skip to main content
research-article
Open Access
Artifacts Available
Artifacts Evaluated & Reusable

Mechanized semantics and verified compilation for a dataflow synchronous language with reset

Authors Info & Claims
Published:20 December 2019Publication History
Skip Abstract Section

Abstract

Specifications based on block diagrams and state machines are used to design control software, especially in the certified development of safety-critical applications. Tools like SCADE Suite and Simulink/Stateflow are equipped with compilers that translate such specifications into executable code. They provide programming languages for composing functions over streams as typified by Dataflow Synchronous Languages like Lustre.

Recent work builds on CompCert to specify and verify a compiler for the core of Lustre in the Coq Interactive Theorem Prover. It formally links the stream-based semantics of the source language to the sequential memory manipulations of generated assembly code. We extend this work to treat a primitive for resetting subsystems. Our contributions include new semantic rules that are suitable for mechanized reasoning, a novel intermediate language for generating optimized code, and proofs of correctness for the associated compilation passes.

Skip Supplemental Material Section

Supplemental Material

a44-bourke.webm

References

  1. Mark M. Adams and Philip B. Clayton. 2005. ClawZ: Cost-Effective Formal Verification for Control Systems. In 7th Int. Conf. on Formal Methods and Software Engineering (ICFEM 2005) (LNCS), Kung-Kiu Lau and Richard Banach (Eds.), Vol. 3785. Springer, Manchester, UK, 465–479. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. Rajeev Alur, Aditya Kanade, S. Ramesh, and K.C. Shashidhar. 2008. Symbolic Analysis for Improving Simulation Coverage of Simulink/Stateflow Models. In Proc. 8th ACM Int. Conf. on Embedded Software (EMSOFT 2008). ACM Press, Atlanta, GA, USA, 89–98. https://www.cis.upenn.edu/~alur/Emsoft08GM.pdfGoogle ScholarGoogle ScholarDigital LibraryDigital Library
  3. Rob D. Arthan, Paul Caseley, Colin O’Halloran, and Alf Smith. 2000. ClawZ: control laws in Z. In 2nd Int. Conf. on Formal Methods and Software Engineering (ICFEM 2000), Shaoying Liu, John A. McDermid, and Michael G. Hinchey (Eds.). IEEE Computer Society, York, UK, 169–176. Google ScholarGoogle ScholarCross RefCross Ref
  4. Cédric Auger. 2013. Compilation certifiée de SCADE/LUSTRE. Ph.D. Dissertation. Univ. Paris Sud 11, Orsay, France. https://tel.archives- ouvertes.fr/tel- 00818169/documentGoogle ScholarGoogle Scholar
  5. Cédric Auger, Jean-Louis Colaço, Gregoire Hamon, and Marc Pouzet. 2014. A Formalization and Proof of a Modular Lustre Code Generator. (2014). In preparation.Google ScholarGoogle Scholar
  6. Gérard Berry. 1989. Real Time Programming: Special Purpose or General Purpose Languages. In Proc. 11th Int. Federation for Information Processing (IFIP) World Computer Congress, Gerhard Ritter (Ed.). Int. Federation for Information Processing (IFIP), San Francisco, USA, 11–17. https://hal.inria.fr/inria- 00075494/documentGoogle ScholarGoogle Scholar
  7. Gérard Berry. 1993. Preemption in Concurrent Systems. In Foundations of Software Technology and Theoretical Computer Science (LNCS), R. K. Shyamasundar (Ed.), Vol. 761. Springer, Bombay, India, 72–93. http://www- sop.inria.fr/members/ Gerard.Berry/Papers/preemption.zipGoogle ScholarGoogle Scholar
  8. Gérard Berry. 2000. The Esterel v5 Language Primer (5.91 ed.). Ecole des Mines and INRIA. http://www- sop.inria.fr/ members/Gerard.Berry/Papers/primer.zipGoogle ScholarGoogle Scholar
  9. Gérard Berry. 2002. The Constructive Semantics of Pure Esterel (draft version 3 ed.). Sophia-Antipolis, France. http://wwwsop.inria.fr/members/Gerard.Berry/Papers/EsterelConstructiveBook.pdfGoogle ScholarGoogle Scholar
  10. Dariusz Biernacki, Jean-Louis Colaço, Gregoire Hamon, and Marc Pouzet. 2008. Clock-directed modular code generation for synchronous data-flow languages. In Proc. 9th ACM SIGPLAN Conf. on Languages, Compilers, and Tools for Embedded Systems (LCTES 2008). ACM Press, Tucson, AZ, USA, 121–130. https://www.di.ens.fr/~pouzet/bib/lctes08a.pdfGoogle ScholarGoogle ScholarDigital LibraryDigital Library
  11. Sandrine Blazy and Xavier Leroy. 2009. Mechanized Semantics for the Clight Subset of the C Language. J. Automated Reasoning 43, 3 (Oct. 2009), 263–288. https://hal.inria.fr/inria- 00352524/documentGoogle ScholarGoogle ScholarCross RefCross Ref
  12. Olivier Bouissou and Alexandre Chapoutot. 2012. An operational semantics for Simulink’s simulation engine. In Proc. 13th ACM SIGPLAN Conf. on Languages, Compilers, and Tools for Embedded Systems (LCTES 2012), Reinhard Wilhelm, Heiko Falk, and Wang Yi (Eds.). ACM Press, Beijing, China, 129–138. https://perso.ensta- paristech.fr/~chapoutot/recherche/ lctes12_bc.pdfGoogle ScholarGoogle ScholarDigital LibraryDigital Library
  13. Timothy Bourke, Lélio Brun, Pierre-Évariste Dagand, Xavier Leroy, Marc Pouzet, and Lionel Rieg. 2017. A Formally Verified Compiler for Lustre. In Proc. 2017 ACM SIGPLAN Conf. on Programming Language Design and Implementation (PLDI). ACM Press, Barcelona, Spain, 586–601. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. Timothy Bourke, Lélio Brun, and Marc Pouzet. 2018. Towards a verified Lustre compiler with modular reset. In Proc. 21st Int. Workshop on Software and Compilers for Embedded Systems (SCOPES’18). ACM, Sankt Goar, Germany, 14–17. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. Timothy Bourke and Marc Pouzet. 2019. Arguments cadencés dans un compilateur Lustre vérifié. In 30 ièmes Journées Francophones des Langages Applicatifs (JFLA 2019), Nicolas Magaud and Zaynah Dargaye (Eds.). Les Rousses, Haut-Jura, France, 109–124. https://hal.inria.fr/hal- 02005639/documentGoogle ScholarGoogle Scholar
  16. Paul Caspi. 1992. Clocks in dataflow languages. Theoretical Computer Science 94, 1 (March 1992), 125–140. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. Paul Caspi. 1994. Towards recursive block diagrams. Annual Review in Automatic Programming 18 (1994), 81–85. Google ScholarGoogle ScholarCross RefCross Ref
  18. Paul Caspi, Daniel Pilaud, Nicolas Halbwachs, and John A. Plaice. 1987. LUSTRE: A declarative language for programming synchronous systems. In Proc. 14th ACM SIGPLAN-SIGACT Symp. Principles of Programming Languages (POPL 1987). ACM Press, Munich, Germany, 178–188. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. Paul Caspi and Marc Pouzet. 1997. A Co-iterative Characterization of Synchronous Stream Functions. Research Report 97-07. VERIMAG, Gières, France.Google ScholarGoogle Scholar
  20. Paul Caspi and Marc Pouzet. 1998. A Co-iterative Characterization of Synchronous Stream Functions. In First Workshop on Coalgebraic Methods in Computer Science (CMCS’98) (ENTCS), Vol. 11. Elsevier Science, Lisbon, Portugal, 1–21. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. Ana Cavalcanti, Phil Clayton, and Colin O’Halloran. 2011. From control law diagrams to Ada via Circus. Formal Aspects of Computing 23, 4 (July 2011), 465–512. https://www- users.cs.york.ac.uk/~alcc/publications/papers/CCO11.pdfGoogle ScholarGoogle ScholarCross RefCross Ref
  22. Alexandre Chapoutot and Matthieu Martel. 2009. Abstract Simulation: A Static Analysis of Simulink Models. In Proc. Int. Conf. on Embedded Software and Systems (ICESS 2009). IEEE Computer Society, IEEE, Zhejiang, China, 83–92. http://www.ensta- paristech.fr/~chapoutot/recherche/icess09_chapoutot_martel.pdfGoogle ScholarGoogle ScholarDigital LibraryDigital Library
  23. Chunqing Chen, Jin Song Dong, and Jun Sun. 2009. A formal framework for modeling and validating Simulink diagrams. Formal Aspects of Computing 21, 5 (Oct. 2009), 451–483. Google ScholarGoogle ScholarCross RefCross Ref
  24. Mingshuai Chen, Xiao Han, Tao Tang, Shuling Wang, Mengfei Yang, Naijun Zhan, Hengjun Zhao, and Liang Zou. 2017. MARS: A Toolchain for Modelling, Analysis and Verification of Hybrid Systems. In Provably Correct Systems (NASA Monographs in Systems and Software Engineering), Mike G. Hinchey, Jonathan P. Bowen, and Ernst-Rüdiger Olderog (Eds.). Springer, Cham, Switzerland, 39–58. Google ScholarGoogle ScholarCross RefCross Ref
  25. Albert Cohen, Léonard Gérard, and Marc Pouzet. 2012. Programming Parallelism with Futures in Lustre. In Proc. 12th ACM Int. Conf. on Embedded Software (EMSOFT 2012). ACM Press, Tampere, Finland, 197–206. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. Jean-Louis Colaço, Bruno Pagano, and Marc Pouzet. 2005. A Conservative Extension of Synchronous Data-flow with State Machines. In Proc. 5th ACM Int. Conf. on Embedded Software (EMSOFT 2005). ACM Press, Jersey City, USA, 173–182. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. Jean-Louis Colaço, Bruno Pagano, and Marc Pouzet. 2017. Scade 6: A Formal Language for Embedded Critical Software Development. In Proc. 11th Int. Symp. Theoretical Aspects of Software Engineering (TASE 2017). IEEE Computer Society, Nice, France, 4–15. https://hal.inria.fr/hal- 01666470/documentGoogle ScholarGoogle ScholarCross RefCross Ref
  28. Jean-Louis Colaço and Marc Pouzet. 2003. Clocks as First Class Abstract Types. In Proc. 3rd Int. Conf. on Embedded Software (EMSOFT 2003) (LNCS), Vol. 2855. Springer, Philadelphia, PA, USA, 134–155. Google ScholarGoogle ScholarCross RefCross Ref
  29. Jean-Louis Colaço and Marc Pouzet. 2004. Type-based initialization analysis of a synchronous dataflow language. Int. J. Software Tools for Technology Transfer 6, 3 (Aug. 2004), 245–255. https://www.di.ens.fr/~pouzet/bib/sttt04.pdfGoogle ScholarGoogle ScholarCross RefCross Ref
  30. Coq Development Team. 2019. The Coq proof assistant reference manual. Inria. https://coq.inria.fr/distrib/current/refman/ v. 8.9.Google ScholarGoogle Scholar
  31. Léonard Gérard, Adrien Guatto, Cédric Pasteur, and Marc Pouzet. 2012. A modular memory optimization for synchronous data-flow languages: application to arrays in a Lustre compiler. In Proc. 13th ACM SIGPLAN Conf. on Languages, Compilers, and Tools for Embedded Systems (LCTES 2012), Reinhard Wilhelm, Heiko Falk, and Wang Yi (Eds.). ACM Press, Beijing, China, 51–60. https://www.di.ens.fr/~guatto/papers/lctes12.pdfGoogle ScholarGoogle ScholarDigital LibraryDigital Library
  32. Grégoire Hamon. 2005. A Denotational Semantics for Stateflow. In Proc. 5th ACM Int. Conf. on Embedded Software (EMSOFT 2005). ACM Press, Jersey City, USA, 164–172. Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. Gégoire Hamon and Marc Pouzet. 2000. Modular Resetting of Synchronous Data-Flow Programs. In Proc. 2nd ACM SIGPLAN Int. Conf. on Principles and Practice of Declarative Programming (PPDP 2000), Frank Pfenning (Ed.). ACM, Montreal, Canada, 289–300. Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. Grégoire Hamon and John Rushby. 2004. An Operational Semantics for Stateflow. In Proc. 7th Int. Conf. on Fundamental Approaches to Software Engineering (FASE’04) (LNCS), Michel Wermelinger and Tiziana Margaria-Steffen (Eds.), Vol. 2984. Springer, Barcelona, Spain, 229–243. http://www.csl.sri.com/users/rushby/papers/sttt07.pdfGoogle ScholarGoogle ScholarCross RefCross Ref
  35. David Harel. 1987. Statecharts: A Visual Formalism for Complex Systems. Science of Computer Programming 8, 3 (June 1987), 231–274. Google ScholarGoogle ScholarDigital LibraryDigital Library
  36. David Harel and Amnon Naamad. 1996. The STATEMATE Semantics of Statecharts. ACM Trans. Software Engineering and Methodology (TOSEM) 5, 4 (Oct. 1996), 293–333. Google ScholarGoogle ScholarDigital LibraryDigital Library
  37. Erwan Jahier, Pascal Raymond, and Nicolas Halbwachs. 2019. The Lustre V6 Reference Manual. Verimag, Grenoble. http://www- verimag.imag.fr/DIST- TOOLS/SYNCHRONE/lustre- v6/doc/lv6- ref- man.pdfGoogle ScholarGoogle Scholar
  38. Jacques-Henri Jourdan, François Pottier, and Xavier Leroy. 2012. Validating LR(1) parsers. In 21st European Symposium on Programming (ESOP 2012), held as part of European Joint Conferences on Theory and Practice of Software (ETAPS 2012) (LNCS), Helmut Seidl (Ed.), Vol. 7211. Springer, Tallinn, Estonia, 397–416. https://hal.inria.fr/hal- 01077321/documentGoogle ScholarGoogle ScholarDigital LibraryDigital Library
  39. Gilles Kahn. 1974. The Semantics of a Simple Language for Parallel Programming. In Proc. Int. Federation for Information Processing (IFIP) Congress 1974, Jack L. Rosenfeld (Ed.). North-Holland, Stockholm, Sweden, 471–475. https://perso.enstaparistech.fr/~chapoutot/various/kahn_networks.pdfGoogle ScholarGoogle Scholar
  40. Ramana Kumar, Magnus O. Myreen, Michael Norrish, and Scott Owens. 2014. CakeML: A Verified Implementation of ML. In Proc. 41st ACM SIGPLAN-SIGACT Symp. Principles of Programming Languages (POPL 2014). ACM Press, San Diego, CA, USA, 179–191. https://cakeml.org/popl14.pdfGoogle ScholarGoogle ScholarDigital LibraryDigital Library
  41. Xavier Leroy. 2009. Formal verification of a realistic compiler. Comms. ACM 52, 7 (2009), 107–115. https://hal.inria.fr/inria00415861/documentGoogle ScholarGoogle ScholarDigital LibraryDigital Library
  42. Florence Maraninchi and Nicolas Halbwachs. 1996. Compiling Argos into Boolean equations. In Proc. 4th Int. Symp. Formal Techniques for Real-Time and Fault-Tolerance (FTRTFT ’96) (LNCS), Bengt Jonsson and Joachim Parrow (Eds.), Vol. 1135. Springer, Uppsala, Sweden, 72–89. http://www- verimag.imag.fr/~halbwach/FTRTFT96.psGoogle ScholarGoogle ScholarCross RefCross Ref
  43. Florence Maraninchi and Yann Rémond. 2001. Argos: an automaton-based synchronous language. Computer Languages 27, 1–3 (2001), 61–92. https://hal.archives- ouvertes.fr/hal- 00273055/documentGoogle ScholarGoogle ScholarDigital LibraryDigital Library
  44. Florence Maraninchi and Yann Rémond. 2003. Mode-Automata: a new Domain-Specific Construct for the Development of Safe Critical Systems. Science of Computer Programming 46, 3 (2003), 219–254. Google ScholarGoogle ScholarDigital LibraryDigital Library
  45. Van Chan Ngo, Jean-Pierre Talpin, and Thierry Gautier. 2015. Translation Validation for Synchronous Data-Flow Specification in the SIGNAL Compiler. In Proc. 35th IFIP WG 6.1 Int. Conf. on Formal Techniques for Distributed Objects, Components, and Systems (FORTE 2015) (LNCS), Susanne Graf and Mahesh Viswanathan (Eds.), Vol. 9039. Springer, Grenoble, France, 66–80. https://hal.inria.fr/hal- 01767328Google ScholarGoogle Scholar
  46. Christine Paulin-Mohring. 2009. A constructive denotational semantics for Kahn networks in Coq. In From Semantics to Computer Science: Essays in Honour of Gilles Kahn, Yves Bertot, Gérard Huet, Jean-Jacques Lévy, and Gordon Plotkin (Eds.). CUP, Cambridge, UK, 383–413. https://hal.inria.fr/inria- 00431806/documentGoogle ScholarGoogle Scholar
  47. Simon Peyton Jones (Ed.). 2003. Haskell 98 Language and Libraries: The Revised Report. CUP, Cambridge, UK. https: //www.haskell.org/definition/haskell98- report.pdfGoogle ScholarGoogle Scholar
  48. Dumitru Potop-Butucaru, Stephen A. Edwards, and Gérard Berry. 2007. Compiling Esterel. Springer, New York, NY, USA. Google ScholarGoogle ScholarCross RefCross Ref
  49. Marc Pouzet. 2006. Lucid Synchrone, v. 3. Tutorial and reference manual. Université Paris-Sud. https://www.di.ens.fr/ ~pouzet/lucid- synchrone/lucid- synchrone- 3.0- manual.pdfGoogle ScholarGoogle Scholar
  50. Michael Ryabtsev and Ofer Strichman. 2009. Translation Validation: From Simulink to C. In Proc. 21st Int. Conf. on Computer Aided Verification (CAV 2009) (LNCS), Ahmed Bouajjani and Oded Maler (Eds.), Vol. 5643. Springer, Grenoble, France, 696–701. Google ScholarGoogle ScholarDigital LibraryDigital Library
  51. Gang Shi, Yuanke Gan, Shu Shang, Shengyuan Wang, Yuan Dong, and Pen-Chung Yew. 2017. A Formally Verified Sequentializer for Lustre-Like Concurrent Synchronous Data-Flow Programs. In Proc. 39th Int. Conf. on Software Engineering Companion (ICSE-C’17). IEEE Press, Buenos Aires, Argentina, 109–111. Google ScholarGoogle ScholarDigital LibraryDigital Library
  52. Gang Shi, Yucheng Zhang, Shu Shang, Shengyuan Wang, Yuan Dong, and Pen-Chung Yew. 2019. A formally verified transformation to unify multiple nested clocks for a Lustre-like language. Science China Information Sciences 62, 1 (Jan. 2019), article 12801. Google ScholarGoogle ScholarCross RefCross Ref
  53. Yong Kiam Tan, Magnus O. Myreen, Ramana Kumar, Anthony Fox, Scott Owens, and Michael Norrish. 2016. A New Verified Compiler Backend for CakeML. In Proc. 21st ACM SIGPLAN Int. Conf. on Functional Programming (ICFP 2016). ACM Press, Nara, Japan, 60–73. https://cakeml.org/icfp16.pdfGoogle ScholarGoogle ScholarDigital LibraryDigital Library
  54. Stavros Tripakis, Christos Sofronis, Paul Caspi, and Adrian Curic. 2005. Translating Discrete-Time Simulink to Lustre. ACM Trans. Embedded Computing Systems 4, 4 (Nov. 2005), 779–818. http://www- verimag.imag.fr/~tripakis/papers/acmtecs05.pdfGoogle ScholarGoogle ScholarDigital LibraryDigital Library
  55. Changyan Zhou and Ratnesh Kumar. 2012. Semantic Translation of Simulink Diagrams to Input/Output Extended Finite Automata. Discrete Event Dynamic Systems 22, 2 (June 2012), 223–247. http://home.engineering.iastate.edu/~rkumar/ P UBS/ss2efa1.pdfGoogle ScholarGoogle ScholarDigital LibraryDigital Library
  56. Liang Zou, Naijun Zhan, Shuling Wang, and Martin Fränzle. 2015. Formal Verification of Simulink/Stateflow Diagrams. In Proc. 13th Int. Symp. Automated Technology for Verification and Analysis (ATVA 2015) (LNCS), Bernd Finkbeiner, Geguang Pu, and Lijun Zhang (Eds.), Vol. 9364. Springer, Shanghai, China, 464–481. http://lcs.ios.ac.cn/~znj/papers/atva2015b.pdfGoogle ScholarGoogle ScholarCross RefCross Ref
  57. Liang Zou, Naijun Zhan, Shuling Wang, Martin Fränzle, and Shengchao Qin. 2013. Verifying Simulink Diagrams via a Hybrid Hoare Logic Prover. In Proc. 13th ACM Int. Conf. on Embedded Software (EMSOFT 2013). IEEE, Montreal, Canada, 9:1–9:10. https://www.scedt.tees.ac.uk/s.qin/papers/emsoft13- final.pdfGoogle ScholarGoogle ScholarCross RefCross Ref

Index Terms

  1. Mechanized semantics and verified compilation for a dataflow synchronous language with reset

          Recommendations

          Comments

          Login options

          Check if you have access through your login credentials or your institution to get full access on this article.

          Sign in

          Full Access

          PDF Format

          View or Download as a PDF file.

          PDF

          eReader

          View online with eReader.

          eReader
          About Cookies On This Site

          We use cookies to ensure that we give you the best experience on our website.

          Learn more

          Got it!