Section: Overall Objectives

Challenge

A cyber-physical (or reactive, or embedded) system is the integration of heterogeneous components originating from several design viewpoints: reactive software, some of which is embedded in hardware, interfaced with the physical environment through mechanical parts. Time takes different forms when observed from each of these viewpoints: it is discrete and event-based in software, discrete and time-triggered in hardware, continuous in mechanics or physics. Design of CPS often benefits from concepts of multiform and logical time(s) for their natural description.

High-level modelling and programming formalisms used to represent software, hardware and physic significantly alter this perception of time. In the model of the environment, the continuous evolution of time is represented by differential equations whose computerised resolution is inherently discrete. In hardware models, the system clock is an abstraction of the electrical behaviour of the circuit. It is usually further approximated by coarser-grain abstractions: register transfer level (RTL), transaction-level modelling (TLM) or system-level modelling.

In system design, time is usually abstracted to serve the purpose of one of many design problem: simulation, profiling, performance analysis, scheduling analysis, parallelisation, distribution, simulation, or virtual prototyping. For example in non-real-time commodity software, timing abstraction such as number of instructions and algorithmic complexity is sufficient: software will run the same on different machines, except slower or faster. Alternatively, in cyber-physical extensions, multiple recurring instances of meaningful events may create as many dedicated logical clocks, on which to ground modelling and design practices.

Time reasoning is further complicated by the inadequacy of conventional programming models for modern hardware, such as Network-On-Chips. As pointed out by Edward Lee in his position paper (The Problem with Threads. E. A. Lee. Technical Report UCB/EECS-2006-1. UC Berkeley, 2006. http://www.eecs.berkeley.edu/Pubs/TechRpts/2006/EECS-2006-1.html ), anyone experienced with multi-threaded programming can easily acknowledge the difficulty of designing and implementing concurrent software. Resolving concurrency, synchronisation, and coordination issues, and tackling the non-determinism germane in multi-threaded software is extremely difficult. Ensuring software correctness not only with respect to its specification, but also with regards to target hardware and environment, is a necessary yet even more challenging task.

This challenge explains why the mitigation of time constraints arising from heterogeneous time models or domains is equally isolated to one specific design problem. For instance,

• scheduling analysis aims at reconciling software logical time with discrete hardware resources;

• desynchronisation aims at reconciling the synchronous abstraction of software concurrency with the asynchronous abstraction of a distributed architecture;

• virtual prototyping aims at simulating hardware events using software;

• hybrid simulation mixes software time and simulated physical time.

None of these problems demand system-level timed reasoning. All these issues are usually addressed in isolation. Yet, all would benefit from modularity and compositionally gained by coordinated time reasoning. Proper handling of time requires a precise semantic foundations and the establishment of formal correctness properties. It allows powerful analysis and error-proof verification of functional behaviours and quantitative characteristics.

Time abstraction increases efficiency in event-driven simulation or execution (i.e SystemC simulation models try to abstract time, from cycle-accurate to approximate-time, and to loosely-time), while attempting to retain functionality, but without any actual guarantee of valid accuracy (responsibility is left to the model designer). Functional determinism (a.k.a. conflict-freeness in Petri Nets, monotonicity in Kahn PNs, confluence in Milner's CCS, latency-insensitivity and elasticity in circuit design) allows for reducing to some amount the problem to that of many schedules of a single self-timed behaviour, and time in many systems studies is partitioned into models of computation and communication (MoCCs). Multiple, multiform time(s) raises the question of combination, abstraction or refinement between distinct time bases. The question of combining continuous time with discrete logical time calls for proper discretisation in simulation and implementation. While timed reasoning takes multiple forms, there is no unified foundation to reasoning about multi-form time in system design.

The aim of project-team TEA is to develop formal calculi for reasoning about time in embedded system design. Equipped with these calculi, we will revisit typical problems and application in real-time system design, such as time determinism, memory ressources predictability, real-time scheduling, mixed-criticality and power management. Eventually, this will allow to prototype and deliver a tooled methodology for virtual prototyping embedded architectures.