model-based x, virtual prototyping, 42, socs, sensor ... · model-based engineering and virtual...
TRANSCRIPT
Model-Based X, Virtual Prototyping,
42, SoCs, Sensor Networks, and Other Stories
Florence Maraninchiwww-verimag.imag.fr/˜maraninx
joint work with... the whole “synchronous” group
Verimag / University of Grenoble
14th SYNCHRONOpen Workshop on Synchronous Programming
Bamberg, november 26-30, 2007
Maraninchi (Verimag, Grenoble) MBX, VP, ... Synchron 07 1 / 45
Other Related Talks from
the VERIMAG Synchronous Group
Nicolas Halbwachs and Erwan Jahier: virtual prototyping inAADL and Lustre
Tayeb Bouhadiba: the model of components 42
Olivier Bezet: abstraction problems in virtual prototypes ofsensor networks
...
Maraninchi (Verimag, Grenoble) MBX, VP, ... Synchron 07 2 / 45
What you can (already) do with the synchronous language Lustre(Summary)
1 What you can (already) do with the synchronous language Lustre(Summary)
2 Model-Based Engineering and Virtual Prototyping
3 42, a Model of Components
4 Towards MBE and VP a la 42
5 Provocative Comments
Maraninchi (Verimag, Grenoble) MBX, VP, ... Synchron 07 3 / 45
What you can (already) do with the synchronous language Lustre(Summary)
Around Lustre...
compilation
1 task, no OSC Code
Lustre
Maraninchi (Verimag, Grenoble) MBX, VP, ... Synchron 07 4 / 45
What you can (already) do with the synchronous language Lustre(Summary)
Around Lustre...
Theorem ProversAbstract Interp.
SimulationInterp.
The systemits environmentIts safety prop.
Model-Checker
compilation
1 task, no OSC Code
Lustre
Maraninchi (Verimag, Grenoble) MBX, VP, ... Synchron 07 4 / 45
What you can (already) do with the synchronous language Lustre(Summary)
Around Lustre...
AutomaticTest
Theorem ProversAbstract Interp.
SimulationInterp.
The systemits environmentIts safety prop.
Model-Checker
compilation
1 task, no OSC Code
Lustre
Maraninchi (Verimag, Grenoble) MBX, VP, ... Synchron 07 4 / 45
What you can (already) do with the synchronous language Lustre(Summary)
Around Lustre...
Simulink/Stateflow
compilation
AutomaticTest
Theorem ProversAbstract Interp.
SimulationInterp.
The systemits environmentIts safety prop.
Model-Checker
compilation
1 task, no OSC Code
Lustre
Maraninchi (Verimag, Grenoble) MBX, VP, ... Synchron 07 4 / 45
What you can (already) do with the synchronous language Lustre(Summary)
Around Lustre...
SystemCSimulink/Stateflow
compilation
AutomaticTest
Theorem ProversAbstract Interp.
SimulationInterp.
The systemits environmentIts safety prop.
Model-Checker
compilation
1 task, no OSC Code
Lustre
Maraninchi (Verimag, Grenoble) MBX, VP, ... Synchron 07 4 / 45
What you can (already) do with the synchronous language Lustre(Summary)
Around Lustre...
for RTOS or TTAMulti-task code
SystemCSimulink/Stateflow
compilation
AutomaticTest
Theorem ProversAbstract Interp.
SimulationInterp.
The systemits environmentIts safety prop.
Model-Checker
compilation
1 task, no OSC Code
Lustre
Maraninchi (Verimag, Grenoble) MBX, VP, ... Synchron 07 4 / 45
What you can (already) do with the synchronous language Lustre(Summary)
Around Lustre...
Sensornetworks,
middleware(avionics,
space)
Modeling
for RTOS or TTAMulti-task code
SystemCSimulink/Stateflow
compilation
AutomaticTest
Theorem ProversAbstract Interp.
SimulationInterp.
The systemits environmentIts safety prop.
Model-Checker
compilation
1 task, no OSC Code
Lustre
Maraninchi (Verimag, Grenoble) MBX, VP, ... Synchron 07 4 / 45
What you can (already) do with the synchronous language Lustre(Summary)
Around Lustre...
Model−drivenfully automaticdevelopment(for a specific exec platform) for RTOS or TTA
Multi-task code
Simulink/Stateflow
compilation
Lustre
Maraninchi (Verimag, Grenoble) MBX, VP, ... Synchron 07 4 / 45
What you can (already) do with the synchronous language Lustre(Summary)
Around Lustre...
Lustre as an executablesemantics definitionformalism
or SMV
SystemCSimulink/Stateflow
compilation
Theorem ProversAbstract Interp.
The systemits environmentIts safety prop.
Model-Checker
Lustre
Maraninchi (Verimag, Grenoble) MBX, VP, ... Synchron 07 4 / 45
What you can (already) do with the synchronous language Lustre(Summary)
Around Lustre...
Virtual Prototyping
or ReactiveML
semantics−inside
Sensornetworks,
middleware(avionics,
space)
Modeling
AutomaticTest
SimulationInterp.
Lustre
Maraninchi (Verimag, Grenoble) MBX, VP, ... Synchron 07 4 / 45
What you can (already) do with the synchronous language Lustre(Summary)
Current Research Directions and
Industrial Collaborations
Language Design, Code Generation(Lustre, AOP, ...)
Formal Verification(Model-checking, abstractinterpretation)
Automatic Test-Case Generationfrom a Model of the Environment
Model-Driven and VirtualPrototyping with synchronouslanguages and/or engineeringlanguages (SystemC, Simulink, ...)
Component-Based Approaches
Past or OngoingProjects with:EsterelTechnologies,Polyspace, Airbus, SchneiderElectric, STMicroelectronics,Thomson, Astrium-EADS,Audi, Renault, RATP,FranceTelecom R&D, CoronisSystems, KeesDA, TTTech,DOCEA Power, ...+ Minalogic Partners
Maraninchi (Verimag, Grenoble) MBX, VP, ... Synchron 07 5 / 45
Model-Based Engineering and Virtual Prototyping
1 What you can (already) do with the synchronous language Lustre(Summary)
2 Model-Based Engineering and Virtual PrototypingGeneral (Simplified) PictureVirtual Prototyping with Transactional ModelsVirtual Prototyping of Sensor Networks with SynchronousLanguages and ToolsOn Abstraction and Faithfulness
3 42, a Model of Components
4 Towards MBE and VP a la 42
5 Provocative Comments
Maraninchi (Verimag, Grenoble) MBX, VP, ... Synchron 07 6 / 45
Model-Based Engineering and Virtual Prototyping General (Simplified) Picture
2 Model-Based Engineering and Virtual PrototypingGeneral (Simplified) PictureVirtual Prototyping with Transactional ModelsVirtual Prototyping of Sensor Networks with SynchronousLanguages and ToolsOn Abstraction and Faithfulness
Maraninchi (Verimag, Grenoble) MBX, VP, ... Synchron 07 7 / 45
Model-Based Engineering and Virtual Prototyping General (Simplified) Picture
Model-Based Eng. vs Virtual Prototyping
ModelsHigh−Level
Maraninchi (Verimag, Grenoble) MBX, VP, ... Synchron 07 8 / 45
Model-Based Engineering and Virtual Prototyping General (Simplified) Picture
Model-Based Eng. vs Virtual Prototyping
Implementation
ModelsHigh−Level
Maraninchi (Verimag, Grenoble) MBX, VP, ... Synchron 07 8 / 45
Model-Based Engineering and Virtual Prototyping General (Simplified) Picture
Model-Based Eng. vs Virtual Prototyping
(automatic)transformations
Comparisons
Implementation
ModelsHigh−Level
Maraninchi (Verimag, Grenoble) MBX, VP, ... Synchron 07 8 / 45
Model-Based Engineering and Virtual Prototyping General (Simplified) Picture
Model-Based Eng. vs Virtual Prototyping
Lustre
(plant+controller)
(Caspi et al., VERIMAG)An Example
Com
pila
tion
V&V
or for a TTACode for a RTOS,
Simulink
(automatic)transformations
Comparisons
Implementation
ModelsHigh−Level
Maraninchi (Verimag, Grenoble) MBX, VP, ... Synchron 07 8 / 45
Model-Based Engineering and Virtual Prototyping General (Simplified) Picture
Model-Based Eng. vs Virtual Prototyping
ModelsHigh−Level
Maraninchi (Verimag, Grenoble) MBX, VP, ... Synchron 07 8 / 45
Model-Based Engineering and Virtual Prototyping General (Simplified) Picture
Model-Based Eng. vs Virtual Prototyping
results
performance estimations, ...)(implem. parameters,
SimulatorModels
High−LevelExecutable
(+ non−func aspects)
Maraninchi (Verimag, Grenoble) MBX, VP, ... Synchron 07 8 / 45
Model-Based Engineering and Virtual Prototyping General (Simplified) Picture
Model-Based Eng. vs Virtual Prototyping
Example 1:Transaction−Level Modeling (TLM)of Systems−on−a−Chip (with SystemC)
results
performance estimations, ...)(implem. parameters,
SimulatorModels
High−LevelExecutable
(+ non−func aspects)
Maraninchi (Verimag, Grenoble) MBX, VP, ... Synchron 07 8 / 45
Model-Based Engineering and Virtual Prototyping General (Simplified) Picture
Model-Based Eng. vs Virtual Prototyping
Example 2:Virtual Prototyping of Sensor Networkswith NS, NAB, opnet, ...(modeling energy consumption)
results
performance estimations, ...)(implem. parameters,
SimulatorModels
High−LevelExecutable
(+ non−func aspects)
Maraninchi (Verimag, Grenoble) MBX, VP, ... Synchron 07 8 / 45
Model-Based Engineering and Virtual Prototyping General (Simplified) Picture
Model-Based Eng. plus Virtual Prototyping
Example 3 (FM et al., VERIMAG):(semantics inside, component−based)Virtual Prototyping of Sensor Networks(fine−grain modeling of energy consumption)
results
performance estimations, ...)(implem. parameters,
SimulatorModels
High−LevelExecutable
(+ non−func aspects)
Maraninchi (Verimag, Grenoble) MBX, VP, ... Synchron 07 8 / 45
Model-Based Engineering and Virtual Prototyping General (Simplified) Picture
Model-Based Eng. plus Virtual Prototyping
the ultimate goalNot necessarily
results
performance estimations, ...)(implem. parameters,
Simulator
(automatic)transformations
Comparisons
Implementation
ModelsHigh−LevelExecutable
(+ non−func aspects)
Maraninchi (Verimag, Grenoble) MBX, VP, ... Synchron 07 8 / 45
Model-Based Engineering and Virtual Prototyping Virtual Prototyping with Transactional Models
2 Model-Based Engineering and Virtual PrototypingGeneral (Simplified) PictureVirtual Prototyping with Transactional ModelsVirtual Prototyping of Sensor Networks with SynchronousLanguages and ToolsOn Abstraction and Faithfulness
Maraninchi (Verimag, Grenoble) MBX, VP, ... Synchron 07 9 / 45
Model-Based Engineering and Virtual Prototyping Virtual Prototyping with Transactional Models
The MINALOGIC/openTLM Context
A Minalogic project (90 person.year)open-source tools for transaction-level modeling of systems-on-a-chip.STMicroelectronics, Thomson, KeesDA, Orange-Silicomp,CEA-LETI, TIMA, INRIA, VERIMAG
STMicroelectronics + VERIMAG working group since 2002:3 PhDs, 1 starting 01/08some publications: EMSOFT’05, ACSD’05, J. DAES 06, FMCAD’06,FMICS’06, SPIN’07, DATE’08
Maraninchi (Verimag, Grenoble) MBX, VP, ... Synchron 07 10 / 45
Model-Based Engineering and Virtual Prototyping Virtual Prototyping with Transactional Models
The openTLM Context: Systems-on-a-Chip
RTLSynthesizable+
Cycle and Data Accurate+Slow Simulations−
Maraninchi (Verimag, Grenoble) MBX, VP, ... Synchron 07 11 / 45
Model-Based Engineering and Virtual Prototyping Virtual Prototyping with Transactional Models
The openTLM Context: Systems-on-a-Chip
TLM+ Early Available+ Fast Simulations− Not synthesizable
Bit Accurate, but:asynchronous,non−deterministic
No automatictransformations
RTLSynthesizable+
Cycle and Data Accurate+Slow Simulations−
Maraninchi (Verimag, Grenoble) MBX, VP, ... Synchron 07 11 / 45
Model-Based Engineering and Virtual Prototyping Virtual Prototyping with Transactional Models
Virtual Prototyping for other Systems
TLM+ Early Available+ Fast Simulations
Maraninchi (Verimag, Grenoble) MBX, VP, ... Synchron 07 12 / 45
Model-Based Engineering and Virtual Prototyping Virtual Prototyping with Transactional Models
Virtual Prototyping for other Systems
A Virtual Prototype of the Embedded Execution Platform
Main problems:−− Faithfulness of the model−− Automatic Testing of the Embedded Software
TLM+ Early Available+ Fast Simulations
Maraninchi (Verimag, Grenoble) MBX, VP, ... Synchron 07 12 / 45
Model-Based Engineering and Virtual Prototyping VP for sensor networks
2 Model-Based Engineering and Virtual PrototypingGeneral (Simplified) PictureVirtual Prototyping with Transactional ModelsVirtual Prototyping of Sensor Networks with SynchronousLanguages and ToolsOn Abstraction and Faithfulness
Maraninchi (Verimag, Grenoble) MBX, VP, ... Synchron 07 13 / 45
Model-Based Engineering and Virtual Prototyping VP for sensor networks
Sensor Networks and Energy Consumption
Several thousands of sensorscommuncating by radio + aspecial node connected to thenetwork (the sink).
Examples: detection of aradioactive cloud, ...
Maraninchi (Verimag, Grenoble) MBX, VP, ... Synchron 07 14 / 45
Model-Based Engineering and Virtual Prototyping VP for sensor networks
The node itself
a radio
a sensor
a CPU
a memory
a battery
Maraninchi (Verimag, Grenoble) MBX, VP, ... Synchron 07 15 / 45
Model-Based Engineering and Virtual Prototyping VP for sensor networks
The Structure of the Virtual Prototype
One node
PhysicalEnvironment
Sensor
RTC
Appli
Routing
Powe
rM
anag
.
MAC
Radio
(Topo)Channel
Perturb. Rand.
Maraninchi (Verimag, Grenoble) MBX, VP, ... Synchron 07 16 / 45
Model-Based Engineering and Virtual Prototyping VP for sensor networks
The Structure of the Virtual Prototype
One node
Environment(night/ day...)
Battery(init.E)
E. Sum
RTC
Radio
MAC
Mem.CPU
Sensor
Powe
rM
anag
.Charge mode
charging
PhysicalEnvironment
Sensor
RTC
Appli
Routing
Powe
rM
anag
.
MAC
Radio
(Topo)Channel
Perturb. Rand.
Maraninchi (Verimag, Grenoble) MBX, VP, ... Synchron 07 16 / 45
Model-Based Engineering and Virtual Prototyping VP for sensor networks
The Structure of the Virtual Prototype
One node
Environment(night/ day...)
Battery(init.E)
E. Sum
RTC
Radio
MAC
Mem.CPU
Sensor
Powe
rM
anag
.Charge mode
charging
PhysicalEnvironment
Sensor
RTC
Appli
Routing
Powe
rM
anag
.
MAC
Radio
(Topo)Channel
Perturb. Rand.
a4
b3
A discrete Energymodel
Maraninchi (Verimag, Grenoble) MBX, VP, ... Synchron 07 16 / 45
Model-Based Engineering and Virtual Prototyping VP for sensor networks
The Structure of the Virtual Prototype
One node
Environment(night/ day...)
Battery(init.E)
E. Sum
RTC
Radio
MAC
Mem.CPU
Sensor
Powe
rM
anag
.Charge mode
charging
PhysicalEnvironment
Sensor
RTC
Appli
Routing
Powe
rM
anag
.
MAC
Radio
(Topo)Channel
Perturb. Rand.coderealThe
Maraninchi (Verimag, Grenoble) MBX, VP, ... Synchron 07 16 / 45
Model-Based Engineering and Virtual Prototyping VP for sensor networks
The Structure of the Virtual Prototype
One node
Environment(night/ day...)
Battery(init.E)
E. Sum
RTC
Radio
MAC
Mem.CPU
Sensor
Powe
rM
anag
.Charge mode
charging
PhysicalEnvironment
Sensor
RTC
Appli
Routing
Powe
rM
anag
.
MAC
Radio
(Topo)Channel
Perturb. Rand.
A discretized
model of thenon−deterministic
physicalenvironment
Maraninchi (Verimag, Grenoble) MBX, VP, ... Synchron 07 16 / 45
Model-Based Engineering and Virtual Prototyping VP for sensor networks
The Structure of the Virtual Prototype
All these modelsare expressedin the sameMoCC(synchronousparallelism)
One node
Environment(night/ day...)
Battery(init.E)
E. Sum
RTC
Radio
MAC
Mem.CPU
Sensor
Powe
rM
anag
.Charge mode
charging
PhysicalEnvironment
Sensor
RTC
Appli
Routing
Powe
rM
anag
.
MAC
Radio
(Topo)Channel
Perturb. Rand.
Maraninchi (Verimag, Grenoble) MBX, VP, ... Synchron 07 16 / 45
Model-Based Engineering and Virtual Prototyping VP for sensor networks
Comments (1)
This virtual prototype (written in ReactiveML + Lurette, thanks toL. Mandel, P.Raymond, E. Jahier) is quite precise:
It contains the ”real” code (a ReactiveML re-implementation ofthe C protocols)
The energy models are taken from the documentation of theproviders (the radio, the CPU, ...)
The model of the physical environment is given in someoperational way (a generator of stimuli)
The model of the radio channel is taken from the literature onnetworks (a precise one, with fading and shadowing, not thesimple ”disk” model)
We simulate the asynchrony between the nodes
Maraninchi (Verimag, Grenoble) MBX, VP, ... Synchron 07 17 / 45
Model-Based Engineering and Virtual Prototyping VP for sensor networks
Comments (2)
Energy consumption is associated with ”states” in the energy modelsof all the hardware pieces 6= energy associated with abstract eventslike ”a message reaches the sink”
Stimuli on the sensors are spatially and temporally correlated, hencemore realistic than independent Poisson Laws on the sensors
The complete model is too complex to be analysed in full details, butsome abstractions can be derived from this very precise model.
Maraninchi (Verimag, Grenoble) MBX, VP, ... Synchron 07 18 / 45
Model-Based Engineering and Virtual Prototyping On Abstraction and Faithfulness
2 Model-Based Engineering and Virtual PrototypingGeneral (Simplified) PictureVirtual Prototyping with Transactional ModelsVirtual Prototyping of Sensor Networks with SynchronousLanguages and ToolsOn Abstraction and Faithfulness
Maraninchi (Verimag, Grenoble) MBX, VP, ... Synchron 07 19 / 45
Model-Based Engineering and Virtual Prototyping On Abstraction and Faithfulness
Models are Necessarily Abstract (see J.-L. Borges)
...In that Empire, the craft of Cartography attained such Perfectionthat the Map of a Single province covered the space of an entire City,and the Map of the Empire itself an entire Province. In the course ofTime, these Extensive maps were found somehow wanting, and sothe College of Cartographers evolved a Map of the Empire that wasof the same Scale as the Empire and that coincided with it point forpoint. Less attentive to the Study of Cartography, succeedingGenerations came to judge a map of such Magnitude cumbersome,and, not without Irreverence, they abandoned it to the Rigours of sunand Rain. In the western Deserts, tattered Fragments of the Map arestill to be found, Sheltering an occasional Beast or beggar; in thewhole Nation, no other relic is left of the Discipline of Geography.
Maraninchi (Verimag, Grenoble) MBX, VP, ... Synchron 07 20 / 45
Model-Based Engineering and Virtual Prototyping On Abstraction and Faithfulness
Abstraction vs Faithfulness
(see also: talk by O. Bezet)
The realsystem
A Faithful model... for hiking or ridingbut not so good for driving
Maraninchi (Verimag, Grenoble) MBX, VP, ... Synchron 07 21 / 45
Model-Based Engineering and Virtual Prototyping On Abstraction and Faithfulness
Abstraction vs Faithfulness
Real System
AbAbstract Model
Faithfulnessproblem
Maraninchi (Verimag, Grenoble) MBX, VP, ... Synchron 07 22 / 45
Model-Based Engineering and Virtual Prototyping On Abstraction and Faithfulness
Abstraction vs Faithfulness
Very precise(operational)
modelFaithfulness
Problem
are possibleComparisons
Real System
AbAbstract Model
Faithfulnessproblem
Maraninchi (Verimag, Grenoble) MBX, VP, ... Synchron 07 22 / 45
Model-Based Engineering and Virtual Prototyping On Abstraction and Faithfulness
Modular Worst-Case Energy Consumed (SLAP’07)
The complete model of a sensor network is far too complex tobe analysed as a whole. Hence we need abstractions, and theyshould be modular.
A notion of precision in energy models, captured by an order:M1 ≤M2. The evaluation of this order for two given energymodels should be made automatic (with approximate verificationmethods).
A pre-congruence property, for all composition operators op usedin the model: M1 ≤M2 =⇒ ∀M . op(M ,M1)≤ op(M ,M2). Thisproperty has to be proved by hand, once and for all. Highlydepends on the separation between function and energy.
Maraninchi (Verimag, Grenoble) MBX, VP, ... Synchron 07 23 / 45
Model-Based Engineering and Virtual Prototyping On Abstraction and Faithfulness
The Lego Principle
Globally: A model M
A B
a/c
b 53
Maraninchi (Verimag, Grenoble) MBX, VP, ... Synchron 07 24 / 45
Model-Based Engineering and Virtual Prototyping On Abstraction and Faithfulness
The Lego Principle
...
Maraninchi (Verimag, Grenoble) MBX, VP, ... Synchron 07 24 / 45
Model-Based Engineering and Virtual Prototyping On Abstraction and Faithfulness
The Lego Principle
Globally: A model M ′ more precise then M
4
10
10 tf
B1
B2
3 bA
a/c
b 2 tf
Maraninchi (Verimag, Grenoble) MBX, VP, ... Synchron 07 24 / 45
42, a Model of Components
1 What you can (already) do with the synchronous language Lustre(Summary)
2 Model-Based Engineering and Virtual Prototyping
3 42, a Model of ComponentsContext, Motivations and Related Work42 in a Nutshell
4 Towards MBE and VP a la 42
5 Provocative Comments
Maraninchi (Verimag, Grenoble) MBX, VP, ... Synchron 07 25 / 45
42, a Model of Components Context, Motivations and Related Work
3 42, a Model of ComponentsContext, Motivations and Related Work42 in a Nutshell
Maraninchi (Verimag, Grenoble) MBX, VP, ... Synchron 07 26 / 45
42, a Model of Components Context, Motivations and Related Work
42, Model-Based X, Virtual Prototyping...
(see also: talk by T. Bouhadiba)
42 is a tool for reasoning on what MBX and VP mean for embeddedsystems, looking at several applications domains and domain-specificmethods:
Embedded Control (Simulink, synchronous formalisms)
Systems-on-a-chip (Transaction-Level Modeling, SystemC)
Sensor Networks (VP with NS, opnet, dedicated simulators,lanugaes from the synchronous family)
Maraninchi (Verimag, Grenoble) MBX, VP, ... Synchron 07 27 / 45
42, a Model of Components Context, Motivations and Related Work
42 aims at enforcing the FAMAPASAP Principle
The “Forget As Much As Possible As Soon As Possible” principle:
Closing the box as soon as possible
Identifying the component data and control ports that have tobe exposed
Giving a precise specification of the components with protocols
Maraninchi (Verimag, Grenoble) MBX, VP, ... Synchron 07 28 / 45
42, a Model of Components Context, Motivations and Related Work
An Example Embedded System with Components
Maraninchi (Verimag, Grenoble) MBX, VP, ... Synchron 07 29 / 45
42, a Model of Components Context, Motivations and Related Work
An Example Embedded System with Components
Each processcan be programmedin a component−basedframework
several processes
Hardware IP’s(components)
On a processor:
A real−time OS +
Maraninchi (Verimag, Grenoble) MBX, VP, ... Synchron 07 29 / 45
42, a Model of Components Context, Motivations and Related Work
Main Sources of Inspiration (1)
ptolemy.eecs.berkeley.edu
Components are actors, assembled with wires
A director defines how they behave together.A director implements a MoC.
Hierarchic framework
∃ a lot of available MoCsMaraninchi (Verimag, Grenoble) MBX, VP, ... Synchron 07 30 / 45
42, a Model of Components Context, Motivations and Related Work
Main Sources of Inspiration (2)
Modeling heterogeneous systems with Synchronous Lgs
Lustre model : formal semantics + executability(All MoCs are encoded into the synchronous one,using additional signals)
A Lustre programthat models 2processors, eachof them runninga scheduler and 2threads.“Virtual Execution
of AADL Models
via a Translation
into Synchronous
Programs”,
EMSOFT’07
Maraninchi (Verimag, Grenoble) MBX, VP, ... Synchron 07 31 / 45
42, a Model of Components 42 in a Nutshell
3 42, a Model of ComponentsContext, Motivations and Related Work42 in a Nutshell
Maraninchi (Verimag, Grenoble) MBX, VP, ... Synchron 07 32 / 45
42, a Model of Components 42 in a Nutshell
42 in a Nutshell: a Basic Component
Data PortsInput Output
InputControl Ports
Control PortsOutput
Data Ports
id1id2id3
ic1 ic2
od1od2od3
oc1 oc2
Maraninchi (Verimag, Grenoble) MBX, VP, ... Synchron 07 33 / 45
42, a Model of Components 42 in a Nutshell
42 in a Nutshell: a Basic Component
a=id1.get();b=id2.get();od1.set(f(a,b));oc1.set(false);
where the componentis used
atomic in any context
For ic1 :
internal memory
terminatingatomic
step
Data PortsInput Output
InputControl Ports
Control PortsOutput
Data Ports
id1id2id3
ic1 ic2
od1od2od3
oc1 oc2
Maraninchi (Verimag, Grenoble) MBX, VP, ... Synchron 07 33 / 45
42, a Model of Components 42 in a Nutshell
42 in a Nutshell: Assembling Components
Maraninchi (Verimag, Grenoble) MBX, VP, ... Synchron 07 34 / 45
42, a Model of Components 42 in a Nutshell
42 in a Nutshell: Assembling Components
output portinput portic, oc
Comp
Comp
CompC
CompD
B
A
Maraninchi (Verimag, Grenoble) MBX, VP, ... Synchron 07 34 / 45
42, a Model of Components 42 in a Nutshell
42 in a Nutshell: Assembling Components
a
c
e
d
b
f
output portinput portic, oc
Comp
Comp
CompC
CompD
B
A
Maraninchi (Verimag, Grenoble) MBX, VP, ... Synchron 07 34 / 45
42, a Model of Components 42 in a Nutshell
42 in a Nutshell: Assembling Components
The controller:
a
c
e
d
b
f
output portinput portic, oc
Comp
Comp
CompC
CompD
B
A
Maraninchi (Verimag, Grenoble) MBX, VP, ... Synchron 07 34 / 45
42, a Model of Components 42 in a Nutshell
42 in a Nutshell: Assembling Components
The controller:− dialogs with ABCD (ic, oc)
a
c
e
d
b
f
output portinput portic, oc
Comp
Comp
CompC
CompD
B
A
Maraninchi (Verimag, Grenoble) MBX, VP, ... Synchron 07 34 / 45
42, a Model of Components 42 in a Nutshell
42 in a Nutshell: Assembling Components
The controller:
− Manages memoryfor a, b, c, d, e, f
− dialogs with ABCD (ic, oc)
a
c
e
d
b
f
output portinput portic, oc
Comp
Comp
CompC
CompD
B
A
Maraninchi (Verimag, Grenoble) MBX, VP, ... Synchron 07 34 / 45
42, a Model of Components 42 in a Nutshell
42 in a Nutshell: Assembling Components
The controller:
− defines glob. ic, oc, id, od
Maraninchi (Verimag, Grenoble) MBX, VP, ... Synchron 07 34 / 45
42, a Model of Components 42 in a Nutshell
42 in a Nutshell: the Controller
(in some imperative style language, could also be
constraint-based, ...)
Controller is
var m : bool = true ;
for X do : {m a, m b, m c: FIFO(1,int);
m d, m e, m f: FIFO(4,int);
if (m) {m a.put ; // reads i1
m a.get ; D.z ; m f.put ; m f.get ;
A.u; m b.put; m d.put;
m b.get; B.v; m = m or p ;
m c.put ; m c.get ;//defines o1
m d.get ; C.w ; m e.put ;
C.y ; m e.put ;
m e.get ; D.k ; m e.get ;
D.k ; m = ! m ;
} else { ... }yy = true ;
}
Comp
Comp
CompC
CompD
B
A
a
c
e
d
b
output portinput port
fic, oc
u
w
z
Controller v
y
o1
i1
x
Maraninchi (Verimag, Grenoble) MBX, VP, ... Synchron 07 35 / 45
42, a Model of Components 42 in a Nutshell
Component Protocols and Checking Assemblages
od2od1
op op2
ctl
id1id2
related work: OO protocols, circuit sequential “don’t cares”, circular
assume/guarantee rules, Signal clock+data specifications, ...
Maraninchi (Verimag, Grenoble) MBX, VP, ... Synchron 07 36 / 45
42, a Model of Components 42 in a Nutshell
Component Protocols and Checking Assemblages
200 1
op
* Sequential constraints (final states define the macro−steps)
op2
od2od1
op op2
ctl
id1id2
related work: OO protocols, circuit sequential “don’t cares”, circular
assume/guarantee rules, Signal clock+data specifications, ...
Maraninchi (Verimag, Grenoble) MBX, VP, ... Synchron 07 36 / 45
42, a Model of Components 42 in a Nutshell
Component Protocols and Checking Assemblages
(id1 and id2)
(od1)
* Data dependencies
200 1
op
* Sequential constraints (final states define the macro−steps)
op2
od2od1
op op2
ctl
id1id2
related work: OO protocols, circuit sequential “don’t cares”, circular
assume/guarantee rules, Signal clock+data specifications, ...
Maraninchi (Verimag, Grenoble) MBX, VP, ... Synchron 07 36 / 45
42, a Model of Components 42 in a Nutshell
Component Protocols and Checking Assemblages
/x:=ctl
* Control information(stored for further use in this automaton)
(id1 and id2)
(od1)
* Data dependencies
200 1
op
* Sequential constraints (final states define the macro−steps)
op2
od2od1
op op2
ctl
id1id2
related work: OO protocols, circuit sequential “don’t cares”, circular
assume/guarantee rules, Signal clock+data specifications, ...
Maraninchi (Verimag, Grenoble) MBX, VP, ... Synchron 07 36 / 45
42, a Model of Components 42 in a Nutshell
Component Protocols and Checking Assemblages
(id1 and IF x THEN id2)
(IF not x THEN od2)
* Conditional data expressions
/x:=ctl
* Control information(stored for further use in this automaton)
(id1 and id2)
(od1)
* Data dependencies
200 1
op
* Sequential constraints (final states define the macro−steps)
op2
od2od1
op op2
ctl
id1id2
related work: OO protocols, circuit sequential “don’t cares”, circular
assume/guarantee rules, Signal clock+data specifications, ...
Maraninchi (Verimag, Grenoble) MBX, VP, ... Synchron 07 36 / 45
Towards MBE and VP a la 42
1 What you can (already) do with the synchronous language Lustre(Summary)
2 Model-Based Engineering and Virtual Prototyping
3 42, a Model of Components
4 Towards MBE and VP a la 42
5 Provocative Comments
Maraninchi (Verimag, Grenoble) MBX, VP, ... Synchron 07 37 / 45
Towards MBE and VP a la 42
A Problem
A team looking at:An avionics execution platform(buses, several CPUs, some ofthem running RTOS, sensors,actuators)and implementation problems(taking C code for individual tasks)
Others teams looking at:SCADE or Lustre or SAO (CAS)descriptions of individual tasks,eventually compiled into C
the system-level view,need for VP (at least) and gluegeneration
Provider of SW components, to beused in some (implicit) intendedcontext of use
Maraninchi (Verimag, Grenoble) MBX, VP, ... Synchron 07 38 / 45
Towards MBE and VP a la 42
A Problem
A team looking at:An avionics execution platform(buses, several CPUs, some ofthem running RTOS, sensors,actuators)and implementation problems(taking C code for individual tasks)
Others teams looking at:SCADE or Lustre or SAO (CAS)descriptions of individual tasks,eventually compiled into C
the system-level view,need for VP (at least) and gluegeneration
Provider of SW components, to beused in some (implicit) intendedcontext of use
Maraninchi (Verimag, Grenoble) MBX, VP, ... Synchron 07 38 / 45
Towards MBE and VP a la 42
Current Practise
−− mapping tasks−CPUs−− glue code
Manually done:
for the OS
Implementation
The HW platform(CPUs, bus, ...)
Ccode
SCADE, C, SAO, ...
Maraninchi (Verimag, Grenoble) MBX, VP, ... Synchron 07 39 / 45
Towards MBE and VP a la 42
42 as the system-level description language
The HW platform(CPUs, bus, ...)
A 42 system−leveldescription.
Maraninchi (Verimag, Grenoble) MBX, VP, ... Synchron 07 39 / 45
Towards MBE and VP a la 42
42 as the system-level description language
The HW platform(CPUs, bus, ...)
SCADE,C,SAO,...
TLM−likemodeling task
42ized
codeC
A 42 MoCexpressing: a SW component
runs on a HW component
A 42 system−leveldescription.
Maraninchi (Verimag, Grenoble) MBX, VP, ... Synchron 07 39 / 45
Towards MBE and VP a la 42
42 as the system-level description language
A 42 system−leveldescription.
Maraninchi (Verimag, Grenoble) MBX, VP, ... Synchron 07 39 / 45
Towards MBE and VP a la 42
42 as the system-level description language
ExecutionVirtual Prototype
A 42 system−leveldescription.
Maraninchi (Verimag, Grenoble) MBX, VP, ... Synchron 07 39 / 45
Towards MBE and VP a la 42
42 as the system-level description language
Automaticglue−code generation
The HW platform(CPUs, bus, ...)
A 42 system−leveldescription.
Maraninchi (Verimag, Grenoble) MBX, VP, ... Synchron 07 39 / 45
Towards MBE and VP a la 42
To be Done...
42-ization of the TLM principles(mimicking SystemC behaviour, or not)
Invent the 42 MoC that means:a SW component runs on a HW component
Choose a realistic execution platform and model it
Understand the manual implementation method (relies onpatterns for a quite restrictive class of execution platforms)
Mimick the manual method with some automatic generationmethod
Apply this to a case-study (with a SystemC model of theexecution platform because we don’t have the real HW!)
Maraninchi (Verimag, Grenoble) MBX, VP, ... Synchron 07 40 / 45
Provocative Comments
1 What you can (already) do with the synchronous language Lustre(Summary)
2 Model-Based Engineering and Virtual Prototyping
3 42, a Model of Components
4 Towards MBE and VP a la 42
5 Provocative Comments
Maraninchi (Verimag, Grenoble) MBX, VP, ... Synchron 07 41 / 45
Provocative Comments
Provocative Comment (1)
Forget about non executable models
Choice is between:
Start from executable models, then abstract them (possibly turningthem into non-deterministic models) and formalize their MoC(Simulink, SystemC, opnet, synchronous languages used as modelinglanguages, ...)
vs
Define high-level non executable (and semantically loose) models andthen try to “animate” them (defining the semantics as a side-effect)(UML, AADL, SysML, ...)
Maraninchi (Verimag, Grenoble) MBX, VP, ... Synchron 07 42 / 45
Provocative Comments
Provocative Comment (2)
Making everything automatic: no hope!
A model of the application SW +A model of the execution platform (HW+OS)=⇒ magic =⇒An implementation, including a mapping of the SW onto the HW
Instead: Design an abstract model of a class of execution platformsand use it for:— VP together with the SW part— Dedicated implementation generation algorithms
Maraninchi (Verimag, Grenoble) MBX, VP, ... Synchron 07 43 / 45
Provocative Comments
Provocative Comment (2)
Making everything automatic: no hope!
A model of the application SW +A model of the execution platform (HW+OS)=⇒ magic =⇒An implementation, including a mapping of the SW onto the HW
Instead: Design an abstract model of a class of execution platformsand use it for:— VP together with the SW part— Dedicated implementation generation algorithms
Maraninchi (Verimag, Grenoble) MBX, VP, ... Synchron 07 43 / 45
Provocative Comments
Provocative Comment (3)
The main problem is in MoCCs, not languages or
The language semantic problem is the easy part
We don’t really need more languages, but we need to understand theMoCCs behind the existing ones.We need MoCCs for system-level-descriptions (HW, SW, OS,physical environments, ...)
Maraninchi (Verimag, Grenoble) MBX, VP, ... Synchron 07 44 / 45