A Survey of Desynchronization in a Polychronous Model of Computation

AbstractThe synchronous hypothesis arose in the late Eighties as a conceptual framework for the computer-aided design of embedded systems. Along with this framework, the issue of desynchronization was simultaneously raised as the major topic of mapping the ideal communication and computation model of synchrony on realistic and distributed computer architectures.The aim of the present article is to survey the development of this topics in the particular yet promising model of one of the prominent environments that were build along these principles: Signal and its polychronous (synchronous multi-clocked) model of computation, before to give some hints and ideas about ongoing research addressing this issue

Modular interpretation of heterogeneous modeling diagrams into synchronous equations using static single assignment

The ANR project SPACIFY develops a domain-specific programming environment, Synoptic, to engineer embedded software for space applications. Synoptic is an Eclipse-based modeling environment which supports all aspects of aerospace software design. As such, it is a domain-specific environment consisting of heterogeneous modeling and programming principles defined in collaboration with the industrial partners and end users of the project : imperative synchronous programs, data-flow diagrams, mode automata, blocks, components, scheduling, mapping and timing. This article focuses on the essence and distinctive features of its behavioral or programming aspects : actions, flows and automata, for which we use the code generation infrastructure of the synchronous modeling environment SME. It introduces an efficient method for transforming a hierarchy of blocks consisting of actions (sequential Esterel-like programs), data-flow diagrams (to connect and time modules) and mode automata (to schedule or mode blocks) into a set of synchronous equations. This transformation minimizes the needed state variables and block synchronizations. It consists of an inductive static-single assignment transformation algorithm across a hierarchy of blocks that produces synchronous equations. The impact of this new transformation technique is twofold. With regards to code generation objectives, it minimizes the needed resynchronization of each block in the system with respects to its parents, potentially gaining substantial performance from way less synchronizations. With regards to verification requirements, it minimizes the number of state variables across a hierarchy of automata and hence maximizes model checking performances

Compositional design of isochronous systems

International audienceThe synchronous modeling paradigm provides strong correctness guarantees for embedded system design while requiring minimal environmental assumptions. In most related frameworks, global execution correctness is achieved by ensuring the insensitivity of (logical) time in the program from (real) time in the environment. This property, called endochrony or patience, can be statically checked, making it fast to ensure design correctness. Unfortunately, it is not preserved by composition, which makes it difficult to exploit with component-based design concepts in mind. Compositionality can be achieved by weakening this objective, but at the cost of an exhaustive state-space exploration. This raises a trade-off between performance and precision. Our aim is to balance it by proposing a formal design methodology that adheres to a weakened global design objective: the non-blocking composition of weakly endochronous processes, while preserving local design objectives for synchronous modules. This yields an effective and cost-efficient approach to compositional synchronous modeling

Polychronous Interpretation of Synoptic, a Domain Specific Modeling Language for Embedded Flight-Software

The SPaCIFY project, which aims at bringing advances in MDE to the satellite flight software industry, advocates a top-down approach built on a domain-specific modeling language named Synoptic. In line with previous approaches to real-time modeling such as Statecharts and Simulink, Synoptic features hierarchical decomposition of application and control modules in synchronous block diagrams and state machines. Its semantics is described in the polychronous model of computation, which is that of the synchronous language Signal.Comment: Workshop on Formal Methods for Aerospace (FMA 2009

Jean-Pierre Talpin,

synthesis of latency-insensitive systems from multi-clocked synchronous specification

Génération de code asynchrone dans un environnement polychrone pour la production de systèmes GALS

Cette thèse propose une méthode de description et de mise en oeuvre de systèmes issus du modèle globalement asynchrone localement synchrone (GALS). Dans ce but, nous proposons tout d abord une réinterprétation du modèle polychrone, modèle issu du synchrone et adapté pour gérer la concurrence d instants en plus de la séquentialité. Après avoir observé des exemples de réseaux GALS nous en faisons l analyse pour extraire les qualités que l on attend d un tel système et qu il faut inclure dans notre travail. Avec ces nouveaux objectifs, nous proposons un schéma de synthèse de système basée sur la composition de processus élémentaires. Cette composition de processus est articulée autour de deux propriétés qui garantissent que ces processus peuvent fonctionner aussi bien de manière synchrone qu asynchrone : la polyendochronie et l isochronie. Ces propriétés sont obtenues sur les processus élémentaires lors de leur construction à partir des spécifications Signal idoines. Elles sont conservées jusqu au système final grâce à leur compositionnabilité. Enfin, nous utilisons la propriété d endochronie faible, garantie par la polyendochronie pour développer une technique de compilation des processus polyendochrones. Cette technique permet de compiler individuellement les composants pour ensuite les rassembler avec des communications asynchrones.RENNES1-BU Sciences Philo (352382102) / SudocRENNES-INRIA Rennes Irisa (352382340) / SudocSudocFranceF

SMT based false causal loop detection during code synthesis from Polychronous specifications

International audiencePolychronous specifications express concurrent, multi-clocked models which capture multiple threads of computation operating relatively asynchronous to each other. A clock of a variable in this context, is the totally ordered set of instants at which events occur on that variables. However, the notion of instant here is logical as opposed to real-time instants. The instants of different clocks may be partially ordered. The executable code synthesis from Polychronous specifications relies on computation of schedules through clock calculus. Unfortunately, it is often hard to distinguish from true causal loops which cause deadlocks from apparent causal loops which do not. The SIGNAL compiler in the Polychrony tool-set currently rejects all programs with apparent causal loops, thus rejecting a large set of valid specifications. A recently developed polychronous formalism MRICDF and its tool-set EmCodeSyn do the same. Even in the Polychrony literature, the deadlock causing loop detection based on Boolean satisfiability is not enough to discern all possible false loops, thereby still rejecting a lot of valid specifications. In order to not reject programs whose apparent loops are never realizable, a theory of reals or integers or other data types are required. In this paper, we formulate the detection of false loops in MRICDF as a decision problem in Satisfiability Modulo Theory (SMT). Due to recent interests in SMT solvers, a number of efficient solvers are available which offer a greater expressiveness in dealing with non Boolean constraints and allow us to discern false loops from realizable causalities in reasonable computation time. This paper proposes an SMT based synthesis technique which demonstrates that several polychronous specifications rejected by the Polychrony/EmCodeSyn synthesis tools due to their inability to identify only true causal loops, can be synthesized as correct sequential embedded software

ABSTRACT From Multi-clocked Synchronous Processes to Latency-insensitive Modules ∗

We consider the problem of synthesizing correct-by-construction globally asynchronous, locally synchronous (GALS) implementations from modular synchronous specifications. This involves the synthesis of asynchronous wrappers that drive the synchronous clocks of the modules and perform input reading in such a fashion as to preserve, in a certain sense, the global properties of the system. Our approach is based on the theory of weakly endochronous systems, which gives criteria guaranteeing the existence of simple and efficient asynchronous wrappers. We focus on the transformation (by means of added signalling) of the synchronous modules of a multiclock synchronous specification into weakly endochronous modules, for which simple and efficient wrappers exist

FMGALS 2007 Separate compilation of polychronous specifications

AbstractAs code generation for synchronous programs requires strong safety properties to be satisfied, compositionality becomes a difficult goal to achieve. Most synchronous languages, such as Esterel, Lustre or Signal require a given module or compilation unit to be insensitive to latency that communication with its environment may incur. In Lustre or Signal, for instance, a compilation unit must satisfy the so-called property of endochrony. To preserve endochrony in an asynchronous environment, an ad-hoc protocol is synthesized to interface the module. However, endochrony is not preserved by composition. Consequently, the protocol has to be rebuilt every time a new module is added in the environment. We propose a methodology and code generation scheme which simplifies this concern. It consists of weakening the global objective of globally preserving endochrony. Instead, we aim at the preservation of a more liberal and compositional objective, weak endochrony [D. Potop-Butucaru and B. Caillaud and A. Benveniste. Concurrency in Synchronous Systems. In Formal Methods in System Design, v. 28(2). Springer, March 2006], which is compositional and much closer from the expected requirement of insensitivity to communication latency. As a result, our code generation scheme supports true separate compilation: a locally compiled synchronous module does not require its synthesized interface with the environment to be rebuilt once composed with another module