Abstract

Safety-critical embedded applications are often distributed. For example, software in an automotive control or in avionics control are distributed over a large number of distributed processors which are connected over some domain specific buses. Correctness of such applications is of paramount importance due to their safety-critical nature. Synchronous programming models (e.g. Esterel, SIGNAL, Lustre) make synchrony assumption (zero time intra-module computation and zero time inter module communication) while modeling such applications so that the model is easier to verify. Once verified, models built with such assumptions need to be distributed over an asynchronous communication based platform which brings out the challenge of Globally Asynchronous and Locally synchronous (GALS) design. The correctness preserving refinement of a fully synchronous model onto a globally asynchronous communication media implies that various restrictions be imposed on the synchronous model. In the realm of polychronous programming model (exemplified by the SIGNAL language), a property called ‘endo-isochrony’ was proposed in early 1990s. Endochrony of individual modules assures safe sequential code generation from the module specification, and isochrony ensures safe communication between modules. In this paper, first we provide a more general sufficient condition for isochrony. Second, we generalize the definition of isochrony for weakly-endochronous modules. Further, we introduce the notion of directional isochrony which provides sufficient conditions for safe communication between modules in one direction but not in the other direction. The results in this paper not only simplifies the understanding of the conditions under which a polychronous specification can be implemented in GALS, but also sheds interesting lights on causality and isochrony. When the synchronous modules are reused as IPs, the conditions described here can be checked to see whether those modules can be composed asynchronously with the same behavior as their synchronous composition.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.