1 / 26

Correct-by-construction asynchronous implementation of modular synchronous specifications

Correct-by-construction asynchronous implementation of modular synchronous specifications. Jacky Potop Benoît Caillaud Albert Benveniste. IRISA, France. Outline. Motivation: Asynchronous implementation of synchronous specifications GALS architectures Desired implementation Formal model

cala
Download Presentation

Correct-by-construction asynchronous implementation of modular synchronous specifications

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Correct-by-construction asynchronous implementation of modular synchronous specifications Jacky Potop Benoît Caillaud Albert Benveniste IRISA, France

  2. Outline • Motivation: Asynchronous implementation of synchronous specifications • GALS architectures • Desired implementation • Formal model • Correctness • Correctness criteria • Microstep weak endochrony • Microstep weak isochrony • Conclusion

  3. Synchrony, asynchrony, GALS • Synchronous specification • Global clock  specification, verification • Popular, efficient tools for system design (digital circuits, safety-critical systems) • Distributed implementation • Distributed software, complex digital circuits (SoC), heterogenous systems • Loosely-connected components(asynchronous FIFOs...) • GALS architectures= good implementation model • Synchronous components, asynchronous communication • Problem: preserve the semantic coherency between a synchronous specification and its GALS implementation

  4. What we want • Take a modular synchronous specification IP1 IP2 clock

  5. What we want • Take a modular synchronous specification • Replace comm. with asynchronous FIFOs, wrappers • Preserve: • Functionality • Correctness • No “extra” traces • No deadlocks (Kahn processes) IP1 IP2 Delay-insensitive component IP1 AFSM

  6. Previous work • Latency-insensitive systems • Carloni & Sangiovanni-Vincentelli (1999) • Goal: independence from communication delays • Global synchrony: system speed = slowest component speed • Endo/isochronous systems • Benveniste, Caillaud, Le Guernic (1999) • Version: Generalized latency-insensitive circuits (Singh, Theobald, 2003) • Goals: • minimize communication • maximize concurrency, independence between system components • Results work only for 2 components!

  7. Previous work • Weakly endo/isochronous systems • Potop, Caillaud, Benveniste (2004) • Goals: • further minimize communication by exploiting intra-component concurrency • Compositionality • Synchronous Mazurkiewicz traces • Does not handle causality and communication deadlocks • This work: microstep weakly endo/iso systems • Goal: take into account causality and composition through read/write mechanisms .

  8. Our approach • Define a model and criteria insuring that: • Creating delay-insensitive wrappers that preserve the semantics is possible without adding new signals • Connecting through FIFOs the resulting components produces a semantics-preserving, deadlock-free GALS implementation • Make given components satisfy the criteria: • Possible solutions • Encode (part of) the “absent” events (Carloni et al.) • Add new signals • Decide that none is necessary due to environment constraints • Efficient sw/hw implementation • Sync./async. synthesis techniques, GALS-specific communication schemes, etc.

  9. The model: basic definitions • The basics: (incomplete) automata •  = (S,s0,V,),  SL(V)S, L(V)= • Composition by synchronized product: • Renaming operator: • Labels Finite traces: A=1 B= C=3 2  = 0 1 0 0,0 1,2 A=1 B= D= A=1 B= C=3 D= A=1 B=7 C=3 1 1[D/C] : 0 1 A=1 B= C= A=1 B= C=3 A=1 C=3 A=1 C=3 A=1 B=7 C=3 A=1 C=3 – A=1 = C=3 A=1 C=3 ; B=2 ; ; A=1 C=3 ; B=2 ; ;  A=1 C=3 ; B=2 ; ; A=2;

  10. 2 A=1 B=7 B=7 A=1 3 The model: basic definitions  s s • Generalized concurrent transition systems(GCTS) • Void transitions: • Prefix closure: • Example: r s s’ q r-q  s s’’ s’ q r A=1 B=7 0 1

  11. The model: I/O transition systems • Point-to-point communication: • Broad/Multicast can be simulated… • Communication channels: c = (!c,?c) D!c=D?c=Dc • Dissociate emission from reception! • Clocks:1… of domain Dclk={T} • I/O transition system: • GCTS where all variables are channels or clocks • Example: 12 2 4 !A=2  !A=1 0 1 ?B ?R=4 ?R=3 3 1

  12. The model: synchronous systems • Synchronous system:  = (S,s0,V,,) I/O transition system, one clock, and satisfying: • Clock transitions: • Stuttering invariance: • Synchrony hypothesis: • Example: r s s’  r equals over V r()= T     s0 s0 s s’ s’ r1 r2 rn … s0 s1 sn supp(ri)supp(rj) =  for all i  j  ri 1 ?B 2 1 !A 0 1 1 ?R 3

  13. The model : composition • Synchronous 1-place FIFO: • Synchronous composition (on clock  ) : • Asynchronous FIFO: • Asynchronous composition: !c=x ?c=x for all xDc SFIFO(c, ): c0 cx c1  1|2 = 1[1/]  2[2/]  SFIFO(c1, )  …  SFIFO(cn, ) ?c=x1 !c=xn+1 AFIFO(c): x1…xn x1…xn+1 x2…xn for all x1,…,xn,xn+1Dc 1||2 = 1  2  AFIFO(c1)  …  AFIFO(cn)

  14. The model : composition 1|2 1||2 1 2 1 2  1 2 !A !A !B !B 1 ?B ?B ?A ?A !C !C ?C ?C  2 !A !A 1 ?A ?A !C !C x

  15. !A ?A a0  !B ?B b0  !A ?A 0,0 1,0 1,1  1|2 : ?R ?R 3,0 3,1  3,2 3,3 ?A !B  2 2 2 1,2 ,12 1,2 ,12 2 !A ?A !B ?B 0,0 1,0 1,1 1,2 1,3 2,3 ?B 1||2 : ?R ?R ?R ?R !B  B 3,0 3,1 2 3,2 3,3 ?A ?A !B 1,2 ,12 1 1,2 ,12 !A  A Example 1 2 ?B 2 2 1: 1 !A 2: 2 ?A !B 2 0 1 0 1 2 3 ?R 3 1

  16. Example 1 2 1 ?B 2 ?R 2 3: 1 !A 2: 2 ?A !B 2 0 1 4 0 1 2 3 ?R ?B 3 1  !A ?A 0,0 1,0 1,1 3|2 : ?R ?R 3,0 3,1  3,2 3,3 4,3 ?A !B ?B   2 2 2 1,2 ,12 1,2 ,12 2 !A ?A !B ?B 0,0 1,0 1,1 1,2 1,3 2,3 3||2 : ?R ?R ?R ?R ?R 3,0 3,1 2 3,2 3,3 4,3 ?A !B ?B 1,2 ,12 1 1,2 ,12 1,2 ,12

  17. Correctness !A=1 ;1; ?A=1 ;2; !C=3 ; !A=1 ?A=1 ;12; !C=3 ;2; • Some notations: • Formal correctness criterion 1||…||nis correct w.r.t. 1|…|n if for all s  RSS(1|…|n) and all   Traces 1||…||n(s) there exist   Traces 1||…||n(s) and   Traces 1|…|n(s) such that   and    • Intuition: every trace of 1||…||n can be completed to one that is equivalent to a synchronous trace !A=1 ;1;2; !C=3 ; !A=1 ?A=1 ;12; !C=3 ;2;

  18. Microstep weak endochrony • Compositional delay-insensitivity criterion (signal absence information is not needed) • Axioms (part 1): A1: Determinism A2: In every state, non-clock transitions sharing no common variable are independent . ?B ?R !A=1 ?B?R ?A !B ?R ?B !A=2

  19. Microstep weak endochrony • Axioms (continued): A1: Determinism A2: In every state, non-clock transitions sharing no common variable are independent A3: Non-contradictory reactions can be united A4: Choice does not change with time .   ?R  ?B ?B ?R    ?R ?R ?B   ?B r1 rn … s0 sn ?V=y s0 ?V=x  s0 ?V=x sn ?V=y Vsupp(ri) sn

  20. Example 1 ?B 2 1: 1 !A 0 1 ?R 3 1

  21. Example 1 ?B ?D=0 2’ 2 1’: 1 !A 0 1 ?R ?D=1 3’ 3 1

  22. Example 1 1 ?B 1 ?D=0 2’ 2 ?B 2 ?R 1’: 1 !A 3: 1 !A 0 1 0 1 4 ?R ?D=1 ?R ?B 3’ 3 3 1 1

  23. Microstep weak isochrony • Semantics preservation criterion 1,…,nare microstep weakly isochronous if for all s  RSS(1|…|n) and all   Traces 1|…|n(s) maximal and containing no clock transition, there exists   Traces 1|…|n(s) non-void such that   and ;  Traces 1|…|n(s)

  24. Example 1 ?B ?D=0 2’ 2 1’: 1 !A 0 1 ?R ?D=1 3’ 3 1 2 2 !B 4: 2 ?A 0 1 !Y 3 2

  25. Example 1 ?B ?D=0 2’ 2 1’: 1 !A 0 1 ?R ?D=1 3’ 3 1 2 !B 2’ 2 !D=0 4’: 2 ?A 0 1 !Y !D=1 3’ 3 2

  26. Conclusion • Decidable criteria for GALS implementation of synchronous specifications • Covers causality and read/write communication • Compositionality, concurrency • Future: Synthesis • Make synchronous automata weakly endo/isochronous. Optimality issues. • Heuristics for actual synchronous languages and specifications. Scaling issues (large specifications). • GALS circuits using asynchronous logic • Deal with mode changing latency

More Related