SCADE

SCADE, short for Safety Critical Application Development Environment, was created by Esterel Technologies (now part of ANSYS) in the early 1990s. SCADE is a model-based development environment used for designing, implementing, and verifying safety-critical embedded systems in avionics, automotive, and railway domains. Developers can access SCADE by downloading it from the official site: SCADE Suite, which provides the development environment, toolchains, and documentation for Windows and Linux platforms.

SCADE exists to provide a deterministic, formally verifiable platform for developing reactive and embedded systems that require compliance with safety standards such as DO-178C and ISO 26262. Its design philosophy emphasizes formal correctness, modularity, and model-based abstraction, allowing developers to generate certified code automatically from high-level models. By using visual modeling, synchronous semantics, and verification tools, SCADE solves the problem of producing reliable, maintainable, and certifiable software for safety-critical applications.

SCADE: Model-Based Design

SCADE uses a visual model-based approach, where system behavior is defined using blocks and dataflows. Models represent system logic, control flow, and data dependencies, forming the foundation for automatic code generation.

-- Example SCADE node
node Counter(reset: bool) returns (count: int);
var temp: int;
let
    temp = if reset then 0 else pre(count) + 1;
    count = temp;
tel

Nodes define reusable computation units, and pre captures the previous value of a signal. This approach allows deterministic modeling and is conceptually similar to Lustre and Simulink for reactive system design.

SCADE: Operators and Expressions

SCADE supports arithmetic, logical, relational, and temporal operators, enabling concise computation definitions over signals and time-varying data.

node Filter(input: real) returns (output: real);
let
    output = input + pre(input) * 0.5;
tel

Expressions compute outputs based on inputs and past values, enabling reactive behavior modeling. This declarative approach to signal processing mirrors concepts in Lustre and Simulink.

SCADE: Node Composition and Modularity

SCADE allows hierarchical node composition to build complex systems from simpler blocks. Nodes can be reused and interconnected for modular system design.

node TopSystem(reset: bool; input: real) returns (output: real);
var counter_val: int;
let
    counter_val = Counter(reset);
    output = Filter(input);
tel

Hierarchical composition ensures maintainability and clarity. Modularity in SCADE is comparable to hierarchical modeling in Simulink and node composition in Lustre, supporting verification and structured design.

SCADE: Verification and Code Generation

SCADE integrates formal verification and certified code generation for safety-critical embedded systems, ensuring deterministic execution and compliance with standards.

-- Example assertion in SCADE
assert count >= 0;

Assertions and formal analysis enable developers to statically check system properties. Code generated from models can be automatically verified for standards compliance, similar to verification tools used with Lustre.

SCADE is used extensively in avionics, automotive systems, and railway applications where formal correctness and safety certification are required. Its model-based, synchronous design, modular node composition, and integrated verification tools make it a robust platform for designing safety-critical embedded systems. When used alongside Lustre and Simulink, SCADE enables engineers to model, simulate, verify, and generate production-ready code for high-assurance applications efficiently.