Mo Model-base sed Deve velopment for High Assu ssurance ce Embedded Syst ystems Slang Embedded Toolchain Overview Robby John Hatcliff Jason Belt Professor University Distinguished Professor Research Associate Kansas State University Lucas-Rathbone Professor of Kansas State University Engineering Kansas State University This material is based on research sponsored by the Department of Homeland Security (DHS) Science and Technology Directorate, Homeland Security Advanced Research Projects Agency (HSARPA), Cyber Security Division (DHS S&T/HSARPA/CDS) BAA HSHQDC- 14-R-B0005, the Government of Israel and the National Cyber Bu- reau in the Government of Israel via contract number D16PC00057, as well as the US National Science Foundation FDA Scholar-in-Residence Program.
SL SLang Emb Embedded Frame mework What is it? What can you do with it? Model the architecture (i.e., the design) The Slang Embedded Framework is an n n (both hardware and software of integrated modeling, development, embedded systems) analysis, and verification framework Specify important properties about your for component-oriented embedded n system in architecture models systems Generate templates/interfaces for your n ”Slang” stands for S ireum L anguage – n Slang code and “autoprogram” Sireum is a programming language communication between components analysis, verification, and Analyze and verify your models and code n transformation framework developed against many different types of at Kansas State University properties Slang Embedded has a special Help you simulate/debug your code n n emphasis on development of systems Interface with sensors, actuators, and n built on top of separation kernels and other hardware elements platforms (infrastructure that can be Automatically translate Slang to C and a n reused across multiple “deployable build” for a particular platform implementations) Slang Embedded --- Overview
Primary y Stages s in Tool Chain System Modeling and Analysis (AADL) Analysis and verification results moved up and down abstraction layers Code Generation -- Slang + Run-Time System Abstraction AADL OSATE Source Code, Simulation, Analysis, Verification Analyses - Scheduleability - Information Flow - … Deployment on Embedded/Distributed Platforms Slang – Subset of Scala for critical systems Hypervisors / Micro-kernels Minex 3 (enhanced) • SeL4 • Xen • Lynx Secure • Code Generation, e.g., C + Platform Run-Time • C compatible with CompCERT verified compiler • Conforms to AADL Run-Time Services (informally • specifies a computational model for real-time Medical/IoT Reference Architecture threading and communication . Slang Embedded --- Overview
Examp Ex mple Doma mains Medical Devices (US Dept of Homeland Security) Example applications Code deployed using Genode OS areas currently being framework using Xen Hypervisor and SeL4 addressed with microkernel Slang Embedded framework Building Controls (US Dept of Homeland Security) Code deployed using enhanced Minix micro-kernel Containment labs for critical agriculture experiments UxAS – Unmanned (AFRL, DARPA) STM32 / FreeRTOS (education) Code deployed on machine-verified micro-kernel SEL4 Unmanned Systems Autonomy Services Slang Embedded --- Overview
To Toolchain Architecture SAnToS AADL Instance Model (AADL IM) to JSON SAnToS JSON AADL IM to Slang AADL IM Code Generation: Slang AADL IM Transforms AADL instance model with additional Transforms JSON AADL IM to in memory to Slang Embedded properties and AADL annex clauses to JSON Slang representation. Transforms Slang AADL IM to a representation Slang Embedded project including architecture definition, code skeletons, and Slang OSATE SIREUM contracts JSON AADL IM to AADL IM to JSON Slang Slang AADL IM AADL IM AADL Model JSON Files (AIR) + system properties Slang AST to Slang and configuration info Embedded Translator Slang Embedded Deployment Transforms Slang component code to Slang Embedded C with integration to platform-specific implementations of AADL run-time Slang AADL Runtime services. Arch definition Simulator w/ AADL properties Slang Embedded Slang Verification Deployment Slang Slang Testing and Component Fault Injection C-based C source files AADL source w/ contracts Run-time files Slang Tools in IntelliJ IDE Services Slang Embedded --- Overview
To Toolchain Architecture SAnToS AADL Instance Model (AADL IM) to JSON SAnToS JSON AADL IM to Slang AADL IM Code Generation: Slang AADL IM Transforms AADL instance model with additional Transforms JSON AADL IM to in memory to Slang Embedded properties and AADL annex clauses to JSON Slang representation. Transforms Slang AADL IM to a representation Slang Embedded project including architecture definition, code skeletons, and Slang OSATE SIREUM contracts JSON AADL IM to AADL IM to JSON Slang Slang AADL IM AADL IM AADL Model JSON Files (AIR) + system properties Slang AST to Slang and configuration info Embedded Translator Slang Embedded Deployment Transforms Slang component code to Slang Embedded C with integration to platform-specific implementations of AADL run-time Slang AADL Runtime services. Arch definition Simulator w/ AADL properties Slang Embedded Slang Verification Deployment Slang Slang Testing and Component Fault Injection C-based C source files AADL source w/ contracts Run-time files Slang Tools in IntelliJ IDE Services Slang Embedded --- Overview
Op Open PCA Pump Architecture AADL Graphical View of the primary subsystems of the PCA Device Operational Subsystem Safety Subsystem Fluid Subsystem Power Subsystem Open PCA Pump pedagogical material provides a 40-min video lecture overview of the Slang Embedded --- Overview pump architecture -- http://highassurance.santoslab.org/?q=lectures
Architecture provides Ar “F “Foundati tion fo for r Tru ruth th” AADL models form scaffolding and an abstraction of the system that is used to link many different types of artifacts Requirements Behavioral Interface Hazard Analysis Specification (contracts/verification) Information Flow Analysis Assurance Cases Realt-Time Schedulability Analysis Code Generation + Hardware Platform Configuration Slang Embedded --- Overview
Si Simp mple Ex Examp mple Sy System Simple “Temperature Control” illustrates many core concepts of cyber- physical systems Slang Embedded --- Overview
OS OSATE – AADL AADL Model (Graphical Vi View) w) Simple Temperature Control model in AADL (OSATE) Temp Sensor Temperature Controller (thermostat) Heater/Fan Actuator Model how you want the system to be decomposed into hardware elements, drivers, threads, and specify the communication between these. Then the Slang framework will autocode the communication and will generate templates for you to program the Operator Interface components. (this particular diagram emphasizes software aspects) …create/edit system architecture in OSATE/AADL Slang Embedded --- Overview
OS OSATE – AADL AADL Model (Graphical Vi View) w) Simple Temperature Control model in AADL (OSATE) Temp Sensor Temperature Controller (thermostat) Heater/Fan Actuator Specify interfaces/boundaries of components in terms of input/output event/data ports. Slang will auto generate interface code and method signatures. Operator Interface (this particular diagram emphasizes software aspects) …create/edit system architecture in OSATE/AADL Slang Embedded --- Overview
OSATE – AADL OS AADL Model (Graphical Vi View) w) Simple Temperature Control model in AADL (OSATE) Temperature Controller (thermostat) Heater/Fan Actuator Wire the ports together to specify the communication topology (who talks to whom). Slang generates all the code for the communication from the ”wires”/connections that you specify. Operator Interface (this particular diagram emphasizes software aspects) …create/edit system architecture in OSATE/AADL Slang Embedded --- Overview
OS OSATE – AADL AADL Model (Textual Vi View) w) AADL has both a textual view and a graphical view and OSATE keeps them synchronized Slang Embedded --- Overview
OS OSATE – AADL AADL Model (Textual Vi View) w) AADL has both a textual view and a graphical view and OSATE keeps them synchronized Temperature Temperature Controller Controller to Fan component connection Slang Embedded --- Overview
AADL AADL Pr Properties In AADL you can attach various “properties” about the system that are used to configure the underlying platform, direct code generation, and to support model-level analysis Simple properties to configure the RTOS scheduler and auto-generated thread skeleton and to and support real-time schedulability analysis. Slang Embedded --- Overview
AADL AADL Pr Properties In AADL you can attach various “properties” about the system that are used to configure the underlying platform, direct code generation, and to support model-level analysis Properties capturing communication latencies. Slang Embedded --- Overview
An Analysis Multiple forms of analysis can be carried out with AADL/OSATE plug-ins KSU’s AWAS Information Flow and dependency analyis. Slang Embedded --- Overview
Recommend
More recommend
