Architecture Modeling - SPES 2020
Architecture Modeling - SPES 2020
Architecture Modeling - SPES 2020
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
1 Introduction<br />
This document proposes a meta-model for architectures of embedded systems. The overall<br />
scope taken is deliberately broad, aiming at covering multiple perspectives of embeddedsystems<br />
based product development. As e. g. pointed out in [49], risk mitigation strategies<br />
in product development require a holistic approach encompassing all sub processes and their<br />
interfaces, hence requiring to cover the full range of what we call perspectives, from a geometric/physical<br />
view of the product, to a view focusing on its technical architecture, to a view<br />
elaborating its logical architecture, grouping functionality according to (sub-) system organisation,<br />
to a purely functional perspective (getting the functional specifications right), and starting<br />
with an operational perspective, focusing on interface requirements e. g. based on operational<br />
scenarios. This separation of concerns by perspectives is complemented by offering abstraction<br />
levels, as a well known principle to cope with complexity in system design. Hence design artifacts<br />
can be placed in a two-dimensional design space, organized by perspective and level of<br />
abstraction.<br />
We enrich this generic approach by a component model largely derived from the concept of<br />
Heterogeneous Rich Components (HRC)[20]. Specifically, this allows to provide rigorous interface<br />
specifications for design artifacts residing in this two-dimensional design space. The term<br />
“rich” alludes to the key ingredient of HRC components to provide (rigorous) interface specifications<br />
for multiple what we call aspects, encompassing both functional and extra-functional<br />
(e.g. safety and real-time) characteristics of components. Specifically, we propose the usage of<br />
contract-based specifications, which allow, for each aspect, to characterize the allowed design<br />
contexts of a component (through what we call strong assumptions) - violating these constitutes<br />
an out-of-specification (“illegal”) usage of the component, thus “excluding liability”: no<br />
guarantees of the component’s functional and extra-functional characteristics are given for such<br />
illegal design contexts. For allowed design contexts, the guarantee part of the contract allows to<br />
characterize both functional and extra-functional properties of the component. Often, these are<br />
case-dependent; we support what we call weak assumptions structuring contract specifications<br />
according to cases (thus refining the allowed design contexts).<br />
Weak assumptions partition the context in which the system is intended to be used with<br />
respect to its strong assumption. Hence, a single weak assumption defines only a part of the<br />
allowed system context. With this, it is possible to define different use cases for a component. If<br />
the context is able to ensure a weak assumption of a component, this component may guarantee<br />
a more restricted behavior. Note, that the notion of weak assumptions does not adress operation<br />
modes, which are switched during operation of the corresponding system.<br />
We propose a formal pattern based specification language RSL for expressing both assumptions<br />
and guarantees. RSL comes with patterns supporting multiple aspects of components;<br />
within <strong>SPES</strong> we focus on modelling functional aspects, real-time aspects, and safety aspects.<br />
We point out, that the notion of contract-based specifications is independent of the choice of the<br />
concrete formal notation for expressing contracts. Indeed, contracts can as well be formalized<br />
within other formal specification languages, such as AutoFocus [13], Live Sequence Charts<br />
[16], PSL [2], Interface Automata [22], Real-Time Statecharts [26] etc.<br />
Aspects of components can thus be rigorously specified through contracts. Their realization,<br />
1/ 156