Intermittently powered energy-harvesting devices enable new applications in inaccessible environments. Program executions must be robust to unpredictable power failures, introducing new challenges in programmability and correctness. One hard problem is that input operations have implicit constraints, embedded in the behavior of continuously powered executions, on when input values can be collected and used. This paper aims to develop a formal framework for enforcing these constraints. We identify two key properties -- freshness (i.e., uses of inputs must satisfy the same time constraints as in continuous executions) and temporal consistency (i.e., the collection of a set of inputs must satisfy the same time constraints as in continuous executions). We formalize these properties and show that they can be enforced using atomic regions. We develop Ocelot, an LLVM-based analysis and transformation tool targeting Rust, to enforce these properties automatically. Ocelot provides the programmer with annotations to express these constraints and infers atomic region placement in a program to satisfy them. We then formalize Ocelot's design and show that Ocelot generates correct programs with little performance cost or code changes.
翻译:断断续续的节能采集装置必须在无法进入的环境中进行新的应用。 方案执行必须针对无法预测的电力失灵而强有力, 从而在可编程和正确性方面带来新的挑战。 一个棘手的问题是投入操作存在隐含的限制, 嵌入式处决的行为, 嵌入于持续动力处决的行为, 以及何时可以收集和使用输入值。 本文旨在开发一个执行这些限制的正式框架 。 我们确定了两个关键属性 -- 新鲜性( 即投入的使用必须满足与持续处决相同的时间限制) 和时间一致性( 即收集一组投入必须满足与持续处决相同的时间限制 ) 。 我们将这些属性正式化, 并表明它们可以使用原子区域强制实施 。 我们开发了以 Rust 为目标的基于 LLVM 的分析和转换工具 Ocelot, 以便自动执行这些属性。 Ocelot 向程序员提供说明, 以表达这些限制, 并推断原子区域在程序中的位置以满足这些限制 。 我们随后正式确定 Ocelot 的设计并显示 Ocelot rot 生成正确的程序, 其执行成本或代码变化很小。
相关内容
Source: Apple - iOS 8
微信扫码咨询专知VIP会员