Heterogeneous Reactive System Modeling and Correct-by-Construction Deployment nov. 2003 Luca Carloni UC Berkeley Alberto Sangiovanni-Vincentelli UC Berkeley.

Slides:



Advertisements
Similar presentations
The Quest for Correctness Joseph Sifakis VERIMAG Laboratory 2nd Sogeti Testing Academy April 29th 2009.
Advertisements

Impossibility of Distributed Consensus with One Faulty Process
Timed Automata.
Weakly endochronous systems Dumitru Potop-Butucaru IRISA, France Joint work with A. Benveniste and B. Caillaud.
Presented by: Thabet Kacem Spring Outline Contributions Introduction Proposed Approach Related Work Reconception of ADLs XTEAM Tool Chain Discussion.
Background information Formal verification methods based on theorem proving techniques and model­checking –to prove the absence of errors (in the formal.
Run Time Monitoring of Reactive System Models Mikhail Auguston Naval Postgraduate School Mark Trakhtenbrot Holon Academic Institute of.
1 Towards formal manipulations of scenarios represented by High-level Message Sequence Charts Loïc Hélouet Claude Jard Benoît Caillaud IRISA/PAMPA (INRIA/CNRS/Univ.
Overview This project applies the tagged-signal model to explain the semantics of piecewise continuous signals. Then it illustrates an operational way.
Introduction Designing cost-sensitive real-time control systems for safety-critical applications requires a careful analysis of the cost/fault-coverage.
I MPLEMENTING S YNCHRONOUS M ODELS ON L OOSELY T IME T RIGGERED A RCHITECTURES Discussed by Alberto Puggelli.
2/11/2010 BEARS 2010 On PTIDES Programming Model John Eidson Jeff C. Jensen Edward A. Lee Slobodan Matic Jia Zou PtidyOS.
PTIDES: Programming Temporally Integrated Distributed Embedded Systems Yang Zhao, EECS, UC Berkeley Edward A. Lee, EECS, UC Berkeley Jie Liu, Microsoft.
7th Biennial Ptolemy Miniconference Berkeley, CA February 13, 2007 Causality Interfaces for Actor Networks Ye Zhou and Edward A. Lee University of California,
Automated Analysis and Code Generation for Domain-Specific Models George Edwards Center for Systems and Software Engineering University of Southern California.
Ordering and Consistent Cuts Presented By Biswanath Panda.
Distributed systems Module 2 -Distributed algorithms Teaching unit 1 – Basic techniques Ernesto Damiani University of Bozen Lesson 3 – Distributed Systems.
Introduction to asynchronous circuit design: specification and synthesis Part III: Advanced topics on synthesis of control circuits from STGs.
1 Ivan Lanese Computer Science Department University of Bologna Roberto Bruni Computer Science Department University of Pisa A mobile calculus with parametric.
Review of “Embedded Software” by E.A. Lee Katherine Barrow Vladimir Jakobac.
Scheduling with Optimized Communication for Time-Triggered Embedded Systems Slide 1 Scheduling with Optimized Communication for Time-Triggered Embedded.
Design of Fault Tolerant Data Flow in Ptolemy II Mark McKelvin EE290 N, Fall 2004 Final Project.
Models of Computation for Embedded System Design Alvise Bonivento.
Lab for Reliable Computing Generalized Latency-Insensitive Systems for Single-Clock and Multi-Clock Architectures Singh, M.; Theobald, M.; Design, Automation.
A Denotational Semantics For Dataflow with Firing Edward A. Lee Jike Chong Wei Zheng Paper Discussion for.
NSF Foundations of Hybrid and Embedded Software Systems UC Berkeley: Chess Vanderbilt University: ISIS University of Memphis: MSI A New System Science.
1 Ivan Lanese Computer Science Department University of Bologna Italy Concurrent and located synchronizations in π-calculus.
7th Biennial Ptolemy Miniconference Berkeley, CA February 13, 2007 PTIDES: A Programming Model for Time- Synchronized Distributed Real-time Systems Yang.
Strategic Directions in Real- Time & Embedded Systems Aatash Patel 18 th September, 2001.
1 System Modeling. Models of Computation. System Specification Languages Alexandru Andrei.
Mahapatra-A&M-Sprong'021 Co-design Finite State Machines Many slides of this lecture are borrowed from Margarida Jacome.
Comparing Models of Computation for Real-time, Distributed Control Systems Shawn Schaffert Bruno Sinopoli.
Lecture 12 Synchronization. EECE 411: Design of Distributed Software Applications Summary so far … A distributed system is: a collection of independent.
Models of Computation Reading Assignment: L. Lavagno, A.S. Vincentelli and E. Sentovich, “Models of computation for Embedded System Design”
Chess Review November 21, 2005 Berkeley, CA Edited and presented by Coupled Interface Modules for Heterogeneous Composition Ethan Jackson ISIS, Vanderbilt.
1 Correct and efficient implementations of synchronous models on asynchronous execution platforms Stavros Tripakis UC Berkeley and Verimag EC^2 Workshop,
ECE 720T5 Winter 2014 Cyber-Physical Systems Rodolfo Pellizzoni.
Models of Computation: FSM Model Reading: L. Lavagno, A.S. Vincentelli and E. Sentovich, “Models of computation for Embedded System Design”
Benjamin Gamble. What is Time?  Can mean many different things to a computer Dynamic Equation Variable System State 2.
CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur
CS4730 Real-Time Systems and Modeling Fall 2010 José M. Garrido Department of Computer Science & Information Systems Kennesaw State University.
Reliable Design of Safety Critical Systems Dr. Abhik Roychoudhury School of Computing
Copyright John C. Knight SOFTWARE ENGINEERING FOR DEPENDABLE SYSTEMS John C. Knight Department of Computer Science University of Virginia.
CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur
Mahapatra-A&M-Fall'001 Co-design Finite State Machines Many slides of this lecture are borrowed from Margarida Jacome.
C. André, J. Boucaron, A. Coadou, J. DeAntoni,
Page 1 Analysis of Asynchronous Systems Steven P. Miller Michael W. Whalen {spmiller, Advanced Computing Systems Rockwell.
Natallia Kokash (Accepted for PACO’2011) ACG, 31/05/ Input-output conformance testing for channel-based connectors 1.
Correct-by-construction asynchronous implementation of modular synchronous specifications Jacky Potop Benoît Caillaud Albert Benveniste IRISA, France.
Fall 2004EE 3563 Digital Systems Design EE 3563 VHSIC Hardware Description Language  Required Reading: –These Slides –VHDL Tutorial  Very High Speed.
Desynchronization and distributed deployment of synchronous systems Albert Benveniste – Inria 2002.
1 SYNTHESIS of PIPELINED SYSTEMS for the CONTEMPORANEOUS EXECUTION of PERIODIC and APERIODIC TASKS with HARD REAL-TIME CONSTRAINTS Paolo Palazzari Luca.
Simultaneously Learning and Filtering Juan F. Mancilla-Caceres CS498EA - Fall 2011 Some slides from Connecting Learning and Logic, Eyal Amir 2006.
CS4730 Real-Time Systems and Modeling Fall 2010 José M. Garrido Department of Computer Science & Information Systems Kennesaw State University.
Advantages of Time-Triggered Ethernet
Royal Institute of Technology System Specification Fundamentals Axel Jantsch, Royal Institute of Technology Stockholm, Sweden.
What’s Ahead for Embedded Software? (Wed) Gilsoo Kim
Formal Verification. Background Information Formal verification methods based on theorem proving techniques and model­checking –To prove the absence of.
Fault tolerance and related issues in distributed computing Shmuel Zaks GSSI - Feb
CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur
SystemC Semantics by Actors and Reduction Techniques in Model Checking Marjan Sirjani Formal Methods Lab, ECE Dept. University of Tehran, Iran MoCC 2008.
T imed Languages for Embedded Software Ethan Jackson Advisor: Dr. Janos Szitpanovits Institute for Software Integrated Systems Vanderbilt University.
Introduction to distributed systems description relation to practice variables and communication primitives instructions states, actions and programs synchrony.
UML (Unified Modeling Language)
Decisive Themes, July, JL-1 ARTEMIS Decisive Theme for Integrasys Pedro A. Ruiz Integrasys July, 2011.
Software Design Methodology
Gabor Madl Ph.D. Candidate, UC Irvine Advisor: Nikil Dutt
Internet of Things A Process Calculus Approach
Automated Analysis and Code Generation for Domain-Specific Models
Mark McKelvin EE249 Embedded System Design December 03, 2002
Presentation transcript:

Heterogeneous Reactive System Modeling and Correct-by-Construction Deployment nov Luca Carloni UC Berkeley Alberto Sangiovanni-Vincentelli UC Berkeley Albert Benveniste Irisa/Inria Benoît Caillaud Irisa/Inria Paul Caspi Verimag

Outline Dealing with systems & components requires handling heterogeneity –Tools with different MoC and paradigms –Heterogeneous architectures and systems –Correct-By-Construction deployment: what and how? Modeling Heterogeneous Systems –Tagged-Signal Model –Desynchronization –Heterogeneous parallel composition –Semantic Preserving Theoretical Results –General theorem on semantic-preserving deployment –Endo/iso-chrony –Correct-By-Construction deployment over GALS Architectures

Heterogeneous models: design flow in automobile or aeronautics Systems modeling (UML, MDA,…) –Loose model of computation & communication Matlab/Simulink/Stateflow –Continuous time basis Statemate, synchronous languages Late assembly of imported functions –Can be in C… –Depends on OS and execution infrastructure Deployment –CAN, ARINC, TTA,…

Distributed Nature of Implementations in hardware –with DSM technologies, the chip becomes a distributed system –wire delays not negligible w.r.t. transistor delays –on-chip communication latency is hard to estimate in (embedded) software –applications with distributed nature badly matching the synchronous assumption real-time safety critical embedded systems in avionics and automotive industries industrial plants, transportation/power networks –large variations in computation/communication times –hard to maintain a global notion of time

DSM: Percentage of Reachable Die 16 clock cyles 8 clock cycles 4 clock cycles 2 clock cycles 1 clock cycle “For a 60 nanometer process a signal can reach only 5% of the die’s length in a clock cycle” [D. Matzke,1997] Cause: Combination of high frequencies and slower wires

Heterogeneous architectures: electronics for the Car Information Systems Telematics Fault Tolerant Body Electronics Body Functions Fail Safe Fault Functional Body Electronics Driving and Vehicle Dynamic Functions Mobile CommunicationsNavigation Fire Wall Access to WWW DAB Gate Way Theft warning Door Module Light Module Air Conditioning Shift by Wire Engine Management ABS Steer by Wire Brake by Wire MOST Firewire CAN Lin CAN TTCAN FlexRay

Classes of heterogeneous systems: GALS (in “asynch” HW and OO-SW) synchronous asynchronous

Classes of heterogeneous systems: LTTA ( distributed control) [BenvCaspi&al, Emsoft2002] synchronous timed synchronous timed asynchronous timed (bounded delay)

How to blend heterogeneous models while “preserving semantics”? synch synch + timed What have you asynch asynch + timed

How to blend heterogeneous models while “preserving semantics”? Our proposal: synch asynch by generating proper adaptors asynch + timed synch + timed What have you

Adaptors for GALS: informal discussion X Y Z X Y Z X Y Z synch asynch

Adaptors for GALS: informal discussion How to ensure that the two components do not see the difference when moving from synchrony to GALS?

Adaptors for GALS: informal discussion How to ensure that the two components do not see the difference when moving from synchrony to GALS? Easy if known to be single-clocked: bananas !

Adaptors for GALS: informal discussion How to ensure that the two components do not see the difference when moving from synchrony to GALS? In general bananas can be many! bananas ???

Adaptors for GALS: informal discussion Solution: attach to each wire a boolean_clock that is present in each reaction and tells you the presence/absence for the wire (cf. hardware) bananas ??? fftt ff

Adaptors for GALS: informal discussion OK, but poor if slow/fast communications between components, because all boolean clocks must be communicated at fastest pace  theory needed! bananas ??? fftt ff

Outline Dealing with systems & components requires handling heterogeneity –Tools with different MoC and paradigms –Heterogeneous systems –Correct-By-Construction deployment: what and how? Modeling Heterogeneous Systems –Tagged-Signal Model –Desynchronization –Heterogeneous parallel composition –Semantic Preserving Theoretical Results –General theorem on semantic-preserving deployment –Endo/iso-chrony –Correct-By-Construction deployment over GALS Architectures

Formalizing GALS X Y Z X Y Z X Y Z synch asynch

Formalizing GALS [LeeASV98] X Y Z asynch + TAGS X Y Z asynch X Y Z synch = …

Formalizing GALS: desynchronization X Y Z asynch + TAGS X Y Z asynch desynchronise = remove TAGS

Formalizing GALS: P  ||   Q X Y V unify values and TAGS X Y U

Formalizing GALS: P  ||   Q X Y V X Y U ignore unify values, ignore TAGS [LeGuerTal2002] 

Formalizing GALS: P  ||   Q X Y V X Y U ignore unify values, ignore TAGS on the left  synch asynch

TAGS generalize and heterogeneize X Z 1, t  1, s  2, s  3, t  4, t  4, s  a TAG consisting of the triple (reaction, physical time, causality)

TAGS generalize and heterogeneize X Y U t1t2t3t4 23 TAGS can belong to any partially ordered set – tags can index reactions, can be (global or local) real time R, can encode causality, can do both, etc. TAGS can be tuples – (generalized) desynchronization consists in erasing some components of the tag; yields morphisms of tag sets, we denote them by  different TAG sets can be used for different systems – we can mix synchronous systems (with tag set N) and asynchronous ones (with trivial tag set), and more

TAGS generalize and heterogeneize synch Synch + timed What have you asynch

Is this any useful???

Yes! For correct deployment synch

Yes! For correct deployment synch asynch

Sometimes this move is OK, sometimes not… make it OK! synch asynch

Sometimes this move is OK, sometimes not… make it OK! synch asynch using adaptors

Outline Dealing with systems & components requires handling heterogeneity –Tools with different MoC and paradigms –Heterogeneous systems –Correct-By-Construction deployment: what and how? Modeling Heterogeneous Systems –Tagged-Signal Model –Desynchronization –Heterogeneous parallel composition –Semantic Preserving Theoretical Results –General theorem on semantic-preserving deployment –Endo/iso-chrony –Correct-By-Construction deployment over GALS Architectures

A theory to automatically generate adaptors

Semantic-Preserving Time Changes Given P 1 =(V 1,T 1 ), P 2 =(V 2,T 2 ) with time change mappings  : T 1  T and  : T 2  T let T 1 =T 2 and consider two semantics: - the Strong Semantics: P 1  ||  P 2 [unify values & all_tags] - the Weak Semantics: P 1  ||  P 2 [ignore  (tags)]  is semantics-preserving when two behaviors, which compose according to the strong semantics, compose also according to the weak one, written P 1  ||  P 2  P 1  ||  P 2 Define also P i,  =(V i,T), the desynchronization of P i

Semantic-Preserving Time Changes Given P 1 =(V 1,T 1 ), P 2 =(V 2,T 2 ) with time change mappings  : T 1  T and  : T 2  T let T 1 =T 2 and consider two semantics: - the Strong Semantics: P 1  ||  P 2 [unify values&all_tags] - the Weak Semantics: P 1  ||  P 2 [ignore  (tags)]  is semantics-preserving when two behaviors, which compose according to the strong semantics, compose also according to the weak one, written P 1  ||  P 2  P 1  ||  P 2 Define also P i,  =(V i,T), the desynchronization of P i

Theorem [Emsoft2003] Given P 1 =(V 1,T 1 ), P 2 =(V 2,T 2 ) with T 1 =T 2 : P 1  ||  P 2  P 1  ||  P 2  i  {1,2} : P i,  is in bijection with P i (P  )  || (Q  ) = (P  || Q)  (1) (2) GALS: endochrony  GALS: isochrony  (1) (2)

Endochrony & Isochrony for GALS [BenvCaillaud2000] A synchronous process P is endochronous when at each state the presence/absence of each variable can be inferred incrementally from the values carried by present input variables and state variables. A synchronous pair ( P 1,P 2 ) is isochronous when at each state if each pair of shared variables that are present in both P 1,P 2 have the same value then all the shared variable are either present with the same value or absent endo+iso  deployment is semantics preserving

Endochrony & Isochrony for GALS [BenvCaillaud2000] A process P is endochronous when at each state the presence/absence of each variable can be inferred incrementally from the values carried by present input variables and state variables. A pair ( P 1,P 2 ) is isochronous when at each state if each pair of shared variables that are present in both P 1,P 2 have the same value then all the shared variable are either present with the same value or absent Endochrony and isochrony are expressed in terms of transition relations (not infinite behaviors) –They can be model-checked –They can be synthesized: for a given P wrapper processes with additional signalling can be derived and composed with P to guarantee each property. Wrappers provide “cheap additional signalling”

Future extension: finite generators for general TAG systems X Z 1, t  1, s  2, s  3, t  4, t  4, s  TAG set equipped with a monoid structure making it a partial order Alike generalized HMSC’s (High-level Message Sequence Charts), with asynchronous concatenation Labeled by TAGS: TAG-HMSC Future work: endo/iso for TAG-HMSC’s    .

Conclusion Heterogeneous reactive systems modeled as tagged systems Tag sets to capture: reaction indices, physical time, causalities… and their combination Desynchronizing  erasing (part of) tags Theorems to cast semantics preserving as specific algebraic properties of tuples of systems Goal: to generate adaptors for correct-by- construction deployment

a  n  o  

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.