The cardiac pacemaker – SystemJ versus Safety Critical Java Heejong Park, Avinash Malik, Muhammad Nadeem, and Zoran Salcic. University of Auckland, NZ.

Slides:



Advertisements
Similar presentations
Priority INHERITANCE PROTOCOLS
Advertisements

Modelos de Computação Básicos Prof. Dr. César Augusto Missio Marcon Parcialmente extraído de trabalhos de Axel Jantch, Edward Lee e Alberto Sangiovanni-Vincentelli.
Model Checking for an Executable Subset of UML Fei Xie 1, Vladimir Levin 2, and James C. Browne 1 1 Dept. of Computer Sciences, UT at Austin 2 Bell Laboratories,
CS370 – Spring 2003 Hazards/Glitches. Time Response in Combinational Networks Gate Delays and Timing Waveforms Hazards/Glitches and How To Avoid Them.
Combinational Logic.
A Sample RTOS Presentation 4 Group A4: Sean Hudson, Manasi Kapadia Syeda Taib.
Lecture 8: Three-Level Architectures CS 344R: Robotics Benjamin Kuipers.
CS 290C: Formal Models for Web Software Lecture 4: Implementing and Verifying Statecharts Specifications Using the Spin Model Checker Instructor: Tevfik.
Timed Automata.
Analyzing and Verifying Esterel Programs Taisook Han , Division of Computer Science, KAIST.
MotoHawk Training Model-Based Design of Embedded Systems.
Automated creation of verification models for C-programs Yury Yusupov Saint-Petersburg State Polytechnic University The Second Spring Young Researchers.
An Automata-based Approach to Testing Properties in Event Traces H. Hallal, S. Boroday, A. Ulrich, A. Petrenko Sophia Antipolis, France, May 2003.
CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur
Basic Real Time Concepts Systems Concepts Real-Time Definitions Events and Determinism CPU Utilization Real-Time System Design Issues Example Real-Time.
© Janice Regan, CMPT 102, Sept CMPT 102 Introduction to Scientific Computer Programming The software development method algorithms.
Event Driven Real-Time Programming CHESS Review University of California, Berkeley, USA May 10, 2004 Arkadeb Ghosal Joint work with Marco A. Sanvido, Christoph.
Model Checking. Used in studying behaviors of reactive systems Typically involves three steps: Create a finite state model (FSM) of the system design.
Review of “Embedded Software” by E.A. Lee Katherine Barrow Vladimir Jakobac.
Embedded and Real Time Systems Lecture #4 David Andrews
AR vs. CFSM Abdallah Tabbara. CFSM Overview 4 CFSM has: –a finite state machine part –a data computation part –a locally synchronous behavior transitions.
Models of Computation for Embedded System Design Alvise Bonivento.
Expressing Giotto in xGiotto and related schedulability problems Class Project Presentation Concurrent Models of Computation for Embedded Software University.
1 Ivan Lanese Computer Science Department University of Bologna Italy Concurrent and located synchronizations in π-calculus.
November 18, 2004 Embedded System Design Flow Arkadeb Ghosal Alessandro Pinto Daniele Gasperini Alberto Sangiovanni-Vincentelli
Mahapatra-A&M-Sprong'021 Co-design Finite State Machines Many slides of this lecture are borrowed from Margarida Jacome.
CprE 458/558: Real-Time Systems
Real-Time Operating System Chapter – 8 Embedded System: An integrated approach.
Comparing Models of Computation for Real-time, Distributed Control Systems Shawn Schaffert Bruno Sinopoli.
System-Level Types for Component-Based Design Paper by: Edward A. Lee and Yuhong Xiong Presentation by: Dan Patterson.
Timing analysis of an SDL subset in UPPAAL Anders Hessel Institution of Information Technology Department of Computer Systems Uppsala University M.Sc.
EMBEDDED SOFTWARE Team victorious Team Victorious.
Cheng/Dillon-Software Engineering: Formal Methods Model Checking.
Timing and Race Condition Verification of Real-time Systems Yann–Hang Lee, Gerald Gannod, and Karam Chatha Dept. of Computer Science and Eng. Arizona State.
REAL-TIME SOFTWARE SYSTEMS DEVELOPMENT Instructor: Dr. Hany H. Ammar Dept. of Computer Science and Electrical Engineering, WVU.
UML / UML 2.0 Diagrams (Part III) 1. Sequence diagram is the most common kind of interaction diagram. It focuses on the message interchange between a.
1. Introduction 1.1 Background 1.2 Real-time applications 1.3 Misconceptions 1.4 Issues in real-time computing 1.5 Structure of a real-time system.
Benjamin Gamble. What is Time?  Can mean many different things to a computer Dynamic Equation Variable System State 2.
- 1 - Embedded Systems - SDL Some general properties of languages 1. Synchronous vs. asynchronous languages Description of several processes in many languages.
Chapter 101 Multiprocessor and Real- Time Scheduling Chapter 10.
Timed Use Case Maps Jameleddine Hassine Concordia University, Montreal, Canada URN Meeting, Ottawa, January 16-18, 2008.
Ch. 2. Specification and Modeling 2.1 Requirements Describe requirements and approaches for specifying and modeling embedded systems. Specification for.
Mahapatra-A&M-Fall'001 Co-design Finite State Machines Many slides of this lecture are borrowed from Margarida Jacome.
CS5270 Lecture 41 Timed Automata I CS 5270 Lecture 4.
REAL-TIME SOFTWARE SYSTEMS DEVELOPMENT Instructor: Dr. Hany H. Ammar Dept. of Computer Science and Electrical Engineering, WVU.
© S. Ramesh / Kavi Arya / Krithi Ramamritham 1 IT-606 Embedded Systems (Software) S. Ramesh Kavi Arya Krithi Ramamritham KReSIT/ IIT Bombay.
Desynchronization and distributed deployment of synchronous systems Albert Benveniste – Inria 2002.
Communicating Real-Time State Machines (CRSM) State machines that communicate synchronously Unique unidirectional channels are used for the communication.
Conformance Test Experiments for Distributed Real-Time Systems Rachel Cardell-Oliver Complex Systems Group Department of Computer Science & Software Engineering.
Lecture 8 Page 1 CS 111 Online Other Important Synchronization Primitives Semaphores Mutexes Monitors.
Modelling Reactive Systems 4 Professor Muffy Calder Dept. of Computing Science University of Glasgow
Developing a Framework for Simulation, Verification and Testing of SDL Specifications Olga Shumsky Lawrence Henschen Northwestern University
Model Checking Lecture 1. Model checking, narrowly interpreted: Decision procedures for checking if a given Kripke structure is a model for a given formula.
Software Systems Verification and Validation Laboratory Assignment 4 Model checking Assignment date: Lab 4 Delivery date: Lab 4, 5.
Winter 2007SEG2101 Chapter 121 Chapter 12 Verification and Validation.
CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur
SystemC Semantics by Actors and Reduction Techniques in Model Checking Marjan Sirjani Formal Methods Lab, ECE Dept. University of Tehran, Iran MoCC 2008.
Agenda  Quick Review  Finish Introduction  Java Threads.
Symbolic Model Checking of Software Nishant Sinha with Edmund Clarke, Flavio Lerda, Michael Theobald Carnegie Mellon University.
1 An SDL Tutorial Two primary elements: –Structure –Identifies the various components of the system, and the communication paths among them. –Components:
CS5270 Lecture 41 Timed Automata I CS 5270 Lecture 4.
Formal methods: Lecture
Wayne Wolf Dept. of EE Princeton University
ESE532: System-on-a-Chip Architecture
Gabor Madl Ph.D. Candidate, UC Irvine Advisor: Nikil Dutt
Gabor Madl Nikil Dutt Domain-specific Modeling of Power Aware Distributed Real-time Embedded Systems Gabor Madl
Model Checking for an Executable Subset of UML
An explicit state model checker
A Refinement Calculus for Promela
Lecture 8 Programming Paradigm & Languages. Programming Languages The process of telling the computer what to do Also known as coding.
Presentation transcript:

The cardiac pacemaker – SystemJ versus Safety Critical Java Heejong Park, Avinash Malik, Muhammad Nadeem, and Zoran Salcic. University of Auckland, NZ

Why is it interesting? Study difference between classical (RTOS) model of computation vs. the synchronous model of computation Improved state representation and formal functional and non-functional (timing) verification of programs designed in reactive languages Different design decisions for implementing the same safety critical application.

Approach taken for comparison Implementing the cardiac pacemaker control logic in SystemJ and comparing with the SCJ implementation. Features compared: ◦ Scheduling policies ◦ Real-time and response-time analysis ◦ Memory model (if you are interested, after the presentation).

The cardiac pace-maker control logic – DDDR operating mode The dips below the X-axis are the pacing signals Scenario D: A normal working heart. Scenario A: Atrial and ventricle pace are produced Scenario B: Only atrial pace produced Scenario C: Only ventricle pace produced

The general SystemJ model of computation Globally Asynchronous Locally Synchronous (GALS) MoC. Signals are used for communication within each synchronous island (clock-domain). Channels and modified- CSP style rendezvous between reactions in different clock-domains.

SystemJ syntax

What is each reaction really? input signal S; L1: pause; present (S) emit O1; else emit O2; L2: pause; L1 L2 S/O1 !S/O2

Synchronous composition L1 L1’ A/B L2 L2’ C/D L1L 2 L1’ L2’ A&&C/ {B,D}

The cardiac pacemaker in SystemJ Only synchronous parallel composition All communication via signals Input and Output to the heart model also via signals No need for asynchrony, because only one mode runs at any given time

SCJ vs. SystemJ – functional correctness States are explicitly demarcated at pause Smaller state space compared to SCJ Every FSM transition is atomic ◦ Easier to verify, since synchrony avoids interleaving altogether. ◦ Further reduction in state space, because change in signals (and update of data) is not visible until completion of transition. We verified for the pacemaker liveness properties (via SPIN model-checker) ◦ If Ventricle/Atrial sense is not detected Ventricular/Atrial pace will always be generated.

SCJ vs. SystemJ – tasks and scheduling model Task priority ◦ SCJ needs unique priority for each task ◦ All SystemJ reactions have equal priority (or no priority) Task ordering ◦ Priorities and schedule together determine task-ordering in SCJ ◦ Reactions in SystemJ can be run in any order – more optimization chances, outputs are always deterministic. Response time ◦ SCJ (RTOS) definition – time from release to completion of a task. ◦ Time from one or more inputs to generation of one or more outputs via one or more tasks (reactions/CDs) interacting together. Event handling ◦ SCJ supports Periodic and Aperiodic event handlers, no sporadic events (?) and what happens with multiple incoming events? ◦ SystemJ can be considered to have only sporadic event handling with minimum statically guaranteed inter-arrival time. Multiple events can always be captured.

SystemJ – timing model guaranteeing real-time properties ABC ABC I/{} T/{O}

SCJ vs. SystemJ Timers ◦ SCJ handles timing via one shot timer handlers, triggered via external timers ◦ SystemJ converts wait statements to logical time – bounded self-transitions.  The resultant system is still real-time analyzable.  The wait is exact. AB d==10 d<10

Experimental results We run the pacemaker on 3 different platforms: ◦ Standard JOP – all SystemJ compiled to simple Java ◦ TP-JOP, separated control and data- processing. ◦ JOP+, JOP with support for reactivity and control processing.

Experimental results Average Tick times (us) Logic Element usage Generated memory footprint (KB)

Conclusions SystemJ is easier to verify (functional and non- functional): ◦ One is just programming an automaton ◦ Reduced state space representation, every change in data/signal is not a new state, only pause makes a new state Time (real and logical) is a first class language construct. SystemJ allows handling multiple events, since it is clock-driven. No preemption of transitions, preemptions only allowed once transition is finished. Correct by construction achieved via SPIN and SMT. Verified, pacemaker control-logic implemented in SystemJ.

Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.