STatic Analysis of Reactive Systems

Felice BalarinCadence Berkeley Labs

Discrete System Example

For a given processor, can I process all workload between two ticks?

How much bus traffic will I generate?

How much energy will I use?

play

messagecontrol buffernetwork

ticksample

request

frame

Voice Mail Pager

Solutions

Prototyping

– expensive, comes very late in the design cycle

Simulation

– limited number of test vectors

– need estimates on timing, energy, bus traffic, ...

STARS: STatic Analysis of Reactive Systems

– valid upper bound for any input

STARS

A methodology for worst-case analysis of discrete systems that can be used to find a conservative bound on response time.

and power

and bus utilization

VM pager Timing Analysis

STARS gives an upper bound on processor busy period for ANY input sequence

play

messagecontrol buffernetwork

ticksample

request

frame

buffer

control

Idle

Busy Busy

Outline

STARS theory– simple– timing

VCC implementation

Automatic abstraction

STARS overview

given T find s that is worse than signature of any execution window of length T

let T be time required to process inputs with signature s

play

messagecontrol buffernetwork

ticksample

request

frame

pl

ms

tksm

rq

fr

SIGNATURE

Fcntr Fbfr

Fenv

SIGNATURE ABSTRACTION

tick

play

frame

pl = 1fr = 2tk = 3

Signatures

in practice, counting “events”

– state transitions may be considered events

– combinations of events may have separate counters

– may need linear constraints over counters

less events is “better than” () more events

t t+T

s,T

t t+Tq

Signature Abstractions

Estimate output signature based on input signature and length

must be conservative (ideally, not more than necessary)

F( s, T)F

system

exis

ts =

Signature Abstraction: Practice

Different approaches for

environment

– mostly manual

– useful for simulation test-benches, formal verification, ...

– depends mostly on time

system

– need to analyze code

– could be automated for restricted class of systems

– mostly depends on signatures

Signature Abstractions: Environment

at least 625s between messages

– Fms (s, T) = T/625 + 1

tick has 125s period

– Ftk (s, T) = T/125 + 1

at most 1 play a second

– Fpl (s, T) = T/1,000,000 + 1

play

messagecontrol buffernetwork

ticksample

request

frame

Signature Abstraction: Buffer

BUFFER:if ( present ( frame ) {

samples = frame; last = 50; }if ( present ( tick ) && last > 0) {

emit sample ( samples[ last -- ] );if ( last == 20 ) emit request(); }

play

messagecontrol buffernetwork

ticksample

request

frame

Frq (s, T) = min( fr, tk/30)

Fsm (s, T) = min( tk, 50*fr )

s

t t+T

Fix-point Theorem

If:

s = F(s, T),

s is worse than signature of initial state,

then s is worse than signature of any execution segment of length T

Solving Fix-Point Equations

Simple iteration

let s be the signature of initial state

repeat

s = F (s, T)

until convergence

works because F is monotone, so s either converges,

or grows beyond any reasonable bounds

Workload Function

Estimates required processor time from signatures

must be conservative

s

Task 2Task 1

Idle

W(s)

Workload Function: VM pager

BUFFER:if ( present ( frame ) {

samples = frame; last = 50; }

if ( present ( tick ) && last > 0) {emit sample ( samples[ last -- ] );if ( last == 20 ) emit request(); }

play

messagecontrol buffernetwork

ticksample

request

frame

W (s) = 20*fr + 20*sm + ...

1 line = 10 time units

STARS

1 Pick a signature

2 Chose a signature abstraction F and workload function W and verify they and conservative

3 Solve

s = F(s,T)

T = W(s)

4 T is a bound on response time

the processor cannot be continuously busy for more than T time units

(More) Realistic Voice Mail Pager

16 modules

~ 4000 lines of C++ code annotated with timing

estimates

build signature abstractions manually

– 150 lines of C code

VMP First experiment

model environment so that a single message is received and then played

– same as DES test-bench

max busy period:

– DES: 82 s (simulating 8s took ~ 30 s)

– STARS: 83 s (took 16 ms to compute)

VMP second experiment

same as first except:

– don’t limit the environment to a single message

max busy period:

– STARS 148 s (more than 125 s between two ticks)

– DES: can find input that has 146 s

1 2 3 29 30 31 49 50

50x125

125

message, play

66s wide window in a 6250 s period

Outline

STARS theory– simple– timing

VCC implementation

Automatic abstraction

VCC

FUNCTION

– a network of communicating processes

ARCHITECTURE

– processors, ASICs, buses, memories

MAPPING

– allows performance estimation

Functional simulation, Performance analysis

Export to implementation, STatic Analys

VCC Function Specification

Black Box C++

– can emit events on output ports

– can detect events on input ports

– Init() function executed once at the beginning

– Run() function can be executed if there are some input events

can be simulated

cannot be estimated

VCC Function Specification

White Box C

– point_entry_init() instead of Init()

– point_entry_run() instead of Run()

can be converted to Black Box and simulated

can be estimated, converted to Black Box annotated with performance estimates and simulated

Extended Black Box for STARS

there is a counter counting the number of events on each port

the user can define additional counters

add starsAbstraction() to Init() and Run()

starsAbstraction() is used by STARS

starsAbstraction() can be verified by executing it during the simulation using monitors

How it fits in VCC (black.h)

#include "black_interface.h" // generated by "fabricate"

#ifndef _black_h_

#define _black_h_

class CPP_MODEL_IMPLEMENTATION : public CPP_MODEL_INTERFACE

{

public:

CPP_MODEL_IMPLEMENTATION(const ModuleProto &, InstanceInit &);

void Run();

void Init();

... starsCounter incount;

void starsAbstraction();

};

#endif

...

How it fits in VCC (black.cpp)

#include "black.h"

#include <assert.h>

CPP_MODEL_IMPLEMENTATION::CPP_MODEL_IMPLEMENTATION(const ModuleProto &proto, InstanceInit &inst)

: CPP_MODEL_INTERFACE(proto, inst), queueStore_(0)

{

}

void CPP_MODEL_IMPLEMENTATION::Init()

{

incount.Initialize("incount",this);

starsMonitor * m = monitor();

cts_ = ((int)InitialCTS.Value().value() == 0) ? false : true;

queueSize_ = (int)MaximumQueueSize.Value().value();

...

How it fits in VCC (black.cpp)

...void CPP_MODEL_IMPLEMENTATION::Run()

{

if (CleartoSend.Enabled()) {

incount++;

if (incount.total() == 1000) incount.mgr()->runStars();

...}

void CPP_MODEL_IMPLEMENTATION::starsAbstraction()

{

QueueInput.count.setBound(25590);

QueueOutput.count.setBound(QueueInput.count);

incount.setBound(QueueInput.count/2+10);

}

...