Loops in Esterel: From Operational Semantics to Formally Specified Compilers

Esterel is an imperative concurrent design language for the specification of control-oriented reactive systems. Based on the synchronous paradigm, its semantics relies on a clear distinction of instants of computation. All primitive instructions of the language but one "pause" instruction execute in zero time. Execution is thus a sequence of instantaneous computations separated by explicit pauses. Arbitrary loops in this context are troublesome, potentially leading to a non-termination problem or a schizophrenia issue: first, instantaneous loops may prevent the instant to end; second, program blocks may be traversed several times within the same instant, thus having a "schizophrenic" behavior. Instantaneous loops are forbidden by the semantics. Such errors have to be anticipated, and programs rejected by compilers on this behalf. Moreover, efficient code generation for schizophrenic program patterns is complex. While many existing compilers already generate correct code for loops, the efficient implementations available today are neither generic (i.e. target-independent) nor formally specified or verified. In this work, we thoroughly consider loops in Esterel, starting from the operational semantics of the language, all the way down to a provably correct implementation. We formally characterize the related issues and define efficient static analysis techniques to detect them in Esterel code. In order to get rid of schizophrenic behaviors by source-to-source rewriting - cure schizophrenia - we introduce in Esterel a new primitive instruction, which we call "gotopause". It behaves as a non-instantaneous jump instruction compatible with concurrency. We describe a first program transformation that systematically replaces loops by the mean of gotopause statements, providing a loop-free equivalent program for any correct Esterel program. By combining static analysis and rewriting techniques, we obtain a preprocessor for Esterel that rejects incorrect loops and cure schizophrenia, which we have implemented. Due to our source-to-source transformation methodology, our preprocessor is highly generic; because of static analysis, it is very efficient; thanks to our fully formalized approach, we could formally establish its correctness.

[1]  Sylvain Boulmé,et al.  Certifying Synchrony for Free , 2001, LPAR.

[2]  Mitchell Wand,et al.  Compiler Correctness for Concurrent Languages , 1996, COORDINATION.

[3]  Robert de Simone,et al.  The SL Synchronous Language , 1996, IEEE Trans. Software Eng..

[4]  Ellen Sentovich,et al.  Latch optimization in circuits generated from high-level descriptions , 1996, Proceedings of International Conference on Computer Aided Design.

[5]  Jean-Pierre Talpin,et al.  Co-inductive Axiomatization of a Synchronous Language , 1998, TPHOLs.

[6]  Wolfgang Pollak Compiler Specification and Verification , 1981, Lecture Notes in Computer Science.

[7]  Frederic Mignard Compilation du langage esterel en systemes d'equations booleennes , 1994 .

[8]  Georges Gonthier Sémantiques et modèles d'exécution des langages réactifs synchrones : application à Esterel , 1988 .

[9]  Bruce Powell Douglass,et al.  Real-time UML (2nd ed.): developing efficient objects for embedded systems , 1997 .

[10]  Gérard Berry,et al.  Esterel on hardware , 1992, Philosophical Transactions of the Royal Society of London. Series A: Physical and Engineering Sciences.

[11]  Nicolas Halbwachs,et al.  Synchronous Programming of Reactive Systems , 1992, CAV.

[12]  Gérard Berry,et al.  The Esterel Synchronous Programming Language: Design, Semantics, Implementation , 1992, Sci. Comput. Program..

[13]  Mickaël Kerboeuf,et al.  Specification and Verification of a Steam-Boiler with Signal-Coq , 2000, TPHOLs.

[14]  Lionel Morel Efficient Compilation of Array Iterators for Lustre , 2002, Electron. Notes Theor. Comput. Sci..

[15]  M. Gordon,et al.  Introduction to HOL: a theorem proving environment for higher order logic , 1993 .

[16]  Xavier Leroy The objective caml system release 3 , 2001 .

[17]  de Ng Dick Bruijn,et al.  Lambda calculus notation with nameless dummies, a tool for automatic formula manipulation, with application to the Church-Rosser theorem , 1972 .

[18]  Amir Pnueli,et al.  On the Development of Reactive Systems , 1989, Logics and Models of Concurrent Systems.

[19]  Amir Pnueli,et al.  Translation Validation , 1998, TACAS.

[20]  David Harel,et al.  Statecharts: A Visual Formalism for Complex Systems , 1987, Sci. Comput. Program..

[21]  Jens Palsberg,et al.  A Provably Correct Compiler Generator , 1992, ESOP.

[22]  Gordon D. Plotkin,et al.  A structural approach to operational semantics , 2004, J. Log. Algebraic Methods Program..

[23]  P. Caspi,et al.  A methodology for proving control systems with Lustre and PVS , 1999, Dependable Computing for Critical Applications 7.

[24]  Ch. Andre,et al.  Synccharts: A visual representation of reactive behaviors , 1995 .

[25]  Gilles Kahn,et al.  Natural Semantics , 1987, STACS.

[26]  Fr.-Xavier Fornari Optimisation du controle et implantation en circuits de programmes esterel , 1995 .

[27]  Bran Selic,et al.  Using UML for Modeling Complex Real-Time Systems , 1998, LCTES.

[28]  John McCarthy,et al.  Correctness of a compiler for arithmetic expressions , 1966 .

[29]  Stephen A. Edwards,et al.  Compiling Esterel into Static Discrete-Event Code , 2006, SLAP@ETAPS.

[30]  Éric Rutten,et al.  Formal verification of programs specified with signal: application to a power transformer station controller , 2001, Sci. Comput. Program..

[31]  Charles André Representation and Analysis of Reactive Behaviors: A Synchronous Approach , 2000 .

[32]  Patrick Borras,et al.  Centaur: the system , 1988, Software Development Environments.

[33]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[34]  Daniel Marcos Chapiro,et al.  Globally-asynchronous locally-synchronous systems , 1985 .

[35]  Alfred V. Aho,et al.  Compilers: Principles, Techniques, and Tools , 1986, Addison-Wesley series in computer science / World student series edition.

[36]  Robert de Simone,et al.  Optimizations for faster execution of Esterel programs , 2003, First ACM and IEEE International Conference on Formal Methods and Models for Co-Design, 2003. MEMOCODE '03. Proceedings..

[37]  J. Paris Execution de taches asynchrones depuis esterel , 1992 .

[38]  David Nowak Spécification et preuve de systèmes réactifs , 1999 .

[39]  Olivier Tardieu,et al.  Goto and Concurrency Introducing Safe Jumps in Esterel , 2006, SLAP@ETAPS.

[40]  Olivier Tardieu,et al.  A Deterministic Logical Semantics for Esterel , 2005, SOS@CONCUR.

[41]  Tobias Schüle,et al.  A Verified Compiler for Synchronous Programs with Local Declarations , 2006, SLAP@ETAPS.

[42]  Maulik A. Dave,et al.  Compiler verification: a bibliography , 2003, SOEN.

[43]  Edsger W. Dijkstra,et al.  Go To Statement Considered Harmful , 2022, Software Pioneers.

[44]  Klaus Schneider,et al.  Embedding imperative synchronous languages in interactive theorem provers , 2001, Proceedings Second International Conference on Application of Concurrency to System Design.

[45]  M. F.,et al.  Bibliography , 1985, Experimental Gerontology.

[46]  Gérard Berry,et al.  The Semantics of Pure Esterel , 1992, NATO ASI PDC.

[47]  Michel Poize,et al.  SAXO-RT: Interpreting Esterel Semantic on a Sequential Execution Structure , 2002, SLAP@ETAPS.

[48]  Pascal Raymond,et al.  The synchronous data flow programming language LUSTRE , 1991, Proc. IEEE.

[49]  Amir Pnueli,et al.  Translation Validation: From SIGNAL to C , 1999, Correct System Design.

[50]  Robert de Simone,et al.  Curing schizophrenia by program rewriting in Esterel , 2004, Proceedings. Second ACM and IEEE International Conference on Formal Methods and Models for Co-Design, 2004. MEMOCODE '04..

[51]  Leszek Holenderski,et al.  The Synchronous Approach to Designing Reactive Systems , 1998, Formal Methods Syst. Des..

[52]  Amar Bouali,et al.  XEVE, an ESTEREL Verification Environment , 1998, CAV.

[53]  Frédéric Boussinot,et al.  The ESTEREL language , 1991, Proc. IEEE.

[54]  Klaus Schneider A Verified Hardware Synthesis of Esterel Programs , 2000, DIPES.

[55]  Yves Bertot,et al.  Implementation of an Interpreter for a Parallel Language in Centaur , 1990, ESOP.

[56]  Nicolas Halbwachs,et al.  Programming and Verifying Real-Time Systems by Means of the Synchronous Data-Flow Language LUSTRE , 1992, IEEE Trans. Software Eng..

[57]  Gérard Berry,et al.  The constructive semantics of pure esterel , 1996 .

[58]  Sébastien Gérard,et al.  Real-Time Modeling with UML: The ACCORD Approach , 1998, UML.

[59]  Henk Barendregt,et al.  The Lambda Calculus: Its Syntax and Semantics , 1985 .

[60]  Thierry Gautier,et al.  Programming real-time applications with SIGNAL , 1991, Proc. IEEE.

[61]  Stephen A. Edwards,et al.  The Synchronous Languages Twelve Years Later , 1997 .

[62]  Jan Friso Groote,et al.  Transition System Specifications with Negative Premises , 1993, Theor. Comput. Sci..

[63]  Neil R. Storey,et al.  Safety-critical computer systems , 1996 .

[64]  Amir Pnueli,et al.  The Code Validation Tool (CVT) , 1998, International Journal on Software Tools for Technology Transfer (STTT).

[65]  Robert de Simone,et al.  Instantaneous Termination in Pure Esterel , 2003, SAS.

[66]  Yves Sorel,et al.  Optimized rapid prototyping for real-time embedded heterogeneous multiprocessors , 1999, Proceedings of the Seventh International Workshop on Hardware/Software Codesign (CODES'99) (IEEE Cat. No.99TH8450).

[67]  Susan Stepney,et al.  High integrity compilation - a case study , 1993 .

[68]  Edsger W. Dijkstra,et al.  Go to Statement Considered Harmful (Reprint) , 2002, Software Pioneers.

[69]  S C Kleene,et al.  Representation of Events in Nerve Nets and Finite Automata , 1951 .

[70]  Robin Milner,et al.  Communication and concurrency , 1989, PHI Series in computer science.

[71]  Stephen A. Edwards,et al.  Languages for Digital Embedded Systems , 2000 .

[72]  K. Schneider,et al.  A new method for compiling schizophrenic synchronous programs , 2001, CASES '01.

[73]  Bruce Powel Douglass Real-time UML - developing efficient objects for embedded systems , 1997, Addison-Wesley object technology series.