Bip8 Model

8/14/2019 Bip8 Model

1/10

Modeling Synchronous Systems in BIP

Marius Bozga Vassiliki Sfyrla Joseph SifakisVERIMAG Centre Equation, 2 Avenue de Vignate, 38610 Gires, France

[email protected]

ABSTRACTWe present a general approach for modeling synchronouscomponent-based systems. These are systems of synchronouscomponents strongly synchronized by a common action thatinitiates steps of each component. We propose a generalmodel for synchronous systems. Steps are described byacyclic Petri nets equipped with data and priorities. Petrinets are used to model concurrent ow of computation. Pri-orities are instrumental for enforcing run-to-completion inthe execution of a step.

We study a class of wel l-triggered synchronous systems whichare by construction deadlock-free and their computation withina step is conuent. For this class, the behavior of compo-nents is modeled by modal ow graphs . These are acyclicgraphs representing three different types of dependency be-tween two events p and q : strong dependency ( p must followq ), weak dependency ( p may follow q ), conditional depen-dency (if both p and q occur then p must follow q ).

We propose a translation of Lustre into well-triggered syn-chronous systems. This translation is modular and exhibits

not only data-ow connections between nodes but also theirsynchronization by using clocks.

Keywordssynchronous systems, priority Petri nets, modal ow graphs,Lustre, BIP (Behavior-Interaction-Priority)

1. INTRODUCTIONSynchronous systems are composed of strongly synchronizedparallel components. Their global behavior is characterizedby runs consisting of successive computation steps. In eachstep, all components perform some quantum of computation.This ensures a built-in fairness between components in shar-

ing resources, usually enforced by using static schedulingpolicies. Synchronous computation models are particularlyadequate for hardware, real-time systems and streaming sys-tems. Their main advantage over asynchronous computa-

tion models is efficiency and predictability (determinacy),in particular thanks to lightweight analysis techniques fordeciding deadlock-freedom and timeliness. Nonetheless, forgeneral applications an adequate mix of synchronous andasynchronous computation is necessary for optimal use of resources e.g. GALS models [2].

A non trivial open problem is the design of systems con-sistently integrating synchronous and asynchronous subsys-tems e.g. one in Simulink and another in ADA. This re-quires in principle, the use of a common semantic modelencompassing both the synchronous and the asynchronousformalism.

The BIP (Behavior, Interaction, Priority) component frame-work is a formalism for the description of component-basedsystems consisting of heterogeneous components [1]. It al-lows the description of systems as the composition of genericatomic components characterized by their behavior and theirinterfaces. It supports a system construction methodologybased on the use of two families of composition operators:interactions and priorities. Interactions are used to spec-

ify multiparty synchronization between components as thecombination of two protocols: rendezvous (strong symmet-ric synchronization) and broadcast (weak asymmetric syn-chronizations). Priorities between interactions are used torestrict non determinism inherent to parallel systems. Theyare particularly useful to model scheduling polices.

In contrast to existing formal frameworks, BIP is expres-sive enough to directly model any coordination mechanismbetween components [3]. It has been successfully used tomodel complex systems including mixed hardware/softwaresystems and complex software applications.

In this paper, we show how the basic execution mechanisms

underlying synchronous data-ow systems can be modeledin BIP. We dene a notion of synchronous BIP component which differs from general components in that its behavioris described by a step. Steps of components are delimitedby a specic transition labeled by a port sync and executedsynchronously by all components. The behavior of a com-ponent in a step is described by a safe extended priorityPetri net. This is a safe Petri-net whose transitions are la-beled with elements of a set of ports P and a priority order ,a strict partial order P P . Furthermore, transitionsmay be labeled with guards and functions representing datatransformations. The Petri net has a set of initial and a set


2/10


3/10

data ports and 2) interactions realizing strong synchro-nization between control ports of components.

The translation is modular and makes explicit all the inter-actions needed to perform a synchronous computation in ainherently parallel (component-based) system.

The paper is structured as follows. Synchronous components

and their composition are presented in section 2. Section 3is the main section of the paper. It presents the sub-class of synchronous components dened by using modal ow graphsas well as sufficient conditions for deadlock-freedom and con-uence. Section 4 presents the concrete application of modalow graphs for modeling of synchronous systems. Relatedwork is presented in Section 5 and in Section 6, we con-clude and present future work directions. Detailed proofsof propositions and theorems can be found in the technicalreport [5].

2. SYNCHRONOUS COMPONENTSWe present synchronous components and their semantics.The behavior of a synchronous component within a syn-chronous computation step is a safe extended priority Petrinet with given sets of initial and nal places. When onlynal places are marked, termination may terminate by re-moving tokens from nal places and putting tokens to initialplaces.

Definition 1 (synchronous component: syntax).A synchronous component B is a tuple (X,P,N, ) where:

X is a set of data variables,

P is a set of ports p, each one labelled with a subset of variables X p X , the ones exported on interactions through p,

N = ( L,T,F,L 0 , L f ) is an extended 1-safe Petri net:

L is a nite set of places,

T is a nite set of transitions labelled by ( p , g , f )where p P is the port triggered by the transi-tion , g is the guard of , that is a predicate on X and f is the update function associated with , that is a state transformer dened on X ,

F L T T L is the token ow relation,

L0 L is the set of initial places,

L f L is the set of nal places,

P P is a priority order on ports, that is a strict partial order on the set of ports.

Example 1. Figure 3 shows a synchronous BIP compo-nent that produces a tock every P ticks. At every step, it executes the tick transition and then, during the same step,it increases the local variable x by executing the update tran-sition. Whenever x reaches the value P , the component can also execute the tock transition and reset x to 0. In this situation, the tock and update transitions are conicting,however, the associated priorities enforce the execution of tock before update if both transitions are possible.

update

tick tock

x:=x+1

[x=P] x:=0

update

tick tock

x:int

update tock tick

Figure 3: Tick-tock synchronous component

In order to dene the operational semantics for synchronouscomponents, let us rst introduce some notations. Givena Petri net N = ( L,T,F,L 0 , L f ) we dene the set of 1-safe markings M as the set of functions m : L {0, 1}.Given two markings m 1 , m 2 , we dene inclusion m 1 m 2iff for all l L , m 1 (l) m 2 (l). Also, we dene additionm 1 + m 2 as the marking m 12 such that, for all l L , m 12 (l) =m 1 (l) + m 2 (l). Given a set of places K L , we dene itscharacteristic marking m K by m K (l) = 1 for all l K and

m K (l) = 0 for all l L \ K . Moreover, when no confusion ispossible from the context, we will simply use K to denote itscharacteristic marking m K . Finally, for a given transition ,we dene its pre-set (resp. post-set ) as the set of placesowing to (resp. from) that transition = {l | ( l, ) F }(resp. = {l | (, l ) F }).

Definition 2 (synchronous component: semantics).The semantics of a synchronous component B = ( X,P,N, ) with N = ( L,T,F,L 0 , L f ) is dened as the labelled transi-tion system S = ( Q, , ) where

Q = M V is the set of states dened by:

M = {m : L {0, 1}} the set of 1-safe markings, V = {v : X D} the set of valuations of vari-

ables,

= P {sync } is the set of labels, Q Q is the set of transitions dened by the

rules in Figure 4

T mm = m +

1) g (v) = true v = f (v) 2) m m L f (m, v )

p 0 (m , v ) (m, v ) sync 0 (m L 0 , v )

(m, v ) p 0 (m , v ) (m, v ) sync 0 (m , v )

3) ( p .p p (m, v ) p 0 ) 4) ( p.(m, v )

p 0 )(m, v )

p (m , v ) (m, v ) sync (m , v )

Figure 4: Operational Semantics Rules

Rules (1) and (2) dene moves 0 of the behavior withoutpriorities. Rule (1) is the usual ring rule of transitions inPetri nets extended with global data. Rule (2) denes sync transitions which denote the end of a step and the beginningof the next one. Sync transitions can be executed whenever


4/10

the current marking does not contain tokens in non-nalplaces, and their effect is to restore the initial marking, whilekeeping the data unchanged. Rules (3) and (4) dene themoves of a synchronous component, by restricting 0with respect to priorities. Rule (3) is simply the applicationof the priority rule specied by the priority order . Rule(4) enforces highest priority of all the transitions ports of the component with respect to sync transitions, denoting

step termination.

Definition 3 (interaction). An interaction a is a triple (P a , G a , F a ) where

P a , is a set of ports, the support set of the interaction, G a is the interaction guard, that is a boolean predicate

dened on variables (X p )p P a exported through ports belonging to the interaction,

F a is an update (or transfer) function, that is a state transformer on variables (X p )p P a

We dene composition parameterized by interactions as aninternal operation of synchronous components. This opera-tion is partial: the result of the composition is dened as asynchronous component only if the priority order associatedto it is acyclic.

Definition 4 (synchronous component: composition).Let {B i = ( X i , P i , N i ,i )}i =1 ,n be a set of synchronous components dened on disjoint sets of variables and ports.Let be a set of interactions on ports ni =1 P i such that each interaction uses at most one port of every component, that is for all a , for all i 1, n , |P a P i | 1. The composition (B 1 , . . . ,B n ) is a partial operation dening the synchronous component B = ( X,P,N, ) where

the set of variables X = ni =1 X i , the set of ports P is the set of interactions . More-

over, for each interaction a , we dene its set of exported variables X a = p P a X p ,

the Petri net N = ( L,T,F,L 0 , L f ) is obtained from the set of the Petri nets {N i = ( L i , T i , F i , L 0 i , L f i )}i =1 ,nas follows:

the set of places L = ni =1 L i , the set of transitions T corresponds to sets of in-

teracting transitions

T = a, { i }i I | a , I 1, n such that i I . i T i and P a = { p i }i I ff

Moreover, for any transition = a, { i }i I the associated port p is the interaction a , the guard g = ni =1 g i G a , and the update function f =(ni =1 f i ) F a , where is the function consist-ing in computing each function f i - the order of computation is irrelevant as the data of the com-ponents are disjoint,

the token ow relation F of the net is dened as

F = {(l, a, { i }i I ) | j I .l j }

( a, { i }i I , l ) | j I .l j

the set of initial places L0 is ni =1 L 0 i ,

the set of nal places L f is ni =1 L f i ,

the relation is the strict transitive closure of the re-lation 0 dened as the extension of individual pri-ority orders i to interactions: a1 0 a2 iff i =1, n. pi 1 P a 1 P i . pi 2 P a 2 P i such that pi 1 i pi 2 . The composition is dened only if this relation is a strict partial order.

Example 2. Composition of synchronous components is illustrated in Figure 5. Two tick-tock components are com-posed by synchronizing the tock of the rst component and the tick of the second one. The resulting component produces a tock 2 every P 2 ticks.

3. MODAL FLOW COMPONENTSModal ow components are synchronous components de-ned by modal ow graphs, which correspond to a particu-lar class of priority Petri nets. We dene the semantics of atomic ow components as well as their composition.

Definition 5 (modal flow component: syntax). A

modal ow component Bf

is dened as a tuple (X,P,D ):

X is a set of data variables, P is a set of ports p, each one being associated with a

triple (X p , gp , f p ) where

X p X , the set of variables exported through p, gp , the triggering condition of p, that is a predi-

cate dened on X , f p , an update function, that is a state transformer

function on X

D = ( D s , D w , D c ) is a triple of causal dependency rela-tions between ports. The relations D s , D w , D c P P denote respectively strong, weak and conditional depen-dency and are such that their union D s D w D c is acyclic.

Example 3. In Figure 6, the tick-tock synchronous com-ponent of Figure 3, is represented as a modal ow compo-nent. The tock transition is weakly dependent on tick tran-sition. Also, the update transition is strongly dependent on tick and conditionally dependent on tock . The only possi-ble executions within a step are therefore tick update or ticktock update .

tick tock

updatex:=x+1

[x=P]

x:=0

tick

update

tock

x:int

Figure 6: Tick-tock modal ow component

We use the following notations. For xed x = s ,w,c , we

write p x q to denote ( p, q ) D x . We writex

to denote

the reexive and transitive closure of x . We write p q todenote ( p, q ) D s D w D c and for its reexive and


5/10

update 1

x 1 := x 1 + 1

[x 1 = P ]x 1 := 0

tick 1 tock 1tick 1

update 1

tock 1

x 1 :int

update 1x 1 := x 1 + 1

[x 1 = P ]x 1 := 0

tick 1tick 1

update 1

update 1 tock 1 tick 2 tick 1

tock 1 tick 2

update 2x 2 := x 2 + 1

[x 2 = P ]x 2 := 0

tock 2

update 2

tock 1 tick 2 tock 2

x 1 :int

update 2 tock 2 tock 1 tick 2

x 2 :int

update 2 2 tock 2 2 tick 2update 1 1 tock 1 1 tick 1

update 2

x 2 := x 2 + 1

[x 2 = P ]x 2 := 0

tick 2 tock 2tick 2

update 2

tock 2

x 2 :int

Figure 5: Example of composition

transitive closure. Two ports p and q are called independent(noted pq ) iff neither p q nor q p.

For xed x = s, w,c , we denote by min x P the set of minimalports with respect to D x , that is min x P = {q | p.p

x q }.

We write min P to denote the set of minimal ports withrespect to D s D w D c , that is min P = {q | p.p q }.

We call a modal ow component well triggered iff:

1. each port p has a unique minimal strong cause

|{q min s

P |

q s

p

}| = 12. each port p has exclusively either strong or weak causes.

For a port p, we denote its minimal strong cause by root ( p).

Notice that, well-triggered modal ow graphs can be decom-posed as shown in Figure 7. The strong dependency relationdenes a set of connected subgraphs involving all the portsof the component. Each one of these subgraphs has a singleroot which is the common cause for its ports. Weak de-pendencies express triggering of the root of a subgraph bysome port of another subgraph. Finally, conditional depen-dencies may relate ports of different subgraphs provided theacyclicity property is not violated.

Figure 7: Well-triggered components.

We dene the semantics of modal ow components whichare well-triggered in terms of synchronous components.

Definition 6 (modal flow component: semantics).The semantics of a well-triggered modal ow component B f =(X,P,D ) is the synchronous component B = ( X,P,N, ):

the set of variables is X , the set of ports is P ; moreover, for each port p the

associated set of exported variables is X p , the Petri net N = ( L,T,F,L 0 , L f ) is dened by:

the set of places L is isomorphic to the set D s D w D c augmented with the set of minimal ports.That is L = {lxp,q | p

x q } {lp | p min P },

the set of transitions T is isomorphic to the set of ports P , that is T = {t p | p P }. Moreover, for any transition tp we associate its port p, the guard gp , and the update function f p ,

the token ow relation F L T T L , is constructed as follows: for each p min P add ( lp , t p ) to F , for each dependency p x q add (t p , l xp,q ), (lxp,q , t q )

to F , for each conditional dependency p c q add

(lcp,q , t root ( p ) ) to F , the set of initial places L 0 corresponds to minimal

ports and conditional dependencies that is L0 ={lp | p min P } {lcp,q | p c q },

the set of nal places L f consists of all places cor-responding to all but strong dependencies L f =L \ { lsp,q | p

s q }.

the priority order = ( ) 1 \ Id, that is p q iff q p and q = p, for all p , q P .

Example 4. The tick-tock modal ow component shown in Figure 6 is well-triggered. Its semantics is dened by the tick-tock synchronous component in Figure 3.


6/10


7/10

tick 1 tock 1

update 1x 1 := x 1 + 1

[x 1 = P ]x 1 := 0

tick 1

update 1


update 2x 2 := x 2 + 1

[x 2 = P ]x 2 := 0

tick 2

update 2


update 3x 3 := x 3 + 1

[x 3 = P ]x 3 := 0

tick 3

update 3

tock 3

tick 1

update 1

tock 3

update 3update 2

tock 1 tick 2 tock 2 tick 3

x 1 := x 1 + 1 x 2 := x 2 + 1 x 3 := x 3 + 1

[x 1 = P 1 ]x 1 := 0

[x 2 = P 2 ]x 2 := 0

[x 3 = P 3 ]x 3 := 0

update 1

tock 3tick 1

update 2 update 3

tock 2 tick 3tock 1 tick 2

Figure 8: Example of composition

expression E = pre (E, v ) means E 0 = v and E i = E i 1 ,

for all i 1.

In Lustre each ow (and expression) is associated with a log-ical clock. Implicitely, there always exists a unique, fastest,basic clock which denes the step (or basic clock cycle) of asynchronous program. Depending on this clock, other slowerclocks can be dened as the sequences of time instants whereboolean ow variables take the value true . In order to de-ne and manipulate ows operating on slower clocks, Lustreprovides two additional operators. The sampling operatorwhen , samples a ow depending on a boolean ow. The ex-pression E = E when b, is the sequence of values E whenthe boolean ow b is true . The expression E and the booleanow b have the same clock, while the expression E , operateson a slower clock dened by the instants at which b is true.The interpolation operator current , interpolates an expres-

sion on the clock which is immediately faster than its ownclock. The expression E = current E , takes the value of E at the last instant when b was true, where b is the booleanow dening the slower clock of E .

We consider statically correct programs which satisfy thestatic semantics rules of Lustre [11]. These rules excludeprograms containing cyclic, dependent equations, recursivecalls of nodes as well as combinatorial operators applied toexpressions having different clocks.

We dene modular operational semantics for Lustre, rst forsingle-clock programs and then for multi-clock programs.

4.1 Single-clock synchronous programsThe single-clock subset of Lustre is generated by using onlycombinatorial and unit delay operators. All ows are sam-pled (indexed) by the basic clock.

The translation from Lustre to modal ow graphs is mod-ular. Each node is represented by a well-triggered modalow component with two kinds of ports: act control portsand input (in) or output (out) data ports. An act port istriggered by the basic clock and initiates the step of thenode. The in (resp. out ) data ports carry data input (resp.output) read (resp. produced) by the node. Additionally,

modal ow graphs may contain internal ports and variables,depending on the specic computation carried by the node.

in outx x

act

in

out

act

in outx x

act

out

in

act

ow pre

combinatorial

act

out

in 1 in 2

in 1

in 2

x 1

x 2

act

op

outy

y = op (x 1 , x 2 )

Figure 9: Single-clock operators

The modal ow components shown in Figure 9 correspondto basic Lustre elements: ow, pre operator and combina-

torial operator. The ow component whenever activatedthrough the act port, reads a value through the in port andoutputs this value through the out port in the same step.The pre component has a local variable x. Whenever it isactivated through act , it outputs the current value x, thenit inputs and assigns a new value to x to be used in the nextstep. The combinatorial component starts a step when it istriggered through the act port. Then it reads input valuesin some arbitrary order, performs its specic computation,and nally, produces an output value.

The modal ow component representing a single-clock Lus-tre node is obtained by composing a set of components byusing a set of interactions dened as follow.

components : For each input and output ow declaredin the node we add a ow component. For each pre (resp.combinatorial) expression occuring within the equations, weadd a pre (resp. combinatorial ) component. Moreover, foreach subnode called within equations we add its correspond-ing modal ow component.

interactions : Interactions are of two types: control ow and data ow . A single control ow interaction realizesstrong synchronization between all the act ports of all com-ponents. Data ow interactions synchronize one out port toone or more in ports. They are used to propagate data from


8/10

input ow components to expression components and fromexpression components to output ow components or otherexpression components according to the syntactic structureof expressions and equations.

Example 6. Figure 10 shows a discrete integrator writ-ten in Lustre and its corresponding synchronous network of operators.

node Integrator(i: int)returns o: int;

let o = i + pre (o,0); tel ;

i o+

pre

Figure 10: Integrator

The representation of this node as a composition of modal ow components is shown in Figure 11 (top). The atomic modal ow components correspond to the pre operator, the combinatorial + operator, the input ow and the output ow.In addition to the act interaction, there are three interac-tions for data transfer from outputs to inputs: 1) from the

input ow component to the + component, 2) from the precomponent to the + component and 3) from the + operator to the output ow component and back to the pre compo-nent. The result of the composition is shown in Figure 11(bottom).

+

p

act 2

in 2

pin 2

act 2

p := 0

out 2

act 1

out 1

in 1iiin 1

act 1

act 4

out 4

in 4ooin 4 out 4

act 4

o out 4

act 1 act 2 act 3 act 4

+ out 3 in 2 in 4 out 4

in 1 i

p := 0

z out 3

in 3 a in 3 b

out 3

act 3

y

x

in 3 b

in 3 a

act 3

x := i

out 1

out 2

p := z

p := z, o := zz = x + y

out 2 in 3 bout 1 in 3 a

act 1 act 2 act 3 act 4

in 1

y := px := i

y := p, o := z

Figure 11: The Integrator modal ow component

The following theorem is a consequence of modularity of translation and of the following facts: 1) the modal owgraphs corresponding to the basic constructs of Lustre arewell-triggered; 2) for statically correct Lustre programs [12],composition of the basic modal ow graphs preserves well-triggeredness.

Theorem 3. Every statically correct single-clock Lustre node N is represented by a well-triggered modal ow compo-nent B f N such that:

1. it has a unique root which is an act port;2. all its dependencies are strong;3. it is deadlock-free and conuent;4. simulates the micro-step Lustre semantics [11] of N .

4.2 Multi-clock synchronous programsIn Figure 12, we provide two components modeling respec-tively the sampling and interpolation operators of Lustre.Both components have two control ports, act i and act o trig-gering respectively the input in and the output out dataports. For a sampling component, act o depends weakly onact i , and moreover, the output out dependends conditionallyon the input in . Thus an input is always read and when-ever required, an output is produced with the most recentvalue of the input which is precisely the interpretation of sampling. For the interpolation component, we have theopposite: act i depends weakly on act o but out conditionallydepends on in . Thus the output is always produced with themost recent value of the input. The last modal ow graphin Figure 12 describes an additional component, the derived clock component corresponding to a boolean ow b. Thiscomponent is used to initiate all the computations carriedon the clock b. Intuitively, it triggers the slower clock portonly after its base clock act has been triggered and if thevalue obtained through the data input in port is true.

sampling interpolating

act i

in

act o

out

x

x

in

out

act i act o

act o

out

act i

in

x

x

in

act o act i

out

derived clock

clock

act

in

act

in

clock[b]

b

Figure 12: Multi-clock operators

We apply a similar modular construction method for build-ing modal ow components for multi-clock nodes.

components: First, we add a derived clock componentfor each clock (i.e, when b). Second, we add a sampling (resp. interpolation ) component for each sampling (resp.interpolation) expression occuring within the equations of the node.

interactions: The data ow interactions are the same asfor the single-clock case, with the addition that data is alsopropagated to the input port of derived clocks. Regardingcontrol ow interactions, we add one interaction which syn-chronizes all the act ports of ows and expressions sampledon the basic clock. In addition, for each derived clock com-ponent, we add an interaction which synchronizes its clock port with all act ports of ows and expressions sampled bythat clock.

Example 7. Consider the following Lustre program:


9/10

node input_handler (a: bool, x: int when a)returns y: int;let y = if a then current x else pre (y, 0); tel ;

node output_handler (c: bool, y: int) returns z: int when c;var yc: int when c;let yc = y when c; z = yc * yc ; tel ;

node input_output (a,c: bool, x: int when a)returns z: int when c;var y: int;let y = input_handler (a, x); z = output_handler (c, y); tel ;

Depending on an input value x triggered by an input clock a , the input_output node produces a corresponding output value z triggered by an output clock c, by using the most recent available value of the input.

The main node is the input_output node which intercon-nects the two nodes, input_handler and output_handler .The input_handler node receives at every moment the boolean value a . An integer value x is received only when a is true .The output value y is an integer produced at every moment by interpolating the value of x. The output_handler node receives at every moment a boolean c and an integer variable y. It produces an output z by sampling y when c is true . Fi-nally, the input_output top node connects the output of the input_handler to the input of the output_handler .

Figure 13 shows the modal ow component representing the system. Its modal ow graph is obtained after composition and static simplication of the modal ow graphs of the in-put output node. It can be decomposed into three subgraphs with activation ports act , act a and act c corresponding respec-tively to the basic, when a, and when c clocks.

if ay := x

a, c : boolx ,z ,y,yc : int

in c

out z

yc := yz := yc 2

cin c

xin x

act act a act c

ain a z out z

act a

in x

in a[a = T ]

act

act c [c = T ]

Figure 13: The input/output handler

The following theorem establishes the correctness of ourtranslation.

Theorem 4. Every statically correct multi-clock Lustre node N is represented by a well-triggered modal ow compo-nent B f N which:

1. has multiple (control) root act ports, one for each clock in the Lustre program, and multiple data in/out ports;

2. the subgraphs dened by strong dependencies are con-nected through weak dependencies into a tree;

3. is deadlock-free and conuent;

4. simulates the micro-step Lustre semantics [11] of N

4.3 Experimental workWe have studied and implemented a translator from Lustreto BIP synchronous components which directly generatesPetri nets without using modal ow graphs. The translatoris currently fully operational. It takes as input Lustre pro-grams and produces full-edged BIP systems, that can be

simulated and analyzed using the BIP toolset [1].

This rst approach has several important drawbacks. Forthe generated BIP programs it is not easy to verify proper-ties guaranteed by construction for some synchronous pro-grams e.g. deadlock-freedom and conuence. Moreover, theBIP compilation chain cannot easily recover the informationthat the system is indeed synchronous and consequently, itcannot produce optimized code. For example, experimentswith concrete Lustre programs show an 600 : 1 overhead of execution time between the C code produced by the BIPcompiler and executed by the BIP engine, and the at Ccode produced by the Lustre compiler. Although, this over-head can be diminished to 20 : 1 by applying static compo-

sition of components in BIP [4], it still remains high.Modal ow graphs allow coping with these drawbacks. Weare now investigating the possibility to integrate directlymodal ow components in BIP. Our results about conu-ence and deadlock-freedom of modal ow components pro-vide syntactic conditions, easily implementable in an auto-matic tool. Moreover, modal ow components keep all thedata-ow explicit and can be used to generate efficient code,monolithic or not, as synchronous language compilers do.

5. RELATED WORKOur work as a tentative to bridge the gap between syn-chronous and asynchronous computation, is related to ap-

proaches with similar objectives.In [15], a model for synchronous components is proposedwhere steps are described by using automata with nal states.Another similarity is the distinction between data ports andcontrol ports. Nonetheless, the latter are activated by con-trollers which are specic components. The synchronous/reactivedomain of the Ptolemy system-level design framework [9]allows component-based description of synchronous systemswhere synchronous execution is orchestrated by a director .Finally, our work has the same general objectives as [2]which studies a compositional framework heterogeneous re-active systems. In contrast to BIP, the framework is deno-tational and is based on the concept of tags marking theevents of the signals of a system.

There are several differences between our work and existingresults. Our work is based on operational semantics. It con-siders synchronous component-based systems as a particularcase of the BIP framework which also encompasses generalasynchronous computation. Furthermore, we believe thatour framework is expressive enough to allow modular trans-lation of synchronous languages into BIP by preserving thestructure of the source, as shown for Lustre.

Modal ow graphs without data and only strong dependen-cies are acyclic partial orders on events. They correspond to


10/10

acyclic marked graphs which are Petri nets without forwardand backward conicts. Theorem 2 generalizes well-knownresults for marked graphs [8].

Modal ow graphs with strong dependencies and their com-position operation are also similar to synchronous struc-tures used in a study of the synchronous model of computa-tion [16]. This model has also some similarities with models

such as modal automata [14] which distinguish between must and may transitions or live sequence charts [7] which distin-guish between hot and cold events. Nonetheless, modal owgraphs encompass three independent modalities which areall necessary for modular description of synchronous sys-tems, as shown in the paper. Furthermore, for a reasonablygeneral class of modal ow graphs we proposed sufficientconditions for deadlock-freedom and conuence.

6. CONCLUSIONSWe present a general approach for modeling synchronouscomponent-based systems. These are systems of synchronouscomponents strongly synchronized by a common action sync that initiates execution steps of each component. Steps can

be described by priority Petri nets. Priorities are instru-mental for enforcing run-to-completion in the execution of astep. Modal ow graphs are used to dene a particular classof Petri nets for which deadlock-freedom and conuence aremet by construction provided some easy-to-check conditionshold. This result is the generalization of existing results forclasses of Petri nets without conicts. It allows more gen-eral behavior for components given that the semantics of conditional dependencies lead to Petri nets with backwardconicts and priorities.

The denition of synchronous components as a subset of theBIP framework allows their combination with other asyn-chronous languages that can be translated into BIP. Theproposed semantics has maximal parallelism, that is it showsonly the absolutely necessary dependencies between events.Execution in a step is non deterministic. However, if the be-havior is conuent and the order of execution is irrelevant.The translation of Lustre shows the interplay between dataow and control ow and allows understanding how strictsynchrony can be weakened to get more less synchronouscomputation models.

This work opens the way for exploring problems regardingrelations between synchronous and asynchronous systems.It allows integration of synchronous systems theory in anall encompassing component framework [3] without losingadvantages such as correctness-by-construction and efficientcode generation. This makes possible modeling mixed syn-chronous/asynchronous systems without artefacts. In Fig-ure 14, we show the principle for modeling GALS. A syn-chronous system sending data to another synchronous sys-tem through a FIFO queue. The input of the queue is trig-gered by the clock of the sender while its output is triggeredby the clock of the receiver. The meaningful integration of synchronous and asynchronous models in this framework isthe object of future work.

7. REFERENCES[1] A. Basu, M. Bozga, and J. Sifakis. Modeling

heterogeneous real-time systems in BIP. In

... outy 2y 1in

act 2

in z

out

act 2

act 2

act 1 act 1

x out

in act 1

Figure 14: A GALS system in BIP

Proceedings of SEFM06 , pages 312. invited talk.[2] A. Benveniste, B. Caillaud, L. P. Carloni, P. Caspi,

and A. L. Sangiovanni-Vincentelli. Composingheterogeneous reactive systems. ACM-TECS , 7(4),2008.

[3] S. Bliudze and J. Sifakis. A notion of glueexpressiveness for component-based systems. InProceedings of CONCUR08, LNCS 5201 , pages508522, 2008.

[4] M. Bozga, M. Jaber, and J. Sifakis. Source-to-sourcearchitecture transformation for performanceoptimization in BIP. Technical Report TR-2009-3,Verimag.

[5] M. Bozga, V. Sfyrla, and J. Sifakis. Modelingsynchronous systems in BIP. Technical ReportTR-2009-8, Verimag.

[6] S. L. Campbell, J.-P. Chancelier, and R. Nikoukhah.Modeling and Simulation in Scilab/Scicos . Springer.

[7] P. Combes, D. Harel, and H. Kugler. Modeling andverication of a telecommunication application usinglive sequence charts and the play-engine tool. InProceedings of ATVA05, LNCS 3707 , pages 414428.

[8] F. Commoner, A. W. Holt, S. Even, and A. Pnueli.Marked directed graphs. Computer System Sciences ,5(5):511523, 1971.

[9] J. Eker, J. W. Janneck, E. A. Lee, J. Liu, X. Liu,J. Ludvig, S. Neuendorffer, S. Sachs, and Y. Xiong.Taming heterogeneity - the Ptolemy approach.Proceedings of IEEE , 91(1):127144, 2003.

[10] P. L. Guernic, T. Gautier, M. L. Borgne, and C. L.Maire. Programming real time applications withSignal. Proceedings of IEEE , 79(9):13211336, 1991.

[11] N. Halbwachs. About synchronous programming andabstract interpretation. SCP , 31(1):7589, 1998.

[12] N. Halbwachs, P. Caspi, P. Raymond, and D. Pilaud.The synchronous dataow programming languagelustre. Proceedings of IEEE , 79(9):13051320, 1991.

[13] D. Harel and S. Maoz. Assert and negate revisited:Modal semantics for UML sequence diagrams.

Software and System Modeling , 7(2):237252, 2008.[14] K. G. Larsen, U. Nyman, and A. Wasowski. Modal i/oautomata for interface and product line theories. InProceedings of ESOP07, LNCS 4421 , pages 6479.

[15] F. Maraninchi and T. Bouhadiba. 42: Programmablemodels of computation for a component-basedapproach to heterogeneous embedded systems. InProceedings of ACM-GPCE07 .

[16] D. Nowak. Synchronous structures. Information and Computation , 204(8):12951324, 2006.

[17] Y. Zhou and E. A. Lee. Causality interfaces for actornetworks. ACM-TECS , 7(3), 2008.

Bip8 Model

Documents

Transcript of Bip8 Model