Causality Analysis of Synchronous Programs with Refined Clocks

More documents

Recommendations

Info

does not contain cycles. In the following, we will show that similar checks exists for our more general case with refined clocks. The precise definition based on the transition will serve as a correction criterion: all programs accepted by the following simple checks, are causally correct with respect to this definition made in the previous section. A. Acyclic Clock Levels In the transition system, the definition of the expression known (x) is rather difficult: it involves an until-operator, which models that if x has not been assigned in its curent step, it is only known if it cannot be assigned in a later substep. Thus, later substeps have a influence on the current one since they are linked by x. This complex expression can be avoided by forbidding immediate assignments to variables of slower clocks. Then, only delayed assignments to such variables are allowed and the following simplification holds ([ p ]) ∧ next ¬γ i U clock (x) ≡ true i=1 As a consequence, information only flows from slower levels to higher levels in the same step 2 . Thereby, all causality problems introduced by our extension are eliminated since concurrent threads in different clock scopes only exchange data at the beginning of common steps. In addition to causality, this property also ensures the maximum amount of parallelism between unrelated clock scopes: they only need to synchronize at common pause statements, while they are completely independent for the rest of the time. B. Acyclic Information Flow through Clock Levels Refusing programs with immediate assignments to variables on higher clocks is a simple, but an unnecessarily strict condition. For instance, reconsider the introductory example in Figure 1 (b) which computes the greatest common divisor. There, the variable gcd is set by such an immediate assignment, where gcd is defined on a higher clock level. We could use a delayed assignment instead, but then, the result of the computation would be only available in the following step, which does not allow us to construct modules such as GCD2 to compute functions. If we have another look at this example, we can see that the variable gcd is always assigned at the end of the module. However, this property can only be checked with the help of a reachability analysis, which is not better than the complete check based on the transition system. We also see in the example that the execution of the subclock scope does not depend on the variable gcd, because it is only written but not read. Thus, if each clock block either reads or writes a variable on a higher clock, the writing 2 In principle, we could also restrict the information flow in the other direction. In this case, the faster levels cannot read variables of the slower ones but can write them instead. module Causality4 (nat ?a, ?b, o1, o2) { nat gcd; clock(C1) { nat x, y; x = a; y = b; while(x > 0) { if(x >= y) next(x) = x − y; else next(y) = y − x; l 1 : pause (C1); } gcd = y; } || clock(C2) { l 2 : pause(C2); if(a > 5) o1 = gcd; l 3 : pause; } || clock(C3) { l 3 : pause(C3); if(b > 5) o2 = gcd + o1; } } b a C1 Figure 6. Causality Example 2 gcd C2 o1 C3 Figure 7. Dependencies of Causality Example 2 blocks can be executed before the reading blocks and after all writing blocks are finished, the variable is known. This is either the case because the variable was written by a block or no block has written it. In this second case, it is also known that no other block will write it. Hence, for the expression known (x) we can achieve the same simplification as in our first approximation. Since the substeps that write a variable of a higher clock are surely executed before the substeps that read this variable, it is true by construction. o2 30
a c C1 C2 Figure 8. Dependencies of Causality Example 1 Consider the example given in Figure 6, where the first clock block computes the greatest common divisor of inputs a and b. The second clock block sets the output o1 by using gcd and the third block sets o2 by using gcd and o1. The read and write dependencies of the variables of higher clocks are illustrated in Figure 7. The dependencies are acyclic, thus if we schedule all substeps related to C2 after the substeps of C1, the value of gcd is guaranteed to be computed before. Also, if we schedule the substeps of C3 after the substeps of C2, o1 will also be known. In this second case, o1 might be determined or not depending on the context. However, since no other block can set it in our example, we know its value. We obtain a different result for the example given in Figure 3. Its dependencies are shown in Figure 8. This program has (statically) cyclic dependencies so that any static schedule does not fulfill the requirements imposed by the dependencies of the variables in the program. If we take a closer look to the program, we can see that for scheduling this program correctly, the (dynamic) evaluation of the if statement has to be considered first. Therefore, verifying causality with the full procedure given in Section III succeeds: there is a dynamic schedule for every input. Nevertheless, we choose the given approximation as a check in our compiler. It can be checked in linear time, thus it scales well with the size of the given program, and the check can be modularized so that separate compilation is still possible. V. SUMMARY In general, synchronous languages suffer from well-studied causality problems. Due to many research efforts, suitable heuristics are known to efficiently check the causal behavior of programs. In our previous work, we introduced refined clocks to our imperative synchronous language Quartz to overcome problems like unnecessary over-synchronization of independent concurrent behaviors. However, the introduction of refined clocks imposes new causality problems which a compiler must check for a given program. In this paper, we generalized the notion of causality from singleclocked systems to systems using refined clocks. In addition to a formalization, we defined practical procedures, which o conservatively approximate the necessary causality checks to increase the efficiency of compilers. REFERENCES [1] A. Benveniste. A model to analyze the causality in synchronous real-time systems. Research Report 411, INRIA, Rennes, France, May 1985. [2] A. Benveniste and G. Berry. The synchronous approach to reactive real-time systems. Proceedings of the IEEE, 79(9):1270–1282, 1991. [3] A. Benveniste, P. Caspi, S. Edwards, N. Halbwachs, P. Le Guernic, and R. de Simone. The synchronous languages twelve years later. Proceedings of the IEEE, 91(1):64–83, 2003. [4] G. Berry. The foundations of Esterel. In G. Plotkin, C. Stirling, and M. Tofte, editors, Proof, Language and Interaction: Essays in Honour of Robin Milner. MIT Press, 1998. [5] G. Berry. The constructive semantics of pure Esterel. http://www-sop.inria.fr/esterel.org/, July 1999. [6] J. Brandt and K. Schneider. Formal reasoning about causality analysis. In O. Ait Mohamed, C. Muñoz, and S. Tahar, editors, Theorem Proving in Higher Order Logics (TPHOL), volume 5170 of LNCS, pages 118– 133, Montréal, Québec, Canada, 2008. Springer. [7] J. Brandt and K. Schneider. Separate translation of synchronous programs to guarded actions. Internal Report 382/11, Department of Computer Science, University of Kaiserslautern, Kaiserslautern, Germany, March 2011. [8] J.A. Brzozowski and C.-J.H. Seger. Asynchronous Circuits. Springer, 1995. [9] S.A. Edwards. Making cyclic circuits acyclic. In Design Automation Conference (DAC), pages 159–162, Anaheim, California, USA, 2003. ACM. [10] T. Gautier, P. Le Guernic, and L. Besnard. SIGNAL, a declarative language for synchronous programming of real-time systems. In G. Kahn, editor, Functional Programming Languages and Computer Architecture, volume 274 of LNCS, pages 257–277, Portland, Oregon, USA, 1987. Springer. [11] M. Gemünde, J. Brandt, and K. Schneider. Clock refinement in imperative synchronous languages. In A. Benveniste, S.A. Edwards, E. Lee, K. Schneider, and R. von Hanxleden, editors, SYNCHRON’09: Abstracts Collection of Dagstuhl Seminar 09481, Dagstuhl Seminar Proceedings, pages 3–21, Dagstuhl, Germany, 2010. Schloss Dagstuhl - Leibniz-Zentrum für Informatik, Germany. ISSN 1862-4405, http://www.dagstuhl.de/09481. [12] M. Gemünde, J. Brandt, and K. Schneider. A formal semantics of clock refinement in imperative synchronous languages. In L. Gomes, V. Khomenko, and J.M. Fernandes, editors, Conference on Application of 31
Page 1 and 2: Causality Analysis of Synchronous P
Page 3 and 4: executed within a step of a higher
Page 5: clock (x) clock (x) clock (x) χ

Causality Analysis of Synchronous Programs with Refined Clocks

Create successful ePaper yourself

Delete template?

Save as template?