The safety-critical system communities have been struggling to manage and maintain their legacy softwaresystems because upgrading such systems has been a complex challenge. To overcome or reduce this problem, reverse engineering has been increasingly used in safety-critical systems. This paper proposes C2AADL_Reverse, a model-driven reverse engineering approach for safety-critical software development and verification. C2AADL_Reverse takes multi-task C source code as input, and generates AADL (Architecture Analysis and Design Language) model of the legacy software systems. Compared with the existing works, this paper considers more reversed construction including AADL component structure, behavior, and multi-threaded run-time information. Moreover, two types of activities are proposed to ensure the correctness of C2AADL_Reverse. First, it is necessary to validate the reverse engineering process. Second, the generated AADL models should conform to desired critical properties. We propose the verification of the reverse-engineered AADL model by using UPPAAL to establish component-level properties and the Assume Guarantee REasoning Environment (AGREE) to perform compositional verification of the architecture. This combination of verification tools allows us to iteratively explore design and verification of detailed behavioral models, and to scale formal analysis to large models. In addition, the prototype tool and the evaluation of C2AADL_Reverse using a real-world aerospace case study are presented.

安全关键系统社区一直在努力管理和维护其遗留软件系统，因为升级此类系统一直是一项复杂的挑战。为了克服或减少这个问题，逆向工程越来越多地用于安全关键系统。本文提出了C2AADL_Reverse，这是一种用于安全关键软件开发和验证的模型驱动逆向工程方法。C2AADL_Reverse以多任务 C 源代码为输入，生成遗留软件系统的 AADL（架构分析与设计语言）模型。与现有工作相比，本文考虑了更多的逆向构造，包括 AADL 组件结构、行为和多线程运行时信息。此外，还提出了两种类型的活动来确保C2AADL_Reverse的正确性. 首先，有必要验证逆向工程过程。其次，生成的 AADL 模型应符合所需的关键属性。我们建议通过使用 UPPAAL 建立组件级属性和假设保证推理环境 (AGREE) 来执行架构的组合验证来验证逆向工程 AADL 模型。这种验证工具的组合使我们能够反复探索详细行为模型的设计和验证，并将形式分析扩展到大型模型。此外，还介绍了原型工具和使用真实航空航天案例研究对C2AADL_Reverse的评估。