Modeling and validating globally asynchronous design in synchronous frameworks
16 Feb 2004-Vol. 1, pp 10384-10384
TL;DR: The ultimate goal of this research is to provide the ability to model and build GALS systems in a fully synchronous design framework and deploy it on an asynchronous network preserving all properties of the system proven in the synchronous framework.
Abstract: We lay a foundation for modeling and validation of asynchronous designs in a multi-clock synchronous programming model. This allows us to study properties of globally asynchronous systems using synchronous simulation and model-checking toolkits. Our approach can be summarized as automatic transformation of a design consisting of two asynchronously composed synchronous components into a fully synchronous multi-clock model preserving behavioral equivalence. The ultimate goal of this research is to provide the ability to model and build GALS systems in a fully synchronous design framework and deploy it on an asynchronous network preserving all properties of the system proven in the synchronous framework.
Citations
More filters
DOI•
01 Jan 2008
TL;DR: A submitted manuscript is the author's version of the article upon submission and before peer-review as mentioned in this paper, and the final published version features the final layout of the paper including the volume, issue and page numbers.
Abstract: • A submitted manuscript is the author's version of the article upon submission and before peer-review. There can be important differences between the submitted version and the official published version of record. People interested in the research are advised to contact the author for the final version of the publication, or visit the DOI to the publisher's website. • The final author version and the galley proof are versions of the publication after peer review. • The final published version features the final layout of the paper including the volume, issue and page numbers.
90 citations
Cites background or methods from "Modeling and validating globally as..."
...For example, asynchronous communication can be modeled by using additional processes in a synchronous language such as χ, which is a common and widely used approach [Milner 1989; De Boer et al. 1992; Baeten and Bergstra 1992; Halbwachs and Baghdadi 2002; Mousavi et al. 2004]....
[...]
..., in the area of so-called globally asynchronous locally synchronous (GALS) systems [Halbwachs and Baghdadi 2002; Mousavi et al. 2004]....
[...]
25 Jul 2005
TL;DR: The authors survey various methodologies used for leveraging asynchronous on-chip communication and investigate various GALS based implementations, desynchronisation strategies and asynchronous network-on-chip (NoC) designs.
Abstract: Various kinds of asynchronous interconnect and synchronisation mechanisms are being proposed for designing low power, low emission and high-speed SOCs. They facilitate modular design and possess greater resilience to fabrication time inter-chip and run-time intra-chip process variability. They can provide a solution for low power consumption in chips and simplify global timing assumptions, e.g. on clock skew, by having asynchronous communication between modules. A few methodologies, including globally asynchronous, locally synchronous and desynchronisation, aim at leveraging the benefits of both synchronous and asynchronous design paradigms. The authors survey various methodologies used for leveraging asynchronous on-chip communication. They investigate various GALS based implementations, desynchronisation strategies and asynchronous network-on-chip (NoC) designs.
63 citations
26 Jun 2009
TL;DR: A general approach for modelling and verifying Gals systems using a combination of synchronous languages (for the sequential components) and process calculi (for communication channels and asynchronous concurrency) is proposed.
Abstract: A Gals (Globally Asynchronous Locally Synchronous) system typically consists of a collection of sequential, deterministic components that execute concurrently and communicate using slow or unreliable channels. This paper proposes a general approach for modelling and verifying Gals systems using a combination of synchronous languages (for the sequential components) and process calculi (for communication channels and asynchronous concurrency). This approach is illustrated with an industrial case-study provided by Airbus: a TftpUdp communication protocol between a plane and the ground, which is modelled using the Eclipse/ Topcased workbench for model-driven engineering and then analysed formally using the Cadp verification and performance evaluation toolbox.
39 citations
TL;DR: A methodology that ensures a correct-by-construction functional implementation of these systems from high-level models is proposed and the capability of the synchronous approach to apply formal techniques and tools that guarantee the reliability of the designed systems is shown.
Abstract: This paper presents the design of distributed embedded systems using the synchronous multiclock model of the SIGNAL language. It proposes a methodology that ensures a correct-by-construction functional implementation of these systems from high-level models. It shows the capability of the synchronous approach to apply formal techniques and tools that guarantee the reliability of the designed systems. Such a capability is necessary and highly worthy when dealing with safety-critical systems. The proposed methodology is demonstrated through a case study consisting of a simple avionic application, which aims to pragmatically help the reader to understand the manipulated formal concepts, and to apply them easily in order to solve system correctness issues encountered in practice. The application functionality is first modeled as well as its distribution on a generic hardware architecture. This relies on the endochrony and endo-isochrony properties of SIGNAL specifications, defined previously. The considered architectures include asynchronous communication mechanisms, which are also modeled in SIGNAL and proved to achieve message exchanges correctly. Furthermore, the synchronizability of the different parts in the resulting system is addressed after its deployment on a specific execution platform with multirate clocks. After all these steps, a distributed code can be automatically generated.
27 citations
Cites background from "Modeling and validating globally as..."
...These constructs are expressive enough to derive new constructs of the language for comfort and structuring....
[...]
...While these studies were mostly devoted to the practical side, Benveniste and Le Guernic lead several theoretical works on the distribution of SIGNAL programs [8], [9], [25], [11], [37], [41]....
[...]
Dissertation•
29 Apr 2011
TL;DR: Cette these se situe a l'intersection de deux domaines-cles : l'ingenierie dirigee par les modeles (IDM) and les methodes formelles, avec differents champs d'application, pour developper une application par transformations successives ou non entre modeles intermediaires a differents niveaux d'abstraction.
Abstract: Cette these se situe a l'intersection de deux domaines-cles : l'ingenierie dirigee par les modeles (IDM) et les methodes formelles, avec differents champs d'application. Elle porte sur la verification formelle d'applications paralleles modelisees selon l'approche IDM. Dans cette approche, les modeles tiennent un role central et permettent de developper une application par transformations successives (automatisees ou non) entre modeles intermediaires a differents niveaux d'abstraction, jusqu'a la production de code executable. Lorsque les modeles ont une semantique formelle, il est possible d'effectuer une verification automatisee ou semi-automatisee de l'application. Ces principes sont mis en oeuvre dans TOPCASED, un environnement de developpement d'applications critiques embarquees base sur ECLIPSE, qui permet la verification formelle par connexion a des boites a outils existantes. Cette these met en oeuvre l'approche TOPCASED en s'appuyant sur la boite a outils CADP pour la verification et sur son plus recent formalisme d'entree : LOTOS NT. Elle aborde la verification formelle d'applications IDM a travers deux problemes concrets : 1) Pour les systemes GALS (Globalement Asynchrone Localement Synchrone), une methode de verification generique par transformation en LOTOS NT est proposee, puis illustree sur une etude de cas industrielle fournie par AIRBUS : un protocole pour les communications entre un avion et le sol decrit dans le langage synchrone SAM concu par AIRBUS. 2) Pour les services Web decrits a l'aide de la norme BPEL (Business Process Execution Language), une methode de verification est proposee, qui est basee sur une transformation en LOTOS NT des modeles BPEL, en prenant en compte les sous-langages XML Schema, XPath et WSDL sur lesquels repose la norme BPEL.
10 citations
References
More filters
TL;DR: A denotational framework (a "meta model") within which certain properties of models of computation can be compared is given, which describes concurrent processes in general terms as sets of possible behaviors.
Abstract: We give a denotational framework (a "meta model") within which certain properties of models of computation can be compared. It describes concurrent processes in general terms as sets of possible behaviors. A process is determinate if, given the constraints imposed by the inputs, there are exactly one or exactly zero behaviors. Compositions of processes are processes with behaviors in the intersection of the behaviors of the component processes. The interaction between processes is through signals, which are collections of events. Each event is a value-tag pair, where the tags can come from a partially ordered or totally ordered set. Timed models are where the set of tags is totally ordered. Synchronous events share the same tag, and synchronous signals contain events with the same set of tags. Synchronous processes have only synchronous signals as behaviors. Strict causality (in timed tag systems) and continuity (in untimed tag systems) ensure determinacy under certain technical conditions. The framework is used to compare certain essential features of various models of computation, including Kahn process networks, dataflow, sequential processes, concurrent sequential processes with rendezvous, Petri nets, and discrete-event systems.
687 citations
TL;DR: The aim of the present article is to review and summarize these formal, correct-by-construction, design transformations of system specifications (morphisms) that preserve the intended semantics and stated properties of the architecture under design.
Abstract: Rising complexities and performances of integrated circuits and systems, shortening time-to-market demands for electronic equipments, growing installed bases of intellectual property (IP), requirements for adapting existing IP blocks with new services, all stress high-level design as a prominent research topic and call for the development of appropriate methodological solutions. In this aim, system design based on the so-called "synchronous hypothesis" consists of abstracting the nonfunctional implementation details of a system and lets one benefit from a focused reasoning on the logics behind the instants at which the system functionalities should be secured. With this point of view, synchronous design models and languages provide intuitive (ontological) models for integrated circuits. This affinity explains the ease of generating synchronous circuits and verify their functionalities using compilers and related tools that implement this approach. In the relational mathematical model behind the design language SIGNAL, this affinity goes beyond the domain of purely synchronous circuits, and embraces the context of complex architectures consisting of synchronous circuits and desynchronization protocols: globally asynchronous and locally synchronous architectures (GALS). The unique features of the relational model behind SIGNAL are to provide the notion of polychrony: the capability to describe circuits and systems with several clocks; and to support refinement: the ability to assist and support system design from the early stages of requirement specification, to the later stages of synthesis and deployment. The SIGNAL model provides a design methodology that forms a continuum from synchrony to asynchrony, from specification to implementation, from abstraction to concretization, from interfaces to implementations. SIGNAL gives the opportunity to seamlessly model circuits and devices at multiple levels of abstractions, by implementing mechanisms found in many hardware simulators, while reasoning within a simple and formally defined mathematical model. In the same manner, the flexibility inherent to the abstract notion of signal, handled in the synchronous-desynchronized design model of SIGNAL, invites and favors the design of correct by construction systems by means of well-defined transformations of system specifications (morphisms) that preserve the intended semantics and stated properties of the architecture under design. The aim of the present article is to review and summarize these formal, correct-by-construction, design transformations. Most of them are implemented in the POLYCHRONY tool-set, allowing for a mixed bottom–up and top–down design of an embedded hardware–software system using the SIGNAL design language.
257 citations
24 Aug 1999
TL;DR: In this article, the authors present an in-depth discussion of the relationships between synchrony and asynchrony, and state theorems which guarantee correct desynchronization, meaning that the original synchronous semantics can be reconstructed from the result of this desynchronisation.
Abstract: We present an in-depth discussion of the relationships between synchrony and asynchrony. Simple models of both paradigms are presented, and we state theorems which guarantee correct desynchronization, meaning that the original synchronous semantics can be reconstructed from the result of this desynchronization. Theorems are given for both the desynchronization of single synchronous programs, and for networks of synchronous programs to be implemented using asynchronous communication. Assumptions for these theorems correspond to proof obligations that can be checked on the original synchronous designs. If the corresponding conditions are not satisfied, suitable synchronous mini-programs which will ensure correct desynchronization can be composed with the original ones. This can be seen as a systematic way to generate "correct protocols" for the asynchronous distribution of synchronous designs. The whole approach has been implemented, in the framework of the SACRES project, within the Sildex tool marketed by TNI, as well as in the SIGNAL compiler.
94 citations
07 Oct 2002
TL;DR: This work proposes a protocol that ensures a coherent system of logical clocks on the top of Loosely Time-Triggered Architectures, and provides several proofs for it, both manual and automatic, based on synchronous languages and associated model checkers.
Abstract: A distributed real-time control system has a time-triggered nature, just because the physical system for control is bound to physics. Loosely Time-Triggered Architectures (LTTA) are a weaker form of the strictly synchronous Time-Triggered Architecture proposed by Kopetz, in which the different periodic clocks are not synchronized, and thus may suffer from relative offset or jitter.We propose a protocol that ensures a coherent system of logical clocks on the top of LTTA, and we provide several proofs for it, both manual and automatic, based on synchronous languages and associated model checkers. We briefly discuss how this can be used for correct deployment of synchronous designs on an LTTA.
90 citations
"Modeling and validating globally as..." refers background in this paper
...Modeling and Validating Globally Asynchronous Design in Synchronous Frameworks MohammadReza Mousavi1, Paul Le Guernic2, Jean-Pierre Talpin2 , Sandeep Kumar Shukla3,TwanBasten1 1 Eindhoven University of Technology, Eindhoven, The Netherlands 2INRIA/IRISA, Rennes, France 3Virginia Tech., Blacksburg, USA Abstract We lay a foundation for modeling and validation of asynchronous designs in a multi-clock synchronous programming model....
[...]
...Modeling and Validating Globally Asynchronous Design in Synchronous Frameworks MohammadReza Mousavi1, Paul Le Guernic2, Jean-Pierre Talpin2 , Sandeep Kumar Shukla3,TwanBasten1 1 Eindhoven University of Technology, Eindhoven, The Netherlands 2INRIA/IRISA, Rennes, France 3Virginia Tech.,…...
[...]
16 Feb 2004
TL;DR: It is shown that significant extensions are needed to make latency-insensitive systems useful for the practical design of large-scale SoC's, and three extensions are proposed that have the potential for improved throughput, reduced power consumption, and greater flexibility in design.
Abstract: Latency-insensitive systems were recently proposed by Carloni et al. as a correct-by-construction methodology for single-clock system-on-a-chip (SoC) design using predesigned IP blocks. Their approach overcomes the problem of long latencies of global interconnects in deep-submicron technologies, while still maintaining much of the inherent simplicity of synchronous design. In particular, wires whose latency is greater than a clock cycle are segmented using "relay stations", and IP blocks are made robust to arbitrary communication delays. This paper shows, however, that significant extensions are needed to make latency-insensitive systems useful for the practical design of large-scale SoC's. In particular, this paper proposes three extensions. The first extension allows each synchronous module to treat its input and output channels in a much more flexible manner, i.e., with greater decoupling. The second extension generalizes inter-module communication from point-to-point channels to more complex networks of arbitrary topologies. Finally, the third extension is to target multi-clock SoC's. The net impact of our extensions is the potential for improved throughput, reduced power consumption, and greater flexibility in design.
60 citations