Project P

Model compiler for safety-critical systems

PROJECT
P
Model Compilers
for Safety-Critical Systems

Matteo Bordin

bordin@adacore.com


Industrial context
• A modern model-driven engineering process involves
– Multiple departments & cultures: system, control, software

– Multiple domain-specific languages (co-engineering)

• Need for
– Lightweight collaboration between departments

– Assurance when translating models to source code

– Model-based analysis taking into account multiple modeling view-
points (co-verification)

2


Introducing Project P

• Support the development of qualifiable model compilers
– Models are precise/refined enough for code generation

– From heterogeneous models (Simulink, UML, MARTE, …)

– Qualifiable in DO-178 sense (development tool, TQL1)

– Tunable with incremental certification support

– With verification of model-based integration

• Two R&D dimensions
Improvements over
– Model compilation state-of-the-art

– Agile/lean qualification process

3

Positioning the P toolset (DO-178C terminology)

• Conformity
Specification • Verifiability
Model • Accuracy & Consistency
• Compatibility

Design
Model
• Compliance
• Traceability
• Accuracy
• Consistency
• Compliance
Src Code
• Robustness

Executable

4


Introducing Project P (II)

User languages

Pivot formalism
An intermediate internal
representation

Code
Verification
Generation

5


Why a pivot formalism?
Clear semantics & execution model
No semantic variation point
User languages Minimal
No syntactic sugar

Covers multiple viewpoints
Pivot formalism (behavior, architecture, data, …)
An intermediate internal Separation of concerns
representation
Optimized code generation

Verification of consistency
Code (integration/allocation of
Verification heterogeneous models)
Generation
Support for scenario-based analysis

A reference representation for code generation & verification

6


Technical approach: model compilation

User languages
(safe subsets, for each viewpoint: behavior,
architecture, system, …)

Design model
(close to user languages abstraction) Two metamodels
At different levels of abstraction

… N refinement steps… To factorize representations
independently of target platform
Not visible to the final user
Code model
A set of intermediate refinement steps
(close to imperative programming languages)

Ada C VHDL

7


Defining the Design Model language

User languages MAKE CHOICES
• Identify safe language subsets
• Identify languages overlap
• Not the union of all languages (not the UML way)

State machines
Design model Data flow
Domain-independent component model

Verification MAKE CHOICES

Analysis theories/techniques • Identify relevant analysis methods
• Ensure the relevant information is present
Analysis tools • Tell how to represent it in user-visible languages

8


Defining the Code Model language

Datatypes

Design model • Ranges
(close to user languages abstraction) • Struct
Expressions
• Literals and constants
Code model • Math expressions (+, -, *, /, abs, …)
Statements
• VariableDeclaration

Ada C VHDL • AssignementStatement
• IfStatement
• WhileLoop

• Factorizes model compilation independent of target language
• Isolates location to insert target-specific transformations (OS calls)
• Simplifies development of the model compilation chain
9


Need for iterative refinement

Design model’

Design model’’

• (De)mangling
Design model’’’
• Constant folding/propagation
• Sequencing
...
• Type inference
• Flattening
Code model’
• …

Code model’’

...

10


Importers and the P formalism

Importers may work at any refinement level
This is to allow some refinement outside the framework:
• Sequencing produced by Simulink with slist/elist
• Normalization of UML activity diagrams (resolution of concurrency)
• ….

Design model’

Design model’’

Design model’’’

...

11


Importers and the P formalism (II)

Importers may even connect directly to the code model
Useful for action languages:
• (Embedded) Matlab
• Action Language for fUML (ALF)
• ….

Code model’

Code model’’

...

12


Technical approach: a generic framework

User languages
(safe subsets, for each viewpoint: behavior,
architecture, system, …)
Importers Resolution of semantic variation points
New input languages (DSLs)
Design model
(close to user languages abstraction)

Tuning/addition/removal of model
… N refinement steps…
transformation steps from a library

Code model
Tuning of code generation
(close to imperative programming languages)

Ada C VHDL

13


P model compiler instantiation

1. Identify safe subset of input language

2. Define a mapping to the P formalism
– Most likely at the design model level

3. Identify the set of transformations to apply
– Develop new transformation components

– Select and integrate existing ones

4. Package new qualification data with reused data

14


Instantiations of model compilation chain
Behavior Architecture

Design model

… N refinement steps… … N refinement steps…

Code model

Ada C VHDL

15


Behavioral modeling: GeneAuto
NEW
Subset of user languages

State machines
Design model
Data flow


Code model Generation of sequential code

Ada C VHDL

16


Convergence of behavioral models

Formalism

17


Architectural modeling: CHESS & VERDE?

Subset of user languages

Design model Domain-independent
component model


Generation of concurrent code
Code model Last compilation step may be too
company-dependent to be factorized

Ada C

18


Support for scenario-based analysis

• Real-time analysis is done on scenarios
– To limit pessimism (unlikely that ALL tasks are ready at the same
instant…)

– Scenarios stem from requirements

– Are they consistent/complete w.r.t the application model?

• The design model could help
– It covers multiple views: impact of behavior on scenario
identification

– Generation of analysis scenarii from the architecture by taking into
account the functional behavior

19


Agile/Lean qualification

• Final user needs to tune the model compiler
– Support new input languages (DSLs)

– Support new output languages

– Tune code generation strategy

• Definition of an integrated, generic process model
– Integrated: Development & Verification & Qualification

– Generic: usable for any instantiation of the model compilation chain

– Developer POV

– User POV

20


Agile/Lean qualification (II)

• Process models in EPF (Eclipse Process Framework)
– Tool Qualification Plan

– Tool Development Plan

• Deployment of an agile/lean process
– Short-term planning via Kanban charts

– Continuous integration including qualification-oriented activities

Structural coverage

Coding standard

Traceability/consistency of lifecycle artifacts

21


Agile/Lean qualification (III)

• Minimize re-qualification cost
– Transformations ship with qualification data

– Reuse of qualification evidence

– Iterative process taken into account on the qualification plans

22


Main contact points
• Matteo Bordin, bordin@adacore.com

• Marc Pantel, marc.pantel@enseeiht.fr

• www.open-do.org/projects/p

23


PROJECT
P
Model Compilers
for Safety-Critical Systems

Additional information

24


Project information

• Started in October 2011

• 3 years

• 10M budget, ~5M funding, FUI financing (France)

• 19 partners + observers

• Administrative leader: Continental Automotive

• Technical leader: AdaCore

• Scientific leader: IRIT

25

avioncis Industrial users

automotive space

Tech providers Academia

26

Project P

Recommended

Recommended

More Related Content

What's hot

What's hot (13)

Viewers also liked

Viewers also liked (11)

Similar to Project P

Similar to Project P (20)

Recently uploaded

Recently uploaded (20)

Project P