We work on the problem of the safe design of real-time control systems. This area is related to control theory as well as computer science. Application domains are typically safety-critical systems, as in transportation (avionics, railways), production, medical or energy production systems. Both methods and formal models for the construction of correct systems, as well as their implementation in computer assisted design tools, targeted to specialists of the applications, are badly needed. We contribute to propose solutions all along the design flow, from the specification to the implementation: we develop techniques for the specification and automated generation of safe real-time executives for control systems. Our special research themes are:
implementations of synchronous reactive programs,
generated automatically by compilation, particularly from the point of view
of distribution (in relation with the
Lustre
control/scheduling co-design, with cross-interactions between techniques of
serving and real-time operating systems (RTOS), in order to obtain an
adaptative scheduling, with regard to quality of service (in relation with
the ORCCAD
high-level design methods, with support for automated code generation, including:
the automated generation of correct controllers using discrete control
synthesis (in relation with the Mode
Automata
Our applications are in embedded systems, typically in the robotics, automotive, and telecommunications domains. International and industrial relations feature:
the ITEA European project EAST-EEA, about embedded electronics in cars.
the IST European network ARTIST, about advanced real-time systems.
the RNTL-funded Automate project (ATHYS, COMAU/Renault Automation) on safe control components for the automation of assembly production cells.
Cooperations with ST Microelectronics and France Télécom R&D.
The context of our work is the area of embedded real-time control systems, at the intersection between control theory and computer science. We contribute methods and tools for their safe design. The systems we consider are intrinsically safety-critical because of the interaction between the embedded, computerized controller, and a physical process having its own dynamics. What is important is to analyze and design the safe behavior of the whole system, which introduces an inherent complexity. This is even more crucial in the case of systems whose malfunction can have catastrophic consequences, for example in transport systems (avionics, trains), production, medical, or energy production systems.
Therefore, there is a need for methods and tools for the design of safe
systems. The definition of adequate mathematical models of the behavior of
the systems allows the definition of formal calculi. They in turn form a
basis for the construction of algorithms for the analysis, but also for the
transformation of specifications towards an implementation. They can then be
implemented in software environments made available to the users. A
necessary complement is the setting-up of software engineering, programming,
modeling, and validation methodologies. The motivation of these problems is
at the origin of significant research activity, internationally and in
particular, in the European IST network ARTIST (Advanced Real-Time Systems)
The state of the art upon which we base our contributions, is twofold.
From the point of view of discrete control, there is a set of theoretical
results and tools, in particular in the synchronous approach, often founded
on labelled transition systems (or finite or infinite state automata) StateCharts
The synchronous approachArgos, Lustre Esterel Signal/PolychronySynDEx
From the point of view of the executables and execution platforms for the
implementation of embedded systems, there are software or middle-ware
approaches and hardware-based approaches. Under the quantitative aspects of
the problem, one can find techniques for structuring the programs in
multiple tasks, possibly preemptable, based on the real-time operating
system. Their durations and periods, for example, are taken into account
within the framework of scheduling according to various strategies. The
analytical approach, with the determination of schedulability of a set of
real-time tasks with constraints, is a very active field of research,
primarily turned towards the respect of computer-centered constraints only:
the task characteristics are derived from measurements of periods and
execution time imposed by the environment. There has been, until recently,
only relatively little work formalizing the relation with discrete models
and control. The techniques of real-time control usually take into account
only criteria internal to the computer system, related to the resources of
computation: in other words, they have a character of open loop. However,
the progress of the reflexive systems, providing sensors (of
reconfiguration) and actuators (of dynamic control of the system) make it
possible to close the loop
The design of safe real-time control systems is difficult due to various issues, among them their complexity in terms of the number of interacting components, their parallelism, the difference of the considered time scales (continuous or discrete), and the distance between the various theoretical concepts and results which allow the study of different aspects of their behaviors, and the design of controllers. The European network IST ARTIST identifies three principal objectives: hard real-time for critical applications (which concerns the synchronous approach), component-based design, and adaptive real-time systems for quality of service management.
A currently very active research direction focuses on the models and techniques which allow the automation of the use of formal methods. In the field of verification, this concerns in particular the technique of model checking; the verification intervenes after the design phase, and requires, in case of problematic diagnostics, expensive backtracks on the specification. We want to make a more constructive use of formal models, using them to derive correct executives by formal computation and synthesis, integrated in a compilation process. We therefore use models throughout the design flow from specification to implementation, in particular by automatic generation of embeddable executives.
They initially come from the fields of safety-critical systems (avionics, energy) and complex systems (telecommunication), embedded in an environment with which they strongly interact (comprising aspects of computer science and control theory). Fields with less strong criticality, or which support variable degrees of quality of service, such as in the multi-media domain, can also take advantage of methodologies which improve the quality and reliability of software, and reduce the costs of test and correction in the design.
Industrial acceptance, the dissemination, and the deployment of the formal
techniques inevitably depend on the usability of such techniques by
specialists in the application domain — and not in formal techniques
themselves —, and also on the integration in the whole design process,
which concerns very different problems and techniques. The application
domains are rather rare where the actors are ready to employ PhDs in formal
methods or advanced control theory. Even then, the methods of systematic
application of these theoretical results are not ripe. In fields like
industrial control, where the use of PLC (Programmable Logic Controller
Essential elements in this direction are the proposal of realistic formal
models, validated by experiments, of the usual entities in control theory,
and functionalities (i.e., algorithms) which correspond indeed to services
useful for the designer. Take for example the compilation and optimization
taking into account the platforms of execution, possible failures, or the
interactions between the defined automatic control and its implementation. A
notable example for the existence of an industrial need is the activity of
the Athys company concerning the development of a specialized programming
environment, CellControl, which integrates synchronous tools for
compilation and verification, tailored to the application domain.
In these areas, there are functionalities that commercial tools do not have yet,
and to which our results contribute.
We are proposing effective compromises between, on the one hand, expressiveness and formal power, and on the other hand, usability and automation. We focus on the field of specification and construction of correct real-time executives for discrete and continuous control, while keeping an interest in tackling major open problems, relating to the deployment of formal techniques in computer science, especially at the border with control theory. Regarding the applications, we propose new automated functionalities, to be provided to the users in integrated design and programming environments.
We intend to exploit our knowledge of formal techniques and their use, and of control theory, according to aspects of the definition of fundamental tools, and applications.
The integration of formal methods in an automated process of generation/compilation is founded on the formal modeling of the considered mechanisms. This modeling is the base for the automation, which operates on models well-suited for their efficient exploitation, by analysis and synthesis techniques that are difficult to use by end-users.
The creation of easily usable models aims at giving the user the role rather of a pilot than of a mechanic, i.e., to offer her/him pre-defined functionalities which respond to concrete demands, for example in the generation of fault-tolerant or distributed executives, by the intermediary use of dedicated environments and languages.
The proposal of validated models with respect to their faithful representation of the application domain is done through case studies in collaboration with our partners, where the typical multidisciplinarity of questions across control theory and computer science is exploited.
The overall consistency of our approach comes from the fact that the main research directions address, under different aspects, the specification and generation of safe real-time control executives based on formal models.
We explore this field by linking, on the one hand, the techniques we use, with on the other hand, the functionalities we want to offer. We are interested in questions concerning:
Dedicated languages and models for automatic control which are the interface between the techniques we develop and the end-users on the one hand, and the designers of formal models on the other hand.
Compositional modeling and analysis which aim at deriving crucial system properties from component properties, without the need to actually build and check the global system.
can be tackled differently depending on the execution platform. Our approach is to obtain, by compilation (thus automatically), founded on a formal model of the program to be implemented:
the distribution on a multiprocessor architecture, with code partitioning according to directives, and insertion of the necessary communication actions to ensure the coherence of control, in a way that is guaranteed to be correct with respect to the original specification, and optimized;
fault-tolerance by replication of computations on a multiprocessor architecture, and scheduling of computations according to the faults to be tolerated.
where the interaction of the very nature of the control we consider, with its real-time implementation can be tackled in two ways:
scheduling for regulation where the scheduling scheme and parameters are designed to capture the control system requirements and improve the quality of the implemented controller;
regulation for scheduling where the latter is made adaptive and is dynamically controlled by using techniques from control theory.
where we apply
the technique of discrete controller synthesis, especially by using the
tools Sigali
Our applications are in embedded systems, typically: robotics, automotive, telecommunications, systems on chip (SoC). In some areas, safety is critical, and motivates the investment in formal methods and techniques for design. But even in less critical contexts, like telecommunications and multimedia, these techniques can be beneficial in improving the efficiency and quality of designs, as well as the design, production and test costs themselves.
Industrial acceptance of formal techniques, as well as their deployment, goes necessarily through their usability by specialists of the application domain, rather than of the formal techniques themselves. Hence our orientation towards the proposal of domain-specific (but generic) realistic models, validated through experience (e.g., control tasks systems), based on formal techniques with a high degree of automation (e.g., synchronous models), and tailored for concrete functionalities (e.g., code generation).
The commercially available design tools (such as UML with real-time
extensions,
MathLab/Simulink/dSPACEStatemate by iLogix.
Regarding the synchronous approach, commercial tools are available:
Scade (based on Lustre) and
Esterel Sildex Signal), industrial versions of
Esterel compilers (for example at France Télécom R&D), specialized environments
like CellControl for industrial automatisms, by the Inria spin-off Athys
The scheduling methods we propose, are of interest for the designers of
embedded applications, who lack adequate design methods to effectively use
the tools offered by the RTOS. The dissemination of these methods can be
done via the success of applications (as in the European project Teledimos, or by distribution in the context of free software around the
real-time/embedded versions of
Linux
Regarding applications and case studies with industrial end-users of our techniques, we cooperate with:
ST Micro-electronics around design assistance for Systems on Chip, w.r.t. controller synthesis, automatic distribution of simulations, compositional verification;
Comau (formerly Renault Automation), around modeling components for
factory automation;
Excavation systems industry in the framework of the Teledimos
European project.
Regarding transfer of our results and know-how to tool-vending industrials, we interact with:
France Télécom R&D, by transferring automatic distribution technology
towards their Esterel compiler;
Athys, where methodological aspect from the Orccad approach were taken
over, as well as a specialized verification framework.
Orccad
It is mainly intended for critical real-time applications in robotics,
in which automatic control aspects (servo loops, control) have
to interact narrowly with the handling of discrete events (exception
handling). Orccad offers a complete and coherent vertical
solution, ranging from the high level specification to real-time code
generation.
Orccad is maintained by the Support Expérimentations &
Développement (SED) service of the laboratory. Orccad is used by the
experimental robotics platform of Inria. New functionalities are
developed jointly by the SED service and the researchers of the Pop
Art project.
The current stable version allows for the automatic generation of real-time single-rate controllers running on top of VxWorks, Solaris and Linux.
The main current developments allow for the generation of multi-rate controllers and the use of feedback scheduling running on top of Linux/RTAI.
Some concepts of task structuring and dedicated interfaces for the
programming of robot systems give place to a transfer of expertise to the
company Athys.
ocrep distributes automatically synchronous programs according to
specifications given by the user. Concretely, starting from a centralized
source synchronous program obtained either with the Lustre or the
Esterel compiler, from a number of desired computing locations, and an
indication of where each input and output of the source program must be
computed, ocrep produces several programs, one for each location, each one
computing only its assigned variables and outputs, and communicating
harmoniously. By this we mean that their combined behavior is equivalent to
the behavior of the centralized source program and that there is no
deadlock.
Currently our software ocrep is distributed in the form of executable on
the webocrep into their compiler Saxo-RT for Esterel programs.
We have been collaborating for several years with the project Aoste on
the subject of fault-tolerance. In particular, we have implemented
several new heuristics for fault-tolerance within their software
SynDEx Aoste.
On this subject, the development activities are at the beginning, and encompass two aspects.
On the one hand, the software tool for experimentation, allowing the
specification of models, the controller synthesis, and the execution or
simulation of the results, is based on existing synchronous tools, and
thus consists primarily in the use and integration of
Sigali (developed at IRISA) and of Mode Automata (developed at Verimag
On the other hand, the determination of useful component templates and relevant properties can be given form by libraries of task models, and properties and objectives. To start off, they can be naturally seen in terms of mode automata and the tools of the experimental platform mentioned above, but one can keep in mind their portability towards other platforms.
The first results for compositional modeling and verification (section
) have been implemented in the prototype tool Prometheus, in order to perform case studies to evaluate their potential and limits.
Within the framework of our work on the longitudinal control of automatic
vehicles Orccad task, which currently runs on the Cycabs of Inria Rhône-Alpes Shift programming language developed at UC Berkeley
We have adapted the code distribution method of ocrep to
desynchronize Lustre programs in order to handle long duration
tasks. Such tasks, whose worst case execution time and maximal
execution rates are known and bounded, violate intrinsically the
synchrony abstraction of Lustre. Our distribution method is
clock-driven, meaning that the program is partitioned according
to its clocks, and then desynchronized such that each computing
location is scheduled at a different rate, hence allowing long
duration tasks to complete without slowing the fast
computations
In this field, our work is more precisely aimed at generating a static schedule of a given data-flow graph of tasks onto a distributed heterogeneous architecture, taking into account the execution characteristics of the tasks (resp. data-dependencies) on the processors (resp. communication links) of the architecture. We have worked in three directions:
On the tolerance of processor failures, we have
designed and implemented a new heuristics for SynDEx, which
distributes a data-flow graph of tasks onto an heterogeneous
architecture such that the obtained schedule tolerates a given
number of processor failures. It performs significantly better than
other comparable heuristics found in the
literature
On the tolerance of communication media failures, we have
conducted a bibliographical study and are now envisioning three research
directions depending on the type of communication links (point-to-point or
bus) and on the level of replication of the communications (active or
hybrid active/passive).
On the generation of reliable schedules, we have
designed and implemented an original bi-criteria heuristics for
SynDEx, aiming at both minimizing the critical path of the
distributed schedule, and maximizing its reliability w.r.t. the
characteristics of the target heterogeneous
architecture
We have also worked on fully distributed algorithms to find multiple
disjoint paths in networks of processors, from a given source node to
a given destination node. The goal is that whenever a path will fail,
a spare one will be available immediately. Here, the difficulty arises
because no node knows the complete topology of the network, but only
its immediate neighbors. We are currently implementing our distributed
algorithm in NS (Network
Simulator
The real-time community has usually considered that control tasks have fixed periods, hard deadlines and worst-case execution times. This assumption has served the separation of control and scheduling designs, but has led to underutilization of CPU resources. However current real-time design methods and associated analysis tools do not provide a model flexible enough to fit well with control systems engineering requirements.
Control systems are often designed using a set of cooperating periodic modules running under control of a real-time operating system. A correct behavior of the closed-loop controller requires that the system meets timing constraints like periods and latencies, which are often expressed as deadlines. Well known scheduling policies, such as Rate Monotonic for fixed priorities and EDF for dynamic priorities assign priorities according to timing parameters, respectively sampling periods and deadlines. They are said ``optimal'' as they maximize the number of tasks sets which can be scheduled with respect of deadlines, under some restrictive assumptions.
They hardly take into account precedence and synchronization constraints which naturally appear in a control algorithm. The relative urgency or criticality of the control tasks can be unrelated with the timing parameters. Thus, the timing requirements of control systems w.r.t. the desired control goal expressed as a performance index do not fit well with scheduling policies purely based on schedulability tests.
Within our approach the control system timing requirements are captured through a partition in control paths whose fixed priorities are assigned according to their relative urgency. Latencies are managed through precedence constraints and more or less tight synchronization between modules. The implementation uses the fixed-priority based preemption service of an off-the-shelf real-time operating system. Such a system can be modeled with timed event graphs, and its temporal behavior can be analyzed off-line using the underlying (max,plus) algebra. This methodology is supported by the development version of Orccad. It will be further improved using a QoS management of the timing constraints to fully benefit from the intrinsic robustness of closed-loop controllers w.r.t. timing uncertainties.
Some preliminary results have been obtained by providing, in the case of an
inverted pendulum, a set of controllers (with different sampling periods),
able to be robust according to timing uncertainties (represented as input
delays)
Taking into account the unsuitability of current real-time design to capture feedback control systems requirements naturally leads to use control/scheduling co-design. This closer interaction is particularly needed for control applications requiring high degrees of flexibility or when computing resources are limited. However while off-line methods can handle control requirements they cannot easily handle timing uncertainties due to varying execution times, dynamic reconfigurations or network induced delays.
Thus it can be useful to consider more dynamic solutions, i.e. to
adapt the execution of the control task (period and value) according to the
availability of the resources. This is called feedback scheduling,
the purpose of which is to deal with on-line trade-offs
between control performance and computing resources (CPU time and
communication bandwidth) utilization.
The idea consists in adding to the process controller an outer sampled feedback loop ("scheduling regulator") to control the scheduling parameters as a function of a QoC (Quality of Control) measure. The QoC criterion captures the control performance requirements and the problem can be stated as QoC optimization under constraint of available computing resources. However preliminary studies suggest that a direct synthesis of the scheduling regulator as an optimal control problem leads, when it is tractable, to a solution too costly to be implemented in real-time. Practical solutions will be found in the available control toolbox or in enhancements and adaptation of current control theory.
Feedback scheduling is a dynamic approach allowing to better use the
computing resources, in particular when the workload changes e.g. due to the
admission of a new task. We propose in figure a hierarchical
control structure. The feedback scheduler controls the CPU activity
according to the computing resource availability (measured through some
computing load metric) by adjusting the periods of the tasks used in the
process controller(s). The feedback scheduler is here implemented as an
application task that runs in parallel with the control task, with a higher
priority. It executes as a periodic task, with a period
Preliminary studies and experiments have been conducted along the
following guidelines
while the outer loop should control a composite of QoC and QoS we focussed only on the control of the computing load;
as the task periods directly affect the computing load they have been chosen as actuators. They can be implemented through software variable clocks;
several methods for measuring the computing load have been evaluated;
as timing uncertainties cannot be avoided and are difficult to
model or measure, the choice of control algorithms focuses on
robustness w.r.t. unknown delays, e.g. using recent results in
Experiments are implemented using a modified Orccad runtime under
Linux/RTAI. The results show that the method provides both robustness
w.r.t. unmodelled delays and a controlled utilization of the computing
resource. Further work will study improved versions of robust controllers, a
process requirements based formulation of QoC/QoS criteria and a full
implementation of the system including QoS management issues.
Work in the last few years has produced a methodology for the automatic
generation of correct controllers for multi-task systems Inria-Rennes
(VERTECS
We have begun considering the possible complementarities between the application of controller synthesis on the global model, and the use of composition ¨glue¨, also in terms of an automaton, that would enforce a given property between components. The idea is that, for some simple properties, this technique can avoid the costly synthesis, which would however be necessary for others. This issue raises considerations of compositionality as in Section .
A generalization of the methodology has been formalized and defined as the
automated generation of a property-enforcing layer
In order to obtain automatically fault-tolerant real-time systems, we
investigate a new solution based on the application of discrete controller
synthesis. The real-time systems we consider consist of a set of tasks, and
a set of distributed, heterogenous processors. The latter are fail-silent,
and an environment model can detail actual fault patterns. We apply
controller synthesis, with objectives w.r.t. consistent execution,
functionality fulfillment, and some optimizations. We construct a manager
that ensures fault-tolerance by migrating the tasks automatically, upon
occurrence of a failure, according to the policy given by the objectives.
The advantage is that, once the system is modeled, it becomes possible to
study several fault-tolerance policies
We also approach controller synthesis for fault-tolerance from another
angle, related to production systems, in cooperation with
LAG
Component-based modeling is crucial to overcome the complexity of embedded systems. However, two major obstacles need to be addressed: the heterogenous nature of the models, and the lack of results to guarantee correction of the composed system.
The technique of model-checking allows to verify or falsify correctness of
the system with respect to some property, but it has two drawbacks: its cost
and the fact that this method is not constructive. The goal of compositional modeling is to guarantee correctness of real-time systems at
a reasonable cost. The idea of compositionality is to infer properties of a
model from the properties of its components. It is therefore necessary to
find properties on the structure of the components and on their composition
that imply the required properties of the composed model.
The heterogenous nature comes from the fact that it is usually necessary to
compose different parts of the system on different levels of abstraction,
and using different models of computation (e.g., timed and untimed
automata), models of interaction (e.g., blocking or non-blocking,
rendez-vous or broadcast), and models of execution. The modeling
formalism and the composition operation has to support this heterogenous
nature of the components.
We have developed a general model for component-based construction of
real-time systems
The goal of Aspect-Oriented Programming (AOP) is to isolate aspects (such as
security, synchronization or error handling) which cross-cut the program
basic functionality and whose implementation would otherwise yield tangled
code. In AOP, such aspects are specified separately and integrated into the
program by an automatic transformation process called weaving.
Although this new paradigm has great practical potential, it still lacks formalization. For historical reasons, most aspect languages are very expressive and dedicated to object-oriented languages (e.g. Java). The formal foundations of AOP are very difficult to establish in such a complex setting.
Bringing together aspect-oriented programming and reactive programming has three main objectives:
The first objective is to propose a formal semantics of aspects and weaving in the reactive programming framework. This framework is promising since it is based on simple formal models (transition systems, automata) and a large class of aspects can be seen as temporal properties to enforce on such models.
The second objective is to study the relationship between aspect weaving and controller synthesis (see Section ). Both techniques aim at ensuring properties on programs. Their common points, differences and potential cross-fertilizations deserve to be studied.
Each programming paradigm has its own abstractions, concerns and therefore, aspects. So, the last objective is to discover and study the specific aspects needed by reactive systems.
This new line of research is initiated by the arrival of P. Fradet in Pop Art last September and by the local ARC with Verimag: Ctrl-a, Aspect-oriented programming and reactive languages (cf. section
). For more information on P. Fradet's on-going work on AOP
and other topics, the reader is referred to the activity report of the
LandeInria Rennes).
Athys is a start-up company of Inria Rhône-Alpes, working on the techniques
for control and application of synchronous languages in robotics; it was
created in June 2000, after a year and a half incubation, and its definition
was heavily influenced by our experience around Orccad.
We cooperate in the RNTL Automate project, also involving Comau (formerly
Renault Automation). The basic idea consists in using predefined and
validated components to ease and make faster and safer the design of complex
applications in industry. Starting from the functional description of each
component, e.g. a robot gripper, its discrete event based behavior is
modeled and encoded using Esterel Studio. Then this behavior can be
validated using the associated formal verification tools. Validated
components behaviors can be further composed to check the overall behavior
of the application, e.g the assembly cell. A set of user-oriented predefined
properties has been developed to help the user in the verification process
at each step of the design.
This project was funded by the RNTL for one year and 52 kEUR. It valorizes
our competence in synchronous techniques and application to production
systems, contributes to Athys' development of the Cell Control environment
and should influence work on domain specific verification and synthesis.
We have an ongoing collaboration with ST Microelectronics (Crolles),
SysArt team. The goal is to extract structured information concerning
the execution rates, from a SoC design in the Transaction Level Model,
in order to partition the design according to these execution
rates. We will apply our synchronous program distribution
techniques
Jessica
This is a
locally funded (by Inria-Rhône-Alpes) cooperation,
with Verimag (synchronous team, F. Maraninchi, K. Altisen),
around the topic
Aspect-oriented programming and reactive languages
COSEDcommande opérationnelle des systèmes à événements discrets)
is a working group of the EEA association of Electronics and Control Theory Teachers,
seen from an operational point of view, notably PLCs.
It is now transformed into the
INCOS group (Ingénierie de la Commande et de la Supervision des SED)
related to
GDR MACS, pôle STP
Action Spécifique CNRS AS 155,
related to RTP 24 (Mathématiques du signal et des Systèmes),
is titled:
Approches formelles pour l'analyse et la synthèse sûre de contrôle
des systèmes dynamiques hybrides,
and is a working group on the analysis and synthesis of hybrid systems,
approached from a control theory perspective.
We are collaborating to this RTP titled Sûreté de fonctionnement des
systèmes informatiques complexes
ouverts
NECS project related to RTP
55
O. Sename and D. Simon participate in the SAR group
The MR2V service at Inria-Rhône-Alpes is maintaining Orccad.
Aoste at Inria-Rocquencourt is working with us on fault-tolerant heuristics
for their software SynDEx.
Vertecs at Irisa/Inria-Rennes is working with us about
the applications we make of discrete controller synthesis,
and notably of the tool Sigali.
P.Fradet cooperates with T. Jensen and S. Hong Tuan Ha (Lande,
Irisa/Inria-Rennes) and with J.-P. Banâtre and Y. Radenac (Paris,
Irisa/Inria-Rennes).
P. Fradet cooperates with R. Douence and M. Südholt (Ecole des Mines de Nantes).
A. Girault cooperates with X. Nicollin (Verimag) and M. Pouzet (LIP6,
University of Paris 6).
G. Gössler cooperates with J. Sifakis (Verimag).
E. Rutten cooperates with K. Altisen and F. Maraninchi (Verimag), and with
H. Alla (LAG).
ARTIST is a European IST network, lead by Verimag.
It concerns real-time systems,
particularly hard real-time, and adaptive techniques for quality of service
management.
It lasts 2 years (2002-2004), and funds one year of post-doc on the topic
of controller synthesis for fault-tolerance.
The EAST-EEA project (Embedded Electronics Architecture) aims at proposing a methodology in order to develop complex real-time embedded applications in the field of transportation, specially for automobiles. The main goals are: independence between hard and soft, standard components and tools, and cooperation between actors. The PhD of Hamoudi Kalla is funded by this project.
K. Altisen and E. Rutten organize a local working group on
discrete controller synthesisVerimag, LAG, Inria-Rhône-Alpes, and INSA Lyon,
and potentially elsewhere in Rhône-Alpes.
P. Fradet has participated in the program committees of ESOP'04 (13th European Symposium on Programming) and JLFA'04 (15ème Journées
Francophones des Langages Applicatifs).
A. Girault has been awarded the prize ``Communication et Systèmes''
He participates in organizing SLAP'03 (Synchronous Languages,
Applications, and Programming) SYNchronous
Applications, Languages, and Programs web site
E. Rutten participates in organizing SLAP'03,
and in program committees for SLAP'03 and'04,
ECRTS'03 and 04
(Euromicro Conference on Real-Time Systems),
salon RTS'03 and 04
(RTS EMBEDDED SYSTEMS),
MSR'03 and 05
(Modélisation des Systèmes Réactifs),
WPDRTS'03 and 04
(Workshop on Parallel and Distributed Real-Time Systems,
satellite of IPDPS),
TSI special issue on Real-Time Systems 03,
WODES'04
(IFAC International Workshop on Discrete Event Systems),
SFEDL'04
(Semantic Foundations of Engineering Design Languages,
satellite of ETAPS'04).
O. Sename has participated in the program committee of the IFAC Workshop on Time-Delay Systems TDS'03 (Rocquencourt, France) and of the IFAC Workshop on Automotive Control 2004 (Salerno, Italy).
D. Simon is expert in the Jessica program for technically supporting small
companies. He is a member of Inria Rhône-Alpes ``Commission Postes
d'Accueil''.
E. Rutten is a member of
Inria evaluation commission and détachements commission,
Inria Rhône-Alpes scientific employment commission,
Univ. of Brest specialists commission (27th section).
In addition to conferences mentioned in the publications list, we participated in:
SLAP'03 and ECRTS'03 (Porto, July 2003)
Synchron'03 (Marseille, December 2003).
Daniel Simon, Alain Girault, Eric Rutten: course on real-time techniques, 18 h. (in all), DEA IVR (Image Vision Robotique) Grenoble;
Alain Girault, Eric Rutten: compilation, 2nd year engineering, 18 h. (each), ENSIMAG Grenoble.
Alain Girault: compilation project, 2nd year engineering, 30 h., ENSIMAG Grenoble.
Hamoudi Kalla, co-advised by Alain Girault (with Y. Sorel, AOSTE Team), since 1/2001, PhD in computer science, INPG.
David Robert, co-advised by Daniel Simon and Olivier Sename, since 10/2003, PhD in Control Theory, INPG.
Ismail Assayad: Reliable Scheduling Heuristics for Embedded Real-Time Systems, DEA ISC, UJF-INPG,
co-advised by Alain Girault and Hamoudi Kalla;
MohamedAbdennebi: Discrete Controller Synthesis for Fault-Tolerant Embedded Systems, DEA ESIA Annecy,
co-advised by Alain Girault and Eric Rutten;
David Robert: Robust Discrete/Continuous Control of a Robotic Arm,
DEA Control Theory, UJF-INPG,
co-advised by Daniel Simon and Olivier Sename;
Fethi Bouziani: Study and Implémentation of Insertion Stratégies for an Automatic Highway, DEA Control Theory, UJF-INPG,
advised by Alain Girault;
Safia Iddir: Discrete Controller Synthesis for Fault-Tolerant Production Systems, DEA Control Theory, UJF-INPG,
co-advised by Eric Rutten and Hassane Alla;
Gwenael Delaval, 2nd year ENSIMAG/INPG, co-advised by Alain Girault and Daniel Simon;
Ivana Medos, graduate student MIT-Boston, advised by Alain Girault;
Jean-Christophe Alberti, Abdelmajid Laachachi: TER, Maîtrise Informatique, UJF, co-advised by Gregor Gössler and Eric Rutten.