Denotational Fixed-Point Semantics for Constructive Scheduling of Synchronous Concurrency

The synchronous model of concurrent computation (SMoCC) is well established for programming languages in the domain of safety-critical reactive and embedded systems. Translated into mainstream C/Java programming, the SMoCC corresponds to a cyclic execution model in which concurrent threads are synchronised on a logical clock that cuts system computation into a sequence of macro-steps. A causality analysis verifies the existence of a schedule on memory accesses to ensure each macro-step is deadlock-free and determinate. We introduce an abstract semantic domain I(D, P) and an associated denotational fixed point semantics for reasoning about concurrent and sequential variable accesses within a synchronous cycle-based model of computation. We use this domain for a new and extended behavioural definition of Berry’s causality analysis in terms of approximation intervals. The domain I(D, P) extends the domain I(D) from our previous work and fixes a mistake in the treatment of initialisations. Based on this fixed point semantics the notion of Input Berry-constructiveness (IBC) for synchronous programs is proposed. This new IBC class lies properly between strong (SBC) and normal Berry-constructiveness (BC) defined in previous work. SBC and BC are two ways to interpret the standard constructive semantics of synchronous programming, as exemplified by imperative SMoCC languages such as Esterel or Quartz. SBC is often too restrictive as it requires all variables to be initialised by the program. BC can be too permissive because it initialises all variables to a fixed value, by default. Where the initialisation happens through the memory, e.g., when carrying values from one synchronous tick to the next, then IBC is more appropriate. IBC links two levels of execution, the macro-step level and the micro-step level. We prove that the denotational fixed point analysis for IBC, and hence Berry’s causality analysis, is sound with respect to operational micro-level scheduling. The denotational model can thus be viewed as a compositional presentation of a synchronous scheduling strategy that ensures reactiveness and determinacy for imperative concurrent programming

Time for Reactive System Modeling

Reactive systems interact with their environment by reading inputs and computing and feeding back outputs in reactive cycles that are also called ticks. Often they are safety critical systems and are increasingly modeled with highlevel modeling tools. The concepts of the corresponding modeling languages are typically aimed to facilitate formal reasoning about program constructiveness to guarantee deterministic output and are explicitly abstracted from execution time aspects. Nevertheless, the worst-case execution time of a tick can be a crucial value, where exceedance can lead to lost inputs or tardy reaction to critical events. This thesis proposes a general approach to interactive timing analysis, which enables the feedback of detailed timing values directly in the model representation to support timing aware modeling. The concept is based on a generic timing interface that enables the exchangeability of the modeling as well as the timing analysis tool for the flexible implementation of varying tool chains. The proposed timing analysis approach includes visual highlighting and modeling pragmatics features to guide the user to timing hotspots for timing related model revisions

Deterministic Concurrency: A Clock-Synchronised Shared Memory Approach

International audienceSynchronous Programming (SP) is a universal computational principle that provides deterministic concurrency. The same input sequence with the same timing always results in the same externally observable output sequence, even if the internal behaviour generates uncertainty in the scheduling of concurrent memory accesses. Consequently, SP languages have always been strongly founded on mathematical semantics that support formal program analysis. So far, however, communication has been constrained to a set of primitive clock-synchronised shared memory (csm) data types, such as data-flow registers, streams and signals with restricted read and write accesses that limit modularity and behavioural abstractions. This paper proposes an extension to the SP theory which retains the advantages of deterministic concurrency, but allows communication to occur at higher levels of abstraction than currently supported by SP data types. Our approach is as follows. To avoid data races, each csm type publishes a policy interface for specifying the admissibility and precedence of its access methods. Each instance of the csm type has to be policy-coherent, meaning it must behave deterministically under its own policy-a natural requirement if the goal is to build deterministic systems that use these types. In a policy-constructive system, all access methods can be scheduled in a policy-conformant way for all the types without deadlocking. In this paper, we show that a policy-constructive program exhibits deterministic concurrency in the sense that all policy-conformant interleavings produce the same input-output behaviour. Policies are conservative and support the csm types existing in current SP languages. Technically, we introduce a kernel SP language that uses arbitrary policy-driven csm types. A big-step fixed-point semantics for this language is developed for which we prove determinism and termination of constructive programs

Constructive tool design for formal languages : from semantics to executing models

Embedded, distributed, real-time, electronic systems are becoming more and more dominant in our lives. Hidden in cars, televisions, mp3-players, mobile phones and other appliances, these hardware/software systems influence our daily activities. Their design can be a huge effort and has to be carried out by engineers in a limited amount of time. Computer-aided modelling and design automation shorten the design cycle of these systems enabling companies to deliver their products sooner than their competitors. The design process is divided into different levels of abstraction, starting with a vague product idea (abstract) and ending up with a concrete description ready for implementation. Recently, research has started to focus on the system level, being a promising new area at which the product design could start. This dissertation develops a constructive approach to building tools for system-level design/description/modelling/specification languages, and shows the applicability of this method to the system-level language POOSL (Parallel Object-Oriented Specification Language). The formal semantics of this language is redefined and partly redeveloped, adding probabilistic features, real-time, inheritance, concurrency within processes, dynamic ports and atomic (indivisible) expressions, making the language suitable for performance analysis/modelling. The semantics is two-layered, using a probabilistic denotational semantics for stating the meaning of POOSL’s data layer, and using a probabilistic structural operational semantics for the process layer and architecture layer. The constructive approach has yielded the system-level simulation tool rotalumis, capable of executing large industrial designs, which has been demonstrated by two successful case studies—an ATM-packet switch (in conjunction with IBM Research at Z¨urich) and a packet routing switch for the Internet (in association with Alcatel/Bell at Antwerp). The more generally applicable optimisations of the execution engine (rotalumis) and the decisions taken in its design are discussed in full detail. Prototyping, where the system-level model functions as a part of the prototype implementation of the designed product, is supported by rotalumis-rt, a real-time variant of the execution engine. The viability of prototyping is shown by a case study of a learning infrared remote control, partially realised in hardware and completed with a system-level model. Keywords formal languages / formal specification / modelling languages / systemlevel design / embedded systems / real-time systems / performance analysis / discrete event simulation / probabilistic process algebra / design automation / prototyping / simulation tool

Semantics of the VDM Real-Time Dialect

All formally defined languages need to be given an unambiguous semantics such that the meaning of all models expressed using the language is clear. In this technical report a semantic model is provided for the Real-Time dialect of the Vienna Development Method (VDM). This builds upon both the formal semantics provided for the ISO standard VDM Specification Language, and on other work on the core of the VDM-RT notation. Although none of the VDM dialects are executable in general, the primary focus of the work presentedhere is on the executable subset. This focus is result of parallel work on an interpreter implementation for VDM-RT that chooses one of the pos-sible interpretations of a given model that is expressed in VDM-RT, based on the semantics presented here

Grounding Synchronous Deterministic Concurrency in Sequential Programming

In this report, we introduce an abstract interval domain I(D; P) and associated fixed point semantics for reasoning about concurrent and sequential variable accesses within a synchronous cycle-based model of computation. The interval domain captures must (lower bound) and cannot (upper bound) information to approximate the synchronisation status of variables consisting of a value status D and an init status P. We use this domain for a new behavioural definition of Berry’s causality analysis for Esterel. This gives a compact and uniform understanding of Esterel-style constructiveness for shared-memory multi-threaded programs. Using this new domain-theoretic characterisation we show that Berry’s constructive semantics is a conservative approximation of the recently proposed sequentially constructive (SC) model of computation. We prove that every Berry-constructive program is sequentially constructive, i.e., deterministic and deadlock-free under sequentially admissible scheduling. This gives, for the first time, a natural interpretation of Berry-constructiveness for main-stream imperative programming in terms of scheduling, where previous results were cast in terms of synchronous circuits. It also opens the door to a direct mapping of Esterel’s signal mechanism into boolean variables that can be set and reset arbitrarily within a tick. We illustrate the practical usefulness of this mapping by discussing how signal reincarnation is handled efficiently by this transformation, which is of complexity that is linear in progra

Comparative Studies, Formal Semantics and PVS Encoding of CSP#

Ph.DDOCTOR OF PHILOSOPH

Formal semantics for LIPS (Language for Implementing Parallel/distributed Systems)

This thesis presents operational semantics and an abstract machine for a point-to-point asynchronous message passing language called LIPS (Language for Implementing Parallel/ distributed Systems). One of the distinctive features of LIPS is its capability to handle computation and communication independently. Taking advantage of this capability, a two steps strategy has been adopted to define the operational semantics. The two steps are as follows: • A big-step semantics with single-step re-writes is used to relate the expressions and their evaluated results (computational part of LIPS). • The developed big-step semantics has been extended with Structural Operational Semantics (SOS) to describe the asynchronous message passing of LIPS (communication part of LIPS). The communication in LIPS has been implemented using Asynchronous Message Passing System (AMPS). It makes use of very simple data structures and avoids the use of buffers. While operational semantics is used to specify the meaning of programs, abstract machines are used to provide intermediate representation of the language's implementation. LIPS Abstract Machine (LAM) is defined to execute LIPS programs. The correctness of the execution of the LIPS program/expression written using the operational semantics is verified by comparing it with its equivalent code generated using the abstract machine. Specification of Asynchronous Communicating Systems (SACS) is a process algebra developed to specify the communication in LIPS programs. It is an asynchronous variant of Synchronous Calculus of Communicating Systems (SCCS). This research presents the SOS for SACS and looks at the bisimulation equivalence properties for SACS which can be used to verify the behaviour of a specified process. An implementation is said to be complete when it is equivalent to its specifications. SACS has been used for the high level specification of the communication part of LIPS programs and is implemented using AMPS. This research proves that SACS and AMPS are equivalent by defining a weak bisimulation equivalence relation between the SOS of both SACS and AMPS

Improving Model-Based Software Synthesis: A Focus on Mathematical Structures

Computer hardware keeps increasing in complexity. Software design needs to keep up with this. The right models and abstractions empower developers to leverage the novelties of modern hardware. This thesis deals primarily with Models of Computation, as a basis for software design, in a family of methods called software synthesis. We focus on Kahn Process Networks and dataflow applications as abstractions, both for programming and for deriving an efficient execution on heterogeneous multicores. The latter we accomplish by exploring the design space of possible mappings of computation and data to hardware resources. Mapping algorithms are not at the center of this thesis, however. Instead, we examine the mathematical structure of the mapping space, leveraging its inherent symmetries or geometric properties to improve mapping methods in general. This thesis thoroughly explores the process of model-based design, aiming to go beyond the more established software synthesis on dataflow applications. We starting with the problem of assessing these methods through benchmarking, and go on to formally examine the general goals of benchmarks. In this context, we also consider the role modern machine learning methods play in benchmarking. We explore different established semantics, stretching the limits of Kahn Process Networks. We also discuss novel models, like Reactors, which are designed to be a deterministic, adaptive model with time as a first-class citizen. By investigating abstractions and transformations in the Ohua language for implicit dataflow programming, we also focus on programmability. The focus of the thesis is in the models and methods, but we evaluate them in diverse use-cases, generally centered around Cyber-Physical Systems. These include the 5G telecommunication standard, automotive and signal processing domains. We even go beyond embedded systems and discuss use-cases in GPU programming and microservice-based architectures