Presentation is loading. Please wait.

Presentation is loading. Please wait.

Correct-by-construction asynchronous implementation of modular synchronous specifications Jacky Potop Benoît Caillaud Albert Benveniste IRISA, France.

Published byLaurel Mills Modified over 8 years ago

Similar presentations

Presentation on theme: "Correct-by-construction asynchronous implementation of modular synchronous specifications Jacky Potop Benoît Caillaud Albert Benveniste IRISA, France."— Presentation transcript:

1 Correct-by-construction asynchronous implementation of modular synchronous specifications Jacky Potop Benoît Caillaud Albert Benveniste IRISA, France

2 Outline Motivation: Asynchronous implementation of synchronous specifications –GALS architectures –Desired implementation Formal model –Correctness Correctness criteria –Microstep weak endochrony –Microstep weak isochrony Conclusion

3 Synchrony, asynchrony, GALS Synchronous specification –Global clock  specification, verification –Popular, efficient tools for system design (digital circuits, safety-critical systems) Distributed implementation –Distributed software, complex digital circuits (SoC), heterogenous systems –Loosely-connected components (asynchronous FIFOs...) GALS architectures = good implementation model –Synchronous components, asynchronous communication –Problem: preserve the semantic coherency between a synchronous specification and its GALS implementation

4 What we want 1.Take a modular synchronous specification IP1IP2 clock

5 What we want 1.Take a modular synchronous specification 2.Replace comm. with asynchronous FIFOs, wrappers 3.Preserve: Functionality Correctness No “extra” traces No deadlocks (Kahn processes) IP1IP2 Delay-insensitive component IP1 AFSM

6 Previous work Latency-insensitive systems –Carloni & Sangiovanni-Vincentelli (1999) –Goal: independence from communication delays –Global synchrony: system speed = slowest component speed Endo/isochronous systems –Benveniste, Caillaud, Le Guernic (1999) Version: Generalized latency-insensitive circuits (Singh, Theobald, 2003) –Goals: minimize communication maximize concurrency, independence between system components –Results work only for 2 components!

7 Previous work Weakly endo/isochronous systems –Potop, Caillaud, Benveniste (2004) –Goals: further minimize communication by exploiting intra-component concurrency Compositionality –Synchronous Mazurkiewicz traces –Does not handle causality and communication deadlocks This work: microstep weakly endo/iso systems –Goal: take into account causality and composition through read/write mechanisms.

8 Our approach Define a model and criteria insuring that: –Creating delay-insensitive wrappers that preserve the semantics is possible without adding new signals –Connecting through FIFOs the resulting components produces a semantics-preserving, deadlock-free GALS implementation Make given components satisfy the criteria: –Possible solutions Encode (part of) the “absent” events (Carloni et al.) Add new signals Decide that none is necessary due to environment constraints Efficient sw/hw implementation –Sync./async. synthesis techniques, GALS-specific communication schemes, etc.

9 The model: basic definitions The basics: (incomplete) automata –  = (S,s 0,V,  ),  S  L(V)  S, L(V)=  –Composition by synchronized product: –Renaming operator: Labels Finite traces:  01 A=1 B=  D=  0 1 A=1 B=  C=3 2 A=1 B=7 C=3 = 0,0 A=1 B=  C=3 D=  1,2  1 [D/C] : 01 A=1 B=  C=  A=1 B=  C=3   A=1 C=3 A=1 C=3  A=1 B=7 C=3 A=1 C=3 ; B=2 ; ; A=1 C=3 – A=1 = C=3 A=1 C=3 ; B=2 ; ;  A=1 C=3 ; B=2 ; ; A=2;

10 The model: basic definitions Generalized concurrent transition systems(GCTS) –Void transitions: –Prefix closure: Example: ss  ss’s’ r q   r  ss ’’ q s’s’ r-q 01 A=1 B=7 3 2 A=1 B=7A=1 B=7

11 The model: I/O transition systems Point-to-point communication: –Broad/Multicast can be simulated… –Communication channels: c = (!c,?c) D !c =D ?c =D c –Dissociate emission from reception! Clocks:   1 … of domain D clk ={ T } I/O transition system: –GCTS where all variables are channels or clocks –Example: 0 11 3 2 1 !A=1 !A=2 ?R=3 1212  4 ?B ?R=4

12 The model: synchronous systems Synchronous system:  = (S,s 0,V, ,  ) I/O transition system, one clock, and satisfying: 1.Clock transitions: 2.Stuttering invariance: 3.Synchrony hypothesis: Example: s0s0 s0s0 r(  )= T   r equals  over V ss’ r s    s0s0 s1s1 r1r1 r2r2 snsn rnrn … riri supp(r i )  supp(r j ) =  for all i  j 0 11 3 2 1 !A ?B ?R 11 11

13 The model : composition Synchronous 1-place FIFO: Synchronous composition (on clock  ) : Asynchronous FIFO: Asynchronous composition:  !c=x?c=x SFIFO(c,  ): for all x  D c  1 |  2 =  1 [  1 /  ]   2 [  2 /  ]  SFIFO(c 1,  )  …  SFIFO(c n,  )  1 ||  2 =  1   2  AFIFO(c 1 )  …  AFIFO(c n ) !c=x n+1 ?c=x 1 AFIFO(c): for all x 1,…,x n,x n+1  D c c0c0 cxcx c1c1 x1…xnx1…xn x 1 …x n+1 x2…xnx2…xn

14 The model : composition 11 22 11 22  1 ||  2 !A !B !C   ?C ?B ?A !A ?A !C x 11 11 11 22 22 !A !B !C ?C ?B ?A !A ?A !C 1|21|2

15 Example 0 11 3 2 1 !A ?B ?R 11 11 0 22 231 ?A!B 22 22 22 1:1: 2:2:  0,01,01,1 3,03,13,33,2  1 |  2 : !A?A ?R ?A ?R   !B  !A?A a0a0  !B?B b0b0 22 0,01,01,1 3,03,13,33,2  1 ||  2 : 2,31,21,3 !A?A ?R ?A ?R !B 22 22 ?R !B?B 11 22 22  1,  2,  1  2  A ?A !A  B ?B !B

16 Example 0 11 3 2 1 !A ?B ?R 11 11 0 22 231 ?A!B 22 22 22 3:3: 2:2: 0,01,01,1 3,03,13,33,2  3 |  2 : 0,01,01,1 3,03,13,33,2  3 ||  2 : 2,31,21,3 !A ?A ?R ?A ?R    !B 22 22 ?R !B?B 11 22 22 22  1,  2,  1  2 4 ?R ?B 11 4,3 ?B 4,3 ?R ?B  1,  2,  1  2 

17 Correctness Some notations: Formal correctness criterion  1 ||…||  n is correct w.r.t.  1 |…|  n if for all s  RSS(  1 |…|  n ) and all   Traces  1||…||  n (s) there exist   Traces  1||…||  n (s) and   Traces  1|…|  n (s) such that   and    Intuition: every trace of  1 ||…||  n can be completed to one that is equivalent to a synchronous trace !A=1 ;  1 ; ?A=1 ;  2 ; !C=3 ;  !A=1 ?A=1 ;  1  2 ; !C=3 ;  2 ; !A=1 ;  1 ;  2 ; !C=3 ;  !A=1 ?A=1 ;  1  2 ; !C=3 ;  2 ;

18 Microstep weak endochrony Compositional delay-insensitivity criterion (signal absence information is not needed) Axioms (part 1): A1: Determinism A2: In every state, non-clock transitions sharing no common variable are independent. ?A!B !A=1 !A=2 ?B ?R?B ?R ?B?R

19 Microstep weak endochrony Axioms (continued): A1: Determinism A2: In every state, non-clock transitions sharing no common variable are independent A3: Non-contradictory reactions can be united A4: Choice does not change with time. ?B ?R   ?B ?R?B ?R   ?B     s0s0 snsn … r1r1 rnrn ?V=x V  supp(r i )  s0s0 snsn ?V=y s0s0 snsn ?V=x

20 Example 0 11 3 2 1 !A ?B ?R 11 11 1:1:

21 Example 0 3’ 2’ 1 !A ?D=0 ?D=1 11  1 ’: 11 3 2 11 ?B ?R

22 Example 0 3’ 2’ 1 !A ?D=0 ?D=1 11  1 ’: 11 3 2 11 ?B ?R 0 11 3 2 1 !A ?B ?R 11 11 3:3: 4 ?B 11

23 Microstep weak isochrony Semantics preservation criterion  1,…,  n are microstep weakly isochronous if for all s  RSS(  1 |…|  n ) and all   Traces  1|…|  n (s) maximal and containing no clock transition, there exists   Traces  1|…|  n (s) non-void such that   and  ;   Traces  1|…|  n (s)

24 Example 0 2 1 ?A !B 22 22 4:4: 0 3’ 2’ 1 !A ?D=0 ?D=1 11  1 ’: 11 3 2 11 ?B ?R 3 22 !Y

25 Example 0 2’ 1 ?A !B 22  4 ’: 0 3’ 2’ 1 !A ?D=0 ?D=1 11  1 ’: 11 3 2 11 ?B ?R 3’ !Y 2 22 3 22 !D=0 !D=1

26 Conclusion Decidable criteria for GALS implementation of synchronous specifications –Covers causality and read/write communication –Compositionality, concurrency Future: Synthesis –Make synchronous automata weakly endo/isochronous. Optimality issues. –Heuristics for actual synchronous languages and specifications. Scaling issues (large specifications). –GALS circuits using asynchronous logic –Deal with mode changing latency

Download ppt "Correct-by-construction asynchronous implementation of modular synchronous specifications Jacky Potop Benoît Caillaud Albert Benveniste IRISA, France."

Similar presentations

S4 S4 System Synthesis and Supervision, Scenarios Benoît Caillaud 20 March 2012.

S4 S4 System Synthesis and Supervision, Scenarios Benoît Caillaud 20 March 2012.
Use trace algebra to formalize the YAPI model EE290N Spring2002 Alessandro Pinto Mentors: Roberto Passerone Jerry Burch.

Use trace algebra to formalize the YAPI model EE290N Spring2002 Alessandro Pinto Mentors: Roberto Passerone Jerry Burch.
Distributed Markov Chains P S Thiagarajan School of Computing, National University of Singapore Joint work with Madhavan Mukund, Sumit K Jha and Ratul.

Distributed Markov Chains P S Thiagarajan School of Computing, National University of Singapore Joint work with Madhavan Mukund, Sumit K Jha and Ratul.
The cardiac pacemaker – SystemJ versus Safety Critical Java Heejong Park, Avinash Malik, Muhammad Nadeem, and Zoran Salcic. University of Auckland, NZ.

The cardiac pacemaker – SystemJ versus Safety Critical Java Heejong Park, Avinash Malik, Muhammad Nadeem, and Zoran Salcic. University of Auckland, NZ.
Presentation of Designing Efficient Irregular Networks for Heterogeneous Systems-on-Chip by Christian Neeb and Norbert Wehn and Workload Driven Synthesis.

Presentation of Designing Efficient Irregular Networks for Heterogeneous Systems-on-Chip by Christian Neeb and Norbert Wehn and Workload Driven Synthesis.
Timed Automata.

Timed Automata.
Efficient Reachability Analysis for Verification of Asynchronous Systems Nishant Sinha.

Efficient Reachability Analysis for Verification of Asynchronous Systems Nishant Sinha.
Weakly endochronous systems Dumitru Potop-Butucaru IRISA, France Joint work with A. Benveniste and B. Caillaud.

Weakly endochronous systems Dumitru Potop-Butucaru IRISA, France Joint work with A. Benveniste and B. Caillaud.
Requirements on the Execution of Kahn Process Networks Marc Geilen and Twan Basten 11 April 2003 /e.

Requirements on the Execution of Kahn Process Networks Marc Geilen and Twan Basten 11 April 2003 /e.
1 Towards formal manipulations of scenarios represented by High-level Message Sequence Charts Loïc Hélouet Claude Jard Benoît Caillaud IRISA/PAMPA (INRIA/CNRS/Univ.

1 Towards formal manipulations of scenarios represented by High-level Message Sequence Charts Loïc Hélouet Claude Jard Benoît Caillaud IRISA/PAMPA (INRIA/CNRS/Univ.
An Automata-based Approach to Testing Properties in Event Traces H. Hallal, S. Boroday, A. Ulrich, A. Petrenko Sophia Antipolis, France, May 2003.

An Automata-based Approach to Testing Properties in Event Traces H. Hallal, S. Boroday, A. Ulrich, A. Petrenko Sophia Antipolis, France, May 2003.
Heterogeneous Reactive System Modeling and Correct-by-Construction Deployment nov. 2003 Luca Carloni UC Berkeley Alberto Sangiovanni-Vincentelli UC Berkeley.

Heterogeneous Reactive System Modeling and Correct-by-Construction Deployment nov Luca Carloni UC Berkeley Alberto Sangiovanni-Vincentelli UC Berkeley.
Hazard-free logic synthesis and technology mapping I Jordi Cortadella Michael Kishinevsky Alex Kondratyev Luciano Lavagno Alex Yakovlev Univ. Politècnica.

Hazard-free logic synthesis and technology mapping I Jordi Cortadella Michael Kishinevsky Alex Kondratyev Luciano Lavagno Alex Yakovlev Univ. Politècnica.
Hardware and Petri nets Synthesis of asynchronous circuits from Signal Transition Graphs.

Hardware and Petri nets Synthesis of asynchronous circuits from Signal Transition Graphs.
CS 151 Digital Systems Design Lecture 25 State Reduction and Assignment.

CS 151 Digital Systems Design Lecture 25 State Reduction and Assignment.
Page 1 Building Reliable Component-based Systems Chapter 16 - Component based embedded systems Chapter 16 Component based embedded systems.

Page 1 Building Reliable Component-based Systems Chapter 16 - Component based embedded systems Chapter 16 Component based embedded systems.
Formal Verification of Safety Properties in Timed Circuits Marco A. Peña (Univ. Politècnica de Catalunya) Jordi Cortadella (Univ. Politècnica de Catalunya)

Formal Verification of Safety Properties in Timed Circuits Marco A. Peña (Univ. Politècnica de Catalunya) Jordi Cortadella (Univ. Politècnica de Catalunya)
Introduction to asynchronous circuit design: specification and synthesis Part III: Advanced topics on synthesis of control circuits from STGs.

Introduction to asynchronous circuit design: specification and synthesis Part III: Advanced topics on synthesis of control circuits from STGs.
Core-based SoCs Testing Julien Pouget Embedded Systems Laboratory (ESLAB) Linköping University Julien Pouget Embedded Systems Laboratory (ESLAB) Linköping.

Core-based SoCs Testing Julien Pouget Embedded Systems Laboratory (ESLAB) Linköping University Julien Pouget Embedded Systems Laboratory (ESLAB) Linköping.
Traversal techniques for concurrent systems Marc Solé & Enric Pastor Departament of Computer Architecture UPC

Traversal techniques for concurrent systems Marc Solé & Enric Pastor Departament of Computer Architecture UPC

Similar presentations

Ads by Google