This paper studies the semantics of hierarchical finite state machines (FMS's) that are composed using various concurrency models, particularly dataflow, discrete-events, and synchronous/reactive modeling. It is argued that all three combinations are useful, and that the concurrency model can be selected independently of the decision to use hierarchical FSM's. In contrast, most formalisms that combine FSM's with concurrency models, such as Statecharts (and its variants) and hybrid systems, tightly integrate the FSM semantics with the concurrency semantics. An implementation that supports three combinations is described.

Linear Relation Analysis [CH78] is an abstract interpretation devoted to the automatic discovery of invariant linear inequalities among numerical variables of a program. In this paper, we apply such an analysis to the verification of quantitative time properties of two kinds of systems: synchronous programs and linear hybrid systems.

This paper is a survey of our specification and verification techniques, in a very general, language independent, framework. Section 1 introduces a simple model of synchronous input/output machines, which will be used throughout the paper. In section 2, we show how such a machine can be designed to check the satisfaction of a safety property, and we discuss the use of such an observer in program verification. In section 3, we use an observer to restrict the behavior of a machine. This is the basic way for representing assumptions about the environment. Applications to modular and inductive verification are considered. In modular verification, one has to find, by intuition, a property of a subprogram that is strong enough to allow the verification of the whole program without fully considering the subprogram. In section 4, we consider the automatic synthesis of such a property, and in section 5, we investigate the possibility of deducing the subprogram from such a synthesized specification.

Statecharts are a very rich graphical specification formalism supported by the commercial tool Statemate. Statecharts comprises powerful concepts such as interlevel transitions, multiple-source/multiple-target transitions, priority amongst transitions and simultaneous execution of maximal non-conflicting sets of transitions. Every add-on tool which is supposed to be linked with the Statemate tool have to deal with the rather involved semantics of these concepts. We propose extended hierarchical automata as an intermediate format to facilitate the linking of new tools to the Statemate environment, whose main idea is to devise a simple formalism with a more restricted syntax than statecharts which nevertheless allows to capture the richer formalism. We define the format, give operational semantics to it, and translate statecharts to it.

this paper we present such a \Psi

. In the field of reactive system programming, dataflow synchronous languages like Lustre [BCH + 85,CHPP87] or Signal [GBBG85] offer a syntax similar to block-diagrams, and can be efficiently compiled into C code, for instance. Designing a system that clearly exhibits several "independent" running modes is not difficult since the mode structure can be encoded explicitly with the available dataflow constructs. However the mode structure is no longer readable in the resulting program; modifying it is error prone, and it cannot be used to improve the quality of the generated code. We propose to introduce a special construct devoted to the expression of a mode structure in a reactive system. We call it mode-automaton, for it is basically an automaton whose states are labeled by dataflow programs. We also propose a set of operations that allow the composition of several mode-automata (parallel and hierarchic compositions taken from Argos [Mar92]), and we study the properties...

. We present a new semantics of Statecharts that excludes failures and a compositional formulation of this semantics based on Labelled Transition Systems (LTS). We consider a hierarchy of LTS equivalences and we study their congruence properties w.r. to statechart operators. 1

Abstract not found

We present a new block diagram language for describing synchronous software. It coordinates the execution of synchronous, concurrent software modules, allowing real-time systems to be assembled from precompiled blocks specified in other languages. The semantics we present, based on fixed points, is deterministic even in the presence of instantaneous feedback. The execution policy develops a static schedule—a fixed order in which to execute the blocks that makes the system execution predictable. We present exact and heuristic algorithms for finding schedules that minimize system execution time, and show that good schedules can be found quickly. The scheduling algorithms are applicable to other problems where large systems of equations need to be solved.

A system is said to be reactive if it interacts continuously with an environment, at a speed imposed by the environment. The system deals with inputs and outputs and the languages for programming reactive systems aim at describing the complex ordering and causality relations between the inputs and the corresponding outputs. The synchronous approach, based upon the assumption that a system reacts in zero time, allows the definition of compositional semantics for various kinds of language constructs, in data-flow frameworks (Lustre [3], Signal [4]) as well as in imperative frameworks (Esterel [1, 2], Argos [8]). In this paper we take advantage of this compositionality property to define the mixing of data-flow constructs with automaton compositions in a single language. We apply the results to Lustre and Argos, and discuss some implementation issues. 1 Introduction According to the classification of computer systems introduced by A. Pnueli and D. Harel [6], a system is either transform...