Verified Code Generation for Embedded Systems

AbstractSystem adaptivity is increasingly demanded in high-performance embedded systems, particularly in multimedia system-on-chip (SoC), owing to growing quality-of-service requirements. This paper presents a reactive control model that has been introduced in Gaspard, our framework dedicated to SoC hardware/software co-design. This model aims at expressing adaptivity as well as reconfigurability in systems performing data-intensive computations. It is generic enough to be used for description in the different parts of an embedded system, for example, specification of how different data-intensive algorithms can be chosen according to some computation modes at the functional level; and expression of how hardware components can be selected via the usage of a library of intellectual properties according to execution performances. The transformation of this model toward synchronous languages is also presented, in order to allow an automatic code generation usable for formal verification, based on techniques such as model checking and controller synthesis, as illustrated in the paper. This work, based on Model-Driven Engineering and the standard UML MARTE profile, has been implemented in Gaspard.

Download Full-text

Model driven code generation for critical and adaptative embedded systems

ACM SIGBED Review ◽

10.1145/1851340.1851352 ◽

2009 ◽

Vol 6 (3) ◽

pp. 1-5 ◽

Cited By ~ 3

Author(s):

Etienne Borde ◽

Peter H. Feiler ◽

Grégory Haïk ◽

Laurent Pautet

Keyword(s):

Embedded Systems ◽

Code Generation ◽

Model Driven

Download Full-text

Verified Lustre Normalization with Node Subsampling

ACM Transactions on Embedded Computing Systems ◽

10.1145/3477041 ◽

2021 ◽

Vol 20 (5s) ◽

pp. 1-25

Author(s):

Timothy Bourke ◽

Paul Jeanmaire ◽

Basile Pesin ◽

Marc Pouzet

Keyword(s):

Embedded Systems ◽

Code Generation ◽

Reactive Systems ◽

Type System ◽

Theorem Prover ◽

Correctness Proof ◽

Assembly Code ◽

Function Calls ◽

End To End ◽

Activation Conditions

Dataflow languages allow the specification of reactive systems by mutually recursive stream equations, functions, and boolean activation conditions called clocks. Lustre and Scade are dataflow languages for programming embedded systems. Dataflow programs are compiled by a succession of passes. This article focuses on the normalization pass which rewrites programs into the simpler form required for code generation. Vélus is a compiler from a normalized form of Lustre to CompCert’s Clight language. Its specification in the Coq interactive theorem prover includes an end-to-end correctness proof that the values prescribed by the dataflow semantics of source programs are produced by executions of generated assembly code. We describe how to extend Vélus with a normalization pass and to allow subsampled node inputs and outputs. We propose semantic definitions for the unrestricted language, divide normalization into three steps to facilitate proofs, adapt the clock type system to handle richer node definitions, and extend the end-to-end correctness theorem to incorporate the new features. The proofs require reasoning about the relation between static clock annotations and the presence and absence of values in the dynamic semantics. The generalization of node inputs requires adding a compiler pass to ensure the initialization of variables passed in function calls.

Download Full-text