9,255 research outputs found
Proceedings of the 3rd Workshop on Domain-Specific Language Design and Implementation (DSLDI 2015)
The goal of the DSLDI workshop is to bring together researchers and
practitioners interested in sharing ideas on how DSLs should be designed,
implemented, supported by tools, and applied in realistic application contexts.
We are both interested in discovering how already known domains such as graph
processing or machine learning can be best supported by DSLs, but also in
exploring new domains that could be targeted by DSLs. More generally, we are
interested in building a community that can drive forward the development of
modern DSLs. These informal post-proceedings contain the submitted talk
abstracts to the 3rd DSLDI workshop (DSLDI'15), and a summary of the panel
discussion on Language Composition
Recommended from our members
Computing infrastructure issues in distributed communications systems : a survey of operating system transport system architectures
The performance of distributed applications (such as file transfer, remote login, tele-conferencing, full-motion video, and scientific visualization) is influenced by several factors that interact in complex ways. In particular, application performance is significantly affected both by communication infrastructure factors and computing infrastructure factors. Several communication infrastructure factors include channel speed, bit-error rate, and congestion at intermediate switching nodes. Computing infrastructure factors include (among other things) both protocol processing activities (such as connection management, flow control, error detection, and retransmission) and general operating system factors (such as memory latency, CPU speed, interrupt and context switching overhead, process architecture, and message buffering). Due to a several orders of magnitude increase in network channel speed and an increase in application diversity, performance bottlenecks are shifting from the network factors to the transport system factors.This paper defines an abstraction called an "Operating System Transport System Architecture" (OSTSA) that is used to classify the major components and services in the computing infrastructure. End-to-end network protocols such as TCP, TP4, VMTP, XTP, and Delta-t typically run on general-purpose computers, where they utilize various operating system resources such as processors, virtual memory, and network controllers. The OSTSA provides services that integrate these resources to support distributed applications running on local and wide area networks.A taxonomy is presented to evaluate OSTSAs in terms of their support for protocol processing activities. We use this taxonomy to compare and contrast five general-purpose commercial and experimental operating systems including System V UNIX, BSD UNIX, the x-kernel, Choices, and Xinu
Efficient Software Implementation of Stream Programs
The way we use computers and mobile phones today requires large amounts of processing of data streams. Examples include digital signal processing for wireless transmission, audio and video coding for recording and watching videos, and noise reduction for the phone calls. These tasks can be performed by stream programsโcomputer programs that process streams of data. Stream programs can be composed of other stream programs. Components of a composition are connected in a network, i.e. the output streams of one component are sent as input streams to other components. The components, that perform the actual computation, are called kernels. They can be described in different styles and programming languages. There are also formal models for describing the kernels and the networks. One such model is the actor machine.This dissertation evaluates the actor machine, how it facilitates creating efficient software implementation of stream programs. The evaluation is divided into four aspects: (1) analyzability of its structure, (2) generality in what languages and styles it can express, (3) efficient implementation of kernels, and (4) efficient implementation of networks. This dissertation demonstrates all four aspects through implementation and evaluation of a stream program compiler based on actor machines
Recommended from our members
Modular and Safe Event-Driven Programming
Asynchronous event-driven systems are ubiquitous across domains such as device drivers, distributed systems, and robotics. These systems are notoriously hard to get right as the programmer needs to reason about numerous control paths resulting from the complex interleaving of events (or messages) and failures. Unsurprisingly, it is easy to introduce subtle errors while attempting to fill in gaps between high-level system specifications and their concrete implementations.This dissertation proposes new methods for programming safe event-driven asynchronous systems.In the first part of the thesis, we present ModP, a modular programming framework for compositional programming and testing of event-driven asynchronous systems.The ModP module system supports a novel theory of compositional refinement for assume-guarantee reasoning of dynamic event-driven asynchronous systems. We build a complex distributed systems software stack using ModP.Our results demonstrate that compositional reasoning can help scale model-checking (both explicit and symbolic) to large distributed systems.ModP is transforming the way asynchronous software is built at Microsoft and Amazon Web Services (AWS). Microsoft uses ModP for implementing safe device drivers and other software in the Windows kernel.AWS uses ModP for compositional model checking of complex distributed systems. While ModP simplifies analysis of such systems, the state space of industrial-scale systems remains extremely large.In the second part of this thesis, we present scalable verification and systematic testing approaches to further mitigate this state-space explosion problem.First, we introduce the concept of a delaying explorer to perform prioritized exploration of the behaviors of an asynchronous reactive program. A delaying explorer stratifies the search space using a custom strategy (tailored towards finding bugs faster), and a delay operation that allows deviation from that strategy. We show that prioritized search with a delaying explorer performs significantly better than existing approaches for finding bugs in asynchronous programs.Next, we consider the challenge of verifying time-synchronized systems; these are almost-synchronous systems as they are neither completely asynchronous nor synchronous.We introduce approximate synchrony, a sound and tunable abstraction for verification of almost-synchronous systems. We show how approximate synchrony can be used for verification of both time-synchronization protocols and applications running on top of them.Moreover, we show how approximate synchrony also provides a useful strategy to guide state-space exploration during model-checking.Using approximate synchrony and implementing it as a delaying explorer, we were able to verify the correctness of the IEEE 1588 distributed time-synchronization protocol and, in the process, uncovered a bug in the protocol that was well appreciated by the standards committee.In the final part of this thesis, we consider the challenge of programming a special class of event-driven asynchronous systems -- safe autonomous robotics systems.Our approach towards achieving assured autonomy for robotics systems consists of two parts: (1) a high-level programming language for implementing and validating the reactive robotics software stack; and (2) an integrated runtime assurance system to ensure that the assumptions used during design-time validation of the high-level software hold at runtime.Combining high-level programming language and model-checking with runtime assurance helps us bridge the gap between design-time software validation that makes assumptions about the untrusted components (e.g., low-level controllers), and the physical world, and the actual execution of the software on a real robotic platform in the physical world. We implemented our approach as DRONA, a programming framework for building safe robotics systems.We used DRONA for building a distributed mobile robotics system and deployed it on real drone platforms. Our results demonstrate that DRONA (with the runtime-assurance capabilities) enables programmers to build an autonomous robotics software stack with formal safety guarantees.To summarize, this thesis contributes new theory and tools to the areas of programming languages, verification, systematic testing, and runtime assurance for programming safe asynchronous event-driven across the domains of fault-tolerant distributed systems and safe autonomous robotics systems
Autonomous Machine์ ์ํ ์ค์๊ฐ ์คํธ๋ฆผ ์ฒ๋ฆฌ์ ์ผ์ ํจ์ ์ ์ง์ํ๋ Splash ํ๋ก๊ทธ๋๋ฐ ์ธ์ด์ ์ค๊ณ
ํ์๋
ผ๋ฌธ(๋ฐ์ฌ)--์์ธ๋ํ๊ต ๋ํ์ :๊ณต๊ณผ๋ํ ์ ๊ธฐยท์ปดํจํฐ๊ณตํ๋ถ,2020. 2. ํ์ฑ์.Autonomous machines have begun to be widely used in various application domains due to recent remarkable advances in machine intelligence. As these autonomous machines are equipped with diverse sensors, multicore processors and distributed computing nodes, the complexity of the underlying software platform is increasing at a rapid pace, overwhelming the developers with implementation details. This leads to a demand for a new programming framework that has an easy-to-use programming abstraction.
In this thesis, we present a graphical programming framework named Splash that explicitly addresses the programming challenges that arise during the development of an autonomous machine. We set four design goals to solve the challenges. First, Splash should provide an easy-to-use, effective programming abstraction. Second, it must support real-time stream processing for deep-learning based machine learning intelligence. Third, it must provide programming support for real-time control system of autonomous machines such as sensor fusion and mode change. Finally, it should support performance optimization of software system running on a heterogeneous multicore distributed computing platform.
Splash allows programmers to specify genuine, end-to-end timing constraints. Also, it provides a best-effort runtime system that tries to meet the annotated timing constraints and exception handling mechanisms to monitor the violation of such constraints. To implement these runtime mechanisms, Splash provides underlying timing semantics: (1) it provides an abstract global clock that is shared by machines in the distributed system and (2) it supports programmers to write birthmark on every stream data item.
Splash offers a multithreaded process model to support concurrent programming. In the multithreaded process model, a programmer can write a multithreaded program using Splash threads we call sthreads. An sthread is a logical entity of independent execution. In addition, Splash provides a language construct named build unit that allows programmers to allocate sthreads to processes and threads of an underlying operating system.
Splash provides three additional language semantics to support real-time stream processing and real-time control systems. First, it provides rate control semantics to solve uncontrolled jitter and an unbounded FIFO queue problem due to the variability in communication delay and execution time. Second, it supports fusion semantics to handle timing issues caused by asynchronous sensors in the system. Finally, it provides mode change semantics to meet varying requirements in the real-time control systems. In this paper, we describe each language semantics and runtime mechanism that realizes such semantics in detail.
To show the utility of our framework, we have written a lane keeping assist system (LKAS) in Splash as an example. We evaluated rate control, sensor fusion, mode change and build unit-based allocation. First, using rate controller, the jitter was reduced from 30.61 milliseconds to 1.66 milliseconds. Also, average lateral deviation and heading angle is reduced from 0.180 meters to 0.016 meters and 0.043 rad to 0.008 rad, respectively. Second, we showed that the fusion operator works normally as intended, with a run-time overhead of only 7 microseconds on average. Third, the mode change mechanism operated correctly and incurred a run-time overhead of only 0.53 milliseconds. Finally, as we increased the number of build units from 1 to 8, the average end-to-end latency was increased from 75.79 microseconds to 2022.96 microseconds. These results show that the language semantics and runtime mechanisms proposed in this thesis are designed and implemented correctly, and Splash can be used to effectively develop applications for an autonomous machine.๋ฅ ๋ฌ๋ ๊ธฐ๋ฐ machine intelligence์ ๋น์ฝ์ ์ธ ๋ฐ์ ์ผ๋ก ์ธํด autonomous machine๋ค์ด ๋ค์ํ ๋ถ์ผ์์ ํ์ฉ๋๊ณ ์๋ค. ์ด๋ฐ ๊ธฐ๊ธฐ๋ค์ ๋ค์ํ ์ผ์, ๋ฉํฐ์ฝ์ด ํ๋ก์ธ์, ๋ถ์ฐ ์ปดํจํ
๋
ธ๋๋ฅผ ์ฅ์ฐฉํ๊ณ ์๊ธฐ ๋๋ฌธ์, ์ด๋ค์ ์ง์ํ๊ธฐ ์ํ ๊ธฐ๋ฐ ์ํํธ์จ์ด ํ๋ซํผ์ ๋ณต์ก๋๋ ๋น ๋ฅธ ์๋๋ก ์ฆ๊ฐํ๋ ์ถ์ธ์ด๋ค. ์ด์ ๋ฐ๋ผ ๊ฐ๋ฐ์๋ค์ด ๋ณต์กํ ์ํํธ์จ์ด ๊ตฌ์กฐ๋ฅผ ํจ๊ณผ์ ์ผ๋ก ๋ค๋ฃฐ ์ ์๋๋ก ํด์ฃผ๋ ํ๋ก๊ทธ๋๋ฐ ํ๋ ์์ํฌ์ ํ์์ฑ์ด ๋๋๋๊ณ ์๋ค.
๋ณธ ํ์๋
ผ๋ฌธ์ autonomous machine์ ๊ฐ๋ฐ ๊ณผ์ ์์ ๋ฐ์ํ๋ ๋ฌธ์ ๋ค์ ํด๊ฒฐํ๊ธฐ ์ํ ๊ทธ๋ํฝ ๊ธฐ๋ฐ ํ๋ก๊ทธ๋๋ฐ ํ๋ ์์ํฌ์ธ Splash๋ฅผ ์ ์ํ๋ค. Splash๋ผ๋ ์ด๋ฆ์ stream processing language for autonomous machine์์ ์์ ์ธ ๋จ์ด์ ์ฒซ ๋ฌธ์๋ค์ ๋ฐ์ ์ง์ด์ก๋ค. ์ด ์ด๋ฆ์ ๋ฌผ๊ณผ ๊ฐ์ด ํ๋ฅด๋ ์คํธ๋ฆผ ๋ฐ์ดํฐ๋ฅผ ๋ค๋ฃจ๊ธฐ ์ํ ํ๋ก๊ทธ๋๋ฐ ์ธ์ด์ ๋ฐํ์ ์์คํ
์ ๊ฐ๋ฐํ๊ฒ ๋ค๋ ์๋๋ฅผ ๊ฐ์ง๋ค. ๋ณธ ๋
ผ๋ฌธ์์๋ ๋ณต์กํ ์ํํธ์จ์ด ๊ตฌ์กฐ๋ฅผ ํจ๊ณผ์ ์ผ๋ก ๋ค๋ฃจ๊ธฐ ์ํด ๋ค ๊ฐ์ง ๋์์ธ ๋ชฉํ๋ฅผ ์ค์ ํ๋ค. ์ฒซ์งธ, Splash๋ ๊ฐ๋ฐ์์๊ฒ ์ธ๋ถ์ ์ธ ๊ตฌํ ์ด์๋ฅผ ์จ๊ธฐ๊ณ , ์ฝ๊ฒ ์ฌ์ฉํ ์ ์๋ ํ๋ก๊ทธ๋๋ฐ ์ถ์ํ๋ฅผ ์ ๊ณตํ์ฌ์ผ ํ๋ค. ๋์งธ, Splash๋ machine intelligence๋ฅผ ์ํ ์ค์๊ฐ ์คํธ๋ฆผ ์ฒ๋ฆฌ๋ฅผ ์ง์ํ ์ ์์ด์ผ ํ๋ค. ์
์งธ, Splash๋ ์ค์๊ฐ ์ ์ด ์์คํ
์์ ๋๋ฆฌ ์ฌ์ฉ๋๋ ์ผ์ ํจ์ , ๋ชจ๋ ๋ณ๊ฒฝ, ์์ธ ์ฒ๋ฆฌ์ ๊ฐ์ ๊ธฐ๋ฅ๋ค์ ์ํ ์ง์์ ์ ๊ณตํ์ฌ์ผ ํ๋ค. ๋ท์งธ, Splash๋ ์ด๊ธฐ์ข
๋ฉํฐ์ฝ์ด ๋ถ์ฐ ์ปดํจํ
ํ๋ซํผ์์ ์ํ๋๋ ์ํํธ์จ์ด ์์คํ
์ ์ฑ๋ฅ ์ต์ ํ๋ฅผ ์ง์ํ์ฌ์ผ ํ๋ค.
Splash๋ ์ค์๊ฐ ์คํธ๋ฆผ ์ฒ๋ฆฌ๋ฅผ ์ํด ๊ฐ๋ฐ์๊ฐ ํ๋ก๊ทธ๋จ ์์ ๋ณธ์ง์ ์ธ end-to-end timing constraints๋ฅผ ๋ช
์ํ ์ ์๋๋ก ํ๋ค. ๊ทธ๋ฆฌ๊ณ ๊ฐ๋ฐ์๊ฐ ๋ช
์ํ timing constraints๋ฅผ ์ธ์งํ๊ณ ์ด๋ฅผ ์ต๋ํ ์ง์ผ์ฃผ๋ best-effort ๋ฐํ์ ์์คํ
๊ณผ timing constraints์ ์๋ฐ์ ๋ชจ๋ํฐ๋งํ๊ณ ์ฒ๋ฆฌํด์ฃผ๋ ์์ธ ์ฒ๋ฆฌ ๋ฉ์ปค๋์ฆ์ ํจ๊ป ์ ๊ณตํ๋ค. ์ด๋ฐ ๋ฐํ์ ๋ฉ์ปค๋์ฆ๋ค์ ๊ตฌํํ๊ธฐ ์ํด Splash๋ ๋ ๊ฐ์ง ๊ธฐ๋ณธ์ ์ธ timing semantics๋ฅผ ์ ๊ณตํ๋ค. ์ฒซ์งธ, ๋ถ์ฐ ์์คํ
์์์ ๋ชจ๋ ๋จธ์ ๋ค์ด ๊ณต์ ํ ์ ์๋ global time base๋ฅผ ์ ๊ณตํ๋ค. ๋์งธ, Splash ์์ ๋ค์ด์ค๋ ๋ชจ๋ ์คํธ๋ฆผ ๋ฐ์ดํฐ ์์ดํ
์ ์์ ์ birthmark๋ฅผ ๊ธฐ๋กํ๋๋ก ํ๋ค.
Splash๋ ๋์์ฑ ํ๋ก๊ทธ๋๋ฐ์ ์ง์ํ๊ธฐ ์ํ ๋ฉํฐ ์ฐ๋ ๋๋ ์ฒ๋ฆฌ ๋ชจ๋ธ์ ์ ๊ณตํ๋ค. Splash ํ๋ก๊ทธ๋๋จธ๋ sthread๋ผ๋ ๋
ผ๋ฆฌ์ ์ธ ์ํ ๋จ์๋ฅผ ์ฌ์ฉํ์ฌ ํ๋ก๊ทธ๋จ์ ๊ฐ๋ฐํ ์ ์๋ค. ๊ทธ๋ฆฌ๊ณ Splash๋ sthread๋ค์ ์ค์ ์ด์์ฒด์ ์ ์ํ ๋จ์์ธ ํ๋ก์ธ์ค์ ์ฐ๋ ๋์๊ฒ ํ ๋นํ๋ ๊ณผ์ ์ ๋๊ธฐ ์ํ ๋น๋ ์ ๋์ด๋ผ๋ language construct๋ฅผ ์ ๊ณตํ๋ค.
Splash๋ timing semantics์ ๋ฉํฐ ์ฐ๋ ๋๋ ์ฒ๋ฆฌ ๋ชจ๋ธ์ ๊ธฐ๋ฐ์ผ๋ก ์ค์๊ฐ ์คํธ๋ฆผ ์ฒ๋ฆฌ์ ์ค์๊ฐ ์ ์ด ์์คํ
์ ์ง์ํ๊ธฐ ์ํ ์ธ ๊ฐ์ง language semantics๋ฅผ ์ถ๊ฐ๋ก ์ง์ํ๋ค. ์ฒซ์งธ๋ ์คํธ๋ฆผ ๋ฐ์ดํฐ์ ํต์ ์ด๋ ์ฒ๋ฆฌ ์ง์ฐ์ผ๋ก ์ธํด ๋ฐ์ํ๋ ์งํฐ๋ ๋ฐ์ด๋ ๋์ง ์๋ ํ ๋ฌธ์ ๋ฅผ ํด๊ฒฐํ๊ธฐ ์ํ rate ์ ์ด semantics์ด๋ค. ๋์งธ๋ ์ผ์ ํจ์ ๊ณผ์ ์์ ์๊ฐ์ ์ผ๋ก ๋๊ธฐํ๋์ง ์์ ์ผ์ ์
๋ ฅ๋ค๋ก ์ธํ ํ์ด๋ฐ ์ด์๋ค์ ํด๊ฒฐํ๊ธฐ ์ํ ํจ์ semantics์ด๋ค. ๋ง์ง๋ง์ ๊ฐ๋ณ์ ์ธ ์ ์ด ์์คํ
์ ์๊ตฌ์ฌํญ์ ์ถฉ์กฑ์ํค๊ธฐ ์ํด ์ํ ๋ก์ง์ ๋ณ๊ฒฝ์ ์ง์ํ๋ ๋ชจ๋ ๋ณ๊ฒฝ semantics์ด๋ค. ๋ณธ ๋
ผ๋ฌธ์์๋ ๊ฐ๊ฐ์ language semantics๋ฅผ ๊ตฌ์ฒด์ ์ผ๋ก ์ค๋ช
ํ๊ณ , ์ด๋ฅผ ์คํํ๊ธฐ ์ํ ๋ฐํ์ ๋ฉ์ปค๋์ฆ์ ์ค๊ณํ๊ณ ๊ตฌํํ๋ค.
Splash์ ํจ์ฉ์ฑ์ ๊ฒ์ฆํ๊ธฐ ์ํด์, ๋ณธ ๋
ผ๋ฌธ์ Splash๋ฅผ ์ฌ์ฉํ์ฌ LKAS ์์ฉ์ ๊ฐ๋ฐํ๊ณ ์ด๋ฅผ Splash ๋ฐํ์ ์์คํ
์์์ ์ํ์ํค๋ฉฐ ์คํ์ ์งํํ์๋ค. ๋ณธ ๋
ผ๋ฌธ์์๋ rate ์ ์ด ๋ฉ์ปค๋์ฆ, ์ผ์ ํจ์ ๋ฉ์ปค๋์ฆ, ๋ชจ๋ ๋ณ๊ฒฝ ๋ฉ์ปค๋์ฆ, ๋น๋ ์ ๋ ๊ธฐ๋ฐ allocation์ ๊ฐ๊ฐ ์ ์ ๋ ์ฑ๋ฅ ์งํ๋ค์ ์ฌ์ฉํ์ฌ ๊ฒ์ฆํ์๋ค. ์ฒซ์งธ, Splash์ rate ์ ์ด๊ธฐ๋ฅผ ์ฌ์ฉํ๋ฉด ์งํฐ๊ฐ 30.61ms์์ 1.66ms๋ก ๊ฐ์๋์๊ณ , ์ด๋ก ์ธํด ์ฃผํ ์ฐจ๋์ ์ธก๋ฉด ํธ์ฐจ์ ๋ฐฉํฅ๊ฐ์ด ๊ฐ๊ฐ 0.180m์์ 0.016m, 0.043rad์์ 0.008rad์ผ๋ก ๊ฐ์ ๋๋ค๋ ๊ฒ์ ํ์ธํ์๋ค. ๋์งธ, ์ผ์ ํจ์ ์ ์ํด ์ ์๋ ํจ์ ์ฐ์ฐ์๊ฐ ์ค๊ณ๋ ์๋๋๋ก ์ ์ ๋์ํ๊ณ , ํ๊ท 7us์ ๋ฎ์ ์ค๋ฒํค๋๋ง์ ์ ๋ฐํ๋ค๋ ๊ฒ์ ํ์ธํ์๋ค. ์
์งธ, ๋ชจ๋ ๋ณ๊ฒฝ ๊ธฐ๋ฅ์ ์ ์ ๋์์ ๊ฒ์ฆํ์๊ณ ๊ทธ ๊ณผ์ ์์ ๋ฐ์ํ๋ ์๊ฐ์ ์ค๋ฒํค๋๋ ํ๊ท 0.53ms์ ๋ถ๊ณผํ์๋ค. ๋ง์ง๋ง์ผ๋ก, synthetic workload์ ๋ํด ์ปดํฌ๋ํธ๋ค์ ๋งคํ๋ ๋น๋ ์ ๋ ๊ฐ์๋ฅผ 1๊ฐ, 2๊ฐ, 4๊ฐ, 8๊ฐ๋ก ์ฆ๊ฐ์ํด์ ๋ฐ๋ผ ํ๊ท end-to-end ์ง์ฐ ์๊ฐ์ 75.79us, 330.80us, 591.87us, 2022.96us๋ก ์ฆ๊ฐํ๋ ๊ฒ์ ํ์ธํ์๋ค. ์ด๋ฌํ ๊ฒฐ๊ณผ๋ค์ ๋ณธ ๋
ผ๋ฌธ์์ ์ ์ํ๋ language semantics์ ๋ฐํ์ ๋ฉ์ปค๋์ฆ๋ค์ด ์๋๋๋ก ์ค๊ณ, ๊ตฌํ๋์๊ณ , ์ด๋ฅผ ํตํด autonomous machine์ ์์ฉ๋ค์ ํจ๊ณผ์ ์ผ๋ก ๊ฐ๋ฐํ ์ ์๋ค๋ ๊ฒ์ ๋ณด์ฌ์ค๋ค.Chapter 1 Introduction p.1
1.1 Motivation p.2
1.2 Splash Overview p.5
1.3 Organization of This Dissertation p.9
Chapter 2 Related Work p.10
2.1 Kahn Process Network p.10
2.2 Firing Rule Applied to a Process p.13
2.3 Programming Framework for an Autonomous Machine p.14
2.4 Runtime Software for an Autonomous Machine p.16
2.5 Rate Control p.18
2.5.1 Traffic Shaping p.20
2.5.2 Traffic Policing p.22
2.6 Sensor Fusion p.23
2.6.1 Measurement Fusion p.24
2.6.2 Situation Fusion p.27
2.7 Mode Change p.30
2.7.1 Synchronous Mode Change p.32
2.7.2 Asynchronous Mode Change p.32
Chapter 3 Motivation and Contributions p.34
3.1 Problem Description p.34
3.2 Limitations of Kahn Process Network p.36
3.3 Contributions of this Dissertation p.38
Chapter 4 Underlying Timing Semantics of Splash p.41
4.1 End-to-End Timing Constraints p.41
4.2 Global Time Base and In-order Delivery p.42
4.3 Integrating Three Distinct Computing Models p.43
Chapter 5 Splash Language Constructs p.45
5.1 Processing Component p.46
5.2 Port p.49
5.3 Channel and Clink p.52
5.4 Fusion Operator p.54
5.5 Factory and Mode Change p.60
5.6 Build Unit p.65
5.7 Exception Handling p.67
Chapter 6 Splash Runtime Mechanisms p.69
6.1 Rate Control Mechanism p.69
6.2 Sensor Fusion Mechanism p.70
6.3 Mode Change Mechanism p.77
Chapter 7 Code Generation and Runtime System p.80
7.1 Build Unit-based Allocation p.80
7.2 Code Generation Template p.82
7.3 Splash Runtime System p.84
Chapter 8 Experimental Evaluation p.86
8.1 LKAS Program p.86
8.2 Experimental Environment p.91
8.3 Evaluating Rate Control p.92
8.4 Evaluating Sensor Fusion p.96
8.5 Evaluating Mode Change p.97
8.6 Evaluating Build Unit-based Allocation p.99
Chapter 9 Conclusion p.102
Bibliography p.104
Abstract in Korean p.113Docto
A Static Analyzer for Large Safety-Critical Software
We show that abstract interpretation-based static program analysis can be
made efficient and precise enough to formally verify a class of properties for
a family of large programs with few or no false alarms. This is achieved by
refinement of a general purpose static analyzer and later adaptation to
particular programs of the family by the end-user through parametrization. This
is applied to the proof of soundness of data manipulation operations at the
machine level for periodic synchronous safety critical embedded software. The
main novelties are the design principle of static analyzers by refinement and
adaptation through parametrization, the symbolic manipulation of expressions to
improve the precision of abstract transfer functions, the octagon, ellipsoid,
and decision tree abstract domains, all with sound handling of rounding errors
in floating point computations, widening strategies (with thresholds, delayed)
and the automatic determination of the parameters (parametrized packing)
- โฆ