1 Formal Synthesis and Control of Soft Embedded Real-Time Systems Pao-Ann Hsiung National Chung Cheng University Dept. of Computer Science and Information Engineering Chiayi – 621, Taiwan, R.O.C. 21st IFIP International Conference on Formal Techniques for Networked and Distributed Systems (FORTE ’ 01), August 28 – 31, 2001.
2 Outline Introduction Previous Work Formal Synthesis and Control Application Example Conclusion
3 Introduction (1) Soft Embedded Real-Time Systems (SERTS) May Miss a Few Deadlines Flexible Deadline Intervals Small Memory Footprint High Reliability and Stability
4 Introduction (2) SERTS Design Issues: Bounded Memory Execution Soft Real-Time Constraints Proposed Solutions: Quasi-Static Data Scheduling (QSDS) Firing-Interval Bound Synthesis (FIBS)
5 Previous Work (1) Formal Software Synthesis Safe Petri-Nets (PN) QSS [Lin: DATE ’ 98, DAC ’ 98] Free-Choice PN Net Decomposition + QSS [Sgroi: DAC ’ 99] Codesign FSM POLIS [Balarin: ICCD ’ 99] Timed Free-Choice PN QSS + RTS [Hsiung: CODES ’ 01]
6 Previous Work (2) Formal Software Verification Linear Hybrid Automata Coverification [Hsiung: CODES ’ 99, IEE ’ 00] Timed Automata Schedule-Verify-Map [Hsiung: COMPSAC ’ 00, JSA ’ 00] Formal OO Model Model Checking [Hsiung: RTAS ’ 01, APSEC ’ 01]
7 Previous Work (3) Formal Controller Synthesis Discrete Event Model [Ramadge, Wonham: SIAM-JCO ’ 87, IEEE-Proc ’ 89] Dense-Timed Model [Asarin: Hybrid ’ 95, Maler: STACS ’ 95, Wong-Toi: CDC ’ 97] Multimedia Scheduler [Altisen: RTSS ’ 99]
8 Formal Synthesis & Control (1) System Model: Time Free-Choice Petri Net (TFCPN) A TFCPN is a 5-tuple (P,T,F,M 0, ) such that: P is a set of places, T is a set of transitions, P T , P T = , F : (P T ) (T P ) N, a set of weighted arcs such that every arc from a place is either a unique outgoing arc or a unique incoming arc to a transition (FREE-CHOICE), M 0 :P N, the initial marking, (t ) = ( , ), t T, : EFT, : LFT.
9 Formal Synthesis & Control (2) Not A TFCPN A TFCPN
10 Formal Synthesis & Control (3) Soft Real-Time Behavior Model Timed Reachability Specification (TRS) A TRS for a TFCPN A = (P,T,F,M 0, ): ::= ~c p | ~c p | 1 2 ~ { , , , , }, p N |P |, 1, 2 : TRS formulae Reachability Properties: safeness, deadlines, boundedness, deadlock, starvation
11 Formal Synthesis & Control (4) Target Problem Soft Embedded Real-Time System Synthesis Given a system modeled by a set of TFCPN S = {A i | i = 1,2, …,n} and a TRS , S is to be synthesized by scheduling and by modifying firing interval bounds such that S is made to satisfy .
12 Formal Synthesis & Control (5) SERTS_Synthesize(S, , ) { // Quasi-Static Data Scheduling (QSDS) for each A i in S { B i = CF_Generate(A i ); // B i : set of CF components for each CF component A ij in B i { QSS ij = Quasi_Static_Schedule(A ij, ); if QSS ij = NULL { return QSS_Error;} else QSS i = QSS i {QSS ij }; } } // Firing Interval Bound Synthesis (FIBS) if Controller_Synthesize(S, QSS 1, …, QSS n, ) = NULL return FIBS_Error; else return Synthesized; }
13 Formal Synthesis & Control (6) TFCPN net decomposition Conflict-Free Components Finite Complete Cycle Deadlock-Free Quasi-Static Data Scheduled CF-Components Quasi-Static Data Scheduling (QSDS) check memory reqt. Valid Schedule
14 Formal Synthesis & Control (7) Firing Interval Bound Synthesis 2 issues in SERTS Control: Synchronization Wait: (after task completion) Real-Time Specification: (before deadlines) Solutions: Postpone Release Time: + w, w > 0 Advance Finish Time: n, n >0
15 Formal Synthesis & Control (8) Controller_Synthesize(S, QSS 1, …, QSS n, ) { for i = 1, …, n { for each schedule v ij QSS i { for each t k in v ij, t k in_trans(p), token (p)>0, p P i { = ( i=0,…,k i, i=0,…,k i ); // t 0,t 1,…,t k : prefix of v ij New_IBS i = IBS_Synthesize(v ij, t k, , i ); if M i = ~c and New_IBS i > Min_IBS i {Min_IBS i = New_IBS i ;} if M i = ~c Old_IBS i = Old_IBS i New_IBS i ; } } if M i = ~c and Min_IBS i NULL IBS_assign(Min_IBS i ); else if M i = ~c and Old_IBS i NULL IBS_assign(Old_IBS i ); else return NULL; } return ; }
16 Formal Synthesis & Control (9) Controller Synthesis Synthesizes transition firing interval bounds (FIB) such that S satisfies . Outputs minimally restricted FIB, which gives maximal sub-behavior of S satisfying .
17 Application Example (1) S = (F 1, F 2 ) : 7 30
18 Application Example (2) Conflict-Free Components of F 1
19 Application Example (3) Quasi-Static Data Scheduling for F 1 v 11 = (t 11 t 12 t 11 t 12 t 14 ), 11 (v 11 ) 22 v 12 = (t 11 t 13 t 15 t 15 ), 13 (v 12 ) 26 Valid schedules for F 1 1 = {(t 11 t 12 t 11 t 12 t 14 ), (t 11 t 13 t 15 t 15 )} 2 = {(t 11 t 13 t 15 t 15 ), (t 11 t 12 (t 11 t 13 t 15 t 15 ) k t 11 t 12 t 14 ), k N}
20 Application Example (4) Conflict-Free Components of F 2
21 Application Example (5) Quasi-Static Data Scheduling for F 2 v 21 = (t 21 t 22 (t 24 ) 2 (t 26 ) 4 t 28 t 29 t 26 ), 31 (v 21 ) 68 v 22 = (t 21 t 23 t 25 (t 27 ) 2 t 28 t 29 t 26 ), 15 (v 22 ) 36 Valid schedule for F 2 3 = {v 21, v 22 }
22 Application Example (6) Controller Synthesis Firing Interval Bound Synthesis for F 1 To satisfy 7, need only consider prefix of schedule v 12 = in 1 (result of prefix: 2 tokens in p 3 ): (t 11 ) + (t 13 ) (t 11 ) + (t 13 ) 8 Temporal Constraint ( 7) modify (t 13 ) into (3, 4) from the original (3, 5)
23 Application Example (7) Firing Interval Bound Synthesis for F 2 To satisfy 30 , need consider both schedules v 21 and v 22 in 3 (result of prefix: 1 token in p 7 ). Prefix of v 21 : 25 (t 21 t 22 (t 24 ) 2 (t 26 ) 4 t 28 ) 56 Temporal Constraint ( 30) modify (t 28 ) into (5, 5) from the original (0, 5) Prefix of v 22 : 11 (t 21 t 23 t 25 (t 27 ) 2 t 28 ) 28 Satisfaction of constraint ( 30) not possible.
24 Conclusion Formal automatic synthesis method for memory and soft real-time constraints Memory: Timed quasi-static data scheduling Soft Real-Time Constraints: Firing- interval bound synthesis Future Work: Generalize TFCPN model