An Introduction to Lustre

Similar documents
Programming Embedded Systems

Simulink/Stateflow. June 2008

Lecture 2. The SCADE Language Data Flow Kernel. Daniel Kästner AbsInt GmbH 2012

The Lustre Language Synchronous Programming Pascal Raymond, Nicolas Halbwachs Verimag-CNRS

Verifying Safety Property of Lustre Programs: Temporal Induction

The Synchronous Languages 12 Years Later

On the Generation of Test Cases for Embedded Software in Avionics or Overview of CESAR

Haskell 98 in short! CPSC 449 Principles of Programming Languages

Efficient compilation of array iterators for Lustre

Arrays in Lustre. P. Caspi, N. Halbwachs, F. Maraninchi, L. Morel, P. Raymond. Verimag/CNRS Grenoble

SCADE S E M I N A R I N S O F T W A R E E N G I N E E R I N G P R E S E N T E R A V N E R B A R R

Testing. Lydie du Bousquet, Ioannis Parissis. TAROT Summer School July (TAROT 2009)

The Esterel language

Introduction 2 The first synchronous language (early 80 s) Gérard Berry and his team (École des Mines de Paris / INRIA Sophia-Antipolis) Imperative, s

More on Verification and Model Checking

Clock-directed Modular Code-generation for Synchronous Data-flow Languages

Programming Embedded Systems

Towards an industrial use of FLUCTUAT on safety-critical avionics software

Cyber Physical System Verification with SAL

MODELING LANGUAGES AND ABSTRACT MODELS. Giovanni De Micheli Stanford University. Chapter 3 in book, please read it.

Timing Analysis Enhancement for Synchronous Program

Embedded software design with Polychrony

Synchronous Specification

Modeling Asynchronous Circuits in ACL2 Using the Link-Joint Interface

Overview. Probabilistic Programming. Dijkstra s guarded command language: Syntax. Elementary pgcl ingredients. Lecture #4: Probabilistic GCL

Synchronous Dataflow Processong

Lecture 9: Parameter Passing, Generics and Polymorphism, Exceptions

Programming Language Concepts, cs2104 Lecture 04 ( )

Com S 541. Programming Languages I

Hardware-Software Codesign. 6. System Simulation

Static Analysis by A. I. of Embedded Critical Software

Programming Languages for Real-Time Systems. LS 12, TU Dortmund

CS232 VHDL Lecture. Types

Synchronous reactive programming

Programming Embedded Systems

Model Checking Revision: Model Checking for Infinite Systems Revision: Traffic Light Controller (TLC) Revision: 1.12

Hardware Modeling. VHDL Architectures. Vienna University of Technology Department of Computer Engineering ECS Group

Applications of Program analysis in Model-Based Design

CSc 372. Comparative Programming Languages. 2 : Functional Programming. Department of Computer Science University of Arizona

CS2104 Prog. Lang. Concepts

C-Based Hardware Design

A Synchronous-based Code Generator For Explicit Hybrid Systems Languages

Revisiting coverage criteria for Scade models Jean-Louis Colaço 7 December 2016

4. Logical Values. Our Goal. Boolean Values in Mathematics. The Type bool in C++

FPGA Design Challenge :Techkriti 14 Digital Design using Verilog Part 1

Synchronous Kahn Networks (ten years later)

Simulation and Verification of Timed and Hybrid Systems

CSC312 Principles of Programming Languages : Functional Programming Language. Copyright 2006 The McGraw-Hill Companies, Inc.

EEL 4783: HDL in Digital System Design

An Introduction to Satisfiability Modulo Theories

Processadors de Llenguatge II. Functional Paradigm. Pratt A.7 Robert Harper s SML tutorial (Sec II)

Expressions & Assignment Statements

Reasoning About Imperative Programs. COS 441 Slides 10

22c:111 Programming Language Concepts. Fall Types I

Implementing Subprograms

Specifications Part 1

EE382N.23: Embedded System Design and Modeling

CS558 Programming Languages

Rockwell Collins Evolving FM Methodology

A Proposal for Verified Code Generation from Modelica

Programming Languages

FSMs & message passing: SDL

Hardware Description Language VHDL (1) Introduction

CSc 520. Principles of Programming Languages 11: Haskell Basics

CS558 Programming Languages

CMSC 330: Organization of Programming Languages. OCaml Expressions and Functions

Type Inference Systems. Type Judgments. Deriving a Type Judgment. Deriving a Judgment. Hypothetical Type Judgments CS412/CS413

HIERARCHICAL DESIGN. RTL Hardware Design by P. Chu. Chapter 13 1

Outline HIERARCHICAL DESIGN. 1. Introduction. Benefits of hierarchical design

LECTURE 18. Control Flow

Topics. Verilog. Verilog vs. VHDL (2) Verilog vs. VHDL (1)

Programmazione Avanzata

EECS 144/244. Fundamental Algorithms for System Modeling, Analysis, and Optimization. Lecture 1: Introduction, Systems

FORM 2 (Please put your name and form # on the scantron!!!!)

SDL. Jian-Jia Chen (slides are based on Peter Marwedel) TU Dortmund, Informatik 年 10 月 18 日. technische universität dortmund

Compiler Theory. (Semantic Analysis and Run-Time Environments)

3. Logical Values. Boolean Functions; the Type bool; logical and relational operators; shortcut evaluation

Specifying and executing reactive scenarios with Lutin

Example Scheme Function: equal

C++ Data Types. 1 Simple C++ Data Types 2. 3 Numeric Types Integers (whole numbers) Decimal Numbers... 5

CSCI-GA Scripting Languages

Fundamentals of Programming Session 2

System-level co-modeling AADL and Simulink specifications using Polychrony (and Syndex)

Formal Methods in Software Engineering. Lecture 07

Outline. Analyse et Conception Formelle. Lesson 7. Program verification methods. Disclaimer. The basics. Definition 2 (Specification)

LusRegTes: A Regression Testing Tool for Lustre Programs

G Programming Languages - Fall 2012

PROGRAMMING IN HASKELL. Chapter 2 - First Steps

VHDL Basics. Mehdi Modarressi. Department of Electrical and Computer Engineering, University of Tehran. ECE381(CAD), Lecture 4:

Lecture 2 Hardware Description Language (HDL): VHSIC HDL (VHDL)

Program verification. Generalities about software Verification Model Checking. September 20, 2016

Synthesizable Verilog

SEMANTIC ANALYSIS TYPES AND DECLARATIONS

Early design phases. Peter Marwedel TU Dortmund, Informatik /10/11. technische universität dortmund. fakultät für informatik informatik 12

Programming Language Concepts, cs2104 Lecture 01 ( )

The PCAT Programming Language Reference Manual

Concurrent Models of Computation

From MDD back to basic: Building DRE systems

Introduction to Functional Programming

Temporal Semantics in Concurrent and Distributed Software

Transcription:

An Introduction to Lustre Monday Oct 06, 2014 Philipp Rümmer Uppsala University Philipp.Ruemmer@it.uu.se 1/35

ES Programming languages Which language to write embedded software in? Traditional: low-level languages,c Trends: high-level, declarative, model-based, component-based languages C Simulink 2/35

Lustre, synchronous prog. Lustre, Esterel, Signal Execution governed by a global clock, static scheduling Determinism is guaranteed (despite concurrency) Same language used for specification, modelling, prototyping, implementation 3/35

Lecture outline History of Lustre Overview of syntax + semantics Tutorial; Lustre by example Next lecture: verification Borrowed some material from slides by Pascal Raymond, Nicolas Halbwachs, Cesare Tinelli 4/35

History of Lustre Invented in 1980 s at Verimag (Fr) Continuously developed since then Currently: Academic versions + compilers (Lustre V4, Lustre V6) Commercial version (SCADE, Esterel Technologies) 5/35

Early applications 1979-1984: first versions of Lustre 1986: tool Saga (based on Lustre) to develop the monitoring and emergency stop system of a nuclear plant At the same time, a similar tool (SAO) was used to develop the fly-by-wire and flight control of the Airbus A320 Both approaches were later combined by company Verilog SCADE 6/35

History of Lustre/SCADE Nowadays, one of the standard languages for safety-critical systems Avionics, automotive, etc. Certified tools (SCADE compiler was one of the first commercial certified compilers) E.g., significant portion of A380 code is written in SCADE 7/35

Ideas that led to Lustre Embedded software replaces previous technologies analogue systems, switching networks, hardware... Most embedded software is not developed by computer scientists, but rather by control engineers used with previous technologies (and this is still true!) 8/35

Ideas that led to Lustre (2) These people are used to specific formalisms: differential or finite-difference equations, analogue diagrams, block-diagrams... These data-flow formalisms enjoy some nice properties: simple formal (functional and temporal) semantics, implicit parallelism 9/35

Ideas that led to Lustre (3) Idea: specialize our formalism into a programming language (discrete time, executable semantics) Lustre First versions of Simulink were developed at the same time similar concepts 10/35

Lustre paradigms Dataflow language similar to Simulink, but textual + time-discrete changes force propagation Synchronous program can have concurrent tasks, but all tasks run on the same clock; static scheduling (similar to synchronous hardware circuits) good for quick reactions to environment 11/35

Lustre paradigms (2) Declarative similar to functional languages definitions instead of assignments Simple + modular language 12/35

Synchronous language family Lustre Synchronous + dataflow Esterel Synchronous + imperative Signal Polychronous multiple top-level clocks possible 13/35

Tool chains Lustre programs can be compiled to different target languages C VHDL hardware... Good V&V support automatic testing static verification, model checking 14/35

Main concepts Nodes programs or sub-programs collections of flow definitions Flows/streams infinite sequence of values e.g. stream of inputs or outputs represented using variables defined equationally (acyclic) Ignored here: Clocks 15/35

Node syntax node name(parameters) returns(vals); [var local_variable_list;] let flow definition; flow definition;... tel Order is not important! 16/35

Basic types implies bool true, false, and, or, not, xor, => if... then... else... int, real Tuples machine integers, floating-point num. +,, *, /, div, mod, <>, <, <=, >, >= Arbitrary combinations of bool, int, real, & tuple terms Used to return multiple values 17/35

Variable declarations, comments X : int; A, B : bool; C : bool; D : int; Comments! 18/35

The Luke tool Command line simulator & verifier Fragment of Lustre (v4) language does not support arrays, const, assert, #, when, current, real allows non-standard structures: nodes with no inputs; =, <> can be used on type bool Outputs simulations & counterexamples to Javascript webpage 19/35

Examples... Luke binaries: Linux: http://bit.ly/1n79bnc Windows: http://bit.ly/1rcufh3 Solaris: http://bit.ly/1ehg6vc 20/35

Lustre is a declarative language! 21/35

Consequences of declarativeness Definitions of flows are equations, not assignments! Order is irrelevant: y = x + 1; z = y + 1; is the same as z = y + 1; y = x + 1; No side effects 22/35

Consequences of declarat. (2) Cyclic definitions are not allowed: y = x + 1; z = y + 1; x = z + 1; (this gives an error message during compilation/simulation) Also across multiple nodes! 23/35

Warning: functional if-then-else Never write something like this: node Abs (x : int) returns (y : int); let if x >= 0 then y = x else y = -x; tel Correct version: node Abs (x : int) returns (y : int); let y = if x >= 0 then x else -x; tel Similar to? : in C 24/35

The pre operator Access values of variables in the previous cycle: 25/35

The followed-by operator > Choose the initial element of a flow: Typical use: 0 > pre ( ) Be careful: > binds very weakly: X and false > pre Y means (X and false) > pre Y 26/35

Use of -> and pre -> and pre are commonly used to implement iteration The two operators replace loops 27/35

Examples... 28/35

MultiStateSwitch 29/35

Traffic lights carsensor System of two traffic lights, govering a junction of two (one-way) streets. In the default case, traffic light 1 is green, traffic light 2 is red. When a car is detected at traffic light 2 (the carsensor input), the system switches traffic light 1 to red, light 2 to green, waits some amount of time, and then switches back to the default situation. 30/35

Luke usage Simulation: luke node top_node filename Verification: luke node top_node verify filename returns either Valid. All checks succeeded. Maximal depth was n or Falsified output X in node Y' at depth n along with a counterexample. 31/35

Further Lustre features not Clocks supported in Luke Used to delay sampling, execution Operators: when, current assert, const, # Invocation of external functions Arrays, recursion, higher-order functions 32/35

SCADE features not supported in Luke case :: switching fby(x, n, i): n-fold followed-by + pre Guarded delay i > pre (i > pre...) condact Guarded clock change 33/35

Further reading N. Halbwachs, P. Caspi, P. Raymond, and D. Pilaud. The synchronous dataflow programming language LUSTRE A tutorial of Lustre: http://www-verimag.imag.fr/~halbwach/ps/tutorial.ps Slides by Pascal Raymond, Nicolas Halbwachs: http://www-verimag.imag.fr/~raymond/edu/eng/lustre-a.pdf http://pop-art.inrialpes.fr/~girault/synchron06/slides/halbwachs Nicolas Halbwachs. A Synchronous Language at Work: the Story of Lustre 34/35

Next lecture How to specify and analyse Lustre programs 35/35

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback