Predictable Design for Real-time Embedded Control
A Case Study
Jinfeng Huang & Jeroen VoetenEindhoven University of Technology
PROGRPROGREESSSS
2
Contents
•A running example: railroad crossingA running example: railroad crossing•Problems in current design practiceProblems in current design practice•Compositional design approachCompositional design approach•DemoDemo
3
Railroad Crossing
•Trains run independently at different velocities
•Velocities are constant•Avoid collisions •As efficient as possible
StationStation
Station
B
AA D
D
A
Critical zone
Crossingarea
Station
B CB
C
4
Current Practice
Train A Crossing Train B
D
T T+D+
StartMotor
CrossingArea
CriticalZoneSensor A
Delay (D)
CheckCrossing
StopMotor
5
Timing Property
•(Timed) execution trace of “Train A”:
1+2 ?
SensorA signaled T Delay D
T+DCheck Crossing
T+D+1Stop motor T+D+1+2
Between D and D+ seconds after Train A has passed Sensor A, “Train A” checks the Crossing and stops the train if the Crossing is occupied
6
Timing Property - Add other Components •e.g. to control other trains or crossings.•(Timed) execution trace of “Train A” (disturbed by other components):
1+2+3+1+2 BOOM !!!
SensorA signaled T
Delay D T+1+D
Check Crossing T+1+D +2+1
Stop motor T+1+D +2+1+3+2
Other components running T+1
T+1+D+2
T+1+D +2+1+3
7
Problems in current practice
•Behaviors of components are not compositional•Debug and analysis codes “pollute” the timing
behavior of the system•Lack reusability, maintainability, portability etc. •Lack facilities to guarantee property preservation: Lack facilities to guarantee property preservation:
Implementation exhibits unexpected behaviors not Implementation exhibits unexpected behaviors not present in the modelpresent in the model
8
Compositional Approach (Modeling)
•POOSL: Based on a two-phase execution frame: Based on a two-phase execution frame: actions are instantaneous and time progress is actions are instantaneous and time progress is represented in a virtual way (instead of based represented in a virtual way (instead of based directly on a physical clock) directly on a physical clock) •Compositional semanticsCompositional semantics•ExecutableExecutable•Expressive (concurrency, time, Expressive (concurrency, time, communication…)
9
Compositional Approach (Modeling)
Train A Train BCrossingAbstract ModelRefinement
Verification
Train AActor
Train AI mage
Train BI mage
Train BActor
Train BCrossingTrain A
Extended Model
SafetyMonitoring
Simulation
Refinement
Estimation of
Synthesis
Synthesis Model
Train AImage
Train BImageCrossing
LEGO DACTA Interface
10
Compositional Approach (Synthesis)
•Automatic code generation (RT-Rotalumis,C++)
•Real-time property-preserving mapping guaranteed by the -hypothesis•The execution tree: ordering of actions is kept from
model to implementation•Synchronization between virtual time and physical
time: if an action happens at virtual time t in model it happens in physical time interval (t-/2,t+/2) in implementation
11
Demo: The Railroad Crossing
StationStation
Station
B
AA D
D
A
Critical zone
Crossingarea
Station
B CB
C
- 100 - 20 20 100 cm
- 100
20
100
•Velocity TrainA: 40 cm/s•Velocity TrainB: 90 cm/s
Extended Model
Synthesis ModelRealization
Rapid analysis
Abstract Model
Models and video are not included in the presentation. For those who are interested, please mailto: [email protected]
12
Future Work and Open Issues
•Mapping efficiency•Prediction / platform requirements•Multi-processor platforms •Streaming data•Continuous-time environmental models•Tools