Polychronous Interpretation of Synoptic, a Domain Specific Modeling Language for Embedded Flight-Software

The SPaCIFY project, which aims at bringing advances in MDE to the satellite flight software industry, advocates a top-down approach built on a domain-specific modeling language named Synoptic. In line with previous approaches to real-time modeling such as Statecharts and Simulink, Synoptic features hierarchical decomposition of application and control modules in synchronous block diagrams and state machines. Its semantics is described in the polychronous model of computation, which is that of the synchronous language Signal.Comment: Workshop on Formal Methods for Aerospace (FMA 2009

Simulation of real-time systems with clock calculus

International audienceSafety–critical real-time systems need to be modeled and simulated early in the development of lifecycle. SIGNAL is a data-flow synchronous language with clocks widely used in modeling of such systems. Due to the synchronous features of SIGNAL, clock calculus is essential in compilation and simulation. This paper proposes a new methodology for clock calculus that takes data dependencies into consideration. In this way, simulation code can be directly generated by using a depth-first traversal algorithm. In addition, a clock insertion method based on clock-implication checking is presented to obtain an optimized control structure

Towards a verified compiler prototype for the synchronous language SIGNAL

International audienceSIGNAL belongs to the synchronous languages family which are widely used in the design of safety-critical real-time systems such as avionics, space systems, and nuclear power plants. This paper reports a compiler prototype for SIGNAL. Compared with the existing SIGNAL compiler, we propose a new intermediate representation (named S-CGA, a variant of clocked guarded actions), to integrate more synchronous programs into our compiler prototype in the future. The front-end of the compiler, i.e., the translation from SIGNAL to S-CGA, is presented. As well, the proof of semantics preservation is mechanized in the theorem prover Coq. Moreover, we present the back-end of the compiler, including sequential code generation and multithreaded code generation with time-predictable properties. With the rising importance of multi-core processors in safety-critical embedded systems or cyber-physical systems (CPS), there is a growing need for model-driven generation of multithreaded code and thus mapping on multi-core. We propose a time-predictable multi-core architecture model in architecture analysis and design language (AADL), and map the multi-threaded code to this model

Polychronous mode automata

International audienceAmong related synchronous programming principles, the model of computation of the Polychrony workbench stands out by its capability to give high-level description of systems where each component owns a local activation clock (such as, typically,distributed real-time systems or systems on a chip). In order to bring the modeling capability of Polychrony to the context of a model-driven engineering toolset for embedded system design, we define a diagramic notation composed of mode automata and data-flow equations on top of the multi-clocked synchronous model of computation supported by the Polychrony workbench. We demonstrate the agility of this paradigm by considering the example of an integrated modular avionics application. Our presentation features the formalization and use of model transformation techniques of the GME environment to embed the extension of Polychrony's meta-model with mode automata

NeuroFlow: A General Purpose Spiking Neural Network Simulation Platform using Customizable Processors

© 2016 Cheung, Schultz and Luk.NeuroFlow is a scalable spiking neural network simulation platform for off-the-shelf high performance computing systems using customizable hardware processors such as Field-Programmable Gate Arrays (FPGAs). Unlike multi-core processors and application-specific integrated circuits, the processor architecture of NeuroFlow can be redesigned and reconfigured to suit a particular simulation to deliver optimized performance, such as the degree of parallelism to employ. The compilation process supports using PyNN, a simulator-independent neural network description language, to configure the processor. NeuroFlow supports a number of commonly used current or conductance based neuronal models such as integrate-and-fire and Izhikevich models, and the spike-timing-dependent plasticity (STDP) rule for learning. A 6-FPGA system can simulate a network of up to ~600,000 neurons and can achieve a real-time performance of 400,000 neurons. Using one FPGA, NeuroFlow delivers a speedup of up to 33.6 times the speed of an 8-core processor, or 2.83 times the speed of GPU-based platforms. With high flexibility and throughput, NeuroFlow provides a viable environment for large-scale neural network simulation

Enhancing the Compilation of Synchronous Dataflow Programs with a Combined Numerical-Boolean Abstraction

RR version = http://hal.inria.fr/hal-00780521/enInternational audienceIn this paper, we propose an enhancement of the compilation of synchronous programs with a combined numerical-Boolean abstraction. While our approach applies to synchronous dataflow languages in general, here, we consider the SIGNAL language for illustration. In the new abstraction, every signal in a program is associated with a pair of the form ( clock, value ), where clock is a Boolean function and value is a Boolean or numeric function. Given the performance level reached by recent progress in Satisfiability Modulo Theory (SMT), we use an SMT solver to reason on this abstraction. Through sample examples, we show how our solution is used to determine absence of reaction captured by empty clocks; mutual exclusion captured by two or more clocks whose associated signals never occur at the same time; or hierarchical control of component activations via clock inclusion. We also show that the analysis improves the quality of the code generated automatically by a compiler, e.g., a code with smaller footprint, or a code executed more efficiently thanks to optimizations enabled by the new abstraction. The implementation of the whole approach includes a translator of synchronous programs towards the standard input format of SMT solvers, and an ad hoc SMT solver that integrates advanced functionalities to cope with the issues of interest in this wor

Representation of synchronous, asynchronous, and polychronous components by clocked guarded actions

International audienceFor the design of embedded systems, many languages are in use, which are based on different models of computation such as event-, data-, and clock-driven paradigms as well as paradigms without a clear notion of time. Systems composed of such heterogeneous components are hard to analyze so that mainly co-simulation by coupling different simulators has been considered so-far. In this article, we propose clocked guarded actions as a unique intermediate representation that can be used as a common basis for simulation, analysis, and synthesis. We show how synchronous, (untimed) asynchronous, and polychronous languages can be translated to clocked guarded actions to demonstrate that our intermediate representation is powerful enough to capture rather different models of computation. Having a unique and composable intermediate representation of these components at hand allows one a simple composition of these components. Moreover, we show how clocked guarded actions can be used for verification by symbolic model checking and simulation by SystemC

Liquid Clocks - Refinement Types for Time-Dependent Stream Functions

The concept of liquid clocks introduced in this paper is a significant step towards a more precise compile-time framework for the analysis of synchronous and polychromous languages. Compiling languages such as Lustre or SIGNAL indeed involves a number of static analyses of programs before they can be synthesized into executable code, e.g., synchronicity class characterization, clock assignment, static scheduling or causality analysis. These analyses are often equivalent to undecidable problems, necessitating abstracting such programs to provide sound yet incomplete analyses. Such abstractions unfortunately often lead to the rejection of programs that could very well be synthesized into deterministic code, provided abstraction refinement steps could be applied for more accurate analysis. To reduce the false negatives occurring during the compilation process, we leverage recent advances in type theory -- with the definition of decidable classes of value-dependent type systems -- and formal verification, linked to the development of efficient SAT/SMT solvers, to provide a type-theoretic approach that considers all the above analyses as type inference problems. In order to simplify the exposition of our new approach in this paper, we define a refinement type system for a minimalistic, synchronous, stream-processing language to concisely represent, analyse, and verify logical and quantitative properties of programs expressed as stream-processing data-flow networks. Our type system provides a new framework to represent logical time (clocks) and scheduling properties, and to describe their relations with stream values and, possibly, other quantas. We show how to analyze synchronous stream processing programs (à la Lustre, Signal) to enable previously described analyzes involved in compiling such programs. We also prove the soundness of our type system and elaborate on the adaptability of this core framework by outlining its extensibility to specific models of computations and other quantas

Multi-core Code Generation from Polychronous Programs with Time-Predictable Properties (ACVI 2014)

Workshop of ACM/IEEE 17th International Conference on Model Driven Engineering Languages and Systems (MoDELS 2014)International audienceSynchronous programming models capture concurrency in computation quite naturally, especially in its dataflow multi-clock (polychronous) flavor. With the rising importance of multi-core processors in safety-critical embedded systems or cyber-physical systems (CPS), there is a growing need for model-driven generation of multi-threaded code for multi-core systems. This paper proposes a build method of timepredictable system on multi-core, based on synchronous-model development. At the modeling level, the synchronous abstraction allows deterministic time semantics. Thus synchronous programming is a good choice for time-predictable system design. At the compiler level, the verified compiler from the synchronous language SIGNAL to our intermediate representation (S-CGA, a variant of guarded actions) and to multi-threaded code, preserves the time predictability. At the platform level, we propose a time-predictable multi-core architecture model in AADL (Architecture Analysis and Design Language), and then we map the multi-threaded code to this model. Therefore, our method integrates time predictability across several design layers

Improved False Causal Loop Detection in Polychronous Specificationof Embedded Software

As opposed to single clocked synchronous programming paradigms, polychronous formalism allows specification of concurrent data flow computation on signals such that various data flows can evolve asynchronous with respect to each other. Explicit constraints and constraints implied by the syntactic structures impart certain intrinsic properties to models specified polychronously. One of the major steps in designing a synthesis engine for polychronous specifications is the characterization of specified models into categories such as inherently sequential or inherently multi-threaded. In this paper, we are concerned with sequentially implementable polychronous specification where computation is divided into a totally ordered sequence of logical instants. Data flow computation within an instant happens based on the implied data flow order. This order or data dependency often varies from one instant to another. Thus determining if there is an instant at which the data flow order forms a causal cycle is an important problem. In the current polychronous compilers, such as SIGNAL compiler and EmCodeSyn, this is solved without due effort, by rejecting any program which has a buffer-free structural cycle. However, a clocked dependency graph can be used to construct logical constraints representing the instants with a possible causal loop. The satisfiability of such constraints would imply that such a loop is realizable and hence the specification has a possible deadlock. The reachability of this instant with a given set of initial conditions would verify if the program should be rejected. In the past, the work on such constraints and their satisfiability has not been implemented even though for pure Boolean signals and clocks this could have been done using a satisfiability solver. With the advent to SAT modulo theory (SMT) solvers, this can now be extended to a more general class of specifications. Moreover, model checking on an abstraction of the specification can provide more information about the reachability of instants at which cyclic data dependency is realized. This paper presents an improved polychronous synthesis tool accepting a much larger class of specifications than could be done before. In our experimental results, we demonstrate the capabilities of our causality analysis methods and show that our synthesis tool performs better than previous strategies, including our own past work