Synchronous Languages and System Design with Esterel

About This Presentation

Title:

Synchronous Languages and System Design with Esterel

Description:

Semantic model : Scott's 3-valued logic. B = { , 0, 1} View ... X=b in the fixpoint (Scott's view) X stabilizes to b for any delay assignment (circuit view) ... – PowerPoint PPT presentation

Number of Views:319

Avg rating:3.0/5.0

Slides: 89

Provided by: ellense

Learn more at: https://ptolemy.berkeley.edu

Category:

more less

Transcript and Presenter's Notes

Title: Synchronous Languages and System Design with Esterel

1
Synchronous Languagesand System Design with
Esterel

Ellen Sentovich
Cadence Berkeley Laboratories

2
Outline

Context Reactive Systems
Principles Synchronous languages
Esterel in-depth
Language, Compilation
Causality
Optimization and Verification
New applications ECL
Implementing Esterel on CFSM networks

3
System Design

Systems produce a steady sequence of input/output
sequences
Inconvenient to specify sequences need models
and languages
Model
Simple and intuitive
Accurate enough model of physical reality
Mathematically efficient
General enough to allow different implementation
styles
Language
Accurate expression of the model
Convenient and efficient expression of the design
Analysis
Implementation
compilation to hardware, software

4
Reactive Systems
signals
signals
control
data
sensors
values
5
Applications

Software and hardware controllers
process control, embedded systems,data-path
control
Communication Protocols
software protocols,bus interfaces,cache coherence
Drivers
man-machine interface,systems drivers,pipeline
logic

Concurrency Determinism
6
Reactive System Characteristics

Reactivity
continually react at a speed determined by the
environment
Concurrency
at least between system and environment
Strict time and reliability requirements
Deterministic
Mixed hardware/software implementations

7
Synchronous Systems
Cycle based read inputs
compute reaction
produce outputs Synchronous within the same
cycle at the same time
(0-delay) (must be checked on
implementation) Synchronous control propagation
signal broadcasting Equivalent
FSM implementation (good analysis techniques)
8
Synchronous Languages

Invented for the design of reactive kernels
not the interactive interface or data management
Programmer views system as an instantaneous
reactor to events
Program behavior is completely deterministic
Attempt to resolve concurrency and
non-determinism (in other models)

9
Esterel Background

Esterel is one of a set of synchronous languages
developed in France
Esterel reactive control
Lustre, Signal data flow
Argos, SyncCharts graphical
Esterel development goal natural expression of
control
Specific statements to deal with time, preemption
Departure from concurrency as interleaving and
rendez-vous to concurrency as instantaneous
propagation of control

10
Esterel Background

Synchronous programming environment...
Language
For control-dominated, reactive systems
Constructs for sequencing, concurrency,
preemption
Compiler
Produces sorted Boolean equations
Causality checking, symbolic debugging,
verification
Implementation as C-code or digital circuits

11
Esterel Basic Principles

Synchronous hypothesis instantaneous
communication
Communication via broadcast signals (event)
signals, sensors, variables
pure, valued
Boolean and arithmetic operators
Modularity program collection of modules
Concise programs write things once !!
Concurrency, sequencing, preemption
Well-defined semantics

12
Overview of Syntax

Signal reading/writing
emit S emit S(value) present S then p else q
Basic control and looping
halt loop p end run module
Sequencing, concurrency
p q p q
Preemption
suspend p when S abort p when S
weak abort when S abort when immediate S

13
Syntax await statement

Most basic signal control statement
await S
Equivalent to
abort
loop
halt
end
when S
Note Await always stops
consider await S await S
versus await immediate S await immediate S

14
Variables and Ordering

Variable manipulation (local)
V value if Vvalue then p else q
Variable computations ordered
V 5
V V1
Y V
emit S(V)
Signal emissions (communication) unordered
Legal emit S emit S
Illegal emit S(3) emit S(5) (non-deterministic)
Signal computations ordered
Well-defined emit S present S
Undefined present S then emit S

15
The ABRO Example

Wait until both A and B have occurred, then
output O, unless the reset R occurs

Number of states is exponential in inputs
16
The ABRO Example in Esterel

Wait until both A and B ? concurrency
Unless R ? preemption

loop
abort
await A await B
emit O
when R
end
Write things ONCE !!
Code size is linear in inputs efficient circuit
17
Compilation

Esterel program ? extended finite state machine
finite inputs, deterministic reaction ?finite
program
FSM data computations
Can be compiled to a single automata -
EXPENSIVE!!
exhaustive exploration of set of control states
Esterel v3
Can be translated to sorted Boolean equations
Esterel v5
State machine is represented implicitly

18
Translation to Boolean Circuits

Structural translation
Network of interconnected cells
Implementation of control
control signal runs through the circuit
boot signal latch, initially 1, thereafter 0
Each cell contains
signal input/output control input/output
suspend, kill, resume signals
return codes (nested preemption)
One register per halting statement

19
Translation to Boolean Circuits

present S then p else q

20
Causality

Cycles occur naturally in Esterel specifications
Cyclic dependency between variables
Some are harmful, some not
The Causality Problem is analyzing these cycles
and deciding which to accept
It is related to analyzing hardware in circuits
Combinational cycles
How do we define a causally correct program?
We want a unique, comprehensible solution
All present signals must be emitted somewhere
A solution is a set of consistent assignments to
all signals
Need to be able to express program in a
non-cyclic way

Constructive causality
21
Harmful Cycles
No Boolean solution (non-reactive), or several
solutions (non-deterministic) Electrically
unstable Useless !
22
present X then emit X end
present X else emit X end
23
Harmless Cycles
Unique Boolean solution Electrical stabilization
in bounded time gt behaves as if
acyclic Natural in Esterel programming Natural
in high-level hardware synthesis Possible
exponential saving in space!
24
present I then present X then emit Y
end else present Y then emit X end end
25
I
X
Y
J
X I and not Y Y J and not X
OK unless I J 1
26
Combinational Cycles in Sequential Circuits
1
X
Y
0
The non-constructive state (1,1) is unreachable
gt reachability analysis needed
27
Naturally occurring harmless cycles Operator
sharing (S. Malik)
Y if C then G(F(X)) else F(G(X))
28
Causality A Real Example

Bus arbitration

29
Strange Cycles
30
X X Y X and not Y
X
X 0 X 1 ?
Y
Want to build a theory with stable
solutions. Also cheaper for compiler (interpretat
ion possible)
31
ToBe
Hamlet ToBe ToBe or not ToBe
present ToBe then emit ToBe else emit
ToBe end
32
Constructive Causality in Esterel
Step through program Analyze what must be done
(emit) what cannot be done (no
possible emit) what can be
done Set a signal present iff it must be
emitted Set a signal absent iff it cannot be
emitted Constructive causality permits
interpretation
33
Executing Constructive Causality
module P1 input I output O signal S1, S2
in present I then emit S1 end present S1
else emit S2 end present S2 then emit O
end end signal end module
34
Analogy constructive circuits
Circuits are Boolean proof builders
0
0
0
0
0
Trace values from inputs to outputs,
never guessing a value Analysis equivalent to
electron flow in a circuit A causal program is
equivalent to an electrically stable circuit,
acyclic circuit
35
Constructive Boolean Logic
Derive facts from facts
E0
F0
E1 F1
E and F 0
E and F 0
E and F 1
E0
E1
not E 1
not E 0
XE Eb
Xb
Cannot determine E or not E unless E is known!
36
X I and not Y Y J and not X
(1) I0 (2) J1 (3) X0 from (1) (4) not X1
from (3) (5) Y1 from (2) and (4)
(1) I1 (2) J0 (3) Y0 from (2) (4) not Y1
from (3) (5) X1 from (2) and (4)
No proof of X and Y if IJ1
37
Semantic model Scotts 3-valued logic
B , 0, 1 View circuit as fixpoint
equation X F(X, I) Xb holds in fixpoint
iff provable
T
T
38
Main Theorem (Shiple Berry from Brzozowski -
Seger)
Given a circuit and an input Xb provable
in CBL (proving facts) ltgt Xb in the
fixpoint (Scotts view) ltgt X stabilizes to b
for any delay assignment (circuit view)
Compositionality
39
Algorithms (Esterel v5)
Interpretation
Input-dependent analysis linear time
Compilation (Shiple Malik Bourdoncle)

Input-independent fixpoint analysis
Combinational loops are broken
three-valued simulation performed (BDDs)
reachable state computation (BDDs)
Check that all feedback wires are well-defined
Expensive! Interpretation option in Esterel
gt equivalent acyclic version

40
Interpretation Example
X I and not Y Y J and not X
unknowns
facts
X 1 Y 0
41
X I and not Y Y J and not X
Deadlock proof search stops
42
Dual-Rail Encoding to Implement Constructive
Analysis
X set of inputs that set X to 1
X set of inputs that set X to 0 The circuit is
constructive for all inputs such that X or X 1
for all X

X
X I and Y X I or Y Y J and X Y J or X
X I and not Y Y J and not X
3-valued 01 0, 10 1, 00 unknown
43
X I and Y X I or Y Y J and X Y J or X
X 0 X I Y 0 Y J
X I and J X I Y J and I Y J
Need XX 0, YY 0 X X 1, Y Y 1
((I and J) or I) and ((J and I) or J))
not(I and J)
44
Causality Summary
Constructive Boolean logic characterizes
delay-independent digital circuits Solves the
causality problem for Esterel Strong user
request! Compositional semantics Good
implementation and decision algorithms
45
Graphical Symbolic Debugging

46
Optimization

Standard logic synthesis techniques can be
applied to generated hardware
Finite state machine optimization and analysis
Esterel state encoding
locally group-hot
efficient implementation
far more latches than the minimum
Latch minimization algorithms
exploit the latch/logic tradeoff
progressively more powerful algorithms

47
Latch Optimization

Replacement of latches with logic
compute the reachable state set
compute sets of latches that can be replaced
single latch removal Rl ? Rl 0
2-for-1 removal Rij ? Rij Rij ? Rij 0

Reachable states Karnaugh map
48
Latch Optimization

Generate decoding logic
single-latch remove latch
2-for-1 remove two latches, add logic for one
Generate encoding logic
single-latch E Rl (dependent on other
latches)

49
Latch Optimization Exclusive Sets

Mutually exclusive latch activity
await s1 await s2 await s3
await s4 await s5 await s6
Latch corresponds to each wait
(s1, s2, s3) (s4, s5, s6)
Replace 6 latches with 3 plus a multiplexing
latch

50
Latch Optimization Results

Esterel encoding maintains the structure of the
initial program
single latch removal is always beneficial
More sophisticated algorithms exploit latch/logic
tradeoff
Cost functions depend on circuit size, BDD size
Typically 2-for-1 is performed until logic
becomes prohibitively expensive
Verification times are improved

51
Verification

Simulation and debugging
Synchronous observers
specify an Esterel module to monitor the system
and report errors
specify an Esterel module to model the
environment
perform symbolic reachability analysis
Temporal logic formulas translated to Esterel
modules
TempEst work at U Texas

52
The Esterel Toolset
Language formal semantics Compiler to hardware
or software (Esterel v5) Automata
(explicit FSM) Boolean circuits
(implicit FSM) Proved correct w.r.t.
the semantics Graphical simulators / debuggers
(xes) Verifier for safety properties
Xeve, TempEst EsterelStudio commercial product,
including graphical input, test generation
53
ECL Project

ECL for system design
Done at Cadence Berkeley Laboratories
Many industrial partners
Used in one commercial product
Language Compilation
Status

54
ECL Summary Language

ECL Esterel C
ANSI-C plus constructs for reactivity
signal communication await(sig) emit(sig,
value)
pre-emption abort stmt when sig_exp
concurrency par stmt par stmt
C standard in embedded software, minimal
learning curve, many good compilers, reactivity
missing
Esterel high-level reactive control, rigorous
mathematical semantics (FSM), strong analysis and
optimization tools, limited support for data,
non-reactive loops

55
ECL Key Features

Language support for control and data
Esterel FSM synthesis technology for
Efficiency implicit state FSMs
Robust analysis and optimization
Verification
Implementation HW and/or SW

56
Example simple C
for (i 0 i lt SIZE i) buf i
In i create_frame_from_buffer(f, buf)
57
Example add reactivity / concurrency
for (i 0 i lt SIZE i) buf
i IN create_frame_from_buffer(f, buf)
await ( IN )
emit (frame, f)
while (1) / check CRC / await
(frame) for (i 0 i lt HSIZE i)
crc frame.hdri if (crc !
frame.crc) emit (bad_crc)
58
Example complete ECL module
typedef byte hdrHSIZE byte dataDSIZE int
crc frame_t
module frame_proc (input byte in, input frame_t
out)
byte bufSIZE frame_t f int crc
par while (1) / get bytes into frame /
for (i 0 i lt SIZE i) await (in) bufi
in create_frame_from_buffer(f,
buf) emit_v (frame, f) par while
(1) / check CRC / await (frame)
for (i 0 i lt HSIZE i) crc
frame.hdri if (crc ! frame.crc)
emit (bad_crc)
par while (1) / process address (if correct)
/ await (frame) do / /
emit (out, frame) abort (bad_crc)
59
ECL compilation

Split ECL source Esterel C (by compiler
capability)
ECL module compiled to
FSM (via Esterel) reactive stmts some C
Control
C-code residue functions and non-reactive loops
Data
Implementation
SW (C) or HW (HDL) Control
C-code residue SW produced by ECL compiler
Data
Trade-off where exactly to split?
more Esterel ? more optimization
more C ? more predictable compilation process

60
ECL compilation
module calls get_data (signal IN) reactive
statements await a concurrency par await a
par await b C statements reactive loops
Esterel Compiler to C
Esterel Compiler to C/FSM
61
Example pre-compilation
typedef byte hdrHSIZE byte dataDSIZE int
crc frame_t module frame_proc (input byte in,
output frame_t out) signal frame_t frame
signal int bad_crc byte bufSIZE frame_t
f int crc par while (1) / get bytes
into frame / for (i 0 i lt SIZE
i) await (in) bufi in
create_frame_from_buffer(f, buf) emit
(frame, f) par while (1) /
check CRC / await (frame)
for (i 0 i lt HSIZE i) crc frame.hdri
if (crc ! frame.crc) emit (bad_crc)
par while (1) / process address
(if correct) / await (frame)
abort / / emit (out, frame) when
(bad_crc)
C data type
Reactive loop
Concurrency
Non-reactive loop
Pre-emption
62
Example pre-compilation
typedef byte hdrHSIZE byte dataDSIZE int
crc frame_t module frame_proc (input byte in,
output frame_t out) signal frame_t frame
signal int bad_crc byte bufSIZE frame_t
f int crc par while (1) / get
bytes into frame / for (i 0 i lt
SIZE i) await (in) bufi in
create_frame_from_buffer(f, buf) emit
(frame, f) par while (1) /
check CRC / await (frame)
for (i 0 i lt HSIZE i) crc frame.hdri
if (crc ! frame.crc) emit (bad_crc)
par while (1) / process address
(if correct) / await (frame)
abort / / emit (out, frame) when
(bad_crc)
Reactive loop
Non-reactive loop
63
Example post-compilation
typedef byte hdrHSIZE dataDSIZE int crc
frame_t void crc_compute(int crc, frame_t
frame) for (i 0 i lt HSIZE i) crc
frame.hdri / plus interface functions
such as set_buffer_i / module frame_proc input
in byte output out frame_t signal frame
frame_t, bad_crcinteger in var buf frame_t,
crcinteger in loop get bytes into frame
trap DONE in cnt 0
loop await in set_buffer_i(buffer, i, in)
if (cnt lt SIZE) else exit DONE
end if end loop emit
frame(?buffer) end trap end loop
loop check CRC await frame
crc_compute(crc, frame) if (crc !
get_frame_crc(frame) then emit bad_crc
end if end loop etc
Compiled to C
Compiled to Esterel
Reactive loop
Non-reactive loop
64
ECL Summary

ECL smoothly integrates
C (standard for embedded software development)
Esterel (concurrency, preemption, FSM semantics)
into a single language and development
environment
ECL compiler
generates Esterel and C for embedded SW
implementation
permits (partial) hardware implementation
Opensource http//www.sourceforge.net/projects/e
cl
Java source code, test/tutorial examples,
regression tests, documentation (html, ps, pdf)
Ongoing work
ECL for hardware specification
ECL and Esterel in Metropolis

65
Implementing Esterel Programs in POLIS

POLIS system-level design tool created at UCB
Model of computation
GALS via communicating CFSMs
Global asynchronous
Events can arrive at any time
Different parts of system compute at different
rates
Buffering of events for each module
Goal implement Esterel programs in a POLIS
system while preserving their semantics

66
POLIS a GALS model Globally Asynchronous
Locally Synchronous
CFSM
Input buffer
CFSM FSM w/data, support for asynch communication
67
CFSM

Input Buffer presence value
- A CFSM is runnable when an input comes in
Several inputs may come in before actual run
- Presence / absence can be tested for each input
- Value can be accessed for present signals
Transition in 0-delay
Inputs are consumed during the run
- Output broadcast by the network, with delay
- 1-place buffers can be overwritten

Synchronous programs
nice semantics / mathematics
concurrency deterministic
optimization verification feasible
limited in scope compact systems
CFSM networks
POLIS implementation model
good for hardware / software codesign
formal semantics, but can be wild
semantics purely operational (scheduler)

69
Example
module m1 input a, ONE output TWO loop
await case a and ONE do emit TWO
end end loop
module m2 input a, TWO output ONE,
THREE loop await case TWO do emit
THREE end end loop loop await
case a do emit ONE end end loop
a 1 m1 -gt m2 -gt m1 -gt m2 m2 -gt m1 -gt m2
await case wait until at least one case is true
70
Can we implement synchronous languages on CFSM
networks?

Run large-scale synchronous programs on networks
Maintaining synchronous semantics
Study classes of well-behaved CFSM networks
Study progressive relaxation of synchrony
Previous work P. Caspi and A. Girault
E,. Ledinot et.al.,
Dassault Aviation

71
Constructive and not gate as a CFSM - v1
A
C
B
input A boolean, B boolean output C
boolean await A if not ?A then emit
C(false) end await B if ?B then emit
C(false) end if ?A and not ?B then emit
C(true) end
72
POLIS Implementation

Encode facts in CFSM events
Create a logic network of gates representing the
Esterel program
Use one CFSM per gate
Create at POLIS network of CFSMs to propagate
the facts

Combinational gates -gt sequential
CFSMs Synchronous cycle -gt full network
execution
73
Constructive and not gate as a CFSM - v1
A
C
B
input A boolean, B boolean output C
boolean await A if not ?A then emit
C(false) end await B if ?B then emit
C(false) end if ?A and not ?B then emit
C(true) end
Problem C can be emitted twice
74
V2 protecting double emission
signal Caux combine boolean with and in
await A if not ?A then
emit Caux(false) end await B
if ?B then emit Caux(false) end
if ?A and not ?B then emit Caux(true) end
await Caux emit C(?Caux) end signal
75

Given an input assignment, the network builds a
proof
Each gate buffer is written at most once
- no buffer overwriting
- bounded time (linear)
Termination when no more runnable CFSM
- events fanins -gt constructive
- else non-constructive
Any scheduling gives the right answer!

76
But works only for one global tick! Macro-cycles
- give synchronous events successively
- logical timing by stream ordering a0
a1 a2 a3 a4 b0
b1 b2 b3 b4 c0 c1
c2 c3 c4
77
Four basic solutions
1. Wait long enough (as for circuits)
2. Compute explicit termination signal
3. Let the scheduler report termination
4. Use a flow control protocol
-gt pipelining
78
Flow Control
A_Free
A
C
B
C_Free
B_Free
79
V3 flow control
loop signal Caux combine boolean with and
in await A emit
A_Free if not ?A then emit
Caux(false) end await B
emit B_Free if ?B then emit
Caux(false) end if ?A and not
?B then emit Caux(true) end
await Caux
await C_Free emit C(?Caux)
end signal end loop
80
Automatic Gate Reset
A gate resets for next tick when it has received
all its input. No additional protocol needed!
A0 A_Free C_Free C0 B1
B_Free loop
A1 A_Free C_Free B0
B_Free C1 loop
81
Pipelining
Problem out-of-order data for next cycle
A(0) -gt A_Free C_Free -gt C(0) A(1)
-gt B(1) -gt B_Free
1. Memorize A(1) in the CFSM - heavy!
2. Write back 1 in the A buffer but
gate immediately made runnable again!
3. Tell the scheduler that only arrival of B
matters gt sensitivity lists
82
module AndNot Boolean IO input A boolean,
B boolean output X boolean Flow control
IO output A_Free, B_Free input C_Free
Scheduling IO output A_Wait, B_Wait output
C_Free_Wait
83
loop signal Caux combine boolean with and
in lt handle A and B gt
lt handle C gt end signal end loop
84
abort sustain A_Wait when A
emit A_Free if not ?A then emit Caux(false)
end abort sustain B_Wait when
B emit B_Free if ?B then emit
Caux(false) end if ?A and not ?B then emit
Caux(true)
85
await Caux abort sustain
C_Free_Wait when C_Free emit C(?Caux)
86
Termination signal
I
X
Y
J
DONE
Too expensive Non-local
87