Embedded Systems are ubiquitous today. Starting from avionics control, automotive control, and industrial process control and all the way to handheld PDAs, cell phones, and biomedical prosthetic devices, all have embedded control enabled by embedded computing. According to some, embedded computing has seen some of the most explosive growth among all other fields in computing today. Some of the applications running on such embedded computing platforms are also safety-critical, real-time, and require an absolute guarantee of correctness, timeliness, and dependability. As a result, such applications must be designed with the utmost care, verified for functionality and real-time constraint satisfaction, and must be properly endowed with reliability/dependability properties. These requirements pose new challenges to system designers.
While embedded computing is an engineering discipline, the stringent requirements mentioned above behoove us to build a science of design beyond the regular computer engineering practices and methodological precepts. Such a design science must span both hardware and software systems design. In other words, viewing the embedded systems design as a collection of engineering rules of thumb is not desirable. Scientific theories based on sound semantic models and abstractions that lead to verifiable designs or correct-by-construction designs are needed. We believe that proper abstractions that capture the requirements of a design allowing one to mathematically transform, refine, or verify properties are within the realm of possibilities for embedded systems, much more than is possible for large-scale business applications. This belief is based on the fact that, even though the application fields of such systems are broad, the kind of control, communications, and computation involved in embedded computing have an underlying uniformity. The requirements of space, power, timing, thermal characteristics are often similar (scaling with the size of the application), and, most importantly, the strict requirements of correctness are essential across all such applications.
Toward achieving the goal of sound programming models and abstractions and underlying system architecture supporting the programming models, a great deal of work has been done over the last few decades. A lot more is desirable, which is the raison d'etre of this special section.
Let us consider as an example the synchronous programming model to illustrate what we consider a suitable abstract model, transformation/refinement-based theory, and an example "science of design" for specific embedded applications. Our choice of example is, of course, somewhat biased due to our overexposure to the synchronous programming model. In this model, rigorous semantics theory exists which allows automated refinement of specifications, culminating in code-generation which is guaranteed to be correct-by-construction. Moreover, embedded systems often run software components which asynchronously interact with the environment and the hardware it is running on. As a result, asynchronous interaction models for such systems have been developed for the ease of verifiability of properties of such software.
The choice of suitable programming models rather than just any programming implementation without a model-driven approach can often negatively influence the reliability of embedded systems. The choice of programming model, it turns out, also depends on the architectural model for the system implementation. For example, time-triggered architecture versus event-triggered architecture would influence the programming model and the corresponding methodology for designing. Often, domain specific programming models and architectures are invented to bind the design space of an embedded system so that the optimization of the design through design space exploration can be done efficiently with proper tool support.
In our call for papers for this special section, the topics of interest were announced to be all aspects of programming models and architectures for embedded system design, including and not limited to:
• semantic foundations of various programming models,
• interaction between alternative architectural models and programming models,
• case studies of design of verifiable or correct-by-construction embedded systems,
• optimization and design-space exploration techniques based on domain specific models and architectures,
• comparative study of models and architectures for embedded system specification and design,
• model-driven design and verification of embedded systems, etc.
We received 24 submissions and, after several months of a rigorous review process (with at least three reviews per paper) and a second round of revisions for those selected, we ended up with five papers which we thought were suitable for the special section. Of course, we could not cover all of the possible aspects of this field because the reviewers did not necessarily select papers based on which aspect they covered but on the merits of the papers, as per the standards of the IEEE Transactions on Computers.
The five papers in this special section are a sample of how different research efforts are progressing in directions toward the goals for a rigorous science of design for embedded systems via programming models and architecture routes.
The first paper, titled "Implementing Synchronous Models on Loosely Time Triggered Architectures," by S. Tripakis, C. Pinello, A. Benveniste, A. Sangiovanni-Vincentelli, P. Caspi, and M. Di Natale, describes how to use the abstraction of a synchronous programming model for designing an application and then implementing it in a platform that does not exactly maintain the synchrony assumed in the model. However, such implementation on such a less restrictive platform requires that semantic equivalence with respect to the original abstract model be preserved and, hence, a refinement-based approach is presented. Since synchronous models are easy to analyze and verify, a semantic preserving refinement guarantees correctness even when deployed in such a less restrictive platform. The automotive and avionics platforms that are often based on time-triggered architectures require expensive clock synchronization; thus, loosely time-triggered architectures could lessen the burden of such expensive requirements. As a result, this paper is an important step forward toward embedded application design for automotive platforms.
The second paper, by S. Bliudze and J. Sifakis, is titled "The Algebra of Connectors—Structuring Interaction in BIP." Component-based embedded application design has various advantages. The components are smaller behavioral entities which are easier to construct and verify than an entirely monolithic system. Also, components could be units of reuse. As a result, correct component composition to obtain an application with given properties is a problem of interest to both the hardware and the software system design engineers. A scientific approach to this is brought about in this paper through a notion of connectors between typed ports of the components. The typing here refers to not just data types but also various synchronization precepts. The algebra of connectors, called
, is a term algebra associated with the connectors whose semantics gives the sets of interactions for the connectors. Note that, in an embedded application, connectors between components have behaviors due to the protocols running across them and, hence, connectors are an important part of the overall behavior of the application. The use of this algebra in the context of a component interaction framework BIP (Behavior Interaction Priority)
While the formal models to capture specification and verification followed by refinement are a way to construct correct-by-construction embedded applications, and algebraic and other ways to manipulate, modify, verify, or refine formal models are of interest for correctness, the performance issues are of equal importance. For example, buffer minimization, throughput maximization, memory optimization, etc., should also be possible in the formal modeling framework. The third paper, titled "Throughput-Buffering Trade-Off Exploration for Cyclo-Static and Synchronous Dataflow Graphs," by S. Stuijk, M. Geilen, and T. Basten, aims exactly at achieving such performance goals. Cyclo-static and Synchronous Dataflow graphs are relatively simpler models for capturing DSP and streaming media kinds of applications where throughput is an important metric of concern. These models have the property that the scheduling of the various computations to be performed on the flow of data can be statically scheduled. However, such static scheduling may not be unique and one goal would be to choose the one with minimum buffering requirements between subsequent stages of the computation while not compromising the throughput. While formal models such as these are simple, they have many interesting properties that have not all been fully exploited and this paper aims to find out the Pareto space of throughput versus buffer trade-off.
The last two papers are more related to the current industrial trend in the space of hardware design and concern models which have less formalized notation, semantics, and other nice properties than those enjoyed by the models in the previous three papers. The first is a paper on SystemC Transaction Level Modeling (TLM), which is being increasingly used in the industry for modeling embedded systems at early stages of product design. The transactions-based models are a higher level than a hardware description language-based detailed implementation model for the hardware and allow one to do hardware/software partitioning after design-space exploration using the TLM model. However, for reasonably large embedded applications, even the TLM models can be fairly sizable, leading to slow simulation, thus making verification using assertions also very slow. The paper, titled "A Tractable and Fast Method for Monitoring SystemC TLM Specifications," by L. Pierre and L. Ferro, provides an approach to fast assertion-based verification of TLM models. Reducing the verification time of such early stage models will cut down on the production time of future embedded products. But, one word of caution, one should not use SystemC-based modeling for safety-critical systems because semantics has yet to be formalized; hence, no amount of assertion-based verification will render it fully certified. However, for consumer electronic systems, it is a highly useful approach.
The final paper of this special section, titled "A Model-Driven Development Approach to Mapping UML State Diagrams to Synthesizable VHDL," by S.K. Wood, D.H. Akehurst, O. Uzenkov, W.G.J. Howells, and K.D. McDonald-Meier, talks about another, less formal approach. The model-driven development (MDD) starts with a high level model, often input in diagrammatic form, and then model refinement is applied to achieve the final implementation. In this case, the starting models are in UML and the final implementation is in VHDL. This is more of a methodological approach than a fool-proof property-preserving refinement approach. However, unless the end product is safety-critical, industrial projects are indeed looking at these kinds of approaches more as a design aid to achieve a productivity boost by engineers.
We hope that readers of this special section will find this collection of papers interesting and take it more as a sample of some rigorous and some of the less rigorous but pragmatic approaches to achieve better embedded system construction.
We would like to thank all of the authors who submitted their papers to this special section, all of the reviewers who helped us select the papers, often having to review the papers multiple times, and Professor Fabrizio Lombardi for inviting us to create this special section. We also would like to thank Ms. Joyce Arnold from the editorial office for all of her help.
Sandeep K. Shukla
• S.K. Shukla is with the Electrical and Computer Engineering Department, 302 Whittemore Hall, Virginia Polytechnic and State University, Blacksburg, VA 24061. E-mail: email@example.com.
• J.-P. Talpin is with INRIA Rennes-Bretagne-Atlantique, Campus de Beaulieu, 35042 Rennes Cedex, France.
For information on obtaining reprints of this article, please send e-mail to: firstname.lastname@example.org.
Sandeep K. Shukla
received the bachelor's degree in 1991 from Jadavpur University, Calcutta, and the master's and PhD degrees in computer science in 1995 and 1997, respectively, from the State University of New York at Albany. He is an associate professor of computer engineering at Virginia Polytechnic and State University in Blacksburg (Virginia Tech), where he has been a faculty member since 2002. He is also a founder and deputy director of the Center for Embedded Systems for Critical Applications (CESCA) and director of the FERMAT research lab. He has published more than 100 articles in journals, books, and conference proceedings, and has published four books. He was awarded the PECASE (Presidential Early Career Award for Scientists and Engineers) award for his research in design automation for embedded systems design, which in particular focuses on system level design languages, formal methods, formal specification languages, probabilistic modeling and model checking, dynamic power management, application of stochastic models and model analysis tools for fault-tolerant nano-scale system design, reliability measurement of fault-tolerant nano-systems, and embedded software engineering. Professor Shukla was elected a College of Engineering Faculty Fellow at Virginia Tech in 2004. He is a distinguished visitor of the IEEE Computer Society, a distinguished speaker of the ACM, and a senior member of the IEEE. He worked at GTE labs and Intel Corporation between 1997 and 2001. He was a researcher at the Center for Embedded Computer Systems at the University of California at Irvine. In 2007, Professor Shukla received a Distinguished Alumni award from the State University of New York at Albany for Excellence in Science and Technology. Recently, he received the Friedrich Wilhelm Bessel Research Award from the Humboldt Foundation in Germany.
received the PhD degree in 1993 from the University of Paris VI Pierre et Marie Curie. He is the director of research at INRIA Rennes-Bretagne-Atlantique. He worked at the European Computer-Industry Research Centre in Munich as a research associate prior to joining INRIA in 1995. He is the scientific leader of the Espresso project-team whose main area of research is embedded software design. He is also the coordinator of the ANR project OpenEmbeDD developing an open-source, model-driven, embedded system design platform. He served eight years as an elected member of INRIA's evaluation commission. In 2005, he received the ACM SIGPLAN Award for the most influential POPL paper for his article with Mads Tofte.