3 Unit Course, Spring 2001 EECS Department, UC Berkeley Embedded Software Engineering Christoph Kirsch

It’s significant

It’s tricky

It’s risky

It’s fun

Problem Real-Time Computer System Controlled Object Operator Man-Machine Interface Instrumentation Interface Kopetz97 Methodologies for the implementation of embedded real-time applications Methodology: tool-supported, logical, compositional Implementation: compositional, scalable, dependable

Embedded Programming …requires the integration of: 1.Real-time scheduling/communication concepts 2.Programming language design 3.Compiler design 4.Classical software engineering techniques 5.Formal methods

Microcontroller Market Cost Performance

Mechatronics Fly-by-wire Drive-by-wire

Engine Controller Temporal accuracy of 3μsec Up to 100 concurrent software tasks Hard real-time: no missed 6000rpm, 10ms for 360º 0.1°

Video Streaming 25 frames/sec Dynamic resource allocation Soft real-time: degraded QoS

Real-Time Systems CharacteristicsHardSoft Response timeHard-requiredSoft-desired Peak-load performance PredictableDegraded Control of paceEnvironmentComputer RedundancyActiveCheckpoint Error detectionAutonomousUser assisted Kopetz97

Embedded Programming …requires the integration of: 1.Real-time scheduling/communication concepts 2.Programming language design 3.Compiler design 4.Classical software engineering techniques 5.Formal methods

Concurrency Task1Task2 Host Network Message1 Message2 In addition: Other resource constraints Time constraints

Real-Time Not later than Time Time-instantDeadline for

Real-Time Task fInputOutput Worst case execution time

Real-Time Scheduling terminateactivate PassiveActivation Active

Off-Line Scheduling terminateactivate PassiveTable Active Static System

On-Line Scheduling terminateactivate PassiveAlgorithm Active Dynamic System

Non-Preemptive Scheduling ReadyRun schedule terminateactivate PassiveActivation

Preemptive Scheduling ReadyRun schedule terminateactivate PassiveActivation preempt

Shared Resources ReadyRun Wait schedule preempt terminate busyfree activate PassiveActivation

Scheduling Problem Real-Time Scheduling SoftHard Off-lineOn-line PreemptiveNon-preemptive Preemptive

Earliest Due Date Time Processors P1P1 T1T1 T5T5 10 T1T1 T2T2 T3T3 T4T4 T5T5 CiCi didi T3T3 T4T4 T2T2 d1d1 d5d5 d3d3 d4d4 d2d2 Buttazzo97

Earliest Deadline First Time Tasks T1T1 T5T5 10 T1T1 T2T2 T3T3 T4T4 T5T5 aiai CiCi didi T3T3 T4T4 T2T2 T2T2 T4T4 Buttazzo97

Real-Time Periodic Task fInputOutput Worst case execution time Frequency

Rate Monotonic Analysis Time Tasks T1T1 10 T1T1 T2T2 CiCi 21 pipi 5 T2T2 T2T2 T1T1 T1T1 T1T1

Scheduling Anomalies T1T1 T9T9 T4T4 T8T8 T7T7 T6T6 T5T5 Time Processors P1P1 P2P2 P3P3 T1T1 T2T2 T3T3 T4T4 T6T6 T7T7 T9T9 12 T5T5 T8T8

Shorter Computation Times T1T1 T9T9 T4T4 T8T8 T7T7 T6T6 T5T5 Time Processors P1P1 P2P2 P3P3 T1T1 T2T2 T3T3 T4T4 T6T6 T7T7 T9T9 13 T5T5 T8T8

More Processors T1T1 T9T9 T4T4 T8T8 T7T7 T6T6 T5T5 Time Processors P1P1 P2P2 P3P3 P4P4 T1T1 T2T2 T3T3 T4T4 T5T5 T6T6 T7T7 T8T8 T9T9 15

Weaker Precedence T1T1 T9T9 T4T4 T6T6 T5T5 Time Processors P1P1 P2P2 P3P3 T1T1 T2T2 T3T3 T4T4 T7T7 T8T8 T9T9 16 T5T5 T6T6

Real-Time Communication Network Message1 Message2

Real-Time Message mSourceTarget Latency

Explicit Flow Control Network Message1 Message2 Send time not known a priori Sender can detect errors

Implicit Flow Control Network Message1 Message2 Send time is known a priori Receiver can detect errors

Explicit Flow Control: Priority Network Message1 Message2 Medium-Access Protocols: CSMA/CD - LON, Echelon 1990 CSMA/CA - CAN, Bosch 1990 FTDMA - Byteflight, BMW 2000 TDMA - TTP, Kopetz 1993

Control Area Network M1M1 M2M2 Time Messages M2M2 M1M

Implicit Flow Control: Time Network Message1 Message2 Medium-Access Protocols: FTDMA - Byteflight, BMW 2000 TDMA - TTP, Kopetz 1993

Time-Triggered Protocol M1M1 M2M2 Time Network N1N1 M1M1 M2M2 Slot 1 Slot 2

Literature RT scheduling: –Hard Real-Time Computing Systems: Predictable Scheduling Algorithms and Applications. G. Buttazzo. Kluwer, RT communication: –Real-Time Systems – Design Principles for Distributed Embedded Applications. H. Kopetz. Kluwer, –Byteflight, CAN papers.

Embedded Programming …requires the integration of: 1.Real-time scheduling/communication concepts 2.Programming language design 3.Compiler design 4.Classical software engineering techniques 5.Formal methods

Concurrency ControlData Task1Task2Task1Task2 Parallel CompositionI/O Decomposition

Control Operators ParallelChoice Sequential Loop

Real-Time State Time EventFrequency Time Change of state Function

Real World Time Data

Discrete Data Time d0d0 d1d1 d2d2 Data d3d3

State Time State 1 d0d0 State 2 Data State 0 d1d1 d2d2 d0d0 d1d1 d1d1 d2d2 d2d2 d3d3 d3d3

Continuous Time Time Interval Start EventTerminating Event t1t1 t2t2 State 1 Data

Digital Clock Time Data Granule t1t1 t2t2 Clock 1/(t2-t1) Hz

Discrete Time Time Data t1t1 t2t2 State 1

Event-Triggered (ET) System Time Data Change of state

Time-Triggered (TT) System Time Data Clock tick

Esterel - Giotto Esterel: –Synchronous reactive language –Event-triggered semantics Giotto: –Time-triggered semantics –Distributed platforms

Esterel: Operators Choice:Parallel: P || Qpresent S then P else Q Sequential: P ; QPQ P Q P Q

Esterel: Event Event: Time emit S Loop: loop P each SP await S

Event - Reaction fEventReaction

Esterel: Controller module normal: input A, B, R; output O; loop [ await A || await B ]; emit O each R end module R?R? R?R?R?R? A?.~R?.O! A?.~R?B?.~R? B?.~R?.O! A?.B?.~R?.O!

Giotto: Operators Choice:Parallel: ModeProgram Sequential: Task

Giotto: Time Sequential: Task Time InputOutput

Sensor - Control Law - Actuator fSensorsActuators

Giotto: Helicopter Control mode normal ( ) period 20ms { taskfreq 1 do servo = Control ( position ) ; taskfreq 4 do position = Navigation ( GPS, position ) ; }

50Hz Semantics Task 200Hz msec

Input Task msec

Computation Task msec Control LawNavigation Integrator

Output Task msec

Literature Esterel: –The Foundations of Esterel. G. Berry. In Proof, Language and Interaction: Essays in Honour of Robin Milner. G. Plotkin, C. Stirling and M. Tofte, editors. MIT Press, –Synchronous programming of reactive systems. N. Halbwachs. Kluwer, Giotto: –Embedded Control System Development with Giotto. B. Horowitz, T. Henzinger, C. Kirsch –Giotto: A Time-Triggered Language for Embedded Programming. B. Horowitz, T. Henzinger, C. Kirsch

Embedded Programming …requires the integration of: 1.Real-time scheduling/communication concepts 2.Programming language design 3.Compiler design 4.Classical software engineering techniques 5.Formal methods

Concurrency Task1Task2Task1Task2 Parallel CompositionI/O Decomposition Task1Task2; Task1; Task2 Task1

Real-Time Task1Task2;;Task1Task3Task2Task1; Time Event DeadlineTime Frequency

50Hz Helicopter Control Task 200Hz msec

Read Task msec Input

Write Task msec Output

Worst Case Execution Time Task msec Control LawNavigation Integrator

Deadline Task msec

Code Task msec

Literature Some compiler books: –Compilers, Principles, Techniques, and Tools. A.V. Aho, R. Sethi, J.D. Ullman. Addison- Wesley, –Compiler Design. R. Wilhelm, D. Maurer. Addison- Wesley, 1995.

Embedded Programming …requires the integration of: 1.Real-time scheduling/communication concepts 2.Programming language design 3.Compiler design 4.Classical software engineering techniques 5.Formal methods

Real-Time Task fInputOutput Worst case execution time

Type Abstract Data Type Interface: Set of methods

Empty Abstract Interface Interface: Set of methods

Application-dependent Framework Application-dependent Application-independent

? Type vs. Task Interface: Set of methods InputOutput

Literature Patterns & Frameworks: –Design Patterns: Elements of Reusable Object Oriented Software. E. Gamma, J. Vlissides, R. Johnson, R. Helm. Addison Wesley, –Design Patterns for Object-Oriented Software Development. W. Pree, E. Gamma. Addison Wesley, 1995.

Embedded Programming …requires the integration of: 1.Real-time scheduling/communication concepts 2.Programming language design 3.Compiler design 4.Classical software engineering techniques 5.Formal methods

Formal Verification Time SafetyLiveness Control Data Safety: Wrong things never happen! Liveness: Something useful will happen eventually! Property Space

Language Hierarchy Design Model Program Executable Non-Deterministic synthesizeanalyze compile expand Deterministic Sequential Universal Macros Automata Code Machine

Non-Determinism ParallelChoice Sequential Non-Determinism A E Programming OperatorsModeling Operator

Esterel: Verification EsterelProperty Automata Esterel Abstraction“Bisimulation” Model Checking

Esterel: Hierarchy Design Model Esterel Executable Bisimulation compile Non-Det. Automata Deterministic Code Sequential Circuit Model Checking

Giotto: Verification GiottoProperty MasaccioAutomata Masaccio Model Checking Abstraction“Refinement”

Giotto: Hierarchy ? Masaccio Giotto Executable synthesizeRefinement compile expand Hybrid Modules Deterministic Code Seq. Stack Machine Model Checking

Giotto: Hierarchy

Literature Esterel: Giotto: –T.A. Henzinger. Masaccio: A Formal Model for Embedded Components. LNCS 1872, Springer, 2000, pp

End