From Lustre to Simulink: reverse compilation for verifying Embedded Systems Applications

Model-based design is now unavoidable when building embedded systems and more specifically controllers. Among the available model languages, the synchronous dataflow paradigm, as implemented in languages such as Matlab Simulink or ANSYS Scade, has become predominant in the critical embedded system industries. Both of these frameworks are used to design the controller itself but also provide code generation means, enabling faster deployment to target and easier V\&V activities performed earlier in the design process, at model level. Synchronous models also ease the definition of formal specification through the use of synchronous observers, attaching requirements to the model in the very same language, mastered by engineers and tooled with simulation means or code generation. However, few works address the automatic synthesis of Matlab Simulink annotations from lower level models or code. We present here a compilation process from Lustre models to genuine Matlab Simulink, without the need to rely on external C functions or Matlab functions. This re-engineering is then used to validate a compilation tool-chain, mapping Simulink to Lustre and then C, thanks to equivalence testing and checking. This backward-compilation from Lustre to Simulink also provides the ability to produce automatically Simulink components modeling specification, proof arguments or test cases coverage criteria

Automated analysis of Stateflow models

International audienceStateflow is a widely used modeling framework for embedded and cyberphysical systems where control software interacts with physical processes. In this work, we present a framework and a fully automated safety verification technique for Stateflow models. Our approach is two-folded: (i) we faithfully compile Stateflow models into hierarchical state machines, and (ii) we use automated logic-based verification engine to decide the validity of safety properties. The starting point of our approach is a denotational semantics of Stateflow. We propose a compilation process using continuation-passing style (CPS) denotational semantics. Our compilation technique preserves the structural and modal behavior of the system. The overall approach is implemented as an open source toolbox that can be integrated into the existing Mathworks Simulink/Stateflow modeling framework. We present preliminary experimental evaluations that illustrate the effectiveness of our approach in code generation and safety verification of industrial scale Stateflow models