Communicating Real-Time State Machines (CRSM)
• State machines that communicate synchronously
• Unique unidirectional channels are used for the communication (A. Shaw)
• Transitions are guarded commands
• All commands have execution or synchronization times associated with them
RT System Representation
• A real-time system is represented as a finite set of state machines, one of which represents the environment
• Machines communicate synchronously and instantaneously over unidirectional channels that connect pairs of machines
• A global description of the system consists of the set of machines and the channels.
Transitions
• Each transition is described by a guarded command:
< guard > < command [time_constraint] >
The guard is a boolean expression
A Command
• an input or output command
• an internal command
Internal Commands
• An internal command can specify – a computation, or
– a physical activity
• Examples are:
c = 0 i := i +15
Going_up (floor = 1) Open_door
Time Constraint
• The execution time for an internal command c is given by a best/worst case pair,
[ tmin(c), tmax(c) ]
• Example:
open_gate [4, 12]
Channels
• State machines communicate via channels• A channel is a direct connection between two
state machines• Channels are identified uniquely with name• Each channel has an associated event or message
type• When the message component is empty, the
channel designates a pure synchronization signal
Input/Output Commands
• An input/output can occur only if the event names (channels) of the communication match
• < chan_name > ( < message_type> ) ?< chan_name > ( < message_type > ) !
• Examples (channel instances):– Trin!– Ch_valve (4)!– Ch_valve (valve)?
Machine Communication
• The I/O times are represented by pairs of times denoting the earliest and latest times that the I/O can occur after entering a given state.
• Example:Deposit (data) ! [7, 12]
I/O
A communication between two machines is considered an I/O event
I/O Timing
• The I/O timing involves two machines: the sender and the receiver machines
• For each machine the timing constraint for the I/O defines the earliest and latest times that the communication can occur
• This times are relative to the time that the machine entered its current state
• The intersection of the sender and receiver intervals, defines the time that the actual communication is possible
I/O Timings Example
• There are two machines M1 in state U, and M2 in state X
• These two machines communicate via channel ch
M1: ch (expr) ! [ a, b ]
M2: ch (z) ? [ c, d ]
• Machine M1 entered state U at time tU
• Machine M2 entered state X at time tX
• If I/O occurs, it will happen at time:
t = max ( tU + a, tX + c)
I/O Timings (2)
• Communications occur at the earliest time
• If the intervals of the machines that attempt to communicate do not intersect, I/O is not possible
• If
( tX + c) > ( tU + b )
is communication possible?
Real-Time Clock
• Every CRSM machine has its own real-time clock
• This is another special CRSM machine that will send the current value of real-time, rt, through a clock channel to its host machine, M
• A CRSM machine in state U can execute an I/O command
Clock (x) ! [y]
RT Clock (Cont.)
• This will result in the assignment
x = rt
• The assignment will occur at relative time y relative to the time machine M entered state U
Bounded Buffer Problem
• The problem is modeled with three machines: the producer, the consumer, and the buffer
• The producer deposits data elements into the buffer
• The consumer removes data elements from the buffer
Communication Diagram of the Bounded Buffer
There are two channels:•Deposit•Remove
The Buffer Machine
The Buffer Machine (2)
• The buffer machine stores data in array Buf
• Variable in is an index of the next data element to insert into the buffer
• Variable out is an index of the next data element to remove from the buffer
• Variable full is a counter of the number of data elements in the buffer
Transitions in the Buffer
• The buffer starts in state Bo; it initializes its variables and transitions to state B1 taking a minimum of 2 and maximum of 3 time units
• In state B1, if the buffer is not full, it attempts to get data from channel Deposit ; then transitions to state B2.
• In state B2, the machine transitions to state B1; increments variables in and full. This takes a minimum of 4 and a maximum of 8 time units
Transitions in the Buffer (2)
• In state B1, if the buffer is not empty, it attempts to send data through channel Remove; then transitions to state B3.
• In state B3, it updates its variables and transitions to state B1.
Producer Machine
Consumer Machine
Timing Question
If the following timings are present:
• Producer enters state P1 at time 1000
• Consumer enters state C1 at time 1005
• Buffer enters state B1 at time 1004
1.When do communications occur?
2.In what order?
Errors in Book
• The book has an error in the Buffer diagram, page 53.
• The book has another error in second paragraph, second line, of the section Real-Time Bounded Buffer Revisited.
Train Gate System
• A one-directional railway track crosses a road• A gate at the crossing is lowered or raised under
computer control• A short distance from the crossing a sensor
(entry sensor) detects approaching trains• A short distance from the crossing a sensor (exit
sensor) detects trains leaving the area.
Physical Requirements
• The gate must be closed whenever there are trains in the area (Safety property)
• The gate must be kept open when there are no trains in the area (Progress or liveness property)
Timing Requirements
• The arriving trains have an average inter-arrival interval, a
• The gate takes z time units to close (or open).
• Some of the communication include a time delay
Train Control
• A physical safety requirement of the system is that the gate is closed whenever there are trains in the area
• The physical liveness requirement is to keep the gate open if there are no trains in the area
• The controller C controls the gate with the openg (og) and closeg (cg) commands.
Timeouts
• Activity timeouts
• Communications timeout
Activity Timeouts
• The Gate takes a maximum of z time units to close or to open
• The controller process normally waits for the Gate to open or close
• If the Gate takes longer than the maximum allocated time, the controller flags a timeout for the gate and triggers an alarm
Communication Timeouts
• The real-time systems uses synchronous communications
• In the normal case, one of the processes, either the sender or the receiver, will wait for the other to establish the communication
• A communication timer object will interrupt a process attempting to communicate, on timeout.
Train Gate SystemCommunication Diagram
Entry Sensor
Exit Sensor
Monitor (v1)
Monitor (v2)
Controller (v1)
Controller (v2)
Gate
Simulation Outputs
• Trace of events
• Performance measures– Number of trains serviced– Worst reaction time– Worst response time– Number of deadlines missed:
• Gate opening/closing
• Communication timeouts