1

Formal Synthesis and Control of Soft Embedded Real-Time

Systems

Pao-Ann HsiungNational Chung Cheng University

Dept. of Computer Science and Information Engineering

Chiayi – 621, Taiwan, R.O.C.

21st IFIP International Conference on Formal Techniques for Networked and Distributed Systems (FORTE’01),

August 28 – 31, 2001.

2

Outline Introduction Previous Work Formal Synthesis and Control Application Example Conclusion

3

Introduction (1)

Soft Embedded Real-Time Systems (SERTS)

May Miss a Few

Deadlines

Flexible Deadlin

e Intervals

Small Memory Footprin

t

High Reliabilit

y and Stability

4

Introduction (2) SERTS Design Issues:

Bounded Memory Execution

Soft Real-Time Constraints

Proposed Solutions: Quasi-Static Data Scheduling (QSDS) Firing-Interval Bound Synthesis (FIBS)

5

Previous Work (1)Formal Software Synthesis

Safe Petri-Nets (PN) QSS [Lin: DATE’98, DAC’98]

Free-Choice PN Net Decomposition + QSS [Sgroi: DAC’99]

Codesign FSM POLIS [Balarin: ICCD’99]

Timed Free-Choice PN QSS + RTS [Hsiung: CODES’01]

6

Previous Work (2)

Formal Software Verification

Linear Hybrid Automata Coverification[Hsiung: CODES’99, IEE’00]

Timed Automata Schedule-Verify-Map

[Hsiung: COMPSAC’00, JSA’00] Formal OO Model Model Checking

[Hsiung: RTAS’01, APSEC’01]

7

Previous Work (3)Formal Controller Synthesis

Discrete Event Model [Ramadge, Wonham: SIAM-JCO’87, IEEE-Proc’89]

Dense-Timed Model [Asarin: Hybrid’95, Maler: STACS’95, Wong-Toi: CDC’97]

Multimedia Scheduler [Altisen: RTSS’99]

8

Formal Synthesis & Control (1)System Model: Time Free-Choice Petri Net

(TFCPN)A TFCPN is a 5-tuple (P,T,F,M0,) such that: P is a set of places, T is a set of transitions, P T , P T = , F : (P T ) (T P ) N, a set of weighted arcs

such that every arc from a place is either a unique outgoing arc or a unique incoming arc to a transition (FREE-CHOICE),

M0:P N, the initial marking, (t ) = (, ), t T, : EFT, : LFT.

9

Formal Synthesis & Control (2)

Not A TFCPN

t1(2, 3)

t2(0, 5)

t4(4, 7)

t3(2, 8)

3

p1

p2

p3

p4

A TFCPN

10

Formal Synthesis & Control (3)

Soft Real-Time Behavior ModelTimed Reachability Specification (TRS)

A TRS for a TFCPN A = (P,T,F,M0,): ::= ~c p | ~c p | 1 2

~{,,,,}, p N|P |, 1, 2: TRS formulae

Reachability Properties: safeness, deadlines, boundedness, deadlock, starvation

11

Formal Synthesis & Control (4)

Target Problem

Soft Embedded Real-Time System Synthesis

Given a system modeled by a set of TFCPN S = {Ai | i = 1,2,…,n} and a TRS , S is to be synthesized by scheduling and by modifying firing interval bounds such that S is made to satisfy .

12

Formal Synthesis & Control (5)

SERTS_Synthesize(S, , ) {// Quasi-Static Data Scheduling (QSDS)

for each Ai in S { Bi = CF_Generate(Ai); // Bi : set of CF componentsfor each CF component Aij in Bi { QSSij = Quasi_Static_Schedule(Aij, ); if QSSij = NULL { return QSS_Error;} else QSSi = QSSi {QSSij}; } }

// Firing Interval Bound Synthesis (FIBS)if Controller_Synthesize(S, QSS1, …, QSSn, ) = NULL

return FIBS_Error;else return Synthesized; }

13

Formal Synthesis & Control (6)

TFCPN net

decomposition

Conflict-Free

Components

Finite Complete Cycle

Deadlock-Free

Quasi-Static Data Scheduled CF-ComponentsQuasi-Static Data Scheduling

(QSDS)

check

memory reqt.Valid

Schedule

14

Formal Synthesis & Control (7)

Firing Interval Bound Synthesis

2 issues in SERTS Control: Synchronization Wait: (after task completion) Real-Time Specification: (before deadlines)

Solutions: Postpone Release Time: + w, w> 0

Advance Finish Time: n, n>0

15

Formal Synthesis & Control (8)Controller_Synthesize(S, QSS1, …, QSSn, ) {for i = 1, …, n {

for each schedule vij QSSi {for each tk in vij , tk in_trans(p), token(p)>0, p Pi { = (i=0,…,ki , i=0,…,k i); // t0,t1,…,tk: prefix of vij

New_IBSi = IBS_Synthesize(vij , tk , , i); if Mi = ~c and New_IBSi > Min_IBSi {Min_IBSi = New_IBSi;} if Mi = ~c Old_IBSi = Old_IBSi New_IBSi ; } }if Mi = ~c and Min_IBSi NULL IBS_assign(Min_IBSi);else if Mi = ~c and Old_IBSi NULL IBS_assign(Old_IBSi);else return NULL; }

return ; }

16

Formal Synthesis & Control (9)

Controller Synthesis

Synthesizes transition firing interval bounds (FIB) such that S satisfies .

Outputs minimally restricted FIB, which gives maximal sub-behavior of S satisfying .

17

Application Example (1)

S = (F1, F2)

: 7<002> 300000001

t11(2, 3)

t12(1, 3)

t13(3, 5)

p1

p2

p3

2

t14(5, 10)

t15(4, 9)

2

F1:

t21(0, 1)

t22(1, 2)

t23(1, 2)

p7

p2

p3

2

t24(2, 4)

t25(2, 4)

2

2

p4

p5

p6

t27(4, 8)

t26(5, 10)

2

t28(0, 5) t29(1, 2) F2:

p1

18

Application Example (2)

t11(2, 3)

t12(1, 3)

p1

p2 2

t14(5, 10)

t11(2, 3)

t13(3, 5)

p1

p3 t15(4, 9)

2 R12:

R11:

Conflict-Free Components of F1

19

Application Example (3)

Quasi-Static Data Scheduling for F1

v11 = (t11t12t11t12t14), 11 (v11) 22 v12 = (t11t13t15t15), 13 (v12) 26

Valid schedules for F1

1 = {(t11t12t11t12t14), (t11t13t15t15)} 2 = {(t11t13t15t15), (t11t12 (t11t13t15t15)k

t11t12t14), k N}

20

Application Example (4)

t21(0, 1)

t22(1, 2)

p7

p2 2

t24(2, 4)

2 p4

t26(5, 10)

t28(0, 5) t29(1, 2)

t21(0, 1)

t23(1, 2)

p7

p3 t25(2, 4)

2

p4

p5

p6

t27(4, 8)

t26(5, 10)

2

t28(0, 5) t29(1, 2)

R21:

R22:

p1

p1

Conflict-Free

Components of F2

21

Application Example (5)Quasi-Static Data Scheduling for F2

v21 = (t21t22(t24)2(t26)4t28t29t26), 31 (v21) 68

v22 = (t21t23t25(t27)2t28t29t26), 15 (v22) 36

Valid schedule for F2

3 = {v21 , v22}

22

Application Example (6)Controller Synthesis

Firing Interval Bound Synthesis for F1

To satisfy 7<002>, need only consider prefix <t11t13> of schedule v12 = <t11t13t15t15> in 1 (result of prefix: 2 tokens in p3):

2 + 3 (t11) + (t13) 3 + 5

5 (t11) + (t13) 8

Temporal Constraint ( 7) modify (t13) into (3, 4) from the original (3, 5)

23

Application Example (7)Firing Interval Bound Synthesis for F2

To satisfy 300000001, need consider both schedules v21 and v22 in 3

(result of prefix: 1 token in p7).

Prefix of v21: 25 (t21t22(t24)2(t26)4t28) 56

Temporal Constraint ( 30) modify (t28) into (5, 5) from the original (0, 5)

Prefix of v22: 11 (t21t23t25(t27)2t28) 28

Satisfaction of constraint ( 30) not possible.

24

Conclusion Formal automatic synthesis method

for memory and soft real-time constraints

Memory: Timed quasi-static data scheduling

Soft Real-Time Constraints: Firing-interval bound synthesis

Future Work: Generalize TFCPN model