Papers by Frederic Mallet

Embedded systems are very difficult to design and debug because of the limited access to the devi... more Embedded systems are very difficult to design and debug because of the limited access to the device itself. Therefore, debugging usually requires to instrument the code so as to produce execution traces that are then monitored from a base station. Such an intrusive method has a direct impact on performances. In case of multiple interacting embedded targets the problem is even more severe and is not limited to computations but also spreads to communications. To reduce the communication overhead, we propose an approach in which unsynchronized traces from several targets are reconciled a posteriori. Since each target has its own time base without a built-in clock synchronization protocol, our approach requires a multi-clock reconciliation specification. This paper describes our modelbased proposal developed during the ANR project RT-Simex. The different steps of the reconciliation are illustrated on a simple case-study used in the project, a terrestrial robot controlled in position.

The UML goal of being a general-purpose modeling language discards the possibility to adopt too p... more The UML goal of being a general-purpose modeling language discards the possibility to adopt too precise and strict a semantics. Users are to refine or define the semantics in their domain specific profiles. In the UML Profile for MARTE, we devised a broadly expressive Time Model to provide a generic timed interpretation for UML models. Our clock constraint specification language supports the specification of systems with multiple clock domains. Starting with a priori independent clocks, we progressively constrain them to get a family of possible executions. Our language supports both synchronous and asynchronous constraints, just like the synchronous language Signal, but also allows explicit non determinism. In this paper, we give a formal semantics to a core subset of MARTE clock constraint language and we give an equivalent interpretation of this kernel in two other very different formal languages, Signal and Time Petri nets.

IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems
The hybrid architecture analysis and design language (AADL) has been proposed to model the intera... more The hybrid architecture analysis and design language (AADL) has been proposed to model the interactions between embedded control systems and continuous physical environment. However, the worst-case performance analysis of hybrid AADL designs often leads to overly pessimistic estimations, and is not suitable for accurate reasoning about overall system performance, in particular when the system closely interacts with an uncertain external environment. To address this challenge, this paper proposes a statistical model checking-based framework that can perform quantitative evaluation of uncertainty-aware hybrid AADL designs against various performance queries. Our approach extends hybrid AADL to support the modeling of environment uncertainties. Furthermore, we propose a set of transformation rules that can automatically translate AADL designs together with designers' requirements into networks of priced timed automata and performance queries, respectively. Comprehensive experimental results on the movement authority scenario of Chinese train control system level 3 demonstrate the effectiveness of our approach. Index Terms-Hybrid architecture analysis and design language (AADL), quantitative performance evaluation, statistical model checking (SMC), uncertainty. I. INTRODUCTION T O PROMPTLY and accurately sense and control the physical world, more and more real-time embedded systems are deployed into our surrounding environment. As a result, the stringent safety-critical requirements coupled with increasing interactions with uncertain physical environments make the design complexity of cyber-physical systems (CPS) skyrocketing [1], [2]. Unfortunately, due to the lack

Building a UML prole entails dening concepts required to cover a specic domain, and then, using s... more Building a UML prole entails dening concepts required to cover a specic domain, and then, using stereotypes to map domain concepts onto UML meta-classes. Capture of domain concepts with an object-oriented language (like UML) may be inappropriate, and may impede the mapping, where more than two modeling levels are required. Use of only classes and objects may introduce accidental complexity into the domain model if other modeling levels (e.g., meta-type level) are necessary. In such situations, a multi-level paradigm with deep characterization and deep instantiation is recommended to reduce complexity. However, this paradigm deserves to be further explored, and its value for denition of UML proles assessed. We therefore propose a solution to put in practice the multi-level paradigm within a standard UML 2.x tool. Our solution involves a semi-automatic process that transforms a model annotated with multi-level characteristics into a prole-based implementation. Such automation lessens the gap between domain model and implementation and ensures consistency. As an example, we have taken an excerpt from the MARTE time prole. We then describe the new design opportunities inherent in our process and show how this process facilitates both domain specication and prole denition.
Lazy Parallel Synchronous Composition of Infinite Transition Systems
The emerging OMG UML Profile for Modeling and Analysis of Real-Time Embedded systems (MARTE) aims... more The emerging OMG UML Profile for Modeling and Analysis of Real-Time Embedded systems (MARTE) aims, amongst other things, at providing a referential Time Model subprofile where semantic issues can be explicitly and formally described. As a full-size exercise we deal here with the modeling of immediate and delayed data communications in AADL. This actually reflects an important issue in RT/E model semantics: a propagation of immediate communications may result in a combinatorial loop, with ill-defined behavior; introduction of delays may introduce races, which have to be controlled. We describe here the abilities of the MARTE time model in this respect.
UML Profile for MARTE: Time Model and CCSL

Power is an important concern in embedded systems. Reduction of power consumption is achieved by ... more Power is an important concern in embedded systems. Reduction of power consumption is achieved by balancing the control of multiple domains: switching power, reducing or increasing voltage and changing the frequency on system sections. Model-Driven Engineering gives tools to model the interactions of these domains. In this work, we propose to use MARTE combined to UPF concepts to capture the structure and behavior of these multiple domains. We adopt CCSL to unify the multiform aspects among domains and to verify their proper interaction. We provide an example to illustrate MARTE representation and a simulation of multi-domain power design, specified on CCSL and running on TIMESQUARE. RSUM. La puissance est une caractéristique importante qu'il est nécessaire de prendre en compte lors de la conception de systèmes embarqués. La réduction de consommation de puissance est réalisée en jouant sur le contrôle de plusieurs domaines: en commutant l'alimentation de certains composants du système, en réduisant ou en augmentant leur tension et en changeant leur fréquence. L'ingénierie dirigée par les modèles donne des outils pour modéliser les interactions entre ces domaines. Dans ce travail, nous proposons d'utiliser MARTE combiné aux concepts de UPF pour capturer la structure et le comportement de ces multiples domaines. Nous utilisons CCSL pour unifier les aspects multiformes entre ces domaines et pour vérifier la correction de l'interaction. Nous fournissons un exemple illustrant la représentation MARTE des différents aspects du système. À partir de cet exemple, nous modélisons les intéractions entre les différentes vues en CCSL. La modélisation en CCSL permet, grâce à l'outil TIMESQUARE , de fournir une simulation de la conception de puissance multi-domaine.
IP-XACT components with abstract time characterization
2009 Forum on Specification Design Languages, 2009
Page 1. IP-XACT components with Abstract Time Characterization Aamir Mehmood Khan∗, Frédéric Mall... more Page 1. IP-XACT components with Abstract Time Characterization Aamir Mehmood Khan∗, Frédéric Mallet∗, Charles André∗, Robert de Simone∗ Aoste Project, I3S/INRIA Université de Nice-Sophia Antipolis, France. INRIA ...
Enhancements to Object-Oriented Electronic Circuit Design Modeling and Simulation Environment
Marte, le nouveau standard UML pour les systèmes temps réel embarqués
Electronique, 2008
Comparaison des traitements à l'entrée et à la sortie des patients hospitalisés dans un service de médecine interne gériatrique Hopital Xavier Arnozan Groupe Sud, C. H. U. Bordeaux
Http Www Theses Fr, 1994

Proceedings of the 12th European Simulation Multiconference on Simulation Past Present and Future, Jun 16, 1998
In order to reduce the cost, the time-to-market and to make the most pertinent choices, it become... more In order to reduce the cost, the time-to-market and to make the most pertinent choices, it becomes essential to allow designers to evaluate, very soon in the design phase, a given application performances with respect to the targetted architecture. So, we have decided to build a modelling and simulation environnement in order to evaluate digital hardware architecture performances. We considered the requisite number of cycles for processing a given application with a simple model of the architecture. In this project, we need to increase the reusability with an adjustable abstraction level. So, we decided to use object-orientation concepts to build our environnement. Then, reusing already designed components, designers will be able to build models with a level of abstraction which fit theirs goals. So, our main objective and the greatest part of out work was to define a generic object-oriented model of digital architectures. This paper mainly consists in the explanation of this model which is designed to help us to implement a visual modelling and simulation environnement.

Inria, 2009
The UML Profile for Modeling and Analysis of Real-Time and Embedded (RTE) systems has recently be... more The UML Profile for Modeling and Analysis of Real-Time and Embedded (RTE) systems has recently been adopted by the OMG. Its Time Model extends the informal and simplistic Simple Time package proposed by UML2 and offers a broad range of capabilities required to model RTE systems including both discrete/dense and chronometric/logical time. MARTE OMG specification introduces a Time Structure inspired from Time models of the concurrency theory and proposes a new clock constraint specification language (CCSL) to specify, within the context of UML, logical and chronometric time constraints. This paper introduces the formal semantics of CCSL clock constraints and proposes a process to use CCSL both as a high-level specification language for UML models and as a golden model to verify the conformance of implementations. A digital filtering video application is used as a running example to support the discussion. The application is first formally specified with CCSL and the specification is refined based on feedback from the CCSL-dedicated simulator. In a second phase, an Esterel program of the application is considered. This program is instrumented with observers derived from the CCSL specification. Esterel Studio formal verification facilities are then used to check the conformity of the Esterel implementation with the CCSL specification. A specific library of Esterel observers has been built for this purpose.
This paper presents the different steps of a methodology for modeling real-time requirements and ... more This paper presents the different steps of a methodology for modeling real-time requirements and ensuring their validation and their traceability over a design flow for embedded system design. A specific metamodel for temporal constraints modeling is proposed that covers the needs for traceability and timing analysis issues. The timing architecture modeling, based on the conjoint use of the EAST-ADL2 and MARTE allows a precise semantics of timing annotations and establishes the link with validation models.

2015 ACM/IEEE 18th International Conference on Model Driven Engineering Languages and Systems (MODELS), 2015
The design of complex systems involves various, possibly heterogeneous, structural and behavioral... more The design of complex systems involves various, possibly heterogeneous, structural and behavioral models. In modeldriven engineering, the coordination of behavioral models to produce a single integrated model is necessary to provide support for validation and verification. Indeed, it allows system designers to understand and validate the global and emerging behavior of the system. However, the manual coordination of models is tedious and error-prone, and current approaches to automate the coordination are bound to a fixed set of coordination patterns. In this paper, we propose a Behavioral Coordination Operator Language (B-COOL) to reify coordination patterns between specific domains by using coordination operators between the Domain-Specific Modeling Languages used in these domains. Those operators are then used to automate the coordination of models conforming to these languages. We illustrate the use of B-COOL with the definition of coordination operators between timed finite state machines and activity diagrams.

La modélisation des systèmes répartis et des systèmes électroniques modernes nécessite des référe... more La modélisation des systèmes répartis et des systèmes électroniques modernes nécessite des référentiels temporels multiples. Nous désignons ces systèmes sous le nom de "systèmes polychrones". Le profil UML pour les systèmes temps réel et embarqués (MARTE) permet leur modélisation ainsi que la spécification de contraintes temporelles avec CCSL (Clock Constraint Specification Language). Dans MARTE, CCSL est non normatif et sa sémantique est informelle. Nous proposons ici une sémantique formelle en termes d'évolutions d'un "Time System" pour un noyau de CCSL. Un "Time System" est un modèle dynamique qui associe un ensemble de configurations à un modèle structurel constitué d'un ensemble d'horloges discrètes et de relations sur ces horloges. Les Time Systems sont comparés à d'autres modèles de causalités asynchrones, synchrones et polychrones. CCSL et sa mise en oeuvre sont illustrés sur un exemple de contrôleur d'ABS. ABSTRACT. "Polychronous systems" are systems referring to multiple, usually interdependent, time bases. The UML profile for real-time and embedded system (MARTE) can deal with such systems, and the Clock Constraint Specification Language (CCSL), part of MARTE, can be used to specify temporal constraints. In MARTE, the semantics of CCSL is informal. In this paper, we propose a formal semantics of a kernel of CCSL, in terms of "Time System" evolutions. A Time System is a dynamic model which associates a set of configurations with a structural model made of discrete clocks and relationships among these clocks. Time Systems are compared to other existing causality models. An ABS controller illustrates the use of CCSL. MOTS-CLÉS : modèle de temps, contraintes temporelles, parallélisme, polychronie
Logical time @ work: the RT-Simex project
33rd Annual Frontiers in Education, 2003. FIE 2003., 2000
Visualisation of the activities which occur inside a computer is an important aspect of computer ... more Visualisation of the activities which occur inside a computer is an important aspect of computer architecture education. At the University of Edinburgh we are using a Hierarchical Computer Architecture design and Simulation Environment (HASE) to build a number of architectural models for use in research and teaching. A new facility within HASE, JavaHASE, allows models to be translated into applets which can be accessed via the WWW. JavaHASE applets are programmable simulation models in which the code and data memory contents can be altered, the simulation rerun in the applet and the results used to visualise the activities taking place within the model (data movements, state changes, register/memory content changes, etc). These applets are being used in various ways in teaching.
Modèles de temps de MARTE et CCSL
Genie Logiciel, 2009
Uploads
Papers by Frederic Mallet