Design of Embedded Systems: Formal Models, Validation, and Synthesis
 PROCEEDINGS OF THE IEEE
, 1999
"... This paper addresses the design of reactive realtime embedded systems. Such systems are often heterogeneous in implementation technologies and design styles, for example by combining hardware ASICs with embedded software. The concurrent design process for such embedded systems involves solving the ..."
This paper addresses the design of reactive realtime embedded systems. Such systems are often heterogeneous in implementation technologies and design styles, for example by combining hardware ASICs with embedded software. The concurrent design process for such embedded systems involves solving the specification, validation, and synthesis problems. We review the variety of approaches to these problems that have been taken.
A rational deconstruction of Landin’s SECD machine
 Implementation and Application of Functional Languages, 16th International Workshop, IFL’04, number 3474 in Lecture Notes in Computer Science
, 2004
"... Abstract. Landin’s SECD machine was the first abstract machine for applicative expressions, i.e., functional programs. Landin’s J operator was the first control operator for functional languages, and was specified by an extension of the SECD machine. We present a family of evaluation functions corre ..."
Abstract. Landin’s SECD machine was the first abstract machine for applicative expressions, i.e., functional programs. Landin’s J operator was the first control operator for functional languages, and was specified by an extension of the SECD machine. We present a family of evaluation functions corresponding to this extension of the SECD machine, using a series of elementary transformations (transformation into continuationpassing style (CPS) and defunctionalization, chiefly) and their left inverses (transformation into direct style and refunctionalization). To this end, we modernize the SECD machine into a bisimilar one that operates in lockstep with the original one but that (1) does not use a data stack and (2) uses the callersave rather than the calleesave convention for environments. We also identify that the dump component of the SECD machine is managed in a calleesave way. The callersave counterpart of the modernized SECD machine precisely corresponds to Thielecke’s doublebarrelled continuations and to Felleisen’s encoding of J in terms of call/cc. We then variously characterize the J operator in terms of CPS and in terms of delimitedcontrol operators in the CPS hierarchy. As a byproduct, we also present several reduction semantics for applicative expressions
Filters on coinductive streams, an application to eratosthenes’ sieve
 Typed Lambda Calculi and Applications, 7th International Conference, TLCA 2005
, 2005
"... Our objective is to describe a formal proof of correctness for the following Haskell [13] program in a type theorybased proof verification system, such as the Coq system [10, 1]. sieve (p:rest) = p:sieve [r  r < rest, r ‘rem ‘ p / = 0] primes = sieve [2..] This program is a functional implementa ..."
Our objective is to describe a formal proof of correctness for the following Haskell [13] program in a type theorybased proof verification system, such as the Coq system [10, 1]. sieve (p:rest) = p:sieve [r  r < rest, r ‘rem ‘ p / = 0] primes = sieve [2..] This program is a functional implementation of Eratosthenes ’ sieve that consists in removing all multiples of previously found primes from the sequence of natural numbers. We want to prove that the expression primes is the stream containing all the prime numbers in increasing order. This work relies on coinductive types [5, 11, 12] because the program manipulates infinite lists, also known as streams. It first uses the infinite list of natural numbers larger than 2, then the infinite list of numbers larger than 3 and containing no multiples of 2, then the infinite list of numbers larger than 4 and containing no multiples of prime numbers smaller than 4, and so on. This example was initially proposed as a challenge by G. Kahn and used as an illustration of a program and its proof of correctness in a
Discovering Needed Reductions Using Type Theory
, 1994
"... The identification of the needed redexes in a term is an undecidable problem. We introduce a (partially decidable) type assignment system, which distinguishes certain redexes called the allowable redexes. For a welltyped term e, allowable redexes are needed redexes. In addition, with principal typi ..."
The identification of the needed redexes in a term is an undecidable problem. We introduce a (partially decidable) type assignment system, which distinguishes certain redexes called the allowable redexes. For a welltyped term e, allowable redexes are needed redexes. In addition, with principal typing, all the needed redexes of a normalisable term are allowable. Using these results, we can identify all the needed reductions of a principally typed normalisable term. Possible applications of these results include strictness and sharing analysis for functional programming languages, and a reduction strategy for welltyped terms which satisfies L'evy's notion of optimal reduction.
Models for Persistence in Lazy Functional Programming Systems
, 1993
"... Research into providing support for long term data in lazy functional programming systems is presented in this thesis. The motivation for this work has been to reap the benefits of integrating lazy functional programming languages and persistence. The benefits are . the programmer need not write cod ..."
Research into providing support for long term data in lazy functional programming systems is presented in this thesis. The motivation for this work has been to reap the benefits of integrating lazy functional programming languages and persistence. The benefits are . the programmer need not write code to support long term data since this is provided as part of the programming system . persistent data can be used in a type safe way since the programming language type system applies to data with the whole range of persistence . the benefits of lazy evaluation are extended to the full lifetime of a data value. Whilst data is reachable, any evaluation performed on the data persists. A data value changes monotonically from an unevaluated state towards a completely evaluated state over time. . interactive data intensive applications such as functional databases can be developed. These benefits are realised by the development of models for persistence in lazy functional programming systems. Tw...
Interpreter Prototypes From Formal Language Definitions
, 1993
"... Denotational semantics is now used widely for the formal definition of programming languages but there is a lack of appropriate tools to support language development. General purpose language implementation systems are oriented to syntax with poor support for semantics. Specialised denotational sema ..."
Denotational semantics is now used widely for the formal definition of programming languages but there is a lack of appropriate tools to support language development. General purpose language implementation systems are oriented to syntax with poor support for semantics. Specialised denotational semantics based systems correspond closely to the formalism but are rendered inflexible for language experimentation by their monolithic multiple stages Exploratory language development with formal definitions is better served by a unitary notation, encompassing syntax and semantics, which is close to but simpler than denotational semantics. Interactive implementation of the notation then facilitates language investigation through the direct execution of a formal definition as an interpreter for the defined language. This thesis presents Navel, a runtime typed, applicative order, pure functional programming language with integrated context free grammar rules. Navel has been used to develop prot...
Parallel Functional Programming for MessagePassing Multiprocessors
, 1993
"... We propose a framework for the evaluation of implicitly parallel functional programs on message passing multiprocessors with special emphasis on the issue of load bounding. The model is based on a new encoding of the lcalculus in Milner's pcalculus and combines lazy evaluation and eager (parallel ..."
We propose a framework for the evaluation of implicitly parallel functional programs on message passing multiprocessors with special emphasis on the issue of load bounding. The model is based on a new encoding of the lcalculus in Milner's pcalculus and combines lazy evaluation and eager (parallel) evaluation in the same framework. The pcalculus encoding serves as the specification of a more concrete compilation scheme mapping a simple functional language into a message passing, parallel program. We show how and under which conditions we can guarantee successful load bounding based on this compilation scheme. Finally we discuss the architectural requirements for a machine to support our model efficiently and we present a simple RISCstyle processor architecture which meets those criteria. 3 Acknowledgments Many people have had profound influence on this thesis and I want to pay tribute to some of them here. To my supervisor, Tony Davie, for his willingness to supervise what start...
A Parallel Functional Language Compiler for MessagePassing Multicomputers
, 1998
"... The research presented in this thesis is about the design and implementation of Naira, a parallel, parallelising compiler for a rich, purely functional programming language. The source language of the compiler is a subset of Haskell 1.2. The front end of Naira is written entirely in the Haskell subs ..."
The research presented in this thesis is about the design and implementation of Naira, a parallel, parallelising compiler for a rich, purely functional programming language. The source language of the compiler is a subset of Haskell 1.2. The front end of Naira is written entirely in the Haskell subset being compiled. Naira has been successfully parallelised and it is the largest successfully parallelised Haskell program having achieved good absolute speedups on a network of SUN workstations. Having the same basic structure as other production compilers of functional languages, Naira's parallelisation technology should carry forward to other functional language compilers. The back end of Naira is written in C and generates parallel code in the C language which is envisioned to be run on distributedmemory machines. The code generator is based on a novel compilation scheme specified using a restricted form of Milner's ßcalculus which achieves asynchronous communication. We present the f...