. The multi-language environment Synchronie supports the design and formal verification of synchronous reactive systems. Presently, Synchronie integrates three synchronous languages, Esterel, Lustre, and Argos. In the synchronous approach, not only the system but also its properties can be specified using a synchronous language. In Synchronie properties can be formalised textually as Esterel or Lustre programs, or graphically as Argos programs. Moreover, properties may also be specified as temporal logic formulas with past or future operators. It is shown how to specify and automatically prove properties of a time-triggered protocol taking advantage of this environment. 1 Introduction This paper demonstrates how the multi-language environment Synchronie [13] can ease the formal verification of reactive systems. Reactive systems continously react to stimuli from their environment. They are often embedded in electronic products, mass transportation systems, and industrial pla...

The languages for modeling reactive systems can be divided in two styles: the imperative ones and the declarative ones. This paper shows a way to translate a Statecharts specification (imperative) to a Signal one (declarative, equational, synchronous). This translation gives access to the Signal tools from a Statecharts specification: verification, efficient / distributed / compact code generation using the clock calculus available in Signal. 1 Introduction 1.1 Objective Different languages exist for the design of reactive systems: the languages Lustre [6] and Signal [5],[2] are declarative and equational data flow languages, while Esterel [4], Statecharts [7] and Argos [12] are imperative ones. The choice between the declarative and the imperative approach has an influence upon facility to handle a given application area. For instance, declarative languages easily handle signal processing while imperative formalism are often used for control systems. The need for a control mechanis...

Abstract: A motivation for the design of a novel hardware platform for processing algorithms based on High-Level Petri Nets is presented. ALPiNe (Asynchronous High-Level Petri Net) processor is aimed at embedded discrete-event control applications and is characterized by its natural incorporation of external stimuli into the computation flow. The processor consists of two layers of hardware: one for determining when and which computations will take place, and another for effectively performing the actual computations. A hybrid architecture and hardware organization are described in detail. The process of software development is presented, augmented with an illustrative example. In conclusion, comments on advantages and possible future implementations are made.

Synchronous programming is available through several formally defined languages having very different characteristics: ESTEREL is imperative, while LUSTRE and SIGNAL are declarative in style; STATECHARTS and ARGOS are graphical languages that allow one to program by constructing hierarchical automata. Our motivation for taking the synchronous design paradigm further, integrating imperative, declarative (or dataflow), and graphical programming styles, is that real systems typically have components that match each of these profiles. This paper motivates our interest in the mixed language programming of embedded software around a number of examples, and sketches the semantical foundation of the SYNCHRONIE toolset which ensures a coherent computational model. This toolset supports a design trajectory that incorporates rapid prototyping and systematic testing for early design validation, an object oriented development methodology for long term software management, and formal verification at the level of automatically generated object code.

Synchronous programming is available through several formally defined languages having very different characteristics: Esterel is an imperative language while Lustre and Signal are declarative in style; Statecharts and Argos are graphical and allow one to program by constructing hierarchical automata. Our motivation for taking the synchronous design paradigm further, integrating imperative, declarative (or dataflow), and graphical programming styles, is that real systems typically have components that match each of these profiles. In this paper we motivate our interest in mixed language programming of embedded software around a number of examples, and sketch the semantical foundation of the Synchronie toolset which ensures a coherent computational model. This toolset supports a design trajectory that incorporates rapid prototyping and systematic testing for early design validation, an object oriented development methodology for long term software management, and formal ver...

ion, Modular Verification and Assumption Discharge A. Merceron GMD - SET-EES, SchloBirlinghoven, D-53754 Sankt Augustin email: merceron@gmd.de Abstract We verify synchronous programs using model checking. To cope with data and big programs, we use an automatic abstraction mechanism as well as modular verification. Both are proved to be conservative for the logic 8CTL . Model checking an abstract module M 1 may lead to the formulation of some assumption on some module M 2 . Assumption are discharged using model checking or theorem proving or combining both, depending on which data of M 2 have to be taken into account. We applied our method to a medium-scale industrial example, a Lock system for contactless transponder keys. 1 Introduction Model checking is a well known approach to formal verification. A main advantage of this approach is that it is automatic. A major drawback is that it requires finite state systems that do not explode. In this paper we propose abstraction and m...

The languages for modeling reactive systems are of different styles, like the imperative, state-based ones and the declarative, data-flow ones. They are adapted to different application domains. This paper, through the example of the languages Statecharts and Signal, shows a way to give a model of an imperative specification (Statecharts) in a declarative, equational one (Signal). This model constitutes a formal model of the Statemate semantics of Statecharts, upon which formal analysis techniques can be applied. Being a transformation from an imperative to a declarative structure, it involves the definition of generic models for the explicit management of state (in the case of control as well as of data). In order to obtain a structural construction of the model, a hierarchical and modular organization is proposed, including proper management and propagation of control along the hierarchy. The results presented here cover the essential features of Statecharts as well as of another language of Statemate: Activitycharts. As a translation, it makes multiformalism specification possible, and provides support for the integrated operation of the languages. The motivation lies also in the perspective of gaining access to the various formal analysis and implementation tools of the synchronous technology, using the DC � exchange format, as in the Sacres programming environment.