A Programming Model for Reconfigurable Computing Based in Functional - PowerPoint PPT Presentation

A Programming Model for Reconfigurable Computing Based in Functional Concurrency Bill Harrison, Ian Graves, Adam Procter, Michela Becchi, & Gerard Allwein ReCoSoC 2016

Introduction Mission/Safety-critical, ∗ Reconfigurable ∗ Systems ◮ Highly (Re)configurable Architectures/FPGAs ◮ Many Specially Tailored, “One Off” Components ◮ Reuse of Off-the-shelf components ◮ “Mix and Match” comes to Hardware ◮ Challenge: High Assurance in this environment ◮ Want the flexibility and speed of development ◮ . . . but also need formal guarantees of security & safety for critical systems Bill Harrison ReCoSoC16 2 / 20

Introduction Mission/Safety-critical, ∗ Reconfigurable ∗ Systems ◮ Highly (Re)configurable Architectures/FPGAs ◮ Many Specially Tailored, “One Off” Components ◮ Reuse of Off-the-shelf components ◮ “Mix and Match” comes to Hardware ◮ Challenge: High Assurance in this environment ◮ Want the flexibility and speed of development ◮ . . . but also need formal guarantees of security & safety for critical systems ◮ Unpleasant Reality: Traditional HW Verification cannot cope with “Mix & Match” ◮ Too slow & expensive for “one off” components ◮ Why? Time spent “formalizing” hardware design Bill Harrison ReCoSoC16 2 / 20

Introduction Language-based Approach to High Assurance Hardware FILLER ◮ “The Three P’s” Productivity ◮ DSLs & Language Provability Virtualization ◮ Delite [Olukoton,Ienne] ◮ ReWire ◮ Fourth P: Provability ◮ Rigorous Semantics supports High Assurance Performance Portability ◮ Security & Safety Properties ◮ Formal Methods Productivity Bill Harrison ReCoSoC16 3 / 20

Introduction Focus on Productivity A Programming Model for Reconfigurable Computing Based in Functional Concurrency ◮ Recent Work: Productivity ◮ Provability [FPT15] ◮ Performance [ARC15] Provability ◮ Portability [LCTES15] ◮ Software Engineering “Virtues” ◮ Abstraction, Modularity, Program Comprehension, etc. ◮ ReWire Performance Portability ◮ Functional Language supporting Concurrency ◮ ...thereby common concurrency templates Bill Harrison ReCoSoC16 4 / 20

Background ReWire Functional Hardware Description Language ReWire Compiler Haskell VHDL Synthesizable ReWire VHDL ◮ Inherits Haskell’s good qualities ◮ Pure functions & types, monads, equational reasoning, etc. ◮ Formal denotational semantics [HarrisonKieburtz05,Harrison05] ◮ Language design identifies HW representable programs ◮ Mainly restrictions on recursion in functions and data ◮ Built-in abstractions for clocked/parallel computations ◮ “Connect Logic”: Types & operators for HW abstractions. Bill Harrison ReCoSoC16 5 / 20

Background Reasoning about ReWire Programs Ordinary Equational Reasoning on Functional Programs: e 1 = e 2 = . . . = e n replaces “equals for equals”, uses induction/coinduction, etc. Bill Harrison ReCoSoC16 6 / 20

Background Reasoning about ReWire Programs Ordinary Equational Reasoning on Functional Programs: e 1 = e 2 = . . . = e n replaces “equals for equals”, uses induction/coinduction, etc. Ex: Hardware Verification from [FPT15] Theorem (Correctness of Iterative Salsa20) For all nonces n , n 0 , . . . , n 9 :: W 128 and input streams is of the form [( High , n ) , ( Low , n 0 ) , · · · , ( Low , n 9 ) , . . . ] , then: salsa20 n = nth 10 ( feed is sls20dev ) Bill Harrison ReCoSoC16 6 / 20

ReWire Programming Model Abstract Types for Devices ◮ Built-in Type Dev i o ◮ Parameterized by input and output types, i and o o ◮ Construct devices by building Dev i o values with constructors ◮ ReWire compiler translates Dev i o into d clk synthesizable VHDL ◮ Dev i o is a “reactive resumption monad” i ◮ Algebraic structure for clocked, synchronous parallelism ◮ Useful for specifying secure systems [LCTES15,JCS09] Bill Harrison ReCoSoC16 7 / 20

ReWire Programming Model Constructors for Devices Iteration Constructor d = iter f o f(i t ) iter :: (i -> o) -> o -> d Dev i o i t+1 Bill Harrison ReCoSoC16 8 / 20

ReWire Programming Model Constructors for Devices Parallelism Constructor d1 <&> d2 (o1,o2) <&> :: Dev i1 o1 -> Dev i2 o2 -> Dev (i1,i2) (o1,o2) = d1 d2 (i1,i2) Bill Harrison ReCoSoC16 9 / 20

ReWire Programming Model Constructors for Devices Feedback Constructor refold out conn d o’= out o refold :: (o1 -> o2) -> o (o1 -> i2 -> i1) -> Dev i1 o1 -> d Dev i2 o2 i conn i’ Bill Harrison ReCoSoC16 10 / 20

ReWire Programming Model Implementing Devices Representing Dev i o as a circuit o D Q output current o signal clk state (comb. logic) d clk i D Q next current state i input (comb. logic) Bill Harrison ReCoSoC16 11 / 20

Concurrency Templates Mutex Mealy Machines Ex: Mealy Machine for Mutex (_,_)/(LockGrant,NullRsp)5 Left Locked Unlocked (_,_)/(NullRsp,LockGrant)5 Right (_,_)5/(NullRsp,NullRsp)5 Locked Bill Harrison ReCoSoC16 12 / 20

Concurrency Templates Mutex Implementing Mealy Machines in Connect Logic (_,_)/(LockGrant,NullRsp)5 Left Locked Unlocked (_,_)/(NullRsp,LockGrant)5 Right (_,_)5/(NullRsp,NullRsp)5 Locked Bill Harrison ReCoSoC16 13 / 20

Concurrency Templates Mutex Implementing Mealy Machines in Connect Logic States data State = Unlocked | LeftLocked | RightLocked data Req = ReqLock | Release | NullReq data Rsp = LockGrant | Ack | NullRsp (_,_)/(LockGrant,NullRsp)5 Left Locked Unlocked (_,_)/(NullRsp,LockGrant)5 Right (_,_)5/(NullRsp,NullRsp)5 Locked Bill Harrison ReCoSoC16 13 / 20

Concurrency Templates Mutex Implementing Mealy Machines in Connect Logic States data State = Unlocked | LeftLocked | RightLocked data Req = ReqLock | Release | NullReq data Rsp = LockGrant | Ack | NullRsp Transition Function (_,_)/(LockGrant,NullRsp)5 delta :: State -> (Req,Req) -> (State,(Rsp,Rsp)) delta Unlocked (ReqLock,_) = (LeftLocked, (LockGrant,NullRsp)) Left Locked delta Unlocked (_,ReqLock) = (RightLocked, (NullRsp,LockGrant)) delta Unlocked (_,_) = (Unlocked, (NullRsp,NullRsp)) delta LeftLocked (Release,_) Unlocked = (Unlocked, (Ack,NullRsp)) (_,_)/(NullRsp,LockGrant)5 delta LeftLocked (_,_) = (LeftLocked, (LockGrant,NullRsp)) delta RightLocked (_,Release) Right (_,_)5/(NullRsp,NullRsp)5 = (Unlocked, (NullRsp,Ack)) Locked delta RightLocked (_,_) = (RightLocked, (NullRsp,LockGrant)) Bill Harrison ReCoSoC16 13 / 20

Concurrency Templates Mutex Implementing Mealy Machines in Connect Logic States data State = Unlocked | LeftLocked | RightLocked data Req = ReqLock | Release | NullReq data Rsp = LockGrant | Ack | NullRsp Transition Function (_,_)/(LockGrant,NullRsp)5 delta :: State -> (Req,Req) -> (State,(Rsp,Rsp)) delta Unlocked (ReqLock,_) = (LeftLocked, (LockGrant,NullRsp)) Left Locked delta Unlocked (_,ReqLock) = (RightLocked, (NullRsp,LockGrant)) delta Unlocked (_,_) = (Unlocked, (NullRsp,NullRsp)) delta LeftLocked (Release,_) Unlocked = (Unlocked, (Ack,NullRsp)) (_,_)/(NullRsp,LockGrant)5 delta LeftLocked (_,_) = (LeftLocked, (LockGrant,NullRsp)) delta RightLocked (_,Release) Right (_,_)5/(NullRsp,NullRsp)5 = (Unlocked, (NullRsp,Ack)) Locked delta RightLocked (_,_) = (RightLocked, (NullRsp,LockGrant)) ReWire Device mutex :: Dev (Req, Req) (Rsp, Rsp) mutex = iterS delta (Unlocked,(NullRsp,NullRsp)) Bill Harrison ReCoSoC16 13 / 20

Concurrency Templates Triple Modular Redundancy Simple Triple Modular Redundancy The Rule of Three i fan dev dev dev vote o Bill Harrison ReCoSoC16 14 / 20

Concurrency Templates Triple Modular Redundancy Simple Triple Modular Redundancy The Rule of Three i vote :: (a,a,a) -> a fan vote (a1,a2,a3) | a1 == a2 = a1 | a1 == a3 = a1 | a2 == a3 = a2 dev dev dev | otherwise = a1 fan :: a -> i -> (i,i,i) fan _ i = (i,i,i) vote tmr :: Dev i o -> Dev i o tmr dev = refold vote fan (dev <&> dev <&> dev) o Bill Harrison ReCoSoC16 14 / 20

Concurrency Templates Device Synchronization Programming Synchronization Barriers d1 Busy d2 Complete Barrier Continue Bill Harrison ReCoSoC16 15 / 20

Concurrency Templates Device Synchronization Programming Synchronization Barriers data Status a = Busy | Complete a barrier :: Dev i1 (Status o1) -> Dev i2 (Status o2) -> Dev (i1,i2) (Status (o1,o2)) barrier d1 d2 = d1 refold out inp Busy ( makeStall d1 <&> makeStall d2 ) where d2 inp (Busy,Busy) (i1,i2) Complete = (Continue i1,Continue i2) Barrier inp (Complete l,Busy) (i1,i2) = (Stall, Continue i2) inp (Busy,Complete r) (i1,i2) Continue = (Continue i1,Stall) inp (Complete l,Complete r) (i1,i2) = (Continue i1,Continue i2) out (Busy,_) = Busy out (_,Busy) = Busy out (Complete a,Complete b) = Complete (a,b) Bill Harrison ReCoSoC16 15 / 20

Concurrency Templates System Integration A Dual Core System realized in ReWire dlx H dlx L memCtrl memory dlx ℓ :: Dev (Instr ℓ ,Rsp ℓ ) (Next ℓ ,Req ℓ ) memCtrl :: Dev (Data,Req H ,Req L ) (Req,Rsp H ,Rsp L ) memory :: Dev Req Data system :: Dev (Instr H ,Instr L ) (Next H ,Next L ) system = refold systemOut systemIn ( dlx H <&> dlx L <&> memCtrl <&> memory ) Bill Harrison ReCoSoC16 16 / 20

Concurrency Templates System Integration The Memory Controller Pattern reqMaster rspMaster Bill Harrison ReCoSoC16 17 / 20