“Damien CHABROL a co-fondé Krono-Safe avec moi en 2011. La marche à franchir entre son poste de chercheur au CEA et son poste de DG dans une jeune entreprise innovante était de taille. Mais il a su s’adapter rapidement et relever ce défi avec brio en faisant preuve d’une énorme capacité de travail 💪 et d’un esprit d’équipe remarquable 🤝. Et ce malgré les tempêtes inhérentes à ce genre d’aventure...”
Damien Chabrol, PhD
Vannes, Bretagne, France
1 k abonnés
+ de 500 relations
À propos
Chez ASTERIOS TECHNOLOGIES, notre équipe façonne l'avenir des logiciels critiques pour…
Activité
-
Catch bugs before they break the bank. The cost of a bug can increase by 640x if left unchecked until after release. TrustInSoft Analyzer…
Catch bugs before they break the bank. The cost of a bug can increase by 640x if left unchecked until after release. TrustInSoft Analyzer…
Aimé par Damien Chabrol, PhD
-
IoT.bzh is happy to present at Berlin during #icnc24 the 1st fully open source #ISO15118 simulator. If you're in Berlin please visit us at the Tech…
IoT.bzh is happy to present at Berlin during #icnc24 the 1st fully open source #ISO15118 simulator. If you're in Berlin please visit us at the Tech…
Aimé par Damien Chabrol, PhD
-
Impressive work by Archer's software, flight controls, GNC, systems & integration teams
Impressive work by Archer's software, flight controls, GNC, systems & integration teams
Aimé par Damien Chabrol, PhD
Expérience
-
ASTERIOS TECHNOLOGIES
-
-
-
-
-
-
-
-
-
-
-
-
Formation
-
Université Paris-Sud
-
Activités et associations :Intitulé: Etude, conception et mise en oeuvre d'un protocole de communication synchrone et tolérant aux fautes pour des réseaux standards
-
-
-
-
-
-
Publications
-
Perspectives on AI-ML Safety Assurance
ERTS 2024
AI-ML suffers from a reliability glass-ceiling phenomenon (e.g. ~10e-3 error/inference), making it incompatible with safety-criticality. Several orders of magnitude are missing. We explain why, we point to the characteristics of ML that conflict with the assurance objectives assigned to safety-critical developments. Could encapsulation of ML constituents into fault-tolerant architectures, ML development assurance, and software/hardware development assurance, altogether mitigate the gap? We…
AI-ML suffers from a reliability glass-ceiling phenomenon (e.g. ~10e-3 error/inference), making it incompatible with safety-criticality. Several orders of magnitude are missing. We explain why, we point to the characteristics of ML that conflict with the assurance objectives assigned to safety-critical developments. Could encapsulation of ML constituents into fault-tolerant architectures, ML development assurance, and software/hardware development assurance, altogether mitigate the gap? We argue that in spite of impressive progress of ML state-of-the-art, the answer is negative. Drawing from Topological Data Analysis (TDA) and set-based non-linear control, we propose to supplement ML point-based specification and verification with volume-based specification and verification to meet 10e-5 err./ inf. levels, as a minimum. We outline the rationale of a new research field we name (Ultra) Reliable Machine Learning, at the confluence of TDA, statistics on manifolds, and ML safety assurance. Some cross-domain safety regulation principles guide the underlying rationale. We illustrate the methodology on image classification.
Other authorsSee publication -
SLET for distributed aerospace landing system
The aerospace industry is moving towards digital systems that are both more condensed (merging criticality-heterogenous functions on a same equipment) and more distributed (for robustness, availability, actuators/sensors closeness) while software-defined. This makes integration activities highly critical for next-generation systems, due to the interaction complexity between the software components and their deployment on the hardware platform, combined with outdated development processes with…
The aerospace industry is moving towards digital systems that are both more condensed (merging criticality-heterogenous functions on a same equipment) and more distributed (for robustness, availability, actuators/sensors closeness) while software-defined. This makes integration activities highly critical for next-generation systems, due to the interaction complexity between the software components and their deployment on the hardware platform, combined with outdated development processes with regard to the multicore transition. Therefore, predictability, testability, and ultimately strong determinism are crucial high-level properties needed not only at equipment level but at the whole system scope, which cannot be tackled without changes in the design process. This paper deals with an innovative solution, based on the sLET paradigm, to bring drastic integration time reduction whatever the underlying architecture (multicore, multi-node). Already proved worthy for multicore platforms, sLET deployment is applied to an aerospace landing system over a distributed system architecture.
Other authors -
Semantics foundations of PsyC based on synchronous Logical Execution Time
ACM
Task models for Real-Time Scheduling (RTS) and Synchronous Reactive
(SR) languages are two prominent classes of formalisms for
the design and analysis of time-critical embedded systems. Task
models allow to provide deadlines, periods, or other such kinds of
interval time boundaries that make the system description fit for
schedulability analysis. Synchronous reactive languages use logical
clocks to be activation condition triggers in languages providing
programmability. We…Task models for Real-Time Scheduling (RTS) and Synchronous Reactive
(SR) languages are two prominent classes of formalisms for
the design and analysis of time-critical embedded systems. Task
models allow to provide deadlines, periods, or other such kinds of
interval time boundaries that make the system description fit for
schedulability analysis. Synchronous reactive languages use logical
clocks to be activation condition triggers in languages providing
programmability. We consider here synchronous LET (sLET) extensions
that intend to re-use notions of logical clocks and logical
time, for the purpose of providing schedulability boundaries. As
its name indicates, sLET borrows deeply from Logical Execution
Time ideas, where timing dimensions are all provided at logical
design time, but they extend asynchronous events as in xGiotto
with SR-inspired programmability and “first-class citizen” logical
clock constructs. Our work results in a two-level semantics of the
programming language PsyC. The benefits are to reuse techniques
from both RTS and SR. Big-step RTS models provide inputs for
task model schedulability analysis and implementation. Meanwhile,
SR small-step models provide methodological tools to view any
events as a time base (logical clock) and verification technologies
(but they do not consider the WCET of tasks to be kept within time
boundaries by the scheduling). We show the semantic equivalence
of those two semantics at visible time interval boundaries.Other authorsSee publication -
The synchronous Logical Execution Time paradigm
ERTS 2022 - Embedded real time systems, Jun 2022, Toulouse, France.
Real-Time industrial systems are not so much of those that have to perform tasks incredibly fast, but in a time predictable manner; they rather focus on meeting previously specified timing requirements in a provable way. Consequently, time must be taken into account from the very start of the design.
However, exact timing constants may not be available yet in early design stages as they may depend on the target. In answer, formalisms based on the Multiform Logical Time have been introduced…Real-Time industrial systems are not so much of those that have to perform tasks incredibly fast, but in a time predictable manner; they rather focus on meeting previously specified timing requirements in a provable way. Consequently, time must be taken into account from the very start of the design.
However, exact timing constants may not be available yet in early design stages as they may depend on the target. In answer, formalisms based on the Multiform Logical Time have been introduced to abstract real-time durations. The SynchronousReactive (SR) approach introduced a discretized abstraction of
time on which computations happen logically instantaneously.
Contrary to SR, Logical Execution Time (LET) mandates to specify the actual logical duration a task has to fulfill. This allows a more efficient compilation, at the price of a lower expressiveness. Classical LET (i.e. as introduced in Giotto/TDL) sticks to uniform pseudo-physical time, i.e. based on one logical
clock mapped to the real-time. In this paper, we introduce a new paradigm called synchronous Logical Execution Time (sLET) that builds upon both SR and LET paradigms. It keeps the idea of logical durations coming from the LET paradigm, while having logical instants based on logical clocks. This extends the
expressivity of LET, as time is totally abstracted as sequences of events. The various schedulings provide physically timed versions that, while having distinct non-functional properties (in terms of performance mostly), remain mutually functionally equivalent (in the logical time realm). A particular instance, where computations are executed ”in a single instant”, and then time is advanced (as in classical event-driven simulation), can lead to a direct translation into synchronous formalisms (in our case Esterel). We started inquiring how this could open new ways of verification and analysis on PsyC programsOther authorsSee publication -
Dependable Real-Time System and Mixed-Criticality: Seeking Safety, Flexibility and Efficiency with Kron-OS
Ada User Journal
Embedded real-time systems integrate more and more real-time application functions on the same execution unit with heterogeneous real-time requirements but also dissimilar safety requirements. It is not realistic to apply the highest safety level to all functions, which leads to the problem of mixed-criticality. Hypervisors seem to have become a popular solution, but they consider real-time features as a secondary issue. Their main drawback is the difficulty (or impossibility) to manage…
Embedded real-time systems integrate more and more real-time application functions on the same execution unit with heterogeneous real-time requirements but also dissimilar safety requirements. It is not realistic to apply the highest safety level to all functions, which leads to the problem of mixed-criticality. Hypervisors seem to have become a popular solution, but they consider real-time features as a secondary issue. Their main drawback is the difficulty (or impossibility) to manage different time-scales and jitters as a real-time operating system is supposed to. To cope with this problem, we propose an approach that we briefly introduce in this article. Kron-OS is a software suite to design, implement and execute realtime solutions mixing strong real-time requirements along with low-criticality features. It also provides a set of automatic code generation tools and a safety-oriented real-time kernel that includes temporal and spatial partitioning methodology and mechanisms.
Other authors -
Noyau & outils pour concilier contraintes de time-to-market et de certification
ImDR
L’objectif de cette communication est de présenter un outil innovant de développement de systèmes temps-réel, déterministes et partitionnés qui répondent à des exigences de sécurité fonctionnelle.
En effet les industriels, concevant et intégrant des systèmes embarqués relatifs à la sécurité, sont confrontés à des contraintes issues du marché (contraintes de temps, de complexité…), mais aussi à des contraintes normatives dans le but d’une certification (notamment la CEI 61508, norme de…L’objectif de cette communication est de présenter un outil innovant de développement de systèmes temps-réel, déterministes et partitionnés qui répondent à des exigences de sécurité fonctionnelle.
En effet les industriels, concevant et intégrant des systèmes embarqués relatifs à la sécurité, sont confrontés à des contraintes issues du marché (contraintes de temps, de complexité…), mais aussi à des contraintes normatives dans le but d’une certification (notamment la CEI 61508, norme de sécurité fonctionnelle). Ce papier présente d’un côté la technologie KRONO-SAFE, et de l’autre l’intérêt de son intégration dans des démarches de certification.Other authorsSee publication -
Freedom from interference among time‐triggered and angle‐triggered tasks: a powertrain case study
ERTS² 2014
Over the last years, the amount of software integrated in products like cars, planes, or trains has considerably grown in order to get more intelligent, more open and more communicating embedded systems. Due to this trend, the ability to manage the software complexity while respecting the safety constraints is now key for competitiveness in industrial domains such as automotive, aeronautic or railway.
To achieve this challenge, the real‐time kernel plays a major role. Unfortunately the…Over the last years, the amount of software integrated in products like cars, planes, or trains has considerably grown in order to get more intelligent, more open and more communicating embedded systems. Due to this trend, the ability to manage the software complexity while respecting the safety constraints is now key for competitiveness in industrial domains such as automotive, aeronautic or railway.
To achieve this challenge, the real‐time kernel plays a major role. Unfortunately the current technologies proposed by the market are handicapped by programming models with poor or nonexistent temporal semantics. This weakness is a really blocking point to keep under control the cost and the time‐tomarket of safety‐related and always more complex embedded systems.
To address these issues, KRONO‐SAFE has extended its real‐time kernel, called KRON‐OS, in order to support an innovative programming model enabling to mix periodic and aperiodic real‐time references while guaranteeing the freedom from interference among treatments and the determinism of system behavior on single‐core and multi‐core processors. -
Method and Tools for Mixed-Criticality Real-Time Applications within PharOS
This paper provides an overview of some principles and mechanisms to securely operate mixed-criticality real-time systems on embedded platforms. Those principles are illustrated with PharOS a complete set of tools to design, implement and execute real-time systems on automotive embedded platforms. The keystone of this approach is a dynamic time-triggered methodology that supports full temporal isolation without wasting CPU time. In addition, memory isolation is handled through automatic…
This paper provides an overview of some principles and mechanisms to securely operate mixed-criticality real-time systems on embedded platforms. Those principles are illustrated with PharOS a complete set of tools to design, implement and execute real-time systems on automotive embedded platforms. The keystone of this approach is a dynamic time-triggered methodology that supports full temporal isolation without wasting CPU time. In addition, memory isolation is handled through automatic off-line generation of fine-grained memory protection tables used at runtime. These isolation mechanisms are building blocks for the support of mixed-criticality applications. Several extensions have been brought to this model to expand the support for mixed-criticality within the system. These extensions feature fault recovery, support for the cohabitation of event-triggered with time-triggered tasks and paravirtualization of other operating systems. The contribution of this paper is to provide a high-level description of these extensions, along with an analysis of their impact on the global system safety, in particular on the determinism property of the PharOS model.
Other authorsSee publication -
A Spatial and Temporal Partitioning Approach for Dependable Automotive Systems
ETFA
Automotive industrials aim to reduce quantity of execution control units (ECU) in order to control vehicle cost and energy consumption. Following this trend, next-generation of automotive body/engine controllers will integrate more real-time functions on a same ECU with different safety levels and application domains. To reach this new challenge, safety must therefore be improved to ensure no interference among functions. This paper deals with PharOS, a technology for the design and the…
Automotive industrials aim to reduce quantity of execution control units (ECU) in order to control vehicle cost and energy consumption. Following this trend, next-generation of automotive body/engine controllers will integrate more real-time functions on a same ECU with different safety levels and application domains. To reach this new challenge, safety must therefore be improved to ensure no interference among functions. This paper deals with PharOS, a technology for the design and the implementation of embedded real-time systems in highly-constrained environments. It provides a safety-oriented kernel including earliest error detection and confinement techniques. This is realized through partitioning mechanisms allowing to keep stable and available the system even in degraded mode and to realize specific failure management policy.
Other authors -
An OS for Multicore Embedded Systems Compliant with Automotive Safety Standards
IAEC
In 2006, DELPHI and CEA decided to work jointly on the “D2OS” project in order to develop a new OS for the next-generation of automotive body controllers. The DELPHI needs regarding a new OS are the following:
· ROM and RAM consumption equivalent to current automotive OS,
· time triggered but also event triggered support,
· spatial and temporal protection,
· NTF (No Trouble Found) eradication,
· dual-core support,
· AutoSAR compliance.
The challenge to which these R&D works…In 2006, DELPHI and CEA decided to work jointly on the “D2OS” project in order to develop a new OS for the next-generation of automotive body controllers. The DELPHI needs regarding a new OS are the following:
· ROM and RAM consumption equivalent to current automotive OS,
· time triggered but also event triggered support,
· spatial and temporal protection,
· NTF (No Trouble Found) eradication,
· dual-core support,
· AutoSAR compliance.
The challenge to which these R&D works rise up is the introduction of safety in the design and execution of automotive applications, taking benefit of previously works performed in the
safety-critical domain of nuclear science, and neverthelessOther authors -
Dynamic Scheduling of Real-Time Tasks on Multicore Architectures
Colloque du GdR Soc/SiP
We present a new dynamic scheduling on multicore architectures. This is an improvement of the Optimal Finish Time (OFT) scheduler introduced by Lemerre reducing preemptions. Our result is compared with other schedulers and we show that our algorithm can handle with more general scheduling problems.
Other authors -
OASIS formal approach for distributed safety-critical real-time system design
ISOLA
Other authors -
Deterministic Distributed Safety-Critical Real-Time Systems within the Oasis Approach
IASTED PDCS
Distributed real-time systems have found widespread use in most key industries (nuclear, avionics, automotive, etc).This trend continues, with increasingly intricate systems performing safety-critical functions. Given the current emphasis on system reliability, major efforts must be devoted to demonstrating and guaranteeing their safety.
OASIS provides a real-time multitasking and communication approach with a complete set of development tools (e.g. code generation, validation, simulation…Distributed real-time systems have found widespread use in most key industries (nuclear, avionics, automotive, etc).This trend continues, with increasingly intricate systems performing safety-critical functions. Given the current emphasis on system reliability, major efforts must be devoted to demonstrating and guaranteeing their safety.
OASIS provides a real-time multitasking and communication approach with a complete set of development tools (e.g. code generation, validation, simulation and execution) to facilitate the design, testing and validation stages complying with prevailing
standards. OASIS is specifically geared to building deterministic systems whose behavior is predictable and reproducible in both the logical and temporal domains. Its development package is industrially available for single processor architectures and is presently being qualified for 1E-class nuclear systems. This paper describes our research, which focuses on implementing distributed safety-critical real-time systems.Other authorsSee publication -
OASIS: A chain of development for safety-critical embedded real-time systems
ERTS
In the domain of embedded systems, the design and the realization of performant and safety-critical real-time systems still constitute today a true scientific, technical and economical challenge [STANKOVIC88]. The difficulty is to realize, not only critical real-time systems that include more complex functions, but also to have an easier development, including verification and validation. The new solutions must be as safe as those already existing and be in accordance with the enforced…
In the domain of embedded systems, the design and the realization of performant and safety-critical real-time systems still constitute today a true scientific, technical and economical challenge [STANKOVIC88]. The difficulty is to realize, not only critical real-time systems that include more complex functions, but also to have an easier development, including verification and validation. The new solutions must be as safe as those already existing and be in accordance with the enforced standards ofthe concerned industrial domain, such as DO-178A and ARINC-653 in aerospace or CEI-880 and RFS in nuclear domain. The realization of safety-critical embedded systems with lower costs has resulted into the implementation and integration of several activities on one processor, in order to decrease the hardware costs. These systems run today correctly, but they are still expensive, difficult to maintain and do not guarantee determinism [STANKOVIC90] at the system level, therefore are inapplicable for industry. This paper begins with a presentation of the OASIS approach to mono processor architectures and presents the current research works on the distributed ones.
Other authors
Brevets
-
Method for the Deterministic Execution and Synchronization of an Information Processing System Comprinsing Plurality Cores Executing System Tasks
Émis le FR US 2011/0302589 A1
An information processing system includes two processing cores. The execution of an application by the system includes the execution of application tasks and the execution of system tasks, and the system includes a micro-kernel executing the system tasks, which are directly linked to hardware resources. The processing system includes a computation part of the micro-kernel executing system tasks relating to the switching of the tasks on a first core, and a control part of the micro-kernel…
An information processing system includes two processing cores. The execution of an application by the system includes the execution of application tasks and the execution of system tasks, and the system includes a micro-kernel executing the system tasks, which are directly linked to hardware resources. The processing system includes a computation part of the micro-kernel executing system tasks relating to the switching of the tasks on a first core, and a control part of the micro-kernel executing, on a second core, system tasks relating to the control of the task allocation order on the first core.
Other inventors
Cours
-
Startup Management Training, Incuballiance Incubator, France
-
Projets
-
EDEN2
- aujourd’hui
Get full confidence and enable deployment of Ethernet Time Sensitive network (TSN) as embedded network for multi domains architectures (aeronautic, spatial and automotive)
-
ADN4SE
-
The software has become the engine of innovation for all embedded systems: it is a vital component of industrial competitiveness. It must now fullfil strong constraints regarding safety and time-to-market, unfortunatly these objectives is not achievable with current RTOSs. However, the RTOS KRON-OS has unique properties enabling a development that is both fast and safe by construction. Therefore the partners of ADN4SE project have decided to rely on the characteristics of KRON-OS technology in…
The software has become the engine of innovation for all embedded systems: it is a vital component of industrial competitiveness. It must now fullfil strong constraints regarding safety and time-to-market, unfortunatly these objectives is not achievable with current RTOSs. However, the RTOS KRON-OS has unique properties enabling a development that is both fast and safe by construction. Therefore the partners of ADN4SE project have decided to rely on the characteristics of KRON-OS technology in order to establish a top-down and seamless process, based on a continuous toolchain, matching their safety and time-to-market requirements
Global project leader
Prix et distinctions
-
Winner of the Embedded Technologies Trophy Paris Air Forum 2018
Embedded France
-
Sagem Innovation Trophy
Safran
Its real-time integration tool Asterios received the Sagem Innovation Trophy from the hands of Martin Sion, CEO of Sagem, upon his visit of the Krono-Safe premises in march 2016.
-
Innovative enterprise creation contest 2012
French Ministry of Research
-
Gold electron category "critical software"
Journal ElectroniqueS
Organisations
-
CEA Association of PhD Students
President
-
Recommandations reçues
4 personnes ont recommandé Damien
Inscrivez-vous pour y accéderPlus d’activités de Damien
-
𝐏𝐫𝐞𝐦𝐢𝐞𝐫 𝐣𝐨𝐮𝐫, 𝐩𝐫𝐞𝐦𝐢𝐞𝐫 𝐝𝐞́𝐩𝐚𝐫𝐭, 𝐞𝐭 𝐝𝐞́𝐣𝐚̀ 𝐥𝐞𝐬 𝐟𝐢𝐧𝐞𝐬 𝐥𝐚𝐦𝐞𝐬 𝐝𝐞 𝐥𝐚 𝐫𝐞́𝐠𝐚𝐭𝐞 𝐬𝐮𝐫 𝐥𝐞𝐬…
𝐏𝐫𝐞𝐦𝐢𝐞𝐫 𝐣𝐨𝐮𝐫, 𝐩𝐫𝐞𝐦𝐢𝐞𝐫 𝐝𝐞́𝐩𝐚𝐫𝐭, 𝐞𝐭 𝐝𝐞́𝐣𝐚̀ 𝐥𝐞𝐬 𝐟𝐢𝐧𝐞𝐬 𝐥𝐚𝐦𝐞𝐬 𝐝𝐞 𝐥𝐚 𝐫𝐞́𝐠𝐚𝐭𝐞 𝐬𝐮𝐫 𝐥𝐞𝐬…
Aimé par Damien Chabrol, PhD
-
Breakthrough technology that we’ve developed with Capgemini will visualize the wind live on screen, allowing fans and commentators to better…
Breakthrough technology that we’ve developed with Capgemini will visualize the wind live on screen, allowing fans and commentators to better…
Aimé par Damien Chabrol, PhD
-
Tous les jours, je reçois des messages d’entrepreneurs qui s’interrogent sur les mêmes sujets. 🤔 👉 Ils me questionnent sur leur business plan…
Tous les jours, je reçois des messages d’entrepreneurs qui s’interrogent sur les mêmes sujets. 🤔 👉 Ils me questionnent sur leur business plan…
Aimé par Damien Chabrol, PhD
-
🏅 L'aventure des JO de Paris : un chapitre inoubliable ! Embauchée à la dernière minute, cette expérience a filé à toute vitesse et quel mois…
🏅 L'aventure des JO de Paris : un chapitre inoubliable ! Embauchée à la dernière minute, cette expérience a filé à toute vitesse et quel mois…
Aimé par Damien Chabrol, PhD
-
🇫🇷 Tony Estanguet pendant la cérémonie de clôture 😅 #Paris2024
🇫🇷 Tony Estanguet pendant la cérémonie de clôture 😅 #Paris2024
Aimé par Damien Chabrol, PhD
-
🇫🇷 MERCI À NOS 571 ATHLÈTES 💙🤍❤️ QUEL BONHEUR DE RETROUVER UNE FRANCE UNIE QUI VIBRE ENSEMBLE 🙏 LA FRANCE EST FIÈRE DE VOUS 🤩 #Paris2024…
🇫🇷 MERCI À NOS 571 ATHLÈTES 💙🤍❤️ QUEL BONHEUR DE RETROUVER UNE FRANCE UNIE QUI VIBRE ENSEMBLE 🙏 LA FRANCE EST FIÈRE DE VOUS 🤩 #Paris2024…
Aimé par Damien Chabrol, PhD
-
Ces #JeuxOlympiques nous ont fait rêver, vibrer. Durant 16 jours, #Paris2024 a montré ce qu’est la France : une Grande Nation, sportive, patriote…
Ces #JeuxOlympiques nous ont fait rêver, vibrer. Durant 16 jours, #Paris2024 a montré ce qu’est la France : une Grande Nation, sportive, patriote…
Aimé par Damien Chabrol, PhD
-
🇫🇷 Bilan des Jeux de Paris 2024 pour la France ❤️ On a vécu une quinzaine légendaire 🤩 #Paris2024
🇫🇷 Bilan des Jeux de Paris 2024 pour la France ❤️ On a vécu une quinzaine légendaire 🤩 #Paris2024
Aimé par Damien Chabrol, PhD