Une approche intégrée pour la validation et la génération de systèmes critiques par raffinement incrémental de modèles architecturaux / An integrated approach to validate and generate high-integrity systems by incremental refinement of architectural models

Lasnier, Gilles

27 August 2012

L’augmentation de la complexité des systèmes temps-réel répartis embarqués (TR2E) et leur implication dans de nombreux domaines de notre quotidien imposent de nouvelles mé thodes de réalisation. Dans les domaines dits critiques (transport, médecine...) ces systèmes doivent satisfaire des contraintes dures pour garantir leur bon fonctionnement et éviter toutes défaillances qui engendreraient des conséquences financières ou humaines dramatiques. L’Ingénierie Dirigée par les Modèles (IDM) introduit le “modèle” - i.e. une description abstraite du système - et un ensemble d’outils (édition, transformation...) permettant la simplification et l’automatisation des étapes de conception, de validation et de génération du système. Ainsi, différentes abstractions du système sont élaborées dans des formalismes spécifiques de manière à couvrir un aspect du système et à permettre la réutilisation des outils d’analyse et de génération existants. Cependant, ces multiples représentations évoluent à des niveaux d’abstractions différents et il n’est pas toujours évident de mettre en corrélation système analysé et système généré. Ce travail de thèse exploite les concepts et les mécanismes offerts par l’IDM pour améliorer la fiabilité du processus de réalisation des systèmes critiques basé sur les modèles. L’approche que nous avons définie repose sur la définition du langage de modélisation architecturale et comportementale AADL-HI Ravenscar - un sous-ensemble du langage AADL (Architecture Analysis & Design Language) et de son annexe comportementale - contraint pour permettre conjointement l’analyse et la génération de l’ensemble des composants de l’application y compris de son exécutif, avec une sémantique proche d’un langage de programmation impératif... / The increasing complexity of distributed realtime and embedded (DRE) systems and their implication in various domains imply new design and development methods. In safety- criticial domains such as space, aeronautical, transport or medicine, their failure could result in the failure of the mission, or in dramatic damages such as human losses. This particular class of systems comes with strong requirements to satisfy safety, reliability and security properties. The Model-driven Engineering (MDE) introduces the concept of «model» - an abstract description of the system and a set of tools (editor, transformation engine, code generator) to simplify and automatize the design, the validation and the implementation of the system. Thus, various abstractions are realized using different domain-specific modeling languages in order to assess one particular aspect of the system and to re-use model-based analysis tools and generative technologies. These various representations may share some commonalities but the consistency between them is hard to validate (for example : Is the analyzed system the same as the generated one ?).This PhD thesis leverages MDE concepts and mechanisms, to enhance the reliability of the model-based development process of DRE systems. Our approach is based on the definition of the architectural and behavioral modeling language AADLHI Ravenscar, a restriction of AADL (Architecture Analysis & Design Language) and its behavioral annex. This subset of AADL constructs, comes up with a semantic close to the one of an imperative programming language, to drive both the analysis and the code generation of the application components and its relying execution platform (middleware) components...

Système embarqué

AADL

Embedded system

Design and performance evaluation of parallel architectures for image segmentation processing

Surma, David Ray, 1963-

January 1989

The design of parallel architectures to perform image segmentation processing is given. In addition, the various designs are evaluated as to their performance, and a discussion of an optimal design is given. In this thesis, a set of eight segmentation algorithms has been provided as a starting point. Four of these algorithms will be evaluated and partitioned using two techniques. From this study of partitioning and considering the data flow through the total system, architectures utilizing parallel techniques will be derived. Timing analysis using pen and paper techniques will be given on the architectures using three of today's current technologies. Next, NETWORK II.5 simulations will be run to provide performance measures. Finally, evaluations of the various architectures will be made as well as the applicability of using NETWORK II.5 as a simulation language.

Image processing -- Digital techniques.

Computer architecture -- Analysis.

A development and assurance process for Medical Application Platform apps

Procter, Sam

January 1900

Doctor of Philosophy / Department of Computing and Information Sciences / John M. Hatcliff / Medical devices have traditionally been designed, built, and certified for use as monolithic units. A new vision of "Medical Application Platforms" (MAPs) is emerging that would enable compositional medical systems to be instantiated at the point of care from a collection of trusted components. This work details efforts to create a development environment for applications that run on these MAPs. The first contribution of this effort is a language and code generator that can be used to model and implement MAP applications. The language is a subset of the Architecture, Analysis and Design Language (AADL) that has been tailored to the platform-based environment of MAPs. Accompanying the language is software tooling that provides automated code generation targeting an existing MAP implementation. The second contribution is a new hazard analysis process called the Systematic Analysis of Faults and Errors (SAFE). SAFE is a modified version of the previously-existing System Theoretic Process Analysis (STPA), that has been made more rigorous, partially compositional, and easier. SAFE is not a replacement for STPA, however, rather it more effectively analyzes the hardware- and software-based elements of a full safety-critical system. SAFE has both manual and tool-assisted formats; the latter consists of AADL annotations that are designed to be used with the language subset from the first contribution. An automated report generator has also been implemented to accelerate the hazard analysis process. Third, this work examines how, independent of its place in the system hierarchy or the precise configuration of its environment, a component may contribute to the safety (or lack thereof) of an entire system. Based on this, we propose a reference model which generalizes notions of harm and the role of components in their environment so that they can be applied to components either in isolation or as part of a complete system. Connections between these formalisms and existing approaches for system composition and fault propagation are also established. This dissertation presents these contributions along with a review of relevant literature, evaluation of the SAFE process, and concludes with discussion of potential future work.

Medical Application Platforms

Hazard Analysis

Interoperable Systems

Systematic Analysis of Faults and Errors

Enterprise Systems Modifiability Analysis : An Enterprise Architecture Modeling Approach for Decision Making

Lagerström, Robert

January 2010

Contemporary enterprises depend to great extent on software systems. During the past decades the number of systems has been constantly increasing and these systems have become more integrated with one another. This has lead to a growing complexity in managing software systems and their environment. At the same time business environments today need to progress and change rapidly to keep up with evolving markets. As the business processes change, the systems need to be modified in order to continue supporting the processes. The complexity increase and growing demand for rapid change makes the management of enterprise systems a very important issue. In order to achieve effective and efficient management, it is essential to be able to analyze the system modifiability (i.e. estimate the future change cost). This is addressed in the thesis by employing architectural models. The contribution of this thesis is a method for software system modifiability analysis using enterprise architecture models. The contribution includes an enterprise architecture analysis formalism, a modifiability metamodel (i.e. a modeling language), and a method for creating metamodels. The proposed approach allows IT-decision makers to model and analyze change projects. By doing so, high-quality decision support regarding change project costs is received. This thesis is a composite thesis consisting of five papers and an introduction. Paper A evaluatesa number of analysis formalisms and proposes extended influence diagrams to be employed for enterprise architecture analysis. Paper B presents the first version of the modifiability metamodel. InPaper C, a method for creating enterprise architecture metamodels is proposed. This method aims to be general, i.e. can be employed for other IT-related quality analyses such as interoperability, security, and availability. The paper does however use modifiability as a running case. The second version of the modifiability metamodel for change project cost estimation is fully described in Paper D. Finally, Paper E validates the proposed method and metamodel by surveying 110 experts and studying 21 change projects at four large Nordic companies. The validation indicates that the method and metamodel are useful, contain the right set of elements and provide good estimation capabilities. / QC20100716

Enterprise Architecture

Software System Modifiability

Decision Making

Metamodeling

Enterprise Architecture Analysis

Software Change Cost Estimation

Other information technology

Övrig informationsteknik

A model-driven development and verification approach for medical devices

Jedryszek, Jakub

January 1900

Master of Science / Department of Computing and Information Sciences / John Hatcliff / Medical devices are safety-critical systems whose failure may put human life in danger. They are becoming more advanced and thus more complex. This leads to bigger and more complicated code-bases that are hard to maintain and verify. Model-driven development provides high-level and abstract description of the system in the form of models that omit details, which are not relevant during the design phase. This allows for certain types of verification and hazard analysis to be performed on the models. These models can then be translated into code. However, errors that do not exist in the models may be introduced during the implementation phase. Automated translation from verified models to code may prevent to some extent. This thesis proposes approach for model-driven development and verification of medical devices. Models are created in AADL (Architecture Analysis & Design Language), a language for software and hardware architecture modeling. AADL models are translated to SPARK Ada, contract-based programming language, which is suitable for software verification. Generated code base is further extended by developers to implement internals of specific devices. Created programs can be verified using SPARK tools. A PCA (Patient Controlled Analgesia) pump medical device is used to illustrate the primary artifacts and process steps. The foundation for this work is "Integrated Clinical Environment Patient-Controlled Analgesia Infusion Pump System Requirements" document and AADL Models created by Brian Larson. In addition to proposed model-driven development approach, a PCA pump prototype was created using the BeagleBoard-xM device as a platform. Some components of PCA pump prototype were verified by SPARK tools and Bakar Kiasan.

Model-driven development

Software verification

Medical devices

SPARK Ada

Patient-Controlled Analgesia Pump

Computer Science (0984)

Medicine (0564)

A latency comparison in a sharded database environment : A study between Vitess-MySQL and CockroachDB

Lundh, Filip, Mohlin, Mikael

January 2022

The world is becoming more and more digitized which in turn puts pressure on existing applications and systems to be able to handle large quantities of data. And  in some cases, that data also needs to be operated in secure and isolated environments. To address these needs, a new category  of databases has emerged, by the name of NewSQL. The downside of this new category is that it still remains unexplored in some areas, such as how each database under that category performs towards each other, or even towards databases belonging to other categories. One major aspect, in terms of performance is latency, since it affects the overall user-experience. In order to clear up some of the unexplored areas within NewSQL, two databases were studied in the context of their latency performance: CockroachDB and Vitess. The study was divided into two main parts. The first one, was a quantitative study, which was about gathering data on how each database performed in terms of latency when serving the create, read, update, and delete-operations. No clear differences in latency were found for the create- and read-operations. While the results for update- and delete-operations showed significant differences where Vitess had lower latency than CockroachDB.  The second part of this study was a qualitative study, dedicated to analyze and inspect each database architecture and source code. The intention was to identify potential factors that may affect latency performance. The outcome from the analysis was that three main factors could be identified. The first identified factor is that CockroachDB had a layered architecture and that it needed to translate SQL queries into a set of key-value operations. The second one is that the databases makes use of different storage engines, which in turn can have differences in performance. The third and final identified factor is that MySQL, which was integrated with Vitess, had existed for a longer period of time compared to CockroachDB. Which indicates that the database probably has been more optimized over the years.

Architecture Analysis

CockroachDB

Database Management System

Distributed SQL

Latency Comparison

MySQL

NewSQL

Sharding

Source Code Inspection

Vitess

Computer and Information Sciences

Data- och informationsvetenskap

Enterprise Architecture Modeling of Core Administrative Systems at KTH : A Modifiability Analysis

Rosell, Peter

January 2012

This project presents a case study of modifiability analysis on the Information Systems which are central to the core business processes of Royal Institution of Technology in Stockholm, Sweden by creating, updating and using models. The case study was limited to modifiability regarding only specified Information Systems. The method selected was Enterprise Architecture together with Enterprise Architecture Analysis research results and tools from the Industrial Information and Control Systems department of the same University. Jointly used with the ArchiMate modelling language, to create the models and perform the analysis. The results demonstrated to be very varied in regards to system models and modifiability. The Alumni Commu-nity system seemed to have very high modifiability whereas the Ladok på Webben system seemed to have the low modifiability, and other systems ranging differently or in between. The case study results found three slightly more critical systems of all the systems analysed: Ladok på Webben, Nya Antagningen & La-dok Nouveau. The first two showed to have either very low or low modifiability while being highly coupled to the other systems. Therefore any modification to these two systems would most likely cause effects that would require change in interconnected systems. Whereas Ladok Nouveau, while having average modifia-bility, has a critical position to process activities, is nearly isolated from all other systems, making them indi-rectly dependent on the system through the interconnected LADOK database. The study showed that the systems developed at KTH are comparable with systems developed by commercial enterprises in terms of modifiability. The study also provided insight into an Enterprise Architecture where the systems have dif-ferent development origins and how this could affect modifiability and analysis.

Enterprise Architecture

Enterprise Architecture Analysis

Case Study

Modifiability

Maintainability

EAAT

KTH

Public Sector

Information System

Modeling

Elektroteknik och elektronik

Distributed cross-layer scalable multimedia services over next generation convergent networks : architectures and performances

Le, Tien Anh

15 June 2012

Multimedia services are the killer applications on next generation convergent networks. Video contents are the most resource consuming part of a multimedia flux. Video transmission, video multicast and video conferencing services are the most popular types of video communication with increasing difficulty levels. Four main parts of the distributed cross-layer scalable multimedia services over next generation convergent networks are considered in this research work, both from the architecture and performance point of views. Firstly, we evaluate the performance of scalable multimedia transmissions over an overlay network. For that, we evaluate the performance of scalable video end-to-end transmissions over EvalSVC. It is capable of evaluating the end-to-end transmission of SVC bit-streams. The output results are both objective and subjective metrics of the video transmission. Through the interfaces with real networks and an overlay simulation platform, the transmission performance of different types of SVC scalability and AVC bit-streams on a bottle-neck and an overlay network will be evaluated. This evaluation is new because it is conducted on the end-to-end transmission of SVC contents and not on the coding performance. Next, we will study the multicast mechanism for multimedia content over an overlay network in the following part of this PhD thesis. Secondly, we tackle the problems of the distributed cross-layer scalable multimedia multicast over the next generation convergent networks. For that, we propose a new application-network cross layer multi-variable cost function for application layer multicast of multimedia delivery over convergent networks. It optimizes the variable requirements and available resources from both the application and the network layers. It can dynamically update the available resources required for reaching a particular node on the ALM's media distribution tree. Mathematical derivation and theoretical analysis have been provided for the newly proposed cost function so that it can be applied in more general cases of different contexts. An evaluation platform of an overlay network built over a convergent underlay network comprised of a simulated Internet topology and a real 4G mobile WiMAX IEEE802.16e wireless network is constructed. If multicast is the one-to-many mechanism to distribute the multimedia content, a deeper study on the many-to-many mechanism will be done in the next part of the thesis through a new architecture for video conferencing services. Thirdly, we study the distributed cross-layer scalable video conferencing services over the overlay network. For that, an enriched human perception-based distributed architecture for scalable video conferencing services is proposed with theoretical models and performance analysis. Rich theoretical models of the three different architectures: the proposed perception-based distributed architecture, the conventional centralized architecture and perception-based centralized architecture have been constructed by using queuing theory to reflect the traffic generated, transmitted and processed at the perception-based distributed leaders, the perception-based centralized top leader, and the centralized server. The performance of these three different architectures has been considered in 4 different aspects. While the distributed architecture is better than the centralized architecture for a scalable multimedia conferencing service, it brings many problems to users who are using a wireless network to participate into the conferencing service. A special solution should be found out for mobile users in the next part of the thesis. Lastly, the distributed cross-layer scalable video conferencing services over the next generation convergent network is enabled. For that, an IMS-based distributed multimedia conferencing services for Next Generation Convergent Networks is proposed. [...]

[INFO:INFO_OH] Computer Science/Other

[INFO:INFO_OH] Informatique/Autre

Application layer multicast

Video evaluation platform

Architecture analysis

Cost function

Cross-layer optimization

Overlay network

Convergent networks

Distributed architecture

Uma técnica baseada em SysML para modelar a arquitetura de sistemas embarcados de tempo real

Ribeiro, Quelita Araújo Diniz da Silva

23 March 2017

Coordenação de Aperfeiçoamento de Pessoal de Nível Superior - CAPES / Architectural specification of real-time software systems is an activity that conveys analysis, knowledge and understanding of both the application domain and the parties involved in software construction. Architecture plays a key role in communication between stakeholders, in addition to planning the entire architectural process involved in the project. However, Architecture Description Languages (ADLs) have not been widely used in the industry. Another limiting factor for the e ff ective use of ADLs is the di ffi culty of these languages in e ff ectively expressing the architecture of complex systems. Considering this situation of di ffi culty in the e ff ective use of ADLs, the UML has been used in recent years to model the architecture. However, UML can not represent the important characteristics pertinent to real-time systems, such as security or real-time constraints. One of the advantages of the UML is the extensibility allowing the creation of profiles. In this sense, this work proposes using Systems Modeling Language (SysML), a UML profile, to model real-time systems architecture in two automotive systems, the airbag control system and the light control system. The objective of this work is to use UML and SysML to model and document the architecture and design of requirements traceability between software and systems elements, increasing the understanding of the project among the parties involved, and finally presenting SysML as a language for description of real-time software architecture. The ADL Architecture Analysis and Design Language (AADL) and SysML languages were compared to show the advantages of SysML. As a result, it was noticed that abstract features such as conditional deviations, loop, characteristics that are related to reality and consequently to the system can not be described in AADL. SysML has proved to be relevant in the context of architecture description, analysis, classification and modeling of real-time systems. The SysML Requirements diagram explicitly shows the various types of relationships between di ff erent requirements, the Block diagram enables the global view of the systems involved in a single project, the Internal Block diagram allows the internal view of the system under construction, the Activity diagram considers the behavioral view of the system. SysML concepts, articulated in the SysML Requirements, Activities, Blocks and Internal Blocks diagrams, are complementary, covering the purposes needed to describe the architecture of real-time systems. It is concluded that the proposed UML and SysML join technique provides elements to describe software requirements and their relationships with the system, to manage changes, to evolve and to trace requirements more easily, in addition to the communication being e ff ectively carried out between the stakeholders. This is important for the development of real-time systems because of the diversity of people / teams involved and influencing a wide range of design decisions. / A especificação da arquitetura de sistemas de software de tempo real é uma atividade que depreende análise, conhecimento e compreensão tanto do domínio da aplicação quanto das partes envolvidas na construção do software. A arquitetura tem um papel primordial na comunicação entre os stakeholders, além do planejamento de todo o processo arquitetural envolvido no projeto. Contudo, as Linguagens de Descrição de Arquiteturas (ADLs) não têm sido amplamente usadas na indústria. Outro fator limitador para o uso efetivo de ADLs é a dificuldade dessas linguagens em expressar efetivamente a arquitetura de sistemas complexos. Considerando essa situação de dificuldade do uso efetivo de ADLs, a UML tem sido utilizada nos últimos anos para modelagem da arquitetura. No entanto, a UML não consegue representar características importantes pertinentes a sistemas de tempo real, tais como segurança ou restrições de tempo real. Uma das vantagens da UML é a capacidade de extensão permitindo a criação de profiles. Neste sentido, este trabalho apresenta a Systems Modeling Language (SysML), um profile da UML, para modelagem da arquitetura de sistemas de tempo real em dois sistemas automotivos, o sistema de controle de airbag e o sistema de controle de faróis. Neste trabalho tem-se como objetivos utilizar a UML e a SysML para modelagem e documentação da arquitetura e delineamento de rastreabilidade de requisitos entre software e sistema, ampliando o entendimento do projeto entre as partes envolvidas, e por fim apresentar a SysML como uma linguagem para descrição da arquitetura de software de tempo real. As linguagens SysML e a ADL Architecture Analysis & Design Language (AADL) foram comparadas para mostrar as vantagens da SysML. Como resultado, foi percebido que características abstratas, tais como tomadas de decisão, repetição de uma funcionalidade (loop), características que são relacionadas a realidade e, consequentemente, ao sistema, não podem ser descritas em AADL. A SysML mostrou-se relevante no contexto da descrição, análise, classificação e modelagem de arquitetura para sistemas de tempo real. O diagrama de Requisitos da SysML mostra explicitamente os diversos tipos de relacionamentos entre diferentes requisitos, o diagrama de Blocos viabiliza a visão global dos sistemas envolvidos num único projeto, o diagrama de Blocos Internos possibilita a visão interna do sistema em construção, o diagrama de Atividades considera a visão comportamental do sistema. Os conceitos de SysML, articulados nos diagramas de Requisitos, Atividades, Blocos e Blocos Internos da SysML são complementares cobrindo os propósitos necessários para a descrição da arquitetura de sistemas de tempo real. Conclui-se que a técnica proposta da junção de UML e SysML fornece elementos para descrever requisitos de software e seus relacionamentos com o sistema, gerenciar mudanças, evoluir e rastrear requisitos mais facilmente, além da comunicação ser efetivamente realizada entre os stakeholders. Este aspecto é importante ao desenvolvimento de sistemas de tempo real, por causa da diversidade de pessoas / equipes envolvidas e que influenciam uma ampla série de decisões de projeto.

Ciência da computação

Programas de computador

SysML

Engenharia de software

Inteligência competitiva

Arquitetura de software

Architecture Description Language (ADL)

Unified Modeling Language (UML)

Software architecture

Faciální a architekturní analýza kontinentálních sedimentů klikovského souvrství na lokalitě Hosín-Orty, svrchní křída, českobudějovická pánev. / Facies and architecture analysis of the continental deposits of Klikov Formation, Hosín-Orty locality, Upper Cretaceous, České Budějovice Basin.

Kavková, Radana

January 2016

The Klikov Formation (Upper Cretaceous) represents the lowest stratigraphic unit of the South Bohemian basins. It provides record of continental deposits related to fluvial processes. Analysis of facies and architectures supplemented with paleocurrents data provided a basis for interpretation of depositional system exposed underground on the locality Hosín-Orty. In this study identifies sedimentary facies corresponding to high-energy river environmnent with dominance of traction current deposition are identified. Next to this, facies corresponding to low-energy deposition from suspension is preserved. From the perspective of architecture analysis depositional record represent active river channels and their fills eventuelly fills of abandoned channels. Low dispersion of paleocurrent values is consistent with a low-sinuosity river. Vertical aggradation of channels, dominance of river bars in channel-fill, downstream accretion, absence of ripples, point-bars, lateraly accreted patterns and floodplain deposits correspond with braided river environment. Stratigraphic units A, B, C, D, E, F corresponding to fluvial environment or environment of abandoned channel were distinguished. The direction of river flow is interpreted to northeast in unit A, and northwest in unit B, respectively. Autogenic and...