RTAS MDES Workshop May 2003 - 1

1
Model-Based Integration of Reusable
Component-Based Avionics Systems

• David Sharp
• Technical Fellow
• Phantom Works, Open System Architecture
• david.sharp_at_boeing.com
• 27 May 2003

This work was sponsored by the DARPA/ITO
Model-Based Integration of Embedded Software
program, under contract F33615-00-C-1704 with Air
Force Research Laboratory Information
Directorate, Wright-Patterson Air Force Base.
2
Boeing Bold Stroke Initiative
Creation of Highly Configurable Avionics Product
Line Via OO Framework Technologies
3
Product Line Development
Components
Integration
Common
Create common components
Project Specific
P1 Configurator
P2 Configurator
Extend common/create plugs for project specific
reqts
Create project specific components
Configure for project deployment
Functional
Systemic
4
The Avionics Software Integration Challenge

• Reuse-based Development Approaches Can
  Dramatically Improve Cost, Quality and Cycle Time

• Cross-cutting Extra-functional Properties Are
  Endemic to Embedded Real-time Systems and Hinder
  Reuse

How do we compose systems from reusable
components while satisfying large-scale embedded
system requirements?

• Including
• Hard and soft real-time deadlines
• Fault tolerance
• Distribution

5
Model-Based Component Integration Approach
6
Challenges for Model-Based Component Integration

• Multi-view Modeling
• Represent system features that impact cross
  cutting constraints in feature-appropriate models
• Process view models
• Deployment view models
• Integrate multiple views
• Model-based Analysis
• Apply analytic methods to the design models to
  ensure satisfaction of cross cutting embedded
  constraints
• Model-based System Configuration
• Use system models to generate integration code
  needed to assemble a system from components

7
Process Related Views

• Logical Fault Management
• Operational and backup modes and components
• Components that need replicated backups
• Execution Dependencies
• Triggers and trigger types
• Trigger based dependency graphs
• Execution rates for the roots of dependencies
• Threads
• Threads and their associated rates and priorities

8
Deployment Related Views

• Physical Fault Management
• Relationships between fault modes and physical
  resources
• Component Quality of Service
• Execution rates
• Importance
• Resource requirements
• Process
• System physical resources
• Allocation of threads to processes
• Component Allocation
• Components that are strongly coupled
• Allocation of components to processors and
  processes
• Parameters for automatic generation of
  integration code
• Identify and generate CORBA stubs and skeletons
  as needed

9
Model-Based Analysis
Having models that capture cross-cutting aspects
of a system is the basis for analysis

• Execution Dependencies
• Identifying cyclic dependencies
• Ensuring consistency of dependency graphs
• Using dependency graphs to identify execution
  requirements for timing analysis
• Timing Analysis
• Schedulability
• Utilization
• Fault Tolerance
• Determine status of components in various fault
  scenarios
• Support allocation of backup components to
  processors to meet fault-tolerance goals

10
Model-Based Configuration

• Automatic Generation of Configuration Code Based
  on Models Can Yield Increased Speed and Quality
  and Reduced Cost
• Manual creation of integration code is time
  consuming, tedious and error prone
• Much integration code is fully determined by a
  model of the system configuration
• Tools already exist that generate much similar
  code
• CORBA IDL compilers, etc.

11
Resultant Process
Inter-View Translation
Analysis Translation
Input Translation
Fault Tolerance
Event Dependencies
Logical Fault Mgmt
Parse Rose
Timing
Threading
Instrumentation
Event Dependency
Filter/Translate To XML
Model Components
Invocation Dependency
Configuration Translation
Component Thread Map.
Generate Configuration
Model Importer
Process
Build
Component Allocation
Test
Physical Fault Mgmt
12
Development Scenario Example Walkthrough
13
MoBIES-Enabled Process
Inter-View Translation
Input Translation
Analysis Interchange Format (AIF)
Fault Tolerance
Event Dependencies
Logical Fault Mgmt
Application Component Library (ACL)
Parse Rose
Timing
VU ESML
Threading
Tek MoBIES Translator
Analysis Translation
UM AIRES
Event Dependency
Filter/Translate To XML
Model Components
Invocation Dependency
Tek MoBIES XML Exporter
Model Editor
Component Thread Map.
OEP Configuration
Generate Configuration
GME Importer
Process
VU ESML
VU rr2esml
SWRI ASC-Scheduler
Build
Component Allocation
Configuration Translation
Test
Physical Fault Mgmt
14
Component Specification

• Initial Design of Components Accomplished in
  Rational Rose
• Stereotypes used to express components

15
MoBIES-Enabled Process
Inter-View Translation
Input Translation
Analysis Interchange Format (AIF)
Fault Tolerance
Event Dependencies
Logical Fault Mgmt
Application Component Library (ACL)
Parse Rose
Timing
VU ESML
Threading
Tek MoBIES Translator
Analysis Translation
UM AIRES
Event Dependency
Filter/Translate To XML
Model Components
Invocation Dependency
Tek MoBIES XML Exporter
Model Editor
Component Thread Map.
OEP Configuration
Generate Configuration
GME Importer
Process
VU ESML
VU rr2esml
SWRI ASC-Scheduler
Build
Component Allocation
Configuration Translation
Test
Physical Fault Mgmt
16
Exporting the Component data

• Scripts Export The Model Data And Filter Out All
  Non-Component Related Details

17
MoBIES-Enabled Process
Inter-View Translation
Input Translation
Analysis Interchange Format (AIF)
Fault Tolerance
Event Dependencies
Logical Fault Mgmt
Application Component Library (ACL)
Parse Rose
Timing
VU ESML
Threading
Tek MoBIES Translator
Analysis Translation
UM AIRES
Event Dependency
Filter/Translate To XML
Model Components
Invocation Dependency
Tek MoBIES XML Exporter
Model Editor
Component Thread Map.
OEP Configuration
Generate Configuration
GME Importer
Process
VU ESML
VU rr2esml
SWRI ASC-Scheduler
Build
Component Allocation
Configuration Translation
Test
Physical Fault Mgmt
18
Event/Invocation Dependency Subview Modeling
Interaction models must be created in ESML to
show the initiating timer object, instances of
event types and component types and the
connections between them. Component instances
are assigned a unique Group and Item Id.
19
MoBIES-Enabled Process
Inter-View Translation
Input Translation
Analysis Interchange Format (AIF)
Fault Tolerance
Event Dependencies
Logical Fault Mgmt
Application Component Library (ACL)
Parse Rose
Timing
VU ESML
Threading
Tek MoBIES Translator
Analysis Translation
UM AIRES
Event Dependency
Filter/Translate To XML
Model Components
Invocation Dependency
Tek MoBIES XML Exporter
Model Editor
Component Thread Map.
OEP Configuration
Generate Configuration
GME Importer
Process
VU ESML
VU rr2esml
SWRI ASC-Scheduler
Build
Component Allocation
Configuration Translation
Test
Physical Fault Mgmt
20
Threading/Process Subview Modeling
Assign the priority and rate associated with each
thread.
In the Configurations folder, define the
processors, then double click on them to define
the threads and processes running on that
processor.
21
Constraint Checking

• Static Errors Are Caught Either During Modeling
  Or Analysis

22
MoBIES-Enabled Process
Inter-View Translation
Input Translation
Analysis Interchange Format (AIF)
Fault Tolerance
Event Dependencies
Logical Fault Mgmt
Application Component Library (ACL)
Parse Rose
Timing
VU ESML
Threading
Tek MoBIES Translator
Analysis Translation
UM AIRES
Event Dependency
Filter/Translate To XML
Model Components
Invocation Dependency
Tek MoBIES XML Exporter
Model Editor
Component Thread Map.
OEP Configuration
Generate Configuration
GME Importer
Process
VU ESML
VU rr2esml
SWRI ASC-Scheduler
Build
Component Allocation
Configuration Translation
Test
Physical Fault Mgmt
23
AIRES Event Dependency Graphs (EDGs)

• Graphs Are Created To Visualize Event Dependencies

24
Scheduling Analysis

• Utilization Is Shown for Each Processor, and
  Divided Among Tasks Running on the Processor

25
MoBIES-Enabled Process
Inter-View Translation
Input Translation
Analysis Interchange Format (AIF)
Fault Tolerance
Event Dependencies
Logical Fault Mgmt
Application Component Library (ACL)
Parse Rose
Timing
VU ESML
Threading
Tek MoBIES Translator
Analysis Translation
UM AIRES
Event Dependency
Filter/Translate To XML
Model Components
Invocation Dependency
Tek MoBIES XML Exporter
Model Editor
Component Thread Map.
OEP Configuration
Generate Configuration
GME Importer
Process
VU ESML
VU rr2esml
SWRI ASC-Scheduler
Build
Component Allocation
Configuration Translation
Test
Physical Fault Mgmt
26
Configuration Generation

• Interfaces Defined Via UML Meta-Models
• XML Configuration Files Generated From Models Via
  Scripts
• ESML2Config MC__MediumSP.mga

OEP Configuration File
Interface Model
27
Accomplishments

• End-To-End Automated Model-Based Configuration
• From UML Reusable Component Models to Running
  Code
• Initial Set Of Real-Time Analyses

• Configuring Representative Avionics Systems Of Up
  To
• 20 Component Types
• 400 Component Instances
• 3 Processes / processors
• Using
• Multiple tools with well-defined XML interfaces
• Pervasive meta-modeling

28
Remaining Challenges
Component Design
Input Translation
Analysis Translation
Fault Tolerance
Logical Fault Mgmt
Application Modeling
Event Dependencies
Design Generation
Persistence
Parse Rose
Event Dependency
Timing
Analysis Interchange Format (AIF)
Model Component Implementations
Appl Comp Lib (ACL)
Invocation Dependency
Component Allocation
Filter/Translate To XML
Implement Component
Configuration Translation
Component Thread Map
Generate App Config
Model Editor
Activation
Middleware Modeling
Model Importer
OEP Configuration
Process
Model Mware
Generate Mware Config
Threading
Build
mware config aspect 1
Implement Mware
Test
Physical Fault Mgmt
Instrumentation
PIM
PSM