140 likes | 154 Views
A review of the "Principled Design of Embedded Software" project focusing on the development and verification of high-confidence, distributed embedded control systems. The project emphasizes repeatability, verifiability, and the use of model-to-C code generation techniques. The proposed event-driven model of computation, PTIDES, is introduced as a way to achieve distributed real-time systems with timed semantics.
E N D
Principled Design of Embedded Software Edward A. Lee High Confidence Design for Distributed Embedded Systems MURI Review Project: Frameworks and Tools for High-Confidence Design of Adaptive, Distributed Embedded Control Systems (Vanderbilt, UC Berkeley, CMU, Stanford) Berkeley, CA September 6, 2007
Overall Plan for “Principled Design of Embedded Software” Status as of August 07: Ptolemy II architecture with pluggable “helpers” for both directors and actors. Demo on iRobot Create and partially on Starmac Robostix. • Build a “models to C” lab enabling experiments with • Models of concurrency and time • Optimization based on partial evaluation • Create sampled data models and translation to C with • Polled I/O • Interrupt-driven I/O • Create event-driven models and translation to C with • Model of time • Synthesized scheduling of reactions • Created distributed timed models and translation to C • Host, supervisor, and controller interactions • Time synchronization Emphasis on repeatability and verifiability!
STARMAC Electronics LIDAR URG-04LX 10 Hz ranges RS232 115 kbps PC/104 Pentium M1GB RAM, 1.8GHz Est. & control WiFi 802.11g+ ≤ 54 Mbps USB 2 480 Mbps Stereo Cam Videre STOC 30 fps 320x240 Firewire 480 Mbps RS232 GPS Superstar II 10 Hz UART 19.2 kbps Stargate 1.0 Intel PXA25564MB RAM, 400MHz Supervisor, GPS WiFi 802.11b ≤ 5 Mbps CF 100 Mbps UART115 Kbps UART IMU 3DMG-X1 76 or 100 Hz UART 115 kbps Start with controller Robostix Atmega128 Low level control Ranger SRF08 13 Hz Altitude I2C 400 kbps PPM100 Hz Analog Expand to supervisor Ranger Mini-AE 10-50 Hz Altitude Beacon Tracker/DTS 1 Hz ESC & Motors Phoenix-25, Axi 2208/26 Finally to host Timing/Analog
Approaches • Model the vehicle dynamics and develop the embedded control code to work with that model. • Model the controller and I/O and generate embedded C code from the model.
Simpler/Safer Testbed We are using the iRobot Create (the platform for the Roomba vacuum cleaner) with a pluggable Command Module containing a similar Atmel microcontroller as the Starmac to shake out the code generation techniques.
Model-to-C for the Controller • Helper-based extensible open architecture. • Helpers for SDF (synchronous dataflow), FSM (finite state machines) and HDF (hierarchical combinations of the two). • Helpers for a fairly extensive actor library. • Embedded C actors for custom, platform-specific code. Simple iRobot example that hierarchically combines SDF and FSM. Custom C code
A Software Architecture Built for Experimentation Actor Actor helper • Each actor has a corresponding helper class which is responsible for generating the target code for that actor. • Each director (which governs the interaction between actors) has a corresponding helper class for providing MoC-specific information and orchestrating the code generation for the model. • The helper class hierarchy and package structure parallel those of the corresponding actors, to achieve modularity, maintainability, portability, efficiency and extensibility in code generation. Director Director helper
Director Helper Enables Experimentation with Principles of Time and Concurrency for Embedded Systems • SDF (Lee et al., Berkeley) • Structured Dataflow (Kodosky et al., NI) • Synchronous Languages (Berry, Caspi, Benveniste et al., France) • Real time workshop (Ciolfi et al., MathWorks) • HDF (Lee et al., Berkeley) • Koala (Ommering et al., Philips) • Giotto (Henzinger et al., Berkeley) • TinyOS (Culler et al., Berkeley) • Click (Kohler et al., MIT) • Ptides (Lee et al., Berkeley)
Next Steps • Support interrupt-driven concurrency in generated code • Create a model of time and microkernel support • Implement a timed sample-data MoC • Create support for event-driven computation • Implement PTIDES: a timed distributed run time environment • Implement timing verification based on PTIDES formalism
DE Director implements timed semantics using an event queue PTIDES Builds on Principles of Discrete Event Modeling Reactive actors Event source Signal Components send time-stamped events to other components, and components react in chronological order. Whereas DE is usually a simulation technology, we are using it as a real-time MoC. Time line
PTIDES: Our Proposed Event-Driven Model of Computation for Distributed Real-Time Systems See “A Programming Model for Time-Synchronized Distributed Real-Time Systems”, Yang Zhao, Jie Liu, and Edward A. Lee, RTAS ’07. PTIDES combines naturally with modal models, lending itself to state-based verification methods that validate timing properties.
From Our Annual Report:Objective 2 “Develop foundations of model-based software design for high-confidence, networked embedded systems applications. We will investigate new semantic foundations for modeling languages and model transformations, precisely architected software and systems platforms that guarantee system properties via construction, and new methods for static source code verification and testing, as well as for dynamic runtime verification and testing.” “We have been implementing high confidence code generator for the Ptolemy II actor languages using partial evaluation mechanisms. The code generator transforms an actor-oriented model into target code while preserving the model's semantics.”
From Our Annual Report:Objective 3 “Develop composable tool architecture that supports high-level reusability of modeling, model analysis, verification and testing tools in domain-specific tool chains. We create new foundation for tool integration that goes beyond data modeling and data transfer.” “We have developed PTIDES: Programming Temporally Integrated Distributed Embedded Systems. For components for embedded systems, we have further refined the Ptolemy II code generation environment and are targeting the quadrotor effort.”
From Our Annual Report:Objective 4 “Demonstrate the overall effort by creating an end-to-end design tool chain prototype for the model-based generation and verification of embedded controller code for experimental plat-forms.” “We have begun the process of interfacing the Ptolemy toolkit with the embedded software control architecture on board our autonomous quadrotor aircraft.”