Behavior description and safety in real time models

This paper includes a survey on sorne modern methods that are used for describing and analyzing behavior of complex systems. It is believed that most safety problems arise in the interface between the controlling parts and other controlled subsystems. Therefore, a prerequisite for a good interface is an accurate definition of the system. Two objectives are evaluated: the description power and the analysis power for safety and timing properties. This is done by describing and analyzing a simple system that is composed of two doors, which are restricted by time and "safety" requirements. It is found that although good description methods do exist, their usefulness for analyzing safety timed properties is very limited

Formally-Based Design Evaluation (extended version)

This paper investigates specification, verification and test generation for synchronous and asynchronous circuits. The approach is called DILL (Digital Logic in LOTOS). DILL models are discussed for synchronous and asynchronous circuits. Relations for (strong) conformance are defined for verifying a design specification against a high-level specification. An algorithm is also outlined for generating and applying implementation tests based on a specification. Tools have been developed for automated test generation and verification of conformance between an implementation and its specification. The approach is illustrated with various benchmark circuits as case studies

Verifying and Testing Asynchronous Circuits using LOTOS (extended version)

It is shown howDILL (Digital Logic in LOTOS) can be used to specify,verify and test asynchronous hardware designs. Asynchronous (unclocked) circuits are a topic of active research in the hardware community. It is illustrated how DILL can address some of the key challenges. New relations for (strong) conformance are defined for assessing a circuit implementation against its specification. An algorithm is also presented for generating and applying implementation tests based on a specification. Tools have been developed for automated verification of conformance and generation of tests. The approach is illustrated with three case studies that explore speed independence, delay sensitivity and testing of sample asynchronous circuit designs

HOP: a process model for synchronous hardware systems

technical reportModules in HOP are black-boxes that are understood and used only in terms of their interface. The interface consists of d a t a ports, events, and a protocol specification that uses events and asserts/queries values to / from ports. Events are realized as different combinations of control wires or as predicates defined over data conduits. Module await either command events or status events. Data conduits are realized as bus structures that deliver the same data items at the receiving end as items sent at t h e sending end (i.e. the busses do not have any wire-permutations, tappings, etc.). HOP is useful for writing both requirements (a priori) specifications and design (a posteriori) specifications. The manner in which requirements are expressed has usually no bearing on the actual implementation chosen later. Design specifications capture known facts about a system that has been built or has been designed in detail. In a HOP based design methodology, design proceeds hierarchically, and on many occasions (but not always) top-down. For most large systems, t h e requirements specification consists of the specification of a collection of modules and not one module; for these systems, the single module view is only derived a posteriori

A review of wildland fire spread modelling, 1990-present 3: Mathematical analogues and simulation models

In recent years, advances in computational power and spatial data analysis (GIS, remote sensing, etc) have led to an increase in attempts to model the spread and behvaiour of wildland fires across the landscape. This series of review papers endeavours to critically and comprehensively review all types of surface fire spread models developed since 1990. This paper reviews models of a simulation or mathematical analogue nature. Most simulation models are implementations of existing empirical or quasi-empirical models and their primary function is to convert these generally one dimensional models to two dimensions and then propagate a fire perimeter across a modelled landscape. Mathematical analogue models are those that are based on some mathematical conceit (rather than a physical representation of fire spread) that coincidentally simulates the spread of fire. Other papers in the series review models of an physical or quasi-physical nature and empirical or quasi-empirical nature. Many models are extensions or refinements of models developed before 1990. Where this is the case, these models are also discussed but much less comprehensively.Comment: 20 pages + 9 pages references + 1 page figures. Submitted to the International Journal of Wildland Fir

A Formal, Hierarchical Design and Validation Methodology for VLSI

The high cost of fabricating VLSI circuits requires that they be validated, that is, shown to function correctly, before manufacture. The cost of design errors can be kept to a minimum if such validation occurs as early as possible; this is achieved by integrating validation into a hierarchical design procedure. In this thesis, a hierarchical approach to design, in which validation is performed between each pair of adjacent levels in the hierarchy, is developed. In order to adopt such an approach, a language is required for the formal description of hardware behaviour and structure. Therefore an important aspect of the development of the methodology, and a major theme of the thesis, is the development of languages to support the methodology. An enhanced version of CIRCAL, which enables large and abstract devices to be described concisely and supports formal reasoning about the behaviour of constructed systems, is presented. Specifications should accurately model the behaviour of real hardware and should be useful for design and validation; they should also be easy to write. In order to realise these goals, a number of specification techniques have been developed and a new language which enforces some of these techniques, thereby easing the specification task, is proposed. Ways in which a language may assist design have been investigated. Language constructs which restrict a designer, thereby removing some design decisions, have been developed. A simple correctness-preserving transformation is presented, illustrating another way in which a designer may be assisted by a formal language. Specification techniques play an important part in the validation task, as accurate and consistent modelling is vital in establishing the correctness of implementations. Techniques have also been developed which enable detailed implementations to be usefully compared with more abstract specifications. This is demonstrated in a large example, the specification, design and formal verification of a simple microprocessor. Finally, the concept of contextual constraints, restrictions on the environment in which a device may be placed, is introduced. A method of specifying such constraints has been developed, and it is shown that their formal treatment can provide assistance in specification, design and verification

Specifying and reasoning about concurrent systems in logic

Imperial Users onl

Specification-driven design of custom hardware in HOP

technical reportWe present a language "Hardware viewed as Objects and Processes" (HOP) for specifying the structure, behavior, and timing of hardware systems. HOP embodies a simple process model for lock-step synchronous processes. Processes may be described both as a black-box and as a collection of interacting sub-processes. The latter can be statically simplified using an algorithm 'PARCOMP'. PARCOMP symbolically simulates a collection of interacting processes. The advantages claimed for HOP include simple semantics, intuitiveness, high expressive power, and numerous provisions to support easily verifiable designs all the way to VLSI layout. After introducing HOP, and presenting some of the results obtained from experimenting with the HOP design system, we present the design of a large hardware system (the "Utah Simulation Engine") currently being developed to speed-up distributed discrete event simulation using Time Warp. Issues in the specification driven design of this system are discussed and illustrated using HOP