6.1.1 CertiCAN

• Name:
  Certifier of CAN bus analysis results
• Keywords:
  Certification, CAN bus, Real time, Static analysis
• Functional Description:
  CertiCAN is a tool, produced using the Coq proof assistant, allowing the formal certification of the correctness of CAN bus analysis results. Result certification is a process that is light-weight and flexible compared to tool certification, which makes it a practical choice for industrial purposes. The analysis underlying CertiCAN, which is based on a combined use of two well-known CAN analysis techniques, is computationally efficient. Experiments demonstrate that CertiCAN is able to certify the results of RTaW-Pegase, an industrial CAN analysis tool, even for large systems. Furthermore, CertiCAN can certify the results of any other RTA tool for the same analysis and system model (periodic tasks with offsets in transactions).
• URL:
  https://­team.­inria.­fr/­spades/­certican/
• Authors:
  Xiaojie Guo, Pascal Fradet, Sophie Quinton
• Contact:
  Xiaojie Guo

6.1.2 cloudnet

• Name:
  Cloudnet
• Keywords:
  Cloud configuration, Tosca, Docker Compose, Heat Orchestration Template, Alloy
• Scientific Description:

  The multiplication of models, languages, APIs and tools for cloud and network configuration management raises heterogeneity issues that can be tackled by introducing a reference model. A reference model provides a common basis for interpretation for various models and languages, and for bridging different APIs and tools. The Cloudnet Computational Model formally specifies, in the Alloy specification language, a reference model for cloud configuration management. The Cloudnet software formally interprets several configuration languages in it, including the TOSCA configuration language, the OpenStack Heat Orchestration Template and the Docker Compose configuration language.

  The use of the software shoes, for examples, how the Alloy formalization allowed us to discover several classes of errors in the OpenStack HOT specification.

• Functional Description:

  Application of the Cloudnet model developed by Inria to software network deployment and reconfiguration description languages.

  The Cloudnet model allows syntax and type checking for cloud configuration templates as well as their visualization (network diagram, UML deployment diagram). Three languages are addressed for the moment with the modules:

  * Cloudnet TOSCA toolbox for TOSCA inncluding NFV description * cloudnet-hot for HOT (Heat Orchestration Template) from OpenStack * cloudnet-compose for Docker Compose

  We can use directly the software from an Orange web portal: https://toscatoolbox.orange.com

• URL:
  https://­github.­com/­Orange-OpenSource/­Cloudnet-TOSCA-toolbox
• Publication:
  hal-02940938v1
• Contact:
  Philippe Merle
• Participants:
  Philippe Merle, Jean-Bernard Stefani, Roger Pissard-Gibollet, Souha Ben Rayana, Karine Guillouard, Meryem Ouzzif, Frédéric Klamm, Jean-Luc Coulin
• Partner:
  Orange Labs

7.1.1 Dynamicity in dataflow models

Dataflow Models of Computation (MoCs) are widely used in embeddedsystems, including multimedia processing, digital signal processing, telecommunications, and automatic control. One of the first and most popular dataflow MoCs, Synchronous Dataflow (SDF), provides static analyses to guarantee boundedness and liveness, which are key properties for embedded systems. However, SDF and most of its variants lacks the capability to express the dynamism needed by modern streaming applications.

For many years, the Spades team has been working on more expressive and dynamic models that nevertheless allow static analyses for boundedness and liveness. We have proposed several parametric dataflow models of computation (MoCs) (SPDF  35 and BPDF  27), we have written a survey providing a comprehensive description of the existing parametric dataflow MoCs  30, and we have studied symbolic analyses of dataflow graphs  31. We have proposed an original method to deal with lossy communication channels in dataflow graphs  34.

More recently, we have studied models allowing dynamic reconfigurations of the topology of the dataflow graphs. This is required by many modern streaming applications that have a strong need for reconfigurability, for instance to accommodate changes in the input data, the control objectives, or the environment. We have proposed a new MoC called Reconfigurable Dataflow (RDF) 3. RDF extends SDF with transformation rules that specify how the topology and actors of the graph may be reconfigured. Starting from an initial RDF graph and a set of transformation rules, an arbitrary number of new RDF graphs can be generated at runtime. The major feature and advantage of RDF is that it can be statically analyzed to guarantee that all possible graphs generated at runtime will be connected, consistent, and live. To the best of our knowledge, RDF is the only dataflow MoC allowing an arbitrary number of topological reconfigurations while remaining statically analyzable.

We have also worked on a practical way to integrate statically parameterized SDF graphs into the PREESM tool 18. While this work does not provide a theoretical analysis of the evolution of the graph according to the parameters as in SPDF, it supports a wider range of parameterized expressions including complex mathematic operations. On the few tested applications, we have shown that a mere design-space exploration on a subset of all possible parameter configurations was providing reasonable approximations of the impact of each parameter on throughput, latency and energy.

Up to now, the main application domain of dataflow models has been streaming multimedia applications but they also seem particularly well suited to the efficient implementation of neural networks. We have started an exploratory action (see Section 9.2) to study the potential of dataflow MoCs for the implementation of neural networks. We expect advances in the form of a better time efficiency and a lower memory and energy consumption.

We are currently working on the reduction of the memory footprint of tasks graphs scheduled on unicore processors. This is motivated by the fact that some recent neural networks such as GPT-3, seen as tasks graphs, use too much memory and cannot fit on a single GPU. Using several exact and heuristic techniques, we are able to produce schedules that minimize the memory requirement of a sequential dataflow application, and therefore tasks graphs as well. Another technique used by memory greedy neural networks is activity and gradient checkpointing (a.k.a. rematerialization) which recompute intermediate values rather than keeping them in memory. We are now studying rematerialization in the more general dataflow context.

7.2.1 A Markov Decision Process approach for energy minimization policies

In 2022, we have completed our work on a very general model of real-time systems, made of a single-core processor equipped with DVFS and an infinite sequence of preemptive real-time jobs. Each job $J_i$ is characterized by the triplet $({\tau }_i,w_i,d_i)$, where ${\tau }_i$ is the inter-arrival time between $J_i$ and $J_{i-1}$, $w_i$ is the actual size of $J_i$, upper-bounded by the maximal size $W$, and $d_i$ is the relative deadline of $J_i$, upper-bounded by $\Delta$. The key point is that the system is non-clairvoyant, meaning that, at release time, $w_i$ is not known until the job $J_i$ actually terminates. What is available to the processor are the statistical information on the jobs' characteristics: release time, AET, and relative deadline. In this context, we have proposed a Markov Decision Process (MDP) solution to compute the optimal online speed policy guaranteeing that each job completes before its deadline and minimizing the energy consumption. To the best of our knowledge, our MDP solution is the first to be optimal. We have also provided counter examples to prove that the two previous state of the art algorithms, namely OA  56 and PACE  47, are both sub-optimal. Finally, we have proposed a new heuristic online speed policy called Expected Load (EL) that incorporates an aggregated term representing the future expected jobs into a speed equation similar to that of OA. A journal paper is currently under review.

Simulations show that our MDP solution outperforms the existing online solutions (OA, PACE, and EL), and can be very attractive in particular when the mean value of the execution time distribution is far from the WCET.

This was the topic of Stephan Plassart's PhD  5237, 39, 38, funded by the Caserm Persyval project, who defended his PhD in June 2020.

7.2.2 Formal proofs for schedulability analysis of real-time systems

We contribute to Prosa 23, a Coq library of reusable concepts and proofs for real-time systems analysis. A key scientific challenge is to achieve a modular structure of proofs, e.g., for response time analysis. Our goal is to use this library for:

1. the formal specification of real-time concepts;
2. a better understanding of the role played by some assumptions in existing proofs;
3. a formal verification and comparison of different analysis techniques; and

4. the certification of (results of) existing analysis techniques or tools.

In the recent past, we have developed CertiCAN, a tool produced using the Coq proof assistant, allowing the formal certification of CAN bus analysis results. CertiCAN is able to certify the results of industrial CAN analysis tools, even for large systems. We have described this work in a long journal article to appear 11.

We have completed our work on a formal connection between Network Calculus (NC) and Response Time Analysis (RTA) 19. This enables specialists of both formalisms to get increased confidence in their models (or to discover errors, as has happened). The presented mathematical results are all mechanically checked with the interactive theorem prover Coq, building on existing formalizations of RTA (namely Prosa) and NC (namely NCCoq). Establishing such a link between NC and RTA paves the way for improved real-time analyses obtained by combining both theories to enjoy their respective strengths (e.g., multicore analyses for RTA or clock drifts for NC).

The work on the formalization in Prosa of Compositional Performance Analysis is still ongoing.

7.3.1 Causal Explanations for Embedded Systems

Model-Based Diagnosis of discrete event systems (DES) usually aims at detecting failures and isolating faulty event occurrences based on a behavioural model of the system and an observable execution log. The strength of a diagnostic process is to determine what happened that is consistent with the observations. In order to go a step further and explain why the observed outcome occurred, we borrow techniques from causal analysis. We are currently exploring techniques that are able to extract, from an execution trace, the causally relevant part for a property violation.

In particular, as part of the SEC project, we are investigating how such techniques can be extended to classes of hybrid systems. As a first result we have studied the problem of explaining faults in real-time systems 48. We have provided a formal definition of causal explanations on dense-time models, based on the well-studied formalisms of timed automata and zone-based abstractions. We have proposed a symbolic formalization to effectively construct such explanations, which we have implemented in a prototype tool. Basically, our explanations identify the parts of a run that move the system closer to the violation of an expected safety property, where safe alternative moves would have been possible.

We have recently generalized the work of 48 and defined robustness functions as a family of mappings from system states to a scalar that, intuitively, associate with each state its distance to the violation of a given safety requirement, e.g., in terms of the remaining number of bad system moves or of the time remaining to react. An explanation then summarizes the portions of the execution on which robustness decreases. However, as our instantiation of robustness in 48 is defined on a discrete abstraction, robustness may decrease in discrete steps once some timing threshold is crossed, thus exonerating the preceding absence of action. We are currently working on a truly hybrid definition of robustness functions that “anticipate” such thresholds, hence ensuring a smooth decrease indicating early when a dangerous event is approaching.

7.3.2 Causal Explanations in Concurrent Programs

As part of the DCore project on causal debugging of concurrent programs, the goal of Aurélie Kong Win Chang's PhD thesis is to investigate the use of abstractions to construct causal explanations for Erlang programs. We are interested in developing abstractions that "compose well" with causal analyses, and understanding precisely how explanations found on the abstraction relate to explanations on the concrete system. It is worth noting that the presence of abstraction, which inherently comes with some induction and extrapolation processes, completely recasts the issue of reasoning about causality. Causal traces do no longer describe only potential scenarios in the concrete semantics, but also mix some approximation steps coming from the computation of the abstraction itself. Therefore, not all explanations are replayable counter-examples: they may contain some steps witnessing some lack of accuracy in the analysis. Vice versa, a research question to be addressed is how to define causal analyses that have a well understood behavior under abstraction.

We are currently working on a formalization of an abstract Erlang semantics that allows for a finite abstraction while still accounting for the exchanges of messages and signals between processes.

7.3.3 Reversibility for concurrent and distributed debugging

Concurrent and distributed debugging is a promising application of the notion of reversible computation 40. As part of the ANR DCore project, we have contributed to the theory behind, and the development of the CauDEr reversible debugger for the Erlang programming language. In 14, we have shown how to automate using the Maude rewriting logic environment the generation of a reversible semantics for a concurrent program such as Erlang, in effect implementing in Maude the theory developped by Lanese and Medic 45. In the same paper we have also shown how to automatically generate the semantics of the imperative rollback primitive which is at the core of the CauDEr debugger. In 15, we have extended the reversible semantics of Erlanf and CauDEr to take into account of imperative constructs in Erlang allowing Erlang processes to access a shared map of process names and process identifiers. This is an first instance of dealing with reversibility in presence of a form of shared memory.

We have also started this year two novel threads of activity: studying reversibility for distributed programs and studying reversibilty for concurrent programs based on shared memory. For the time being we only have preliminary results on these two threads. On the first one, we have devised a small distributed process calculus featuring located processes with location and link failures with recovery and are currently working on its behavioral theory. This small calculus is intended as a reasonably faithful abstraction of the behavior of Erlang systems in presence of node and link failures. On the second thread, we have introduced a modular operational framework for the definition of shared memory concurrency models, and shown that we can capture in our framework several forms of weak memory models, including models of transactional memory.

9.1.1 ANR

9.1.2 Défi Inria

DF4DL

Participants: Pascal Fradet, Alain Girault, Alexandre Honorat.

The DF4DL action is funded by Inria's DGDS. It aims at exploring the use of the dataflow model of computation to better program deep neural networks, in particular a variant called dynamic neural networks. As a first step, we have studied the problem of minimizing the peak memory requirement for the execution of a dataflow graph. This is of paramount importance for deep neural networks since the largest ones cannot fit on a single core due to their very high memory requirement. It happens that this was an open problem since 1995  53, and the new algorithms we proposed in 2022 have allowed us to significantly lower the memory peak as well as the compute time required to find it. For instance, we managed to lower the optimal memory peak of the satellite benchmark in  53 from 1.920 units (obtained after 4 days of compute time) to 1.680 units (obtained after 10 milliseconds).

10.1.1 Scientific events: organisation

• Sophie Quinton co-organized a workshop (journée d'étude) on the connection between digital commons and the ecological transition.
• Sophie Quinton co-organized a panel at the Archipel conference on the relevance (or lack thereof) of using science and technologies for sustainability.

10.1.2 Scientific events: selection

10.1.3 Journal

10.1.4 Invited talks

• Martin Bodin gave an invited talk about Coq at the Séminaire de l’IREM de Grenoble.
• Sophie Quinton gave a keynote on ICT and sustainability at the 2nd Inria-DFKI European Summer School on AI (IDESSAI 2022).

10.1.5 Leadership within the scientific community

• Sophie Quinton was a member of the ECRTS Executive Committee until September 2022. She is now a member of the ECRTS Advisory Board.
• Sophie Quinton co-chairs a working group of the GDR CIS associated with the Center for Internet and Society focused on environmental issues.

10.1.6 Research administration

• Pascal Fradet is head of the committee for doctoral studies (“Responsable du comité des études doctorales”) of the Inria Grenoble research center. He is the local correspondent for the young researchers Inria mission (“Mission jeunes chercheurs”) and the substitute of the director of the Inria Grenoble research center at the doctoral school council (MSTII).
• Alain Girault is Deputy Scientific Director for the domain “Algorithmics, Programming, Software and Architecture” (since 2019).
• Alain Girault is Scientific Manager of the Cyber-Physical Systems axis of the labex Persyval-Lab.
• Gregor Gössler is member of the commission of scientific jobs of the Inria Grenoble research center.
• Sophie Quinton leads the SEnS-GRA group which hosts discussions and proposes actions regarding the environmental and societal impact of our research at Inria Grenoble Rhône-Alpes.
• Sophie Quinton was a member of the CRCN hiring committee in Grenoble.

10.2.1 Teaching

• Licence : Pascal Fradet, Théorie des Langages 1, 18 HeqTD, niveau L3, Grenoble INP (Ensimag), France
• Licence : Pascal Fradet, Modèles de Calcul : $\lambda$-calcul, 12 HeqTD, niveau L3, Univ. Grenoble Alpes, France
• Licence : Xavier Nicollin, Théorie des Langages 1, 40,5 HeqTD, niveau L3. Grenoble INP (Ensimag), France
• Licence : Xavier Nicollin, Théorie des Langages 2, 37,5 HeqTD, niveau L3, Grenoble INP (Ensimag), France
• Licence : Xavier Nicollin, Modèles de Calcul : Machines de Turing, 30 HeqTD, niveau L3, Univ. Grenoble Alpes, France
• Master : Xavier Nicollin, Analyse de Code pour la Sûreté et la Sécurité, 45 HeqTD, niveau M1, Grenoble INP (Ensimag), France
• Master : Xavier Nicollin, Algorithimque et Optimisation Discrète, 18 HeqTD, niveau M1, Grenoble INP (Ensimag), France
• Master : Xavier Nicollin, Fondements Logiques pour l'Informatique, 19,5 HeqTD, niveau M1, Grenoble INP (Ensimag), France
• Licence : Martin Bodin, Modèles de Calcul : $\lambda$-calcul, 12 HeqTD, niveau L3, Univ. Grenoble Alpes, France
• Licence : Martin Bodin, Projet Génie logiciel, 55 HeqTD, niveau M1, Grenoble INP (Ensimag), France
• Master: Jean-Bernard Stefani, Formal Aspects of Component Software, 9h, MOSIG, Univ. Grenoble Alpes, France.
• École doctorale: Sophie Quinton gave a 3h course "Sciences, environnements, sociétés" at the MSTII doctoral school.
• Sophie Quinton gave an introduction to the environmental impact of ICT and participated in the associated panel as part of a lecture in the "Entangled futures" course at the University of the Arts London.

10.2.2 Supervision

• Gregor Gössler: PhD in progress: Thomas Mari, “Construction of Safe Explainable Cyber-physical systems”; Grenoble INP; since October 2019; co-advised by Gregor Gössler and Thao Dang.
• Gregor Gössler: PhD in progress: Aurélie Kong Win Chang, "Abstractions for causal analysis and explanations in concurrent programs"; since January 2021; co-advised by Gregor Gössler and Jérôme Feret.
• Sophie Quinton and Alain Girault: PhD in progress: Aina Rasoldier, ICT in the Anthropocene: Technical and social challenges at the local scale.
• Sophie Quinton: PhD completed: Leonie Köhler "A Compositional Performance Analysis for Embedded Computing Systems with Weakly-Hard Real-Time Constraints", TU Braunschweig; defended in January 2022; co-advized with Rolf Ernst.
• Martin Bodin: intership student: Jean Abou-Samra, “Hiérarchies de monades”.
• Jean-Bernard Stefani: PhD in progress: Giovanni Fabbretti, "Reversibility in distributed systems with crash faults and recovery", UGA.
• Jean-Bernard Stefani: PhD in progress: Pietro Lami, "Reversibility in concurrent systems with shared memory", co-advised with Ivan Lanese (U. Bologne), UGA.

10.2.3 Juries

• Sophie Quinton was a member of the PhD committee of Lucien Rakotomalala, "Preuve Formelle en calcul réseau", defended in February 2022 (Université de Toulouse).
• Martin Bodin was a member of the PhD committee of Julien Braine, “The Data-abstraction Framework : abstracting unbounded data-structures in Horn clauses, the case of arrays”, defended in May 2022 (ENS Lyon).
• Jean-Bernard Stefani was a rapporteur on the PhD of Louis Noizet, "Necro, la sémantique sans y laisser les os", defended in September 2022 (U. Rennes).

10.3.1 Articles and contents

• Sophie Quinton co-authored an article entitled "The crisis of the scientific mind : an investigation, a tragedy and a collective redistribution of roles" 13 in connection with the Ateliers SEnS.

10.3.2 Interventions

• Sophie Quinton presented the Ateliers SEnS at a panel at the conference "En route pour la sobriété numérique ?" in Geneva.
• Sophie Quinton gave a talk about the challenges of developing a "responsible ICT" approach at a Planet Tech'Care workshop and participated in a panel on the environmental impact of ICT at EPFL.
• Sophie Quinton attended a "Forum des métiers" organized by the Lycée du Grésivaudan.
• Martin Bodin and Alain Girault participated in the MathC2+ event.
• Martin Bodin gave a talk at the Séminaire sport-étude de l’ENS Lyon.

International journals

• 10 articleP.Pascal Fradet, A.Alain Girault, R.Ruby Krishnaswamy, X.Xavier Nicollin and A.Arash Shafiei. RDF: A Reconfigurable Dataflow Model of Computation.ACM Transactions on Embedded Computing Systems (TECS)December 2022
  HALDOI
• 11 articleP.Pascal Fradet, X.Xiaojie Guo and S.Sophie Quinton. CertiCAN : Certifying CAN Analyses and Their Results.Real-Time SystemsDecember 2022
  HALback to text
• 12 articleM.Matthieu Perrin, A.Achour Mostefaoui, G.Grégoire Bonin and L.Ludmila Courtillat-Piazza. Extending the Wait-free Hierarchy to Multi-Threaded Systems.Distributed Computing35August 2022, 375–398
  HALDOI
• 13 articleE.Eric Tannier, V.Vincent Daubin and S.Sophie Quinton. The crisis of the scientific mind : an investigation, a tragedy and a collective redistribution of roles.Les Cahiers de Framespa : e-Storia40June 2022
  HALDOIback to text

International peer-reviewed conferences

• 14 inproceedingsG.Giovanni Fabbretti, I.Ivan Lanese and J.-B.Jean-Bernard Stefani. Generation of a Reversible Semantics for Erlang in Maude.Formal Methods and Software Engineering : 23rd International Conference on Formal Engineering Methods, ICFEM 2022, Madrid, Spain, October 24–27, 2022, ProceedingsICFEM 2022 - 23rd International Conference on Formal Engineering MethodsLNCS13478Lecture Notes in Computer Science.Madrid, SpainSpringer International PublishingOctober 2022, 106-122
  HALDOIback to text
• 15 inproceedingsP.Pietro Lami, I.Ivan Lanese, J.-B.Jean-Bernard Stefani, C.Claudio Sacerdoti Coen and G.Giovanni Fabbretti. Reversibility in Erlang: Imperative Constructs.Reversible Computation : 14th International Conference, RC 2022, Urbino, Italy, July 5–6, 2022, ProceedingsRC 2022 - 14th International Conference on Reversible ComputationLNCS-13354Lecture Notes in Computer ScienceUrbino, ItalySpringer International PublishingJune 2022, 187-203
  HALDOIback to text
• 16 inproceedings A.Aina Rasoldier, J.Jacques Combaz, A.Alain Girault, K.Kevin Marquet and S.Sophie Quinton. How realistic are claims about the benefits of using digital technologies for GHG emissions mitigation? LIMITS 2022 - Eighth Workshop on Computing within Limits Virtual, France June 2022
  HAL

National peer-reviewed Conferences

• 17 inproceedingsJ.Jean Abou-Samra, Y.Yannick Zakowski and M.Martin Bodin. Effectful Programming across Heterogeneous Computations -Work in Progress.Journées Francophones des Langages ApplicatifsJFLA 2023 - 34èmes Journées Francophones des Langages ApplicatifsPraz-sur-Arly, FranceJanuary 2023, 7-23
  HAL

Conferences without proceedings

• 18 inproceedingsA.Alexandre Honorat, T.Thomas Bourgoin, H.Hugo Miomandre, K.Karol Desnos, D.Daniel Menard and J.-F.Jean-François Nezan. Influence of Dataflow Graph Moldable Parameters on Optimization Criteria.DASIP 2022 - Workshop on Design and Architectures for Signal and Image Processing13425Lecture Notes in Computer ScienceBudapest, HungarySpringer International PublishingJune 2022, 83-95
  HALDOIback to text
• 19 inproceedingsP.Pierre Roux, S.Sophie Quinton and M.Marc Boyer. A Formal Link Between Response Time Analysis and Network Calculus.ECRTS 2022 - 34th Euromicro Conference on Real-Time SystemsModene, ItalyJuly 2022
  HALDOIback to text

Reports & preprints

• 20 reportP.Philippe Ciblat, J.Jacques Combaz, M.Marceau Coupechoux, K.Kevin Marquet and A.-C.Anne-Cécile Orgerie. Impacts environnementaux de la 5G: Partie 1 : La technologie 5G.EcoInfoOctober 2022, 1-12
  HAL
• 21 reportG.Giovanni Fabbretti, I.Ivan Lanese and J.-B.Jean-Bernard Stefani. Generation of a reversible semantics for Erlang in Maude.RR-9468Inria - Research Centre Grenoble – Rhône-AlpesApril 2022, 1-22
  HAL
• 22 reportP.Pietro Lami, I.Ivan Lanese, J.-B.Jean-Bernard Stefani, C.Claudio Sacerdoti Coen and G.Giovanni Fabbretti. Reversibility in Erlang: Imperative Constructs -Technical Report.Inria - Research Centre Grenoble – Rhône-AlpesJuly 2022, 1-28
  HAL