Arbitrary Hardware/Software Trade Offs

This paper discusses a novel transformation-based design methodology and its use in the design of complex programmable VLSI systems. During the life-cycle of a complex system, the optimal trade-off between partially implementing in hardware or software is changing. This is due to varying system requirements (short time-to-market, low-cost, low-power, etc.) and improving the device technology. The proposed methodology allows such redesigns to be made using different hardware-software trade-offs, in a guaranteed correct wa

STRICT: a language and tool set for the design of very large scale integrated circuits

PhD ThesisAn essential requirement for the design of large VLSI circuits is a design methodology which would allow the designer to overcome the complexity and correctness issues associated with the building of such circuits. We propose that many of the problems of the design of large circuits can be solved by using a formal design notation based upon the functional programming paradigm, that embodies design concepts that have been used extensively as the framework for software construction. The design notation should permit parallel, sequential, and recursive decompositions of a design into smaller components, and it should allow large circuits to be constructed from simpler circuits that can be embedded in a design in a modular fashion. Consistency checking should be provided as early as possible in a design. Such a methodology would structure the design of a circuit in much the same way that procedures, classes, and control structures may be used to structure large software systems. However, such a design notation must be supported by tools which automatically check the consistency of the design, if the methodology is to be practical. In principle, the methodology should impose constraints upon circuit design to reduce errors and provide' correctness by construction' . It should be possible to generate efficient and correct circuits, by providing a route to a large variety of design tools commonly found in design systems: simulators, automatic placement and routing tools, module generators, schematic capture tools, and formal verification and synthesis tools

Automated Code Generation for Industrial-Strength Systems

Model-driven engineering proposes to develop software systems by first creating an executable model of the system design and then transforming this model into an implementation. This paper discusses the design of an automatic code generation system that transforms such models into product implementations for highly reliable, industrial-strength systems. It provides insights, practical considerations, and lessons learned when developing code generators for applications that must conform to the constraints imposed by real-world, high-performance systems. Automatic code generation has played a large part in dramatically increasing both the quality and the reliability of software for these systems

On the engineering of crucial software

The various aspects of the conventional software development cycle are examined. This cycle was the basis of the augmented approach contained in the original grant proposal. This cycle was found inadequate for crucial software development, and the justification for this opinion is presented. Several possible enhancements to the conventional software cycle are discussed. Software fault tolerance, a possible enhancement of major importance, is discussed separately. Formal verification using mathematical proof is considered. Automatic programming is a radical alternative to the conventional cycle and is discussed. Recommendations for a comprehensive approach are presented, and various experiments which could be conducted in AIRLAB are described

A brief history of models and model based systems engineering and the case for relational orientation

Models are at the heart of science and engineering. Model-based approaches to software development and systems engineering use technologies to include graphical modeling languages, such as the Systems Modeling Language, that support system design and analysis through machine readable models. This paper traces key historical contributions of software and systems engineers over the past five decades to show a coherent concept of models and how they can be used for software and systems engineering. Recent model-based systems engineering methodologies supported by commercially available modeling tools are also summarized. Relational orientation is seen to be the underlying viewpoint that expresses and binds these approaches. Relational orientation for systems engineering (ROSE) is then specified using a general systems methodology. Systems are seen to access each other's models in ROSE much like classes in object orientation access each other's objects. Object-oriented frames for software engineering are extended to relational frames to specify an innovative framework for system design and analysis. This generalizes the axiomatic design approach of N. P. Suh. A repeatable procedure supporting greater concurrency between design and verification is also demonstrated for searching the solution space in linear axiomatic design

REALISTIC CORRECT SYSTEMS IMPLEMENTATION

The present article and the forthcoming second part on Trusted Compiler Implementation\ud address correct construction and functioning of large computer based systems. In view\ud of so many annoying and dangerous system misbehaviors we ask: Can informaticians\ud righteously be accounted for incorrectness of systems, will they be able to justify systems\ud to work correctly as intended? We understand the word justification in the sense: design\ud of computer based systems, formulation of mathematical models of information flows, and\ud construction of controlling software are to be such that the expected system effects, the\ud absence of internal failures, and the robustness towards misuses and malicious external attacks\ud are foreseeable as logical consequences of the models.\ud Since more than 40 years, theoretical informatics, software engineering and compiler\ud construction have made important contributions to correct specification and also to correct\ud high-level implementation of compilers. But the third step, translation - bootstrapping - of\ud high level compiler programs to host machine code by existing host compilers, is as important.\ud So far there are no realistic recipes to close this correctness gap, although it is known\ud for some years that trust in executable code can dangerously be compromised by Trojan\ud Horses in compiler executables, even if they pass strongest tests.\ud In the present first article we will give a comprehensive motivation and develop\ud a mathematical theory in order to conscientiously prove the correctness of an initial fully\ud trusted compiler executable. The task will be modularized in three steps. The third step of\ud machine level compiler implementation verification is the topic of the forthcoming second\ud part on Trusted Compiler Implementation. It closes the implementation gap, not only for\ud compilers but also for correct software-based systems in general. Thus, the two articles together\ud give a rather confident answer to the question raised in the title