Gières, France
Gières, France

Time filter

Source Type

Abdellatif T.,Center Equation | Combaz J.,French National Center for Scientific Research | Sifakis J.,French National Center for Scientific Research
Embedded Systems Week 2010 - Proceedings of the 10th ACM International Conference on Compilers, Architecture and Synthesis for Embedded Systems, EMSOFT'10 | Year: 2010

Correct and efficient implementation of general real-time applications remains by far an open problem. A key issue is meeting timing constraints whose satisfaction depends on features of the execution platform, in particular its speed. Existing rigorous implementation techniques are applicable to specific classes of systems e.g. with periodic tasks, time deterministic systems. We present a general model-based implementation method for real-time systems based on the use of two models. • An abstract model representing the behavior of real-time software as a timed automaton. The latter describes user-defined platform-independent timing constraints. Its transitions are timeless and correspond to the execution of statements of the real-time software. • A physical model representing the behavior of the real-time software running on a given platform. It is obtained by assigning execution times to the transitions of the abstract model. A necessary condition for implementability is time-safety, that is, any (timed) execution sequence of the physical model is also an execution sequence of the abstract model. Time-safety simply means that the platform is fast enough to meet the timing requirements. As execution times of actions are not known exactly, time-safety is checked for worst-case execution times of actions by making an assumption of time-robustness: time-safety is preserved when speed of the execution platform increases. We show that as a rule, physical models are not time-robust and show that time-determinism is a sufficient condition for time-robustness. For given real-time software and execution platform corresponding to a time-robust model, we define an Execution Engine that coordinates the execution of the application software so as to meet its timing constraints. Furthermore, in case of non-robustness, the Execution Engine can detect violations of time-safety and stop execution.

Dang T.,French National Center for Scientific Research | Testylier R.,Center Equation
HSCC'11 - Proceedings of the 2011 ACM/SIGBED Hybrid Systems: Computation and Control | Year: 2011

This paper is concerned with the reachability computation for non-linear systems using hybridization. The main idea of hybridization is to approximate a non-linear vector field by a piecewise-affine one. The piecewise-affine vector field is defined by building around the set of current states of the system a simplicial domain and using linear interpolation over its vertices. To achieve a good time-efficiency and accuracy of the reachability computation on the approximate system, it is important to find a simplicial domain which, on one hand, is as large as possible and, on the other hand, guarantees a small interpolation error. In our previous work [8], we proposed a method for constructing hybridization domains based on the curvature of the dynamics and showed how the method can be applied to quadratic systems. In this paper we pursue this work further and present two main results. First, we prove an optimality property of the domain construction method for a class of quadratic systems. Second, we propose an algorithm of curvature estimation for more general non-linear systems with non-constant Hessian matrices. This estimation can then be used to determine efficient hybridization domains. We also describe some experimental results to illustrate the main ideas of the algorithm as well as its performance. Copyright 2011 ACM.

Graf S.,Center Equation | Peled D.,Bar - Ilan University | Quinton S.,TU Braunschweig
Formal Methods in System Design | Year: 2012

We apply model checking of knowledge properties to the design of distributed controllers that enforce global constraints on concurrent systems. The problem of synthesizing a distributed controller is undecidable in the general case. We thus look at a variant of the synthesis problem that allows adding temporary synchronizations between processes. We calculate when processes can decide autonomously, based on their knowledge, whether to take or block an action so that the global constraint is not violated. The local knowledge of processes may not suffice to control the processes so as to achieve the global constraint without introducing new deadlocks. When individual processes cannot take a decision alone based on their knowledge, one may coordinate several processes to achieve joint knowledge in order to take joint decisions. A fixed coordination among sets of processes may severely degrade concurrency. Therefore, we propose the use of temporary coordinations. Since realizing such coordinations on a distributed platform induces communication overhead, we strive to minimize their number. We show how this framework is applied to the case of synthesizing a distributed controller for enforcing a priority order. Finally, we show that the general undecidability of distributed synthesis without adding synchronization holds even for the particular problem of enforcing a priority order. © Springer Science+Business Media, LLC 2011.

Bliudze S.,CEA Saclay Nuclear Research Center | Sifakis J.,Center Equation
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) | Year: 2011

We study glue operators used in component-based frameworks to obtain systems as the composition of atomic components described as labeled transition systems (LTS). Glue operators map tuples of LTS into LTS. They restrict the behavior of their arguments by performing memoryless coordination. In a previous paper, we have proposed a simple format for SOS rules that captures, in particular, glue operators from known frameworks such as CCS, SCCS, CSP, and BIP. This paper studies a new way for characterizing glue operators: as boolean glue constraints between interactions (sets of ports) and the state of the coordinated components. We provide an SOS format for glue, which allows a natural correspondence between glue operators and glue constraints. This correspondence is used for automated synthesis of glue operators implementing given glue constraints. By focusing on the properties that do not bear computation, we reduce a very hard (and, in general, undecidable) problem of synthesizing controllers to a tractable one. The examples in the paper show that such properties are natural and can be expressed as glue constraints in a straightforward manner. Finally, we compare expressiveness of the proposed formalisms with the glue used in the BIP framework and discuss possible applications. © 2011 Springer-Verlag.

Graf S.,Center Equation | Peled D.,Bar - Ilan University | Quinton S.,Center Equation
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) | Year: 2010

We apply model checking of knowledge properties to the design of distributed controllers that enforce global constraints on concurrent systems. We calculate when processes can decide, autonomously, to take or block an action so that the global constraint will not be violated. When the separate processes cannot make this decision alone, it may be possible to temporarily coordinate several processes in order to achieve sufficient knowledge jointly and make combined decisions. Since the overhead induced by such coordinations is important, we strive to minimize their number, again using model checking. We show how this framework is applied to the design of controllers that guarantee a priority policy among transitions. © 2010 Springer-Verlag.

Graf S.,Center Equation | Peled D.,Bar - Ilan University
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) | Year: 2011

In this paper, we use knowledge-based control theory to monitor global properties in a distributed system. We control the system to enforce that if a given global property is violated, at least one process knows this fact, and therefore may report it. Our approach uses knowledge properties that are precalculated based on model checking. As local knowledge is not always sufficient to monitor a global property in a concurrent system, we allow adding temporary synchronizations between two or more processes to achieve sufficient knowledge. Since synchronizations are expensive, we aim at minimizing their number using the knowledge analysis. © 2011 IFIP International Federation for Information Processing.

Sifakis J.,Center Equation
Formal Methods in System Design | Year: 2010

The Algebra of Connectors AC(P ) is used to model structured interactions in the BIP component framework. Its terms are connectors, relations describing synchronization constraints between the ports of component-based systems. Connectors are structured combinations of two basic synchronization protocols between ports: rendezvous and broadcast. In a previous paper, we have studied interaction semantics for AC(P ) which defines the meaning of connectors as sets of interactions. This semantics reduces broadcasts into the set of their possible interactions and thus blurs the distinction between rendezvous and broadcast. It leads to exponentially complex models that cannot be a basis for efficient implementation. Furthermore, the induced semantic equivalence is not a congruence. For a subset of AC(P ), we propose a new causal semantics that does not reduce broadcast into a set of rendezvous and explicitly models the causal dependency relation between ports. The Algebra of Causal Interaction Trees T (P ) formalizes this subset. It is the set of the terms generated from interactions on the set of ports P, by using two operators: a causality operator and a parallel composition operator. Terms are sets of trees where the successor relation represents causal dependency between interactions: an interaction can participate in a global interaction only if its father participates too. We show that causal semantics is consistent with interaction semantics; the semantic equivalence on T (P ) is a congruence. Furthermore, it defines an isomorphism between T (P ) and a subset of AC(P ). Finally, we define for causal interaction trees a boolean representation in terms of causal rules. This representation is used for their manipulation and simplification as well as for synthesizing connectors. © Springer Science+Business Media, LLC 2009.

Moy M.,Center Equation | Altisen K.,Center Equation
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) | Year: 2010

The Real-Time Calculus (RTC) [1] is a framework to analyze heterogeneous real-time systems that process event streams of data. The streams are characterized by pairs of curves, called arrival curves, that express upper and lower bounds on the number of events that may arrive over any specified time interval. System properties may then be computed using algebraic techniques in a compositional way. A wellknown limitation of RTC is that it cannot model systems with states and recent works [2,3,4,5] studied how to interface RTC curves with statebased models. Doing so, while trying, for example to generate a stream of events that satisfies some given pair of curves, we faced a causality problem [6]: it can be the case that, once having generated a finite prefix of an event stream, the generator deadlocks, since no extension of the prefix can satisfy the curves anymore. When trying to express the property of the curves with state-based models, one may face the same problem. This paper formally defines the problem on arrival curves, and gives algebraic ways to characterize causal pairs of curves, i.e. curves for which the problem cannot occur. Then, we provide algorithms to compute a causal pair of curves equivalent to a given curve, in several models. These algorithms provide a canonical representation for a pair of curves, which is the best pair of curves among the curves equivalent to the ones they take as input. © 2010 Springer-Verlag.

Cotton S.,Center Equation
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) | Year: 2010

SMT solvers have traditionally been based on the DPLL(T) algorithm, where the driving force behind the procedure is a DPLL search over truth valuations. This traditional framework allows for a degree of modularity in the treatment of theory solvers. Over time, theory solvers have become more and more closely integrated into the DPLL process, and consequently less and less modular. In this paper, we present a DPLL-like algorithm for SMT solving in which the search takes place over the natural domain of the variables in the problem. As a case study, we analyze its application to continuous domain linear arithmetic, present implementation techniques and some experimentation with difference logic. Results indicate the method can sometimes outperform leading SMT solvers but that the method is not yet robust. © 2010 Springer-Verlag Berlin Heidelberg.

Minopoli S.,Center Equation | Frehse G.,Center Equation
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) | Year: 2014

Linear hybrid automata (LHAs) are of particular interest to formal verification because sets of successor states can be computed exactly, which is not the case in general for more complex dynamics. Enhanced with urgency, LHA can be used to model complex systems from a variety of application domains in a modular fashion. Existing algorithms are limited to convex invariants and urgency conditions that consist of a single constraint. Such restrictions can be a major limitation when the LHA is intended to serve as an abstraction of a model with urgent transitions. This includes deterministic modeling languages such as Matlab-Simulink, Modelica, and Ptolemy, since all their transitions are urgent. The goal of this paper is to remove these limitations, making LHA more directly and easily applicable in practice. We propose an algorithm for successor computation with non-convex invariants and closed, linear urgency conditions. The algorithm is implemented in the open-source tool PHAVer, and illustrated with an example. © 2014 Springer International Publishing Switzerland.

Loading Center Equation collaborators
Loading Center Equation collaborators