processes, interfaces and platforms. embedded software modeling in metropolis. luciano lavagno...
TRANSCRIPT
Processes, interfaces and Processes, interfaces and platforms.platforms.Embedded software modeling in Embedded software modeling in Metropolis.Metropolis.
Luciano LavagnoLuciano Lavagno
Politecnico di TorinoPolitecnico di Torino
EMSOFT 2002, CASES 2002EMSOFT 2002, CASES 2002
Grenoble, FranceGrenoble, France
Metropolis Project: main participantsMetropolis Project: main participants
Cadence Berkeley Labs Cadence Berkeley Labs (USA): (USA): methodologiesmethodologies, , modelingmodeling, , formal formal methodsmethods
UC BerkeleyUC Berkeley (USA): (USA): methodologiesmethodologies, , modelingmodeling, , formal methodsformal methods Politecnico di TorinoPolitecnico di Torino (Italy): (Italy): modelingmodeling, , formal methodsformal methods Universitat Politecnica de CatalunyaUniversitat Politecnica de Catalunya (Spain): (Spain): modelingmodeling, , formal methodsformal methods Philips ResearchPhilips Research (Netherlands): (Netherlands): methodologiesmethodologies (multi-media) (multi-media) NokiaNokia (USA, Finland): (USA, Finland): methodologiesmethodologies (wireless communication) (wireless communication) BWRCBWRC (USA): (USA): methodologiesmethodologies (wireless communication) (wireless communication) BMWBMW (USA): (USA): methodologiesmethodologies (fault-tolerant automotive controls) (fault-tolerant automotive controls) IntelIntel (USA): (USA): methodologiesmethodologies (microprocessors) (microprocessors) STMicroelectronicsSTMicroelectronics (France, Italy): (France, Italy): methodologiesmethodologies (wireless platforms) (wireless platforms)
etropolis
Metropolis FrameworkMetropolis Framework
Infrastructure
• Metropolis meta-model
- language
- modeling mechanisms• Meta-model compiler
Meta-model Library
• Models of computation
Meta-model Library
• Architecture platforms
Tools
Simulator QSS PIG STARS SPIN …
Application-specific methodologies
Multi-media, wireless communication, mechanical controls, processors
Design MethodologyDesign Methodology
Balance between reusability and optimalityBalance between reusability and optimality orthogonalize design concerns as much as possibleorthogonalize design concerns as much as possible
optimize the final implementation as much as necessaryoptimize the final implementation as much as necessary
RefineOptimize
Implementationof System
Functional& Non-func.Constraints
FunctionComponent
LibraryMPEG
decodePES
parser VSRCI$ D$
CPU UART RTOS
ArchitectureComponent
Library
demux PESparser
MPEGdecode HSRC VSRC
ImageJuggler
MPEGdecode
Control
SystemFunction
Model
SystemArchitecture
Model
BCU
HWassist MEM
I$ D$
CPU UARTINT
RTOS APIdriver
Map
Metropolis meta-modelMetropolis meta-model
• Computation : f : X Z
• Communication : state evaluation and manipulation
• Coordination : constraints over concurrent actions
- process : generates a sequence of events
- medium : defines states and methods
- quantity : annotation of each event (time, energy, memory, …)
- logic : relates events and quantities, defines axioms on quantities
- quantity-manager : algorithm to realize annotation subject to relational constraints
Concurrent specification with a formal execution semantics:
Key difference with respect to Ptolemy, UML, SystemC, …!!!
Concurrent specification with a formal execution semantics:
Meta-model : function netlistMeta-model : function netlist
process P{
port reader X;
port writer Y;
thread(){
while(true){
...
z = f(X.read());
Y.write(z);
}}}
medium M implements reader, writer{
int storage;
int n, space;
void write(int z){
await(space>0; writer ; writer)
n=1; space=0; storage=z;
}
word read(){ ... }
}
interface reader extends Port{
update int read();
eval int n();
}
interface writer extends Port{
update void write(int i);
eval int space();
}
MP1X Y P2X Y
Env1 Env2
MyFncNetlist
R
I
F A
M
Meta-model: execution semanticsMeta-model: execution semantics
Processes take actions. statements and some expressions, e.g.
y = z+port.f(), port.f(), i < 10, …
An execution of a given netlist is a sequence of vectors of events. event : the beginning of an action, e.g. B(port.f()),
the end of an action, e.g. E(port.f()),
null (no-op) N the i-th component of a vector is an event of the i-th process synchronous trace-based semantics time and other quantities elapse and actions are executed in states no assumption on atomicity whatsoever (unless explicitly modeled)
An execution is feasible if it satisfies all coordination constraints, and it is accepted by all action automata defining meta-model semantics
Meta-model: architecture componentsMeta-model: architecture componentsAn architecture component specifies services, i.e.
• what it can do
• how much it costs
: interfaces
: quantities, annotation, logic of constraints
medium Bus implements BusMasterService …{
port BusArbiterService Arb;
port MemService Mem; …
update void busRead(String dest, int size) {
if(dest== … ) Mem.memRead(size);
[[Arb.request(B(busRead));
GTime.request(B(memRead),
BUSCLKCYCLE +
GTime.annotation(B(busRead)));
]]
}
…
scheduler BusArbiter extends Quantity
implements BusArbiterService {
update void request(event e){ … }
update void resolve() { //schedule }
}
interface BusMasterService extends Port {
update void busRead(String dest, int size);
update void busWrite(String dest, int size);
}
interface BusArbiterService extends Port {
update void request(event e);
update void resolve();
}
BusArbiterBus
R
I
F A
M
Meta-model: architecture netlist Meta-model: architecture netlist
Bus
ArbiterBus
Mem
Cpu OsSched
MyArchNetlist
…
…
…
Master
CPU + OS
Slave
Mem
Arbiter
Architecture netlist specifies configurations of architecture components.
Each constructor
- instantiates arch. components,
- connects them,
- takes as input mapping processes.
R
I
F A
M
Meta-model: mapping processesMeta-model: mapping processes
process P{
port reader X;
port writer Y;
thread(){
while(true){
...
z = f(X.read());
Y.write(z);
}}
int f (int n) {
int i;
for (i = 0; i < n; i++) {
…
}}
process MapP{
port CpuService Cpu;
void readCpu(){
Cpu.exec(2); Cpu.cpuRead();
}
void mapf(){Cpu.exec(12*n); } …
}
thread(){
while(true){
await {
(true; ; ;) readCpu();
(true; ; ;) mapf();
(true; ; ;) readWrite();
}}}
B(P, X.read) <=> B(MapP, readCpu); E(P, X.read) <=> E(MapP, readCpu);
B(P, f) <=> B(MapP, mapf); E(P, f) <=> E(MapP, mapf);…
Function process Mapping process
R
I
F A
M
Meta-model: mapping netlistMeta-model: mapping netlist
Bus
ArbiterBus
Mem
Cpu OsSched
MyArchNetlist
mP1 mP2mP1 mP2
MyFncNetlist
MP1 P2
Env1 Env2
B(P1, M.write) <=> B(mP1, mP1.writeCpu); E(P1, M.write) <=> E(mP1, mP1.writeCpu);
B(P1, P1.f) <=> B(mP1, mP1.mapf); E(P1, P1.f) <=> E(mP1, mP1.mapf);
B(P2, M.read) <=> B(P2, mP2.readCpu); E(P2, M.read) <=> E(mP2, mP2.readCpu);
B(P2, P2.f) <=> B(mP2, mP2.mapf); E(P2, P2.f) <=> E(mP2, mP2.mapf);
MyMapNetlist
Bus
ArbiterBus
Mem
Cpu OsSched
MyArchNetlist…
……
R
I
F A
M
Meta-model: platformsMeta-model: platforms
interface MyService extends Port { int myService(int d); }
medium AbsM implements MyService{ int myService(int d) { … }}
B(thisthread, AbsM.myService) <=> B(P1, M.read);
E(thisthread, AbsM.myService) <=> E(P2, M.write);refine(AbsM, MyMapNetlist);
MyArchNetlistMyFncNetlist MP1 P2
B(P1, M.write) <=> B(mP1, mP1.writeCpu); B(P1, P1.f) <=> B(mP1, mP1.mapf); E(P1, P1.f) <=> E(mP1, )B(P2, M.read) <=> B(P2, mP2.readCpu); E(P2, P2.f) <=> E(mP2, mP2.mapf);
MyMapNetlist1
MyArchNetlistMyFncNetlist MP1 P2
B(P1, M.write) <=> B(mP1, mP1.writeCpu); B(P1, P1.f) <=> B(mP1, mP1.mapf); E(P1, P1.f) <=> E(mP1, )B(P2, M.read) <=> B(P2, mP2.readCpu); E(P2, P2.f) <=> E(mP2, mP2.mapf);
MyMapNetlist1
B(…) <=> B(…);
E(…) <=> E(…);refine(AbsM, MyMapNetlist1)
MyArchNetlistMyFncNetlist
MP1 P2
B(P1, M.write) <=> B(mP1, mP1.writeCpu); B(P1, P1.f) <=> B(mP1, mP1.mapf); E(P1, P1.f) <=> E(mP1, )B(P2, M.read) <=> B(P2, mP2.readCpu); E(P2, P2.f) <=> E(mP2, mP2.mapf);
MyMapNetlist2
M
B(…) <=> B(…);
E(…) <=> E(…);
refine(AbsM, MyMapNetlist2)
A set of mapping netlists, together with constraints on event mappings, constitutes a platform (constrained set of possible implementations) with a given interface.
R
I
F A
M
R
I
F A
M
Meta-model: recursive platformsMeta-model: recursive platforms
S
N N'
B(Q2, S.cdx) <=> B(Q2, mQ2.excCpu); E(Q2, M.cdx) <=> E(mQ2, mQ2.excCpu);
B(Q2, Q2.f) <=> B(mQ2, mQ2.mapf); E(Q2, P2.f) <=> E(mQ2, mQ2.mapf);
MyArchNetlistMyFncNetlist MP1 P2
B(P1, M.write) <=> B(mP1, mP1.writeCpu); B(P1, P1.f) <=> B(mP1, mP1.mapf); E(P1, P1.f) <=> E(mP1, )B(P2, M.read) <=> B(P2, mP2.readCpu); E(P2, P2.f) <=> E(mP2, mP2.mapf);
RTOSNetlist
MyArchNetlist
MyFncNetlist
MP1 P2B(P2, M.read) <=> B(P2, mP2.readCpu); E(P2, P2.f) <=> E(mP2, mP2.mapf);
M
RTOS
Meta-model: summaryMeta-model: summary
• Concurrent specification with a formal execution semantics
• Feasible executions of a netlist: sequences of event vectors
• Quantities can be defined and annotated with events, e.g.
time, energy, memory, ...
• Concurrent events can be coordinated in terms of quantities:
- logic can be used to define the coordination,
- algorithms can be used to implement the coordination.
• The mechanism of event coordination wrt quantities plays a key role:
- architecture modeling as service with cost,
- mapping coordinates executions of functional and architecture netlists,
- refinement with event coordination provides a platform.
Metropolis FrameworkMetropolis Framework
Infrastructure
• Metropolis meta-model
- language
- modeling mechanisms• Meta-model compiler
Meta-model Library
• Models of computation
Meta-model Library
• Architecture platforms
Tools
Simulator QSS PIG STARS SPIN …
Application-specific methodologies
Multi-media, wireless communication, mechanical controls, processors
Metropolis infrastructure architectureMetropolis infrastructure architecture
Meta model compiler
Verification tool
Verification tool
Front end
Meta model language
Simulator tool
...Back end1
Abstract syntax trees
Back end2 Back endNBack end3
Synthesis tool
Language1 Language2 Languagen
Translator1 Translator2 Translatorn...
Metropolis infrastructure statusMetropolis infrastructure status
Meta model compiler
SpinPrometheus
Front end
Meta model language
SystemCSimulator
...Back end1
Abstract syntax trees
Back end2 Back endNBack end3
Symbolic HW
scheduler
Simulink Esterel/Lustre UML
Translator1 Translator2 Translatorn...
Deriving other formal models from the meta-modelDeriving other formal models from the meta-model
Example: Petri nets
await(X.n()>=2; X.reader; X.reader)
for(i=0; i<2; i++) x[i]=X.read();
reader_unlock
reader_lockX.n()
2
2
i=0;
i<2?
x[i]=X.read();i++;
end of await
Formal methods on Petri nets:
• analyze the schedulability
• analyze upper bounds of storage sizes
• synthesize schedules
Restrictions:
•condition inside await is conjunctive
•specific medium type (FIFO) is used
Example: quasi-static schedulingExample: quasi-static scheduling
1 Specify a network of processesSpecify a network of processes
2 Translate to the Petri net modelTranslate to the Petri net model
3 Find a “schedule” on the Petri netFind a “schedule” on the Petri net
4 Translate the schedule to a set of tasks Translate the schedule to a set of tasks
(processes)(processes)
Metropolis SummaryMetropolis Summary
• Metropolis meta-model:
- concurrent specification for functions, architecture, and mappings
- libraries of models of computation, libraries of platforms
• Metropolis design environment:
- meta-model compiler to provide an API to browse designs,
- backend tools to analyze designs and produce appropriate models,
- easy to incorporate simulation, verification, and synthesis tools
Backup slides: Execution semanticsBackup slides: Execution semantics
A sequence of vectors of events is a legal behavior A sequence of vectors of events is a legal behavior
if itif it satisfies all constraintssatisfies all constraints
is accepted by all is accepted by all action automataaction automata one for each action of each processone for each action of each process
B y=x+1
Action automataAction automata
y=x+1;y=x+1;B y=x+1 B x+1 E x+1 E y=x+1
y:=Vx+1
B x+1 E x+1 E y=x+1y:=any
c
c
c
c
* = write y* * *
B x+1 E x+1Vx+1 :=x+1
E x+1Vx+1 :=any
c
c
write x
y=x+1
x+1
Vx+1
yx
000
N
Action automataAction automata
y=x+1;y=x+1;
y=x+1
x+1
Vx+1
yx
B y=x+1 B x+1 E x+1 E y=x+1y:=Vx+1
B x+1 E x+1 E y=x+1y:=any
c
c
c
c
* = write y* * *
B x+1 E x+1Vx+1 :=x+1
E x+1Vx+1 :=any
c
c
write x
000
B y=x+1 B x+1 NN N
E x+1
100
Action automataAction automata
y=x+1;y=x+1;
y=x+1
x+1
Vx+1
yx
B y=x+1 B x+1 E x+1 E y=x+1y:=Vx+1
B x+1 E x+1 E y=x+1y:=any
c
c
c
c
* = write y* * *
B x+1 E x+1Vx+1 :=x+1
E x+1Vx+1 :=any
c
c
write x
000
B y=x+1 B x+1 NN N
Action automataAction automata
y=x+1;y=x+1;
y=x+1
x+1
Vx+1
yx
B y=x+1 B x+1 E x+1 E y=x+1y:=Vx+1
B x+1 E x+1 E y=x+1y:=any
c
c
c
c
* = write y* * *
B x+1 E x+1Vx+1 :=x+1
E x+1Vx+1 :=any
c
c
write x
000
B y=x+1 B x+1 E x+1NN N E y=x+1
100
110
B y=x+1
Action automataAction automata
y=x+1;y=x+1;
y=x+1
x+1
Vx+1
yx
B y=x+1 B x+1 E x+1 E y=x+1y:=Vx+1
B x+1 E x+1 E y=x+1y:=any
c
c
c
c
* = write y* * *
B x+1 E x+1Vx+1 :=x+1
E x+1Vx+1 :=any
c
c
write x
000
N
Action automataAction automata
y=x+1;y=x+1;
y=x+1
x+1
Vx+1
yx
B y=x+1 B x+1 E x+1 E y=x+1y:=Vx+1
B x+1 E x+1 E y=x+1y:=any
c
c
c
c
* = write y* * *
B x+1 E x+1Vx+1 :=x+1
E x+1Vx+1 :=any
c
c
write x
000
B y=x+1 B x+1 NN
Action automataAction automata
y=x+1;y=x+1;
y=x+1
x+1
Vx+1
yx
B y=x+1 B x+1 E x+1 E y=x+1y:=Vx+1
B x+1 E x+1 E y=x+1y:=any
c
c
c
c
* = write y* * *
B x+1 E x+1Vx+1 :=x+1
E x+1Vx+1 :=any
c
c
write x
000
B y=x+1 B x+1 NN N
E x+1
500
Action automataAction automata
y=x+1;y=x+1;
y=x+1
x+1
Vx+1
yx
B y=x+1 B x+1 E x+1 E y=x+1y:=Vx+1
B x+1 E x+1 E y=x+1y:=any
c
c
c
c
* = write y* * *
B x+1 E x+1Vx+1 :=x+1
E x+1Vx+1 :=any
c
c
write x
000
B y=x+1 B x+1 NN N
Action automataAction automata
y=x+1;y=x+1;
y=x+1
x+1
Vx+1
yx
B y=x+1 B x+1 E x+1 E y=x+1y:=Vx+1
B x+1 E x+1 E y=x+1y:=any
c
c
c
c
* = write y* * *
B x+1 E x+1Vx+1 :=x+1
E x+1Vx+1 :=any
c
c
write x
000
B y=x+1 B x+1 E x+1NN N E y=x+1
500
550
Semantics of awaitSemantics of await
await {await { (X.n()>0;X.writer; X.writer) comp: z = f(X.read());(X.n()>0;X.writer; X.writer) comp: z = f(X.read()); (Y.space()>0;Y.reader;Y.reader) Y.write(z);(Y.space()>0;Y.reader;Y.reader) Y.write(z);}}
B await...c start Y.reader
E comp:...(true X.n()>0 active X.writer)/
B comp:...
(true Y.space()>0 active Y.reader) / B Y.write(z)
E Y.write(z)
start X.writer
cE await...
Semantics summarySemantics summary
Processes run sequential code concurrently, each at its Processes run sequential code concurrently, each at its
own arbitrary paceown arbitrary pace
Read-Write and Write-Write hazards may cause Read-Write and Write-Write hazards may cause
unpredictable resultsunpredictable results
atomicity has to be explicitly specifiedatomicity has to be explicitly specified
Progress may block at synchronization pointsProgress may block at synchronization points
awaitsawaits
function calls and labels to which awaits or LTL function calls and labels to which awaits or LTL constraints referconstraints refer