Upload
others
View
3
Download
0
Embed Size (px)
Citation preview
OMEGA2Profile & tools for system modelling and verification
with UML 2.x & SysML
Iulian OBER, Iulia DRAGOMIRIRIT / University of Toulouse
Tools developed in partnership withWork supported by
SYSTEM:SGS_SYSTEM 1 «System,root»
SGS_FUM 1 pPCDU3
pMVM
pTCU4
pSADE1
pCMU1
MVM_SU 1 «External»
pSGS
SADE1 1 pPCDU pSGS
CMU1_HW 1 pPCDU3 pSGS
pWING3 pTCU4
PCDU3 1
pWING
pSADE
pCMU1
pSGS
WING3 1
pTK4_N
pTK3_N
pPCDU
pCMU1
pTK2_N
pTK1_N TCU3 1
pTK4_2
pTK3_1
pTK2_2
pTK1_1
pSGS
pCMU
!1
Iulian OBER, Iulia DRAGOMIR - OMEGA2 UML&AADL - March 24th 2010
Outline
Overview of OMEGA v1 - profile and tools
OMEGA v2 language extensionscomposite structures
concurrency model
Implementation in IFx2
Conclusions
2
Iulian OBER, Iulia DRAGOMIR - OMEGA2 UML&AADL - March 24th 2010
OMEGA v1 language
A large subset of UML 1.5 (1)
+(More) model coherence constraints
+A formal operational semantics (2)
+RT & Verification extensions (3)
(1) Structure (object-oriented), behaviour (SM, actions)(2) Based on the Rhapsody tool semantics and defined in
[Damm, Josko, Pnueli, Votintseva 2002 & Hooman, Zwaag 2003](3) Timing constraints, timed behaviour (semantic projection to timed
automata), property observers
3
Iulian OBER, Iulia DRAGOMIR - OMEGA2 UML&AADL - March 24th 2010
OMEGA v1 language
UML class diagrams• active / passive
classes• associations• composition• generalization
4
Iulian OBER, Iulia DRAGOMIR - OMEGA2 UML&AADL - March 24th 2010
OMEGA v1 language
Behaviour• state machines• “primitive” operations• imperative action language! assignments! control structure! communication! object creation
• communication : ! asynchronous signals! asynchronous calls! synchronous
blocking calls
5
Iulian OBER, Iulia DRAGOMIR - OMEGA2 UML&AADL - March 24th 2010
OMEGA v1 language
6
Composition & communication semantics
o1 a
o3
a’
o1’
o2’
o2 op(int)
Iulian OBER, Iulia DRAGOMIR - OMEGA2 UML&AADL - March 24th 2010
OMEGA v1 language
7
Observers: objects monitoring the system state & events and giving verdicts
Iulian OBER, Iulia DRAGOMIR - OMEGA2 UML&AADL - March 24th 2010
IFx toolset
8
Functionality
simulationinteractive, random, replay/analyze diagnostics…
verificationobservers,µ-calculus, state graph minimisation (bisimulation),…
static analysisdead variable/code elimination, slicing,…
Architecture
Principle: translation to a formal timed automata model
Iulian OBER, Iulia DRAGOMIR - OMEGA2 UML&AADL - March 24th 2010
Use of OMEGA
9
Case studies:EADS Astrium Space Transportation:Verification of functional & scheduling properties of the Ariane-5 flight software! ! ! ! ! [FMOODS06]
Nationaal Lucht- en Ruimtevaartlaboratorium (NLR):Timing verification of airborne data acquisition module! ! ! ! ! ! ! ! ! ! [UML&FM08]
ESA / EADS Astrium:Simulation and verification of ATV Solar Wing Management
Tool development partially financed by ESA
Iulian OBER, Iulia DRAGOMIR - OMEGA2 UML&AADL - March 24th 2010
Outline
Overview of OMEGA v1 - profile and tools
OMEGA v2 language extensionscomposite structures
concurrency model
Implementation in IFx2
Conclusions
10
Iulian OBER, Iulia DRAGOMIR - OMEGA2 UML&AADL - March 24th 2010
Motivation - missing features
LanguageStructure: hierarchical architecture modelling! UML 2.x composite structures! SysML internal block diagrams
Concurrency model: better synchronisation constructs
Behaviour: parallel regions, other minor updates
ToolCompatibility with recent UML/SysML editors (Rhapsody 7.x) -- support for XMI 2.x
11
Iulian OBER, Iulia DRAGOMIR - OMEGA2 UML&AADL - March 24th 2010
UML composite structures
12
ATM
kb:Keypad 1
d:Display 1
cu:CashUnit 1
ca:CardUnit 1 bb:BankTransactionBroker 1
bank
BankToATM ATMtoBank
cont:Controller 1
cu ca d k
cu
ca
d
k
ATM_Bank
BankToATM ATMtoBank
a
b d c
e
f
g h
Elements : (a) port (b) part (c) delegation connector (port-to-instance) (d) assembly connector (port-to-instance) (e) assembly connector (instance-to-instance) (f) delegation connector (port-to-port) (g) provided interface (h) required interface
Iulian OBER, Iulia DRAGOMIR - OMEGA2 UML&AADL - March 24th 2010
Ambiguous structures
14
should imply
Iulian OBER, Iulia DRAGOMIR - OMEGA2 UML&AADL - March 24th 2010
Unambiguous structures
OMEGA objective: clear & coherent semantics
!
Rules for well-formed structures
Static type safety
Operational semantics
15
Iulian OBER, Iulia DRAGOMIR - OMEGA2 UML&AADL - March 24th 2010
Bidirectional vs. unidirectional ports
16
I «Interface»
op1(p1:int):int sig1(p1:int)
J «Interface»
op2():void
«Usage»
Bidirectional ports lead to typing problems:
A
I
J
port_0
! example of action in A: port_0.op2() // port_0 complies to J
! behaviour specification of port_0: input op2() : // port_0 complies to J and I ... input op1(x) : // port_0 complies to J and I ... input sig1(x) : // port_0 complies to J and I
...
OMEGA: no bidirectional ports ! Replace with:
A
port_0_out
J
I port_0_in
Iulian OBER, Iulia DRAGOMIR - OMEGA2 UML&AADL - March 24th 2010
Connector directionality
17
!
"#"$%&'()*&+
,"-.
/0%,1/0%,1
1#"$%&'()*&+
,1-.
2&3&456)*789/
2&3&456)*789/
:#"$%&'()*&+
,:-.
;
1'1
:9:
<
2=!/
&=;/
1
'1:9:
<51>?1
6)75'<51
2&3&456)*789
<51>?1'<510%,1":>?">?:
9":
respect portdirectionality
respect associationdirectionality
Iulian OBER, Iulia DRAGOMIR - OMEGA2 UML&AADL - March 24th 2010
Connector typing
18
!
"#"$%&'()*&+
,"-.
/0%,1/0%,1
1#"$%&'()*&+
,1-.
2&3&456)*789/
2&3&456)*789/
:#"$%&'()*&+
,:-.
;
1'1
:9:
<
2=!/
&=;/
1
'1:9:
<51>?1
6)75'<51
2&3&456)*789
<51>?1'<510%,1":>?">?:
9":
{ I,J } " { J } = { J }
{ I,J } " { I } = { I } { K } = typeOf(itsK)
{ K } " { K } = { K }
{ K } = typeOf(deleg_backup)
Iulian OBER, Iulia DRAGOMIR - OMEGA2 UML&AADL - March 24th 2010
Port behaviour
19
!
"#"$%&'()*&+
,"-.
/0%,1/0%,1
1#"$%&'()*&+
,1-.
2&3&456)*789/
2&3&456)*789/
:#"$%&'()*&+
,:-.
;
1'1
:9:
<
2=!/
&=;/
1
'1:9:
<51>?1
6)75'<51
2&3&456)*789
<51>?1'<510%,1":>?">?:
9":
state_0
sJ/deleg_J ! sJ()
sI/deleg_I ! sI()
state_0
sK/ begin deleg_K ! sK; deleg_backup ! sK end
Default port behaviour:
Explicit port behaviour:
Iulian OBER, Iulia DRAGOMIR - OMEGA2 UML&AADL - March 24th 2010
Concurrency model
Lack of sharing & synchronization mechanisms# Ada-like protected objects (with functions and guarded entries)# Coherent with the activity group semantics# Rules to make them coherent with composite structures
A
b:B1 c:C1
d:D1 ´protectedª
!20
Iulian OBER, Iulia DRAGOMIR - OMEGA2 UML&AADL - March 24th 2010
Outline
Overview of OMEGA v1 - profile and tools
OMEGA v2 language extensionscomposite structures
concurrency model
Implementation in IFx2 and evaluation
Conclusions
21
Iulian OBER, Iulia DRAGOMIR - OMEGA2 UML&AADL - March 24th 2010
IFx2
Same overall architecturetranslation of models (XMI 2.x) to IF using Eclipse/UML
Principles and evaluationports and connectors handled as first class elements# dynamic routing for requests# allows for dynamically reconfiguring composite structures
offline partial-order reduction to reduce impact of routing actions on the size of the state space # state space explosion is not aggravated by new features
22
Iulian OBER, Iulia DRAGOMIR - OMEGA2 UML&AADL - March 24th 2010
Conclusions and future work
Simple but not simplistic profile for real-time software & systems modelling
fully defined operational semantics
simulation & verification toolset
# complementary to broader approaches such as MARTE
Tool & profile currently evaluated by ESA on realistic models
Current and future workformalize composite structures type system & prove type safety
improve profile & tool: SysML adaptations, improved integration and user experience, advanced diagnostics features, etc.
23