Model based development Research Papers (original) (raw)
This paper describes first results from the AutoMoDe (Automotive Model-Based Development) project. The overall goal of the project is to develop an integrated methodology for model-based development of automotive control software, based... more
This paper describes first results from the AutoMoDe (Automotive Model-Based Development) project. The overall goal of the project is to develop an integrated methodology for model-based development of automotive control software, based on problem-specific design notations with an explicit formal foundation. Based on the existing AutoFOCUS framework [1], a tool prototype is being developed in order to illustrate and validate the key elements of our approach.
Forward Error Correction (FEC) plays an important role in today's Digital Communications Systems. This paper describes the design and implementation of the FEC, the (8,4) Block Coder and 8x8 Interleaver in a Binary Phase Shift Keying... more
Forward Error Correction (FEC) plays an important role in today's Digital Communications Systems. This paper describes the design and implementation of the FEC, the (8,4) Block Coder and 8x8 Interleaver in a Binary Phase Shift Keying Transceiver on a Model Based Development platform for a Software Defined Radio (SDR) system. Model Based Development is a new development process where the model of the communications systems is designed and developed in software such as Simulink / Matlab. Model Based Development process saves considerable amount of time in the form of design, implementation and testing.
We present a case study where a concept vehicle is remodeled using a new systems modeling approach, the EAST ADL (Architecture Description Language). EAST ADL is a language for modeling and development of software based systems. The... more
We present a case study where a concept vehicle is remodeled using a new systems modeling approach, the EAST ADL (Architecture Description Language). EAST ADL is a language for modeling and development of software based systems. The application domain is automotive software-based systems. The language has been developed within the project EAST-EEA by representatives of European automotive industries and academic research sites. EAST ADL supports modeling during all stages of development of vehicle functions; from function selection, through function specification, to implementation of a running system. The language further supports modeling of aspects orthogonal to software structure, such as requirements, behavior, validation, and verification. The FAR vehicle has been previously developed, using model based development. Within this paper we remodel the FAR vehicle using the EAST ADL. The new model ties together the various models, code and documentation in a consistent structure with clear relationships between entities.
Incomplete, inaccurate, ambiguous, and volatile requirements have plagued the software industry since its inception. The convergence of model-based develop- ment and formal methods ofiers developers of safety- critical systems a powerful... more
Incomplete, inaccurate, ambiguous, and volatile requirements have plagued the software industry since its inception. The convergence of model-based develop- ment and formal methods ofiers developers of safety- critical systems a powerful new approach for the early validation of requirements. This paper describes a case study conducted to determine if formal methods could be used to validate system requirements early in the lifecycle at reasonable cost. Several hundred functional and safety requirements for the mode logic of a typical Flight Guidance System were captured as natural lan- guage \shall" statements. A formal model of the mode logic was written in the RSML¡e language and trans- lated into the NuSMV model checker and the PVS the- orem prover using translators developed as part of the project. Each \shall" statement was manually translated into a NuSMV or PVS property and proven using these tools. Numerous errors were found in both the origi- nal requirements and ...
System safety analysis techniques are well established and are used extensively during the design of safety-critical systems. Despite this, most of the techniques are highly subjective and dependent on the skill of the practitioner. Since... more
System safety analysis techniques are well established and are used extensively during the design of safety-critical systems. Despite this, most of the techniques are highly subjective and dependent on the skill of the practitioner. Since these analyses are usually based on an informal system model, it is unlikely that they will be complete, consistent, and error free. In fact, the lack of precise models of the system architecture and its failure modes often forces the safety analysts to devote much of their effort to gathering architectural details about the system behavior from several sources and embedding this information in the safety artifacts such as the fault trees.
Driven by market needs and laws, automotive manufacturers develop ever more feature-rich and complex vehicles. This new functionality plays even an active role in driving, what poses many new challenges on assuring the safety of the... more
Driven by market needs and laws, automotive manufacturers develop ever more feature-rich and complex vehicles. This new functionality plays even an active role in driving, what poses many new challenges on assuring the safety of the vehicle. Safety cases constitute a proven technique to systematically use existing information about a system, its environment, and development context to show its safety.
This paper describes and demonstrates an approach that promises to bridge the gap between model-based systems engineering and the safety process of automotive embedded systems. The basis for this is the integration of safety analysis... more
This paper describes and demonstrates an approach that promises to bridge the gap between model-based systems engineering and the safety process of automotive embedded systems. The basis for this is the integration of safety analysis techniques, a method for developing and managing Safety Cases, and a systematic approach to model-based engineering – the EAST-ADL2 architecture description language. Three areas are highlighted: (1) System model development on different levels of abstraction. This enables fulfilling many requirements on software development as specified by ISO-CD-26262; (2) Safety Case development in close connection to the system model; (3) Analysis of mal-functional behaviour that may cause hazards, by modelling of errors and error propagation in a (complex and hierarchical) system model.
In system-level design, it is difficult to achieve a system verification which fulfils the requirements of various stakeholders using only descriptive system models. Descriptive system models using SysML alone are insufficient for system... more
In system-level design, it is difficult to achieve a system verification which fulfils the requirements of various stakeholders using only descriptive system models. Descriptive system models using SysML alone are insufficient for system behaviour verifications and engineers always use different simulation tools (e.g., the Mathworks Simulink or Modelica Dymola) to analyze systems behaviour. It is a good idea to combine descriptive and simulation models. This paper presents the development of a collaborative design framework which brings SysML, Simulink, and Simscape profiles within the domain of robotics. A conceptual design method is proposed to support execution models for simulation. In brief, the descriptive SysML system-level model is interpreted into the system-level simulation models (e.g., Simulink and Simscape). We then use a plugin-based model integration technique to keep both models in sync for automatic simulation. A simulation study is performed to evaluate the system. To illustrate the design of this system, we present a simulated closedloop system.
Within the software engineering community it is widely accepted that design patterns are very helpful to develop well-structured software. The same kind of support is expected of HCI-Patterns. In this paper we discuss an approach... more
Within the software engineering community it is widely accepted that design patterns are very helpful to develop well-structured software. The same kind of support is expected of HCI-Patterns. In this paper we discuss an approach integrating the usage of patterns into a model-based development process. A GUI-editor is presented that has been extended by features allowing the application instances of
The increasing complexity of distributed embedded systems, as found today in airplanes or cars, becomes more and more a critical cost-factor for their development. Model-based approaches have recently demonstrated their potential for both... more
The increasing complexity of distributed embedded systems, as found today in airplanes or cars, becomes more and more a critical cost-factor for their development. Model-based approaches have recently demonstrated their potential for both improving and accelerating (software) development processes. Therefore, in the project DECOS 1 , which aims at improving system architectures and development of distributed safetycritical embedded systems, an integrated, model-driven tool-chain is established, accompanying the system development process from design to deployment. This paper gives an overview of this tool-chain and outlines important design decisions and features.
This paper proposes a model-based lifecycle for the development of web services, which is based on two kinds of models, collaboration models and service ones. After agreeing upon a collaboration model, which is a public specification,... more
This paper proposes a model-based lifecycle for the development of web services, which is based on two kinds of models, collaboration models and service ones. After agreeing upon a collaboration model, which is a public specification, each party can work out a service model and then can turn it into a process written in an orchestration language such as BPEL. As the conceptual gap between a service model and its BPEL implementation is relevant, this paper is concerned with the automatic mapping of service models to BPEL processes, in line with model-based development. Moreover it discusses how to validate services with respect to collaboration models both at-design time and at run-time, and presents the bProgress software environment, which is made up of a number tools developed during this research.
Safety analysis techniques have traditionally been performed manually by the safety engineers. Since these analyses are based on an informal model of the system, it is unlikely that these analyses will be complete, consistent, and... more
Safety analysis techniques have traditionally been performed manually by the safety engineers. Since these analyses are based on an informal model of the system, it is unlikely that these analyses will be complete, consistent, and error-free. Using precise formal models of the system as the basis of the analysis may help reduce errors and provide a more thorough analysis. Further, these models allow automated analysis, which may reduce the manual effort required. The process of creating system models suitable for safety analysis closely parallels the model-based development process that is increasingly used for critical system and software development. By leveraging the existing tools and techniques, we can create formal safety models using tools that are familiar to engineers and we can use the static analysis infrastructure available for these tools. This paper reports our initial experience in using model-based safety analysis on an example system taken from the ARP Safety Assessment guidelines document.
This paper focuses on the major phases present in the development of critical software for UAS: design, development, testing and validation with flying experiments. A model-based approach is the backbone of all these development phases.... more
This paper focuses on the major phases present in the development of critical software for UAS: design, development, testing and validation with flying experiments. A model-based approach is the backbone of all these development phases. The presented approach enables the researchers or engineers to work over the whole development cycle with the same tools, and produces an improvement over the classical design cycle. The model-based approach is illustrated with the development of guidance, navigation and control algorithms applied to rotary-wing UAVs. The paper discusses several implementation issues, including the integration of a hardware in the loop (HWIL) test environment within the model-based development cycle. Finally, several simulations and experimental results for this application are shown.
To manage design complexity and provide verification tractability, models of complex cyber-physical systems are typically hierarchically organized into multiple abstraction layers. Formal reasoning about such systems, therefore, usually... more
To manage design complexity and provide verification tractability, models of complex cyber-physical systems are typically hierarchically organized into multiple abstraction layers. Formal reasoning about such systems, therefore, usually involves multiple modeling formalisms, verification paradigms, and associated tools. System properties verified using an abstract component specification in one paradigm must be shown to logically follow from properties verified-possibly using a different paradigm-on a more concrete component description. As component specifications at one layer of abstraction get elaborated into more concrete component descriptions at the next lower level, abstraction induced differences come to the fore; differences that have to be reconciled. In this paper, we present an approach to tie together distinct verification paradigms and reconcile these abstraction induced differences using a medical device cyber-physical system as an example. While the specifics are particular to the example at hand, we believe the techniques are applicable in similar situations for verifying cyber-physical system properties.
This paper reports on the Simulink/Stateflow based development of the on-board equipment of the Metrô Rio Automatic Train Protection system. Particular focus is given to the strategies followed to address formal weaknesses and... more
This paper reports on the Simulink/Stateflow based development of the on-board equipment of the Metrô Rio Automatic Train Protection system. Particular focus is given to the strategies followed to address formal weaknesses and certification issues of the adopted tool-suite. On the development side, constraints on the Simulink/Stateflow semantics have been introduced and design practices have been adopted to gradually achieve a formal model of the system. On the verification side, a two-phase approach based on model-based testing and abstract interpretation has been followed to enforce functional correctness and runtime error freedom. Formal verification has been experimented as a side activity of the project.
The paper describes a model-integrated approach for embedded software development that is based on domain-specific, multiple-view models used in all phases of the development process. Models explicitly represent the embedded software and... more
The paper describes a model-integrated approach for embedded software development that is based on domain-specific, multiple-view models used in all phases of the development process. Models explicitly represent the embedded software and the environment it operates in, and capture the requirements and the design of the application, simultaneously. Models are descriptive , in the sense that they allow the formal analysis, verification, and validation of the embedded system at design time. Models are also generative, in the sense that they carry enough information for automatically generating embedded systems using the techniques of program generators. Because of the widely varying nature of embedded systems, a single modeling language may not be suitable for all domains; thus, modeling languages are often domain-specific. To decrease the cost of defining and integrating domain-specific modeling languages and corresponding analysis and synthesis tools, the model-integrated approach is applied in a metamodeling architecture, where formal models of domain-specific modeling languages-called metamodels-play a key role in customizing and connecting components of tool chains. This paper discusses the principles and techniques of model-integrated embedded software development in detail, as well as the capabilities of the tools supporting the process. Examples in terms of real systems will be given that illustrate how the model-integrated approach addresses the physical nature, the assurance issues, and the dynamic structure of embedded software.
Abstract: Nowadays the development without model-based approaches are hardly imaginable, because models are not only closer to human thinking but also help the communication between developers. During a long development process the... more
Abstract: Nowadays the development without model-based approaches are hardly imaginable, because models are not only closer to human thinking but also help the communication between developers. During a long development process the initial model becames inconsistent with the code that can be synchronised manually or automatically by tools. Reverse engineering tools have been created to help developers achieving that the design and the implementation harmonize again. This work examines the importance of the model-based development and gives an overview of the state-of-the-art reverse engineering methods and tools. Round-trip engineering is a more advanced approach of software development than reverse engineering, because the changes that affect the design are made not in the code but in the model, hereby better software quality can be achieved.
System safety analysis techniques are well established and are used extensively during the design of safety-critical systems. Despite this, most of the techniques are highly subjective and dependent on the skill of the practitioner. Since... more
System safety analysis techniques are well established and are used extensively during the design of safety-critical systems. Despite this, most of the techniques are highly subjective and dependent on the skill of the practitioner. Since these analyses are usually based on an informal system model, it is unlikely that they will be complete, consistent, and error free. In fact, the lack of precise models of the system architecture and its failure modes often forces the safety analysts to devote much of their effort to finding undocumented details of the system behavior and embedding this information in the safety artifacts such as the fault trees.
The design of embedded systems is often based on the development of a detailed formal system specification. Considerable effort is spent to ensure the correctness of this specification. However, the actual implementation of the... more
The design of embedded systems is often based on the development of a detailed formal system specification. Considerable effort is spent to ensure the correctness of this specification. However, the actual implementation of the specification and later maintenance is usually done using traditional programming and tends to diverge from the specification. To avoid this, it is desirable to derive the implementation directly from the specification. We present an approach for model-based development of embedded systems applying a well-defined UML 2.0 subset with precise execution semantics. Our approach is fully object-oriented and accounts for important aspects like real-time behavior including timeouts and interrupts. Through the seamless integration of UML sequence diagrams with state transition diagrams, complete executable systems can be described. The direct execution of such models on a UML Virtual Machine (UVM) eliminates the separate implementation step and increases portability.
An integral use of the model driven development paradigm influences and changes an organization's software development division rather heavily. Such a paradigm reduces some tasks in complexity and costs, but also introduces new tasks and,... more
An integral use of the model driven development paradigm influences and changes an organization's software development division rather heavily. Such a paradigm reduces some tasks in complexity and costs, but also introduces new tasks and, if introduced seriously, has severe affects on activities and roles in the software development process. As the model becomes the most important development artifact, there are new challenges to the development team, e. g. assessing the model's quality, model partitioning and configuration management for distributed teams, setup of build management, tool chaining and tracing of information through the various artifacts. Organizations coping with model driven development need to successfully introduce new tools and new ways of thinking, they are challenged in adopting their processes and training their staff. This paper presents an ongoing research project on the assessment of the usability of modeling and model driven development at a global industrial organization with its headquarters in Germany. The matter of interest is the analysis of the usability of modeling (especially with the UML) and model driven development by accomplishing an empirical, quantitative survey.
In the model-based development context, metamodel-based languages are increasingly being defined and adopted either for general purposes or for specific domains of interest. However, meta-languages such as the MOF (Meta Object... more
In the model-based development context, metamodel-based languages are increasingly being defined and adopted either for general purposes or for specific domains of interest. However, meta-languages such as the MOF (Meta Object Facility)—combined with the OCL (Object Constraint Language) for expressing constraints—used to specify metamodels focus on structural and static semantics but have no built-in support for specifying behavioral semantics. This paper introduces a formal semantic framework for the definition of the semantics of metamodel-based languages. Using metamodelling principles, we propose several techniques, some based on the translational approach while others based on the weaving approach, all showing how the Abstract State Machine formal method can be integrated with current metamodel engineering environments to endow language metamodels with precise and executable semantics. We exemplify the use of our semantic framework by applying the proposed techniques to the OMG metamodelling framework for the behaviour specification of the Finite State Machines provided in terms of a metamodel.
Method validation is a process that demonstrates that a method will successfully meet or exceed the minimum standards recommended in the Food and Drug Administration (FDA) guidance for accuracy, precision, selectivity, sensitivity,... more
Method validation is a process that demonstrates that a method will successfully meet or exceed the minimum standards recommended in the Food and Drug Administration (FDA) guidance for accuracy, precision, selectivity, sensitivity, reproducibility, and stability. This article discusses the validation of bioanalytical methods for small molecules with emphasis on chromatographic techniques. We present current thinking on validation requirements as described in the current FDA Guidance and subsequent 2006 Bioanalytical Methods Validation Workshop white paper. *MS indicates mass spectrometry; MF, matrix factor; IS, internal standard; QC, quality control; LLOQ, lower limit of quantitation; ULOQ, upper limit of quantitation; CV, coeffi cient of variation; and RE, relative error.
Model-based development of embedded real-time systems is aimed at elevating the level of abstraction at which these systems are designed, analyzed, validated, coded and tested. The use of a coherent multi-dimensional model across all... more
Model-based development of embedded real-time systems is aimed at elevating the level of abstraction at which these systems are designed, analyzed, validated, coded and tested. The use of a coherent multi-dimensional model across all development phases enables model-based design to generate systems that are correct by construction. Even some commercial support is available for code generation from higher-level models. However, such code generation capabilities are usually limited to uniprocessor targets and to a limited range of operating environments. SysWeaver (previously called "Time Weaver") is a model-based development tool that includes a flexible "syscode" generation scheme for distributed real-time systems that can be easily tailored to a wide range of target platforms. In this paper, we present our work on creating an interoperable toolchain to automatically generate complete runtime code using models. The toolchain includes a simulation tool (Matlab) and its code generator (Embedded Coder) along with SysWeaver. In this chain, the functional aspects of the system are specified in Simulink, Matlab's modeling language, and translated into a SysWeaver model to be enhanced with timing information, the target hardware model and its communication dependencies. The final runtime code is then generated, automatically integrating the functional code generated with Embedded Coder and SysWeaver's syscode. This syscode includes OS interfacing and network communication code with predictable timing behavior that can be verified at design time. Experiments with multi-node targets with end-to-end timing constraints in an automotive system show that many aspects of syscode and functional code generation can be automated. To our knowledge, this is the first time that multi-node executables including communication messages, functional behaviors and para-functional properties have been automatically generated using a general platform-independent framework.
The Test Automation Framework (TAF) approach for model-based development and automatic test generation has been demonstrated to reduce cycle time by 50% and increase quality by eliminating requirement defects to reduce rework, and... more
The Test Automation Framework (TAF) approach for model-based development and automatic test generation has been demonstrated to reduce cycle time by 50% and increase quality by eliminating requirement defects to reduce rework, and automating test. The paper describes organizational best practices for applying model-based testing of requirement and design-based models, and describes concepts of model defect analysis, and test sequences used to verify dynamic systems. Lastly, it describes approaches for applying model-based test generation tools with test driver generation and code coverage tools to support verification of high integrity software-intensive systems.
The term "Model based design and development" has grown in popularity over the past decade. Within the embedded avionics community the term model based design implies the development and application of "control models and simulations"... more
The term "Model based design and development" has grown in popularity over the past decade. Within the embedded avionics community the term model based design implies the development and application of "control models and simulations" within tools such as MATLAB. At Honeywell, the authors have been engaged in model based development (MBD) and associated tools development for avionics applications. This position paper applies the lessons learned and discusses several issues, relating to sound modelbased design, to meet design assurance and certification objectives. The paper examines the dominant approaches utilized by some of the popular model-based design, code generation and verification tool suites available commercially. It contrasts these approaches to traditional software design, implementation, and verification methods. This paper also recommends taking a broader perspective of MBD and suggests adopting lessons learned from the classical software engineering arena. We discuss this together with areas for future investigation, standardization, and automation tool development and integration
Today, most projects are interdisciplinary. They require expertise from various domains like legal regulations, mechanical restrictions and software engineering. Digital engineering is a relatively new discipline, which aims at minimizing... more
Today, most projects are interdisciplinary. They require expertise from various domains like legal regulations, mechanical restrictions and software engineering. Digital engineering is a relatively new discipline, which aims at minimizing friction losses, when different disciplines meet each other.
Model-based development relies on the use of explicit models to describe development activities and products. Explicit process and product models allow the definition and use of complex development steps that are correct by design, the... more
Model-based development relies on the use of explicit models to describe development activities and products. Explicit process and product models allow the definition and use of complex development steps that are correct by design, the generation of proof obligations for a given transformation, requirements tracing, and documentation of the process. We argue that the concept of model-based development is orthogonal to a specific process, be it agile or rigorous. This work was in part supported by the DFG (projects KONDISK/IMMA, InOpSys, and Inkrea under reference numbers Be 1055/7-3, Br 887/16-1, and Br 887/14-1) and the DLR (project MOBASIS). for projections analysis, generation; as specification , refinements abstractions, increments, versions, configurations structure data function scheduling communication data function structure communication scheduling
In avionics and other critical systems domains, adequacy of test suites is currently measured using the MC/DC metric on source code (or on a model in model-based development). We believe that the rigor of the MC/DC metric is highly... more
In avionics and other critical systems domains, adequacy of test suites is currently measured using the MC/DC metric on source code (or on a model in model-based development). We believe that the rigor of the MC/DC metric is highly sensitive to the structure of the implementation and can therefore be misleading as a test adequacy criterion. We investigate this hypothesis by empirically studying the effect of program structure on MC/DC coverage.
A A P P P R R R O O O V V V A A A 1. Confira os campos N. o DE ORDEM, N. o DE INSCRIÇÃO e NOME, conforme o que consta na etiqueta fixada em sua carteira. 2. Confira se o número do gabarito deste caderno corresponde ao constante na... more
A A P P P R R R O O O V V V A A A 1. Confira os campos N. o DE ORDEM, N. o DE INSCRIÇÃO e NOME, conforme o que consta na etiqueta fixada em sua carteira. 2. Confira se o número do gabarito deste caderno corresponde ao constante na etiqueta fixada em sua carteira. Se houver divergência, avise, imediatamente, o fiscal. 3. É proibido folhear o caderno de provas antes do sinal, às 9 horas. 4. Após o sinal, confira se este caderno contém 40 questões objetivas (20 de cada matéria) e/ou qualquer tipo de defeito. Qualquer problema, avise, imediatamente, o fiscal. 5. O tempo mínimo de permanência na sala é de 1h e 30min após o início da prova. 6. No tempo destinado a esta prova (4 horas), está incluído o de preenchimento da Folha de Respostas. 7. Transcreva as respostas deste caderno para a Folha de Respostas. A resposta será a soma dos números associados às alternativas corretas. Para cada questão, preencha sempre dois alvéolos: um na coluna das dezenas e um na coluna das unidades, conforme exemplo ao lado: questão 13, resposta 09 (soma das alternativas 01 e 08). 8. Se desejar, transcreva as respostas deste caderno no Rascunho para Anotação das Respostas constante nesta prova e destaque-o, para retirá-lo hoje, nesta sala, no horário das 13h15min às 13h30min, mediante apresentação do documento de identificação do candidato. Após esse período, não haverá devolução. 9. Ao término da prova, levante o braço e aguarde atendimento. Entregue ao fiscal este caderno, a Folha de Respostas e o Rascunho para Anotação das Respostas.
Model-Driven Design (MDD) of cyber-physical systems advocates for design procedures that start with formal modeling of the real-time system, followed by the model's verification at an early stage. The verified model must then be... more
Model-Driven Design (MDD) of cyber-physical systems advocates for design procedures that start with formal modeling of the real-time system, followed by the model's verification at an early stage. The verified model must then be translated to a more detailed model for simulation-based testing and finally translated into executable code in a physical implementation. As later stages build on the same core model, it is essential that models used earlier in the pipeline are valid approximations of the more detailed models developed downstream. The focus of this effort is on the design and development of a model translation tool, UPP2SF, and how it integrates system modeling, verification, model-based WCET analysis, simulation, code generation and testing into an MDDbased framework. UPP2SF facilitates automatic conversion of verified timed automata-based models (in UPPAAL) to models that may be simulated and tested (in Simulink/Stateflow). We describe the design rules to ensure the conversion is correct, efficient and applicable to a large class of models. We show how the tool enables MDD of an implantable cardiac pacemaker. We demonstrate that UPP2SF preserves behaviors of the pacemaker model from UPPAAL to Stateflow. The resultant Stateflow chart is automatically converted into C and tested on a hardware platform for a set of requirements.
resource safety verification into a design methodology for development of verified and robust real-time embedded systems. Resource-related concerns are not closely linked with current xUML model-based software development although they... more
resource safety verification into a design methodology for development of verified and robust real-time embedded systems. Resource-related concerns are not closely linked with current xUML model-based software development although they are critical for embedded systems. We describe how to integrate resource analysis techniques into the early phase of an xUML-based development cycle. Our hybrid framework for resource safety verification combines static resource analysis and runtime monitoring. A case study based on an embedded controller for satellite simulation, TableSat, illustrates the benefits obtained by incorporating resource verification into design and combining static analysis and runtime monitoring.
On today's sharply competitive industrial market, engineers must focus on their core competencies to produce ever more innovative products, while also reducing development times and costs. This has further heightened the complexity of the... more
On today's sharply competitive industrial market, engineers must focus on their core competencies to produce ever more innovative products, while also reducing development times and costs. This has further heightened the complexity of the development process. At the same time, industrial systems, and specifically real-time embedded systems, have become increasingly software-intensive. New software development approaches and methods must therefore be found to free engineers from the even more complex technical constraints of development and to enable them to concentrate on their core business specialties. One emerging solution is to foster model-based development by defining modeling artifacts well-suited to their domain concerns instead of asking them to write code. However, model-driven approaches will be solutions to the previous issues only if models evolves from a contemplative role to a productive role within the development processes. In this context, model transformation is a key design paradigm that will foster this revolution. This paper is the result of discussions and exchanges that took place within the second edition of the workshop "UML&AADL" (http://www.artist-embedded.org/artist/Topics.html) thatwas hold in 2007 in Auckland, New Zealand, in conjunction with the ICECCS07 conference. The purpose of this workshop was to gather people of both communities from UML (including its domain specific extensions, with a focus on MARTE) and AADL (including its annexes) in order to foster sharing of results and experiments. More specially this year, the focus was on how both standards do subscribe to the model driven engineering paradigm, or to be more precise, how MDE may ease and foster the usage of both sets of standards for developing real-time embedded systems. This * Work founded by CNES and EADS Astrium Satellites
Recently, SysML has been adopted by the Object Management Group as a modelling language for Systems Engineering. SysML is a UML profile that represents a subset of UML 2 with extensions. A wide adoption of the language could be hindered... more
Recently, SysML has been adopted by the Object Management Group as a modelling language for Systems Engineering. SysML is a UML profile that represents a subset of UML 2 with extensions. A wide adoption of the language could be hindered by the lack of a methodology that drives the modelling activities.
Viewpoint modeling is currently seen as an effective technique for specifying complex software systems. However, having a set of independent viewpoints on a system is not enough. These viewpoints should be related, and these relationships... more
Viewpoint modeling is currently seen as an effective technique for specifying complex software systems. However, having a set of independent viewpoints on a system is not enough. These viewpoints should be related, and these relationships made explicit in order to count with a set of complete and consistent specifications. RM-ODP defines five complementary viewpoints for the specification of open distributed systems, and establishes correspondences between viewpoint elements. ODP correspondences provide statements that relate the various different viewpoint specifications, expressing their semantic relationships. However, ODP does not provide an exhaustive set of correspondences between viewpoints, nor defines any language or notation to represent such correspondences. In this paper we informally explore the use of MOF QVT for representing ODP correspondences in the context of ISO/IEC 19793, i.e., when the ODP viewpoint specifications of a system are represented as UML models. We initially show that QVT can be expressive enough to represent them, and discuss some of the issues that we have found when modeling ODP correspondences with QVT relations.
This paper describes and demonstrates an approach that promises to bridge the gap between model-based systems engineering and the safety process of automotive embedded systems. The basis for this is the integration of safety analysis... more
This paper describes and demonstrates an approach that promises to bridge the gap between model-based systems engineering and the safety process of automotive embedded systems. The basis for this is the integration of safety analysis techniques, a method for developing and managing Safety Cases, and a systematic approach to model-based engineering – the EAST-ADL2 architecture description language. Three areas are highlighted: (1) System model development on different levels of abstraction. This enables fulfilling many requirements on software development as specified by ISO-CD-26262; (2) Safety Case development in close connection to the system model; (3) Analysis of mal-functional behaviour that may cause hazards, by modelling of errors and error propagation in a (complex and hierarchical) system model.
In the model-based development context, metamodel-based languages are increasingly being defined and adopted either for general purposes or for specific domains of interest. However, meta-languages such as the MOF (Meta Object... more
In the model-based development context, metamodel-based languages are increasingly being defined and adopted either for general purposes or for specific domains of interest. However, meta-languages such as the MOF (Meta Object Facility)—combined with the OCL (Object Constraint Language) for expressing constraints—used to specify metamodels focus on structural and static semantics but have no built-in support for specifying behavioral semantics. This paper introduces a formal semantic framework for the definition of the semantics of metamodel-based languages. Using metamodelling principles, we propose several techniques, some based on the translational approach while others based on the weaving approach, all showing how the Abstract State Machine formal method can be integrated with current metamodel engineering environments to endow language metamodels with precise and executable semantics. We exemplify the use of our semantic framework by applying the proposed techniques to the OMG metamodelling framework for the behaviour specification of the Finite State Machines provided in terms of a metamodel.
System safety analysis techniques are well established and are used extensively during the design of safety-critical systems. Despite this, most of the techniques are highly subjective and dependent on the skill of the practitioner. Since... more
System safety analysis techniques are well established and are used extensively during the design of safety-critical systems. Despite this, most of the techniques are highly subjective and dependent on the skill of the practitioner. Since these analyses are usually based on an informal system model, it is unlikely that they will be complete, consistent, and error free. In fact, the lack of precise models of the system architecture and its failure modes often forces the safety analysts to devote much of their effort to finding undocumented details of the system behavior and embedding this information in the safety artifacts such as the fault trees.
Zusammenfassung: Wesentliche Aufgabe der Gestaltung eingebetteter Systeme ist die systematische Erarbeitung funktionaler Systemanforderungen und deren entsprechende Integration in die Umgebung des technischen Gesamtsystems.... more
Zusammenfassung: Wesentliche Aufgabe der Gestaltung eingebetteter Systeme ist die systematische Erarbeitung funktionaler Systemanforderungen und deren entsprechende Integration in die Umgebung des technischen Gesamtsystems. Herausforderung hierbei sind die vielfältigen Abstimmungsaufgaben für eine der Problemstellung angemessenen Systemspezifikation. Dazu definiert die hier vorgestellte modellbasierte Anforderungsanalyse und Systemdefinition mit dem RM-Werkzeug AutoRAID einen strukturierten Modellierungsansatz, der systematisch die zielorientierte Erarbeitung und Abstimmung der verschiedenen Anforderungen mithilfe grundlegender Systemsichten zu einer integrierten Spezifikation.
The paper describes a model-integrated approach for embedded software development that is based on domain-specific, multiple-view models used in all phases of the development process. Models explicitly represent the embedded software and... more
The paper describes a model-integrated approach for embedded software development that is based on domain-specific, multiple-view models used in all phases of the development process. Models explicitly represent the embedded software and the environment it operates in, and capture the requirements and the design of the application, simultaneously. Models are descriptive, in the sense that they allow the formal analysis, verification, and validation of the embedded system at design time. Models are also generative, in the sense that they carry enough information for automatically generating embedded systems using the techniques of program generators. Because of the widely varying nature of embedded systems, a single modeling language may not be suitable for all domains; thus, modeling languages are often domain-specific. To decrease the cost of defining and integrating domain-specific modeling languages and corresponding analysis and synthesis tools, the model-integrated approach is applied in a metamodeling architecture, where formal models of domain-specific modeling languages-called metamodels-play a key role in customizing and connecting components of tool chains. This paper discusses the principles and techniques of model-integrated embedded software development in detail, as well as the capabilities of the tools supporting the process. Examples in terms of real systems will be given that illustrate how the model-integrated approach addresses the physical nature, the assurance issues, and the dynamic structure of embedded software.
Testing is an essential, but time and resource consuming activity in the software development process. In the case of model-based development, among other subtasks test construction and test execution can be partially automated. Our paper... more
Testing is an essential, but time and resource consuming activity in the software development process. In the case of model-based development, among other subtasks test construction and test execution can be partially automated. Our paper describes the implementation of a test generator framework that uses an external model checker to construct test sequences. The possible configurations of the model checker are examined by measuring the efficiency of test construction in the case of different statechart models of event-driven embedded systems. The generated test cases are transformed and executed on common testing frameworks (JUnit, Rational Robot) and the effectiveness of tests are measured using code coverage metrics.
I recently read a paper about software engineering research, 1 and once again discovered that its author, Lionel Brand, had published "my" ideas before I wrote them. Thankfully, his writing often stimulates further thinking, and this was... more
I recently read a paper about software engineering research, 1 and once again discovered that its author, Lionel Brand, had published "my" ideas before I wrote them. Thankfully, his writing often stimulates further thinking, and this was no exception. His visionary thoughts on software engineering research started me thinking, but in terms of software engineering education rather than research. Briand wrote about the "paradox of being both highly relevant and increasingly underfunded and discredited." Personally, I've found that software engineering research gets more respect every year, although the funding is abysmally low, at least in the US. This article argues that software engineering is not given enough relevance or support in higher education. Research and Education I've been a researcher in software engineering for more than 25 years, but I've also been an educator. I taught my first software engineering course as a graduate student in 1985, a standard undergraduate survey course. I joined my current university, George Mason, in 1992, partly because it had a full MS program in software engineering that was distinct from computer science. I've led this large successful program since 2003 and helped create software engineering concentrations in our PhD program (2000) and in our undergraduate applied computer science program (2010). Along the way, I've created over a dozen new software engineering courses, many of which had never been taught anywhere and had to be designed without adequate textbooks or other materials. This wealth of experience in software engineering education lets me see things differently from many of my colleagues. Briand wrote a phrase that I've said many times: "Software engineering isn't a branch of computer science; it's an engineering discipline relying in part on computer science, in the same way that mechanical engineering relies on physics." Some of my colleagues respond by saying "well, of course," but many traditional CS professors think it's almost heretical. In this old-fashioned view, software engineering has always been part of computer science and always will be. But things change. This analogy has been 100 percent convincing to my colleagues in civil engineering, electrical engineering, and other traditional engineering disciplines.
This paper describes a six-year partnership between an academic department and a leading maker of softwaredependent medical devices. Central to the collaboration is a campus research laboratory, sponsored by the industrial partner. The... more
This paper describes a six-year partnership between an academic department and a leading maker of softwaredependent medical devices. Central to the collaboration is a campus research laboratory, sponsored by the industrial partner. The laboratory is a venue for software engineering graduate students, under faculty mentorship, to engage in applied and technology transfer-oriented research on safety-critical software technologies and practices. It provides a real-world learning environment that complements and enriches classroom experiences. The industry sponsor has direct access to the detailed results of the research and to well-prepared graduates who know their organization’s technology, engineering practices, challenges, and culture. A hallmark of the laboratory is student teams working under conditions that reflect a real-world industry environment (structured processes, schedules, presentations, and professional work products). The investigations focus on the implications of mod...
Volvo Car Corporation and the Royal Institiite of techno lo^^ initiated a joint project named FAR in October 2002. FAR stand.7 for Function and ARchitectrrre integration. There were 10 M.Sc. students in the project toking a special class.... more
Volvo Car Corporation and the Royal Institiite of techno lo^^ initiated a joint project named FAR in October 2002. FAR stand.7 for Function and ARchitectrrre integration. There were 10 M.Sc. students in the project toking a special class. The focus of the project nus the deve1011n:enl of a portable drive-hv-wire system using model based development and reference architectures. The deliveries from the prr,jecr were a tool chain for autornatic code generation from Matlab Siniulink models and a prototype vehicle in scale 15. The project wns ven, successful and the resfill was delivered to Volvo Cars in June 2003. The project deliveries have been frrrther developed at Volvo Cars.
Model Driven Software Development (MDSD) uses precisely defined domain specific models that are transformed into executable code by a sequence of model transformations. In this paper we present the research activities planned in year 2009... more
Model Driven Software Development (MDSD) uses precisely defined domain specific models that are transformed into executable code by a sequence of model transformations. In this paper we present the research activities planned in year 2009 by Real-Time Systems Lab, Darmstadt University of Technology, together with Siemens Industry, Nuernberg, that will investigate the applicability of MDSD concepts within the domain of automation engineering for production systems called Model Driven Automation Engineering (MDAE). A comparison of MDSD and MDAE characteristics points out our main working topics. We also present an application scenario, which will be used to demonstrate the MDAE usage in practice.