Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Open Source Tools

The SEI makes available the Open Source AADL Tool Environment (OSATE), a set of analysis plug-ins for the system representations developed using the industry standard Architecture Analysis and Design Language (AADL). OSATE is a low-entry-cost solution based on Eclipse and the Eclipse Modeling Framework.

Plug-in Analysis

The SEI established OSATE and continues to develop a series of plug-ins to provide a toolset for the front-end processing of AADL models. The available plug-ins include the following:

  • error modeling: The Error Model plug-in implements the Error Model Annex to the AADL. This plug-in provides the front-end components (i.e., a parser, semantic checker, persistent save as XML file, and unparser [XML–>text]). For more information, see <
  • resource budgeting: The Resource Budget and Allocations Analysis plug-in allows users to perform resource budgeting for processors, memory, and network bandwidth and analyze whether the capacity is exceeded by the budgets. Users can then define allocation of application components to the execution platform and revisit the resource budgets in terms of those allocations.
  • required connection checking: The Required_Connection property is a predeceased AADL property for ports. Its value is true if a port must always be connected. For more information, see
  • stream miss rate checking: The Stream Miss Rate Checking plug-in checks whether the miss rates in streams communicated through ports are consistent (i.e., the miss rate of an out port does not exceed the miss rate of an in port). The miss rate of an out port represents the maximum miss rate of the generated stream through this port. The miss rate in an in port represents the maximum miss rate that a component expects and is willing to handle. For more information,
  • security level checking: The Security Level Checking plug-in performs two functions: (1) it ensures that a component has a security level that is the maximum of the security levels of its subcontinents and (2) it checks for all connections whether the source component of a connection declaration has a security level that is the same or lower than that of the destination component. For more information, see
  • safety criticality level checking: The Safety Criticality Level Analysis plug-in checks whether the safety criticality level of a component with an outgoing connection is higher than or equal to the safety criticality level of the component at the destination end of the connection. The idea is that a component with lower safety criticality should not drive the operation of a component with a higher safety criticality.
  • flow latency analysis: The Flow Latency Analysis plug-in determines the latency of flow implementations declared for components and compares it to the latency specified by the corresponding flow specification of the component. The analysis plug-in performs this check for all flow implementations and their corresponding flow specifications for all component classifier declarations. For more information, see
  • Meta generation: The Meta Generation plug-in generates a textual Meta model from an AADL object model. The generator is currently limited to non-modal AADL models. For more information, see
  • priority inversion: The Priority Inversion Checker plug-in checks AADL instance models for priority inversion. It does so for AADL instance models that contain periodic threads with explicitly assigned priority through the property SEI::Priority and have an actual processor binding specified for threads.
  • application binding and scheduling analysis: The Application Binding & Scheduling Analysis plug-in interfaces with a Java-based implementation of Rate-Monotonic Analysis (MA) algorithm to provide scheduling analysis of independently executing periodic threads. It also interfaces with an implementation of a constraint-based resource that allocates processor, memory, and bus resources to application systems utilizing a binational approach. This resource management implementation is part of the Timeserver embedded systems engineering framework developed at Carnegie Mellon University (

Platform for Tool Integration

OSATE can also be used to develop tools that operate on AADL models, such as

  • an interface to an existing tool by exporting into a tool-specific model representation
  • an interface to a Java implementation of an analysis capability
  • an analysis that operates directly on an AADL model

More about OSATE