Innovation in the field of embedded systems, and more broadly in cyber-physical systems, increasingly relies on software. The productivity gain in software development can hardly keep up with the demand for software despite the increasing adoption of Model-Driven Development (MDD). In this context, we believe that major productivity and quality improvements are still ahead of us through better programming languages and environments. CPAL, the CyberPhysical Action Language, is a contribution in that direction with the objective to speed-up the development of embedded systems with dependability constraints. The objective of this paper is to present and illustrate the use-cases of the highlevel abstractions offered to the developer in CPAL with respect to real-time scheduling, introspection mechanisms, native support of Finite State Machines (FSMs), abstracting the hardware and decoupling functional concerns from non-functional concerns.
Network Calculus (NC) [5] is an established theory for determining bounds on message delays and for dimensioning buffers in the design of networks for embedded systems. It is supported by academic and industrial tool sets and has been widely used, including for the design and certification of the Airbus A380 AFDX backbone [1,3,4]. However, while the theory of NC is generally well understood, results produced by existing tools have to be trusted: some algorithms require subtle reasoning in order to ensure their applicability, and implementation errors could result in faulty network design, with unpredictable consequences.Tools used in design processes for application domains with strict regulatory requirements are subject to a qualification process in order to gain confidence in the soundness of their results. Nevertheless, given the safety-critical nature of network designs, we believe that more formal evidence for their correctness should be given. We report here on work in progress towards using the interactive proof assistant Isabelle/HOL [6] for certifying the results of NC computations. In a nutshell (cf. Figure 1), the NC tool outputs a trace of the calculations it performs, as well as their results. The validity of the trace (w.r.t. the applicability of the computation steps and the numerical correctness of the result) is then established offline by a trusted checker.The approach of result certification is useful in general for computations performed at design time, as is the case with the use of NC tools, and the idea of using interactive theorem provers for result certification is certainly not new. In particular, it is usually easier to instrument an existing tool in order to produce a checkable trace than to attempt a full-fledged correctness proof. Also, the NC tool can be implemented by a tool provider using any software development process, programming language, and hardware, and it can be updated without having to be requalified, as long as it still produces certifiable traces.In the remainder, we give a brief introduction to NC, outline our ongoing work on formalizing NC in Isabelle/HOL, and finally illustrate its use for the certification of bounds on the message delay in a toy network.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.