SCCharts: Language and Interactive Incremental Compilation

Safety-critical systems are a subclass of reactive systems, a dominating class of computer systems these days. Such systems control the airbags in our cars, the flaps of an aircraft, nuclear power plants or pace makers. Software for these systems must be reliable. Hence, a language and tooling is needed that allows to build and maintain reliable software models. Furthermore, a reliable compiler is required to obtain decent machine-understandable and executable code from highly abstract models. This thesis presents SCCharts, a Statecharts-based synchronous and visual modeling language for specifying and designing safety-critical systems and for deriving their implementations. It elaborates on why a control-flow oriented and synchronous language is desirable and how incremental language features are chosen to flatten learning curve. It presents an interactive incremental model transformation based compilation approach termed SLIC. It shows how SLIC helps in supporting both, the modeler and the tool smith for building reliable models and maintaining a reliable compiler, respectively. A SLIC-based compiler for SCCharts including its high-level model transformations is presented. Furthermore, practicality aspects of the KIELER SCCharts language and tooling implementation complete the considerations to validate the proposed approach.Sicherheitskritische Systeme sind eine Unterklasse von reaktiven Systemen, welche heutzutage eine der wichtigsten und größten Klasse von Computersystemen darstellt. Solche Systeme kontrollieren die Airbags unserer Autos, die Landeklappen eines Passagierflugzeugs, Kernkraftwerke oder Herzschrittmacher. Software für solche Systeme muß absolut zuverlässig sein. Daher werden Computersprachen und Werkzeuge benötigt, die es erlauben, zuverlässige Softwaremodelle zu erstellen und zu warten. Weiterhin braucht es zuverlässige Kompiler, die aus solchen abstrakten Modellen korrekten maschinenlesbaren und ausführbaren Code erzeugen. Mit SCCharts präsentiert diese Arbeit eine zustandsmaschinenbasierte und synchrone Modellierungssprache für den Entwurf und zur Implementierung sicherheitskritischer Systeme. Es wird betrachtet, warum sich dafür eine kontrollflußorientierte und synchrone Sprache besonders gut eignet und welche Wahl inkrementeller Sprachbestandteile die Lernkurve senken können. Die Arbeit zeigt, wie ein als SLIC bezeichneter, interaktiver, inkrementeller und auf Modelltransformationen basierender Kompilierungsansatz sowohl dem Modellierer dabei helfen kann, zuverlässige Modelle zu erstellen, als auch den Werkzeugentwickler darin unterstützt, einen zuverlässigen Kompiler bereit zu stellen. Es wird ein auf SLIC basierender SCCharts Kompiler inklusive seiner high-level Modelltransformationen vorgestellt. Weiterhin wird der vorgestellte Ansatz mit Hilfe der beispielhaft umgesetzten KIELER SCCharts Sprach- und Werkzeugimplementierung auf seine Praktikabilität hin überprüft

Synchronous Java: Light-Weight, Deterministic Concurrency and Preemption in Java

A key issue in the development of reliable embedded software is the proper handling of reactive controlow, which typically involves concurrency. Java and its thread concept have only limited provisions for implementing deterministic concurrency. Thus, as has been observed in the past, it is challenging to develop concurrent Java programs without any deadlocks or race conditions. To alleviate this situation, the Synchronous Java (SJ) approach presented her adopts the key concepts that have been established in the world of syschronous programming for handling reactive controlow. Thus SJ not only provides deterministic concurrency, but also dierent variants of deterministic preemption. Furthermore SJ allows concurrent threads to communicate with Esterel-style signals. As a case study for an embedded system usage, we also report on how the SJ concepts have been applied in the context of Lego Mindstorms

Semantics and Execution of Domain Specific Models

In this paper we present a two-level approach to extend the abstract syntax of models with concrete semantics. First, a light-weight execution interface for iteratable models with a generic user interface allows the tool smith to provide arbitrary execution and visualization engine implementations for his or her Domain Specific Modeling Language (DSML). We discuss how the common execution manager runtime allows co-simulations of different model types and engine implementations to provide a flexible framework in the diverse DSML scenery. Second, as a concrete but nevertheless generic implementation of a simulation engine for behavior models, we present semantic model specifications and a runtime interfacing to the Ptolemy II tool suite. As a project in the area of model simulation, the latter provides a mature sophisticated and formally grounded backbone for model execution. We present our approach as an open source Eclipse integration to be an extension to the Eclipse modeling projects. After introducing basic concepts, the paper explains how simulations are currently being integrated into the framework and presents some illustrative case studies also covering UML approaches

Executing Domain-Specific Models in Eclipse: KLEPTO - KIELER leveraging Ptolemy

We present a two-level approach to extend the abstract syntax of domain-specific models with concrete semantics in order to execute such models. First, a light-weight execution infrastructure for executable models with a generic user interface allows the tool smith to provide arbitrary execution and visualisation engine implementations for a Domain-Specific Language (DSL). Second, as a concrete but nevertheless generic implementation of a simulation engine for behaviour models, we present semantic model specifications and a runtime interfacing to the Ptolemy II tool suite as a formally founded backbone for model execution. We present our approach as an open source extension to Eclipse modelling projects

SCCharts: The Railway Project Report

SCCharts is a visual language proposed in 2012 for specifying safety-critical reactive systems. We present the results of the first medium sized SCCharts case-study. The case-study was conducted in the context of the railway project performed by students at the Kiel University in the summer term 2014. The railway project is a regularly occurring student training project that teaches principles of concurrent cyber-physical systems on a complex live model railway demonstrator. This report presents details of the first medium size SCCharts models created during the project. We explain what additional language extensions to SCCharts were necessary and how they were implemented. To handle performance issues that arose while developing the controller, compiler enhancements became necessary and are evaluated here. Furthermore, the participants completed a survey at the end of the project to confirm the goals that the SCCharts language and our SCCharts tool chain are suitable to build complex controllers. In the survey, the participants compared both, the SCCharts language and our SCCharts tools, with other modeling and classical programming languages and tools

SCCharts: The Mindstorms Report

SCCharts are a visual language proposed in 2012 for specifying safety-critical reactive systems. This is the second SCCharts report towards the usability of the SCCharts visual language and its KIELER SCCharts implementation. KIELER is an open-source project which researches the pragmatics of model-based languages and related fields. Nine case-studies that were conducted between 2015 and 2019 evaluate the pros and cons in the context of small-scale Lego Mindstorms models and similar projects. Par-ticipants of the studies included undergraduate and graduate students from our local and also external facilities, as well as academics from the synchronous community. In the surveys, both the SCCharts language and the SCCharts tools are compared to other modeling and classical programming languages and tools

Sequentially Constructive Concurrency: A Conservative Extension of the Synchronous Model of Computation

Synchronous languages ensure deterministic concurrency, but at the price of heavy restrictions on what programs are considered valid, or constructive. Meanwhile, sequential languages such as C and Java offer an intuitive, familiar programming paradigm but provide no guarantees with regard to deterministic concurrency. The sequentially constructive model of computation (SC MoC) presented here harnesses the synchronous execution model to achieve deterministic concurrency while addressing concerns that synchronous languages are unnecessarily restrictive and difficult to adopt. In essence, the SC MoC extends the classical synchronous MoC by allowing variables to be read and written in any order as long as sequentiality expressed in the program provides sufficient scheduling information to rule out race conditions. This allows to use programming patterns familiar from sequential programming, such as testing and later setting the value of a variable, which are forbidden in the standard synchronous MoC. The SC MoC is a conservative extension in that programs considered constructive in the common synchronous MoC are also SC and retain the same semantics. In this paper, we identify classes of variable accesses, define sequential constructiveness based on the concept of SC-admissible scheduling, and present a priority-based scheduling algorithm for analyzing and compiling SC programs

SCCharts: Sequentially Constructive Statecharts for Safety-Critical Applications

We present a new visual language, SCCharts, designed for specifying safety-critical reactive systems. SCCharts uses a new statechart notation and provides deterministic concurrency based on a synchronous model of computation (MoC), without restrictions common to previous synchronous MoCs. Specifically, we lift earlier limitations on sequential accesses to shared variables, by leveraging the sequentially constructive MoC. The key features of SCCharts are defined by a very small set of elements, the Core SCCharts, consisting of state machines plus fork/join concurrency. Conversely, Extended SCCharts contain a rich set of advanced features, such as different abort types, signals, history transitions, etc., all of which can be reduced via model-to-model transformations into Core SCCharts. This approach enables a simple yet efficient compilation strategy and aids verification and certification