towards a verified lustre compiler with modular reset
play

Towards a verified Lustre compiler with modular reset Timothy Bourke - PowerPoint PPT Presentation

Jun 28, 2023 •477 likes •1.41k views

Towards a verified Lustre compiler with modular reset Timothy Bourke 1,2 Llio Brun 1,2 Marc Pouzet 3,2,1 1 Inria Paris 2 DI ENS 3 UPMC SCOPES 2018 May 30, 2018 Screenshot from ANSYS/Esterel Techologies SCADE Suite 1 / 14 Screenshot from

  1. Towards a verified Lustre compiler with modular reset Timothy Bourke 1,2 Lélio Brun 1,2 Marc Pouzet 3,2,1 1 Inria Paris 2 DI ENS 3 UPMC SCOPES 2018 — May 30, 2018

  2. Screenshot from ANSYS/Esterel Techologies SCADE Suite 1 / 14

  3. Screenshot from ANSYS/Esterel Techologies SCADE Suite node returns (i_l , i_r : int); controller (joy_v , joy_h , pos_l , pos_r : int) let omega_l = pos_l - (pos_l v_err2 = (2 * v_ref) - (omega_l + omega_r); ... tel fby pos_l); 1 / 14

  4. Context State of the art: Scade • Specification norms (DO-178C), industrial certification 2 / 14

  5. Context State of the art: Scade • Specification norms (DO-178C), industrial certification • Onerous and expensive development process 2 / 14

  6. Context State of the art: Scade • Specification norms (DO-178C), industrial certification • Onerous and expensive development process • No formal proof of correctness 2 / 14

  7. Context State of the art: Scade • Specification norms (DO-178C), industrial certification • Onerous and expensive development process • No formal proof of correctness Goal Develop a formally verified code generator 2 / 14

  8. Context State of the art: Scade • Specification norms (DO-178C), industrial certification • Onerous and expensive development process • No formal proof of correctness Goal Develop a formally verified code generator • formal verification, mechanized proofs, proof assistant (eg. Coq 1 ) 1 The Coq Development Team (2016): The Coq proof assistant reference manual 2 / 14

  9. Context State of the art: Scade • Specification norms (DO-178C), industrial certification • Onerous and expensive development process • No formal proof of correctness Goal Develop a formally verified code generator • formal verification, mechanized proofs, proof assistant (eg. Coq) • Scade • Lighten the qualification to norms • Provide a complete semantics 2 / 14

  10. Lustre: 1 example node euler(y0 , y’: int) euler returns (y: int) y 0 var h: int; let y’ h + z -1 y y = y0 fby (y + y’ * h); h = 2; tel 1 Caspi, Halbwachs, Pilaud, and Plaice (1987): “LUSTRE: A declarative language for programming synchronous systems” 3 / 14

  11. Lustre: example node euler(y0 , y’: int) returns (y: int) var h: int; euler let y 0 y = y0 fby (y + y’ * h); h = 2; y’ h + z -1 y tel y 0 0 y ′ 4 0 y h 2 3 / 14

  12. Lustre: example node euler(y0 , y’: int) returns (y: int) var h: int; euler let y 0 y = y0 fby (y + y’ * h); h = 2; y’ h + z -1 y tel y 0 0 5 y ′ 4 2 0 8 y h 2 2 3 / 14

  13. Lustre: example node euler(y0 , y’: int) returns (y: int) var h: int; euler let y 0 y = y0 fby (y + y’ * h); h = 2; y’ h + z -1 y tel y 0 0 5 10 y ′ 4 2 1 0 8 12 y h 2 2 2 3 / 14

  14. Lustre: example node euler(y0 , y’: int) returns (y: int) var h: int; euler let y 0 y = y0 fby (y + y’ * h); h = 2; y’ h + z -1 y tel y 0 0 5 10 – y ′ 4 2 1 – 0 8 12 – y h 2 2 2 – 3 / 14

  15. Lustre: example node euler(y0 , y’: int) returns (y: int) var h: int; euler let y 0 y = y0 fby (y + y’ * h); h = 2; y’ h + z -1 y tel y 0 0 5 10 – 15 · · · y ′ 4 2 1 – 3 · · · 0 8 12 – 14 y · · · h 2 2 2 – 2 · · · 3 / 14

  16. Lustre: example euler node euler(y0 , y’: int) returns (y: int) y 0 var h: int; let y’ h + z -1 y y = y0 fby (y + y’ * h); h = 2; tel node main(x0 , x’: int) main returns (x: int) x 0 let x euler x’ x = euler(x0 , x’); tel 3 / 14

  17. Scade-like state machines and reset primitive NAV s GPS x x GPS s s x INS x + z -1 h x’ 4 / 14

  18. Scade-like state machines and reset primitive NAV s GPS • Can be compiled into Lustre x x GPS s s x INS x + z -1 h x’ 4 / 14

  19. Scade-like state machines and reset primitive NAV s GPS • Can be compiled into Lustre x x GPS • Reset : • Reset the state of a node, ie. reinitialize the fby s s s x INS x + z -1 h x’ 4 / 14

  20. Scade-like state machines and reset primitive NAV s GPS • Can be compiled into Lustre x x GPS • Reset : • Reset the state of a node, ie. reinitialize the fby s s s x • Useful primitive INS (not only for state machines) x + z -1 h x’ 4 / 14

  21. Scade-like state machines and reset primitive NAV s GPS • Can be compiled into Lustre x x GPS • Reset : • Reset the state of a node, ie. reinitialize the fby s s s x • Useful primitive INS (not only for state machines) x + z -1 h • How? x’ 4 / 14

  22. Non-modular reset node euler(y0 , y’: int) node euler(y0 , y’: int; r: bool) returns (y: int) returns (y: int) var h: int; var h: int; let let y = y0 fby (y + y’ * h); y = if r then y0 h = 2; else (y0 fby (y + y’ * h)); tel h = 2; tel node main(x0 , x’: int) node main(x0 , x’: int) returns (x: int) returns (x: int) var r: bool; let let x = euler(x0 , x’); x = euler(x0 , x’, r); tel r = (x’ > 42); tel 5 / 14

  23. Non-modular reset node euler(y0 , y’: int) node euler(y0 , y’: int; r: bool) returns (y: int) returns (y: int) var h: int; var h: int; let let y = y0 fby (y + y’ * h); y = if r then y0 h = 2; else (y0 fby (y + y’ * h)); tel h = 2; tel node main(x0 , x’: int) node main(x0 , x’: int) returns (x: int) returns (x: int) var r: bool; let let x = euler(x0 , x’); x = euler(x0 , x’, r); tel r = (x’ > 42); tel 5 / 14

  24. Vélus: 1 a verified compiler parsing elaboration normalization scheduling Unannotated Lustre N-Lustre SN-Lustre Lustre dataflow translation imperative fusion optimization Obc generation Clight compilation Assembly printing 1 Bourke, Brun, Dagand, Leroy, Pouzet, and Rieg (2017): “A Formally Verified Compiler for Lustre” 6 / 14

  25. Vélus: a verified compiler parsing elaboration normalization scheduling Unannotated Lustre N-Lustre SN-Lustre Lustre dataflow translation imperative fusion optimization Implemented in Coq and (some) OCaml Obc generation Clight compilation Assembly printing 6 / 14

  26. Vélus: a verified compiler parsing elaboration normalization scheduling Unannotated Lustre N-Lustre SN-Lustre Lustre dataflow translation imperative fusion optimization • Validated parsing ( menhir –coq ) a Obc generation Clight compilation Assembly printing a Jourdan, Pottier, and Leroy (2012): “Validating LR(1) parsers” 6 / 14

  27. Vélus: a verified compiler parsing elaboration normalization scheduling Unannotated Lustre N-Lustre SN-Lustre Lustre dataflow translation imperative fusion optimization • Validated parsing ( menhir –coq ) Obc • Elaboration to get clock and type information generation Clight compilation Assembly printing 6 / 14

  28. Vélus: a verified compiler parsing elaboration normalization scheduling Unannotated Lustre N-Lustre SN-Lustre Lustre dataflow translation imperative fusion optimization • Validated parsing ( menhir –coq ) Obc • Elaboration to get clock and type information generation • Not yet implemented: normalization a Clight compilation Assembly printing a Auger (2013): “Compilation certifiée de SCADE/LUSTRE” 6 / 14

  29. Vélus: a verified compiler parsing elaboration normalization scheduling Unannotated Lustre N-Lustre SN-Lustre Lustre dataflow translation imperative fusion optimization Obc node euler(y0 , y’: int) node euler(y0 , y’: int) returns (y: int) returns (y: int) generation var h: int; var h, y1: int; let init: bool; y = y0 fby (y + y’ * h); let Clight h = 2; init = true fby false; tel y1 = 0 fby (y + y’ * h); compilation y = if init then y0 else y1; h = 2; Assembly tel printing e 0 fby e � → if (true fby false) then e 0 else (0 fby e ) 6 / 14

  30. Vélus: a verified compiler parsing elaboration normalization scheduling Unannotated Lustre N-Lustre SN-Lustre Lustre dataflow translation imperative fusion optimization • Validated parsing ( menhir –coq ) Obc • Elaboration to get clock and type information generation • Not yet implemented: normalization • Scheduling of dataflow equations Clight compilation Assembly printing 6 / 14

  31. Vélus: a verified compiler parsing elaboration normalization scheduling Unannotated Lustre N-Lustre SN-Lustre Lustre dataflow translation imperative fusion optimization Obc node euler(y0 , y’: int) node euler(y0 , y’: int) returns (y: int) returns (y: int) generation var h, y1: int; var h, y1: int; init: bool; init: bool; let let Clight init = true fby false; h = 2; y1 = 0 fby (y + y’ * h); y = if init then y0 compilation y = if init then y0 else y1; else y1; init = true fby false; h = 2; y1 = 0 fby (y + y’ * h); Assembly tel tel printing 6 / 14

  32. Vélus: a verified compiler parsing elaboration normalization scheduling Unannotated Lustre N-Lustre SN-Lustre Lustre dataflow translation imperative fusion optimization • Validated parsing ( menhir –coq ) Obc • Elaboration to get clock and type information generation • Not yet implemented: normalization • Scheduling of dataflow equations Clight • Translation to intermediate Obc code compilation Assembly printing 6 / 14

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Verifying the Lustre modular reset Timothy Bourke 1,2 Llio Brun 1,2 Marc Pouzet 3,2,1 1 Inria

Verifying the Lustre modular reset Timothy Bourke 1,2 Llio Brun 1,2 Marc Pouzet 3,2,1 1 Inria

Verifying the Lustre modular reset Timothy Bourke 1,2 Llio Brun 1,2 Marc Pouzet 3,2,1 1 Inria Paris 2 DI ENS 3 UPMC SYNCHRON18 November 29, 2018 The problem Adding the modular reset to Vlus 1 / 22 The problem Adding the modular

1.74k views • 143 slides
A Formally Verified Compiler for Lustre Timothy Bourke 1 , 2 Llio Brun 1 , 2 Pierre-variste

A Formally Verified Compiler for Lustre Timothy Bourke 1 , 2 Llio Brun 1 , 2 Pierre-variste

A Formally Verified Compiler for Lustre Timothy Bourke 1 , 2 Llio Brun 1 , 2 Pierre-variste Dagand 4 , 3 , 1 Xavier Leroy 1 Marc Pouzet 4 , 2 , 1 Lionel Rieg 5 , 6 1. Inria Paris 2. DI, cole normale suprieure 3. CNRS 4. Univ. Pierre et

1.15k views • 96 slides
VERIFIED COMPILATION OF THE MODULAR RESET, FINALLY Timothy Bourke 1,2 Llio Brun 1,2 Marc Pouzet

VERIFIED COMPILATION OF THE MODULAR RESET, FINALLY Timothy Bourke 1,2 Llio Brun 1,2 Marc Pouzet

VERIFIED COMPILATION OF THE MODULAR RESET, FINALLY Timothy Bourke 1,2 Llio Brun 1,2 Marc Pouzet 3,2,1 PARKAS SYNCHRON19 November 28, 2019 1 Inria Paris 2 DI ENS PSL University 3 Sorbonne University THE PROBLEM Adding the modular

1.41k views • 124 slides
1 A Lustre V6 tutorial Verimag December 5, 2008 - Outline Lustre Lustre V6 The Lustre V6

1 A Lustre V6 tutorial Verimag December 5, 2008 - Outline Lustre Lustre V6 The Lustre V6

1 A Lustre V6 tutorial Verimag December 5, 2008 - Outline Lustre Lustre V6 The Lustre V6 compiler 3 Outline Lustre Lustre V6 P. Raymond & the Synchronous group et al. The Lustre V6 compiler P. Raymond, J. Ballet, E. Jahier 4

803 views • 37 slides
Velus: towards a modular reset Llio Brun 1 , 2 PARKAS Team Timothy Bourke 1,2

Velus: towards a modular reset Llio Brun 1 , 2 PARKAS Team Timothy Bourke 1,2

Velus: towards a modular reset Llio Brun 1 , 2 PARKAS Team Timothy Bourke 1,2 Pierre-variste Dagand 4,3,1 Marc Pouzet 4,2,1 1 Inria Paris 2 DI ENS 3 CNRS 4 UPMC SYNCHRON17 November 30, 2017 Lustre 1 : example rect d + y node

1.07k views • 67 slides
Verifying a Lustre Compiler Part 2 Llio Brun PARKAS (Inria - ENS) Timothy Bourke,

Verifying a Lustre Compiler Part 2 Llio Brun PARKAS (Inria - ENS) Timothy Bourke,

Verifying a Lustre Compiler Part 2 Llio Brun PARKAS (Inria - ENS) Timothy Bourke, Pierre-variste Dagand, Xavier Leroy, Marc Pouzet, Lionel Rieg SYNCHRON 2016 December 7, 2016 Llio Brun Verifying a Lustre Compiler Part 2 December 7,

907 views • 47 slides
MECHANIZED SEMANTICS AND VERIFIED COMPILATION FOR A DATAFLOW SYNCHRONOUS LANGUAGE WITH RESET

MECHANIZED SEMANTICS AND VERIFIED COMPILATION FOR A DATAFLOW SYNCHRONOUS LANGUAGE WITH RESET

MECHANIZED SEMANTICS AND VERIFIED COMPILATION FOR A DATAFLOW SYNCHRONOUS LANGUAGE WITH RESET Timothy Bourke 1,2 Llio Brun 1,2 Marc Pouzet 3,2,1 POPL20 January 24, 2020 1 Inria Paris 2 cole normale suprieure PSL University

1.12k views • 93 slides
Towards a formally verified obfuscating compiler Sandrine Blazy joint work with Roberto Giacobazzi

Towards a formally verified obfuscating compiler Sandrine Blazy joint work with Roberto Giacobazzi

Towards a formally verified obfuscating compiler Sandrine Blazy joint work with Roberto Giacobazzi and Alix Trieu IFIP WG 1.9/2.15, 2015-07-16 1 Background: verifying a compiler Compiler + proof that the compiler does not introduce bugs

553 views • 24 slides
A Modular OpenModelica Compiler Backend J. Frenkel W. Braun A. Pop M. Sjlund

A Modular OpenModelica Compiler Backend J. Frenkel W. Braun A. Pop M. Sjlund

OpenModelica Workshop 2011 Chair of Construction Machines and Conveying Technology A Modular OpenModelica Compiler Backend J. Frenkel W. Braun A. Pop M. Sjlund Outline 1. Introduction 2. Concept of Modular Compiler

754 views • 20 slides
Verifying a Lustre Compiler (Part 1) Timothy Bourke 1 , 2 Llio Brun 1 , 2 Pierre-variste Dagand

Verifying a Lustre Compiler (Part 1) Timothy Bourke 1 , 2 Llio Brun 1 , 2 Pierre-variste Dagand

Verifying a Lustre Compiler (Part 1) Timothy Bourke 1 , 2 Llio Brun 1 , 2 Pierre-variste Dagand 3 Xavier Leroy 1 Marc Pouzet 4 , 2 , 1 Lionel Rieg 5 1. INRIA Paris 2. DI, cole normale suprieure 3. CNRS 4. Univ. Pierre et Marie Curie 5.

1.06k views • 79 slides
Towards a Coq-verified compiler from Esterel to circuits: 2 years later Lionel R ieg Yale

Towards a Coq-verified compiler from Esterel to circuits: 2 years later Lionel R ieg Yale

Towards a Coq-verified compiler from Esterel to circuits: 2 years later Lionel R ieg Yale University Synchron 2016 December 5th, 2016 1/20 Objective: prove the compilation scheme for Esterel Esterel Synchronous dataflow language

960 views • 74 slides
What a Lustre Cluster (Improving and Tracing Lustre Metadata) yaaaasss Team Saffron Amanda

What a Lustre Cluster (Improving and Tracing Lustre Metadata) yaaaasss Team Saffron Amanda

What a Lustre Cluster (Improving and Tracing Lustre Metadata) yaaaasss Team Saffron Amanda Bonnie Zach Fuerst Thomas Stitt Overview Motivation Configuration Tracing Metadata Improving Metadata Hardware Multiple Lustre

416 views • 23 slides
The Lustre Centre of Excellence at ORNL Makia Minich Clustre Monkey, HPC Software Stack Lustre

The Lustre Centre of Excellence at ORNL Makia Minich Clustre Monkey, HPC Software Stack Lustre

The Lustre Centre of Excellence at ORNL Makia Minich Clustre Monkey, HPC Software Stack Lustre Group May 2008 1 1 Introduction Lustre Centre of Excellence (LCE) > Established Nov 2006 by Cluster File Systems, Inc. (acquired by Sun in

356 views • 23 slides
Overview of Lustre Usage on JUROPA 26 September 2011 | Frank Heckes, FZ Jlich, JSC Lustre

Overview of Lustre Usage on JUROPA 26 September 2011 | Frank Heckes, FZ Jlich, JSC Lustre

Mitglied der Helmholtz-Gemeinschaft Mitglied der Helmholtz-Gemeinschaft Overview of Lustre Usage on JUROPA 26 September 2011 | Frank Heckes, FZ Jlich, JSC Lustre Status Lustre Status Storage Extension Fluctuation in Performance Lustre

195 views • 16 slides
Verified translation validation of static analyses Sandrine Blazy joint work with Gilles Barthe,

Verified translation validation of static analyses Sandrine Blazy joint work with Gilles Barthe,

Verified translation validation of static analyses Sandrine Blazy joint work with Gilles Barthe, Vincent Laporte, David Pichardie and Alix Trieu IFIP WG 1.9/2.15, Leuven, 2017-05-11 1 Background: verifying a compiler Compiler + proof that the

446 views • 19 slides
Lustre Background Why Lustre Failover ? How does Lustre Failover work ? Automation

Lustre Background Why Lustre Failover ? How does Lustre Failover work ? Automation

Lustre Background Why Lustre Failover ? How does Lustre Failover work ? Automation on the Cray XT System configuration requirements System configuration requirements Software configuration for failover Current

408 views • 16 slides
Q ( 5) Elliptic Curves over Q ( 5) Stein William Stein, University of Washington This is

Q ( 5) Elliptic Curves over Q ( 5) Stein William Stein, University of Washington This is

Curves Over Q ( 5) Elliptic Curves over Q ( 5) Stein William Stein, University of Washington This is part of the NSF-funded AIM FRG project on Databases of L -functions. This talk had much valuable input from Noam Elkies, John Voight,

567 views • 40 slides
Copatterns Programming Infinite Objects by Observations Andreas Abel Department of Computer

Copatterns Programming Infinite Objects by Observations Andreas Abel Department of Computer

Copatterns Programming Infinite Objects by Observations Andreas Abel Department of Computer Science Ludwig-Maximilians-University Munich, Germany Institute of Cybernetics Tallinn, Estonia 4 July 2013 Andreas Abel () Copatterns IOC 2013 1

611 views • 33 slides
Terms in Time and Times in Context: A Graph-based Term-Time Ranking Model Andreas Spitz, Jannik

Terms in Time and Times in Context: A Graph-based Term-Time Ranking Model Andreas Spitz, Jannik

Terms in Time and Times in Context: A Graph-based Term-Time Ranking Model Andreas Spitz, Jannik Str otgen, Thomas B ogel and Michael Gertz Heidelberg University Institute of Computer Science Database Systems Research Group

517 views • 34 slides
Solving quadratic equations in dimension 5 or more without factoring ANTS X UCSD July, 913

Solving quadratic equations in dimension 5 or more without factoring ANTS X UCSD July, 913

Solving quadratic equations in dimension 5 or more without factoring ANTS X UCSD July, 913 2012 Pierre Castel pierre.castel@unicaen.fr http://www.math.unicaen.fr/castel Laboratoire de Math ematiques Nicolas Oresme CNRS UMR 6139

969 views • 60 slides
Feedback and Flip-Flops Philipp Koehn 7 September 2019 Philipp Koehn Computer Systems

Feedback and Flip-Flops Philipp Koehn 7 September 2019 Philipp Koehn Computer Systems

Feedback and Flip-Flops Philipp Koehn 7 September 2019 Philipp Koehn Computer Systems Fundamental: Feedback and Flip-Flops 7 September 2019 The Story So Far 1 We can encode numbers We can do calculation ... but its all a bit

629 views • 47 slides
A Saucerful of Proofs in Coq Olivier Danvy Department of Computer Science Aarhus University

A Saucerful of Proofs in Coq Olivier Danvy Department of Computer Science Aarhus University

A Saucerful of Proofs in Coq Olivier Danvy Department of Computer Science Aarhus University danvy@cs.au.dk Annapolis, Maryland 8 November 2012 Olivier Danvy, 2.8, Annapolis November 8, 2012 1 / 40 Summing the first odd numbers The

717 views • 60 slides
Pattern and Copattern matching Anton Setzer Swansea University, Swansea UK Leeds Logic Seminar,

Pattern and Copattern matching Anton Setzer Swansea University, Swansea UK Leeds Logic Seminar,

Pattern and Copattern matching Anton Setzer Swansea University, Swansea UK Leeds Logic Seminar, 13 May 2015 Anton Setzer (Swansea) Pattern and Copattern matching 1/ 46 Iteration, Recursion, Induction Coiteration, Corecursion Bisimilarity

701 views • 51 slides
Introduction to the Calculus of Inductive Constructions Workshop X . X , Vienna Summer of

Introduction to the Calculus of Inductive Constructions Workshop X . X , Vienna Summer of

Introduction to the Calculus of Inductive Constructions Workshop X . X , Vienna Summer of Logic Christine Paulin-Mohring e Paris Sud & INRIA Saclay - Universit Ile-de-France July 18, 2014 C. Paulin (Paris-Sud) Calculus of

580 views • 36 slides

More recommend