Section: New Results

CCSL: syntax and semantics

Participants : Charles André, Julien Deantoni, Frédéric Mallet, Robert de Simone.

CCSL has been introduced in a non-normative annex of the OMG MARTE specification [37] . It is a language to specify clock constraints . The semantics of CCSL given in the specification is informal. A first formal semantics, based on mathematical expressions was published last year.

This year, the expressiveness of CCSL has been compared to two other concurrent models (Signal and Time Petri nets) [21] . Time Petri nets are well-adapted to specify asynchronous clock constraints but cannot deal with reactive aspects like preemption, and reaction to the absence of events. Signal (developed by the Espresso EPI) can easily express synchronous clock constraints and it addresses, like CCSL, polychronous systems. However, while Signal provides a minimal set of operators and focuses on sufficient conditions for deterministic execution (endochronous systems), CCSL proposes high-level time patterns to express time specifications (not necessarily deterministic) closer to UML designer expectations.

To provide a tool support for the analysis of CCSL specifications, we have defined a kernel for CCSL, and given a structural operational semantics to this kernel. The syntax and the semantics of this kernel are described in a research report [32] and have been partially published in the Journal Européen des Systèmes Automatisés  [13] . This semantics is the reference for the CCSL constraint solver implemented in TimeSquare (Section  5.1 ).

TimeSquare allows simulation of CCSL specifications but not formal verifications. Relying on the formal semantics of CCSL, we have proposed a methodology [18] to check with formal verification tools that a synchronous implementation conforms to a CCSL specification. An experimentation, using the formal checkers available in Esterel Studio, has been conducted on an Esterel implementation by defining a library of Esterel observers for CCSL constraints.