OSATE-DIM is validated through 2 case studies.
MC-DAG
The Mixed-Criticality Directed Acyclic Graphs (MC-DAG) framework developed by our group computes scheduling tables for AADL systems with mixed-critical tasks. This case study from the MC-DAG benchmark [1] is a system with a multi-core processor and a process. The Process Component has eight threads, each with a different task. There are two System Operation Modes for low-criticality and high-criticality in the case of a failure. The transitions from one Mode to another are relayed through Connections from the Processor to the Process.
The View-Update in this case study is the addition of static scheduling tables for each Thread. Such tables are modeled in AADL using the RAMSES-specific ‘Execution_Slots’ Property,
so that RAMSES can take those into account when generating OS configuration files during code generation. These tables specify for each Thread, its binding to one of the two cores of the processor and its execution start and stop times.
- Overall, there is an addition of nine rich Property Associations, which are not just value-based, but also contain references to other Instance objects.
RAMSES
RAMSES is an AADL-based tool available as an additional OSATE component and developed by our group for the automatic generation of C code for POSIX, ARINC653, and OSEK-compliant Operating Systems (OS). Starting from an Instance model, RAMSES refines the model by adding details for a specific OS platform as selected by the user. From this refined Instance model, analyses can be performed, which are typically more precise given the lower level of abstraction of the model.
In its current version, RAMSES must first create a new refined Declarative model from/of the selected Instance model, to which the OS-specific details are added. A new Instance model is then computed by OSATE from the newly created Declarative model.
Following this, we have used a simple AADL producer-consumer communications module instance model, refined for a Linux-based platform by transforming Port Connections to Shared Data Accesses and by adding several Data Components and RAMSES-specific Properties, as a second case study for OSATE-DIM. The case-study is shipped as part of the RAMSES Example Suite. The View-Updates in this case consist of
- addition of 41 Data Components to a Process Component, which are shared by two threads.
- The Port Features interfacing the two threads with each other are changed to Data Access kinds.
- New Data Access Connections are also added between the shared Data Components and the Threads.
- The added Data Components have varying numbers of Properties, and the total number of newly added properties is 122.
- the name of the top-System Instance is changed to “refined_model_impl_Instance”
**Within this case-study, it has been observed that while the Instance model generated from the updated Declarative model matches that generated by RAMSES, the Declarative model actually faces errors in compilation. This is because there is a mismatch in the type of connection between subprograms and threads. This mismatch cannot be resolved within OSATE-DIM, because this information is not instantiated. This displays the limits of using the Instance model only. We have initiated dialogue with the AADL standards community, to consider instantiation of subprograms.
Experimental Test-Suite
References
[1] Roberto Medina, Étienne Borde, and Laurent Pautet. 2018. Scheduling Multi-periodic Mixed-Criticality DAGs on Multi-core Architectures. In 2018 IEEE Real-Time Systems Symposium. 254–264.