TICC-paradigm to build formally verified parallel software for multi-core chips

US 7,979,844 B2
Filed: 05/05/2009
Issued: 07/12/2011
Est. Priority Date: 10/14/2008
Status: Expired due to Fees

First Claim

Patent Images

1. A method of building formally verified parallel software for multi-core chips using TICC™

-Paradigm, the term TICC™

-Paradigm being used to refer to a collection of abstractions, each abstraction being simultaneously a programming abstraction and an abstraction of a component in parallel software systems, with associated methods of implementation, use and validation, said abstractions being embodied in a parallel program development and execution platform called TICC™

-Ppde, all abstractions embodied together in TICC™

-Ppde enabling the following;

(i) specification of abstract designs for parallel software systems;

designers of a parallel software system for an application Ap specifying the abstract design, Ap;

design( ), for application Ap using abstractions, the term “

abstract”

being used to refer to specifications of intended computations in a manner not necessarily executable by a computer, but amenable for computers building a theory of intended computations using event classes, interactively validating the theory and reducing models specified by the theory to their final validated implementations of computer programs;

(ii) event class theory of intended computations being called ALLowed Event Occurrence Patterns, ALLEOPs for short, the event class theory derived from Ap;

design( ) being called Ap;

ALLEOPS( ), Ap;

ALLEOPS( ) specifying patterns of causal chains of event classes that may occur in the intended computations, requirements to be satisfied by Ap;

design( ) being specified by designers in a Causal Temporal Logic (CTL) language, the set of CTL-assertions that specify requirements for Ap;

design( ) being called Ap;

requirements( ), computers using Ap;

design( ), Ap;

requirements( ) and Ap;

ALLEOPS( ) to perform the following tasks;

(a) TICC™

-Ppde automatically deriving Ap;

ALLEOPS( ) from Ap;

design( ), TICC™

-Ppde using Ap;

ALLEOPS( ) to interactively formally validate all CTL-assertions in Ap;

requirements( ) for the Ap;

design( ), the term “

formally validate”

being used to refer to validations performed without having to execute in a computer any of the intended computations;

(b) TICC™

-Ppde assisting designers to reduce abstract Ap;

design( ) to its validated implementation of computer programs through successive refinements, at each stage of refinement designers and implementers specifying intended computations in greater detail in a manner such that all formal validations done in all previous stages are preserved, at each stage of refinement designers updating Ap;

requirements( ), TICCT™

-Ppde automatically updating Ap;

ALLEOPS( ), TICC™

-Ppde assisting designers and implementers to formally interactively validate updated Ap;

requirements( ), successive refinements, successive automatic theory updating and successive validations preserving all validations performed in all previous stages of refinements, this iterative refinement process ultimately yielding the complete validated implementation of executable computer programs for the parallel software system for application Ap, implementation at any stage of refinement being called Ap;

implementation( ), Ap;

implementation( ) satisfying all requirements in Ap;

requirements( ) at every stage of refinement;

(iii) automatically implement a Self-Monitoring System (SMS) for Ap;

implementation( ) called Ap;

SMS( ), Ap;

SMS( ) monitoring Ap;

implementation( ) while it is running, in parallel with its running, without interfering in any way with timings of computational events, instances of event classes specified in Ap;

ALLEOPS( ) occurring while Ap;

implementation( ) is running, Ap;

SMS( ) using Ap;

ALLEOPS( ) while monitoring Ap;

implementation( ) to dynamically identify, report and take appropriate a priori defined actions, if errors are detected in event instance occurrences, while running Ap;

implementation( ), or if pending errors are detected, or if a priori defined critical event instance patterns occur while Ap;

implementation( ) is running, any departure of event instance occurrence patterns at run time from those specified for event classes in Ap;

ALLEOPS( ) being construed as errors, any deviation of timings of event instances from those specified in Ap;

ALLEOPS( ) being construed as a pending error, critical behaviors being defined by designers in terms of specific patterns of causal chains of event classes in Ap;

ALLEOPS( ), Ap;

SMS( ) providing the infrastructure for development of self-diagnosis, self-repair and learning capabilities for applications Ap;

abstractions in TICC™

-paradigm enabling TICC™

-Ppde to provide above services being independent, it being possible to use each abstraction independently of other abstractions to build and run software systems, such software systems not providing all above services, in the following the phrase “

programming abstraction”

being used to refer to abstractions used in developing computer programs, the phrase “

component abstraction”

being used to refer to abstractions of components used in TICC™

-Ppde parallel programs.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

This invention teaches a way of implementing formally verified massively parallel programs, which run efficiently in distributed and shared-memory multi-core chips. It allows programs to be developed from an initial abstract statement of interactions among parallel software components, called cells, and progressively refine them to their final implementation. At each stage of refinement a formal description of patterns of events in computations is derived automatically from implementations. This formal description is used for two purposes: One is to prove correctness, timings, progress, mutual exclusion, and freedom from deadlocks/livelocks, etc. The second is to automatically incorporate into each application a Self-Monitoring System (SMS) that constantly monitors the application in parallel, with no interference with its timings, to identify and report errors in performance, pending errors, and patterns of critical behavior. This invention also teaches a way of organizing shared-memory for multi-processors that minimizes memory interference, protects data and increases execution efficiency.

Citations

11 Claims

1. A method of building formally verified parallel software for multi-core chips using TICC™
- -Paradigm, the term TICC™
  
  -Paradigm being used to refer to a collection of abstractions, each abstraction being simultaneously a programming abstraction and an abstraction of a component in parallel software systems, with associated methods of implementation, use and validation, said abstractions being embodied in a parallel program development and execution platform called TICC™
  
  -Ppde, all abstractions embodied together in TICC™
  
  -Ppde enabling the following;
  
  (i) specification of abstract designs for parallel software systems;
  
  designers of a parallel software system for an application Ap specifying the abstract design, Ap;
  
  design( ), for application Ap using abstractions, the term “
  
  abstract”
  
  being used to refer to specifications of intended computations in a manner not necessarily executable by a computer, but amenable for computers building a theory of intended computations using event classes, interactively validating the theory and reducing models specified by the theory to their final validated implementations of computer programs;
  
  (ii) event class theory of intended computations being called ALLowed Event Occurrence Patterns, ALLEOPs for short, the event class theory derived from Ap;
  
  design( ) being called Ap;
  
  ALLEOPS( ), Ap;
  
  ALLEOPS( ) specifying patterns of causal chains of event classes that may occur in the intended computations, requirements to be satisfied by Ap;
  
  design( ) being specified by designers in a Causal Temporal Logic (CTL) language, the set of CTL-assertions that specify requirements for Ap;
  
  design( ) being called Ap;
  
  requirements( ), computers using Ap;
  
  design( ), Ap;
  
  requirements( ) and Ap;
  
  ALLEOPS( ) to perform the following tasks;
  
  (a) TICC™
  
  -Ppde automatically deriving Ap;
  
  ALLEOPS( ) from Ap;
  
  design( ), TICC™
  
  -Ppde using Ap;
  
  ALLEOPS( ) to interactively formally validate all CTL-assertions in Ap;
  
  requirements( ) for the Ap;
  
  design( ), the term “
  
  formally validate”
  
  being used to refer to validations performed without having to execute in a computer any of the intended computations;
  
  (b) TICC™
  
  -Ppde assisting designers to reduce abstract Ap;
  
  design( ) to its validated implementation of computer programs through successive refinements, at each stage of refinement designers and implementers specifying intended computations in greater detail in a manner such that all formal validations done in all previous stages are preserved, at each stage of refinement designers updating Ap;
  
  requirements( ), TICCT™
  
  -Ppde automatically updating Ap;
  
  ALLEOPS( ), TICC™
  
  -Ppde assisting designers and implementers to formally interactively validate updated Ap;
  
  requirements( ), successive refinements, successive automatic theory updating and successive validations preserving all validations performed in all previous stages of refinements, this iterative refinement process ultimately yielding the complete validated implementation of executable computer programs for the parallel software system for application Ap, implementation at any stage of refinement being called Ap;
  
  implementation( ), Ap;
  
  implementation( ) satisfying all requirements in Ap;
  
  requirements( ) at every stage of refinement;
  
  (iii) automatically implement a Self-Monitoring System (SMS) for Ap;
  
  implementation( ) called Ap;
  
  SMS( ), Ap;
  
  SMS( ) monitoring Ap;
  
  implementation( ) while it is running, in parallel with its running, without interfering in any way with timings of computational events, instances of event classes specified in Ap;
  
  ALLEOPS( ) occurring while Ap;
  
  implementation( ) is running, Ap;
  
  SMS( ) using Ap;
  
  ALLEOPS( ) while monitoring Ap;
  
  implementation( ) to dynamically identify, report and take appropriate a priori defined actions, if errors are detected in event instance occurrences, while running Ap;
  
  implementation( ), or if pending errors are detected, or if a priori defined critical event instance patterns occur while Ap;
  
  implementation( ) is running, any departure of event instance occurrence patterns at run time from those specified for event classes in Ap;
  
  ALLEOPS( ) being construed as errors, any deviation of timings of event instances from those specified in Ap;
  
  ALLEOPS( ) being construed as a pending error, critical behaviors being defined by designers in terms of specific patterns of causal chains of event classes in Ap;
  
  ALLEOPS( ), Ap;
  
  SMS( ) providing the infrastructure for development of self-diagnosis, self-repair and learning capabilities for applications Ap;
  
  abstractions in TICC™
  
  -paradigm enabling TICC™
  
  -Ppde to provide above services being independent, it being possible to use each abstraction independently of other abstractions to build and run software systems, such software systems not providing all above services, in the following the phrase “
  
  programming abstraction”
  
  being used to refer to abstractions used in developing computer programs, the phrase “
  
  component abstraction”
  
  being used to refer to abstractions of components used in TICC™
  
  -Ppde parallel programs.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. A method as recited in claim 1 further including the following steps for using cell abstraction:
    - cell abstraction being at once both a programming abstraction and a component abstraction, there being two kinds of cells, simple-cells and compound-cells, the term “
      
      cell”
      
      being used to denote both simple and compound cells, compound-cells encapsulating a network of cells interconnected by TICC™
      
      -Ppde pathways (hereinafter simply referred to as pathways), such encapsulated compound cells being usable as plug-in software units in larger software systems, provided ports matching the ports in a compound cell exist in the larger software system, networks of cells interconnected by pathways being called TICC™
      
      -networks, specifying the TICC™
      
      -network encapsulated by a compound-cell being called cell decomposition, a simple-cell being not so decomposable, TICC™
      
      -network for application Ap being called Ap;
      
      network( ), Ap;
      
      network( ) being obtained through successive network-refinement (decomposition) of postulated abstract compound-cells, features of cell abstraction in TICC™
      
      -paradigm being the following;
      
      (i) same unique cell process for all simple-cells;
      
      the top level simple-cell class, Cell, in TICC™
      
      -Ppde has a unique abstract Cell Interaction Process called Cell;
      
      CIP( ) defined in it, the same CIP-process Cell;
      
      CIP( ) being inherited by all cell subclasses C of Cell, the CIP-process inherited by C being referred to by C;
      
      CIP( ), C;
      
      CIP( ) specifying how instances of C should interact with their ports, C;
      
      CIP( )s for different subclasses C differing from each other only in the initialization routine C;
      
      init( ) of C;
      
      CIP( ), the cell process inherited by an instance c of C being referred to as c;
      
      CIP( ), compiled code for each c;
      
      CIP( ) being kept in the private memory of the ComPuting Unit, called c.cpu, assigned to c by TICC™
      
      -Ppde, this compiled code being used to run cell instance c in c.cpu, no two cell instances ever having the same CPU assigned to them, c;
      
      CIP( ) being the only process associated with cell instance c and CIP-processes being the only processes in any parallel software system in TICC™
      
      -paradigm, programmers having to define only the initialization routine C;
      
      init( ) and attributes, C.portPriority and C.sortedPortsList, for each instance c of C;
      
      (ii) simple-cell structure;
      
      each simple-cell subclass C having software port subclasses attached to it, there being three port subclasses, generalPort, functionPort and interruptPort, the same port subclass being attached to a cell subclass C multiple number of times, the term C.p being used here to refer to the subclass of a port attached to C, instances c.p of port subclass C.p being attached to instances c of C the same number of times class C.p being attached to C, the same port instance c.p being never attached to more than one cell instance c, c being called the parent cell of c.p, each c.p being connected only to one unique communication pathway, the pathway connected to c.p being called c.p.pathway, c.p using c.p.pathway to exchange messages with other ports connected to c.p.pathway, all instances c of C inheriting C;
      
      init( ) defined for C, each C having at least three port subclasses attached to it, at least one of each kind, the numbers and kinds of ports defined for each cell subclass C being automatically identified when Ap;
      
      design( ) is finalized, thus compound cell decomposition determining subclasses of cells used in an implementation, cell decomposition using domain knowledge of the application domain and no considerations of programming, there being thus no problem for designers having to identify cell subclasses that any application Ap should have based on programming considerations, or define computer programs for C;
      
      CIP( ), designers being responsible to define for each cell subclass C only cell attributes defined for C, kinds of port subclasses attached to C and the C;
      
      init( ) program;
      
      (iii) refinement of c;
      
      CIP( );
      
      each abstract c;
      
      CIP( ) being refined by inheriting its initialization program C;
      
      init( ) and for each port c.p of each instance c of C its abstract Thread Interaction Protocol (TIP) called c.p;
      
      TIP( ) being defined, each abstract c.p;
      
      TIP( ) being refined by specifying short sequential programs called pthreads that perform computations in c.p;
      
      TIP( ), c.p;
      
      TIP( ) specifying how c should interact with its port c.p, refinements of abstract c.p;
      
      TIP( ) being called TIP-refinements, TIP-refinements being defined by specifying computer programs for tasks performed by c at port c.p as pthreads, c.p;
      
      TIP( ) being fully TIP-refined when computer programs for all computing tasks performed by c while executing c.p;
      
      TIP( ) have been defined, the cell process c;
      
      CIP( ) being fully refined when all c.p;
      
      TIP( )s associated with c have been fully refined, implementers defining new port subclasses Q only when Q should contain special port attributes, specific to a given application, defined for them, these special attributes being not available in the three port subclasses already defined in TICCT™
      
      -Ppde;
      
      (iv) simple-cell self-activation;
      
      each simple-cell instance c operating independently in parallel with all other simple-cell instances in an application, c being run by the ComPuting Unit (CPU) assigned to it by TICC™
      
      -Ppde, the CPU assigned to c being called c.cpu, each cell c activating itself to run its c;
      
      CIP( ) process in c.cpu when a first message is delivered to it, c also activating by itself any computer program that c.cpu runs to build messages sent out by c or to process messages received by c, c being self-activating also for running all interrupt processing, c automatically correctly resuming operations suspended by interrupts, c.cpu performing memory allocations in virtualMemories it uses, c automatically performing all of its task scheduling based on message receipts, c never using an operating system, thus eliminating all program scheduling delays and program activation delays in parallel processing, and also thus making every parallel program impenetrable to intruders as long as integrity of system administrators is guaranteed;
      
      (v) simple-cell communications;
      
      at each port c.p attached to c having a communication protocol, hereinafter simply called protocol, defined for it, the protocol defined for Cc.p being called c.p.protocol, this protocol being associated with c.p.pathway connected to c.p, machine instruction called Causal Communication Primitive, CCP, being used to exchange signals between components in a pathway, each c.p.protocol being defined by a sequence of successively executed CCPs, each CCP taking only 2 nanoseconds to complete execution, evaluation of c.p.protocol causing signals to travel over c.p.pathway, components in c.p.pathways that exchange signals being always tuned to each other, each being always ready to receive and respond immediately to the signal it receives, thus eliminating delays in signal exchanges caused by synchronization sessions between the components, c.p.protocol appearing only in the definition of c.p;
      
      TIPO, c.q.protocol for any port c.q attached to c not appearing in any of the pthreads that define computing tasks performed by c.p;
      
      TIP( ), c.p.pathway having a unique virtualMemory, m, associated with port c.p embedded in it, this virtualMemory being called c.p.vM, signals traveling over c.p.pathway eventually delivering message written in c.p.vM to message recipient ports also connected to c.p.pathway only if recipient ports satisfy a priori specified security conditions, only c.cpu assigned to the parent cell c of c.p being allowed to evaluate c.p.protocol, such protocol evaluations by c.cpu always occurring immediately after message to be sent out becoming ready, having been fully written by cell c in to c.p.vM, this feature of immediate message transmission after message writing, eliminating all message scheduling delays in all communications in TICC™
      
      -Ppde, no c.p.protocol being ever evaluated by any CPU other than c.cpu, no two simultaneous evaluations of two distinct protocols, c1.p.protocol and c2.q.protocol by two distinct CPUs, c1.cpu and c2.cpu, ever interfering with each other, this enabling simultaneous parallel message exchanges, the number of such simultaneous parallel messages being limited only by the number of cells in an application, all messages being always exchanged by all cell instances asynchronously, each cell instance handling by itself all of its computational contingencies, a computational contingency being a need to invoke and execute a new computer program, or a need to attend to an unanticipated interrupt, or a need to temporarily suspend a program c is currently executing, or a need to resume a suspended program, each message being always delivered with in precisely predictable timings, latencies for message deliveries being as small as a few tens of nanoseconds to a few hundreds of nanoseconds, each computer program being always executed with in precisely predicted timing bounds;
      
      (vi) group-to-group communications;
      
      port instances attached to distinct cell instances being organized into port-groups, all ports in any port-group, pG, being always instances of the same port subclass, no two port instances attached to the same cell instance ever belonging to the same port-group pG, no port instance ever belonging to more than one port-group, all communications being always group-to-group communications, each pathway interconnecting two distinct port-groups pG and qG, such distinct pG and qG never containing ports belonging to the same cell instance, c.p.protocol for each c.p in each message sending port-group being executed in parallel by the c.cpu assigned to the parent cell c of c.p, agents in c.p.pathway coordinating this parallel protocol execution, an agent in the pathway dispatching the message only after the parent cell of every port c.p in pG has completed writing its contribution to a joint message produced by all parent cells of ports in pG, this being called dispatch coordination, another agent in the same pathway synchronously delivering the message in the virtualMemory of the pathway to all secure ports in the destination port-group also connected to the same pathway, secure ports being identified by this second agent based on security condition defined for each port in the destination port-group by system administrator of application Ap, the security condition for a port being a function of the virtualMemory in the pathway, message being delivered and said port, all communications in TICC™
      
      -Ppde being group-to-group communications, point-to-point communications being just special cases of such group-to-group communications, it being possible to have self-loop pathways in which a port-group sends message to itself;
      
      (vii) guaranteed transaction completions;
      
      a cell sending out a service request message to another cell and receiving a response being called a transaction, the CIP-process of cells in an application guaranteeing transaction completions for all service request messages received from any cell at any time, as described in sections 4.1 and 4.2 of Chapter 2, all transactions being completed with in precisely predictable timing bounds, parent cells of ports in a port-group that receive a service-request via the ports in said port-group always sending back a joint response, a port c.p that sends a service request message to another port or port-group via a pathway being able to send its next service request only after c.p has received its response for the first service request it sent, the virtualMemory of c.p.pathway thus never containing more than two messages at any given time, a service-request message and its response message, thereby eliminating the need for multiple service-request messages in a queue maintained by a buffer, this being called buffer-free asynchronous communication.
  - 3. A method as recited in claim 1 further including the following steps for using port abstraction:
    - port abstraction being at once both a programming abstraction and a component abstraction, the top level port abstraction being defined by the port class Port, subclasses generalPort, functionPort and interruptPort of Port being all pre-defined in TICC™
      
      -Ppde, implementers having to define additional port subclasses only when ports require special attributes not available in already defined port subclasses, attributes defined for Port including the following standard attributes;
      
      Port.input, Port.state, Port.vM, Port.rd.msg, Port.wr.msg, Port.pathway, Port.protocol, Port.smm, Port.delivery, Port.clock, Port.tipStart, Port.tipEnd, Port.tipInvoke, Port.beginningPorts, Port.endingPorts, Port.stack, Port.tipResume, Port.resumeStart, and Port.resumingPorts, all attributes of a port instance C.p attached to a cell instance c being kept distributed in the virtualMemory c.p.vM and privateMemory c.cpu.pM of the c.cpu assigned to run c, use of these attributes being illustrated in various sections of Chapter 2, standard methods defined in Port class including, Port;
      
      mR?( ), Port;
      
      pR?( ), Port;
      
      suspendTIP(resumingAddress), Port;
      
      f( )=eval(Port.protocol), Port;
      
      s( )=eval(Port.protocol), Port;
      
      suspend( )=Port.input=Ø
      
      , Port.rd;
      
      msg( ), Port.wr;
      
      msg( ), Port.rd;
      
      wrt(msg), Port.wr;
      
      wrt(msg), Port.rd;
      
      make(msg), Port;
      
      wr;
      
      make(msg) and similar methods being defined for other components of Port.vM, implementers being free to add other methods as needed, subclasses of Port differing from each other only in the attributes and methods defined for them, subclasses predefined for Port in TICC™
      
      -Ppde being adequate for most parallel programming applications, features of Port abstraction in TICC™
      
      -paradigm being the following;
      
      (i) facilitating asynchronous communications at any time;
      
      testing attributes c.p.state, c.p.input, c.p.delivery (c.p.delivery specifying the time at which c.p received its latest message) and c.p.clock for any port c.p at any time chosen by c being necessary for cell c to receive and process messages or to send out messages at any time chosen by c, each c.p giving access to c.cpu to all of the above said attributes of c.p at all times, thereby facilitating asynchronous communication via port c.p at any time chosen by c;
      
      (ii) communication control;
      
      c.p permitting its parent cell c to send out a message only when c.p.state=S, c.p accepting messages delivered to it by other cells only if its state is R, thus preventing message receiving and message sending ports from ever simultaneously exchanging messages via pathways connected to said ports at the same time, c.p changing its state from S to R only immediately after sending out a message, c.p changing its state from R to S only after receiving a response message and sensing of that response by its parent cell c, c.p thus enforcing the rule, cell c may send out a second message via c.p only after c has sensed a response message for the previous service-request message sent out by c.p;
      
      (iii) access control;
      
      c.p giving access to all methods and all data in c.p.vM to c.cpu only when c.p.state=S, such access not being given to any other CPU, c.p revoking given access to c.cpu as soon as c.cpu completes performing intended tasks, dynamically giving and revoking access to c.cpu in this manner being efficiently done without need to use an operating system, this feature introducing built-in data protection and security at the lowest level of operation of each c.cpu in all TICC™
      
      -Ppde parallel software systems, this together with messages being delivered to only secure ports making a TICC™
      
      -Ppde parallel program impenetrable to intruders as long as integrity of system administrators is guaranteed;
      
      (iv) preventing memory interference;
      
      a cell-group being a group of parent cells of ports in a port-group that may all simultaneously use the same virtualMemory, when cells in a cell-group simultaneously use the same virtualMemory, ports attached to those cells and connected to the pathway containing that virtualMemory specify allocations of distinct memory areas in the virtualMemory to the cells in the cell-group, each cell in the cell-group being allowed to write only in the memory area assigned to it by its port, thereby preventing memory interference, when parent cells of ports in a port-group use the same virtualMemory simultaneously executing programs stored in that virtualMemory, they use the scratchpad provided to them by that virtualMemory as a blackboard on which they post and read information needed to coordinate their activities.
  - 4. A method as recited in claim 1 further including the following steps for using VirtualMemory abstraction:
    - virtualMemory abstraction being simultaneously a programming abstraction and component abstraction, there being a top level virtualMemory class, M, M containing five component memories called ReadMemory, WriteMemory, ExecutionMemory, SignalMemory and Scratchpad, for any instance, m of M, components of m being referred to by readMemory, writeMemory, executionMemory, signalMemory and scratchpad, each pathway P containing one or more virtualMemories m embedded in P, P being called the parent pathway of m, each shared-memory pathway (sm-pathway), smP, always containing only one unique, m, the term smP.vM referring to m embedded in a smP, distributed-memory pathways (dm-pathways), dmP, containing more than one virtualMemory instance embedded in them, the virtualMemory instances embedded in dmP being referred to by dmP.vMs[i] for 1≦
      
      i≦
      
      n for some n>
      
      1, for any virtualMemory instance m, m.rd referring to readMemory component of m, similarly m.wr, m.ex, m.sm and m.sp referring to write, execution, signal and scratchpad memory components of m, methods for reading from and writing into various virtualMemory components being defined in the top level classes of the components, the execution memory m.ex containing all methods used by parent cells of ports connected to the parent pathway P of m, each m.ex providing the execution environment for every method stored in it, m.rd containing message delivered to message recipient ports connected to P, m.wr containing message sent out by parent cells of message sending ports connected to P, m.wr and m.rd being switched with each other before message in m.wr is delivered to a port p, thus parent cell of p reading message delivered to p only from m.rd, m.sm (signalMemory of m) holding data on p.state, p.input, p.delivery, p.clock, and compiled code for p.protocol for every port p connected to pathway P, m.sp (scratchpad of m) providing working memory for cells in a cell-group to exchange information with each other needed to coordinate their activities, while said cells are all using m simultaneously in parallel, virtualMemories having memory sizes in the range of 10 kilo-words to several giga-words, depending on the application, features of the VirtualMemory abstraction in the TICC™
      
      -paradigm being the following;
      
      (i) virtualMemories isolating operations performed in parallel by cells in TICC™
      
      -Ppde parallel software applications and providing coordination facilities when several cells use the same virtualMemory simultaneously;
      
      (ii) virtualMemories enabling enforcement of distinctive security and data protection features in TICC™
      
      -Ppde parallel software applications;
      
      (iii) virtualMemories providing a parallel buffering mechanism to support asynchronous communications, supporting parallel messaging and program mobility;
      
      (iv) virtualMemories enabling a novel design for shared-memory multiprocessor chips, using Distributed Shared Memory Modules (DSMMs), one DSMM being assigned to each virtualMemory in application Ap, the novel DSMM memory organization allowing arbitrary number of shared-memory CPUs to be integrated in said multiprocessor chips, dramatically limiting the number of CPUs that share the same DSMM, most CPUs using distinct DSMMs, each CPU connected to a small number of DSMMs, no CPU being able to access a DSMM that is not connected to it, thereby dramatically reducing memory interference and dramatically increasing data security, system security, and protection from unauthorized intruders;
      
      TICC™
      
      -Ppde providing built-in definitions for VirtualMemory class and all its components, implementers not having to define virtualMemories for any parallel software system in TICC™
      
      -Ppde.
  - 5. A method as recited in claim 1 further including the following steps for using Agent abstraction:
    - agent abstraction being both a programming abstraction and a component abstraction, top level Agent class and all subclasses of Agent needed for parallel programming being pre-defined in TICC™
      
      -Ppde, instances of various classes of agents being attached to virtualMemories embedded in pathways that interconnect ports in TICC™
      
      -Ppde parallel software systems, the virtualMemory to which an agent is attached being called the parent memory of the agent, the parent pathway P of the virtualMemory being also called the parent pathway of the agent, each virtualMemory instance m containing an arbitrary number of agents attached to it, virtualMemories embedded in sm-pathways and dm-pathways usually containing only 2 to 4 agents attached to them, features of the Agent abstraction in the TICC™
      
      -paradigm being the following;
      
      (i) agents embedded in a pathway route, coordinate and synchronize signal transmissions in said pathway;
      
      (ii) agents enforce data security by delivering message in their parent virtualMemories only to ports which satisfy a priori defined security conditions associated with the message;
      
      (iii) while transmitting signals over their parent pathway agents send signals also to Ap;
      
      SMS( ), the self-monitoring system of application Ap, informing the SMS about message dispatch and message delivery events occurring in their parent pathway, this enabling the SMS to build a causalnet of communication events occurring in application Ap, in real time, while Ap is running, SMS dynamically checking whether said communication events satisfy event class patterns in Ap;
      
      ALLEOPS( ), such dynamic checking enabling the SMS to detect errors, pending errors and critical event patterns occurring in Ap in real time while Ap is running, and enabling Ap;
      
      SMS( ) to report them, or immediately take appropriate a priori defined remedial actions, such dynamic checking also providing the infrastructure for future development of self-diagnosis, self-repair and learning in parallel software systems.
  - 6. A method as recited in claim 1 further including the following steps for using Pathway abstraction:
    - pathway abstraction also being both a programming abstraction and component abstraction, each pathway being connected to ports, each pathway having virtualMemories with agents attached to them, there being two kinds of pathways, Sm-pathway interconnecting two port-groups, parent cells of ports in a port-group being called a cell-group, Dm-pathway interconnecting a port-group of generalPorts in one shared-memory multiprocessor (SMP) to a set of other port-groups of functionPorts in other SMPs, parameterized protocols for the top level pathway classes Sm-pathway and Dm-pathway being pre-defined in TICC™
      
      -Ppde, implementers not having to define them, the term pathway being used to refer to both sm-pathways and dm-pathways, features of the Pathway abstraction in the TICC™
      
      -paradigm being the following;
      
      (i) an sm-pathway, smP, connected to a port c.p, having parameters consisting of the port c.p, other ports that smP is connected to, agents in smP, and the security function, if any, for the smP, such pathway parameters being substituted for the parameters defined in the parameterized protocol definition for Sm-pathway at the time smP is connected to port c.p, the protocol with substituted parameters being then compiled, this compiled protocol being stored in the virtualMemory of c.p.vM, a pointer to this compiled protocol in signalMemory being then set as the value of c.p.protocol, parent cell of c.p then performing eval(c.p.protocol) to evaluate the protocol in order to send message via that smP;
      
      (ii) Dm-pathway also having similar parameterized protocol definition, for any port q connected to a dm-pathway dmP, each dmP also being defined by a set of parameters consisting of components in dmP, the parameterized protocol defined for Dm-pathway being compiled after substituting the parameters of dmP for parameters defined in the protocol, this compiled protocol being stored in the virtualMemory c.q.vM, value of c.q.protocol being the pointer to the compiled code of said compiled protocol, parent cell of port c.q using eval(c.q.protocol) to evaluate the protocol in order to send message over dmP, there by making it possible to use identical invocation primitive eval(c.p.protocol) for message exchange via both sm-pathways and dm-pathways;
      
      (iii) no two pathway instances having any component in common, thus no two distinct protocol executions ever interfering with each other, this enabling multiple parallel asynchronous message exchanges, the number of such parallel message exchanges at any given time being limited only by the number of distinct cells in an application;
      
      (iv) protocol execution with precisely predictable timings enabling real-time communication of message dispatch and delivery times to SMS, thereby enabling self-monitoring;
      
      (v) protocol execution with precisely predictable timings also enabling ad hoc coordination and synchronization, such synchronization and coordination being possible only with TICC™
      
      -Ppde pathways;
      
      (vi) all components that exchange signals with each other in any pathway being tuned to each other, so that each component will be always ready to receive and respond to signals sent to it by other components in the pathway, this feature eliminating need for synchronization sessions during signal transmissions, thereby enabling very high-speed message exchanges.
  - 7. A method as recited in claim 1 further including the following steps for using Protocol abstraction:
    - protocol abstraction being at once a process abstraction and a component abstraction, there being only two distinct kinds of protocol abstractions in TICC™
      
      -Ppde, sm-pathway protocol abstraction and dm-pathway protocol abstraction, protocols in both abstractions being defined using Causal Communication Primitives (CCPs), each kind of protocol being defined as a parameterized protocol abstraction, no protocol definition ever containing data declarations, evaluation of protocol changing only attributes associated with the components of pathway to which said protocol applies, no two simultaneous parallel protocol executions ever interfering with each other, evaluation of protocols automatically enforcing real-time message coordination, message synchronization, security enforcement and communication with SMS, messages being always delivered only to secure ports that satisfy specified security conditions, messages being always delivered to all secure ports synchronously with a time-stamp indicating the time of message delivery, each compiled protocol being evaluated by the same cell that builds and sends messages, messages being always sent immediately after they have been built, thereby eliminating message scheduling delays, protocols enabling very high speed guaranteed parallel asynchronous simultaneous message exchanges with latencies as small as 14 nanoseconds for point-to-point communication and 100 nanoseconds for group-to-group communications over sm-pathways, and 400 nanoseconds plus data transmission delay for point-to-group distributed communications, all using 2 gigahertz CPUs, latency for message delivery being always precisely predictable.
  - 8. A method as recited in claim 1 further including the following steps for using Attachment and Tuning abstractions:
    - attachment and tuning abstractions being purely programming abstractions, being used in TICC™
      
      -Ppde to regulate access privileges given to cells to access data and execute methods in different classes of components in TICC™
      
      -Ppde parallel programming systems, each component, x, being restricted to access data and execute methods defined only in other components attached to or tuned to x, tuning being done to pairs of components that exchange signals in pathways, tuning being done also between a port c.p and its virtualMemory c.p.vM, as also between cell c and c.p.vM in order to enable c and c.p to access data and methods in c.p.vM, access privileges enabled by tuning and attachments being implemented automatically by TICC™
      
      -Ppde at the time pathways are installed and connected to ports, application programmers not having to write any programs to implement tunings and attachments.
  - 9. A method as recited in claim 1 further including the following steps for using ALLEOPs abstraction:
    - ALLEOPs being a process abstraction of theory of computations, as also a programming abstraction of computer programs that specify computer programs for automatically deriving, interpreting and using the ALLEOPs to formally verify CTL-assertions on properties of computations, Ap;
      
      ALLEOPS( ) being automatically made an integral part of every application Ap, computer programs pre-defined for ALLEOPs in TICC™
      
      -Ppde enabling formal proof constructions for validity of CTL-assertions, interactively with designers and implementers at any stage of implementation or use of application Ap, Traces being used during ALLEOPs-proof construction to interact with users, presenting to users intermediate results of proofs and receiving from users guidance to complete the proofs as necessary, when ALLEOPs-proofs fail to prove a given CTL-assertion, traces of failed proofs being used by designers and implementers to modify designs and implementations of applications, or to modify the CTL-assertions themselves as needed, failed proofs sometimes requiring users to interrupt the proof process in order to terminate it.
  - 10. A method as recited in claim 1 further including the following steps for using TICC™
    - -CPU;
      
      TICC™
      
      -Ppde parallel programs requiring special facilities in ComPuting Units (CPUs) used to execute them, the special facilities in TICC™
      
      -CPUs enabling each cell in a parallel software system to operate in parallel with all other cells in said system, completely autonomously, with out need to use an operating system to perform any of the needed services, also enabling efficient execution of parallel programs dramatically minimizing memory interference in shared-memory computers, further enabling a new distributed shared-memory organization using DSMMs, exploiting virtualMemories in TICC™
      
      -Ppde parallel software systems, to dramatically increase execution efficiencies and data security, and protection against unauthorized intrusions into any TICC™
      
      -Ppde parallel software system.
  - 11. A system for building or running formally verified parallel software for multi-core chips using TICC™
    - -Paradigm, the system comprising;
      
      a collection of computers; and
      
      a software system or hardware system running in the collection of computers performing a method as recited in any one of claims 1 through 10.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
EDSS Incorporated
Original Assignee
EDSS Incorporated
Inventors
Srinivasan, Chitoor V.
Primary Examiner(s)
Yigdall; Michael J

Application Number

US12/435,426
Publication Number

US 20090307660A1
Time in Patent Office

798 Days
Field of Search

None
US Class Current

717/119
CPC Class Codes

G06F 8/314 Parallel programming langua...

TICC-paradigm to build formally verified parallel software for multi-core chips

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

TICC-paradigm to build formally verified parallel software for multi-core chips

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links