1 / 35

Advanced Embedded Systems

Advanced Embedded Systems. Lecture 4 Specification Languages. Advanced Embedded Systems. 8. Java Was designed as a platform independent language; It can be executed on any machine with an interpreter of the internal byte code representation of Java programs;

veronicalewis
Download Presentation

Advanced Embedded Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Advanced Embedded Systems Lecture4 Specification Languages

  2. Advanced Embedded Systems 8. Java • Was designed as a platform independent language; • It can be executed on any machine with an interpreter of the internal byte code representation of Java programs; • The byte code representation is very compact thus requiring small memory space (advantage in ESs); • Java supports exception handling, simplifying recovery in case of run-time errors; • Provides automatic garbage collection avoiding potential problems in applications that have to run long time without ever being restarted; there is no danger of memory leakages due to missing memory deallocation; • Java support concurrency (includes threads); • Java supports object orientation and Java development systems come with powerful libraries; applications are fastly implemented;

  3. Advanced Embedded Systems • Standard Java is not designed for real-time systems; missing characteristics: • The size of the application does not includes the size of the run-time libraries; it must be added; • No direct control over I/ O devices is available in standard Java (for safety reason); • Automatic garbage collection requires some computing time; in standard Java, the instance in time at which automatic garbage collection is started cannot be predicted; the worst case execution time is difficult to predict; • Java does not specify the order in which threads are executed if several threads are ready to run; • Java programming environments: • Java Enterprise Edition (J2EE); • Java Standard Edition (J2SE); • Java Micro Edition (J2ME): environment for embedded systems; • CardJava: environment for SmartCard applications;

  4. Advanced Embedded Systems 9. VHDL • It is a textual HDL; • Graphical HDLs were appropriate for simple digital systems; the most common building block was a gate; • The strength of textual languages is that they can easily represent complex computations including variables, loops, function parameters and recursion; • When digital systems became more complex (for example for designing VHSICs), textual HDLs replaced graphical HDLs; • A key distinction between common software languages and HDLs is the need to describe concurrency among different hardware components; • VHDL uses processes for this; • VHDL was standardized by IEEE;

  5. Advanced Embedded Systems • A single process may be sufficient for simple hardware components but several processes may be needed for complex hardware; • Processes communicate through signals (correspond to physical wires); • Another distinction comes from the need to model time; HDLs include support; • A unit to be modeled is called design entity or VHDL entity; • A design entity is composed of an entity declaration and one or several architectures; • Example: a full adder:

  6. Advanced Embedded Systems • The entity declaration: entity full_adder is -- entity declaration port (a, b, carry_in: in Bit; -- input ports sum carry_out: out Bit); -- output ports end full_adder; • Architectures consist of architecture headers and architecture bodies; structural and behavioral bodies; • Behavioral bodies show how to compute output signals from input signals and local state; ex.: architecture behavior of full_adder is – architecture begin sum <= (a xor b) xor carry_in after 10 Ns; carry_out <= (a and b) or (a and carry_in) or (b and carry_in) after 10 Ns; end behavior

  7. Advanced Embedded Systems • Structural bodies describe the way entities are composed of simpler entities (components): the full adder is made by components i1, i2 and i3 (half_adder and or_gate): • Connections between components and entity ports are described in port maps; ex.: architecture structure of full_adder is – architecture head component half_adder port (in1, in2: in Bit; carry: out Bit; sum: out Bit); end component; component or_gate port (in1, in2: in Bit; o: out Bit); end component signal x, y, z: Bit; -- local signals begin -- port map selection i1: half_adder -- introduction of half_adder i1 port map (a, b, x. y); -- connection between ports i2: half_adder port map (y, carry_in, z, sum); i3: or_gate port map (x, z, carry_out); end structure;

  8. Advanced Embedded Systems • The general syntax for processes is: label: -- optional process declarations – optional begin statements – optional end process; • Wait statements may be included in processes for suspending a process; different kind of wait statements: • wait on signal list: suspend until one of the signals in the list changes; • wait until condition: suspend until condition is met; • wait for duration: suspend for a specified period of time; • wait: suspend indefinitely; • As an alternative to wait statements, a list of signals can be added to the process header; the process is activated whenever one of the signal changes its value;

  9. Advanced Embedded Systems • Ex.: model of an AND gate which will execute its body once and will restart every time one of the inputs changes its value: process (x, y) begin prod <= x AND y; end process; • The model is equivalent with: process begin prod <= x AND y; wait on x, y end process; • The execution of a VHDL model consists of: • The initialization phase; • The repetitive execution of process statements: a repetition is called a simulation cycle; in each cycle the values of all signals in the description are computed;

  10. Advanced Embedded Systems • The initialization consists of the following steps: • At the beginning, the current time, Tc, is assumed to be 0 ns; • The driving value and the effective value of each explicitly declared signal are computed and the current value of the signal is set to the effective value; this value is assumed to have been the value of the signal for an infinite length of time prior to the start of simulation; • Each process in the model is executed until it suspends; • The time of the next simulation cycle, Tn, is calculated according to the rules of the 5th step of the simulation cycle, below; • A simulation cycle starts with setting the current time to the next time at which changes must be considered; • This time, Tn, was either computed during the initialization or during the last execution of the simulation cycle; • Simulation ends when the maximum value of the current time, TIME’HIGH, is reached; • A simulation cycle consists of the following steps:

  11. Advanced Embedded Systems • The current time, Tc, is set equal to Tn; simulation ends when Tn = TIME’HIGH and there are no active drivers or process resumptions at Tn; • Each active explicit signal in the model is updated; the new value is assigned if Tc corresponds to the time at which these values become valid; signals that change their value generate events which, in turn, may enable the execution of processes that are sensitive to that signals; • For each process P, if P is currently sensitive to a signal S and if an event has occurred on S in this simulation cycle, then P resumes; • Each process that has resumed in the current simulation cycle is executed until it suspends; • The time of the next simulation cycle, Tn, is determined by setting it to the earliest of: • TIME’HIGH; • The next time at which a driver becomes active; this is the next instance in time at which a driver specifies a new value; • The next time at which a process resumes; this time is determined by wait on statements;

  12. Advanced Embedded Systems 10. Verilog and System Verilog • Is another HDL; • Standardized as IEEE 1364: Verilog 1.0 in 1995 and 2.0 in 2001; • Has similar features with VHDL: • A set of connected design entities describe a design; • Design entities can be described behaviorally; • Processes are used to model concurrency of hardware components; • Bit-vectors and time units are supported; • Similar number of users; • Differences: • Multiple value logic is included in the language; • Verilog provides more features for transistor – level descriptions; • VHDL is more flexible: e.g. it allows hardware entities to be instantiated in loops; this can be used to generate a structural description, e.g. n bit adders without having to specify n adders and their interconnections manually;

  13. Advanced Embedded Systems • System Verilog = Verilog 3.0 and 3.1; • Extensions to Verilog 2.0: • Additional language elements for modeling behavior; • C data types (int) and type definition facilities (typedef, struct); • Definition of interfaces of hardware components as separate entities; • Standardized mechanism for calling C/ C++ functions; • Some mechanisms for calling Verilog functions from C; • Enhanced features for describing an environment (called testbench) for the hardware under design and for using the testbench to verify the design by simulation; • Classes known from object-oriented programming for use with testbenches; • Dynamic process creation; • Standardized interprocess communication and synchronization, including semaphores; • Automatic memory allocation and deallocation.

  14. Advanced Embedded Systems 11. SpecC • Models systems as hierarchical networks of behaviors communicating through channels; • The descriptions consist of behaviors, channels and interfaces; • Behaviors contain ports, locally instantiated components, private variables and functions and a public main function; • Channels encapsulate communication and include variables and functions used for the definition of a communication protocol; • Interfaces connect behaviors and channels; they declare the communication protocols which are defined in a channel; • SpecC can model hierarchies with nested behaviors; fig. shows a component B which includes sub-components b1 and b2:

  15. Advanced Embedded Systems • The sub-components are communicating through integer c1 and through channel c2; • b1 and b2 are executed concurrently, which is denoted by the keyword par in SpecC; • The following model describes the structural hierarchy: interface L {void Write(int x)}; interface R {int Read (void)}; channel C implements L,R {int Data; bool Valid; void Write(int x) {Data=x; Valid_true;} int Read (void) {while (!Valid) waitfor (10); return (Data);}} behavior B1 (in int p1, L p2, in int p3) {void main (void) {/* …*/p2, Write(p1);}}; behavior B2 (out int p1, R p2, out int p3) {void main (void) {/* …*/p3=p2, Read();}}; behavior B(in int p1, out int p2) {int c1; C c2; B1 p1(p1, c2, c1); B2 b2(c1, c2, p2); void main (void) {par {b1.main(); b2.main();}} };

  16. Advanced Embedded Systems 12. Other languages • Esterel • Reactive language: when activated with an input event, Esterel model reacts by generating an output event; • It is a idealized model which does not treats overlapping time ranges and events that arrive while the previous reaction has not been completed; • Synchronous language: all reactions are assumed to be completed in 0 time and it is sufficient to analyze the behavior at discrete moments; • Communication is broadcast type and instantaneous: all signals generated at a particular moment in time are also seen by the other parts of the model at the same moment in time; • MATLAB/Simulink • Is a modeling and simulation tool based on mathematics; • Actual systems can be described in the form of partial differential equations; this approach is appropriate for modeling physical systems, such as cars, planes and then simulating their behavior.

  17. Advanced Embedded Systems 13. Levels of hardware modeling • Design process may be started at various levels of abstraction; • These may be high levels describing the overall behavior of the system to be designed or lower levels, for ex. specification of electrical circuits; • A variety of languages exist for each level; some languages cover several levels; • System level: • “System level” may denote the entire embedded system, the system which includes the embedded system, the environment … • The models must include mechanical support also; • Solutions: VHDL-AMS, MATLAB … • Algorithmic level: • The algorithms that are intended to be used within the embedded systems are simulated; • Ex.: MPEG video encoding algorithms for evaluating the video quality; • Models consist of single processes or cooperating processes;

  18. Advanced Embedded Systems • Instruction set level: • Algorithms have already been compiled for the instruction set of the processor to be used; • Simulations allow counting the executed number of instructions; • Coarse-grained model: only the effect of the instructions is simulated and their timing is not considered; the information available in assembly reference manuals (instruction set architecture) is sufficient for defining such models; • Transaction level model: transactions, such as bus writes and reads and communication between different components are modeled; • Fine-grained model: cycle-true instruction set simulation: the exact number of clock cycles required for an application can be computed; this requires a detailed knowledge of the processor hardware in order to correctly model, for ex., pipeline stalls, resource hazards, memory wait cycles etc. • Register-transfer level: • All the components are modeled: registers, ALUs, memories, decoders,..

  19. Advanced Embedded Systems • Gate-level models: • Models contain gates as the basic components; • Provide accurate information about signal transitions and can therefore also be used for power estimations; also delay calculations can be more precise than for the RTL; • However, delay and power consumption calculations are estimates because information about the length of wires and about the capacitances are insufficient; • Gate-level models are sometimes used in situations in which gates are only used to denote Boolean functions; it is not necessary (in the model) that gates represent physical entities, only the behavior of the gates is considered; • Such models are called also “Boolean function models” (less used term); • Switch-level models • Use switches (transistors) as basic components; • In contrast to gate-level models, they can reflect bidirectional transfer of information;

  20. Advanced Embedded Systems • Circuit-level models: • The basis of simulations consists in circuit theory and its components (current and voltage sources, resistors, capacitances, inductances, macromodels of semiconductors); • The most used simulator is SPICE; • Layout models: • Reflect the actual circuit layout; they include geometric information; • Layout models cannot be simulated directly because the geometric information does not directly provide information about the behavior; • Behavior can be deduced by correlating the layout model with a behavioral description at a higher level or by extracting circuits from the layout; • In a typical design flow, the length of wires and the corresponding capacitances are extracted from the layout and back-annotated to description at higher levels; more precision can be obtained for delay and power estimations; • Process and device models: • Models can be obtained for fabrication of circuits;

  21. Advanced Embedded Systems 14. Language comparisons • None of the language presented so far meets all the requirements for specification languages for ESs; overview: • There are conflicting requirements so it is not very likely that a single language will be appropriate for all types of applications, for ex.: distributed control dominated applications and local data flow dominated applications; • Different languages will be used for different complexity of ESs: assembly language for simple ESs, C for more complex ESs, SDL ...

  22. Advanced Embedded Systems • Fig. shows how different languages and combinations can be used: • HLL, like SDL, StateCharts can be translated into C, then in assembly language; • SDL and StateCharts can implement functionality in hardware, by translating them into VHDL; • C and VHDL can be viewed as intermediate languages between HLL and physical ESs; • Java can be translated in object code and in VHDL;

  23. Advanced Embedded Systems 15. Dependability requirements • In many cases the specification of the functional behavior of the system must be completed with the specification of safety requirements; • Safety requirements have to be considered from the beginning of the design; • The design of safe and dependable systems is a topic by its own; • The following features must be considered: • For safety critical systems, the system as a whole must be more dependable than any of its parts; • The order of failures is 1 failure/ 109 hours; this is 1000 times less than typical failure rates of chips; • Fault-tolerance mechanisms must be used; • Due to the low acceptance failure rate, systems are not 100 % testable; • Safety must be shown by a combination of testing and reasoning; abstractions must be used to make the system explainable;

  24. Advanced Embedded Systems • Design faults and human failures must be taken into account; • For addressing these challenges, the following design principles were proposed: • Safety considerations may have to be used as the important part of the specification, driving the entire design process; • Precise specifications of design hypotheses must be made right at the beginning; these include expected failures and their probability; • Fault containment regions, FCRs, must be considered; faults in one FCR should not affect other FCRs; • A consistent notion of time and state must be established; otherwise it will be impossible to differentiate between original and follow-up errors; • Well-defined interfaces have to hide the internals of components; • It must be ensured that components fail independently; • Components should consider themselves to be correct unless two or more other components pretend the contrary to be true (principle of self-confidence);

  25. Advanced Embedded Systems • Fault tolerance mechanisms must be designed such that they do not create any additional difficulty in explaining the behavior of the system; fault tolerance mechanisms should be decoupled from the regular function; fault tolerance mechanisms will affect the power consumption so a balance must be made; • The system must be designed for diagnosis; for ex. it has to be possible to identify existing but masked errors; • The man-machine interface must be intuitive and forgiving; safety should be maintained despite mistakes made by humans; • Every anomaly should be recorded, these anomalies may be unobservable at the regular interface level; this recording should involve internal effects, since otherwise they be masked by fault tolerance mechanisms; the records will be used in diagnose and for eliminating the sources of the failures; • A never-give up strategy must be provided; ESs may have to provide uninterrupted service; the generation of pop-up windows or going offline is unacceptable.

  26. Advanced Embedded Systems Reliability, safety and security • Are closely related: • Reliable (dependable) system design: it is ensured that systems work even when internal or external problems occur; it is assumed that problems are not caused maliciously; • Safety-critical system design: means to apply methods to make sure systems operate safely, independent of the cause of the problem; • Security: approaches the malicious attacks; • The relation between dependability and security is shown in figure:

  27. Advanced Embedded Systems • Attributes of dependability and security: • Availability of correct service; • Continuity of correct service; • Safety from catastrophic consequences on users and their environment; • Maintainability through modifications and repairs; • Confidentiality of information; Reliable system design • Some ESs must be designed and built to be highly reliable: • Automotive electronics; • Avionics; • Medical equipment; • Critical communications; • Critical data handling (e.g. purchasing data, medical data); • There are classical solutions for making digital systems to operate for long periods with low failure rates;

  28. Advanced Embedded Systems • Differences between the design of traditional reliable computers and reliable ESs: • Reliable systems are often distributed (e.g. automotive, avionics, medicine); • ESs are vulnerable to new types of attacks; reliable computers were traditionally servers or machines that were physically inaccessible; ESs are generally working in unprotected environments; • Fundamentals of reliable system design • Reliable systems are designed to recover from faults; • Sources of faults: • Physical faults: are caused by manufacturing defects, radiation hazards etc. • Design faults: are the result of improperly designed systems; • Operational faults: generated by human errors, security beaches, poorly designed human-computer interfaces etc. • Details of faults are not important for users; they care only about how systems react to faults; the system must react in such a way as to minimize the fault’s effect on the user;

  29. Advanced Embedded Systems • Metrics to quantify system reliability: • Mean time to failure (MTTF): given a set of perfectly functioning systems at time 0, MTTF is the expected time for the first system in that set to fail; • It is used also for characterizing the reliability of a single system; • It is calculated by: • The reliability function: describes the probability that a system operate correctly in the time period [0, t]. R(0) = 1 and R(t) monotonically decreases with time; • The hazard function, z(t): is the failure rate of components; for a given probability function, the hazard function is defined as:

  30. Advanced Embedded Systems • Faults characteristics: • Faults can be measured empirically or modeled by a probability distribution: • A common model is the exponential distribution; another function is the Weibull distribution; • An empirically distribution, for many hardware components, is the bathtub function, shown in fig.: • It is similar to the cross-section of a bathtub; • Generally it was observed a quickly fail of components, followed by a long period with few failures and, finally, an increase of the failures due to long term wear mechanisms;

  31. Advanced Embedded Systems • Actions after a fault: • Fail: some systems fail without trying to even detect an error; • Detect: the detection of an error is the next step; even if the system stops at this point, the information provided by the detector can be useful; • Correct: some errors may be corrected, for ex. memory errors; • Recover: it is a more complex process, it may take more time than a simple correct operation; • Contain: the system may take steps to ensure that a failure does not corrupt a large part of the system; • Reconfigure: one way to contain a system is to reconfigure the system so that different parts of the system perform some operations; for ex., a faulty unit may be disabled and another one, similar, enabled; • Restarting: it may be the best way to wipe out the effects of an error; this is particularly true for transient errors and some of the software errors; • Repair: software or hardware components can be modified or replaced to repair the system;

  32. Advanced Embedded Systems • Solutions for high reliability: • Error-correction codes: introduce redundancy for detecting and correcting certain types of errors, for ex. single error correction/ double error detection; • Voting schemes: triple modular redundancy method: a computation unit has 3 copies and another unit compares the results obtained form the same inputs; if at least 2 are the same, that result is the correct one; if the 3 results differ each other, no result is obtained;

  33. Advanced Embedded Systems • Watchdog timer: it is connected to a system that it watches (for ex. on the data bus); • When it rolls over it generates a signal that should be an interrupt source or a reset source; • In a correct operation mode, the system resets the watchdog timer before it reaches the roll over value; • Design diversity: • Is a design methodology intended to reduce the chance that certain systematic errors are included in the design; • When a design needs several instances of a given module, different implementations of that module are used rather than using the same module everywhere; • Ex.: in a system with several CPUs, several types of CPUs may be used rather than the same type everywhere;

  34. Advanced Embedded Systems • Novel attacks against ESs and solutions • Physical access: many ESs are physically accessible to hackers; the information obtained can be used for attacking also other similar ESs; • Internet attacks: viruses or malicious attacks; • Attacks on automobiles: for ex. ESs from an automobile can be programmed to stall in certain conditions; if a large number of automobiles are programmed in the same way, a dangerous situation can occur; attacks on automobiles are more easy if the ESs are connected to Internet; • Battery attack: it tries to disable the node by draining its battery; for ex.: pinging a node over Internet may be enough to cause it to operate more often than intended and prematurely drain its battery; another ex.: a cell phone virus that causes it to repeatedly make calls; • QoS attacks: quality-of-service or timing attacks: if data for real-time control arrive at an ES and small delays in delivery are caused, the whole system may fail; important damages can be created because the entire dynamics of the system will be changed (for ex. in a system which controls fast-moving objects);

  35. Advanced Embedded Systems • Attacks on sensor networks: they may occur at different levels of the network hierarchy: • Physical layer: jamming, tampering; • Link layer: collision, exhaustion, unfairness; • Network and routing layer: neglecting greed, homing, misdirection, black holes, authorization, redundancy; • Transport layer: flooding, desynchronization; • Power attack: is more easily used against ESs than general purpose computers; is based on the fact that measurements of the power supply of a CPU shows its internal activity; 2 sorts of power attacks: • Simple power analysis: inspects a trace manually and tries to determine the location of programs actions; • Differential power analysis: uses correlation to identify actions and key bits; this attack was originally aimed at smart cards, which take their power from the external card reader, but it can be applied to other ESs too; • Physical security: is a solution against the attacks; it has several forms, for ex.: ESs placed so that they are difficult to be detected, limited information in chips etc.

More Related