Implementing Multi-Periodic Critical Systems: from Design to Code Generation

This article presents a complete scheme for the development of Critical Embedded Systems with Multiple Real-Time Constraints. The system is programmed with a language that extends the synchronous approach with high-level real-time primitives. It enables to assemble in a modular and hierarchical manner several locally mono-periodic synchronous systems into a globally multi-periodic synchronous system. It also allows to specify flow latency constraints. A program is translated into a set of real-time tasks. The generated code (\C\ code) can be executed on a simple real-time platform with a dynamic-priority scheduler (EDF). The compilation process (each algorithm of the process, not the compiler itself) is formally proved correct, meaning that the generated code respects the real-time semantics of the original program (respect of periods, deadlines, release dates and precedences) as well as its functional semantics (respect of variable consumption).Comment: 15 pages, published in Workshop on Formal Methods for Aerospace (FMA'09), part of Formal Methods Week 2009

A Case Study in Formal System Engineering with SysML

International audienceIn the development of complex critical systems, an important source of errors is the misinterpretation of system requirements allocated to the software, due to inadequate communication between system engineering teams and software teams. In response, organizations that develop such systems are searching for solutions allowing formal system engineering and system to software bridging, based on standard languages like SysML. As part of this effort, we have defined a formal profile for SysML (OMEGA SysML) and we have built a simulation and verification toolbox for this profile (IFx). This paper reports on the experience of modelling and validating an industry-grade system, the Solar Generation System (SGS) of the Automated Transfer Vehicle (ATV) built by Astrium, using IFx-OMEGA. The experience reveals what can currently be expected from such an approach and what are the weak points that should be addressed by future research and development

An ASN.1 compiler for embedded/space systems

International audienceThis paper presents ASN1SCC, an open source 2 ASN.1 compiler that generates C/C++ and SPARK/Ada code suitable for low resource environments such as space systems. Moreover, the compiler can produce a test harness that provides full statement coverage in the generated code, and therefore significantly improves its quality. This paper also presents ACN, a new ASN.1 encoding that allows protocol designers to completely control the format of the encoded ASN.1 stream and hence integrate ASN.1 applications with legacy ones. With ASN.1 and ACN, various space protocols such as PUS 3 can be modeled and with the usage of this ASN.1 compiler get automatic implementations of the encoders and decoders. Finally, the ASN.1 compiler can translate an ASN.1/ACN definition into an Interface Control Document (ICD), thus allowing interoperability with projects and people who don't know/use ASN.1

From Dataflow Specification to Multiprocessor Partitioned Time-triggered Real-time Implementation *

International audienceOur objective is to facilitate the development of complex time-triggered systems by automating the allocation and scheduling steps. We show that full automation is possible while taking into account the elements of complexity needed by a complex embedded control system. More precisely, we consider deterministic functional specifications provided (as often in an industrial setting) by means of synchronous data-flow models with multiple modes and multiple relative periods. We first extend this functional model with an original real-time characterization that takes advantage of our time-triggered framework to provide a simpler representation of complex end-to-end flow requirements. We also extend our specifications with additional non-functional properties specifying partitioning, allocation , and preemptability constraints. Then, weprovide novel algorithms for the off-line scheduling of these extended specifications onto partitioned time-triggered architectures à la ARINC 653. The main originality of our work is that it takes into account at the same time multiple complexity elements: various types of non-functional properties (real-time, partitioning, allocation, preemptability) and functional specifications with conditional execution and multiple modes. Allocation of time slots/windows to partitions can be fullyor partially provided, or synthesized by our tool. Our algorithms allow the automatic allocation and scheduling onto multi-processor (distributed) sys-tems with a global time base, taking into account communication costs. We demonstrate our technique on a model of space flight software systemwith strong real-time determinism requirements

Multi-task implementation of multi-periodic synchronous programs

International audienceThis article presents a complete scheme for the integration and the development of multi-periodic critical embedded systems. A system is formally specified as a modular and hierarchical assembly of several locally mono-periodic synchronous functions into a globally multi-periodic synchronous system. To support this, we introduce a real-time software architecture description language, named \prelude, which is built upon the synchronous languages and which provides a high level of abstraction for describing the functional and the real-time architecture of a multi-periodic control system. A program is translated into a set of real-time tasks that can be executed on a monoprocessor real-time platform with an on-line priority-based scheduler such as Deadline-Monotonic or Earliest-Deadline-First. The compilation is formally proved correct, meaning that the generated code respects the real-time semantics of the original program (respect of periods, deadlines, release dates and precedences) as well as its functional semantics (respect of variable consumption)

Supporting a Multi-formalism Model Driven Development Process with Model Transformation, a TOPCASED implementation

International audienceThe ASSERT (Automated proof based System and Software Engineering for Real-Time Applications) European Integrated Project (IST-FP6-004033, http://www.assert-project.net/) defined and experimented a multi formalism Model Driven Engineering (MDE) process, enforcing an approach with separated specification and refinement of functional and non-functional properties.• Functional specification, design and development is based on UML profiles to support AADL concepts [2] and behavioural specification.• Real time Architecture properties are based on extensions targeting Ravenscar Computing execution Model (RCM see [6]) constraints upon component interface and ports.• Model transformation is supporting correctness preserving rules towards a Virtual Machine execution environment or a verification dedicated environment.A tool chain called IDEA (Integrated Development Environment for ASSERT) supporting the process was developed by the CS ASSERT team on top of the Eclipse/TOPCASED environment allowing:• Integrated use of several formalisms in a development life-cycle (UML, AADL, IF[4]) .• Model transformation from UML to IF, AADL to RCM and RCM to Ada• Automated code generationThe approach experimented allows combined use of best suited formalisms and features for MDE developments. The TOPCASED tool proved to be a unique integrated toolset for prototyping UML and meta models supporting tools.The main feedback gained from applying the notations and approach on small to medium case studies is that UML profiling is not scalable, and that use of several Domain Specific Languages (DSL) seems far more suitable. Semantic clashes can be limited by raising the abstraction level, and by partitioning properties for verification

From dataflow specification to multiprocessor partitioned time-triggered real-time implementation

We consider deterministic functional specifications provided by means of synchronous data-flow models with multiple modes and multiple relative periods. These specifications are extended to include a real-time characterization defining task periods, release dates, and deadlines. Task deadlines can be longer than the period to allow a faithful representation of complex end-to-end flow requirements. We also extend our specifications with partitioning and allocation constraints. Then, we provide algorithms for the off-line scheduling of these specifications onto partitioned time-triggered architectures à la ARINC 653. Allocation of time slots/windows to partitions can be fully or partially provided, or synthesized by our tool. Our algorithms allow the automatic allocation and scheduling onto multi-processor (distributed) systems with a global time base, taking into account communication costs. We demonstrate our technique on a model of space flight software system with strong real-time determinism requirements

Automatic implementation of TTEthernet-based time-triggered avionics applications

International audienceThe design of safety-critical embedded systems such as those used in avionics still involves largely manual phases. But in avionics the definition of standard interfaces embodied in standards such as ARINC 653 or TTEthernet should allow the definition of fully automatic code generation flows that reduce the costs while improving the quality of the generated code, much like compilers have done when replacing manual assembly coding. In this paper, we briefly present such a fully automatic implementation tool, called Lopht, for ARINC653-based time-triggered systems, and then explain how it is currently extended to include support for TTEthernet networks

Minocycline-induced hypersensitivity syndrome presenting with meningitis and brain edema: a case report

<p/> <p>Background</p> <p>Hypersentivity Syndrome (HS) may be a life-threatening condition. It frequently presents with fever, rash, eosinophilia and systemic manifestations. Mortality can be as high as 10% and is primarily due to hepatic failure. We describe what we believe to be the first case of minocycline-induced HS with accompanying lymphocytic meningitis and cerebral edema reported in the literature.</p> <p>Case presentation</p> <p>A 31-year-old HIV-positive female of African origin presented with acute fever, lymphocytic meningitis, brain edema, rash, eosinophilia, and cytolytic hepatitis. She had been started on minocycline for inflammatory acne 21 days prior to the onset of symptoms. HS was diagnosed clinically and after exclusion of infectious causes. Minocycline was withdrawn and steroids were administered from the second day after presentation because of the severity of the symptoms. All signs resolved by the seventh day and steroids were tailed off over a period of 8 months.</p> <p>Conclusion</p> <p>Clinicians should maintain a high index of suspicion for serious adverse reactions to minocycline including lymphocytic meningitis and cerebral edema among HIV-positive patients, especially if they are of African origin. Safer alternatives should be considered for treatment of acne vulgaris. Early recognition of the symptoms and prompt withdrawal of the drug are important to improve the outcome.</p

Multidrug-resistant Acinetobacter Infection Mortality Rate and Length of Hospitalization

Acinetobacter infections have increased and gained attention because of the organism’s prolonged environmental survival and propensity to develop antimicrobial drug resistance. The effect of multidrug-resistant (MDR) Acinetobacter infection on clinical outcomes has not been reported. A retrospective, matched cohort investigation was performed at 2 Baltimore hospitals to examine outcomes of patients with MDR Acinetobacter infection compared with patients with susceptible Acinetobacter infections and patients without Acinetobacter infections. Multivariable analysis controlling for severity of illness and underlying disease identified an independent association between patients with MDR Acinetobacter infection (n = 96) and increased hospital and intensive care unit length of stay compared with 91 patients with susceptible Acinetobacter infection (odds ratio [OR] 2.5, 95% confidence interval [CI] 1.2–5.2 and OR 2.1, 95% CI 1.0–4.3] respectively) and 89 uninfected patients (OR 2.5, 95% CI 1.2–5.4 and OR 4.2, 95% CI 1.5–11.6] respectively). Increased hospitalization associated with MDR Acinetobacter infection emphasizes the need for infection control strategies to prevent cross-transmission in healthcare settings