Computing Needs Time

Similar documents
Temporal Semantics in Concurrent and Distributed Software

Embedded Tutorial CPS Foundations

Precision Timed (PRET) Machines

Beyond Embedded Systems: Integrating Computation, Networking, and Physical Dynamics

Synthesis of Distributed Real- Time Embedded Software

PTIDES: A Discrete-Event-Based Programming Model for Distributed Embedded Systems

Model-Based Design for Signal Processing Systems

Portable Real-Time Code from PTIDES Models

The Internet of Important Things

PREcision Timed (PRET) Architecture

Building Unreliable Systems out of Reliable Components: The Real Time Story

Actor-Oriented Design: Concurrent Models as Programs

Concurrency Demands New Foundations for Computing

The Case for the Precision Timed (PRET) Machine

Timing Analysis of Embedded Software for Families of Microarchitectures

Concurrent Semantics without the Notions of State or State Transitions

Predictable Timing of Cyber-Physical Systems Future Research Challenges

Component Architectures for Time-Sensitive Systems Part 1

Predictable Programming on a Precision Timed Architecture

C Code Generation from the Giotto Model of Computation to the PRET Architecture

Making Concurrency Mainstream

Future Directions. Edward A. Lee. Berkeley, CA May 12, A New Computational Platform: Ubiquitous Networked Embedded Systems. actuate.

Reconciling Repeatable Timing with Pipelining and Memory Hierarchy

Balance between Formal and Informal Methods, Engineering and Artistry, Evolution and Rebuild

Concurrent Component Patterns, Models of Computation, and Types

Disciplined Concurrent Models of Computation for Parallel Software

Component-Based Design of Embedded Control Systems

Modal Models in Ptolemy

Understandable Concurrency

Programming Languages for Real-Time Systems. LS 12, TU Dortmund

Embedded Software from Concurrent Component Models

Introduction to Embedded Systems

The Problem with Treads

Graphical System Design. David Fuller LabVIEW R&D Section Manager

Hardware/Software Co-design

Precision-Timed (PRET) Machines

Ptolemy II The automotive challenge problems version 4.1

Codesign Framework. Parts of this lecture are borrowed from lectures of Johan Lilius of TUCS and ASV/LL of UC Berkeley available in their web.

PTIDES: A Programming Model for Distributed Real- Time Embedded Systems

Compositionality in system design: interfaces everywhere! UC Berkeley

Introducing Embedded Systems: A Cyber- Physical Systems Approach

System Design and Methodology/ Embedded Systems Design (Modeling and Design of Embedded Systems)

Deterministic Execution of Ptides Programs

Single-Path Programming on a Chip-Multiprocessor System

From Ptides to PtidyOS, Designing Distributed Real- Time Embedded Systems

Actor-Oriented Design and The Ptolemy II framework

Towards Lab Based MOOCs: Embedded Systems, Robotics, and Beyond

Design and Analysis of Time-Critical Systems Introduction

PRET Compilation. Expose timing constructs. Hide machine dependent details. 1 Ptolemy II (using directors) and Modelyze (using embedded dominspecific

Traditional Approaches to Modeling

Concurrent Models of Computation

Precision Timed Infrastructure: Design Challenges

Predictable Processors for Mixed-Criticality Systems and Precision-Timed I/O

Review: Performance Latency vs. Throughput. Time (seconds/program) is performance measure Instructions Clock cycles Seconds.

Concurrent Models of Computation

Lecture 1: Introduction

The Future of the Ptolemy Project

Programming Embedded Systems

An Introduction to Lustre

Embedded Real-Time Systems

Specifications Part 1

Computer Architecture A Quantitative Approach, Fifth Edition. Chapter 2. Memory Hierarchy Design. Copyright 2012, Elsevier Inc. All rights reserved.

The Problem With Threads

CSE502 Graduate Computer Architecture. Lec 22 Goodbye to Computer Architecture and Review

A Time-Centric Model for Cyber-Physical Applications

Copyright 2012, Elsevier Inc. All rights reserved.

fakultät für informatik informatik 12 technische universität dortmund Specifications Peter Marwedel TU Dortmund, Informatik /11/15

What are Embedded Systems? Lecture 1 Introduction to Embedded Systems & Software

The IEEE 1588 Standard

IEEE-1588 STANDARD FOR A PRECISION CLOCK SYNCHRONIZATION PROTOCOL FOR NETWORKED MEASUREMENT AND CONTROL SYSTEMS

Design and Analysis of Time-Critical Systems Timing Predictability and Analyzability + Case Studies: PTARM and Kalray MPPA-256

Copyright 2012, Elsevier Inc. All rights reserved.

Computer Architecture. A Quantitative Approach, Fifth Edition. Chapter 2. Memory Hierarchy Design. Copyright 2012, Elsevier Inc. All rights reserved.

Component-Based Design of Embedded Control Systems

Computer and Hardware Architecture I. Benny Thörnberg Associate Professor in Electronics

Advanced Tool Architectures. Edited and Presented by Edward A. Lee, Co-PI UC Berkeley. Tool Projects. Chess Review May 10, 2004 Berkeley, CA

Computer Architecture!

Performance of Computer Systems. CSE 586 Computer Architecture. Review. ISA s (RISC, CISC, EPIC) Basic Pipeline Model.

Giotto Domain. 5.1 Introduction. 5.2 Using Giotto. Edward Lee Christoph Kirsch

ESE532: System-on-a-Chip Architecture. Today. Message. Real Time. Real-Time Tasks. Real-Time Guarantees. Real Time Demands Challenges

instruction fetch memory interface signal unit priority manager instruction decode stack register sets address PC2 PC3 PC4 instructions extern signals

Time-centric Models For Designing Embedded Cyberphysical

LabVIEW Based Embedded Design [First Report]

Specifications and Modeling

Precision Timed Machines

Concurrent Models of Computation

ECE 3055: Final Exam

SWE 760 Lecture 1: Introduction to Analysis & Design of Real-Time Embedded Systems

Voting Machines and Automotive Software: Explorations with SMT at Scale

Hybrid System Modeling: Operational Semantics Issues

CMSC 411 Computer Systems Architecture Lecture 13 Instruction Level Parallelism 6 (Limits to ILP & Threading)

Real-Time Component Software. slide credits: H. Kopetz, P. Puschner

PRET-C: A New Language for Programming Precision Timed Architectures (extended abstract)

Hardware Description Languages & System Description Languages Properties

Embedded Software Engineering

A PRIMITIVE EXECUTION MODEL FOR HETEROGENEOUS MODELING

Time-Awareness in the Internet of Things. ITSF 2014 Marc Weiss, NIST Consultant

CISC 662 Graduate Computer Architecture Lecture 13 - Limits of ILP

Design Process Overview. At Each Level of Abstraction. Design Phases. Design Phases James M. Bieman

Simulation of LET Models in Simulink and Ptolemy

Transcription:

Computing Needs Time Edward A. Lee Robert S. Pepper Distinguished Professor UC Berkeley Invited Talk: Distinguished Lecture Series on Cyber-Physical Systems Thanks to: Danica Chang David Culler Gage Eads Stephen Edwards John Eidson Jeff Jensen Sungjun Kim Isaac Liu Slobodan Matic Hiren Patel Jan Reineke Jia Zou Washington University St. Louis, MO, November 12, 2010

Abstract Cyber-Physical Systems (CPS) are integrations of computation and physical processes. Embedded computers and networks monitor and control the physical processes, usually with feedback loops where physical processes affect computations and vice versa. The prevailing abstractions used in computing, however, do not mesh well with the physical world. Most critically, software systems speak about the passage of time only very indirectly and in non-compositional ways. This talk examines the obstacles in software technologies that are impeding progress, and in particular raises the question of whether today's computing and networking technologies provide an adequate foundation for CPS. It argues that it will not be sufficient to improve design processes, raise the level of abstraction, or verify (formally or otherwise) designs that are built on today's abstractions. To realize the full potential of CPS, we will have to rebuild software abstractions. These abstractions will have to embrace physical dynamics and computation in a unified way. This talk will discuss research challenges and potential solutions, with particular focus on two projects at Berkeley, PRET (which is developing computer architectures with temporal semantics) and PTIDES (which provides a programming model for distributed real-time systems). Lee, Berkeley 2

Cyber-Physical Systems (CPS): Orchestrating networked computational resources with physical systems Automotive Building Systems Avionics Telecommunications Transportation (Air traffic control at SFO) E-Corner, Siemens Power generation and distribution Factory automation Instrumentation (Soleil Synchrotron) Military systems: Daimler-Chrysler Courtesy of General Electric Courtesy of Kuka Robotics Corp. Lee, Berkeley 3

CPS Example Printing Press Lee, Berkeley 4

Where CPS Differs from the traditional embedded software problem: The traditional embedded software problem: Embedded software is software on small computers. The technical problem is one of optimization (coping with limited resources). The CPS problem: Computation and networking integrated with physical processes. The technical problem is managing dynamics, time, and concurrency in networked computational + physical systems. Lee, Berkeley 5

Approaching the CPS Challenge Physicalizing the cyber (PtC): to endow software and network components with abstractions and interfaces that represent their physical properties, such as dynamics in time. Cyberizing the Physical (CtP): to endow physical subsystems with cyber-like abstractions and interfaces Lee, Berkeley 6

A Success Story The Boeing 777 was Boeing s first fly-by-wire aircraft. It is deployed, appears to be reliable, and is succeeding in the marketplace. Therefore, it must be a success. However Lee, Berkeley 7

A Success Story In fly by wire aircraft, certification of the software is extremely expensive. Regrettably, it is not the software that is certified but the entire system. If a manufacturer expects to produce a plane for 50 years, it needs a 50- year stockpile of fly-by-wire components that are all made from the same mask set on the same production line. Even a slight change or improvement might affect behavior and require the software to be re-certified. Lee, Berkeley 8

A Success Story Apparently, the software does not specify the behavior that was certified. Fly-by-wire is about controlling the dynamics of a physical system. It is not about the transformation of data, which is what Turing/Church computation does. Lee, Berkeley 9

A Key Challenge: Timing is not Part of Software Semantics Correct execution of a program in C, C#, Java, Haskell, etc. has nothing to do with how long it takes to do anything. All our computation and networking abstractions are built on this premise. Programmers have to step outside the programming abstractions to specify timing behavior. Lee, Berkeley 10

Techniques that Exploit this Fact i.e., many of the Programming languages innovations in Virtual memory CS over the last Caches 40 years. Dynamic dispatch Speculative execution Power management (voltage scaling) Memory management (garbage collection) Just-in-time (JIT) compilation Multitasking (threads and processes) Component technologies (OO design) Networking (TCP) Lee, Berkeley 11

The software does not specify the behavior. Consequences: Stockpiling for a product run Some systems vendors have to purchase up front the entire expected part requirements for an entire product run. Frozen designs Once certified, errors cannot be fixed and improvements cannot be made. Product families Difficult to maintain and evolve families of products together. It is difficult to adapt existing designs because small changes have big consequences Forced redesign A part becomes unavailable, forcing a redesign of the system. Lock in Cannot take advantage of cheaper or better parts. Risky in-field updates In the field updates can cause expensive failures. Lee, Berkeley 12

Abstraction Layers in Common Use The purpose of an abstraction is to hide details of the implementation below and provide a platform for design from above. Lee, Berkeley 13

Abstraction Layers in Common Use Every abstraction layer has failed in the fly-by-wire scenario. The design is the implementation. Lee, Berkeley 14

The Same Problem Arises in Networking The point of these abstraction layers is to isolate a system designer from the details of the implementation below, and to provide an abstraction for other system designers to build on. In today s networks, timing is a property that emerges from the details of the implementation, and is not included in the abstractions. Timing is a performance metric, not a correctness criterion. Lee, Berkeley 15

Abstraction Layers How about raising the level of abstraction to solve these problems? Lee, Berkeley 16

But these higher abstractions rely on an increasingly problematic fiction: WCET Example war story: Analysis of: Motorola ColdFire Two coupled pipelines (7-stage) Shared instruction & data cache Artificial example from Airbus Twelve independent tasks Simple control structures Cache/Pipeline interaction leads to large integer linear programming problem And the result is valid only for that exact Hardware and software! Fundamentally, the ISA of the processor has failed to provide an adequate abstraction. C. Ferdinand et al., Reliable and precise WCET determination for a real-life processor. EMSOFT 2001. Lee, Berkeley 17

The Key Problem Electronics technology delivers highly reliable and precise timing 20.000 MHz (± 100 ppm) and the overlaying software abstractions discard it. // Perform the convolution. for (int i=0; i<10; i++) { x[i] = a[i]*b[j-i]; // Notify listeners. notify(x[i]); } Lee, Berkeley 18

The Standard Practice Today: WCET Analysis Today, we augment the model with minute details of the realization. // Perform the convolution. for (int i=0; i<10; i++) { x[i] = a[i]*b[j-i]; // Notify listeners. notify(x[i]); } Model (not just application logic, but ISA, how the ISA is realized, what memory technology is used, how much memory of each kind, what I/O hardware is used, exact timing of inputs, etc.) We can do better! Realization Lee, Berkeley 19

Projects at Berkeley Time and concurrency in the core abstractions: Foundations: Timed computational semantics. Bottom up: Make timing repeatable. Top down: Timed, concurrent components. Holistic: Model engineering. Lee, Berkeley 20

PRET Machines PREcision-Timed processors = PRET Predictable, REpeatable Timing = PRET Performance with REpeatable Timing = PRET // Perform the convolution. for (int i=0; i<10; i++) { x[i] = a[i]*b[j-i]; // Notify listeners. notify(x[i]); } + = PRET Computing With time Lee, Berkeley 21

A Bottom Up Approach: Make Timing a Semantic Property of Computers Precision-Timed (PRET) Machines Just as we expect reliable logic operations, we should expect repeatable timing. Timing precision with performance: Challenges: ISAs with timing (deadline instructions?) Memory hierarchy (scratchpads?) Deep pipelines (interleaving?) Predictable memory management (Metronome?) Languages with timing (discrete events? Giotto?) Predictable concurrency (synchronous languages?) Composable timed components (actor-oriented?) Multicore PRET (conflict free networks on chip?) Precision networks (TTA? Time synchronization?) See S. Edwards and E. A. Lee, "The Case for the Precision Timed (PRET) Machine," in the Wild and Crazy Ideas Track of the Design Automation Conference (DAC), June 2007. Lee, Berkeley 22

Extending an ISA with Timing Instructions set_time r1, 1s // Code block delay_until r1 set_time r1, 1s // Code block branch_expired r1, <target> delay_until r1 set_time r1, 1s exception_on_expire r1, 1 // Code block deactivate_exception 1 delay_until r1 set_time r1, 1s // Code block MTFD r1 Lee, Berkeley 23

Other variations [V2]-[V4] could all have a variant that does not control the minimum execution time of the block of code, but only controls the maximum. set_time r1, 1s // Code block branch_expired r1, <target> delay_until r1 set_time r1, 1s exception_on_expire r1, 1 // Code block deactivate_exception 1 delay_until r1 Lee, Berkeley 24

Exporting the Timed Semantics to a Low-Level Language (like C) Example: tryin (500ms) { // Code block } catch { panic(); } jmp_buf buf; if (!setjmp(buf) ){ set_time r1, 500ms exception_on_expire r1, 0 // Code block deactivate_exception 0 } else { panic(); } exception_handler_0 () { longjmp(buf) } Lee, Berkeley 25

Summary of ISA extensions [V1] Execute a block of code taking at least a specified time [Ip & Edwards, 2006] [V2] Do [V1], and then conditionally branch if the specified time was exceeded. [V3] Do [V1], but if the specified time is exceeded during execution of the block, branch immediately to an exception handler. [V4] Execute a block of code taking exactly the specified time. MTFD Variants: For V2 V4, may not impose minimum execution time. Time may be literal (seconds) or abstract (cycles). Lee, Berkeley 26

A Bottom Up Approach: Make Timing a Semantic Property of Computers Make temporal behavior as important as logical function. Timing precision with performance: Challenges: ISAs with timing (repeatable instr. timing? deadline instructions?) Deep pipelines (interleaving?) Memory hierarchy (scratchpads? DRAM banks?) Predictable memory management (Metronome?) Languages with timing (discrete events? Giotto?) Predictable concurrency (synchronous languages?) Composable timed components (actor-oriented?) Multicore PRET (conflict-free routing?) Precision networks (TTA? Time synchronization?) Edwards and Lee, "The Case for the Precision Timed (PRET) Machine, Wild and Crazy Ideas Track, Design Automation Conference (DAC), June 2007. Lee, Berkeley 27

Pipelining Hennessey and Patterson, Computer Architecture: A Quantitative Approach, 4th edition, 2007. Lee, Berkeley 28

Pipeline Hazards Hennessey and Patterson, Computer Architecture: A Quantitative Approach, 4th edition, 2007. Lee, Berkeley 29

An Alternative: Pipeline Interleaving Traditional pipeline: Stall pipeline Thread-interleaved pipeline: Dependencies result in complex timing behaviors Repeatable timing behavior of instructions Lee, Berkeley 30

Pipeline Interleaving An old idea: 1960s: CDC 6600 Denelcore HEP... 2000s Sandbridge Sandblaster (John Glossner, et al.) XMOS (David May, et al.) Lee and Messerschmitt, Pipeline Interleaved Programmable DSPs, ASSP-35(9), 1987. There are various detractors. See Ungerer, T., B. Robic and J. Silc (2003). "A survey of processors with explicit multithreading." Computing Surveys 35(1): 29-63. Lee, Berkeley 31

Projects at Berkeley Time and concurrency in the core abstractions: Foundations: Timed computational semantics. Bottom up: Make timing repeatable. Top down: Timed, concurrent components. Holistic: Model engineering. Lee, Berkeley 32

A Top Down Approach: Make Timing a Semantic Property of Software Components PTIDES: Distributed execution under discrete-event semantics, with model time and real time bound at sensors and actuators. Output time stamps are real time Input time stamps are real time Input time stamps are real time Output time stamps are real time Messages are processed in timestamp order. Lee, Berkeley 33

First Test Case This device was designed by Jeff Jensen, now at National Instruments. Tunneling Ball Device sense ball track disk adjust trajectory Lee, Berkeley 34

Tunneling Ball Device in Action Lee, Berkeley 35

Tunneling Ball Device 10 rps Lee, Berkeley 36

Tunneling Ball Device Mixed event sequences Periodic Events Quasi Periodic Events Sporadic Events Lee, Berkeley 37

Second Test Case: Distributed Synchrophasor Measurement & Control Power swing and Unstability detection Thanks to Vaselin Skendzic, Schweitzer Engineering Lee, Berkeley 38

Experiment Diagram Grid emulator built with National Instruments PXI Primary Measurement Unit (PMU) built with Renesas demo boards with DP83640 Ethernet bridge or 1588 boundary/transparent clock Synchrophasor Vector Processing unit (SVP) built with Renesas demo board with DP83640 Thanks to Vaselin Skendzic, Schweitzer Engineering Lee, Berkeley 39

Distributed PTIDES Relies on Network Time Synchronization with Bounded Error Press Release October 1, 2007 This may become routine! With this PHY, clocks on a LAN agree on the current time of day to within 8ns, far more precise than older techniques like NTP. A question we are addressing at Berkeley: How does this change how we develop distributed CPS software? Lee, Berkeley 40

An Extreme Example: The Large Hadron Collider The WhiteRabbit project at CERN is synchronizing the clocks of computers 10 km apart to within about 80 psec using a combination of IEEE 1588 PTP and synchronous ethernet. Lee, Berkeley 41

More Generally than PTIDES: Rethinking Software Components to Admit Time. Object Oriented vs. Actor Oriented The established: Object-oriented: class name data methods What flows through an object is sequential control call return Things happen to objects The alternative: Actor oriented: actor name data (state) parameters ports Actors make things happen What flows through an object is evolving data Input data Output data Lee, Berkeley 42

Examples of Actor-Oriented Systems UML 2 and SysML (activity diagrams) ASCET (time periods, interrupts, priorities, preemption, shared variables ) Autosar (software components w/ sender/receiver interfaces) Simulink (continuous time, The MathWorks) The semantics of LabVIEW (structured dataflow, National Instruments) these differ SCADE (synchronous, based on Lustre and Esterel) considerably in their CORBA event service (distributed push-pull) approaches to ROOM and UML-2 (dataflow, Rational, IBM) concurrency and time. Some are loose VHDL, Verilog (discrete events, Cadence, Synopsys,...) (ambiguous) and Modelica (continuous time, constraint-based, Linkoping) some rigorous. Some OPNET (discrete events, Opnet Technologies) are strongly actororiented, while some SDL (process networks) Occam (rendezvous) retain much of the flavor (and flaws) of SPW (synchronous dataflow, Cadence, CoWare) threads. Lee, Berkeley 43

Ptolemy II: Our Laboratory for Experiments with Actor-Oriented Design Programs are specified as actor-oriented models, and software is synthesized from these models. Director from a library defines component interaction semantics Software component library. Visual editor for composing components Modern type system for component interfaces Lee, Berkeley 44

Conclusions Today, timing is a property only of realizations of computational systems. Tomorrow, timing will be a semantic property of computational models. Raffaello Sanzio da Urbino The Athens School Lee, Berkeley 45

The Ptolemy Pteam John Eidson Jia Zou Edward Lee Jackie Mankit Leung Ben Lickly Thomas Mandl Elefterios Matsikoudis Isaac Liu Thomas Huining Feng Jeff Jensen Shanna- Shaye Forbes Yasemin Demir Christopher Brooks Bert Rodiers Hiren Patel Lee, Berkeley 46

New Text: Lee & Seshia: Introduction to Embedded Systems - A Cyber-Physical Systems Approach http://leeseshia.org/ This book strives to identify and introduce the durable intellectual ideas of embedded systems as a technology and as a subject of study. The emphasis is on modeling, design, and analysis of cyber-physical systems, which integrate computing, networking, and physical processes. Lee, Berkeley 47

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback