The 7th International Workshop on Java Technologies for Real-time and - - PowerPoint PPT Presentation

the 7th international workshop on java technologies for
SMART_READER_LITE
LIVE PREVIEW

The 7th International Workshop on Java Technologies for Real-time and - - PowerPoint PPT Presentation

Nov 11, 2022 441 likes •788 views

The 7th International Workshop on Java Technologies for Real-time and Embedded Systems September 24, 2009 Jean-Pierre Talpin, INRIA Virtual prototyping Simulation Verification Virtual machines Models of architectures Models of concurrency Plan Why

slide-1
SLIDE 1

The 7th International Workshop on Java Technologies for Real-time and Embedded Systems

September 24, 2009 Jean-Pierre Talpin, INRIA

slide-2
SLIDE 2

Virtual prototyping Simulation Verification Virtual machines Models of architectures Models of concurrency

slide-3
SLIDE 3

Plan Why ? The issue we address How ? Synchronous modeling Introduction to polychrony Modeling programs by data-flow equations Modeling threads, scheduler, resources Applications Conclusions

slide-4
SLIDE 4

Java Statemate Simulink Scade Rhapsody … CAN JVM ARINC 653 AADL Flexray ECU

Heterogeneity

  • f skills,

teams, tools, methods

slide-5
SLIDE 5

co-modeling

analyse simulate map

Java Statemate Simulink Scade Rhapsody … CAN JVM ARINC 653 AADL Flexray ECU …

slide-6
SLIDE 6

Engineering Mathematics Composition is easy Execution is hard Composition is hard Execution is easy Synchronous modeling Synchronous composition is easier Code generation is a bit harder => Generating code by solving equations in a specific model of computation

slide-7
SLIDE 7

Composition of equations over signals x = f (y , z) equation P | Q composition P / x restriction A signal x, y, z is a discrete stream of values Values of a signal x are sampled at a clock ^x 0 1 2 3 4 ...

x ^x

slide-8
SLIDE 8

x = y + z

y z

4 2 3 1 8 7 2 0 ... 9 1 8 3 2 0 5 1 ... 13 3 11 4 10 7 7 1...

x

slide-9
SLIDE 9

x = pre y v

y

4 2 3 1 8 7 2 0 ...

x

v 4 2 3 1 8 7 2 ...

slide-10
SLIDE 10

x = y when z

y

4 2 3 1 8 7 2 0 ...

x

3 7 0 ...

z

t t f t f t ...

slide-11
SLIDE 11

x = y default z

y z

4 3 1 2 ... 9 1 8 3 2 0 5 ...

x

4 9 1 3 1 3 2 2 5

slide-12
SLIDE 12

C, C++, SystemC, Java SIGNAL GCC SSA Verification

automatic automatic automatic

Model of concurrency

templates

slide-13
SLIDE 13

int ones (int data) { int c, d; d = data; c = 0; while (d) { c += (d & 1); d >>= 1; } return c; } bb_0 : d1 = data; c1 = 0; L2 : return c3; L0 : d3 = phi (d1, d2); c3 = phi (c1, c2); if d3 goto L2; L1 : c2 = (d3 & 1) + c3 d2 = d3 >>1; goto L0;

slide-14
SLIDE 14

bb_0 : d1 = data; c1 = 0; L2 : return c3; L0 : d3 = phi (d1, d2); c3 = phi (c1, c2); if d3 goto L2; L1 : c2 = (d3 & 1) + c3 d2 = d3 >>1; goto L0; bb_0 = pre false true d1 = data when bb_0 c_1 = 0 when bb_0 L0 = true when bb_0 default pre L1 false d3 = d1 when bb_0 default d2 when L1 c3 = c1 when bb_0 default c2 when L1 L1 = true when L0 when not d3 c2 = d3 & 1 + c3 when L1 d2 = d3 >> 1 when L1 L2 = true when d3 when L0

  • nes = c3 when L2

A label is represented by a boolean signal

slide-15
SLIDE 15

bb_0 : d1 = data; c1 = 0; L2 : return c3; L0 : d3 = phi (d1, d2); c3 = phi (c1, c2); if d3 goto L2; L1 : c2 = (d3 & 1) + c3 d2 = d3 >>1; goto L0; bb_0 = pre false true d1 = data when bb_0 c1 = 0 when bb_0 L0 = true when bb_0 default pre L1 false d3 = d1 when bb_0 default d2 when L1 c3 = c1 when bb_0 default c2 when L1 L1 = true when L0 when not d3 c2 = d3 & 1 + c3 when L1 d2 = d3 >> 1 when L1 L2 = true when d3 when L0

  • nes = c3 when L2

Operations in a block are guarded by its label

slide-16
SLIDE 16

bb_0 : d1 = data; c1 = 0; L2 : return c3; L1 : c2 = (d3 & 1) + c3 d2 = d3 >>1; goto L0; bb_0 = pre false true d1 = data when bb_0 c1 = 0 when bb_0 L0 = true when bb_0 default pre L1 false d3 = d1 when L0 default d2 when L1 c3 = c1 when L0 default c2 when L1 L1 = true when L0 when not d3 c2 = d3 & 1 + c3 when L1 d2 = d3 >> 1 when L1 L2 = true when d3 when L0

  • nes = c3 when L2

Transitions from a block are guarded by the label

L0 : d3 = phi (d1, d2); c3 = phi (c1, c2); if d3 goto L2;

slide-17
SLIDE 17

bb_0 : d1 = data; c1 = 0; L2 : return c3; L0 : d3 = phi (d1, d2); c3 = phi (c1, c2); if d3 goto L2; L1 : c2 = (d3 & 1) + c3 d2 = d3 >>1; goto L0; bb_0 = pre false true d1 = data when bb_0 c1 = 0 when bb_0 L0 = true when bb_0 default pre L1 false d3 = d1 when L0 default d2 when L1 c3 = c1 when L0 default c2 when L1 L1 = true when L0 when not d3 c2 = d3 & 1 + c3 when L1 d2 = d3 >> 1 when L1 L2 = true when d3 when L0

  • nes = c3 when L2

Conditional branches are guarded by the label and condition

slide-18
SLIDE 18

bb_0 : d1 = data; c1 = 0; L2 : return c3; L1 : c2 = (d3 & 1) + c3 d2 = d3 >>1; goto L0; bb_0 = pre false true d1 = data when bb_0 c1 = 0 when bb_0 L0 = true when bb_0 default pre L1 false d3 = d1 when L0 default d2 when L1 c3 = c1 when L0 default c2 when L1 L1 = true when L0 when not d3 c2 = d3 & 1 + c3 when L1 d2 = d3 >> 1 when L1 L2 = true when d3 when L0

  • nes = c3 when L2

and so on,

L0 : d3 = phi (d1, d2); c3 = phi (c1, c2); if d3 goto L2;

slide-19
SLIDE 19

bb_0 : d1 = data; c1 = 0; L2 : return c3; L0 : d3 = phi (d1, d2); c3 = phi (c1, c2); if d3 goto L2; L1 : c2 = (d3 & 1) + c3 d2 = d3 >>1; goto L0; bb_0 = pre false true d1 = data when bb_0 c1 = 0 when bb_0 L0 = true when bb_0 default (pre L1 false) d3 = d1 when L0 default d2 when L1 c3 = c1 when L0 default c2 when L1 L1 = true when L0 when not d3 c2 = d3 & 1 + c3 when L1 d2 = d3 >> 1 when L1 L2 = true when d3 when L0

  • nes = c3 when L2

Going backwards consumes time

slide-20
SLIDE 20

bb_0 : d1 = data; c1 = 0; L2 : return c3; L0 : d3 = phi (d1, d2); c3 = phi (c1, c2); if d3 goto L2; L1 : c2 = (d3 & 1) + c3 d2 = d3 >>1; goto L0; bb_0 = pre false true d1 = data when bb_0 c1 = 0 when bb_0 L0 = true when bb_0 default (pre L1 false) d3 = d1 when bb_0 default (pre d2 0) when L0 c3 = c1 when L0 default (pre c2 0) when L1 L1 = true when L0 when not d3 c2 = d3 & 1 + c3 when L1 d2 = d3 >> 1 when L1 L2 = true when d3 when L0

  • nes = c3 when L2

Phi-nodes are modeled by merging signals

slide-21
SLIDE 21

bb_0 : d1 = data; c1 = 0; L2 : return c3; L0 : d3 = phi (d1, d2); c3 = phi (c1, c2); if d3 goto L2; L1 : c2 = (d3 & 1) + c3 d2 = d3 >>1; goto L0; bb_0 = pre false true d1 = data when bb_0 c1 = 0 when bb_0 L0 = true when bb_0 default (pre L1 false) d3 = d1 when bb_0 default (pre d2 0) when L0 c3 = c1 when L0 default (pre c2 0) when L1 L1 = true when L0 when not d3 c2 = d3 & 1 + c3 when L1 d2 = d3 >> 1 when L1 L2 = true when d3 when L0

  • nes = c3 when L2

One data-flow equation per SSA instruction

slide-22
SLIDE 22

bb_0 : L2 : return; L0 : yield; L1 : aa_0 : K2 : return; K0 : yield; K1 :

bb_0 = true when (pre K0 false) K1 = true when when (pre LO false) L1 = true when (pre K2 false)

slide-23
SLIDE 23

bool running bool yield bool termitaed L0 bb_0 L1 L2 yield

bb_0 = (pre false true) when running yield = true when L0 when running terminated = true when L3 when running

slide-24
SLIDE 24

P1

tick

P2 P3 Scheduler

running1

Scheduler | P1 | P2 | P3

slide-25
SLIDE 25

P1

tick

P2 P3 Scheduler

Scheduler | P1 | P2 | P3

yield1

slide-26
SLIDE 26

tick

P2 P3 Scheduler

Scheduler | P1 | P2 | P3

running2

P1 P2

slide-27
SLIDE 27

tick

P2 Scheduler

Scheduler | P1 | P2 | P3

running3

P3 P1

terminate2

slide-28
SLIDE 28

P1

tick

P2 P3 Scheduler

running1

Scheduler | P1 | P2 | P3

terminate3

slide-29
SLIDE 29

write

Scheduler | P1 | P2 | P3 | Resource

P1

tick

P2 P3 Scheduler

write read

Resource

lock unlock

slide-30
SLIDE 30

SIGNAL compiler performs static analysis: inconsistent synchronizations, cyclic definitions SIGALI model checker performs dynamic analysis : enforcement

  • f liveness, safety, reachability

properties and controller synthesis SME, a synchronous modeling environment and open-source Eclipse plugin

slide-31
SLIDE 31

Synoptic – a domain-specific design language for spacecraft control software

  • Structural, architecture components with real-time characteristics
  • Data-flow diagrams, mode automata, imperative programs

Import in SME (using SSA) for formal verification and code generation Connection with RT-Builder for real-time simulation

slide-32
SLIDE 32

RT-Builder (Geensys) real-time, hardware in-the-loop, simulation of automotive equipments

slide-33
SLIDE 33

Sequential code automatically translated to a synchronous formalism via SSA Parallel programs are modeled by instantiating templates of concurrency primitives Scales to modeling real concurrency and/or architecture modeling concepts : ARINC-653 services, AADL, Synoptic

slide-34
SLIDE 34

On the model of computation "Polychrony for system design" Le Guernic, P., Talpin, J.-P., Le Lann, J.-C. Journal for Circuits, Systems and Computers. Special Issue on Application Specific Hardware Design. World Scientific, August 2003. On desynchronization "Compositional design of isochronous systems" Talpin, J.-P., Ouy, J., Besnard, L., Le Guernic, P. In Science of Computer Programming. Elsevier, 2010 (to appear). On architecture modeling "Polychronous design of embedded real-time systems" Gamatié, A., Gautier, T., Le Guernic, P., Talpin, J.-P. ACM Transactions on Software Engineering and Methodology. ACM Press, 2006. On virtual prototyping "Formal refinement checking in a system-level design methodology" Talpin, J.-P., Le Guernic, P., Shukla, S. K., Gupta, R., Doucet, F. Special Issue of Fundamenta Informaticae on Applications

  • f Concurrency to System Design. IOS Press, 2004.

On model-driven engineering "A metamodel for the design of polychronous systems" Brunette, C., Talpin, J.-P., Gamatié, A., Gautier, T. Journal of Logic and Algebraic Programming, Special Issue on Applying Concurrency Research to Industry. Elsevier, 2008. Website http://www.irisa.fr/espresso/polychrony