Code Generation Strategies for Partitioned Systems Julien DELANGE, Laurent PAUTET TELECOM ParisTech - LTCI UMR 5141 46, rue Barrault F-75634 Paris CEDEX 13, France delange@enst.fr, pautet@enst.fr Fabrice KORDON LIP6, Univ. P & M. Curie 4 place Jussieu 75252 Paris Cedex 05, France fabrice.kordon@lip6.fr Abstract Design and verification of Distributed Real-time Embed- ded (DRE) systems are crucial because a failure or a secu- rity problem may cause loss of life or the premature end of a mission. Code for such systems must be verified to avoid failures and errors. To improve dependability and reliability, the concept of partitioned architecture has been proposed. Partitioned architectures isolate partitions and reduce failures propagation. However, system’s configura- tion as well as application code remain hand-written, which is error-prone, difficult to check and certify. In this paper, we present an approach to automatically generate and configure partitioned systems. We model par- titioned systems using a language suitable for real-time em- bedded systems. Then, we automatically generate code from models. Generated code follows the semantics of the model so it enforces specified requirements. 1 Introduction Dependability and reliability are crucial topics for dis- tributed, real-time and embedded (DRE) systems, espe- cially when failures are mission or life-critical. These sys- tems must be certified and verified. Confidentiality, security and safety are also major top- ics: safety and security policies must be enforced across the system (from low to higher layers). We must ensure that entities can read or write only some data (security enforce- ment), perform only allowed operations and that failures are not propagated across the system. To address these issues, partitioned architectures [1, 9] were introduced. They enforce isolation in term of space and time between software components. Partitioned sys- tems improve dependability and reliability. However, verifi- cation of their requirements is made at run-time. Moreover, most of code remains hand-written, which is prone of error and makes system’s verification difficult. This papier introduces a new process development (il- lustrated in figure 1) that enables verification of system’s security and safety requirements at design-time. At first, system’s designer writes specifications and checks his/her requirements enforcement (step 1). Then, configuration as well as application code is automatically generated from the specifications (step 2). Finally, underlying executive, gen- erated code and application code (the functional part of the system) are compiled together. The result is a functional system that enforces specifications’ requirements. AADL Model Security & Safety verifications (step 1) Code generation (step 2) Generated code Partitioned kernel and middleware Compilation (step 3) Binary User code Figure 1. Development process using model and code generation Such a design process must rely on a modeling lan- guage to describe system’s architecture and properties. We selected the Architecture Analysis and Design Language (AADL), which is suitable to design DRE systems. Model- ing and verification of safe and secure systems using AADL (step 1) has been already explored [4, 8]. Consequently, this work focuses on code generation from these models (step 2). Our code-generation process is automatic: kernel’s con- figuration code is created according to the model as well as application and configuration code for each partition. It au- tomatically sets up kernel’s and partition’s services, config- ures resources (priorities of tasks, scheduling policy, etc.), which results in a more reliable and robust system.