Specifications and Modeling

Similar documents
fakultät für informatik informatik 12 technische universität dortmund Specifications Peter Marwedel TU Dortmund, Informatik /11/15

Specifications and Modeling

EC-821 Advanced Embedded Systems (3+0)

Models of computation

Hardware Software Codesign

EE382N.23: Embedded System Design and Modeling

Imperative model of computation

Specifications Part 1

fakultät für informatik informatik 12 technische universität dortmund Data flow models Peter Marwedel TU Dortmund, Informatik /10/08

EE382V: Embedded System Design and Modeling

Concurrent Semantics without the Notions of State or State Transitions

Understandable Concurrency

SDL. Jian-Jia Chen (slides are based on Peter Marwedel) TU Dortmund, Informatik 年 10 月 18 日. technische universität dortmund

Concurrency Demands New Foundations for Computing

Lecture 2: Models of Computation

Imperative model of computation

Imperative model of computation

FSMs & message passing: SDL

Making Concurrency Mainstream

Disciplined Concurrent Models of Computation for Parallel Software

Comparison of models. Peter Marwedel Informatik 12, TU Dortmund, Germany 2010/11/07. technische universität dortmund

fakultät für informatik informatik 12 technische universität dortmund Modeling levels Peter Marwedel TU Dortmund, Informatik /11/07

Introduction to Embedded Systems

Specifications Part 2

Discrete Event Models

Embedded Systems CS - ES

Model-based Embedded Systems Design - Introduction, Motivation

Early design phases. Peter Marwedel TU Dortmund, Informatik /10/11. technische universität dortmund. fakultät für informatik informatik 12

Discrete Event Models

Embedded Systems 7. Models of computation for embedded systems

Concurrent Models of Computation

The Problem with Threads

The Problem With Threads

The Problem with Treads

Specifications Part 3

Petri Nets ee249 Fall 2000

CS 310 Embedded Computer Systems DESIGN

Embedded & Real-time Operating Systems Communication Libraries

Hardware Description Languages & System Description Languages Properties

Concurrent Models of Computation

Implementation of Process Networks in Java

Discrete Event Models

Hardware Description Languages & System Description Languages Properties

Hybrid System Modeling: Operational Semantics Issues

Concurrent Models of Computation

Performance Throughput Utilization of system resources

CS 2112 Lecture 20 Synchronization 5 April 2012 Lecturer: Andrew Myers

Programming Languages for Real-Time Systems. LS 12, TU Dortmund

Last Time. Introduction to Design Languages. Syntax, Semantics, and Model. This Time. Syntax. Computational Model. Introduction to the class

Hierarchical FSMs with Multiple CMs

Interaction Testing! Chapter 15!!

CSE 451: Operating Systems Winter Lecture 7 Synchronization. Steve Gribble. Synchronization. Threads cooperate in multithreaded programs

Middleware. Peter Marwedel TU Dortmund, Informatik 12 Germany. Graphics: Alexandra Nolte, Gesine

Synchronization I. Jo, Heeseung

Models of concurrency & synchronization algorithms

2.c Concurrency Mutual exclusion & synchronization mutexes. Unbounded buffer, 1 producer, N consumers

Concurrent Models of Computation

CS 571 Operating Systems. Midterm Review. Angelos Stavrou, George Mason University

Petri Nets. Petri Nets. Petri Net Example. Systems are specified as a directed bipartite graph. The two kinds of nodes in the graph:

Fundamental Algorithms for System Modeling, Analysis, and Optimization

TKT-1527 Digital System Design Issues Tero Arpinen. Introduction to SoC modeling and Models of Computation

Concept of a process

EECS 144/244: Fundamental Algorithms for System Modeling, Analysis, and Optimization

Concurrency Control. Synchronization. Brief Preview of Scheduling. Motivating Example. Motivating Example (Cont d) Interleaved Schedules

A Simple Example. The Synchronous Language Esterel. A First Try: An FSM. The Esterel Version. The Esterel Version. The Esterel Version

Interaction Testing. Chapter 15

A DEVS LIBRARY FOR LAYERED QUEUING NETWORKS

The Future of the Ptolemy Project

CSE 451: Operating Systems Winter Lecture 7 Synchronization. Hank Levy 412 Sieg Hall

Algorithmic Verification. Algorithmic Verification. Model checking. Algorithmic verification. The software crisis (and hardware as well)

CSE Traditional Operating Systems deal with typical system software designed to be:

Midterm Exam. October 20th, Thursday NSC

Midterm Exam #2 Solutions October 25, 2016 CS162 Operating Systems

Hardware-Software Codesign. 6. System Simulation

Codesign Framework. Parts of this lecture are borrowed from lectures of Johan Lilius of TUCS and ASV/LL of UC Berkeley available in their web.

Outline. Petri nets. Introduction Examples Properties Analysis techniques. 1 EE249Fall04

Building Synchronous DataFlow graphs with UML & MARTE/CCSL

Multitasking / Multithreading system Supports multiple tasks

CMSC 132: Object-Oriented Programming II

Embedded Software Programming

Curriculum 2013 Knowledge Units Pertaining to PDC

CSC Operating Systems Spring Lecture - XII Midterm Review. Tevfik Ko!ar. Louisiana State University. March 4 th, 2008.

CS 153 Design of Operating Systems Winter 2016

Warm-up question (CS 261 review) What is the primary difference between processes and threads from a developer s perspective?

Ptolemy II The automotive challenge problems version 4.1

Coordination Principles

DESIGN AND SIMULATION OF HETEROGENEOUS CONTROL SYSTEMS USING PTOLEMY II

PROCESS SYNCHRONIZATION

CS 450 Exam 2 Mon. 4/11/2016

EE382N.23: Embedded System Design and Modeling

Distributed Systems Programming (F21DS1) Formal Verification

Introduction to Real-Time Operating Systems

Embedded Tutorial CPS Foundations

CS 471 Operating Systems. Yue Cheng. George Mason University Fall 2017

Embedded Systems 8. Identifying, modeling and documenting how data moves around an information system. Dataflow modeling examines

Applying Models of Computation to OpenCL Pipes for FPGA Computing. Nachiket Kapre + Hiren Patel

Modal Models in Ptolemy

Fall 2015 COMP Operating Systems. Lab 06

Introduction to Embedded Systems

Operating Systems. Designed and Presented by Dr. Ayman Elshenawy Elsefy

Transcription:

12 Specifications and Modeling Peter Marwedel TU Dortmund, Informatik 12 2009/10/20 Graphics: Alexandra Nolte, Gesine Marwedel, 2003

Structure of this course 2: Specification Design repository Design Application Knowledge 3: ES-hardware 4: system software (RTOS, middleware, ) 6: Application mapping 7: Optimization 5: Validation & Evaluation (energy, cost, performance, ) 8: Test Numbers denote sequence of chapters 12, 2009-2 -

Motivation for considering specs Why considering specs? If something is wrong with the specs, then it will be difficult to get the design right, potentially wasting a lot of time. time Typically, we work with models of the system under design (SUD) What is a model anyway? 12, 2009-3 -

Models Definition: A model is a simplification of another entity, which can be a physical thing or another model. The model contains exactly those characteristics and properties of the modeled entity that are relevant for a given task. A model is minimal with respect to a task if it does not contain any other characteristics than those relevant for the task. [Jantsch, 2004]: Which requirements do we have for our models? 12, 2009-4 -

Requirements for specification techniques: Hierarchy Hierarchy Humans not capable to understand systems containing more than ~5 objects. Most actual systems require more objects Hierarchy Behavioral hierarchy Examples: states, processes, procedures. Structural hierarchy Examples: processors, racks, printed circuit boards proc proc proc 12, 2009-5 -

Requirements for specification techniques (2): Component-based design Systems must be designed from components Must be easy to derive behavior from behavior of subsystems Work of Sifakis, Thiele, Ernst, 12, 2009-6 -

Requirements for specification techniques (3): Concurrency, Synchronization and communication Concurrency Synchronization and communication 12, 2009-7 -

Requirements for specification techniques (4): Timing Timing behavior Essential for embedded and cy-phy systems! Additional information (periods, dependences, scenarios, use cases) welcome Also, the speed of the underlying platform must be known Far-reaching consequences for design processes! The lack of timing in the core abstraction (of computer science) is a flaw, from the perspective of embedded software [Lee, 2005] 12, 2009-8 -

Requirements for specification techniques (4): Timing (2) 4 types of timing specs required, according to Burns, 1990: 1. Measure elapsed time Check, how much time has elapsed since last call? execute t 2. Means for delaying processes t 12, 2009-9 -

Requirements for specification techniques (4) Timing (3) 3. Possibility to specify timeouts Stay in a certain state a maximum time. 4. Methods for specifying deadlines Not available or in separate control file. execute t 12, 2009-10 -

Specification of embedded systems (5): Support for designing reactive systems State-oriented behavior Required for reactive systems; classical automata insufficient. Event-handling (external or internal events) Exception-oriented behavior Not acceptable to describe exceptions for every state We will see, how all the arrows labeled k can be replaced by a single one. 12, 2009-11 -

Requirements for specification techniques (6) Presence of programming elements Executability (no algebraic specification) Support for the design of large systems ( OO) Domain-specific support Readability Portability and flexibility Termination Support for non-standard I/O devices Non-functional properties Support for the design of dependable systems Unambiguous semantics,... No obstacles for efficient implementation Adequate model of computation 12, 2009-12 -

Appropriate model of computation (MoC): Von Neumann languages do not match well with requirements for embedded system design: lack of facilities for describing timing are a source of problems: potential deadlocks, undecidability of termination, poor communication facilities let s have a look at an example! 12, 2009-13 -

Problems with von Neumann Computing Thread-based multiprocessing may access global variables We know from the theory of operating systems that access to global variables might lead to race conditions To avoid these, we need to use mutual exclusion. Mutual exclusion may lead to deadlocks. Avoiding deadlocks is possible only if we accept performance penalties. 12, 2009-14 -

Consider a Simple Example The Observer pattern defines a one-to-many dependency between a subject object and any number of observer objects so that when the subject object changes state, all its observer objects are notified and updated automatically. Eric Gamman Richard Helm, Ralph Johnson, John Vlissides: Design Patterns, Addision- Wesley, 1995 12, 2009 Edward Lee, Berkeley, Artemis Conference, Graz, 2007-15 -

Example: Observer Pattern in Java public void addlistener(listener) { } public void setvalue(newvalue) { myvalue=newvalue; for (int i=0; i<mylisteners.length; i++) { mylisteners[i].valuechanged(newvalue) } } Will this work in a multithreaded context? Thanks to Mark S. Miller for the details of this example. 12, 2009 Edward Lee, Berkeley, Artemis Conference, Graz, 2007-16 -

Example: Observer Pattern with Mutual Exclusion (mutexes) public synchronized void addlistener(listener) { } public synchronized void setvalue(newvalue) { } myvalue=newvalue; for (int i=0; i<mylisteners.length; i++) { } mylisteners[i].valuechanged(newvalue) Javasoft recommends against this. What s wrong with it? 12, 2009 Edward Lee, Berkeley, Artemis Conference, Graz, 2007-17 -

Mutexes using monitors are minefields public synchronized void addlistener(listener) { } public synchronized void setvalue(newvalue) { } myvalue=newvalue; for (int i=0; i<mylisteners.length; i++) { } mylisteners[i].valuechanged(newvalue) x calls addlistener mutex valuechanged requests lock valuechanged() may attempt to acquire a lock on some other object and stall. If the holder of that lock calls addlistener(): deadlock! held by x 12, 2009 Edward Lee, Berkeley, Artemis Conference, Graz, 2007-18 -

Simple Observer Pattern Becomes not so simple public synchronized void addlistener(listener) { } public void setvalue(newvalue) { } synchronized (this) { } myvalue=newvalue; listeners=mylisteners.clone(); for (int i=0; i<listeners.length; i++) { listeners[i].valuechanged(newvalue) } This still isn t right. What s wrong with it? while holding lock, make a copy of listeners to avoid race conditions notify each listener outside of the synchronized block to avoid deadlock 12, 2009 Edward Lee, Berkeley, Artemis Conference, Graz, 2007-19 -

Simple Observer Pattern: How to Make it Right? public synchronized void addlistener(listener) { } public void setvalue(newvalue) { synchronized (this) { myvalue=newvalue; listeners=mylisteners.clone(); } for (int i=0; i<listeners.length; i++) { listeners[i].valuechanged(newvalue) } } Suppose two threads call setvalue(). One of them will set the value last, leaving that value in the object, but listeners may be notified in the opposite order. The listeners may be alerted to the value-changes in the wrong order! 12, 2009 Edward Lee, Berkeley, Artemis Conference, Graz, 2007-20 -

What it Feels Like to Use the synchronized Keyword in Java 12, 2009 Edward Lee, Berkeley, Artemis Conference, Graz, 2007-21 -

Succinct Problem Statement Threads are wildly nondeterministic. The programmer s job is to prune away the nondeterminism by imposing constraints on execution order (e.g., mutexes). 12, 2009 Edward Lee, Berkeley, Artemis Conference, Graz, 2007-22 -

A stake in the ground Nontrivial software written with threads, semaphores, and mutexes is incomprehensible to humans. 12, 2009 Edward Lee, Berkeley, Artemis Conference, Graz, 2007-23 -

Problems with thread-based concurrency threads as a concurrency model are a poor match for embedded systems. they work well only where best-effort scheduling policies are sufficient. Edward Lee: Absolutely Positively on Time, IEEE Computer, July, 2005 12, 2009-24 -

Problems with classical CS theory and von Neumann computing Even the core notion of computable is at odds with the requirements of embedded software. In this notion, useful computation terminates, but termination is undecidable. In embedded software, termination is failure, and yet to get predictable timing, subcomputations must decidably terminate. What is needed is nearly a reinvention of computer science. Edward A. Lee: Absolutely Positively on Time, IEEE Computer, July, 2005 Search for non-thread-based, non-von-neumann MoCs; which are the requirements for specification techniques? 12, 2009-25 -

Models of computation - Definition - What does it mean, to compute? Models of computation define: Components and an execution model for computations for each component Communication model for exchange of information between components. C-1 C-2 12, 2009-26 -

Dependence graph Definition Sequence constraint Nodes could be be programs or or simple operations Def.: A dependence graph is a directed graph G=(V,E) in which E V V is a partial order. If (v1, v2) E, then v1 is called an immediate predecessor of v2 and v2 is called an immediate successor of v1. Suppose E* is the transitive closure of E. If (v1, v2) E*, then v1 is called a predecessor of v2 and v2 is called a successor of v1. 12, 2009-27 -

Dependence graph Timing information Dependence graphs may contain additional information, for example: Timing information Arrival time deadline ] 12, 2009-28 -

Dependence graph I/O-information 12, 2009-29 -

Dependence graph Shared resources 12, 2009-30 -

Dependence graph Periodic schedules A job is single execution of the dependence graph Periodic dependence graphs are infinite 12, 2009-31 -

Dependence graph Hierarchical task graphs 12, 2009-32 -

Models of communication Shared memory Comp-1 memory Comp-2 Variables accessible to several tasks. Model is useful only for local systems. 12, 2009-33 -

Shared memory Potential race conditions ( inconsistent results possible) Critical sections = sections at which exclusive access to resource r (e.g. shared memory) must be guaranteed. process a {.. P(S) //obtain lock.. // critical section V(S) //release lock } process b {.. P(S) //obtain lock.. // critical section V(S) //release lock } Race-free access to shared memory protected by S possible This model may be supported by: mutual exclusion for critical sections cache coherency protocols 12, 2009-34 -

Non-blocking/asynchronous message passing Sender does not have to wait until message has arrived; potential problem: buffer overflow send () receive () 12, 2009-35 -

Blocking/synchronous message passing rendez-vous Sender will wait until receiver has received message send () receive () 12, 2009-36 -

Extended rendez-vous Explicit acknowledge from receiver required. Receiver can do checking before sending acknowledgement. send () receive () ack 12, 2009-37 -

Organization of computations within the components (1) Von Neumann model Sequential execution, program memory etc. Discrete event model a b c 56 7 8 queue 5 10 13 15 19 a:=5 b:=7 c:=8 a:=6 a:=9 time action 12, 2009-38 -

Organization of computations within the components (2) Finite state machines Differential equations 2 x 2 = t b 12, 2009-39 -

Models of computation considered in this course Communication/ local computations Undefined components Communicating finite state machines Shared memory StateCharts Message passing Synchronous Asynchronous Plain text, use cases (Message) sequence charts SDL Data flow (Not useful) Kahn networks, SDF Petri nets C/E nets, P/T nets, Discrete event (DE) model VHDL, Verilog, SystemC, Only experimental systems, e.g. distributed DE in Ptolemy Von Neumann model C, C++, Java C, C++, Java with libraries CSP, ADA 12, 2009-40 -

Combined models - languages presented later in this chapter - SDL FSM+asynchronous message passing StateCharts FSM+shared memory CSP, ADA von Neumann execution+synchronous message passing. See also Work by Edward A. Lee, UCB Axel Jantsch: Modeling Embedded Systems and Soc's: Concurrency and Time in Models of Computation, Morgan-Kaufman, 2004 12, 2009-41 -

Ptolemy Ptolemy (UC Berkeley) is an environment for simulating multiple models of computation. http://ptolemy.berkeley.edu/ Available examples are restricted to a subset of the supported models of computation. Newton s craddle 12, 2009 Ptolemy simulations - 42 -

Facing reality No language that meets all language requirements using compromises 12, 2009-43 -

Summary Search for other models of computation = models of components - finite state machines (FSMs) - data flow,. models for communication - Shared memory - Message passing 12, 2009-44 -

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback