Continuous Timing Assurance
Ensuring timing properties is a crucial aspect in the design of safety-critical systems. For example, safe operation of highly automated vehicles includes the ability to react on detected obstacles in a specified maximal time span. Our asset “Continuous Timing Assurance” provides methods and tools that enable the specification, verification, and monitoring of timing properties along the system’s lifecycle: From specification, implementation, and test in the development phase, to monitoring, diagnosis, and feedback to the developers in the operation phase.
The asset establishes expertise on the underlying Development & Operations (DevOps) processes in which these methods and tools are applied, as they are integral parts of many safety standards that must be followed in industry. The capability of a continuous timing assurance is of crucial importance for manufacturers and suppliers of software-defined highly automated systems, because they are especially challenged by regular software updates and the repetitive real-time proofs.
Core Modules
The asset builds on two core modules. The MULTIC Timing Specification Language (MTSL) is a language for the specification of timing properties of systems in contract-based design. The Unified Abstract Component Model (UACM) is an intermediate format designed to specify component models annotated with MTSL specifications for the exchange of system descriptions between different modeling and analysis tools.
Specification and Design
The results can be applied in industrial design processes by using model transformations that are developed in-house and can be integrated into industrial modeling environments used by the engineers, for example, an adapter for Sparx Systems Enterprise Architect to generate UACM interme-diate representations from SysML design models. An adapter for Eclipse APP4MC provides for the generation of RTana2sim analysis models based on domain-typical hardware/software models. In the future, we aim to implement further connections to established design tools and do-main-specific languages to support, for example, Robot Operating Systems (ROS) models.
Analysis and Diagnosis
Various tools for analyzing timing properties at design-time are developed, such as the discrete-time model-checker RTana2sim as well as the real-time simulation platform TSLsim based on SystemC and Timed-Value Stream (TVS). They enable a comprehensive analysis of previously defined MTSL and UACM specifications. Trace generation from RTana2sim and TSLsim, for example, in the commonly used VCD and BTF trace formats, enable an efficient visualization of analysis results.
Online Monitoring
Timing specifications can be evaluated at run-time via TVS-based timing monitors for post mortem parallel trace analysis or online monitoring for networked application class (high performance) processors. UACM::Monitors provide monitor generation for bare metal embedded platforms (under construction) and serve as a basis for real-time capable online monitoring on resourceconstrained bare metal embedded platforms (systems without an operating system).
UACM::Monitors for ROS 2 (under construction) provide online monitoring for ROS 2-based systems. UACM::Monitors for Scalexio (under construction) can be seamlessly integrated into the dSPACE Scalexio Hardware-in-the-Loop prototyping environment to enable in-process testing.