VEST User’s Manual

Version 4.0
Released January 2004

VEST Group
Department of Computer Science
University of Virginia
Contact: John A. Stankovic
[email protected]
http://www.cs.virginia.edu/brochure/profs/stankovic.html
1 WHAT’S NEW IN RELEASE 4.0.......................................................................................................4
1.1 VEST TOOL....................................................................................................................................4
1.2 NEW FEATURES...............................................................................................................................4
1.3 UPDATES TO USER’S MANUAL........................................................................................................4
2 INTRODUCTION.................................................................................................................................5
2.1 OVERVIEW OF VEST.......................................................................................................................5
2.2 OVERVIEW OF GME........................................................................................................................6
3 INSTALLATION...................................................................................................................................7
3.1 INSTALLING GME...........................................................................................................................7
3.2 INSTALLING VEST..........................................................................................................................7
3.2.1 Loading the VEST metamodel in GME......................................................................................7
3.2.2 Registering the VEST metamodel.............................................................................................10
3.2.3 Loading and Running a VEST project......................................................................................11
3.2.4 Manually Adding Interpreters to VEST....................................................................................12
4 THE VEST TOOL...............................................................................................................................15
4.1 COMPOSITION ENVIRONMENT.......................................................................................................15
4.1.1 Model Editing Window.............................................................................................................15
4.1.2 Project Browser........................................................................................................................16
4.1.3 Component Browser.................................................................................................................18
4.1.4 Attribute Window......................................................................................................................19
4.1.5 Menu Bar..................................................................................................................................20
4.1.6 Tool Bar....................................................................................................................................21
4.1.7 Mode Bar..................................................................................................................................21
4.1.8 Status Bar.................................................................................................................................22
4.1.9 Title Bar....................................................................................................................................23
4.2 ASPECT CHECKS............................................................................................................................23
4.2.1 Buffer-Size Check.....................................................................................................................23
4.2.2 Memory Check..........................................................................................................................23
4.2.3 RT Scheduling...........................................................................................................................24
4.3 PRESCRIPTIVE ASPECTS.................................................................................................................25
5 USING VEST.......................................................................................................................................27
5.1 BUILDING A SYSTEM DESIGN........................................................................................................27
Exercise (Time Required: 1-2 hours)....................................................................................................27
5.1.1 Creating a new VEST project...................................................................................................28
5.1.2 Creating a Model Layer...........................................................................................................29
5.1.3 Creating Components...............................................................................................................30
5.1.4 Creating Relationships between Components..........................................................................31
5.1.5 Setting Component Attribute Values........................................................................................33
5.1.6 Creating Sub-Components........................................................................................................34
5.1.7 Creating References.................................................................................................................34
5.1.8 Creating Event Channels..........................................................................................................35
5.2 USING ASPECT CHECKS.................................................................................................................37
5.2.1 Memory Check..........................................................................................................................37
5.2.2 Buffer-size Check......................................................................................................................38
5.2.3 RT Scheduling Check................................................................................................................40
5.3 USING PRESCRIPTIVE ASPECTS.....................................................................................................42
6 REFERENCES....................................................................................................................................47

VEST Users Manual 2

7 APPENDIX 1: ACL TO VEST MAPPING.......................................................................................48

8 APPENDIX 2: VEST TO XML CONFIGURATION MAPPING..................................................50

9 APPENDIX 3: RT SCHEDULING API............................................................................................51

10 APPENDIX 4: VPAL BNF SPECIFICATION............................................................................53

11 APPENDIX 5: DESIGNING PRISM SYSTEMS IN VEST........................................................55

11.1 HARDWARE LAYER.......................................................................................................................55
11.2 SOFTWARE LAYER.........................................................................................................................55
11.2.1 Event Channels....................................................................................................................57
11.2.2 Recepticles/Facets................................................................................................................57
11.2.3 Processor Mappings............................................................................................................58
11.2.4 Specifying Timeouts............................................................................................................58

VEST Users Manual 3

1 What’s New in Release 4.0

1.1 VEST Tool

 VEST 4.0 includes a meta-model that works with GME 3

 Product Scenario files for 3.3 and 3.4 are included
 New icons for the SW and HW layer

1.2 New Features

The following are new features in VEST 4.0:

 Event Check Aspect
This check ensures that for every supplier, there is at least one consumer and vice-
versa
 New Scheduling API
Allows other technology developers to easily extend VEST’s scheduling analysis
 New Prescriptive Aspect Language
Enhanced language allows users to compose and execute multi-line, compound
prescriptive aspects with precedence constraints based on properties of components
and relationships between them.

1.3 Updates to User’s Manual

Documentation for the following are included in this update:

 New Scheduling API (Appendix 3)

 New Prescriptive Aspects (Sections 4.3 , 5.3 and Appendix 4)
 Designing Prism systems in VEST (Appendix 5)

VEST Users Manual 4

2 Introduction

2.1 Overview of VEST

VEST (Virginia Embedded Systems Toolkit) provides an environment for constructing

and analyzing component-based distributed real-time embedded systems. VEST helps
developers select or create passive software components, compose them into a product,
map the passive components onto active structures such as threads, map threads onto
specific hardware, and perform dependency checks and non-functional analyses to offer
as many guarantees as possible along many dimensions including real-time performance
and reliability. Distributed embedded systems issues are explicitly addressed via the
mapping of components to active threads and to hardware, the ability to include
middleware as components, and the specification of a network and distributed nodes.

The VEST environment is composed of the following:

 4 Component Libraries
 Prescriptive Aspects Library
 Aspect Checks
 Composition Environment

A brief description of each of these follows. For more detailed information, please refer
to [1].

 Component Libraries: Because VEST supports real-time distributed embedded

systems, the VEST component libraries contain both software and descriptions of
hardware components and networks. VEST components can be abstract or actual. An
abstract component is a design entity that represents the requirements, e.g., a timer
with certain requirements or a generic processor is an abstract component. An actual
component is the implementation or description of a reusable entity. A specific timer
module written in C and a Motorola MPC7455 are examples of actual components.
Sets of reflective information exist for each of these component types. The reflective
information of an abstract component includes its interface and requirements such as
for security. The reflective information for actual components includes categories
such as linking information, location of source code, worst-case execution time,
memory footprint, and other reflective information needed to analyze crosscutting
dependencies. The extent of the reflective information and its extensibility are some
of the key features that distinguish VEST from many other tools. To support the
whole design process of embedded systems, VEST implements four component
libraries: the application library, middleware library, OS library and a hardware
library.
 Prescriptive Aspects Library: Prescriptive aspects are reusable programming
language independent advice that may be applied to a design. For example, a

VEST Users Manual 5

 developer can invoke a set of prescriptive aspects in the library to add a certain
security mechanism en masse to an avionics product.
 Aspect Checks: VEST implements both a set of simple intra- and inter-component
aspect checks that crosscut component boundaries. A developer can apply these
checks to a system design to discover errors caused by dependencies among
components. One aspect check in VEST is the real-time schedulability analysis for
both single-node and distributed embedded systems. VEST can also invoke off-the-
shelf analysis tools from its GUI environment.
 Composition Environment: VEST provides a GUI-based environment that lets
developers compose distributed embedded systems from components, perform
dependency checks, and invoke prescriptive aspects on a design.

VEST 3.0 has been implemented using GME (Generic Modeling Environment). GME [2]
is a meta-modeling environment with an extensible collection of model editing tools
supporting a Model-Based Development approach to system/software engineering. More
detailed information on GME is provided in the following subsection.

2.2 Overview of GME

The Generic Modeling Environment (GME) developed at the Institute for Software
Integrated Systems at Vanderbilt University is a configurable toolkit for creating domain-
specific modeling and program synthesis environments. The configuration is
accomplished through metamodels specifying the modeling paradigm (modeling
language) of the application domain. The modeling paradigm contains all the syntactic,
semantic, and presentation information regarding the domain – which concepts will be
used to construct models, what relationships may exist among those concepts, how the
concepts may be organized and viewed by the modeler, and rules governing the
construction of models. The modeling paradigm defines the family of models that can be
created using the resultant modeling environment.

The metamodels specifying the modeling paradigm are used to automatically generate the
target domain-specific environment. The generated domain-specific environment is then
used to build domains. These models are used to automatically generate the applications
or to synthesize input to different COTS analysis tools. This process is called model
interpretation.

The relationship between VEST and GME can be described as follows. The component
libraries of VEST are implemented as meta-models in GME. When designing a system
using the VEST metamodel, GME provides the underlying support for the graphics and
modeling support. The system design developed in VEST can be exported as XML files,
which make it possible to import the design to other related tools. However, all
dependency checks and the prescriptive aspect interpreters are VEST specific and are
implemented as interpreters that can be invoked through the buttons on the VEST GUI.
All interpreters are implemented in C++ and can access the internal data structures that
represent the component-based embedded system design.

VEST Users Manual 6

3 Installation

3.1 Installing GME

To use VEST, GME first needs to be installed on your system. GME is available at
http://www.isis.vanderbilt.edu/Projects/gme/. Instructions on how to install and run GME
can be found on this website. VEST users should first become familiar with GME and the
basic GME GUI commands and interfaces. All GUI capabilities in VEST are similar to
GME.

3.2 Installing VEST

Once GME is installed on your system, the VEST metamodel needs to be downloaded
and loaded into GME. The VEST metamodel is included in your download in the
following file: [Install Directory]/VEST/vest.xml. Although distributed in XML format, it
can be available in either XML format and as a GME project file.

In order to create any VEST design, the VEST metamodel first needs to be registered
with your system. There are two major steps involved here:
 Loading the VEST metamodel in GME
 Registering the VEST metamodel

3.2.1 Loading the VEST metamodel in GME

There are two ways to load the VEST metamodel in GME. The first way is using an
XML file and the other is using a GME project file. Follow the steps outlined below
depending on the type of file that you have.

3.2.1.1 XML File

Step 1:
 Launch GME

Step 2:
 Select “Import XML…” under the File menu as shown in Figure 3 -1

Step 3:
 This brings up a file selector dialog box as shown in Figure 3 -2
 Select the VEST metamodel XML file that you downloaded earlier
 Click “Open”

VEST Users Manual 7

 Figure 3-1

Figure 3-2
Step 4:
 GME reads the XML data and brings up the dialog box shown in Figure 3 -3
 We will create a GME project file from our VEST metamodel data and so click
“Next”

VEST Users Manual 8

 Figure 3-3

Step 5:
 GME then will ask you to name the project file. Name this file “Vest”
 Click “Open”

Step 6:
 GME creates a GME project file from the XML data and then displays the success
box shown in Figure 3 -4
 Click “OK”
 The VEST metamodel has been successfully loaded in GME at this point
 Now the VEST metamodel needs to be registered with the system. Skip to Section
3.2.2 to perform this step

Figure 3-4

3.2.1.2 GME Project File

Step 1:
 Launch GME

Step 2:
 Open the GME project (mga file extension) containing the VEST metamodel
using the “Open Project…” option under the File menu

Step 3:
 GME brings up the dialog box shown in Figure 3 -5
 Since our GME project is stored in a file, we leave the default setting and click
“Next”

VEST Users Manual 9

 Figure 3-5
Step 4:
 A Open File selector dialog box similar to the one in Figure 3 -2 appears
 Select the GME project file containing the VEST metamodel that you
downloaded earlier
 Click “Open”
 GME reads the project file and loads the VEST metamodel
 The VEST metamodel now needs to be registered with the system. Continue with
Section 3.2.2

3.2.2 Registering the VEST metamodel

We need to interpret and register the Vest metamodel with the system so that we can
create VEST projects in GME. Follow these steps to register the VEST metamodel:

Step 1:
 Click the MGA Interpreter button (icon ) located on the GME toolbar
 This brings up the Aspect Mapping dialog box shown in Figure 3 -6
1

 Click “OK”

Step 2:
 GME interprets the VEST metamodel. GME may display some warnings. Ignore
these and continue
 Once the model is successfully interpreted, GME shows the dialog box shown in
Figure 3 -7 and asks if you would like to register the VEST paradigm
 Click “Yes”
 If no error messages are displayed, the VEST paradigm is successfully registered
with your system

1
The concept of Aspect in GME is really a particular view that a user sees. This aspect has nothing at all to
do with the use of the term aspect in VEST itself. In VEST, aspects refer to the main principle underlying
aspect-oriented programming

VEST Users Manual 10

 Figure 3-6

Figure 3-7

3.2.3 Loading and Running a VEST project

Once your VEST metamodel is registered with the system, you can then load and run
VEST projects. Follow these steps to load and run a VEST project included with your
download:

3.2.3.1 XML Format

Step 1:

VEST Users Manual 11

  Open the “Scenario32MultiProcessor” project using the “Import XML” option
under the file menu
o The project file is located at [Installation Directory]/VEST
Step 2:
 You will see a “Import to new project” dialog box similar to the one in Figure 3
-5
o Leave the default selection as we will store our project in a file

Step 3:
 Choose a name and location to store the project file
 Click “Open”
o GME will read the XML data, convert it to a VEST project and load it

3.2.3.2 GME Project File

Step 1:
 Click “Open Project…” under the File menu
o The dialog box in Figure 3 -5 will appear

Step 2:
 Leave the default selection and click “Next”
o An File Selector dialog box like Figure 3 -2 will appear

Step 3:
 Select “Scenario32MultiProcessor.mga” from [Installation Directory]/VEST
 Click “Open”
o GME will open the VEST project and load it

After the project had loaded, you should observe several things. Refer to Figure 4 -10
 The Project name “Scenario32MultiProcessor” should appear as the root tree item
in the Project Browser window
 There should be 4 icons in the interpreters section as shown in Figure 3 -8
 If any of these interpreters are missing from your toolbar, continue with Section
3.2.4
 If all of the icons listed are there, your VEST project has loaded correctly. Each of
these checks will be described in detail in later sections

Buffer-Size Check Memory Check Scheduling Check XML Output

Figure 3-8

3.2.4 Manually Adding Interpreters to VEST

To manually add registered interpreters to the VEST toolbar, follow these steps:

VEST Users Manual 12

Step 1:
 Go to “Register Components” under the File menu
 This will bring up the Components dialog as shown in Figure 3 -9
o This lists all the currently registered components
Step 2:
 If the missing interpreter is listed
o Select the interpreter that is missing
o Click “Toggle”
o The green icon to the left of the interpreter name should contain an
exclamation mark at this point
o Click “Close”
o The icon should now be visible on the toolbar

Figure 3-9

Step 3:
 If the interpreter is not listed in the Components dialog
o Click “Install New”
o This will bring up a file selector dialog box
o Select the DLL from the sub-directory of the missing interpreter under
[Installation Directory]/VEST
o Click “Open”

VEST Users Manual 13

  The XML Output DLL may not show even after this step. To fix
this problem, follow these steps
 Click on the “All” radio button under “Show Components”
 You should see an grayed-out entry for XML Output
 Select this entry and click the “Toggle” button
o Click “Close” on the Components dialog box
o The icon for that interpreter should now be visible on the toolbar

VEST Users Manual 14

 4 The VEST Tool

4.1 Composition Environment

Title Bar
Restore-down
Menu Bar button
Tool Bar Interpreters

Mode Bar

Model Project
Editing Browser
Window

Component
Browser Attribute
Window

Status
Bar

Figure 4-10

The composition environment of VEST is shown in Figure 4 -10. It consists of 4 main

panels as shown by the bold titles of the figure and other parts that are mostly GME
specific. Each of these parts of the tool is described below:

4.1.1 Model Editing Window

It is the main canvas of the tool and contains the product under development. For
example, Figure 4 -10 shows a product with four actual components
(PILOT_CONTROL, WAYPOINT_PROXY, WAYPOINT and FLT_PLAN_DISPLAY)
in the Model Editing Window.

Models in VEST can be hierarchical. This means that a certain component can be
composed of sub-components. Components displayed on the same canvas are on the
same hierarchical level of the design. The sub-components of a component can be viewed
by double-clicking on the higher-level component. This opens up a new canvas

VEST Users Manual 15

displaying the sub-components of the high-level component. For example, when we
double-click the PILOT_CONTROL component in Figure 4 -10 above, we get a new a
canvas displaying its sub-components as shown in Figure 4 -11.

Figure 4-11
By default, all canvases open up maximized. By clicking on the restore-down button
shown in Figure 4 -10, all the current canvases that have been opened appear in the
Model Editing Window as shown in Figure 4 -11. Each sub-window has the name of the
parent component in its title bar.

4.1.2 Project Browser

The Project Browser has three different views as shown by the tabs in Figure 4 -12. The
Aggregate view displays the hierarchical structure of the product under development
from the highest level of the project. For example, it can be seen in the figure that the
Software layer has four components (PILOT_CONTROL, WAYPOINT_PROXY,
WAYPOINT and FLT_PLAN_DISPLAY) and that the PILOT_CONTROL component
has six sub-components - 2 references (discussed later) and 4 software components.

VEST Users Manual 16

 Figure 4-12
The Aggregate view also provides a convenient way of navigating between various levels
of the product being designed. A user can open the canvas associated with some model
layer or component by double-clicking on its name in the tree structure. For example, the
PILOT_CONTROL canvas was opened in Figure 4 -11 by double clicking on its name
in the aggregate view tree. When a particular level is chosen, all the available
components for that level are displayed in the Component Browser. For example, Figure
4 -11 shows the components that can be inserted into the PILOT_CONTROL canvas.
Finally, the aggregate view allows a user to rename components. Components can be
renamed by clicking on the component’s name and following the standard Windows file
renaming procedure.

The Inheritance view is used to visualize the type inheritance hierarchy of the model
currently selected in the Model Editing Window. Our example above doesn’t have any
inheritance. The Meta view shows the VEST modeling language at a glance. It displays
the legally available array of Folders and objects that can be added to some level within
the aggregate hierarchy. In VEST, as shown in Figure 4 -12, at the highest level also
known as the “RootFolder” level, we can add “Aspect”, “Hardware”, “Middleware”,
“OS” and “Software” Folders to a VEST project. Within each of these folders, we can
add models. For example, in the Software folder, we can add a Software model. Within
this model more parts can be added. For example, we can add Software Components and
Software Timers to a Software model.

VEST Users Manual 17

4.1.3 Component Browser

The Component Browser displays all the components available in a particular component
library. In VEST, there are four component libraries: application, middleware, OS and
hardware.

Figure 4-13
The Component Browser has three different views as indicated by the tabs in the lower
portion of the window. The AbstractComponents view displays all the abstract
components available in the library. For example, the left portion of Figure 4 -13 shows
all the abstract components available in the Hardware component library. In this case,
Memory, Processor, Cache, Memory and so on are all the available abstract hardware
components that can be inserted into our design. The ActualComponents view displays all
the actual components available in the library. The right portion of Figure 4 -13 shows
all the actual components available in the Hardware component library. PIII and
PowerPC are the available actual components in this case. The References views displays
all the reference components available in the library. Simply put, a reference in VEST
refers or points to other components. References are discussed in greater detail in Section
5.1.7. The Hardware library in Figure 4 -13 has no reference components.

A user can insert a component into a design by left-clicking on a component in the

Component Browser and dragging it onto the design canvas. If a reference is dragged, a
null reference is created because the target component is unspecified. References can be
redirected at any time by dropping a new target on top of them (See Section 5.1.7).

There are two privilege levels with respect to library access. The first level is for users
with only read access to the libraries. A system designer is an example of such a user. A
system designer can use the predefined components in a library to build a system design
but cannot modify the library in any way. The second level is for users with both read and
write access to the libraries. A VEST library administrator is an example of such a user.
A VEST library administrator can add components to the library.

VEST Users Manual 18

4.1.4 Attribute Window

The Attribute Window displays all the attributes (reflective information) of a particular
component when that component is highlighted. For example, the PILOT_CONTROL
component of Figure 4 -10 is highlighted and its attributed are displayed in the Attribute
Window. The component’s name (which is also an attribute of the component) appears in
a separate text box at the top of the attributes window. The name of the component can be
changed here.

The Attributes Window has three tabs (see Figure 4 -10) – one for the component’s
attributes, one for the component’s preferences and another for the component’s
properties. The attributes tab allows a user to set VEST specific attribute values for a
component. The preference tab allows the user to define general preferences for a
component such as color, icon name, etc. The properties tab lists constant properties of a
component as defined by the VEST paradigm such as component type, kind, etc.

The common attributes of components include:

 WCET (worst case execution time)
 memory footprint
 data requirements
 interface assumptions
 importance
 initialization requirements
 environment requirements such as
- must be able to disable interrupts
- requires virtual memory
- cannot block the code itself
- preemption vs. non-preemption
 power requirements (if a hardware component)
 buffer rate

This list is illustrative and not comprehensive. It should give the reader a feel for the type
of reflective information VEST stores for each component.

Whenever a component is added to a design, attributes that were designed with default
values get initialized with those values. The other attributes have no values assigned to
them. Default values appear grayed out in the Attribute Window. User-specified attribute
values appear in black. Attributes (default and user-specified) can be modified in the
Attribute Window. These values can come as single or multi-line text boxes, toggle
buttons, combo boxes or color pickers. Values can be assigned to them using the standard
Windows procedures for editing such data entry fields. Changes made to an attribute’s
value are immediate.

VEST Users Manual 19

4.1.5 Menu Bar

It contains commands for certain operations on the model. The menu bar in the VEST
GUI environment contains the same options as the GME tool. Here is a brief overview of
the commands available on the menu. For more information on any of these commands,
please refer to the GME documentation.

File:
Contains the following project- and model-related commands:
 Create a new project
 Open, close, save or abort an existing project
 Import, export or update a project in XML format
 Print contents of active window
 Register paradigms and components
 Check or display model constraints
 Set GME-specific parameters
 Run model interpreters or plug-ins (paradigm-independent
interpreters)
 Exit GME

Edit:
Contains the following editing commands
 Undo, redo up to last 10 operations
 Clear undo queue
 View/Edit current project properties
 Show parent, basetype or type of a model if applicable
 Copy, paste, delete, select all
 Cancel pending operation
 View/Edit current model preferences
 View/Edit current object’s registry
 View/Edit synch aspects

View:
Allows the toggling on and off of the
 Toolbar, Status Bar
 Component Browser (called Part Browser in GME)
 Attribute Window (called Attribute Browser in GME)
 Project Browser (called Browser in GME)

Window:
 Cascade, Tile, Arrange Icons – standard Windows functions

Help:
 Contents – Shows online help contents GME
 Help – Shows context sensitive, user-specified help

VEST Users Manual 20

  About – Standard Windows functionality

4.1.6 Tool Bar

Figure 4-14
VEST interpreters

The toolbar contains icon shortcuts for certain editing functions that are available on the
menu. VEST specific functionality appears in the Components section of the tool bar as
shown in Figure 4 -14. Located here are icons that implement interpreters. In our case,
we have icons for aspect checks and prescriptive aspects. A developer can invoke an
aspect check by clicking on a corresponding icon on the tool bar. For example, by
clicking the icon with an “S” in it in Figure 4 -14, the user can invoke the real-time
schedulability analysis aspect check. He can also apply a prescriptive aspect by invoking
an aspect interpreter from an icon on the tool bar. More details about the checks available
in VEST are in Section 4.2.

4.1.7 Mode Bar

Normal
Add Connection
Delete
Set Mode Connection

Zoom
Visualization
Figure 4-15

Contains buttons for selecting the editing mode. Each of the modes is described here
briefly. Refer to the GME documentation for more detailed information.

Figure 4 -15 indicates the buttons used to select the different editing modes. The editing
modes are Normal, Add Connection, Delete Connection, Set Mode, Zoom Mode and
Visualization.

Normal Mode - This mode is used to add, delete, move or copy parts within
editing windows
 A component can be added by left-click-dragging the component onto a
canvas from the component browser
 A component can be moved by left-click-dragging the component
o This can be done across canvases also as long as the VEST modeling
paradigm is not violated
 A component can be deleted or copied by right-clicking the component and
choosing the appropriate option

VEST Users Manual 21

 o A component can also be deleted also by selecting the component and
hitting the “Delete” key on the keyboard
o A component can also be copied by holding the CTRL-key down
while left-click-dragging the component

Add Connection Mode – This mode allows connections to be made between

components
 Connections are VEST-paradigm specific and will only be allowed between
legal components
o If you attempt to connect two incompatible components, GME will
display an error message
 Connections are directional in nature
o Connections can be made by switching to add connection mode, left-
clicking the source component and then left-clicking the destination
component
o Connections can also be made in normal mode by right-clicking the
source component, selecting “Connect” and then left-clicking the
destination component

Delete Connection Mode – Existing connections between components can be

removed in this mode
 Connections can be removed either by
o left-clicking the connection
o left-clicking the source/destination components

Set Mode – Can define sets and set members in this mode

Zoom Mode – Allows user to view a model at different levels of magnification

 Left-clicking anywhere in the model window zooms in and right-clicking
zooms out

Visualization Mode – Allows single objects and collections of objects to be

visually highlighted. This is useful for examining or analyzing large or complex
models.
 Initially selecting this mode grays out all the components and connections
 Left-clicking any component toggles its visibility
o Left-clicking a connection toggles the visibility of its end components
 Right-clicking a component will toggle the visibility of the component and the
components at the ends of its connections

4.1.8 Status Bar

The line at the bottom which shows status and error messages, current edit mode (e.g.
EDIT, CONNECT, etc.), zoom factor, paradigm name (e.g. VEST), and current time.

VEST Users Manual 22

4.1.9 Title Bar

Indicates the currently loaded project.

4.2 Aspect Checks

One goal of VEST is to provide support for various types of dependency checking among
components during the composition process. Dependency checks are invoked to establish
certain properties of the composed system. This is a critical part of real-time embedded
system design and implementation. Some dependency checks are simple and have been
understood for a long time. We call these intra- and inter-component dependency checks.
Other dependencies are very difficult and even insidious. We refer to these as
crosscutting dependencies or aspect checks. Aspect checking is an explicit check across
components that exist in the current product configuration. We have identified many
aspect checks that would help a developer avoid difficult to find errors when creating
embedded systems from components. In many cases the important thing is identifying the
check required and implementing it so that it is automatic. Although the implementation
of some checks may be simple, when these checks are combined with all the other
features of VEST, the result is a powerful tool. VEST currently supports three different
aspect checks – buffer-size check, memory check and an end-to-end real-time
schedulability check. Each of these checks is described in the following sub-sections.

4.2.1 Buffer-Size Check

This check browses through a system and for each buffer, adds up its total buffer
consumption based on the rate of execution of its consumers. Then it browses through the
system, for each buffer, adds the total buffer production based on its rate of execution of
its suppliers. The aspect check then compares each buffer's total production with its total
consumption. If its total production is larger than total consumption, messages might be
lost. The developer is informed. An illustration of the how to invoke and use the buffer-
size check in VEST is given in Section 5.2.1.

4.2.2 Memory Check

A memory footprint check is available in VEST. There are two parts to this check. The
first part of the memory footprint check is concerned with main memory. It sums the
memory needed by all the components in the system (including buffers since they are
allocated from main memory), and all the available physical memory (RAM) provided by
the hardware, and checks if there is enough physical memory in the system.

The second part of the memory check deals with NVRAM (e.g., EEPROM). For systems
to function correctly, sufficient NVRAM for persistent components should be provided.
Our check assures the developer that there is enough non-volatile memory to meet the
system’s requirement, or gives warning when not enough NVRAM is provided. An
illustration of the memory footprint checks in VEST is given in Section 5.2.1.

VEST Users Manual 23

4.2.3 RT Scheduling

reflective schedulability
information assessment
collector

Platform/Task Set Information

characteristics: {periodic, distributed} Analysis
DM/
parameters RM MUF Routines
offset

Analysis periodic distributed importance blocking precedence ……

RM X
DM/offset X X
MUF X X
……
Assumption Table

Figure 4-16
An important check for real-time embedded systems is the schedulability analysis that
validates whether all tasks can make their deadlines. Note that while designing and
implementing a system that most changes made will affect the real-time properties of the
system. This makes real-time scheduling a global cross cutting dependency. While many
different schedulability analysis techniques exist, they differ in their assumptions on the
task set and none of the existing analysis is applicable to all real-time embedded systems.
The compatibility between schedulability analyses and the characteristics of the designed
system is a typical crosscutting dependency that is “hidden” from the designer. Using an
incompatible analysis on a system can lead to timing violations even when the
schedulability analysis itself is correct. To handle different types of embedded systems,
VEST provides a flexible and extensible scheduling tool that provides aspect checks on
the compatibility between existing schedulability analyses and the system. This tool
(shown in Figure 4 -16) is composed of a set of schedulability analysis routines, an
assumption table, and a reflective information collector. The assumption table lists the
assumptions of each schedulability analysis routine. The current list of assumptions
includes:
Periodic: are all the tasks periodic?
Distributed: are any of the tasks distributed on multiple processors?
Importance: are important tasks protected in overload conditions?
Blocking: can low priority tasks block high priority tasks?
Precedence: are there precedence constraints among tasks?

For example, the assumptions of the Rate Monotonic analysis are that all tasks are
periodic. The Rate Monotonic with Priority Ceiling protocol’s assumptions are (periodic,
blocking). The VEST scheduling tool is extensible and new scheduling techniques can be
added to the tool together with their assumptions. The current version of VEST can
support the following schedulability analysis algorithms:
Single Processor:
 Rate Monotonic Analysis

VEST Users Manual 24

  Maximum Urgency First
 Preemptive Threshold Scheduling
 Robust Scheduling
 Deadline Monotonic Scheduling with Phase Offset
Multi-Processor:
 Robust Scheduling
 Deadline Monotonic Scheduling with Phase Offset
Developers can assess the schedulability of the current design by running the scheduling
tool from the GUI. The reflective information collector scans the software, hardware and
network components of the design and produces a platform/task set information file that
includes a list of the characteristics and the timing information of the task set. The tool
selects an analysis whose assumptions match the characteristics of the system. This
ensures that proper analysis and scheduling policy is applied. For example, for a system
with all independent periodic tasks on a single processor, the checks listed under single
processor above will be applied to the system. However, if the same task set is designed
on a distributed platform, the Robust Scheduling or DM/Offset analysis will be applied.
Section 5.2.3 gives an illustration of the real-time schedulability analysis features
available in VEST.

4.3 Prescriptive Aspects

Prescriptive aspects are advice that may be applied to a design. The advice is written in a
simple VEST Prescriptive Aspect Language (VPAL). Prescriptive aspects are
independent of programming languages because they apply to the system design, and the
resultant new design can be implemented in any programming language. To change the
system design, prescriptive aspects can adjust properties in the reflective information
(e.g., change the priorities of a task or the replication levels of a software component). It
can also add/delete components or interactions between components.
The new VPAL provided in this release has several enhancements over the previous
version. First, the language explicitly separates the concerns of collection from operation.
Collection is defined as gathering a set of components from a system design. Operation
involves changing the design on previously gathered collections. Four key statements in
the language, Get, Set, Create and Delete, enable this separation of concerns. The Get
statement implements collection. Operation on collections are performed with the Set,
Create and Delete statements. The Set statement adjusts the properties in the reflective
information of the collection. The Create and Delete statements add and remove
collections from the design. A second enhancement is the fact that collection can be
based not only on the properties of the components but also on the relationships between
the components.
Third, the new VPAL supports multi-line semantics. This means that each prescriptive
aspect can contain multiple lines of instructions versus only a single line of instruction
that was earlier supported. Third, the new VPAL supports grouping. A single, multi-line
prescriptive aspect is called a simple prescriptive aspect. Several simple prescriptive

VEST Users Manual 25

aspects can be grouped into a compound prescriptive aspect. Precedence constraints can
also be specified among the elements of the group.
Suppose we want to apply the following prescriptive aspect to a distributed avionics
system being designed in VEST:
change all display software components to use double
buffering
Using the new VPAL, we could specify this prescriptive aspect as
GET SwComp = (CT == SoftwareComponent);
GET DispComp = SWComp.(PN == componentType,
PV == BM__DISPLAY_COMPONENT);
SET DispComp.(PN == DoubleBuffered, PV = 1);
The prescriptive aspect interpreter will get all software components with type
“BM__DISPLAY_COMPONENT” and set their double buffered flag to true. The
complete BNF specification of the current version of VPAL is available in Appendix 4.
The developer applies a prescriptive aspect to a design by running a VPAL interpreter on
its specification. The interpreter modifies the reflective information of design
components. Since the code itself would no longer reflect the new design change, the
interpreter marks the actual source code associated with that change as "inconsistent and
needing changes" to meet the new design. Currently VEST does not support automatic
code generation/modification, and the developer needs to implement the code change
manually. Once the new code is created and linked to the component then the
inconsistency indication is removed.
Prescriptive aspects should be general enough to be used in different products. VEST
supports reusing prescriptive aspects by organizing them into the prescriptive aspect
library. Prescriptive aspects will not be permitted into the prescriptive aspect library
unless it meets with the approval of the system administrator. The requirements include
sufficiently general, parameterized, complete English description, meaningful constraints
specified, and relating to non-functional properties. The Prescriptive Aspect library will
be implemented in a future version of VEST.
A description of how to use prescriptive aspects in VEST is given in Section 5.3.

VEST Users Manual 26

5 Using VEST

5.1 Building a System Design

From the VEST GUI, a system developer can compose a distributed embedded system in
the following way:

1) Design a product by choosing and combining components from the libraries.

2) Design the distributed systems hardware platform by choosing and combining
components from the libraries.
3) Map software components to hardware and threads so that the active part of a
composed system can be designed and analyzed. Only after this step can we truly do
the real-time analysis since execution times are highly platform dependent.
4) Apply prescriptive aspects
5) Perform aspect checks and invoke (internal and off-the-shelf) analysis tools to
analyze a configured system. If some checks fail, the developer may needs to
reconfigure or replace the actual components and repeat the checks.

Exercise (Time Required: 1-2 hours)

We present a simple tutorial that will take you through the steps outlined above in
creating a simple system design. Following subsections will describe the various types of
checks that we can perform on our design using VEST once it has been created. The
system that we will design in this tutorial will be based on Boeing’s Boldstroke
middleware OEP. We will use Product Scenario 3.1 as the example. Please refer to [3] for
more detailed information about the OEP platform and the product scenario. Note that the
exercise may seem a little time-consuming and tedious at times. However if done
properly, it will give the reader an excellent overview of the VEST tool and its
capabilities.

This scenario is outlined in Figure 5 -17. The scenario is initially triggered by an

interval timeout that is consumed by the PILOT_CONTROL. Upon receipt of this event,
the PILOT_CONTROL pushes data to the WAYPOINT_PROXY via the Set operations
in the proxy’s facet. The WAYPOINT_PROXY then forwards this call via the
Infrastructure to the WAYPOINT. The WAYPOINT then updates its state and issues a
Data Available event. That event causes the Replication Service to extract the state from
the WAYPOINT and send it to the WAYPOINT_PROXY. The WAYPOINT_PROXY
internalizes this state and issues its own Data Available event. The proxy’s event is
consumed by the FLT_PLAN_DISPLAY component that gets the data from the proxy
and displays it.

VEST Users Manual 27

 Represents li ne
pil otControl :
of distributi on
BM__PushDataSourceComponentImpl

1. SetData()

3. SetData()
2. SetData() 5. ExternalizeState()
waypointProxy : infrastructure
waypoint :
BM__OpenEDComponent
BM__OpenEDComponent
DATA_AVAILABLE
6. InternalizeState()
7. SetStateUpdated()
4. Push()

9. GetData() DATA_AVAILABLE

8. Push()

fl tPlanDispl ay :
BM__Di splayComponent
Basic Multi-Processor Scenario

Figure 5-17

You may find it useful to read Appendix 5 which describes how to construct Prism
systems in VEST before proceeding. This exercise will take you through the steps
required to model this scenario in VEST. After the system design is completed, we will
perform checks on the design for robustness and schedulability.

Required parts of the exercise that are left to the reader to perform are indicated by the
following symbol

5.1.1 Creating a new VEST project

First, we need to create a new project in VEST. To create a VEST project, do the
following:

 Launch GME
 Select “New Project” under the File menu
 A “Select Paradigm” dialog box should appear
o The Vest paradigm should be one of the options listed
o If the Vest paradigm is not in the list, you did not successfully register the
paradigm
o Go back to the Installation section of this document and install the Vest
paradigm into your system
 Select the Vest paradigm
 Click on the “Create New…” button
o We are creating a new project

VEST Users Manual 28

  A dialog box with 3 options on how to store the project will appear. Leave the
default selection and click “Next”
o The default selection “Create Project File” will store our project data in a
file
 A dialog box asking you to name your project file will appear
o Name the project Scenario3.1
 A new VEST project is created at this point. The name of the project
(Scenario3.1) should appear at the top of the Project Browser window as shown in
Figure 5 -18.

Figure 5-18

5.1.2 Creating a Model Layer

To design the software components of the system, we need to create a software model
layer in VEST as follows:

 Right-click the project name (Scenario3.1) in the Project Browser window and
select “Insert Folder -> Software Folder”.
o VEST will create a new software layer folder and name it
“NewSoftwareFolder” by default

VEST Users Manual 29

 o Rename this folder to “Software Folder” using standard Windows
functionality
 Right-click on “Software Folder” and select “Insert Model -> Software”
o VEST will create a new software model and name it “NewSoftware” by
default
o Double-click “NewSoftware”. Several things should happen.
 The Model Editing Window should display a blank canvas
 The Component Browser window should display two abstract
components namely “Software Component” and “SW Timer”
 The Attributes Windows should show the name of the model
 Change the name of the model to “Software” by editing the first text box in the
Attributes Window

 Using this procedure, insert a Hardware model named “Hardware” into this
project
 Follow Appendix 1 to attach the ACL library to your project. This will involve
the following steps
o Convert the Boeing ACL library into a VEST ACL library
o Attach the library to your project in GME format
 This will add a new entry for the library under the project name in
the project browser
 Expand this tree all the way down to the software level and you
will eventually see the common components defined in the ACL in
the Project Browser

5.1.3 Creating Components

Next, we will create the software and hardware components for the system. We will first
create the software components of the system. Recall from the scenario description that
the 4 software components are Pilot Control, Waypoint Proxy, Waypoint and Flight Plan
Display. We will use predefined components from the ACL library to create the software
components in our design. To add software components to this project, perform the
following steps:

 Open the Software model

 Copy and paste the following components from the ACL library onto the Model
Editing Window (henceforth, we shall simply call this the canvas)
o 1 BM_PushDataSourceComponent
o 2 BM_OpenEDComponent
o 1 BM_DisplayComponent
 Rename the corresponding components in the above list to the following
o PILOT_CONTROL
o WAYPOINT_PROXY, WAYPOINT

VEST Users Manual 30

 o FLT_PLAN_DISPLAY
This creates the four main software components of the design. We will perform other
steps in the software layer but first, lets continue with defining the hardware components
by following these steps:

 Open the Hardware model

 Click and drag a Processor component onto the canvas
 Name this component OCP_P1

 Following the above steps, create the following components with the
corresponding names
o Processor OCP_P2
o Memory MEM_P1 and MEM_P2
o NVM (Non-volatile Memory) NVM_P1 and NVM_P2

5.1.4 Creating Relationships between Components

Next, we will define high-level relationships between the software and hardware
component just created. From the scenario description, we can deduce the following
relationships between our components:
 PILOT_CONTROL contains WAYPOINT_PROXY in its receptacle
 FLT_PLAN_DISPLAY contains WAYPOINT_PROXY in its receptacle
 WAYPOINT_PROXY is invoked by FLT_PLAN_DISPLAY
 WAYPOINT_PROXY is a proxy of WAYPOINT
We can also define the following relationships in our HW layer
 OCP_P1 has memory MEM_P1 and NV-memory NVM_P1
 OCP_P2 has memory MEM_P2 and NV-memory NVM_P2
We can define these relationships in our model as follows:

 Switch to add connections mode by clicking on the following icon on the

mode bar. In this mode, you can add connections between components.
 Left-click on the PILOT_CONTROL component and then left-click on the
WAYPOINT_PROXY component
o This should create a connection between the two components

 To define the type of relationship, switch back to the select mode

 Click on the connection and change the attribute “Type” to “ContainInRecepticle”

VEST Users Manual 31

If you make a mistake creating a connection, you can remove the connection in remove
connection mode

 Add the remaining connections defined above to the model

At this point, your software model should look like Figure 5 -19 and your HW model
should look like Figure 5 -20.

Figure 5-19

VEST Users Manual 32

 Figure 5-20

5.1.5 Setting Component Attribute Values

Next, we will set the attribute values of these components so that we can perform
analyses on the system design. Follow these steps to define the Pilot Control software
component:

 In the Software model, click on the PILOT_CONTROL component

o This selects the component
 In the Attributes window, set the values of the following attributes as indicated
o PILOT_CONTROL
 MemoryNeeded → 50
 NVMemoryNeeded → 25
 DoubleBuffered → 1
 BufferSize → 10
 Relocatable → True

 As outlined above, define the remaining software components as indicated

o WAYPOINT_PROXY
 MemoryNeeded → 100
 NVMemoryNeeded → 150
 DoubleBuffered → 1
 BufferSize → 20
 UpdateRate → 200
o WAYPOINT

VEST Users Manual 33

  MemoryNeeded → 150
 NVMemoryNeeded → 100
 BufferSize → 10
 Relocatable → True
o FLT_PLAN_DISPLAY
 MemoryNeeded → 100
 NVMemoryNeeded → 100
 BufferSize → 10
 Relocatable → True
 UpdateRate → 50

 Switch to the Hardware model and make the following assignments

o Memory_P1
 Size → 300
o Memory_P2
 Size → 400
o NVM_P1
 Size → 350
o NVM_P2
 Size → 50

5.1.6 Creating Sub-Components

As mentioned in Appendix 5, all the real functionality of a software component such as

its event channels is defined in a level below the highest model level. We can define the
behavior of the PILOT_CONTROL component by creating sub-components. To create
sub-components of the Pilot Control component, follow these steps:
 Double-click on the Pilot Control component
 A new canvas will appear with the heading “PILOT_CONTROL”
o It should already contain 2 sub-components – 1 EventSupplied and 1
EventConsumable. This is because of the default definition of components
of type BM_PushDataSourceComponent
o Rename the sub-components as follows
 EventSupplied → idPilotPublishPort1
 EventConsumable → idPilotSubscribePort1

Rename the following sub-components of the other components as indicated

 WAYPOINT_PROXY
o EventSupplied → idWPProxyPublishPort1
o EventConsumable → idWPProxySubscribePort1
 WAYPOINT

VEST Users Manual 34

 o EventSupplied → idWPPublishPort1
o EventConsumable → idWPSubscribePort1
 FLT_PLAN_DISPLAY
o EventConsumable → idDisplaySubscribePort1

In the next sub-section, we will create event channels but before we can do that, we need
to learn how to create references in VEST.

5.1.7 Creating References

References allow a system designer to reference a component that is not on the current
canvas. References are needed for the following reasons:
 Modeling large systems in a single canvas is sometimes infeasible and difficult to
work with. References allow us to break up the system into smaller parts making
the design easier to work with
 Making connections between sub-components of distributed components is only
possible with references

We use references in this design for the second reason. To instantiate a reference in
VEST in simple. Follow these steps to instantiate processor mappings for the software
components:

 Double-click PILOT_CONTROL in the Project Browser

o This will open the PILOT_CONTROL canvas
 Click and drag a ComponentProcessorReference component onto the canvas
 Restore-down this window
o You may see several other open windows in the background. Close all of
these windows
 Similarly, open the Hardware layer window
 Now, align the 2 windows so that OCP_P1 and the
ComponentProcessorReference do not overlap
 Click and drag the OCP_P1 icon over the ComponentProcessorReference
o The cursor icon should show a curved arrow when it is over the
ComponentProcessorReference
 Release the mouse button
o The ComponentProcessorReference icon should change into a Processor
icon
 The reference is instantiated at this point

Using this technique, create processor mappings as indicated:

 WAYPOINT_PROXY, FLT_PLAN_DISPLAY
o OCP_P1

VEST Users Manual 35

  WAYPOINT
o OCP_P2

5.1.8 Creating Event Channels

We will now define event channels in our design as specified in the product scenario by
following these steps.
 Our event channel starts in the PILOT_CONTROL component so open up that
component
 Add the following components in the PILOT_CONTROL component with the
names and attributes indicated:
o PilotTimer of type SWTimer
o EventEventReference
 Set the following attribute values
o PilotTimer
 Frequency (this actually means period) -> 1000
o idPilotPublishPort1
 WCET → 200
 Next, connect the PilotTimer to idPilotPublishPort1 and this to the
EventEventReference
 Redirect this reference to the idWPProxySubscribePort1 component in the
WAYPOINT_PROXY component
 Simply stated, we have created a trigger for the SetData() call that is pushed from
the PILOT_CONTROL to the WAYPOINT_PROXY component as described in
this Product Scenario

Using the procedures described above, continue building this event channel following
these steps:

 WAYPOINT_PROXY
o Create the following components
 idWPProxyPublishPort2 of type EventSupplied
 EventEventReference1 of type EventEventReference
 EventEventReference2 of type EventEventReference
o Set the following attribute values
 idWPProxyPublishPort1
 WCET → 10
 idWPProxyPublishPort2 of type EventSupplied
 Tag → 2
 Size of Msg in bytes → 5

VEST Users Manual 36

 o Make the following connections
 idWPProxyPublishPort1 → EventEventReference1
 idWPProxyPublishPort2 → EventEventReference2

 WAYPOINT
o Create the following components
 SetData of type Method
o Set the following attribute values
 idWPPublishPort1
 WCET → 46
 SetData
 WCET → 35
o Make the following connections
 idWPPublishPort1 → SetData

 FLT_PLAN_DISPLAY
o Create the following components
 idDisplaySubscribePort2 of type EventConsumable
o Set the following attribute values
 idDisplaySubscribePort2
 Tag → 2

Instantiate the listed references for each of the following components:

WAYPOINT_PROXY:
 EventEventReference1 to idWPSubscribePort1 in WAYPOINT
 EventEventReference2 to idDisplaySubscribePort1 in FLT_PLAN_DISPLAY

CONGRATULATIONS! Your system design is now complete!

5.2 Using Aspect Checks

Using the system design that we created in Section 5.1, we will now invoke aspect checks
on the design.
Memory RT-Scheduling Prescriptive Aspect
Events Interpreter

Buffer-Size XML Output

Figure 5-21
Figure 5 -21 shows the icons for each of the checks on the VEST toolbar. The first
check we will perform on our system design is the memory footprint check.

VEST Users Manual 37

5.2.1 Memory Check
To recap, this is what we specified for the memory requirements (in bytes) of our
software components and the available memory in hardware:

Software Component MemoryNeeded NVMemoryNeeded DoubleBuffered BufferSize

PILOT_CONTROL 50 25 1 10
WAYPOINT_PROXY 100 150 1 20
WAYPOINT 150 100 0 10
FLT_PLAN_DISPLAY 100 100 0 10

Hardware Component Size

MEM_P1 300
NVM_P1 350
MEM_P2 400
NVM_P2 50

 To run the memory footprint, click on the Memory Check aspect icon
o Based on the information we have entered, we need
 320 MB of memory and 275 MB of NV-memory for Processor 1
 160 MB of memory and 100 MB of NV-memory for Processor 2
 You should see the error messages shown in Figure 5 -22 and Figure 5 -23
because of the insufficient memory on processor OCP_P1 and insufficient NVM
on Processor OCP_P2

Figure 5-22

Figure 5-23

 There are two ways to fix this problem

o Increase the memory size on OCP_P1
o Reduce the memory requirements of the software components

VEST Users Manual 38

  Let’s say in this case that the system can only have 300 MB of memory for
OCP_P1. So we shall use the second option
o We will make all buffers single-buffered
o Change the DoubleBuffered attribute for PILOT_CONTROL and
WAYPOINT_PROXY from 1 to 0
o Later we will see how we could have done these changes using a
prescriptive aspect (Section 5.3)
 We will fix the second error by increasing the amount of non-volatile memory for
OCP_P2
o Change the size of NVM_P1 to 250 MB
 Re-run the memory check
 The memory check should successfully pass now

5.2.2 Buffer-size Check

For the buffer check, first verify that you have entered the following values for the
attributes of the components listed below:
Software Component BufferSize UpdateRate
PILOT_CONTROL 10 0
WAYPOINT_PROXY 20 200
WAYPOINT 10 0
FLT_PLAN_DISPLAY 10 50

Sub-Component Size of Msg in bytes

idWPProxyPublishPort2 5

Based on the scenario description, there is data flow between all components but for the
sake of simplicity, we only define the data flow between WAYPOINT_PROXY and
FLT_PLAN_DISPLAY. The Waypoint Proxy component sends messages of size 5 bytes
200 times/sec. The Flight Plan Display component reads messages 50 times/sec. Between
every read period of the Flight Plan Display component, the Waypoint Proxy has sends 4
messages. Therefore, the Flight Plan Display component needs a 20 byte buffer but it
only has 10 bytes.
 To run the buffer-size check, click on the Buffer-Size aspect icon
 You will see some warnings that state that the UpdateRate attribute is not
specified on the Pilot Control and Waypoint components
o Ignore these and continue by clicking on “OK”
 The buffer-size check will fail and show the error message in Figure 5 -24
o This is for the reason specified above

VEST Users Manual 39

 Figure 5-24

 Update the buffer size of the Flight Plan component to 20 bytes

 Re-run the buffer size check
 The buffer-size check should pass this time
 Re-run the memory footprint check just to make sure that the changes you have
made didn’t affect anything
 The check should pass
o If you had specified a larger buffer for the Flight Plan Display component,
the memory check may have failed
o You would have then had to update the attributes of the memory
requirements of the system to make that check pass

When both the memory and buffer-size checks pass, you have the confidence that the
system that you have designed has sufficient memory for its software components and
that there will be no buffer overflows. This should illustrate to you the power and utility
of the VEST tool.

5.2.3 RT Scheduling Check

Here we present an example of how to perform schedulability checks on a system design.

The schedulability of an algorithm depends on certain attributes of tasks in the system
design. In VEST, a task can either be a Method or EventSupplied. The following are the
task-level attributes that can affect the outcome of a schedulability analysis:
 Period
 WCET
 Offset
 Deadline
 Processor ID
 Relocatable

In the exercise that we perform, keep these attributes in mind. Follow these steps to
schedulability analysis on your system design:

 Click on the RT-Scheduling check icon

 You should see the dialog in Figure 5 -25
o This is the Assumptions List of your design
o This list represents the global-level attributes of your design

VEST Users Manual 40

 o If this list accurately represents the assumptions you made about your
design, then click “OK” to proceed
o Otherwise, click “Cancel” to return to your design for modifications

Figure 5-25

 Based on the Assumptions List, VEST will present the list of available scheduling
algorithms that can be performed on your design. Since you have a multi-
processor design, you should see the dialog in Figure 5 -26
 If you had selected “Multi-processor” in your assumptions list, you would have
gotten the available schedulers for multi-processor scenarios as shown in Figure
5 -27

Figure 5-26

VEST Users Manual 41

 Figure 5-27

 Select “End-to-End Robust Scheduling” in the Available Schedulers list and click
“OK”
 Based on the attribute values entered for the tasks in the system, our system
design should pass the test and show the success dialog box in Figure 5 -28.
Click “OK”

Figure 5-28

 The output of the test is displayed next as shown below

Predefined cpu size: 2

Method Name PILOT_CONTROL.idPilotPublishPort1 Processor OCP_P1
Proc Num 0 Period 1000 WCET 200
Method Name WAYPOINT_PROXY.idWPProxyPublishPort1 Processor
OCP_P1 Proc Num 0 Period 1000 WCET 10
Method Name WAYPOINT.idWPPublishPort1 Processor OCP_P2 Proc Num
1 Period 1000 WCET 46
Schedulability test on OCP_P2 passed.
Schedulability test on OCP_P1 passed.

The scaling factor is 1.670715 for robust end-to-end scheduling.

 We will now change an attribute in the system design so that this same test fails
 Select the “idPilotPublishPort1” component in PILOT_CONTROL
o Change its WCET from 200 to 400

VEST Users Manual 42

  Re-run the steps outlined above
 Your scheduling test should fail because the tasks defined cannot be scheduled on
a single processor. VEST should display the error message shown in Figure 5 -
29. Click “ OK”

Figure 5-29

 You as the designer can try to change something in the design (eg. adding another
processor) to make your test pass

5.3 Using Prescriptive Aspects

Here we present examples that illustrate how to create and execute prescriptive aspects in
VEST that apply global advice to your system design. To run prescriptive aspects, you
need to invoke the prescriptive aspect interpreter from the toolbar. This brings up the
dialog shown in Figure 5 -30. You have 2 options from here – the first to create/modify
and execute a simple prescriptive aspect and the second to execute a compound
prescriptive aspect. We will first look at creating and executing simple prescriptive
aspects and later at compound prescriptive aspects.

Figure 5-30
Simple Prescriptive Aspects
Suppose that as the designer, you decided to change the DoubleBuffered requirement of
all software components in the system to true. Remember from the memory check
exercise, we set this to false for all components. One solution would be to make the
changes. Another method is to invoke a prescriptive aspect to do the work for you. We
will create such a simple prescriptive aspect here to do precisely that.
 Select the first option in Figure 5 -31 and click “OK”
o This brings up the Aspect Editor shown in Figure 5 -31

VEST Users Manual 43

 Figure 5-31

 The Aspect Editor is where you type in your prescriptive aspect commands
 There are several things you can do with the Aspect Editor outlined below
o Enter Prescriptive Aspect input
 Manually by simply typing in input box
 From a file by selecting “Load…”
o Check the syntax of the entered or loaded prescriptive aspect without
executing the prescriptive aspect by selecting “Check Syntax”
o Save the prescriptive aspect
 to a new file with “Save As”
 to the currently loaded file with “Save”
o Clear the editor and start over with “Clear”
o Execute the prescriptive aspect with “Execute”
 The “Show Output” checkbox (if checked) shows the contents of
all sets defined in your prescriptive aspect when executed
o Exit with “Done”
 Any unsaved work is lost!
 We will create a simple prescriptive aspect to change the double buffered
assignment of all software components to true. Type in the following prescriptive
aspect into the editor. Keep in mind that the prescriptive aspect parser is case-
sensitive. You can find the complete BNF specification of the new VPAL
language in Appendix 4

GET SWComp = (CT == SoftwareComponent);

SET SWComp.(PN = DoubleBuffered, PV = 1);

VEST Users Manual 44

  The GET statement simply collects all components of type SoftwareComponent
into set SWComp. The SET statement changes the property listed
(DoubleBuffered) to the value listed (1 or true) for all elements in set SWComp.
 Check the syntax to ensure that your prescriptive aspect is syntactically correct
 Save the prescriptive aspect to file my_pa1.vpal
 Execute the prescriptive aspect
o If everything runs correctly, you should see the message box in Figure 5 -
32

Figure 5-32

 Check the DoubleBuffered property of all the software components in your design
o They should all be set to 1 now

Using the procedure described above, create two more simple prescriptive aspects shown
below and save them to the files listed. We will use these in create our compound
prescriptive aspect in the next step.

my_pa2.vpal
GET SWComp = (CT == SoftwareComponent);
GET DispComp = SWComp.(PN == componentType, PV == BM__DISPLAY_COMPONENT);
SET DispComp.(PN = MemoryNeeded, PV = PV + 50);

my_pa3.vpal
GET SWComp = (CT == SoftwareComponent);
GET DispComp = SWComp.(PN == componentType, PV == BM__DISPLAY_COMPONENT);
SET DispComp.(PN = MemoryNeeded, PV = PV * 2);

VEST Users Manual 45

Both of these aspects select the display software components from the design
(FLT_PLAN_DISPLAY in our case) and make changes to their memory needed
requirements. The first aspect adds 50 to it while the second doubles it.

Compound Prescriptive Aspects

Compound prescriptive aspects are defined in the Aspect folder of a project. Each model
layer within this folder represents one compound prescriptive. A component prescriptive
aspect is composed of one or more simple prescriptive aspects called sub-aspects. Each
sub-aspect is associated with a file that contains the code for that simple prescriptive
aspect. We will create a compound prescriptive aspect with the 2 sub-aspects that we
created in the last exercise.

 Create an Aspect Model layer in your project called “AspectFolder”

 Insert an aspect model into this folder called “Memory Aspect”
 Open this model
 Click and drag two components of type AspectComponent into this model
o An AspectComponent represents a single sub-aspect
 Name these two sub-aspects MemAdd50 and MemDouble
 Connect MemAdd50 to MemDouble
o We specify a precedence constraint in our compound aspect this way
o MemAdd50 will execute before MemDouble
 The reverse order would produce different results!
 Now invoke the Prescriptive aspect interpreter and select option 2 of Figure 5 -
30
 This brings up the compound prescriptive aspect chooser as shown in Figure 5 -
33
o Since we have only 1 compound prescriptive aspect define, we have only
1 entry listed

Figure 5-33

VEST Users Manual 46

  Select “Map”
 This brings up a sub-aspect mapper shown in Figure 5 -34
o You map your sub-aspects to the files that contain their instructions here
o Map MemAdd50 to my_pa2.vpal that you saved earlier
o Map MemDouble to my_pa3.vpal
o Click “OK”

Figure 5-34

 Now that your compound aspect is mapped, it can now be executed

o Click “OK” to execute the Memory Aspect
 Your aspect should execute successfully
o FLT_PLAN_DISPLAY’s memory needed should be 300 ((100 + 50) * 2)

VEST Users Manual 47

6 References
[1] John A. Stankovic, Ruiqing Zhu, Ram Poornalingam, Chenyang Lu, Zhendong Yu, Marty
Humphrey, and Brian Ellis, "VEST: An Aspect-Based Composition Tool for Real-Time
Systems," IEEE Real-Time and Embedded Technology and Applications Symposium (RTAS
2003), Washington DC, May 2003.
[2] Akos Ledeczi, Miklos Maroti, Arpad Bakay, Gabor Karsai, Jason Garrett, Charles
Thomason, Greg Nordstrom, Jonathan Sprinkle and Peter Volgyesi, “The Generic Modeling
Environment,” Published in the Proceedings of WISP'2001, Budapest, Hungary, May 2001.
[3] “Product Scenario Description Document for the Weapon System Open Experimental
Platform” The Boeing Company, P.O. Box 516, St. Louis, MO 63166
[4] John A. Stankovic, Ruiqing Zhu, Ram Poornalingam, Chenyang Lu, Zhendong Yu, Marty
Humphrey, and Brian Ellis, "VEST: An Aspect-Based Real-Time Composition Tool,"
Technical Report, Department of Computer Science, University of Virginia, June 2003.

VEST Users Manual 48

7 Appendix 1: ACL to VEST mapping
VEST 3.0 includes a mapping tool that converts the Boeing Boldstroke middleware ACL
components to GME-readable components. These ACL components can then be used as
VEST components in VEST projects. The ACL to VEST mapper is available at
[Installation Directory]/ACLMapper. The ACL mapper is written in Java and can be
invoked by the following command
java ACLMapper3 <input_file> <output_file>
The input file is the ACL library file. The ACL library is stored as an XML file. Included
in the ACLMapper directory is a copy of this library named OEP.xml.

When you produce the output VEST library XML file, it can be used by inserting it into a
VEST project. There are two ways to doing this
 Attaching the library in GME format
 Importing the library in XML format

You can convert the XML library file outputted from the mapper into GME project
format. The steps required to create a GME-format library are the same as those required
to create a VEST project from XML format described in Section 3.2.3.1.

Attaching a library in GME format

To attach a GME-format library to your VEST project, follow these steps:

 Right-click on the project name in the Project Browser window

 Select “Attach Library…” from the menu
o The dialog box in Figure 7 -35 will appear

Figure 7-35

 If you know the location of the GME library, then type it in and click “OK”
 If not, you can browse for it by clicking the button with “…”

Importing the library in XML format

To attach a XML format library to your VEST project, follow these steps:

VEST Users Manual 49

  With your VEST project open, select “Import XML…” from the File menu
o A File Selector dialog box will appear
 Select the XML file that contains the ACL library in VEST format
 Click “Open”
o GME will read in the XML data and show a success dialog box
 The root of the project will change to that of the library name

To add the library components to your VEST project, use the standard GME click-and-
drag operations.

VEST Users Manual 50

8 Appendix 2: VEST to XML configuration mapping
VEST 3.0 includes a mapper that converts the a VEST system design into an XML
configuration file. The XML configuration file can then be used to execute the system
design on the Boeing Boldstroke OEP platform. The XML file is generated by an
interpreter that can be invoked from the toolbar.
Running the XML configuration mapper is very simple. Follow these steps:
 Click on the XML Output interpreter icon
o A File Selector dialog box will appear
 Select the location where you would like to store the output file
 Click “OK”
Once your output file is generated, you can view its contents using an XML compatible
editor or browser.
Currently, the Boeing Boldstroke OEP is not available and hence the XML output file
cannot be executed on your machine. Once the OEP becomes available for installation on
your machine, you can then execute the system design on your machine.
The VEST group has successfully executed Product Scenario 3.2 on the Boeing OEP
platform using the XML output. This was performed on a machine at Boeing itself where
the OEP is currently available.

VEST Users Manual 51

9 Appendix 3: RT Scheduling API
To allow third-party developers incorporate their own scheduling algorithms into the
VEST tool, VEST 3.0 provides a RT Scheduling API. There are many unnecessary low-
level details in the GME API. With the help of a high-level interface, third-party
developers only need to worry about these high-level semantics for scheduling.

Whenever schedulability analysis is performed on a system design, VEST sweeps the

model and generates a calling-graph. The calling-graph is a data structure that represents
the relationship of the tasks in the system design. Third-party developers can incorporate
their scheduling algorithms into VEST by manipulating this calling-graph. The high-level
VEST scheduling API provides an interface to the calling-graph.

A task is defined as an execution unit. It has properties of period, execution time, start
time (offset) and deadline. A collection of tasks is called a task set. The reason for using
task sets is that there could be multiple starting tasks and ending tasks. Also, it is possible
for a parent task to have multiple children and for a child task to have multiple parents.

The calling-graph is represented by a class called callinggraph in VEST. It provides the

following interface:

Vest_taskset get_calling_graph()
Get the set of starting tasks

The initial construction of the calling graph takes place as follows. In the VEST/Boeing
model, every thread is triggered by a timer. The calling graph is constructed by following
the path of the timer. The callinggraph class contains a task set which includes references
to all the timers in the system.

A task is represented by a task class in VEST. A task set is represented by a STL set
called taskset. The task class includes, in addition to the above mentioned properties of
period, execution time, start time and deadline, two task sets called children and parents.
These task sets reflect the precedence of execution among the tasks in the system. The
task class provides the following interface:

 void set_period(period)
set the period of the task
 int get_period()
get the period of the task
 void set_wcet(wcet)
set the wcet of the task
 int get_wcet()
get the wcet of the task

VEST Users Manual 52

  void set_offset(offset)
set the offset of the task
 int get_offset()
get the offset of the task
 void set_deadline(deadline)
set the deadline of the task
 int get_deadline()
get the deadline of the task
 void set_processor(processor)
set the processor id of the task
 int get_processor()
get the processor id of the task
 vest_taskset get_parent()
get the set of parent tasks
 vest_taskset get_children()
get the set of children tasks
 int set_child(task)
set task passed in to be a child of THIS
 int remove_child(task)
remove the parent-child relationship between THIS and the task passed in
 int create_task()
 int remove_task(task)

When the developer wants to design a new scheduling algorithm using VEST, he can first
initiate the calling graph, which collects the necessary scheduling information from the
model. Then, the developer uses the methods provided by the task class to visit the
calling graph.

The implementation of calling graph is available in callinggraph.h, callinggraph.cpp. All

scheduling algorithms (for example, rma.h, rma.cpp) in VEST have used this interface.

VEST Users Manual 53

10 Appendix 4: VPAL BNF Specification

<statement_list> = <statement_list> <statement> ”;”

<statement> = <get_statement>
| <set_statement>
| <create_statemnt>
| <delete_statement>

<get_statement> = GET <Variable> “=” <get_expression>

| GET <Variable> “=” <Variable>“.”“(“
<get_expression>“)”

<set_statement> = SET <Variable>“.”“(“ <set_expression> “)”

<create_statement> = CREATE <create_expression>

<delete_statement> = PDELETE <delete_expression>

<create_expression> = <Variable> “=” “(“ STRING “,”

<create_sub_expression> “)”
| <Variable> “.” “(“ <Relation> “,”
<create_sub_ref_expression> “)”

<create_sub_expression> = <ObjectType> “=” <Value> “,” <create_sub_expression>

| <ObjectType> “=” <Value>

<create_sub_ref_expression> = <Variable>
| <ObjectType> “==” STRING

<delete_expression> = <Variable>
| <Variable> “.” <Relation>

<set_expression> = “(“ <set_expression> “)”

| <ObjectType> “=” <Value> “,” <set_expression >
| <ObjectType> “=” <Value>

<get_expression> = “(“ <get_expression> “)”

| <get_expression> AND <get_expression>
| <get_expression> OR <get_expression>
| NOT <get_expression>
| <ObjectType> “==” <Value>
| <ObjectType> “==” <Value> “,”
<ObjectType> “==” <Value>
| <Variable> <Relation> <Variable>

VEST Users Manual 54

<Relation> = “[“ <Function_Type> “,” <Mapping_Type> “=”
<Relation_Type> “,” STRING “]”

<Mapping_Type> = $DR // Direct Relation

| $IR // Indirect Relation

<Relation_Type> = $CONT // Containment

| $REF // Reference
| $CONN // Connection

<Function_Type> = $ONEONE // One-to-one

| $ONEMANY // One-to-many
| $MANYTOONE // Many-to-one
| $MANYMANY // Many-to-many

<ObjectType> = CT // Component type

| CN // Component name
| PN // Property Name
| PV // Property Value

<Variable> = '$' STRING // Return variable

| STRING

<Value> = INTEGER
| STRING
| “*” // For wildcard specification
| <scalar_exp>

<scalar_exp> = <scalar_exp> “+” <scalar_exp>

| <scalar_exp> “-“ <scalar_exp>
| <scalar_exp> ”*” <scalar_exp>
| <scalar_exp> “/” <scalar_exp>
| “-“ <scalar_exp>
| “+” <scalar_exp>
| “(“ <scalar_exp> “)”
| <ObjectType>
| INTEGER

VEST Users Manual 55

11 Appendix 5: Designing Prism Systems in VEST
Due to the incompatibility of the VEST metamodel with the Prism architecture, there are
certain assumptions that a designer should make when designing Prism systems in VEST.
In VEST, the software, hardware, OS and middleware layers of the system design are
specified separately. This discussion focuses on the software and hardware layers.

11.1 Hardware Layer

The hardware layer has only one level of abstraction. Designing the hardware layer is
fairly simple. Each of the components in this layer represents an actual hardware
component. Connections between components represent a concrete relationship. For
example, Figure 11 -36 represents a hardware design in VEST with three components –
Processor, Memory and Non-volatile Memory (NVM). The connections here imply that
components M1 and NVM 1 are associated with Processor P1.

Figure 11-36

11.2 Software Layer

The software layer, on the other hand, has two levels of abstraction. The highest level
(called Level 1 henceforth) of abstraction is for representing functional software
components. The second level (Level 2) of abstraction defines the real functionality of
the components in Level 1 such as event channels, whether the component is triggered by
a timer, etc. Connections between components in Level 1 represent relationships between
functional software components. Connections between components in Level 2 define the
internal operation and characteristics of the component in Level 1. For example, Figure
11 -37 shows a Level 1 software design that represents Product Scenario 3.1 [3]. The
dashed line between WAYPOINT_PROXY and WAYPOINT represents a ProxyOf
relationship. Figure 11 -38 shows a Level 2 design of the subcomponents of the
PILOT_CONTROL component of Level 1. This design specifies for PILOT_CONTROL
its processor assignment, event channels and that it is timer triggered. A detailed

VEST Users Manual 56

discussion of how each of these is constructed in VEST follows. It is important that the
software layer is represented as described here as all the analyses in VEST work on the
basis of these assumptions.

Figure 11-37

Figure 11-38

Before proceeding with the detailed descriptions, it would be useful to familiarize

yourself with Product Scenario 3.1. The discussion below assumes you have an
understanding of this product scenario.

VEST Users Manual 57

 Figure 11-39

11.2.1 Event Channels

An event channel consists of a chain of event supplier-consumer links. An event channel

is triggered by a timer and represents one thread of execution in the system. An event
supplier in VEST is represented by the “EventSupplied” component in the software layer.
Event consumers are represented by the “EventConsumable” component. Event suppliers
and consumers within the same functional software component can be connected directly.
However, if an event supplier and consumer pair lie in different software components,
they need to be linked using an EventEventReference. For example, in Figure 11 -38,
event supplier idPublishPort1 in the PILOT_CONTROL component is connected to
event supplier idSubscribePort1 in the WAYPOINT_PROXY component (see Figure
11 -39) through its connection to the EventEventReference component.

EventConsumable components either trigger other event supplier-consumer links or

connect to a Method component. For example, in the WAYPOINT_PROXY component
(see Figure 11 -39), event consumer idSubsribePort1 triggers event supplier
idPublishPort2 which connects to an event consumer in WAYPOINT through an
EventEventReference. In Figure 11 -38, event consumer idSubscribePort65637100 on
the other hand, calls method PilotMethod whenever it receives an event.

11.2.2 Recepticles/Facets

A Recepticle relationship is specified in Level 1 of a software design. A connection of

type ContainsInRecepticle between 2 software components implies that the first
component contains the second component in its receptacle. For example, in Figure 11 -
36, the connections from PILOT_CONTROL and FLT_PLAN_DISPLAY to
WAYPOINT_PROXY are of type ContainsInRecepticle and implies that both
PILOT_CONTROL and FLT_PLAN_DISPLAY contain WAYPOINT_PROXY in their
receptacles. <<How do we specify facet relationships?>>

VEST Users Manual 58

11.2.3 Processor Mappings

Mapping a software component to a processor is fairly simple. A Level 1 software

component is mapped to a processor using a ComponentProcessorReference defined in
Level 2 of that component. For example, Figure 11 -38 contains a
ComponentProcessorReference for the PILOT_CONTROL component. Double-clicking
on this reference takes you to the processor component that PILOT_CONTROL is
mapped to in the hardware layer.

11.2.4 Specifying Timeouts

Specifying a timeout interval for some event channel in a Prism design involves defining
only one SWTimer component. The SWTimer component is defined in Level 2 of the
software component that is triggered by a timer. The timer should be connected to an
event supplier component that is the start of an event channel. For example, in Figure 11
-38, timer PilotTimer is connected to event supplier idPublishPort1 which is the start of
an event channel in Product Scenario 3.1. The frequency attribute of the SWTimer
determines the timeout interval for the event channel.

VEST Users Manual 59