Reactive processing for synchronous languages and its worst case reaction time analysis

Many embedded systems belong to the class of reactive systems. These are systems that have to react continuously to the environment at a rate that is determined by the environment. Reactive systems have two specific characteristics : their control flow requires concurrency and preemption, and, since the reactive systems are often safety-critical, we must be able to prove the correctness of the behavior and of the timing. To implement reactive systems, the synchronous languages were developed, which have a clear mathematical semantics and allow the expression of concurrency and preemption in a deterministic way. Programs in a synchronous language can be either compiled to software and run on a common processor, they can be synthesized to a hardware description, or a software/hardware co-design approach can be taken. However, the compilation of synchronous hardware into efficient code is not trivial. To improve the efficiency of the execution and at the same time simplify the compilation, reactive processors were introduced, which have an instruction set architecture that is inspired by synchronous languages. In particular, reactive processors have direct support for preemption and concurrency. Furthermore, these processors optimize the worst case reaction time, in contrast to common processors which optimize the average case reaction time. This simplifies the timing analysis, which is necessary to prove that a system meets its timing requirements. This thesis presents three contributions to reactive systems: - A formal semantics is given to the Kiel Esterel Processor (KEP), a reactive processor to execute the synchronous language Esterel. Also a compilation scheme from SyncCharts to the KEP assembler is presented, in addition to the existing compilation from Esterel into KEP assembler. - The Kiel Lustre Processor is introduced, a reactive processor for the synchronous dataflow language Lustre, which allows true parallel execution with multiple processing units. - Different approaches for the worst case reaction time analysis of KEP programs are presented: a search for the longest execution path in the KEP assembler, a formal modeling of the execution times based on interface algebras. Also an approach to use model checking to analyze the reaction time is applied to the KEP

Executing Safe State Machines on a Reactive Processor

Safe State Machines (SSMs) are a Statechart dialect with precise synchronous semantics, used to describe the behavior of reactive systems. A natural target for executing SSMs are reactive processors, which have an instruction set architecture (ISA) particularly well-suited for reactive control flow. When synthesizing SSMs into code, this is traditionally done via the synchronous language Esterel. However, this is not always straightforward; transitions in SSMs can jump arbitrarily between states, and there is no Esterel statement that matches this. We here propose to circumvent this by synthesizing SSMs directly onto a reactive ISA that can encode transitions directly as GOTOs. This not only has the potential for smaller and faster code, but preserves the structure of the SSM much better that going via Esterel. Conversely, we note that SSMs appear easier to implement on a reactive processor than Esterel, notably because there is not exception handling required

Compiling SyncCharts to Synchronous C

SyncCharts are a synchronous Statechart variant to model reactive systems with a precise and deterministic semantics. The simulation and software synthesis for SyncCharts usually involve the compilation into Esterel, which is then further compiled into C code. This can produce efficient code, but has two principal drawbacks: 1) the arbitrary control flow that can be expressed with SyncChart transitions cannot be mapped directly to Esterel, and 2) it is very difficult to map the resulting C code back to the original SyncChart. This paper presents an alternative software synthesis approach for SyncCharts that compiles SyncCharts directly into Synchronous C (SC). The compilation preserves the structure of the original SyncChart, which is advantageous for validation and possibly certification. The compilation assigns thread priorities according to the data dependencies. It optimizes both the number of used threads as well as the maximal used priorities, which corresponds to fast SC code with little memory requirements

WCRT Algebra and Scheduling Interfaces for Esterel-Style Synchronous Multithreading

The abstractions used in system design typically limit themselves to encapsulate and guarantee functionality, not timing. Hence, it is very difficult to transfer results on timing behavior across layers, e.g., from the application level through the operating system level to the hardware level. The choice of the model of computation plays a big role in facilitating this transfer. In the realm of reactive systems, the synchronous model of computation has some appeal here, as it inherently limits the number of operations per reaction, and addresses concurrency and preemptive behavior at the language level. Recently, reactive processing architectures have been proposed as execution platform for synchronous languages, notably Esterel. Initially, these architectures were driven by the desire for high performance with low resource usage, including low power consumption. However, by now they have also demonstrated their benefits in terms of predictability. Preliminary work on worst case reaction time (WCRT) analysis has been promising---fairly simple heuristics already achieve an accuracy typically in the 30--40% range. However, these methods so far lack formal grounding, and do not exploit knowledge about signal consistency etc. To provide a formal basis for WCRT analysis, we here propose a type-theoretic, algebraic approach. This approach not only allows to verify the correctness of WCRT analyses methods, but also opens the door for more exact analyses, as it allows to capture functionality and timing precisely and to trade off precision against analysis effort. This approach is still under development; this report presents first results on suitable interface types and the proper characterization of instantaneous nodes, delay nodes and concurrency. As a concrete application, it builds on a multi-threaded Esterel processor, the Kiel Esterel Processor (KEP)

Tight WCRT Analysis for Synchronous C Programs

Accurate estimation of the tick length of a synchronous program is essential for efficient and predictable implementations that are devoid of timing faults. The techniques to determine the tick length statically are classified as worst case reaction time (WCRT) analysis. While a plethora of techniques exist for worst case execution time (WCET) analysis of procedural programs, there are only a handful of techniques for determining the WCRT value of synchronous programs. Most of these techniques produce overestimates and hence are unsuitable for the design of systems that are predictable while being also efficient. In this paper, we present an approach for the accurate estimation of the exact WCRT value of a synchronous program, called its tight WCRT value, using model checking. For our input specifications we have selected a synchronous C based language called PRET-C that is designed for programming Precision Timed (PRET) architectures. We then present an approach for static WCRT analysis of these programs via an intermediate format called TCCFG. This intermediate representation is then compiled to produce the input for the model checker. Experimental results that compare our approach to existing approaches demonstrate the benefits of the proposed approach. The proposed approach, while presented for PRET-C is also applicable for WCRT analysis of Esterel using simple adjustments to the generated model. The proposed approach thus paves the way for a generic approach for determining the tight WCRT value of synchronous programs at compile time

WCRT algebra and interfaces for esterel-style synchronous processing

Abstract—The synchronous model of computation together with a suitable execution platform facilitates system-level timing predictability. This paper introduces an algebraic framework for precisely capturing worst case reaction time (WCRT) characteris-tics for Esterel-style reactive processors with hardware-supported multithreading. This framework provides a formal grounding for the WCRT problem, and allows to improve upon earlier heuristics by accurately and modularly characterizing timing interfaces. I

Worst case reaction time analysis of concurrent reactive programs

Reactive programs have to react continuously to their inputs. Here the time needed to react with the according output is important. While the synchrony hypothesis takes the view that the program is infinitely fast, real computations take time. Similar to the traditional Worst Case Execution Time (WCET), the Worst Case Reaction Time (WCRT) of a program determines the maximal time for one reaction. In this paper, we present an algorithm to determine the WCRT of a program written in the synchronous language Esterel. This value gives an upper bound for the execution time when the program is executed on a reactive processor. Specifically, we consider the execution of the Esterel program on the Kiel Esterel Processor (KEP), a reactive processor that can execute Esterel-like instructions. Here the WCRT directly determines an upper bound on the instruction cycles per logical tick. The WCRT also gives a guideline for the execution time when the Esterel program is compiled to software by a simulation-based approach. We have implemented the WCRT analysis algorithm as part of an Esterel compiler for the KEP and have measured an accuracy of analysis results of about 40 % on average

Abstract Synthesizing Safe State Machines from Esterel

Esterel and Safe State Machines (SSMs) are synchronous languages dedicated to the modeling of embedded reactive systems. While Esterel is a textual language, SSMs are based on the graphical Statecharts formalism. Statecharts are often more intuitive to understand than their textual counterpart, and their animated simulation can help to visualize subtle behaviors of a program. However, in terms of editing speed, revision management, and meta-modeling, the textual nature of Esterel is advantageous. We present an approach to transform Esterel v5 programs into equivalent SSMs. This permits a design flow where the designer develops a system at the Esterel level, but uses a graphical browser and simulator to inspect and validate the system under development. We synthesize SSMs in two phases. The first phase transforms an Esterel program into an equivalent SSM, using a structural translation that results in correct, but typically not very compact SSMs. The second phase iteratively applies optimization rules that aim to reduce the number of states, transitions and hierarchy levels to enhance readability of the SSM. As it turned out, this optimization is also useful for the traditional, manual design of SSMs. The complete transformation has been implemented in a prototypical modeling environment, which allows to demonstrate the practicality of this approach and the compactness of the generated SSMs

Compilation and Worst-Case Reaction Time Analysis for Multithreaded Esterel Processing

The recently proposed reactive processing architectures are characterized by instruction set architectures (ISAs) that directly support reactive control fow including concurrency and preemption. These architectures provide efficient execution platforms for reactive synchronous programs; however, they do require novel compiler technologies, notably with respect to the handling of concurrency. Another key quality of the reactive architectures is that they have very predictable timing properties, which make it feasible to analyze their worst-case reaction time (WCRT). We present an approach to compile programs written in the synchronous language Esterel onto a reactive processing architecture that handles concurrency via priority-based multithreading. Building on this compilation approach, we also present a procedure for statically determining tight, safe upper bounds on the WCRT. Experimental results indicate the practicality of this approach, with WCRT estimates to be accurate within 22% on average