Transcript Correct and efficient implementations of synchronous

Correct and efficient implementations of
synchronous models on asynchronous
execution platforms
Stavros Tripakis
UC Berkeley and Verimag
EC^2 Workshop, Grenoble, June 2009
1
Some observations
Threads have conquered the world, but …
• Concurrency => interleaving
– C.f., synchronous systems (e.g., circuits)
• Concurrency => non-determinism
– synchronous circuits are deterministic
• Concurrency => shared memory
– C.f., data flow models
• Asynchronous concurrency (interleaving) =>
non-determinism
– C.f., Kahn Process Networks
2
What are the problems we (as a
community) are trying to solve?
• Cope with concurrency… but what does it mean?
• What are the right execution platforms?
– Which multicore architecture, memory model, …
• What are the right programming models?
• For which types of applications?
• How to map the latter to the former?
– Correctly and efficiently!
• How to verify stuff?
given,
asynchronous
± given,
synchronous
focus
3
Synchronous vs. asynchronous
concurrency
• Synchronous concurrency
– Execution platforms: synchronous hardware
– Programming models: Simulink, SCADE, synchronous
languages (Esterel, Lustre, …), …
• Asynchronous concurrency
– Execution platforms: many, including distributed
platforms
– Programming models: thread-based (often
communicating by shared-memory)
4
Concurrency => non-determinism
• Most synchronous models are deterministic:
synchronous hardware, Simulink, SCADE, most
synchronous languages, …
Engine control model in Simulink
Copyright The Mathworks
5
Concurrency => non-determinism
• Some asynchronous models are also
deterministic, e.g.:
– Kahn Process Networks: the sequence of values
(stream) produced at each FIFO is the same
independent of process interleaving
6
Our choice of programming model:
synchronous
• Set of parallel processes, notion of global synchronous cycle
– Simulink, SCADE, VHDL, Verilog, Lustre, Esterel, …
• Main advantages:
– Determinism, no process interleaving:
• Easier to understand, easier to verify (less state explosion)
• Main objections:
– “Synchrony is impossible/hard/too expensive to implement”
– “This is especially true for distributed systems”
• “You need clock synchronization”
– Practice seems to agree with this…
• Most available implementations of synchronous systems are either synchronous
hardware, or centralized “read; compute; write;” control loops.
– …but it is not quite true.
7
Semantics-preserving implementation of
synchronous models
design
application
Simulink
single-processor
single-task
…
distributed,
synchronous
(TTA)
…
implementation
single-processor
multi-task
distributed,
asynchronous
(KPN, LTTA, ...)
execution
platform
8
[IEEE Trans. Computers, Oct’08]
From synchronous models to asynchronous
distributed implementations
Joint work with
Claudio Pinello, Cadence
Alberto Sangiovanni-Vincentelli, UC Berkeley
Albert Benveniste, IRISA (France)
Paul Caspi, VERIMAG (France)
Marco di Natale, SSSA (Italy)
9
Implementation on asynchronous
distributed platforms
synchronous model
• Asynchronous distributed
platforms:
– Many computers, each with a
local clock
• No clock synchronization
– Computers communicate using
some network/protocol
• Don’t care which network, as long
as finite FIFO queues (TCP) can be
implemented on top
asynchronous platform
with some communication network
10
Implementation on asynchronous
distributed platforms
synchronous model
Intermediate layer:
asynchronous processes
communicating
with finite FIFO queues
asynchronous platform
with some communication network
11
Implementation on asynchronous
distributed platforms
synchronous model
Intermediate layer:
asynchronous processes
communicating
with finite FIFO queues
This is like
Kahn Process Networks
with blocking write()
when FIFO is full.
FIFOs must be large
enough to avoid
deadlocks.
=> semantical (stream) preservation
12
Semantical preservation: proof
• Use old theories [1970s]:
• Marked graphs
– Subclass of Petri Nets
– Used to show FFP liveness (no
deadlock)
• Kahn Process Networks
– Used Kahn’s fundamental result:
determinism
– Streams do not depend on
process interleaving
13
Performance analysis: worst-case
logical-time throughput and latency
Computing worst-case logical-time
throughput
P1
P2
deterministic firing policy
Relating real-time and logical-time
throughput
WCLTT = 1/2
LT thput = 3/4
Reachability lasso of marked graph
P1
1
P2
WCLTT = 1
14
[ACM Trans. Embed. Comp. Sys., Feb’08]
From synchronous models to
asynchronous multitask implementations
Joint work with
Paul Caspi,
Norman Scaife,
Christos Sofronis,
VERIMAG
15
Implementation on centralized,
multitasking platforms
Sync
T1
T2
T3
tasks
• Why multitasking and not
single “real-compute-write”
loop?
• For multi-rate models:
– Multitask implementation
schedulable, but single-task not
schedulable
scheduler
Single-processor
Priority scheduling
(fixed priority or EDF)
16
Implementation on centralized,
multitasking platforms
Sync
T1
T2
T3
Goal:
semantical preservation
tasks
scheduler
Single-processor
Priority scheduling
(fixed priority or EDF)
17
Implementation on centralized,
multitasking platforms
“Naïve” implementations don’t work
Sync
The Dynamic Buffering Protocol
Q
A
T1
T2
T3
A
A
B
A
1
Single-processor
Priority scheduling
(fixed priority or EDF)
B
Q
tasks
scheduler
PrioQ > PrioA > PrioB
Q
A
B
ERROR
- non-blocking (wait-free)
- memory-optimal
- semantics-preserving
18
Conclusions
• Concurrency => non-determinism
• Synchronous models are deterministic
– easier to understand and verify
• Synchronous models can be implemented on a
variety of asynchronous execution platforms,
using non-trivial techniques:
– Implementations are correct-by-construction
– They are memory-optimal
– Performance (throughput, latency, …) can be analyzed
and optimized
19
Open questions
• For which applications is the synchronous
programming model suitable?
– Traditionally for control: avionics, automotive, …
– Some recent works trying to apply it to multimedia/signal
processing
• To what extent these methods apply to multicores?
• Are dataflow computers going to come back?
20