A Verification Approach for GALS Integration of Synchronous Components

Starting with modules described in Signal synchronous programming language, we present an approach to verification of GALS systems. Since asynchronous parts of a GALS system can not be described in Signal, we use a mixture of synchronous descriptions in Signal and asynchronous descriptions in Promela. Promela is the input language to the SPIN asynchronous model checker. This allows us to achieve globally asynchronous composition (Promela) of locally synchronous components (Signal). Here we present three key results: first, we present a translation from Signal modules to Promela processes and prove their equivalence. Second, we present a technique to abstract a communication bus designed for GALS, the Loosely TimeTriggered Architecture (LTTA) bus, to a finite FIFO channel. The benefit of this abstraction is improved scalability for model checking larger specifications using SPIN. Third, we prove the trace equivalence of the model of the GALS system in Promela and a hardware implementation of it. This allows the verification of GALS systems based on the Promela model. We then use our technique to verify a central locking system for automobiles built on a GALS architecture using the LTTA.