be extensible and leverages the capabilities of EAST-ADL to provide support for evaluation according to different factors, including dependability, timing/performance, and cost. The technique is applied to an illustrative example system featuring both hardware and software perspectives, demonstrating the potential benefits of this concept to the design of embedded system architectures.