References of "Navet, Nicolas 50002739"
     in
Bookmark and Share    
Full Text
See detailLean Model-Driven Development through Model-Interpretation: the CPAL design flow
Navet, Nicolas UL; Fejoz, Loïc; Havet, Lionel et al

Report (2015)

We introduce a novel Model-Driven Development (MDD) flow which aims at more simplicity, more intuitive programming, quicker turnaround time and real-time predictability by leveraging the use of model ... [more ▼]

We introduce a novel Model-Driven Development (MDD) flow which aims at more simplicity, more intuitive programming, quicker turnaround time and real-time predictability by leveraging the use of model-interpretation and providing the language abstractions needed to argue about the timing correctness on a high-level. The MDD flow is built around a language called Cyber-Physical Action Language (CPAL). CPAL serves to describe both the functional behaviour of activities (i.e., the code of the function itself) as well as the functional architecture of the system (i.e., the set of functions, how they are activated, and the data flows among the functions). CPAL is meant to support two use-cases. Firstly, CPAL is a development and design space exploration environment for CPS with main features being the formal description, the editing, graphical representation and simulation of CPS models. Secondly, CPAL is a real-time execution platform. The vision behind CPAL is that a model is executed and verified in simulation mode on a workstation and the same model can be later run on an embedded board with a timing-equivalent run-time time behaviour. [less ▲]

Detailed reference viewed: 144 (7 UL)
Full Text
Peer Reviewed
See detailUsing CPAL to model and validate the timing behaviour of embedded systems
Altmeyer, Sebastian UL; Navet, Nicolas UL; Fejoz, Loïc

in 6th International Workshop on Analysis Tools and Methodologies for Embedded and Real-time Systems (WATERS) (2015, July 07)

This work presents a solution to the Formal Methods for Timing Verification (FMTV) Challenge 2015 using CPAL. CPAL stands for the Cyber-Physical Action Language and is a novel language to model, simulate ... [more ▼]

This work presents a solution to the Formal Methods for Timing Verification (FMTV) Challenge 2015 using CPAL. CPAL stands for the Cyber-Physical Action Language and is a novel language to model, simulate and verify cyber-physical systems as those described in the challenge. We believe that the complexity of the challenge mainly stems from the complex interactions of the tasks and processes composing the aerial video tracking system of the challenge. Using CPAL we have derived a complete and unambiguous description of the system that supports timing verification. The different sub-challenges were solved by timing-accurate simulation and/or schedulability analysis. Even though simulation does not provide firm guarantees on the worst-case behaviour, it helps the system designer solve scheduling problems and validate the solutions, where verification tools can not be applied directly due to the complexity of the model as in the 2015 FMTV challenge. [less ▲]

Detailed reference viewed: 341 (8 UL)
Full Text
Peer Reviewed
See detailTiming verification of real-time automotive Ethernet networks: what can we expect from simulation?
Navet, Nicolas UL; Seyler, Jan; Migge, Jörn

Scientific Conference (2015, May 23)

Switched Ethernet is a technology that may profoundly reshape automotive communication architectures as it did in other application domains such as avionics with the use of AFDX backbones. Ethernet is ... [more ▼]

Switched Ethernet is a technology that may profoundly reshape automotive communication architectures as it did in other application domains such as avionics with the use of AFDX backbones. Ethernet is meant in vehicles not only for the support of infotainment applications but also to transmit time-sensitive data used for the real-time control of the vehicle and ADAS functions. In such use-cases, the temporal behavior of the communication architecture must be carefully validated. Early stage timing verification of critical embedded networks typically relies on simulation and worst-case schedulability analysis, which basically consists in building a mathematical model of the worst possible situations that can be encountered at run-time. The two basic questions that we aim to study here is what can we expect from simulation? And how to use it properly? This empirical study explores these questions and provides methodological guidelines for the use of simulation in the design of switched Ethernet networks. A broader objective of the study is to compare the outcomes of schedulability analyses and simulation, and conclude about the scope of usability of simulation in the design of critical Ethernet networks. [less ▲]

Detailed reference viewed: 116 (4 UL)
Full Text
Peer Reviewed
See detailInsights on the Configuration and Performances of SOME/IP Service Discovery
Seyler, Jan; Navet, Nicolas UL; Fejoz, Loïc

in SAE International Journal of Passenger Cars- Electronic and Electrical Systems (2015), 8(1), 124-129

Scalable Service-Oriented Middleware on IP (SOME/IP) is a proposal aimed at providing service-oriented communication in vehicles. SOME/IP nodes are able to dynamically discover and subscribe to available ... [more ▼]

Scalable Service-Oriented Middleware on IP (SOME/IP) is a proposal aimed at providing service-oriented communication in vehicles. SOME/IP nodes are able to dynamically discover and subscribe to available services through the SOME/IP Service Discovery protocol (SOME/IP SD). In this context, a key performance criterion to achieve the required responsiveness is the subscription latency that is the time it takes for a client to subscribe to a service. In this paper we provide a recap of SOME/SD and list a number of assumptions based on what we can foresee about the use of SOME/IP in the automotive domain. Then, we identify the factors having an effect on the subscription latency, and, by sensitivity analysis, quantify their importance regarding the worst-case service subscription latency. The analysis and experiments in this study provide practical insights into how to best configure SOME/IP SD protocol. [less ▲]

Detailed reference viewed: 376 (5 UL)
Full Text
Peer Reviewed
See detailA Contract-Based approach to support Goal-Driven Analysis
Brau, Guillaume UL; Hugues, Jérôme; Navet, Nicolas UL

in Proceedings of the IEEE 18th International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing (ISORC) (2015, April)

In the design of real-time systems, models are usual artifacts to capture and represent the various features of the system. They are later analyzed to check for their correctness. A key issue is to handle ... [more ▼]

In the design of real-time systems, models are usual artifacts to capture and represent the various features of the system. They are later analyzed to check for their correctness. A key issue is to handle models and analyses in a systematic, consistent and efficient way. This paper presents an approach for the systematic and correct execution of analyses on real-time system models along with a proof-of-concept. The contribution aims at 1) directing the analyses targeting goals and 2) using contracts to reason about models, analyses and goals. An example of goal is to enrich a model with missing information or to obtain precise data to conclude about the system quality. In our approach, contracts are used to formally depict both the properties required and provided by the analyses ; but also models and goals. Through the concept of contracts, we identify all the feasible paths to execute the analyses in order to reach a goal. [less ▲]

Detailed reference viewed: 174 (12 UL)
Full Text
Peer Reviewed
See detailFormal Analysis of the Startup Delay of SOME/IP Service Discovery
Seyler, Jan; Streichert, Thilo; Glaß, Michael et al

in Proceedings of the 2015 Design, Automation & Test in Europe Conference & Exhibition (2015)

An automotive network needs to start up within the millisecond range. This includes the physical startup, the software boot time, and the configuration of the network. The introduction of Ethernet into ... [more ▼]

An automotive network needs to start up within the millisecond range. This includes the physical startup, the software boot time, and the configuration of the network. The introduction of Ethernet into the automotive industry expanded the design space drastically and is increasing the complexity of configuring every element in the network. To add more flexibility to automotive Ethernet networks, the concept of Service Discovery was migrated from consumer electronics to AUTOSAR within the SOME/IP middleware. A network is not fully functional until every client has found its service. Consequently, this time interval adds to the startup time of a network. This work presents a formal analysis model to calculate the waiting time of every client to receive the first offer from its service. The model is able to determine the worst case of a given parameter set. Based on this, a method for calculating the total startup time of a system is derived. The model is implemented in a free-to-use octave program and validated by comparing the analytical results to a timing-accurate simulation and an experimental setup. In every case the worst-case assumption holds true -- the gap between the maximum of the simulation and the presented method is less than 1.3%. [less ▲]

Detailed reference viewed: 161 (1 UL)
Full Text
Peer Reviewed
See detailTiming verification of automotive communication architectures using quantile estimation
Navet, Nicolas UL; Louvart, Shehnaz; Villanueva, Jose et al

Scientific Conference (2014, March 07)

Early stage timing verification on CAN traditionally relies on simulation and schedulability analysis, also known as worst-case response time (WCRT) analysis. Despite recent progresses, the latter ... [more ▼]

Early stage timing verification on CAN traditionally relies on simulation and schedulability analysis, also known as worst-case response time (WCRT) analysis. Despite recent progresses, the latter technique remains pessimistic espe cially in complex networking architectures with gateways and heterogeneous communication stacks. Indeed, there are practical cases where no exact WCRT analysis is available, and merely upper bounds on the response times can be derived, on the basis of which unnecessary conservative design choices may be made. Simulation, on the other hand, does not provide any guarantees per se and, in the context of critical networks, should only be used along with an adequate methodology. In this paper, we argue for the use of quantiles of the response time distribution as performance metrics providing an adjustable trade-off between safety and resource usage optimization. We discuss how the exact value of the quantile to consider should be chosen with regard to the criticality of the frames, and illustrate the approach on two typical automotive use -cases. [less ▲]

Detailed reference viewed: 108 (4 UL)
Peer Reviewed
See detailIntegrating end-system frame scheduling for more accurate AFDX timing analysis
Boyer, Marc; Santinelli, Luca; Navet, Nicolas UL et al

Scientific Conference (2014, February 07)

Avionics systems distributed on AFDX networks are subject to stringent real-time constraints that require guaranteeing the Worst-Case Traversal Time (WCTT) on the network for each of the data flows. Over ... [more ▼]

Avionics systems distributed on AFDX networks are subject to stringent real-time constraints that require guaranteeing the Worst-Case Traversal Time (WCTT) on the network for each of the data flows. Over the last 10 years, since the initial use of Network Calculus in certification, important progresses have been made in AFDX timing verification. The maximum pessimism for the latencies is now known to range from 10 to 25% on realistic systems. Further progresses towards more accurate timing analysis can still be made by considering additional temporal information. In this paper, we show that integrating the knowledge of the scheduling of the frames that is done within an end-system in the timing analysis enables to dramatically reduce the WCTT bounds computed by Network Calculus. Indeed, in our experiments performed on a realistic configuration provided by Thales Avionics, this technique reduces the WCTT upper bound by 40% on average over all flows. The reason is that the scheduling of the frames shapes the outgoing traffic, reducing thus peaks of load on the outgoing traffic , which can be accounted for in the timing analysis. Importantly, because the scheduling of the frames within the end-systems is in the scope of the network supplier, unlike the scheduling of tasks done at the application level, the approach presented here does not imply major changes in the design process. [less ▲]

Detailed reference viewed: 91 (6 UL)
Full Text
See detailVerification of automotive networks - what to expect (and not expect) from each technique
Navet, Nicolas UL

Scientific Conference (2013, December 09)

The presentation focuses on the verification of wired automotive buses and addresses the following topics: historical perspective of verification techniques, review of the different sets of messages and ... [more ▼]

The presentation focuses on the verification of wired automotive buses and addresses the following topics: historical perspective of verification techniques, review of the different sets of messages and verification techniques along the development cycle, performance metrics and end-to-end constraints, early stage verification technique: schedulability analysis versus simulation. [less ▲]

Detailed reference viewed: 65 (2 UL)
Full Text
See detailQuantile-based performance evaluation on CAN
Navet, Nicolas UL

Scientific Conference (2013, November 12)

Early stage timing analysis on CAN traditionally relies on simulation and worst-case response time (WCRT) analysis. Despite recent progresses, it will be shown than the latter technique remains ... [more ▼]

Early stage timing analysis on CAN traditionally relies on simulation and worst-case response time (WCRT) analysis. Despite recent progresses, it will be shown than the latter technique remains pessimistic especially in complex networking architectures with gateways and heterogeneous communication stacks. Indeed, there are many cases of practical interest where no exact WCRT analyses are available, and merely upper bounds on the response times can be derived, on the basis of which unnecessary conservative design choices may be made. Simulation, on the other hand, does not provide any guarantees per se and should only be used along with a rigorous methodology in the context of critical networks. In this presentation, we argue for the use of quantiles of the response time distribution as performance metrics providing an adjustable trade-off between safety and resource usage optimization. We explain how the exact value of the quantile to consider should be chosen wrt the criticality of the frames, and how to calibrate the simulation lengths accordingly. Also, we highlight necessary conditions that must be met (e.g., response times above the quantiles must not be correlated) and how to verify them. [less ▲]

Detailed reference viewed: 97 (1 UL)
Full Text
Peer Reviewed
See detailRefinement of AADL models using early-stage analysis methods
Brau, Guillaume UL; Hugues, Jérôme; Navet, Nicolas UL

in Proceedings of the 4th Analytic Virtual Integration of Cyber-Physical Systems Workshop (2013, November)

Model-Driven Engineering (MDE) is a relevant approach to support the engineering of distributed embedded systems with performance and dependability constraints. MDE involves models definitions and ... [more ▼]

Model-Driven Engineering (MDE) is a relevant approach to support the engineering of distributed embedded systems with performance and dependability constraints. MDE involves models definitions and transformations to cover most of the system life-cycle: design, implementation and Verification & Validation activities towards system qualification. Still, few works evaluate the early integration of performance evaluation based on architectural models. In this paper, we investigate the early-stage use of analysis in AADL modeling. Precisely, we exemplify on an avionics case study how to dimension the data flows for an application distributed over an AFDX network. Based on the insight from this study, we suggest a simple framework and associated techniques to efficiently support analysis activities in the early-stage design phases. [less ▲]

Detailed reference viewed: 231 (13 UL)
Full Text
See detailRefinement of AADL models using early-stage analysis methods : An avionics example
Brau, Guillaume UL; Hugues, Jérôme; Navet, Nicolas UL

Report (2013)

Model-Driven Engineering (MDE) is a relevant approach to support the engineering of distributed embedded systems with performance and dependability constraints. MDE involves models definitions and ... [more ▼]

Model-Driven Engineering (MDE) is a relevant approach to support the engineering of distributed embedded systems with performance and dependability constraints. MDE involves models definitions and transformations to cover most of the system life-cycle: design, implementation and Verifi cation & Validation activities towards system quali fication. Still, few works evaluate the early integration of performance evaluation based on architectural models. In this report, we investigate the early-stage use of analysis in AADL modeling. Precisely, we exemplify on an avionics case study how to dimension the data flows for an application distributed over an AFDX network. Based on the insight from this study, we suggest a simple framework and associated techniques to e fficiently support analysis activities in the early-stage design phases. [less ▲]

Detailed reference viewed: 219 (10 UL)
Full Text
See detailIn-vehicle communication networks - a historical perspective and review
Navet, Nicolas UL; Simonot-Lion, Françoise

Report (2013)

The use of networks for communications between the Electronic Control Units (ECU) of a vehicle in production cars dates from the beginning of the 90s. The specific requirements of the different car ... [more ▼]

The use of networks for communications between the Electronic Control Units (ECU) of a vehicle in production cars dates from the beginning of the 90s. The specific requirements of the different car domains have led to the development of a large number of automotive networks such as LIN, CAN, CAN FD, FlexRay, MOST, automotive Ethernet AVB, etc.. This report first introduces the context of in-vehicle embedded systems and, in particular, the requirements imposed on the communication systems. Then, a review of the most widely used, as well as the emerging automotive networks is given. Next, the current efforts of the automotive industry on middleware technologies which may be of great help in mastering the heterogeneity, are reviewed, with a special focus on the proposals of the AUTOSAR consortium. Finally, we highlight future trends in the development of automotive communication systems. [less ▲]

Detailed reference viewed: 563 (32 UL)
See detailAn empirical analysis of heavy-tails behavior of financial data: the case for power laws
Champagnat, Nicolas; Deaconu, Madalina; Lejay, Antoine et al

Report (2013)

This work aims at underlying the importance of a correct modelling of the heavy-tail behavior of extreme values of financial data for an accurate risk estimation. Many financial models assume that prices ... [more ▼]

This work aims at underlying the importance of a correct modelling of the heavy-tail behavior of extreme values of financial data for an accurate risk estimation. Many financial models assume that prices follow normal distributions. This is not true for real market data, as stock (log-)returns show heavy-tails. In order to overcome this, price variations can be modeled using stable distribution, but then, as shown in this study, we observe that it over-estimates the Value-at-Risk. To overcome these empirical inconsistencies for normal or stable distributions, we analyze the tail behavior of price variations and show further evidence that power-law distributions are to be considered in risk models. Indeed, the efficiency of power-law risk models is proved by comprehensive backtesting experiments on the Value-at-Risk conducted on NYSE Euronext Paris stocks over the period 2001-2011. [less ▲]

Detailed reference viewed: 48 (0 UL)
Full Text
Peer Reviewed
See detailCombining static priority and weighted round-robin like packet scheduling in AFDX for incremental certification and mixed-criticality support
Boyer, Marc; Navet, Nicolas UL; Fumey, Marc et al

in Proceedings of the 5th European Conference for Aeronautics and Space Sciences (EUCASS) (2013, July 01)

The Deficit Round Robin (DRR) policy can be used at the outgoing ports of communication switches to schedule distinct classes of frames, providing each class with a guaranteed share of the network ... [more ▼]

The Deficit Round Robin (DRR) policy can be used at the outgoing ports of communication switches to schedule distinct classes of frames, providing each class with a guaranteed share of the network bandwidth. The independence between traffic classes helps to improve the incremental design process, incremental certification and scheduling flows with mixed criticalities. DRR leads however to a less efficient use of hardware resources, this is why we also envisage the combined use of DRR and Static Priority (SP). We then provide a first quantitative assessment on a realistic case-study about the use of DRR, possibly combined with SP, in avionics networking and shed some light on its range of applicability. [less ▲]

Detailed reference viewed: 64 (3 UL)