Team Pop Art

Overall Objectives
Scientific Foundations
Application Domains
New Results
Contracts and Grants with Industry
Other Grants and Activities

Section: New Results

Automatic generation of correct controllers

Participants : G. Delaval, E. Dumitrescu, A. Girault, E. Rutten [ contact person ] .

We address the difficulty of safely designing complex system controllers by proposing a method applying formal design techniques to the domain of embedded control systems. Such techniques are considered difficult to use, amongst other things because of the required theoretical competence. A general notion of hidden formal methods advocates for fully automated techniques, integrated into a design process and tool. The formal technique we aim to encapsulate into a tool chain is discrete controller synthesis   [72] , and more particularly its adaptation to the synchronous approach [69] .

Domain-specific language for application of discrete controller synthesis

We have proposed a simple programming language, called Nemo   [Oops!] , specific to the domain of multi-task real-time control systems, such as in robotics, automotive or avionics systems. The notion of task is related to the one used in the Orccad tool  [36] . It can be used to specify a set of resources with usage constraints, a set of tasks that consume them according to various modes, and applications sequencing the tasks. We obtain automatically an application-specific task handler that correctly manages the constraints (if any), through a compilation-like process including a phase of discrete controller synthesis. We use synchronous languages, modeling techniques and tools, particularly the Mode Automata language  [68] and the Sigali synthesis tool  [69] .

Fault tolerant systems

In order to automatically obtain fault tolerant real-time systems, we investigate a new solution based on the application of discrete controller synthesis (DCS). The real-time systems we consider consist of a set of tasks and a set of distributed, heterogeneous processors. The latter are fail-silent, and an environment model can detail actual fault patterns. We apply DCS with objectives w.r.t. consistent execution, functionality fulfillment, and some optimizations. We construct a manager that ensures fault tolerance by migrating the tasks automatically, upon occurrence of a failure, according to the policy given by the objectives.

We have new results concerning optimal synthesis along paths, and its application to the control of sequences of reconfigurations. Tasks that are interrupted by a fault can be restarted at their last checkpoint, and the control of the configuration restarts the tasks by placing them on processors chosen w.r.t. an objective on the shortest total execution time of the application. We therefore combine, on the one hand, guarantees on the safety of the execution by tolerating faults, and on the other hand, guarantees on the worst case execution time of the resulting dynamically reconfiguring fault tolerant system [Oops!] , [Oops!] , [Oops!] .

This work is conducted in collaboration with H. Marchand ( Vertecs team from Inria Rennes) and E. Dumitrescu ( Insa Lyon).

Model-based control of adaptative systems

Embedded systems have to be more and more adaptive : they must perform reconfigurations in reaction to changes in their environment, related to resources or dependability. The management of this dynamical adaptivity is approached e.g. , in autonomic systems, at middleware level, by sensing the state of a system, deciding upon reconfiguration actions, and performing them. It can be considered as a control loop, on continuous or discrete criteria.

We consider that our previous work gave contributions to different separate issues related to this topic; on the basis of this experience, we are beginning to work on a generalisation of this previous work towards a model-based approach to adaptive systems, with applications in embedded middleware for autonomic systems, and reconfigurable architectures. We see it as an approach to combine adaptivity and predictability, and a method for the safe design of safe execution systems, relying on a technique for the static guarantee of dynamic reconfigurations.

This work is conducted in contact with the Sardes team of INRIA in Grenoble.


Logo Inria