Mode-automata: a new domain-specific construct for the development of safe critical systems
Florence Maraninchi,Yann Rémond +1 more
- Vol. 46, Iss: 3, pp 219-254
Reads0
Chats0
TLDR
This paper defines the language of mode-automata and its semantics, gives some ideas on the compilation process, illustrates the approach with the example of the production cell, and comment on the benefits of the approach, in general.Abstract:
Over the past ten years, the family of synchronous languages (Special Section of the Proc. IEEE 79 (9) (1991)) has been very successful in offering domain-specific, formally defined languages and programming environments for safety-critical systems. Among them, Lustre is well-suited for the development of regulation systems, which are first designed by control engineers, and can then be programmed as block-diagrams. Automatic generation of C code provides the embedded software.The success of Lustre showed that it is a good idea to offer domain-specific languages and constructs to reduce the gap between the first design of a system (for instance a control law) and the program written for it. When the structure of the first design has to be encoded into the available constructs of a general-purpose programming language, the interesting information is likely to be lost somewhere on the way from the original design to the actual implementation. This may have consequences on the efficiency of the code produced, or even on the correctness of the design.Working with the systems Lustre is well-suited for, we observed that they are often specified informally using the notion of running modes. However, there seemed to exist no language in which the mode-structure of a complex system could be expressed directly. Following the approach of domain-specific languages, we proposed to extend Lustre with a new construct, called mode-automaton, devoted to the description of these running modes of regulation systems.In this paper, we define the language of mode-automata and its semantics, give some ideas on the compilation process, illustrate the approach with the example of the production cell, and comment on the benefits of the approach, in general.read more
Citations
More filters
Proceedings ArticleDOI
A conservative extension of synchronous data-flow with state machines
TL;DR: The central idea of the paper is to base this extension of a synchronous data-flow language such as Lustre with imperative features expressed in terms of powerful state machine à la SyncChart on the use of clocks, translating imperative constructs into well clocked data- flow programs from the basic language.
Book ChapterDOI
A conceptual framework for adaptation
TL;DR: A conceptual vision of adaptation, a key feature of autonomic systems, is presented and how some of the programming paradigms and models used for adaptive systems match with this conceptual framework is argued.
Proceedings ArticleDOI
Zélus: a synchronous language with ODEs
Timothy Bourke,Marc Pouzet +1 more
TL;DR: It is shown that it is possible to build a modeler for explicit hybrid systems à la Simulink/Stateflow on top of an existing synchronous language, using it both as a semantic basis and as a target for code generation.
Proceedings ArticleDOI
Clock-directed modular code generation for synchronous data-flow languages
TL;DR: This article presents in full detail the modular compilation of synchronous block diagrams into sequential code with a first-order functional language reminiscent of LUSTRE, which it extends with a general n-ary merge operator, a reset construct, and a richer notion of clocks.
Journal ArticleDOI
Automating the addition of fault tolerance with discrete controller synthesis
Alain Girault,Eric Rutten +1 more
TL;DR: The demonstration that DCS can be elegantly used to design fault tolerant systems, with guarantees on key properties of the obtained system, such as the fault tolerance level, the satisfaction of quantitative constraints, and so on is demonstrated.
References
More filters
Journal ArticleDOI
Sequential abstract-state machines capture sequential algorithms
TL;DR: Analysis of the postulates leads to the notion of sequential abstract-state machine and to the theorem in the title.
Journal ArticleDOI
Hierarchical finite state machines with multiple concurrency models
TL;DR: This paper studies the semantics of hierarchical finite state machines that are composed using various concurrency models, particularly dataflow, discrete-events, and synchronous/reactive modeling, and argues that all three combinations are useful, and that the concurrency model can be selected independently of the decision to use hierarchical FSM's.
Book ChapterDOI
Synchronous Observers and the Verification of Reactive Systems
TL;DR: Synchronous languages are simple and clean, they have been given simple and precise formal semantics, they allow especially elegant programming style and conciliate concurrency with determinism.
Journal ArticleDOI
Programming and verifying real-time systems by means of the synchronous data-flow language LUSTRE
TL;DR: It is shown, using a simple example, how the language LUSTRE and its associated verification tool LESAR can be used to design a program, to specify its critical properties, and to verify these properties.
Book
Formal Development of Reactive Systems: Case Study Production Cell
Claus Lewerentz,Thomas Lindner +1 more
TL;DR: This research attacked the mode confusion problem by developing a modeling framework called “Modula-3 modeling framework” which automates the very labor-intensive and therefore time-heavy “tweet-tweet” synthesis.