Predictable Design for Real-time Embedded Control

A Case Study

Jinfeng Huang & Jeroen VoetenEindhoven University of Technology

PROGRPROGREESSSS

2

Contents

•A running example: railroad crossingA running example: railroad crossing

•Problems in current design practiceProblems in current design practice

•Compositional design approachCompositional design approach

•DemoDemo

3

Railroad Crossing

•Trains run independently at different velocities

•Velocities are constant

•Avoid collisions

•As efficient as possible

StationStation

Station

B

AA D

D

A

Critical zone

Crossingarea

Station

B CB

C

4

Current Practice

Train A Crossing Train B

D

TT+D+

StartMotor

CrossingArea

CriticalZone

Sensor A

Delay (D)

CheckCrossing

StopMotor

5

Timing Property

•(Timed) execution trace of “Train A”:

1+2 ?

SensorA signaled T

Delay D

T+DCheck Crossing

T+D+1Stop motor T+D+1+2

Between D and D+ seconds after Train A has passed Sensor A, “Train A” checks the Crossing and stops the train if the Crossing is occupied

6

Timing Property - Add other Components •e.g. to control other trains or crossings.

•(Timed) execution trace of “Train A” (disturbed by other components):

1+2+3+1+2 BOOM !!!

SensorA signaled T

Delay D

T+1+D

Check Crossing T+1+D +2+1

Stop motor T+1+D +2+1+3+2

Other components running T+1

T+1+D+2

T+1+D +2+1+3

7

Problems in current practice

•Behaviors of components are not compositional

•Debug and analysis codes “pollute” the timing behavior of the system

•Lack reusability, maintainability, portability etc.

•Lack facilities to guarantee property preservation: Lack facilities to guarantee property preservation: Implementation exhibits unexpected behaviors not Implementation exhibits unexpected behaviors not present in the modelpresent in the model

8

Compositional Approach (Modeling)

•POOSL: Based on a two-phase execution frame: Based on a two-phase execution frame: actions are instantaneous and time progress is actions are instantaneous and time progress is represented in a virtual way (instead of based represented in a virtual way (instead of based directly on a physical clock) directly on a physical clock) •Compositional semanticsCompositional semantics

•ExecutableExecutable

•Expressive (concurrency, time, Expressive (concurrency, time, communication…)

9

Compositional Approach (Modeling)

Train A Train BCrossingAbstract Model

Refinement

Verification

Train AActor

Train AI mage

Train BI mage

Train BActor

Train BCrossingTrain A

Extended Model

SafetyMonitoring

Simulation

Refinement

Estimation of

Synthesis

Synthesis Model

Train AImage

Train BImage

Crossing

LEGO DACTA Interface

10

Compositional Approach (Synthesis)

•Automatic code generation (RT-Rotalumis,C++)

•Real-time property-preserving mapping

guaranteed by the -hypothesis•The execution tree: ordering of actions is kept from

model to implementation

•Synchronization between virtual time and physical time: if an action happens at virtual time t in model it happens in physical time interval (t-/2,t+/2) in implementation

11

Demo: The Railroad Crossing

StationStation

Station

B

AA D

D

A

Critical zone

Crossingarea

Station

B CB

C

- 100 - 20 20 100 cm

- 100

20

100

•Velocity TrainA: 40 cm/s

•Velocity TrainB: 90 cm/s

Extended Model

Synthesis Model

Realization

Rapid analysis

Abstract Model

Models and video are not included in the presentation. For those who are interested, please mailto: j.huang@tue.nl

12

Future Work and Open Issues

•Mapping efficiency•Prediction / platform requirements•Multi-processor platforms

•Streaming data

•Continuous-time environmental models

•Tools