A Novel WCET Semantics of Synchronous Programs Michael Mendler 1 - - PowerPoint PPT Presentation

a novel wcet semantics of synchronous programs
SMART_READER_LITE
LIVE PREVIEW

A Novel WCET Semantics of Synchronous Programs Michael Mendler 1 - - PowerPoint PPT Presentation

Sep 19, 2023 308 likes •500 views

A Novel WCET Semantics of Synchronous Programs Michael Mendler 1 Partha S Roop 2 , 4 Bruno Bodin 3 Bamberg University, Germany University of Auckland, New Zealand University of Edinburgh, United Kingdom Mercator Fellow, Bamberg University,

slide-1
SLIDE 1

A Novel WCET Semantics

  • f Synchronous Programs

Michael Mendler1 Partha S Roop2,4 Bruno Bodin3

Bamberg University, Germany University of Auckland, New Zealand University of Edinburgh, United Kingdom Mercator Fellow, Bamberg University, Germany

SYNCHRON’16, Bamberg (Germany), 07 December 2016

slide-2
SLIDE 2

Introduction

Reactive Systems and Synchronous Languages

Reactive systems are expected To have a short delay of reaction, and to be correct. Synchronous programming languages capture this behaviour: formal operational or denotational models for verification unambiguous semantics-preserving compilation.

Introduction IO-BTCA Algebra WCET Conclusion

2 / 17

slide-3
SLIDE 3

Introduction

Time matters

Synchronous programs are highly time critical. This problem is modeled by the Worse-Case Execution Time. What is the longest reaction time of the system ? Also known as the Worst Case Reaction Time. Numerous solutions exist, but those contribution solve the WCET for platform specific cases. We miss a generalisation that considers time-abstract executions and the nuances of the underlying execution platform from the point of view of WCET.

Introduction IO-BTCA Algebra WCET Conclusion

3 / 17

slide-4
SLIDE 4

Introduction

Our proposition

We propose a time-aware semantics for synchronous programs : An algebraic approach (min-max-plus) Based on formal power series Which combine

linear system theory for timing, and Gödel-Dummet logic for functional specification,

Compositional: can describe the WCET behaviour of individual threads, their concurrent and hierarchical compositions It can be used to integrate existing WCET analysis tools into functional compilation, to design new compositional timing analysis and to interface with temporal-logic based model checking.

Introduction IO-BTCA Algebra WCET Conclusion

4 / 17

slide-5
SLIDE 5

Introduction

Context

SCCharts [vHDM+14] Precision timed architectures [EL07] Thread-interleaved pipelines

Sequencer_signal input signal a,start

  • utput signal done

[-]

Enabled signal b,c,d

[-] cC

C1 C0

b d

[-] cB

B1 B0

a / b c / done

[-] cA

A1 A0 A2

Disabled start done b / d / c Region "Enabled" Concurrent regions Initial state

Introduction IO-BTCA Algebra WCET Conclusion

5 / 17

slide-6
SLIDE 6

IO-BTCA

Definition

i/8/ ¬i/5/

A6 A0 A1 A2 A3 A4

/7/start /21/ /31/ ¬ping/18/ ping/20/pong ¬v/32/ /24/ /12/

A5

A

States Transitions Ticks guards signals delays

Introduction IO-BTCA Algebra WCET Conclusion

6 / 17

slide-7
SLIDE 7

IO-BTCA

Parallel composition

A0 A1

en/1/ dis/1/

cA

A2

¬dis∧b/16/ /40/d /8/c

BD B0 B1

en/1/ ¬dis∧a/17/b c/6/done dis/1/

cB

CD C0 C1

en/1/ ¬dis∧b/4/ d/3/ dis/13/

cC

¬en/0/ ¬dis∧¬b/0/ ¬d/0/ ¬en/0/ ¬dis∧¬a/0/ ¬c/0/ ¬en/0/ ¬dis∧¬b/0/

tick(AD) AD

t i c k 1 tick n and m+2 t i c k m tick m+1 tick m+1 t i c k m tick 1 tick n and m+2

We have a Tick Alignement Problem.

Introduction IO-BTCA Algebra WCET Conclusion

7 / 17

slide-8
SLIDE 8

Algebra

semi-ring structure

Our timing analysis will be expressed in the discrete max-plus structured over natural numbers (N∞, ⊕, ⊙, 0, 1) : N∞ =df N ∪ {−∞, +∞} ⊕ stands for the maximum ⊙ for the addition. 0 =df −∞ 1 =df 0, A commutative and idempotent semi-ring on N∞.

Example

4 ⊕ (5 ⊙ 2) = max(4, 5 + 2) = 7 (4 ⊕ 5) ⊙ (4 ⊕ 2) = max(4, 5) + max(4, 2) = 9

Introduction IO-BTCA Algebra WCET Conclusion

8 / 17

slide-9
SLIDE 9

Algebra

Logical interpretation

The order structure (N∞, ≤, −∞, +∞) is a complete lattice. Max-plus is widely used for discrete event system analysis. But this lattice structure also supports logical reasoning We can define a logical interpretation (N∞, ∧, ∨, ⊃, ⊥, ⊤) N∞ measures the presence or absence of a signal ⊥ or 0 = −∞ indicates that a signal is absent, ⊤ or +∞ indicates present eventually, All other stabilisation values d ∈ N codify bounded presence

Introduction IO-BTCA Algebra WCET Conclusion

9 / 17

slide-10
SLIDE 10

Algebra

Constructive logic

We defined The semiring structure (N∞, ⊕, ⊙, 0, 1), and the logical interpretation (N∞, ∧, ∨, ⊃, ⊥, ⊤) They are equally important. The former to calculate WCET timing and the latter to express signals and reaction behaviour. Both are overlapping with the identities ⊕ = ∨ and 0 = ⊥. Every element in N∞ is at the same time a delay value and a constructive truth value.

Introduction IO-BTCA Algebra WCET Conclusion

10 / 17

slide-11
SLIDE 11

Algebra

Formal Max-Plus Power Series Definition (max-plus formal power series)

A (max-plus) formal power series is a (finite or ω-infinite) sequence A =

  • i≥0

aiX i = a0 ⊕ a1 X ⊕ a2 X 2 ⊕ a3 X 3 · · · (1) with ai ∈ N∞ and where exponentiation is repeated multiplication, i.e., X 0 = 1 and X k+1 = X X k = X ⊙ X k. A formal power series stores an infinite sequence of numbers a0, a1, a2, a3, . . . as the scalar coefficients of the base polynomials X i. Such a power series may model an automaton’s timing behaviour measuring the time cost to complete each tick or to reach a given state in given tick. However, A could also be used to model a signal.

Introduction IO-BTCA Algebra WCET Conclusion

11 / 17

slide-12
SLIDE 12

WCET

Definition

CD C0 C1

cC

en/1/ 2:b/4/ 1:dis/13/ d/3/

Let us now consider the IO-BTCA cC, wcet(cC) = wcet(CD) ⊕ wcet(C0) ⊕ wcet(C1). Here is state CD: wcet(CD)(0) = 1 wcet(CD)(n + 1) = (¬en(n + 1) ∧ (0 ⊙ (1 ∧ wcet(CD)(n)))) ⊕ (dis(n + 1) ∧ (13 ⊙ wcet(C0)(n + 1)))

Introduction IO-BTCA Algebra WCET Conclusion

12 / 17

slide-13
SLIDE 13

WCET

The cost series wcet(En) =

i≥0 wcet(En)(i) X i is the parallel

composition (tick-wise addition) of the constituent automata’s tick cost series, wcet(En) = wcet(hC) wcet(cA) wcet(cB) wcet(cC). (2)

Introduction IO-BTCA Algebra WCET Conclusion

13 / 17

slide-14
SLIDE 14

WCET

Approximations

This algebra introduce several approximation opportunities: Signal Abstraction Tick Alignement Abstraction Environment Abstraction ... We already modeled two WCET computation methods: Max-Plus Approach (common approximation) Tick Alignement Sensitive Approach (closed to [WRA13])

Introduction IO-BTCA Algebra WCET Conclusion

14 / 17

slide-15
SLIDE 15

WCET

Iterative feasibility analysis.

We define : clk(S) = tick(wcet(S)) = X ⊙ (1ω ∧ wcet(S)) The clock of S giving full reachability information for a state S across all ticks and depending on all signals. Then with our algebra we can intersect two clocks clk(DisC) ∧ clk(A1) and find that clk(DisC) ∧ clk(A1) = 0ω, i.e., both clock are incompatible.

Introduction IO-BTCA Algebra WCET Conclusion

15 / 17

slide-16
SLIDE 16

WCET

By applying this result in the approximated model : ... We then are able to refine the approximation. wcet(En) ≤ (wcetDisC(hC) wcetA0(cA)) wcetabs(cB) wcetabs(cC)) = 0 : 12 : 26 : 41ω 0 : 2 : 17ω 0 : 14 : 14 : 16ω = 0 : 28 : 57 : 74ω Tighter than the max-plus result 0 : 28 : 57 : 83ω.

Introduction IO-BTCA Algebra WCET Conclusion

16 / 17

slide-17
SLIDE 17

Conclusion

Design of safety-critical systems need both functional and timing correctness. We developped a comprehensive semantics of synchronous languages using min-max-plus Gödel-Dummett algebra. This models, precisely, the tick-based lock-step execution of the threads, by formalising the tick alignment problem. Formalises the modelling of signals and the signal dependency between the threads. Future works: Developement of a timing analysis tools for the SCCharts Link the semantics to existing approaches

Introduction IO-BTCA Algebra WCET Conclusion

17 / 17

slide-18
SLIDE 18

Questions

Introduction IO-BTCA Algebra WCET Conclusion

17 / 17