# Project : popart

## Section: Scientific Foundations

Keywords : Embedded systems , real-time , control , distribution , safety-criticality .

### Embedded systems and their safe design

#### The safe design of embedded real-time control systems.

The context of our work is the area of embedded real-time control systems, at the intersection between control theory and computer science. We contribute methods and tools for their safe design. The systems we consider are intrinsically safety-critical because of the interaction between the embedded, computerized controller, and a physical process having its own dynamics. What is important is to analyze and design the safe behavior of the whole system, which introduces an inherent complexity. This is even more crucial in the case of systems whose malfunction can have catastrophic consequences, for example in transport systems (avionics, trains), production, medical, or energy production systems.

Therefore, there is a need for methods and tools for the design of safe systems. The definition of adequate mathematical models of the behavior of the systems allows the definition of formal calculi. They in turn form a basis for the construction of algorithms for the analysis, but also for the transformation of specifications towards an implementation. They can then be implemented in software environments made available to the users. A necessary complement is the setting-up of software engineering, programming, modeling, and validation methodologies. The motivation of these problems is at the origin of significant research activity, internationally and in particular, in the European IST network ARTIST (Advanced Real-Time Systems)( http://www.systemes-critiques.org/ARTIST).

#### Models, methods and techniques.

The state of the art upon which we base our contributions, is twofold.

From the point of view of discrete control, there is a set of theoretical results and tools, in particular in the synchronous approach, often founded on labelled transition systems (or finite or infinite state automata) [24] [26]. During the years, methodologies for the formal verification [37] [29], control synthesis [38] and compilation, and extensions to timed and hybrid systems [34] [25] have been developed. Asynchronous models consider the interleaving of events or messages, and are often applied in the field of telecommunications, in particular for the study of protocols. A well-known formalism for reactive systems is StateCharts [32], which can be encoded in a synchronous model as shown in [2].

The synchronous approach( http://www.synalp.org)[30] [31] to reactive systems design gave birth to complete programming environments, around languages like Argos, Lustre( http://www-verimag.imag.fr/SYNCHRONE), Esterel( http://www.inria.fr/recherche/equipes/tick), Signal/Polychrony( http://www.irisa.fr/espresso/Polychrony), SynDEx( http://www-rocq.inria.fr/syndex), Lucid Synchrone( http://www-spi.lip6.fr/lucid-synchrone)or Mode Automata( http://www-verimag.imag.fr/PEOPLE/Florence.Maraninchi/MATOU). This approach is characterized by the fact that it considers cyclic systems whose global steps can, by synchronous composition, encompass a set of events (known as simultaneous) on the resulting transition. Generally speaking, formal methods are often used for analysis and verification; they are much less often integrated in the compilation or generation of executives (in the sense of executables of tasks combined with the host real-time operating system). They are notoriously difficult to use by end-users, who are usually specialists in the application domain, not in formal techniques. This is why encapsulating formal techniques in an automated framework can dramatically improve their diffusion, acceptance, and hence impact. Our work is therefore oriented towards precisely this direction.

From the point of view of the executables and execution platforms for the implementation of embedded systems, there are software or middle-ware approaches and hardware-based approaches. Under the quantitative aspects of the problem, one can find techniques for structuring the programs in multiple tasks, possibly preemptable, based on the real-time operating system. Their durations and periods, for example, are taken into account within the framework of scheduling according to various strategies. The analytical approach, with the determination of schedulability of a set of real-time tasks with constraints, is a very active field of research, primarily turned towards the respect of computer-centered constraints only: the task characteristics are derived from measurements of periods and execution time imposed by the environment. There has been, until recently, only relatively little work formalizing the relation with discrete models and control. The techniques of real-time control usually take into account only criteria internal to the computer system, related to the resources of computation: in other words, they have a character of open loop. However, the progress of the reflexive systems, providing sensors (of reconfiguration) and actuators (of dynamic control of the system) make it possible to close the loop [28] [33]; we contribute to this new approach by the development of methods for control/scheduling co-design.