Boeing's Bold Stroke program is an example where CORBA middleware has been embraced in a distributed real-time embedded (DRE) domain. Bold Stroke is ...
Slicing and Partial Evaluation of CORBA Component Model Designs for Avionics Systems ∗
(Abstract) John Hatcliff, William Deng, Matthew B. Dwyer, Georg Jung, Venkatesh Ranganath, Robby Kansas State University SAnToS Laboratory Department of Computing and Information Sciences Manhattan, KS 66506, USA {hatcliff,deng,dwyer,jung,rvprasad,robby}@cis.ksu.edu
Categories and Subject Descriptors
Boeing’s Bold Stroke program is an example where CORBA middleware has been embraced in a distributed real-time embedded (DRE) domain. Bold Stroke is a product-line based program providing object-oriented mission critical avionics software to a variety of military aircraft produced by the Boeing company. Avionics software acts as the center of mission control for an aircraft pilot. It manages the cockpit displays, navigation and tactical sensors as well as weapon deployments. These complex systems have hard and soft real-time deadlines involving large amounts of periodic and aperiodic processing, and support thousands of operating modes. In addition, the software developed for military aircraft is maintained and updated over the course of many years. Although the development process is repeated for each update, each update aims to preserve as much legacy software as possible to reduce cost and risk. Bold Stroke represents a significant technological advance over Boeing’s previous mission computing development practices which were largely assembly code based. To support the development of component-based DRE systems such as those produced in the Bold Stroke framework, we are developing Cadena [1, 2] – an integrated environment for modeling, analyzing, and implementing CCM systems. Cadena provides facilities for defining component types using CCM interface definition language (IDL), specifying dependency information and transition system semantics for these types, assembling systems from CCM components, visualizing various dependence relationships between components, specifying and model-checking correctness properties of models of CCM systems derived from CCM IDL, component assembly information, and Cadena specifications, and producing CORBA stubs and skeletons implemented in Java or C++. In this talk, we focus on several aspects of the Cadena analysis facilities related to slicing and partial evaluation, and we discuss how these facilities aid in the development and debugging of system designs. Specifically,
D.2.1 [Software Engineering]: Requirements/Specifications; D.2.2 [Software Engineering]: Design Tools and Techniques; D.2.4 [Software Engineering]: Software/Program Verification; D.2.8 [Software Engineering]: Quality Assurance
General Terms Design, verification, languages
Keywords Slicing, CORBA, components, partial evaluation, designs, verification, model-checking, real-time systems, embedded systems, distributed systems.
Abstract The use of component models such as Enterprise Java Beans and the CORBA Component Model (CCM) in application development is expanding rapidly. Even in real-time safetycritical and mission-critical domains, component-based development is beginning to take hold as a mechanism for incorporating non-functional aspects such as real-time, qualityof-service, and distribution. ∗
This work was supported in part by the U.S. Army Research Office (DAAD190110564), by DARPA/IXO’s PCES program (AFRL Contract F33615-00-C-3044), by RockwellCollins, by Lockheed-Martin, and by Intel Corporation (Grant 11462).
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. To copy otherwise, to republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. PEPM’03, June 7, 2003, San Diego, California, USA. Copyright 2003 ACM 1-58113-667-6/03/0006 ...$5.00.
• we illustrate how developers can declare various intracomponent dependence properties using a light-weight specification formalism,
1
• we explain how different forms of slicing can be carried out on dependence graphs for CCM designs constructed from component connection information and intra-component dependency specifications, • we summarize the often overlooked connections between the symbolic evaluation strategies used in traditional partial evaluation and state-space exploration strategies used in explicit-state model-checking, and • we describe how projections of CCM designs can be obtained using a form of partial evaluation driven by an extensible explicit-state model-checking engine that we have built called Bogor [3] which can be configured to simulate the threading and real-time scheduling policies found in real-time CORBA middleware. The development of many of these capabilities has been guided by a list of challenge problems provided to us from Boeing engineers. These challenge problems aim to focus research efforts on providing tools and technologies for reducing time, effort, and errors in development of productline systems which can have over 1000 components. Cadena has been used in an evaluation phase by a Boeing research team for several months now, and initial feed-back concerning Cadena’s slicing and visualization of system projections has been very encouraging. We conclude this talk with an assessment of how other forms of specialization will be included in future versions of Cadena.
1.
REFERENCES
[1] Cadena Development Team, SAnToS Laboratory, Kansas State University. Cadena Website. http://www.cis.ksu.edu/cadena, 2003. [2] J. Hatcliff, W. Deng, M. Dwyer, G. Jung, and V. Prasad. Cadena: An integrated development, analysis, and verification environment for component-based systems. In Proceedings of the 25th International Conference on Software Engineering, May 2003. [3] Robby, M. B. Dwyer, and J. Hatcliff. Bogor Website. http://www.cis.ksu.edu/bandera/bogor, 2003.
2
