No Trust without regulation!

The explosion in the performance of Machine Learning (ML) and the potential of its applications are strongly encouraging us to consider its use in industrial systems, including for critical functions such as decision-making in autonomous systems. While the AI community is well aware of the need to ensure the trustworthiness of AI-based applications, it is still leaving too much to one side the issue of safety and its corollary, regulation and standards, without which it is not possible to certify any level of safety, whether the systems are slightly or very critical.The process of developing and qualifying safety-critical software and systems in regulated industries such as aerospace, nuclear power stations, railways or automotive industry has long been well rationalized and mastered. They use well-defined standards, regulatory frameworks and processes, as well as formal techniques to assess and demonstrate the quality and safety of the systems and software they develop. However, the low level of formalization of specifications and the uncertainties and opacity of machine learning-based components make it difficult to validate and verify them using most traditional critical systems engineering methods. This raises the question of qualification standards, and therefore of regulations adapted to AI. With the AI Act, the European Commission has laid the foundations for moving forward and building solid approaches to the integration of AI-based applications that are safe, trustworthy and respect European ethical values. The question then becomes "How can we rise to the challenge of certification and propose methods and tools for trusted artificial intelligence?

Multilevel Modeling Paradigm in Profile Definition

Building a UML profile entails defining concepts required to cover a specific domain, and then, using stereotypes to map domain concepts onto UML metaclasses. Capture of domain concepts with an object-oriented language (like UML) may be inappropriate, and may impede the mapping, where more than two modeling levels are required. Use of only classes and objects may introduce accidental complexity into the domain model if other modeling levels (e.g. metatype level) are necessary. In such situations, a multilevel paradigm with deep characterization and deep instantiation is recommended to reduce complexity. However, this paradigm deserves to be further explored, and its value for definition of UML profiles assessed. We therefore propose a solution to put in practice the multi-level paradigm within a standard UML 2.x tool. Our solution involves a semi-automatic process that transforms a model annotated with multi-level characteristics into a profile-based implementation. Such automation lessens the gap between domain model and implementation and ensures consistency. As an example, we have taken an excerpt from the MARTE time profile. We then describe the new design opportunities inherent in our process and show how this process facilitates both domain specification and profile definition

Does Code Generation Promote or Prevent Optimizations?

International audienceThis paper addresses the problem of code optimization for Real-Time and Embedded Systems (RTES). Such systems are designed using Model-Based Development (MBD)approach that consists of performing three major steps: building models, generating code from them and compiling the generated code. Actually, during the code generation, an important part of the modeling language semantics which could be useful for optimization is lost, thus, making impossible some optimizations achievement. This paper shows how adding a new level of optimization at the model level results in a more compact code. It also discusses the impact of the code generation on optimization: whether this step promotes or prevents optimizations. We conclude on a proposal of a new MBD approach containing only steps that advance optimization: modeling and compiling steps

Multivalued logics for diagnosis systems and application to three-valued logics

This paper presents a method for uncertainities processing in expert systems . It extends possibility theory, avoiding some inconsequencies which corne from its application . A derived three valued logic is described.Ce texte présente une procédure de traitement des incertitudes dans les systèmes experts, généralisant la théorie des possibilités et levant certaines contradictions qui résultent de l'utilisation de cette dernière . Une interprétation trivalente est décrite

Contribution à la modélisation explicite des plates-formes d'exécution pour l'IDM

23 pagesNational audienceOne foundation of the model driven engineering (MDE) is to separate the modelling application description from its technological implementation (i.e. platform). Some of them are dedicated to the system execution. Hence, one promise solution of the MDE is to automate transformations from platform independent models to platform specific models. Little work has explicitly described platform characteristics. Yet, an explicit modelling allows taking in account their characteristics more easily (par ex., performances, maintainability,portability). This paper presents both an execution platform modelling state of art and a pattern to describe execution platform modelling framework. It intends to confirm the feasibility and the interests in describing an execution platform metamodel

Toward optimized code generation through model-based optimization

International audienceModel-Based Development (MBD) provides an additional level of abstraction, the model, which lets engineers focus on the business aspect of the developed system. MBD permits automatic treatments of these models with dedicated tools like synthesis of system's application by automatic code generation. Real-Time and Embedded Systems (RTES) are often constrained by their environment and/or the resources they own in terms of memory, energy consumption with respect to performance requirements. Hence, an important problem to deal with in RTES development is linked to the optimization of their software part. Although automatic code generation and the use of optimizing compilers bring some answers to application optimization issue, we will show in this paper that optimization results may be enhanced by adding a new level of optimizations in the modeling process. Our arguments are illustrated with examples of the Unified Modeling Language (UML) state machines diagrams which are widely used for control aspect modeling of RTES. The well-known Gnu Compiler Collection (GCC) is used for this study. The paper concludes on a proposal of two step optimization approach that allows reusing as they are, existing compiler optimizations

Composition des modèles de lignes de produits logiciels

Cette thèse s inscrit dans le cadre de la gestion des modèles de lignes de produits logiciels complexes. L ingénierie des lignes de produits logiciels a pour objectif de modéliser et développer une famille de produits logiciels présentant un ensemble de similarités plutôt que de modéliser et développer des produits logiciels individuels au cas par cas. La modélisation, cependant, peut se révéler une tâche difficile voir même infaisable quand il s agit de modéliser des lignes de produits logiciels complexes et à grande échelle. Pour résoudre un tel problème, la tâche de modélisation est distribuée sur différents intervenants. Les modèles développés séparément doivent alors être composés pour obtenir le modèle global de la ligne de produits logiciels. Toutefois, la composition des modèles de lignes de produits logiciels n est pas une tâche triviale car elle doit prendre en compte l information de variabilité des éléments de modèles, les contraintes de variabilité, la structure des modèles manipulés et la sémantique ciblée par la composition. L objectif de cette thèse est de fournir des mécanismes de composition des modèles de lignes de produits logiciels. Pour cela, deux mécanismes sont proposés : la fusion et l agrégation. La fusion a pour objectif de combiner des modèles présentant des similarités au niveau de leurs éléments structurels. Alors que l agrégation vise à composer des modèles ne possèdent pas de similarités mais plutôt d éventuelles contraintes transversales reliant leurs éléments structurels. Les modèles utilisés sont représentés sous une vue de structures composites d UML et incluent des annotations spécifiques des éléments variables. Les mécanismes que nous proposons traitent l information de variabilité des éléments structurels manipulés, les contraintes de variabilités associées aux éléments annotés variables ainsi que l aspect structurel des modèles à composer. Les mécanismes de composition proposés sont définis selon des propriétés sémantiques bien précises décrivant le but de la composition. Ces propriétés sémantiques doivent alors être vérifiées tout au long du processus de composition. A la fin, une évaluation du travail effectué permet de montrer la capacité à composer des modèles de lignes de produits logiciels en un temps raisonnable ainsi que l importance de la consolidation des modèles structurels dans la réduction du nombre de produits structurellement incomplets.The Software Product Line (SPL) engineering aims at modeling and developing a set of software systems with similarities rather than individual software systems. Modeling task can be, however, tedious or even infeasible for large scale and complex SPLs. To address such a problem, the modeling task is distributed among different stakeholders. At the end, the models separately developed have to be composed in order to obtain the global SPL model. Composing SPL models is not a trivial task; variability information of model elements has to be treated during the composition, as well as the variability constraints. Similarly, the model structure and the composition semantics are key points that have to be considered during the composition. This thesis aims at providing specific mechanisms to compose SPL models. Therefore, we propose two composition mechanisms: the merge and the aggregation mechanisms. The merge mechanism aims at combining models including structural similarities. The aggregation mechanism, however, intends to compose models without any structural similarity but having eventual constraints across their structural elements. We focus on UML composite structures of SPLs and use specific annotations to identify variable elements. Our composition mechanisms deal with the variability information of structural elements, the variability constraints associated with the variable elements as well as the structures of the manipulated models. We also specify a set of semantic properties that have to be considered during the composition process and show how to preserve them. At the end, we have carried out an assessment of the proposals and have showed their ability to compose SPL models in a reasonable time. We have also showed how model consolidation is important in reducing le number of products having incomplete structure.PARIS11-SCD-Bib. électronique (914719901) / SudocSudocFranceF

Adaptabilité et reconfiguration des systèmes temps-réel embarqués

Les systèmes temps réel peuvent être grands, distribués et avoir un environnement dynamique. Cela exige la mise en place de différents modes de fonctionnement et techniques de fiabilité. Par ailleurs, ces différents changements dynamiques d'architecture et de comportement ont un impact sur les caractéristiques temporelles des systèmes qui nécessitent une étude particulière de la capacité des comportements d'adaptation à garantir les contraintes fixées aux systèmes. Le travail présenté dans cette thèse est focalisé sur la spécification de l'adaptabilité d'un système temps réel et l'étude sur de jeux de configurations prédéfinis de l'impact temporel des actions d'adaptation dynamique. Pour cela, nous présentons une méthodologie outillée basée sur la notion de Mode du profil MARTE. Chaque mode représente un comportement possible du système pour un environnement bien déterminé associé à une configuration logicielle. L'approche développée propose de modéliser le comportement adaptatif à travers la définition du contexte, de la variabilité, des opérations de reconfigurations et de la configuration de base. L'analyse d'ordonnançabilité est ensuite effectuée au niveau du modèle en intégrant l'impact des comportements d'adaptation. Deux paradigmes de modélisation peuvent alors être exploités pour effectuer cette analyse : les requêtes et les flots de données. Cela permet de vérifier que les contraintes temporelles de notre système resteront satisfaites en intégrant les opérations de reconfiguration issues du comportement adaptatif. Enfin, l'approche permet de générer des implantations des comportements adaptatifs à partir des modèles afin d'automatiser l'intégration des mécanismes d'adaptation dans les systèmes temps réel.Real-time systems can be large, distributed and have a dynamic environment. This requires the introduction of various operating modes and reliability techniques. Different operating modes are associated with a different architecture and behavior. Dynamic changes between these modes have an impact on the temporal characteristics of systems which requires an analysis whether the constraints of the system are also fulfilled during adaptations. The work presented in this thesis is focused on specifying the adaptability and the study of the temporal impact of dynamic adaptation actions on a predefined set of configurations. For this purpose, we present a tooled methodology based on the concept of Mode of the MARTE profile. Each mode represents a possible behavior of the system for a well determined environment associated with a software configuration. The influence of these operations on the temporal behavior of the system is done via schedulability analysis. This methodology proposes to model the adaptive behavior through the definition of the context, the variability, the reconfiguration operations and of the base configuration. The schedulability analysis is performed at the model level by incorporating the impact of the behavior of adaptation. Two paradigms of modeling can be exploited to perform this analysis: request/reply and data flow. This allows to verify that the temporal constraints of our system will remain satisfied even with the inclusion of reconfiguration operations executing the adaptive behavior. Finally, the approach allows generating the implementation of adaptive behavior from the model to automate the integration of adaptation mechanisms in real-time systems.PARIS11-SCD-Bib. électronique (914719901) / SudocSudocFranceF

Target detection with a liquid crystal-based passive Stokes polarimeter

International audienceWe present an imaging system that measures the polarimetric state of the light coming from each point of a scene. This system, which determines the four components of the Stokes vector at each spatial location, is based on a liquid-crystal polarization modulator, which makes it possible to acquire fourdimensional Stokes parameter images at a standard video rate. We show that using such polarimetric images instead of simple intensity images can improve target detection and segmentation performance