Section: New Results
Dependable distributed real-time embedded systems
Static multiprocessor scheduling with tradeoff between performance and reliability
We have extended our work on bicriteria (length, reliability) scheduling  ,  in two directions. The first direction takes into account the power consumption as a third criterion to be minimized. We have designed a scheduling heuristics called TSH that, given a software application graph and a multiprocessor architecture, produces a static multiprocessor schedule that optimizes three criteria: its length (crucial for real-time systems), its reliability (crucial for dependable systems), and its power consumption (crucial for autonomous systems). Our tricriteria scheduling heuristics, TSH, uses the active replication of the operations and the data-dependencies to increase the reliability, and uses dynamic voltage scaling to lower the power consumption. This work is conducted in collaboration with Hamoudi Kalla (University of Batna, Algeria).
The second direction studies the mapping of chains of tasks on multi-processor platforms. We have proposed mapping by interval techniques , where the chain of tasks is divided in a sequence of intervals, each interval being executed on a different processor in a pipe-lined manner, and each processor executing no more than one interval. Because of this pipe-lined execution, we have two antagonistic criteria, the input-output latency and the period. Then, to increase the reliability, we replicate the intervals by mapping them to several processors. We have proved that, for homogeneous platforms, computing a mapping that optimizes the reliability only is polynomial , but that optimizing both the reliability and the period is NP-complete , as well as optimizing both the reliability and the latency. For heterogeneous platforms, we have proved that optimizing the reliability only is NP-complete , and hence all the multi-criteria mapping problems that include the reliability in their criteria are also NP-complete . This work is done in collaboration with Anne Benoit, Fanny Dufossé, and Yves Robert (ENS Lyon and Graal team).
Unlike most work found in the literature, all our contributions are truly bicriteria in the sense that the user can gain several orders of magnitude on the reliability of his schedule, thanks to the active replication of tasks onto processors. In contrast, most of the other algorithms do not replicate the tasks, and hence have a very limited impact on the reliability.
Automating the addition of fault tolerance with discrete controller synthesis
We have defined a new framework for the automatic design of fault tolerant embedded systems, based on discrete controller synthesis (DCS), a formal approach based on the same state-space exploration algorithms as model-checking  . Its interest lies in the ability to obtain automatically systems satisfying by construction formal properties specified a priori . Our aim is to demonstrate the feasibility of this approach for fault tolerance. We start with a fault intolerant program, modeled as the synchronous parallel composition of finite labeled transition systems. We specify formally a fault hypothesis, state fault tolerance requirements and use DCS to obtain automatically a program, having the same behavior as the initial fault intolerant one in the absence of faults, and satisfying the fault tolerance requirements under the fault hypothesis. Our original contribution resides in the demonstration that DCS can be elegantly used to design fault tolerant systems, with guarantees on key properties of the obtained system, such as the fault tolerance level, the satisfaction of quantitative constraints, and so on. We have shown with numerous examples taken from case studies that our method can address different kinds of failures (crash, value, or Byzantine) affecting different kinds of hardware components (processors, communication links, actuators, or sensors). Besides, we have shown that our method also offers an optimality criterion very useful to synthesize fault tolerant systems compliant to the constraints of embedded systems, like power consumption. In summary, our framework for fault tolerance has the following advantages  :
The automatization, because DCS produces automatically a fault tolerant system from an initial fault intolerant one.
The separation of concerns, because the fault intolerant system can be designed independently from the fault tolerance requirements.
The flexibility, because, once the system is entirely modeled, it is easy to try several fault hypotheses, several environment models, several fault tolerance goals, several degraded modes, and so on.
The safety, because, in case of positive result obtained by DCS, the specified fault tolerance properties are guaranteed by construction on the controlled system.
The optimality when optimal synthesis is used, modulo the potential numerical equalities (hence a non strict optimality).
In collaboration with Emil Dumitrescu (INSA Lyon), Hervé Marchand (Vertecs team from Rennes), and Eric Rutten (Sardes team from Grenoble), we are extending this work in the direction of optimal synthesis considering weights cumulating along bounded-length paths, and its application to the control of sequences of reconfigurations. We are adapting models in order to take into account the additive costs of e.g., execution time or power consumption, and adapting synthesis algorithms in order to support the association of costs with transitions, and the handling of these new weight functions in the optimal synthesis. We therefore combine, on the one hand, guarantees on the safety of the execution by tolerating faults, and on the other hand, guarantees on the worst cumulated consumption of the resulting dynamically reconfiguring fault tolerant system.
In collaboration with Tolga Ayav (University of Izmir, Turkey), we are also working on an AOP approach for fault tolerance. This is described in details in Section 6.5.3 .