desynchronization and distributed deployment of synchronous systems albert benveniste – inria 2002
TRANSCRIPT
Desynchronization and distributed deployment of
synchronous systems
Albert Benveniste – Inria
2002
The problem
• Ensure a smooth migration throughout the different phases of embedded systems design
• As analysis reveals, the diversity of communication/concurrency paradigms, throughout the design process, is a serious difficulty
SystemFrom
Components
System on Chip
Control engineeringMatlab/Simulink…Domain specific
Functional aspects
Model engineeringUML
System architecture
Performance, timelinessFault-tolerance
Non-functional aspects
Deployment architectureMiddleware
Bus, protocolsTasks
Device
start()stop()
Operator<<Actor>>
0..*1 0..*1
controls
: Operator
: Device
start( )
stop( )
ControllingSite RemoteSite
TCP/IP
: Operator
: Device
Class diagram Sequence diagram
Statecharts
Idle
Active
start stop
Implementation diagram
SystemFrom
Components
Model engineeringUML
System architecture
Performance, timelinessFault-tolerance
Non-functional aspects
Control engineeringMatlab/Simulink…Domain specific
Functional aspects
System on Chip
Deployment architectureMiddleware
Bus, protocolsTasks
MultiformMultiformModel ofModel of
communicationcommunication
Model engineeringComponents
looseloose
timelinessNon-functional aspects
timedtimed
Functional modelsEquations + states
synchronoussynchronous
Code generationGlobally AsynchronousGlobally AsynchronousLocally SynchronousLocally Synchronous
TasksSchedulingScheduling
Time-triggeredTime-triggered
Zooming on
Synchrony&
Asynchrony
Synchrony
loop [ when X>0 then
[get Y ; emit Z=Y+pre(Y)] ] |||
[ present X then [ present Z then emit U=X+Z else emit V=2X ] ]
end
Synchrony
loop % unique non terminating while loop [ when X>0 then
[get Y ; emit Z=Y+pre(Y)] ] |||
[ present X then [ present Z then emit U=X+Z else emit V=2X ] ]
end
Synchrony
loop [ when X>0 then
[get Y ; emit Z=Y+pre(Y)] ] ||| % perfectly synchronous parallel composition
[ present X then [ present Z then emit U=X+Z else emit V=2X ] ]
end
Synchrony
loop [ when X>0 then
[get Y ; emit Z=Y+pre(Y)] ] |||
[ present X then [ present Z then emit U=X+Z else emit V=2X ] ]
end
Synchrony
loop [ when X>0 then
[get Y ; emit Z=Y+pre(Y)] ] |||
[ present X then [ present Z then emit U=X+Z else emit V=2X ] ]
end
?X 3 -2 5 0 -1 -3 2 1
?Y 2 1 5 3
!Z * 3 6 8
Synchrony
loop [ when X>0 then
[get Y ; emit Z=Y+pre(Y)] ] |||
[ present X then [ present Z then emit U=X+Z else emit V=2X ] ]
end
Synchrony
loop [ when X>0 then
[get Y ; emit Z=Y+pre(Y)] ] |||
[ present X then [ present Z then emit U=X+Z else emit V=2X ] ]
end
?X 3 -2 5 0 -1 -3 2 1
?Z * 3 6 8
!V -4 0 -2 -6
Synchrony
loop [ when X>0 then
[get Y ; emit Z=Y+pre(Y)] ] ||| % synchronizes the two blocks by unification
[ present X then [ present Z then emit U=X+Z else emit V=2X ] ]
end
Synchrony
loop [ when X>0 then
[get Y ; emit Z=Y+pre(Y)] ] ||| % synchronizes the two blocks by unification
[ present X then [ present Z then emit U=X+Z else emit V=2X ] ]
end
?X 3 -2 5 0 -1 -3 2 1
?Y 2 1 5 3
!Z * 3 6 8
?X 3 -2 5 0 -1 -3 2 1
?Z * 3 6 8
!V -4 0 -2 -6
V : set of typed variables; v can take value “absent”
State : valuation of V; Transition : pair of states
I : initial condition (set of states)
R : transition relation relating successive states
Run : sequence of R-consistent transitions
Formalizing synchrony
S = (V,I,R)
S ||| S’ = (VUV’,I&I’,R&R’)synch
Formalizing synchrony
S = (V,I,R)
S ||| S’ = (VUV’,I&I’,R&R’)•Alike systems of dynamical equations in maths, but with multiple time-indices
•Perfectly synchronous parallel composition amounts to combining two systems of equations
•No recursion, no dynamical creation, only a single non terminating while loop; body with nested “when”
•Much simpler than Milner’s CCS or Hoare’s CSP
From Synchrony to…
X
Y
V
Asynchrony
X
Y
V
Asynchrony
X
Y
V
Asynchrony
X
Y
V
Asynchrony
X
Y
V Assumes non synchronized,
point to point, re
liable channels
Formalizing Asynchrony
A = (V,)
V : set of typed variables; “absent” meaningless
Flow : sequence of values, for a given variable
Run : tuple of flows
: set of runs
A || A’ = (VUV’, & ’)asynch
Formalizing Asynchrony
A = (V,)
A || A’ = (VUV’, & ’)
A A’Point to point, non
synchronized, channels
Synchrony/Asynchrony
XYV
XYV
?
OK
Some synchronous systems are robust against Asynchronous
environment(a property on infinite runs)
syn
chro
no
us
asynchronous
For these synchronous systems, desynchronization is injective
XYV
XYV
OK
OK
They can be characterized: endochrony
(a property on finite objects)sy
nch
ron
ou
s
asynchronous
Endochrony: example, counterexample
loop [ when X>0 then
[get Y ; emit Z=Y+pre(Y)] ] |||
[ present X then [ present Z then emit U=X+Z else emit V=2X ] ]
end
?X 3 -2 5 0 -1 -3 2 1
?Y 2 1 5 3
!Z * 3 6 8
Endochrony: example, counterexample
loop [ when X>0 then
[get Y ; emit Z=Y+pre(Y)] ] |||
[ present X then [ present Z then emit U=X+Z else emit V=2X ] ]
end
?X 3 -2 5 0 -1 -3 2 1
?Z * 3 6 8
!V -4 0 -2 -6
Formalizing endochrony
For W,W’ subsets of V : W W’ iff knowing the value of variables belonging to W determines the status present/absent for all variables of W’
Empty = W0 W1 W2 … Wmax
S is endochronous iff Wmax = V holds
S = (V,I,R)
Endochrony is model-checkable, and can be synthesized
Syn
chro
no
us
exo
chro
no
us
wra
pp
er
A wrapper to enforce endochrony
loop [ when C=1 then present(X,Z)
else when C=2 then present(X)] |||
[ present X then [ present Z then emit U=X+Z else emit V=2X ] ]
end
Some pairs of systems are robust against Asynchronous
communications(a property on infinite runs)
syn
chro
no
us
syn
chro
no
us
asynchronous
They can be characterized: isochrony
(a property on finite objects)sy
nch
ron
ou
s
syn
chro
no
us
asynchronous
Formalizing isochrony
S = (V,I,R) , S ||| S’ = (VUV’,I&I’,R&R’)
R & R’ unify pairs of transitions which agree on the values of their common variables (including status present/absent)
R &w R’ unify pairs of transitions which agree on the values of their common present variables
Isochrony : R & R’ coincides with R &w R’
Syn
chro
no
us
Pairs can be given a wrapper which makes them
isochronous(alike protocol generation)
Syn
chro
no
us
wrap
perw
rap
per
enforce isochrony
GALS architectures as endo/isochronous
networks
iso
endo
Isochrony is compositional
iso
endo
This theory is useful for:
• Generating code, from a synchronous functional architecture, to a GALS architecture
• Handling hybrid synchro/asynchro models at design exploration phase, by performing virtual prototyping
Further issues
• The assumed model of asynchronous communication requires blocking communication: not always acceptable
• Bus infrastructures for distributed control systems are typically non-blocking and time-triggered
Bus for distributed control: loosely synchronized
clocksA small
protocol can emulate our
previous model of
asynchrony
In use, e.g., at Airbus
CONCLUSION
Most of the work presented is due to:
•The community on Synchronous Languages
•ESTEREL (G. Berry,…)
•LUSTRE (P. Caspi, N. Halbwachs,…)
•SIGNAL (P. Le Guernic, A. Benveniste,…)
•The Berkeley community
•PTOLEMY (Ed Lee,…)
•The METROPOLIS project at Cadence (Sangiovanni-Vincentelli,…)
•Supported by vendors (Esterel-Technologies, TNI-Valiosys, and others)
Distributed computing can be
non-high performance
Distributed by the physics; made from
components
Correctness is a major issue
Study models of computation & communication
This is relevant and modern research !!