Over the last decade model-driven development, in a variety of incarnations, has become a competitive edge in mission-critical and business-critical industrial application domains. At its first appearance in industrial settings, the central benefit of model-driven development was commonly identified as its ability to raise the level of development abstraction from technology-dominated code artefacts to domain-specific model elements. The maturity gained over time by the use of methods and the underlying technology has shown that there are two more fundamental benefits to model-driven development.
The first and foremost benefit is the push for the emergence, maturation and consolidation of best practices at all levels of implementation and analysis underneath the user modelling space. These practices extend to architectural styles, programming models, assured conformance with analysis assumptions, and traceable apportionment of model properties to implementation artefacts. This condition, which is achieved at a fraction of the cost and with much less friction than what quality processes have for years tried to pursue, is the direct consequence of the enormous potential that model transformation techniques offer to model-driven development. The expression that best captures this benefit is “correct-by-construction”, as compared to the more costly “correct-by-correction” nature of traditional development. The code products that proceed from instances of automated model transformations that embed all of the applicable programming prescriptions, need no check of conformance; only the model transformation algorithms do, and only once per execution platform. Of course, we must sharply distinguish architectural and programmatic correctness – which results from the goodness of the model-to-code transformation procedures and needs to be demonstrated only once – from functional correctness, which descends from the goodness of the user solution in the modelling space, which must be demonstrated for every model.
The second and equally important benefit obtained when adhering to the principles of the model-driven architecture initiative is a direct consequence of the first: the user modelling space can completely abstract away from platform-specific considerations of implementation techniques and technology, without losing sight of their impact on the quality of the product. The user modelling space therefore becomes what it is meant to be in the first place: the logical place, rich in domain-specific abstractions, in which a solution for the system problem is designed, analyzed, demonstrated and possibly iterated over for correction, refinement and improvement. In order for this to be possible the modelling infrastructure must support:
- automated and provable transformations that feed the user model into specialized verification tools with guarantee of no semantic distortion; and
- seamless back propagation of verification results directly into the user model.
In that manner, the user is allowed to operate at as high a level of abstraction as desired, while staying fully aware of what the system implementation becomes in actuality and how it performs on the target. This condition has two very attractive ramifications:
- the system development process can accommodate corrective iterations at far less cost and far more agility than with traditional approaches;
- the user modelling space, now the single focus of attention of the development environment, can be organized in concern-specific design views, in order that specialized skills can operate on the development concerns within their competence using specialized model elements and transformations.
This latter condition joins two powerful concepts: design views, which are a recently emerged and already vastly acknowledged asset to master the complexity of system design; and separation of concerns, a long-known but often forgotten disciplinary practice originally proposed by E.W. Dijkstra in 1974 to foster specialized reasoning about well-defined responsibilities.
Furthermore, if the user modelling space is organized around a convenient component model, composability becomes a feature of the development method, which consequently takes on the incremental nature that is eagerly sought by most industrial development processes. The very combination of all the above directions creates important challenges for the development of high integrity software that will be faced by the CONCERTO project. The essence of the overall concept developed by CONCERTO is illustrated in the following figure.
Emerging embedded systems platforms harnessing new heterogeneous, multicore architectures to enable the next generation of powerful mission-critical applications are demanding across-the-board advances in all areas of design and development to fulfil their promise. This need for broad-spectrum innovation drives the objectives of CONCERTO providing a complete and coherent model based approach to the production of these complex systems, from the earliest design phases through analysis and deployment. The CONCERTO project research and development objectives are:
- Enable correctness-by-construction for multicore systems through model-driven engineering. Bringing component based, model-driven engineering to the new generation of multicore architectures is a core objective of CONCERTO from which others derive naturally. This objective involves innovative new approaches to the modelling and generation of software systems that take advantage of parallelism, and new model-to-code transformation engines that handle multiprocessor scheduling issues, parallel real-time garbage collection, etc.
- Development of advanced hardware modelling capabilities. Innovation at the lowest levels of modelling is needed to capture the full potential of the new platforms with MDE. CONCERTO will develop new techniques to describe the structure and hierarchy of complex hardware baselines in such a way as to enable the automatic generation of virtual prototypes, including multicore processors, peripheral devices and reused IP blocks.
- Enhanced hierarchical, multi-domain component model. Current software component models are not adequate to manage component-based development of the new, highly structured architectures. CONCERTO will advance the state of the art in support for component hierarchies in which nonfunctional properties are preserved and guaranteed across interfacing, delegation, and promotion within complex component assemblies. It will be ensured that this augmented hierarchical component model is valid across multiple-domains, enabling wide spectrum applicability.
- Bring support for separation of concerns into the multi-domain, multicore environment. The new generation of architectures brings a host of new dimensions to be considered in the development process, massively complicating the designer’s job. CONCERTO will enhance the approach of separation of concerns for mastering the complexities of this new environment with support for managing cross-cutting concerns, as well as providing a solid foundation at metamodel level for viewpoint definition that enables development of purpose- and technology-specific tools.
- Advances in intelligent runtime monitoring facilities. The complexity of the new platforms is such that they can no longer be managed or analyzed with a priori, static approaches. Sophisticated new runtime monitoring mechanisms, algorithms, and extensions for execution platforms are needed to enforce mission-critical runtime policies and to support the analysis of non-functional properties such as energy consumption.
- Back propagation from platform-specific to platform-independent models to enable iterative and incremental development of multicore systems. The advanced modelling and analysis capabilities and intelligent runtime monitoring facilities will be exploited together with additional modelling artefacts to provide innovative support for propagating information on non-functional properties (such as predictability, energy / power consumption, dependability, and safety) back up to design levels to enable true, incremental and iterative development and early verification even for the complex architectures associated with multicore systems.
The CONCERTO project will carry out research and development over a three year period to achieve these objectives.