Static Analysis by Abstract Interpretation of communicating imperfectly-clocked Synchronous Programs Julien Bertrane bertrane@di.ens.fr 2 d´ ecembre 2006 Julien Bertrane Imperfectly-clocked Synchronous Programs () 2 d´ ecembre 2006 1 / 43 bertrane@di.ens.fr
Introduction System to analyse HARDWARE (environment, sensors, actuators) SOFTWARE on synchronous hardware H A R SOFTWARE on D synchronous W hardware A R E SOFTWARE on synchronous hardware HARDWARE (environment, sensors, actuators) Julien Bertrane Imperfectly-clocked Synchronous Programs () 2 d´ ecembre 2006 2 / 43 bertrane@di.ens.fr
Modelisation Hypotheses Difficulties and subsequent hypotheses Framework includes realistic executions issues : Clock desynchronization allowed Non-constant delays during communications Graphical syntax Simplifications : Quasi-synchrony : ◮ desynchronization : the cycle duration (period between two consecutive ticks ) belongs to [ α, β ] , α > 0. Presently considered variables only booleans blackboard for synchronous units input Serial transmission between synchronous systems at initialization, all the “variables” are set to false Julien Bertrane Imperfectly-clocked Synchronous Programs () 2 d´ ecembre 2006 3 / 43 bertrane@di.ens.fr
Modelisation Hypotheses Goal : Automatic proofs of specifications safety specifications ◮ For any behaviour s , at any time t , s ( t ) = true Julien Bertrane Imperfectly-clocked Synchronous Programs () 2 d´ ecembre 2006 4 / 43 bertrane@di.ens.fr
Modelisation Hypotheses Goal : Automatic proofs of specifications safety specifications ◮ For any behaviour s , at any time t , s ( t ) = true temporal specifications For any behaviour s , there is no t such that : for any t ′ ∈ [ t , t + α ] , s ( t ′ ) = true Julien Bertrane Imperfectly-clocked Synchronous Programs () 2 d´ ecembre 2006 4 / 43 bertrane@di.ens.fr
Modelisation Hypotheses Goal : Automatic proofs of specifications safety specifications ◮ For any behaviour s , at any time t , s ( t ) = true temporal specifications For any behaviour s , there is no t such that : for any t ′ ∈ [ t , t + α ] , s ( t ′ ) = true quantitative specifications ◮ the outputs of 2 redondant systems match at least half the time of any interval of width δ . Julien Bertrane Imperfectly-clocked Synchronous Programs () 2 d´ ecembre 2006 4 / 43 bertrane@di.ens.fr
Modelisation Consequences Typical system :details of hardware hypotheses HARDWARE (environment, sensors, actuators) SOFTWARE on synchronous hardware C [1.9;2.1] 1 [0.4;0.5] HARDWARE H wiring SOFTWARE A on [0.4;0.5] R synchronous D hardware W A R C [0.3;0.4] 3 E [0.4;0.5] SOFTWARE on synchronous hardware C [1.9;2.1] 2 HARDWARE (environment, sensors, actuators) Julien Bertrane Imperfectly-clocked Synchronous Programs () 2 d´ ecembre 2006 5 / 43 bertrane@di.ens.fr
Modelisation Consequences Subsequent difficulties clock skew + delays in communications ⇒ non denumerable set of behaviors Synchronous δ−ε,δ+ε system C: I O1 1 Xor Synchronous δ−ε,δ+ε system C’: ? Julien Bertrane Imperfectly-clocked Synchronous Programs () 2 d´ ecembre 2006 6 / 43 bertrane@di.ens.fr
Modelisation Consequences Subsequent difficulties ε ε ε ε Synchronous system I 1 Synchronous system Julien Bertrane Imperfectly-clocked Synchronous Programs () 2 d´ ecembre 2006 7 / 43 bertrane@di.ens.fr
Modelisation Consequences Subsequent difficulties ε ε ε ε Synchronous δ−ε,δ+ε system C: I O1 1 Xor Synchronous C" δ−ε,δ+ε system C’: ? Julien Bertrane Imperfectly-clocked Synchronous Programs () 2 d´ ecembre 2006 8 / 43 bertrane@di.ens.fr
Modelisation Consequences Subsequent difficulties ε ε ε ε Synchronous δ−ε,δ+ε system C: I O1 1 Xor Synchronous C" δ−ε,δ+ε system C’: ? Proving specifications is difficult This is not the right way to handle redudancy Julien Bertrane Imperfectly-clocked Synchronous Programs () 2 d´ ecembre 2006 8 / 43 bertrane@di.ens.fr
Modelisation Consequences Behavior of a synchronous system SOFTWARE DISCR on C 1 synchronous hardware C [1.9;2.1] 1 SHIFT C C :1.9, 2.1 1 1 a clock is a function : N → R + clock parameter : [ α, β ], with α, β ∈ R + and 0 < α � β a clock c satisfies [ α, β ] iff c n +1 − c n ∈ [ α, β ] DISCR C 1 models the periodic reading of the input buffer SHIFT C 1 models the waiting for the next clock tick, and the emission of its result at this next clock tick Julien Bertrane Imperfectly-clocked Synchronous Programs () 2 d´ ecembre 2006 9 / 43 bertrane@di.ens.fr
Modelisation Semantics Semantics : choices Continuous-time semantics instead of classical discrete one (PC,Message passing,...) the semantics connects each point of control to a set of signals (i.e. element of f : R + → B ) a signal belongs to the semantics at point p if there is a vector connecting each any point but p to a signal compatible with p . if no-empty, the semantics often contains a non-countable infinity of signals Julien Bertrane Imperfectly-clocked Synchronous Programs () 2 d´ ecembre 2006 10 / 43 bertrane@di.ens.fr
Modelisation Semantics Semantics of time-independent operators si 1 I1 O1 Or I2 • true if si 1 ( t ) = true si 2 so 1 ( t ) = or si 2 ( t ) = true • false else so 1 � Ψ OR ( si 1 , si 2 ) so 1 Julien Bertrane Imperfectly-clocked Synchronous Programs () 2 d´ ecembre 2006 11 / 43 bertrane@di.ens.fr
Modelisation Semantics Semantics of time-dependent operators I1 O1 DISCRC [ α, β ] parameter of clock C • false if t < c (0) so 1 ( t ) = • si 1 ( c n ) if t ∈ [ c n , c n +1 ) C1 C2 C3 C4 C5 C6 C7 C8 so 1 � Ψ DISCR c ( si 1 ) α β Julien Bertrane Imperfectly-clocked Synchronous Programs () 2 d´ ecembre 2006 12 / 43 bertrane@di.ens.fr
Modelisation Semantics Syntax and semantics Syntax Semantics O 1 I1 ∀ t ∈ R + , O 1 ( t ) = I 1 ( t ) ∀ t ∈ R + , O 2 ( t ) = I 1 ( t ) O2 ∀ t ∈ R + , O 1 ( t ) = α CONST α ∀ t ∈ R , O 1 ( t ) = I 1 ( δ ( t )) � ∃ δ : R → R , monotonic, I1 O1 DELAY [α,β] δ : ∀ t ∈ R , δ ( t ) − t ∈ [ α, β ] Julien Bertrane Imperfectly-clocked Synchronous Programs () 2 d´ ecembre 2006 13 / 43 bertrane@di.ens.fr
Modelisation Semantics Syntaxe et s´ emantique 1st Step p 0 time: 0 DISCR C t f p = p p 1 f 3 0 t Ψ p f NOT DISCR [0.;0.] 1 f SHIFT p 2 t p f 2 f SHIFT C C :0.9, 1.1 Ψ Ψ p 3 DELAY DELAY time: 0 [0.4;0.5] p 4 t f p f DISCR C 4 t p f p 5 5 f t NOT p f 6 f p 6 Ψ t p f SHIFT SHIFT C 7 f C’ :0.6, 0.7 p 7 D D Julien Bertrane Imperfectly-clocked Synchronous Programs () 2 d´ ecembre 2006 14 / 43 bertrane@di.ens.fr
Modelisation Semantics Syntaxe et s´ emantique 2nd Step p 0 time: 0 C1 DISCR C t f f p = p p 1 f 3 0 Ψ t p f NOT DISCR [0.;0.] 1 f p 2 t p f 2 f SHIFT C C :0.9, 1.1 Ψ p 3 DELAY time: 0 C’ 1 [0.4;0.5] p 4 t f f p f DISCR C 4 Ψ t p f p 5 DISCR 5 f t NOT p f 6 f p 6 t p f f SHIFT C 7 f C’ :0.6, 0.7 p 7 D D Julien Bertrane Imperfectly-clocked Synchronous Programs () 2 d´ ecembre 2006 15 / 43 bertrane@di.ens.fr
Modelisation Semantics Syntaxe et s´ emantique 3rd Step p 0 time: 0 C 1 DISCR C t f f f p = p p 1 f 3 0 t p f f f NOT [0.;0.] 1 f p 2 t p f f Ψ 2 f SHIFT C NOT C :0.9, 1.1 p 3 time: 0 C’ 1 [0.4;0.5] p 4 t f f f p f DISCR C 4 t p f f f p 5 5 f Ψ t NOT p f f NOT 6 f p 6 t p f f f SHIFT C 7 f C’ :0.6, 0.7 p 7 D D Julien Bertrane Imperfectly-clocked Synchronous Programs () 2 d´ ecembre 2006 16 / 43 bertrane@di.ens.fr
Modelisation Semantics Syntaxe et s´ emantique 4th Step p 0 time: 0 C1 DISCR C t f f f p = p p 1 f 3 0 t Ψ p f f f NOT [0.;0.] 1 f SHIFT p 2 t p f f t 2 f SHIFT C C :0.9, 1.1 p 3 Ψ time: 0 C’ DELAY 1 [0.4;0.5] p 4 t f f f p f DISCR C 4 t p f f f p 5 5 f t NOT p f f t Ψ 6 f p 6 SHIFT t p f f f SHIFT C 7 f C’ :0.6, 0.7 p 7 D D Julien Bertrane Imperfectly-clocked Synchronous Programs () 2 d´ ecembre 2006 17 / 43 bertrane@di.ens.fr
Modelisation Semantics Syntaxe et s´ emantique 5th Step p 0 time: 0 C1 C 2 DISCR C t f f t p = p Ψ p 1 f 3 0 DISCR t p f f NOT [0.;0.] 1 f p 2 t p f t 2 f Ψ SHIFT C C :0.9, 1.1 DELAY p 3 time: 0 C’ C’ 1 2 [0.4;0.5] p 4 t f f f p f DISCR C 4 t p f f f p 5 5 f Ψ t NOT p f NOT t 6 f p 6 t p f f t SHIFT C 7 f C’ :0.6, 0.7 p 7 D D Julien Bertrane Imperfectly-clocked Synchronous Programs () 2 d´ ecembre 2006 18 / 43 bertrane@di.ens.fr
Recommend
More recommend
![Abstract interpretation based Analysis [FPCA 95], Predicate Abstraction [Mannas festschrift](https://c.sambuz.com/842045/abstract-interpretation-s.jpg)
