verifying the lustre modular reset
play

Verifying the Lustre modular reset Timothy Bourke 1,2 Llio Brun 1,2 - PowerPoint PPT Presentation

Dec 06, 2022 •297 likes •1.74k views

Verifying the Lustre modular reset Timothy Bourke 1,2 Llio Brun 1,2 Marc Pouzet 3,2,1 1 Inria Paris 2 DI ENS 3 UPMC SYNCHRON18 November 29, 2018 The problem Adding the modular reset to Vlus 1 / 22 The problem Adding the modular

  1. Infinitely unrolling the recursion r F F T F F T F T F · · · count r 0 0 1 1 1 2 2 3 3 · · · 0 5 10 15 20 25 30 35 40 · · · i mask 0 r i 0 5 – – – – – – – · · · nat (mask 0 r i ) 0 1 – – – – – – – · · · mask 1 r i – – 10 15 20 – – – – · · · nat (mask 1 r i ) – – 10 11 12 – – – – · · · nat ( i ) every r 0 1 10 11 12 25 26 35 36 · · · 7 / 22

  2. Infinitely unrolling the recursion r F F T F F T F T F · · · count r 0 0 1 1 1 2 2 3 3 · · · 0 5 10 15 20 25 30 35 40 · · · i mask 0 r i 0 5 – – – – – – – · · · nat (mask 0 r i ) 0 1 – – – – – – – · · · mask 1 r i – – 10 15 20 – – – – · · · nat (mask 1 r i ) – – 10 11 12 – – – – · · · mask 2 r i – – – – – 25 30 – – · · · nat ( i ) every r 0 1 10 11 12 25 26 35 36 · · · 7 / 22

  3. Infinitely unrolling the recursion r F F T F F T F T F · · · count r 0 0 1 1 1 2 2 3 3 · · · 0 5 10 15 20 25 30 35 40 · · · i mask 0 r i 0 5 – – – – – – – · · · nat (mask 0 r i ) 0 1 – – – – – – – · · · mask 1 r i – – 10 15 20 – – – – · · · nat (mask 1 r i ) – – 10 11 12 – – – – · · · mask 2 r i – – – – – 25 30 – – · · · nat (mask 2 r i ) – – – – – 25 26 – – · · · nat ( i ) every r 0 1 10 11 12 25 26 35 36 · · · 7 / 22

  4. Infinitely unrolling the recursion r F F T F F T F T F · · · count r 0 0 1 1 1 2 2 3 3 · · · 0 5 10 15 20 25 30 35 40 · · · i mask 0 r i 0 5 – – – – – – – · · · nat (mask 0 r i ) 0 1 – – – – – – – · · · mask 1 r i – – 10 15 20 – – – – · · · nat (mask 1 r i ) – – 10 11 12 – – – – · · · mask 2 r i – – – – – 25 30 – – · · · nat (mask 2 r i ) – – – – – 25 26 – – · · · mask 3 r i – – – – – – – 35 40 · · · nat ( i ) every r 0 1 10 11 12 25 26 35 36 · · · 7 / 22

  5. Infinitely unrolling the recursion r F F T F F T F T F · · · count r 0 0 1 1 1 2 2 3 3 · · · 0 5 10 15 20 25 30 35 40 · · · i mask 0 r i 0 5 – – – – – – – · · · nat (mask 0 r i ) 0 1 – – – – – – – · · · mask 1 r i – – 10 15 20 – – – – · · · nat (mask 1 r i ) – – 10 11 12 – – – – · · · mask 2 r i – – – – – 25 30 – – · · · nat (mask 2 r i ) – – – – – 25 26 – – · · · mask 3 r i – – – – – – – 35 40 · · · nat (mask 3 r i ) – – – – – – – 35 36 · · · nat ( i ) every r 0 1 10 11 12 25 26 35 36 · · · 7 / 22

  6. Infinitely unrolling the recursion r F F T F F T F T F · · · count r 0 0 1 1 1 2 2 3 3 · · · 0 5 10 15 20 25 30 35 40 · · · i mask 0 r i 0 5 – – – – – – – · · · nat (mask 0 r i ) 0 1 – – – – – – – · · · mask 1 r i – – 10 15 20 – – – – · · · nat (mask 1 r i ) – – 10 11 12 – – – – · · · mask 2 r i – – – – – 25 30 – – · · · nat (mask 2 r i ) – – – – – 25 26 – – · · · mask 3 r i – – – – – – – 35 40 · · · nat (mask 3 r i ) – – – – – – – 35 36 · · · . . . nat ( i ) every r 0 1 10 11 12 25 26 35 36 · · · 7 / 22

  7. Formal semantics Node application eqn ⇀ x = f ( ⇀ ⊢ e ) 8 / 22

  8. Formal semantics Node application exp ⇀ e ⇓ ⇀ ⊢ es eqn ⇀ x = f ( ⇀ ⊢ e ) 8 / 22

  9. Formal semantics Node application exp ⇀ e ⇓ ⇀ node f ( ⇀ es ) ⇓ ⇀ ⊢ ⊢ es xs eqn ⇀ x = f ( ⇀ ⊢ e ) 8 / 22

  10. Formal semantics Node application exp ⇀ e ⇓ ⇀ node f ( ⇀ es ) ⇓ ⇀ var ⇀ x ⇓ ⇀ ⊢ ⊢ ⊢ es xs xs eqn ⇀ x = f ( ⇀ ⊢ e ) 8 / 22

  11. Formal semantics Node application exp ⇀ e ⇓ ⇀ node f ( ⇀ es ) ⇓ ⇀ var ⇀ x ⇓ ⇀ ⊢ ⊢ ⊢ es xs xs eqn ⇀ x = f ( ⇀ ⊢ e ) Modular reset eqn ⇀ x = f ( ⇀ ⊢ e ) every r 8 / 22

  12. Formal semantics Node application exp ⇀ e ⇓ ⇀ node f ( ⇀ es ) ⇓ ⇀ var ⇀ x ⇓ ⇀ ⊢ ⊢ ⊢ es xs xs eqn ⇀ x = f ( ⇀ ⊢ e ) Modular reset exp ⇀ e ⇓ ⇀ var ⇀ x ⇓ ⇀ ⊢ ⊢ es xs eqn ⇀ x = f ( ⇀ ⊢ e ) every r 8 / 22

  13. Formal semantics Node application exp ⇀ e ⇓ ⇀ node f ( ⇀ es ) ⇓ ⇀ var ⇀ x ⇓ ⇀ ⊢ ⊢ ⊢ es xs xs eqn ⇀ x = f ( ⇀ ⊢ e ) Modular reset ⊢ var r ⇓ rs exp ⇀ e ⇓ ⇀ var ⇀ x ⇓ ⇀ ⊢ ⊢ es xs eqn ⇀ x = f ( ⇀ ⊢ e ) every r 8 / 22

  14. Formal semantics Node application exp ⇀ e ⇓ ⇀ node f ( ⇀ es ) ⇓ ⇀ var ⇀ x ⇓ ⇀ ⊢ ⊢ ⊢ es xs xs eqn ⇀ x = f ( ⇀ ⊢ e ) Modular reset ⊢ var r ⇓ rs rk = boolof rs exp ⇀ e ⇓ ⇀ var ⇀ x ⇓ ⇀ ⊢ ⊢ es xs eqn ⇀ x = f ( ⇀ ⊢ e ) every r 8 / 22

  15. Formal semantics Node application exp ⇀ e ⇓ ⇀ node f ( ⇀ es ) ⇓ ⇀ var ⇀ x ⇓ ⇀ ⊢ ⊢ ⊢ es xs xs eqn ⇀ x = f ( ⇀ ⊢ e ) Modular reset ⊢ var r ⇓ rs rk = boolof rs exp ⇀ e ⇓ ⇀ reset f ( ⇀ es ) ⇓ ⇀ var ⇀ x ⇓ ⇀ ⊢ rk ⊢ ⊢ es xs xs eqn ⇀ x = f ( ⇀ ⊢ e ) every r 8 / 22

  16. Formal semantics Node application exp ⇀ e ⇓ ⇀ node f ( ⇀ es ) ⇓ ⇀ var ⇀ x ⇓ ⇀ ⊢ ⊢ ⊢ es xs xs eqn ⇀ x = f ( ⇀ ⊢ e ) Modular reset ⊢ var r ⇓ rs rk = boolof rs exp ⇀ e ⇓ ⇀ reset f ( ⇀ es ) ⇓ ⇀ var ⇀ x ⇓ ⇀ ⊢ rk ⊢ ⊢ es xs xs eqn ⇀ x = f ( ⇀ ⊢ e ) every r reset f ( ⇀ xs ) ⇓ ⇀ rk ⊢ ys 8 / 22

  17. Formal semantics Node application exp ⇀ e ⇓ ⇀ node f ( ⇀ es ) ⇓ ⇀ var ⇀ x ⇓ ⇀ ⊢ ⊢ ⊢ es xs xs eqn ⇀ x = f ( ⇀ ⊢ e ) Modular reset ⊢ var r ⇓ rs rk = boolof rs exp ⇀ e ⇓ ⇀ reset f ( ⇀ es ) ⇓ ⇀ var ⇀ x ⇓ ⇀ ⊢ rk ⊢ ⊢ es xs xs eqn ⇀ x = f ( ⇀ ⊢ e ) every r Use of an universally quantified relation as a constraint: node f (mask k rk ⇀ xs ) ⇓ mask k rk ⇀ ∀ k , ⊢ ys reset f ( ⇀ xs ) ⇓ ⇀ rk ⊢ ys 8 / 22

  18. Vélus: 3 a verified compiler parsing elaboration normalization scheduling Unannotated Lustre N-Lustre SN-Lustre Lustre dataflow translation imperative fusion optimization Implemented in Coq and (some) OCaml Obc generation Clight compilation CompCert Assembly printing 3 Bourke, Brun, Dagand, Leroy, Pouzet, and Rieg (2017): “A Formally Verified Compiler for Lustre” 9 / 22

  19. Vélus: a verified compiler parsing elaboration normalization scheduling Unannotated Lustre N-Lustre SN-Lustre Lustre dataflow translation imperative fusion optimization • Validated parsing ( menhir –coq ) a Obc generation Clight compilation CompCert Assembly printing a Jourdan, Pottier, and Leroy (2012): “Validating LR(1) parsers” 9 / 22

  20. Vélus: a verified compiler parsing elaboration normalization scheduling Unannotated Lustre N-Lustre SN-Lustre Lustre dataflow translation imperative fusion optimization • Validated parsing ( menhir –coq ) Obc • Elaboration to get clock and type information generation Clight compilation CompCert Assembly printing 9 / 22

  21. Vélus: a verified compiler parsing elaboration normalization scheduling Unannotated Lustre N-Lustre SN-Lustre Lustre dataflow translation imperative fusion optimization • Validated parsing ( menhir –coq ) Obc • Elaboration to get clock and type information generation • Not yet implemented: normalization a Clight compilation CompCert Assembly printing a Auger (2013): “Compilation certifiée de SCADE/LUSTRE” 9 / 22

  22. Vélus: a verified compiler parsing elaboration normalization scheduling Unannotated Lustre N-Lustre SN-Lustre Lustre dataflow translation imperative fusion optimization • Validated parsing ( menhir –coq ) Obc • Elaboration to get clock and type information generation • Not yet implemented: normalization • Scheduling of dataflow equations Clight compilation CompCert Assembly printing 9 / 22

  23. Vélus: a verified compiler parsing elaboration normalization scheduling Unannotated Lustre N-Lustre SN-Lustre Lustre dataflow translation imperative fusion optimization • Validated parsing ( menhir –coq ) Obc • Elaboration to get clock and type information generation • Not yet implemented: normalization • Scheduling of dataflow equations Clight • Translation to intermediate Obc code compilation CompCert Assembly printing 9 / 22

  24. Vélus: a verified compiler parsing elaboration normalization scheduling Unannotated Lustre N-Lustre SN-Lustre Lustre dataflow translation imperative fusion optimization node e u l e r ( y0 , y ’ : r e a l ) c l a s s e u l e r { r e t u r n s ( y : r e a l ) memory i n i t : bool ; Obc var h , y1 : r e a l ; memory y1 : r e a l ; i n i t : bool ; generation l e t step ( y0 , y ’ : r e a l ) h = 2; r e t u r n s ( y : r e a l ) y = i f i n i t var h : r e a l Clight then y0 { e l s e y1 ; h := 2; i n i t = t r u e fby f a l s e ; i f ( s t a t e ( i n i t ) ) { y := y0 } compilation CompCert y1 = 0 fby ( y + y ’ ∗ h ) ; e l s e { y := s t a t e ( y1 ) }; t e l s t a t e ( i n i t ) := f a l s e ; s t a t e ( y1 ) := y + y ’ ∗ h Assembly } printing r e s e t ( ) { s t a t e ( i n i t ) := t r u e ; s t a t e ( y1 ) := 0 } } 9 / 22

  25. Vélus: a verified compiler parsing elaboration normalization scheduling Unannotated Lustre N-Lustre SN-Lustre Lustre dataflow translation imperative fusion optimization node e u l e r ( y0 , y ’ : r e a l ) c l a s s e u l e r { r e t u r n s ( y : r e a l ) memory i n i t : bool ; Obc var h , y1 : r e a l ; memory y1 : r e a l ; i n i t : bool ; generation l e t step ( y0 , y ’ : r e a l ) h = 2; r e t u r n s ( y : r e a l ) y = i f i n i t var h : r e a l Clight then y0 { e l s e y1 ; h := 2; i n i t = t r u e fby f a l s e ; i f ( s t a t e ( i n i t ) ) { y := y0 } compilation CompCert y1 = 0 fby ( y + y ’ ∗ h ) ; e l s e { y := s t a t e ( y1 ) }; t e l s t a t e ( i n i t ) := f a l s e ; s t a t e ( y1 ) := y + y ’ ∗ h Assembly } printing r e s e t ( ) { s t a t e ( i n i t ) := t r u e ; s t a t e ( y1 ) := 0 } } 9 / 22

  26. Vélus: a verified compiler parsing elaboration normalization scheduling Unannotated Lustre N-Lustre SN-Lustre Lustre dataflow translation imperative fusion optimization node e u l e r ( y0 , y ’ : r e a l ) c l a s s e u l e r { r e t u r n s ( y : r e a l ) memory i n i t : bool ; Obc var h , y1 : r e a l ; memory y1 : r e a l ; i n i t : bool ; generation l e t step ( y0 , y ’ : r e a l ) h = 2; r e t u r n s ( y : r e a l ) y = i f i n i t var h : r e a l Clight then y0 { e l s e y1 ; h := 2; i n i t = t r u e fby f a l s e ; i f ( s t a t e ( i n i t ) ) { y := y0 } compilation CompCert y1 = 0 fby ( y + y ’ ∗ h ) ; e l s e { y := s t a t e ( y1 ) }; t e l s t a t e ( i n i t ) := f a l s e ; s t a t e ( y1 ) := y + y ’ ∗ h Assembly } printing r e s e t ( ) { s t a t e ( i n i t ) := t r u e ; s t a t e ( y1 ) := 0 } } 9 / 22

  27. Vélus: a verified compiler parsing elaboration normalization scheduling Unannotated Lustre N-Lustre SN-Lustre Lustre dataflow translation imperative fusion optimization node main ( x0 , x ’ : r e a l ) c l a s s main { Obc r e t u r n s ( x : r e a l ) i n s t a n c e i : e u l e r ; l e t generation x = e u l e r ( x0 , x ’ ) ; step ( x0 , x ’ : r e a l ) t e l r e t u r n s ( x : r e a l ) { Clight x := e u l e r ( i ) . step ( x0 , x ’ ) } compilation CompCert r e s e t ( ) { e u l e r ( i ) . r e s e t () } Assembly } printing 9 / 22

  28. Vélus: a verified compiler parsing elaboration normalization scheduling Unannotated Lustre N-Lustre SN-Lustre Lustre dataflow translation imperative fusion optimization node main ( x0 , x ’ : r e a l ) c l a s s main { Obc r e t u r n s ( x : r e a l ) i n s t a n c e i : e u l e r ; l e t generation x = e u l e r ( x0 , x ’ ) ; step ( x0 , x ’ : r e a l ) t e l r e t u r n s ( x : r e a l ) { Clight x := e u l e r ( i ) . step ( x0 , x ’ ) } compilation CompCert r e s e t ( ) { e u l e r ( i ) . r e s e t () } Assembly } printing 9 / 22

  29. Vélus: a verified compiler parsing elaboration normalization scheduling Unannotated Lustre N-Lustre SN-Lustre Lustre dataflow translation imperative fusion optimization • Validated parsing ( menhir –coq ) Obc • Elaboration to get clock and type information generation • Not yet implemented: normalization • Scheduling of dataflow equations Clight • Translation to intermediate Obc code compilation CompCert • Optimization of intermediate Obc code Assembly printing 9 / 22

  30. Vélus: a verified compiler parsing elaboration normalization scheduling Unannotated Lustre N-Lustre SN-Lustre Lustre dataflow translation imperative fusion optimization node main ( x0 , x ’ : r e a l ; ck : bool ) step ( x0 , x ’ : r e a l ; ck : bool ) Obc r e t u r n s ( x : r e a l ) r e t u r n s ( x : r e a l ) var v , w: r e a l when ck ; var v , w: r e a l l e t { generation v = f i l t e r ( x ’ when ck ) ; i f ( ck ) { v := f i l t e r ( i ) . step ( x ’ ) }; w = e u l e r ( x0 when ck , v ) ; i f ( ck ) { w := e u l e r ( j ) . step ( x0 , v ) } ; x = merge ck w ( − 1); i f ( ck ) { x := w } e l s e { x := − 1 } Clight t e l } compilation CompCert Assembly printing 9 / 22

  31. Vélus: a verified compiler parsing elaboration normalization scheduling Unannotated Lustre N-Lustre SN-Lustre Lustre dataflow translation imperative fusion optimization step ( x0 , x ’ : r e a l ; ck : bool ) step ( x0 , x ’ : r e a l ; ck : bool ) Obc r e t u r n s ( x : r e a l ) r e t u r n s ( x : r e a l ) var v , w: r e a l var v , w: r e a l { { generation i f ( ck ) { v := f i l t e r ( i ) . step ( x ’ ) }; i f ( ck ) { i f ( ck ) { w := e u l e r ( j ) . step ( x0 , v ) }; v := f i l t e r ( i ) . step ( x ’ ) ; i f ( ck ) { x := w } e l s e { x := − 1 } w := e u l e r ( j ) . step ( x0 , v ) ; Clight } x := w } e l s e { x := − 1 } compilation } CompCert Assembly printing 9 / 22

  32. Vélus: a verified compiler parsing elaboration normalization scheduling Unannotated Lustre N-Lustre SN-Lustre Lustre dataflow translation imperative fusion optimization • Validated parsing ( menhir –coq ) Obc • Elaboration to get clock and type information generation • Not yet implemented: normalization • Scheduling of dataflow equations Clight • Translation to intermediate Obc code compilation CompCert • Optimization of intermediate Obc code • Generation of Clight code Assembly printing 9 / 22

  33. Vélus: a verified compiler parsing elaboration normalization scheduling Unannotated Lustre N-Lustre SN-Lustre Lustre dataflow translation imperative fusion optimization • Validated parsing ( menhir –coq ) Obc • Elaboration to get clock and type information generation • Not yet implemented: normalization • Scheduling of dataflow equations Clight • Translation to intermediate Obc code compilation CompCert • Optimization of intermediate Obc code • Generation of Clight code Assembly • Rely on CompCert a for compilation printing a Blazy, Dargaye, and Leroy (2006): “Formal verification of a C compiler front-end” 9 / 22

  34. First issue: naive compilation y = f ( x ) every r ; i f ( ck_r ) { i f ( r ) { f ( i ) . r e s e t () }; }; y := f ( i ) . step ( x ) 10 / 22

  35. First issue: naive compilation y = f ( x ) every r ; i f ( ck_r ) { i f ( r ) { f ( i ) . r e s e t () }; }; y := f ( i ) . step ( x ) Problem with fusion optimization: node main ( x0 , x ’ : r e a l ; ck , r : bool ) r e t u r n s ( x : r e a l ) var v , w: r e a l when ck ; l e t v = f i l t e r ( x ’ when ck ) ; w = e u l e r (( x0 , v ) when ck ) ev er y r ; x = merge ck w 0; t e l 10 / 22

  36. First issue: naive compilation y = f ( x ) every r ; i f ( ck_r ) { i f ( r ) { f ( i ) . r e s e t () }; }; y := f ( i ) . step ( x ) Problem with fusion optimization: node main ( x0 , x ’ : r e a l ; ck , r : bool ) step ( x0 , x ’ : r e a l ; ck , r : bool ) r e t u r n s ( x : r e a l ) r e t u r n s ( x : r e a l ) var v , w: r e a l when ck ; var v , w : r e a l l e t { v = f i l t e r ( x ’ when ck ) ; i f ( ck ) { v := f i l t e r ( i ) . step ( x ’ ) }; w = e u l e r (( x0 , v ) when ck ) ev er y r ; i f ( r ) { e u l e r ( j ) . r e s e t () }; x = merge ck w 0; i f ( ck ) { w := e u l e r ( j ) . step ( x0 , v ) }; t e l i f ( ck ) { x := w } e l s e { x := 0 } } 10 / 22

  37. First issue: naive compilation y = f ( x ) every r ; i f ( ck_r ) { i f ( r ) { f ( i ) . r e s e t () }; }; y := f ( i ) . step ( x ) Problem with fusion optimization: node main ( x0 , x ’ : r e a l ; ck , r : bool ) step ( x0 , x ’ : r e a l ; ck , r : bool ) r e t u r n s ( x : r e a l ) r e t u r n s ( x : r e a l ) var v , w : r e a l var v , w: r e a l when ck ; { l e t i f ( r ) { e u l e r ( j ) . r e s e t () }; v = f i l t e r ( x ’ when ck ) ; i f ( ck ) { w = e u l e r (( x0 , v ) when ck ) ev er y r ; v := f i l t e r ( i ) . step ( x ’ ) ; x = merge ck w 0; w := e u l e r ( j ) . step ( x0 , v ) ; t e l x := w } e l s e { x := 0 } } 10 / 22

  38. Second issue: proof of correctness N-Lustre ⇀ V ω × ⇀ “easy”: ∃ M V ω too weak for a direct N-Lustre proof by induction “hard” V ω × M × ⇀ ⇀ M V ω Obc x i v 0 · · · v ω M’ S × ⇀ V → S × ⇀ V 11 / 22

  39. Second issue: proof of correctness N-Lustre ⇀ V ω × ⇀ “easy”: ∃ M V ω too weak for a direct N-Lustre proof by induction “hard” V ω × M × ⇀ ⇀ M V ω Obc x i v 0 · · · v ω M’ S × ⇀ V → S × ⇀ V 11 / 22

  40. Second issue: proof of correctness N-Lustre ⇀ V ω × ⇀ “easy”: ∃ M V ω too weak for a direct N-Lustre proof by induction “hard” V ω × M × ⇀ ⇀ M V ω Obc x i v 0 · · · v ω M’ S × ⇀ V → S × ⇀ V 11 / 22

  41. Second issue: proof of correctness N-Lustre ⇀ V ω × ⇀ “easy”: ∃ M V ω too weak for a direct N-Lustre proof by induction “hard” V ω × M × ⇀ ⇀ M V ω Obc x i v 0 · · · v ω M’ S × ⇀ V → S × ⇀ V 11 / 22

  42. Second issue: proof of correctness What about the reset? • It is possible to give a semantics in the intermediate semantics model as well 11 / 22

  43. Second issue: proof of correctness What about the reset? • It is possible to give a semantics in the intermediate semantics model as well • The “easy” proof can be done 11 / 22

  44. Second issue: proof of correctness What about the reset? • It is possible to give a semantics in the intermediate semantics model as well • The “easy” proof can be done • The “hard” one cannot 11 / 22

  45. Second issue: proof of correctness The granularity of the intermediate model is not precise enough! 11 / 22

  46. Second issue: proof of correctness The granularity of the intermediate model is not precise enough! step reset Obc | | N-Lustre ? Indeed, because of the reset, the memory can reach 2 different states within the same synchronous instant 11 / 22

  47. Second issue: proof of correctness The granularity of the intermediate model is not precise enough! step reset Obc | | N-Lustre ? Indeed, because of the reset, the memory can reach 2 different states within the same synchronous instant → Transient states 11 / 22

  48. SyBloc • Problems with the compilation scheme • Problems with the semantics models 12 / 22

  49. SyBloc • Problems with the compilation scheme • Problems with the semantics models Propose a new intermediate language • Declarative, like N-Lustre 12 / 22

  50. SyBloc • Problems with the compilation scheme • Problems with the semantics models Propose a new intermediate language • Declarative, like N-Lustre • Where the reset construct is treated as a separate “equation” 12 / 22

  51. SyBloc • Problems with the compilation scheme • Problems with the semantics models Propose a new intermediate language • Declarative, like N-Lustre • Where the reset construct is treated as a separate “equation” • Mimicking the intermediate memory model of N-Lustre 12 / 22

  52. SyBloc • Problems with the compilation scheme • Problems with the semantics models Propose a new intermediate language • Declarative, like N-Lustre • Where the reset construct is treated as a separate “equation” • Mimicking the intermediate memory model of N-Lustre scheduling fusion optimization translation translation SyBloc N-Lustre Obc 12 / 22

  53. N-Lustre SyBloc node e u l e r ( y0 , y ’ : r e a l ) returns ( y : r e a l ) var h : r e a l ; l e t y = y0 fby ( y + y ’ ∗ h ) ; h = 2; t e l node main ( x0 , x ’ : r e a l ) returns ( x : r e a l ) var r : bool ; l e t x = e u l e r ( x0 , x ’ ) every r ; r = ( x ’ > 42); t e l 13 / 22

  54. N-Lustre SyBloc node e u l e r ( y0 , y ’ : r e a l ) block e u l e r ( y0 , y ’ : r e a l ) returns ( y : r e a l ) returns ( y : r e a l ) var h : r e a l ; var h : r e a l ; l e t l e t y = y0 fby ( y + y ’ ∗ h ) ; y = y0 fby ( y + y ’ ∗ h ) ; h = 2; h = 2; t e l t e l node main ( x0 , x ’ : r e a l ) block main ( x0 , x ’ : r e a l ) returns ( x : r e a l ) returns ( x : r e a l ) var r : bool ; var r : bool ; l e t instance i : e u l e r ; x = e u l e r ( x0 , x ’ ) every r ; l e t r = ( x ’ > 42); () = i . reset_on r ; t e l x = i . e u l e r ( x0 , x ’ ) ; r = ( x ’ > 42); t e l 13 / 22

  55. N-Lustre SyBloc node e u l e r ( y0 , y ’ : r e a l ) block e u l e r ( y0 , y ’ : r e a l ) returns ( y : r e a l ) returns ( y : r e a l ) var h : r e a l ; var h : r e a l ; l e t l e t y = y0 fby ( y + y ’ ∗ h ) ; y = y0 fby ( y + y ’ ∗ h ) ; h = 2; h = 2; t e l t e l node main ( x0 , x ’ : r e a l ) block main ( x0 , x ’ : r e a l ) returns ( x : r e a l ) returns ( x : r e a l ) var r : bool ; var r : bool ; l e t instance i : e u l e r ; x = e u l e r ( x0 , x ’ ) every r ; l e t r = ( x ’ > 42); () = i . reset_on r ; t e l x = i . e u l e r ( x0 , x ’ ) ; r = ( x ’ > 42); t e l 13 / 22

  56. N-Lustre SyBloc node e u l e r ( y0 , y ’ : r e a l ) block e u l e r ( y0 , y ’ : r e a l ) returns ( y : r e a l ) returns ( y : r e a l ) var h : r e a l ; var h : r e a l ; l e t l e t y = y0 fby ( y + y ’ ∗ h ) ; y = y0 fby ( y + y ’ ∗ h ) ; h = 2; h = 2; t e l t e l node main ( x0 , x ’ : r e a l ) block main ( x0 , x ’ : r e a l ) returns ( x : r e a l ) returns ( x : r e a l ) var r : bool ; var r : bool ; l e t instance i : e u l e r ; x = e u l e r ( x0 , x ’ ) every r ; l e t r = ( x ’ > 42); () = i . reset_on r ; t e l x = i . e u l e r ( x0 , x ’ ) ; r = ( x ’ > 42); t e l 13 / 22

  57. SyBloc formal semantics: memory A tree with instances as nodes and the values of the fbys together with a boolean reset flag at the leaves : { values: stream val ; reset: stream bool } M x i � � values := v 0 v 1 v 2 · · · mv = M’ reset := r 0 r 1 r 2 · · · Notation: instance M [ i ] = M ′ register M ( x ) = mv 14 / 22

  58. SyBloc formal semantics: fby M ⊢ eqn x = c 0 fby e 15 / 22

  59. SyBloc formal semantics: fby ⊢ const c 0 ⇓ v 0 M ⊢ eqn x = c 0 fby e 15 / 22

  60. SyBloc formal semantics: fby ⊢ const c 0 ⇓ v 0 ⊢ exp e ⇓ vs M ⊢ eqn x = c 0 fby e 15 / 22

  61. SyBloc formal semantics: fby ⊢ const c 0 ⇓ v 0 ⊢ exp e ⇓ vs ⊢ var x ⇓ xs M ⊢ eqn x = c 0 fby e 15 / 22

  62. SyBloc formal semantics: fby ⊢ const c 0 ⇓ v 0 ⊢ exp e ⇓ vs ⊢ var x ⇓ xs mfby x v 0 vs M xs M ⊢ eqn x = c 0 fby e 15 / 22

  63. SyBloc formal semantics: fby ⊢ const c 0 ⇓ v 0 ⊢ exp e ⇓ vs ⊢ var x ⇓ xs mfby x v 0 vs M xs M ⊢ eqn x = c 0 fby e mfby x v 0 vs M xs 15 / 22

  64. SyBloc formal semantics: fby ⊢ const c 0 ⇓ v 0 ⊢ exp e ⇓ vs ⊢ var x ⇓ xs mfby x v 0 vs M xs M ⊢ eqn x = c 0 fby e M ( x ) = mv mfby x v 0 vs M xs 15 / 22

  65. SyBloc formal semantics: fby ⊢ const c 0 ⇓ v 0 ⊢ exp e ⇓ vs ⊢ var x ⇓ xs mfby x v 0 vs M xs M ⊢ eqn x = c 0 fby e M ( x ) = mv mv . values 0 = v 0 mfby x v 0 vs M xs 15 / 22

  66. SyBloc formal semantics: fby ⊢ const c 0 ⇓ v 0 ⊢ exp e ⇓ vs ⊢ var x ⇓ xs mfby x v 0 vs M xs M ⊢ eqn x = c 0 fby e M ( x ) = mv mv . values 0 = v 0 ∀ n , fbyspec n v 0 ( vs n ) mv ( xs n ) mfby x v 0 vs M xs 15 / 22

  67. SyBloc formal semantics: fby ⊢ const c 0 ⇓ v 0 ⊢ exp e ⇓ vs ⊢ var x ⇓ xs mfby x v 0 vs M xs M ⊢ eqn x = c 0 fby e M ( x ) = mv mv . values 0 = v 0 ∀ n , fbyspec n v 0 ( vs n ) mv ( xs n ) mfby x v 0 vs M xs fbyspec n v 0 v mv ( mv . values n ) 15 / 22

  68. SyBloc formal semantics: fby ⊢ const c 0 ⇓ v 0 ⊢ exp e ⇓ vs ⊢ var x ⇓ xs mfby x v 0 vs M xs M ⊢ eqn x = c 0 fby e M ( x ) = mv mv . values 0 = v 0 ∀ n , fbyspec n v 0 ( vs n ) mv ( xs n ) mfby x v 0 vs M xs next n mv v 0 v fbyspec n v 0 v mv ( mv . values n ) � v 0 if mv . reset ( n + 1) , next n mv v 0 v := mv . values ( n + 1) = v otherwise . 15 / 22

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Towards a verified Lustre compiler with modular reset Timothy Bourke 1,2 Llio Brun 1,2 Marc

Towards a verified Lustre compiler with modular reset Timothy Bourke 1,2 Llio Brun 1,2 Marc

Towards a verified Lustre compiler with modular reset Timothy Bourke 1,2 Llio Brun 1,2 Marc Pouzet 3,2,1 1 Inria Paris 2 DI ENS 3 UPMC SCOPES 2018 May 30, 2018 Screenshot from ANSYS/Esterel Techologies SCADE Suite 1 / 14 Screenshot from

1.41k views • 92 slides
Velus: towards a modular reset Llio Brun 1 , 2 PARKAS Team Timothy Bourke 1,2

Velus: towards a modular reset Llio Brun 1 , 2 PARKAS Team Timothy Bourke 1,2

Velus: towards a modular reset Llio Brun 1 , 2 PARKAS Team Timothy Bourke 1,2 Pierre-variste Dagand 4,3,1 Marc Pouzet 4,2,1 1 Inria Paris 2 DI ENS 3 CNRS 4 UPMC SYNCHRON17 November 30, 2017 Lustre 1 : example rect d + y node

1.07k views • 67 slides
Verifying a Lustre Compiler Part 2 Llio Brun PARKAS (Inria - ENS) Timothy Bourke,

Verifying a Lustre Compiler Part 2 Llio Brun PARKAS (Inria - ENS) Timothy Bourke,

Verifying a Lustre Compiler Part 2 Llio Brun PARKAS (Inria - ENS) Timothy Bourke, Pierre-variste Dagand, Xavier Leroy, Marc Pouzet, Lionel Rieg SYNCHRON 2016 December 7, 2016 Llio Brun Verifying a Lustre Compiler Part 2 December 7,

907 views • 47 slides
1 A Lustre V6 tutorial Verimag December 5, 2008 - Outline Lustre Lustre V6 The Lustre V6

1 A Lustre V6 tutorial Verimag December 5, 2008 - Outline Lustre Lustre V6 The Lustre V6

1 A Lustre V6 tutorial Verimag December 5, 2008 - Outline Lustre Lustre V6 The Lustre V6 compiler 3 Outline Lustre Lustre V6 P. Raymond & the Synchronous group et al. The Lustre V6 compiler P. Raymond, J. Ballet, E. Jahier 4

803 views • 37 slides
Verifying a Lustre Compiler (Part 1) Timothy Bourke 1 , 2 Llio Brun 1 , 2 Pierre-variste Dagand

Verifying a Lustre Compiler (Part 1) Timothy Bourke 1 , 2 Llio Brun 1 , 2 Pierre-variste Dagand

Verifying a Lustre Compiler (Part 1) Timothy Bourke 1 , 2 Llio Brun 1 , 2 Pierre-variste Dagand 3 Xavier Leroy 1 Marc Pouzet 4 , 2 , 1 Lionel Rieg 5 1. INRIA Paris 2. DI, cole normale suprieure 3. CNRS 4. Univ. Pierre et Marie Curie 5.

1.06k views • 79 slides
VERIFIED COMPILATION OF THE MODULAR RESET, FINALLY Timothy Bourke 1,2 Llio Brun 1,2 Marc Pouzet

VERIFIED COMPILATION OF THE MODULAR RESET, FINALLY Timothy Bourke 1,2 Llio Brun 1,2 Marc Pouzet

VERIFIED COMPILATION OF THE MODULAR RESET, FINALLY Timothy Bourke 1,2 Llio Brun 1,2 Marc Pouzet 3,2,1 PARKAS SYNCHRON19 November 28, 2019 1 Inria Paris 2 DI ENS PSL University 3 Sorbonne University THE PROBLEM Adding the modular

1.41k views • 124 slides
The Lustre Centre of Excellence at ORNL Makia Minich Clustre Monkey, HPC Software Stack Lustre

The Lustre Centre of Excellence at ORNL Makia Minich Clustre Monkey, HPC Software Stack Lustre

The Lustre Centre of Excellence at ORNL Makia Minich Clustre Monkey, HPC Software Stack Lustre Group May 2008 1 1 Introduction Lustre Centre of Excellence (LCE) > Established Nov 2006 by Cluster File Systems, Inc. (acquired by Sun in

356 views • 23 slides
What a Lustre Cluster (Improving and Tracing Lustre Metadata) yaaaasss Team Saffron Amanda

What a Lustre Cluster (Improving and Tracing Lustre Metadata) yaaaasss Team Saffron Amanda

What a Lustre Cluster (Improving and Tracing Lustre Metadata) yaaaasss Team Saffron Amanda Bonnie Zach Fuerst Thomas Stitt Overview Motivation Configuration Tracing Metadata Improving Metadata Hardware Multiple Lustre

416 views • 23 slides
Overview of Lustre Usage on JUROPA 26 September 2011 | Frank Heckes, FZ Jlich, JSC Lustre

Overview of Lustre Usage on JUROPA 26 September 2011 | Frank Heckes, FZ Jlich, JSC Lustre

Mitglied der Helmholtz-Gemeinschaft Mitglied der Helmholtz-Gemeinschaft Overview of Lustre Usage on JUROPA 26 September 2011 | Frank Heckes, FZ Jlich, JSC Lustre Status Lustre Status Storage Extension Fluctuation in Performance Lustre

195 views • 16 slides
Lustre Background Why Lustre Failover ? How does Lustre Failover work ? Automation

Lustre Background Why Lustre Failover ? How does Lustre Failover work ? Automation

Lustre Background Why Lustre Failover ? How does Lustre Failover work ? Automation on the Cray XT System configuration requirements System configuration requirements Software configuration for failover Current

408 views • 16 slides
Lustre V6 Synchronous Team VERIMAG, Grenoble 2 Lustre Basics Structuration Only nodes

Lustre V6 Synchronous Team VERIMAG, Grenoble 2 Lustre Basics Structuration Only nodes

Lustre V6 Synchronous Team VERIMAG, Grenoble 2 Lustre Basics Structuration Only nodes Temporal operators memories : pre , -> clocks : when , current Data types/operators bool , int , real + all arithmethic and logic

541 views • 23 slides
Un-scratching Lustre MSST 2019 Cameron Harr (Lustre Ops & Stuff, LLNL) May 21, 2019

Un-scratching Lustre MSST 2019 Cameron Harr (Lustre Ops & Stuff, LLNL) May 21, 2019

Un-scratching Lustre MSST 2019 Cameron Harr (Lustre Ops & Stuff, LLNL) May 21, 2019 LLNL-PRES-773414 This work was performed under the auspices of the U.S. Department of Energy by Lawrence Livermore National Laboratory under Contract

322 views • 14 slides
Cray Lustre Model Roadmap Cory Spitz and Derek Robb Cray Inc. 5/24/2011 Introduction and Agenda

Cray Lustre Model Roadmap Cory Spitz and Derek Robb Cray Inc. 5/24/2011 Introduction and Agenda

Cray Lustre Model Roadmap Cory Spitz and Derek Robb Cray Inc. 5/24/2011 Introduction and Agenda Current Cray Lustre model Current Lustre offerings Cray and OpenSFS The Lustre 2.1 community Future Cray Lustre model Cray Lustre roadmap

226 views • 12 slides
An Experiment With Lustre and Real-Time Calculus Introduction du cours Matthieu Moy Verimag

An Experiment With Lustre and Real-Time Calculus Introduction du cours Matthieu Moy Verimag

Introduction RTC Lustre Lustre+MPA Conclusion An Experiment With Lustre and Real-Time Calculus Introduction du cours Matthieu Moy Verimag Grenoble France December 1, 2008 Matthieu Moy (VerimagGrenobleFrance) RTC/Lustre December 1,

748 views • 54 slides
Multi-VO Support YAN Tian for Distributed Computing Group Meeting Oct. 23, 2014 StoRM + Lustre:

Multi-VO Support YAN Tian for Distributed Computing Group Meeting Oct. 23, 2014 StoRM + Lustre:

Status of Storm+Lustre and Multi-VO Support YAN Tian for Distributed Computing Group Meeting Oct. 23, 2014 StoRM + Lustre: Test Bed SE server configuration: This test machine is originally prepared for dCache+Lustre frontend, Model Dell

449 views • 12 slides
Cray Centre of Excellence for HECToR This talk is not about how to get maximum performance from

Cray Centre of Excellence for HECToR This talk is not about how to get maximum performance from

Thomas Edwards, Kevin Roy Cray Centre of Excellence for HECToR This talk is not about how to get maximum performance from a Lustre file system. Plenty of information about tuning Lustre Performance Previous CUGs Lustre User Groups

778 views • 32 slides
Aspect-Oriented Opinion Mining from User Reviews in Croatian Goran Glava, Damir Koren ci

Aspect-Oriented Opinion Mining from User Reviews in Croatian Goran Glava, Damir Koren ci

University of Zagreb, Faculty of Electrical Engineering and Computing Ru der Bokovi c Institute Text Analysis and Knowledge Engineering Lab Aspect-Oriented Opinion Mining from User Reviews in Croatian Goran Glava, Damir Koren ci

373 views • 15 slides
Comparison of sequential and parallel algorithms for word and context count Names: Eduardo

Comparison of sequential and parallel algorithms for word and context count Names: Eduardo

Comparison of sequential and parallel algorithms for word and context count Names: Eduardo Ferreira, Francieli Zanon, Aline Villavicencio Groups: Processamento de linguagem natural e Processamento paralelo e distribuido (UFRGS) Motivation

382 views • 22 slides
Democratizing Machine Learning and Artificial Intelligence: Probabilistic Programming with Scala

Democratizing Machine Learning and Artificial Intelligence: Probabilistic Programming with Scala

Democratizing Machine Learning and Artificial Intelligence: Probabilistic Programming with Scala Brian Ruttenberg, PhD Charles River Analytics bruttenberg@cra.com Goals of This Talk Introduce basic modeling concepts in Machine Learning and

862 views • 73 slides
Modifiers X-bar theory Modifiers (1) a. a large small shirt b. a small large shirt (2) a. a

Modifiers X-bar theory Modifiers (1) a. a large small shirt b. a small large shirt (2) a. a

Modifiers X-bar theory Modifiers (1) a. a large small shirt b. a small large shirt (2) a. a shirt [that's large] [that's small] b. a shirt [that's small] [that's large] (3) a. a common wrong answer b. a wrong common answer Modifiers

1.39k views • 96 slides
Formal verification of a code generator for a modeling language: the Velus project Xavier Leroy

Formal verification of a code generator for a modeling language: the Velus project Xavier Leroy

Formal verification of a code generator for a modeling language: the Velus project Xavier Leroy (joint work with Timothy Bourke, L elio Brun, Pierre- Evariste Dagand, Marc Pouzet, and Lionel Rieg) Inria, Paris MARS/VPT workshop, ETAPS

1.43k views • 55 slides
Virtual assistants and accessing data Alan Nichol Co-founder and CTO, Rasa DataCamp Building

Virtual assistants and accessing data Alan Nichol Co-founder and CTO, Rasa DataCamp Building

DataCamp Building Chatbots in Python BUILDING CHATBOTS IN PYTHON Virtual assistants and accessing data Alan Nichol Co-founder and CTO, Rasa DataCamp Building Chatbots in Python Virtual assistants Common chatbot use cases: Scheduling a

545 views • 19 slides
DVIPDFM x , an eXtension of DVIPDFM CHO, JIN HWAN K orea I nstitute for A dvanced S

DVIPDFM x , an eXtension of DVIPDFM CHO, JIN HWAN K orea I nstitute for A dvanced S

DVIPDFM x , an eXtension of DVIPDFM CHO, JIN HWAN K orea I nstitute for A dvanced S tudy & K orean T EX U sers G roup chofchof@ktug.or.kr July 23, 2003 Dance with the Rachmaninov! The 24th Annual Meeting and Conference of the

769 views • 13 slides
A Formal Model and Composition Language for Context-Aware Service Protocols Javier Cubo, Carlos

A Formal Model and Composition Language for Context-Aware Service Protocols Javier Cubo, Carlos

A Formal Model and Composition Language for Context-Aware Service Protocols A Formal Model and Composition Language for Context-Aware Service Protocols Javier Cubo, Carlos Canal, Ernesto Pimentel, Gwen Sala un University of M alaga, Spain

603 views • 10 slides

More recommend