verified compilation of the modular reset finally
play

VERIFIED COMPILATION OF THE MODULAR RESET, FINALLY Timothy Bourke - PowerPoint PPT Presentation

Jan 11, 2024 •160 likes •1.41k views

VERIFIED COMPILATION OF THE MODULAR RESET, FINALLY Timothy Bourke 1,2 Llio Brun 1,2 Marc Pouzet 3,2,1 PARKAS SYNCHRON19 November 28, 2019 1 Inria Paris 2 DI ENS PSL University 3 Sorbonne University THE PROBLEM Adding the modular

  1. var y rs r rs exp e es r reset f es xs var x xs Use of an universally quantifjed relation as a constraint: k k k node f r xs r ys var x xs Modular reset eqn x (restart f every y )( e ) r reset f xs ys FORMAL SEMANTICS Node application exp e ⇓ es node f ( es ) ⇓ xs ⊢ ⊢ eqn x = f ( e ) ⊢ 7/22

  2. var y rs r rs exp e es r reset f es xs var x xs Use of an universally quantifjed relation as a constraint: k k k node f r xs r ys Modular reset eqn x (restart f every y )( e ) r reset f xs ys FORMAL SEMANTICS Node application exp e ⇓ es node f ( es ) ⇓ xs var x ⇓ xs ⊢ ⊢ ⊢ eqn x = f ( e ) ⊢ 7/22

  3. Use of an universally quantifjed relation as a constraint: k k k node f r xs r ys var y rs r rs exp e es r reset f es xs var x xs r reset f xs ys FORMAL SEMANTICS Node application exp e ⇓ es node f ( es ) ⇓ xs var x ⇓ xs ⊢ ⊢ ⊢ eqn x = f ( e ) ⊢ Modular reset eqn x = (restart f every y )( e ) ⊢ 7/22

  4. Use of an universally quantifjed relation as a constraint: k k k node f r xs r ys var y rs r rs r reset f es xs r reset f xs ys FORMAL SEMANTICS Node application exp e ⇓ es node f ( es ) ⇓ xs var x ⇓ xs ⊢ ⊢ ⊢ eqn x = f ( e ) ⊢ Modular reset exp e ⇓ es var x ⇓ xs ⊢ ⊢ eqn x = (restart f every y )( e ) ⊢ 7/22

  5. Use of an universally quantifjed relation as a constraint: k k k node f r xs r ys r rs r reset f es xs r reset f xs ys FORMAL SEMANTICS Node application exp e ⇓ es node f ( es ) ⇓ xs var x ⇓ xs ⊢ ⊢ ⊢ eqn x = f ( e ) ⊢ Modular reset var y ⇓ rs ⊢ exp e ⇓ es var x ⇓ xs ⊢ ⊢ eqn x = (restart f every y )( e ) ⊢ 7/22

  6. Use of an universally quantifjed relation as a constraint: k k k node f r xs r ys r reset f es xs r reset f xs ys FORMAL SEMANTICS Node application exp e ⇓ es node f ( es ) ⇓ xs var x ⇓ xs ⊢ ⊢ ⊢ eqn x = f ( e ) ⊢ Modular reset var y ⇓ rs r = bools-of rs ⊢ exp e ⇓ es var x ⇓ xs ⊢ ⊢ eqn x = (restart f every y )( e ) ⊢ 7/22

  7. Use of an universally quantifjed relation as a constraint: k k k node f r xs r ys r reset f xs ys FORMAL SEMANTICS Node application exp e ⇓ es node f ( es ) ⇓ xs var x ⇓ xs ⊢ ⊢ ⊢ eqn x = f ( e ) ⊢ Modular reset var y ⇓ rs r = bools-of rs ⊢ exp e ⇓ es r ⊢ reset f ( es ) ⇓ xs var x ⇓ xs ⊢ ⊢ eqn x = (restart f every y )( e ) ⊢ 7/22

  8. Use of an universally quantifjed relation as a constraint: k k k node f r xs r ys FORMAL SEMANTICS Node application exp e ⇓ es node f ( es ) ⇓ xs var x ⇓ xs ⊢ ⊢ ⊢ eqn x = f ( e ) ⊢ Modular reset var y ⇓ rs r = bools-of rs ⊢ exp e ⇓ es r ⊢ reset f ( es ) ⇓ xs var x ⇓ xs ⊢ ⊢ eqn x = (restart f every y )( e ) ⊢ r ⊢ reset f ( xs ) ⇓ ys 7/22

  9. FORMAL SEMANTICS Node application exp e ⇓ es node f ( es ) ⇓ xs var x ⇓ xs ⊢ ⊢ ⊢ eqn x = f ( e ) ⊢ Modular reset var y ⇓ rs r = bools-of rs ⊢ exp e ⇓ es r ⊢ reset f ( es ) ⇓ xs var x ⇓ xs ⊢ ⊢ eqn x = (restart f every y )( e ) ⊢ Use of an universally quantifjed relation as a constraint: node f (mask k r xs ) ⇓ mask k ∀ k , ⊢ r ys r ⊢ reset f ( xs ) ⇓ ys 7/22

  10. • validated parsing ( menhir --coq ) • elaboration to get clock and type information • i-translation to Stc code • scheduling of Stc code • s-translation to Obc code • fusion optimization of conditionals • initialization of variable arguments • Generation of Clight code • Rely on CompCert for compilation [Bou+17] [Ler09] [JPL12] [BL09] VÉLUS: A VERIFIED LUSTRE COMPILER scheduling datafmow parsing elaboration i-translation Unannotated transition system NLustre Stc Lustre imperative s-translation fusion arguments Implemented in Coq and (some) OCaml optimization initialization Obc generation Clight compilation CompCert Assembly printing 8/22

  11. • elaboration to get clock and type information • i-translation to Stc code • scheduling of Stc code • s-translation to Obc code • fusion optimization of conditionals • initialization of variable arguments • Generation of Clight code • Rely on CompCert for compilation [Bou+17] [Ler09] [JPL12] [BL09] VÉLUS: A VERIFIED LUSTRE COMPILER scheduling datafmow parsing elaboration i-translation Unannotated transition system NLustre Stc Lustre imperative s-translation fusion arguments • validated parsing ( menhir --coq ) optimization initialization Obc generation Clight compilation CompCert Assembly printing 8/22

  12. • i-translation to Stc code • scheduling of Stc code • s-translation to Obc code • fusion optimization of conditionals • initialization of variable arguments • Generation of Clight code • Rely on CompCert for compilation [Bou+17] [Ler09] [JPL12] [BL09] VÉLUS: A VERIFIED LUSTRE COMPILER scheduling datafmow parsing elaboration i-translation Unannotated transition system NLustre Stc Lustre imperative s-translation fusion arguments • validated parsing ( menhir --coq ) optimization initialization Obc • elaboration to get clock and type information generation Clight compilation CompCert Assembly printing 8/22

  13. • scheduling of Stc code • s-translation to Obc code • fusion optimization of conditionals • initialization of variable arguments • Generation of Clight code • Rely on CompCert for compilation [Bou+17] [Ler09] [JPL12] [BL09] VÉLUS: A VERIFIED LUSTRE COMPILER scheduling datafmow parsing elaboration i-translation Unannotated transition system NLustre Stc Lustre imperative s-translation fusion arguments • validated parsing ( menhir --coq ) optimization initialization Obc • elaboration to get clock and type information • i-translation to Stc code generation Clight compilation CompCert Assembly printing 8/22

  14. • s-translation to Obc code • fusion optimization of conditionals • initialization of variable arguments • Generation of Clight code • Rely on CompCert for compilation [Bou+17] [Ler09] [BL09] [JPL12] VÉLUS: A VERIFIED LUSTRE COMPILER scheduling datafmow parsing elaboration i-translation Unannotated transition system NLustre Stc Lustre imperative s-translation fusion arguments • validated parsing ( menhir --coq ) optimization initialization Obc • elaboration to get clock and type information • i-translation to Stc code generation • scheduling of Stc code Clight compilation CompCert Assembly printing 8/22

  15. • fusion optimization of conditionals • initialization of variable arguments • Generation of Clight code • Rely on CompCert for compilation [Bou+17] [Ler09] [JPL12] [BL09] VÉLUS: A VERIFIED LUSTRE COMPILER scheduling datafmow parsing elaboration i-translation Unannotated transition system NLustre Stc Lustre imperative s-translation fusion arguments • validated parsing ( menhir --coq ) optimization initialization Obc • elaboration to get clock and type information • i-translation to Stc code generation • scheduling of Stc code Clight • s-translation to Obc code compilation CompCert Assembly printing 8/22

  16. • initialization of variable arguments • Generation of Clight code • Rely on CompCert for compilation [Bou+17] [Ler09] [JPL12] [BL09] VÉLUS: A VERIFIED LUSTRE COMPILER scheduling datafmow parsing elaboration i-translation Unannotated transition system NLustre Stc Lustre imperative s-translation fusion arguments • validated parsing ( menhir --coq ) optimization initialization Obc • elaboration to get clock and type information • i-translation to Stc code generation • scheduling of Stc code Clight • s-translation to Obc code compilation • fusion optimization of conditionals CompCert Assembly printing 8/22

  17. • Generation of Clight code • Rely on CompCert for compilation [Bou+17] [Ler09] [JPL12] [BL09] VÉLUS: A VERIFIED LUSTRE COMPILER scheduling datafmow parsing elaboration i-translation Unannotated transition system NLustre Stc Lustre imperative s-translation fusion arguments • validated parsing ( menhir --coq ) optimization initialization Obc • elaboration to get clock and type information • i-translation to Stc code generation • scheduling of Stc code Clight • s-translation to Obc code compilation • fusion optimization of conditionals CompCert • initialization of variable arguments Assembly printing 8/22

  18. • Rely on CompCert for compilation [Bou+17] [Ler09] [JPL12] [BL09] VÉLUS: A VERIFIED LUSTRE COMPILER scheduling datafmow parsing elaboration i-translation Unannotated transition system NLustre Stc Lustre imperative s-translation fusion arguments • validated parsing ( menhir --coq ) optimization initialization Obc • elaboration to get clock and type information • i-translation to Stc code generation • scheduling of Stc code Clight • s-translation to Obc code compilation • fusion optimization of conditionals CompCert • initialization of variable arguments Assembly • Generation of Clight code printing 8/22

  19. [Bou+17] [Ler09] [JPL12] [BL09] VÉLUS: A VERIFIED LUSTRE COMPILER scheduling datafmow parsing elaboration i-translation Unannotated transition system NLustre Stc Lustre imperative s-translation fusion arguments • validated parsing ( menhir --coq ) optimization initialization Obc • elaboration to get clock and type information • i-translation to Stc code generation • scheduling of Stc code Clight • s-translation to Obc code compilation • fusion optimization of conditionals CompCert • initialization of variable arguments Assembly • Generation of Clight code printing • Rely on CompCert for compilation 8/22

  20. SYNTACTIC GRANULARITY reset: schedulable separate construct SEMANTIC GRANULARITY transient states WHY STC? Two issues: 9/22

  21. SEMANTIC GRANULARITY transient states WHY STC? Two issues: SYNTACTIC GRANULARITY reset: schedulable separate construct 9/22

  22. WHY STC? Two issues: SYNTACTIC GRANULARITY reset: schedulable separate construct SEMANTIC GRANULARITY transient states 9/22

  23. Problem with fusion optimization: x, ax = (restart ins every r)(x0, u); y, ay = (restart ins every r)(y0, v); Schedule node applications and resets separately FIRST ISSUE: NAIVE COMPILATION NLustre Obc x, a = (restart ins every r)(x0, u); if ck_r { if r { ins(i).reset() } }; x, a := ins(i).step(x0, u) 10/22

  24. Schedule node applications and resets separately FIRST ISSUE: NAIVE COMPILATION NLustre Obc x, a = (restart ins every r)(x0, u); if ck_r { if r { ins(i).reset() } }; x, a := ins(i).step(x0, u) Problem with fusion optimization: if ck_r { x, ax = (restart ins every r)(x0, u); if r { ins(i).reset() } y, ay = (restart ins every r)(y0, v); }; x, ax := ins(i).step(x0, u); if ck_r { if r { ins(j).reset() } }; y, ay := ins(j).step(y0, v) 10/22

  25. Schedule node applications and resets separately FIRST ISSUE: NAIVE COMPILATION NLustre Obc x, a = (restart ins every r)(x0, u); if ck_r { if r { ins(i).reset() } }; x, a := ins(i).step(x0, u) Problem with fusion optimization: if ck_r { x, ax = (restart ins every r)(x0, u); if r { y, ay = (restart ins every r)(y0, v); ins(i).reset(); ins(j).reset() } }; x, ax := ins(i).step(x0, u); y, ay := ins(j).step(y0, v) 10/22

  26. FIRST ISSUE: NAIVE COMPILATION NLustre Obc x, a = (restart ins every r)(x0, u); if ck_r { if r { ins(i).reset() } }; x, a := ins(i).step(x0, u) Problem with fusion optimization: if ck_r { x, ax = (restart ins every r)(x0, u); if r { y, ay = (restart ins every r)(y0, v); ins(i).reset(); ins(j).reset() } }; x, ax := ins(i).step(x0, u); y, ay := ins(j).step(y0, v) → Schedule node applications and resets separately 10/22

  27. SECOND ISSUE: PROOF OF CORRECTNESS NLustre “easy”: ∃ M V ω × V ω too weak for NLustre induction “hard” M V ω × M ω × V ω Obc x i v M’ S × V → S × V 11/22

  28. SECOND ISSUE: PROOF OF CORRECTNESS NLustre “easy”: ∃ M V ω × V ω too weak for NLustre induction “hard” M V ω × M ω × V ω Obc x i v M’ S × V → S × V 11/22

  29. SECOND ISSUE: PROOF OF CORRECTNESS NLustre “easy”: ∃ M V ω × V ω too weak for NLustre induction “hard” M V ω × M ω × V ω Obc x i v M’ S × V → S × V 11/22

  30. SECOND ISSUE: PROOF OF CORRECTNESS NLustre “easy”: ∃ M V ω × V ω too weak for NLustre induction “hard” M V ω × M ω × V ω Obc x i v M’ S × V → S × V 11/22

  31. • The “easy” proof can be done • The “hard” one failed SECOND ISSUE: PROOF OF CORRECTNESS What about the reset? • Similar semantics in the memory model 11/22

  32. • The “hard” one failed SECOND ISSUE: PROOF OF CORRECTNESS What about the reset? • Similar semantics in the memory model • The “easy” proof can be done 11/22

  33. SECOND ISSUE: PROOF OF CORRECTNESS What about the reset? • Similar semantics in the memory model • The “easy” proof can be done • The “hard” one failed 11/22

  34. • Reset as a separate construct • Explicit state, as in the memory model of NLustre • Transient states scheduling fusion optimization i-translation s-translation NLustre Stc Obc arguments initialization STC: SYNCHRONOUS TRANSITION CODE Propose a new intermediate language • Declarative, like NLustre 12/22

  35. • Explicit state, as in the memory model of NLustre • Transient states scheduling fusion optimization i-translation s-translation NLustre Stc Obc arguments initialization STC: SYNCHRONOUS TRANSITION CODE Propose a new intermediate language • Declarative, like NLustre • Reset as a separate construct 12/22

  36. • Transient states scheduling fusion optimization i-translation s-translation NLustre Stc Obc arguments initialization STC: SYNCHRONOUS TRANSITION CODE Propose a new intermediate language • Declarative, like NLustre • Reset as a separate construct • Explicit state, as in the memory model of NLustre 12/22

  37. scheduling fusion optimization i-translation s-translation NLustre Stc Obc arguments initialization STC: SYNCHRONOUS TRANSITION CODE Propose a new intermediate language • Declarative, like NLustre • Reset as a separate construct • Explicit state, as in the memory model of NLustre • Transient states 12/22

  38. STC: SYNCHRONOUS TRANSITION CODE Propose a new intermediate language • Declarative, like NLustre • Reset as a separate construct • Explicit state, as in the memory model of NLustre • Transient states scheduling fusion optimization i-translation s-translation NLustre Stc Obc arguments initialization 12/22

  39. NLUSTRE STC scheduling fusion optimization i-translation s-translation NLustre Stc Obc arguments initialization 13/22

  40. NLUSTRE STC system euler { init i = true, px = 0.; node euler(x0, u: double) returns (x: double); transition (x0, u: double) var i: bool, px: double; returns (x: double) let { i = true fby false; next i = false; x = if i then x0 else px; x = if i then x0 else px; px = 0.0 fby (x + 0.1 * u); next px = x + 0.1 * u; tel } } 13/22

  41. NLUSTRE STC system euler { init i = true, px = 0.; node euler(x0, u: double) returns (x: double); transition (x0, u: double) var i: bool, px: double; returns (x: double) let { i = true fby false; next i = false; x = if i then x0 else px; x = if i then x0 else px; px = 0.0 fby (x + 0.1 * u); next px = x + 0.1 * u; tel } } 13/22

  42. NLUSTRE STC system euler { init i = true, px = 0.; node euler(x0, u: double) returns (x: double); transition (x0, u: double) var i: bool, px: double; returns (x: double) let { i = true fby false; next i = false; x = if i then x0 else px; x = if i then x0 else px; px = 0.0 fby (x + 0.1 * u); next px = x + 0.1 * u; tel } } 13/22

  43. NLUSTRE STC system ins { init k = 0, px = 0.; node ins(gps, xv: double) sub xe: euler; returns (x: double, alarm: bool) var k: int, px: double, transition (gps, xv: double) xe: double whenot alarm; returns (x: double, alarm: bool) let var xe: double whenot alarm; k = 0 fby k + 1; { alarm = (k ≥ 50); next k = k + 1; xe = euler(gps whenot alarm, alarm = (k ≥ 50); xv whenot alarm); xe = euler<xe,0>(gps whenot alarm, x = merge alarm (px when alarm) xe; xv whenot alarm); px = 0. fby x; x = merge alarm (px when alarm) xe; tel next px = x; } } 13/22

  44. NLUSTRE STC system ins { init k = 0, px = 0.; node ins(gps, xv: double) sub xe: euler; returns (x: double, alarm: bool) var k: int, px: double, transition (gps, xv: double) xe: double whenot alarm; returns (x: double, alarm: bool) let var xe: double whenot alarm; k = 0 fby k + 1; { alarm = (k ≥ 50); next k = k + 1; xe = euler(gps whenot alarm, alarm = (k ≥ 50); xv whenot alarm); xe = euler<xe,0>(gps whenot alarm, x = merge alarm (px when alarm) xe; xv whenot alarm); px = 0. fby x; x = merge alarm (px when alarm) xe; tel next px = x; } } 13/22

  45. NLUSTRE STC system driver { sub x: ins, y: ins; node driver(x0, y0, u, v: double, transition (x0, y0, u, v: double, r: bool) r: bool) returns (x, y: double) returns (x, y: double) var ax, ay: bool; var ax, ay: bool; let { x, ax = (restart ins every r)(x0, u); x, ax = ins<x,1>(x0, u); y, ay = (restart ins every r)(y0, v); reset ins<x> every (. on r); tel y, ay = ins<y,1>(y0, v); reset ins<y> every (. on r); } } 13/22

  46. NLUSTRE STC system driver { sub x: ins, y: ins; node driver(x0, y0, u, v: double, transition (x0, y0, u, v: double, r: bool) r: bool) returns (x, y: double) returns (x, y: double) var ax, ay: bool; var ax, ay: bool; let { x, ax = (restart ins every r)(x0, u); x, ax = ins<x,1>(x0, u); y, ay = (restart ins every r)(y0, v); reset ins<x> every (. on r); tel y, ay = ins<y,1>(y0, v); reset ins<y> every (. on r); } } 13/22

  47. NLUSTRE STC system driver { sub x: ins, y: ins; node driver(x0, y0, u, v: double, transition (x0, y0, u, v: double, r: bool) r: bool) returns (x, y: double) returns (x, y: double) var ax, ay: bool; var ax, ay: bool; let { x, ax = (restart ins every r)(x0, u); x, ax = ins<x,1>(x0, u); y, ay = (restart ins every r)(y0, v); reset ins<x> every (. on r); tel y, ay = ins<y,1>(y0, v); reset ins<y> every (. on r); } } 13/22

  48. SCHEDULING scheduling fusion optimization i-translation s-translation NLustre Stc Obc arguments initialization 14/22

  49. SCHEDULING system driver { system driver { sub x: ins, y: ins; sub x: ins, y: ins; transition (x0, y0, u, v: double, transition (x0, y0, u, v: double, r: bool) r: bool) returns (x, y: double) returns (x, y: double) var ax, ay: bool; var ax, ay: bool; { { x, ax = ins<x,1>(x0, u); reset ins<x> every (. on r); reset ins<x> every (. on r); reset ins<y> every (. on r); y, ay = ins<y,1>(y0, v); x, ax = ins<x,1>(x0, u); reset ins<y> every (. on r); y, ay = ins<y,1>(y0, v); } } } } 14/22

  50. STC OBC scheduling fusion optimization i-translation s-translation NLustre Stc Obc arguments initialization 15/22

  51. STC OBC class euler { state i: bool, px: double; system euler { init i = true, px = 0.; step(x0, u: double) returns (x: double) transition (x0, u: double) { returns (x: double) if state (i) { x := x0 } { else { x := state (px) }; x = if i then x0 else px; state (i) := false; next i = false; state (px) := x + 0.1 * u next px = x + 0.1 * u; } } } reset() { state (i) := true; state (px) := 0. } } 15/22

  52. STC OBC class euler { state i: bool, px: double; system euler { init i = true, px = 0.; step(x0, u: double) returns (x: double) transition (x0, u: double) { returns (x: double) if state (i) { x := x0 } { else { x := state (px) }; x = if i then x0 else px; state (i) := false; next i = false; state (px) := x + 0.1 * u next px = x + 0.1 * u; } } } reset() { state (i) := true; state (px) := 0. } } 15/22

  53. STC OBC class euler { state i: bool, px: double; system euler { init i = true, px = 0.; step(x0, u: double) returns (x: double) transition (x0, u: double) { returns (x: double) if state (i) { x := x0 } { else { x := state (px) }; x = if i then x0 else px; state (i) := false; next i = false; state (px) := x + 0.1 * u next px = x + 0.1 * u; } } } reset() { state (i) := true; state (px) := 0. } } 15/22

  54. STC OBC class ins { state k: int, px: double; instance xe: euler; system ins { init k = 0, px = 0.; step(gps, xv: double) sub xe: euler; returns (x: double, alarm: bool) var xe: double transition (gps, xv: double) { returns (x: double, alarm: bool) alarm := state (k) ≥ 50; var xe: double whenot alarm; state (k) := state (k) + 1; { if alarm { } alarm = (k ≥ 50); else { xe := euler(xe).step(gps, xv) }; next k = k + 1; if alarm { x := state (px) } xe = euler<xe,0>(gps whenot alarm, else { x := xe }; xv whenot alarm); state (px) := x x = merge alarm (px when alarm) xe; } next px = x; } reset() { state (k) := 0; } state (px) := 0.; euler(xe).reset() } } 15/22

  55. STC OBC class ins { state k: int, px: double; instance xe: euler; system ins { init k = 0, px = 0.; step(gps, xv: double) sub xe: euler; returns (x: double, alarm: bool) var xe: double transition (gps, xv: double) { returns (x: double, alarm: bool) alarm := state (k) ≥ 50; var xe: double whenot alarm; state (k) := state (k) + 1; { if alarm { } alarm = (k ≥ 50); else { xe := euler(xe).step(gps, xv) }; next k = k + 1; if alarm { x := state (px) } xe = euler<xe,0>(gps whenot alarm, else { x := xe }; xv whenot alarm); state (px) := x x = merge alarm (px when alarm) xe; } next px = x; } reset() { state (k) := 0; } state (px) := 0.; euler(xe).reset() } } 15/22

  56. STC OBC class driver { instance x: ins, y: ins; system driver { sub x: ins, y: ins; step(x0, y0, u, v: double, r: bool) transition (x0, y0, u, v: double, returns (x, y: double) r: bool) var ax, ay: bool returns (x, y: double) { var ax, ay: bool; if r { ins(x).reset() }; { if r { ins(y).reset() }; reset ins<x> every (. on r); x, ax := ins(x).step(x0, u); reset ins<y> every (. on r); y, ay := ins(y).step(y0, v) x, ax = ins<x,1>(x0, u); } y, ay = ins<y,1>(y0, v); } reset() { ins(x).reset(); } ins(y).reset() } } 15/22

  57. FUSION OPTIMIZATION scheduling fusion optimization i-translation s-translation NLustre Stc Obc arguments initialization 16/22

  58. FUSION OPTIMIZATION class ins { class ins { state k: int, px: double; state k: int, px: double; instance xe: euler; instance xe: euler; step(gps, xv: double) step(gps, xv: double) returns (x: double, alarm: bool) returns (x: double, alarm: bool) var xe: double var xe: double { { alarm := state (k) ≥ 50; alarm := state (k) ≥ 50; state (k) := state (k) + 1; state (k) := state (k) + 1; if alarm { x := state (px) } if alarm { } else { else { xe := euler(xe).step(gps, xv) }; xe := euler(xe).step(gps, xv); if alarm { x := state (px) } x := xe else { x := xe }; }; state (px) := x state (px) := x } } reset() { state (k) := 0; reset() { state (k) := 0; state (px) := 0.; state (px) := 0.; euler(xe).reset() } euler(xe).reset() } } } 16/22

  59. FUSION OPTIMIZATION class ins { class ins { state k: int, px: double; state k: int, px: double; instance xe: euler; instance xe: euler; step(gps, xv: double) step(gps, xv: double) returns (x: double, alarm: bool) returns (x: double, alarm: bool) var xe: double var xe: double { { alarm := state (k) ≥ 50; alarm := state (k) ≥ 50; state (k) := state (k) + 1; state (k) := state (k) + 1; if alarm { x := state (px) } if alarm { } else { else { xe := euler(xe).step(gps, xv) }; xe := euler(xe).step(gps, xv); if alarm { x := state (px) } x := xe else { x := xe }; }; state (px) := x state (px) := x } } reset() { state (k) := 0; reset() { state (k) := 0; state (px) := 0.; state (px) := 0.; euler(xe).reset() } euler(xe).reset() } } } 16/22

  60. FUSION OPTIMIZATION class driver { class driver { instance x: ins, y: ins; instance x: ins, y: ins; step(x0, y0, u, v: double, step(x0, y0, u, v: double, r: bool) r: bool) returns (x, y: double) returns (x, y: double) var ax, ay: bool var ax, ay: bool { { if r { if r { ins(x).reset() }; ins(x).reset(); if r { ins(y).reset() }; ins(y).reset() x, ax := ins(x).step(x0, u); }; y, ay := ins(y).step(y0, v) x, ax := ins(x).step(x0, u); } y, ay := ins(y).step(y0, v) } reset() { ins(x).reset(); ins(y).reset() } reset() { ins(x).reset(); } ins(y).reset() } } 16/22

  61. FUSION OPTIMIZATION class driver { class driver { instance x: ins, y: ins; instance x: ins, y: ins; step(x0, y0, u, v: double, step(x0, y0, u, v: double, r: bool) r: bool) returns (x, y: double) returns (x, y: double) var ax, ay: bool var ax, ay: bool { { if r { if r { ins(x).reset() }; ins(x).reset(); if r { ins(y).reset() }; ins(y).reset() x, ax := ins(x).step(x0, u); }; y, ay := ins(y).step(y0, v) x, ax := ins(x).step(x0, u); } y, ay := ins(y).step(y0, v) } reset() { ins(x).reset(); ins(y).reset() } reset() { ins(x).reset(); } ins(y).reset() } } 16/22

  62. • Declarative f f r T r F S S S S g g g reset S i I i S i S i I i S i initial initial STC FORMAL SEMANTICS: INTUITION system f { Transition system sub i: g; • Three states S , I and S ′ transition (x: int, r: bool) returns (y: int) • Transition constraints { reset g<i> every (. on r); y = g<i,1>(x); } } 17/22

  63. • Declarative f r F S S g S i I i S i initial STC FORMAL SEMANTICS: INTUITION system f { Transition system sub i: g; • Three states S , I and S ′ transition (x: int, r: bool) returns (y: int) • Transition constraints { reset g<i> every (. on r); y = g<i,1>(x); } } f r = T S S ′ g g reset S [ i ] I [ i ] S ′ [ i ] initial 17/22

  64. • Declarative f r F S S g S i I i S i initial STC FORMAL SEMANTICS: INTUITION system f { Transition system sub i: g; • Three states S , I and S ′ transition (x: int, r: bool) returns (y: int) • Transition constraints { reset g<i> every (. on r); y = g<i,1>(x); } } f r = T S S ′ g g reset S [ i ] I [ i ] S ′ [ i ] initial 17/22

  65. • Declarative f r F S S g S i I i S i initial STC FORMAL SEMANTICS: INTUITION system f { Transition system sub i: g; • Three states S , I and S ′ transition (x: int, r: bool) returns (y: int) • Transition constraints { reset g<i> every (. on r); y = g<i,1>(x); } } f r = T S S ′ g g reset S [ i ] I [ i ] S ′ [ i ] initial 17/22

  66. • Declarative STC FORMAL SEMANTICS: INTUITION system f { Transition system sub i: g; • Three states S , I and S ′ transition (x: int, r: bool) returns (y: int) • Transition constraints { reset g<i> every (. on r); y = g<i,1>(x); } } f f r = T r = F S S ′ S S ′ g g g reset S [ i ] I [ i ] S ′ [ i ] S [ i ] ∼ I [ i ] S ′ [ i ] ∼ ∼ initial initial 17/22

  67. • Declarative STC FORMAL SEMANTICS: INTUITION system f { Transition system sub i: g; • Three states S , I and S ′ transition (x: int, r: bool) returns (y: int) • Transition constraints { reset g<i> every (. on r); y = g<i,1>(x); } } f f r = T r = F S S ′ S S ′ g g g reset S [ i ] I [ i ] S ′ [ i ] S [ i ] ∼ I [ i ] S ′ [ i ] ∼ ∼ initial initial 17/22

  68. • Declarative STC FORMAL SEMANTICS: INTUITION system f { Transition system sub i: g; • Three states S , I and S ′ transition (x: int, r: bool) returns (y: int) • Transition constraints { reset g<i> every (. on r); y = g<i,1>(x); } } f f r = T r = F S S ′ S S ′ g g g reset S [ i ] I [ i ] S ′ [ i ] S [ i ] ∼ I [ i ] S ′ [ i ] ∼ ∼ initial initial 17/22

  69. STC FORMAL SEMANTICS: INTUITION system f { Transition system sub i: g; • Three states S , I and S ′ transition (x: int, r: bool) returns (y: int) • Transition constraints { y = g<i,1>(x); • Declarative reset g<i> every (. on r); } } f f r = T r = F S S ′ S S ′ g g g reset S [ i ] I [ i ] S ′ [ i ] S [ i ] ∼ I [ i ] S ′ [ i ] ∼ ∼ initial initial 17/22

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

MECHANIZED SEMANTICS AND VERIFIED COMPILATION FOR A DATAFLOW SYNCHRONOUS LANGUAGE WITH RESET

MECHANIZED SEMANTICS AND VERIFIED COMPILATION FOR A DATAFLOW SYNCHRONOUS LANGUAGE WITH RESET

MECHANIZED SEMANTICS AND VERIFIED COMPILATION FOR A DATAFLOW SYNCHRONOUS LANGUAGE WITH RESET Timothy Bourke 1,2 Llio Brun 1,2 Marc Pouzet 3,2,1 POPL20 January 24, 2020 1 Inria Paris 2 cole normale suprieure PSL University

1.12k views • 93 slides
Towards a verified Lustre compiler with modular reset Timothy Bourke 1,2 Llio Brun 1,2 Marc

Towards a verified Lustre compiler with modular reset Timothy Bourke 1,2 Llio Brun 1,2 Marc

Towards a verified Lustre compiler with modular reset Timothy Bourke 1,2 Llio Brun 1,2 Marc Pouzet 3,2,1 1 Inria Paris 2 DI ENS 3 UPMC SCOPES 2018 May 30, 2018 Screenshot from ANSYS/Esterel Techologies SCADE Suite 1 / 14 Screenshot from

1.41k views • 92 slides
Verifying the Lustre modular reset Timothy Bourke 1,2 Llio Brun 1,2 Marc Pouzet 3,2,1 1 Inria

Verifying the Lustre modular reset Timothy Bourke 1,2 Llio Brun 1,2 Marc Pouzet 3,2,1 1 Inria

Verifying the Lustre modular reset Timothy Bourke 1,2 Llio Brun 1,2 Marc Pouzet 3,2,1 1 Inria Paris 2 DI ENS 3 UPMC SYNCHRON18 November 29, 2018 The problem Adding the modular reset to Vlus 1 / 22 The problem Adding the modular

1.74k views • 143 slides
Velus: towards a modular reset Llio Brun 1 , 2 PARKAS Team Timothy Bourke 1,2

Velus: towards a modular reset Llio Brun 1 , 2 PARKAS Team Timothy Bourke 1,2

Velus: towards a modular reset Llio Brun 1 , 2 PARKAS Team Timothy Bourke 1,2 Pierre-variste Dagand 4,3,1 Marc Pouzet 4,2,1 1 Inria Paris 2 DI ENS 3 CNRS 4 UPMC SYNCHRON17 November 30, 2017 Lustre 1 : example rect d + y node

1.07k views • 67 slides
A Higher-Order Abstract Syntax Approach to Verified Compilation of Functional Programs Yuting

A Higher-Order Abstract Syntax Approach to Verified Compilation of Functional Programs Yuting

A Higher-Order Abstract Syntax Approach to Verified Compilation of Functional Programs Yuting Wang and Gopalan Nadathur Department of Computer Science and Engineering University of Minnesota, Minneapolis ESOP 2016, Eindhoven, Netherlands

1.06k views • 88 slides
Compiling Dependent Types Much recent focus on verified compilation of dependently typed

Compiling Dependent Types Much recent focus on verified compilation of dependently typed

CPS Translation of Dependent Types Amal Ahmed Northeastern University Work in progress, with Nick Rioux and William Bowman Compiling Dependent Types Much recent focus on verified compilation of dependently typed languages: Coqonut, CertiCoq

708 views • 44 slides
Relaxed memory concurrency and verified compilation Viktor Vafeiadis Max Planck Institute for

Relaxed memory concurrency and verified compilation Viktor Vafeiadis Max Planck Institute for

Relaxed memory concurrency and verified compilation Viktor Vafeiadis Max Planck Institute for Software Systems (MPI-SWS) Full functional verification Method: Come up with a complete specification of the program Prove the program

852 views • 52 slides
Crellvm: Verified Credible Compilation for LLVM Seoul National University (Korea) Jeehoon Kang*

Crellvm: Verified Credible Compilation for LLVM Seoul National University (Korea) Jeehoon Kang*

Crellvm: Verified Credible Compilation for LLVM Seoul National University (Korea) Jeehoon Kang* Yoonseung Kim * Youngju Song* Juneyoung Lee Sanghoon Park Mark Dongyeon Shin Yonghyun Kim Sungkeun Cho Joonwon Choi (MIT) Chung-Kil

978 views • 95 slides
Validity of SM at High Energies &amp; Top Yukawa Finally we see Higgs?! Finally we see Higgs?!

Validity of SM at High Energies &amp; Top Yukawa Finally we see Higgs?! Finally we see Higgs?!

Kin-ya Oda Osaka Yuta Hamada &amp; Hikaru KawaiKyoto Phys. Rev. D 87, 053009 (2013) Also a proceedings, arXiv:1305.7055 Validity of SM at High Energies &amp; Top Yukawa Finally we see Higgs?! Finally we see Higgs?! Finally we

981 views • 66 slides
An Abstract Stack Based Approach to Verified Compositional Compilation to Machine Code Yuting Wang

An Abstract Stack Based Approach to Verified Compositional Compilation to Machine Code Yuting Wang

An Abstract Stack Based Approach to Verified Compositional Compilation to Machine Code Yuting Wang 1 , Pierre Wilke 1 , 2 , Zhong Shao 1 Yale University 1 , CentraleSuplec 2 19 January 18 th , 2019 POPL Yuting Wang, Pierre Wilke , Zhong

251 views • 21 slides
JIT Compilation Module Overview JIT Compilation Native vs. Managed Compilation Managed

JIT Compilation Module Overview JIT Compilation Native vs. Managed Compilation Managed

JIT Compilation Module Overview JIT Compilation Native vs. Managed Compilation Managed Execution Phases Assembly Loading &amp; Initialization JIT Compilation JIT Optimizations Whats new in NGEN 4.0? When to use NGEN? 2 Running Code

484 views • 46 slides
Center Moriches Union Free School District An Energy Conservation Plan Agenda Project

Center Moriches Union Free School District An Energy Conservation Plan Agenda Project

If you can read this If you can read this Click on the icon Click on the icon to choose a to choose a picture or picture or Reset the slide . Reset the slide . To Reset: Right click on the To Reset: Right click on the slide thumbnail and

309 views • 19 slides
Towards a Coq-verified compiler from Esterel to circuits: 2 years later Lionel R ieg Yale

Towards a Coq-verified compiler from Esterel to circuits: 2 years later Lionel R ieg Yale

Towards a Coq-verified compiler from Esterel to circuits: 2 years later Lionel R ieg Yale University Synchron 2016 December 5th, 2016 1/20 Objective: prove the compilation scheme for Esterel Esterel Synchronous dataflow language

960 views • 74 slides
RESET &amp; Living Building Challenge Anjanette Green agreen@reset.build The greenest

RESET &amp; Living Building Challenge Anjanette Green agreen@reset.build The greenest

RESET &amp; Living Building Challenge Anjanette Green agreen@reset.build The greenest commercial office building in the world JOIN OR START A COLLABORATIVE IN YOUR COMMUNITY TODAY REGENERATIVE ECOLOGICAL SOCIAL &amp; ECONOMIC TARGETS

390 views • 16 slides
The Compilation Process Preprocessing: o processes include-files, conditional compilation and

The Compilation Process Preprocessing: o processes include-files, conditional compilation and

4/1/14 The Compilation Process Preprocessing: o processes include-files, conditional compilation and macros. Compilation: Writing Large Programs o takes the output of the preprocessor and the source code, and generates assembler

271 views • 6 slides
ARDUINO HELLO LED! RESET ICSP2 AREF RX TX L GND 13 IOREF 12 RESET Arduino 11 3V3 10

ARDUINO HELLO LED! RESET ICSP2 AREF RX TX L GND 13 IOREF 12 RESET Arduino 11 3V3 10

ARDUINO HELLO LED! RESET ICSP2 AREF RX TX L GND 13 IOREF 12 RESET Arduino 11 3V3 10 5V 9 GND 8 POWER GND TM DIGITAL (PWM= VIN 7 6 A0 5 A1 4 3 A2 ANALOG IN A3 2 ) A4 TX0 1 ICSP 1 ON A5 RX0 0 BLINK BLINK

240 views • 13 slides
Truck Shipment Example: One-Time 8. Using the same LTL shipment, find online one-time (spot) LTL

Truck Shipment Example: One-Time 8. Using the same LTL shipment, find online one-time (spot) LTL

Truck Shipment Example: One-Time 8. Using the same LTL shipment, find online one-time (spot) LTL rate quotes using the FedEx LTL website 0.2889 ton q = frac Class-Density Relationship 0.2889(2000) 578 lb = = = no. =

314 views • 7 slides
Data Amplification: Instance-Optimal Property Estimation Yi Hao and Alon Orlitsky {yih179, alon}@

Data Amplification: Instance-Optimal Property Estimation Yi Hao and Alon Orlitsky {yih179, alon}@

Data Amplification: Instance-Optimal Property Estimation Yi Hao and Alon Orlitsky {yih179, alon}@ ucsd .edu 0 / 23 Outline Definitions Estimators Prior results Data amplification Example: Shannon entropy Ideas to take away:

355 views • 24 slides
Normalizing Flow Models Stefano Ermon, Aditya Grover Stanford University Lecture 7 Stefano

Normalizing Flow Models Stefano Ermon, Aditya Grover Stanford University Lecture 7 Stefano

Normalizing Flow Models Stefano Ermon, Aditya Grover Stanford University Lecture 7 Stefano Ermon, Aditya Grover (AI Lab) Deep Generative Models Lecture 7 1 / 21 Recap of likelihood-based learning so far: Model families: Autoregressive

319 views • 21 slides
Nonlinear Control Lecture # 18 Stability of Feedback Systems Nonlinear Control Lecture # 18

Nonlinear Control Lecture # 18 Stability of Feedback Systems Nonlinear Control Lecture # 18

Nonlinear Control Lecture # 18 Stability of Feedback Systems Nonlinear Control Lecture # 18 Stability of Feedback Systems Absolute Stability + r = 0 u y G ( s ) ( ) Definition 7.1 The

370 views • 23 slides
Segmentation using Segmentation using Bayesian Decision Theory Bayesian Decision Theory

Segmentation using Segmentation using Bayesian Decision Theory Bayesian Decision Theory

Segmentation Segmentation Segmentation using Segmentation using Bayesian Decision Theory Bayesian Decision Theory Segmentation of images is the separation of pixels into different categories depending upon their intensities and/or other

109 views • 8 slides
2 Two Random Variables A number of features of the two-variable problem follow by direct analogy

2 Two Random Variables A number of features of the two-variable problem follow by direct analogy

19 Two Random Variables 2 Two Random Variables A number of features of the two-variable problem follow by direct analogy with the one-variable case: the joint probability density , the joint probability distribution function , and the method of

284 views • 17 slides
Resolutions from CLAS12: gemc vs data Harut Avakian (JLab) CLAS Collaboration Meeting Nov 14,

Resolutions from CLAS12: gemc vs data Harut Avakian (JLab) CLAS Collaboration Meeting Nov 14,

Resolutions from CLAS12: gemc vs data Harut Avakian (JLab) CLAS Collaboration Meeting Nov 14, 2019 Studies of resolutions and energy loss using gemc Comparing resolutions in gemc and RGA Parameterizing resolutions Input for

310 views • 16 slides
CS 241 Data Organization Quiz 4 March 7, 2018 Question 1 The output is: void main(void) { A

CS 241 Data Organization Quiz 4 March 7, 2018 Question 1 The output is: void main(void) { A

CS 241 Data Organization Quiz 4 March 7, 2018 Question 1 The output is: void main(void) { A 1 int x=1, y=3; int *px; B 2 px = &amp;x; printf(&quot;%d\n&quot;, *px + y); C 3 } D 4 E 13 F A memory location which is a larger number

406 views • 9 slides

More recommend