towards semantics-based wcet analysis @let@token wcet...
TRANSCRIPT
Preliminaries Introduction in K The Language Definition Framework for Timing Analysis Conclusions
Towards Semantics-Based
WCET Analysis
— WCET 2011
Mihail Asavoae
Faculty of Computer Science,
Alexandru Ioan Cuza University, Iasi, Romania
Joint Work with Dorel Lucanu (UAIC) and
Grigore Rosu (UIUC)
Mihail Asavoae: Towards Semantics-Based WCET Analysis — WCET 2011 1/25
Preliminaries Introduction in K The Language Definition Framework for Timing Analysis Conclusions
Outline
1 Preliminaries
2 Introduction in K
3 The Language Definition
4 Framework for Timing Analysis
5 Conclusions
Mihail Asavoae: Towards Semantics-Based WCET Analysis — WCET 2011 2/25
Preliminaries Introduction in K The Language Definition Framework for Timing Analysis Conclusions
Outline
1 Preliminaries
2 Introduction in K
3 The Language Definition
4 Framework for Timing Analysis
5 Conclusions
Mihail Asavoae: Towards Semantics-Based WCET Analysis — WCET 2011 3/25
Preliminaries Introduction in K The Language Definition Framework for Timing Analysis Conclusions
Worst-Case Execution Time... settings
WCET analysis:the longest execution time of a program
running on a particular architecture
Program:consider all executions - path analysis
Architecture:consider the impact over the executed program -processor behavior analysis
Mihail Asavoae: Towards Semantics-Based WCET Analysis — WCET 2011 4/25
Preliminaries Introduction in K The Language Definition Framework for Timing Analysis Conclusions
Typical WCET Analyzer... issues and solutions
DISCLAIMER: Image taken from Reinhard Wilhem & all”The Worst-Case Execution Time Problem - Overview of Methods and Survey of Tools”, in TECS 2008
Program:
Architecture:
Mihail Asavoae: Towards Semantics-Based WCET Analysis — WCET 2011 5/25
Preliminaries Introduction in K The Language Definition Framework for Timing Analysis Conclusions
Typical WCET Analyzer... issues and solutions
DISCLAIMER: Image taken from Reinhard Wilhem & all”The Worst-Case Execution Time Problem - Overview of Methods and Survey of Tools”, in TECS 2008
Program: CFG extraction,
Architecture:
Mihail Asavoae: Towards Semantics-Based WCET Analysis — WCET 2011 5/25
Preliminaries Introduction in K The Language Definition Framework for Timing Analysis Conclusions
Typical WCET Analyzer... issues and solutions
DISCLAIMER: Image taken from Reinhard Wilhem & all”The Worst-Case Execution Time Problem - Overview of Methods and Survey of Tools”, in TECS 2008
Program: CFG extraction, loop bounds calculation,
Architecture:
Mihail Asavoae: Towards Semantics-Based WCET Analysis — WCET 2011 5/25
Preliminaries Introduction in K The Language Definition Framework for Timing Analysis Conclusions
Typical WCET Analyzer... issues and solutions
DISCLAIMER: Image taken from Reinhard Wilhem & all”The Worst-Case Execution Time Problem - Overview of Methods and Survey of Tools”, in TECS 2008
Program: CFG extraction, loop bounds calculationinfeasible paths detection
Architecture:
Mihail Asavoae: Towards Semantics-Based WCET Analysis — WCET 2011 5/25
Preliminaries Introduction in K The Language Definition Framework for Timing Analysis Conclusions
Typical WCET Analyzer... issues and solutions
DISCLAIMER: Image taken from Reinhard Wilhem & all”The Worst-Case Execution Time Problem - Overview of Methods and Survey of Tools”, in TECS 2008
Program: CFG extraction, loop bounds calculationinfeasible paths detection
Architecture: processor modeling
Mihail Asavoae: Towards Semantics-Based WCET Analysis — WCET 2011 5/25
Preliminaries Introduction in K The Language Definition Framework for Timing Analysis Conclusions
Typical WCET Analyzer... issues and solutions
DISCLAIMER: Image taken from Reinhard Wilhem & all”The Worst-Case Execution Time Problem - Overview of Methods and Survey of Tools”, in TECS 2008
Program: CFG extraction, loop bounds calculationinfeasible paths detection
Architecture: processor modeling, timing predictability
Mihail Asavoae: Towards Semantics-Based WCET Analysis — WCET 2011 5/25
Preliminaries Introduction in K The Language Definition Framework for Timing Analysis Conclusions
Typical WCET Analyzer... issues and solutions
DISCLAIMER: Image taken from Reinhard Wilhem & all”The Worst-Case Execution Time Problem - Overview of Methods and Survey of Tools”, in TECS 2008
EXECUTABLE SEMANTICS?
Mihail Asavoae: Towards Semantics-Based WCET Analysis — WCET 2011 5/25
Preliminaries Introduction in K The Language Definition Framework for Timing Analysis Conclusions
Formal Executable Semantics
Execute programs- as executed by the real language
Detect/eliminate undefined programs
Build verification tools- a language definition has the necessary information to help
building abstractions out of it
Mihail Asavoae: Towards Semantics-Based WCET Analysis — WCET 2011 6/25
Preliminaries Introduction in K The Language Definition Framework for Timing Analysis Conclusions
Infeasible Paths
Knowledge of infeasible paths leads to improvement onthe result of the analysis
Infeasibility has two causes:- semantic dependecies in the program
- restictions on the set of input data values
But there is another kind of infeasible paths we shouldknow about ...
Mihail Asavoae: Towards Semantics-Based WCET Analysis — WCET 2011 7/25
Preliminaries Introduction in K The Language Definition Framework for Timing Analysis Conclusions
Infeasible Paths
Knowledge of infeasible paths leads to improvement onthe result of the analysis
Infeasibility has two causes:- semantic dependecies in the program
- restictions on the set of input data values
But there is another kind of infeasible paths we shouldknow about ... erroneous paths
Mihail Asavoae: Towards Semantics-Based WCET Analysis — WCET 2011 7/25
Preliminaries Introduction in K The Language Definition Framework for Timing Analysis Conclusions
Erroneous Paths... existing approaches
A priori usage of dedicated static analyzers to detect suchruntime errors
Code annotation with error testing predicates
Usage of convenient assumptions over the input data
Mihail Asavoae: Towards Semantics-Based WCET Analysis — WCET 2011 8/25
Preliminaries Introduction in K The Language Definition Framework for Timing Analysis Conclusions
Erroneous Paths... existing approaches
A priori usage of dedicated static analyzers to detect suchruntime errors
Code annotation with error testing predicates
Usage of convenient assumptions over the input data
Information about error checks is available in thelanguage definition!
Mihail Asavoae: Towards Semantics-Based WCET Analysis — WCET 2011 8/25
Preliminaries Introduction in K The Language Definition Framework for Timing Analysis Conclusions
Erroneous Paths... existing approaches
A priori usage of dedicated static analyzers to detect suchruntime errors
Code annotation with error testing predicates
Usage of convenient assumptions over the input data
Information about error checks is available in thelanguage definition!
DISCLAIMER: Image taken from Doug Burger and Todd Austin: ”The SimpleScalar Tool Set, Version 2.0”, in SIGARCH 1997
Mihail Asavoae: Towards Semantics-Based WCET Analysis — WCET 2011 8/25
Preliminaries Introduction in K The Language Definition Framework for Timing Analysis Conclusions
The WCET Problem... meets a semantic-based solution
©1r2←1��
©2r16=0
yyr1=0
%%©3r3←r2 ��
©5
r4←r1+r2��
©4%%©6
r4=r3
yy
r46=r3
xx
©7r3←r3−r2 ��
©8r2/r3 %%©9
r3←r1−r4��©10
Mihail Asavoae: Towards Semantics-Based WCET Analysis — WCET 2011 9/25
Preliminaries Introduction in K The Language Definition Framework for Timing Analysis Conclusions
The WCET Problem... meets a semantic-based solution
©1r2←1��
©2r16=0
yyr1=0
%%©3r3←r2 ��
©5
r4←r1+r2��
©4%%©6
r4=r3
yy
r46=r3
xx
©7r3←r3−r2 ��
©8r2/r3 %%©9
r3←r1−r4��©10
Mihail Asavoae: Towards Semantics-Based WCET Analysis — WCET 2011 9/25
Preliminaries Introduction in K The Language Definition Framework for Timing Analysis Conclusions
The WCET Problem... meets a semantic-based solution
©1r2←1��
©2r16=0
yyr1=0
%%©3r3←r2 ��
©5
r4←r1+r2��
©4%%©6
r4=r3
yy
r46=r3
xx
©7r3←r3−r2 ��
©8r2/r3 %%©9
r3←r1−r4��©10
Mihail Asavoae: Towards Semantics-Based WCET Analysis — WCET 2011 9/25
Preliminaries Introduction in K The Language Definition Framework for Timing Analysis Conclusions
The WCET Problem... meets a semantic-based solution
©1r2←1��
©2r16=0
yyr1=0
%%©3r3←r2 ��
©5
r4←r1+r2��
©4%%©6
r4=r3
yy
r46=r3
xx
©7r3←r3−r2 ��
©8r2/r3 %%©9
r3←r1−r4��©10
Mihail Asavoae: Towards Semantics-Based WCET Analysis — WCET 2011 9/25
Preliminaries Introduction in K The Language Definition Framework for Timing Analysis Conclusions
Outline
1 Preliminaries
2 Introduction in K
3 The Language Definition
4 Framework for Timing Analysis
5 Conclusions
Mihail Asavoae: Towards Semantics-Based WCET Analysis — WCET 2011 10/25
Preliminaries Introduction in K The Language Definition Framework for Timing Analysis Conclusions
The K Framework... emerged from the rewrite logic semantics project
Rewrite-based executable framework specialized fordesign and analysis of programming languages
Distinctive characteristics:- a highly concurrent rewrite abstract machine- an elegant definitional technique
- a concise specialized notation
Features along the presentation!
Mihail Asavoae: Towards Semantics-Based WCET Analysis — WCET 2011 11/25
Preliminaries Introduction in K The Language Definition Framework for Timing Analysis Conclusions
The K Framework... emerged from the rewrite logic semantics project
K-Maude:
prototype providing interpreter and state space exploration
Executable semantics for various programming paradigms,
with the declared goal of fully implementing real-life
languages:- imperative (C in 800+ rules)
- hardware (Verilog)
Support for analysis/verification tools:
type inference/type checking, explicit state model checking,
Hoare-style program verification with Matching Logic
More at http://code.google.com/p/k-framework
Mihail Asavoae: Towards Semantics-Based WCET Analysis — WCET 2011 11/25
Preliminaries Introduction in K The Language Definition Framework for Timing Analysis Conclusions
Outline
1 Preliminaries
2 Introduction in K
3 The Language Definition
4 Framework for Timing Analysis
5 Conclusions
Mihail Asavoae: Towards Semantics-Based WCET Analysis — WCET 2011 12/25
Preliminaries Introduction in K The Language Definition Framework for Timing Analysis Conclusions
SSRISC Language... syntax in K
Instr ::= add Reg , Reg , Reg ; [strict (2 3)]addi Reg , Reg , Imm ; [strict (2)]mult Reg , Reg ; [strict]div Reg , Reg ; [strict]j Addr ;jr Reg ; [strict]beq Reg , Reg , Addr ; [strict (1 2)]bne Reg , Reg , Addr ; [strict (1 2)]lw Reg , Off ( Reg ) ; [strict (3)]sw Reg , Off ( Reg ) ; [strict (3)]break ;
integer subset of Simplescalar PISA assembly language, withALU-, load/store, branch/jump and break instructions
Mihail Asavoae: Towards Semantics-Based WCET Analysis — WCET 2011 13/25
Preliminaries Introduction in K The Language Definition Framework for Timing Analysis Conclusions
SSRISC Language... formal semantics in K
A language definition in the K framework has thefollowing components:
1. configurations2. computations3. rewrite rules
Mihail Asavoae: Towards Semantics-Based WCET Analysis — WCET 2011 14/25
Preliminaries Introduction in K The Language Definition Framework for Timing Analysis Conclusions
SSRISC Language... formal semantics in K
Configurations represent the necessary entities to capturethe program semantics:
〈K〉k 〈Int32〉pc 〈Int32〉lo 〈Int32〉hi〈 Map[ Regs 7→ Int32 ] 〉regs 〈Int32〉break
Mihail Asavoae: Towards Semantics-Based WCET Analysis — WCET 2011 15/25
Preliminaries Introduction in K The Language Definition Framework for Timing Analysis Conclusions
SSRISC Language... formal semantics in K
Configurations represent the necessary entities to capturethe program semantics:
〈K〉k 〈Int32〉pc 〈Int32〉lo 〈Int32〉hi〈 Map[ Regs 7→ Int32 ] 〉regs 〈Int32〉break
computation cell
Mihail Asavoae: Towards Semantics-Based WCET Analysis — WCET 2011 15/25
Preliminaries Introduction in K The Language Definition Framework for Timing Analysis Conclusions
SSRISC Language... formal semantics in K
Configurations represent the necessary entities to capturethe program semantics:
〈K〉k 〈Int32〉pc 〈Int32〉lo 〈Int32〉hi〈 Map[ Regs 7→ Int32 ] 〉regs 〈Int32〉break
Where is the memory cell?
Mihail Asavoae: Towards Semantics-Based WCET Analysis — WCET 2011 15/25
Preliminaries Introduction in K The Language Definition Framework for Timing Analysis Conclusions
Memory Modeling... in the K module system
TIME MODEL
<k>
COMM‐INTERFACE
getPC, getd,putd, …
LANGUAGE
DEFINITION
<k> <pc>
<hi> <lo>
<regs> <break>
I‐CACHE
<k>
<ic> <param>
<replace>
<profile>
MEMORY
<k>
<cmem> <dmem>
getPC
<k>
getd
<k>
imiss
<k>
MAIN MODULE
putd
<k>
Mihail Asavoae: Towards Semantics-Based WCET Analysis — WCET 2011 16/25
Preliminaries Introduction in K The Language Definition Framework for Timing Analysis Conclusions
SSRISC Language... formal semantics in K
The rules enable transitions in the program executionthere are two kinds of rules:
1. structural2. computational
Mihail Asavoae: Towards Semantics-Based WCET Analysis — WCET 2011 17/25
Preliminaries Introduction in K The Language Definition Framework for Timing Analysis Conclusions
SSRISC Language... formal semantics in K
The rules enable transitions in the program executionthere are two kinds of rules:
1. structural2. computational
1 - Define the ”states” of an abstract rewrite transitionalsystem, e.g.:
〈 lw Rd , Off ( V 1 ) ;
updateReg( getd(Off +Int32V 1), Rd )
〉k
Mihail Asavoae: Towards Semantics-Based WCET Analysis — WCET 2011 17/25
Preliminaries Introduction in K The Language Definition Framework for Timing Analysis Conclusions
SSRISC Language... formal semantics in K
The rules enable transitions in the program executionthere are two kinds of rules:
1. structural2. computational
2 - Define the ”transitions” of an abstract rewritetransitional system, e.g.:
〈 updateReg(I , Rd ) ···〉k 〈···Rd 7→ ···〉regs· I
Mihail Asavoae: Towards Semantics-Based WCET Analysis — WCET 2011 17/25
Preliminaries Introduction in K The Language Definition Framework for Timing Analysis Conclusions
Outline
1 Preliminaries
2 Introduction in K
3 The Language Definition
4 Framework for Timing Analysis
5 Conclusions
Mihail Asavoae: Towards Semantics-Based WCET Analysis — WCET 2011 18/25
Preliminaries Introduction in K The Language Definition Framework for Timing Analysis Conclusions
Semantics-Based Framework for WCET... centered around the language definition
K-Specification
syntax
semantics
+3
+3
+3
Abstract semantics 1
(symb propagation)
Abstract semantics 2
(refined symb propagation)+
implicit
state exploration//
WCET bound
.
.
.
Abstract semantics n +explicit
state exploration//
WCET bound
K-Specificationfor Microarchitecture
Mihail Asavoae: Towards Semantics-Based WCET Analysis — WCET 2011 19/25
Preliminaries Introduction in K The Language Definition Framework for Timing Analysis Conclusions
Semantics-Based Framework for WCET... methodology
Target: keep the language semantics definition unchanged!
Mihail Asavoae: Towards Semantics-Based WCET Analysis — WCET 2011 20/25
Preliminaries Introduction in K The Language Definition Framework for Timing Analysis Conclusions
Semantics-Based Framework for WCET... methodology
Target: keep the language semantics definition unchanged!
K enables the possibility to work with the languagesemantics definition in two ways:- directly, e.g. Abstract semantics 1
- at the meta level, e.g. Abstract semantics 2
Mihail Asavoae: Towards Semantics-Based WCET Analysis — WCET 2011 20/25
Preliminaries Introduction in K The Language Definition Framework for Timing Analysis Conclusions
Semantics-Based Framework for WCET... methodology
Target: keep the language semantics definition unchanged!
K enables the possibility to work with the languagesemantics definition in two ways:- directly, e.g. Abstract semantics 1
- at the meta level, e.g. Abstract semantics 2
Getting back to the erroneous path detection ...
Mihail Asavoae: Towards Semantics-Based WCET Analysis — WCET 2011 20/25
Preliminaries Introduction in K The Language Definition Framework for Timing Analysis Conclusions
Error Path Detection... example - via Abstraction 1
©1r2←1��
©2r16=0
yyr1=0
%%©3r3←r2 ��
©5
r4←r1+r2��
©4%%©6
r4=r3
yy
r46=r3
xx
©7r3←r3−r2 ��
©8r2/r3 %%©9
r3←r1−r4��©10
Mihail Asavoae: Towards Semantics-Based WCET Analysis — WCET 2011 21/25
Preliminaries Introduction in K The Language Definition Framework for Timing Analysis Conclusions
Error Path Detection... example - via Abstraction 1
©1r2←1��©2
r16=0
ttr1=0
**©3r3←r2 ��
©5r4←r1+r2��
©4��
©6r4=r3
yyr46=r3
%%©6r4=r3
yyr46=r3
%%
©7r3←r3−r2 ��
©9r3←r1−r4��
©7r3←r3−r2 ��
©9r3←r1−r4��
©8r2/r3 ��
©10
©8r2/r3 ��
©10 ©9r3←r1−r4 ��
// X
©9 // X ©10
Mihail Asavoae: Towards Semantics-Based WCET Analysis — WCET 2011 21/25
Preliminaries Introduction in K The Language Definition Framework for Timing Analysis Conclusions
Error Path Detection... example - via Abstraction 2
©1r2←1��©2
r16=0
ttr1=0
**©3r3←r2 ��
©5r4←r1+r2��
©4��
©6r4=r3
yyr46=r3
%%©6r4=r3
yyr46=r3
%%
©7r3←r3−r2 ��
©9r3←r1−r4��
©7r3←r3−r2 ��
©9r3←r1−r4��
©8r2/r3 ��
©10
©8r2/r3 ��
©10 ©9 // X
©9 // X
Mihail Asavoae: Towards Semantics-Based WCET Analysis — WCET 2011 22/25
Preliminaries Introduction in K The Language Definition Framework for Timing Analysis Conclusions
Error Path Detection... example - via Abstraction 2
©1r2←1��©2
r16=0
ttr1=0
**©3r3←r2 ��
©5r4←r1+r2��
©4��
©6r4=r3
yyr46=r3
%%©6r4=r3
yyr46=r3
%%
©7r3←r3−r2 ��
©9r3←r1−r4��
©7r3←r3−r2 ��
©9r3←r1−r4��
©8r2/r3 ��
©10
©8r2/r3 ��
©10 ©9 // X
©9 // X
Mihail Asavoae: Towards Semantics-Based WCET Analysis — WCET 2011 22/25
Preliminaries Introduction in K The Language Definition Framework for Timing Analysis Conclusions
Background information... on the technology we use
K specifications are compiled into Maude rewrite theories- the search command performs reachability analysis on the
abstract rewrite transitional system produced by the Kspecification of the language
Mihail Asavoae: Towards Semantics-Based WCET Analysis — WCET 2011 23/25
Preliminaries Introduction in K The Language Definition Framework for Timing Analysis Conclusions
Background information... on the technology we use
K specifications are compiled into Maude rewrite theories- the search command performs reachability analysis on the
abstract rewrite transitional system produced by the Kspecification of the language
To guarantee a safe WCET bound, we explore all programexecutions, using reachability for the state that has in the〈 〉k cell a special token, called last
- normal termination: the instruction for last was executed
- error termination: the final executed instruction is a break
Mihail Asavoae: Towards Semantics-Based WCET Analysis — WCET 2011 23/25
Preliminaries Introduction in K The Language Definition Framework for Timing Analysis Conclusions
Background information... on the technology we use
K specifications are compiled into Maude rewrite theories- the search command performs reachability analysis on the
abstract rewrite transitional system produced by the Kspecification of the language
To guarantee a safe WCET bound, we explore all programexecutions, using reachability for the state that has in the〈 〉k cell a special token, called last
- normal termination: the instruction for last was executed
- error termination: the final executed instruction is a break
Site:http://code.google.com/p/k-framework/
source/browse/ → inProgress → ssrisc
Mihail Asavoae: Towards Semantics-Based WCET Analysis — WCET 2011 23/25
Preliminaries Introduction in K The Language Definition Framework for Timing Analysis Conclusions
Outline
1 Preliminaries
2 Introduction in K
3 The Language Definition
4 Framework for Timing Analysis
5 Conclusions
Mihail Asavoae: Towards Semantics-Based WCET Analysis — WCET 2011 24/25
Preliminaries Introduction in K The Language Definition Framework for Timing Analysis Conclusions
Towards Semantics-Based WCET Analysis... a different perspective on the problem
We propose a framework for WCET analysis based on theformal executable semantics of a RISC assembly language
We use the concrete semantics of a program running on aparticular architecture to obtain the abstract semanticsfor computing time bounds
The focus is on the error path detection at the low level,a subproblem of the infeasible path detection
Mihail Asavoae: Towards Semantics-Based WCET Analysis — WCET 2011 25/25