Modeling and simulation-driven development of embedded real-time systems

The design and development of embedded hard real-time (RT) systems is one of the complex development practices, because of the requirements of criticality and timeliness of these systems. One critical aspect of RT systems is the production of output before specified deadline. Formal methods are promising in dealing with the design issues of these applications, although they do not scale well for complex systems. Instead, Modeling and Simulation (M&S) provides a cost-effective approach to verify the design and implementation details of very Complex RT applications. M&S methods provide dynamic and risk-free testing environments to verify different scenarios, and they are used for feasibility analysis and verification of such systems. Nevertheless, the simulation models are usually discarded in the later phases of the development.We present the application of an M&S-based method referred to as DEVSRT (Discrete EVent System Specifications in Real-Time) to solve the discontinuity between the simulation models and the final embedded application, in this paper. DEVSRT defines explicit deadline notation for DEVS transitions, draws a clear mapping between DEVS transitions and real-time tasks and provides a formal method and tool for integration of simulation models with the associated hardware components.     

Design verification in model-based?��-controller development using an abstract component

Component-based software development is a promising approach for controlling the complexity and quality of software systems. Nevertheless, recent advances in quality control techniques do not seem to keep up with the growing complexity of embedded software; embedded systems often consist of dozens to hundreds of software/hardware components that exhibit complex interaction behavior. Unanticipated quality defects in a component can be a major source of system failure. To address this issue, this paper suggests a design verification approach integrated into the model-driven, component-based development methodology Marmot. The notion of abstract components—the basic building blocks of Marmot—helps to lift the level of abstraction, facilitates high-level reuse, and reduces verification complexity by localizing verification problems between abstract components before refinement and after refinement. This enables the identification of unanticipated design errors in the early stages of development. This work introduces the Marmot methodology, presents a design verification approach in Marmot, and demonstrates its application on the development of a μ-controller-based abstraction of a car mirror control system. An application on TinyOS shows that the approach helps to reuse models as well as their verification results in the development process.     

Building enterprise reuse program

Reuse is viewed as a realistically effective approach to solving software crisis. For an organization that wants to build a reuse program, technical and non-technical issues must be considered in parallel. In this paper, a model-based approach to building systematic reuse program is presented. Component-based reuse is currently a dominant approach to software reuse. In this approach, building the right reusable component model is the first important step. In order to achieve systematic reuse, a set of component models should be built from different perspectives. Each of these models will give a specific view of the components so as to satisfy different needs of different persons involved in the enterprise reuse program. There already exist some component models for reuse from technical perspectives. But less attention is paid to the reusable components from a non-technical view, especially from the view of process and management. In our approach, a reusable component model—FLP model for reusable component—is introduced. This model describes components from three dimensions (Form, Level, and Presentation) and views components and their relationships from the perspective of process and management. It determines the sphere of reusable components, the time points of reusing components in the development process, and the needed means to present components in terms of the abstraction level, logic granularity and presentation media. Being the basis on which the management and technical decisions are made, our model will be used as the kernel model to initialize and normalize a systematic enterprise reuse program.     

FORM: A feature-;oriented reuse method with domain-;specific reference architectures

Systematic discovery and exploitation of commonality across related software systems is a fundamental technical requirement for achieving successful software reuse. By examining a class/family of related systems and the commonality underlying those systems, it is possible to obtain a set of reference models, i.e., software architectures and components needed for implementing applications in the class. FORM (Feature-;Oriented Reuse Method) supports development of such reusable architectures and components (through a process called the “domain engineering”) and development of applications using the domain artifacts produced from the domain engineering. FORM starts with an analysis of commonality among applications in a particular domain in terms of services, operating environments, domain technologies, and implementation techniques. The model constructed during the analysis is called a “feature” model, and it captures commonality as an AND/OR graph, where AND nodes indicate mandatory features and OR nodes indicate alternative features selectable for different applications. Then, this model is used to define parameterized reference architectures and appropriate reusable components instantiatable during application development. Architectures are defined from three different viewpoints (subsystem, process, and module) and have intimate association with the features. The subsystem architecture is used to package service features and allocate them to different computers in a distributed environment. Each subsystem is further decomposed into processes considering the operating environment features. Modules are defined based on the features on domain technology and implementation techniques. These architecture models that represent an architecture at different levels of abstraction are derived from the feature hierarchy captured in the feature model. Modules serve as basis for creating reusable components, and their specification defines how they are integrated into the application (e.g., as-;is integration of pre-;coded component, instantiation of parameterized templates, and filling-;in skeletal codes). Our experiences have shown that for the electronic bulletin board and the private branch exchange (PBX) domains, “features” make up for a common domain language and the main communication medium among application users and developers. Thus, the feature model well represents a “decision space” of software development, and is a good starting point for identifying candidate reusable components.     

嵌入式系统可信虚拟化技术的研究与应用

嵌入式系统在生活中的应用日益广泛,传统的安全增强手段已无法有效应对各种安全问题,增强嵌入式系统的安全性成为目前亟需解决的问题。为提高嵌入式系统及其应用程序的安全性,结合嵌入式系统的虚拟化技术与可信计算技术,设计并实现基于虚拟TCM的可信计算平台框架,实现了虚拟TCM和基于虚拟TCM的可信增强技术,提出并实现了一个基于虚拟TCM的会话认证方法,将信任链从硬件操作系统层扩展到了虚拟域的应用软件层。实验结果表明,虚拟TCM与物理TCM相结合能够有效保证嵌入式系统、虚拟域和应用程序的安全可信。     

A formal approach to adaptive software: continuous assurance of non-functional requirements

Modern software systems are increasingly requested to be adaptive to changes in the environment in which they are embedded. Moreover, adaptation often needs to be performed automatically, through self-managed reactions enacted by the application at run time. Off-line, human-driven changes should be requested only if self-adaptation cannot be achieved successfully. To support this kind of autonomic behavior, software systems must be empowered by a rich run-time support that can monitor the relevant phenomena of the surrounding environment to detect changes, analyze the data collected to understand the possible consequences of changes, reason about the ability of the application to continue to provide the required service, and finally react if an adaptation is needed. This paper focuses on non-functional requirements, which constitute an essential component of the quality that modern software systems need to exhibit. Although the proposed approach is quite general, it is mainly exemplified in the paper in the context of service-oriented systems, where the quality of service (QoS) is regulated by contractual obligations between the application provider and its clients. We analyze the case where an application, exported as a service, is built as a composition of other services. Non-functional requirements—such as reliability and performance—heavily depend on the environment in which the application is embedded. Thus changes in the environment may ultimately adversely affect QoS satisfaction. We illustrate an approach and support tools that enable a holistic view of the design and run-time management of adaptive software systems. The approach is based on formal (probabilistic) models that are used at design time to reason about dependability of the application in quantitative terms. Models continue to exist at run time to enable continuous verification and detection of changes that require adaptation.     

Automatic synthesis and verification of real-time embedded software for mobile and ubiquitous systems

Currently available application frameworks that target the automatic design of real-time embedded software are poor in integrating functional and non-functional requirements for mobile and ubiquitous systems. In this work, we present the internal architecture and design flow of a newly proposed framework called Verifiable Embedded Real-Time Application Framework (VERTAF), which integrates three techniques namely software component-based reuse, formal synthesis, and formal verification. Component reuse is based on a formal unified modeling language (UML) real-time embedded object model. Formal synthesis employs quasi-static and quasi-dynamic scheduling with multi-layer portable efficient code generation, which can output either real-time operating systems (RTOS)-specific application code or automatically generated real-time executive with application code. Formal verification integrates a model checker kernel from state graph manipulators (SGM), by adapting it for embedded software. The proposed architecture for VERTAF is component-based which allows plug-and-play for the scheduler and the verifier. The architecture is also easily extensible because reusable hardware and software design components can be added. Application examples developed using VERTAF demonstrate significantly reduced relative design effort as compared to design without VERTAF, which also shows how high-level reuse of software components combined with automatic synthesis and verification increases design productivity.     

Analyzing and visualizing information flow in heterogeneous component-based software systems

Context: Component-based software engineering is aimed at managing the complexity of large-scale software development by composing systems from reusable parts. To understand or validate the behavior of such a system, one needs to understand the components involved in combination with understanding how they are configured and composed. This becomes increasingly difficult when components are implemented in various programming languages, and composition is specified in external artifacts. Moreover, tooling that supports in-depth system-wide analysis of such heterogeneous systems is lacking.Objective: This paper contributes a method to analyze and visualize information flow in a component-based system at various levels of abstraction. These visualizations are designed to support the comprehension needs of both safety domain experts and software developers for, respectively, certification and evolution of safety-critical cyber-physical systems.Method: We build system-wide dependence graphs and use static program slicing to determine all possible end-to-end information flows through and across a system’s components. We define a hierarchy of five abstractions over these information flows that reduce visual distraction and cognitive overload, while satisfying the users’ information needs. We improve on our earlier work to provide interconnected views that support both systematic, as well as opportunistic navigation scenarios.Results: We discuss the design and implementation of our approach and the resulting views in a prototype tool called FlowTracker. We summarize the results of a qualitative evaluation study, carried out via two rounds of interview, on the effectiveness and usability of these views. We discuss a number of improvements, such as more selective information presentations, that resulted from the evaluation.Conclusion: The evaluation shows that the proposed approach and views are useful for understanding and validating heterogeneous component-based systems, and address information needs that could earlier only be met by manual inspection of the source code. We discuss lessons learned and directions for future work.     

Identifying and qualifying reusable software components

Identification and qualification of reusable software based on software models and metrics is explored. Software metrics provide a way to automate the extraction of reusable software components from existing systems, reducing the amount of code that experts must analyze. Also, models and metrics permit feedback and improvement to make the extraction process fit a variety of environments. Some case studies are described to validate the experimental approach. They deal with only the identification phase and use a very simple model of a reusable code component, but the results show that automated techniques can reduce the amount of code that a domain expert needs to evaluate to identify reusable parts     

Towards multilaterally secure computing platforms—with open source and trusted computing

We present a security architecture for a trustworthy open computing platform that aims at solving a variety of security problems of conventional platforms by an efficient migration of existing operating system components, a Security Software Layer (PERSEUS), and hardware functionalities offered by the Trusted Computing technology. The main goal is to provide multilateral security, e.g., protecting users' privacy while preventing violations of copyrights. Hence the proposed architecture includes a variety of security services such as secure booting, trusted GUI, secure installation/update, and trusted viewer. The design is flexible enough to support a wide range of hardware platforms, i.e., PC, PDA, and embedded systems. The proposed platform shall serve as a basis for implementing a variety of innovative business models and distributed applications with multilateral security.     

基于TCM的嵌入式可信终端系统设计

针对目前各种嵌入式终端的安全需求,借鉴普通安全PC中TPM的应用情况,结合操作系统微内核技术,提出一种嵌入式可信终端设计方案,该方案基于可信根TCM,实现了自启动代码、操作系统到上层应用程序的"自下而上"的可信链传递,适用于嵌入式终端的安全应用.最后,通过设计一个试验系统,重点阐述了可信启动的具体实现步骤,并分析了因此带来的性能变化.     

3D virtual apparel design for industrial applications

The integration of physics-based models within CAD systems for garment design leads to highly accurate cloth shape results for virtual prototyping and quality evaluation tasks. To this aim, we present a physics-based system for virtual cloth design and simulation expressly conceived for design purposes. This environment should allow the designer to validate her/his style and design option through the analysis of garment virtual prototypes and simulation results in order to reduce the number and role of physical prototypes. Garment shapes are accurately predicted by including material properties and external interactions through a particle-based cloth model embedded in constrained Newtonian dynamics with collision management, extended to complex-shaped assembled and finished garments. Our model is incorporated within a 3D graphical environment, and includes operators monitoring the whole design process of apparel, e.g. panel sewing, button/dart insertion, multi-layered fabric composition, garment finishings, etc. Applications and case studies are considered, with analysis of CAD modelling phases and simulation results concerning several male and female garments.     

Trustworthy ICs for secure embedded computing

The design of secure and trusted embedded systems has recently drawn enormous attention from system-design practitioners. A secure system is only as strong as the weakest link. Therefore, any security functions implemented in an embedded system must be considered in both hardware and software, at all design abstraction levels, in communications between components, and in the manufacturing phase. In addition, these implementations are subject to typical power, performance, and cost constraints of consumer embedded systems. This issue of IEEE Design & Test features a special issue on Design and Test of Integrated Circuits for Secure Embedded Computing.     

Limited context semantic translation from a single knowledge-base for a natural language and structuring metarules

The article introduces an experimental system which produces multilingual semantic translations from relatively short texts from a given context. The system was conceived as an investigation instrument whose characteristics are the following: —the elaboration of a single analyzer and generator able to receive, in the form of data, specific information concerning national language, within the limits of a given area of application; —the use of exclusively semantic internal representation, whose formation is derived from “frames” (an object is defined as a list of “attribute-value” couples, permitting recursion); —a single knowledge-base is used for each natural language as initial data (the grammar transmitted was of a semantic-syntacticatn type); —the structure of grammar used in computer language processing being rarely as well adapted to analysis as to generation, the system itself is provided with the possibility of transforming and reorganizing the information for more efficient use at one stage of processing (thus, theatns are used directly in analysis, whereas for the purposes of generation they are “explored” and their information reorganized); —to produce a text, the use of general structuring principles (independent of language) are experimented with. These principles are given in the form of metarules. The application of these metarules to the restructured grammar of a natural language produces specific structuration rules, peculiar to this language. Although the system was conceived for any conceptual area or language, the present knowledge-base of the system (the experimental support) is based on a collection of elementary exercises in three-dimensional geometry written in Rumanian and in French. She does research in the CNRS group C.F. Picard headed by Professor Pitrat, University of Paris 6.     

A prototyping language for real-time software

PSDL is a language for describing prototypes of real-time software systems. It is most useful for requirements analysis, feasibility studies, and the design of large embedded systems. PSDL has facilities for recording and enforcing timing constraints, and for modeling the control aspects of real-time systems using nonprocedural control constraints, operator abstractions, and data abstractions. The language has been designed for use with an associated prototyping methodology. PSDL prototypes are executable if supported by a software base containing reusable software components in an underlying programming language (e.g. Ada)     

基于协作式客户机/服务器系统的可复用构架

文章通过一个协作式客户机/服务器软件系统的实例阐明了设计不同系统体系可复用扩展软件构架的一种方法。笔者提出的构架,将使用构架描述语言进行定义,通过软件复用的三个层次(独立于应用域的,领域特有的和应用特有的),有机地组织起来。构架由可复用领域的特定黑盒构架模式和可扩展领域的特定白盒构架模式组成。文章重点阐述了软件构架中复用的不同层次以及构架如何实现扩展。     

软件构件的可信保证研究

近年来，可信构件的研究逐渐引起软件工程领域的重视。可信构件研究与应用的目标是为了给基于构件的软件工程（CⅨ汇）提供坚实的基础，而方法就是通过扩展与完善可信重用的软件构件（可信构件）库。构件的可信来源于可信保障技术的应用，如：契约设计的使用、正确性的数学证明、软件测试、详细的代码走查、基于度量的评估、实际项目的验证、严格的变更管理等。本文通过分析可信构件研究的若干领域，总结出构件可信性的3个角度，探讨了可信构件研究的不足之处，并分析其原因。作为总结，给出了可信构件领域研究需要解决的若干问题。     

A formal framework for modeling and validating Simulink diagrams

Simulink has been widely used in industry to model and simulate embedded systems. With the increasing usage of embedded systems in real-time safety-critical situations, Simulink becomes deficient to analyze (timing) requirements with high-level assurance. In this article, we apply Timed Interval Calculus (TIC), a real-time specification language, to complement Simulink with TIC formal verification capability. We elaborately construct TIC library functions to model Simulink library blocks which are used to compose Simulink diagrams. Next, Simulink diagrams are automatically transformed into TIC models which preserve functional and timing aspects. Important requirements such as timing bounded liveness can be precisely specified in TIC for whole diagrams or some components. Lastly, validation of TIC models can be rigorously conducted with a high degree of automation using a generic theorem prover. Our framework can enlarge the design space by representing environment properties to open systems, and handle complex diagrams as the analysis of continuous and discrete behavior is supported.     

Research issues in testing business components

The advantages of migrating from traditional monolithic business applications to reusable object-based business components (self-contained software that carries out a certain business task) are well documented. A business system assembled from reusable components is argued to be highly reliable since these components have been tested and used in many other business applications. However, all possible uses of components are not known at design and construction stage. Additionally, integration testing is needed as components are assembled to make business application systems. Component-based software development requires that testing issues be addressed adequately. In this paper, we explore testing related issues in business components and in particular, business application systems that are made by integrating these components. An integration test strategy for business component application systems is proposed.     

Development of Domestic Programming Technology

This article considers the evolution of computer systems technologies on the way to the automation and creation of assembly lines. It presents fundamentals and objects of a technology of programming and assembling (composition of) complex systems from reusable resources (modules, objects, components, and services) that are configured in the form of variant structures of software systems assembled on production lines of software factories.