Transcript Hume
Analyzing Stack and Heap
Bounds for Primitive Recursive
Programs in PR-Hume
Kevin Hammond, Pedro Vasconcelos, Sun Meng,
Álvaro Rebón Portillo, Leonid Timochouk
University of St Andrews, Scotland
Greg Michaelson, Robert Pointon, Graeme McHale, Chunxiu Liu
Heriot-Watt University, Scotland
Jocelyn Sérot
LASMEA, Clermont-Ferrand, France
http://www.hume-lang.org
Hume
Higher-order Uniform Meta-Environment
David Hume
Scottish Enlightenment Philosopher
and Sceptic
1711-1776
Hume Research Objectives
• Real-Time, Hard Space Functional Programming
– Including Device Drivers, Derek!
• Virtual Testbed for Space/Time Cost Modelling
• Generative, Domain-Specific Language Design
Kevin Hammond, University of St Andrews
Slide 3
Overview
1. Hume Language Design and Examples
2. Stack and Heap Usage for Primitive Recursive Programs
1. Cost Model
2. Inference Algorithm (Type-and-Effect System)
3. Results of the Analysis
4. Conclusions and Further Work
Kevin Hammond, University of St Andrews
Slide 4
Hume Design Domain (1)
QuickTime™ and a YUV420 codec dec ompres sor are needed to see this pic ture.
Kevin Hammond, University of St Andrews
Slide 5
Hume Design Domain (2)
Kevin Hammond, University of St Andrews
Slide 6
State of the Art...
• Embedded Systems Engineering
–
–
–
–
big trend to high level software design (UML etc.)
80% of all embedded software is now written in C/C++
75% of embedded software is delivered late
bugs can cost $14,000 each to fix!
• A Major Problem with C/C++ is Poor Memory Management
– explicit allocation, deallocation
– pointer following
– etc. etc.
• No Accurate Method for Determining Memory Usage
– profiling, guesswork(!!), approximation
Kevin Hammond, University of St Andrews
Slide 7
A New Direction?
Kevin Hammond, University of St Andrews
Slide 8
Hume Design Objectives
• Targets embedded/critical applications
Reliability,
Expressibility,
Controllability,
Predictability,
Costability
– Hard real-time target
– Formally bounded time and space
– I/O managed through low-level “ports”/“streams”
» Memory-mapped, timed, interrupts or devices
– Asynchronous concurrency model (multicore?)
– Simple, easily costed, exception handling mechanisms
– Transparent design and implementation: correctness by construction
– uses Haskell FFI to allow external calls in C/assembler etc.
• High level of expressiveness/productivity
–
–
–
–
–
Rule-based system: concise & clear using functional notation
Runtime errors reduced by strong polymorphic types
Structured reuse through higher order functions
Thread management simplified by implicit concurrency/parallelism
Elimination of memory errors through automatic memory management
Kevin Hammond, University of St Andrews
Slide 9
FSA-derived Notation
• Based on generalised Mealy machines (see Michaelson et al. 2003)
• Boxes encapsulate a set of rules each mapping inputs to outputs
• Multiple inputs/outputs are grouped into tuples
box b ...
match
(patt11, ..., patt1k) -> (expr11, ..., expr1m)
|
...
|
(pattn1, ..., pattnk) -> (expr11, ..., exprnm)
;
•
•
•
•
Sets of boxes are wired into static process networks (automata)
Boxes repeat indefinitely once a result is produced (tail recursion)
Boxes are asynchronous (ignored inputs/outputs)
Wires are single-buffered
Kevin Hammond, University of St Andrews
Slide 10
Hume Language Structure
Declaration & Metaprogramming Layer
Coordination Layer
Expression Layer
Kevin Hammond, University of St Andrews
Slide 11
Expression Layer
• Purely functional, strict, higher-order, polymorphic, stateless
• Matches are total
• Timeouts/space overflows are managed through exceptions
varid expr1 … exprn
-- function/constructor application
(expr1, …, exprn)
-- tuples
< expr1, …, exprn >
-- vectors (sized)
[ expr1, …, exprn ]
-- lists (bounded)
let decls in expr
-- local value declarations
expr within cexpr
-- timeout/space restriction
if expr then expr else expr -- conditional expression
case expr of matches
-- case expression
expr :: type
-- type cast
expr as type
-- type coercion (cost implication)
Kevin Hammond, University of St Andrews
Slide 12
Example: Parity Checker
type Bit = word 1;
type Parity = boolean;
comm1
parity true = (“true”,true);
parity false = (“false”,false);
b
box even_parity2
in (b::Bit, p::Parity)
out (show::string, p'::Parity)
match
(0,true)
| (1,true)
| (0,false)
| (1,false)
->
->
->
->
parity
parity
parity
parity
true
false
false
true;
p (true,…)
even_parity2
p’
comm2
wire even_parity2 (comm1, even_parity2.p' initially true)
(comm2, even_parity2.p);
Kevin Hammond, University of St Andrews
Slide 13
Hume Language Levels
Full Hume
PR-Hume
HO-Hume
FSM-Hume
HW-Hume
Kevin Hammond, University of St Andrews
Full Hume
recursive functions
recursive data structures
PR-Hume
primitive-recursive functions
primitive-recursive data structures
HO-Hume
higher-order non-recursive functions
non-recursive data structures
FSM-Hume
1st-order non-recursive functions
non-recursive data structures
HW-Hume
no functions
non-recursive data structures
Slide 14
Predicting the Cost
?
Kevin Hammond, University of St Andrews
Slide 15
A Type-and-Effect
Space Cost Model
• Relates language structure to <heap, max stack> usage
– operational semantics expressed using sequent style
QuickTime™ and a
TIFF (LZW) decompressor
are needed to see this picture.
Both heap and stack
can be cleared after
a single box step
Stack; Heap
• Tuned to prototype Hume abstract machine interpreter
– allows accuracy to be measured
– can be exploited by compiler
Derived from
theoretical
work on cost
analysis for parallel
programs
Kevin Hammond, University of St Andrews
Slide 16
Sized Types
• Types are annotated with sizes
– magnitude of natural
– length of a list
10 :: Nat10
[6,1,2] :: [Nat6 ]3
• Sizes can be weakened to any greater size
– defined as a subtyping relation
– so 10 :: Nat11 but not 10 :: Nat9
– means unknown size, greater than any other size, so 10 :: Nat
– means undefined size, less than any other size
• Will be used to determine recursion bounds
Kevin Hammond, University of St Andrews
Slide 17
Latent Costs
• Define costs for functions
QuickTime™ and a
TIFF (LZW) decompressor
are needed to see this picture.
• Allow costs to be captured for higher-order functions
Kevin Hammond, University of St Andrews
Slide 18
Types and Effects for
Stack/Heap Usage
• Size/Cost Expressions
QuickTime™ and a
TIFF (LZW) decompressor
are needed to see this picture.
• Types and Effects
QuickTime™ and a
TIFF (LZW) decompressor
are needed to see this picture.
Kevin Hammond, University of St Andrews
Slide 19
Cost Rules: Basic Expressions
QuickTime™ and a
TIFF (LZW) decompressor
are needed to see this picture.
Kevin Hammond, University of St Andrews
Slide 20
Cost Rules: Conditionals/Cases
are needed to see this picture.
TIFF (LZW) decompressor
QuickTime™ and a
Kevin Hammond, University of St Andrews
Slide 21
Cost Rules:
Function Applications
QuickTime™ and a
TIFF (LZW) decompressor
are needed to see this picture.
Kevin Hammond, University of St Andrews
Slide 22
Cost Rules: Function Decls
QuickTime™ and a
TIFF (LZW) decompressor
are needed to see this picture.
QuickTime™ and a
TIFF (LZW) decompressor
are needed to see this picture.
Kevin Hammond, University of St Andrews
Slide 23
Cost Inference
• Restrict cost annotations in types to be variables
• Separately collect constraints on variables
QuickTime™ and a
TIFF (LZW) decompressor
are needed to see this picture.
• So, standard unification can be used on types
• Constraints must be solved to determine closed costs
Kevin Hammond, University of St Andrews
Slide 24
Cost Inference
• Restrict cost annotations in types to be variables
• Separately collect constraints on variables
QuickTime™ and a
TIFF (LZW) decompressor
are needed to see this picture.
• So, standard unification can be used on types
• Constraints must be solved to determine closed costs
Kevin Hammond, University of St Andrews
Slide 25
Solving Recurrences
• For recursive programs, the effect system generates
recurrence relations on constraints
• These are solved to give closed forms
– use e.g. Mathematica, called during cost analysis
– use an “oracle” of known recurrences
– write a new recurrence solver
• Constraints are monotonically increasing
Kevin Hammond, University of St Andrews
Slide 26
Example: Length
• For the recursive length function
length [] = 0;
length (x:xs) = 1 + length xs;
{stack,heap}
• The type inferred is:
length ::
[t7]^x21-{x19,x20}->nat^x27,
{x19 >=7+6*x21, x20 >=2+4*x21,x27>=x21}
Kevin Hammond, University of St Andrews
Slide 27
Example: Take
• For the recursive take function
take n [] = [];
take n (x : xs) =
if n > 0 then (x : take (n-1) xs) else [];
• The type inferred is:
take ::
nat^x53-{x51,x52}->[t118]^x56
-{x54,x55}->[t118]^x62,
{x51>=0,x52>=0,x54>=10+9*min(x53,x56),
x55>=7+13*min(x53,x56),x62>=min(x53,x56)}
Kevin Hammond, University of St Andrews
Slide 28
Example: Twice/Map
• For the Higher-Order twice and map2 functions
twice f x = f (f x);
map2 f [] = [];
map2 f (x:[]) = [f x];
map2 f (x:(y:[])) = [f x,f y];
add1 x = 1+x;
h x = map2 (twice add1) x;
• The types inferred are:
twice ::
map1 ::
add1 ::
h ::
(t21-{x14,x15}->t21)-{x2,x3}->t21-{x4,x5}->t21,
{x2>=0,x3>=0,x4>=6+max(1+x14,1),x5>=x15+x15}
(t54-{x62,x63}->t73)-{x45,x46}->[t54]^x64
-{x47,x48}->[t73]^x65,
{x45>=0,x46>=0,x47>=6+max(1+max(1+x62,1),2),
x48>=max(8+x63,3),x65>=1}
int-{x23,x24}->int, {x23>=7,x24>=4}
[int]^x112-{x75,x76}->[int]^x113,
{x75>=30,x76>=25,x113>=1}
Kevin Hammond, University of St Andrews
Slide 29
Results
!
Kevin Hammond, University of St Andrews
Slide 30
Results
function
length:
length:
length:
length:
heap (est)
10
100
1000
10000
reverse: 10
reverse: 100
reverse: 1000
twice/map2: 1
twice/map2: 2
lift
181(181)
1711(1711)
17011(17011)
170011(170011)
381(381)
26862(26862)
2518512(2518512)
25(25)
38(38)
129(144)
Kevin Hammond, University of St Andrews
stack(est)
heap(GHC -O2)
72(72)
612(612)
6012(6012)
60012(60012)
1632
2357
15630
141626
88(98)
810(813)
8008(8013)
2080
35395
3051874
30(30)
30(30)
89(89)
1564
1592
-Slide 31
Results (Pump)
• Cost model applied to mine drainage example
2.6KB
v. 2.4KB
– implemented in prototype Hume abstract machine compiler
– compared with measured dynamic runtime costs
box
pump
environ
water
logger
others
wires
totals
heap est heap actual
47
49
54
119
115
96
480
Kevin Hammond, University of St Andrews
38
47
54
105
106
84
434
9%
stack est stack actual
17
29
24
39
70
179
17
29
24
31
70
171
Slide 32
The Reality
!!
Kevin Hammond, University of St Andrews
Slide 33
RTLinux Memory Usage (Pump)
Module
hume_module
rtl_sched
rtl_fifo
rtl_posixio
rtl_time
rtl
text
30146
data
52
Size
61904
43200
10016
7232
10064
27216
bss
30048
Kevin Hammond, University of St Andrews
Used by
0 (unused)
0 [hume_module]
0 [hume_module]
0 [rtl_fifo]
0 [hume_module rtl_sched rtl_posixio]
0 [hume_module rtl_sched rtl_fifo
rtl_posixio rtl_time]
dec
60246
hex
eb56
filename
hume_module.o
Slide 34
Comparison with Java/Ada
(Pump)
• Source
– 867 (234) for Java
– 251 (51) for Hume
– ? (206) for Ada
Only one benchmark
shown here
• Size of object code (byte code)
– 7991 (2003) for Hume
– 18316 (7360) for JVM
– ? (12045) for Ada
• Memory Requirement
But results have
been repeated
for smaller cases
– 9MB for Java (JVM, MacOSX)
– 60KB (RTLinux, bare RTS), 400KB (MacOSX, normal RTS) for Hume
• Execution Time
– Hume is 9-12x faster than the JVM
– The KVM is 30%-80% slower than the JVM
Direct Real-time comparison
requires rewrite to RTSJ
Kevin Hammond, University of St Andrews
Slide 35
Vehicle Sim. Statistics
Thu Aug 21 19:06:06 BST 2003
Box Statistics:
control: MAXRT = 53120ns, TOT = 1960041024ns, MAXHP = 57, MAXSP = 36
env:
MAXRT = 9101600ns, TOT = 1580087776ns, MAXHP = 49099, MAXSP = 129
vehicle: MAXRT = 2973120ns, TOT = 2269933760ns, MAXHP = 49164, MAXSP = 133
Box heap usage: 98440 (99414 est)
Box stack usage: 298 (319 est)
Stream/MIDI Statistics:
output1: MAXRT = 22688ns, TOT = 3188562720ns, MAXHP = 71, MAXSP = 1
...
Kevin Hammond, University of St Andrews
Slide 36
Vehicle Sim. Statistics (2)
Wire Statistics:
control.0:
env.0: MAX
vehicle.0:
vehicle.1:
vehicle.2:
vehicle.3:
MAX DELAY = 24544ns, MAXHP =
DELAY = 67072ns, MAXHP = 11
MAX DELAY = 33056ns, MAXHP =
MAX DELAY = 32448ns, MAXHP =
MAX DELAY = 9118688ns, MAXHP
MAX DELAY = 9135968ns, MAXHP
47
47
2
= 11
= 2
Total heap usage: 197022 (199078 est)
Total stack usage: 597 (640 est)
Sat Aug 23 06:46:19 BST 2003
Kevin Hammond, University of St Andrews
Slide 37
Related Work (Analysis)
• Regions (Tofte)
– explicit labelled memory areas, automatic deallocation
• Cyclone (Morrissett)
– C syntax, region inference
• Sized Types (Hughes & Pareto)
– properties of reactive systems, progress, not inference, not cost
• Camelot/GRAIL (Sannella, Gilmore, Hofmann et al.)
– stack/heap inference from JVM bytecode, parametric costs, tail recursion
• Worst-Case Execution Time Analysis (Wellings et al)
– Java/Ada, probabilistic cache/execution costs
Kevin Hammond, University of St Andrews
Slide 38
Conclusions
• Cost Analysis for
Primitive Recursive, Higher-Order, Polymorphic Functions
– strict, purely functional notation
– generates cost equations plus recurrences
» recurrences solved by reference to an oracle or external solver
– soundness results under construction
• Good Practical Results Obtained in a number of cases
– no loss of accuracy for non-recursive definitions
– exact worst-case solutions obtained for many definitions
– size-aliasing can cause problems for composing polymorphic definitions
Kevin Hammond, University of St Andrews
Slide 39
Further Work/Work in Progress
• Modelling
– soundness proofs
» under construction
• extends Hughes/Pareto MML to inference, different cost domain
• many technical problems solved, some remaining
– resolve size aliasing problem
– extend to general data structures
– application to other language paradigms: non-strict, object-oriented, C/C++
• Real-Time Models
– Predictive real-time models need better hardware (especially cache) models
– alternative real-time scheduling algorithms should be tried
• 1MEuro Framework VI Proposal (FET-OPEN)
– with Jocelyn Sérot (LASMEA, France), Martin Hofmann (Ludwigs-Maximilian Univerität,
Germany) and AbsInt GmbH (Saarbrücken, Germany)
Kevin Hammond, University of St Andrews
Slide 40
Recent Papers
Inferring Costs for Recursive, Polymorphic and Higher-Order Functional Programs
Pedro Vasconcelos and Kevin Hammond
To appear in Proc. 2003 Intl. Workshop on Implementation of Functional Languages (IFL ‘03), Edinburgh,
Springer-Verlag LNCS, 2004. Winner of the Peter Landin Prize for best paper
Hume: A Domain-Specific Language for Real-Time Embedded Systems
Kevin Hammond and Greg Michaelson
Proc. 2003 Conf. on Generative Programming and Component Engineering (GPCE 2003), Erfurt, Germany,
Springer-Verlag LNCS, Sept. 2003. Proposed for ACM TOSEM Fast Track Submission
FSM-Hume: Programming Resource-Limited Systems using Bounded Automata
Greg Michaelson, Kevin Hammond and Jocelyn Sérot
Proc. 2004 ACM Symp. on Applied Computing (SAC ‘04), Nicosia, Cyprus, March 2004
The Design of Hume
Kevin Hammond
Invited chapter in Domain-Specific Program Generation,
Springer-Verlag LNCS State-of-the-art Survey, C. Lengauer (ed.), 2004
Predictable Space Behaviour in FSM-Hume”,
Kevin Hammond and Greg Michaelson,
Proc. 2002 Intl. Workshop on Implementation of Functional Languages (IFL ‘02), Madrid, Spain, Sept. 2002,
Springer-Verlag LNCS 2670, ISBN 3-540-40190-3,, 2003, pp. 1-16
Kevin Hammond, University of St Andrews
Slide 41
http://www.hume-lang.org
Kevin Hammond, University of St Andrews
Slide 42
Hume
Higher-order Uniform Meta-Environment
David Hume
Scottish Enlightenment Philosopher
and Sceptic
1711-1776
Results (Far Lifts)
• Cost model applied to recursive lifts
box
lift1
lift2
floors
logger
schedule
totals
heap est heap actual
939
939
35
715
78
2706
Kevin Hammond, University of St Andrews
610
392
31
261
70
1364
12.8KB
v. 7.2KB
stack est stack actual
218
218
21
20
35
512
206
152
21
20
35
434
Slide 44