Section: New Results
Component-based construction techniques are crucial to overcome the complexity of embedded systems design. However, two major obstacles need to be addressed: the heterogeneous nature of the models, and the lack of results to guarantee correction of the composed system. The heterogeneity of embedded systems comes from the need to integrate components using different models of computation, communication, and execution, on different levels of abstraction and different time scales. The component framework and verification and construction algorithms have to support this heterogeneous nature of the components.
Adapter Synthesis for Synchronous Components
In the context of the ACI Alidecs (see section 8.2.1 ), we have an ongoing research project on the definition of a language and framework for the construction of safe embedded systems based on synchronous components.
Building a real-time system from existing components introduces several problems, mainly related to compatibility, communication, and QoS issues. We have proposed an approach to automatically synthesize adapters in order to solve black-box integration incompatibilities within a lightweight component model. Adapter synthesis allows the developer to automatically build correct-by-construction systems from third-party components, hence, reducing time-to-market and improving reusability.
A component interface includes a formal description of the interaction protocol of the component with its expected environment. The interface language is expressive enough to specify real-time constraints and controllability of the component actions (ports), as well as the component's activation clock. Based on results from Petri net and supervisory control theory, we have developed and implemented an algorithm which automatically synthesizes deadlock-free bounded-memory adapter components from the interface specification of the components. The generated adapters coordinate the interaction behavior of the components and buffer their communications, in order to avoid deadlocks [Oops!] .
We have further formalized the technique, improved separation of concerns by distinguishing between constraints on (local) component time and (global) application time, and generalized the synthesis to adapters working on a sub-clock of the global clock.
In the context of our work on compositionality and reconfigurability, we recently started studying the issue of component refinement with respect to the existence of a winning strategy (against and adverse environment) for reachability properties. We work on two closely related problems:
(1) In order to find a winning strategy in a huge state space (up to 10 150 states), we decompose the problem into subtasks that can either be carried out locally on the state space of individual components, or efficiently on the global system. We introduce a property of composability, which guarantees that the locally computed solutions form a solution of the global problem.
(2) The preservation of winning strategies under system reconfiguration (that is, a set of components is replaced with other components), is ensured by a simulation relation, which can be checked locally.
This new work direction is still in progress.
Given a system of concurrent components communicating through FIFO queues ( i.e. , a Kahn process network), the technique of network fusion  allows to obtain a sequential implementation, thus getting rid of context switching and improving efficiency. We are studying the extension of the component language with non-determinism features ( e.g. , testing the size of a queue). Introducing non-determinism in Kahn process networks entails some non-trivial problems for component fusion. We have been working on extending the fusion algorithm to fulfill the following requirements: (1) preserve functional (non-confluent) non-determinism, so as to observe the same non-deterministic behavior as in the original component network; (2) eliminate confluent non-determinism as far as possible to improve performance; (3) guarantee fairness. This work is still in progress.