Communicating Real-Time State Machines (CRSM) State machines that communicate synchronously Unique unidirectional channels are used for the communication (A. Shaw) Transitions are guarded commands All commands have execution or synchronization times associated with them

RT System Representation A real-time system is represented as a finite set of state machines, one of which represents the environment Machines communicate synchronously and instantaneously over unidirectional channels that connect pairs of machines A global description of the system consists of the set of machines and the channels.

Transitions Each transition is described by a guarded command:  The guard is a boolean expression

A Command an input or output command an internal command

Internal Commands An internal command can specify –a computation, or –a physical activity Examples are: c = 0  i := i +15 Going_up  (floor = 1)  Open_door

Time Constraint The execution time for an internal command c is given by a best/worst case pair, [ tmin(c), tmax(c) ] Example: open_gate [4, 12]

Channels State machines communicate via channels A channel is a direct connection between two state machines Channels are identified uniquely with name Each channel has an associated event or message type When the message component is empty, the channel designates a pure synchronization signal

Input/Output Commands An input/output can occur only if the event names (channels) of the communication match ( ) ? ( ) ! Examples (channel instances): –Trin! –Ch_valve (4)! –Ch_valve (valve)?

Machine Communication The I/O times are represented by pairs of times denoting the earliest and latest times that the I/O can occur after entering a given state. Example: Deposit (data) ! [7, 12]

I/O A communication between two machines is considered an I/O event

I/O Timing The I/O timing involves two machines: the sender and the receiver machines For each machine the timing constraint for the I/O defines the earliest and latest times that the communication can occur This times are relative to the time that the machine entered its current state The intersection of the sender and receiver intervals, defines the time that the actual communication is possible

I/O Timings Example There are two machines M1 in state U, and M2 in state X These two machines communicate via channel ch M1: ch (expr) ! [ a, b ] M2: ch (z) ? [ c, d ] Machine M1 entered state U at time t U Machine M2 entered state X at time t X If I/O occurs, it will happen at time: t = max ( t U + a, t X + c)

I/O Timings (2) Communications occur at the earliest time If the intervals of the machines that attempt to communicate do not intersect, I/O is not possible If ( t X + c) > ( t U + b ) is communication possible?

Real-Time Clock Every CRSM machine has its own real-time clock This is another special CRSM machine that will send the current value of real-time, rt, through a clock channel to its host machine, M A CRSM machine in state U can execute an I/O command Clock (x) ! [y]

RT Clock (Cont.) This will result in the assignment x = rt The assignment will occur at relative time y relative to the time machine M entered state U

Bounded Buffer Problem The problem is modeled with three machines: the producer, the consumer, and the buffer The producer deposits data elements into the buffer The consumer removes data elements from the buffer

Communication Diagram of the Bounded Buffer There are two channels: Deposit Remove

The Buffer Machine

The Buffer Machine (2) The buffer machine stores data in array Buf Variable in is an index of the next data element to insert into the buffer Variable out is an index of the next data element to remove from the buffer Variable full is a counter of the number of data elements in the buffer

Transitions in the Buffer The buffer starts in state Bo; it initializes its variables and transitions to state B1 taking a minimum of 2 and maximum of 3 time units In state B1, if the buffer is not full, it attempts to get data from channel Deposit ; then transitions to state B2. In state B2, the machine transitions to state B1; increments variables in and full. This takes a minimum of 4 and a maximum of 8 time units

Transitions in the Buffer (2) In state B1, if the buffer is not empty, it attempts to send data through channel Remove; then transitions to state B3. In state B3, it updates its variables and transitions to state B1.

Producer Machine

Consumer Machine

Timing Question If the following timings are present: Producer enters state P1 at time 1000 Consumer enters state C1 at time 1005 Buffer enters state B1 at time When do communications occur? 2.In what order?

Errors in Book The book has an error in the Buffer diagram, page 53. The book has another error in second paragraph, second line, of the section Real- Time Bounded Buffer Revisited.

Train Gate System A one-directional railway track crosses a road A gate at the crossing is lowered or raised under computer control A short distance from the crossing a sensor (entry sensor) detects approaching trains A short distance from the crossing a sensor (exit sensor) detects trains leaving the area.

Physical Requirements The gate must be closed whenever there are trains in the area (Safety property) The gate must be kept open when there are no trains in the area (Progress or liveness property)

Timing Requirements The arriving trains have an average inter- arrival interval, a The gate takes z time units to close (or open). Some of the communication include a time delay

Train Control A physical safety requirement of the system is that the gate is closed whenever there are trains in the area The physical liveness requirement is to keep the gate open if there are no trains in the area The controller C controls the gate with the openg (og) and closeg (cg) commands.

Timeouts Activity timeouts Communications timeout

Activity Timeouts The Gate takes a maximum of z time units to close or to open The controller process normally waits for the Gate to open or close If the Gate takes longer than the maximum allocated time, the controller flags a timeout for the gate and triggers an alarm

Communication Timeouts The real-time systems uses synchronous communications In the normal case, one of the processes, either the sender or the receiver, will wait for the other to establish the communication A communication timer object will interrupt a process attempting to communicate, on timeout.

Train Gate System Communication Diagram

Entry Sensor

Exit Sensor

Monitor (v1)

Monitor (v2)

Controller (v1)

Controller (v2)

Gate

Simulation Outputs Trace of events Performance measures –Number of trains serviced –Worst reaction time –Worst response time –Number of deadlines missed: Gate opening/closing Communication timeouts