A Compositional Semantics of Esterel in Duration Calculus - CiteSeerX

A Compositional Semantics of Esterel in Duration Calculus (Extended Abstract)

P.K. Pandya, Y.S. Ramakrishna, and R.K. Shyamasundar Computer Science Group Tata Institute of Fundamental Research Homi Bhabha Road Bombay-400 005, India e-mail: fysr, pandya, [email protected]

Abstract In this paper, we describe the behaviour of esterel programs in a variant of durational calculus referred to as Mean Value Calculus (MVC). The formalization enables the axiomatization of the assumptions of the underlying model precisely. It provides a compositional denotational semantics of the esterel The algebraic rules of MVC can be used to prove properties of esterel statements and thus, provides a basis for the algebraic laws for esterel. In fact, the setting has enabled us to assess the \expressive" power of the operators in reactive languages. In particular, we show in this paper that the \expressive" power of esterel gets increased with the addition of the suspend operator.

1 Introduction Programming languages based on the perfect synchrony paradigm have proven useful for programming reactive systems where logical concurrency is required for good programming style and determinism is a must. In this paradigm, programs react instantaneously to its inputs by producing the required outputs. Statements evolve in a tightly coupled input-driven way deterministically and communication is done by instantaneous broadcast where the receiver receives a message exactly at the time it is sent. That is, a perfectly synchronous program produces its outputs from its input with no observable time delay . Languages such as Esterel [1], Lustre, Signal, Statecharts belong to this category. One of the main reasons for its success is that it permits the programmer to focus on the logic of reactions and makes it possible to use several automata-based veri cation systems for correctness proofs. Further, the correctness proofs of programs follow their implementation very closely and hence, are more robust and reliable. Though dierent kinds of semantics such as denotational, behavioural, executable semantics [5, 1], have been given, the primary emphasis has been on the operational semantics. This is understandable, as a major concentration of the work in Esterel so far has been devoted to programming styles, hardware and software implementation issues etc [2]. However, there has not been serious investigations such as an axiomatic system, algebraic laws, completeness of operators etc. In fact, these theoretical issues are really challenging not only from theoretical considerations but also from practical considerations of the language [2]. 1

In this paper, we describe an outline of an approach towards such investigations. For modelling purposes, we use a variant of durational calculus [9] called Mean Value Calculus. The Mean Value Calculus [9] provides a simple and elegant notation for the describing quantitative aspects of realtime systems. It allows speci cation of how the states and events of a real-time system evolve in time. MVC also provides a calculus to reason about such systems. MVC is an interval based formalism [10]. It may be noted that MVC has also been used to give a behavioral semantics of a Timed CSP like language [6]. In our modelling, we assume a dense time-frame1 even though the semantics can, in fact, more easily, be worked out in a discrete time-frame; one of the main reason is our anticipation of using this setting for the study of frameworks such as CRP [4, 12] which provide a uni ed framework for synchronoy and asynchrony. In this paper, we describe an axiomatization of Esterel using MVC. The formalization provides a compositional semantics for Esterel which can be used to prove properties of esterel statements using the rules of MVC. One of the outcomes of such a study is that we can show that certain operators really enrich the power of Esterel. The paper is organized as follows: In section 2, we give an overview of the mean value calculus and an algebraic syntax of esterel as envisaged in [2] in section 3. The model and the semantics is described in 4 followed by a section on expressive power of operators in 5. The paper, concludes with a discussion of the various issues of characterization, proofs of equivalence, completeness issues etc.

2 Mean Value Calculus In this section, we give a brief overview of the MVC. For details about the calculus, the reader is referred to [9]. The Mean Value Calculus is an extension of real arithmetic and interval temporal logic [10], where formul are interpreted over bounded closed intervals. Let P be a boolean function of time, i.e. a state, representing some aspect of the system. We use 0; 1 for the states which are everywhere zero and one, respectively. Furthermore, states can be combined by the boolean connectives :; ^; _; : : : to form new states. Let the term P denote the mean value of P in the interval, i.e. ( Re e?b > 0 def P [b; e] = (P (bbP) (t) dt)=(e ? b) e?b = 0 The special symbol ` is a term denoting the length of the interval, i.e.

`[b; e] def = e?b

R

Other terms can be constructed from these using real arithmetic. Thus, The integral of P , i.e. P , can be de ned from the above terms as: RP def = P ` Formul are constructed from such terms and real arithmetic. For example, the formula P = ` states that in given interval P is almost everywhere true. The formula D1 _ D2 is satis ed by an interval if it can be \chopped" into two subintervals such that the rst part satis es D1 and the second satis es D2 . 2D holds for an interval all of whose subintervals satisfy D. dP e holds for an 1

It is of interest to note that [5] also uses a dense domain.

2

interval that is not a point interval and at all of whose interior points P holds. d e holds for any point interval, and dP e0 holds for a point interval at which P holds. MVC assumes nite convergence of states. Hence, an interpretation  assigns a nitely variable boolean function of time to each state variable. Such a function changes value only nitely often in any bounded time interval. Then, (; [b; e]) j= D says that the formula D holds for interpretation  in the bounded closed interval [b; e]. The reader is referred to [9] for the details of this de nition. We give here only some of its clauses. (; [b; e]) j= dP e0 i b = e ^ (P )(b) = 1 (; [b; e]) j= dP e i b < e ^ 8m : b < m < e: (P )(m) = 1 (; [b; e]) j= D1 _ D2 i 9m : b  m  e: (; [b; m]) j= D1 and (; [m; e]) j= D2 Formula d e def = dtruee0 . The modalities: \for some subinterval D" and \for all subintervals D" can be de ned respectively by

3D def = true _ D _ true 2D def = :(3:D) We shall not list the axioms and proof rules of this logic here. The interested reader can nd them in [9].

2.1 Propositional MVC with Quanti ed states and Recursion

In this paper, we shall use a very restricted subset of Mean Value Calculus. First of all, we will not require the notion of mean values. Nor will we require the notion of length of the interval or any real arithmetic. Thus, we work in a sub-logic called Propositional MVC. One important extension that we will require is the quanti cation over states (i.e. boolean functions of time). This makes our logic a second-order logic. Another extension that we shall consider is the inclusion of tail recursion in the logic as in [11]. The resulting logic is called Propositional MVC with Quanti ed States and Tail Recursion, or qpmvc. We brie y describe this logic.

Propositional MVC This is the fragment of MVC with atomic formulae d e j dP e0 j dP e where P is a state. Formulae are constructed from these using the operators ^, : and _ . This fragment will be called Propositional MVC (pmvc). Li [13] has shown that the decision problem for pmvc is solvable, We shall use the following additional notation.

ddP ee dP ee ddP e

def = def = def =

dP e0 _ dP e _dP e0 dP e _ dP e0 dP e0 _ dP e

Observe that all of the above formul hold only for non-point intervals.

dP e+

def =

dP e _ dP e0 3

dP e? dP ee? dP ee+

def = def =

dP e _ d e dP ee _ d e def = dP ee _ dP e0 Similarly we have ddP ee? , ddP ee + , ddP e? , ddP e+ .

MVC with Recursion We allow formulae to contain formula variables X; Y : : : in place of

subformulae with the restriction that such variable occur in scope of an even number of negations. Such formulae are called open formulae. Closed formulae have the form X:F (X ) and X:F (X ) representing least and greatest solutions in X of the equation X = F (X ). In [11] it is shown that such solutions always exist. Some proof rules for the recursion constructs are also given. We shall use recursive formulae to model the behaviour of iterative esterel statements.

MVC with Quanti cation over States We extend MVC by allowing existential quanti cation over state variables. Recall that such variables represent nitely variable functions of time. The semantics is the obvious one:2 (; [b; e]) j= 9S:D () for some S -variant 0 of , (0 ; [b; e]) j= D The following proof rules can be used for such formul, with var(D) denoting the set of free state variables in the formula D. (A9) D[t=S ] ) 9S:D D0); D ) D0 (R3) S 2= var( (9S:D) ) D0 The resulting logic will be called Propositional MVC with Quanti ed states and Recursion, qpmvc.

3 Esterel The synchronous programming language esterel and its operational semantics are described in [1, 2]. In [2], a study of preemptive operators in reactive languages, in particular, esterel has been done and an additional operator referred to suspend is introduced. Informally, suspend p when s corresponds to: The execution of process p is stopped if signal s is present. Here, again one can consider whether the suspension is delayed or immediate. A brief account of the operators is described below with an informal explanation3 for the abort and the suspend operators only. For complete explanation of the operators the reader is referred to [1, 2]. esterel statements are constructed using following constructs. We shall let p; q range over programs and s over signals. Let S represent the set of all state variables, and let S 2 S. A valuation  2