- Authors:
- Peter H. Feiler,
- David P. Gluch
Conventional build-then-test practices are making todays embedded, software-reliant systems unaffordable to build. In response, more than thirty leading industrial organizations have joined SAE (formerly, the Society of Automotive Engineers) to define the SAE Architecture Analysis & Design Language (AADL) AS-5506 Standard, a rigorous and extensible foundation for model-based engineering analysis practices that encompass software system design, integration, and assurance. Using AADL, you can conduct lightweight and rigorous analyses of critical real-time factors such as performance, dependability, security, and data integrity. You can integrate additional established and custom analysis/specification techniques into your engineering environment, developing a fully unified architecture model that makes it easier to build reliable systems that meet customer expectations. Model-Based Engineering with AADL is the first guide to using this new international standard to optimize your development processes. Coauthored by Peter H. Feiler, the standards author and technical lead, this introductory reference and tutorial is ideal for self-directed learning or classroom instruction, and is an excellent reference for practitioners, including architects, developers, integrators, validators, certifiers, first-level technical leaders, and project managers. Packed with real-world examples, it introduces all aspects of the AADL notation as part of an architecture-centric, model-based engineering approach to discovering embedded software systems problems earlier, when they cost less to solve. Throughout, the authors compare AADL to other modeling notations and approaches, while presenting the language via a complete case study: the development and analysis of a realistic example system through repeated refinement and analysis. Part One introduces both the AADL language and core Model-Based Engineering (MBE) practices, explaining basic software systems modeling and analysis in the context of an example system, and offering practical guidelines for effectively applying AADL. Part Two describes the characteristics of each AADL element, including their representations, applicability, and constraints. The Appendix includes comprehensive listings of AADL language elements, properties incorporated in the AADL standard, and a description of the books example system.
Cited By
Bae K and Csaba Ölveczky P (2024). Formal Model Engineering of Synchronous CPS Designs in AADL, ACM SIGAda Ada Letters, 44:1, (26-30), Online publication date: 2-Dec-2024.- Lee J, Bae K and Csaba Ölveczky P Rigorous Model Engineering of Hierarchical Multirate CPSs in MR-HybridSynchAADL Leveraging Applications of Formal Methods, Verification and Validation. Rigorous Engineering of Collective Adaptive Systems, (243-262)
- Li W, Ribeiro P, Miyazawa A, Redpath R, Cavalcanti A, Alden K, Woodcock J and Timmis J (2024). Formal design, verification and implementation of robotic controller software via RoboChart and RoboTool, Autonomous Robots, 48:6, Online publication date: 1-Aug-2024.
- Kirov D, Nuzzo P, Sangiovanni-Vincentelli A and Passerone R (2024). Efficient Encodings for Scalable Exploration of Cyber-Physical System Architectures, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, 43:1, (30-43), Online publication date: 1-Jan-2024.
- Xu X, Wang S, Zhan B, Jin X, Zhan N and Talpin J (2023). Unified Graphical Co-modelling, Analysis and Verification of Cyber-physical Systems by Combining AADL and Simulink/Stateflow, ACM SIGAda Ada Letters, 43:1, (46-49), Online publication date: 30-Oct-2023.
- Bae K and Ölveczky P Formal Model Engineering of Distributed CPSs Using AADL: From Behavioral AADL Models to Multirate Hybrid Synchronous AADL Formal Aspects of Component Software, (127-152)
- Hardin D (2023). Hardware/Software Co-Assurance for the Rust Programming Language Applied to Zero Trust Architecture Development, ACM SIGAda Ada Letters, 42:2, (55-61), Online publication date: 5-Apr-2023.
- Tietz V, Frey C, Schoepf J and Annighoefer B Why the use of domain-specific modeling in airworthy software requires new methods and how these might look like? Proceedings of the 25th International Conference on Model Driven Engineering Languages and Systems: Companion Proceedings, (627-632)
- Kittelmann A, Runge T, Bordis T and Schaefer I Runtime Verification of Correct-by-Construction Driving Maneuvers Leveraging Applications of Formal Methods, Verification and Validation. Verification Principles, (242-263)
- Gamazo-Real J, Zamorano-Flores J and Sanz-Andrés Á Integration of COTS Processing Architectures in Small Satellites for Onboard Computing Using Fault Injection Testing Methodology Software Engineering and Formal Methods. SEFM 2021 Collocated Workshops, (333-347)
- Procter S and Wrage L (2021). Guided architecture trade space exploration: fusing model-based engineering and design by shopping, Software and Systems Modeling (SoSyM), 20:6, (2023-2045), Online publication date: 1-Dec-2021.
- Boronat A (2021). Incremental execution of rule-based model transformation, International Journal on Software Tools for Technology Transfer (STTT), 23:3, (289-311), Online publication date: 1-Jun-2021.
- Brau G and Foughali M Contract-based verification of model transformations Proceedings of the 36th Annual ACM Symposium on Applied Computing, (1559-1568)
- Rosales R and Paulitsch M (2021). Composable Finite State Machine-based Modeling for Quality-of-Information-aware Cyber-physical Systems, ACM Transactions on Cyber-Physical Systems, 5:2, (1-27), Online publication date: 28-Jan-2021.
- Kautz O, Rumpe B and Wortmann A (2020). Automated semantics-preserving parallel decomposition of finite component and connector architectures, Automated Software Engineering, 27:1-2, (119-151), Online publication date: 1-Jun-2020.
- Hilal N and Yurdakul A Model-based Design of a Roadside Unit for Emergency and Disaster Management NOMS 2020 - 2020 IEEE/IFIP Network Operations and Management Symposium, (1-6)
- Kirchhof J, Rumpe B, Schmalzing D and Wortmann A Structurally evolving component-port-connector architectures of centrally controlled systems Proceedings of the 14th International Working Conference on Variability Modelling of Software-Intensive Systems, (1-9)
- Zhan H, Lin Q, Wang S, Talpin J, Xu X and Zhan N Unified Graphical Co-modelling of Cyber-Physical Systems Using AADL and Simulink/Stateflow Unifying Theories of Programming, (109-129)
- Miyazawa A, Ribeiro P, Li W, Cavalcanti A, Timmis J and Woodcock J (2019). RoboChart, Software and Systems Modeling (SoSyM), 18:5, (3097-3149), Online publication date: 1-Oct-2019.
- Cimatti A, DeLong R, Stojic I and Tonetta S Model-Based Run-Time Synthesis of Architectural Configurations for Adaptive MILS Systems Computer Safety, Reliability, and Security, (200-215)
- Liu J, Li T, Ding Z, Qian Y, Sun H and He J (2019). AADL+, Frontiers of Computer Science: Selected Publications from Chinese Universities, 13:3, (516-538), Online publication date: 1-Jun-2019.
- Westman J and Nyberg M (2019). Providing tool support for specifying safety-critical systems by enforcing syntactic contract conditions, Requirements Engineering, 24:2, (231-256), Online publication date: 1-Jun-2019.
- Bozzano M, Bruintjes H, Cimatti A, Katoen J, Noll T and Tonetta S COMPASS 3.0 Tools and Algorithms for the Construction and Analysis of Systems, (379-385)
- Rahmoun S, Mehiaoui-Hamitou A, Borde E, Pautet L and Soubiran E (2019). Multi-objective exploration of architectural designs by composition of model transformations, Software and Systems Modeling (SoSyM), 18:1, (107-127), Online publication date: 1-Feb-2019.
- Zhang C, Niu X and Yu B A Method of Automatic Code Generation Based on AADL Model Proceedings of the 2018 2nd International Conference on Computer Science and Artificial Intelligence, (180-184)
- Kunnappilly A, Marinescu R and Seceleanu C Assuring Intelligent Ambient Assisted Living Solutions by Statistical Model Checking Leveraging Applications of Formal Methods, Verification and Validation. Verification, (457-476)
- Cofer D, Gacek A, Backes J, Whalen M, Pike L, Foltzer A, Podhradsky M, Klein G, Kuz I, Andronick J, Heiser G and Stuart D (2018). A Formal Approach to Constructing Secure Air Vehicle Software, Computer, 51:11, (14-23), Online publication date: 1-Nov-2018.
- Butting A, Jansen N, Rumpe B and Wortmann A Translating grammars to accurate metamodels Proceedings of the 11th ACM SIGPLAN International Conference on Software Language Engineering, (174-186)
- Michel C and Siron P Delay-based distribution and optimization of a simulation model Proceedings of the 22nd International Symposium on Distributed Simulation and Real Time Applications, (21-28)
- González C, Varmazyar M, Nejati S, Briand L and Isasi Y Enabling Model Testing of Cyber-Physical Systems Proceedings of the 21th ACM/IEEE International Conference on Model Driven Engineering Languages and Systems, (176-186)
- Philip G, Suresh V and D'Souza M Safety Validation Using AADL System Architecture Models Proceedings of the 11th Innovations in Software Engineering Conference, (1-10)
- Morozov A, Mutzke T, Ren B and Janschek K AADL-Based Stochastic Error Propagation Analysis for Reliable System Design of a Medical Patient Table 2018 Annual Reliability and Maintainability Symposium (RAMS), (1-7)
- Dridi M, Rubini S, Singhoff F and Diguet J (2018). DTFM, ACM SIGBED Review, 14:4, (53-59), Online publication date: 4-Jan-2018.
- Long A, Ouhammou Y, Grolleau E, Fejoz L and Rioux L Bridging the gap between practical cases and temporal performance analysis Proceedings of the 25th International Conference on Real-Time Networks and Systems, (178-187)
- Bertram V, Maoz S, Ringert J, Rumpe B and von Wenckstern M Component and connector views in practice Proceedings of the ACM/IEEE 20th International Conference on Model Driven Engineering Languages and Systems, (167-177)
- Wagner L, Greve D and Gacek A SIMPAL: a compositional reasoning framework for imperative programs Proceedings of the 24th ACM SIGSOFT International SPIN Symposium on Model Checking of Software, (90-93)
- Neto V A model-based approach towards the building of trustworthy software-intensive systems-of-systems Proceedings of the 39th International Conference on Software Engineering Companion, (425-428)
- McGregor J, Gluch D and Feiler P (2017). Analysis and Design of Safety-critical, Cyber-Physical Systems, ACM SIGAda Ada Letters, 36:2, (31-38), Online publication date: 10-May-2017.
- Tibermacine C, Sadou S, Ton That M and Dony C (2016). Software architecture constraint reuse-by-composition, Future Generation Computer Systems, 61:C, (37-53), Online publication date: 1-Aug-2016.
- Katoen J The Probabilistic Model Checking Landscape Proceedings of the 31st Annual ACM/IEEE Symposium on Logic in Computer Science, (31-45)
- Liu J, Backes J, Cofer D and Gacek A From Design Contracts to Component Requirements Verification Proceedings of the 8th International Symposium on NASA Formal Methods - Volume 9690, (373-387)
- Backes J, Whalen M, Gacek A and Komp J On Implementing Real-Time Specification Patterns Using Observers Proceedings of the 8th International Symposium on NASA Formal Methods - Volume 9690, (19-33)
- Ringert J, Rumpe B and Wortmann A (2015). Composing code generators for C&C ADLs with Application-specific behavior languages (tool demonstration), ACM SIGPLAN Notices, 51:3, (113-116), Online publication date: 11-May-2016.
- Moestl M and Ernst R Handling complex dependencies in system design mischa Proceedings of the 2016 Conference on Design, Automation & Test in Europe, (1120-1123)
- Corre Y, Diguet J, Heller D, Blouin D and Lagadec L (2016). TBES, ACM Transactions on Embedded Computing Systems, 15:1, (1-27), Online publication date: 20-Feb-2016.
- Ringert J, Rumpe B and Wortmann A Composing code generators for C&C ADLs with Application-specific behavior languages (tool demonstration) Proceedings of the 2015 ACM SIGPLAN International Conference on Generative Programming: Concepts and Experiences, (113-116)
- Westman J and Nyberg M Formal Architecture Modeling of Sequential C-Programs Revised Selected Papers of the 12th International Conference on Formal Aspects of Component Software - Volume 9539, (312-329)
- Hissam S, Chaki S and Moreno G High Assurance for Distributed Cyber Physical Systems Proceedings of the 2015 European Conference on Software Architecture Workshops, (1-4)
- Ringert J, Rumpe B and Wortmann A Tailoring the MontiArcAutomaton Component & Connector ADL for Generative Development Proceedings of the 2015 Joint MORSE/VAO Workshop on Model-Driven Robot Software Engineering and View-based Software-Engineering, (41-47)
- Wolf M and Feron E What don't we know about CPS architectures? Proceedings of the 52nd Annual Design Automation Conference, (1-4)
- Ahmad E, Larson B, Barrett S, Zhan N and Dong Y (2014). Hybrid annex, ACM SIGAda Ada Letters, 34:3, (29-38), Online publication date: 26-Nov-2014.
- Gacek A, Backes J, Cofer D, Slind K and Whalen M (2014). Resolute, ACM SIGAda Ada Letters, 34:3, (19-28), Online publication date: 26-Nov-2014.
- Ahmad E, Larson B, Barrett S, Zhan N and Dong Y Hybrid annex Proceedings of the 2014 ACM SIGAda annual conference on High integrity language technology, (29-38)
- Gacek A, Backes J, Cofer D, Slind K and Whalen M Resolute Proceedings of the 2014 ACM SIGAda annual conference on High integrity language technology, (19-28)
- Ruchkin I, De Niz D, Garlan D and Chaki S Contract-based integration of cyber-physical analyses Proceedings of the 14th International Conference on Embedded Software, (1-10)
- Hatcliff J, Wassyng A, Kelly T, Comar C and Jones P Certifiably safe software-dependent systems: challenges and directions Future of Software Engineering Proceedings, (182-200)
- Garlan D Software architecture: a travelogue Future of Software Engineering Proceedings, (29-39)
- Bae K, Ölveczky P and Meseguer J Definition, Semantics, and Analysis of Multirate Synchronous AADL Proceedings of the 19th International Symposium on FM 2014: Formal Methods - Volume 8442, (94-109)
- Larson B, Hatcliff J, Fowler K and Delange J (2013). Illustrating the AADL error modeling annex (v.2) using a simple safety-critical medical device, ACM SIGAda Ada Letters, 33:3, (65-84), Online publication date: 29-Nov-2013.
- Larson B, Hatcliff J, Fowler K and Delange J Illustrating the AADL error modeling annex (v.2) using a simple safety-critical medical device Proceedings of the 2013 ACM SIGAda annual conference on High integrity language technology, (65-84)
- APECS Proceedings of the Eleventh ACM/IEEE International Conference on Formal Methods and Models for Codesign, (1-10)
- Yu H, Ma Y, Gautier T, Besnard L, Talpin J, Guernic P and Sorel Y (2013). Exploring system architectures in AADL via Polychrony and SynDEx, Frontiers of Computer Science: Selected Publications from Chinese Universities, 7:5, (627-649), Online publication date: 1-Oct-2013.
- Katoen J Concurrency meets probability Proceedings of the 24th international conference on Concurrency Theory, (44-45)
- Larson B, Hatcliff J and Chalin P Open source patient-controlled analgesic pump requirements documentation Proceedings of the 5th International Workshop on Software Engineering in Health Care, (28-34)
Index Terms
- Model-Based Engineering with AADL: An Introduction to the SAE Architecture Analysis & Design Language
Reviews
George Hacken
This is the definitive book on model-based engineering (MBE), as realized via the architecture analysis and design language (AADL). We experienced developers fancy ourselves as having "done" model-based engineering the proverbial "all our lives." This highly instructive book will disabuse us of that conceit, and will enlighten us on what has evolved into a very substantive system-level discipline in its own right: model-based engineering via the robust and extensible AADL. The target audience for the book includes advanced undergraduate and graduate students of computing science or software engineering. Experienced practitioners will find the book an opportunity to apply a force-multiplier to what they already know, and to exercise both static and dynamic (behavioral) architectural thinking and design, via 21st century tools. The authors state their goals in the preface: In the past, separate models have been created for various system components and for each of the different analyses [of system capabilities and operational quality attributes]. A systematic and less fragmented approach is an architecture-centric one ... that address[es] system-level issues and maintain[s] a self-consistent set of analytical views ... that retain their validity amidst architectural changes [throughout the life-cycle]. Though the AADL realization of MBE pervades both parts of the book, chapters 1 to 4 give substantial weight to the general principles of MBE, while chapters 5 to 15 treat AADL syntax and semantics in good detail. The appropriate and well-placed AADL code fragments throughout the text are ideal for learning by doing. The topics of the chapters include model-based software systems engineering; working with AADL; the basics of AADL modeling and analysis; applying AADL capabilities; defining AADL components; software components; execution platform components; composite and generic components; static and dynamic architecture; component interactions; system flows and software deployment; organizing AADL models; annotating models; extending the AADL language; and creating and validating models. The appendices provide an AADL syntax and property summary, and list additional resources and references. A major strength of this book is its clear definitions. For example, the authors define MBE as "designat[ing] engineering practices in which models are the central and indispensable artifacts throughout a product's lifecycle[,] encompassing concept, development, deployment, operation, and maintenance." Facets (or "dimensions") of analysis can include consistency of data, rate-monotonic scheduling, and state-machine and temporal-logic representations. But inconsistencies demand an architecture-centric model as the "single source to drive [these] different dimensions of analysis." Architecture-centricity is the key attribute of the AADL species of MBE. Section 1.2 is a good top-level comparison of AADL, Simulink, very-high-speed integrated circuit (VHSIC) hardware description language (VHDL), Modelica, unified modeling language (UML), and systems modeling language (SysML). As before, the book is clear about software components: they are threads, or processes, or data. Hardware abstractions are crisply enumerated as central processing units (CPUs), or memory, or buses, or devices. The syntax of AADL is, in my ungrammatical phrasing, "very Ada," and AADL's semantics include packages with public and private sections "in support of information hiding." This is information about, not criticism of, AADL's syntax for potential users. I also point out that there was a time in the 1980s when there were proponents of Ada itself as a design and specification language. I'll mention, but not elaborate on, another issue that AADL addresses, in my opinion quite successfully: the tension between unadulterated design thinking and "operational thinking," the latter having been "considered harmful" by the one and only E. W. Dijkstra, who continues to have my greatest respect. (My catchphrase for operational thinking is that it refers to a human "playing computer." AADL's dynamic modeling involves system behavior [operations], not that of the fetch-interpret-execute cycle of a CPU, which a high-level procedural language hardly hides.) The enumeration of AADL categories speaks clearly to our conceptual faculty in helping us to form clear, crisp categories: application software, for example, thread, process; platform, for example, processor, memory, bus; composite, that is, system; generic, or abstract (runtime-neutral). Software components are thread, process, data, and subprogram. The definitions of thread and process are the clearest I've encountered. The chapter on static and dynamic architecture in a sense tells the "whole story" of AADL: these modeling "views" (my word), as well as coarse and fine model granularity, are accommodated by AADL. Partially complete models are also analyzable, for issues such as resource budgets of processes. This is an important, perhaps defining, strength of MBE via AADL. The book seems to leave nothing out. For example, ports are declared in or out, queued or not, and as carrying events, data, or both. For example, roll, pitch, yaw can be dispatched together, or "aggregated." Connections can be immediate or delayed, and can be sampled or preemptive. I highly recommend this book. I believe that readers will find the time and effort spent on mastering MBE/AADL will be repaid handsomely by the acquired ability to design and validate "functional and nonfunctional [system] properties, such as behavior, performance, timing, safety, reliability, and security." More reviews about this item: Amazon Online Computing Reviews Service
Access critical reviews of Computing literature here
Become a reviewer for Computing Reviews.
Recommendations
AADL and model-based engineering
HILT '14: Proceedings of the 2014 ACM SIGAda annual conference on High integrity language technologyMission and safety critical software-reliant systems, aka. Cyber-physical systems, face the increasing challenges of exponential increase in verification related software rework cost. Industry studies show that 70% of defects are introduced in ...
AADL and model-based engineering
HILT '14Mission and safety critical software-reliant systems, aka. Cyber-physical systems, face the increasing challenges of exponential increase in verification related software rework cost. Industry studies show that 70% of defects are introduced in ...
Embedded systems engineering with the AADL: modeling & analysis
SIGAda '09: Proceedings of the ACM SIGAda annual international conference on Ada and related technologiesThe SAE Architecture Analysis & Design Language (AADL) is an architecture description language for real-time, fault-tolerant, scalable, embedded, modular multiprocessor systems. It enables the development of highly evolvable systems, early and ...