skip to main content
article

An AADL Contract Language Supporting Integrated Model- and Code-Level Verification

Published:05 April 2023Publication History
Skip Abstract Section

Abstract

Model-based systems engineering approaches support the early adoption of a model - a collection of abstractions - of the system under development. The system model can be augmented with key properties of the system including formal specifications of system behavior that codify portions of system and unit-level requirements. There are obvious gaps between the model with formally specified behavior and the deployed system. Previous work on component contract languages has shown how behavior can be specified in models defined using the Architecture Analysis and Design Language (AADL) - a SAE International standard (AS5506C). That work demonstrated the effectiveness of model-level formal methods specification and verification but did not provide a strong and direct connection to system implementations developed using conventional programming languages. In particular, there was no refinement of model-level contracts to programming language-level contracts nor a framework for formally verifying that program code conforms to model-level behavioral specifications.

To address these gaps and to enable the practical application of model-contract languages for verification of deployed high-integrity systems, this paper describes the design of the GUMBO AADL contract language that integrates and extends key concepts from earlier contract languages. The GUMBO contract language (GCL) is closely aligned to a formal semantics of the AADL run-time framework, which provides a platform- and language- independent specification of AADL semantics. We have enhanced the HAMR AADL code generation framework to translate model-level contracts to programming language-level contracts in the Slang high-integrity language. We demonstrate how the Logika verification tool can automatically verify that Slang-based AADL component implementations conform to contracts, both at the code-level and model-level. Slang-based implementations of AADL systems can be executed directly or compiled to C for deployments on Linux or the seL4 verified microkernel.

References

  1. 2015. seL4 Microkernel. sel4.systems/.Google ScholarGoogle Scholar
  2. Haniel Barbosa, Clark Barrett, Martin Brain, Gereon Kremer, Hanna Lachnitt, Makai Mann, Abdalrhman Mohamed, Mudathir Mohamed, Aina Niemetz, Andres Nötzli, et al. 2022. cvc5: a versatile and industrialstrength SMT solver. In International Conference on Tools and Algorithms for the Construction and Analysis of Systems. Springer, 415--442.Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. Clark Barrett, Christopher L Conway, Morgan Deters, Liana Hadarean, Dejan Jovanovi?, Tim King, Andrew Reynolds, and Cesare Tinelli. 2011. Cvc4. In International Conference on Computer Aided Verification. Springer, 171--177.Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. Jason Belt, John Hatcliff, Robby, John Shackleton, Jim Carciofini, Todd Carpenter, Eric Mercer, Isaac Amundson, Junaid Babar, Darren Cofer, David Hardin, Karl Hoech, Konrad Slind, Ihor Kuz, and Kent Mcleod. 2022. Model-Driven Development for the seL4 Microkernel Using the HAMR Framework. Journal of Systems Architecture (2022), (to appear).Google ScholarGoogle Scholar
  5. SAE AS5506 Rev. C. 2017. Architecture Analysis and Design Language (AADL).Google ScholarGoogle Scholar
  6. Fabien Cadoret, Etienne Borde, Sébastien Gardoll, and Laurent Pautet. 2012. Design patterns for rule-based refinement of safety critical embedded systems models. In 2012 IEEE 17th International Conference on Engineering of Complex Computer Systems. IEEE, 67--76.Google ScholarGoogle ScholarCross RefCross Ref
  7. Bernard Carré and Jonathan Garnsworthy. 1990. SPARK-an annotated Ada subset for safety-critical programming. In Proceedings of the conference on TRI-ADA'90. 392--402.Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. Darren D. Cofer, Andrew Gacek, Steven P. Miller, Michael W. Whalen, Brian LaValley, and Lui Sha. 2012. Compositional Verification of Architectural Models. In Proceedings of the 4th NASA Formal Methods Symposium (NFM 2012) (Norfolk, VA, USA), Alwyn E. Goodloe and Suzette Person (Eds.), Vol. 7226. Springer-Verlag, Berlin, Heidelberg, 126--140.Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. Sylvain Conchon, Albin Coquereau, Mohamed Iguernlala, and Alain Mebsout. 2018. Alt-Ergo 2.2. In SMT Workshop: International Workshop on Satisfiability Modulo Theories.Google ScholarGoogle Scholar
  10. Rob Edman, Hazel Shackleton, John Shackleton, Tyler Smith, and Steve Vestal. 2015. A Framework for Compositional Timing Analysis of Embedded Computer Systems. In IEEE International Conference on Embedded Software and Systems (Newark, NJ).Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. Peter H Feiler and David P Gluch. 2013. Model-Based Engineering with AADL: An Introduction to the SAE Architecture Analysis & Design Language. Addison-Wesley. xx + 468 pages.Google ScholarGoogle Scholar
  12. John Hatcliff, Jason Belt, Robby, and Todd Carpenter. 2021. HAMR: An AADL Multi-platform Code Generation Toolset. In Leveraging Applications of Formal Methods, Verification and Validation - 10th International Symposium on Leveraging Applications of Formal Methods, ISoLA 2021, Rhodes, Greece, October 17--29, 2021, Proceedings (Lecture Notes in Computer Science, Vol. 13036), Tiziana Margaria and Bernhard Steffen (Eds.). Springer, 274--295. https://doi.org/10.1007/978--3-030--89159--6_18Google ScholarGoogle Scholar
  13. John Hatcliff, Jerome Hugues, Danielle Stewart, and Lutz Wrage. 2022. Formalization of the AADL Run-Time Services. In Leveraging Applications of Formal Methods, Verification and Validation - 11th International Symposium on Leveraging Applications of Formal Methods, ISoLA 2022, Rhodes, Greece (To Appear).Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. John Hatcliff, Brian R. Larson, Todd Carpenter, Paul L. Jones, Yi Zhang, and Joseph Jorgens. 2019. The open PCA pump project: an exemplar open source medical device as a community resource. SIGBED Rev. 16, 2 (2019), 8--13.Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. John Hatcliff, Gary T. Leavens, K. Rustan M. Leino, Peter Müller, and Matthew J. Parkinson. 2012. Behavioral interface specification languages. ACM Comput. Surv. 44, 3 (2012), 16:1--16:58.Google ScholarGoogle Scholar
  16. Duc Hoang, Yannick Moy, AngelaWallenburg, and Roderick Chapman. 2015. SPARK 2014 and GNATprove. International Journal on Software Tools for Technology Transfer 17, 6 (2015).Google ScholarGoogle Scholar
  17. Florent Kirchner, Nikolai Kosmatov, Virgile Prevosto, Julien Signoles, and Boris Yakobowski. 2015. Frama-C, A Software Analysis Perspective. Formal Aspects of Computing 27, 3 (2015).Google ScholarGoogle Scholar
  18. SAnToS Laboratory. 2022. GCL case studies. https://github.com/ santoslab/hilt22-case-studies/.Google ScholarGoogle Scholar
  19. SAnToS Laboratory. 2022. HAMR ProjectWebsite. https://hamr.sireum. org.Google ScholarGoogle Scholar
  20. SAnToS Laboratory. 2022. Sireum Logika. https://logika.v3.sireum. org/index.html.Google ScholarGoogle Scholar
  21. Brian Larson, Patrice Chalin, and John Hatcliff. 2013. BLESS: Formal Specification and Verification of Behaviors for Embedded Systems with Software. In Proceedings of the 2013 NASA Formal Methods Conference (Lecture Notes in Computer Science, Vol. 7871). Springer-Verlag, Berlin Heidelberg, 276--290.Google ScholarGoogle ScholarCross RefCross Ref
  22. Gilles Lasnier, Bechir Zalila, Laurent Pautet, and Jérome Hugues. 2009. Ocarina: An environment for AADL models analysis and automatic code generation for high integrity applications. In International Conference on Reliable Software Technologies. Springer, 237--250.Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. Xavier Leroy, Sandrine Blazy, Daniel Kästner, Bernhard Schommer, Markus Pister, and Christian Ferdinand. 2016. CompCert-a formally verified optimizing compiler. In ERTS 2016: Embedded Real Time Software and Systems, 8th European Congress.Google ScholarGoogle Scholar
  24. Leonardo de Moura and Nikolaj Bjørner. 2008. Z3: An efficient SMT solver. In International conference on Tools and Algorithms for the Construction and Analysis of Systems. Springer, 337--340.Google ScholarGoogle ScholarCross RefCross Ref
  25. Robby and John Hatcliff. 2021. Slang: The Sireum Programming Language. In International Symposium on Leveraging Applications of Formal Methods. Springer, 253--273.Google ScholarGoogle Scholar

Recommendations

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Sign in

Full Access

  • Published in

    cover image ACM SIGAda Ada Letters
    ACM SIGAda Ada Letters  Volume 42, Issue 2
    December 2022
    87 pages
    ISSN:1094-3641
    DOI:10.1145/3591335
    Issue’s Table of Contents

    Copyright © 2023 Copyright is held by the owner/author(s)

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    • Published: 5 April 2023

    Check for updates

    Qualifiers

    • article
  • Article Metrics

    • Downloads (Last 12 months)13
    • Downloads (Last 6 weeks)5

    Other Metrics

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader
About Cookies On This Site

We use cookies to ensure that we give you the best experience on our website.

Learn more

Got it!