Jahuel: A Formal Framework for Software Synthesis [chapter]

I. Assayad, V. Bertin, F. -X. Defaut, Ph. Gerner, O. Quévreux, S. Yovine
2005 Lecture Notes in Computer Science  
We present a theoretically sound and automated model-based design, analysis, and implementation framework for synthesizing correct-by-construction code. Special emphasis is put on multi-threaded software and multi-processor architectures. The framework consists in (1) a formal language which provides platform-independent constructs to specify the behavior of an application using an abstract execution model, and (2) a compilation chain for refining the application abstract model into its
more » ... implementation on a target platform. The prototype JAHUEL is currently being used for developing experimental industrial applications. Contact: Sergio.Yovine@imag.fr. Partially supported by MEDEA+ Project NEVA. Run-time libraries and compiler directives. A very common practice consists in using a language with no support for concurreny or time (e.g., C), together with specific libraries or system calls (e.g., POSIX threads or MPI [10]) provided by the underlying runtime system or using compiler directives (e.g., OpenMP [18]). 3 This approach has several inconveniences. First, there is no way to distinguish between abstract and concrete execution models at program level, and therefore, the reason that motivated the programmer's choice (i.e., application design or platform capability) is irrecoverable from program code. This gives rise to a messy development cycle, where application design and system deployment are not handled separately, and application code is too early customized for a specific target, therefore impeding reusability and portability. Second, correctness verification is almost impossible due to system calls. Domain-specific programming languages. Another practice consists in using a language with a (more or less formal) abstract execution model where time and concurrency are syntactic and semantic concepts (e.g., Lustre [11], Ada [5] .) It is entirely the role of the compiler to implement the abstract execution model on the target platform. This approach enhances formal analysis. Nevertheless, these languages provide no constructs for dealing with cross-cutting non-functional issues, and rely on a fully automatic implementation phase that makes retargetting, platform exploration, and optimization hard to achieve. For instance, a typical industrial practice for exploiting multiprocessor architectures for synchronous programs consists in manually cutting the code into pieces, and adding hand-written wrappers. This practice breaks down formal analysis and suffers from the same inconveniences of the library/directives approach. Although there is ongoing work to solve this problem for specific execution platforms (e.g., [6]), there is no attempt neither to provide language support nor to develop a general framework. Modelling frameworks and architecture description languages. To some extent, some of the abovementioned problems could be avoided using (domain-specific) architecture description languages that provide means to integrate software and hardware models (e.g., [4] .) Still, in all ADL-based approaches we are aware of, description of the application execution model is tied up to a platform-dependent execution model, which is, consequently, implemented using platform primitives by direct translation of the application code. also handles requirements composed horizontally at the same level of abstraction. However, it does not seem to be well adapted to reason about cross-cutting non-functional requirements that need vertical propagation and composition through different abstraction layers. Platform-based design [20] is a methodology that supports vertical integration, but it is mainly focused on composing functionality while abstracting away non-functional properties. PTOLEMY II [19] is a design framework that supports composition of heterogeneous models of concurrent computation, but it is oriented towards modeling and simulation rather than to application-code synthesis.
doi:10.1007/11576280_15 fatcat:mrlvmx46njbuhm53pkau464zoq