esp 100107093030-phpapp02

読んだ人: みよしたけふみ

CITED BY 82010年1月8日金曜日

概要

• Event-driven State-machines Programming (ESP)

• 開発の簡単さ/高性能の実現

• コンパクトでモジュラプログラムの開発をサポートする包括的な特徴を有する

• Cと検証コード(SPIN)などを生成

• ケーススタディ:VMMCファームウェアの実装

• C(15600) →ESP(about 300) ????

2010年1月8日金曜日

Contents• Introduction

• Motivation

• Case Study: VMMC Firmware

• Implementing Firmware in C

• Goals and Approach

• Event-driven State-machine programming(ESP) language

• Types, Expressions, and Statements

• Channels/Processes

• Memory Management

• External Interface


• Developing and Testing Using a Verifier

• Spin Model Checking Verifier

• Translating ESP into SPIN Specifications


• Generating Efficient Firmware

• ESP Compiler


• Related Work

• Conclusions

実装に係る行数/複雑さ

既知のバグ、わざとのバグ、未知のバグを発見！！

性能


Motivation

ProgrammableDevice

firmware(concurrency)

user-level threads orevent-driven state-machines


Case Study: VMMCThe VMMC architecture delivers high-performance on Gigabitnetworks by using sophisticated network cards(Myrinet).

Event-driven state-machine in C


Firmware for VMMC in C

very hard to read

fragmented across several handlers.

be saved explicitly in global variables

the stack is shared to pass between handlers(e.g. pAddr, sendData)

to used by state machines to communicate with each other (e.g. reqSM2).

explicit memory management

be responsible for freeing

functions are an inappropriate abstraction mechanism for programming with state machines

Union data type to encode by “switch”

hard to optimize

Problems:


C v.s. ESP


Goal and Approach

simple device-specific functionalitylike accessing device registers

to verify different properties of the system

• Ease of development

• Permit extensive testing

• Low performance penalty


ESP

• based on the CSP [13] language/a Cstyle syntax

• supports Event-driven State-machines Programming

• processes

• a sequential flow of control in a concurrent program

• channels

• processes communicate with each other by sending messages on channels


Types, Expressions, and Statements• basic type(int, bool), record, union, array/mutable, immutable

• no global variables

• initialized at declaration time(with a $ prefix)

• common imperative constructs

• if-then-else/while

• no recursive2010年1月8日金曜日

Channels

• synchronous

• sender(out) and receiver(in) are blocking operations

• The alt construct allows a process to wait on the in/out readiness of multiple channels

• the use of pattern matching to support dispatch(like ML)

• passed by value


Pattern Matching by ChannelDeclaration:

Usage:


Process• processes implement state machines


Memory Management

• provides a novel explicit management scheme to allow efficient but bug free memory management

• memory safety a local property of each process

• When objects are sent over channels, deep copies of the objects are delivered to the receiving process

• each process is responsible for managing its own objects.

• provides a reference counting interface to manage memory

• link(increment)/unlink(decrement) for ref. counter


External Interface• provides a single external interface for both SPIN and C

code

• the channel mechanism to support external interfaces

• ESP processes often block on external events like arrival of user request or network packets

• external code can also use the same dispatch mechanism built into channels through pattern-matching

• it promotes modularity


Case Study: VMMC Firmware


ESP to SPIN Spec.

• right after type checking

• pointer/the size of the state space

• bugs in compile-stage

• straight forward translation with a few exceptions

• lack of pointer(by using objectId)

• dynamic allocation(array is treated as its max)


Case Study: VMMC Firmware

• Retransmission Protocol: 10日かかったのが2日でできた

• バグ入りの初期のコードでバグみつけた

• メモリアロケーション関係の様々なバグいれてみたら全部検出できた

• デッドロックおこすバグもみつけられた

• State-space explosion prevented us from checking for systemwide properties like absence of deadlocks

• We are currently working on extracting more abstract models so that the state-space search is more tractable


ESP Compiler

• generating one big C function

• each process = an automaton

• zero-overhead context switching

• code size growing exponentially

• generating the code for processes separately

• does not have to save stack

• low-overhead(save/restore program counter)

• idle loop/stack-based scheduling policy(shown @next)

• some of the traditional optimization

Processes


ESP CompilerProcesses


ESP Compiler

• a set of queue

• alt を作るのに複数のqueueが必要で、高価

• bit-mask per process

• one bit for every channel the process may block on

• requirement of deep copies(semantics)

• increment reference count of the objects(implementation)

Channels

Messages on Channels


Microbenchmarks Perf.


Related Work

• Concurrency Theory

• CSP, Squeak

• Concurrent Languages

• CML, Java, OCCAM

• Code Generation+Verification

• Esterel, Teapot, Promela++

• Software Testing

• Verisoft, Meta-level Compilation

いい実装はない

重い、大きい

機能不足

concurrentなtaskはね


esp 100107093030-phpapp02

Technology