Translation validation was invented in the 90's by Pnueli et al. as a technique to formally verify the correctness of code generators. Rather than certifying the code generator or exhaustively qualifying it, translat...Translation validation was invented in the 90's by Pnueli et al. as a technique to formally verify the correctness of code generators. Rather than certifying the code generator or exhaustively qualifying it, translation validators attempt to verify that program transformations preserve semantics. In this work, we adopt this approach to formally verify that the clock semantics and data dependence are preserved during the compilation of the Signal compiler. Translation valida- tion is implemented for every compilation phase from the initial phase until the latest phase where the executable code is generated, by proving the transformation in each phase of the compiler preserves the semantics. We represent the clock semantics, the data dependence of a program and its trans- formed counterpart as first-order formulas which are called clock models and synchronous dependence graphs (SDGs), respectively. We then introduce clock refinement and depen- dence refinement relations which express the preservations of clock semantics and dependence, as a relation on clock mod- els and SDGs, respectively. Our validator does not require any instrumentation or modification of the compiler, nor any rewriting of the source program.展开更多
Architecture analysis & design language (AADL) has been increasingly adopted in the design of em- bedded systems, and corresponding scheduling and formal verification have been well studied. However, little work ta...Architecture analysis & design language (AADL) has been increasingly adopted in the design of em- bedded systems, and corresponding scheduling and formal verification have been well studied. However, little work takes code distribution and architecture exploration into ac- count, particularly considering clock constraints, for dis- tributed multi-processor systems. In this paper, we present an overview of our approach to handle these concerns, together with the associated toolchain, AADL-PoLYCHRONY-SYNDEx. First, in order to avoid semantic ambiguities of AADL, the polychronous/multiclock semantics of AADL, based on a polychronous model of computation, is considered. Clock synthesis is then carried out in POLYCHRONY, which bridges the gap between the polychronous semantics and the syn- chronous semantics of SYNDEx. The same timing semantics is always preserved in order to ensure the correctness of the transformations between different formalisms. Code distri- bution and corresponding scheduling is carried out on the obtained SYNDEx model in the last step, which enables the exploration of architectures originally specified in AADL. Our contribution provides a fast yet efficient architecture ex- ploration approach for the design of distributed real-time and embedded systems. An avionic case study is used here to illustrate our approach.展开更多
文摘Translation validation was invented in the 90's by Pnueli et al. as a technique to formally verify the correctness of code generators. Rather than certifying the code generator or exhaustively qualifying it, translation validators attempt to verify that program transformations preserve semantics. In this work, we adopt this approach to formally verify that the clock semantics and data dependence are preserved during the compilation of the Signal compiler. Translation valida- tion is implemented for every compilation phase from the initial phase until the latest phase where the executable code is generated, by proving the transformation in each phase of the compiler preserves the semantics. We represent the clock semantics, the data dependence of a program and its trans- formed counterpart as first-order formulas which are called clock models and synchronous dependence graphs (SDGs), respectively. We then introduce clock refinement and depen- dence refinement relations which express the preservations of clock semantics and dependence, as a relation on clock mod- els and SDGs, respectively. Our validator does not require any instrumentation or modification of the compiler, nor any rewriting of the source program.
文摘Architecture analysis & design language (AADL) has been increasingly adopted in the design of em- bedded systems, and corresponding scheduling and formal verification have been well studied. However, little work takes code distribution and architecture exploration into ac- count, particularly considering clock constraints, for dis- tributed multi-processor systems. In this paper, we present an overview of our approach to handle these concerns, together with the associated toolchain, AADL-PoLYCHRONY-SYNDEx. First, in order to avoid semantic ambiguities of AADL, the polychronous/multiclock semantics of AADL, based on a polychronous model of computation, is considered. Clock synthesis is then carried out in POLYCHRONY, which bridges the gap between the polychronous semantics and the syn- chronous semantics of SYNDEx. The same timing semantics is always preserved in order to ensure the correctness of the transformations between different formalisms. Code distri- bution and corresponding scheduling is carried out on the obtained SYNDEx model in the last step, which enables the exploration of architectures originally specified in AADL. Our contribution provides a fast yet efficient architecture ex- ploration approach for the design of distributed real-time and embedded systems. An avionic case study is used here to illustrate our approach.
