Section: Overall Objectives

Overall Objectives

The Kopernic members are focusing their research on studying time for embedded communicating systems, also known as cyber-physical systems.

The term cyber-physical systems refers to a new generation of systems with integrated computational and physical capabilities that can interact with humans through many new modalities   [15]. A defibrillator, a mobile phone, an autonomous car or an aircraft, they all are CPSs. Beside constraints like power consumption, security, size and weight, CPSs may have cyber components required to fulfill their functions within a limited time interval (a.k.a. dependability), often imposed by the environment, e.g., a physical process controlled by some cyber components. The appearance of communication channels between cyber-physical components, easing the CPS utilization within larger systems, forces cyber components with high criticality to interact with lower criticality cyber components. This interaction is completed by external events from the environnement that has a time impact on the CPS. Moreover, some programs of the cyber components may be executed on predictable processors and other programs on less predictable processors. For instance, a drone that supervises an airport area may be pictured continually interacting with the airport control tower and the pilotes of the airplanes. In this exemple, the drone, the tower and the airplanes belong to a large CPS.

Different research communities study separately the three design phases of these systems: the modeling, the design and the analysis of CPSs [23]. These phases are repeated iteratively until an appropriate solution is found. During the first phase, the behavior of a system is often described using model-based methods. Other methods exist, but model-driven approaches are widely used by both the research and the industry communities. A solution described by a model is proved (functionally) correct usually by a formal verification method used during the analysis phase (third phase described below).

During the second phase of the design, the physical components (e.g., sensors and actuators) and the cyber components (e.g., programs, messages and embedded processors) are chosen often among those available on the market. However, due to the ever increasing pressure of smartphone market, the microprocessor industry provides general purpose processors based on multicore and, in a near future, based on manycore processors. These processors have complex architectures that are not time predictable due to features like multiple levels of caches and pipelines, speculative branching, communicating through shared memory or/and through a network on chip, internet, etc. Therefore, nowadays the CPS industry is facing the great challenge of estimating the corresponding worst case execution times of programs executed on these processors. Indeed, the current complexity of both processors and programs does not allow to propose reasonable worst case bounds. Then, the phase of design ends with the implementation of the cyber components on such processors, where the models are transformed in programs (or messages for the communication channels) manually or by code generation techniques [17].

During the third phase of analysis, the correctness of the cyber components is verified at program level where the functions of the cyber component are implemented. The execution times of programs are estimated either by static analysis, by measurements or by a combination of both approaches [30].

The time properties of a cyber component are subject to variability factors. We understand by variability the distance between the smallest value and the largest value of a time property. With respect to the time properties of a CPS, the factors may be classified in three main classes:

• program structure: for instance, the execution time of a program that has two main branches is obtained, if appropriate composition principles apply, as the maximum between the largest execution time of each branch. In this case the branch is a variability factor on the execution time of the program;

• processor structure: for instance, the execution time of a program on a less predictable processor (e.g., one core, two levels of cache memory and one main memory) will have a larger variability than the execution time of the same program executed on a more predictable processor (e.g., one core, one main memory). In this case the cache memory is a variability factor on the execution time of the program;

• execution environnement: for instance, the appearance of a pedestrian in front of a car triggers the execution of the program corresponding to the brakes in an autonomous car. In this case the pedestrian is a variability factor for triggering the execution of some programs. Moreover, the execution environnement may trigger branches of the programs, according to their structure.

Verifying that time properties of a CPS are met is often formalized as a scheduling problem [25], where the programs should be provided a start time within the schedule together with an assignment of resources (processor, memory, communication, etc.). The verification of a solution for a scheduling problem is known as schedulability analysis.

A cyber-physical system (CPS) has cyber (or computational) components and physical components that communicate. Our team deals with the problem of studying time properties (execution time of a program or a set of communicating programs, etc.) of the cyber components of a CPS. The cyber components may implement functions with different criticalities with respect to time and a solution should come with associated proofs of its appropriateness for each criticality. A solution is appropriate for a criticality level if all functions fulfill the expectations of that criticality level. Based on their mathematical foundations, the solutions are:

• either classic (or non-probabilistic) when all time properties are estimated and/or upper bounded by numerical values;

• or probabilistic when at least one time property is estimated and/or upper bounded by probability distributions.

The Kopernic members propose a system-oriented solution to the problem of studying time properties of the cyber components of a CPS. The solution is expected to be obtained by composing probabilistic and non-probabilistic approaches for CPSs.

We identify three main scientific objectives developed in Sections 3.1, 3.2 and 3.3. These objectives are presented from program level, where we use statistical approaches, to the level of all programs, where we use probabilistic and non-probabilistic approaches.