Abstract
From automotive electronics to avionics, embedded systems are part of our everyday life, and developed societies are increasingly dependent on their reliability in operation. At the same time, current design practice is inadequate in coping with the challenge of constructing dependable embedded systems.
SACRES is an experimental design environment aimed at the seamless development of embedded systems. It incorporates state-of-the-art industrial design tools and provides formal specification, model checking technology and validated code generation. These concepts have been integrated on the basis of the synchronous approach to reactive systems.
As a result, synchronous compilation techniques have been enhanced, in particular as regards techniques for distributed code generation. Formal verification technology was advanced to increase efficiency, handle composed systems and cover some real-time aspects. The new approach of translation validation was developed and proven to work.
Real bugs have been found even in well-tested models. It was demonstrated that a formal design including verification is often more efficient than testing. As a consequence, all user partners are committed to further introducing formal design and verification technology.
This paper summarises the essential achievements of the project. It explains the results in terms of the basic ideas, the available tools and methodology, as well as the experience gained.
Similar content being viewed by others
References
A. Aziz, F. Balarin, R. Brayton, and A. Sangiovanni-Vincentelli, “Sequential synthesis using SIS,” in Proc. International Conf. on Computer-Aided Design ICCAD'95, 1995.
Ph. Baufreton, H. Brix, W. Damm, F. Dupont, T. Gautier, A. Grazebrook, H. Holberg, P. Le Guernic, J. Rowlands, E. Rutten, E. Sefton, O. Shtrichmann, and K. Winkelmann, The SACRES Design Methodology for Safety Critical Systems, V1.05, 1998. http://www.tni.fr/sacres.
M. von der Beeck, “A Comparison of statechart variants,” Formal Techniques in Real-Time and Fault-Tolerant Systems, 1993. Lecture Notes in Computer Science, Vol. 863.
A. Benveniste and P. Le Guernic, “Synchronous programming with events and relations: The Signal language and its semantics,” Science of Computer Programming, Vol. 16, pp. 103–149, 1991.
A. Benveniste, “Safety Critical Embedded Systems Design: The SACRES approach,” in FTRTFT 98, http://www.tni.fr/sacres.
A. Benveniste, P. Le Guernic, and P. Aubry, “Compositionality in dataflow synchronous languages: Specification & code generation,” INRIA Research Report RR-3310, 1997. http://www.inria.fr/RRRT/publicationseng.html
G. Berry, “A hardware implementation of pure Esterel,” Sadhana, Academy Proceedings in Engineering Sciences, Vol. 17, pp. 95–130, 1992.
G. Berry and G. Gonthier, “The synchronous programming language Esterel: design, semantics, implementation,” Science of Computer Programming, Vol. 19, pp. 87–152, 1992.
W. Damm and B. Josko, Verification of the Store Management System, 1998. http://www.tni.fr/sacres.
W. Damm, H. Hungar, B. Josko, and A. Pnueli, “A compositional real-time semantics of statemate designs,” in H. Langmaack and W.P. de Roever (Eds.), Proceedings of COMPOS 97', Springer-Verlag, 1998.
W. Damm, B. Josko, and R. Schlör, “Specification and verification of VHDL-based system-level hardware designs,” in Börger, E. (Ed.), Specification and Validation Methods, University Press, Oxford, 1995, pp. 331–410.
K. Feyerabend and B. Josko, “A visual formalism for real-time requirement specifications,” in M. Bertran and T. Rus (Eds.), Transformation-Based Reactive Systems Development, Proceedings, 4th International AMAST Workshop on Real-Time Systems and Concurrent and Distributed Software, ARTS'97. Lecture Notes in Computer Science, Vol. 1231, Springer-Verlag, 1997, pp. 156–168.
T. Filkorn, “Applications of formal verification in industrial automation and telecommunication,” FemSys, München, 1997.
C. Forsyth, D. Jordan, and I. Wand, “A Study of High Integrity Ada—Trusted Ada Compilation,” Technical Report WP3, York Software Engineering and British Aerospace Defense Limited, 1993.
N. Halbwachs, Synchronous Programming of Reactive Systems, Kluwer Academic Publishers, Dordrecht, 1993.
N. Halbwachs, P. Caspi, P. Raymond, and D. Pilaud, “The synchronous data flow programming language Lustre,” Proceedings of the IEEE, Vol. 79, No. 9, pp. 1305–1321, 1991.
N. Halbwachs, J.-C. Fernandez, and A. Bouajjanni, “An executable temporal logic to express safety properties and its connection with the language Lustre,” in sixth International Symp. on Lucid and Intensional Programming, ISLIP'93. Quebec, April 1993.
N. Halbwachs, F. Lagnier, and P. Raymond, “Synchronous observers and the verification of reactive systems,” in Third Int. Conf. on Algebraic Methodology and Software Technology, AMAST'93. Workshops in Computing, Springer Verlag, Twente, 1993.
D. Harel, “Statecharts. A visual formalism for complex systems,” Science of Computer Programming, Vol. 8, pp. 231–274, 1987.
D. Harel and A. Naamad, “The statemate semantics of statecharts,” ACM Transactions on Software Engineering and Methodology, Vol. 5, No. 4, 1996.
D. Harel and M. Politi, “Modeling reactive systems with statecharts: The statemate approach,” Part No, D–1100–43, i-LOGIX Inc., Three Riverside Drive, Andover, MA 01810, 1996.
D. Harel, H. Lachover, A. Naamad, A. Pnueli, M. Politi, R. Sherman, A. Shtull-Trauring, and M. Trakhtenbrot, “Statemate: A working environment for the development of complex reactive systems,” IEEE Transactions on Software Engineering, Vol. 16, pp. 403–414, 1990.
D. Harel, A. Pnueli, J.P. Schmidt, and R. Sherman, “On the formal semantics of StateCharts,” in Proceeding of First IEEE Symposium on Logic in Computer Science, 1987.
L. Holenderski, Compositional Verification of Reactive Synchronous Systems, Siemens AG, 1998.
T. Jennings and P. Taylor, “The verification of compiled code,” in G. Rabe (Ed.), SAFECOMP '95, Proceedings of the 14th International Conference on Computer Safety, Reliability and Security, Springer, 1995, pp. 504–513.
B. Josko, “Symbolic timing diagram specifications: A tutorial,” Technical Report, Kuratorium OFFIS e.V., Oldenburg, Germany, 1997.
F. Maraninchi, “Operational and compositional semantics of synchronous automaton compositions,” in Proc. CONCUR'92. LNCS, Vol. 630, Springer-Verlag, 1992, pp. 550–564.
J. McHugh, “A method for demonstrably correct compilation,” Technical Report BMcH–93–02, ARPA Order Number 5916. Baldwin/McHugh Associates, 2622 Pickett Road, Durham, NC 27705, 1993.
D.J. Pavey and L.A. Winsborrow, “Demonstrating equivalence of source code and PROM contents,” The Computer Journal, Vol. 36, No. 7, pp. 654–667, 1993.
A. Pnueli, M. Siegel, and O. Shtrichman, “The code validation tool (CVT)—Automatic verification of code generated from synchronous languages,” in Proceedings of STTT'98, 1998.
A. Pnueli, M. Siegel, and O. Shtrichman, “Translation validation for synchronous systems,” in Proceedings of ICALP 98, 1998.
A. Poigné, M. Morley, O. Maffeis, L. Holenderski, and R. Budde, “The Synchronous approach to designing reactive systems,” Formal Methods in System Design, Vol. 12, pp. 163–187, 1998.
B. Russell, “Correctness of the compiling process based on axiomatic semantics,” Acta Informatica, Vol. 14, pp. 1–20, 1980.
SACRES (Safety Critical Embedded Systems), Esprit Project 20897, http://www.cordis.lu/esprit-/src/20897.htm, http://www.ilogix.co.uk/ilogix/sacres.html.
H. Samet, “A machine description facility for compiler testing,” IEEE Transactions on Software Engineering, Vol. SE-3, No. 5, pp. 343–351, 1977.
E. Sentovich, H. Toma, and G. Berry, “Efficient latch optimization using incompatible sets,” in International Digital Automation Conference DAC'97, Anaheim, 1997.
“SIS: A system for sequential circuit synthesis,” Tech. Rep. UCB/ERLM92/41, ftp://ic.eecs.berkeley.edu/pub/Sis, pp. 1–45, 1992.
H. Toma, E. Sentovich, and G. Berry, “Latch optimization in circuits generated from high-level descriptions,” in Proc. International Conf. on Computer-Aided Design ICCAD'96, 1996.
A. Pnueli, “From requirements to implementations: A seamless development process for embedded systems,” in ASEAN'99, 1999.
Techniques Nouvelles d'Informatique, Sildex product infos and software screenshots, http://www.tni.fr.
Author information
Authors and Affiliations
Rights and permissions
About this article
Cite this article
Winkelmann, K. Formal Methods in Designing Embedded Systems—the SACRES Experience. Formal Methods in System Design 19, 81–110 (2001). https://doi.org/10.1023/A:1011295931367
Issue Date:
DOI: https://doi.org/10.1023/A:1011295931367