Skip to main content
SpringerLink
Log in

Formal Methods in Designing Embedded Systems—the SACRES Experience

  • Published:
Formal Methods in System Design Aims and scope Submit manuscript

Abstract

From automotive electronics to avionics, embedded systems are part of our everyday life, and developed societies are increasingly dependent on their reliability in operation. At the same time, current design practice is inadequate in coping with the challenge of constructing dependable embedded systems.

SACRES is an experimental design environment aimed at the seamless development of embedded systems. It incorporates state-of-the-art industrial design tools and provides formal specification, model checking technology and validated code generation. These concepts have been integrated on the basis of the synchronous approach to reactive systems.

As a result, synchronous compilation techniques have been enhanced, in particular as regards techniques for distributed code generation. Formal verification technology was advanced to increase efficiency, handle composed systems and cover some real-time aspects. The new approach of translation validation was developed and proven to work.

Real bugs have been found even in well-tested models. It was demonstrated that a formal design including verification is often more efficient than testing. As a consequence, all user partners are committed to further introducing formal design and verification technology.

This paper summarises the essential achievements of the project. It explains the results in terms of the basic ideas, the available tools and methodology, as well as the experience gained.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. A. Aziz, F. Balarin, R. Brayton, and A. Sangiovanni-Vincentelli, “Sequential synthesis using SIS,” in Proc. International Conf. on Computer-Aided Design ICCAD'95, 1995.

  2. Ph. Baufreton, H. Brix, W. Damm, F. Dupont, T. Gautier, A. Grazebrook, H. Holberg, P. Le Guernic, J. Rowlands, E. Rutten, E. Sefton, O. Shtrichmann, and K. Winkelmann, The SACRES Design Methodology for Safety Critical Systems, V1.05, 1998. http://www.tni.fr/sacres.

  3. M. von der Beeck, “A Comparison of statechart variants,” Formal Techniques in Real-Time and Fault-Tolerant Systems, 1993. Lecture Notes in Computer Science, Vol. 863.

  4. A. Benveniste and P. Le Guernic, “Synchronous programming with events and relations: The Signal language and its semantics,” Science of Computer Programming, Vol. 16, pp. 103–149, 1991.

    Google Scholar 

  5. A. Benveniste, “Safety Critical Embedded Systems Design: The SACRES approach,” in FTRTFT 98, http://www.tni.fr/sacres.

  6. A. Benveniste, P. Le Guernic, and P. Aubry, “Compositionality in dataflow synchronous languages: Specification & code generation,” INRIA Research Report RR-3310, 1997. http://www.inria.fr/RRRT/publicationseng.html

  7. G. Berry, “A hardware implementation of pure Esterel,” Sadhana, Academy Proceedings in Engineering Sciences, Vol. 17, pp. 95–130, 1992.

    Google Scholar 

  8. G. Berry and G. Gonthier, “The synchronous programming language Esterel: design, semantics, implementation,” Science of Computer Programming, Vol. 19, pp. 87–152, 1992.

    Google Scholar 

  9. W. Damm and B. Josko, Verification of the Store Management System, 1998. http://www.tni.fr/sacres.

  10. W. Damm, H. Hungar, B. Josko, and A. Pnueli, “A compositional real-time semantics of statemate designs,” in H. Langmaack and W.P. de Roever (Eds.), Proceedings of COMPOS 97', Springer-Verlag, 1998.

  11. W. Damm, B. Josko, and R. Schlör, “Specification and verification of VHDL-based system-level hardware designs,” in Börger, E. (Ed.), Specification and Validation Methods, University Press, Oxford, 1995, pp. 331–410.

    Google Scholar 

  12. K. Feyerabend and B. Josko, “A visual formalism for real-time requirement specifications,” in M. Bertran and T. Rus (Eds.), Transformation-Based Reactive Systems Development, Proceedings, 4th International AMAST Workshop on Real-Time Systems and Concurrent and Distributed Software, ARTS'97. Lecture Notes in Computer Science, Vol. 1231, Springer-Verlag, 1997, pp. 156–168.

    Google Scholar 

  13. T. Filkorn, “Applications of formal verification in industrial automation and telecommunication,” FemSys, München, 1997.

  14. C. Forsyth, D. Jordan, and I. Wand, “A Study of High Integrity Ada—Trusted Ada Compilation,” Technical Report WP3, York Software Engineering and British Aerospace Defense Limited, 1993.

  15. N. Halbwachs, Synchronous Programming of Reactive Systems, Kluwer Academic Publishers, Dordrecht, 1993.

    Google Scholar 

  16. N. Halbwachs, P. Caspi, P. Raymond, and D. Pilaud, “The synchronous data flow programming language Lustre,” Proceedings of the IEEE, Vol. 79, No. 9, pp. 1305–1321, 1991.

    Google Scholar 

  17. N. Halbwachs, J.-C. Fernandez, and A. Bouajjanni, “An executable temporal logic to express safety properties and its connection with the language Lustre,” in sixth International Symp. on Lucid and Intensional Programming, ISLIP'93. Quebec, April 1993.

  18. N. Halbwachs, F. Lagnier, and P. Raymond, “Synchronous observers and the verification of reactive systems,” in Third Int. Conf. on Algebraic Methodology and Software Technology, AMAST'93. Workshops in Computing, Springer Verlag, Twente, 1993.

    Google Scholar 

  19. D. Harel, “Statecharts. A visual formalism for complex systems,” Science of Computer Programming, Vol. 8, pp. 231–274, 1987.

    Google Scholar 

  20. D. Harel and A. Naamad, “The statemate semantics of statecharts,” ACM Transactions on Software Engineering and Methodology, Vol. 5, No. 4, 1996.

  21. D. Harel and M. Politi, “Modeling reactive systems with statecharts: The statemate approach,” Part No, D–1100–43, i-LOGIX Inc., Three Riverside Drive, Andover, MA 01810, 1996.

  22. D. Harel, H. Lachover, A. Naamad, A. Pnueli, M. Politi, R. Sherman, A. Shtull-Trauring, and M. Trakhtenbrot, “Statemate: A working environment for the development of complex reactive systems,” IEEE Transactions on Software Engineering, Vol. 16, pp. 403–414, 1990.

    Google Scholar 

  23. D. Harel, A. Pnueli, J.P. Schmidt, and R. Sherman, “On the formal semantics of StateCharts,” in Proceeding of First IEEE Symposium on Logic in Computer Science, 1987.

  24. L. Holenderski, Compositional Verification of Reactive Synchronous Systems, Siemens AG, 1998.

  25. T. Jennings and P. Taylor, “The verification of compiled code,” in G. Rabe (Ed.), SAFECOMP '95, Proceedings of the 14th International Conference on Computer Safety, Reliability and Security, Springer, 1995, pp. 504–513.

  26. B. Josko, “Symbolic timing diagram specifications: A tutorial,” Technical Report, Kuratorium OFFIS e.V., Oldenburg, Germany, 1997.

    Google Scholar 

  27. F. Maraninchi, “Operational and compositional semantics of synchronous automaton compositions,” in Proc. CONCUR'92. LNCS, Vol. 630, Springer-Verlag, 1992, pp. 550–564.

    Google Scholar 

  28. J. McHugh, “A method for demonstrably correct compilation,” Technical Report BMcH–93–02, ARPA Order Number 5916. Baldwin/McHugh Associates, 2622 Pickett Road, Durham, NC 27705, 1993.

  29. D.J. Pavey and L.A. Winsborrow, “Demonstrating equivalence of source code and PROM contents,” The Computer Journal, Vol. 36, No. 7, pp. 654–667, 1993.

    Google Scholar 

  30. A. Pnueli, M. Siegel, and O. Shtrichman, “The code validation tool (CVT)—Automatic verification of code generated from synchronous languages,” in Proceedings of STTT'98, 1998.

  31. A. Pnueli, M. Siegel, and O. Shtrichman, “Translation validation for synchronous systems,” in Proceedings of ICALP 98, 1998.

  32. A. Poigné, M. Morley, O. Maffeis, L. Holenderski, and R. Budde, “The Synchronous approach to designing reactive systems,” Formal Methods in System Design, Vol. 12, pp. 163–187, 1998.

    Google Scholar 

  33. B. Russell, “Correctness of the compiling process based on axiomatic semantics,” Acta Informatica, Vol. 14, pp. 1–20, 1980.

    Google Scholar 

  34. SACRES (Safety Critical Embedded Systems), Esprit Project 20897, http://www.cordis.lu/esprit-/src/20897.htm, http://www.ilogix.co.uk/ilogix/sacres.html.

  35. H. Samet, “A machine description facility for compiler testing,” IEEE Transactions on Software Engineering, Vol. SE-3, No. 5, pp. 343–351, 1977.

    Google Scholar 

  36. E. Sentovich, H. Toma, and G. Berry, “Efficient latch optimization using incompatible sets,” in International Digital Automation Conference DAC'97, Anaheim, 1997.

  37. “SIS: A system for sequential circuit synthesis,” Tech. Rep. UCB/ERLM92/41, ftp://ic.eecs.berkeley.edu/pub/Sis, pp. 1–45, 1992.

  38. H. Toma, E. Sentovich, and G. Berry, “Latch optimization in circuits generated from high-level descriptions,” in Proc. International Conf. on Computer-Aided Design ICCAD'96, 1996.

  39. A. Pnueli, “From requirements to implementations: A seamless development process for embedded systems,” in ASEAN'99, 1999.

  40. Techniques Nouvelles d'Informatique, Sildex product infos and software screenshots, http://www.tni.fr.

Download references

Author information

Authors and Affiliations

  1. Siemens AG, ZT SE 4, Otto-Hahn-Ring 6, 81730, München, Germany

    Klaus Winkelmann

Authors
  1. Klaus Winkelmann
    View author publications

    You can also search for this author in PubMed Google Scholar

Rights and permissions

Reprints and permissions

About this article

Cite this article

Winkelmann, K. Formal Methods in Designing Embedded Systems—the SACRES Experience. Formal Methods in System Design 19, 81–110 (2001). https://doi.org/10.1023/A:1011295931367

Download citation

  • Issue Date:

  • DOI: https://doi.org/10.1023/A:1011295931367

Search

Navigation