Polychronous Interpretation of Synoptic, a Domain Specific Modeling Language for Embedded Flight-Software

The SPaCIFY project, which aims at bringing advances in MDE to the satellite flight software industry, advocates a top-down approach built on a domain-specific modeling language named Synoptic. In line with previous approaches to real-time modeling such as Statecharts and Simulink, Synoptic features hierarchical decomposition of application and control modules in synchronous block diagrams and state machines. Its semantics is described in the polychronous model of computation, which is that of the synchronous language Signal.Comment: Workshop on Formal Methods for Aerospace (FMA 2009

Adaptivity in High-Performance Embedded Systems: a Reactive Control Model for Reliable and Flexible Design

International audienceSystem adaptivity is increasingly demanded in high-performance embedded systems, particularly in multimedia System-on-Chip (SoC), due to growing Quality of Service requirements. This paper presents a reactive control model that has been introduced in Gaspard, our framework dedicated to SoC hardware/software co-design. This model aims at expressing adaptivity as well as reconfigurability in systems performing data-intensive computations. It is generic enough to be used for description in the different parts of an embedded system, e.g. specification of how different data-intensive algorithms can be chosen according to some computation modes at the functional level; expression of how hardware components can be selected via the usage of a library of Intellectual Properties (IPs) according to execution performances. The transformation of this model towards synchronous languages is also presented, in order to allow an automatic code generation usable for formal verification, based of techniques such as model checking and controller synthesis as illustrated in the paper. This work, based on Model-Driven Engineering and the standard UML MARTE profile, has been implemented in Gaspard

SPaCIFY: a Formal Model-Driven Engineering for Spacecraft On-Board Software

International audienceThe aim of this article is to present a model- driven approach proposed by the SPaCIFY project for spacecraft on-board software development. This ap- proach is based on a formal globally asynchronous lo- cally synchronous language called Synoptic, and on a set of transformations allowing code generation and model verification

Polychronous mode automata

International audienceAmong related synchronous programming principles, the model of computation of the Polychrony workbench stands out by its capability to give high-level description of systems where each component owns a local activation clock (such as, typically,distributed real-time systems or systems on a chip). In order to bring the modeling capability of Polychrony to the context of a model-driven engineering toolset for embedded system design, we define a diagramic notation composed of mode automata and data-flow equations on top of the multi-clocked synchronous model of computation supported by the Polychrony workbench. We demonstrate the agility of this paradigm by considering the example of an integrated modular avionics application. Our presentation features the formalization and use of model transformation techniques of the GME environment to embed the extension of Polychrony's meta-model with mode automata

Adaptivity in High-Performance Embedded Systems: a Reactive Control Model for Reliable and Flexible Design

International audienceSystem adaptivity is increasingly demanded in high-performance embedded systems, particularly in multimedia System-on-Chip (SoC), due to growing Quality of Service requirements. This paper presents a reactive control model that has been introduced in Gaspard, our framework dedicated to SoC hardware/software co-design. This model aims at expressing adaptivity as well as reconfigurability in systems performing data-intensive computations. It is generic enough to be used for description in the different parts of an embedded system, e.g. specification of how different data-intensive algorithms can be chosen according to some computation modes at the functional level; expression of how hardware components can be selected via the usage of a library of Intellectual Properties (IPs) according to execution performances. The transformation of this model towards synchronous languages is also presented, in order to allow an automatic code generation usable for formal verification, based of techniques such as model checking and controller synthesis as illustrated in the paper. This work, based on Model-Driven Engineering and the standard UML MARTE profile, has been implemented in Gaspard

The Signal Synchronous Multiclock Approach to the Design of Distributed Embedded System

International audienceThis paper presents the design of distributed embedded systems using the synchronous multiclock model of the Signal language. It proposes a methodology that ensures a correct-by-construction functional implementation of these systems from high-level models. It shows the capability of the synchronous approach to apply formal techniques and tools that guarantee the reliability of the designed systems. Such a capability is necessary and highly worthy when dealing with safety-critical systems. The proposed methodology is demonstrated through a case study consisting of a simple avionic application, which aims to pragmatically help the reader to understand the manipulated formal concepts, and to apply them easily in order to solve system correctness issues encountered in practice. The application functionality is first modeled as well as its distribution on a generic hardware architecture. This relies on the endochrony and endo-isochrony properties of Signal specifications, defined previously. The considered architectures include asynchronous communication mechanisms, which are also modeled in Signal and proved to achieve message exchanges correctly. Furthermore, the synchronizability of the different parts in the resulting system is addressed after its deployment on a specific execution platform with multirate clocks. After all these steps, a distributed code can be automatically generated

Targeting Reconfigurable FPGA based SoCs using the MARTE UML profile: from high abstraction levels to code generation

International audienceAs SoC design complexity is escalating to new heights, there is a critical need to find adequate approaches and tools to handle SoC co-design aspects. Additionally, modern reconfigurable SoCs offer advantages over classical SoCs as they integrate adaptivity features to cope with mutable design requirements and environment needs. This paper presents a novel approach to address system adaptivity and reconfigurability. A generic model of reactive control is presented in a SoC codesign framework: Gaspard. Afterwards, control integration at different levels of the framework is illustrated for both functional specification and FPGA synthesis. The presented work is based on Model-Driven Engineering and the UML MARTE profile proposed by Object Management Group, for modeling and analysis of real-time embedded systems. The paper thus presents a complete design flow to move from high level MARTE models to code generation, for implementation of dynamically reconfigurable SoCs

Representation of synchronous, asynchronous, and polychronous components by clocked guarded actions

International audienceFor the design of embedded systems, many languages are in use, which are based on different models of computation such as event-, data-, and clock-driven paradigms as well as paradigms without a clear notion of time. Systems composed of such heterogeneous components are hard to analyze so that mainly co-simulation by coupling different simulators has been considered so-far. In this article, we propose clocked guarded actions as a unique intermediate representation that can be used as a common basis for simulation, analysis, and synthesis. We show how synchronous, (untimed) asynchronous, and polychronous languages can be translated to clocked guarded actions to demonstrate that our intermediate representation is powerful enough to capture rather different models of computation. Having a unique and composable intermediate representation of these components at hand allows one a simple composition of these components. Moreover, we show how clocked guarded actions can be used for verification by symbolic model checking and simulation by SystemC

Synchronous design of avionic applications based on model refinements

International audienceIn this article, we address the design of avionic applications based on an approach, which relies on model refinement. This study is done within the synchronous framework, which has solid mathematical foundations enabling formal methods for specification, verification and analysis, transformations, etc. In the proposed approach, we first consider a functional description of a given application using the SIGNAL language. This description is independent of a specific implementation platform. Then, some transformations that fully preserve the semantics of manipulated SIGNAL programs are applied to the description such that a representation reflecting an integrated modular avionics architecture results