Model-based development for time-triggered architectures

Time-triggered architectures (TTA) and SCADE are both well-established technologies and tools for building safety-critical embedded software. Both are based on the same time-triggered approach; TTA for the communication infrastructure and SCADE for the application components. This paper presents the integration of these two technologies and tools for the design of distributed systems 1. When completed, the breakthrough of this solution shows that it provides a single framework to: specify behavior, timing constraints, and mapping of tasks onto hardware; generate all the code needed to build communicating executables; simulate and perform formal verification of properties both for each individual task and also for the global model. Specification is accomplished with a graphical view that allows the definition of hardware nodes and mapping of any set of subsystems (a subsystem consists of several communicating tasks, all located on the same node) on these nodes. Replication is authorized and handled by the fault tolerant communication (FT-COM) layer. Code generation is supported by add-ons to the two toolsets: the complete architecture and timing information is generated from SCADE and passed to the TTP plan and TTP build functions that compute respectively the communication scheduling and the task scheduling for each node. The SCADE code generator generates certifiable C code for each task. TTP build generates the code for the scheduling of the tasks on each node. A simple wrapper code is generated to handle data transfer between the FT-COM layer and task interfaces. Simulation and formal verification are possible thanks to the same underlying paradigm for both technologies: as both the application tasks and the communication infrastructure are time-triggered, with complete determinism, a global system model can be represented and formally verified.