Frédéric Mallet

• PhD., HDR
• Professor (Full) at Université Côte d'Azur

Dealing with the ever-growing complexity of railway systems requires scalable approaches for detecting inconsistent safety requirements in practice. Despite significant efforts to automate the requirements consistency detection, current inconsistency analysis techniques of railway safety requirements still suffer from scalability issues. This paper...

The polychronous or multi-clock paradigm is adequate to model large distributed systems where achieving a full timed synchronization is not only very costly, but also often not necessary. It concerns systems made of a set of components with loose synchronization constraints. We study an approach where those components are orchestrated using logical...

As a promising requirement-level specification language for timing behavior modeling, the Clock Constraint Specification Language (CCSL) has become popular in the model-driven design community for safety-critical embedded systems. However, due to the skyrocketing design complexity, in practice, it is hard for requirement engineers to accurately con...

Logical Clocks play an important role for the design and modelling of concurrent systems. The Clock Constraint Specification Language (ccsl) was built in 2009, as part of an annex of the UML Profile for MARTE, to give a proper syntax to handle logical clocks as first class citizens. The syntax gave rise to a series of different semantic interpretat...

Safety software engineers lack automatic interaction tools during Autonomous Vehicle development, which can help them check the correct-ness of safety rules, ensure the system's reliability in countless possible situations and its resistance to possible environmental conditions. In this paper, we discuss the benefits of the proposed approach to tac...

The synchronous paradigm has been very successful for the design of safety-critical reactive systems. There are many languages following the synchrony hypothesis to address rigorously systems with an inherently concurrent but fully determined behaviour. They come with a wide variety of verification tools including model-checkers SAT/SMT Solvers, te...

The level of autonomy of our vehicles is rapidly increasing. However, the acceptance of fully Autonomous Vehicles (AVs) depends on the confidence in their ability to operate safely in an uncontrolled environment. Hence, experts and nonexperts must have a rigorous method along with adequate tools that can support their exigencies and safety specific...

UML interactions, aka sequence diagrams, are frequently used by engineers to describe expected scenarios of good or bad behaviors of systems under design, as they provide allegedly a simple enough syntax to express a quite large variety of behaviors. This paper uses them to express safety requirements for safety critical systems in an incremental w...

The Clock Constraint Specification Language (CCSL) has been widely acknowledged as a promising system-level specification for the modeling and analysis of timing behaviors of real-time and embedded systems. However, along with the increasing complexity of modern systems coupled with strict time-to-market constraints, it becomes more and more diffic...

In this paper, a novel model related to the safety of autonomous vehicles (AVs) is presented. A simulation platform is designed to analyze the environment and the trajectory of AVs within a given Operational Design Domain (ODD). This platform relies on model-based systems and includes the environment model, safety rules and their priorities, and ex...

The Clock Constraint Specification Language (CCSL) is a clock-based specification language for real-time embedded systems. With logical clocks defined as first-class citizens, CCSL provides a natural way for describing clock constraints in synchronous systems — a classical model of concurrency for real-time embedded systems. In this paper, we propo...

The Clock Constraint Specification Language (CCSL) is a clock-based formalism for the specification and analysis of real-time embedded systems. The major goal of schedulability analysis of CCSL specifications is to solve the schedule problem, which is to answer ‘whether there exists a clock behaviour (also called a ‘schedule’) that conforms to a gi...

We present a method and a tool for the verification of causal and temporal properties for embedded systems. We analyze trace streams resulting from the execution of virtual prototypes that combine simulated hardware and embedded software. The main originality lies in the use of logical clocks to abstract away irrelevant information from the trace....

This book contains extended versions of the best papers presented at the 15th International Conference on Information and Communication Technologies in Education, Research, and Industrial Applications, ICTERI 2019, held in Kherson, Ukraine, in June 2019. The 19 revised full papers included in this volume were carefully reviewed and selected from 4...

Cyber-Physical Systems (CPSs) are built upon discrete software and hardware components, as well as continuous physical components. Such heterogeneous systems involve numerous domains with competencies and expertise that go far beyond traditional software engineering: systems engineering. In this paper, we explore a model-based approach for systems...

Synchronous languages, such as the recently proposed SCCharts language, have been designed for the rigorous specification of real-time systems. Their sound semantics, which build on an abstraction from physical execution time, make these languages appealing, in particular for safety-critical systems. However, they traditionally lack built-in suppor...

This book constitutes the refereed proceedings of the 7th International Workshop on Formal Techniques for Safety-Critical Systems, FTSCS 2019, held in Shenzhen, China, in November 2019. The 6 revised full papers presented were carefully reviewed and selected from 17 submissions. Additionally, the volume presents 1 invited paper, 1 tool paper, and...

This volume represents the proceedings of the Workshops co-located with the 15th International Conference on ICT in Education, Research, and Industrial Applications, held in Kherson, Ukraine, in June 2019. It comprises 82 contribut-ed papers that were carefully peer-reviewed and selected from 218 submissions for the five workshops: 3L-Person, CoSin...

This volume represents the proceedings of the Main Conference, with Posters track, of the 15th International Conference on ICT in Education, Research, and Industrial Applications, held in Kherson, Ukraine, in June 2019. It comprises 52 contributed papers that were carefully peer-reviewed and selected from 171 submissions. The volume is organized in...

The Clock Constraint Specification Language (CCSL) has been widely investigated in verifying causal and temporal timing behaviors of real-time embedded systems. However, due to limited expertise in formal modeling, it is difficult for requirement engineers to completely and accurately derive CCSL specifications from natural language-based design de...

The Clock Constraint Specification Language (CCSL) is a formalism for specifying logical-time constraints on events for the design of real-time embedded systems. A central verification problem of CCSL is to check whether events are schedulable under logical constraints. Although many efforts have been made addressing this problem, the problem is st...

The ever-increasing design complexity of embedded systems is constantly pressing the demand for more abstract design levels and possible methods for automatic verification and synthesis. Transforming a text-based user requirements document into semantically sound models is always difficult and error-prone as mostly these requirements are vague and...

The Clock Constraint Specification Language (CCSL) is a clock-based specification language for capturing causal and chronometric constraints between events in Real-Time Embedded Systems (RTESs). Due to the limitations of the existing verification approaches, CCSL lacks a full verification support for ‘unsafe CCSL specifications’ and a unified proof...

The Spatio-Temporal Consistency Language (STeC) is a high-level modeling language that deals natively with spatio-temporal behaviour, i.e., behaviour relating to certain locations and time. Such restriction by both locations and time is of first importance for some types of real-time systems. CCSL is a formal specification language based on logical...

Innovative services induced by blockchain technologies have social, economical, legal and technical impacts. For this reason, the project smart Internet of Things (IoT) for mobility has adopted a transdisciplinary scientific approach to investigate how blockchain technology would enhance confidence in IoT based services. More precisely, it focuses...

Cyber-Physical Systems (CPSs) are networks of heterogeneous embedded systems immersed within a physical environment, thus combining discrete and continuous processes. As for any complex systems, the global system behavior is difficult to predict, in an analytical way, from the individual behaviors of its parts. A global analysis can only be done th...

The UML profile for Modeling and Analysis of Real-Time and Embedded systems (MARTE) is used to design and analyze real-time and embedded systems. The Clock Constraint Specification Language (ccsl) is a companion language for MARTE. It introduces logical clocks as first class citizens as a way to formally specify the expected behavior of models, thu...

Cyber-Physical Systems (CPS) combine discrete computing elements together with physical devices in uncertain environment conditions. There have been many models to capture different aspects of CPS. However, to deal with the increasing complexity of these ubiquitous systems, which invade all the part of our lives, we need an integrated framework abl...

Cyber-Physical Systems (CPSs) are networks of heterogeneous embedded systems immersed within a physical environment. Several ad-hoc frameworks and mathematical models have been studied to deal with challenging issues raised by CPSs. In this paper, we explore a more standard-based approach that relies on SysML/MARTE to capture different aspects of C...

Hybrid Architecture Analysis and Design Language (AADL) has been proposed to model the interactions between embedded control systems and continuous physical environment. However, the worst-case performance analysis of Hybrid AADL designs often leads to overly pessimistic estimations, and is not suitable for accurate reasoning about overall system p...

Process Networks are a means to describe streaming embedded applications. They rely on explicit representation of task concurrency, pipeline and data-flow. Originally, Data-Flow Process Network (DFPN) representations are independent from any execution platform support model. Such independence is actually what allows looking next for adequate mappin...

MARTE (abbreviated for Modeling and Analysis of Real-Time and Embedded systems) is a UML profile which provides a general modeling framework to design and analyze real-time embedded systems. CCSL (abbreviated for Clock Constraint Specification Language) is a formal language companion to MARTE, used to specify the constraints between the occurrences...

The Clock Constraint Specification Language (ccsl) is a language to specify logical and timed constraints between logical clocks. Given a set of clock constraints specified in ccsl, formal analysis is preferred to check if there exists a schedule that satisfies all the constraints, if the constraints are valid or not, and if the constraints satisfy...

We present the integration of the Behavioral Coordination Operator Language (B-COOL) into the GEMOC Studio. B-COOL enables the system designer to automate the coordination of models by specifying Operators between Domain-Specific Modeling Languages. In this demonstration, we present how B-COOL is used to coordinate the heterogeneous model of a vide...

The design of complex systems involves various, possibly heterogeneous, structural and behavioral models. In model-driven engineering, the coordination of behavioral models to produce a single integrated model is necessary to provide support for validation and verification. Indeed, it allows system designers to understand and validate the global an...

Cyber Physical Systems (CPS) combine digital computational systems with surrounding physical processes. Computations are meant to control and monitor the physical environment, which in turn affects the computations. The intrinsic heterogeneity of CPS demands the integration of diverse models to cover the different aspects of systems. The UML propos...

The UML Profile for Modeling and Analysis of Real-Time and Embedded systems promises a general modeling framework to design and analyze systems. Lots of works have been published on the modeling capabilities offered by MARTE, much less on available verification techniques. The Clock Constraint Specification Language (CCSL), first introduced as a co...

The Clock Constraint Specification Language (ccsl) has initially been introduced as part of the uml Profile for marte dedicated to the modeling and analysis of real-time and embedded systems. ccsl proposes a set of simple patterns classically used to specify causal and temporal properties of (uml/EMF) models. The paper proposes a new semantic model...

To deal with the high complexity of embedded systems, engineers rely on high-level heterogeneous models that combine functional and non-functional aspects, hardware/software artifacts, structural and behavioral descriptions. PRISMSYS is a system-level multi-view modeling framework, which provides a means to specify functional and non-functional asp...

Intelligent Transportation Systems (ITS) are a class of quickly evolving modern safety-critical embedded systems. Dealing with their growing complexity demands a high-level formal modeling language along with adequate verification techniques. STeC has recently been introduced as a process algebra that deals natively with both spatial and temporal p...

The UML Profile for MARTE extends the UML with constructs dedicated to the modeling and analysis of real-time and embedded systems. Its time profile provides a rich model of time based on the notion of logical clocks that can be used consistently through all modeling elements/diagrams. The MARTE time profile comes with a companion language, called...

In most industrial embedded systems development projects, the software and the hardware development parts are separated, and the constraint requirements/capabilities are informally exchanged in the system development phase of the process. To prevent failures due to the violation of timing constraints, hardware components of the platform are typical...

In most industrial embedded systems development projects, the software and the hardware development parts are separated, and the constraint requirements/capabilities are informally exchanged in the system development phase of the process. To prevent failures due to the violation of timing constraints, hardware components of the platform are typical...

The Clock Constraint Specification Language (CCSL) has been defined as a formal companion language of the UML Profile for MARTE to allow defining causal and temporal constraints. This chapter attempts to refine the mathematical foundations of the time model of CCSL. It proposes two semantic models both considering ordered binary relations on CCSL c...

The Clock Constraint Specification Language (CCSL) is a formal polychronous language based on the notion of logical clock. It defines a set of kernel constraints that can represent both asynchronous and synchronous relations. It was originally developed as part of the UML Profile for MARTE to express causal and temporal constraints of Real-time and...

The UML Profile for Modeling and Analysis of Real-Time and Embedded systems promises a general modeling framework to design and analyze systems. Lots of works have been published on the modeling capabilities offered by MARTE, much less on verification techniques supported. The Clock Constraint Specification Language (CCSL), first introduced as a co...

The Clock Constraint Specification Language (CCSL) proposes a rich polychronous time model dedicated to the specification of constraints on logical clocks: i.e., sequences of event occurrences. A priori independent clocks are progressively constrained through a set of clock operators that define when an event may occur or not. These operators can b...

Current metamodeling techniques can be used to specify the syntax and semantics of domain specific modeling languages (DSMLs). However, there is currently very little support for explicitly specifying concurrency semantics using metamodels. Often, such semantics are provided through implicit concurrency models embedded in the underlying execution e...

This paper presents a new model of scenarios, dedicated to the specification and verification of system behaviours in the context of software product lines (SPL). We draw our inspiration from some techniques that are mostly used in the hardware community, and we show how they could be applied to the verification of software components. We point out...

Non-functional properties take an important place in real-time systems. Power consumption, time performance and temperature are non-functional properties that are individually analyzed using specialized tools. Nevertheless, non-functional properties are interrelated, and changes on one property may affect the other ones, but also may impact the sys...

In the development of safety-critical embedded systems, the ability to formally analyze system behavior models, based on timing and causality, helps the designer to get insight into the systems overall timing behavior. To support the design and analysis of real-time embedded systems, the UML modeling profile MARTE provides CCSL – a time model and a...

The UML Profile for Modeling and Analysis of Real-Time and Embedded systems promises a general modeling framework to design and analyze systems. Lots of works have been published on the modeling capabilities offered by MARTE, much less on verification techniques supported. The Clock Constraint Specification Language (CCSL), first introduced as a co...

Modeling and analysis of non-functional properties are central concerns in distributed real-time embedded systems. In automotive domain, EAST-ADL is one of the main architectural modeling approaches for real-time embedded systems. In our previous work we introduced the Timing Augmented Description Language V2 (TADL2), which is the new release of th...

It is critical to analyze characteristics of real-time embedded systems, such as timing behavior, early in the development. In the automotive domain, EAST-ADL is a concrete example of the model-based approach for the architectural modeling of real-time systems. The Timing Augmented Description Language v2 (TADL2) allows for the specification of tim...

Embedded System Design is becoming a field of choice for Model-Driven Engineering techniques. On the engineering side, models bring an abstraction of the code that can then be generated (and regenerated) at will. On the semantic side, they bring a reasoning framework to guarantee or verify properties on the generated code. We focus here on the Cloc...

Embedded System Design is becoming a field of choice for Model-Driven Engineering techniques. On the engineering side, models bring an abstraction of the code that can then be generated (and regenerated) at will. On the semantic side, they bring a reasoning framework to guarantee or verify properties on the generated code. We focus here on the Cloc...

The specification of modeling and analysis of real-time and embedded systems (MARTE) is an extension of the unified modeling language (UML) in the domain of real-time and embedded systems. Even though MARTE time model offers a support to describe both discrete and dense clocks, the biggest effort has been put so far on the specification and analysi...

Problems concerning formal semantics for Clock Constraint Specification Language (CCSL) are considered in the paper. CCSL is intended for describing logical time models for real-time embedded systems and the language is a part of UML profile for MARTE. There exist two approaches to introduce a denotational semantics for CCSL. A pure relational subs...

http://timesquare.inria.fr

In previous work we defined a language (CCSL) made to express real-time temporal scheduling constraints. It uses the notion of partially independent logical clocks (or time threads), of which seemingly physical discrete time is a special case, hence the name Clock Constraint Specification Language. Constraints can represent (asynchronous) causality...

The UML (Unified Modeling Language) Profile for Modeling and Analysis of Real-Time and Embedded (MARTE) systems promises a general modeling framework to design and analyze embedded systems. Lots of works have been published on the modeling capabilities offered by MARTE, much less on verification techniques supported. The Clock Constraint Specificat...

In embedded systems, non-functional and functional aspects are closely related and cannot be considered independently. However, the high complexity of systems requires a large domain of competencies and experts in various domains have to work concurrently on different aspects of the same systems. This is why we propose a multi-view model where each...

The Clock Constraint Specification Language (\ccsl) has been informally introduced in the specifications of the \uml Profile for Modeling and Analysis of Real-Time and Embedded systems (MARTE). In a previous report entitled ''Syntax and Semantics of the Clock Constraint Specification Language'', we equipped a kernel of \ccsl with an operational sem...

The specification of Modeling and Analysis of Real-time and Embedded Systems (MARTE) is an extension of UML in the domain of real-time and embedded Systems. However, unified modeling of continuous and discrete variables in MARTE is still an unsolved problem for hybrid real-time system development. In this paper we propose an extended statechart, Hy...

Process networks and data-flow graphs are used to capture data-dependencies in computation-intensive embedded systems. Their simplicity allows the computation of static schedules that reduce the dynamic overhead and increase predictability. The resulting schedule is a total ordering of actor computations and communications. It can therefore become...

TimeSquare is an Eclipse and model-based environment for the specification, analysis and verification of causal and temporal constraints. It implements the MARTE Time Model and its specification language, the Clock Constraint Specification Language (ccsl). Both MARTE and ccsl heavily rely on logical time, made popular by its use in distributed syst...

Transforming a specification language into a language supported by a verification tool is a widely adopted way of doing formal verification. It enables the reuse of existing languages and tools. In this paper, we propose a correct transformation from CCSL to Promela to do formal verification by SPIN. To implement the transformation, we introduce "c...

The need for verification and debugging of critical temporal constraints in embedded systems comes out at different stages of development. In the specification step, static and dynamic views of the system are established and simulations are performed. In the implementation step, code may be instrumented with the purpose of collecting traces as the...

As the embedded systems are becoming more and more complex, requirements engineering approaches are needed for modeling requirements, especially the timing requirements. Among various requirements engineering approaches, the Problem Frames(PF) approach is particularly useful in requirements modeling for the embedded systems due to the characteristi...

The UML Profile for Modeling and Analysis of Real-Time and Embedded systems (MARTE) has been recently adopted. The Clock Constraint Specification Language (CCSL) allows the specification of causal, chronological and timed properties of MARTE models. Due to its purposely broad scope of use, CCSL has an expressiveness that can prevent formal verifica...

Embedded systems are very difficult to design and debug because of the limited access to the device itself. Therefore, debugging usually requires to instrument the code so as to produce execution traces that are then monitored from a base station. Such an intrusive method has a direct impact on performances. In case of multiple interacting embedded...