SCADE 6: A formal language for embedded critical software development (invited paper)

SCADE is a high-level language and environment for developing safety-critical embedded control software. It has been used for more than twenty years in various application domains like avionics, nuclear plants, transportation, and automotive. SCADE was founded on the synchronous data-flow language Lustre invented by Caspi and Halbwachs. In the early years, it was mainly seen as a graphical notation for Lustre but with the unique and key addition of a code generator qualified to the highest standards for safety-critical applications. In 2008, a major revision based on the new language `Scade 6' was released. This language is an original combination of the Lustre data-flow style with control structures borrowed from Esterel and SyncCharts, and compilation and static analyses from Lucid Synchrone for ensuring safety properties. This increase in expressiveness together with the qualified code generator have dramatically widened SCADE scope of applications. While previous publications have described some of its language constructs and compiler algorithms, no reference publication on `Scade 6' exists to date. In this paper, we recall the decisions made in its design, illustrate the main language features and static analyses, and describe the compiler organization developed to satisfy the qualification process.