Cadena: An Integrated Environment for Developing High-Assurance Component-based Systems http://www.cis.ksu.edu/cadena SAnToS Laboratory, Kansas State University, USA Matt Dwyer John Hatcliff Gurdip Singh Principal Investigators Support US National Science Foundation (NSF) US National Aeronautics and Space Agency (NASA) US Department of Defense Advanced Research Projects Agency (DARPA) US Army Research Office (ARO) Rockwell-Collins ATC Honeywell Technology Center and NASA Langley Sun Microsystems Intel Postdocs and Students Radu Iosif Hongjun Zheng Corina Pasareanu Georg Jung Robby Venkatesh Ranganath Oksana Tkachuk William Deng
70
Embed
Cadena: An Integrated Environment for Developing High-Assurance Component-based Systems
Cadena: An Integrated Environment for Developing High-Assurance Component-based Systems. SAnToS Laboratory, Kansas State University, USA. http://www.cis.ksu.edu/cadena. Principal Investigators. Postdocs and Students. Radu Iosif Hongjun Zheng Corina Pasareanu Georg Jung. Robby - PowerPoint PPT Presentation
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Cadena:An Integrated Environment for
Developing High-Assurance Component-based Systems
http://www.cis.ksu.edu/cadenaSAnToS Laboratory, Kansas State University, USA
Matt DwyerJohn HatcliffGurdip Singh
Principal Investigators
SupportUS National Science Foundation (NSF)US National Aeronautics and Space Agency (NASA)US Department of Defense Advanced Research Projects Agency (DARPA) US Army Research Office (ARO)
Rockwell-Collins ATCHoneywell Technology Center and NASA Langley Sun MicrosystemsIntel
Postdocs and StudentsRadu IosifHongjun ZhengCorina PasareanuGeorg Jung
RobbyVenkatesh RanganathOksana TkachukWilliam Deng
Distributed Components
Network
Distributed Components
Middleware (e.g. CORBA)
Java
C++
C++
C
Java
C
InterfaceDefinition Language (IDL) specifications for remote methods
Automatically generated proxies
Distributed Components
Middleware (e.g. CORBA)Event Service Transaction Service
Naming Service Synchronization Service
Java
C++
C++
C
Java
C
ComponentInterface DefinitionLanguage(CCM IDL)
substantial portion of code auto-generated
Checking CCM Systems
Light-weight behavioral specifications
Leverage abstractions that programmers already write
Component IDL Scale static analysis
techniques to handle remote connections
Use emerging model-checking technology dedicated to OO structures and RT scheduling algorithms
Middleware (e.g. CORBA)Event Service Transaction Service
Naming Service Synchronization Service
Java
C++
C++
C
Java
C
Modern Software Systems Our Themes
These systems are huge! What are appropriate
abstractions/specifications and how can we get programmers to write them?
Mission-control software for Boeing military aircraft, e.g., F-18 E/F, Harrier, UCAV
Boeing’s Bold Stroke Avionics Middleware …built on top of ACE/TAO RT CORBA
Our focus: developing a rigorous design process with formal design artifacts that can be automatically checked for common design flaws
Analysis & Verification of
Fighter Aircraft Mission Control
Systems
Boeing Bold Stroke Platform
Radar
Weapons
Nav Sensors
WeaponManagement
Data Links
Many Computers
Multiple Buses
Constrained Tactical Links
O(106) Lines of CodeHard & Soft
Real-Time
Periodic & Aperiodic
Multiple Safety Criticalities
Information Security
Focus Domain
MissionComputer
VehicleMgmt
COTS
Control-Push Data-Pull
Component A computes some data that is to be read by one or more components Bi
Typical situation
Run-time Actions
A
B1
Bk
A publishes a dataAvailable eventBi call the getData() method of A to fetch the data
dataAvailable
dataAvailable
getData()
getData()
Control-Push Data-Pull Structure
1. Logical GPS component receives a periodic event indicating that it should read the physical GPS device.2. Logical GPS publishes DATA_AVAILABLE event3. Airframe component fetches GPS data by calling GPS GetData method4. Airframe updates its position data and publishes DATA_AVAILABLE event5. NavDisplay component fetches AirFrame data by calling AirFrame GetData method6. NavDisplay updates the physical display
Process moves directly from informal textual requirements documents to C++ coding (!)
No use of component-level (CCM) IDL for code generation Still resistance by “legacy developers” to higher-level
descriptions (moving away from machine code has been difficult for some)
development bypasses modeling
Unleveraged Artifacts
Current design/model artifacts are used as informal documentation not connected to analysis/visualization tools not connected to “glue code” (deployment
code) generation
Lack of Model Analysis
1. Forward & backward data and event dependencies2. Dependency intersections
4. All components from a particular rate group
5. Cycle checks
…15-20 others related to dependencies
Boeing OEP Challenge Problems
3. Components with high data coupling
…also mode-aware dependences
Lack of Model AnalysisBoeing OEP Challenge Problems
If component 1 is in mode A when component 2 produces event E, then component 3 will consume event F
(Section 4.1.5.3.6)
A temporal property well-suited for model-checking!