Software product line for semantic specification of block libraries in dataflow languages

10 pagesDataflow modelling languages such as SCADE or Simulink are the de-facto standard for the Model Driven Development of safety critical embedded control and command systems. Software is mainly being produced by Automated Code Generators whose correctness can only be assessed meaningfully if the input language semantics is well known. These semantics share a common part but are mainly defined through block libraries. The writing of a complete formal specification for the block libraries of the usual languages is highly challenging due to the high variability of the structure and semantics of each block. This contribution relates the use of software product line principles in the design of a domain specific language targeting the formal specification of block libraries. It summarizes the advantages of this DSL regarding the writing, validation and formal verification of such specifications. These experiments have been carried out in the context of the GeneAuto embedded code generator project targeting Simulink and Scicos; and are being extended and applied in its follow ups projects ProjectP and Hi-MoCo

Specification and Validation of Model Transformations for Certified Systems' Development

Certifying critical systems requires very precise specifications and ability to ver- ify each development step. However, proofreading and test based verification are usually not exhaustive and as systems get more complex, their coverage is less and less adequate. Use of models allows early verification, validation and automated building of "correct by construction" systems. Our work targets formal specification and verification of model trans- formations. Such techniques provide significantly higher confidence of correctness and can even reach exhaustiveness. In this paper, we rely on common model driven engineering tech- niques to allow common engineers to write these specifications and to conduct verification. We propose to use a simple transformation model for specifying the expected relation between the source and target models after the transformation. The source and target metamodels are extended with a traceability model that defines a set of links that must exist after the transformation and whose correctness is specified as OCL constraints

Comparing transformation languages for the implementation of certified model transformations

Precise specifications are needed for verifying and certifying the correct behavior of critical systems. However, traditional proofreading and test based verification techniques are usually not exhaustive and as systems become more complex, their coverage is less and less adequate. Use of models allows early verification, validation and automated building of "correct by construction" systems. Our work targets formal specification and verification of model transformations. In a previous paper we tackled the problem of writing formal speci- fications for model transformations independently to the implementation technique. In this paper we investigate the implementation phase of these specifications as model transforma- tions using traditional MDE techniques and the difficulties encountered while generating the verification materials

L'organisation de son propre travail : une étude du cours d'action de cadres de l'industrie - Organizing one's own work : A study of industrial managers' course of action

International audienceThis study analyses how managers organize their own work, within the framework of both situated cognition and course-of-action theory. The activity of two managers in a metallurgical plant was studied during a period of two consecutive working days. Two kinds of data were collected just before and after these two days : - Review of the traces of the managers' activities and of the tools they resorted to (diary entries, ordering of papers on the desk, etc.); - verbalizations of the managers regarding traces, tools and an activity journal (during the two days, managers scheduled each moment in tables). Courses-of-action were reconstituted and analyzed by identifying macro-sequences, macro-series, and sequential or serial episodes which constituted them. The results showed that the managers' activity was divided in short episodes, connected by five different types of bifurcation. The managers located the major part of their activity within several tens of macro-sequences, many of them extending far before and after the analyzed activity. These gave diachronic coherence to the short episodes. The managers' activity was partially anticipated. In their diary, items differed according to the different types of anticipated action (appointment or deadline vs temporally undetermined action). Synchronous communications were present in the most of activity sequences. These involved search for synchronization in the manager's activity by coping emergencies and exploiting opportunities perceived during the course of action. Finally, autonomy in the managers' work appears as constructing signification extended on a large temporal span, these signification organizing activity in an adaptable way.Cette étude analyse la manière dont des cadres organisent leur propre travail, dans l'optique théorique de la cognition située et de la théorie du cours d'action. L'activité de deux cadres d'un établissement industriel a été étudiée pendant deux jours consécutifs. Juste avant et après ces deux jours, deux types de données ont été collectées : un relevé des traces d'activité et des instruments utilisés par les cadres (items dans l'agenda, ordonnancement des papiers sur le bureau, etc.), et des verbalisations à partir de ces relevés et d'un journal d'activité. Les cours d'action ont été reconstitués et analysés en identifiant les épisodes, séquentiel ou sériels, qui les constituaient. Les résultats montrent que l'activité des cadres était fractionnée en épisodes courts. Les cadres situaient la majeure partie de leur activité au sein de plusieurs dizaines de macro-séquences, la plupart d'entre elles s'étendant largement avant et après les cours d'action analysés. Les différents épisodes étaient reliés par cinq catégories distinctes de transition. Ces activités étaient partiellement anticipées, ce qui se traduit dans les agendas par différentes catégories d'artefacts correspondant à différents types d'anticipation (détermination ou non d'un moment pour accomplir une activité). Une activité de communication synchrone était présente dans la plupart des épisodes, impliquant une recherche de synchronisations dans l'activité des cadres, en répondant à des urgences et en exploitant des opportunités perçues dans le cours d'action. Finalement, l'autonomie dans le travail des cadres se révèle sous la forme d'une construction de significations étendues sur un large empan temporel, ces significations organisant l'activité de manière flexible

Étude des effets de l’initiation précoce du traitement sur la réactivité immunitaire chez l’enfant infecté par le VIH-1

De nombreuses études ont montré que les enfants traités précocement ne sont pas capables de développer une réponse à médiation cellulaire contre le VIH [1]. Cependant, le rebond viral observé après la rémission prolongée du cas du « bébé du Mississippi » pose de nombreuses questions quant à la capacité de ces enfants à développer une réponse immunitaire VIH spécifique malgré une suppression virale à long terme [2, 3]. Nous avons étudié cinq cas ayant un profil similaire au « bébé du Mississippi » qui ont été identifiés précédemment [4]. L’objectif de ce projet était de déterminer si les enfants traités précocement développent une réponse immunitaire à médiation cellulaire contre le VIH qui est quantitativement et/ou qualitativement différente de celle retrouvée chez les enfants traités plus tard. Cette étude a permis de montrer que l’amplitude et la diversité des réponses LTC des enfants traités précocement est plus faible que celle observée chez des enfants traités plus tard ou non traités.Several studies have shown early treated children are not able to develop a cell-mediated response [1]. However, the viral rebound after prolonged remission in the case of the "Mississippi baby" raises many questions about the ability of these children to develop a specific immune response despite HIV viral suppression in the long term [2, 3]. We currently have five cases with a similar profile to the "Mississippi baby" that were identified previously [4]. The objective of this project is to determine whether early treated children develop an immune cell-mediated response against HIV that is quantitatively and/or qualitatively different from that found in children treated later. This study showed that the magnitude and diversity of CTL responses of children treated early is lower than that observed in children treated later if possible

Dimensions cognitives et sociales dans l’étude de l’activité des élèves

Cet article propose de considérer les phénomènes de représentation au cœur d’une approche individuelle-sociale de l’activité des élèves dans les situations scolaires. Dans un premier temps, une revue des recherches consacrées à l’activité des élèves permet d’identifier quatre orientations pour l’articulation de ses dimensions cognitives et sociales (solipsisme, cognition sociale, interactionnisme, intégration individuelle-sociale). Dans un deuxième temps, la présentation d’un cas empirique montre ce que peut apporter la description d’expériences représentationnelles des élèves dans le cadre de la méthode « cours d’action » et de la théorie inférentialiste de Brandom.This paper suggests considering representational phenomenon as focal in an individual-social approach of students’activity in educational situations.First, a review of researches about students’activity allows to identify four directions for the connection between its cognitive and social dimensions (solipsism, social cognition, interactionism, individual-social integration).Second, the presentation of an empirical case shows what the description of representational experiences may bring in the scope of the « course-of-action » method and Brandom’s inferentialist theory

Tool Paper: A Lightweight Formal Encoding of a Constraint Language for DSMLs

International audienceDomain Specific Modeling Languages (dsmls) plays a key role in the development of Safety Critical Systems to model system requirements and implementation. They often need to integrate property and query sub-languages. As a standardized modeling language, ocl can play a key role in their definition as they can rely both on its concepts and textual syntax which are well known in the Model Driven Engineering community. For example, most dsmls are defined using mof for their abstract syntax and ocl for their static semantics as a metamodeling dsml. OCLinEcore in the Eclipse platform is an example of such a metamodeling dsml integrating ocl as a language component in order to benefit from its property and query facilities. dsmls for Safety Critical Systems usually provide formal model verification activities for checking models completeness or consistency, and implementation correctness with respect to requirements. This contribution describes a framework to ease the definition of such formal verification tools by relying on a common translation from a subset of ocl to the Why3 verification toolset. This subset was selected to ease efficient automated verification. This framework is illustrated using a block specification language for data flow languages where a subset of ocl is used as a component language

L'organisation de son propre travail : une étude du cours d'action de cadres de l'industrie - Organizing one's own work : A study of industrial managers' course of action

Cette étude analyse la manière dont des cadres organisent leur propre travail, dans l'optique théorique de la cognition située et de la théorie du cours d'action. L'activité de deux cadres d'un établissement industriel a été étudiée pendant deux jours consécutifs. Juste avant et après ces deux jours, deux types de données ont été collectées : un relevé des traces d'activité et des instruments utilisés par les cadres (items dans l'agenda, ordonnancement des papiers sur le bureau, etc.), et des verbalisations à partir de ces relevés et d'un journal d'activité. Les cours d'action ont été reconstitués et analysés en identifiant les épisodes, séquentiel ou sériels, qui les constituaient. Les résultats montrent que l'activité des cadres était fractionnée en épisodes courts. Les cadres situaient la majeure partie de leur activité au sein de plusieurs dizaines de macro-séquences, la plupart d'entre elles s'étendant largement avant et après les cours d'action analysés. Les différents épisodes étaient reliés par cinq catégories distinctes de transition. Ces activités étaient partiellement anticipées, ce qui se traduit dans les agendas par différentes catégories d'artefacts correspondant à différents types d'anticipation (détermination ou non d'un moment pour accomplir une activité). Une activité de communication synchrone était présente dans la plupart des épisodes, impliquant une recherche de synchronisations dans l'activité des cadres, en répondant à des urgences et en exploitant des opportunités perçues dans le cours d'action. Finalement, l'autonomie dans le travail des cadres se révèle sous la forme d'une construction de significations étendues sur un large empan temporel, ces significations organisant l'activité de manière flexible.Cadres, Activité, Signification, Anticipation, Synchronisation, Cognition située

Formal Guarantees for Safety Critical Code Generation: the Case of Highly Variable Languages

Control and command softwares play a key role in safety-critical embedded systems used for human related activities such as transportation, healthcare or energy. Their impact on safety makes the assessment of their correctness the central point in their development activities. Such systems verification activities are usually conducted according to normative certification guidelines providing objectives to be reached in order to ensure development process reliability and thus prevent flaws. Verification activities usually relies on tests and proof reading of the software but recent versions of certification guidelines are taking into account the deployment of new development paradigms such as model-based development, and formal methods; or the use of tools in assistance of the development processes. Automatic code generators are used in most safety-critical embedded systems development in order to avoid human related software production errors and to ensure the respect of development quality standards. As these tools are supposed to replace humans in the software code production activities, errors in these tools may result in embedded software flaws. It is thus in turn mandatory to ensure the same level of correctness for the tool itself than for the expected produced code. Tools verification shall be done according to qualification guidelines. We advocate in our work the use of model-based development and formal methods for the development of these tools in order to reach a higher quality level. Critical control and command software are mostly designed using graphical dataflow languages. These languages are used to express complex systems relying on atomic operations embedded in blocks that are gathered in block libraries. Blocks may be sophisticated pieces of software with highly variable structure and semantics. This variability is dependent on the values of the block parameters and of the block's context of use. In our work, we focus on the formal specification and verification of such block based languages. We experimented various techniques in order to ensure a formal, sound, verifiable and usable specification for blocks. We developed a domain specific formal model-based language specifically tailored for the specification of structure and semantics of blocks. This specification language is inspired from software product line concepts in order to ensure a correct and scalable management of the blocks variability. We have applied this specification and verification approach on chosen block examples from common industrial use cases and we have validated it on tool prototypes. Blocks are the core elements of the input language of automatic code generators used for control and command systems development. We show how our blocks formal specification can be translated as code annotations in order to ease and automate the generated code verification. Code annotations are verified using specialised static code analysis tools. Relying on synchronous observers to express high level requirements at the input model level, we show how formal block specification can also be used for the translation of high level requirements as verifiable code annotations discharged using the same specialised tooling. We finally target the assistance of code generation tools qualification activities by arguing on the ability to automatically generate qualification data such as requirements, tests or simulation results for the verification and development of automatic code generators from the formal block specification