NSF Foundations of Hybrid and Embedded Software Systems UC Berkeley: Chess Vanderbilt University: ISIS University of Memphis: MSI Hybrid Systems: From.

Slides:



Advertisements
Similar presentations
Logical Reliability of Interacting Real-Time Tasks Krishnendu Chatterjee, UC Berkeley Arkadeb Ghosal, UC Berkeley Thomas A. Henzinger, EPFL Daniel Iercan,
Advertisements

A Hierarchical Co-ordination Language for Interacting Real-time Tasks Arkadeb Ghosal, UC Berkeley Thomas A. Henzinger, EPFL Daniel Iercan, "Politehnica"
Timed Automata.
ECE 720T5 Fall 2012 Cyber-Physical Systems Rodolfo Pellizzoni.
Prototyping of Real-time Component Based Systems by the use of Timed Automata Trevor Jones Lancaster University, UK
Time Safety Checking for Embedded Programs Thomas A. Henzinger, Christoph M. Kirsch, Rupak Majumdar and Slobodan Matic.
The Fixed Logical Execution Time (FLET) Assumption Tom Henzinger University of California, Berkeley.
MotoHawk Training Model-Based Design of Embedded Systems.
Fault-Tolerant Real-Time Networks Tom Henzinger UC Berkeley MURI Kick-off Workshop Berkeley, May 2000.
Discounting the Future in Systems Theory Chess Review May 11, 2005 Berkeley, CA Luca de Alfaro, UC Santa Cruz Tom Henzinger, UC Berkeley Rupak Majumdar,
Event Driven Real-Time Programming CHESS Review University of California, Berkeley, USA May 10, 2004 Arkadeb Ghosal Joint work with Marco A. Sanvido, Christoph.
Overview of PTIDES Project
Systems Engineering for Automating V&V of Dependable Systems John S. Baras Institute for Systems Research University of Maryland College Park
Center for Hybrid and Embedded Software Systems College of Engineering, University of California at Berkeley Presented by: Edward A. Lee, EECS, UC Berkeley.
Integrated Design and Analysis Tools for Software-Based Control Systems Shankar Sastry (PI) Tom Henzinger Edward Lee University of California, Berkeley.
NSF Foundations of Hybrid and Embedded Software Systems UC Berkeley: Chess Vanderbilt University: ISIS University of Memphis: MSI A New System Science.
February 21, 2008 Center for Hybrid and Embedded Software Systems Organization Board of Directors Edward A. Lee, UC Berkeley.
Foundations of Hybrid and Embedded Software and Systems University of California, Berkeley, CHESS Vanderbilt University, ISIS Memphis State, Mathematics.
From Models to Code: The Missing Link in Embedded Software Tom Henzinger University of California, Berkeley Joint work with Ben Horowitz and Christoph.
Chess Review May 11, 2005 Berkeley, CA Composable Code Generation for Distributed Giotto Tom Henzinger Christoph Kirsch Slobodan Matic.
Chess Review May 10, 2004 Berkeley, CA Distributed Schedule-Carrying Code Tom Henzinger Slobodan Matic.
February 23, 2012 Center for Hybrid and Embedded Software Systems Organization Board of Directors Edward A. Lee, EECS Thomas.
Mixing Models of Computation Jie Liu Palo Alto Research Center (PARC) 3333 Coyote Hill Rd., Palo Alto, CA joint work with Prof. Edward.
Design of Fault Tolerant Data Flow in Ptolemy II Mark McKelvin EE290 N, Fall 2004 Final Project.
Chess Review November 21, 2005 Berkeley, CA Edited and presented by Advances in Hybrid System Theory: Overview Claire J. Tomlin UC Berkeley.
Expressing Giotto in xGiotto and related schedulability problems Class Project Presentation Concurrent Models of Computation for Embedded Software University.
Giotto A Time-Triggered Language for Embedded Programming Thomas A. Henzinger, Benjamin Horowitz Christoph M. Kirsch, Rupak Majumdar UC Berkeley.
NSF Foundations of Hybrid and Embedded Software Systems UC Berkeley: Chess Vanderbilt University: ISIS University of Memphis: MSI A New System Science.
Ptolemy Miniconference May 9, 2003 Berkeley, CA Ptolemy Project Plans for the Future Edward A. Lee Professor Ptolemy Project Director.
SEC PI Meeting Annapolis, May 8-9, 2001 Component-Based Design of Embedded Control Systems Edward A. Lee & Jie Liu UC Berkeley with thanks to the entire.
Interfaces for Control Components Rajeev Alur University of Pennsylvania Joint work with Gera Weiss (and many others)
Center for Hybrid and Embedded Software Systems Jonathan Sprinkle Executive Director, CHESS Center for Hybrid and Embedded Software Systems UC Berkeley.
Chess Review November 18, 2004 Berkeley, CA Hybrid Systems Theory Edited and Presented by Thomas A. Henzinger, Co-PI UC Berkeley.
Designing Predictable and Robust Systems Tom Henzinger UC Berkeley and EPFL.
November 18, 2004 Embedded System Design Flow Arkadeb Ghosal Alessandro Pinto Daniele Gasperini Alberto Sangiovanni-Vincentelli
Report WG1 Software-Intensive Systems and New Computing Paradigms Cannes November 12-14, 2008 WG Leader: Martin Wirsing WG Depu ty Leaders: Jean-Pierre.
Beyond HyTech Presented by: Ben Horowitz and Rupak Majumdar Joint work with Tom Henzinger and Howard Wong-Toi.
Verification of Hierarchical Component-Based Designs in FRESCO Tom Henzinger, Marius Minea, Vinayak Prabhu.
Software Issues Derived from Dr. Fawcett’s Slides Phil Pratt-Szeliga Fall 2009.
MOBIES Project Progress Report Engine Throttle Controller Design Using Multiple Models of Computation Edward Lee Haiyang Zheng with thanks to Ptolemy Group.
NSF Foundations of Hybrid and Embedded Software Systems UC Berkeley: Chess Vanderbilt University: ISIS University of Memphis: MSI Gautam Biswas and Ken.
NSF Foundations of Hybrid and Embedded Software Systems UC Berkeley: Chess Vanderbilt University: ISIS University of Memphis: MSI Program Review May 10,
Abstract Verification is traditionally done by determining the truth of a temporal formula (the specification) with respect to a timed transition system.
Architectural Design Establishing the overall structure of a software system Objectives To introduce architectural design and to discuss its importance.
ECE 720T5 Winter 2014 Cyber-Physical Systems Rodolfo Pellizzoni.
Department of Mechanical Engineering The University of Strathclyde, Glasgow Hybrid Systems: Modelling, Analysis and Control Yan Pang Department of Mechanical.
High Performance Embedded Computing © 2007 Elsevier Chapter 1, part 2: Embedded Computing High Performance Embedded Computing Wayne Wolf.
Giotto A tool-supported design methodology for developing hard real-time applications Cyber Physical Systems Lab Ramtin Raji Kermani.
Cloud Programming: From Doom and Gloom to BOOM and Bloom Peter Alvaro, Neil Conway Faculty Recs: Joseph M. Hellerstein, Rastislav Bodik Collaborators:
© 2012 xtUML.org Bill Chown – Mentor Graphics Model Driven Engineering.
Design Languages in 2010 Chess: Center for Hybrid and Embedded Software Systems Edward A. Lee Professor UC Berkeley Panel Position Statement Forum on Design.
1 Model Checking of Robotic Control Systems Presenting: Sebastian Scherer Authors: Sebastian Scherer, Flavio Lerda, and Edmund M. Clarke.
CS4730 Real-Time Systems and Modeling Fall 2010 José M. Garrido Department of Computer Science & Information Systems Kennesaw State University.
CSCI1600: Embedded and Real Time Software Lecture 28: Verification I Steven Reiss, Fall 2015.
What’s Ahead for Embedded Software? (Wed) Gilsoo Kim
CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur
Introduction to Hardware Verification ECE 598 SV Prof. Shobha Vasudevan.
T imed Languages for Embedded Software Ethan Jackson Advisor: Dr. Janos Szitpanovits Institute for Software Integrated Systems Vanderbilt University.
February 12, 2009 Center for Hybrid and Embedded Software Systems Timing-aware Exceptions for a Precision Timed (PRET)
A hierarchical coordination language for reliable real-time tasks Arkadeb Ghosal University of California, Berkeley Dissertation Talk CHESS Seminar 22.
Giotto Embedded Control Systems Development with Thomas A. Henzinger Ben Horowitz Christoph M. Kirsch University of California, Berkeley
February 11, 2016 Center for Hybrid and Embedded Software Systems Organization Faculty Edward A. Lee, EECS Alberto Sangiovanni-Vincentelli,
February 14, 2013 Center for Hybrid and Embedded Software Systems Organization Faculty Edward A. Lee, EECS Alberto Sangiovanni-Vincentelli,
Embedded Control System Development with Giotto Thomas A. Henzinger, Benjamin Horowitz, Christoph Meyer Kirsch UC Berkeley.
Sub-fields of computer science. Sub-fields of computer science.
An overview of the CHESS Center
Shanna-Shaye Forbes Ben Lickly Man-Kit Leung
Retargetable Model-Based Code Generation in Ptolemy II
An overview of the CHESS Center
An overview of the CHESS Center
Presentation transcript:

NSF Foundations of Hybrid and Embedded Software Systems UC Berkeley: Chess Vanderbilt University: ISIS University of Memphis: MSI Hybrid Systems: From Models to Code Tom Henzinger UC Berkeley

French Guyana, June 4, 1996 $800 million embedded software failure

ITR Kickoff / Chess 3 Mars, December 3, 1999 Crashed due to uninitialized variable

$4 billion development effort 40-50% system integration & validation cost

ITR Kickoff / Chess 5 Sources of Complexity -concurrency -real time -heterogeneity A hybrid system consists of multiple continuous (physical) and discrete (computational) components that interact with each other in real time.

ITR Kickoff / Chess 6 Embedded Software Design: Current State Code Model (e.g., Simulink) Design Simulate Optimize Test Code generation No exact correspondence between model and code: -difficult to upgrade code -difficult to reuse code No formal connection between requirements, model, and resources: expensive development cycle iterates all stages Redesign

ITR Kickoff / Chess 7 Embedded Software Design: Our Vision Code Model Design Verify Compilation (analysis, optimization, and code generation)

ITR Kickoff / Chess 8 The FRESCO Project (Formal Real-Time Software Components) Hybrid System Model MASACCIO: correctness by formal verification against requirements Time-Safe Code GIOTTO: correctness by schedulability analysis against resources

ITR Kickoff / Chess 9 Continuous (Euclidean) Systems State space:R Dynamics:initial condition + differential equations n Room temperature:x(0) = x 0 x’(t) = -K·x(t) x t x0x0 Analytic complexity.

ITR Kickoff / Chess 10 Discrete (Boolean) Systems State space:B Dynamics:initial condition + transition relation m Heater: heat t off on offon Combinatorial complexity.

The Curse of Concurrency 300,000 latches

10 stars stars 10 states 100,000 11

ITR Kickoff / Chess 13 Hybrid Systems State space:B  R Dynamics:initial condition + transition relation + differential equations m Thermostat: t off on n x0x0 off x’ = -K·x on x’ = K·(H-x) x  l x  u x  U x  L

ITR Kickoff / Chess 14 x y Hybrid Automata

ITR Kickoff / Chess 15 far x’  [-50,-40] x  1000 near x’  [-50,-30] x  0 past x’  [30,50] x  100 x = 1000 x = 0 x = 100  x :  [2000,  ) app! exit! app exit train Hybrid Automata

ITR Kickoff / Chess 16 up y’ = 9 open y’ = 0 raise lower gate y  90 y = 90 down y’ = -9 closed y’ = 0 y  0 y = 0 raise?lower?raise? lower? Hybrid Automata

ITR Kickoff / Chess 17 t’ = 1 t   t := 0 app? lower! t’ = 1 t   t := 0 exit? raise! appexit idle controller raiselower Hybrid Automata

ITR Kickoff / Chess 18 Safety:   ( x  10  loc[gate] = closed ) Liveness:     ( loc[gate] = open ) Real time:   z :=0. ( z’ = 1    ( loc[gate] = open  z  60 )) Requirements Verification and failure analysis by model checking (e.g., HyTech).

ITR Kickoff / Chess Scalability Possible solutions: -hierarchy (MASACCIO) -assume-guarantee decomposition (interfaces) 2. Robustness Possible solutions: -  -variability -discounted future Two Problems with Hybrid Automata

ITR Kickoff / Chess 20 MASACCIO Hierarchical Hybrid Automata

ITR Kickoff / Chess 21 MASACCIO Hierarchical Hybrid Automata

ITR Kickoff / Chess 22 MASACCIO Hierarchical Hybrid Automata

ITR Kickoff / Chess 23 MASACCIO Hierarchical Hybrid Automata

ITR Kickoff / Chess 24 MASACCIO

ITR Kickoff / Chess Scalability Possible solutions: -hierarchy (MASACCIO) -assume-guarantee decomposition (interfaces) 2. Robustness Possible solutions: -  -variability -discounted future Two Problems with Hybrid Automata

ITR Kickoff / Chess 26 slightly perturbed automaton The Robustness Problem Hybrid Automaton Property

ITR Kickoff / Chess 27 Safe Hybrid Automaton x = 3 The Robustness Problem

ITR Kickoff / Chess 28 Unsafe Hybrid Automaton x = 3+  The Robustness Problem

ITR Kickoff / Chess 29 A Possible Solution of the Robustness Problem: Metrics on Traces ModelProperty instead of consider Yes or No  - Variation

ITR Kickoff / Chess 30 value(Model,Property): States  {Yes, No} value(Model,Property): States  R A More Radical Solution of the Robustness Problem: Discounting the Future

ITR Kickoff / Chess 31 value(Model,Property): States  {Yes, No} value(m,  T) =  X. (T  pre(X)) discountedValue(Model,Property): States  R discountedValue(m,  T) =  X. max(T,  pre(X)) discount factor 0< <1 A More Radical Solution of the Robustness Problem: Discounting the Future

ITR Kickoff / Chess 32 Robustness Theorem: If discountedBisimilarity(m 1,m 2 ) > 1 - , then |discountedValue(m 1,p) - discountedValue(m 2,p)| < f(  ). Further Advantages of Discounting: -approximability because of geometric convergence (avoids non-termination of verification algorithms) -applies also to probabilistic systems and to games (enables reasoning under uncertainty and control) A More Radical Solution of the Robustness Problem: Discounting the Future

ITR Kickoff / Chess 33 The FRESCO Project (Formal Real-Time Software Components) Hybrid System Model MASACCIO: correctness by formal verification against requirements Time-Safe Code GIOTTO: correctness by schedulability analysis against resources

ITR Kickoff / Chess 34 The History of Computer Science: Lifting the Level of Abstraction The “assembly age”: Programming to the platform High-level languages: Programming to the application Compilation -Traditional high-level languages abstract time. -This abstraction is unsuitable for real-time applications, which are still programmed in terms of platform time (“priority tweaking”). -GIOTTO: Real-time programming in terms of application time. Requirements focused code Resource focused code

ITR Kickoff / Chess 35 MASACCIO GIOTTO Time-Triggered Programming

ITR Kickoff / Chess 36 MASACCIO GIOTTO Time-Triggered Programming

ITR Kickoff / Chess Hz 400 Hz 200 Hz 1 kHz MASACCIO GIOTTO Time-Triggered Programming

ITR Kickoff / Chess Concurrent Periodic Tasks: -sensing -control law computation -actuating 2. Multiple Modes of Operation: -navigational modes (autopilot, manual, etc.) -maneuver modes (taxi, takeoff, cruise, etc.) -degraded modes (sensor, actuator, CPU failures) MASACCIO GIOTTO Time-Triggered Programming

ITR Kickoff / Chess 39 Mode 1 Mode 4Mode 3 Mode 2 Task S 400 Hz Task C 200 Hz Task A 1 kHz Task S 400 Hz Task C 200 Hz Task A’ 1 kHz Task C’ 100 Hz Task A 1 kHz Task S 400 Hz Task C 200 Hz Task A 2 kHz Task A” 1 kHz Condition 1.2 Condition 2.1 MASACCIO GIOTTO Time-Triggered Programming

ITR Kickoff / Chess 40 Host code e.g. C Glue code Giotto Functionality. -Real time. -Reactive. -Concurrent. Timing and interaction. This kind of software is reasonably well understood. The software complexity lies in the glue code. -No time. -Atomic. -Sequential. MASACCIO GIOTTO Separation of Concerns

ITR Kickoff / Chess 41 Model Requirements Resources Verification Implementation Environment Two Opposing Forces automatic (model checking) automatic (compilation)

ITR Kickoff / Chess 42 Model Requirements Resources Verification Implementation Environment Two Opposing Forces property preserving

ITR Kickoff / Chess 43 Component Requirements Resources Verification Implementation Two Opposing Forces Component Composition

ITR Kickoff / Chess 44 Component Requirements Resources Verification Implementation Two Opposing Forces Component Deep Compositionality no change (time, fault tolerance, etc.)

ITR Kickoff / Chess 45 Achieving Verifiability and Compositionality in GIOTTO: The FLET (Fixed Logical Execution Time) Assumption Software Task read sensor input at time t write actuator output at time t+d, for fixed d d>0 is the task's "logical execution time"

ITR Kickoff / Chess 46 Embedded Programming in GIOTTO The programmer specifies sample rate d and jitter j to solve the control problem at hand. The compiler ensures that d and j are met on a given platform (hardware resources and performance); otherwise it rejects the program.

ITR Kickoff / Chess 47 time ttime t+d possible physical execution on CPU buffer output Implementing the FLET Assumption

ITR Kickoff / Chess 48 Contrast the FLET with Standard Practice output as soon as ready

ITR Kickoff / Chess 49 -predictable timing and value behavior (no internal race conditions, minimal jitter) -portable, composable code (as long as the platform offers sufficient performance) Advantages of the FLET and GIOTTO

ITR Kickoff / Chess 50 From Hybrid Models -robust hybrid models (tube topologies, discounting) -model checking for hierarchical and stochastic hybrid models -multi-aspect assume-guarantee decomposition of hybrid models (interface theories for time, resources, fault tolerance) To Embedded Code -distributed schedulability analysis and code generation -on-line code modification and fault tolerance Research Agenda

ITR Kickoff / Chess 51 Scalable and Robust Hybrid Systems: Luca de Alfaro, Arkadeb Ghosal, Marius Minea, Vinayak Prabhu, Marcin Jurdzinski, Rupak Majumdar GIOTTO: Ben Horowitz, Christoph Kirsch, Rupak Majumdar, Slobodan Matic, Marco Sanvido Credits

ITR Kickoff / Chess 52 -Alex Aiken on time-safety analysis of embedded code -Karl Hedrick on Giotto implementation of electronic throttle control -Edward Lee on Giotto modeling and code generation in Ptolemy -Edward Lee on rich interface theories as type theories for component interaction -George Necula on model checking device drivers -George Necula on scheduler-carrying embedded code -Alberto Sangiovanni-Vincentelli on synthesis of protocol converters from interfaces -Alberto Sangiovanni-Vincentelli and Shankar Sastry on platform-based design of a helicopter flight control system using Giotto -Shankar Sastry on hybrid automata Collaborators of the FRESCO Project

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.