In WP2 the application developer entry level for mixed critical applications will be defined. The result will be a design flow starting with application level models including functional and extra-functional specifications down to a fully deployed system model to be executed on an embedded multi-core platform.
Safety-critical design methodologies start from an executable model, typically expressed in a block-diagram language and annotated with non-functional properties for verification and test purposes. This source model is then translated into simulation code, refined or abstracted models for formal verification and design-space exploration, and executable code to be embedded on the electronic controller. Code generators for the safety-critical applications will be certified, traceable, statically analyzable using formal methods, and allow for complete code reviews. EMC² will build on the well-established, rigorous system design and automated flows from the avionics industry, extending it towards dynamic, heterogeneous, compute-intensive, and mixed-critical systems. Putting safety and modularity at the core, the tools will strive to preserve the ideal of a single-source executable model, amenable to formal verification, testing, static analysis of functional and non-functional properties, efficient code generation and platform integration with runtime monitoring.
The complexity of system architectures targeted by this project demands for automated methods allowing finding optimized solutions of resource usage while accounting for the above design aspects (safety and performance). Particularly, the safety aspect requires that interferences between different functions allocated to the same computing resources are provable bounded, which is inevitable for example with respect to certification.
EMC2 aims at novel automated exploration methods that shall provide solutions to the following problems:
- Supporting an optimized allocation of a system's functionality to the target hardware architecture with respect to performance.
- Ensuring bounded interferences between different components in mixed-critical settings, including functional and non-functional properties of these components.
- Support for both single and multi-core processing units.