Modular interpretation of heterogeneous modeling diagrams into synchronous equations using static single assignment

The ANR project SPACIFY develops a domain-specific programming environment, Synoptic, to engineer embedded software for space applications. Synoptic is an Eclipse-based modeling environment which supports all aspects of aerospace software design. As such, it is a domain-specific environment consisting of heterogeneous modeling and programming principles defined in collaboration with the industrial partners and end users of the project : imperative synchronous programs, data-flow diagrams, mode automata, blocks, components, scheduling, mapping and timing. This article focuses on the essence and distinctive features of its behavioral or programming aspects : actions, flows and automata, for which we use the code generation infrastructure of the synchronous modeling environment SME. It introduces an efficient method for transforming a hierarchy of blocks consisting of actions (sequential Esterel-like programs), data-flow diagrams (to connect and time modules) and mode automata (to schedule or mode blocks) into a set of synchronous equations. This transformation minimizes the needed state variables and block synchronizations. It consists of an inductive static-single assignment transformation algorithm across a hierarchy of blocks that produces synchronous equations. The impact of this new transformation technique is twofold. With regards to code generation objectives, it minimizes the needed resynchronization of each block in the system with respects to its parents, potentially gaining substantial performance from way less synchronizations. With regards to verification requirements, it minimizes the number of state variables across a hierarchy of automata and hence maximizes model checking performances

Compositional design of isochronous systems

International audienceThe synchronous modeling paradigm provides strong correctness guarantees for embedded system design while requiring minimal environmental assumptions. In most related frameworks, global execution correctness is achieved by ensuring the insensitivity of (logical) time in the program from (real) time in the environment. This property, called endochrony or patience, can be statically checked, making it fast to ensure design correctness. Unfortunately, it is not preserved by composition, which makes it difficult to exploit with component-based design concepts in mind. Compositionality can be achieved by weakening this objective, but at the cost of an exhaustive state-space exploration. This raises a trade-off between performance and precision. Our aim is to balance it by proposing a formal design methodology that adheres to a weakened global design objective: the non-blocking composition of weakly endochronous processes, while preserving local design objectives for synchronous modules. This yields an effective and cost-efficient approach to compositional synchronous modeling

Modeling multi-clocked data-flow programs using the Generic Modeling Environment

International audienceThis paper presents Signal-Meta, the metamodel designed for the synchronous data-flow language Signal. It relies on the Generic Modeling Environment (GME), a configurable object-oriented toolkit that supports the creation of domain-specific modeling and program synthesis environments. The graphical description constitutes the base to build multi-clock environments, and a good front-end for the Polychrony platform. To complete this frontend, we develop a tool that transforms the graphical Signal-Meta specifications to the Signal code. This modeling paradigm constitutes a first work for generalizing the use of formal methods proposed by Polychrony

Polychronous Interpretation of Synoptic, a Domain Specific Modeling Language for Embedded Flight-Software

The SPaCIFY project, which aims at bringing advances in MDE to the satellite flight software industry, advocates a top-down approach built on a domain-specific modeling language named Synoptic. In line with previous approaches to real-time modeling such as Statecharts and Simulink, Synoptic features hierarchical decomposition of application and control modules in synchronous block diagrams and state machines. Its semantics is described in the polychronous model of computation, which is that of the synchronous language Signal.Comment: Workshop on Formal Methods for Aerospace (FMA 2009

System-level Co-simulation of Integrated Avionics Using Polychrony

International audienceThe design of embedded systems from multiple views and heterogeneous models is ubiquitous in avionics as, in partic- ular, different high-level modeling standards are adopted for specifying the structure, hardware and software components of a system. The system-level simulation of such composite models is necessary but difficult task, allowing to validate global design choices as early as possible in the system de- sign flow. This paper presents an approach to the issue of composing, integrating and simulating heterogeneous mod- els in a system co-design flow. First, the functional behavior of an application is modeled with synchronous data-flow and statechart diagrams using Simulink/Gene-Auto. The system architecture is modeled in the AADL standard. These high- level, synchronous and asynchronous, models are then trans- lated into a common model, based on a polychronous model of computation, allowing for a Globally Asynchronous Lo- cally Synchronous (GALS) interpretation of the composed models. This translation is implemented as an automatic model transformation within Polychrony, a toolkit for em- bedded systems design. Simulation, including profiling and value change dump demonstration, has been carried out based on the common model within Polychrony. An avionic case study, consisting of a simplified doors and slides control system, is presented to illustrate our approach

A Framework for Fixed Priority Periodic Scheduling Synthesis from Synchronous Data-flow Graphs

International audienceUnlabelled - Medicinally active compounds in the flavonoid class of phytochemicals are being studied for antiviral action against various DNA and RNA viruses. Quercetin is a flavonoid present in a wide range of foods, including fruits and vegetables. It is said to be efficient against a wide range of viruses. This research investigated the usefulness of Quercetin against Hepatitis C virus, Dengue type 2 virus, Ebola virus, and Influenza A using computational models. A molecular docking study using the online tool PockDrug was accomplished to identify the best binding sites between Quercetin and PubChem-based receptors. Network-pharmacological assay to opt to verify function-specific gene-compound interactions using STITCH, STRING, GSEA, Cytoscape plugin cytoHubba. Quercetin explored tremendous binding affinity against NS5A protein for HCV with a docking score of - 6.268 kcal/mol, NS5 for DENV-2 with a docking score of - 5.393 kcal/mol, VP35 protein for EBOV with a docking score of - 4.524 kcal/mol, and NP protein for IAV with a docking score of - 6.954 kcal/mol. In the network-pharmacology study, out of 39 hub genes, 38 genes have been found to interact with Quercetin and the top interconnected nodes in the protein-protein network were (based on the degree of interaction with other nodes) and Negative binding energies were noticed in Quercetin-receptor interaction. Results demonstrate that Quercetin could be a potential antiviral agent against these viral diseases with further study in models. Supplementary information - The online version contains supplementary material available at 10.1007/s40203-022-00132-2

Formal Verification of Synchronous Data-flow Program Transformations Toward Certified Compilers

International audienceTranslation validation was introduced in the 90's by Pnueli et al. as a technique to formally verify the correctness of code generators. Rather than certifying the code generator or exhaustively qualifying it, translation validators attempt to verify that program transformations preserve semantics. In this work, we adopt this approach to formally verify that the clock semantics and data dependence are preserved during the compilation of the Signal compiler. Translation validation is implemented for every compilation phase from the initial phase until the latest phase where the executable code is generated, by proving that the transformation in each phase of the compiler preserves the semantics. We represent the clock semantics, the data dependence of a program and its transformed counterpart as first-order formulas which are called Clock Models and Synchronous Dependence Graphs (SDGs), respectively. Then we introduce clock refinement and dependence refinement relations which express the preservation of clock semantics and dependence, as a relation on clock models and SDGs, respectively. Our validator does not require any instrumentation or modification of the compiler, nor any rewriting of the source program

Formal semantics of behavior specifications in the architecture analysis and design language standard

In system design, an architecture specification or model serves, among other purposes, as a repository to share knowledge about the system being designed. Such a repository enables automatic generation of analytical models for different aspects relevant to system design (timing, reliability, security, etc.). The Architecture Analysis and Design Language (AADL) is a standard proposed by SAE to express architecture specifications and share knowledge between the different stakeholders about the system being designed. To support unambiguous reasoning, formal verification, high-fidelity simulation of architecture specifications in a model-based AADL design workflow, we have defined a formal semantics for the behavior specification of the AADL, the presentation of this semantics is the aim of this paper

Verilog Code Generation Scheme from Signal Language

International audienceSignal is a high-level declarative data flow language and has been successfully used for the design and implementation of reactive safety-critical embedded systems. The verified automatic code can be generated for various languages (C, C++, and Java) from the open source Signal framework(Polychrony Toolset). However, open source tool for automatic code generation from Signal language to Hardware Description Languages (HDLs) is not available. In this paper, we present a methodology of code generation from Signal language to Verilog. Verilog code is generated from the transformed Signal program based on guard’s hierarchy and their associated sub-graph. Hardware structure is by default concurrent in nature; therefore, it is well-suited to generate code from Signal to HDL. It will provide more options for the designer when some part or complete application is required to be implemented in hardware