We use an application domain specific design method, Lyra, to model a network architecture defined in the SpaceWire standard. The Lyra development method provides service-oriented approach to development of distributed communicating systems. Structurization of behavior into internal computation and externally observable behavior, and further on into different types of communication allows more efficient use of advanced formal verification and testing methods. The Lyra method has been designed particularly for industrial-strength use, so strong emphasis is on early development of the system-level integration model. The SpaceWire standard defines OSI layers 1 and 2. In this paper we focus on modeling the functionality of layer 2. We also discuss on verification of Lyra models indicating the need for more advanced verification methods and tools.
{"title":"Modeling the SpaceWire architecture with Lyra","authors":"Jukka Honkola, Sari Leppänen, T. Tynjälä","doi":"10.1109/ACSD.2005.26","DOIUrl":"https://doi.org/10.1109/ACSD.2005.26","url":null,"abstract":"We use an application domain specific design method, Lyra, to model a network architecture defined in the SpaceWire standard. The Lyra development method provides service-oriented approach to development of distributed communicating systems. Structurization of behavior into internal computation and externally observable behavior, and further on into different types of communication allows more efficient use of advanced formal verification and testing methods. The Lyra method has been designed particularly for industrial-strength use, so strong emphasis is on early development of the system-level integration model. The SpaceWire standard defines OSI layers 1 and 2. In this paper we focus on modeling the functionality of layer 2. We also discuss on verification of Lyra models indicating the need for more advanced verification methods and tools.","PeriodicalId":279517,"journal":{"name":"Fifth International Conference on Application of Concurrency to System Design (ACSD'05)","volume":"81 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-06-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131154771","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
This paper elaborates on the application of some aspects of robust systems control theory to the management of uncertainty and risk in distributed and complex design processes, having concurrent and dynamic subprocesses. The focus is in the context of the systems integration industries, such as automotive and aerospace. A key enabling technology to the management of such "speculative" design process is a uniform representation of all design entities using "rich components".
{"title":"Controlling speculative design processes using rich component models","authors":"W. Damm","doi":"10.1109/ACSD.2005.35","DOIUrl":"https://doi.org/10.1109/ACSD.2005.35","url":null,"abstract":"This paper elaborates on the application of some aspects of robust systems control theory to the management of uncertainty and risk in distributed and complex design processes, having concurrent and dynamic subprocesses. The focus is in the context of the systems integration industries, such as automotive and aerospace. A key enabling technology to the management of such \"speculative\" design process is a uniform representation of all design entities using \"rich components\".","PeriodicalId":279517,"journal":{"name":"Fifth International Conference on Application of Concurrency to System Design (ACSD'05)","volume":"134 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-06-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121287414","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Register transfer level (RTL) synthesis model which simplified the design of clocked circuits allowed design automation boost and VLSI progress for more than a decade. Shrinking technology and progressive increase in clock frequency are bringing clock to its physical limits. Asynchronous circuits, which are believed to replace globally clocked designs in the future, remain out of the competition due to the design complexity of some automated approaches and poor results of other techniques. Successful asynchronous designs are known but they are primarily custom. This work sketches an automated approach for automatically re-implementing conventional RTL designs as fine-grain pipelined asynchronous quasi-delay-insensitive (QDI) circuits and presents a framework for automated synthesis of such implementations from high-level behavior specifications. Experimental results are presented using our new dynamic asynchronous library.
{"title":"An automated fine-grain pipelining using domino style asynchronous library","authors":"A. Smirnov, A. Taubin, Ming Su, M. Karpovsky","doi":"10.1109/ACSD.2005.3","DOIUrl":"https://doi.org/10.1109/ACSD.2005.3","url":null,"abstract":"Register transfer level (RTL) synthesis model which simplified the design of clocked circuits allowed design automation boost and VLSI progress for more than a decade. Shrinking technology and progressive increase in clock frequency are bringing clock to its physical limits. Asynchronous circuits, which are believed to replace globally clocked designs in the future, remain out of the competition due to the design complexity of some automated approaches and poor results of other techniques. Successful asynchronous designs are known but they are primarily custom. This work sketches an automated approach for automatically re-implementing conventional RTL designs as fine-grain pipelined asynchronous quasi-delay-insensitive (QDI) circuits and presents a framework for automated synthesis of such implementations from high-level behavior specifications. Experimental results are presented using our new dynamic asynchronous library.","PeriodicalId":279517,"journal":{"name":"Fifth International Conference on Application of Concurrency to System Design (ACSD'05)","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-06-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126618637","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
We introduce and study problems of distributed observation with bounded or unbounded memory. We are given a system modeled as a finite-word language L over some finite alphabet /spl Sigma/ and subalphabets /spl Sigma//sub 1/,..., /spl Sigma//sub n/ of /spl Sigma/ modeling n distinct observation points. We want to build (when there exist) n observers which collect projections of a behavior in L onto /spl Sigma//sub 1/,..., /spl Sigma//sub n/, then send them to a central decision point. The latter must determine whether the original behavior was in a given K /spl sube/ L. In the unbounded-memory case, observers record the entire sequence they observe. In the bounded-memory case, they are required to be finite-state automata. We show that, when L is trace-closed with respect to the usual dependence relation induced by /spl Sigma//sub 1/,..., /spl Sigma//sub n/, unbounded-memory observability is equivalent to K being centrally observable and trace-closed, thus decidable. When L is not trace-closed, the problem is undecidable, even if K and L are regular. We also show that bounded-memory observability is equivalent to unbounded-memory observability (thus decidable) when L is trace-closed and /spl Sigma//sub i/ are pairwise disjoint. Otherwise, the problem remains open. In the decidable cases, observers and decision function can be automatically synthesized.
{"title":"Two-phase distributed observation problems","authors":"S. Tripakis","doi":"10.1109/ACSD.2005.33","DOIUrl":"https://doi.org/10.1109/ACSD.2005.33","url":null,"abstract":"We introduce and study problems of distributed observation with bounded or unbounded memory. We are given a system modeled as a finite-word language L over some finite alphabet /spl Sigma/ and subalphabets /spl Sigma//sub 1/,..., /spl Sigma//sub n/ of /spl Sigma/ modeling n distinct observation points. We want to build (when there exist) n observers which collect projections of a behavior in L onto /spl Sigma//sub 1/,..., /spl Sigma//sub n/, then send them to a central decision point. The latter must determine whether the original behavior was in a given K /spl sube/ L. In the unbounded-memory case, observers record the entire sequence they observe. In the bounded-memory case, they are required to be finite-state automata. We show that, when L is trace-closed with respect to the usual dependence relation induced by /spl Sigma//sub 1/,..., /spl Sigma//sub n/, unbounded-memory observability is equivalent to K being centrally observable and trace-closed, thus decidable. When L is not trace-closed, the problem is undecidable, even if K and L are regular. We also show that bounded-memory observability is equivalent to unbounded-memory observability (thus decidable) when L is trace-closed and /spl Sigma//sub i/ are pairwise disjoint. Otherwise, the problem remains open. In the decidable cases, observers and decision function can be automatically synthesized.","PeriodicalId":279517,"journal":{"name":"Fifth International Conference on Application of Concurrency to System Design (ACSD'05)","volume":"103 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-06-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131654210","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Perfectly synchronous systems immediately react to the inputs of their environment, which may lead to so-called causality cycles between actions and their trigger conditions. Algorithms to analyze the consistency of such cycles usually extend data types by an additional value to explicitly indicate unknown values. In particular, Boolean functions are thereby extended to ternary functions. However, a Boolean function usually has several ternary extensions, and the result of the causality analysis depends on the chosen ternary extension. In this paper, we show that there always is a maximal ternary extension that allows one to solve as many causality problems as possible. Moreover, we elaborate the relationship to hazard elimination in hardware circuits, and finally show how the maximal ternary extension of a Boolean function can be efficiently computed by means of binary decision diagrams.
{"title":"Maximal causality analysis","authors":"K. Schneider, J. Brandt, T. Schüle, T. Tuerk","doi":"10.1109/ACSD.2005.24","DOIUrl":"https://doi.org/10.1109/ACSD.2005.24","url":null,"abstract":"Perfectly synchronous systems immediately react to the inputs of their environment, which may lead to so-called causality cycles between actions and their trigger conditions. Algorithms to analyze the consistency of such cycles usually extend data types by an additional value to explicitly indicate unknown values. In particular, Boolean functions are thereby extended to ternary functions. However, a Boolean function usually has several ternary extensions, and the result of the causality analysis depends on the chosen ternary extension. In this paper, we show that there always is a maximal ternary extension that allows one to solve as many causality problems as possible. Moreover, we elaborate the relationship to hazard elimination in hardware circuits, and finally show how the maximal ternary extension of a Boolean function can be efficiently computed by means of binary decision diagrams.","PeriodicalId":279517,"journal":{"name":"Fifth International Conference on Application of Concurrency to System Design (ACSD'05)","volume":"119 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-06-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124585795","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Systems on a chip (SoC) are complex embedded systems consisting of many hardware and software blocks. As the complexity of SoCs grows, the focus is less on the computation, and increasingly on communication. This results in a shift from design based on platforms (design templates) to design style that is communication-centric. In this new paradigm, on-chip interconnects must address both the deep-submicron challenges (managing the number of long wires, timing closure, etc.) and complexity (scalability, quality of service, etc.). Networks on chips (NoC) have emerged as a new type of interconnect that can solve these problems. In this paper we introduce the Ethereal NoC as an example to identify when and where formal methods can play a role in this field of research. NoCs use the same basic concepts as computer networks (packets and routers), but the trade-offs that must and can be made are very different. Wires are relatively shorter, NoC resources are relatively expensive compared to the computation resources are interconnected, and the on-chip environment is more stable than off-chip (e.g. for data loss and synchronisation). As a result, many new NoC architectures have been developed.
{"title":"Formal methods for networks on chips","authors":"K. Goossens","doi":"10.1109/ACSD.2005.36","DOIUrl":"https://doi.org/10.1109/ACSD.2005.36","url":null,"abstract":"Systems on a chip (SoC) are complex embedded systems consisting of many hardware and software blocks. As the complexity of SoCs grows, the focus is less on the computation, and increasingly on communication. This results in a shift from design based on platforms (design templates) to design style that is communication-centric. In this new paradigm, on-chip interconnects must address both the deep-submicron challenges (managing the number of long wires, timing closure, etc.) and complexity (scalability, quality of service, etc.). Networks on chips (NoC) have emerged as a new type of interconnect that can solve these problems. In this paper we introduce the Ethereal NoC as an example to identify when and where formal methods can play a role in this field of research. NoCs use the same basic concepts as computer networks (packets and routers), but the trade-offs that must and can be made are very different. Wires are relatively shorter, NoC resources are relatively expensive compared to the computation resources are interconnected, and the on-chip environment is more stable than off-chip (e.g. for data loss and synchronisation). As a result, many new NoC architectures have been developed.","PeriodicalId":279517,"journal":{"name":"Fifth International Conference on Application of Concurrency to System Design (ACSD'05)","volume":"25 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-06-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123618608","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
We consider the distributed implementability problem: Given a labeled transition system TS together with a distribution /spl Delta/ of its actions over a set of processes, does there exist a distributed system over /spl Delta/ such that its global transition system is 'equivalent' to TS? We work with the distributed system models of synchronous products of transition systems (Arnold, 1994) and asynchronous automata (Zielonka, 1987). In this paper we provide complexity bounds for the above problem with three interpretations of 'equivalent': as transition system isomorphism, as language equivalence, and as bisimilarity. In particular, we solve problems left open in Castellani et al. (1999) and Morin (1999).
我们考虑分布式可实现性问题:给定一个标记的转换系统TS及其在一组过程上的操作的分布/spl Delta/,是否存在一个超过/spl Delta/的分布式系统,使得其全局转换系统“等同于”TS?我们研究了过渡系统(Arnold, 1994)和异步自动机(Zielonka, 1987)的同步产品的分布式系统模型。本文给出了上述问题的复杂度界限,并给出了“等价”的三种解释:转换系统同构、语言等价和双相似。特别是,我们解决了Castellani et al.(1999)和Morin(1999)中遗留的问题。
{"title":"Complexity results for checking distributed implementability","authors":"Keijo Heljanko, Alin Stefanescu","doi":"10.1109/ACSD.2005.7","DOIUrl":"https://doi.org/10.1109/ACSD.2005.7","url":null,"abstract":"We consider the distributed implementability problem: Given a labeled transition system TS together with a distribution /spl Delta/ of its actions over a set of processes, does there exist a distributed system over /spl Delta/ such that its global transition system is 'equivalent' to TS? We work with the distributed system models of synchronous products of transition systems (Arnold, 1994) and asynchronous automata (Zielonka, 1987). In this paper we provide complexity bounds for the above problem with three interpretations of 'equivalent': as transition system isomorphism, as language equivalence, and as bisimilarity. In particular, we solve problems left open in Castellani et al. (1999) and Morin (1999).","PeriodicalId":279517,"journal":{"name":"Fifth International Conference on Application of Concurrency to System Design (ACSD'05)","volume":"417 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-06-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134634988","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In this paper, we propose extended Rebeca as a tool-supported actor-based language for modeling and verifying concurrent and distributed systems. We enrich Rebeca with a formal concept of components which integrates the message-driven computational model of actor-based languages with synchronous message passing. Components are used to encapsulate a set of internal active objects which react asynchronously to messages by means of methods and which additionally interact via a synchronous message passing mechanism. Components themselves interact only via asynchronous and anonymous messages. We present our compositional verification approach and abstraction techniques, and the theory corresponding to it, based on the formal semantics of Rebeca. These techniques are exploited to overcome the state explosion problem in model checking.
{"title":"Extended Rebeca: a component-based actor language with synchronous message passing","authors":"M. Sirjani, F. D. Boer, A. Movaghar, A. Shali","doi":"10.1109/ACSD.2005.12","DOIUrl":"https://doi.org/10.1109/ACSD.2005.12","url":null,"abstract":"In this paper, we propose extended Rebeca as a tool-supported actor-based language for modeling and verifying concurrent and distributed systems. We enrich Rebeca with a formal concept of components which integrates the message-driven computational model of actor-based languages with synchronous message passing. Components are used to encapsulate a set of internal active objects which react asynchronously to messages by means of methods and which additionally interact via a synchronous message passing mechanism. Components themselves interact only via asynchronous and anonymous messages. We present our compositional verification approach and abstraction techniques, and the theory corresponding to it, based on the formal semantics of Rebeca. These techniques are exploited to overcome the state explosion problem in model checking.","PeriodicalId":279517,"journal":{"name":"Fifth International Conference on Application of Concurrency to System Design (ACSD'05)","volume":"223 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-06-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114986247","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
We introduce a model for the representation of asynchronous implementations of synchronous specifications. The model covers classical implementations, where a notion of global synchronization is preserved by means of signaling, and globally asynchronous, locally synchronous (GALS) implementations where the global clock is removed. Our model offers a unified framework for reasoning about two essential correctness properties of an implementation: the preservation of semantics and the absence of deadlocks.
{"title":"Correct-by-construction asynchronous implementation of modular synchronous specifications","authors":"D. Potop-Butucaru, Benoît Caillaud","doi":"10.1109/ACSD.2005.10","DOIUrl":"https://doi.org/10.1109/ACSD.2005.10","url":null,"abstract":"We introduce a model for the representation of asynchronous implementations of synchronous specifications. The model covers classical implementations, where a notion of global synchronization is preserved by means of signaling, and globally asynchronous, locally synchronous (GALS) implementations where the global clock is removed. Our model offers a unified framework for reasoning about two essential correctness properties of an implementation: the preservation of semantics and the absence of deadlocks.","PeriodicalId":279517,"journal":{"name":"Fifth International Conference on Application of Concurrency to System Design (ACSD'05)","volume":"17 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-06-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121084801","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Signal transition graphs (STGs) are a version of Petri nets for the specification of asynchronous circuit behaviour. It has been suggested to decompose such a specification as a first step; this leads to a modular implementation, which can support circuit synthesis by possibly avoiding state explosion or allowing the use of library elements. In a previous paper, the original method was extended and shown to be much more generally applicable than known before. But further extensions are necessary, and some are presented here, e.g.: to avoid dynamic auto-conflicts, the previous paper insisted on avoiding structural auto-conflicts, which is too restrictive; we show how to work with the latter type of auto-conflicts. This and another simple extension makes it necessary to restructure presentation and correctness proof of the decomposition algorithm.
{"title":"Improved decomposition of STGs","authors":"W. Vogler, Ben Kangsah","doi":"10.1109/ACSD.2005.21","DOIUrl":"https://doi.org/10.1109/ACSD.2005.21","url":null,"abstract":"Signal transition graphs (STGs) are a version of Petri nets for the specification of asynchronous circuit behaviour. It has been suggested to decompose such a specification as a first step; this leads to a modular implementation, which can support circuit synthesis by possibly avoiding state explosion or allowing the use of library elements. In a previous paper, the original method was extended and shown to be much more generally applicable than known before. But further extensions are necessary, and some are presented here, e.g.: to avoid dynamic auto-conflicts, the previous paper insisted on avoiding structural auto-conflicts, which is too restrictive; we show how to work with the latter type of auto-conflicts. This and another simple extension makes it necessary to restructure presentation and correctness proof of the decomposition algorithm.","PeriodicalId":279517,"journal":{"name":"Fifth International Conference on Application of Concurrency to System Design (ACSD'05)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-06-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130698138","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: