Implementation of the data-flow synchronous language SIGNAL
PLDI '95 Proceedings of the ACM SIGPLAN 1995 conference on Programming language design and implementation
Automatic Distribution of Reactive Systems for Asynchronous Networks of Processors
IEEE Transactions on Software Engineering
Information and Computation
Distributed Implementation of SIGNAL: Scheduling & Graph Clustering
ProCoS Proceedings of the Third International Symposium Organized Jointly with the Working Group Provably Correct Systems on Formal Techniques in Real-Time and Fault-Tolerant Systems
Correct-by-Construction Asynchronous Implementation of Modular Synchronous Specifications
ACSD '05 Proceedings of the Fifth International Conference on Application of Concurrency to System Design
Concurrency in Synchronous Systems
Formal Methods in System Design
Compositional design of isochronous systems
Proceedings of the conference on Design, automation and test in Europe
Hi-index | 0.01 |
Safety-critical embedded applications are often distributed. For example, software in an automotive control or in avionics control are distributed over a large number of distributed processors which are connected over some domain specific buses. Correctness of such applications is of paramount importance due to their safety-critical nature. Synchronous programming models (e.g. Esterel, SIGNAL, Lustre) make synchrony assumption (zero time intra-module computation and zero time inter module communication) while modeling such applications so that the model is easier to verify. Once verified, models built with such assumptions need to be distributed over an asynchronous communication based platform which brings out the challenge of Globally Asynchronous and Locally synchronous (GALS) design. The correctness preserving refinement of a fully synchronous model onto a globally asynchronous communication media implies that various restrictions be imposed on the synchronous model. In the realm of polychronous programming model (exemplified by the SIGNAL language), a property called 'endo-isochrony' was proposed in early 1990s. Endochrony of individual modules assures safe sequential code generation from the module specification, and isochrony ensures safe communication between modules. In this paper, first we provide a more general sufficient condition for isochrony. Second, we generalize the definition of isochrony for weakly-endochronous modules. Further, we introduce the notion of directional isochrony which provides sufficient conditions for safe communication between modules in one direction but not in the other direction. The results in this paper not only simplifies the understanding of the conditions under which a polychronous specification can be implemented in GALS, but also sheds interesting lights on causality and isochrony. When the synchronous modules are reused as IPs, the conditions described here can be checked to see whether those modules can be composed asynchronously with the same behavior as their synchronous composition.