model-based development for embedded control systems
TRANSCRIPT
![Page 1: Model-based Development for Embedded Control Systems](https://reader036.vdocument.in/reader036/viewer/2022081404/62929d6109f9340c9650bf0f/html5/thumbnails/1.jpg)
Model-based Developmentfor
Embedded Control Systems
• Which embedded control systems?
• Aerospatiale pioneering role
• State of the art
• Table of Contents
2009-2010 SLE, ENSIMAG2009-2010 SLE, ENSIMAG2009-2010 SLE, ENSIMAG
![Page 2: Model-based Development for Embedded Control Systems](https://reader036.vdocument.in/reader036/viewer/2022081404/62929d6109f9340c9650bf0f/html5/thumbnails/2.jpg)
Which Embedded Control Systems?
safety critical systems
mission critical systems, time to market
2009-2010 SLE, ENSIMAG2009-2010 SLE, ENSIMAG2009-2010 SLE, ENSIMAG
![Page 3: Model-based Development for Embedded Control Systems](https://reader036.vdocument.in/reader036/viewer/2022081404/62929d6109f9340c9650bf0f/html5/thumbnails/3.jpg)
Two Questions
Knowing the low reliability of computing technology
• thousands of car “recalled” for computing bugs
• Ariane V accident
• your personal computer . . .
1. Is it wise to use this poor technology in safety critical systems?
2. Why, nevertheless, things are not as bad as could be expected?
2009-2010 SLE, ENSIMAG2009-2010 SLE, ENSIMAG2009-2010 SLE, ENSIMAG
![Page 4: Model-based Development for Embedded Control Systems](https://reader036.vdocument.in/reader036/viewer/2022081404/62929d6109f9340c9650bf0f/html5/thumbnails/4.jpg)
A Tentative Answer
The safety-critical control industry has designed a very strong model-based
development method
A short story of this method:
• Aerospatiale pioneering role
• How things evolved since then
• State of the Art and perspectives
Are academic people really aware of this story?
2009-2010 SLE, ENSIMAG2009-2010 SLE, ENSIMAG2009-2010 SLE, ENSIMAG
![Page 5: Model-based Development for Embedded Control Systems](https://reader036.vdocument.in/reader036/viewer/2022081404/62929d6109f9340c9650bf0f/html5/thumbnails/5.jpg)
Aerospatiale pioneering steps in the early eighties
control models (block-diagrams)
2009-2010 SLE, ENSIMAG2009-2010 SLE, ENSIMAG2009-2010 SLE, ENSIMAG
![Page 6: Model-based Development for Embedded Control Systems](https://reader036.vdocument.in/reader036/viewer/2022081404/62929d6109f9340c9650bf0f/html5/thumbnails/6.jpg)
Aerospatiale pioneering steps in the early eighties
control models (block-diagrams)
= formal software specification
2009-2010 SLE, ENSIMAG2009-2010 SLE, ENSIMAG2009-2010 SLE, ENSIMAG
![Page 7: Model-based Development for Embedded Control Systems](https://reader036.vdocument.in/reader036/viewer/2022081404/62929d6109f9340c9650bf0f/html5/thumbnails/7.jpg)
Aerospatiale pioneering steps in the early eighties
control models (block-diagrams)
= formal software specification
↓
automatic code generation
↓
Software
2009-2010 SLE, ENSIMAG2009-2010 SLE, ENSIMAG2009-2010 SLE, ENSIMAG
![Page 8: Model-based Development for Embedded Control Systems](https://reader036.vdocument.in/reader036/viewer/2022081404/62929d6109f9340c9650bf0f/html5/thumbnails/8.jpg)
Aerospatiale pioneering steps in the early eighties
control models (block-diagrams)
= formal software specification
↓
automatic code generation
↓
Software
“Specification Assistee par Or-
dinateur”(SAO)
“Computer Aided Specifica-
tion”
2009-2010 SLE, ENSIMAG2009-2010 SLE, ENSIMAG2009-2010 SLE, ENSIMAG
![Page 9: Model-based Development for Embedded Control Systems](https://reader036.vdocument.in/reader036/viewer/2022081404/62929d6109f9340c9650bf0f/html5/thumbnails/9.jpg)
Interest of SAO
Twofold :
• Automatic code generation from high-level control models:
easier and earlier debugging
• Graphic language close to the cultural background of avionic engineers,
test pilots, suppliers, certification authorities, . . . :
allows easier communication within the entreprise
preserves the know-how and makes easier the technology transfer
SAO participates to the success of A320
2009-2010 SLE, ENSIMAG2009-2010 SLE, ENSIMAG2009-2010 SLE, ENSIMAG
![Page 10: Model-based Development for Embedded Control Systems](https://reader036.vdocument.in/reader036/viewer/2022081404/62929d6109f9340c9650bf0f/html5/thumbnails/10.jpg)
From then on. . .Powerful model-based development tools:
• SAO replaced by SCADE
commercial product partially based on syn-
chronous technology
Do178B level A qualified automatic code generator
• Simulink/StateflowFrom Control Models to Real-Time Software
Paul CaspiVerimag-CNRS
1. The synchronous approach
2. Simulink
Sousse juillet 2008 Ecole STICSousse juillet 2008 Ecole STICSousse juillet 2008 Ecole STIC
continuous/discrete time simulation toolbox
the defacto standard in control modelling
• Formal methods: automatic mathematical proofs for dynamic systems
. . .2009-2010 SLE, ENSIMAG2009-2010 SLE, ENSIMAG2009-2010 SLE, ENSIMAG
![Page 11: Model-based Development for Embedded Control Systems](https://reader036.vdocument.in/reader036/viewer/2022081404/62929d6109f9340c9650bf0f/html5/thumbnails/11.jpg)
From then on. . .
More powerful execution platforms:
• multi-tasking
• distributed and multi-processor
2009-2010 SLE, ENSIMAG2009-2010 SLE, ENSIMAG2009-2010 SLE, ENSIMAG
![Page 12: Model-based Development for Embedded Control Systems](https://reader036.vdocument.in/reader036/viewer/2022081404/62929d6109f9340c9650bf0f/html5/thumbnails/12.jpg)
State of the Art
modelling
2009-2010 SLE, ENSIMAG2009-2010 SLE, ENSIMAG2009-2010 SLE, ENSIMAG
![Page 13: Model-based Development for Embedded Control Systems](https://reader036.vdocument.in/reader036/viewer/2022081404/62929d6109f9340c9650bf0f/html5/thumbnails/13.jpg)
State of the Art
simulationdebuggingmodelling
2009-2010 SLE, ENSIMAG2009-2010 SLE, ENSIMAG2009-2010 SLE, ENSIMAG
![Page 14: Model-based Development for Embedded Control Systems](https://reader036.vdocument.in/reader036/viewer/2022081404/62929d6109f9340c9650bf0f/html5/thumbnails/14.jpg)
State of the Art
automatic import
simulationdebuggingmodelling
2009-2010 SLE, ENSIMAG2009-2010 SLE, ENSIMAG2009-2010 SLE, ENSIMAG
![Page 15: Model-based Development for Embedded Control Systems](https://reader036.vdocument.in/reader036/viewer/2022081404/62929d6109f9340c9650bf0f/html5/thumbnails/15.jpg)
State of the Art
formal verification
automatic import
simulationdebuggingmodelling
2009-2010 SLE, ENSIMAG2009-2010 SLE, ENSIMAG2009-2010 SLE, ENSIMAG
![Page 16: Model-based Development for Embedded Control Systems](https://reader036.vdocument.in/reader036/viewer/2022081404/62929d6109f9340c9650bf0f/html5/thumbnails/16.jpg)
State of the Art
automatic code generationarchitecture choice
formal verification
automatic import
simulationdebuggingmodelling
2009-2010 SLE, ENSIMAG2009-2010 SLE, ENSIMAG2009-2010 SLE, ENSIMAG
![Page 17: Model-based Development for Embedded Control Systems](https://reader036.vdocument.in/reader036/viewer/2022081404/62929d6109f9340c9650bf0f/html5/thumbnails/17.jpg)
State of the Art
tests
automatic code generationarchitecture choice
formal verification
automatic import
simulationdebuggingmodelling
2009-2010 SLE, ENSIMAG2009-2010 SLE, ENSIMAG2009-2010 SLE, ENSIMAG
![Page 18: Model-based Development for Embedded Control Systems](https://reader036.vdocument.in/reader036/viewer/2022081404/62929d6109f9340c9650bf0f/html5/thumbnails/18.jpg)
Perspectives
Faithfulness
tests
automatic code generationarchitecture choice
formal verification
automatic import
simulationdebuggingmodelling
more modelling frameworks
more formal tools
more architectures
more test methods
2009-2010 SLE, ENSIMAG2009-2010 SLE, ENSIMAG2009-2010 SLE, ENSIMAG
![Page 19: Model-based Development for Embedded Control Systems](https://reader036.vdocument.in/reader036/viewer/2022081404/62929d6109f9340c9650bf0f/html5/thumbnails/19.jpg)
Perspectives
• more modelling frameworks:
networks, telecommunications, . . .
• more powerful formal methods
• more execution platforms
CAN, Ethernet, Internet, . . .
• more test methods
2009-2010 SLE, ENSIMAG2009-2010 SLE, ENSIMAG2009-2010 SLE, ENSIMAG
![Page 20: Model-based Development for Embedded Control Systems](https://reader036.vdocument.in/reader036/viewer/2022081404/62929d6109f9340c9650bf0f/html5/thumbnails/20.jpg)
A Key Issue: Faithfulness
What you
model
simulate
prove
is what you
implement
execute
2009-2010 SLE, ENSIMAG2009-2010 SLE, ENSIMAG2009-2010 SLE, ENSIMAG
![Page 21: Model-based Development for Embedded Control Systems](https://reader036.vdocument.in/reader036/viewer/2022081404/62929d6109f9340c9650bf0f/html5/thumbnails/21.jpg)
Implantation sure de systemes controle/commande
2009-2010 SLE, ENSIMAG2009-2010 SLE, ENSIMAG2009-2010 SLE, ENSIMAG
![Page 22: Model-based Development for Embedded Control Systems](https://reader036.vdocument.in/reader036/viewer/2022081404/62929d6109f9340c9650bf0f/html5/thumbnails/22.jpg)
Implantation sure de systemes controle/commande
• ”sure” ?
Etudier et experimenter les methodes qui permettent de garantir que
l’implementation respecte de bonnes proprietes :
– temps-reel : notion relative, beaucoup de parametres
(materiel/logiciel)
– determinisme : essentiellement liee au logiciel, a l’executif (OS).
• N.B. necessaire/requis pour les systemes critiques (on parle de ”hard
real-time”).
2009-2010 SLE, ENSIMAG2009-2010 SLE, ENSIMAG2009-2010 SLE, ENSIMAG
![Page 23: Model-based Development for Embedded Control Systems](https://reader036.vdocument.in/reader036/viewer/2022081404/62929d6109f9340c9650bf0f/html5/thumbnails/23.jpg)
Implantation sure de systemes controle/commande
(suite)
But du cours
• Voir les methodes classiques de conception/implantation sures :
– synchrone ”pur” : systemes echantillones, mono-tache, sans
execufif (i.e. sans OS)
– relachement du synchronisme, multi-taches deterministe
• Experimenter sur la brique Lego :
– pas vraiment ”critique”, mais ...
– suffisemment simple et representatif pour illustrer les principes.
2009-2010 SLE, ENSIMAG2009-2010 SLE, ENSIMAG2009-2010 SLE, ENSIMAG