The Quasi-Synchronous Approach to Distributed Control Systems

Similar documents
Synchronous Modelling of Complex Systems

A Brief Introduction to Model Checking

Task Models and Scheduling

The Weakest Failure Detector to Solve Mutual Exclusion

Design of Real-Time Software

Andrew Morton University of Waterloo Canada

TESTING is one of the most important parts of the

Agreement Protocols. CS60002: Distributed Systems. Pallab Dasgupta Dept. of Computer Sc. & Engg., Indian Institute of Technology Kharagpur

Failure detectors Introduction CHAPTER

N-Synchronous Kahn Networks A Relaxed Model of Synchrony for Real-Time Systems

A Formal Model of Clock Domain Crossing and Automated Verification of Time-Triggered Hardware

Quasi-synchrony. Timothy Bourke 1,2. 1. INRIA Paris. 2. École normale supérieure (DI)

Real Time Operating Systems

Embedded Systems Development

Embedded Systems 14. Overview of embedded systems design

Control Synthesis of Discrete Manufacturing Systems using Timed Finite Automata

From High-Level Component-Based Models to Distributed Implementations

Communicating and Mobile Systems

Embedded Systems Development

Shared Memory vs Message Passing

Non-Work-Conserving Non-Preemptive Scheduling: Motivations, Challenges, and Potential Solutions

There are three priority driven approaches that we will look at

Semi-asynchronous. Fault Diagnosis of Discrete Event Systems ALEJANDRO WHITE DR. ALI KARIMODDINI OCTOBER

Modeling Synchronous Systems in BIP

Logic Model Checking

Assertions and Measurements for Mixed-Signal Simulation

A framework for simulation and symbolic state space analysis of non-markovian models

Verification of clock synchronization algorithm (Original Welch-Lynch algorithm and adaptation to TTA)

Distributed Systems Principles and Paradigms. Chapter 06: Synchronization

Distributed Systems Principles and Paradigms

Real Time Operating Systems

Counters. We ll look at different kinds of counters and discuss how to build them

Stéphane Lafortune. August 2006

Synchronous Sequential Circuit

TTA and PALS: Formally Verified Design Patterns for Distributed Cyber-Physical

Simulation and Verification of Asynchronous Systems by means of a Synchronous Model

Lecture 13. Real-Time Scheduling. Daniel Kästner AbsInt GmbH 2013

Cryptographic Asynchronous Multi-Party Computation with Optimal Resilience

Laxity Release Optimization for Simulink Models

Real-Time Systems. LS 12, TU Dortmund

Towards optimal synchronous counting

Embedded Systems 5. Synchronous Composition. Lee/Seshia Section 6.2

Real-Time Reactive System - CCS with Time Delays

Distributed Consensus

Do we have a quorum?

As Soon As Probable. O. Maler, J.-F. Kempf, M. Bozga. March 15, VERIMAG Grenoble, France

Component-Based Construction of Deadlock-Free Systems

Real-Time Scheduling and Resource Management

Performance-based Dynamic Scheduling of Hybrid Real-time Applications on a Cluster of Heterogeneous Workstations 1

VLSI Design Verification and Test Simulation CMPE 646. Specification. Design(netlist) True-value Simulator

Probabilistic Deadline Miss Analysis of Real-Time Systems Using Regenerative Transient Analysis

Exam Spring Embedded Systems. Prof. L. Thiele

Time and Schedulability Analysis of Stateflow Models

Time. Lakshmi Ganesh. (slides borrowed from Maya Haridasan, Michael George)

Aperiodic Task Scheduling

SFM-11:CONNECT Summer School, Bertinoro, June 2011

Refinement-Robust Fairness

A Multi-Periodic Synchronous Data-Flow Language

Convergence of a distributed asynchronous learning vector quantization algorithm.

Autonomous Agent Behaviour Modelled in PRISM A Case Study

RUN-TIME EFFICIENT FEASIBILITY ANALYSIS OF UNI-PROCESSOR SYSTEMS WITH STATIC PRIORITIES

Formal Methods in Software Engineering

On the Design of Adaptive Supervisors for Discrete Event Systems

Formal Models of Timed Musical Processes Doctoral Defense

A Simplified Approach for Testing Real-Time Systems Based on Action Refinement

The Concurrent Consideration of Uncertainty in WCETs and Processor Speeds in Mixed Criticality Systems

Process Scheduling for RTS. RTS Scheduling Approach. Cyclic Executive Approach

Composing Heterogeneous Reactive Systems

June 8 th Riga, Latvia

Formally Correct Monitors for Hybrid Automata. Verimag Research Report n o TR

Some lesser-known contributions of Paul Caspi

Non-Preemptive and Limited Preemptive Scheduling. LS 12, TU Dortmund

Formal Semantics for Grafcet Controlled Systems 1 Introduction 2 Grafcet

FAULT-TOLERANT CONTROL OF CHEMICAL PROCESS SYSTEMS USING COMMUNICATION NETWORKS. Nael H. El-Farra, Adiwinata Gani & Panagiotis D.

Finally the Weakest Failure Detector for Non-Blocking Atomic Commit

Logical Time. 1. Introduction 2. Clock and Events 3. Logical (Lamport) Clocks 4. Vector Clocks 5. Efficient Implementation

Multicore Semantics and Programming

Degradable Agreement in the Presence of. Byzantine Faults. Nitin H. Vaidya. Technical Report #

This article appeared in a journal published by Elsevier. The attached copy is furnished to the author for internal non-commercial research and

Interface Automata with Complex Actions - Extended Version

Special Nodes for Interface

ECE 448 Lecture 6. Finite State Machines. State Diagrams, State Tables, Algorithmic State Machine (ASM) Charts, and VHDL Code. George Mason University

The Discrete EVent System specification (DEVS) formalism

A Canonical Contraction for Safe Petri Nets

Monitoring and Fault-Diagnosis with Digital Clocks

Decentralized Control of Discrete Event Systems with Bounded or Unbounded Delay Communication

Process Algebras and Concurrent Systems

Clock-driven scheduling

Bounding the End-to-End Response Times of Tasks in a Distributed. Real-Time System Using the Direct Synchronization Protocol.

Embedded Systems Design: Optimization Challenges. Paul Pop Embedded Systems Lab (ESLAB) Linköping University, Sweden

Automatic Synthesis of Distributed Protocols

CS3110 Spring 2017 Lecture 21: Distributed Computing with Functional Processes

Dependable Computer Systems

UMBC. At the system level, DFT includes boundary scan and analog test bus. The DFT techniques discussed focus on improving testability of SAFs.

CMPEN 411 VLSI Digital Circuits Spring 2012 Lecture 17: Dynamic Sequential Circuits And Timing Issues

Timo Latvala. March 7, 2004

Paper Presentation. Amo Guangmo Tong. University of Taxes at Dallas January 24, 2014

Quantitative Safety Analysis of Non-Deterministic System Architectures

Scheduling. Uwe R. Zimmer & Alistair Rendell The Australian National University

Barrier. Overview: Synchronous Computations. Barriers. Counter-based or Linear Barriers

Transcription:

The Quasi-Synchronous Approach to Distributed Control Systems Paul Caspi caspi@imag.fr Verimag Laboratory http://www-verimag.imag.fr Crisys Esprit Project http://borneo.gmd.de/ ap/crisys/

The Quasi-Synchronous Approach to Distributed Control Systems Paul Caspi caspi@imag.fr Verimag Laboratory http://www-verimag.imag.fr Crisys Esprit Project http://borneo.gmd.de/ ap/crisys/ Where does it come from? How to simulate it? How to understand it? Fault-tolerance

Where does it come from? From analog boards to computers Analog Board Clock periodic clocks A/D Computer D/A synchronous programs

Synchronous Programming General initialize state; loop each input event read other inputs; compute outputs and state; emit outputs end loop Several styles (imperative, data-flow,...) Allow multiple simultaneous event : no performance problems

Synchronous Programming Periodic initialize state; loop each clock read other inputs; compute outputs and state; emit outputs end loop

Synchronous Programming Periodic initialize state; loop each clock read other inputs; compute outputs and state; emit outputs end loop most applications of synchronous programming are actually periodic ones. hybridity: sampling differential equations require periodicity!

Where does it come from? From networks of analog boards to local area networks Analog Board Analog Board Clock Clock A/D Computer Serial Serial Computer D/A Clock Clock independent periodic clocks A/D Computer Computer D/A synchronous programs Bus

Interest Autonomy, robustness Each computer is a complete one, including its own clock and even possibly its own power supply. Communication between computers is non-blocking, based on periodic reads and writes, akin to periodic sampling.

How to formalize it Net View on chain - eq_chain same_period(c1, c2) and same_period(c2, c3) and same_period(c3, c1) c3 c2 c1 FBY FBY x FBY f1 FBY f2 f3 z Synchronous simulation, test and verification tools apply Efficiency issues?

How to understand it? Communication Abstraction Continuous Systems Non Continuous Systems Mixed Systems

Communication Abstration Worst situation: reads occur just before writes x(t-2t) write clock x (t) read clock Bounded communication delays T

Uniformly Continuous Signals x x ε η(ε) ε 0 η 0 t t t t η x x t x t ε Bounded delays yield bounded errors

Uniformly Continuous Systems ε η(ε) System ε 0 η 0 x x x x η f x f x ε Bounded errors yield bounded errors

But... Even very simple controllers are not uniformly continuous. PID for instance η Controller Bounded errors do not yield bounded errors

Stabilized Systems The closed-loop system computes uniformly continuous signals ε η(ε) U Controller X Z Plant Y Bounded delays yield bounded errors

Doubts... This casts a doubt on two wishful thoughts: composability system properties are the mere addition of sub-system ones separation of concerns: automatic control people specify computer science people implement Critical control systems require a tight cooperation between both people

Non Continuous Systems Combinational Systems Robust Sequential Systems Sequential Systems

Uniform Bounded-Variability There exists a minimum stable time T x associated with a signal x. x T x T x The analog of uniform continuity?

Sampling Tuples A possible sampling a b X X

Sampling Tuples Another possible sampling a X X! X!! b Non deterministic bounded delays

But... Delays on tuples do not yield delayed tuples x δ x y y Solution : Confirmation functions

Confirmation Functions When a component of a tuple changes, wait for some max " min time before taking it into account. If x#, y# are $ min% max& bounded images of x and y, then con f irm$ x# % y# & is a delayed image of $ x% y& allows to retrieve the continuous framework

Confirmation Functions Net View on confirm - eq_confirm difft4 watchdog U nmax Idt4 Ud nmax ' E( max ) min T min * + 1

Robust Sequential Systems idea : avoid critical races, between state variables : order insensitivity, between inputs : confluence Property checker

- Can robustness analysis be avoided? example : mutual exclusion Property : always not (y and z) a non robust solution : z y -

.. Can robustness analysis be avoided? example : mutual exclusion Property : always not (y and z) a robust solution : z y same answer as for error analysis in continuous systems

/ / Robust solutions are distributable a robust solution : z y z waits for y to go down before going up and conversely. not y not z 0 0 1 y 1 not y2 3 0 1 z 1 not z2 3 2 3 no critical race!

Non Robust Sequential Systems require either soft or hard synchronization. Time Triggered Architecture for instance.

A soft synchronization algorithm Non Robust Sequential Systems a 0 3 2 1 0 b 0 0 2 1 0 c 0 2 1 0 3 requires a speed-up by 4 broadcast region execute region next broadcast

Implementation Net View on SYNCH - eq_synch FBY 1 SCHED u nu FBY 1 UN XN VARNODE1 Idt3 nx C3

Implementation State Machine View - SCHED write1 idle 1 : true 1 : nu and not NUP 2 : NUP write2 wait1 1 : true 1 : true wait2 1 : true 3 : (not nu) and not NUP 2 : NUP execute 1 : nu and not NUP

Mixed Systems Example : Threshold crossing ε S C t Relates errors and delays : τ4 τ 5 2ε C6 7 t8 5 This analysis too should not be skipped

Concurrency Actual Practices (Airbus) 6hz P1 P2 P3 3hz 2hz P2.1 P2.2 P3.1 P3.2 P3.3 P1 P2.1 P3.1 P1 P2.2 P3.2 P1 P2.1 P3.3

Concurrency A Crisys Proposal: earliest deadline preemptive scheduling P1 P2 P3 P1 P3* P1 P2 Schedulability condition ; WET i9 1: i 1 n T i

Concurrency A Crisys Proposal: earliest deadline preemptive scheduling P1 P2 P3 P1 P3* P1 P2 Schedulability condition > WET i< 1= i 1 n T i Generalizes the synchronous program execution condition WET > T

Concurrency Exact functional semantics is guaranteed as soon as Slow processes communicate with fast processes through a slow clock unit delay c t f t f t A A A B A A @ D A A A x x 0 x 1 x 2 x 3 x 4 x? c x 0 x 2 x 4 f@ x? ca f@ x 0 f@ x 2 f@ x 4 f@ x? ca z z 0 z 0 f@ x 0 f@ x 2 z 0C za c z 0 z 0 f@ f@ f@ x 0 x 0 x 2

Fault Tolerance E Continuous Computations : Threshold Voting Units differ from more than the maximum normal error

Fault Tolerance F Continuous Computations : Threshold Voting Units differ from more than the maximum normal error F Combinational : Bounded-Delay Voting Units differ from more than the maximum normal delay

Fault Tolerance G Continuous Computations : Threshold Voting Units differ from more than the maximum normal error G Combinational : Bounded-Delay Voting Units differ from more than the maximum normal delay G Sequential Computations : 2/2 Bounded-Delay Voting

Bounded-Delay Voters Net View on vote2_2 - eq_vote2_2 X1 T3plus X2 T3plus Idt3 Xinit T3plus X watchdog n n H EI max J min T min K L 1

Sequential Computations Idea: vote on input and on state But Byzantine problems 2M 2 votes are not sensitive to Byzantine problems: N a bad unit is only compared with a single good one: it agrees: it looks good it disagrees: a fault is detected.

Sequential Computations: 2/2 Sequential Voters Net View on SeqVote - eq_seqvote U1 vote2_2t4 T4plus confirm VARNODE2 T3plus NX U2 nu nx Uinit X2 FBY 1 vote2_2t3 T3plus nnx XinitP Xinit nx O nmax up nmax x nnx O n Q nx

W R W W R R W R R R Proof Hints X S FT XU UV X 1 S FT XU U 1V X 1 S FT X 1 U U 1V τ u τ x X 1 S FT XU U 1V τ u τ x X 1 S FT X 1 U U 1V

Conclusion X Some insight on techniques used in practice. X maybe useful for designers and certification authorities ( Crisys Esprit Project) X An attempt to catch the attention of the Computer Science Community on these important problems.

Questions Y When are clock synchronization methods useful and more efficient than the ones presented here?

Questions Z When are clock synchronization methods useful and more efficient than the ones presented here? Z How to safely encompass some event-driven computations within the approach?

Questions [ When are clock synchronization methods useful and more efficient than the ones presented here? [ How to safely encompass some event-driven computations within the approach? [ Are there linguistic ways to robustness (synchronous-asynchronous languages)?

Questions \ When are clock synchronization methods useful and more efficient than the ones presented here? \ How to safely encompass some event-driven computations within the approach? \ Are there linguistic ways to robustness (synchronous-asynchronous languages)? \ Is there a common framework encompassing both theories? continuous uniformly continuous signals uniformly continuous functions unstable systems discrete uniform bounded variability robust systems sequential non robust systems

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback