A Multi-Periodic Synchronous Data-Flow Language

Similar documents
A Multi-Periodic Synchronous Data-Flow Language

Synchronous Modelling of Complex Systems

N-Synchronous Kahn Networks A Relaxed Model of Synchrony for Real-Time Systems

Clock-driven scheduling

Process Scheduling for RTS. RTS Scheduling Approach. Cyclic Executive Approach

The AADL behavior annex - experiments and roadmap

Online Scheduling Switch for Maintaining Data Freshness in Flexible Real-Time Systems

The Concurrent Consideration of Uncertainty in WCETs and Processor Speeds in Mixed Criticality Systems

Formal Specification and Verification of Task Time Constraints for Real-Time Systems

Task Models and Scheduling

Aperiodic Task Scheduling

THE UNIVERSITY OF MICHIGAN. Faster Static Timing Analysis via Bus Compression

Time and Schedulability Analysis of Stateflow Models

Operational Semantics

Abstractions and Decision Procedures for Effective Software Model Checking

The Discrete EVent System specification (DEVS) formalism

Alan Bundy. Automated Reasoning LTL Model Checking

Testability. Shaahin Hessabi. Sharif University of Technology. Adapted from the presentation prepared by book authors.

Real-Time Scheduling and Resource Management

Scheduling Periodic Real-Time Tasks on Uniprocessor Systems. LS 12, TU Dortmund

End-to-end latency and temporal consistency analysis in networked real-time systems

Program Analysis Probably Counts

Real-Time Systems. LS 12, TU Dortmund

IEEE TRANSACTIONS ON COMPUTER-AIDED DESIGN OF INTEGRATED CIRCUITS AND SYSTEMS 1

Formal Models of Timed Musical Processes Doctoral Defense

Immediate Detection of Predicates in Pervasive Environments

Dynamic Priority Scheduling of Periodic Tasks with Extended Precedences

Worst-Case Execution Time Analysis. LS 12, TU Dortmund

Embedded Systems Design: Optimization Challenges. Paul Pop Embedded Systems Lab (ESLAB) Linköping University, Sweden

Causality Interfaces and Compositional Causality Analysis

Compiling Techniques

Non-preemptive multiprocessor scheduling of strict periodic systems with precedence constraints

TTA and PALS: Formally Verified Design Patterns for Distributed Cyber-Physical

Design of Distributed Systems Melinda Tóth, Zoltán Horváth

Average-Consensus of Multi-Agent Systems with Direct Topology Based on Event-Triggered Control

Using the Principles of Synchronous Languages in Discrete-event and Continuous-time Models

Lecture: Workload Models (Advanced Topic)

Simulation & Modeling Event-Oriented Simulations

The Quasi-Synchronous Approach to Distributed Control Systems

The preemptive uniprocessor scheduling of mixed-criticality implicit-deadline sporadic task systems

Artificial Intelligence Chapter 7: Logical Agents

Financial. Analysis. O.Eval = {Low, High} Store. Bid. Update. Risk. Technical. Evaluation. External Consultant

Semantics and Verification of Software

Semantic Equivalences and the. Verification of Infinite-State Systems 1 c 2004 Richard Mayr

Runtime Model Predictive Verification on Embedded Platforms 1

EDF Feasibility and Hardware Accelerators

Joint work with Marie-Aude Esteve, Joost-Pieter Katoen, Bart Postma and Yuri Yushtein.

Non-Preemptive and Limited Preemptive Scheduling. LS 12, TU Dortmund

Petri nets. s 1 s 2. s 3 s 4. directed arcs.

Scalable and Accurate Verification of Data Flow Systems. Cesare Tinelli The University of Iowa

Agent-Based HOL Reasoning 1

CEC 450 Real-Time Systems

Embedded Systems Development

CSE 505, Fall 2005, Midterm Examination 8 November Please do not turn the page until everyone is ready.

Decomposition of planning for multi-agent systems under LTL specifications

Synchronous Reactive Systems

Lecture 13. Real-Time Scheduling. Daniel Kästner AbsInt GmbH 2013

Using the Principles of Synchronous Languages in Discrete-event and Continuous-time Models

Automatic Generation of Safe Handlers for Multi-Task Systems

From Concurrent Multi-clock Programs to Deterministic Asynchronous Implementations

EDF Scheduling. Giuseppe Lipari May 11, Scuola Superiore Sant Anna Pisa

Regression-based Statistical Bounds on Software Execution Time

Static Program Analysis using Abstract Interpretation

Lecture 4. Finite Automata and Safe State Machines (SSM) Daniel Kästner AbsInt GmbH 2012

VERIFICATION OF A LARGE DISCRETE SYSTEM USING ALGEBRAIC METHODS

Roy L. Crole. Operational Semantics Abstract Machines and Correctness. University of Leicester, UK

PSL Model Checking and Run-time Verification via Testers

Construction of a reconfigurable dynamic logic cell

On the Complexity of Mapping Pipelined Filtering Services on Heterogeneous Platforms

Real-Time Workload Models with Efficient Analysis

Georg Frey ANALYSIS OF PETRI NET BASED CONTROL ALGORITHMS

Embedded Systems 14. Overview of embedded systems design

Real-Time Systems. Lecture 4. Scheduling basics. Task scheduling - basic taxonomy Basic scheduling techniques Static cyclic scheduling

Uniprocessor real-time scheduling

Embedded Systems Development

Real-Time Scheduling. Real Time Operating Systems and Middleware. Luca Abeni

Caches in WCET Analysis

Automatic determination of numerical properties of software and systems

T Reactive Systems: Temporal Logic LTL

Design and Analysis of Time-Critical Systems Response-time Analysis with a Focus on Shared Resources

ECE 407 Computer Aided Design for Electronic Systems. Simulation. Instructor: Maria K. Michael. Overview

Formal Semantics for Grafcet Controlled Systems 1 Introduction 2 Grafcet

Stability analysis of linear systems under asynchronous samplings

A PARAMETRIC DECOMPOSITION BASED APPROACH FOR MULTI-CLASS CLOSED QUEUING NETWORKS WITH SYNCHRONIZATION STATIONS

Helsinki University of Technology Laboratory for Theoretical Computer Science Research Reports 66

Design of Real-Time Software

Design of Embedded Systems: Models, Validation and Synthesis (EE 249) Lecture 9

Business Process Management

Unit: Blocking Synchronization Clocks, v0.3 Vijay Saraswat

Proving Safety Properties of the Steam Boiler Controller. Abstract

A Formal Model of Clock Domain Crossing and Automated Verification of Time-Triggered Hardware

Modeling Fixed Priority Non-Preemptive Scheduling with Real-Time Calculus

Mapping to Parallel Hardware

Logical Agents. Knowledge based agents. Knowledge based agents. Knowledge based agents. The Wumpus World. Knowledge Bases 10/20/14

Intelligent Agents. Pınar Yolum Utrecht University

Seamless Model Driven Development and Tool Support for Embedded Software-Intensive Systems

CIS 4930/6930: Principles of Cyber-Physical Systems

Real-time Scheduling of Periodic Tasks (1) Advanced Operating Systems Lecture 2

Multi-Sensor Fusion for Localization of a Mobile Robot in Outdoor Environments

Logic Model Checking

Transcription:

Julien Forget 1 Frédéric Boniol 1 David Lesens 2 Claire Pagetti 1 firstname.lastname@onera.fr 1 ONERA - Toulouse, FRANCE 2 EADS Astrium Space Transportation - Les Mureaux, FRANCE November 19, 2008 1 / 28

1 Context 2 Synchronous Data-Flow Languages 3 A Multi-Periodic Synchronous Language 4 Implementation 5 Conclusion 2 / 28

Outline 1 Context 2 Synchronous Data-Flow Languages 3 A Multi-Periodic Synchronous Language 4 Implementation 5 Conclusion 3 / 28

Implementing Multi-Periodic Reactive Systems An increasingly complex task: Implementing functional aspects. Implementing real-time aspects. Developing the hardware platform (outside our scope). Critical systems: strong determinism required (functional as well as temporal). At the same time, optimize latency, hardware cost, etc. 4 / 28

Contribution We propose: A high-level, formal language With automated code generation (from design to implementation). Based on synchronous languages. This provides: High confidence in the generated code. Easier design (higher level of abstraction). Faster development cycle. 5 / 28

A reactive system : the Automated Transfer Vehicle The ATV is the resupplying vehicle for the International Space Station. We present a version adapted from the Mission Safing Unit (MSU) of the vehicle developed by EADS Astrium Space Transportation. Repeat the same behaviour indefinitely: Input-Compute-Output. 6 / 28

Designing the system 1 Design each functional process separately (BASIC OP, APPLY CMD, UPSTREAM, DOWNSTREAM). 2 Assemble the processes. The assembly level: Specify the rate of each process. Handle inter-process communications: communications must be deterministic. Our language focuses on the specification of this assembly level. 7 / 28

Outline 1 Context 2 Synchronous Data-Flow Languages 3 A Multi-Periodic Synchronous Language 4 Implementation 5 Conclusion 8 / 28

Principles Describe the computations performed at each iteration of the system, called instant. Each variable or expression is a flow (sequence of values). Flows are activated/deactivated using clocks (Boolean conditions). Clocks define the temporal behaviour of a process. Only synchronous flows can be combined, ie flows present at the same instants. Flows are defined by equations. Equations are structured hierarchically into nodes. The main node is activated by an external program that repeats the classic reactive loop (usually periodically): 1 provide inputs from sensors to the main node; 2 execute the node; 3 transfer the outputs of the node to the actuators. 9 / 28

Example Operations on flows node N( i, j : i n t ) r e t u r n s ( o : i n t ) l e t c=( i=j ) ; y=i when c ; z=0 f b y y ; t e l Behaviour: i 2 3 1 5 6... j 2 3 1 7 4... c True True True False False... y 2 3 1... z 0 2 3... 10 / 28

Basic iteration in Multi-Periodic Systems Programming a reactive system = program an iteration of the process and repeat it indefinitely always at the same base rate. basic iteration (10Hz) S S F F F F F F F F Basic iteration: F + some part of S time 11 / 28

Implementing the MSU node msu ( fromenv : i n t ) r e t u r n s ( toenv : i n t ) v a r c l o c k 0, c l o c k 1, c l o c k 2, c l o c k 3, c l o c k 4 : b o o l ; count, bop1, bop2 : i n t ; u s 0 : i n t when c l o c k 0 ; us1, us2 : i n t when c l o c k 1 ; ds0 : i n t when c l o c k 2 ; ds : i n t when c l o c k 3 ; l e t count=countn ( 5 ) ; c l o c k 0 =( count =0); c l o c k 1 =( count =1);... f a s t t a s k s bop1, bop2=basicop ( fromenv, c u r r e n t (0 f b y ds ) ) ; toenv=applycmd ( c u r r e n t (0 f b y us1 ), bop1 ) ; s l o w t a s k s : s p l i t c o m p u t a t i o n s between s u c c e s s i v e i n s t a n t s u s 0=upStream0 ( bop2 when c l o c k 0 ) ; us1, us2=upstream1 ( c u r r e n t ( u s 0 ) when c l o c k 1 ) ; ds0=downstream ( c u r r e n t ( us2 ) when c l o c k 2 ) ; ds=downstream ( c u r r e n t ( ds ) when c l o c k 3 ) ; t e l 12 / 28

Problem: Manual Scheduling Slow operations have to be manually split into several nodes. Difficult to distribute the slow processes fairly between successive iterations, in terms of execution times. Splitting operations may be difficult due to the software architecture. We define a language that enables automated scheduling. 13 / 28

Outline 1 Context 2 Synchronous Data-Flow Languages 3 A Multi-Periodic Synchronous Language 4 Implementation 5 Conclusion 14 / 28

Strictly Periodic Clocks Flow: (v i, t i ) i N. v i : a value in the set of values V. t i : a tag in N +. For all i, t i < t i+1. Clock of a flow: its projection on N +. v i must be produced between t i and t i+1. Definition Clock h = (t i ) i N +, t i N +, is strictly periodic if and only if: n N +, i N, t i+1 t i = n π(h) = n: the period of h. ϕ(h) = t 0 : the phase of h. (n, p): the clock α such that π(α) = n and ϕ(α) = π(α) p (p Q + ). 15 / 28

Periodic clock transformations Transformations that produce new strictly periodic clocks: Division: π(α/. k) = k π(α), ϕ(α/. k) = ϕ(α) (k N + ) Multiplication: π(α. k) = π(α)/k, ϕ(α. k) = ϕ(α) (k N + ) Phase offset: π(α. q) = π(α), ϕ(α. q) = ϕ(α) + q π(α) (q Q) α α. 2 α/. 2 α. 1 2 16 / 28

Why a new class of clocks? 1 To clearly separate two complementary notions: A strictly periodic clock defines the real-time rate of a flow. A Boolean clock specifies on this rate the activation condition of the flow. 2 Strictly periodic clocks and their transformations are statically evaluable. This is mandatory to enable efficient scheduling. Boolean clocks can emulate strictly periodic clocks but they are not statically evaluable. Strictly periodic clocks do not replace Boolean clocks, they complement them. 17 / 28

Operators based on strictly periodic clocks If the flow x has clock α: x ˆk has clock α. k. x/ˆk has clock α/. k. x >q has clock α. q. tag 0 2 4 6 8... x x 1 x 2 x 3... x ˆ2 x 1 x 1 x 2 x 2 x 3... x/ˆ2 x 1 x 3... x > 1/2 x 1 x 2... 18 / 28

Reminder: the Mission Safing Unit Repeat the same behaviour indefinitely: Input-Compute-Output. 19 / 28

Programming the MSU: Step 1 Define each functional node: imported node basicop ( i, j ) r e t u r n s ( o, p ) ; imported node A( i ) r e t u r n s ( o ) ;... wcet basicop =40; wcet applycmd =20; wcet A=30; wcet B=10; wcet C=20; wcet D=40; wcet E=10; wcet F=30; node upstream ( i ) r e t u r n s ( o1, o2 ) l e t o1=a(b( i ) ) ; o2=c( i ) ; t e l node downstream ( i ) r e t u r n s ( o ) l e t o=d(e( F ( i ) ) ) ; t e l 20 / 28

Programming the MSU: Step 2 Assemble the functional nodes: a s s e m b l i n g nodes node msu ( fromenv ) r e t u r n s ( toenv ) v a r bop1, bop2, us1, us2, ds ; l e t bop1, bop2=basicop ( fromenv, ( 0 f b y ds ) ˆ 5 ) ; toenv=applycmd ( ( 0 f b y us1 ) ˆ 5, bop1 ) ; us1, us2=upstream ( bop2 / ˆ 5 ) ; ds=downstream ( us2 ) ; t e l o p t i o n a l l e v e l : c l o c k i n s t a n c i a t i o n + a c t i v a t i o n c o n d i t i o n node main ( c, fromenv : r a t e ( 1 0 0, 0 ) ) r e t u r n s ( toenv : r a t e ( 1 0 0, 0 ) when c ) l e t toenv, toothermsu=(msu ( fromenv, othermsu ) ) when c ; t e l 21 / 28

Outline 1 Context 2 Synchronous Data-Flow Languages 3 A Multi-Periodic Synchronous Language 4 Implementation 5 Conclusion 22 / 28

Ensuring program correction Static analysis: Typing: the program only combines values of the same type. Causality analysis: no loop in the data-dependencies. Initialisation analysis: included in the clock calculus in our case. Clock calculus: the program does not access to undefined values. Scheduling: the program respects its real-time constraints. Only then: generate the code corresponding to the program. 23 / 28

The Clock Calculus: checking program synchronism An expression is well-synchronized if it does not access to undefined values. The role of the clock calculus is to verify that a program only uses well-synchronized expressions. Well-synchronized programs cannot go wrong: if the program is well-synchronized then its semantics are well-defined. The clock calculus on strictly periodic clocks can be implemented as a type system with simple sub-typing constraints. 24 / 28

Scheduling: from a synchronous program to a set of real-time tasks. Transform the program into a set of tasks. Compute the real-time characteristics of each task. Schedule the resulting set of tasks. Obtaining tasks: Tasks=imported nodes. Precedences=data dependencies. Let ck i be the clock of task τ i. pparent(ck i ) denotes the closest strictly periodic clock parent of ck i (in case ck i is Boolean). T i = π(pparent(ck i )) r i = ϕ(pparent(ck i )) C i is known from the node wcet declaration. d i = T i. 25 / 28

Scheduling multi-periodic dependent tasks Problem: Few scheduling algorithms support multi-periodic tasks related by precedence constraints. Solution (ongoing work): Automatically encode precedences in the real-time attributes of the tasks (Chetto90). Use an EDF scheduler. The use of preemptions avoids to manually split the slow task into several sub-tasks. 26 / 28

Outline 1 Context 2 Synchronous Data-Flow Languages 3 A Multi-Periodic Synchronous Language 4 Implementation 5 Conclusion 27 / 28

Conclusion The language: Provides a high level of abstraction. Enables flexible description of multi-rate communicating systems. Provides automatic code generation, the correction of which is proved formally. Main benefits: Avoids manual scheduling (vs classic synchronous languages). Prevents non-deterministic communications (vs asynchronous languages). Future work: define the scheduling of a program. 28 / 28

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback