Software dependability modeling using an industry-standard architecture description language

Ana-Elena Rugina1,*, Peter H. Feiler2, Karama Kanoun1 and Mohamed Kaâniche1 1: LAAS–CNRS, University of Toulouse, Toulouse (France) 2: Software Engineering Institute, Carnegie Mellon University, Pittsburgh, PA (U.S.A.)

*: Contact author, now with EADS ASTRIUM, Ana-Elena.Rugina@astrium.eads.net,
31 Av. des Cosmonautes, 31402 Toulouse cedex 4, France

Abstract: Performing dependability evaluation along with other analyses at architectural level allows both making architectural tradeoffs and predicting the effects of architectural decisions on the dependability of an application. This paper gives guidelines for building architectural dependability models for software systems using the AADL (Architecture Analysis and Design Language). It presents reusable modeling patterns for fault-tolerant applications and shows how the presented patterns can be used in the context of a subsystem of a real-life application.
Keywords: AADL, fault tolerance, reuse, patterns

1. Introduction Modeling software architectures has proved to be useful for promoting reuse and evolution of large applications using extensively components-off- the-shelf (COTS). In addition, performing several analyses of quality attributes such as dependability and performance on a common architectural model is particularly interesting, as this allows making architectural tradeoffs [1].
   The AADL (Architecture Analysis and Design Language) [2] is a textual and graphical language that provides precise execution semantics for modeling the architecture of software systems and their target platform. It has received an increasing interest from the embedded safety- critical industry (e.g., Honeywell, Rockwell Collins, Lockheed Martin, the European Space Agency, Astrium, Airbus) during the last years. The AADL is characterized by all the properties that an architecture description language (ADL) should provide (composition, abstraction, reusability, configuration, heterogeneity, analysis) [3].
   In this paper, we focus on architecture-based dependability modeling and evaluation using the AADL. Our work aims at helping engineers using the AADL for other purposes (e.g., for performance analyses), to integrate dependability modeling in their development process.
   We provide guidance on using the AADL language for modeling behaviors of fault-tolerant software systems, and show that the development of patterns is very useful to facilitate the modeling of fault tolerance behavior and to enhance the reusability of the models. We define a fault tolerance pattern as a reusable model describing a fault tolerance strategy at the architectural level. To be used in a particular system, a pattern must be instantiated and customized if necessary. The use of patterns and, more generally, dependability modeling at architectural level favors the reduction of recurrent dependability modeling work and the understandability of the dependability model (thus reflecting the modularity of the architecture) [4] and allows the designer to reason about fault tolerance and to assign exceptional behavior responsibilities among components [5]. At the same time, dependability measures (i.e., availability, reliability, safety) can be evaluated based on the AADL model. This allows predicting the effects of particular architectural decisions on the dependability of the system [6]. Other analyses (e.g., related to performance) may be performed on the same AADL model, which allows understanding the tradeoff between the benefits of a certain fault tolerance pattern and its impact on the application’s performance [7].
   From a practical point of view, the AADL model must be transformed into a stochastic model such as a Markov chain [8] or a Generalized Stochastic Petri net [9], to obtain dependability measures such as reliability, availability, etc. In this paper we focus on the use of patterns to facilitate the AADL model construction. The paper is organized as follows. Section 2 surveys related work. Section 3 outlines the main concepts of the AADL and its support for dependability modeling. Section 4 gives guidance, resulting from our experience, on building dependability models for fault-tolerant software systems using the AADL. Section 5 presents AADL fault tolerance patterns for three duplex software systems (i.e., dual-redundant systems), differing by their error detection mechanisms. Section 6 illustrates the use of patterns to model a real-life application and shows examples of dependability analysis results of interest for software engineers. Finally, conclusions and perspectives are presented in Section 7.
2. Related work Software architecture modeling for dependability analysis and evaluation has received a growing interest during the last two decades. Ear

…(Full text truncated)…