|
The primary aim
of the COLUMBUS project was the development of a methodology for the design of
embedded controllers for safety-critical systems. In the design of embedded
systems one has to deal with the implementation of a set of functionalities
satisfying a number of constraints ranging from performance to cost, emissions,
power consumption and weight. The choice of implementation architecture implies
which of these functionalities will be implemented as hardware components and
which as software running on a programmable device. The design of embedded
hardware and software poses a number of problems that cannot be addressed by
traditional methods. These include hard constraints on reaction speed, memory
footprint, power consumption, and, most importantly, the need to verify design
correctness. The latter is a critical aspect of embedded systems since several
application domains, such as transportation and environment monitoring, are
characterized by safety considerations that do not arise in traditional, PC-like
hardware and software applications. The design of embedded controllers for
safety critical systems therefore requires substantial extensions of the current
theoretical paradigm for modelling and control of systems, to allow one to
capture the nature of the design problem, the interaction between abstract
models and implementation platforms, and the uncertainty in the environment in
which safety critical embedded systems have to operate.
The research
directions pursued under the COLUMBUS project centered on hybrid embedded
systems (HES). The topics addressed can be grouped in three categories, as shown
in the following figure.
|
 |
|
1) |
A
standardization effort.
Currently, a number of tools and methodologies are available for
modeling, analyzing, simulating, and designing hybrid and embedded
systems. For the development of a single system, many of these tools and
methods may be useful or even essential. It is, therefore, important to
establish a framework that enables different methods and tools to
inter-operate. The ultimate goal in this direction is the development of
a hybrid system interchange format, a language and a set of tools
that would provide semantically correct and automatic translation from
one hybrid system framework to another.
|
|
2) |
The
development of a design procedure.
Here, work was driven by the experience of the partners in the design of
embedded systems in automotive, avionics and air traffic management
applications. A design methodology that builds on the concept of
platforms was developed. The methodology was tested in three different
applications: automotive, electric drives and wireless sensor networks.
The applications were chosen to illustrate the full range of potential
uses of the design methodology: from mature applications such as
automotive, where the benefits are evolutionary, to emerging
applications such as wireless networks, where the impact of the approach
can be revolutionary.
|
|
3) |
Theoretical extensions of the current paradigm.
The current paradigm for the design and analysis of hybrid systems
requires substantial extensions when it comes to the development of
safety critical embedded systems. A key shortcoming of the current
paradigm is the relatively coarse way in which it treats uncertainty.
This makes it difficult to design systems under probabilistic
performance requirements, for example, or to exploit the structure of
the uncertainty that enters during the deployment of synchronous designs
over asynchronous media to provide correct by construction designs. Such
improvements were pursued as part of the COLUMBUS research effort. |
Advances in these
three directions were followed by a consolidation effort, whose aim was to bring the
individual pieces together in an integrated design flow.
The
importance of the problems in these areas has been recognised all over the world
by industry, government agencies, and academics. Even at the COLUMBUS proposal
stage, it was recognized that substantial progress in these difficult and
important topics would not be possible without the collaboration of research
teams on both sides of the Atlantic. An important goal of COLUMBUS was therefore
to also form a bridge between the European and the US research communities in
this area and set the scene for future collaboration at all levels. To achieve
this goal two research teams from the US were included as full partners in the
consortium and participated in the research, preparation of deliverables,
project meetings and reviews. Our experience working in this transatlantic mode
of operation is summarized in the brief report
“The
COLUMBUS experience: an experiment in joint transatlantic research” and in the appendix of this report.
|
