Weakly endochronous systems Dumitru Potop-Butucaru IRISA, France Joint work with A. Benveniste and B. Caillaud.

Slides:



Advertisements
Similar presentations
Synthesis of Protocol Converter Using Timed Petri-Nets Anh Dang Balaji Krishnamoorthy Manoj Iyer Presented by:
Advertisements

CommUnity, Tiles and Connectors joint work with Roberto Bruni José Luiz Fiadeiro Antónia Lopes Ugo Montanari Ivan Lanese Dipartimento di Informatica Università.
Model Checking for an Executable Subset of UML Fei Xie 1, Vladimir Levin 2, and James C. Browne 1 1 Dept. of Computer Sciences, UT at Austin 2 Bell Laboratories,
Impossibility of Distributed Consensus with One Faulty Process
Interface Theories With Component Reuse Laurent DoyenEPFL Thomas HenzingerEPFL Barbara JobstmannEPFL Tatjana PetrovEPFL.
Greta YorshEran YahavMartin Vechev IBM Research. { ……………… …… …………………. ……………………. ………………………… } T1() Challenge: Correct and Efficient Synchronization { ……………………………
CSE 486/586, Spring 2012 CSE 486/586 Distributed Systems Consensus Steve Ko Computer Sciences and Engineering University at Buffalo.
Distributed Markov Chains P S Thiagarajan School of Computing, National University of Singapore Joint work with Madhavan Mukund, Sumit K Jha and Ratul.
The cardiac pacemaker – SystemJ versus Safety Critical Java Heejong Park, Avinash Malik, Muhammad Nadeem, and Zoran Salcic. University of Auckland, NZ.
© S. Ramesh / Kavi Arya / Krithi Ramamritham IT-606 Embedded Systems (Software) S. Ramesh Kavi Arya Krithi Ramamritham KReSIT/ IIT Bombay.
Testing Concurrent/Distributed Systems Review of Final CEN 5076 Class 14 – 12/05.
Deterministic Negotiations: Concurrency for Free Javier Esparza Technische Universität München Joint work with Jörg Desel and Philipp Hoffmann.
1 Reversibility for Recoverability Ivan Lanese Computer Science Department FOCUS research group University of Bologna/INRIA Bologna, Italy.
Requirements on the Execution of Kahn Process Networks Marc Geilen and Twan Basten 11 April 2003 /e.
Background information Formal verification methods based on theorem proving techniques and model­checking –to prove the absence of errors (in the formal.
Luca de Alfaro Thomas A. Henzinger Ranjit Jhala UC Berkeley Compositional Methods for Probabilistic Systems.
1 Towards formal manipulations of scenarios represented by High-level Message Sequence Charts Loïc Hélouet Claude Jard Benoît Caillaud IRISA/PAMPA (INRIA/CNRS/Univ.
An Automata-based Approach to Testing Properties in Event Traces H. Hallal, S. Boroday, A. Ulrich, A. Petrenko Sophia Antipolis, France, May 2003.
Heterogeneous Reactive System Modeling and Correct-by-Construction Deployment nov Luca Carloni UC Berkeley Alberto Sangiovanni-Vincentelli UC Berkeley.
Introduction in algorithms and applications Introduction in algorithms and applications Parallel machines and architectures Parallel machines and architectures.
An Introduction to Input/Output Automata Qihua Wang.
CS 584. A Parallel Programming Model We need abstractions to make it simple. The programming model needs to fit our parallel machine model. Abstractions.
Using Interfaces to Analyze Compositionality Haiyang Zheng and Rachel Zhou EE290N Class Project Presentation Dec. 10, 2004.
Concurrency CS 510: Programming Languages David Walker.
1 Clockless Logic Prof. Montek Singh Feb. 3, 2004.
AR vs. CFSM Abdallah Tabbara. CFSM Overview 4 CFSM has: –a finite state machine part –a data computation part –a locally synchronous behavior transitions.
Models of Computation for Embedded System Design Alvise Bonivento.
Lab for Reliable Computing Generalized Latency-Insensitive Systems for Single-Clock and Multi-Clock Architectures Singh, M.; Theobald, M.; Design, Automation.
Bridging the gap between Interaction- and Process-Oriented Choreographies Talk by Ivan Lanese Joint work with Claudio Guidi, Fabrizio Montesi and Gianluigi.
1 Ivan Lanese Computer Science Department University of Bologna Italy Concurrent and located synchronizations in π-calculus.
Ordering and Consistent Cuts Presented by Chi H. Ho.
Mahapatra-A&M-Sprong'021 Co-design Finite State Machines Many slides of this lecture are borrowed from Margarida Jacome.
An algebra of Connectors for modeling CommUnity with Tiles joint work with Roberto Bruni Ugo Montanari Dipartimento di Informatica Università di Pisa Ivan.
Comparing Models of Computation for Real-time, Distributed Control Systems Shawn Schaffert Bruno Sinopoli.
A Mystery Esterel –small no type inference, subtyping, … no recursion, functions, … no pointers, malloc, GC, … no complex data structures, libraries,
1 Correct and efficient implementations of synchronous models on asynchronous execution platforms Stavros Tripakis UC Berkeley and Verimag EC^2 Workshop,
1 A Modular Approach to Fault-Tolerant Broadcasts and Related Problems Author: Vassos Hadzilacos and Sam Toueg Distributed Systems: 526 U1580 Professor:
Introduction Distributed Algorithms for Multi-Agent Networks Instructor: K. Sinan YILDIRIM.
SDS Foil no 1 Process Algebra Process Algebra – calculating with behaviours.
- 1 - Embedded Systems - SDL Some general properties of languages 1. Synchronous vs. asynchronous languages Description of several processes in many languages.
Ivan Lanese Computer Science Department University of Bologna/INRIA Italy Amending Choreographies Joint work with Fabrizio Montesi and Gianluigi Zavattaro.
An introduction to Esterel and its compilation
1 Compositional Approach for System Design: Semantics of SystemC R.K. Shyamasundar IBM Research, India Research Lab. and Tata Institute of Fundamental.
Mahapatra-A&M-Fall'001 Co-design Finite State Machines Many slides of this lecture are borrowed from Margarida Jacome.
CS 367: Model-Based Reasoning Lecture 5 (01/29/2002) Gautam Biswas.
Natallia Kokash (Accepted for PACO’2011) ACG, 31/05/ Input-output conformance testing for channel-based connectors 1.
Correct-by-construction asynchronous implementation of modular synchronous specifications Jacky Potop Benoît Caillaud Albert Benveniste IRISA, France.
Submodule construction in logics 1 Gregor v. Bochmann, University of Ottawa Using First-Order Logic to Reason about Submodule Construction Gregor v. Bochmann.
Internet Security CSCE 813 Communicating Sequential Processes.
Desynchronization and distributed deployment of synchronous systems Albert Benveniste – Inria 2002.
Communicating Real-Time State Machines (CRSM) State machines that communicate synchronously Unique unidirectional channels are used for the communication.
SOFTWARE DESIGN. INTRODUCTION There are 3 distinct types of activities in design 1.External design 2.Architectural design 3.Detailed design Architectural.
Laws of concurrent design Tony Hoare Microsoft ResearchCambridge FMCAD October.
CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur
Complexity and Computability Theory I Lecture #8 Instructor: Rina Zviel-Girshin Lea Epstein.
Constraints Assisted Modeling and Validation Presented in CS294-5 (Spring 2007) Thomas Huining Feng Based on: [1]Constraints Assisted Modeling and Validation.
Chapter 8 Asynchronous System Model by Mikhail Nesterenko “Distributed Algorithms” by Nancy A. Lynch.
Software Quality and Safety Pascal Mbayiha.  software engineering  large, complex systems  functionality, changing requirements  development difficult.
DEVS-based Modeling and Simulation References: 1.B. P. Zeigler, Hessam S. Sarjoughian, Introduction to DEVS Modeling and Simulation with JAVA: Developing.
Formal Verification. Background Information Formal verification methods based on theorem proving techniques and model­checking –To prove the absence of.
Developing a Framework for Simulation, Verification and Testing of SDL Specifications Olga Shumsky Lawrence Henschen Northwestern University
Ordering of Events in Distributed Systems UNIVERSITY of WISCONSIN-MADISON Computer Sciences Department CS 739 Distributed Systems Andrea C. Arpaci-Dusseau.
High Performance Embedded Computing © 2007 Elsevier Lecture 4: Models of Computation Embedded Computing Systems Mikko Lipasti, adapted from M. Schulte.
CSCI 4325 / 6339 Theory of Computation Zhixiang Chen.
Introduction to distributed systems description relation to practice variables and communication primitives instructions states, actions and programs synchrony.
Symbolic Model Checking of Software Nishant Sinha with Edmund Clarke, Flavio Lerda, Michael Theobald Carnegie Mellon University.
Communicating Timed Automata Pavel Krčál Wang Yi Uppsala University [CAV’06]
Model Checking for an Executable Subset of UML
Dynamically Scheduled High-level Synthesis
Algebraic Trace Theory
Presentation transcript:

Weakly endochronous systems Dumitru Potop-Butucaru IRISA, France Joint work with A. Benveniste and B. Caillaud

Outline Introduction (the distribution problem) Weakly endochronous systems Applications –Weak isochrony –Main result Conclusion

module M: input A,B,R; relation A#R,B#R; abort loop await A || await B end when R end module R R R A,B AB BA

 A  B   BAR  input Synchrony –Global clock, reactions –Can test the absence –Composition: synchronized product (unification on reactions) R R R A,B AB BA

 A  B   BAR  input Asynchrony –No global clock –No reaction, no absence –Composition: unification of FIFO histories R R R A,B AB BA

A B BA R input R R R A,B AB BA executive  A  B   BAR  Good executions  BAR   BA Asynchrony –No global clock –No reaction, no absence –Composition: unification of FIFO histories

A B BA R input R R R A,B AB BA executive R  Bad executions Asynchrony –No global clock –No reaction, no absence –Composition: unification of FIFO histories  A R 

Model Components = synchronous automatons no causality Synchronous composition (automaton product) Σ 1  Σ 2 Desynchronization operator Asynchronous composition (on traces) abcdabc

Model Correct resynchronization (Benveniste):  ( L (Σ 1  Σ 2 )) =  ( L (Σ 1 ))||  ( L (Σ 2 )) Intuition: –the asynchronous observations do not change when changing FIFO size and delay Condition on infinite traces…

Previous work Latency-insensitivity (Carloni et al., 1999) –Hardware-directed (handle long wires) –Use all channels in each reaction (transmit  values) Monoclock – not efficient Difficult to re-configure the communication scheme –Extension: Singh and Theobald, 2003 Endo/Isochrony (Benveniste et al., 2000)

Endo/Isochrony An endochronous component decides itself how to read its inputs –No event-driven, no real concurrency, determinism! –Comparable to Kahn processes (but no causality) –Executive = state machine and blocking reads A pair of components is isochronous if no incorrect synchronization takes place Compositionality problem –Endochrony is not compositional –Difficult to generalize isochrony to >2 components

A B BA R input R R R A,B AB BA executive R  Bad executions  A R 

A B BA R input Event-executive R,E=1 A,D=0 B,E=0 A,D=0 A,B,D=E=0 R,D=E=1 R,D=1 What I want –Non-determinism (Event-driven execution)

Weak endochrony Independent reactions = non-overlapping, fully commuting Weak endochrony = allow online re-synchronization in any environment without restricting concurrency between independent reactions: –Choice between non-independent reactions is visible on a channel –Causal ordering of reactions is visible on a channel

Non-independent reactions share a common support variable with different value Non-independent causally ordered reactions share a common variable R,E=1 A,D=0 B,E=0 A,D=0 A,B,D=E=0 R,D=E=1 R,D=1 Weak endochrony

1.Determinism: s  s 1, s  s 2  r 1 =r 2 2.Commutation: if r 1,r 2 do not share present values s  s 1, s  s 2  s’:s  s’ s  s 1  s 2  s’:s  s 2 3.Decomposition: if s  s 1, s  s 2 and r 1, r 2 do not share present variables with different values Weak endochrony axioms r1r1 r2r2 r1r1 r2r2 r1r2r1r2 r1r1 r2r2 r2r2  s’:s  s’ r1r1 r2r2 r1r2r1r2 s1s1 s2s2 r 1 \r 2 r 2 \r 1

All reactions are composed of atoms Disjoint atoms in a state fully commute and can be freely combined R,E=1 A,D=0 B,E=0 A,D=0 A,B,D=E=0 R,D=E=1 R,D=1 Properties State 0 atoms: (A,D=0),(B,E=0), (R,D=E=1) State 1 atoms: (B,E=0),(R,E=1)

Mazurkiewicz traces over atoms –The letters are the atoms, disjoint atoms are independent –Normal form trace equivalence upto commutation of atoms take at each reaction the maximal reaction (unique) –Confluence for a given history Tetris-like heaps (gravity => normal form) Generalization of endochrony, latency- insensitivity Related models

Consequences Accept concurrency between independent behaviors –non-determinism –support event-driven implementations Compositionality: Σ 1,Σ 2 weakly endochronous  Σ 1  Σ 2 weakly endochronous

Simpler correctness criterion  (s 1,s 2 )  RSS(Σ 1  Σ 2 ),  i  Σ i (s i ),i=1,2:  1 ||  2 exists   1,  2 are both void traces or Σ 1  Σ 2 can perform a common transition Still not an online correctness criterion!

Weak isochrony  (s 1,s 2 )  RSS(Σ 1  Σ 2 ),  a i atom in Σ i (s i ), i=1,2,  A i reaction in Σ i (s i ) such that A 1 ||A 2 maximal a i  A i,i=1,2  i reaction in Σ i (s i ), i=1,2 such that a i   i  A i,i=1,2  1 ||  2 exists

Correct desynchronization Theorem If Σ 1,Σ 2 weakly endochronous, (Σ 1,Σ 2 ) weakly isochronous then:  ( L (Σ 1  Σ 2 )) =  ( L (Σ 1 ))||  ( L (Σ 2 ))

Methodology 1.Make components weakly endochronous by deciding which signals are missing 2.Incrementally build communication protocols that insure the weak isochrony 3.Remove the useless variables created at point (1)

Conclusion Weak endochrony/isochrony –Compositional –Supports the development of communication protocols that minimize communication –Not yet effective (not efficiently) –No causality Future: –Define appropriate algorithms –Extend with causality

Weak isochrony  (s 1,s 2 )  RSS(Σ 1  Σ 2 ),  a i atom in Σ i (s i ), i=1,2,  A i reaction in Σ i (s i ) such that A 1 ||A 2 maximal a i  A i,i=1,2  i reaction in Σ i (s i ), i=1,2 such that a i   i  A i,i=1,2  1 ||  2 exists

Synchrony and asynchrony Composition: –Synchronous composition –Asynchronous composition Σ1Σ1 Σ2Σ2 1   2  1 Σ 1 ||Σ 2 : Σ1Σ2:Σ1Σ2: Σ1Σ1 Σ2Σ rejected accepted

Desynchronization Stuttering-invariant synchronous specification, distributed architecture (FIFOs) Two aspects: –Correct re-synchronization –Causality, full asynchrony Σ1Σ1 Σ2Σ2 1   2  1 FIFO WRONG

Correct resynchronization Model –labeled synchronous transition systems –synchronous, n-place bidirectional buffers –no causality Correctness criterion: –the traces accepted with empty buffers do not change from n=0 to n=  Σ1Σ1 Σ2Σ2 1   2  1 BnBn BnBn

Correct resynchronization Equivalent formulation (Benveniste):  ( L (Σ 1  Σ 2 )) =  ( L (Σ 1 ))||  ( L (Σ 2 ))  = desynchronization operator || = composition of asynchronous traces (equality on interface  union )

Previous work Latency-insensitivity (Carloni et al., 1999) –Hardware-directed (handle long wires) –A component reads/emits all its inputs, or none –Monoclock –Endochrony-like extensions (Singh and Theobald, 2003) Endo/Isochrony (Benveniste et al., 2000)

Endo/Isochrony An endochronous component decides itself how to read its inputs Kahn!!! –Determinism, no real concurrency A pair of components is isochronous if non- contradictory reactions can be fully unified Compositionality problem –Endochrony is not compositional –Difficult to generalize isochrony to >2 components

Weakly endochronous systems Allow online re-synchronization in any environment without restricting concurrency: –Each computation choice is visible on an interface variable –Causally ordered reactions share a common variable 11 22 1010 2020 22 11 2121 1010 or after

Weakly endochronous systems Example Not weakly endochronous R module M: input A,B,R; relation A#R,B#R; abort loop await A || await B end when R end module R R A,B AB BA

Weakly endochronous systems Example R,E=1 A,D=0 B,E=0 A,D=0 A,B,D=E=0 R,D=E=1 R,D=1 module M: input A,B,R; relation A#R,B#R; abort loop await A || await B end when R end module

Weakly endochronous systems All reactions are composed of atoms Disjoint atoms in a state fully commute and can be freely combined A reaction can be decomposed into its atoms R,E=1 A,D=0 B,E=0 A,D=0 A,B,D=E=0 R,D=E=1 R,D=1 State 0 atoms: (A,D=0),(B,E=0), (R,D=E=1) State 1 atoms: (B,E=0),(R,E=1)

Related models Mazurkiewicz traces over atoms –The letters are the atoms, disjoint atoms are independent –Normal form trace equivalence upto commutation of atoms take at each reaction the maximal reaction (unique) –Confluence for a given history Tetris-like heaps (gravity => normal form) Generalization of endochrony

Consequences Accept concurrency between independent behaviors –non-determinism –support event-driven implementations Normal form Compositionality: Σ 1,Σ 2 weakly endochronous  Σ 1  Σ 2 weakly endochronous

Simpler correctness criterion  (s 1,s 2 )  RSS(Σ 1  Σ 2 ),  i  Σ i (s i ),i=1,2:  1 ||  2 exists   1,  2 are both void traces or Σ 1  Σ 2 can perform a common transition Weak endochrony  online correctness criterion!

Weak isochrony  (s 1,s 2 )  RSS(Σ 1  Σ 2 ),  a i atom in Σ i (s i ), i=1,2,  A i reaction in Σ i (s i ) such that A 1 ||A 2 maximal a i  A i,i=1,2  i reaction in Σ i (s i ), i=1,2 such that a i   i  A i,i=1,2  1 ||  2 exists

Weak isochrony  (s 1,s 2 )  RSS(Σ 1  Σ 2 ),  a i atom in Σ i (s i ), i=1,2,  A i reaction in Σ i (s i ) such that A 1 ||A 2 maximal a i  A i,i=1,2  i reaction in Σ i (s i ), i=1,2 such that a i   i  A i,i=1,2  1 ||  2 exists

Correct desynchronization Theorem If Σ 1,Σ 2 weakly endochronous, (Σ 1,Σ 2 ) weakly isochronous then:  ( L (Σ 1  Σ 2 )) =  ( L (Σ 1 ))||  ( L (Σ 2 ))

Conclusion Weak endochrony/isochrony –Compositional –Supports the development of communication protocols that minimize communication –Not yet effective (not efficiently) –No causality Future: –Define appropriate algorithms –Extend with causality

Methodology 1.Make components weakly endochronous by deciding which signals are missing 2.Incrementally build communication protocols that insure the weak isochrony 3.Remove the useless variables created at point (1)

Weakly endochronous systems Composition –Weak endochrony is compositional –Weak endochrony insures the equivalence between C1 and C2 –Re-synchrhronize a atome pres –Confluence, unique etat pour une histoire donnee

Correct resynchronization Correctness criterion, revisited: L 0 (Σ 1  Σ 2  B 0  B 0 ) = L 0 (Σ 1  Σ 2  B   B  ) Equivalent formulation (Benveniste):  ( L (Σ 1  Σ 2 )) =  ( L (Σ 1 ))||  ( L (Σ 2 ))  = desynchronization operator || = composition of asynchronous traces (equality on interface  union )

Weakly endochronous systems Example module M: input A,B,R; output E,F:integer; relation A#R,B#R; abort await immediate A;emit E(0) || await immediate B;emit F(0) when R;emit E(1);emit F(1) end module emit A; emit C; await immedia te await immediate C; emit R; FIFO A R C A

Weakly endochronous systems Example module M: input A,B,R; relation A#R,B#R; abort await immediate A || await immediate B when R end module emit A; emit R FIFO R A B

Weakly endochronous systems Example emit A;assert ?D=1; emit R;assert ?D=0; module M: input A,B,R;output D,E:int; relation A#R,B#R; abort await immediate A;emit D(1) || await immediate B;emit E(1) when R do emit D(0);emit E(0) end end module A B R D

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.