ARMADA Middleware and Communication Services

Real-time embedded systems have evolved during the past several decades from small custom-designed digital hardware to large distributed processing systems. As these systems become more complex, their interoperability, evolvability and cost-effectiveness requirements motivate the use of commercial-off-the-shelf components. This raises the challenge of constructing dependable and predictable real-time services for application developers on top of the inexpensive hardware and software components which has minimal support for timeliness and dependability guarantees. We are addressing this challenge in the ARMADA project.ARMADA is set of communication and middleware services that provide support for fault-tolerance and end-to-end guarantees for embedded real-time distributed applications. Since real-time performance of such applications depends heavily on the communication subsystem, the first thrust of the project is to develop a predictable communication service and architecture to ensure QoS-sensitive message delivery. Fault-tolerance is of paramount importance to embedded safety-critical systems. In its second thrust, ARMADA aims to offload the complexity of developing fault-tolerant applications from the application programmer by focusing on a collection of modular, composable middleware for fault-tolerant group communication and replication under timing constraints. Finally, we develop tools for testing and validating the behavior of our services. We give an overview of the ARMADA project, describing the architecture and presenting its implementation status.     

面向国产平台的程序并发性能分析技术

随着国产处理器和国产操作系统的逐步推广应用,越来越多的开发人员在国产平台下开发多线程程序.目前国产平台普遍采用的Qt Creator工具中缺乏可视化的并发性能分析工具,使得优化由于多线程同步/互斥和资源竞争带来的性能问题变得特别困难.设计一种Qt Creator下的并发性能分析方案,通过实时监控程序并发事件,采集程序运行过程中的并发性能数据,分析程序并发性能瓶颈和死锁原因,并以插件形式进行多视图数据显示.通过实验表明,该并发性能分析方案可以方便、快捷地辅助用户开发多线程并发程序,提高软件开发效率.     

A formal method for building concurrent real-time software

Developing concurrent real-time programs is one of computer science's greatest challenges. Not only is such software expensive to manufacture, but its role in safety-critical systems demands that it be correct. Formal methods of program specification and refinement could strengthen the mathematical precision used to develop such software. Nevertheless, formalisms that embrace both real-time and concurrency requirements are only just emerging. The Quartz method treats time and functional behavior with equal importance in the development process. The authors argue that by modeling program development in a unified framework, we can increase our confidence in the correctness of real-time concurrent code     

面向协作的软件开发环境及其构造方法

针对现有软件开发环境中,工具集成缺乏灵活的过程逻辑,开发者、工具、制品数据之间关系割裂的问题,提出了一种新的面向协作的软件开发环境—软件生产线,以及一种构造软件生产线的方法-软件生产线框架,详细阐述了软件生产线框架的组成部分,并给出了软件生产线的构造和使用方法。应用案例表明,软件生产线框架能够加快软件开发环境的构造,并...     

Certification of software for real-time safety-critical systems: state of the art

This paper presents an overview and discusses the role of certification in safety-critical computer systems focusing on software, and partially hardware, used in the civil aviation domain. It discusses certification activities according to RTCA DO-178B “Software Considerations in Airborne Systems and Equipment Certification” and touches on tool qualification according to RTCA DO-254 “Design Assurance Guidance for Airborne Electronic Hardware.” Specifically, certification issues as related to real-time operating systems and programming languages are reviewed, as well as software development tools and complex electronic hardware tool qualification processes are discussed. Results of an independent industry survey done by the authors are also presented.     

Automated test generation using model checking: an industrial evaluation

In software development, testers often focus on functional testing to validate implemented programs against their specifications. In safety-critical software development, testers are also required to show that tests exercise, or cover, the structure and logic of the implementation. To achieve different types of logic coverage, various program artifacts such as decisions and conditions are required to be exercised during testing. Use of model checking for structural test generation has been proposed by several researchers. The limited application to models used in practice and the state space explosion can, however, impact model checking and hence the process of deriving tests for logic coverage. Thus, there is a need to validate these approaches against relevant industrial systems such that more knowledge is built on how to efficiently use them in practice. In this paper, we present a tool-supported approach to handle software written in the Function Block Diagram language such that logic coverage criteria can be formalized and used by a model checker to automatically generate tests. To this end, we conducted a study based on industrial use-case scenarios from Bombardier Transportation AB, showing how our toolbox CompleteTest can be applied to generate tests in software systems used in the safety-critical domain. To evaluate the approach, we applied the toolbox to 157 programs and found that it is efficient in terms of time required to generate tests that satisfy logic coverage and scales well for most of the programs.     

CODAS:一个易扩展的静态代码缺陷分析服务

利用静态代码缺陷分析技术对软件进行早期缺陷检测,是提高软件质量的重要途径。静态代码缺陷分析工具(如FINDBUGS,JLINT,ESC/JAVA,PMD,COVERITY等)已经被证实可以成功地识别出大量的软件潜在缺陷[1-3]。然而,这类工具在可用性和有效性方面的不足严重限制了它们的进一步广泛使用。可用性不足包括a)每个独立缺陷检测工具只擅于检测特定类型的缺陷,需要配合使用才能全面检测缺陷;b)每个缺陷检测工具的安装、配置和运行占用了用户大量的时间、精力。有效性不足包括静态缺陷分析结果往往存在大量误报,并且会包括许多不重要的(不会引起程序员修复行为的)缺陷报告。为了解决上述问题,提出并构建了一个易扩展的"静态代码缺陷分析"服务(Code Defect Analysis Service,CODAS)。CODAS基于一个高度可扩展的架构设计,对多个独立的缺陷检测工具进行了封装和集成,并对缺陷检测报告进行了有效汇总和排序,从而充分发挥了各个独立工具的优势,大大提升了静态缺陷分析工具的可用性和有效性。     

Developing applications using model-driven design environments

Historically, software development methodologies have focused more on improving tools for system development than on developing tools that assist with system composition and integration. Component-based middleware like Enterprise Java-Beans (EJB), Microsoft .NET, and the CORBA Component Model (CCM) have helped improve software reusability through component abstraction. However, as developers have adopted these commercial off-the-shelf technologies, a wide gap has emerged between the availability and sophistication of standard software development tools like compilers and debuggers, and the tools that developers use to compose, analyze, and test a complete system or system of systems. As a result, developers continue to accomplish system integration using ad hoc methods without the support of automated tools. Model-driven development is an emerging paradigm that solves numerous problems associated with the composition and integration of large-scale systems while leveraging advances in software development technologies such as component-based middleware. MDD elevates software development to a higher level of abstraction than is possible with third-generation programming languages.     

Design and evaluation of the ModelHealth toolchain for continuity of care web services

Motivation: Systems interoperability is a key challenge in providing continuity of care to all patients. The challenge is addressed with information standards and new approaches to systems integration based on service-oriented architectures. Model-driven development promise utilities that are suitable for software service development in the healthcare domain, but development tools are still immature and their industry uptake is low. The knowledge about how model-driven development tools can become more useful to the healthcare software developers should be strengthened. Approach: This paper presents the ModelHealth toolchain that was created in four design/assess cycles, involving 28 students and 41 professional developers in the period 2007–2010. The toolchain provides design assistance for creating software services based on concepts from the CEN-13940 standard for continuity of care, which facilitates development of interoperable software services. Results: The CEN-13940 standard was successfully incorporated into the ModelHealth Toolchain assisting developers in creating software service design models that adhered to the standard. The developers expressed that improved understanding of the target system, documentation generation, and artifact traceability were essential utilities of the model-driven approach. Conclusion: The paper concludes healthcare domain knowledge can be successfully incorporated in a model-driven development toolchain, providing valuable input to the healthcare software service design process. A set of recommendations on how to incorporate domain specific concepts into model-driven development tools is provided. To our knowledge, no other scientific publications have reported from healthcare specific model-driven tool design and evaluations. Our recommendations extend and nuance existing knowledge on model-driven development tooling in general.     

Formal change impact analyses for emulated control software

Processor emulators are a software tool for allowing legacy computer programs to be executed on a modern processor. In the past emulators have been used in trivial applications such as maintenance of video games. Now, however, processor emulation is being applied to safety-critical control systems, including military avionics. These applications demand utmost guarantees of correctness, but no verification techniques exist for proving that an emulated system preserves the original system’s functional and timing properties. Here we show how this can be done by combining concepts previously used for reasoning about real-time program compilation, coupled with an understanding of the new and old software architectures. In particular, we show how both the old and new systems can be given a common semantics, thus allowing their behaviours to be compared directly.     

How are Java software developers using the Elipse IDE?

The Eclipse integrated development environment continues to gain popularity among Java developers. Our usage monitoring approach allows tool builders to sample how developers are using their tools in the wild. The data gathered about tool use can be used to prevent feature bloat and to evolve the environments according to user needs. Information about how developers work in a development environment can also provide a baseline for assessing new software development tools. We hope this report provides a start in defining which in formation to collect and distribute on an on going basis to help improve Eclipse and other similar platforms and tools.     

A formal verification framework for static analysis

Static analysis tools, such as resource analyzers, give useful information on software systems, especially in real-time and safety-critical applications. Therefore, the question of the reliability of the obtained results is highly important. State-of-the-art static analyzers typically combine a range of complex techniques, make use of external tools, and evolve quickly. To formally verify such systems is not a realistic option. In this work, we propose a different approach whereby, instead of the tools, we formally verify the results of the tools. The central idea of such a formal verification framework for static analysis is the method-wise translation of the information about a program gathered during its static analysis into specification contracts that contain enough information for them to be verified automatically. We instantiate this framework with costa, a state-of-the-art static analysis system for sequential Java programs, for producing resource guarantees and KeY, a state-of-the-art verification tool, for formally verifying the correctness of such resource guarantees. Resource guarantees allow to be certain that programs will run within the indicated amount of resources, which may refer to memory consumption, number of instructions executed, etc. Our results show that the proposed tool cooperation can be used for automatically producing verified resource guarantees.     

Visual debugging

We developed an approach that uses our innate visual pattern recognition skills as part of the debugging process. Inspired by Huang's (1996) use of color to visualize energy distributions while untangling knots, we represented the particles graphically and color-coded them by energy value. Thus far, we've applied this approach to three domains: particle systems, cluster hardware configurations, and physics codes using finite element models. This debugging paradigm differs from software or program visualization in that we don't visualize software elements such as procedures, message passing between processors, or graph-based representations of data structures. In most application domains developers that use algorithm visualization tools must make decisions about what kind of visualization would best represent their code, and they must, in effect, code this visualization in addition to their application. For many developers, the time investment is too great compared to their perceived benefit, so they return to a traditional debugging approach. We believe that restricting the application domain increases the ease of use of visual debuggers. However, we go one step further by creating a, visual tool tailored to a particular application domain that can use either captured data or simulation outputs and requires no coding effort on the part of the user.     

Software tools for safety-critical software development

We briefly present a software methodology for safety-critical software, developed over many years to cope with industrial safety-critical applications in the Canadian nuclear industry. Following this we present discussion on software tools that have been used to support this methodology, and software tools that could be used, but have not been used for a variety of reasons. Based on our experience, we also present and motivate a list of high-level requirements for tools that would facilitate the development of safety-critical software using the presented methods, together with a small number of tools that we believe are worth developing in the future.     

基于J2EE平台的信息化系统代码生成

企业信息系统在企业的经营管理中发挥着至关重要的作用,然而,在企业信息系统的开发过程中,存在着开发效率低下、系统架构不一致、开发周期长等问题.针对上述问题,设计了一种基于J2EE平台的信息化系统代码生成工具,开发人员只需要进行模型的可视化设计,由代码生成工具完成代码的生成.目前该代码生成工具已应用于实际的开发平台中,实践表明,代码生成工具的使用可以统一企业信息系统的开发架构,大幅度减少开发人员编写重复性代码的工作量,实现设计成果的复用和共享,提高企业信息系统开发的质量和效率.     

Taupe: Visualizing and analyzing eye-tracking data

Program comprehension is an essential part of any maintenance activity. It allows developers to build mental models of the program before undertaking any change. It has been studied by the research community for many years with the aim to devise models and tools to understand and ease this activity. Recently, researchers have introduced the use of eye-tracking devices to gather and analyze data about the developers’ cognitive processes during program comprehension. However, eye-tracking devices are not completely reliable and, thus, recorded data sometimes must be processed, filtered, or corrected. Moreover, the analysis software tools packaged with eye-tracking devices are not open-source and do not always provide extension points to seamlessly integrate new sophisticated analyses. Consequently, we develop the Taupe software system to help researchers visualize, analyze, and edit the data recorded by eye-tracking devices. The two main objectives of Taupe are compatibility and extensibility so that researchers can easily: (1) apply the system on any eye-tracking data and (2) extend the system with their own analyses. To meet our objectives, we base the development of Taupe: (1) on well-known good practices, such as design patterns and a plug-in architecture using reflection, (2) on a thorough documentation, validation, and verification process, and (3) on lessons learned from existing analysis software systems. This paper describes the context of development of Taupe, the architectural and design choices made during its development, and its documentation, validation and verification process. It also illustrates the application of Taupe in three experiments on the use of design patterns by developers during program comprehension.     

Process integration in CASE environments

Research in CASE environments has focused on two kinds of integration: tool and object. A higher level of integration, process integration, which represents development activities explicitly in a software process model to guide and coordinate development and to integrate tools and objects, is proposed. Process integration uses software process models (SPMs) a process driver, a tool set, and interfaces for both developers and managers to form the backbone of a process-driven CASE environment. The developer's interface, a working environment that lets developers enact an SPM, and the manager's interface which gives managers and analysts the tools to define, monitor, and control the SPMs that developers are working on concurrently are discussed. The Softman environment experiment, an implementation of process-driven CASE environments with existing CASE environments, is reviewed