Real-Time Implementation of BIP: Clocks and Real-Time Constraints

Transcription

1 Real-Time Implementation of BIP: Clocks and Real-Time Constraints Jacques Combaz DCS Days March 27, 2009 Verimag

2 Outline 1. Introduction: (Timed) BIP Model 2. Computing Timed Interactions 3. Model Time vs Real-Time 4. Real-Time Scheduling Policy 5. Future Work Verimag

3 Outline 1. Introduction: (Timed) BIP Model 2. Computing Timed Interactions 3. Model Time vs Real-Time 4. Real-Time Scheduling Policy 5. Future Work Verimag

4 BIP Model Behavior: components automata + ports + data + C code init A init init wait s wait f() r init B init s r init compute Interactions (synchronizations): { init, init }, { s }, { s, r } Priorities (conflict resolution): { s, r } > { s } BIP Engine Platform Verimag

5 Centralized Implementation of the BIP Engine initialize atoms wait for a stable state execute involved atoms choose one interaction there is one interaction (or more) compute legal interactions filter them using priorities there is no interaction deadlock

6 Timed BIP Model Behavior: timed automata (clocks with discrete semantics + urgency type) init init x:=0 wait s [x=p] delayable x:=0 init s A r init init init f() y:=0 wait compute r B

7 Implementing with Tick Connector Connector tick is synchronized with the platform clock tick x++ init init x:=0 A tick y++ init init y:=0 B tick [x<p ] x++ wait s [x=p] x:=0 f() wait r compute tick init s r init tick tick y++ Problem: - inefficient: synchronous execution - not implementable if execution times clock period Engine time engine connector tick Platform all components RT Clock Verimag

8 Proposed Engine Behavior: timed automata (urgency) + ports + data + C code init init x:=0 wait s [x=p] delayable x:=0 init s A r init init init f() y:=0 wait compute r B Engine Real-Time Engine Platform Event Handler RT Clock

9 Real-Time BIP Engine (Centralized) initialize atoms execute involved atoms wait for the chosen interaction real-time scheduling policy wait for a stable state there is one interaction (or more) compute legal timed interactions restrict guards using priorities there is no interaction deadlock

10 Outline 1. Introduction: (Timed) BIP Model 2. Computing Timed Interactions 3. Model Time vs Real-Time 4. Real-Time Scheduling Policy 5. Future Work Verimag

11 Computing Timed Interactions p A q B r C s D p [ 7 x 10 ] delayable q [ 3 y 5 ] eager r s [ 1 z 5 ] delayable p: q: r: s: last reset x last reset y last reset z {p,q} 3 y 5 7 x 10 { r, s } 1 z 5 t (platform clock) { p, q }: [ 17 t 20 ] delayable [ 16 t 18 ] eager { r, s }: [ - t + ] lazy [ 16 t 20 ] delayable = [ 17 t 18 ] eager = [ 16 t 20 ] delayable Verimag 11

12 Priorities { p, q } > { r, s } p A q B r C s D p [ 7 x 10 ] delayable q [ 3 y 5 ] eager r s [ 1 z 5 ] delayable last reset x {p,q} last reset y t (platform clock) last reset z { r, s } { r, s }: [ 16 t 20 ] delayable \ [ 17 t 18 ] eager = [ t = 16 ] lazy [ 19 t 20 ] delayable Verimag 12

13 Outline 1. Introduction: (Timed) BIP Model 2. Computing Timed Interactions 3. Model Time vs Real-Time 4. Real-Time Scheduling Policy 5. Future Work Verimag

14 Example #1 (Model Execution) [ x P ] eager [ x = P ] eager x = 0P

15 Example #1 (Actual Execution) deadlock which is not in the model! [ x P ] eager [ x = P ] eager x = 0 P+ε execution times of transitions: ε

16 Example #2 (Model Execution) p A q B p x := 0 q y := 0 [ x P ] eager f() [ y 2P ] eager g() x := 0 y := 0 x = P0 y = P2P 0

17 Example #2 (Actual Execution) p A q B p x := 0 q y := 0 [ x P ] eager f() [ y 2P ] eager g() x := 0 y := 0 x = εp-2ε P-ε 0 f +ε g y = P+ε 0 2P P+2ε+ε f +ε gf execution times of transitions: f() ε f g() ε g others ε

18 Model Time vs Real-Time In model semantics, interaction execution is instantaneous In actual implementation, everything takes time Model time and real-time cannot coincide at each state of the system t I t+ε time s,s : states I: interaction (s,t) I I,ε (s,t) (s,t+ε) model actual execution The Real-Time BIP Engine should be based on logical or model time Synchronizations between model time and real-time are required

19 Exact Synchronization Interaction I can be executed for any value of time between t and t+ε Synchronization at each control state δ t t+δ I t+ε time I (s,t) δ (s,t+δ) ε-δ I (s,t+δ) ε-δ (s,t+ε) Actual execution: (s,t) I,ε (s,t+ε) Model: δ [0;ε] (s,t) δ (s,t+δ) I (s,t+δ) ε-δ (s,t+ε)

20 Relaxed Synchronization Synchronization can be made after a finite sequence I 1 I n of interactions that have to be executed at model time t I 1 t I 1 I 2 I n t+ε time I 2 I n ε (s,t) I 1 (s 1,t) I 2 I n (s n,t) ε=ε ε n (s n,t n +ε) Actual execution: (s,t) I 1,ε 1 (s1,t+ε 1 ) I 2,ε 2... I n,ε n (sn,t+ε n ) Model: (s,t) I 1 (s1,t) I 2... I n (sn,t) ε (s n,t + ε 1 + +ε n )

21 Implementing Clock Synchronization Clock t encapsulates the platform clock: it represents logical or model time Clock t and platform clock are synchronized only when necessary, depending on the synchronization model (exact or relaxed) User clocks x, y, z, are computed w.r.t. model time t Real-Time Engine clock x clock y clock z Platform clock t RT Clock

22 Implementability Problem: Given a platform, the synchronized model (exact or relaxed) may give traces (sequences of transitions) that are not in the model. 1. Using a faster processor solves the problem. OK 2. The model requires an infinite processor speed for executing correctly. not implementable with the considered semantics Formally, the model is implementable if there exists execution times ε i > 0 for transitions such that the set of traces of the synchronized model are included in the set of traces of the model.

23 Implementability (Examples 1/3) [ L x U ] delayable [ x = P ] delayable [ x P ] eager implementability: exact relaxed implementability: exact relaxed implementability: exact relaxed

24 Implementability (Examples 2/3) [ x P ] eager [ x P ] eager [ x 2 ] eager [ x = P ] eager [ x = P ] eager x:=0 [ x 3 ] eager implementability: implementability: implementability: exact relaxed exact relaxed exact relaxed

25 Implementability (Examples 3/3) p A q B p x := 0 q y := 0 [ x P ] eager f() [ y 2P ] eager g() x := 0 y := 0 x = 2ε+ε P0 f f +ε g y = 2P 0 2ε+ε P+ε+ε f +ε f g implementability: exact relaxed execution times of transitions: f() ε f g() ε g others ε

26 Outline 1. Introduction: (Timed) BIP Model 2. Computing Timed Interactions 3. Model Time vs Real-Time 4. Real-Time Scheduling Policy 5. Future Work Verimag

27 Computing Deadlines deadline(c,t) : deadline associated to constraint C, if the current value of the involved clock is T deadline([l t U] lazy,t) = + deadline([l t U] delayable,t) = max [L;U] [T;+ ] (with max = + ) deadline([l t U] eager,t) = min [L;U] [T;+ ] (with min = + ) deadline([l 1 t U 1 ] u1... [L N t U N ] un,t) = min deadline([l i t U i ] ui,t) Verimag 27

28 Computing Next Activation next(c,t) : next value of the involved clock for which C is enabled, if the current value of the clock is T next([l t U] urgency,t) = min [L;U] [T;+ ] (with min = + ) next([l 1 t U 1 ] u1... [L N t U N ] un,t) = min next([l i t U i ] ui,t) Verimag 28

29 Relaxed Sync. Implementation Engine() clk := 0 T := 0 /* reset platform clock */ /* logical time := 0 */ infinite_loop Legals := GetLegalInteractions() /* interactions and constraints */ if (Legals = ) break /* deadlock */ Legals := ApplyPriorities(Rules, Legals) /* restrict constraints with priorities*/ I := EDF_Scheduler(Legals, T) /* real-time scheduler */ D := deadline(i, T) /* deadline for I */ if ( D > T clk - T > MAX_DRIFT ) T := clk /* synchronize T and clk */ if ( D > T) break /* deadline is missed */ wait( t next(i, T ) ) /* wait for next activation of I */ T := next(i, T)) /* update logical time if needed */ execute(i) /* execute I */

30 Implementing EDF Scheduling Policy EDF_Scheduler(Legals, T) D := min I Legals deadline(i, T) return I such that deadline(i, T) = D EDF_ _Scheduler(Legals, T) D := min I Legals deadline(i, T) N := min I Legals next(i, T) if ( D N > ) /* enough time to execute non-urgent interactions */ return I such that next(i, T) =N else return I such that deadline(i, T) = D

31 5. Future Work BIP Toolchain: - a prototype of a (centralized) Real-Time BIP Engine has been done optimization of the Real-Time BIP Engine modification of the parser and the code generator Distributed implementation: distributed clocks (synchronizations)

32 Backup Verimag 32

33 Components = { A 1, A 2, A 1 } Clocks = { x, y } Ports = { p, q, r } Connectors 2 Ports = { C } BIP Model p C = { p, q, r } q p q 1 x 10 δ 3 y 5 ε A 1 A 2 A 3 r r Real-time: t Reals Reset function: last_reset_date : Clocks Reals x:=0 last_reset_date[x] = t 0 where t 0 is the current value of t At a given system state : Synced = { (p,x,[1;10],δ), (q,y,[3;5],ε), (r,-,-,-) } ε: eager δ: delayable λ: lazy ε > δ > λ Verimag 33

34 Clocks and Real-Time Constraints B 1 B 2 B 3 B n Engine Interactions Real-Time Engine Platform Event Handler Clock t p on p provided delayable x in [L;U] p on p provided delayable x in [L;U] Real-Time t Engine L = L + last_reset_date[x] U = U + last_reset_date[x] enabled test L t U Verimag 34

35 Components = { A 1, A 2, A 1 } Clocks = { x, y } Ports = { p, q, r } Connectors 2 Ports = { C } Timed BIP Model p C = { p, q, r } q p q 1 x 10 δ 3 y 5 ε A 1 A 2 A 3 r r Real-time: t Reals Reset function: last_reset_date : Clocks Reals x:=0 last_reset_date[x] = t 0 where t 0 is the current value of t At a given system state : Synced = { (p,x,[1;10],δ), (q,y,[3;5],ε), (r,-,-,-) } ε: eager δ: delayable λ: lazy ε > δ > λ Verimag 35

36 Platform clock: t (p,-,-,-) (p,t,[- ;+ ], λ) (p,x,[l;u],τ) (p,t,[l ;U ], τ) where Time Conversion Synced = { (p,x,[1;10],δ), (q,y,[3;5],ε), (r,-,-,-) } Synced = { (p,t,[1;10],δ), (q,t,[4;6],ε), (r,-,-,-) } if last_reset_date[x]=0 and last_reset_date[y]=1 L = L + last_reset_date[x] U = U + last_reset_date[x] C = { p, q, r } p q p q 1 x 10 δ 3 y 5 ε r r A 1 A 2 A 3 We write p Synced for (p,t,[l;u],τ) Synced p Synced untimed for (p,t,[- ;+ ],λ) Synced guard(p) for [L;U] if (p,t,[l;u],τ) Synced guard(p) for if p Synced τ(p) τ if for (p,t,[l;u],τ) Synced Verimag 36

37 Computing Legal Interactions 1. Strong Synchronization Let C Connectors such that C = { p 1,,p n } is a strong synchronization, i.e. C defines the set of interactions { { p 1,,p n } } For I = { p 1,,p n } we have (I,t,guard(I),τ) Legals iff: 1. I Synced 2. guard(i) = [t 0 ;+ ] p I guard(p) 3. guard(i) 4. τ = max p I τ(p) We have (I,t,guard(I),max τ j ) Legals iff: 1. I Synced 2. guard(i) = [L;U] where (p j,t,[l j ;U j ],τ j ) Synced and L = max j L j,t 0 U = min j U j 3. L U Verimag 37

38 Computing Legal Interactions 1. Strong Synchronization (example) p C = { p, q, r } q r p q 1 x 10 δ 3 y 5 ε r A 1 A 2 A 3 If Synced = { (p,t,[1;10],δ), (q,t,[4;6],ε), (r,t,[- ;+ ],λ) } and t 0 = 5 then Legals = { ({ p,q,r },t,[5;6],ε) } Verimag 38

39 Computing Legal Interactions 2. General Case Let C Connectors such that C = { p 1,,p n } C defines a set of interactions { I 1,,I m } For each I { I 1,,I m } we have (I,t,guard(I),τ) Legals iff: 1. Synced untimed I Synced 2. guard(i) = [t 0 ;+ ] p I guard(p) \ ( p C \ I guard(p)) 3. guard(i) 4. τ = max p I τ(p) Notice that guard(i) will be of the form guard(i) = [L 1 ;U 1 ]... [L N ;U N ] (we consider the discrete semantics for \) Verimag 39

40 Computing Legal Interactions 2. General Case (example) p C = { p, q, r } q r p q 1 x 10 δ 3 y 5 ε r A 1 A 2 A 3 Synced = { (p,t,[1;10],δ), (q,t,[9;11],ε), (r,t, [- ;+ ],λ) } (last_reset_date[x]=0, last_reset_date [y]=6) C defines the set of interactions { I 1,I 2,I 3,I 4 } such that, for t 0 = 1, we have: I 1 = { r } guard(i 1 ) = [t 0 ;+ ] \ ([1;10] [9;11]) (I 1,t, [12;+ ],λ) Legals I 2 = { r,p } guard(i 2 ) = [t 0 ;+ ] [1;10] \ [9;11] (I 2,t, [1;8],δ) Legals I 3 = { r,q } guard(i 3 ) = [t 0 ;+ ] [9;11] \ [1;10] (I 3,t, [11;11],ε) Legals I 4 = { r,p,q } guard(i 4 ) = [t 0 ;+ ] [1;10] [9;11] (I 4,t, [9;10],ε) Legals Verimag 40

41 Computing Priorities Applying priorities: Legals Legals Let I and I 1,I 2,, I n such that I < I i provided L i t U i then (I,t, guard (I), τ) Legals iff : 1. I Legals and for all i=1..n I i Legals 2. guard (I) = guard(i) \ ( i=1..n [L i ;U i ] guard(i i ) ) 3. guard (I) Verimag 41

42 Implementation (Clocks) class GlobalClock : Clock + time(),reset() + wait() + freeze(),go(),update() computed w.r.t. another clock or directly

43 Centralized Engine (Monothread) Engine() { T = new Clock(t); /* T: logical time, t: real-time, both freezed */ t.go(); /* start real-time */ while(true) { Synced = GetSyncedPorts(); /* list of synced ports */ Legals = GetLegalInteractions(Synced); /* list of legal interactions */ Legals = ApplyPriorities(Legals); /* priorities*/ I = EDF_Scheduler(Legals, T.time()); /* real-time scheduler */ if (I == NULL) break; /* deadlock */ if (SyncPoint(I, T.time(), t.time())) { old_time = T.time(); T.update(); /* synchronize logical time */ if (CheckDeadlineMiss(I, old_time, T.time())) break; } } T.wait(next(I, T.time())); /* wait for next activation of I */ I.execute(); /* execute I */ if (CheckForDeadlineMiss(I, T.time(), t.time())) break; } DeadlockOrDeadlineMiss();

44 Centralized Engine (Monothread) SyncPointExact(I, T, t) { return true; } CheckDeadlineMissExact(I, T, t) { if (deadline(i,t) < t) return true; else return false; } SyncPointRelaxed(I, T, t) { if (deadline(i,t) == T && t - T < MAX_DRIFT) return false; else return true; } CheckDeadlineMissRelaxed(I, T, t) { if (T < deadline(i,t) < t) return true; else return false; }

45 Implementation (Atom, Ports, ) class Atom class Compound + rt_sync() + rt_activate() class Port + constraint real-time constraint associated to the port by rt_sync() + rt_execute() class Connector + mfeasibleinter list of feasible interactions (depending on the real-time) + rt_execute() class Interaction + constraint associated real-time constraint + mnext next interaction in the list + rt_execute()

46 Planning BIP engine: Functionality Prototype Tested clocks guard and urgency connectors hierarchical connectors priorities real-time scheduler BIP tool chain: Functionality Prototype Tested parser code generator

47 Tick Implementation B 1 B 2 B 3 B n sync(tick) tick Interactions tick Engine Platform tick RT Clock Synchronous execution: inefficient engine connector tick all components Verimag 47

48 Standards Ports / Events Clock t Engine enabled test p on p N p =t 0 D p =+ N p t D p Clock t Engine enabled test Platform event p on p N p : minimal arrival time D p : deadline if present N p t D p Verimag 48

49 Real-Time Engine Implementation One engine for simulation and implementation In simulation mode, the real-time t is driven by the engine In execution mode, the real-time t is connected to the platform clock Application Software RT scheduling priorities policy (RT scheduling policy) priorities Engine Platform clocks x,y, clocks real- x,y, time t realtime t platform clock Simulation Execution Verimag 49

50 OASIS in BIP: control flow Clock c=0; body start { code1; advance(1); code2; advance(2); do { code3; advance(1); } while (condition); } provided c=1 code1; c=0; provided c=2 code3; c=0; provided c=1 code3; c=0;

51 OASIS in BIP: computation body start {... Y=f(X); advance(1);... } read Y=f(X) 1 write write read read_x write_y write read c=0; on read_x provided c=0 provided 0 c 1 Y=f(X) X on write_y provided c=1 c=0; Y

52 OASIS in BIP: coordination If the reader doesn t read old values of X, we store only the current value in X: X.X = W.X R.X = X.X int X write_x write read read_x int X int X on write on read on write_x on read_x W X R The priority rule write write_x > read read_x resolves conflicts when writing and reading are possible at the same time. W R

53 Simulation vs Implementation (2/2) B 1 B 2 B 3 B n Interactions Environment Engine Real-Time Engine Platform Event Handler event event Direct implementation: events are directly handled by the engine efficient active wait or interruption mechanisms standard interfaces Verimag 53

54 Simulation vs Implementation (1/2) sync() sync() B 1 B 2 B 3 B n Platform Environment Interactions Environment event event Engine Platform Simulation Implementation : the BIP by encapsulation: model contains the events environment are handled behavior into components the only platform active waits behavior (no interruption mechanisms) specific interfaces Verimag 54