Safety critical embedded systems: from requirements to system architecture

SACRES is a toolset supporting the design of safety-critical embedded control systems. It integrates the tools and specification techniques Statemate, Sildex, and Timing Diagrams with tool components for automatic code generation (DCBench, common representation format DC+), formal verification based on model checking techniques, and an approach for automatic code validation for target code generated from DC+. The SACRES toolset combines the following main groups of tools: - The tools of the specification front-end integrating the graphical specification techniques of Statemate, Sildex, Timing Diagrams with SSL, a textual language for assembling different components - DCBench for handling the internal representation format DC+ - Code generators for Ada and C including an interface for specifying target architecture and code distribution - A group of tools for formal verification of designs produced with the specification tools, including support for managing the verification process - A code validation tool which allows formal correctness checks for the generated code relative to the intermediate representation The main benefits of the SACRES approach are reduced risks for design errors and decreased design times and costs for the development of dependable (safety critical) embedded systems. SACRES is an effort to avoid unpredictability (particularly that arising from late feedback from testing) associated with development of safety critical systems, through the use of the maximum degree of automation, especially in respect of code generation and verification. Technical achievements are - Integration of dataflow and state-based specification styles - Formal specification of safety-critical properties - Integration of efficient symbolic model checking techniques with the state-of-the-art specification tools STATEMATE and SILDEX - Automatic generation of efficient distributed code - Automated correctness proofs for the generated code