6 research outputs found
Proving the Equivalence of Microstep and Macrostep Semantics
Abstract. Recently, an embedding of the synchronous programming language Quartz (an Esterel variant) in the theorem prover HOL has been presented. This embedding is based on control flow predicates that refer to macrosteps of the pro-grams. The original semantics of synchronous languages like Esterel is however normally given at the more detailed microstep level. This paper describes how a variant of the Esterel microstep semantics has been defined in HOL and how its equivalence to the control flow predicate semantics has been proved. Beneath proving the equivalence of the micro- and macrostep semantics, the work pre-sented here is also an important extension of the existing embedding: While rea-soning at the microstep level is not necessary for code generation, it is sometimes advantageous for understanding programs, as some effects like schizophrenia or causality problems become only visible at the microstep level.
An Algebra of Synchronous Scheduling Interfaces
In this paper we propose an algebra of synchronous scheduling interfaces
which combines the expressiveness of Boolean algebra for logical and functional
behaviour with the min-max-plus arithmetic for quantifying the non-functional
aspects of synchronous interfaces. The interface theory arises from a
realisability interpretation of intuitionistic modal logic (also known as
Curry-Howard-Isomorphism or propositions-as-types principle). The resulting
algebra of interface types aims to provide a general setting for specifying
type-directed and compositional analyses of worst-case scheduling bounds. It
covers synchronous control flow under concurrent, multi-processing or
multi-threading execution and permits precise statements about exactness and
coverage of the analyses supporting a variety of abstractions. The paper
illustrates the expressiveness of the algebra by way of some examples taken
from network flow problems, shortest-path, task scheduling and worst-case
reaction times in synchronous programming.Comment: In Proceedings FIT 2010, arXiv:1101.426
A comparative study of two formal semantics of the SIGNAL language
International audienceSIGNAL is a part of the synchronous languages family, which are broadly used in the design of safety-critical real-time systems such as avionics, space systems, and nuclear power plants. There exist several semantics for SIGNAL, such as denotational semantics based on traces (called trace semantics), denotational semantics based on tags (called tagged model semantics), operational semantics presented by structural style through an inductive definition of the set of possible transitions, operational semantics defined by synchronous transition systems (STS), etc. However, there is little research about the equivalence between these semantics.In this work, we would like to prove the equivalence between the trace semantics and the tagged model semantics, to get a determined and precise semantics of the SIGNAL language. These two semantics have several different definitions respectively, we select appropriate ones and mechanize them in the Coq platform, the Coq expressions of the abstract syntax of SIGNAL and the two semantics domains, i.e., the trace model and the tagged model, are also given. The distance between these two semantics discourages a direct proof of equivalence. Instead, we transformthem to an intermediate model, which mixes the features of both the trace semantics and the tagged model semantics. Finally, we get a determined and precise semantics of SIGNAL
A Refinement-based compiler development for synchronous languages
In this paper, we are concerned by the elaboration of generic development steps for the code generation for synchronous languages. Our aim is to provide a correct by construction solution. For that purpose, we adopt a refinement-based approach where proof obligations for each step guarantee properties preservation. We use the Event-B formal method. We start with a big step semantics specified by an Event-B machine. Through a sequence of refinements, expressed as Event-B refinement machines, we end up with a code generation step which implements a small step semantics preserving the properties of the big step semantics
Denotational Fixed-Point Semantics for Constructive Scheduling of Synchronous Concurrency
The synchronous model of concurrent computation (SMoCC) is well established for programming languages in the domain of safety-critical reactive and embedded systems. Translated into mainstream C/Java programming, the SMoCC corresponds to a cyclic execution model in which concurrent threads are synchronised on a logical clock that cuts system computation into a sequence of macro-steps. A causality analysis verifies the existence of a schedule on memory accesses to ensure each macro-step is deadlock-free and determinate. We introduce an abstract semantic domain I(D, P) and an associated denotational fixed point semantics for reasoning about concurrent and sequential variable accesses within a synchronous cycle-based model of computation. We use this domain for a new and extended behavioural definition of Berry’s causality analysis in terms of approximation intervals. The domain I(D, P) extends the domain I(D) from our previous work and fixes a mistake in the treatment of initialisations. Based on this fixed point semantics the notion of Input Berry-constructiveness (IBC) for synchronous programs is proposed. This new IBC class lies properly between strong (SBC) and normal Berry-constructiveness (BC) defined in previous work. SBC and BC are two ways to interpret the standard constructive semantics of synchronous programming, as exemplified by imperative SMoCC languages such as Esterel or Quartz. SBC is often too restrictive as it requires all variables to be initialised by the program. BC can be too permissive because it initialises all variables to a fixed value, by default. Where the initialisation happens through the memory, e.g., when carrying values from one synchronous tick to the next, then IBC is more appropriate. IBC links two levels of execution, the macro-step level and the micro-step level. We prove that the denotational fixed point analysis for IBC, and hence Berry’s causality analysis, is sound with respect to operational micro-level scheduling. The denotational model can thus be viewed as a compositional presentation of a synchronous scheduling strategy that ensures reactiveness and determinacy for imperative concurrent programming