Tarkvara dünaamika upgraded in 2015 Prof Leo Motus Research Laboratory for Proactive Technologies Dept of Software sciences Tallinn University of Technology 1 Research Laboratory for Proactive Technologies ID: 777986
Download The PPT/PDF document "ISP 0012 Software dynamics" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
ISP 0012 Software dynamicsTarkvara dünaamikaupgraded in 2015
Prof. Leo MotusResearch Laboratory for Proactive TechnologiesDept of Software sciences, Tallinn University of Technology
1
Slide2Research Laboratory for Proactive Technologies ||||||||||||||||||||||||||||| ||||||||||||||||||||||||||||||||||||||||| Dept. of Computer Control, Tallinn University of Technology
2Goals of the courseTo explain the essence of
:
new types of computing systems that
apply
proactive, ubiquitous, pervasive, autonomous, interactive, mobile, distributed, grid,
cloud,
fog, and other
computing methods
the new requirements to computing systems
, emerged from new applications
To describe:
How computer science has responded to those changes
A specific time-aware
,
interaction-centred model of
computation
To
empasise
:
The importance of time
(and situation)
awareness
Slide3Research Laboratory for Proactive Technologies ||||||||||||||||||||||||||||| ||||||||||||||||||||||||||||||||||||||||| Dept. of Computer Control, Tallinn University of Technology
3The course focuses on:
Pointing to non-classical models of computation – in particular,
stream-based, and interaction-centred computing, as compared to conventional
computing
Possibilities for achieving time deterministic behaviour of event driven software
Main sources of time constraints, and reasons for introducing quantitative time restrictions
Increasing the situation awareness of computation
A formalism for early detection
of
the incoherence
in
requirements, specifications and design
, and emergent behaviour
Slide4Research Laboratory for Proactive Technologies ||||||||||||||||||||||||||||| ||||||||||||||||||||||||||||||||||||||||| Dept. of Computer Control, Tallinn University of Technology
4The students’ performance is assessed based on individual contribution
Hands-on exercises
comprises
in
tasks solved by
small groups
T
he solution is to be publicly explained.
Successfully solved task provides access to examination
The course concludes with
written
examination paper – 10 questions,
maximum number of points is 100; each question could provide from 0 to 10 points
0-50 points – failed (0); 51-60 points – weak (1); 61-70 points – satisfactory (2); 71-80 points – good (3); 81-90 points – very good (4); 91-100 points – excellent (5)
All books, papers
,
files
and other supporting information sources
can be used at
all
checks.
Slide5Research Laboratory for Proactive Technologies ||||||||||||||||||||||||||||| ||||||||||||||||||||||||||||||||||||||||| Dept. of Computer Control, Tallinn University of Technology
5Expected from studentsRead selected chapters of the recommended text-books and referred publications (homework)
Study thoroughly,
try to understand the difference from conventional (Turing computable functions based) computation,
discuss with others the
material presented at lectures, and/or
questions given (homework)
Attend at least 70% of the lectures
Participate in solving the hands-on exercise
,
and in public presentation of the solved
toy-project in due time
Slide6Research Laboratory for Proactive Technologies ||||||||||||||||||||||||||||| ||||||||||||||||||||||||||||||||||||||||| Dept. of Computer Control, Tallinn University of Technology
6A selection of textbooks L.
Motus and M.G.
Rodd (1994) “Timing Analysis of real-time software”
,
Elsevier Science
H. Simon (1996) “
The Science of the Artificial
”, MIT
Press
D.Goldin, S.A. Smolka, P. Wegner (2006) „Interactive Computation. The new paradigm“, Springer
H.
Kopetz
(1997) “Real-time systems: Design principles for distributed embedded applications”, Kluwer Academic Publishers
References to journal and/or conference papers given at
the
lectures.
Slide7ContentsExamples, that would prefer non-classical models of computation
Evolution of computer applications:Transformational computing systemsReactive computing systemsProactive computing systemsAppropriate models of computationTuring computation (classical model of computation)Non-classical models of computationA prototype of a non-classical model of computationBehavioural analysis of systems – static and dynamic propertiesVerification issues in typical 21. century computing systems 7
Research Laboratory for Proactive Technologies ||||||||||||||||||||||||||||| ||||||||||||||||||||||||||||||||||||||||| Dept. of Computer Control, Tallinn University of Technology
Slide88
It is impossible to begin to learn that which one thinks one already knows Epictetus Greek stoic philosopher, 55 – 135 AD
Research Laboratory for Proactive Technologies
|||||||||||||||||||||||||||||
|||||||||||||||||||||||||||||||||||||||||
Dept. of Computer Control, Tallinn University of Technology
Slide9Research Laboratory for Proactive Technologies ||||||||||||||||||||||||||||| |||||||||||||||||||||||||||||||||||||||||
Dept. of Computer Control, Tallinn University of Technology9A generic real-time (embedded) system
Controlled object
Humans
Computer system
Microprocessor, multiprocessor, LAN,WAN,
etc
Car breaking system, chemical processes, car assembly, NEC applications, mirror-universe applications,
etc
Slide10Conventional computation(„ballistic“ computation)
Usually a computing process is defined as
p:
dom
p
→
val
p
dom
- domain of definition, val - value range
.
This definition is sufficient for data processing systems with completely known causal relations
Research Laboratory for Proactive Technologies
|||||||||||||||||||||||||||||
|||||||||||||||||||||||||||||||||||||||||
Dept. of Computer Control, Tallinn University of Technology
10
Slide11Research Laboratory for Proactive Technologies
||||||||||||||||||||||||||||| ||||||||||||||||||||||||||||||||||||||||| Dept. of Computer Control, Tallinn University of Technology11
Adding situational information enables formal analysis of behaviour
(also in non-ballistic computation)
Slide1212Difference between transformational and reactive / proactive systems
dom p
val p
p
In
transformational computing
p
: dom p
val
p
(
string processing
)
Reactive and proactive computing
p
: T(p) x dom p
val p
(stream processing)
T(p
)
enumerable set
Research Laboratory for Proactive Technologies
||||||||||||||||||||||||||||| |||||||||||||||||||||||||||||||||||||||||
Dept. of Computer Control, Tallinn University of Technology
Slide13Research Laboratory for Proactive Technologies
||||||||||||||||||||||||||||| |||||||||||||||||||||||||||||||||||||||||
Dept. of Computer Control, Tallinn University of Technology
13
Why are
reactive and proactive
applications uncomfortable for computer science?
Violation of traditional canons:
“non-terminating”, or “on-going” processing of one, or more data-streams
forced concurrency violates the non-interference principle
absence of pre-determined order of activities (caused by proactivity), or dynamic change of the order by the environment
Introductions of new constraints:
timing of interactions, quantitative ordering, forced concurrency
Selfish components with dynamically changing behaviour:
the environment, proactive components
Slide14Examples of contemporary computing
systems, whose behaviour can be more thoroughly analysed if non-classical models of computation are appliedResearch Laboratory for Proactive Technologies |||||||||||||||||||||||||||||
|||||||||||||||||||||||||||||||||||||||||
Dept. of Computer Control, Tallinn University of Technology
14
Slide1515Pulse detonation engine (1)
Research Laboratory for Proactive Technologies |||||||||||||||||||||||||||||
|||||||||||||||||||||||||||||||||||||||||
Dept. of Computer Control, Tallinn University of Technology
Slide1616
ThrustElectromagnetic Gate closed
Electromagnetic
Gate Open
Thrust nozzle
Air Intake
Pressure level
RAM simulation
Air tank
Operating line
Test/studies
combustion
Expansionon
Intake
p
x
(t)
Pulse
detonation
engine
(2)
Research Laboratory for Proactive Technologies
|||||||||||||||||||||||||||||
|||||||||||||||||||||||||||||||||||||||||
Dept. of Computer Control, Tallinn University of Technology
Slide1717Self-reconfiguring robot (1)
Research Laboratory for Proactive Technologies
|||||||||||||||||||||||||||||
|||||||||||||||||||||||||||||||||||||||||
Dept. of Computer Control, Tallinn University of Technology
Slide1818Self-reconfiguring robot (2)
Research Laboratory for Proactive Technologies
|||||||||||||||||||||||||||||
|||||||||||||||||||||||||||||||||||||||||
Dept. of Computer Control, Tallinn University of Technology
Slide1919Porsche 911
Research Laboratory for Proactive Technologies |||||||||||||||||||||||||||||
|||||||||||||||||||||||||||||||||||||||||
Dept. of Computer Control, Tallinn University of Technology
Slide2020Fly-by-wire airplane
Research Laboratory for Proactive Technologies |||||||||||||||||||||||||||||
|||||||||||||||||||||||||||||||||||||||||
Dept. of Computer Control, Tallinn University of Technology
Slide2121Intelligent dust for environment monitoring
Research Laboratory for Proactive Technologies |||||||||||||||||||||||||||||
|||||||||||||||||||||||||||||||||||||||||
Dept. of Computer Control, Tallinn University of Technology
Slide2222Monitoring environment from the air
Research Laboratory for Proactive Technologies |||||||||||||||||||||||||||||
|||||||||||||||||||||||||||||||||||||||||
Dept. of Computer Control, Tallinn University of Technology
Slide2323Tiny unmanned aerial vehicles
(mosquito) Research Laboratory for Proactive Technologies ||||||||||||||||||||||||||||| ||||||||||||||||||||||||||||||||||||||||| Dept. of Computer Control, Tallinn University of Technology
Slide2424Unmanned aerial vehicles
(predator) Research Laboratory for Proactive Technologies |||||||||||||||||||||||||||||
|||||||||||||||||||||||||||||||||||||||||
Dept. of Computer Control, Tallinn University of Technology
Slide2525Illustrating a mote of intelligent dust
Research Laboratory for Proactive Technologies
|||||||||||||||||||||||||||||
|||||||||||||||||||||||||||||||||||||||||
Dept. of Computer Control, Tallinn University of Technology
Slide2626
Evolution of intelligent dust
Research Laboratory for Proactive Technologies
|||||||||||||||||||||||||||||
|||||||||||||||||||||||||||||||||||||||||
Dept. of Computer Control, Tallinn University of Technology
Slide2727An ant developed by Rodney Brooks
Research Laboratory for Proactive Technologies |||||||||||||||||||||||||||||
|||||||||||||||||||||||||||||||||||||||||
Dept. of Computer Control, Tallinn University of Technology
Slide2828The first generation car
(from pre-computer period)
engine
moving parts
petrol
power transmission
steering system
break
s
variety of materials
Research Laboratory for Proactive Technologies
|||||||||||||||||||||||||||||
|||||||||||||||||||||||||||||||||||||||||
Dept. of Computer Control, Tallinn University of Technology
Slide2929The third generation car (with computers)
Engine, power transmission, steering system, breaks, etc. are computer controlled
Interactions between many aggregates are not built in hardware, but are “drive
n
-by-wire
”
T
he background
development-- in addition to modified mechanical design and added processors:
1. Control theory was substantially modified
2. Data-stream processing, forced concurrency, time constraints were introduced into software
2-30
processors
Research Laboratory for Proactive Technologies
|||||||||||||||||||||||||||||
|||||||||||||||||||||||||||||||||||||||||
Dept. of Computer Control, Tallinn University of Technology
Slide3030Typical distributed computer control systems
(power station control room)
Research Laboratory for Proactive Technologies
|||||||||||||||||||||||||||||
|||||||||||||||||||||||||||||||||||||||||
Dept. of Computer Control, Tallinn University of Technology
Slide3131Co-operation of robots (Furuta)
Passing the double inverted pendulum
Research Laboratory for Proactive Technologies ||||||||||||||||||||||||||||| ||||||||||||||||||||||||||||||||||||||||| Dept. of Computer Control, Tallinn University of Technology
Slide32Research Laboratory for Proactive Technologies ||||||||||||||||||||||||||||| ||||||||||||||||||||||||||||||||||||||||| Dept. of Computer Control, Tallinn University of Technology
32
Typical remote condition monitoring system
Monitored object
Central maintenance and management system
Condition monitoring device
?
Slide33Research Laboratory for Proactive Technologies ||||||||||||||||||||||||||||| ||||||||||||||||||||||||||||||||||||||||| Dept. of Computer Control, Tallinn University of Technology
33
What are the common features in
above
examples?
All the applications are software-intensive, i.e. their functionality is determined by software
Applications comprise interacting components that can also directly interact with their environments
Part of the components are passive (slaves), part are active (or proactive) managers
Joint behaviour of components cannot be fully predefined nor deduced from the design description (because of incompletely known causal relations, countable number of freely chosen alternatives
, autonomy
)
Requirements and design fixes only
general goals, physical, logical, and time constraints.
Slide34Evolution of computer applicationsup to the 21 century
34
Slide35Evolution of computer applicationsEvolution of computer applications:Transformational computing system
sSeriously starting from 1939 (Konrad von Zuse, Johan von Neumann) Reactive computing systems (a subclass of embedded systems)Starting from 1950-es, as the first embedded systemsProactive computing systems (as a subclass of embedded systems)Embedded Systems (starting from 1995, a.k.a. Cyber-Physical Systems) is a class of computing systems where computers interact directly with their environment.
35
Research Laboratory for Proactive Technologies
|||||||||||||||||||||||||||||
|||||||||||||||||||||||||||||||||||||||||
Dept. of Computer Control, Tallinn University of Technology
Slide36Non-classical models of computation
Models of Turing
computation
The universe of computing systems
and models of computation
36
Transformational systems
Reactive systems
Proactive systems
Embedded systems = Cyber-Physical systems
Research Laboratory for Proactive Technologies
|||||||||||||||||||||||||||||
|||||||||||||||||||||||||||||||||||||||||
Dept. of Computer Control, Tallinn University of Technology
Slide3737Models of computation
(examples)
Research Laboratory for Proactive Technologies
|||||||||||||||||||||||||||||
|||||||||||||||||||||||||||||||||||||||||
Dept. of Computer Control, Tallinn University of Technology
Slide38From the
paper by L.Motus, M.Meriste, W.Dosch (2005)
“
Time-awareness
and
Proactivity
in
Models
of
Interactive
Computation
”,
in
Electronic Notes in Theoretical Computer Science, vol.
141
, (2005), 69-95,
www.elsevier.com/locate/entcs
Research Laboratory for Proactive Technologies
|||||||||||||||||||||||||||||
|||||||||||||||||||||||||||||||||||||||||
Dept. of Computer Control, Tallinn University of Technology
38
Slide39ARTEMIS JUEmbedded Computing Systems Initiative
Over 98% of all computing chips are actually hidden or "embedded" in all sorts of things that do not even look like computers. Computers are moving away from the desktop and can be found in everyday devices like credit cards, mobile phones, cars and planes. Innovations made possible by embedded systems make our lives healthier and more interesting, our transport safer, and our energy use more sustainable. Over 4 billion embedded processors were sold inlast year and the global market is worth €60 billion with annual growth rates of 14%.39
Research Laboratory for Proactive Technologies
|||||||||||||||||||||||||||||
|||||||||||||||||||||||||||||||||||||||||
Dept. of Computer Control, Tallinn University of Technology
Slide40Transformational computing systems (1)40
Since 1939: sequential, batch, finite time computing;business data processing, number chrunching, financial transactions, scientific computation , etc
Research Laboratory for Proactive Technologies
||||||||||||||||||||||||||||| |||||||||||||||||||||||||||||||||||||||||
Dept. of Computer Control, Tallinn University of Technology
Slide4141
Transformational computing systems (2)Conventional computation means finding a solution to any
problem
by transforming a given
input
value to output values
by means of an
algorithm
, while nobody interferes with the
transformation
process (ballistic computations)
do
p: dom p → val p
dom
p
val p
Research Laboratory for Proactive Technologies
|||||||||||||||||||||||||||||
|||||||||||||||||||||||||||||||||||||||||
Dept. of Computer Control, Tallinn University of Technology
Slide42Reactive computing systems (1)
Since 1960-es: deterministic time constraints, reactive (interactive with its environment), distributed, concurrent computing42
Research Laboratory for Proactive Technologies
||||||||||||||||||||||||||||| |||||||||||||||||||||||||||||||||||||||||
Dept. of Computer Control, Tallinn University of Technology
Slide43Reactive computing systems (2) A reactive system reacts to external stimuli.
The expected behaviour of a reactive system is determined by allowable sequence of input stimuli and output responses.Various preconditions on actions, locations, and timing constraints may be imposed on system’s inputs and outputs Hence programs in reactive systems should have internal memory that extends to several consecutive executions of a programReactive systems form a separate subclass of embedded systems that implement a closed loop control system with feedback through the environment
Reactive systems
usually
cannot modify their functionality and structure on-line
43
Research Laboratory for Proactive Technologies
|||||||||||||||||||||||||||||
|||||||||||||||||||||||||||||||||||||||||
Dept. of Computer Control, Tallinn University of Technology
Slide44Proactive computing systems (1)Proactive computing systems extend reactive systems with more autonomy and advanced capabilities of the components, e.g.:
They can analyse the impact of ambient status on probability of achieving their goals by cognitive perception, and They are armed with permit and capability to modify their functionality, to reorganise system’s structure, and/or to modify the interim goals in order satisfy system’s main goal.Proactive behaviour is very seldom generated in direct and deterministic response to external stimuli – but the stimuli are usually interpreted in combination with the situational information, system’s historical memory, and any other available information44
Research Laboratory for Proactive Technologies
|||||||||||||||||||||||||||||
|||||||||||||||||||||||||||||||||||||||||
Dept. of Computer Control, Tallinn University of Technology
Slide45Proactive computing systems (2)Typically proactive behaviour becomes important in more complex and more demanding applications – such as networked reactive systems – that often exhibit “emergent behaviour” and require on-line, dynamic verification.
45
dom p
val p
p: T(p) x dom p → val p
Research Laboratory for Proactive Technologies
|||||||||||||||||||||||||||||
|||||||||||||||||||||||||||||||||||||||||
Dept. of Computer Control, Tallinn University of Technology
Slide46Research Laboratory for Proactive Technologies ||||||||||||||||||||||||||||| |||||||||||||||||||||||||||||||||||||||||
Dept. of Computer Control, Tallinn University of Technology46A generic real-time (embedded) system
Controlled object
Humans
Computer system
Microprocessor, multiprocessor, LAN,WAN,
etc
Car breaking system, chemical processes, car assembly, NEC applications, mirror-universe applications,
etc
Slide4747Difference between transformational and reactive / proactive systems
dom p
val p
p
In
transformational computing
p
: dom p
val
p
(
string processing
)
Reactive and proactive computing
p
: T(p) x dom p
val p
(stream processing)
T(p
)
enumerable set
Research Laboratory for Proactive Technologies
||||||||||||||||||||||||||||| |||||||||||||||||||||||||||||||||||||||||
Dept. of Computer Control, Tallinn University of Technology
Slide4848From reactive to proactive system
(an example of Jaguar (a car) cruise control, last century)Traditional cruise control:Maintains a fixed vehicle speed, as set by the driver, by controlling the throttle (typical reactive behaviour)
Problem
– in congested traffic when speeds vary widely the system is not effective
Autonomous intelligent cruise control (introduction of
proactive behaviour
) :
traditional cruise control
a radar sensor in the front of the car
control of throttle and breaks (according to radar)
See additional details in J. Gray & D. Caldwell (eds), 1996
Research Laboratory for Proactive Technologies ||||||||||||||||||||||||||||||
|||||||||||||||||||||||||||||||| Dept. of Computer Control, Tallinn University of Technology
Slide49Research Laboratory for Proactive Technologies |||||||||||||||||||||||||||||| |||||||||||||||||||||||||||||||| Dept. of Computer Control, Tallinn University of Technology
49String-processing models of computation(Turing machine paradigm)
State machine paradigm (as a presentation of an algorithm) has been canonised in computer science since 1960-s. It has been extremely fruitful for processing data strings
Input
(i)
Output
(o)
…
initial state
final state
Isolated from the rest of the world
Slide50Research Laboratory for Proactive Technologies |||||||||||||||||||||||||||||| |||||||||||||||||||||||||||||||| Dept. of Computer Control, Tallinn University of Technology 50
Stream-processing on models of computation Interaction-centred model of computation:
output
(o1)
output
(o2)
output
(o3)
output
(o4)
initial state
input
(i0)
input (o1,i1
)
input
(o1,o2,i2)
input
(o2,o3,i3)
…
This paradigm cannot be reduced to Turing machines and conventional algorithm theory. The paradigm emerged in
1930,
re-emerged
in 1980-s and is gaining popularity due to its suitability for handling contemporary computer applications
.
Slide51Compare sequential interaction machine it with persistent Turing machine (i.e. Turing machine with memory), as described in
„Turing machines, transition systems, and interaction“ by D.Goldin, S.Smolka, P.Attie, and E.Sonderegger, in Information and Computation vol. 194, issue 2, 2004, pp 101-128Research Laboratory for Proactive Technologies |||||||||||||||||||||||||||||
|||||||||||||||||||||||||||||||||||||||||
Dept. of Computer Control, Tallinn University of Technology
51
Slide52Research Laboratory for Proactive Technologies |||||||||||||||||||||||||||||
||||||||||||||||||||||||||||||||||||||||| Dept. of Computer Control, Tallinn University of Technology
52
Milner’s comments on evolution of the computer
science
Object-oriented programming partly breaks the sequential world of von Neumann’s architecture
In von Neumann architecture concurrent activity and co-existence of active objects (agents) could not be expressed in programs
–
operating system helps
a little
The metaphor of an agent (active object) brings programming ontology much closer to the real world
Agent is becoming from a convenient metaphor to a major concept in computer science
Slide53Research Laboratory for Proactive Technologies |||||||||||||||||||||||||||||
||||||||||||||||||||||||||||||||||||||||| Dept. of Computer Control, Tallinn University of Technology
53
Milner’s comments on evolution of the computer science
(2)
“Old” computing
“New” computing
Prescription
Description
Hierarchical design
Heterarchical phenomena
Determinism
Non-determinism
End result
Continuing interaction
…
….
(extension)
(intension)
Slide54Research Laboratory for Proactive Technologies
||||||||||||||||||||||||||||| ||||||||||||||||||||||||||||||||||||||||| Dept. of Computer Control, Tallinn University of Technology
54
Interaction centred models of computation
(examples)
have been around for more than 20 years
:
(and stem from
the Turing’s choice machine
(1936
)
)
without time constraints
Milner (1976, 1980, 1999), focusing on
calculus of communicating systems
Wegner (1995), Wegner and
Goldin
(1999), revision of foundations of computing
with time constraints
(
sophisticated time
)
Quirk and Gilbert (1977)
Motus and colleagues (1983
,
1986, 1994)
Slide55Research Laboratory for Proactive Technologies |||||||||||||||||||||||||||||
||||||||||||||||||||||||||||||||||||||||| Dept. of Computer Control, Tallinn University of Technology55
Observations and interactions
A new role as suggested by R. Milner
“
A Calculus of Communicating systems” by R. Milner (1980, LNCS no.92):
The only way to observe a system is to interact with it. To make two components to interact means to let them observe each other.
In many cases one cannot observe the internal interactions (e.g. transitions between states) in a component.
Because of that the future observations on a component may not be predictable (see the example on next slide)
H. Simon
has called this phenomenon emergent behaviour
(The Science of the Artificial)
Slide56Research Laboratory for Proactive Technologies |||||||||||||||||||||||||||||
||||||||||||||||||||||||||||||||||||||||| Dept. of Computer Control, Tallinn University of Technology56Language equivalence of finite state acceptors
(1)
from Milner’s book on CCS
Acceptor
S
3
2
1
0
b
c
d
a
0
1
2
3
Acceptor
T
S
0
= (acd)*ab
T
0
= (acd)*ab
S and T are language-equivalent acceptors
a
c
3
0
1
a
b
d
1’
1
2
Slide57Research Laboratory for Proactive Technologies
||||||||||||||||||||||||||||| ||||||||||||||||||||||||||||||||||||||||| Dept. of Computer Control, Tallinn University of Technology57
a
b
c
d
Observable behaviours of S and T are not equivalent
?
Box
S
Box
T
a
b
c
d
s
0
a
b
c
d
t
0
Press button a
a
a
b
c
d
s
1
t
1’
T fails with button b
b
s
2
b
No operation
Slide58Research Laboratory for Proactive Technologies |||||||||||||||||||||||||||||
||||||||||||||||||||||||||||||||||||||||| Dept. of Computer Control, Tallinn University of Technology58Can we be sure that S and T are not observation
-
equivalent ?
No, because T could have responded differently to a button (e.g. moved to state t
1
).
Without additional information about why and how T reacts to button a, we cannot demonstrate that S and T are, or are not equivalent.
If the additional information is not available, we should declare S and T to be not equivalent – for obvious pragmatic reasons.
Slide59Research Laboratory for Proactive Technologies |||||||||||||||||||||||||||||
||||||||||||||||||||||||||||||||||||||||| Dept. of Computer Control, Tallinn University of Technology59Milner provided methods for the new wave of interactive computing
CCS,
p
-calculus and the related studies
:
R.Milner “Communication and mobile systems: the
-
calculus”, Cambridge Univ. Press
, 1999
explain why and how state transition and interactions are related
in a state machine
provide means for studying input/output streams (observations in the case when only incomplete information about the inner states of interacting partners is available)
The
p
-calculus is a model of computation for mobile systems that is based on primitive notion of interaction
Slide60Siin pooleli
Research Laboratory for Proactive Technologies ||||||||||||||||||||||||||||| ||||||||||||||||||||||||||||||||||||||||| Dept. of Computer Control, Tallinn University of Technology60
Slide61L.Motus, 2004
Timing analysis of embedded systems61Empirical Computer Science Wegner’s research groupWhy empirical ?
Computable functions (in sense
of
Turing machine) are too weak a model for interactive problem solving
,
the alternative formalisms will depend upon the factors that are uncontrolled by the designer
Turing machines are extended
by
- sequential interaction machines (SIM)
- multi-stream interaction machines
SIM notion is formalised by Persistent Turing Machine
(
“Turing Machines, Transition Systems, and Interaction”
by D.Goldin, S.Smolka, P.Attie, and P.Wegner)
See also a presentation in
1999
“Co
-
inductive Models of Finite Computing Agents”
by P.Wegner and D.Goldin
Slide62L.Motus, 2004
Timing analysis of embedded systems62Algorithmic computation
Turing machine
with behaviour: (i, o)
Interactive computation
Sequential Interaction Machine
with behaviour:
{(i
1
, o
1
),(i
2
, o
2
),... } plus constraints (if needed)
Multi-stream Interaction Machine
with behaviour:
(i
11
,o
11
),(i
12
,o
12
),…
…
plus constraints (if needed) (i
k1
,ok1),(ik2,ok2),...Stream-based view of computation (1) Wegner’s research group {
}
Slide63L.Motus, 2004
Timing analysis of embedded systems63Stream-based view of computation (2) Wegner’s research group
Interactive computation is described by histories of observable interactive behaviour (streams)
Histories are (can be)
formed by externally triggered input-output actions
Interaction machines cannot be modelled by Turing machines
Expressiveness
of
different models:
algorithmic
sequential IM multi-stream IM
Slide64L.Motus, 2004
Timing analysis of embedded systems64Some general observationsWegner’s research groupThe hypothesis – interactive computing agents are more expressive than algorithms
– opens up a research area that had been considered closed
Sequential Interaction Machines are not expressible by, or reducible to computations of Turing Machines
Multi
-
stream Interaction Machines express a behaviour that is
not expressible by SIM
-
s
First order logic cannot model interactive computation
UML
,
f
or instance – is sufficiently expressive to describe interactive computation (Goldin, et al 2001)
Slide65L.Motus, 2004
Timing analysis of embedded systems65Interaction centred models of computation (examples)
have been around for more than 20 years
:
(and stem from
the Turing’s choice machine
(1936
)
)
without time constraints
Milner (1976, 1980, 1999), focusing on
calculus of communicating systems
Wegner (1995), Wegner and Goldin (1999), revision of foundations of computing
with time constraints
(
sophisticated time
)
Quirk and Gilbert (1977)
Motus and colleagues (1983, 1986, 1994)
Slide66L.Motus, 2004
Timing analysis of embedded systems66Real world, computer science, and stream processingOn-going computation is becoming a norm for computer applications – from the point of view of the environment a program is not terminating
The on-going computation is not a constructive paradigm
In artificial systems a non-terminating program can often be presented as a terminating, repeatedly activated program
(
the inner view of the non-terminating program
)
Stream processing can, in many cases, represent such a program
Potential danger is that stream elements contain too little information
(
typically timing constraints are missing
)
Slide67L.Motus, 2004
Timing analysis of embedded systems67A generic real-time system
Controlled object
Humans
Computer system
Microprocessor, multiprocessor, LAN,WAN, etc
Breaking system, chemical processes, car assembly, etc
Slide68L.Motus, 2004
Timing analysis of embedded systems68
A gap between computer science and real-time systems
Has been reduced by introducing interactive computing principles, e.g.
change the paradigm (and, may be emphasis) of modelling real-time software
study the actual requirements to and problems of designing and implementing real-time software
choose minimal, but sufficient complexity of time model
develop a mathematically correct computational model which supports formal analysis
Slide69L.Motus, 2004
Timing analysis of embedded systems69
Examples of computational models and paradigms
Paradigm
(in this context) -- a generic architecture of an ideal computing system, or of some parts of this system; quite often -- a pattern for thinking.
Computational model
-- a framework for specification, design and implementation of a computer system, reflecting the selected paradigm and based preferably on a formal theory
Paradigms
-- a non-terminating program; O-O
architecture; agent-based program
Computational models
-- state-transition machine;
CCS,
multi-stream interaction machine
Slide70L.Motus, 2004
Timing analysis of embedded systems70
The paradigm used in LIMITS for real-time systems
A real-time system is a collection of interacting dynamic systems, one of which is a computer system.
Software for this computer system is a collection of loosely coupled, repeatedly activated, terminating programs
Conventionally used paradigm
-- software for a real-time system is a single, non-terminating program plus liveness, safety, and fairness properties imposed upon it.
Slide71L.Motus, 2004
Timing analysis of embedded systems71
Pragmatics
of
a “new” paradigm?
to make explicit the implicitly present timing requirements, or constraints ( i.e. to focus on timing);
for instance
,
invisible common knowledge: conventional computational algorithms are applicable in a static environment only (e.g Turing machine concept is valid, in real-time systems, only within given time limits)
the static environment assumption holds within the limits determined by quantitative time constraints, given by experts (coherence and contradiction problems)
different parts of an environment may have different dynamic characteristics, hence different time constraints
Slide72L.Motus, 2004
Timing analysis of embedded systems72Early attempts of processing timed streams
W.Quirk and R.Gilbert “The formal specification of the requirements of complex real-time systems”, AERE, rep.no.8602
P.Caspi and N.Halbwachs (1982) Proc. International Conference on Parallel Processing, 150-159
P.Caspi and N.Halbwachs (1986) Acta Informatica, vol.22, 595-627
Papers on stream processing:
W.Dosch “Deriving Control and Data States for an Interactive Stack Using History Abstraction”
W.Dosch “Refining Infinite Stream Behaviours by Bound Functions”
Slide73L.Motus, 2004
Timing analysis of embedded systems73How to get closer to time-sensitive behaviour of software?Estimate the occurrence pattern (and major characteristics) of events in the external environment
estimate the acceptable response time to the driving events and the required processing power
estimate potential interference of various driving events and algorithms reacting to them, determine time constraints enabling to manage the interference
provide sufficient computing and communication power to satisfy the time constraints, and/or select algorithms that manage with the given computing power.
Slide74L.Motus, 2004
Timing analysis of embedded systems74Available paths for achieving time deterministic behaviour (1) 1.The use of formal mathematical methods is inevitable
2. Three different approaches applied to the software development process, especially if combined in pairs
[ (i) & { (ii) or (iii)}]
have demonstrated practical usefulness
(
i
) schedulability analysis and program execution scheduling theory (e.g. RMA -rate monotonic analysis)
(
ii
) formal theories focusing on proving particular properties of a program (e.g. dual-language approach)
(
iii
) formal theories focusing on compositional proving in the software development process (e.g. single- language)
Slide75L.Motus, 2004
Timing analysis of embedded systems75Available paths … (2)Schedulability analysis, scheduling theory, run-time scheduling:
conventionally used starting from the physical design stage
is based on combinatorics, empirical beliefs and knowledge regarding the future system (e.g. defining the priority of tasks), on actually measured time characteristics, and on requirements for other resources)
is relatively easy to apply, widely used in practice
if the acceptable schedule cannot be found, large parts of the practically implemented software must be modified, or the hardware configuration modified.
Slide76L.Motus, 2004
Timing analysis of embedded systems76Available paths … (3)Formal theory focusing on particular properties of a program:usually it is a general deductive framework, that considers a particular program (or their complex) as a subject of a special theory (e.g. obtained by adding specific axioms to general theory)
expected properties (or their absence) are stated and proven in the special theory as theorems
theorem formulation and their proofs assumes good education and practical experience in using formal methods
examples -- temporal logic, Hooman’s compositional proofs
Slide77L.Motus, 2004
Timing analysis of embedded systems77Available paths … (4)Formal theories focusing on (compositional) proof of universal properties for a class of application:common properties for a class of applications and methods for proving their presence become important
theorems can be proven for the whole class of applications, the case of particular programs is reduced to checking the assumptions of proven theorems
most of the theoretical complexities can be hidden from the end user, interpretation of results and exceptions needs some understanding
examples -- Calculus of Communicating Systems, Q-model
Slide78L.Motus, 2004
Timing analysis of embedded systems78Why bother about proactive, time-sensitive computing?George Bernard Shaw
The reasonable man adapts himself to the world;
the unreasonable man persists in trying to adapt the world to himself. Therefore, all progress depends on the unreasonable man.
W.
Edwards Deming
Learning is not compulsory. Neither is survival
Slide79L.Motus, 2004
Timing analysis of embedded systems79
Why are some computer systems
time-critical? (1)
1.
A computer system has to influence/monitor/control objectively existing physical processes in the real world.
2. To do that the computer system’s behaviour has to be matched to the dynamics of real world processes
3. The underlying theory (e.g. mathematics, control theory, etc) is based on an assumptions of a static environment with certain invariant properties.
4. The actual non-linear phenomena are, in many cases, approximated with several linear models which should be substituted dynamically.
Slide80L.Motus, 2004
Timing analysis of embedded systems80
Why are some computer systems
time-critical? (2)
5.
Switching between linear models should be done automatically
6. Many simultaneously on-going physical processes in the real world should be addressed concurrently, with strict response times defined by the environment and goals of the computer system (forced concurrency)
7. Mapping from the continuous time real world onto the computer with discrete time imposes/assumes certain regularity of refreshing input and output variable values.
Slide81L.Motus, 2004
Timing analysis of embedded systems81
Influence of input
/
output regularity
Digital
controller
ADC
DAC
Sensor
Actuator
Plant, G(s).
Input
Slide82L.Motus, 2004
Timing analysis of embedded systems82
Input/output is at regular intervals
Slide83L.Motus, 2004
Timing analysis of embedded systems83
Input/output irregularity is inserted
Slide84Basic time-related properties and hypotheses about the nature of time in real-time systems
Derived from the analysis of operational real-time systems
Slide85L.Motus, 2004
Timing analysis of embedded systems85
Excerpts from earlier statements
about time
William Shakespeare
“What seest thou else
In the dark backward abysm of time?”
Ronald Reagan
“You ain’t seen nuthin’ yet”
G.J.Whitrow
about A.Einstein
From the moment when he came to question the traditional idea of time, only five days were needed to write his paper....
Slide86L.Motus, 2004
Timing analysis of embedded systems86
Time correctness of inter-process communication implies
coherence of time constraints imposed on the communication
partners
correct order of data production and consumption of the partners
(
especially in the case of simultaneous copies
)
valid start instants of interactions
satisfaction of constraints imposed upon transport and non-transport delays
possibility of time-selective consumption of data
Slide87L.Motus, 2004
Timing analysis of embedded systems87
Time-selective communication
Basic idea
: data received by the consumer process must be of certain, prefixed age
is a reflection of data delays assumed by control theory
has heretical consequences for conventional programming -- some messages may never be consumed, some messages are consumed many times
becomes explicit when a paradigm of one non-terminating program is substituted by a more realistic paradigm (terminating, repeatedly activated programs)
Slide88L.Motus, 2004
Timing analysis of embedded systems88
The assumption of static environment related to algorithms
The assumption is
that the theory and preconditions on which an algorithm is based will not change during the execution of the algorithm -- i.e. the axioms, the inference rules, the object for which this algorithm produces results
It is believed that any algorithm can be implemented on a Turing machine. If the assumption of static environment does not hold, the operations or interim data necessary for correct termination of the algorithm may be corrupted on the tape
Slide89L.Motus, 2004
Timing analysis of embedded systems89
Some examples of time
as
used in computational models
1.
Linear, topologic time
-- conventional data processing systems
2.
Linear, metric
, discrete, strictly increasing time (Real-time temporal logic by Ostroff, many other temporal logics, process algebras and timed Petri nets)
3.
Branching
, topologic or metric, discrete (some temporal logics)
4. A set of linear, discrete, increasing, metric times; plus a set of reversible, discrete, metric times, and many relative times (virtual time and time warp system)
etc
Slide90L.Motus, 2004
Timing analysis of embedded systems90
Minimum complexity of time required in real-time system
Three philosophical concepts of time
should simultaneously be present:
- fully reversible time (like in physics)
- strictly increasing time (like in thermodynamics)
- relative time (like in psychology)
At least one strictly increasing time must be metric
Most of the existing computational models use oversimplified time which explains their only partial success in real-time systems
Slide91L.Motus, 2004
Timing analysis of embedded systems91Concepts of time -- examples1. Fully reversible time
-
virtual time and time warp mechanism
based simulation systems (a multitude of events with local timestamps, synchronised in global time with the possibility of undoing things if necessary (Jefferson(1983))
2.
Strictly increasing time
- all basic activities of real-time systems are not reversible (processes in nature cannot be reversed)
3.
Relative time with moving origin
-
for describing
inter-process/inter-cycle communication
Slide92L.Motus, 2004
Timing analysis of embedded systems92
An example of time in the Q-model
each process functions in increasing (thermodynamic) time, which advances in grains
inside each grain the time is fully reversible
inside each grain a process has a relative time (in addition to a fully reversible time)
for each pair of communicating processes there is a separate relative time (in addition to all other times)
Slide93L.Motus, 2004
Timing analysis of embedded systems93Time models used by OMG (1)1. OMG document formal/02/05/07 “Enhanced View of Time”, version 1.1
2.
OMG document formal/02/05/06 “CORBA services: Time Service Specification”, version 1.1
3.
OMG document ptc/02/03/02 “UML
TM
Profile for Schedulability, Performance, and Time”, specification, version 1.0
Accessible from
http://www.omg.org/technology/documents/
Slide94L.Motus, 2004
Timing analysis of embedded systems94Time models used by OMG (2)These models provide a framework for modelling time constraints imposed upon UML model components, and can be used by UML model processors, or other independent tools
Models of physical time include, but not limited to:
universal time,
mission time,
discrete and continuous time,
global and localised, relative and absolute time
combined
with synchronisation references, intervals, duration
s
.
Slide95L.Motus, 2004
Timing analysis of embedded systems95Time models used by OMG (3)Timing specifications are constraints placed on model elements
.
The following timing specifications are to be modelled, at minimum:
deadlines, periods, frequencies, jitter and their stochastic properties, intervals, durations, and latencies
response times, response delay times,and execution times
step-to-step and end-to-end time budgets, estimates and actuals along with their statistical properties
Inter-arrival times, time budgets, estimates and actuals along with their statistical properties.
Slide96L.Motus, 2004
Timing analysis of embedded systems96Time models used by OMG (4)Timing Facilities and Services refer to mechanisms that enable to apply and to assert time concepts.
The following means to model timing facilities and services are included:
time resolution, jitter and its stochastic properties, synchronisation offset and residual
explicit timer objects, clocks, watchdog timers
OS timing services
clock synchronisation policies such as probabilistic and stochastic.
Slide97L.Motus, 2004
Timing analysis of embedded systems97
Topics discussed further in this course
How to make timing requirements
to software explicit?
What are the actual timing requirements to real-time systems
?
Time-aware interaction-centred model of computation for real-time systems
Model-based timing analysis of real-time systems
The coming topics have been selected from the book “Timing analysis of real-time software” by Motus and Rodd
.
Slide98L.Motus, 2004
Timing analysis of embedded systems98
Alternative models used for real-time systems (1)
a) Focusing on processing the infinite behaviours
State-transition machines:
- finite automata, state-charts, attribute automata
- Petri nets (timed, coloured, high level, extended)
generate the infinite sequences of events (behaviours)
some properties of those sequences are then studied.
Process algebras and temporal logics:
analyse more elaborate properties of those infinite sequences.
Slide99L.Motus, 2004
Timing analysis of embedded systems99
Alternative models used for real-time systems (2)
b) Focusing on individual processing elements and their interactions
Communicating abstract processes:
Each process is a mapping and mappings are interacting according to explicitly defined rules
Abstract data types and object-oriented approach:
Central are data types, not mappings of data, each data type has a permissible set of operations (mappings) attached to it.
Slide100L.Motus, 2004
Timing analysis of embedded systems100Abstract data typejust for your informationSchach (1996) p. 170
an object
is an instantiation (instance) of
an abstract data type
, plus the concept of inheritance
Sommerville (1992) p.136
Abstract data type technique is algebraic specification where an object class, or data
type, is specified in terms of the relationships between operations defined on that type
:
sort
informal description of the sort and its operations
operation signatures (names and types of
parameters)
axioms defining the operations over the sort
Slide101L.Motus, 2004
Timing analysis of embedded systems101 An example of time-aware interaction centred model of computation
The Q-model
Slide102L.Motus, 2004
Timing analysis of embedded systems102
The Q-model preview (1)
The Q-model follows the paradigm of communicating abstract processes
The Q-model is based on the innovative ideas of
W.J.Quirk
and
R.Gilbert
for extending the definition of a process.
Usually a process is defined as
p:
dom
p
®
val p
dom
- domain of definition, val - value range.
This definition is sufficient for data processing systems with completely known causal relations
Slide103L.Motus, 2004
Timing analysis of embedded systems103
The Q-model preview (2)
In real-time systems processes are often started independently of each other by events from outside of the computer system, or by time constraints which approximate the incompletely known causal relations.
The processes will be started repeatedly, either periodically or aperiodically. Correctness of a process execution depends on the age of input data.
Consequently it is important to know, at least, the age of input and output data, process activation and execution times, and interaction start times for interacting processes.
Slide104L.Motus, 2004
Timing analysis of embedded systems104
The Q-model
(1)
Slide105L.Motus, 2004
Timing analysis of embedded systems105
The Q-model (
2
)
Enables to incorporate timing constraints starting from the specification and ending with the maintenance (throughout the whole life-cycle)
Combines analytical (formal) and simulation (informal) approaches for verifying time correctness
Supports co-operation between software, control and systems engineers
Encourages the insertion of safety, reliability, fault-tolerance features into the specification and supports the analysis of their influence on the system
Slide106L.Motus, 2004
Timing analysis of embedded systems106
Q-model and data flow models
A data flow model is a semi-formal (structured) example of abstract communicating processes approach -- no assumptions are made about mappings, the semantics of data flows are usually not strictly defined.
The Q-model adds activation time instants (and other constraints) to mappings, and explicitly synchronises the execution of mappings
.
As a consequence, the data in a system
becomes
time-labelled, semantics of data flows can be strictly defined, use of time-selective interaction becomes possible.
As a by-product, it becomes possible to analyse the time-correctness of the system.
Slide107L.Motus, 2004
Timing analysis of embedded systems107
Q-model and object-oriented approach
Object-oriented approach is a semi-formal (structured) implementation of abstract data type paradigm
Q-model enables to time-label all the data, and provide operations with time constraints (requirements or actual invocation times, execution times, data consumption times) and formally verify the coherence of those constraints.
Q-model can be related to an object model. Q-model captures the information from dynamic and functional models of OMT, and many views of the UML model.
Slide108L.Motus, 2004
Timing analysis of embedded systems108
Q-model and HRT-HOOD
HRT- HOOD
is a time-constraint object-oriented design tool for hard real-time ADA systems. Temporal parameters and non-functional requirements are specified at physical architecture design stage
Q-model
includes temporal parameters and non-functional requirements in earlier stages of life cycles.
HRT-HOOD
- period of execution (cyclic), min arrival interval (for sporadic objects), offset time for related objects, deadlines
Q-model
- period of execution (sporadic,cyclic), execution time, data consumption time, equivalence and simultaneity intervals for processes and clusters.
Slide109L.Motus, 2004
Timing analysis of embedded systems109
Concluding remarks on comparing models of computation
(1)
Majority of widely used formal and semi-formal (structured) methods neglect timing issues.
For instance,
data-flow
(e.g. Yourdan + extensions) and
object-oriented
(e.g OMT, unified method (UML)), and
Z
methods
.
Other methods
do analyse timing properties -- timed Petri nets, temporal logics, many process algebras
–
but
rely on trivial time models
and are therefore are not able to analyse all the required timing properties
.
HRT-HOOD
relies on a trivial time model
Slide110L.Motus, 2004
Timing analysis of embedded systems110
Concluding remarks on comparing models of computation
(2)
The Q-model and LIMITS
tool are based on sophisticated time models (similar to those later were suggested by OMG) – and are capable of performing timing analysis of interactions.
LIMITS
can, in principle, analyse class models that are transformed to Q-model and return the necessary corrections to the class model.
In general, any model that is based on trivial time model can easily be transformed to the Q-model. Difficulty is that the transformation to and from the Q-model is not unique (because of the different information content in models – see MSc thesis by O.de Voogd).
Slide111L.Motus, 2004
Timing analysis of embedded systems111References for some of the mentioned modelsData-flow approach to real-time systems - P.Ward and S.Mellor “Structured Development for Real-time Systems”, vol.1, Prentice-Hall, 1985, 156 pp.
“HRT- HOOD : A Structured Design Method for Hard Real-time Ada Systems”, A.Burns, A.Wellings, Elsevier, 1995, 313
pp
OMT -- “Object-Oriented Modeling and Design”, J.Rumbaugh, M.Blaha, W.Premerlani, F.Eddy, W.Lorensen, 1991, Prentice-Hall, 500 pp.
“Transformations between data flow diagrams and Q-models”, MSc thesis by O.de Voogd (
in
room II-309)
Slide112L.Motus, 2004
Timing analysis of embedded systems112
The Q-model
(1)
Slide113L.Motus, 2004
Timing analysis of embedded systems113The Q-model (2)
dom p
val p
p
p: dom p
val p
describes processing of a string
p: T(p) x dom p val p
describes processing of a stream
Slide114L.Motus, 2004
Timing analysis of embedded systems114The Q-model (2)
ij
: T(p
i
) x T(p
j
) x val p
i
proj
val pi
dom p
j
dom p
j
val p
i
ij
val p
k
k
j
Slide115L.Motus, 2004
Timing analysis of embedded systems115
The Q-model processes (1)
dom p
i
-- domain of definition is formed by other mappings of the system, i.e from elements of
val
p
k´,
k=1, …, n
;
N
o other data is available in the Q-model
All the elements (and their components) of
dom p
and
val p
are time labelled, and may be given explicit validity periods;
as soon as the validity period has expired, the data element is defined as unreliable and the mapping should not be execute with this data element.
The process
p
must be executed (i.e. it has to identify an element in
val p
) each time the time-set
T(p)
activates it.
Resource sharing problems are neglected in the Q-model -- each activation of a process
has
its own processor
Slide116L.Motus, 2004
Timing analysis of embedded systems116
The Q-model processes (2)
Properties of process time-set T(p):
1. Elements of T(p) must be well-ordered, no partial order is allowed
2. Since each well-ordered set has a minimal element, it is recommended that processes of a given system consider 0 as a common minimal element.
3. The non-Zeno property is assumed -- in any finite time interval a process may be activated only finite number of times
Zeno from Elea (490 -- 430 BC)
Eesti keeles “Zenon Eleas’est”
Slide117L.Motus, 2004
Timing analysis of embedded systems117
The Q-model processes (3)
How to specify/define a time-set T(p) :
1. Explicitly list all its elements
2. Refer to a triggering event in the environment or in the computer system
3. Refer to a time-set that is already defined for another process
All the processes, in principle, are activated repeatedly. This allows cyclic and sporadic activation of a process, and in some cases, a prefixed number of activations.
Slide118L.Motus, 2004
Timing analysis of embedded systems118Cyclic and sporadic activation of processes (1)
time
t
0
t
1
t
2
t
3
t
max
t
min
t
r
t
r
t
r
–
fluctuation interval
Slide119L.Motus, 2004
Timing analysis of embedded systems119Cyclic and sporadic activation of processes (2)1. A unified handling of strictly cyclic and sporadic activation of processes is recommendable2. The average inter-activation interval coincides with the precise period of strictly cyclic processes
3. In the case of sporadic activation, the additional fluctuation is permitted (quantitatively defined as ignorance interval (or fluctuation interval) around the average activation instant).
4. For long term forecasts this simplification works well, problems can emerge with short term forecasts.
Slide120L.Motus, 2004
Timing analysis of embedded systems120
The Q-model processes (4)
Unbounded number of repeated executions of a process is possible only if processes´ execution time has a finite upper bound (or the processor has infinite computing power).
All the temporal parameters in the Q-model are given by interval (worst-case) estimates. For instance,
execution time
of a process
p
is
z(
p,t)
Î
[
a (
p
), b (
p)]
a
(p) and
b
(p) are functions determined by empirical and/or theoretical knowledge of the nature of process p.
Interval estimates reflect our ignorance regarding the exact values, and understanding of the indeterminacy of the reality.
Slide121L.Motus, 2004
Timing analysis of embedded systems121
The Q-model processes (5)
State of a process
A state transition paradigm assumes that a process is described as a series of state transitions (from initial state to terminal state). The same is true when describing dynamic systems in control theory.
The Q-model assumes that the details of inner behaviour of a process are not observable (or rather, not of interest). Therefore visible values of a process state variables’ may change only after the process has terminated.
This reduces the complexity (number of states) and allows to describe and analyse a system without fixing algorithms
Slide122L.Motus, 2004
Timing analysis of embedded systems122State of a Q-model process
time
State value
Execution of process A
(A, t
0
)
t
0
t
1
t
2
s(A,t
0
)
s(A,t
1
)
s(A,t
2
)
Slide123L.Motus, 2004
Timing analysis of embedded systems123
The Q-model processes (6)
Process types
in the Q-model:
-
Common process
maps all the elements of its domain always into one and the same value range (unconditional mapping)
-
Selector process
is a mapping whose execution depends on predefined input and output decision mechanisms; it can select only some of the variables from an element of its domain, it may have more than one value range.
Although no assumptions about algorithms are required, it is useful to know/assume/estimate some details of I/O decision mechanisms at the specification of a selector process.
Slide124L.Motus, 2004
Timing analysis of embedded systems124Samples of Q-model processesCommon processes:reading a measurement from the sensorcombining measurements from several sensors (sensor fusion)
executing an order (e.g. close a valve)
Selector processes:
validating the sensor reading (valid/invalid)
granting an eating place to a philosopher (five philosophers problem related to resource sharing)
executing an order and checking its feasibility
Slide125L.Motus, 2004
Timing analysis of embedded systems125Val p of Q-model processes.Common process
p
2
p
3
p
1
dom p
1
= val p
2
x val p
3
Slide126L.Motus, 2004
Timing analysis of embedded systems126Val p of Q-model processes.Selector process Output selector
p
1
Out 1
Out 3
Sample of val p
1
structure
Out 2
Out 1
Out 2
Out 3
val p
1
Slide127L.Motus, 2004
Timing analysis of embedded systems127
Process interaction in the Q-model
Channel
implements producer - consumer type of interaction. Channel transmits data and synchronisation signals.The producer produces its state values, the channel stores the produced state values and forms message as required by the consumer.
The Q-model channel implements point-to-point, one-way communication between two processes.
Formally a channel is a mapping from producer’s value range to consumers domain:
s
ij
: val p
i
x T(p
i
) x T(p
j
)
®
proj
val pi
dom p
j
Slide128L.Motus, 2004
Timing analysis of embedded systems128The producer-consumer paradigm based interactionThe producer-consumer interaction = message exchange without waiting for completion or an acknowledgement.
A channel receives a message from the producer, transforms it into the message as required by the consumer (a time-sequence of producer’s state values)
The reliability of message exchange without waiting for receipt is feasible, if:
publicly accessible global (universal) time is maintained
messages are equipped with their validity time
Slide129L.Motus, 2004
Timing analysis of embedded systems129Reliability of message exchange without waiting for receiptReferences1.MacLeod I.M. and Rodd M.G. (1982) Inter-process communication primitives for distributed process control, Proc. 3rd IFAC/IFIP Symposium on Software for Computer Control, Pergamon Press
2. Kopetz H. and Kim K.H. (1990) Temporal uncertainties in interaction among real-time objects. Institut für Technische Informatik, technische Universität Wien, Austria, Research report no. 10/90
Slide130L.Motus, 2004
Timing analysis of embedded systems130
The Q-model channels (1)
Time selectivity of a channel is realised by the consumer defined channel function:
K(
s
ij
,t)
Ì
T
(
p
i
), t
Î
T(p
j
).
A more practical presentation of the channel function is in backward relative time
K(
s
ij
,t) = [
m,n
],
where
n
is the latest and
m
is the earliest state value accessible via the channel
s
ij.To enable time-selective communication, all the state values must be time-labelled and each channel must have its own relative backward time.
Slide131L.Motus, 2004
Timing analysis of embedded systems131Relative time as used in a channel function (Q-model)
processes
time
K(
ij
,t) = [1,0]
sync
semisync
async
Slide132L.Motus, 2004
Timing analysis of embedded systems132
The Q-model channels (2)
Types of channels
Different types of channels are needed to connect processes with different time-sets and different communication requirements; in practice five types of channels are used:
1. Synchronous channel,
if T(p
i
) = T(p
j
)
2. Semi-synchronous channel
, if T(p
i
)
®
T(p
j
)
3. Asynchronous channel
, if T(p
i
) and T(p
j
) are independent
4. Synchronous null channel,
to activate two processes at the same time
5. Semi-synchronous null channel,
for sequential activation of two processes
Slide133L.Motus, 2004
Timing analysis of embedded systems133
The Q-model channels (3)
Incoming channels are connected to input ports:
- if two or more channels carry the same message (variable-wise), they can be connected to one and the same input port, they are OR-ed
- if two or more channels carry different messages (variable-wise), they should be connected to different input ports.
Selector process has numbered output ports for different messages (states), common process has always only one output port.
More structural restrictions can be introduced during analysis.
Slide134L.Motus, 2004
Timing analysis of embedded systems134
Time parameters related to channels
For each channel a
data consumption
interval (a delay with respect to process activation instant) is defined/specified:
h
(
s
ij
, t)
Î [ g(s
ij
),
d
(
s
ij
)],
g(s
ij
)
is less or equal
d(s
ij
)
Each consumer may define/specify for each incoming channel a
channel function,
which determines the age of producer states comprising the message accessible from this channel.
With each channel is related a
set of transport and processing delays
; depending on the channel type these delays determine the synchronisation precision, and/or time required for data transmission through the channel.
Slide135L.Motus, 2004
Timing analysis of embedded systems135Functioning of a Q-model channel
producer
consumer
send
Receive (optional)
send
Circular buffer
(of the channel)
p
i
p
j
ij
p
i
p
j
ij
Slide136L.Motus, 2004
Timing analysis of embedded systems136Operations and activities in the channel (an example)1. Length of the circular buffer is determined by the channel function and contains (+1) elements (one element = one set of producer’s state variables)
2. “send” ( or “write”) command will shift the content of the buffer by one element, if the buffer is full, the oldest element is overwritten
3. “Receive”(or “read”) will not change the buffer
4. Each time ( - + 1) elements are read.
5. At the cold start the buffers are filled.
6.
Control of the sequence of “write” and “read” operations depends on the channel type.
Slide137L.Motus, 2004
Timing analysis of embedded systems137
Possible delays in a channel
A channel is implemented as a separate process -- let us study a chain of processes
“producer - channel - consumer”.
A channel receives a new state value from the producer, stores it in a circular buffer, receives a request for data from the consumer, forms a message according to the channel function, sends the formed message to the consumer.
Delays
are related to detection of the consumer request, forming the message, send of the message; and in many cases synchronisation with the producer.
Transport delay, processing delay, non-transport delay
Slide138L.Motus, 2004
Timing analysis of embedded systems138Functioning of the null channelThe null channel actually implements a limited broadcast (multicast) -- one to many communication -- typically activation of a group of synchronous processes.
Two different delays exist:
null channel delay -- time required to detect the
synchronising event
and to warn the processors that run the synchronised processes
time required to activate
a process on a particular processor
Null
channel delay
simultaneity
Slide139L.Motus, 2004
Timing analysis of embedded systems139Application of null channel (synchronous clusters)
n
s
s
ss
s
a
s
Synch. cluster 1
Synch. Cluster 2
Slide140L.Motus, 2004
Timing analysis of embedded systems140Application of semi-synchronous null channel
ss
ss
ss
s
a
ss
Semi-synchronous cluster
p
1
p
2
p
3
p
4
p
5
Slide141L.Motus, 2004
Timing analysis of embedded systems141Semi-synchronous cluster
p
1
p
2
p
3
p
4
p
5
Simultaneity interval
Slide142Examples of systems described in the Q-model
Slide143L.Motus, 2004
Timing analysis of embedded systems143
Representation of ports and process types
(iv) I/O Selector Process
(iii) Output Selector Process
(ii) Input Selector Process
(i) Port on Common Process
1
P
1
P
1
P
1
2
0
1
P
1
2
0
Slide144L.Motus, 2004
Timing analysis of embedded systems144Part of a system with a selector process
p
4
1
p
0
p
5
2
1
p
2
p
3
Slide145L.Motus, 2004
Timing analysis of embedded systems145
Example of behaviour of a common process
h
(
d
21
,t
k
)
assignment of new state value
p
1
z
t
k
(p
1
,t
k
)
input of data
input of data
preparation
computations
h
(
d
3
1
,t
k
)
d
21
d
31
s(p
1
,t
k
)
Slide146L.Motus, 2004
Timing analysis of embedded systems146
Practical synchronisation in
the Q-model
The only means of synchronisation in the Q-model is exchange of messages via channels.
Synchronous and simultaneous activation of processes:
through
multicast communication via synchronous or synchronous null channels; equivalence and simultaneity intervals; minimum granularity of system time; synchronous clusters;
Semi-synchronous activation of processes:
communication via semi-synchronous or semi-synchronous null channels; equivalence and simultaneity interval.
Slide147L.Motus, 2004
Timing analysis of embedded systems147
Summary of the Q-model temporal and other attributes (1)
Common process:
- process time-set T(p), if necessary
- interval estimate for process execution time
z
(p
i
,t)
- list of input ports and channels connected to them
- interval estimate for data consumption time
h
(
s
ij
,t)
- list of input variables for each channel/port
- list of output variables for a process
- equivalence interval, if necessary
Slide148L.Motus, 2004
Timing analysis of embedded systems148
Summary of the Q-model temporal and other attributes (2)
Selector process:
- input decision mechanism and equivalence interval
- list of alternative states plus list of variables for each state
- output decision mechanism, or output port selection probabilities
- interval estimates of execution time for each state
- interval estimates for data consumption time for each input channel
- list of input ports and channels connected to them
- list of input variables for each channel
Slide149L.Motus, 2004
Timing analysis of embedded systems149
Summary of the Q-model temporal and other attributes (3)
For a channel:
- producer process, if necessary the output port number
- consumer process, input port number
- channel type
- channel function
- simultaneity interval for synchronous and semi-synchronous channels and for both types of null channels
For a synchronous and semi-synchronous clusters:
- equivalence and simultaneity intervals (if required)
Slide150L.Motus, 2004
Timing analysis of embedded systems150
Example:a cascade controller
physical actuator
sensor
B
act
B1&B2
CONTROLLED
OBJECT
A
Slide151L.Motus, 2004
Timing analysis of embedded systems151
The Q-model of a cascade controller
B1
E
K1
A
K2
K3
act
B
K5
K4
B2
E - inputs from the object
A - control algorithm
B
1
- allowable changes to the actuator
B
act
- simulates the actuator
B
2
- measures the current position of the actuator
K
i
- channels, types will be specified later
Slide152L.Motus, 2004
Timing analysis of embedded systems152Q-model processes for the cascade controller
Process
Ex. time
In Chan.
Out Chan
.
Timeset
E
N/A
none
K1
T(E)
A
4
K1
K2
N/A
B1
2
K2, K5
K3
T(B1)
B2
1
K4
K5
N/A
B
ACT
3
K3
K4
N/A
Slide153L.Motus, 2004
Timing analysis of embedded systems153
3 design versions
CHANNEL
NAME
VERS.TYPE
ONE FUNCT.
VERS. TYPE
VERS.TYPE
TWO
FUNCT.
THREE FUNCT
K1 ss [0,0] s [1,1] s [0,0]
K2 ss [0,0] s [1,1] s [0,0]
K3 ss [0,0] s [1,1] s [0,0]
K4 ss [0,0] s [1,1] s [0,0]
K5 a [0,0] s [1,1] s [0,0]
Slide154L.Motus, 2004
Timing analysis of embedded systems154
Time diagram for Version 1
B1
A
ACT
B
process
B2
time
Slide155L.Motus, 2004
Timing analysis of embedded systems155
Time diagram for Version 2
e
B1
A
ACT
B
process
B2
time
Slide156L.Motus, 2004
Timing analysis of embedded systems156
Alternate design versions
Channel name Version 4 Version 5 Version 6
K1 s ss s
K2 a a a
K3 ss ss ss
K4 ss a ss
K5 a s s
Slide157L.Motus, 2004
Timing analysis of embedded systems157
Cascade Controller as a Petri-net
MEASUREMENTS
A1
A
B3
B
ACT
C
B1
B2
.
.
Slide158L.Motus, 2004
Timing analysis of embedded systems158
Petri-net firing diagram
A1
A
C
ACT
B1
B3
B2
B
TIME
Slide159L.Motus, 2004
Timing analysis of embedded systems159Comparison of the Q-model and Petri Net descriptions of a controllerAdvantages of Petri Nets:
- graphical representation of dynamic synchronisation of control (or data) flow
- in timed Petri Net a “natural rate” can be estimated (the fastest possible execution of the net)
Advantages of the Q-model:
- analytical proof of detailed timing properties (including the fastest and slowest execution)
- unified description of control and data flow
- autonomy of each element and ease of analysing many alternative designs on the same model
Slide160L.Motus, 2004
Timing analysis of embedded systems160Verification of a system described in the Q-model Testing is of little use in verifying timing correctness of software -- analogy with an attempt to identify the properties of a random process by separately studying realisation samples of the process.
Verification is carried out in three logical steps:
- analysis of separate elements, channels and processes
- analysis of interaction between pairs of processes
- analysis of the group behaviour of processes.
Iterations between the steps are possible.
Slide161L.Motus, 2004
Timing analysis of embedded systems161Separate elements of a specification (1)1. Process execution time
0 <
a
(p)
£ b
(p) <
Y
<
¥
2.
Data consumption delay
0 <
g
(
s
ij
)
£ d(s
ij
) < a (
p
j
)
3. A channel function, as given in a relative backward time:
K(
s
ij
,t) = [
m,n]
0
£ n £ m <
¥
4. A process timeset may be defined for each process, check that each process has an individual timeset or a pointer to an existing timeset.
Slide162L.Motus, 2004
Timing analysis of embedded systems162Separate elements of a specification (2)Process timeset:
1. All the processes may be executed repeatedly. For each process an execution period may be given, some processes have regular periods , some have random periods (these are called aperiodic processes).
2. Usually a timeset is defined by fixing:
- an average period for process activation
t
a
(p)
- an estimate of allowable fluctuation (with respect to
t
a
(p)
) in process start time
t
r
(p)
, that reflects our ignorance, or tolerance, about the exact activation instant
Slide163L.Motus, 2004
Timing analysis of embedded systems163Separate elements of a specification (3)Process timeset (continued):
3. The two parameters determine
- minimum time between two consequtive activations
t
min
(p) = t
a
(p) - t
r
(p)
- maximum time between two consequtive activations
t
max
(p) = t
a
(p) + t
r
(p)
The given values
of
t
a
(p)
and
t
r
(p)
, or respectively
t
min
(p)
and
tmax(p) cannot be checked formally, the only check is that 0 < tmin(p) £ tmax(p) < ¥
Slide164L.Motus, 2004
Timing analysis of embedded systems164Separate elements of a specification (4)Correct ordering of process copies:
1. The number of copies
n = [
b
(p)/t
min
(p)] + 1
, and [.] denotes the integer part
2. A process copy activated at
t
1
terminates before a copy activated at
t
2
,
t
1
and
t
2
are two consequtive elements of process timeset,
t
1
<t
2
, iff
b
(p) -
a
(p) < t
min
(p)
3. A consumer process copy activated at
t
1 request data from a channel before a copy activated at t2, iff d(sij ) - g (sij ) < tmin(p)
Slide165L.Motus, 2004
Timing analysis of embedded systems165Separate elements of a specification (5)Domain of definition and value range for a common process:
- input and output variables are listed for each input port and for the output port
Domain of definitions and value ranges for a selector process:
- as for common process, and
- input and output decision mechanisms, or
- at early stages of system development, the probability estimates for the operation of the decision mechanisms
Slide166L.Motus, 2004
Timing analysis of embedded systems166Interaction between pairs of processes (1) The emphasis is on checking the consistency of parameters of interacting processes and that of time constraints imposed on them and on their interaction.
Only syntactically correct interactions will be checked (channels between processes satisfy structural restrictions)
Analysis is carried out separately for pairs of processes connected by:
- synchronous channels
- semisynchronous channels
- asynchronous channels
Slide167L.Motus, 2004
Timing analysis of embedded systems167Interaction between pairs of processes (2)Examples of structural restrictions on connecting two processes with channels:
- only one channel may connect two ports
- a process may have only one input port connected to semisynchronous channels
- simultaneous definition of timeset for a process and its activation via semisynchronous channel is forbidden
- in a synchronous cluster only one process may have a defined timeset
Slide168L.Motus, 2004
Timing analysis of embedded systems168Interaction between pairs of processes (3) Processes connected by synchronous channels:
1. Communication via a synchronous channel will not violate the specified timing parameters of the consumer-process iff
b
(p
i
) <
g
(
s
ij
) +
n
t
min
(p
i
)
2. A relaxed form of the previous proposition is
b
(p
i
) <
g
(
s
ij
) +
n
t
min
(p
i
) + [t
min(pj ) - b (pj )]3. A process consuming its own previous state, should never wait for this sate
Slide169L.Motus, 2004
Timing analysis of embedded systems169Interaction between pairs of processes (3) Processes connected by synchronous channels:
1. Communication via a synchronous channel will not violate the specified timing parameters of the consumer-process iff
b
(p
i
) <
g
(
s
ij
) +
n
t
min
(p
i
)
2. A relaxed form of the previous proposition is
b
(p
i
) <
g
(
s
ij
) +
n
t
min
(p
i
) + [t
min(pj ) - b (pj )]3. A process consuming its own previous state, should never wait for this sate
Slide170L.Motus, 2004
Timing analysis of embedded systems170Interaction between pairs of processes (4)Processes connected by semisynchronous channels:
Since producer processes generate the consumer’s timeset, the major question arising is whether all the activation attempts will be successful. If not, the user should be warned.
The following two conditions determine the element
t
r
Î
T(p
j
)
of the consumer timeset:
t
rn
= t
nv
+
z
(p
n
,t
nv
) +
x(s
nj
)
and
t
r
= min{t
rn
: t
rn - t(r-1) £ te(pj )} where ntnv Î T(pn ), such that pn terminates before t(r-1) Î T(pj )
Slide171L.Motus, 2004
Timing analysis of embedded systems171Interactions between pairs of processes (5)Processes connected by asynchronous channels:
This is the most liberal form of interaction. Still it introduces a rather uncomfortable time-variable delay -- called non-transport delay.
The non-transport delay behaves in a saw tooth fashion. Its upper bound can be estimated:
j
n
*
£
t
max
(p
i
) +
b
(p
i
) -
g
(
s
ij
) -1
This is a very pessimistic estimate of non-transport delay.
Slide172L.Motus, 2004
Timing analysis of embedded systems172Group behaviour of processes (1)Major points of interest in the group behaviour are:
- detection of informational deadlocks,
- defining/estimating the equivalence and simultaneity intervals for synchronous clusters
- defining/estimating the simultaneity intervals for semisynchronous clusters
- analytical min/max estimates for the time required to pass a path of channels and processes in a system
The analysis is based on the “divide-and conquer” ideology -- partitioning the system into substructures with well-defined properties, and reasoning in those.
Slide173L.Motus, 2004
Timing analysis of embedded systems173Group behaviour of processes (2)Informational deadlock in the Q-model is the situation of circular wait for messages
Synchronous cluster
-- a set of processes connected by synchronous and synchronous null channels
Synchronous chain
-- a sequence of common processes connected by synchronous channels
Synchronous loop
-- a synchronous chain where
p
1
=p
n
and the channel function for all channels in the loop has the form
K (
s
ij
, t) = [
m,0
]
Synchronous loop is a sufficient condition for informational deadlock.
Slide174L.Motus, 2004
Timing analysis of embedded systems174Group behaviour of processes (3)Synchronous cluster comprises a group of processes in a system whose execution must be synchronised.
In a system may exist several synchronous clusters with different synchronisation requirements.
Synchronisation requirements have been partitioned into: - loose requirements (defined by
equivalence interval
) - strict requirements (defined by
simultaneity interval
)
Synchronous clusters are detected and the user defined requirements will be checked for consistency. The assessment of achievable simultaneity can take place at the physical design stage and later.
Slide175L.Motus, 2004
Timing analysis of embedded systems175Group behaviour of processes (4)Semisynchronous clusters include a producer process and those consumer processes which are connected to the producer by semisynchronous channels.
For a semisynchronous cluster a user can define
simultaneity interval
defining the simultaneity requirements for activation of the consumer processes.
Different semisynchrounous clusters may have different synchronisation requirements.
The list of semisynchronous clusters is compiled automatically, the user need not provide all the clusters with simultaneity intervals.
Slide176L.Motus, 2004
Timing analysis of embedded systems176Group behaviour of processes (5)Analytical estimates for a path passing time
1. Fix the initial process (p
i
) and the terminal process (p
t
)
2. Find all the paths from p
i
to p
t
.If necessary, filter some paths out by defining a path expression, or a threshold probability of passing a path.
3. Partition each path into a sequence of synchronous, semisynchronous and asynchronous legs.
4. Use the derived formulae for calculating minimum and maximum passing times for each leg.
5. Repeat the procedure until all the paths have been considered
Slide177L.Motus, 2004
Timing analysis of embedded systems177Verification of system properties Concluding commentsThe presented verification results should be considered as a first step in analytical study of software time correctness. This is an evolving theory which is based on a mathematically consistent set of axioms.
Formal verification, however, can prove the presence of good properties based on a given fixed specification, design, etc. Therefore formal study should be combined with informal (simulation) in order to demonstrate that the given specification fulfills the expectations of the user.
Slide178L.Motus, 2004
Timing analysis of embedded systems178Verification of system properties Concluding commentsThe presented verification results should be considered as a first step in analytical study of software time correctness. This is an evolving theory which is based on a mathematically consistent set of axioms.
Formal verification, however, can prove the presence of good properties based on a given fixed specification, design, etc. Therefore formal study should be combined with informal (simulation) in order to demonstrate that the given specification fulfills the expectations of the user.
Slide179L.Motus, 2004
Timing analysis of embedded systems179Verification of system properties Concluding commentsThe presented verification results should be considered as a first step in analytical study of software time correctness. This is an evolving theory which is based on a mathematically consistent set of axioms.
Formal verification, however, can prove the presence of good properties based on a given fixed specification, design, etc. Therefore formal study should be combined with informal (simulation) in order to demonstrate that the given specification fulfills the expectations of the user.
Slide180The Q-model
Research Laboratory for Proactive Technologies
||||||||||||||||||||||||||||||
||||||||||||||||||||||||||||||||
Dept. of Computer Control, Tallinn University of Technology
180
Slide181The Q-model
(discussion)
In real-time systems
simultaneous/concurrent execution of several
processes
is a common operational mode:
processes may be
started
independently of each other by events from
the environment
,
o
r
by
time constraints which approximate the incompletely known causal relations.
Mappings in a process is
activated
repeatedly
--
either periodically or aperiodically.
Correctness
of a
mapping
depends
on
the age of input
and output data, mapping’s activation instants and execution time,
and
on
start times
of
interactions between interacting processes.Research Laboratory for Proactive Technologies |||||||||||||||||||||||||||||| |||||||||||||||||||||||||||||||| Dept. of Computer Control, Tallinn University of Technology 181
Slide182Some facts about streamsStreams model communication histories on unidirectional channels.
Streams model the succession of messages through the interface of a communicating component.Samples of streams:Finite streams A* = {[x0, . . . , xm−1] | xi A, m 0}Concatenation [x0, ..., xm−1
] & [y
0
, ..., y
n−1
] = [x
0
, ..., x
m−1
, y
0
, ..., y
n−1
]
operational progress in time
[input stream] → f →[output stream]
Stream transformer f : A* → B*
etc.
Research Laboratory for Proactive Technologies |
||||||||||||||||||||||||||||
|||||||||||||||||||||||||||||||||||||||||
Dept. of Computer Control, Tallinn University of Technology
182
Slide183Time in streams and in the Q-model
In the Q-model process -- time is defined by fixing the time-set T(p)In streams – time is defined by fixing the (implicitly given) order of stream elements
For instance, one can:
-
e
xplicitly
list all
the T(p)
elements
(handpick the stream elements)
- r
efer
to
triggering
event
whose occurrence generates the T(p) elements (attach a time counting to stream elements
- r
efer
to a
given
timeset
that
generates T(p), (require two streams to be synchronous)
183
Research Laboratory for Proactive Technologies |
||||||||||||||||||||||||||||
|||||||||||||||||||||||||||||||||||||||||
Dept. of Computer Control, Tallinn University of Technology
Slide184Expected properties of T(p)
1. Elements of T(p) must be well-ordered, no partial order is allowed2. Since each well-ordered set has a minimal element, it is recommended that processes in a given system have a common minimal element 0.
3. The non-Zeno property is assumed -- in any finite time interval a process may be activated
only
finite
number of times
Zeno
from Elea (490 -- 430 BC)
184
Research Laboratory for Proactive Technologies
|||||||||||||||||||||||||||||
|||||||||||||||||||||||||||||||||||||||||
Dept. of Computer Control, Tallinn University of Technology
Slide185Explicit timing in a
Q-model process
p: T(p) x dom p
val p
Automatically we get:
activation instant of the mapping
T(p) = {t
0
, t
1
, t
2
, ……, t
n
, ……..}
age of input
and output data
T(p) x dom p= {(t
0
, x
1
), (t
0
, x
2
), …., (t
1
,x
1
), (t
1
,x2), ….}
From the specification requirements (and algorithm properties) we get:
execution time of the mapping, and start times of interactions between interacting processes185Research Laboratory for Proactive Technologies ||||||||||||||||||||||||||||| ||||||||||||||||||||||||||||||||||||||||| Dept. of Computer Control, Tallinn University of Technology
Slide186Interaction of simultaneously running processes in Q-model
Research Laboratory for Proactive Technologies ||||||||||||||||||||||||||||| ||||||||||||||||||||||||||||||||||||||||| Dept. of Computer Control, Tallinn University of Technology186
Slide187Process interaction in the Q-model
Channel implements producer - consumer type of interaction. Channel transmits data and synchronisation signals. The producer produces its state values, the channel stores the produced state values and forms message as required by the consumer. The Q-model channel implements point-to-point, one-way communication between two processes.
Formally a channel is a mapping from producer’s value range to consumers domain:
s
ij
:
val
p
i
x T(p
i
) x T(
p
j
)
®
proj
val
pi
dom
p
j
187
Research Laboratory for Proactive Technologies ||||||||||||||||||||||||||||| ||||||||||||||||||||||||||||||||||||||||| Dept. of Computer Control, Tallinn University of Technology
Slide188Research Laboratory for Proactive Technologies ||||||||||||||||||||||||||||| ||||||||||||||||||||||||||||||||||||||||| Dept. of Computer Control, Tallinn University of Technology
188The producer-consumer paradigm based interactionThe producer-consumer interaction = message exchange without waiting for completion or an acknowledgement of the transmission.Channel receives a message from the producer, stores it,
transforms
it into the message as required by the consumer (a time-sequence of producer’s state values)
Message
exchange without waiting for receipt is feasible, if:
publicly accessible global (universal) time is maintained
messages are equipped with their validity time
Slide189Research Laboratory for Proactive Technologies ||||||||||||||||||||||||||||| ||||||||||||||||||||||||||||||||||||||||| Dept. of Computer Control, Tallinn University of Technology
189Reliability of message exchange without waiting for receiptReferences1.MacLeod I.M. and Rodd M.G. (1982) Inter-process communication primitives for distributed process control, Proc. 3rd IFAC/IFIP Symposium on Software for Computer Control, Pergamon Press2. Kopetz H. and Kim K.H. (1990) Temporal uncertainties in interaction among real-time objects. Institut
für
Technische
Informatik
,
T
echnische
Universität
Wien, Austria, Research report no. 10/90
Slide190Research Laboratory for Proactive Technologies ||||||||||||||||||||||||||||| ||||||||||||||||||||||||||||||||||||||||| Dept. of Computer Control, Tallinn University of Technology
190Val p of Q-model processes.Common process
p
2
p
3
p
1
dom p
1
= val p
2
x val p
3
Slide191Research Laboratory for Proactive Technologies ||||||||||||||||||||||||||||| ||||||||||||||||||||||||||||||||||||||||| Dept. of Computer Control, Tallinn University of Technology191
Val p of Q-model processes Selector process Output selector
p
1
Out 1
Out 3
Sample of
valp
1
structure
Out 2
Out 1
Out 2
Out 3
val p
1
Slide192Research Laboratory for Proactive Technologies ||||||||||||||||||||||||||||| ||||||||||||||||||||||||||||||||||||||||| Dept. of Computer Control, Tallinn University of Technology
192Formation of values in dom pj
ij
: T(p
i
) x T(
p
j
) x
val
p
i
proj
val
pi
dom
p
j
dom p
j
val p
i
ij
val p
k
k
j
Slide193Time selectivity of Q-model channels
(1)Time selectivity of a channel is realised by the consumer defined channel function: K(
s
ij
,t)
Ì
T
(
p
i
), t
Î
T(p
j
).
A more practical presentation of the channel function is in backward relative time
K(
s
ij
,t) = [
m,n
],
where
n
is the latest and
m
is the oldest state value accessible via the channel
s
ij
.
To enable time-selective communication, all the state values must be time-labelled and each channel must have its own relative backward time.
193
Research Laboratory for Proactive Technologies
||||||||||||||||||||||||||||| ||||||||||||||||||||||||||||||||||||||||| Dept. of Computer Control, Tallinn University of Technology
Slide194Types of Q-model channels
Types of channelsDifferent types of channels are needed to connect processes with different timesets and different communication requirements; in practice five types of channels are used:1. Synchronous channel, if T(p
i
) = T(p
j
)
2. Semisynchronous channel
, if T(p
i
)
®
T(p
j
)
3. Asynchronous channel
, if T(p
i
) and T(p
j
) are independent
4. Synchronous null channel,
to activate two processes at the same time
5. Semisynchronous null channel,
for sequential activation of two processes
194
Research Laboratory for Proactive Technologies
|||||||||||||||||||||||||||||
|||||||||||||||||||||||||||||||||||||||||
Dept. of Computer Control, Tallinn University of Technology
Slide195Research Laboratory for Proactive Technologies ||||||||||||||||||||||||||||| ||||||||||||||||||||||||||||||||||||||||| Dept. of Computer Control, Tallinn University of Technology195
Relative time as used in a channel function (Q-model) processes
time
K(
ij
,t
) = [1,0]
sync
semisync
async
Slide196Research Laboratory for Proactive Technologies ||||||||||||||||||||||||||||| ||||||||||||||||||||||||||||||||||||||||| Dept. of Computer Control, Tallinn University of Technology196
Functioning of a Q-model channel
Receive
send
producer
send
p
i
consumer
p
j
Circular buffer
(of the channel)
ij
p
i
p
j
ij
Slide197Representation of ports and process types
(iv) I/O Selector Process
(iii) Output Selector Process
(ii) Input Selector Process
(i
) Port on Common Process
1
P
1
P
1
P
1
2
0
1
P
1
2
0
197
Research Laboratory for Proactive Technologies ||||||||||||||||||||||||||||| ||||||||||||||||||||||||||||||||||||||||| Dept. of Computer Control, Tallinn University of Technology
Slide198Part of a system with a selector process
p
4
1
p
0
p
5
2
1
p
2
p
3
198
Research Laboratory for Proactive Technologies
||||||||||||||||||||||||||||| |||||||||||||||||||||||||||||||||||||||||
Dept. of Computer Control, Tallinn University of Technology
Slide199Example:a cascade controller
physical actuator
sensor
B
act
B1&B2
CONTROLLED
OBJECT
A
199
Research Laboratory for Proactive Technologies
||||||||||||||||||||||||||||| |||||||||||||||||||||||||||||||||||||||||
Dept. of Computer Control, Tallinn University of Technology
Slide200The Q-model of a cascade controller
B1
E
K1
A
K2
K3
act
B
K5
K4
B2
E - inputs from the object
A - control algorithm
B
1
- allowable changes to the actuator
B
act
- simulates the actuator
B
2
- measures the current position of the actuator
K
i
- channels, types will be specified later
200
Research Laboratory for Proactive Technologies
|||||||||||||||||||||||||||||
|||||||||||||||||||||||||||||||||||||||||
Dept. of Computer Control, Tallinn University of Technology
Slide201Q-model processes for the cascade controller
201
Research Laboratory for Proactive Technologies
||||||||||||||||||||||||||||| |||||||||||||||||||||||||||||||||||||||||
Dept. of Computer Control, Tallinn University of Technology
Slide2023 design versions
202
Research Laboratory for Proactive Technologies
|||||||||||||||||||||||||||||
|||||||||||||||||||||||||||||||||||||||||
Dept. of Computer Control, Tallinn University of Technology
Slide203Time diagram for Version 1
B1
A
ACT
B
process
B2
time
203
Research Laboratory for Proactive Technologies
||||||||||||||||||||||||||||| |||||||||||||||||||||||||||||||||||||||||
Dept. of Computer Control, Tallinn University of Technology
Slide204Time diagram for Version 2
e
B1
A
ACT
B
process
B2
time
204
Research Laboratory for Proactive Technologies
||||||||||||||||||||||||||||| |||||||||||||||||||||||||||||||||||||||||
Dept. of Computer Control, Tallinn University of Technology
Slide205Analysis of timing properties
Research Laboratory for Proactive Technologies ||||||||||||||||||||||||||||| ||||||||||||||||||||||||||||||||||||||||| Dept. of Computer Control, Tallinn University of Technology
205
Slide206Timing analysis of embedded systems206
Influence of input/output regularity
Digital
controller
ADC
DAC
Sensor
Actuator
Plant, G(s).
Input
Slide207L.Motus, 2004Timing analysis of embedded systems
207
Input/output is at regular intervals
Slide208L.Motus, 2004Timing analysis of embedded systems
208
Input/output irregularity is inserted
Slide209L.Motus, 2004Timing analysis of embedded systems
209
Time correctness of inter-process communication implies
coherence of time constraints imposed on the communication
partners
correct order of data production and consumption of the partners
(
especially in the case of simultaneous copies
)
valid start instants of interactions
satisfaction of constraints imposed upon transport and non-transport delays
possibility of time-selective consumption of data
Slide210L.Motus, 2004Timing analysis of embedded systems
210
Time-selective communication
Basic idea
: data received by the consumer process must be of certain, prefixed age
is a reflection of data delays assumed by control theory
has heretical consequences for conventional programming -- some messages may never be consumed, some messages are consumed many times
becomes explicit when a paradigm of one non-terminating program is substituted by a more realistic paradigm (terminating, repeatedly activated programs)
Slide211L.Motus, 2004Timing analysis of embedded systems
211
The Q-model (
2
)
Enables to incorporate timing constraints starting from the specification and ending with the maintenance (throughout the whole life-cycle)
Combines analytical (formal) and simulation (informal) approaches for verifying time correctness
Supports co-operation between software, control and systems engineers
Encourages the insertion of safety, reliability, fault-tolerance features into the specification and supports the analysis of their influence on the system
Slide212L.Motus, 2004Timing analysis of embedded systems
212Cyclic and sporadic activation of processes (1)
time
t
0
t
1
t
2
t
3
t
max
t
min
t
r
t
r
t
r
–
fluctuation interval
Slide213L.Motus, 2004Timing analysis of embedded systems
213Cyclic and sporadic activation of processes (2)1. A unified handling of strictly cyclic and sporadic activation of processes is recommendable2. The average inter-activation interval coincides with the precise period of strictly cyclic processes3. In the case of sporadic activation, the additional fluctuation is permitted (quantitatively defined as ignorance interval (or fluctuation interval) around the average activation instant).
4. For long term forecasts this simplification works well, problems can emerge with short term forecasts.
Slide214L.Motus, 2004Timing analysis of embedded systems
214
The Q-model processes (4)
Unbounded number of repeated executions of a process is possible only if processes´ execution time has a finite upper bound (or the processor has infinite computing power).
All the temporal parameters in the Q-model are given by interval (worst-case) estimates. For instance,
execution time
of a process
p
is
z(
p,t
)
Î
[
a (
p
), b (
p)]
a
(p) and
b
(p) are functions determined by empirical and/or theoretical knowledge of the nature of process p.
Interval estimates reflect our ignorance regarding the exact values, and understanding of the indeterminacy of the reality.
Slide215L.Motus, 2004Timing analysis of embedded systems
215
The Q-model processes (5)
State of a process
A state transition paradigm assumes that a process is described as a series of state transitions (from initial state to terminal state). The same is true when describing dynamic systems in control theory.
The Q-model assumes that the details of inner behaviour of a process are not observable (or rather, not of interest). Therefore visible values of a process state variables’ may change only after the process has terminated.
This reduces the complexity (number of states) and allows to describe and analyse a system without fixing algorithms
Slide216L.Motus, 2004Timing analysis of embedded systems
216State of a Q-model process
time
State value
Execution of process A
(A, t
0
)
t
0
t
1
t
2
s(A,t
0
)
s(A,t
1
)
s(A,t
2
)
Slide217L.Motus, 2004Timing analysis of embedded systems
217
Time parameters related to channels
For each channel a
data consumption
interval (a delay with respect to process activation instant) is defined/specified:
h
(
s
ij
, t)
Î [ g(s
ij
),
d
(
s
ij
)],
g(s
ij
)
is less or equal
d(s
ij
)
Each consumer may define/specify for each incoming channel a
channel function,
which determines the age of producer states comprising the message accessible from this channel.
With each channel is related a
set of transport and processing delays
; depending on the channel type these delays determine the synchronisation precision, and/or time required for data transmission through the channel.
Slide218L.Motus, 2004Timing analysis of embedded systems
218Functioning of a Q-model channel
producer
consumer
send
Receive (optional)
send
Circular buffer
(of the channel)
p
i
p
j
ij
p
i
p
j
ij
Slide219L.Motus, 2004Timing analysis of embedded systems
219Operations and activities in the channel (an example)1. Length of the circular buffer is determined by the channel function and contains (+1) elements (one element = one set of producer’s state variables)
2. “send” ( or “write”) command will shift the content of the buffer by one element, if the buffer is full, the oldest element is overwritten
3. “Receive”(or “read”) will not change the buffer
4. Each time ( - + 1) elements are read.
5. At the cold start the buffers are filled.
6.
Control of the sequence of “write” and “read” operations depends on the channel type.
Slide220L.Motus, 2004Timing analysis of embedded systems
220
Possible delays in a channel
A channel is implemented as a separate process -- let us study a chain of processes
“producer - channel - consumer”.
A channel receives a new state value from the producer, stores it in a circular buffer, receives a request for data from the consumer, forms a message according to the channel function, sends the formed message to the consumer.
Delays
are related to detection of the consumer request, forming the message, send of the message; and in many cases synchronisation with the producer.
Transport delay, processing delay, non-transport delay
Slide221L.Motus, 2004Timing analysis of embedded systems
221Functioning of the null channelThe null channel actually implements a limited broadcast (multicast) -- one to many communication -- typically activation of a group of synchronous processes.Two different delays exist:null channel delay -- time required to detect the synchronising event
and to warn the processors that run the synchronised processes
time required to activate
a process on a particular processor
Null
channel delay
simultaneity
Slide222L.Motus, 2004Timing analysis of embedded systems
222Application of null channel (synchronous clusters)
n
s
s
ss
s
a
s
Synch. cluster 1
Synch. Cluster 2
Slide223L.Motus, 2004Timing analysis of embedded systems
223Application of semi-synchronous null channel
ss
ss
ss
s
a
ss
Semi-synchronous cluster
p
1
p
2
p
3
p
4
p
5
Slide224L.Motus, 2004Timing analysis of embedded systems
224Semi-synchronous cluster
p
1
p
2
p
3
p
4
p
5
Simultaneity interval
Slide225L.Motus, 2004Timing analysis of embedded systems
225
Example of behaviour of a common process
h
(
d
21
,t
k
)
assignment of new state value
p
1
z
t
k
(p
1
,t
k
)
input of data
input of data
preparation
computations
h
(
d
3
1
,t
k
)
d
21
d
31
s(p
1
,t
k
)
Slide226L.Motus, 2004Timing analysis of embedded systems
226
Summary of the Q-model temporal and other attributes (1)
Common process:
- process time-set T(p), if necessary
- interval estimate for process execution time
z
(
p
i
,t
)
- list of input ports and channels connected to them
- interval estimate for data consumption time
h
(
s
ij
,t
)
- list of input variables for each channel/port
- list of output variables for a process
- equivalence interval, if necessary
Slide227L.Motus, 2004Timing analysis of embedded systems
227
Summary of the Q-model temporal and other attributes (2)
Selector process:
- input decision mechanism and equivalence interval
- list of alternative states plus list of variables for each state
- output decision mechanism, or output port selection probabilities
- interval estimates of execution time for each state
- interval estimates for data consumption time for each input channel
- list of input ports and channels connected to them
- list of input variables for each channel
Slide228L.Motus, 2004Timing analysis of embedded systems
228
Summary of the Q-model temporal and other attributes (3)
For a channel:
- producer process, if necessary the output port number
- consumer process, input port number
- channel type
- channel function
- simultaneity interval for synchronous and semi-synchronous channels and for both types of null channels
For a synchronous and semi-synchronous clusters:
- equivalence and simultaneity intervals (if required)
Slide229L.Motus, 2004Timing analysis of embedded systems
229Separate elements of a specification (1)1. Process execution time 0 <
a
(p)
£ b
(p) <
Y
<
¥
2.
Data consumption delay
0 <
g
(
s
ij
)
£ d(s
ij
) < a (
p
j
)
3. A channel function, as given in a relative backward time:
K(
s
ij
,t) = [
m,n]
0
£ n £ m <
¥
4. A process timeset may be defined for each process, check that each process has an individual timeset or a pointer to an existing timeset.
Slide230L.Motus, 2004Timing analysis of embedded systems
230Separate elements of a specification (2)Process timeset:1. All the processes may be executed repeatedly. For each process an execution period may be given, some processes have regular periods , some have random periods (these are called aperiodic processes).
2. Usually a timeset is defined by fixing:
- an average period for process activation
t
a
(p)
- an estimate of allowable fluctuation (with respect to
t
a
(p)
) in process start time
t
r
(p)
, that reflects our ignorance, or tolerance, about the exact activation instant
Slide231L.Motus, 2004Timing analysis of embedded systems
231Separate elements of a specification (3)Process timeset (continued):3. The two parameters determine
- minimum time between two consequtive activations
t
min
(p) = t
a
(p) - t
r
(p)
- maximum time between two consequtive activations
t
max
(p) = t
a
(p) + t
r
(p)
The given values
of
t
a
(p)
and
t
r
(p)
, or respectively
t
min
(p)
and
t
max(p) cannot be checked formally, the only check is that 0 < tmin(p) £ tmax(p) < ¥
Slide232L.Motus, 2004Timing analysis of embedded systems
232Separate elements of a specification (4)Correct ordering of process copies:1. The number of copies n = [
b
(p)/t
min
(p)] + 1
, and [.] denotes the integer part
2. A process copy activated at
t
1
terminates before a copy activated at
t
2
,
t
1
and
t
2
are two consequtive elements of process timeset,
t
1
<t
2
, iff
b
(p) -
a
(p) < t
min
(p)
3. A consumer process copy activated at
t
1
request data from a channel before a copy activated at
t2, iff d(sij ) - g (sij ) < tmin(p)
Slide233L.Motus, 2004Timing analysis of embedded systems
233Separate elements of a specification (5)Domain of definition and value range for a common process: - input and output variables are listed for each input port and for the output port
Domain of definitions and value ranges for a selector process:
- as for common process, and
- input and output decision mechanisms, or
- at early stages of system development, the probability estimates for the operation of the decision mechanisms
Slide234L.Motus, 2004Timing analysis of embedded systems
234Interaction between pairs of processes (1) The emphasis is on checking the consistency of parameters of interacting processes and that of time constraints imposed on them and on their interaction.Only syntactically correct interactions will be checked (channels between processes satisfy structural restrictions)
Analysis is carried out separately for pairs of processes connected by:
- synchronous channels
- semisynchronous channels
- asynchronous channels
Slide235L.Motus, 2004Timing analysis of embedded systems
235Interaction between pairs of processes (2)Examples of structural restrictions on connecting two processes with channels:- only one channel may connect two ports
- a process may have only one input port connected to semisynchronous channels
- simultaneous definition of timeset for a process and its activation via semisynchronous channel is forbidden
- in a synchronous cluster only one process may have a defined timeset
Slide236L.Motus, 2004Timing analysis of embedded systems
236Interaction between pairs of processes (3) Processes connected by synchronous channels:1. Communication via a synchronous channel will not violate the specified timing parameters of the consumer-process iff
b
(p
i
) <
g
(
s
ij
) +
n
t
min
(p
i
)
2. A relaxed form of the previous proposition is
b
(p
i
) <
g
(
s
ij
) +
n
t
min
(p
i
) + [t
min
(pj ) - b (pj )]3. A process consuming its own previous state, should never wait for this sate
Slide237L.Motus, 2004Timing analysis of embedded systems
237Interaction between pairs of processes (4)Processes connected by semisynchronous channels:Since producer processes generate the consumer’s timeset, the major question arising is whether all the activation attempts will be successful. If not, the user should be warned.
The following two conditions determine the element
t
r
Î
T(p
j
)
of the consumer timeset:
t
rn
= t
nv
+
z
(p
n
,t
nv
) +
x(s
nj
)
and
t
r
= min{t
rn
: t
rn
- t(r-1) £ te(pj )} where ntnv Î T(pn ), such that pn terminates before t(r-1) Î T(pj )
Slide238L.Motus, 2004Timing analysis of embedded systems
238Interactions between pairs of processes (5)Processes connected by asynchronous channels: This is the most liberal form of interaction. Still it introduces a rather uncomfortable time-variable delay -- called non-transport delay.
The non-transport delay behaves in a saw tooth fashion. Its upper bound can be estimated:
j
n
*
£
t
max
(p
i
) +
b
(p
i
) -
g
(
s
ij
) -1
This is a very pessimistic estimate of non-transport delay.
Slide239L.Motus, 2004Timing analysis of embedded systems
239Group behaviour of processes (1)Major points of interest in the group behaviour are: - detection of informational deadlocks,
- defining/estimating the equivalence and simultaneity intervals for synchronous clusters
- defining/estimating the simultaneity intervals for semisynchronous clusters
- analytical min/max estimates for the time required to pass a path of channels and processes in a system
The analysis is based on the “divide-and conquer” ideology -- partitioning the system into substructures with well-defined properties, and reasoning in those.
Slide240L.Motus, 2004Timing analysis of embedded systems
240Group behaviour of processes (2)Informational deadlock in the Q-model is the situation of circular wait for messages Synchronous cluster
-- a set of processes connected by synchronous and synchronous null channels
Synchronous chain
-- a sequence of common processes connected by synchronous channels
Synchronous loop
-- a synchronous chain where
p
1
=p
n
and the channel function for all channels in the loop has the form
K (
s
ij
, t) = [
m,0
]
Synchronous loop is a sufficient condition for informational deadlock.
Slide241L.Motus, 2004Timing analysis of embedded systems
241Group behaviour of processes (3)Synchronous cluster comprises a group of processes in a system whose execution must be synchronised.In a system may exist several synchronous clusters with different synchronisation requirements.
Synchronisation requirements have been partitioned into: - loose requirements (defined by
equivalence interval
) - strict requirements (defined by
simultaneity interval
)
Synchronous clusters are detected and the user defined requirements will be checked for consistency. The assessment of achievable simultaneity can take place at the physical design stage and later.
Slide242L.Motus, 2004Timing analysis of embedded systems
242Group behaviour of processes (4)Semisynchronous clusters include a producer process and those consumer processes which are connected to the producer by semisynchronous channels.For a semisynchronous cluster a user can define
simultaneity interval
defining the simultaneity requirements for activation of the consumer processes.
Different semisynchrounous clusters may have different synchronisation requirements.
The list of semisynchronous clusters is compiled automatically, the user need not provide all the clusters with simultaneity intervals.
Slide243L.Motus, 2004Timing analysis of embedded systems
243Group behaviour of processes (5)Analytical estimates for a path passing time 1. Fix the initial process (pi
) and the terminal process (p
t
)
2. Find all the paths from p
i
to p
t
.If necessary, filter some paths out by defining a path expression, or a threshold probability of passing a path.
3. Partition each path into a sequence of synchronous, semisynchronous and asynchronous legs.
4. Use the derived formulae for calculating minimum and maximum passing times for each leg.
5. Repeat the procedure until all the paths have been considered
Slide244Research Laboratory for Proactive Technologies |||||||||||||||||||||||||||||
||||||||||||||||||||||||||||||||||||||||| Dept. of Computer Control, Tallinn University of Technology244When all you own is a hammer,every problem starts looking like a nail. Abraham Maslow
Slide245Human preferencesResearch Laboratory for Proactive Technologies ||||||||||||||||||||||||||||| ||||||||||||||||||||||||||||||||||||||||| Dept. of Computer Control, Tallinn University of Technology
245
Slide246Cascade Controller as a Petri-net
MEASUREMENTS
A1
A
B3
B
ACT
C
B1
B2
.
.
Research Laboratory for Proactive Technologies
||||||||||||||||||||||||||||| |||||||||||||||||||||||||||||||||||||||||
Dept. of Computer Control, Tallinn University of Technology
246
Slide247Petri-net firing diagram
A1
A
C
ACT
B1
B3
B2
B
TIME
Research Laboratory for Proactive Technologies
||||||||||||||||||||||||||||| |||||||||||||||||||||||||||||||||||||||||
Dept. of Computer Control, Tallinn University of Technology
247
Slide248Comparison of the Q-model and Petri Net descriptions of a controller
Advantages of Petri Nets: - graphical representation of dynamic synchronisation of control (or data) flow - in timed Petri Net a “natural rate” can be estimated (the fastest possible execution of the net)Advantages of the Q-model: - analytical proof of detailed timing properties (including the fastest and slowest execution)
- unified description of control and data flow
- autonomy of each element and ease of analysing many alternative designs on the same model
248
Research Laboratory for Proactive Technologies
|||||||||||||||||||||||||||||
|||||||||||||||||||||||||||||||||||||||||
Dept. of Computer Control, Tallinn University of Technology