Outline Synchronous Programming Introduction of Reactive Systems - PDF document

Outline Synchronous Programming Introduction of Reactive Systems The Data-Flow Language Lustre The Imperative Language Esterel Compilation of Synchronous Languages Nicolas Halbwachs Verification and Automatic Testing of Synchronous Verimag/CNRS Programs Grenoble Other Topics and Current Trends N. Halbwachs (Verimag/CNRS) Synchronous Programming 1 / 193 N. Halbwachs (Verimag/CNRS) Synchronous Programming 2 / 193 Introduction Reactive systems Reactive Systems Permanent reaction to an environment that cannot wait Embedded systems e.g., transportation, industrial control Introduction Specific features deterministic concurrent (logical � = physical) safety critical N. Halbwachs (Verimag/CNRS) Synchronous Programming 3 / 193 N. Halbwachs (Verimag/CNRS) Synchronous Programming 6 / 193 Introduction Reactive systems Introduction Reactive systems Usual (asynchronous) languages for Logical concurrency concurrency don’t work Example: Every 60 seconds, emit a signal MINUTE ex. A digital watch: An attempt in ADA style: time keeper task A: loop alarm delay 60; B.MINUTE! stopwatch end display manager button handler Rendez-vous (symmetric communication) doesn’t work. Design these modules separately, compose them concurrently. Non-deterministic scheduling (asynchronous interleaving) doesn’t work. No broadcasting N. Halbwachs (Verimag/CNRS) Synchronous Programming 7 / 193 N. Halbwachs (Verimag/CNRS) Synchronous Programming 8 / 193 Introduction How are reactive systems commonly implemented? Introduction How are reactive systems commonly implemented? How are reactive systems commonly How are reactive systems commonly implemented? (1/3) implemented? (2/3) Even simpler implementation (periodic sampling) Simple implementation (event driven) < Intialize Memory > < Intialize Memory > foreach period do foreach input event do < Read Inputs > < Compute Outputs > < Compute Outputs > < Update Memory > < Update Memory > end end N. Halbwachs (Verimag/CNRS) Synchronous Programming 10 / 193 N. Halbwachs (Verimag/CNRS) Synchronous Programming 11 / 193

Introduction How are reactive systems commonly implemented? Introduction The synchronous model How are reactive systems commonly “Real-time” correctness condition max transition time < min environment delay implemented? (3/3) Synchronous programming ∼ interpreted automaton = high level, structured, modular a loop iteration = a transition = a logical instant description of interpreted automata Our example in Esterel: concurrency = synchronous product every 60 SECOND do emit MINUTE [ SECOND? & N<59 end every 60 SECOND do emit MINUTE end /N:=N+1 || N:=0 every 60 MINUTE do emit HOUR end ] SECOND? & N=59 /MINUTE!; N:=0 N. Halbwachs (Verimag/CNRS) Synchronous Programming 12 / 193 N. Halbwachs (Verimag/CNRS) Synchronous Programming 14 / 193 Introduction The synchronous model Introduction The synchronous model Another point of view: Abstract synchronous behavior time, concurrency, and compositionality sequence of reactions to input events, to which all processes take part: ∆( f ( x ))? depends on implementation of f , of the target machine, and generally of x Abstraction: ∆( f ( x )) = δ Composition of behaviors: Compositionality: f ( x ) = g ( h ( x )) ∆ f = ∆ g +∆ h δ = δ + δ Two solutions: δ = 0 (synchrony), δ =? (asynchrony) N. Halbwachs (Verimag/CNRS) Synchronous Programming 15 / 193 N. Halbwachs (Verimag/CNRS) Synchronous Programming 16 / 193 Introduction The synchronous model Introduction The synchronous model Concrete behavior What’s new? ∆ 1 ∆ 2 ∆ 3 Classical in synchronous circuits synchronous communicating Mealy machines δ 1 δ 2 δ 3 dynamic Boolean equations gate and latch networks Classical in control engineering data-flow synchronous formalisms Valid abstraction as long as δ i < ∆ i differential or finite difference equations block-diagrams, analog networks N. Halbwachs (Verimag/CNRS) Synchronous Programming 17 / 193 N. Halbwachs (Verimag/CNRS) Synchronous Programming 18 / 193 Introduction The synchronous model Introduction The synchronous model Connexion with synchronous circuits (1/2) Connexion with synchronous circuits (2/2) Parallel composition I O S 1 F ( O n , S n ) = F ( I n , S n − 1 ) F 1 (S1,L1,M1) = F1(E1,L2,pre(M1)) (S2,L2,M2) = F2(E2,L1,pre(M2)) S F 2 − → Data-flow languages (Lustre/Scade, Signal/Sildex) In Lustre: (O,S) = F(I, pre(S)) S 2 N. Halbwachs (Verimag/CNRS) Synchronous Programming 19 / 193 N. Halbwachs (Verimag/CNRS) Synchronous Programming 20 / 193

Introduction The synchronous model Introduction The synchronous model Connexion with synchronous automata (1/3) Connexion with synchronous automata (2/3) Synchronous product of automata s:=m:=0 s:=0 m:=0 sec? sec? s=59? s=59? sec? sec? min? min? s:=0 m=59? s=59? s < 59? m=59? m < 59? emit min emit min s:=0 s++ m:=0 m++ m < 59? s:=m:=0 emit min emit hour m++ emit hour sec? s < 59? s++ N. Halbwachs (Verimag/CNRS) Synchronous Programming 21 / 193 N. Halbwachs (Verimag/CNRS) Synchronous Programming 22 / 193 Introduction The synchronous model Introduction Synchronous languages Connexion with synchronous automata (3/3) Synchronous Languages Imperative − → Imperative Languages (Esterel, Synccharts) StateCharts Esterel In Esterel: Argos, SyncChart every 60 sec do emit min end || Declarative every 60 min do emit hour end Lustre, Signal N. Halbwachs (Verimag/CNRS) Synchronous Programming 23 / 193 N. Halbwachs (Verimag/CNRS) Synchronous Programming 25 / 193 Introduction Synchronous languages Industrial use Avionics: Airbus, Honeywell, Eurocopter (Lustre) Dassault (Esterel) The Data-Flow Language Snecma (Signal) Lustre Nuclear plants: Schneider-Electric, Electricit´ e de France (Lustre) CAD: Cadence, Synopsys, TI (Esterel) Telecom: Thomson, TI (Esterel) Many more. . . N. Halbwachs (Verimag/CNRS) Synchronous Programming 26 / 193 N. Halbwachs (Verimag/CNRS) Synchronous Programming 27 / 193 The data-flow approach The data-flow approach The data-flow approach (1/3) The data-flow approach (2/3) Lustre (textual) and Scade (graphical) Classical in control theory (equations, data-flow networks) and circuits (equations, gate networks) node Average(X,Y: int) X returns (A: int); + let Y A A = (X+Y)/2; / tel 2 Synchronous interpretation: time = IN ∀ n ∈ IN , A n = ( X n + Y n ) / 2 N. Halbwachs (Verimag/CNRS) Synchronous Programming 29 / 193 N. Halbwachs (Verimag/CNRS) Synchronous Programming 30 / 193

The data-flow approach The data-flow approach The data-flow approach (3/3) Equations and flows System of equations One definition for each output/local variable Other solution Meaningless order node Average (X,Y: int) returns (A: int); Substitution principle (referential transparency) var S: int; ← auxiliary variable let Flows A = S/2; ← system of equations S = X+Y; (meaningless order) Each variable, or constant, or expression, represents an tel infinite sequence of values X = x 0 , x 1 ,..., x n ,... x n is the value of X at the n -th cycle of the program N. Halbwachs (Verimag/CNRS) Synchronous Programming 31 / 193 N. Halbwachs (Verimag/CNRS) Synchronous Programming 32 / 193 The combinational part The combinational part The combinational part of the language A Boolean example Base types: bool, int, real node Nand (X, Y: bool) returns (nand: bool); let Constants nand = not (X and Y); 2 = 2, 2, 2, . . . tel true = true, true, true, . . . Execution: Pointwise operators X true true false true true . . . Y false true false false true . . . standard arithmetic and logic operators nand true false true true false . . . X+Y = x 0 + y 0 , x 1 + y 1 , ... N. Halbwachs (Verimag/CNRS) Synchronous Programming 34 / 193 N. Halbwachs (Verimag/CNRS) Synchronous Programming 35 / 193 The combinational part Temporal operators Pointwise operators: the conditional operator Temporal operators “pre” (previous) operator node Max (A, B: int) returns (max: int); let One step delay: max = if A >= B then A else B; X x 0 x 1 x 2 x 3 x 4 . . . tel pre(X) nil x 0 x 1 x 2 x 3 . . . “ -> ” (followed-by) operator Execution: Initialization: A 1 10 8 25 12 . . . X x 0 x 1 x 2 x 3 x 4 . . . B 5 8 8 15 17 . . . Y y 0 y 1 y 2 y 3 y 4 . . . max 5 10 8 25 17 . . . X -> Y x 0 y 1 y 2 y 3 y 4 . . . N. Halbwachs (Verimag/CNRS) Synchronous Programming 36 / 193 N. Halbwachs (Verimag/CNRS) Synchronous Programming 38 / 193 Temporal operators Examples Formal semantics Simple examples pointwise operators Rising edge of a Boolean flow ( op(X, Y, . . . , Z) ) i = op (X i , Y i , . . . , Z i ) node Edge (B: bool) returns (edge: bool); temporal operators � nil let if i = 0 edge = false -> B and not pre(B); ( pre(X) ) i = X i − 1 otherwise tel � X 0 if i = 0 ( X -> Y ) i = Y i otherwise N. Halbwachs (Verimag/CNRS) Synchronous Programming 39 / 193 N. Halbwachs (Verimag/CNRS) Synchronous Programming 41 / 193