A domain-specific language for task handlers generation, applying discrete controller synthesis

We propose a simple programming language, called Nemo, specific to the domain of multi-task real-time embedded systems, such as in robotic, automotive or avionics systems. It can be used to specify a set of resources with usage constraints, a set of tasks that consume them according to various modes, and applications sequencing the tasks. We obtain automatically an application-specific task handler that correctly manages the constraints (if there exists one), through a compilation-like process including a phase of discrete controller synthesis. This way, this formal technique contributes to the safety of the designed systems, while being encapsulated in a tool that makes it usable by end-users and application experts. Our approach is based on the synchronous modelling techniques, languages and tools

A Domain-Specific Language for Multitask Systems, Applying Discrete Controller Synthesis

International audienceWe propose a simple programming language, called Nemo, specific to the domain of multitask real-time control systems, such as in robotic, automotive, or avionics systems. It can be used to specify a set of resources with usage constraints, a set of tasks that consume them according to various modes, and applications sequencing the tasks. We automatically obtain an application-specific task handler that correctly manages the constraints (if there exists one), through a compilation-like process including a phase of discrete controller synthesis. This way, this formal technique contributes to the safety of the designed systems, while being encapsulated in a tool that makes it usable by application experts. Our approach is based on the synchronous modelling techniques, languages, and tools

A formal approach for the synthesis and implementation of fault-tolerant industrial embedded systems

International audienceWe demonstrate the feasibility of a complete workflow to synthesize and implement correct-by-construction fault tolerant distributed embedded systems consisting of real-time periodic tasks. Correct-by-construction is provided by the use of discrete controller synthesis (DCS), a formal method thanks to which we are able to guarantee that the synthesized controlled system guarantees the functionality of its tasks even in the presence of processor failures. For this step, our workflow uses the Heptagon domain specific language and the Sigali DCS tool. The correct implementation of the resulting distributed system is a challenge, all the more since the controller itself must be tolerant to the processor failures. We achieve this step thanks to the libDGALS real-time library (1) to generate the glue code that will migrate the tasks upon processor failures, maintaining their internal state through migration, and (2) to make the synthesized controller itself fault-tolerant

Control of Autonomic Parallelism Adaptation on Software Transactional Memory

International audienceParallel programs need to manage the trade-off between the time spent in synchronization and computation. A high parallelism may decrease computing time while increase synchronization cost among threads. A way to improve program performance is to adjust parallelism to balance conflicts among threads. However, there is no universal rule to decide the best parallelism for a program from an offline view. Furthermore, an offline tuning is error-prone. Hence, it becomes necessary to adopt a dynamic tuning-configuration strategy to better manage a STM system. Software Transactional Memory (STM) has emerged as a promising technique, which bypasses locks, to address synchronization issues through transactions. Autonomic computing offers designers a framework of methods and techniques to build automated systems with well-mastered behaviours. Its key idea is to implement feedback control loops to design safe, efficient and predictable controllers, which enable monitoring and adjusting controlled systems dynamically while keeping overhead low. We propose to design feedback control loops to automate the choice of parallelism level at runtime to diminish program execution time

Autonomic Parallelism and Thread Mapping Control on Software Transactional Memory

International audienceParallel programs need to manage the trade-offbetween the time spent in synchronization and computation.The time trade-off is affected by the number of active threadssignificantly. High parallelism may decrease computing time whileincrease synchronization cost. Furthermore thread locality ondifferent cores may impact on program performance too, asthe memory access time can vary from one core to anotherdue to the complexity of the underlying memory architecture.Therefore the performance of a program can be improved byadjusting the number of active threads as well as the mapping ofits threads to physical cores. However, there is no universal rule todecide the parallelism and the thread locality for a program froman offline view. Furthermore, an offline tuning is error-prone.In this paper, we dynamically manage parallelism and threadlocalities. We address multiple threads problems via SoftwareTransactional Memory (STM). STM has emerged as a promisingtechnique, which bypasses locks, to address synchronization issuesthrough transactions. Autonomic computing offers designers aframework of methods and techniques to build autonomic systemswith well-mastered behaviours. Its key idea is to implementfeedback control loops to design safe, efficient and predictablecontrollers, which enable monitoring and adjusting controlledsystems dynamically while keeping overhead low. We propose todesign a feedback control loop to automate thread managementat runtime and diminish program execution time

A formal approach for the synthesis and implementation of fault-tolerant industrial embedded systems

International audienceWe demonstrate the feasibility of a complete workflow to synthesize and implement correct-by-construction fault tolerant distributed embedded systems consisting of real-time periodic tasks. Correct-by-construction is provided by the use of discrete controller synthesis (DCS), a formal method thanks to which we are able to guarantee that the synthesized controlled system guarantees the functionality of its tasks even in the presence of processor failures. For this step, our workflow uses the Heptagon domain specific language and the Sigali DCS tool. The correct implementation of the resulting distributed system is a challenge, all the more since the controller itself must be tolerant to the processor failures. We achieve this step thanks to the libDGALS real-time library (1) to generate the glue code that will migrate the tasks upon processor failures, maintaining their internal state through migration, and (2) to make the synthesized controller itself fault-tolerant

Synchronous Control of Reconfiguration in Fractal Component-based Systems -- a Case Study

In the context of component-based embedded systems, the management of dynamic reconfiguration in adaptive systems is an increasingly important feature. The Fractal component-based framework, and its industrial instantiation MIND, provide for support for control operations in the lifecycle of components. Nevertheless, the use of complex and integrated architectures make the management of this reconfiguration operations difficult to handle by programmers. To address this issue, we propose to use Synchronous languages, which are a complete approach to the design of reactive systems, based on behavior models in the form of transition systems. Furthermore, the design of closed-loop reactive managers of reconfigurations can benefit from formal tools like Discrete Controller Synthesis. In this paper we describe an approach to concretely integrate synchronous reconfiguration managers in Fractal component-based systems. We describe how to model the state space of the control problem, and how to specify the control objectives. We describe the implementation of the resulting manager with the Fractal/Cecilia programming environment, taking advantage of the Comete distributed middleware. We illustrate and validate it with the case study of the Comanche HTTP server on a multi-core execution platform.Dans le contexte des composants pour systèmes embarqués, la gestion de la reconfiguration dynamique devient de plus en plus importante. Le modèle à composants Fractal et son implémentation MIND, fournissent des moyens de contrôle de cycle de vie des composants ainsi que des moyen pour le contrôle des architectures. L'utilisation des architectures intégrées de plus en plus complexes, rend la gestion des opérations de reconfiguration difficile à maintenir par le programmeur. Cette gestion devient plus complexe quand des propriétés globales sur le systèmes doivent être assurées. Nous proposons d'utiliser des langages synchrones réactifs, reposant sur des modèles comportementaux sous la forme de systèmes de transitions. De plus, notre approches, qui produit un manager synchrone pour la reconfiguration dynamique profite des techniques formelles comme la Synthèse de Contrôleurs Discrets. Ce papier décrit l'intégration concrète d'un manager synchrone pour la reconfiguration de systèmes-à-composants Fractal. Nous détaillerons notre approche en commençant par la partie modélisation du problème de contrôle sous forme d'espace d'états de configurations, ainsi que la description des propriétés de contrôle. Ensuite, nous aborderons la partie implémentation du manager résultant en Fractal/Cecilia et son intégration dans des applications Fractal distribuées en utilisant le middleware Comete. Nous validerons notre approche au moyen d'un cas d'étude sur le serveur HTTP Comanche sur une plateforme d'exécution multicoeurs

Modular and Hierarchical Discrete Control for Applications and Middleware Deployment in IoT and Smart Buildings

International audienceIn the Internet of Things (IoT) and Smart Homes and Buildings, sensors and actuators are controlled through a management software, that runs on a distributed network of heterogeneous processors. Such management systems have to be self-adaptive w.r.t. different aspects, at applications level (functionalities) as well as deployment level (software tasks, execution platform). Holding a well-mastered and safe behaviour of the overall system, in presence of these concurrent adaptations, is a complex control problem. We approach this problem by applying techniques from the area of Supervisory Control for Discrete Event Systems (DES), where the space of configurations at the different levels are modeled with automata. We use programming language support tools, Heptagon/BZR and ReaX, to build up a design environment for the considered application domain. This paper contributes with (i) generic behavioural models for both the applicative and deployment aspects of systems; (ii) applications of Discrete Controller Synthesis (DCS) to design controllers, especially modular and hierarchical control structures; (iii) an implemented case study

Discrete Control of Response for Cybersecurity in Industrial Control

International audienceCybersecurity in Industrial Control Systems (ICS) is a crucial problem, as recent history has shown. A notable characteristic of ICS, compared to Information Technology, is the necessity to take into account the physical process, and its specific dynamics and effects on the environment, when considering cybersecurity issues. Intrusion Detection Systems have been studied extensively. In our work, we address the less classic topic of response mechanisms, and their automation in a self-protection feedback loop. More precisely, we address self-protection seen as resilience, where the functionality of the system is maintained under attacks, be it in a degraded mode. We model this as a Discrete Event Systems supervisory control problem, involving a model of the plant's possible behaviors, a model of considered attacks, and a formulation of the control objectives. We consider a case study, and perform a prototype implementation and simulation, using the Heptagon/BZR programming language and compiler/code generator, and targeting a multi-PLC experimental platform