A Generic Model of Contracts for Embedded Systems

We present the mathematical foundations of the contract-based model developed in the framework of the SPEEDS project. SPEEDS aims at developing methods and tools to support "speculative design", a design methodology in which distributed designers develop different aspects of the overall system, in a concurrent but controlled way. Our generic mathematical model of contract supports this style of development. This is achieved by focusing on behaviors, by supporting the notion of "rich component" where diverse (functional and non-functional) aspects of the system can be considered and combined, by representing rich components via their set of associated contracts, and by formalizing the whole process of component composition

A model to analyse the causality in synchronous real time systems

Disponible dans les fichiers attachés à ce documen

Some Algebraic Aspects of Assume-Guarantee Reasoning

We present the algebra of assume-guarantee (AG) contracts. We define contracts, provide new as well as known operations, and show how these operations are related. Contracts are functorial: any Boolean algebra has an associated contract algebra. We study monoid and semiring structures in contract algebra -- and the mappings between such structures. We discuss the actions of a Boolean algebra on its contract algebra

Synchronous programming with events and relations: the SIGNAL language and its semantics

AbstractIn this paper, systems which interact permanently with their environment are considered. Such systems are encountered, for instance, in real-time control or signal processing systems, C3-systems, man-machine interfaces, to mention just a few. The design and implementation of such systems require a concurrent programming language which can be used to verify and synthesize the synchronization mechanisms, and to perform transformations of the concurrent source code to match a particular target architecture. Synchronous languages are convenient tools for such a purpose: they rely on the assumption that: (1) internal actions of synchronous systems are instantaneous, and (2) communication with the environment is performed via instantaneous flashes involving some external stimuli. In this paper, we present a synchronous programming language: SIGNAL. A SIGNAL program specifies dynamical relations between (internal and external) signal flows. The SIGNAL compiler checks deadlock and determinism of the program, and produces an intermediate level code equivalent to a nested family of concurrent automata. The compilation algorithm is supported by: (1) a behavioural semantics of SIGNAL programs in terms of conditional rewriting rules, (2) the coding of this semantics into the skew product of a dynamical system over the field of integers modulo 3 and directed graphs, (3) an algebraic algorithm to transform the above coding into an equivalent executable one, which provides by the way an execution semantics of the language. We briefly discuss the implementation aspects, and explain the capabilities and limitations of the current version of the SIGNAL compiler

A Unifying View of Loosely Time-Triggered Architectures

Cyber-Physical Systems require distributed architectures to support safety critical real-time control. Hermann Kopetz' Time-Triggered Architecture (TTA) has been proposed as both an architecture and a comprehensive paradigm for systems architecture, for such systems. TTA offers the programmer a logical discrete time compliant with synchronous programming, together with timing bounds. A clock synchronization protocol is required, unless the local clocks used themselves provide the recquired accuracy. To relax the strict requirements on synchronization imposed by TTA, Loosely Time-Triggered Architectures (LTTA) have been proposed. In LTTA, computation and communication units are all triggered by autonomous, unsynchronized, clocks. Communication media act as shared memories between writers and readers and communication is non blocking. This is at the price of communication artifacts (such as duplication or loss of data), which must be compensated for by using some "LTTA protocol". In this paper we pursue our previous work by providing a unified presentation of the two variants of LTTA (token- and time-based), with simplified analyses. We compare these two variants regarding performance and robustness and we provide ways to combine them. This report was prepared for a lecture in Gérard Berry's seminar series at the Collège de France, March 5, 2014; it is a corrected version of a paper, which appeared at Emsoft'2010. It is dedicated to our close friend Paul Caspi who died in April 2012.Les infrastructures de calcul distribuées pour le contrôle des systèmes embarqués critiques requièrent des propriétés particulières destinées à préserver les caractéristiques attendues du contrôleur. Les architectures TTA (Time-Triggered Architectures) ont été proposées par Hermann Kopetz, à la fois comme une architecture de calcul et comme une méthodologie de conception des systèmes. TTA offre au programmeur un temps logique conforme à celui de la programmation synchrone, avec en outre un contrôle strict du temps. Il requiert un protocole de synchronisation entre les horloges du système réparti. Pour affaiblir ces hypothèses, les architectures LTTA (Loosely Time-Triggered Architectures) ont été proposées récemment. Dans LTTA, les calculs et les communications sont rythmées par des horloges locales, non synchronisées. Les supports de communication se comportent comme des mémoires partagées. La communication est donc non-bloquante. Ce type de communiccation crée évidemment des artefacts à combattre par un protocole dit "LTTA". Dans cet article nous présentons une approche unifiée des deux techniques connues pour ce type de protocole, reposant sur l'usage, soit de jetons, soit du temps. On compare ces deux variantes et on étudie leur performance. Le présent rapport est une version corrigée d'un article paru à Emsoft'2010. Il est dédié à notre très cher ami Paul Caspi, décédé en Avril 2012

Monotony in Service Orchestrations

Web Service orchestrations are compositions of different Web Services to form a new service. The services called during the orchestration guarantee a given performance to the orchestrater, usually in the form of contracts. These contracts can be used by the orchestrater to deduce the contract it can offer to its own clients, by performing contract composition. An implicit assumption in contract based QoS management is: "the better the component services perform, the better the orchestration's performance will be". Thus, contract based QoS management for Web services orchestrations implicitly assumes monotony. In some orchestrations, however, monotony can be violated, i.e., the performance of the orchestration improves when the performance of a component service degrades. This is highly undesirable since it can render the process of contract composition inconsistent. In this paper we define monotony for orchestrations modelled by Colored Occurrence Nets (CO-nets) and we characterize the classes of monotonic orchestrations. We show that few orchestrations are indeed monotonic, mostly since latency can be traded for quality of data. We also propose a sound refinement of monotony, called conditional monotony, which forbids this kind of cheating and show that conditional monotony is widely satisfied by orchestrations. This finding leads to reconsidering the way SLAs should be formulated

Semantics of multi-mode DAE systems

Deliverable D.4.1.1 of the ITEA2 Modrio collaborative projectHybrid systems modelers exhibit a number of difficulties related to the mix of continuous and discrete dynamics and sensitivity to the discretization scheme. Modular modeling, where subsystems models can be simply assembled with no rework, calls for using Differential Algebraic Equations (DAE). In turn, DAE are strictly more difficult than ODE. They require sophisticated pre-processing using various notions of index before they can be submitted to a solver. In this report we study some fundamental issues raised by the modeling and simulation of hybrid systems involving DAEs. The objective of this work is to serve for the evolution and the design of future releases of the Modelica language for such systems. We focus on the following questions: * What is the proper notion of index for a hybrid DAE system? * What are the primitive statements needed for a DAE hybrid systems modeler? The differentiation index for DAE explicitly relies on everything being differentiable. Therefore, generalizations to hybrid systems must be done with caution. We propose relying on non-standard analysis for this. Non-standard analysis formalizes differential equations as discrete step transition systems with infinitesimal time basis. We can thus bring hybrid DAE systems to their nonstandard form, where the notion of difference index can be firmly used. From this study, general hints for future releases of Modelica can be drawn

Branching cells as local states for event structures and nets: probabilistic applications

International audienceWe study the concept of choice for true concurrency models such as prime event structures and safe Petri nets. We propose a dynamic variation of the notion of cluster previously introduced for nets. This new object is defined for event structures, it is called a branching cell. Our aim is to bring an interpretation of branching cells as a right notion of “local state”, for concurrent systems. We illustrate the above claim through applications to probabilistic concurrent models. We propose a construction for probabilities over so-called locally finite event structures that makes concurrent processes probabilistically independent—simply attach a dice to each branching cell; dices attached to concurrent branching cells are thrown independently. Furthermore, we provide a true concurrency generalization of Markov chains, called Markov nets. Unlike in existing variants of stochastic Petri nets, our approach randomizes Mazurkiewicz traces, not firing sequences. We show in this context the Law of Large Numbers (LLN), which confirms that branching cells deserve the status of local state

Multiscale statistical signal processing

Résumé disponible dans les fichiers attachés à ce documen

Concurrency, sigma-algebras and probabilistic fairness

International audienceWe give an interpretation through sigma-algebras of phenomena encountered in concurrency theory when dealing with "infinite confusion"--the extreme opposite of confusion-free event structures. The set of runs of a safe Petri net is equipped with its Borel sigma-algebra F. The fine structure of F describes the complexity of choices along runs, and we show that a transfinite induction of finite degree is needed to explore all choices of runs in general. The degree is minimal (zero) when confusion is bounded, corresponding to the classes of confusion free and locally finite event structures. We relate this construction to probabilistic fairness by showing how to randomize the net equipped with its Borel sigma-algebra by using only the first step of our decomposition, and making it thus more effective. Hence the serious difficulty brought by the above transfiniteness in the application of Kolmogorov extension theorem is bypassed thanks to probabilistic fairnes