clutching a grip on autosar using haskell
play

Clutching a Grip on AUTOSAR using Haskell Johan Nordlander - PowerPoint PPT Presentation

Mar 20, 2024 •365 likes •786 views

Clutching a Grip on AUTOSAR using Haskell Johan Nordlander Chalmers University of Technology BOB 2015 Tool-neutral . c Platform-neutral e p s Vendor-neutral Component architecture t c a r t Automotive domain s b A Development

  1. Clutching a Grip on AUTOSAR using Haskell Johan Nordlander Chalmers University of Technology BOB 2015

  2. Tool-neutral . c Platform-neutral e p s Vendor-neutral Component architecture t c a r t Automotive domain s b A Development methodology Industry standard AUTOSAR Real-time e Distribution p o OS kernel c I/O abstraction s Concurrency x e l p Standard library m Communication o C Black box interoperability Standardized interfaces

  3. The AUTOSAR spec. Informal text / UML diagrams / C headers Mixed with (assumed) implementation details >100 documents! >12 500 pages!

  4. Software Components > 1 600 pages

  5. AUTOSAR development AUTOSAR Model Implementation Manual steps • Structure & constraints • C files & config tables • Platform independent • Platform dependent ? • Lacks code • Only code • Not executable • Executable

  6. Consequences Can't test an AUTOSAR model • until after all implementation steps • unless all subsystems are present • without committing to a particular tool/platform Can't simulate a model "in the abstract" Can't really talk about black box AUTOSAR behaviour

  7. RAWFP @ Chalmers Resource-aware functional programming (Exploring Domain-Specific Languages in Haskell) Theme: semantics-based analysis, testing & verification in Haskell; efficient execution after compilation to preferred target code Validator track 1: AUTOSAR Software Components as a Haskell DSL (structure + constraints + code)

  8. AUTOSAR semantics possible behavior alternative behavior AUTOSAR system illegal behavior

  9. Behaviors Behavior = trace = sequence of 
 transitions between system states Semantics = set of possible traces

  10. An AUTOSAR system initially 0 inter-runnable-var S exclusive-area X P1 P3 runnable R1 runnable R3 size 7 period 100 minStartInterval 50 sender/ receiver P0 component B component A P5 P2 P4 runnable R2 runnable R4 triggered by P0 invokedConcurrently client/ server initially 3 inter-runnable-var S + constraints and annotations

  11. An AUTOSAR system parallel composition inter-runnable-var( S:A , ... ) exclusive-area( X:B , ... ) atomic processes qelem( P3:B, ... ) runnable( R1:A , ... ) runnable( R3:B , ... ) rinst( R1:A, ... ) rinst( R3:B, ... ) rinst( R1:A, ... ) opres( P2:A, ... ) runnable( R2:A , ... ) runnable( R4:B , ... ) inter-runnable-var( S:B , ... ) initial ( S:A , 0 ) implementation ( R1:A , Code for R1 ) P1:A ⇒ P3:B facts period ( R1:A , 100 ) implementation ( R2:A , Code for R2 ) P2:A ⇒ P4:B initial ( S:B , 3 ) implementation ( R3:A , Code for R3 ) size ( P3:B , 7 ) implementation ( R4:A , Code for R4 )

  12. Labelled transitions say ( A , L ) say ( A , L ) atom hear ( A , L ) atom hear ( A , L ) atom broadcast

  13. Labelled transitions say ( B , L ) hear ( B , L ) atom hear ( B , L ) atom say ( B,L ) atom non-determinism

  14. The timeline of a runnable instance internal computations • no side-effects! • no global memory! time termination triggering event RTE calls • sequential • observable

  15. The Run-Time Environment rte_send( P , V ) asynchronous send rte_receive( P ) poll receiver port rte_call( P , V ) synchronous call rte_irv_write( S , V ) write shared state rte_irv_read( S ) read shared state rte_enter( X ) acquire a lock rte_exit( X ) release a lock + a few more

  16. The Run-Time Environment rte_send( P , V , Cont ) asynchronous send rte_receive( P , Cont ) poll receiver port rte_call( P , V , Cont ) synchronous call rte_irv_write( S , V , Cont ) write shared state rte_irv_read( S , Cont ) read shared state rte_enter( X , Cont ) acquire a lock rte_exit( X , Cont ) release a lock … return( V ) terminate Compute next RTE call: Cont ( V )

  17. Some simple transitions say ( X:I , enter ) rinst( R:I , Xs , rte_enter( X,Cont ) ) rinst( R:I , X ⧺ Xs , Cont (ok) ) say ( X:I , exit ) rinst( R:I , X ⧺ Xs , rte_exit( X,Cont ) ) rinst( R:I , Xs , Cont (ok) ) hear ( X:I , enter ) exclusive-area( X:I , free ) exclusive-area( X:I , taken ) hear ( X:I , exit ) exclusive-area( X:I , taken ) exclusive-area( X:I , free )

  18. Resulting behaviors rinst( R1:I , Xs1 , rte_enter( X,Cont1 ) ) exclusive-area( X:I , taken ) say ( X:I , enter ) rinst( R2:I , X ⧺ Xs2 , Cont2 (ok) ) rinst( R1:I , X ⧺ Xs1 , Cont1 (ok) ) rinst( R1:I , Xs1 , rte_enter( X,Cont1 ) ) say ( X:I , enter ) exclusive-area( X:I , taken ) exclusive-area( X:I , free ) rinst( R2:I , Xs2 , rte_enter( X,Cont2 ) ) rinst( R2:I , Xs2 , rte_enter( X,Cont2 ) ) rinst( R1:I , X ⧺ Xs1 , Cont2 (ok) ) exclusive-area( X:I , taken ) rinst( R2:I , X ⧺ Xs2 , Cont2 (ok) )

  19. Ambiguities ”The RTE is not required to support nested invocations 
 of rte_exit for the same exclusive area.” [Is it allowed?] ”Requirement [SWS_Rte_01122] permits calls to 
 rte_enter and rte_exit to be nested as long as different 
 exclusive areas are exited in the reverse order they were 
 entered.” [What if they aren’t?] say ( X:I , exit ) rinst( R:I , X ⧺ Xs , rte_exit( X,Cont ) ) rinst( R:I , Xs , Cont (ok) ) hear ( X:I , exit ) exclusive-area( X:I , taken ) exclusive-area( X:I , free ) [Interestingly, deadlock isn’t mentioned in the spec.]

  20. Spawning instances if A ⇒ P:I , events( R:I, dataReceived( P )) : hear ( A , snd( _ , _ ) ) runnable( R:I , T , _, N ) runnable( R:I , T , pending, N ) one bit of info if N =0 | canBeInvokedConcurrently( R:I ) : runnable( R:I , T , idle, N +1 ) say ( R:I , new ) runnable( R:I , 0, pending, N ) rinst( R:I , [], Code ) if minimumStartInterval( R:I, T ), ( ) implementation( R:I , Code )

  21. A semantic pitfall runnable( R:I , 0, idle, 0 ) runnable( R:I , 0, pending, 0 ) hear ( A , snd(1,ok) ) qelem( P:I , N , [] ) qelem( P:I , N , [1] ) runnable( R:I , 0, idle, 1 ) say ( I:R , new ) rinst( R:I , [], Code ) qelem( P:I , N , [1] ) runnable( R:I , 0, pending, 1 ) hear ( A , snd(2,ok) ) rinst( R:I , [], Code ) qelem( P:I , N , [1,2] ) runnable( R:I , 0, idle, 2 ) rinst( R:I , [], Code ) say ( I:R , new ) 2 elements, rinst( R:I , [], Code ) 2 instances qelem( P:I , N , [1,2] )

  22. A semantic pitfall runnable( R:I , 0, idle, 0 ) runnable( R:I , 0, pending, 0 ) hear ( A , snd(1,ok) ) qelem( P:I , N , [] ) qelem( P:I , N , [1] ) runnable( R:I , 0, pending, 0 ) hear ( A , snd(2,ok) ) rinst( R:I , [], Code ) qelem( P:I , N , [1,2] ) runnable( R:I , 0, idle, 1 ) say ( R:I , new ) rinst( R:I , [], Code ) qelem( P:I , N , [1,2] ) 2 elements, only 1 instance!

  23. Passing time if V ≤ T : delta ( V ) runnable( R:I , T , Act , N ) runnable( R:I , T-V , Act , N ) say (…) delta ( … ) hear (…) say (…) delta ( … ) age work relationship not restricted (arbitrarily fast platform)

  24. Prolog formulation Code rinst(R:I, Xs, rte_receive(P,Cont)) ---say(P:I,rcv(V))---> rinst(R:I, Xs, Cont(V)). :- eval(ap(Cont,V),Code). Negation and arithmetics… careful ordering of predicates! Good for exhaustive searches of single (few) transitions A good format for communicating semantic detail? Not for simulating systems — for this we turn to...

  25. AUTOSAR DSL in Haskell Embedding Haskell computations inside AUTOSAR Embedding AUTOSAR simulations inside Haskell instance Monad (RTE c) -- a monad of RTE operations enter :: ExclusiveArea c -> RTE c (StdRet ()) exit :: ExclusiveArea c -> RTE c (StdRet ()) irvWrite :: Data a => InterRunnableVariable a c -> a -> RTE c (StdRet ()) irvRead :: Data a => InterRunnableVariable a c -> RTE c (StdRet a) send :: Data a => ProvidedQueueElement a c -> a -> RTE c (StdRet ()) receive :: Data a => RequiredDataElement a c -> RTE c (StdRet a) write :: Data a => ProvidedDataElement a c -> a -> RTE c (StdRet ()) read :: Data a => RequiredDataElement a c -> RTE c (StdRet a) isUpdated :: RequiredDataElement a c -> RTE c (StdRet Bool) invalidate :: ProvidedDataElement a c -> RTE c (StdRet ()) call :: (Data a, Data b) => RequiredOperation a b c -> a -> RTE c (StdRet b)

  26. AUTOSAR DSL in Haskell instance Monad (AR c) -- a monad of structural building blocks requiredDataElement :: AR c (RequiredDataElement a c) providedDataElement :: AR c (ProvidedDataElement a c) requiredQueueElement :: Int -> AR c (RequiredQueueElement a c) providedQueueElement :: AR c (ProvidedQueueElement a c) requiredOperation :: AR c (RequiredOperation a b c) providedOperation :: AR c (ProvidedOperation a b c) interRunnableVariable :: Data a => a -> AR c (InterRunnableVariable a c) exclusiveArea :: AR c (ExclusiveArea c) runnable :: Invocation -> [Trigger c] -> RTE c a -> AR c () serverRunnable :: (Data a, Data b) => Invocation -> [ProvidedOperation a b c] -> (a -> RTE c b) -> AR c () component :: ( forall c . AR c a) -> AR c' a connect :: Connectable a b => a -> b -> AR c ()

  27. Simple example runA1 runB2 100 ms 50 ms swcA swcB runA2 runB1 50 ms

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

GRIP TM For slippery and calcifjed lesions PTCA balloon catheter Anti-Slippery Efgect Workhorse

GRIP TM For slippery and calcifjed lesions PTCA balloon catheter Anti-Slippery Efgect Workhorse

GRIP TM For slippery and calcifjed lesions PTCA balloon catheter Anti-Slippery Efgect Workhorse Workhorse GRIP GRIP Before After In vitro tests show that GRIP TM remains stable in the lesion while workhorse balloons slip at pressure above

348 views • 7 slides
Haskell-RL An Equational Specification of Haskell in Maude Andrew Bennett Presented on 24 April

Haskell-RL An Equational Specification of Haskell in Maude Andrew Bennett Presented on 24 April

Haskell-RL An Equational Specification of Haskell in Maude Andrew Bennett Presented on 24 April 2006 Summary Haskell / Haskell-RL Examples Supported Features Haskell-RL State Implementation Functions Data Types

631 views • 14 slides
Bringing Haskell to the World www.fpcomplete.com Experience Report Building Haskell Development

Bringing Haskell to the World www.fpcomplete.com Experience Report Building Haskell Development

Bringing Haskell to the World www.fpcomplete.com Experience Report Building Haskell Development and Deployment tools Gregg Lebovitz Director, Product Management FP Complete Company Goals Increase Haskell Adoption Make Haskell More

344 views • 21 slides
CPSC 875 CPSC 875 John D McGregor John D. McGregor Interface Design The next few slides are

CPSC 875 CPSC 875 John D McGregor John D. McGregor Interface Design The next few slides are

CPSC 875 CPSC 875 John D McGregor John D. McGregor Interface Design The next few slides are from the Autosar The next few slides are from the Autosar architecture documentation: Despite the Autosar cofidential tag on each slide these pages

961 views • 56 slides
Getting a grip on the grid: Getting a grip on the grid: A know ledge base to trace grid experim

Getting a grip on the grid: Getting a grip on the grid: A know ledge base to trace grid experim

Getting a grip on the grid: Getting a grip on the grid: A know ledge base to trace grid experim ents Am m ar Benabdelkader ammarb@nikhef.nl Mark Santcroos Mark Santcroos m.a.santcroos@amc.uva.nl Victor Guevara Masis vguevara@nikhef.nl

840 views • 35 slides
GRiP Tools for Interoperability Questions and Considerations for Ethics Committees Evaluating

GRiP Tools for Interoperability Questions and Considerations for Ethics Committees Evaluating

GRiP Tools for Interoperability Questions and Considerations for Ethics Committees Evaluating Paediatric Drug Trials Allison Needham Anne Junker The Hospital for Sick Children in Collaboration with GRiP Partners 2 Aims 1) To collect and

460 views • 19 slides
Haskell Deian Stefan (adopted from my & Edward Yangs CSE242 slides) Why Haskell? The

Haskell Deian Stefan (adopted from my & Edward Yangs CSE242 slides) Why Haskell? The

Haskell Deian Stefan (adopted from my & Edward Yangs CSE242 slides) Why Haskell? The great ideas [Haskell] Expressive power (say more with less) Pattern matching First-class functions Exception handling Type inference Continuations

597 views • 26 slides
Component models for embedded systems: from UML to Autosar Franois Terrier with contributions

Component models for embedded systems: from UML to Autosar Franois Terrier with contributions

Component models for embedded systems: from UML to Autosar Franois Terrier with contributions from Sylvain Robert, Ansgar Radermacher, Frdric Loiret CEA-List francois.terrier@cea.fr DTSI Monterey Workshop, Paris - 2006, October 17 1

485 views • 36 slides
Through the lens of Haskell Exploring new ideas for library design @georgesdubus Haskell, the

Through the lens of Haskell Exploring new ideas for library design @georgesdubus Haskell, the

Through the lens of Haskell Exploring new ideas for library design @georgesdubus Haskell, the language Haskell, the ecosystem Design space There should be one and preferably only one obvious way to do it. (Python) There should be

831 views • 46 slides
Deriving a Relationship from a Single Example Neil Mitchell community.haskell.org/~ndm/derive

Deriving a Relationship from a Single Example Neil Mitchell community.haskell.org/~ndm/derive

Deriving a Relationship from a Single Example Neil Mitchell community.haskell.org/~ndm/derive Haskell data type Haskell lets us define data types: data Language = Haskell [Extension] Compiler | Javascript | Cpp Version Eq instance

1.46k views • 56 slides
Metaprogramming Haskell, Metaprogramming Haskell, Metaprogramming Haskell, The Racket Way The

Metaprogramming Haskell, Metaprogramming Haskell, Metaprogramming Haskell, The Racket Way The

Metaprogramming Haskell, Metaprogramming Haskell, Metaprogramming Haskell, The Racket Way The Racket Way The Racket Way Alexis King Alexis King Northwestern University & PLT 1 #!/bin/bash set -ueo pipefail curl -s

1.4k views • 70 slides
Haskell for Grownups Bill Harrison February 8, 2019 Table of Contents Introduction Resources

Haskell for Grownups Bill Harrison February 8, 2019 Table of Contents Introduction Resources

Haskell for Grownups Bill Harrison February 8, 2019 Table of Contents Introduction Resources for Haskell Haskell vs. C Types + Functions = Programs Pragmatics Modules are the basic unit of a Haskell program Using GHCi How to Write a

761 views • 50 slides
GRIP Presentation to Kansas City, Missouri Parks and Recreation Department Development Committee

GRIP Presentation to Kansas City, Missouri Parks and Recreation Department Development Committee

GRIP Presentation to Kansas City, Missouri Parks and Recreation Department Development Committee July 24, 2003 Gillham Road Improvement Project (GRIP) is an undertaking by five neighborhoods and the parks and recreations department to prepare

204 views • 8 slides
WINDOW CRIMPS WITH SURE GRIP FASTER Install in only three quick steps. SAFER Stronger

WINDOW CRIMPS WITH SURE GRIP FASTER Install in only three quick steps. SAFER Stronger

WINDOW CRIMPS WITH SURE GRIP WINDOW CRIMPS WITH SURE GRIP FASTER Install in only three quick steps. SAFER Stronger connections are more secure. SMARTER Eliminate the guesswork of installing pulling heads. WINDOW CRIMPS

481 views • 9 slides
A Haskell-Implementation of STM Haskell with Early Conflict Detection David Sabel

A Haskell-Implementation of STM Haskell with Early Conflict Detection David Sabel

A Haskell-Implementation of STM Haskell with Early Conflict Detection David Sabel Goethe-University, Frankfurt, Germany ATPS 2014, Kiel 1 Introduction Software Transactional Memory (STM) treats shared memory operations as transactions

325 views • 20 slides
haskell cons In haskell consing is done via the infix operator (:). For example: (cons 1 (cons 2

haskell cons In haskell consing is done via the infix operator (:). For example: (cons 1 (cons 2

haskell cons In haskell consing is done via the infix operator (:). For example: (cons 1 (cons 2 (cons 3 null))) is the same as 1:2:3:[] in haskell types Haskell has types! Love the typechecker Some of these types you are familiar

566 views • 9 slides
ANR AAPG 2018 PHILAE Project Project Presentation Pr. Bruno Legeard Scientific

ANR AAPG 2018 PHILAE Project Project Presentation Pr. Bruno Legeard Scientific

ANR AAPG 2018 PHILAE Project Project Presentation Pr. Bruno Legeard Scientific Coordinator Pr. Roland Groz project leader for LIG (Grenoble) From Model-Based Testing to Cognitive Test Automation PHILAE Mission Statement PHILAE

431 views • 17 slides
1 Evidence (short) company description and a bit of roadmap! Paolo Gai, pj@evidence.eu.com

1 Evidence (short) company description and a bit of roadmap! Paolo Gai, pj@evidence.eu.com

1 Evidence (short) company description and a bit of roadmap! Paolo Gai, pj@evidence.eu.com IWES Workshop Roma, 7 September 2017 2 The company Retis Lab S. Anna Working on a wide range of embedded applications and research topics 21

178 views • 14 slides
How to port a TCP/IP stack in your kernel TCP/IP stacks without an Ethernet driver Focus on lw IP

How to port a TCP/IP stack in your kernel TCP/IP stacks without an Ethernet driver Focus on lw IP

How to port a TCP/IP stack in your kernel Nassim Eddequiouaq Introduction How to port a TCP/IP stack in your kernel TCP/IP stacks without an Ethernet driver Focus on lw IP Conclusion Nassim Eddequiouaq July 20, 2014 Plan How to port a

562 views • 35 slides
FOSS FPGA Martin Hubek @hubmartin martinhubacek.cz youtube.com/hubmartin Q = I0 & I1

FOSS FPGA Martin Hubek @hubmartin martinhubacek.cz youtube.com/hubmartin Q = I0 & I1

FOSS FPGA Martin Hubek @hubmartin martinhubacek.cz youtube.com/hubmartin Q = I0 & I1 & I2 & I3 I0 - I3 Q I0 - I3 Q Combinatorial logic 0000 0 1000 0 0001 0 1001 0 0010 0 1010 0 0011 0 1011 0 0100 0 1100

710 views • 38 slides
Language support and linguistics in Lucene, Solr and ElasticSearch and the eco-system June 3rd,

Language support and linguistics in Lucene, Solr and ElasticSearch and the eco-system June 3rd,

Language support and linguistics in Lucene, Solr and ElasticSearch and the eco-system June 3rd, 2013 Christian Moen cm@atilika.com About me MSc. in computer science, University of Oslo, Norway Worked with search at FAST (now Microsoft)

1.83k views • 144 slides
CROSS CULTURAL CHALLENGES IN THE CROSS CULTURAL CHALLENGES IN THE CROSS CULTURAL CHALLENGES IN

CROSS CULTURAL CHALLENGES IN THE CROSS CULTURAL CHALLENGES IN THE CROSS CULTURAL CHALLENGES IN

CROSS CULTURAL CHALLENGES IN THE CROSS CULTURAL CHALLENGES IN THE CROSS CULTURAL CHALLENGES IN THE CROSS CULTURAL CHALLENGES IN THE EUROPE WIDE MARKETING: EUROPE WIDE MARKETING: EUROPE WIDE MARKETING: EUROPE WIDE MARKETING: THE WINE INDUSTRY

782 views • 37 slides
On estimating the number of flows Bruce Spang, Nick McKeown December 3, 2019 How big should a bu

On estimating the number of flows Bruce Spang, Nick McKeown December 3, 2019 How big should a bu

On estimating the number of flows Bruce Spang, Nick McKeown December 3, 2019 How big should a bu ff er be? BDP : Villamizar and Song 1994 Depends on the number of flows BDP/ n : Appenzeller, McKeown, Keslassy 2004 O(n) : Dhamdhere, Jiang,

654 views • 18 slides
Buffer sizing and Video QoE Measurements at Netflix Bruce Spang , Brady Walsh, Te-Yuan Huang,

Buffer sizing and Video QoE Measurements at Netflix Bruce Spang , Brady Walsh, Te-Yuan Huang,

Buffer sizing and Video QoE Measurements at Netflix Bruce Spang , Brady Walsh, Te-Yuan Huang, Tom Rusnock, Joe Lawrence, Nick McKeown February 10, 2020 What are we talking about? What are we talking about? Buffer Server 1 ISP Server 2

644 views • 51 slides

More recommend