• No results found

As in the case of temporal logics, simple automata models can be used for abstract tem- poral modeling, in which only the sequence of events is important. The formal language accepted by these automata denes the set of legal/possible system behaviors. Because legal system behaviors are often innite, automata that accept innite strings (e.g.,

!

- automata) are often needed. We refer readers to an introductory text on automata theory (e.g., [Eilenberg 74] or [Hopcroft & Ullman 79]) for a more complete discussion of the models that support only sequencing relationships. An example of their use can be found in [Katzenelson & Kurshan 86] in which several commercial communication protocols are veried. These techniques have also been used to produce nite automata models for analog circuits [Kurshan & McMillan 91].

Timed Automata are a class of nite automata dened by [Alur & Dill 90] that can express hard real-time constraints, e.g., \the acknowledgment should occur within 5 seconds." They are based on

!

-automata augmented with a nite set of timers that record the passage of time. Timers can be reset by a state transition (e.g., when a request is made) and a timer's value can be compared to a time constant and this comparison can be used to constrain state-transitions (e.g., an acknowledge is only accepted if the timer shows that ve seconds or less have elapsed).

The Input/Output Automata of [Lynch & Tuttle 89] have been extended to support more exact timing requirements by [Bestavros 90], [Merritt et al. 91], and [Lynch & Attiya 92]. One advantage of this specication language is that complex systems can be

specied by composing together simpler system components. A new model for concurrent systems, behavior nite-state machines (BFSMs) [Leeser et al. 91] has special language constructs for specifying communication between interacting automata. Communication allows designers to work at a higher level of abstraction and is a feature that helps automata models avoid the state explosion that would otherwise occur when multiple automata (that are essentially independent) are composed and expressed using a single automata.

Trace Theory is a general framework for specication where system behavior is de- scribed by a set of traces. A trace is an ordered sequence of system activities (e.g., transitions on input and output wires). For example, a legal trace of the four cycle com- munication protocol of Figure 2.3 would be: \

R

";

A

";

R

#;

A

#;

R

";

A

";

R

#;

A

#

:::

"

Trace theory has been used extensively to verify asynchronous speed-independent cir- cuits [Dill 88], [Rem et al. 83], [van de Snepscheut 85], [Ebergen 87]. There are a variety of extensions to this body of theory that handle more detailed timing requirements. One approach introduces a ctitious clock and a special tick transition that is used to measure elapsed time. The number of tick transitions that occur between two other transitions in a trace species the delay between the two transitions. This model is not completely accurate. For example, it is not possible to state that two transitions are separated by exactly 2 seconds; the presence of two ticks could indicate that the transitions are separated by at least 1 but no more than 3 seconds. The granularity of a tick can be changed (e.g., one tick equals .001 seconds) to obtain a suitable degree of accuracy. A more realistic approach based on a continuous model of time uses timed traces in which every transition is labeled with a real number. A summary of the many dierent timing models (i.e., quantized vs. continuous, interleaving vs. simultaneity, etc.) can be found in [Burch 92] which presents a unifying theory for trace algebras that are used to specify temporal behavior.

There are close relationships between nite automata, trace theory (algebra), and the formal logics and algebras described in the previous subsection. For example, the tableau

methodis a well known decision procedure for propositional temporal logic that is based on the translation of a logic formula into a nite automaton on innite sequences. A set of traces can be viewed as a formal language which can often be specied as a regular set or a nite automata. Algebras, logics, and automata are fundamental mathematical concepts which can be used to provide a formal semantics for a specication language. Many specication languages for timing behavior are based on direct extensions of these models.

With respect to the criteria outlined in Section 2.1, several general comments about these paradigms can be made. First, these representations are quite formal and there is often an associated body of theory that can be used to solve design automation problems (e.g., language containment for verication). The expressive power of these formalisms is in many cases well understood (e.g., trace algebra cannot be used to adequately model branching time properties [Burch 92]), but more theoretical work relating the formalisms to the specication of timing behavior needs to be done. Some of these specication lan- guages are limited with regards to their expressiviness (e.g., the ctitious clock models, and BFSMs in which only simple linear timing constraints can be specied). In some cases, the languages are clearly not suitable for use by designers, and higher levels of abstraction are needed. Some of these formalisms in fact require that higher level spec- ication languages be built on top of them. For example, how does a designer specify a set of acceptable transition sequences/traces? Almost all of these languages provide very little with respect to user validation of the specication. There are, of course, some notable exceptions (e.g., the simulator Tempura for Interval Temporal Logic [Moszkowski 86]), and in many cases there is no reason that a validation tool could not be built, it is just that this area has yet to reach maturity.