1 / 53

Formal Methods for Real-Time Embedded Software Engineering 正規方法應用於即時嵌入式軟體工程

Formal Methods for Real-Time Embedded Software Engineering 正規方法應用於即時嵌入式軟體工程. 熊博安 國立中正大學資訊工程學系 民國九十一年五月二十二日. What will I talk about ?. What is a real-time system? What is an embedded system? Why software? Why formal synthesis? What is real-time embedded software engineering?

hien
Download Presentation

Formal Methods for Real-Time Embedded Software Engineering 正規方法應用於即時嵌入式軟體工程

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Formal Methods for Real-Time Embedded Software Engineering 正規方法應用於即時嵌入式軟體工程 熊博安 國立中正大學資訊工程學系 民國九十一年五月二十二日

  2. What will I talk about ? • What is a real-time system? • What is an embedded system? • Why software? • Why formal synthesis? • What is real-time embedded software engineering? • Real-world applications? • Future work?

  3. What is a REAL-TIME SYSTEM? • Timely Response • Predictable Response • System Correctness: • Timing (period, deadlines, etc.) • Function • Constraints: • Hard (meet ALL deadlines) • Soft (miss SOME deadlines)

  4. Examples of Real-Time Systems air crafts telecommunications automobiles multimedia servers

  5. What is an EMBEDDED SYSTEM? • Installed in a larger system • Dedicated task • Small Memory Space (200~400 KB) • Low Processing Power (100~200 MHz) • Unstable Environment (mobile, …) • Reactive • Real-Time

  6. Embedded Systems Example research lab equipments space crafts factory automation home appliances office equipments medical instruments

  7. Embedded System Architecture

  8. Why SOFTWARE? • more than 70% software in many real-time embedded systems!!! • software is more flexible and easily reconfigurable, hence more errors!!! • real-time  need for temporally correct software • embedded  need for small, efficient software

  9. Why FORMAL SYNTHESIS? • More software  high complexity  need for correct design (formal synthesis) • Immature formal synthesis techniques for real-time embedded software • Need formal verification techniques to eliminate critical errors not found by simulation and testing • Automatic code generation • Code optimizations • decrease size • increase efficiency

  10. What is real-time embedded software engineering? • Model for real-time embedded systems?Set of concurrent tasks with memory and timing constraints! • Feasible execution in an embedded system? (e.g. a 100MHz CPU, 256 KB RAM)Task scheduling! • Automatically generate code?Map schedules to software code! • Code optimizations?Minimize size, maximize efficiency!

  11. Bounded Memory Execution • Real-Time Constraints Hard Real-Time Soft Real-Time Extended Quasi-Static Scheduling (EQSS) Real-Time Scheduling (RTS) Firing Interval Bound Synthesis (FIBS) Synthesis Issues and Solutions Proposed Solutions:

  12. System Model: Petri Nets • Petri Net, Carl Adam Petri. Kommunikation mit Automaten. PhD thesis, Institut für instrumentelle Mathematik, Bonn, 1962. • Petri Nets have been successfully used for • system modeling and analysis • concurrent / parallel systems • fault-tolerant systems • system performance evaluation • communication protocolengineering • embedded software engineering • control systems

  13. Colored Time Petri Nets (with Complex-Choices) A Colored Time Petri Net is a 6-tuple (P, T, C, , M0, ): • P is a non-empty finite set of places • T is a non-empty finite set of transitions • C is a finite set of colors representing data classes •  : P T  T P = 2N C is a weighted flow relation between transitions and places. • M0 is an initial marking (distribution of tokens to places) •  : T  N*  N*   is a timing interval in which firings are valid (earliest and latest firing time)

  14. Colored Time Petri Nets (CTPN) P = {p0, p1, p2, p3, p4}, T = {t0, t1, t2, t3, t4, t5}, C = {grey, red ,blue}, (t1, p2) = {(3,grey)}, … M0={((1, grey), p0), ((1, red), p0), ((1, blue), p1)},  t1 = (1, 5), …

  15. Colored Time Petri Nets (CTPN) • Model Extensions: • Models memory usages by colored tokens • Models timing behaviors by firing time intervals • Allows complex choices (instead of free choice only) • Advantages: • Explicit memory estimation • Explicit worst case timing estimation • Larger domain of applications

  16. FCPN v/s CTPN (a) Free-Choice Petri Net (b) Complex-Choice Petri Net(An Automatic Cruise Controller)

  17. Synthesis Algorithm (Hard RTES) Synthesize_Hard_RTES(S, ,  ) { • EQSS = Ext_Quasi_Static_Schedule(S, ); • if (EQSS == NULL) return MemOverFlow; • RTS = Real_Time_Sched(S, QSS,  ); • if (RTS == NULL) return RTS_Error; else Code = Code_Gen(S, QSS, RTS); • return Code; }

  18. Synthesis Algorithm (Soft RTES) Synthesize_Soft_RTES(S, ,  ) { • EQSS = Ext_Quasi_Static_Schedule(S, ); • if (EQSS == NULL) return MemOverFlow; • FIB = Firing_Interv_Synth(S, QSS, ); • if (FIB == NULL) return FIB_Error; else Code = Code_Gen(S, QSS, FIB); • return Code; }

  19. net decomposition • Finite Complete Cycle • Deadlock Free • Satisfy Memory Reqts Quasi-Static Scheduling TFCPN Conflict-Free Components MemoryOK!!! Quasi-Static Schedules

  20. p1 t4 t1 t5 p2 t2 t6 p3 t3 t7 Exclusion Set Extended Quasi-Static Scheduling CTPN Exclusion Table

  21. p1 t4 t1 t4 t4 t4 t4 t4 t5 p2 t5 t5 t5 t5 t5 t2 t6 t6 t6 t6 t6 t6 p3 t7 t7 t7 t7 t7 t3 t7 Decomposition of Exclusion Set

  22. t4 t4 t4 t4 t4 t4 t4 t5 t5 t5 t5 t5 t5 t5 t6 t6 t6 t6 t6 t6 t6 t7 t7 t7 t7 t7 t7 t7 Reduction of Decomposed Exclusion Set Reduce

  23. p1 p1 t4 t1 t1 t5 p2 p2 t2 t2 t6 p3 p3 t3 t7 t3 EQSS Schedules f(s) = (t1 t2 t3 t4 t6) f(s) = (t1 t2 t3 t5 t5 t7)

  24. Real-Time Scheduling • Single Processor • Worst Case Timing Analysis: • Rate Monotonic (RM) • fixed priority • small period  high priority • Earliest Deadline First (EDF) • dynamic priority • early deadline  high priority

  25. Firing Interval Bound Synthesis • 2 issues in the synthesis of SOFT real-time embedded systems: • Synchronization Wait: (for completion of other tasks) • Real-Time Specification: (complete before deadlines) • Proposed Solutions: • Postpone Release Time:    + w, w> 0 • Advance Finish Time:     n, n>0

  26. Code Generation • generate_code(S, QSS1, QSS2, …, QSSn, RTS) { • for i = 1, …, n { • Di = create_process(QSSi); • for j = 1, …, Indep_Tasks(Ai) { • dij = create_task(QSSi); • generate_task_code(dij); • add_task(dij, Di); } • } • create_main(); • output “for(i=0, i<length(RTS); i++) {”; • for k = 1, …, RTS output_code(Dik); • output “}”; • }

  27. Processi Task 1 Task 2 Task k … Optimal Code Hierarchy Main Program CTPN # Tasks = # Independent Source Transitions

  28. Illustration Example S = {F1, F2}

  29. Conflict Free Components for F1 Quasi-Static Scheduling v11 = (t11, t12, t11, t12, t14) 11  (v11)  22 v12 = (t11, t13, t15, t15) 13  (v12)  26

  30. Conflict Free Components for F2 Quasi-Static Scheduling v21 = (t21, t22, 2t24, 4t26, t28,t29, t26)31  (v21)  68 v22 = (t21, t23, t25, 2t27, t28,t29, t26)15  (v22)  36

  31. Real-Time Scheduling 1 = {v11, v12} 2 = {v12, t11 t12 k  v12 t11 t12 t14, k  1}

  32. ATM Virtual Private Network Server Example WFQ SCHEDULER CLASSIFIER CONGESTION CONTROL (MSD) SUPERVISOR ATM OUT (155 Mbit/s) ATM IN (155 Mbit/s) DISCARDED CELLS

  33. ATM VPN Server Example • Message Selective Discarding (MSD): Avoiding buffer overflow by discarding selected incoming cell • Weighted Faired Queuing (WFQ): A bandwidth control policy for the outgoing flows

  34. Main Functionalities of an ATM server Start with an incoming cell interrupt. Extract information from cell. MSD algorithm and WFQ algorithm. Involves WFQ algorithm. A periodic task that select cells to be emitted. Example

  35. CTPN model of MSD Algorithm

  36. 14 Schedules of MSD in ATM

  37. 0 MSD 1 CID 2 PTI 3 t1 4 READ_STATE_VCC 7 READ_OUT_QUID 10 t2 11 t3 t4 t5 12 READ_THRESHOLD 15 CHECK_QLENGTH2 18 t8 19 12 t6 UPDATE_STATE_INIT 13 18 12 READ_MAX_QLENGTH 15 CHECK_QLENGTH1 18 t7 19 t6 UPDATE_STATE_INIT t6 UPDATE_STATE_INIT • 20 • 21 21 • 30 • 31 • 52 20 21 26 30 36 46 37 58 25 26 31 35 41 51 42 63 t11 UPDATE_STATE_REJ • t11 UPDATE_STATE_REJ t10 t9 • 25 • 26 26 • 35 • 36 • 57 PUSH PUSH PUSH t10 t9 UPDATE_STATE_ACC UPDATE_STATE_ACC COMPUTE_OUT_TIME t12 *SCHEDULE_WFQ PUSH COMPUTE_OUT_TIME t12 *SCHEDULE_WFQ COMPUTE_OUT_TIME t12 COMPUTE_OUT_TIME t12 *SCHEDULE_WFQ *SCHEDULE_WFQ *SCHEDULE_WFQ Schedule Results: 49 markings 14 schedules 63 instructions 12 Kbytes Memory

  38. Master/Slave Role Switch in the Bluetooth Wireless Comm Protocol • In Bluetooth protocol: • Piconet = 1 master + 7 active slaves • Frequently, master and slave switch roles • new active slave joining piconet • overtaking of master duties • creation of a new piconet with old master as slave • Model • 2 CTPN for Host A and Host B • 2 CTPN for Host Control / Link Manager

  39. CTPNs for Host A and Host B

  40. CTPN for Host Control / Link Manager of Device A

  41. CTPN for Host Control / Link Manager of Device B

  42. Synthesis Results for M/S switch

  43. Mnemonics for Host A Transitions • t_0: Initialize, • t_1: ACL_Connection, • t_2: Send HA2LA_HCI_Switch_Role, • t_3: t4, • t_4: Receive LA2HA_HCI_Command_status_event, • t_5: Receive LA2HA_HCI_Role_change_event, • t_6: End.

  44. Mnemonics for HC/LM A Transitions • t_0: Initialize, • t_1: ACL_Connection, • t_2: Receive HA2LA_HCI_Switch_Role, • t_3: Receive N2LA_LMP_Switch_reg, • t_4: Send LA2HA_HCI_Command_States_event, • t_5: Receive N2LA_LMP_Slot_offset_sub1, • t_6: Checking NetWork, • t_7: Send LA2N_LMP_slot_offset_sub2, • t_8: Send LA2N_LMP_not_accepted, • t_9: Send LA2N_LMP_accepted, • t_10: End Checking Network, • t_11: Send LA2N_LMP_Switch_req, • t_12: Receive N2LA_LMP_not_accepted, • t_13: Receive N2LA_LMP_accepted, • t_14: End, • t_15: Send TDD_SwitchA, • t_16: Receive BA2LA_TimeOut1, • t_17: Receive BA2LA_Role_SwitchA_Success, • t_18: End, • t_19: Send LA2HA_HCI_Role_Change_event, • t_20: End

  45. C Code Sample void *thread_run0 (void *arg) { t0(); mutex_operation(t0,p0,’-’); switch(p0) { case 1 : ……; break; case 2 : ……; break; case 3 : ……; do { …… } while(1); break; default : break; } } void main() { pthread_t task0; while(1) { if polled(t0) pthread_creation (&task0, NULL, thread_run0, NULL); } } p0 t0

  46. Conclusions • Software needs to be synthesized automatically and formally because it is getting more and more complex! • Hard RTES Synthesis Method = EQSS + RTS + Code-Generation • Soft RTES Synthesis Method = EQSS + FIBS + Code-Generation • ATM VPN Server and Bluetooth examples show feasibility of our approach

  47. Current and Future Work • Integrate Real-Time Scheduling & EQSS • Extend Petri Net system model coverage • Java Implementation: install into embedded systems such as PDA for dynamic code change and management by user (web computing) • C Code Generation: for embedding into prototyping systems such as SoC design and verification platform

More Related