Architecture Modeling and Analysis for Embedded Systemslee/10cis541/lecs/lec-AADL-v1-1x2.pdfSoftware...
Transcript of Architecture Modeling and Analysis for Embedded Systemslee/10cis541/lecs/lec-AADL-v1-1x2.pdfSoftware...
Architecture Modeling and Analysis
for Embedded Systems
Insup Lee
Department of Computer and Information Science
School of Engineering and Applied Science
University of Pennsylvania
Originally Prepare by Oleg Sokolsky
Modified by Insup Lee for CIS 541, Spring 2010
Spring ‘10 CIS 541 2 of 40
Overview
Background
o Architecture description languages (ADL)
o Embedded and real-time systems
AADL: ADL for embedded systems
Analysis of embedded systems with AADL
Spring ‘10 CIS 541 3 of 40
Architecture vs. behavior
How it is constructed vs. what does it do?
Traditionally, behavior was considered more important
Spring ‘10 CIS 541 4 of 40
Software and hardware architectures
Software architecture:
o fundamental organization of a system, embodied in its
components,
o their relationships to each other and the environment,
and
o principles governing its design and evolution
Hardware architecture:
o Interfaces for attaching devices
o Instruction set architecture
Spring ‘10 CIS 541 5 of 40
Components, ports, and connections
Components are boxes with interfaces
Component interfaces described by ports:
o Control
o Data
o Resources
Connections establish control and data flows
The nature of components may be abstracted
o Hardware or software, or hybrid
Spring ‘10 CIS 541 6 of 40
Software/Hardware ADLs
Wright (for software)
o Connector-based: CSP connector semantics
o Configuration and evolution support
ACME (for software)
o Interchange format: weak semantics or constraint
enforcement, little analysis
MetaH (for software)
o Strong component semantics
o Specification of non-functional properties
UML/Marte (for software/hardware (?))
Spring ‘10 CIS 541 7 of 40
Overview
Background
o Architecture description languages
o Embedded and real-time systems
AADL: ADL for real-time systems
Analysis of embedded systems with AADL
Spring ‘10 CIS 541 8 of 40
Embedded system architectures
Both hardware and software aspects are important
o Increasingly distributed and heterogeneous
Tight resource and timing constraints
Multimodal behaviors
o Some components are active only in certain circumstances
E.g., fault recovery
Analysis is important
Spring ‘10 CIS 541 9 of 40
Real-time systems
The science of system development under resource
and timing constraints
o System is partitioned into a set of communicating tasks
o Tasks communicate with sensors, other tasks, and
actuators
Impose precedence constraints
s
s
s
Task 1
Task 2
Task 3
Task 4
a
a
Spring ‘10 CIS 541 10 of 40
Task execution
Tasks are invoked periodically or by events
o Must complete by a deadline
Tasks are mapped to processors
Tasks compete for shared resources
o Resource contention can violate timing constraints
dormant
running preempted
blocked invoked
invoke
complete
Spring ‘10 CIS 541 11 of 40
Real-time scheduling
Processor scheduling
o Task execution is preemptable
o Tasks assigned to the same processor are selected according
to priorities
o Priorities are assigned to satisfy deadlines
Static or dynamic
Resource scheduling
o Mutual exclusion
Often non-preemptable
o Correlated with processor scheduling
Spring ‘10 CIS 541 12 of 40
Overview
Background
o Architecture description languages
o Embedded and real-time systems
AADL: ADL for real-time systems
Analysis of embedded systems with AADL
Spring ‘10 CIS 541 13 of 40
AADL highlights
Architecture Analysis and Design Language
Oriented towards modeling embedded and real-time
systems
o Hardware and software components
o Control, data, and access connections
Formal execution semantics in terms of hybrid
automata
SAE standard AS-5506
Spring ‘10 CIS 541 14 of 40
Platform components
Processor
Memory
Bus
Device
AADL components
Software components
Thread
Thread group
Data
Subprogram
Process System components• Systemprocess
System
data
device
bus
processor
memorythread group
subroutine
thread
Spring ‘10 CIS 541 15 of 40
Component interfaces (types)
Features
o Points for external connections
E.g., data ports
Flows
o End-to-end internal connections
Properties
o Attributes useful for analysis
Spring ‘10 CIS 541 16 of 40
Component implementations
Internal structure of the component
o Subcomponents are type references
o Connections conform with flows in the type
o External features
conform with the
type
o Internal features
conform with
subcomponent
types
Spring ‘10 CIS 541 17 of 40
Features and connections
Communication
o Ports and port groups
o Port connections
Resource access
o Required and provided access
o Access connections
Control
o Subprogram features
o Parameter connections
Spring ‘10 CIS 541 18 of 40
Ports and port groups
Ports are typed
o Data component types
Ports are directional
o Input, output, or bi-directional
Synchronous or asynchronous communication
o Event, data, or event data ports
Input event and event data ports have queues
Input data ports have status flags for new data
Spring ‘10 CIS 541 19 of 40
Data components
Data component types represent data types
Data component type can have subprogram features
that represent access methods
Data component implementations can have data
subcomponents that represent internal data of an
object
Data component types can also be used as types of
data ports and connections
Spring ‘10 CIS 541 20 of 40
Thread components
Thread represents a sequential flow of control
o Can have only data as subcomponents
Threads are executable components
o Execution goes through a number of states
Active or inactive
o Behaviors are specified by hybrid automata
Spring ‘10 CIS 541 21 of 40
Suspended
Initialized
Thread
Inactive
Uninitialized
Thread
Active
DeactivateComplete:
ActiveIn
NewMode:
Terminate:
Terminated
Thread
Dispatch:
Complete:
Fault:Recovered:
InitializeComplete:
ActiveInInitMode:InactiveInInitMode:
InactiveInNewMode:
ActivateComplete:
FinalizeComplete:Thread State with
Source Code
Execution
Initialize
Activate
Deactivate
Finalize
Compute
Recover
Thread State
Repaired:
Active
Member of current
mode
Inactive
Not member of
current mode
Thread states
Spring ‘10 CIS 541 22 of 40
Thread Hybrid Automata
Spring ‘10 CIS 541 23 of 40
Thread properties
Dispatch protocol
o periodic, aperiodic, sporadic, or background
Period
o For periodic and sporadic threads
Execution time range and deadline
o for all execution states separately
(initialize, compute, activate, etc.)
Spring ‘10 CIS 541 24 of 40
Periodic threads are dispatched periodically
o Event arrivals are queued
Non-periodic threads are dispatched by incoming
events
Pre-declared ports
o Event in port Dispatch
If connected, all other events are queued
o Event out port Complete
Can implement precedence
T2T1
Thread dispatch
Complete
Dispatch100ms
Spring ‘10 CIS 541 25 of 40
Subprograms
Data subprograms are features of data components
Server subprograms are features of threads
Represent entry points in executable code
No static data
o External data access through parameter and access
connections
Data subprograms are called within a process
Server subprograms are called remotely
Spring ‘10 CIS 541 26 of 40
Other software components
Process
o Represents virtual address space
o Provides memory protection
Thread group
o Organization of threads within a process
o Can be recursive
Subprogram
o Represents entry points in executable code
o Calls can be local or remote
Spring ‘10 CIS 541 27 of 40
Platform components
Processor
o Abstraction of scheduling and execution
o May contain memory subcomponents
o Scheduling protocol, context switch times
Memory
o Size, memory protocol, access times
Bus
o Latency, bandwidth, message size
Example: Two Streams
Spring ‘10 CIS 541 28 of 40
Two Streams – AADL code
Spring ‘10 CIS 541 29 of 40
Spring ‘10 CIS 541 30 of 40
Port connections revisited
Event connections support n-n connectivity
Data connection support 1-n connectivity
o One incoming,
multiple outgoing
Spring ‘10 CIS 541 31 of 40
Port connections revisited
Semantic port connection
o Ultimate source to ultimate destination
Thread, processor, or device
Type checking of connections
o Directions and types must match
Spring ‘10 CIS 541 32 of 40
Immediate and delayed connections
Data connections between periodic threads
T1 T2
10ms 10ms
T1 T2
10ms 10ms
T2
T1
T2
T1
Spring ‘10 CIS 541 33 of 40
Component bindings
Software components are bound to platform
components
Binding mechanism:
o Properties specify allowed and actual bindings
Allows for exploration of design alternatives
data
memory
thread
processor bus
Spring ‘10 CIS 541 34 of 40
Putting it all together: systems
Hierarchical collection of components
memory
processor
processor
bus
Spring ‘10 CIS 541 35 of 40
Putting it all together: systems
A different perspective on the same system
memory
processor
processor
bus
Spring ‘10 CIS 541 36 of 40
Modes
Mode: Subset of components, connections, etc.
Modes represent alternative configurations
Compute
Estimate
fault
recover
Nominal
Degraded
recover fault
Spring ‘10 CIS 541 37 of 40
Mode Switch
Mode switch can be the ultimate source of an event
connection
Switch effects:
o Activate and deactivate threads
o Reroute connections
Switch can also be local to a thread
o Change thread parameters
Switch takes time:
o Threads need to be in a legal state
o Activation and deactivation take time
Spring ‘10 CIS 541 38 of 40
Overview
Background
o Architecture description languages
o Embedded and real-time systems
AADL: ADL for real-time systems
Analysis of embedded systems with AADL
Spring ‘10 CIS 541 39 of 40
Static architectural analysis
Type checking
o Types of connected ports
o Allowed bindings
o Do all connections have ultimate sources and destinations
Constraint checking
o Does the size of a memory component exceed the sizes
of data components bound to it?
Spring ‘10 CIS 541 40 of 40
Dynamic architectural analysis
Relies on thread semantics
Processor scheduling
processor
T1
Scheduling_protocol => RM
Period => 100ms
Compute_Deadline => 100ms
Compute_Execution_Time => [2ms,7ms]
T2
T3
Period => 35ms
Compute_Deadline => 35ms
Compute_Execution_Time => [1ms,5ms]
Period => 20ms
Compute_Deadline => 20ms
Compute_Execution_Time => [200us,500us]
RMA
tool
Spring ‘10 CIS 541 41 of 40
Dynamic architectural analysis
Advanced processor scheduling
processor
T1
T2
T3
Scheduling_protocol =>
Slack_Server
10ms
10ms
State space
exploration
Spring ‘10 CIS 541 42 of 40
Summary
Architectural modeling and analysis
o aids in design space exploration
o records design choices
o enforces architectural constraints
AADL
o Targets embedded systems
o Builds on well-established theory of RTS
o As a standard, encourages tool development