EECE Hybrid and Embedded Systems: Computation T. John Koo, Ph.D. Institute for Software Integrated Systems Department of Electrical Engineering and Computer Science Vanderbilt University 300 Featheringill Hall April 1,
2 Application: Time Automata
3 Outline Motivation Hybrid Systems Verification of Timed Automata A Design Example Future Works
4 Distributed Sensing and Sensor Networks Creation of a fundamental unifying framework for real-time distributed/decentralized information processing with applications to sensor networks RFM Radio byte Radio Packet UART Serial Packet i2c Temp photo Active Messages clocks bit byte packet Route map routersensor appln application HW SW ATMEL 4 Mhz CPU RFM 916 MHz radio 64KB EEPROM Sensor Bus: 7 Analog sensors 2 I2C buses 1 SPI bus Runs Tiny OS 2 weeks on AA batteries 1% duty w/ solar power System Architecture for Networked Sensor
5 Distributed Sensing and Sensor Networks Networked sensors dropped from an aerial vehicle Ad hoc networking
6 Distributed Sensing and Sensor Networks Recovering Flow from Distributed Networks In a dense sensor scenario, environmental data can be interpolated Over a few time steps, optical flow algorithms are applied to determine flow Accuracy of results is highly dependent on the smoothness of the flow Sense temperature at nodes Interpolate to grid pointsCompute flow
7 RFM Radio byte Radio Packet UART Serial Packet i2c Temp photo Active Messages clocks bit byte packet Route map routersensor appln application HW SW System Architecture for Networked Sensors Constrained two-level scheduling model: threads + events Components: Frame (storage), Threads (concurrency), Commands, and Handlers (events) Constrained Storage Model Very lean multithreading Layering: components issue commands to lower-level components
8 TinyOS TinyOS - component-based operating system Modularity by assembling only the software components to synthesize application from hardware components Components as reentrant cooperating finite state machines RFM Radio byte Radio Packet photo clocks bit byte packet sensing application application HW SW ADC command event
9 TinyOS A complete TinyOS application Application = Graph of components Scheduler Component Interface synchronous commands and asynchronous events Internal Storage Fixed-size frame containing the state of component Internal Implementation Light-weight threads – tasks Command and event handlers Scheduling Events have higher priority Events preempt tasks Almost instantaneous event execution Tasks have lower priority Tasks do not preempt events or other tasks Scheduled by FIFO scheduler Handled rapidly without blocking or polling
10 Example: Communication RFM Bit Level Byte Level Packet Level Event fountain handling Task handling Put processor sleep … 1 byte = 18 bits 1 packet = 30 bytes
11 Design Considerations Characteristic of sensor networks Dynamical behaviors depend on the environment Deploy once and leave without future maintenance Energy consumption varies between applications We suggest to use formal methods to verify system performance to guarantee correct operation in every circumstances predict lifetime of a given application scenario Functional Behaviors +Temporal Behaviors Timed Automata System States = Discrete States + Continuous States(Time + Energy) State Transitions = Discrete Transitions(Events) + Continuous Transitions
12 What Are Hybrid Systems? Dynamical systems with interacting continuous and discrete dynamics
13 Why Hybrid Systems? Modeling abstraction of Continuous systems with phased operation (e.g. walking robots, mechanical systems with collisions, circuits with diodes) Continuous systems controlled by discrete inputs (e.g. switches, valves, digital computers) Coordinating processes (multi-agent systems) Important in applications Hardware verification/CAD, real time software Manufacturing, communication networks, multimedia Large scale, multi-agent systems Automated Highway Systems (AHS) Air Traffic Management Systems (ATM) Uninhabited Aerial Vehicles (UAV) Power Networks
14 Research Issues Modeling & Simulation Control: classify discrete phenomena, existence and uniqueness of execution, Zeno [Branicky, Brockett, van der Schaft, Astrom] Computer Science: composition and abstraction operations [Alur- Henzinger, Lynch, Sifakis, Varaiya] Analysis & Verification Control: stability, Lyapunov techniques [Branicky, Michel], LMI techniques [Johansson-Rantzer] Computer Science: Algorithmic [Alur-Henzinger, Sifakis, Pappas- Lafferrier-Sastry] or deductive methods [Lynch, Manna, Pnuelli], Abstraction [Pappas-Tabuada, Koo-Sastry] Controller Synthesis Control: optimal control [Branicky-Mitter, Bensoussan-Menaldi], hierarchical control [Caines, Pappas-Sastry], supervisory control [Lemmon-Antsaklis], safety specifications [Lygeros-Sastry, Tomlin- Lygeros-Sastry], control mode switching [Koo-Pappas-Sastry] Computer Science: algorithmic synthesis [Maler et.al., Wong-Toi], synthesis based on HJB [Mitchell-Tomlin]
15 Verification Deductive Methods Theorem-Proving techniques [Lynch, Manna, Pnuelli] Model Checking State-space exploration [Alur-Henzinger, Sifakis, Pappas-Lafferrier- Sastry] Forward Reachable Set Reachability Problem
16 Computational Tools Verification based on Modal Checking Finite Automata Timed Automata Linear Automata Linear Hybrid Systems Nonlinear Hybrid Systems d/dt CheckMate Timed COSPAN KRONOS Timed HSIS VERITI UPPAAL HyTechCOSPAN SMV VIS … Requiem x1 x2 Post r (x1) Post r (x2 ) F Post r (F) Post 2r (F) Post 23 (x1) Post 2r (x2 ) Post [0,r] (F) Post [0,2r] (F)
17 Computational Tools Simulation Ptolemy II: ptolemy.eecs.berkeley.eduptolemy.eecs.berkeley.edu Modelica: SHIFT: Dymola: OmSim: ABACUSS: yoric.mit.edu/abacuss/abacuss.htmlyoric.mit.edu/abacuss/abacuss.html Stateflow: CHARON: Masaccio:
18 Computational Tools Simulation Models of Computation System Complexity Ptolemy II Dymola Modelica ABACUSS SHIFT OmSim Masaccio CHARON StateFlow/Simulink
19 Hybrid Modeling of Sensor Networks HyTech Verifies functional and temporal properties of linear hybrid automata Based on Model Checking and providing debugging traces Hybrid Automaton with flows which are linear in time SHIFT Models and simulates dynamic networks of hybrid automata Components created, interconnected, destroyed as the system evolves Components interact through their inputs, outputs and exported events
20 Hybrid Modeling of Sensor Networks HyTech Example start of an execution of the timed automaton
21 Hybrid Modeling of Sensor Networks HyTech Reachability Problem: Starting from somewhere in an initial set, would the set of states eventually reach somewhere in the target set?
22 Hybrid Modeling of Sensor Networks HyTech Equivalent Classes 12x2 30x2 18x2 Every point in an equivalent class has the same reachability property.
23 Hybrid Modeling of Sensor Networks HyTech Equivalent Classes 12x2 30x2 18x2 Idea: The reachability problem for timed automaton (Transition System) can be answered on a FSM (Quotient Transition System) which is defined on the quotient space of the bisimulation.
24 Bisimulation-based Abstraction Transition System To study the reachability properties of time automata, each timed automaton is converted into a transition system. Consider the equivalence relation, we have the following definitions: Definition 1 (Bisimulation) Both initial and final sets are union of equivalence classes
25 Bisimulation-based Abstraction Transition System
26 Bisimulation-based Abstraction Consider the transition system and the equivalence relation, we have the following result: Therefore, one can define the reachability preserving quotient system of the transition system
27 Bisimulation-based Abstraction Transition System and its Quotient System
28 Overall View of TinyOS Automata RFM Radio byte Radio Packet bit byte packet sensing application application Task handler Packet generation rfm_clock transmit_pack rfm_ rx_ev rfm_ tx_ev rfm_rx_ comp rfm_tx_ comp rx_byte_ ready tx_byte_ ready tx_ byte packet_ done_neg packet_ done_pos post_encode post_decode receive_pack rfm_clock rfm_rx_comp rfm_tx_comp
29 Packet Generation and Application Automata rt<=cbit_time pt<=cidle drt=1 rt<=cbit_time pt<=cgeneration drt=1 rt>= cbit_time / rt’=0, pt’=pt+1, sync rfm_clock rt>=cbit_time/ rt’=0, pt’=pt+1, sync rfm_clock pt>=cidle/ rt’=0, bit’=1, pt’=0, sync rfm_clock pt>=cgeneration/ rt’=0, bit’=0, pt’=0, sync rfm_clock Packet_generation Application rt=0,pt=0 at=0 idle generate at<=cbetween dat=1 at>=cbetween/ at’=0, sync transmit_pack sync receive_pack/ at’=0, sync trans_packet cbit_time cidlecgeneration
30 From TinyOS to Hytech RFM drfmt=0 sync rfm_clock/ rfmt’=0, energy’=energy+crec rfmt<=crec_handler drfmt=1 rfmt>=crec_handler/ sync rfm_rx_ev drfmt=0 sync rfm_rx_comp/ drfmt=0 sync rfm_clock/ rfmt’=0, energy’=energy+ctrans rfmt<=ctrans_handler drfmt=1 rfmt>=crec_handler/ sync rfm_tx_ev drfmt=0 sync rfm_tx_comp/ sync rfm_tx_comp/ sync rfm_rx_comp/ receive rec_energyrec_wait transmit trans_wait trans_energy Energy spent by the transceiver RFM Packet Gen. RFM Bit Radio Byte rfm_clock rfm_rx_evrfm_rx_comp
31 From TinyOS to HyTech Task Handler dht=0 dct=0 denergy=cactive sync encode/ ht’=cencode, ct’=0 sync decode/ ht’=cdecode, ct’=0 ct<=ctask_post dht=0 dct=1 denergy=cactive ct>=ctask_post/ sync post_task_done dht=0 dct=0 denergy=cactive sync rfm_rx_comp | sync rfm_tx_comp / ht>=0 dht=-1 dct=0 denergy=cactive ht<=0/ sync rfm_clock/ sync rfm_rx_comp | sync rfm_tx_comp / dht=0 dct=0 denergy=cinactive sync encode/ ht’=ht+cencode, ct’=0 sync decode/ ht’=ht+cdecode, ct’=0 exec op-wait op-exec op idle Energy spent by processing events Energy spent by posting tasks Energy spent by processing tasks
32 Verification of TinyOS with HyTech RFM Bit Level Byte Level Packet Level idle packet level byte level receiving idle … transmitting receiving
33 Verification of TinyOS with HyTech Analysis commands for verification: init_reg := …..; final_reg := loc[rpacket]=transmit & loc[rbyte]=receive; reached := reach forward from init_reg endreach; if empty(reached & final_reg) then prints “working fine” else print trace to final_reg using reached; endif;
34 Power Analysis of TinyOS with HyTech Power analysis through variable energy by using trace generation feature of HyTech by setting final_reg = t>300000; Power Consumption vs. # of Children power
35 Power Analysis of TinyOS with HyTech As the number of children increases, time to wait before transmitting increases due to backoff number of packets to be forwarded increases BS
36 Hybrid Modeling of a Sensor Network Uniform Distribution 100 node 100m x 100m 4 Macro Clusters Children determined according to position distribution
37 Hybrid Modeling of a Sensor Network 4 Types of Node Automata. Create an instance for each node. Destroy the instance when the node dies. Distribute the load to its group. Notify upper group when there is a death.
38 Hybrid Modeling of a Sensor Network SHIFT - Describes dynamic networks of hybrid automata Components created, interconnected, destroyed as the system evolves Components interact through their inputs, outputs and exported events
39 Model of a node x – Consumed energy f – Power consumption S – Group of nodes
40 Validation Results Need powerful nodes in group 1. Group 1 suffers from high load and backoff time. Group 4 dies at the same time.
41 Conclusion Sensor nodes are aimed to be left without maintenance. Verification is needed for reliability. Power is a detrimental concern in sensor world. Power analysis is needed for the life time of the node. Network power analysis is needed for the life time of the network. Modeling and Analysis are based on Hybrid Automata Verification and Power analysis with HyTech. Network power analysis with SHIFT.
42 End