Typical embedded hardware/software systems are implemented using a combination of C and an HDL such as Verilog. While each is well-behaved in isolation, combining the two gives a nondeterministic model whose ultimate behavior must be validated through expensive (cycle-accurate) simulation. We propose an alternative for describing such systems. Our SHIM (software/hardware integration medium) model, effectively Kahn networks with rendezvous communication, provides deterministic concurrency. We present the Tiny-SHIM language for such systems and its semantics, demonstrate how to implement it in hardware and software, and discuss how it can be used to model a real-world system. By providing a powerful, deterministic formalism for expressing systems, designing systems and verifying their correctness will become easier.

We present a new block diagram language for describing synchronous software. It coordinates the execution of synchronous, concurrent software modules, allowing real-time systems to be assembled from precompiled blocks specified in other languages. The semantics we present, based on fixed points, is deterministic even in the presence of instantaneous feedback. The execution policy develops a static schedule—a fixed order in which to execute the blocks that makes the system execution predictable. We present exact and heuristic algorithms for finding schedules that minimize system execution time, and show that good schedules can be found quickly. The scheduling algorithms are applicable to other problems where large systems of equations need to be solved.

This paper describes a multi-formalism experiment design in the domain of realtime

We lay a foundation for modeling and validation of asynchronous designs in a multi-clock synchronous programming model. This allows us to study properties of globally asynchronous systems using synchronous simulation and model-checking toolkits. Our approach can be summarized as automatic transformation of a design consisting of two asynchronously composed synchronous components into a fully synchronous multi-clock model preserving behavioral equivalence. The ultimate goal of this research is to provide the ability to model and build GALS systems in a fully synchronous design framework and deploy it on an asynchronous network preserving all properties of the system proven in the synchronous framework. 1.

Abstract. This paper aims to simplify recent efforts proposed by the Berkeley school in giving a formal semantics to the Ptolemy toolbox. We achieve this by developing a simple and elegant functional theory of deterministic tag systems that is a generalisation of Kahn Process Network theory (KPN). Our theory extends KPN by encompassing networks of processes labelled by tags from partially ordered sets and makes deeper use of Scott theory of Complete Partial Orders (CPO). Since CPO compose well under direct sums, heterogeneous systems are simply captured by direct sums of homogeneous systems, which are in turn constructed by connecting systems over different tag sets by means of tag conversion processes. For the (large) class of tag systems of “stream ” type, we show how to define tag conversion processes and how to implement process communication. The resulting architecture is fully decentralised and does not require Ptolemy’s directors. Last but not least, it provides distribution for free. 1

ing time away (and still having it) Simin Nadjm-Tehrani Dept. of Computer and Information Science, Linkoping University [simin@ida.liu.se] Keywords: synchronous languages, block diagrams, statecharts, formal verification, hybrid (continuous/discrete) systems, air control system Extended Abstract 1 Introduction Support for system specification in terms of modelling and simulation environments is becoming increasingly essential in safety-critical real-time applications. Also, a current trend is the automatic code-generation, and integration with formal methods tools in terms of translators from a high level design. In this paper we describe methods for embedded system verification based on the synchronous family of languages. In this approach early design specifications and the initial control programs are expressed in a synchronous language. These languages have a formal semantics and at the same time an intuitive appeal within the engineering community. Languages such as state...

interpretation is a method for analyzing programs in order to collect approximate information about their run-time behavior; this information can be used as a guide to the construction of reliable and ecient systems. Abstract interpretation is based on a non-standard semantics, that is a semantic denition in which the standard (concrete) domain is replaced by a simpler (abstract) one, and operations are interpreted on the new domain. One of the most popular approaches to abstract interpretation is dened in by P. and R. Cousot. By using this approach a variety of dierent analyses can be systematically dened. Moreover, the proof of correctness of the analysis can be done in a standard way. Several methods to combine abstract interpretation and model checking have been proposed in the last few years [9-11]. A verication technique successfully used for synchronous formalisms is that of observer monitoring [12]. According to this technique, a safety property can be mapped to a prog...

We lay a foundation for modeling and validation of asynchronous designs in a multi-clock synchronous programming model. This allows us to study properties of globally asynchronous systems using synchronous simulation and model-checking toolkits. Our approach can be summarized as automatic transformation of a design consisting of two asynchronously composed synchronous components into a fully synchronous multi-clock model preserving the ow equivalence. Since true asynchrony is not amenable to modeling in synchronous design frameworks, we seek to automatically insert desynchronizing protocol to 'match' the asynchronous model. Such protocol insertion brings about the possibility of formally investigating the behavior of globally asynchronous components in synchronous environments and hence leveraging the tools and techniques developed over decades for such environments. The ultimate goal of this research is to provide the possibility to model and build GALS systems in a way to preserve some proven properties when deployed on an asynchronous network.

We lay a foundation for modeling and validation of asynchronous designs in a multi-clock synchronous programming model. This allows us to study properties of globally asynchronous systems using synchronous simulation and model-checking toolkits. Our approach can be summarized as automatic transformation of a design consisting of two asynchronously composed synchronous components into a fully synchronous multi-clock model preserving the ow equivalence. Since true asynchrony is not amenable to modeling in synchronous design frameworks, we seek to automatically insert desynchronizing protocol to 'match' the asynchronous model. Such protocol insertion brings about the possibility of formally investigating the behavior of globally asynchronous components in synchronous environments and hence leveraging the tools and techniques developed over decades for such environments. The ultimate goal of this research is to provide the possibility to model and build GALS systems in a way to preserve some proven properties when deployed on an asynchronous network.