An operational semantics of real time design language RT-CDL

Abstract

Any methodology for the design of a complex system needs a basis for specification and verification. This is particularly so for realtime systems since safety and reliability ate extremely important for these systems. As a first step, we provide au operational semantics for the language RT-CDL (Real Time Common Design Language) employing Plotkin’s labeled transition systems using the maximal paraheliim model of Salwicki and Miildner. The language is based on the event-action model and is capable of (i) expressing various timing constraints, (ii) responding to various teal-time exceptions, and (iii) specifying, reasoning, verifying about programs in a compositional manner. We show how to model the behavior of non-buffered broadcasts, durational events, priority, interrupts, and preemptive commands through the semantics. Our approach is compositional and thus provides a firm basis for compositional specification and verification of pmgrams. 1. Motivation and Related Work One of the primary objectives of Ada has been the programmability of real-time embedded systems. However, the definition of Ada [3] allows a high-priority task to wait for a low-priority task for an unpredictable delay. Furthetmore. Ada lacks the power of hamessing the parallelism inherent in mal-time systems. For instance, in Ada, we caunot even interleave some of the operations that am possible in the monitor-based languages--which is a disadvantage at many times. The rendezvous mechanism places a lot of restriction with reference to realizing multiform clocks and harnessing parallelism. Another notable point is that even though the traditional description tools of industrial process control systems arc intrinsically parallel, it is paradoxical that the computerization of these systems results in the progressive replacement of these parallel tools by programming languages involving a great amount of sequential&y. There has been quite a substantial effort in looking for specification/programming languages for real-time distributed systems. However, if we look at requirements for real-time languages [41, we can come to the conclusion that most of these Permission to CODV without fee ah or Dart of this material is eranted provided that the &pies are not made or &stributed for direct com;hercial advantaee. the ACM couvricht notice and the title of the Dubhcation and its date>ppear, and no&% given that copying is by p&uission of the Association for Computing Machinery. To copy otherwise, or to republish, requires a fee and/oi specific permi&on. 01989 ACM 0-89791~305-1/89/0500/0075$00.75 languages fall short of expectations. For example, many languages do not provide any explicit means of correctly specifying timing constraints, or are limited to either delay or timeout statement [lo]. This limitation not only reduces the expressive power of languages (and hence cannot be used in certain applications such as switching and digital systems) but also makes it difficult to reason about the timing constraints of a given program text. RT-Euclid [8] is essentially a monitor-based language with features for expressing timebounded loops; however, achieving data integrity through mutualexclusion, again, is not desirable even in non-real-time languages WI. Let us take a look at some of the major efforts towards a desirable specification/programming language for real-time systems. A first systematic study of considering the reasons for the lack of suitable specification/programming languages tt~ulted in the language Esterel [2]. Esterel was designed for programming responsive systems assuming a snong synchrony hypothesis (i.e., control transfer and transmission of events am instantaneous) and thus overcame several of the deficiencies. In Estetel, there is no internal notion of time; the argument is that the local clock can be simulated through an external clock signal. Although such an assumption leads to efficient and nice stmctures, the assumption is questionable from a realistic point of view and may result in tbe causality problem (something like a short circuit cf. [ 11). One important feature of reactive systems is that they are primarily eventbased rather than transformational (state-based). With this view point, the efforts by Hatcl, Pnueli et al. started looking for pragmatic formalism (perhaps mixed specification and ptxgramming) that would aid in the design of reactive systems. Their study resulted in the formalisms referred to as Statecharts ([5,6]). This formalism is based on state diagrams (thus providing graphic design aid) overcoming some of the drawbacks of state diagrams such as flatness, sequential&y, etc. Statechatts cater for hierarchical specification and multi-level concurrency via the broadcast communication mechanism. Although the language has great exprcssive power, the semantic of some features, e.g., micro-steps, is not very well understood [7]. Furthermore, Statecharts lack data abstraction in the current form. Also, even though the current technology looks for systems which am not necessarily text-based (perhaps one could consider graphic objects as primitive objects), we feel that a graphic based system may provide only an aid rather than a complete basis in the development of large systems.