Beyond Embedded Systems: Integrating Computation, Networking, and Physical Dynamics

Similar documents
Embedded Tutorial CPS Foundations

Temporal Semantics in Concurrent and Distributed Software

Model-Based Design for Signal Processing Systems

Computing Needs Time

Component Architectures for Time-Sensitive Systems Part 1

Building Unreliable Systems out of Reliable Components: The Real Time Story

Concurrency Demands New Foundations for Computing

PTIDES: A Discrete-Event-Based Programming Model for Distributed Embedded Systems

Actor-Oriented Design: Concurrent Models as Programs

Making Concurrency Mainstream

Concurrent Semantics without the Notions of State or State Transitions

Synthesis of Distributed Real- Time Embedded Software

Future Directions. Edward A. Lee. Berkeley, CA May 12, A New Computational Platform: Ubiquitous Networked Embedded Systems. actuate.

Portable Real-Time Code from PTIDES Models

Precision Timed (PRET) Machines

Modal Models in Ptolemy

Advanced Tool Architectures. Edited and Presented by Edward A. Lee, Co-PI UC Berkeley. Tool Projects. Chess Review May 10, 2004 Berkeley, CA

Disciplined Concurrent Models of Computation for Parallel Software

C Code Generation from the Giotto Model of Computation to the PRET Architecture

Model-Based Design in the Ptolemy Project

Embedded Software from Concurrent Component Models

The Case for the Precision Timed (PRET) Machine

Predictable Timing of Cyber-Physical Systems Future Research Challenges

Classes and Inheritance in Actor- Oriented Models

Concurrent Component Patterns, Models of Computation, and Types

Understandable Concurrency

Concurrent Models of Computation

The Problem With Threads

Hybrid System Modeling: Operational Semantics Issues

Graphical System Design. David Fuller LabVIEW R&D Section Manager

Component-Based Design of Embedded Control Systems

Compositionality in system design: interfaces everywhere! UC Berkeley

Process-Based Software Components Final Mobies Presentation

The Internet of Important Things

Component-Based Design of Embedded Control Systems

Ptolemy II The automotive challenge problems version 4.1

Programming Languages for Real-Time Systems. LS 12, TU Dortmund

PTIDES: A Programming Model for Distributed Real- Time Embedded Systems

The Problem with Treads

Concurrent Models of Computation

From Ptides to PtidyOS, Designing Distributed Real- Time Embedded Systems

PREcision Timed (PRET) Architecture

Simulation of LET Models in Simulink and Ptolemy

Balance between Formal and Informal Methods, Engineering and Artistry, Evolution and Rebuild

The Future of the Ptolemy Project

Introduction to Embedded Systems

Interface Automata and Actif Actors

Actor-Oriented Design and The Ptolemy II framework

Predictable Programming on a Precision Timed Architecture

fakultät für informatik informatik 12 technische universität dortmund Specifications Peter Marwedel TU Dortmund, Informatik /11/15

Specifications Part 1

By: Chaitanya Settaluri Devendra Kalia

Imperative model of computation

Course Development. Recall the Goal. Edited and Presented by Edward A. Lee, Co-PI UC Berkeley. Chess Review November 18, 2004 Berkeley, CA

Scalable Semantic Annotation using Lattice-based Ontologies

Timing Analysis of Embedded Software for Families of Microarchitectures

Specifications and Modeling

Discrete-Event Modeling and Design of Embedded Software

Software Synthesis from Dataflow Models for G and LabVIEW

An Overview of the Ptolemy Project and Actor-Oriented Design

Giotto Domain. 5.1 Introduction. 5.2 Using Giotto. Edward Lee Christoph Kirsch

Modeling and Simulating Discrete Event Systems in Metropolis

Codesign Framework. Parts of this lecture are borrowed from lectures of Johan Lilius of TUCS and ASV/LL of UC Berkeley available in their web.

Deterministic Execution of Ptides Programs

Introducing Embedded Systems: A Cyber- Physical Systems Approach

AMAJOR impediment to further progress in modeling

Design of Embedded Systems: Formal Models, Validation, and Synthesis

The Problem with Threads

Concurrent Models of Computation for Embedded Software

Advanced Tool Architectures

DESIGN AND SIMULATION OF HETEROGENEOUS CONTROL SYSTEMS USING PTOLEMY II

Flight Systems are Cyber-Physical Systems

SWE 760 Lecture 1: Introduction to Analysis & Design of Real-Time Embedded Systems

From synchronous models to distributed, asynchronous architectures

A PRIMITIVE EXECUTION MODEL FOR HETEROGENEOUS MODELING

EECS 144/244: Fundamental Algorithms for System Modeling, Analysis, and Optimization

Hardware/Software Co-design

Simulink/Stateflow. June 2008

ThreadedComposite: A Mechanism for Building Concurrent and Parallel Ptolemy II Models

Integration of OpenModelica in Ptolemy II

A Time-Centric Model for Cyber-Physical Applications

Actor-oriented Metaprogramming. Stephen Andrew Neuendorffer

The Ptolemy Project. Modeling and Design of Reactive Systems. Presenter: Praveen Murthy, PhD Postdoc and Presenter

Embedded Software Engineering

Embedded Real-Time Systems

System Design and Methodology/ Embedded Systems Design (Modeling and Design of Embedded Systems)

An Overview of the Ptolemy Project. Organizational

Reconciling Repeatable Timing with Pipelining and Memory Hierarchy

The Internet of Things and Factory of Future

EE382N.23: Embedded System Design and Modeling

The Gigascale Silicon Research Center

Process-Based Software Components. Subcontractors and Collaborators

Integrated Design and Analysis Tools for Software Based Control Systems

Classes and Subclasses in Actor-Oriented Design

Real-time C Code Generation in Ptolemy II for the Giotto Model of Computation

Towards Lab Based MOOCs: Embedded Systems, Robotics, and Beyond

Achieving Predictable Multicore Execution of Automotive Applications Using the LET Paradigm

Hierarchical FSMs with Multiple CMs

The Ptolemy II Framework for Visual Languages

Precision-Timed (PRET) Machines

Transcription:

Beyond Embedded Systems: Integrating Computation, Networking, and Physical Dynamics Edward A. Lee Robert S. Pepper Distinguished Professor UC Berkeley Invited Keynote Talk ACM SIGPLAN/SIGBED 2009 Conference on Languages, Compilers, and Tools for Embedded Systems (LCTES) Dublin, Ireland June 19-20, 2009

Context of my work: Chess: Center for Hybrid and Embedded Software Systems Board of Directors Edward A. Lee Alberto Sangiovanni-Vincentelli Shankar Sastry Claire Tomlin Executive Director Christopher Brooks Other key faculty at Berkeley Dave Auslander Ruzena Bajcsy Raz Bodik Karl Hedrick Kurt Keutzer George Necula Masayoshi Tomizuka Pravin Varaiya Some Research Projects Precision-timed (PRET) machines Distributed real-time computing Systems of systems Theoretical foundations of CPS Hybrid systems Design technologies Verification Intelligent control Modeling and simulation This center, founded in 2002, blends systems theorists and application domain experts with software technologists and computer scientists. Applications Building systems Automotive Synthetic biology Medical systems Instrumentation Factory automation Avionics Lee, Berkeley 2

Cyber-Physical Systems (CPS): Orchestrating networked computational resources with physical systems Automotive Building Systems Avionics Telecommunications Transportation (Air traffic control at SFO) E-Corner, Siemens Power generation and distribution Factory automation Instrumentation (Soleil Synchrotron) Military systems: Daimler-Chrysler Courtesy of General Electric Courtesy of Kuka Robotics Corp. Lee, Berkeley 3

CPS Example Printing Press Lee, Berkeley 4

Where CPS Differs from the traditional embedded systems problem: The traditional embedded systems problem: Embedded software is software on small computers. The technical problem is one of optimization (coping with limited resources). The CPS problem: Computation and networking integrated with physical processes. The technical problem is managing dynamics, time, and concurrency in networked computational + physical systems. Lee, Berkeley 5

CPS is Multidisciplinary Computer Science: Carefully abstracts the physical world System Theory: Deals directly with physical quantities Cyber Physical Systems: Computational + Physical Lee, Berkeley 6

A Key Challenge Models for the physical world and for computation diverge. physical: time continuum, ODEs, DAEs, PDEs, dynamics computational: a procedural epistemology, logic There is a huge cultural gap. Physical system models must be viewed as semantic frameworks, and theories of computation must be viewed as alternative ways of talking about dynamics. Lee, Berkeley 7

First Challenge on the Cyber Side: Real-Time Software Correct execution of a program in C, C#, Java, Haskell, etc. has nothing to do with how long it takes to do anything. All our computation and networking abstractions are built on this premise. Timing of programs is not repeatable, except at very coarse granularity. Programmers have to step outside the programming abstractions to specify timing behavior. Lee, Berkeley 8

Techniques that Exploit this Fact Programming languages Virtual memory Caches Dynamic dispatch Speculative execution Power management (voltage scaling) Memory management (garbage collection) Just-in-time (JIT) compilation Multitasking (threads and processes) Component technologies (OO design) Networking (TCP) Lee, Berkeley 9

A Story In fly by wire aircraft, certification of the software is extremely expensive. Regrettably, it is not the software that is certified but the entire system. If a manufacturer expects to produce a plane for 50 years, it needs a 50-year stockpile of fly-by-wire components that are all made from the same mask set on the same production line. Even a slight change or improvement might affect timing and require the software to be recertified. Lee, Berkeley 10

Consequences Stockpiling for a product run Some systems vendors have to purchase up front the entire expected part requirements for an entire product run. Frozen designs Once certified, errors cannot be fixed and improvements cannot be made. Product families Difficult to maintain and evolve families of products together. It is difficult to adapt existing designs because small changes have big consequences Forced redesign A part becomes unavailable, forcing a redesign of the system. Lock in Cannot take advantage of cheaper or better parts. Risky in-field updates In the field updates can cause expensive failures. Lee, Berkeley 11

Abstraction Layers The purpose for an abstraction is to hide details of the implementation below and provide a platform for design from above. Lee, Berkeley 12

Abstraction Layers Every abstraction layer has failed for real-time programs. The design is the implementation. Lee, Berkeley 13

Abstraction Layers How about raising the level of abstraction to solve these problems? Lee, Berkeley 14

Example war story: But these higher abstractions rely on an increasingly problematic fiction: WCET Analysis of: Motorola ColdFire Two coupled pipelines (7-stage) Shared instruction & data cache Artificial example from Airbus Twelve independent tasks Simple control structures Cache/Pipeline interaction leads to large integer linear programming problem And the result is valid only for that exact Hardware and software! Fundamentally, the ISA of the processor has failed to provide an adequate abstraction. C. Ferdinand et al., Reliable and precise WCET determination for a real-life processor. EMSOFT 2001. Lee, Berkeley 15

The Key Problem Electronics technology delivers highly reliable and precise timing 20.000 MHz (± 100 ppm) and the overlaying software abstractions discard it. Lee, Berkeley 16

Second Challenge on the Cyber Side: Concurrency (Needed for real time and multicore) Threads dominate concurrent software. Threads: Sequential computation with shared memory. Interrupts: Threads started by the hardware. Incomprehensible interactions between threads are the sources of many problems: Deadlock Priority inversion Scheduling anomalies Timing variability Nondeterminism Buffer overruns System crashes Lee, Berkeley 17

My Claim Nontrivial software written with threads is incomprehensible to humans, and it cannot deliver repeatable or predictable timing, except in trivial cases. Lee, Berkeley 18

Perhaps Concurrency is Just Hard Sutter and Larus observe: humans are quickly overwhelmed by concurrency and find it much more difficult to reason about concurrent than sequential code. Even careful people miss possible interleavings among even simple collections of partially ordered operations. H. Sutter and J. Larus. Software and the concurrency revolution. ACM Queue, 3(7), 2005. Lee, Berkeley 19

Is Concurrency Hard? It is not concurrency that is hard Lee, Berkeley 20

It is Threads that are Hard! Threads are sequential processes that share memory. From the perspective of any thread, the entire state of the universe can change between any two atomic actions (itself an ill-defined concept). Imagine if the physical world did that Lee, Berkeley 21

Concurrent programs using shared memory are incomprehensible because concurrency in the physical world does not work that way. We have no experience! Lee, Berkeley 22

Consider an Automotive Example Periodic events Quasi-periodic events Sporadic events Consider handling this with timers, interrupts, threads, shared memory, priorities, and mutual exclusion. This is a nightmare! Lee, Berkeley 23

The Current State of Affairs We build embedded software on abstractions where time is irrelevant using concurrency models that are incomprehensible. Just think what we could do with the right abstractions! Lee, Berkeley 24

The Berkeley Solution Time and concurrency in the core abstractions: Foundations: Timed computational semantics. Bottom up: Make timing repeatable. Top down: Timed, concurrent components. Holistic: Model engineering. Lee, Berkeley 25

concurrent actororiented models Foundations: Timed-Computational Semantics. super-dense time abstraction s S N fixed-point semantics Causal systems operating on signals are usually naturally (Scott) continuous. Lee, Berkeley 26

Ph.D. Theses: Some Reading on Foundations [1] Haiyang Zheng, "Operational Semantics of Hybrid Systems," May 18, 2007. [2] Ye Zhou, "Interface Theories for Causality Analysis in Actor Networks," May 15, 2007. [3] Xiaojun Liu, "Semantic Foundation of the Tagged Signal Model," December 20, 2005. Papers: [1] Lee and Matsikoudis, " The Semantics of Dataflow with Firing," in From Semantics to Computer Science: Essays in memory of Gilles Kahn, Cambridge 2008. [2] Zhou and Lee. "Causality Interfaces for Actor Networks," ACM Trans. on Embedded Computing Systems, April 2008. [3] Lee, " Application of Partial Orders to Timed Concurrent Systems," article in Partial order techniques for the analysis and synthesis of hybrid and embedded systems, in CDC 07. [4] Liu and Lee, "CPO Semantics of Timed Interactive Actor Networks," Technical Report No. UCB/EECS-2007-131, November 5, 2007 (under review). [5] Lee and Zheng, "Leveraging Synchronous Language Principles for Heterogeneous Modeling and Design of Embedded Systems," EMSOFT 07. [6] Liu, Matsikoudis, and Lee. "Modeling Timed Concurrent Systems," CONCUR 06. [7] Cataldo, Lee, Liu, Matsikoudis and Zheng "A Constructive Fixed-Point Theorem and the Feedback Semantics of Timed Systems," WODES'06 etc.... Lee, Berkeley 27

The Berkeley Solution Time and concurrency in the core abstractions: Foundations: Timed computational semantics. Bottom up: Make timing repeatable. Top down: Timed, concurrent components. Holistic: Model engineering. Lee, Berkeley 28

Bottom Up: Make Timing Repeatable Precision-Timed (PRET) Machines Make temporal behavior as important as logical function. Timing precision with performance: Challenges: Memory hierarchy (scratchpads?) Deep pipelines (interleaving?) ISAs with timing (deadline instructions?) Predictable memory management (Metronome?) Languages with timing (discrete events? Giotto?) Predictable concurrency (synchronous languages?) Composable timed components (actor-oriented?) Precision networks (TTA? Time synchronization?) See S. Edwards and E. A. Lee, "The Case for the Precision Timed (PRET) Machine," in the Wild and Crazy Ideas Track of the Design Automation Conference (DAC), June 2007. Lee, Berkeley 29

The Berkeley Solution Time and concurrency in the core abstractions: Foundations: Timed computational semantics. Bottom up: Make timing repeatable. Top down: Timed, concurrent components. Holistic: Model engineering. Lee, Berkeley 30

Object Oriented vs. Actor Oriented The established: Object-oriented: class name data methods What flows through an object is sequential control call return Things happen to objects The alternative: Actor oriented: actor name data (state) parameters ports Actors make things happen What flows through an object is evolving data Input data Output data Lee, Berkeley 31

The First (?) Actor-Oriented Programming Language The On-Line Graphical Specification of Computer Procedures W. R. Sutherland, Ph.D. Thesis, MIT, 1966 MIT Lincoln Labs TX-2 Computer Bert Sutherland with a light pen Bert Sutherland used the first acknowledged objectoriented framework (Sketchpad, created by his brother, Ivan Sutherland) to create the first actor-oriented programming language (which had a visual syntax). Partially constructed actor-oriented model with a class definition (top) and instance (below). Lee, Berkeley 32

Examples of Actor-Oriented Systems UML 2 and SysML (activity diagrams) ASCET (time periods, interrupts, priorities, preemption, shared variables ) Autosar (software components w/ sender/receiver interfaces) Simulink (continuous time, The MathWorks) The semantics of LabVIEW (structured dataflow, National Instruments) these differ SCADE (synchronous, based on Lustre and Esterel) considerably in their CORBA event service (distributed push-pull) approaches to ROOM and UML-2 (dataflow, Rational, IBM) concurrency and time. Some are loose VHDL, Verilog (discrete events, Cadence, Synopsys,...) (ambiguous) and Modelica (continuous time, constraint-based, Linkoping) some rigorous. Some OPNET (discrete events, Opnet Technologies) are strongly actororiented, while some SDL (process networks) Occam (rendezvous) retain much of the flavor (and flaws) of SPW (synchronous dataflow, Cadence, CoWare) threads. Lee, Berkeley 33

Give a Component Technology rather than New Languages It leverages: Language familiarity Component libraries Legacy subsystems Design tools The simplicity of sequential reasoning It allows for innovation in Distributed time-sensitive system design Hybrid systems design Service-oriented architectures Software is intrinsically concurrent Better use of multicore machines Better use of networked systems Better potential for robust design Lee, Berkeley 34

Ptolemy II: Our Laboratory for Experiments with Actor-Oriented Design Concurrency management supporting dynamic model structure. Director from a library defines component interaction semantics Large, behaviorallypolymorphic component library. Type system for transported data Visual editor supporting an abstract syntax Lee, Berkeley 35

Approach: Concurrent Composition of Components designed with Conventional Languages Lee, Berkeley 36

Example: Discrete Event Models DE Director implements timed semantics using an event queue Reactive actors Event source Signal Components send timestamped events to other components, and components react in chronological order. Time line Lee, Berkeley 37

PTIDES: Programming Temporally Integrated Distributed Embedded Systems Distributed execution under discrete-event semantics, with model time and real time bound at sensors and actuators. Output time stamps are real time Input time stamps are real time Input time stamps are real time Output time stamps are real time Lee, Berkeley 38

PTIDES: Programming Temporally Integrated Distributed Embedded Systems and being explicit about time delays means that we can analyze control system dynamics Feedback through the physical world Lee, Berkeley 39

Experimental Setup Causality Analysis Schedulability Analysis Program Analysis Ptides Model Code Generator Code Ptolemy II Ptides domain Software Component Library PtidyOS HW Platform Mixed Simulator Plant Model HW in the Loop Simulator Ptolemy II Discrete-event, Continuous, and Wireless domains Network Model Luminary Micro 8962 Lee, Berkeley 40

The Berkeley Solution Time and concurrency in the core abstractions: Foundations: Timed computational semantics. Bottom up: Make timing repeatable. Top down: Timed, concurrent components. Holistic: Model engineering. Lee, Berkeley 41

Model Engineering Topics Model transformation Model optimization Scalable model construction (big models from small descriptions) Product families (multiple products from one model) Design refactoring Workflow automation Model ontologies Property annotations and inference Sound foundation based on type theories Scalable to large models Multimodeling Hierarchical multimodeling Multi-view modeling Meta modeling Lee, Berkeley 42

Model Ontologies: Built on Hindley-Milner Type Theories A lattice is a partially ordered set (poset) where every subset has a least upper bound (LUB) and a greatest lower bound (GLB). Modern type systems (including the Ptolemy II type system, created by Yuhong Xiong) are based on efficient algorithms for solving inequality constraints on lattices. Lee, Berkeley 43

Property Lattices capture domain-specific semantic information Components in a model (e.g. parameters, ports) can have properties drawn from a lattice. Components in a model (e.g. actors) can impose constraints on property relationships. The type system infrastructure can infer properties and detect errors. Lee, Berkeley 44

Property Systems Input constraint and one constraint on a constant leads to inference of semantic information throughout the model. Lee, Berkeley 45

Beyond Embedded to Cyber-Physical Systems The Berkeley Approach Foundations Concurrency and time Bottom up Make behaviors predictable and repeatable Top down Actor component architectures Holistic Model engineering Lee, Berkeley 46

The Ptolemy Pteam John Eidson Jia Zou Edward Lee Jackie Mankit Leung Ben Lickly Thomas Mandl Elefterios Matsikoudis Isaac Liu Thomas Huining Feng Jeff Jensen Shanna- Shaye Forbes Yasemin Demir Christopher Brooks Bert Rodiers Hiren Patel Lee, Berkeley 47

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback