ESEVO Real-Time Systems Modeling Bernhard Frmel based on slides by - PowerPoint PPT Presentation

ESEVO Real-Time Systems Modeling Frömel ESEVO Real-Time Systems Modeling Bernhard Frömel based on slides by Christian El-Salloum. - Institute of Computer Engineering Vienna University of Technology - 182.722 Embedded Systems Engineering LU October, 2014 1/45

ESEVO Real-Time Systems Modeling Frömel Part I Engineering versus Scientific Method 2/45

ESEVO Real-Time Systems Modeling Engineering Method Scientific Method Frömel revise Model Model build test build test System System revise [taken from Henzinger] 3/45

ESEVO Real-Time Systems Modeling Engineering Method Scientific Method Frömel revise Model Model build test build test System System revise [taken from Henzinger] 4/45

ESEVO Real-Time Systems Modeling Engineering Method Frömel Scientific Method revise Model build Model test build test System System revise [taken from Henzinger] 5/45

ESEVO Real-Time Systems Modeling Engineering Method Frömel Scientific Method revise Model build Model test build test System System revise [taken from Henzinger] 6/45

ESEVO Real-Time Engineering Method Scientific Method Systems Modeling revise Frömel Model build Model test build test System System revise [taken from Henzinger] Predictability (repeatability, determinism) critical for both methods! 7/45

ESEVO Real-Time Systems Modeling Frömel Problem Part II Model- based Design Meta- Model-based Design models and Executable Specifica- tions 8/45

ESEVO The problem Real-Time Systems Modeling Frömel Problem Classic development of safety-critical systems is expensive: Model- ◮ Multiple views on the same specification (System-, based Software-, Hardware designer, ...) + miscommunication Design ◮ Ambiguous and incomplete specification Meta- models and ◮ Manual coding Executable Specifica- ◮ Vast implications of changes tions ◮ Leads to: Verification is very complex! e.g. avg. devel&verification of 10K lines of code ∼ 16 PYs [Camus and Dion, 2003] 9/45

ESEVO Model-based Design Real-Time Systems Modeling Frömel Problem Model is the center of entire development process Model- ◮ Requirements based Design ◮ Design Meta- ◮ Implementation models and Executable ◮ Testing Specifica- tions How to adequately represent a model? ◮ C? ◮ Something graphical with boxes and arrows, like UML? 10/45

ESEVO Any open questions? Real-Time Systems Modeling Frömel volatile uint timer_count = 0; void ISR( void ) { Problem if (timer_count != 0) Model- timer_count--; based } Design Meta- models and int main( void ) { Executable setup_timer(); Specifica- timer_count = 100; tions start_timer(); while (timer_count != 0) { /* do smth for 100 seconds */ } . . [taken from E. Lee] 11/45

ESEVO Any open questions? Real-Time Systems Modeling Frömel Problem Model- based Design Meta- models and Executable Specifica- tions 12/45

ESEVO Required Properties of a Model Real-Time Systems Modeling Frömel Problem ◮ Concrete enough to capture all relevant details. Model- E.g., functional behavior, timing, reliability, ... based ◮ Abstract enough to omit irrelevant details. Design E.g., implementation details Meta- models and ◮ For model-based design, the model has to be Executable understandable by a machine Specifica- ◮ Exact execution semantics tions ◮ Models as executable specification ◮ Boxes and arrows are fine, but only if semantics of an arrow or a box is precisely defined in the meta-model. 13/45

ESEVO Meta-Model Real-Time Systems Modeling Frömel The meta-model defines: ◮ the building blocks of the model (e.g., nodes, Problem connections, messages, tasks, ...) Model- based ◮ the rules how to instantiate and connect these building Design blocks Meta- ◮ the semantics of the building blocks models and Executable The meta-model for executable specifications defines Specifica- additionally an abstract machine . tions ◮ Complexity of abstract-machine model should be much lower than for concrete machine. ◮ In each refinement step on the way to final imlementation (physical platform) execution semantics of abstract machine must be retained! 14/45

ESEVO Finding the right abstraction level ... Real-Time Systems Modeling It would be very cool to go from: Frömel ◮ Minimal specification where we have Requirements that Problem come directly from controlled environment Model- (e.g., pure functionality, end-to-end latencies, based Design non-functional requirements, ...) Meta- to a final (distributed) platform by automatic transformation models and realized by tools where we have Executable Specifica- ◮ high degree of freedom of solution space (e.g., which tions CPUs, FPGAs, operating systems, ...), and ◮ employ optimization techniques (e.g., to optimize for power, costs, ...). Unfortunately, it’s too complex ! 15/45

ESEVO Finding the right abstraction level ... Real-Time Systems Modeling It would be very easy for the tool designer to go from: Frömel ◮ Maximal specification where all details (e.g., mapping, Problem schedules, memory management, ...) are fixed and respect high level requirements Model- based to a final (distributed) platform by easy straight forward Design automatic transformation realized by simple tools. Meta- models and Executable Specifica- tions Unfortunately, all work is left to the poor person who writes the specification. E.g., ◮ choose which CPUs, FPGAs, operating systems, ..., ◮ programming work, and ◮ optimize ’manually’. 16/45

ESEVO Real-Time Systems Modeling Frömel Modeling Case Part III Studies SIMTOOLS SCADE Time in Models GIOTTO Google Spanner 17/45

ESEVO Modeling Temporal Behavior and Concurrency Real-Time Systems Modeling Frömel Modeling ◮ Real computing ... Case ◮ There is some delay! Studies ◮ There is some clock drift! SIMTOOLS SCADE ⇒ difficult to model and to compose! GIOTTO ◮ Asynchronous models: arbitrary delay (e.g., Google Spanner delay-insensitive circuits). ⇒ (cognitively) very complex! ◮ Synchronous models ◮ Logical execution time 18/45

ESEVO SIMTOOLS, Simulation Level 1 [SIMTOOLS, 2014] Real-Time Systems Modeling Frömel Modeling Case Studies SIMTOOLS SCADE GIOTTO Google Spanner 19/45

ESEVO SIMTOOLS, Simulation Level 4 – with Timing Details Real-Time Systems Modeling Frömel Modeling Case Studies SIMTOOLS SCADE GIOTTO Google Spanner 20/45

ESEVO Safety Critical Application Development Environment Real-Time Systems (SCADE) Modeling Frömel Modeling Case Studies SIMTOOLS The golden rules of SCADE ( ∼ model-based design principles) SCADE ◮ Share unique, accurate specifications GIOTTO Google ◮ Do things once Spanner ◮ Do things right at first shot DESIGN-VERIFY-GENERATE 21/45

ESEVO SCADE Real-Time Systems Modeling Frömel Modeling SCADE (Safety-Critical Application Development Environment): Case ◮ Formal executable specifications Studies SIMTOOLS ◮ Verification of properties and assertions SCADE GIOTTO ◮ Synchronous dataflow design Google ◮ Generate specification in VHDL or Verilog formats Spanner ◮ C, SystemC Code generator (DO-178B, EN-50128 and IEC-61508) ◮ Gateways available to e.g. Simulink, LabView, UML/SysML 22/45

ESEVO Essence Real-Time Systems Cycle based intuitive computational model: Modeling Frömel Modeling Sample/Hold Inputs Case Studies SIMTOOLS SCADE Real-Time Event Scope of Cyclic Function SCADE GIOTTO Google Spanner Send Outputs ◮ Blocks implement functions and have a clock (derived from a given master clock) ◮ Blocks read inputs and generate their output in zero delay ( ⇒ synchronous language) 23/45

ESEVO Synchronous Language Real-Time Systems Modeling Frömel ◮ Discrete time scale with a priori defined granularity, Modeling imposed by dynamics of environment Case ◮ Each instant of scale corresponds to a computation cycle Studies (arrival of new inputs) SIMTOOLS SCADE ◮ Synchronism hypothesis: Calculation time < grain of the GIOTTO discrete time scale Google Spanner ◮ Outputs calculated at the same instant (in zero time) as when inputs are taken into account w.r.t. discrete time scale ◮ Temporal composability ◮ Synchronism hypothesis has to be verified by Worst Case Execution Time Analysis (WCET) 24/45

ESEVO Block diagrams (1) Real-Time Systems Block diagrams for continuous control: Modeling ◮ Networked blocks (operators or nodes) Frömel ◮ Blocks compute mathematical functions Modeling ◮ Arrows represent flows of data Case ◮ Declarative data-flow language (what instead of how) Studies ◮ Mathematically clean (no side effects) SIMTOOLS ◮ Blocks compute concurrently SCADE GIOTTO ◮ Block diagrams are fully hierarchical Google Spanner ◮ For algorithmic part: e.g., filters ◮ Temporal composability: 0 + 0 = 0 What about causality dependencies ? 25/45

ESEVO Block diagrams (2) Real-Time Systems Block diagrams for continuous control Modeling Frömel Modeling Case Studies SIMTOOLS SCADE GIOTTO Google Spanner [(c) Esterel Technologies] ◮ equation ( = ) represents infinite sequence of values, i.e., a flow ◮ Flow has unique definition (mathematical deterministic) ◮ Memory stores past flow states (recorded at previous cycle(s)) 26/45