APECS code synthesis: Extending ocarina for multi-threaded code synthesis from AADL models for Safety Critical applications

For Safety Critical CPS applications, Architecture Analysis and Design Language (AADL) can provide a framework for formally modeling end-to-end Cyber Physical Systems (CPS). Such a model includes hardware platform model, software architecture model, the real-time bounds on software and hardware components. An AADL model of the system allows early formal analysis of real-time schedulability, end-to-end performance, power, memory requirements and correctness. Multiple tool support for AADL modeling and analysis exists, including software code generator, which glues together software components declared in the software architecture model. Ocarina is one such tool for software generation but it requires that the modeler provides the subprogram code in C/C++ or Ada. For correct-by-construction code synthesis, it is ideal to eliminate manually written code, and instead of using Ocarina as a glue code generator, using it for complete code synthesis from formal models. Support for Esterel and Lustre based specification of subprograms already have been attempted, but they usually specify specific subprogram elements, and the specific code generators are invoked to synthesis C/C++ code and then Ocarina glues them together based on the architectural constraints specified in the AADL model. This means that in a multi-threaded or multi-process software architecture, we still have to maneuver to get correct synchronization code. Moreover, if the granularity of code synthesis is at the function or subprogram level, we cannot gain much towards the goal of correct-by-construction synthesis and we believe that taking advantage of polychronous modeling and code synthesis would be ideal to achieve that goal. In this work, we show how to extend the Ocarina code generator to work with our Polychronous modeling and code synthesis solution to obtain multi-threaded code, improving the code-synthesis granularity from subprograms to processes while guaranteeing the implementation correctness- Moreover, a real-time extension of our polychronous code synthesis can provide the opportunity to enhance the real-time schedulability analysis of AADL. In this paper, we will outline the problem of AADL based model-driven implementation of CPS systems, describe the state-of-art code generation through Ocarina, point out why the extensions we propose are needed, and finally describe our code synthesis extension for multi-threaded code synthesis in our AADL modeling, analysis and code synthesis tool APECS which extends OSATE and Ocarina tools for AADL.