Automatic generation of discrete handlers of real-time ... · Automatic generation of discrete...
Transcript of Automatic generation of discrete handlers of real-time ... · Automatic generation of discrete...
Automatic generation ofdiscrete handlers
of real-time continuous control tasks
Soufyane Aboubekr, Gwenaël Delaval, Roger Pissard-Gibollet,Eric Rutten, Daniel Simon
INRIA Grenoble � LIG & GIPSA-Lab
CAR � May 2010
Motivation Orccad BZR Case study Discrete control handlers Perspectives
Real-Time Operating Systems and reactive control
Programming control systemscontinuous control loops ↔ tasks on RTOSperformance & quality ↔ periods, latencies
→ Orccad design environment
Discrete, reactive controllersevents, states, control modes ↔ automata (e.g., StateFlow)
model-based design ↔ synchronous languagesdiscrete control loops ↔ discrete controller synthesis (DCS)
→ BZR programming language
ContributionsDiscrete control handlers of continuous control tasks
1 integration of DCS via BZR in Orccad2 case study: robot arm controller
Motivation Orccad BZR Case study Discrete control handlers Perspectives
Real-Time Operating Systems and reactive control
Programming control systemscontinuous control loops ↔ tasks on RTOSperformance & quality ↔ periods, latencies
→ Orccad design environment
Discrete, reactive controllersevents, states, control modes ↔ automata (e.g., StateFlow)
model-based design ↔ synchronous languagesdiscrete control loops ↔ discrete controller synthesis (DCS)
→ BZR programming language
ContributionsDiscrete control handlers of continuous control tasks
1 integration of DCS via BZR in Orccad2 case study: robot arm controller
Motivation Orccad BZR Case study Discrete control handlers Perspectives
Real-Time Operating Systems and reactive control
Programming control systemscontinuous control loops ↔ tasks on RTOSperformance & quality ↔ periods, latencies
→ Orccad design environment
Discrete, reactive controllersevents, states, control modes ↔ automata (e.g., StateFlow)
model-based design ↔ synchronous languagesdiscrete control loops ↔ discrete controller synthesis (DCS)
→ BZR programming language
ContributionsDiscrete control handlers of continuous control tasks
1 integration of DCS via BZR in Orccad2 case study: robot arm controller
Motivation Orccad BZR Case study Discrete control handlers Perspectives
Programming control systems in Orccad (continuous)
Orccad: design, validation, implementation of robotic applications
Real-time tasks for continuous control:
�xed-rate sampling,or multi-rate
control/schedulingco-design : periods,latencies, gains
Robot-Task (RT):encapsulation in areactive shell
Reactive shell
External view (Discrete events)
START
Drivers
Observer Observer
ControlControl
Control law (Discretized time)
T2_UnStableCam
STARTEDGood_End
T3_SENSOR_FAILED
ABORT
Timeout
Suspend
Resume
UnStableCam
Motivation Orccad BZR Case study Discrete control handlers Perspectives
Programming control systems in Orccad (discrete)
Automata for task management
Generic control of RTs, with events for: synchronizations,exceptions (3 types), pre & postconditions
Missions design: assembling RTs (abstracted to automata)into hierarchical Robot Procedures (RPs)
Speci�cation and validation: Esterel synchronous language
Real-time execution machine for the synchronous automata
Position of the contribution in this work:
instead of programming then verifying,
use DCS to generate correct task controllers
Motivation Orccad BZR Case study Discrete control handlers Perspectives
Programming control systems in Orccad (discrete)
Automata for task management
Generic control of RTs, with events for: synchronizations,exceptions (3 types), pre & postconditions
Missions design: assembling RTs (abstracted to automata)into hierarchical Robot Procedures (RPs)
Speci�cation and validation: Esterel synchronous language
Real-time execution machine for the synchronous automata
Position of the contribution in this work:
instead of programming then verifying,
use DCS to generate correct task controllers
Motivation Orccad BZR Case study Discrete control handlers Perspectives
Discrete
Control Techniques for Adaptive Computing
Use of Discrete Event Systems and supervisory control:Petri nets, language theory (R&W), automata (synchronous)
Control of computation adaptation as a closed control loop
BZR programming language, and Discrete Controller Synthesisto compute the decision component (controller)
decision
representationsystem
systemmanaged
policy / strategy
monitor execute
modelautomaton
systemmanaged
BZR program
executemonitor
DCS ctrlr
Motivation Orccad BZR Case study Discrete control handlers Perspectives
Discrete Control Techniques for Adaptive Computing
Use of Discrete Event Systems and supervisory control:Petri nets, language theory (R&W), automata (synchronous)
Control of computation adaptation as a closed control loop
BZR programming language, and Discrete Controller Synthesisto compute the decision component (controller)
decision
representationsystem
systemmanaged
policy / strategy
monitor execute
modelautomaton
systemmanaged
BZR program
executemonitor
DCS ctrlr
Motivation Orccad BZR Case study Discrete control handlers Perspectives
Discrete Control Techniques for Adaptive Computing
Use of Discrete Event Systems and supervisory control:Petri nets, language theory (R&W), automata (synchronous)
Control of computation adaptation as a closed control loop
BZR programming language, and Discrete Controller Synthesisto compute the decision component (controller)
decision
representationsystem
systemmanaged
policy / strategy
monitor execute
modelautomaton
systemmanaged
BZR program
executemonitor
DCS ctrlr
Motivation Orccad BZR Case study Discrete control handlers Perspectives
Examples of discrete computing modes
state ↔ con�gurationresource access, level of consumption/quality, ...
computation task control(example of Heptagon node)
modes: algorithm variants for afunctionality (resource, QoS)
placement and migration: taskTi on processor/core Pj
resource budgeting: proc./coretaken for other application
r∧¬c
delayable(r,c,e) = act
Idle Wait
Active
act = false act = false
act = true
c
e r∧c
fault tolerance: migration/rollback upon processor failure
architecture control: frequency, DVS, stand-by in MPSoC
Motivation Orccad BZR Case study Discrete control handlers Perspectives
Discrete controller synthesis: principle
Goal
Enforcing a temporal property Φ on a system (on which Φ does nota priori hold)
Principle (on implicit equational representation)
State memoryTrans transition functionOut output function
Partition of inputs into controllable (Y c) and uncontrollable(Y u) inputs
Computation of a controller, maximally permissive, such as thecontrolled system satis�es Φ
tool: sigali (H. Marchand, INRIA Rennes)
Motivation Orccad BZR Case study Discrete control handlers Perspectives
Discrete controller synthesis: principle
Goal
Enforcing a temporal property Φ on a system (on which Φ does nota priori hold)
Principle (on implicit equational representation)
State memoryTrans transition functionOut output function
Trans State OutZY
Partition of inputs into controllable (Y c) and uncontrollable(Y u) inputs
Computation of a controller, maximally permissive, such as thecontrolled system satis�es Φ
tool: sigali (H. Marchand, INRIA Rennes)
Motivation Orccad BZR Case study Discrete control handlers Perspectives
Discrete controller synthesis: principle
Goal
Enforcing a temporal property Φ on a system (on which Φ does nota priori hold)
Principle (on implicit equational representation)
State memoryTrans transition functionOut output function
Y c
Y u Trans State OutZY
Partition of inputs into controllable (Y c) and uncontrollable(Y u) inputs
Computation of a controller, maximally permissive, such as thecontrolled system satis�es Φ
tool: sigali (H. Marchand, INRIA Rennes)
Motivation Orccad BZR Case study Discrete control handlers Perspectives
Discrete controller synthesis: principle
Goal
Enforcing a temporal property Φ on a system (on which Φ does nota priori hold)
Principle (on implicit equational representation)
State memoryTrans transition functionOut output function
Ctrlr Y c
Y u Trans State OutZY
Partition of inputs into controllable (Y c) and uncontrollable(Y u) inputs
Computation of a controller, maximally permissive, such as thecontrolled system satis�es Φ
tool: sigali (H. Marchand, INRIA Rennes)
Motivation Orccad BZR Case study Discrete control handlers Perspectives
BZR: contracts and DCS
f (x1, . . . , xn) = (y1, . . . , yp)eA =⇒ eG
with c1, . . . , cq
y1 = f1(x1, . . . , xn, c1, . . . , cq)· · ·yp = fp(x1, . . . , xn, c1, . . . , cq)
OutCTrC StC
Trans StateCtrlr
eA, eG
xi
contract
Outyj
ck
body
built on top of heptagon synchronous nodes (M. Pouzet e.a.)
contract construct :
assuming eA (on the environment), enforce objective eG
by constraining the additional controllable variablesc1, . . . , cq local to the component (with)
encoded as a DCS problem (invariance)computes a local controller for each component
[ACM LCTES'10]
Motivation Orccad BZR Case study Discrete control handlers Perspectives
BZR: contracts and DCS
f (x1, . . . , xn) = (y1, . . . , yp)eA =⇒ eG
with c1, . . . , cq
y1 = f1(x1, . . . , xn, c1, . . . , cq)· · ·yp = fp(x1, . . . , xn, c1, . . . , cq)
OutCTrC StC
Trans StateCtrlr
eA, eG
xi
contract
Outyj
ck
body
built on top of heptagon synchronous nodes (M. Pouzet e.a.)
contract construct :
assuming eA (on the environment), enforce objective eG
by constraining the additional controllable variablesc1, . . . , cq local to the component (with)
encoded as a DCS problem (invariance)computes a local controller for each component
[ACM LCTES'10]
Motivation Orccad BZR Case study Discrete control handlers Perspectives
BZR: contracts and DCS
f (x1, . . . , xn) = (y1, . . . , yp)eA =⇒ eG
with c1, . . . , cq
y1 = f1(x1, . . . , xn, c1, . . . , cq)· · ·yp = fp(x1, . . . , xn, c1, . . . , cq)
OutCTrC StC
Trans StateCtrlr
eA, eG
xi
contract
Outyj
ck
body
built on top of heptagon synchronous nodes (M. Pouzet e.a.)
contract construct :
assuming eA (on the environment), enforce objective eG
by constraining the additional controllable variablesc1, . . . , cq local to the component (with)
encoded as a DCS problem (invariance)computes a local controller for each component
[ACM LCTES'10]
Motivation Orccad BZR Case study Discrete control handlers Perspectives
BZR: contracts and DCS
f (x1, . . . , xn) = (y1, . . . , yp)eA =⇒ eG
with c1, . . . , cq
y1 = f1(x1, . . . , xn, c1, . . . , cq)· · ·yp = fp(x1, . . . , xn, c1, . . . , cq)
OutCTrC StC
Trans StateCtrlr
eA, eG
xi
contract
Outyj
ck
body
built on top of heptagon synchronous nodes (M. Pouzet e.a.)
contract construct :
assuming eA (on the environment), enforce objective eG
by constraining the additional controllable variablesc1, . . . , cq local to the component (with)
encoded as a DCS problem (invariance)computes a local controller for each component
[ACM LCTES'10]
Motivation Orccad BZR Case study Discrete control handlers Perspectives
Compilation & implementation
������������������������������������������������
������������������������������������������������
����������������������������������������
����������������������������������������
����������������������������������������
����������������������������������������
...
(synchronous)compiler
(synchronous)compiler
objectives
contracts automata
transitionsystem
(synchronous)DCS tool
controller(constraint)
triangularizetransl. to eq.
controller(function)
compose
controlledautomata
sequential codeJavaC
withcontracts
BZR speci�cation
extension
Development process:integration in computing system
(here: Orccad):
constraint
generated C code
resolution)(with constraint
executiveReal-time
Xenomai)(C, Linux/
RT & RPautomata& contract
BZR compiler
spec.
Orccad extract
link
synchronouscompiler
DCSseq. C code
Bool. eq.& obj.
Motivation Orccad BZR Case study Discrete control handlers Perspectives
Compilation & implementation
������������������������������������������������
������������������������������������������������
����������������������������������������
����������������������������������������
����������������������������������������
����������������������������������������
...
(synchronous)compiler
(synchronous)compiler
objectives
contracts automata
transitionsystem
(synchronous)DCS tool
controller(constraint)
triangularizetransl. to eq.
controller(function)
compose
controlledautomata
sequential codeJavaC
withcontracts
BZR speci�cation
extension
Development process:integration in computing system
(here: Orccad):
constraint
generated C code
resolution)(with constraint
executiveReal-time
Xenomai)(C, Linux/
RT & RPautomata& contract
BZR compiler
spec.
Orccad extract
link
synchronouscompiler
DCSseq. C code
Bool. eq.& obj.
Motivation Orccad BZR Case study Discrete control handlers Perspectives
Case study: ArmX robot arm
two linksrotational joints (q1,q2)
robotic tool changertwo tools: gripper, pointer
application: when target isinside workspace: followoutside: point towardswith appropriate tool
Four RTs:
joint space move
cartesian space move
target aiming(trajectory following)
tool change (at initialposition (q1 = 0, q2 = 0))
ArmX 2D simulation
Motivation Orccad BZR Case study Discrete control handlers Perspectives
Case study: ArmX robot arm
two linksrotational joints (q1,q2)
robotic tool changertwo tools: gripper, pointer
application: when target isinside workspace: followoutside: point towardswith appropriate tool
Four RTs:
joint space move
cartesian space move
target aiming(trajectory following)
tool change (at initialposition (q1 = 0, q2 = 0))
ArmX 2D simulation
Motivation Orccad BZR Case study Discrete control handlers Perspectives
Case study: ArmX robot arm
two linksrotational joints (q1,q2)
robotic tool changertwo tools: gripper, pointer
application: when target isinside workspace: followoutside: point towardswith appropriate tool
Four RTs:
joint space move
cartesian space move
target aiming(trajectory following)
tool change (at initialposition (q1 = 0, q2 = 0))
ArmX 2D simulation
Motivation Orccad BZR Case study Discrete control handlers Perspectives
Case study: ArmX robot arm
two linksrotational joints (q1,q2)
robotic tool changertwo tools: gripper, pointer
application: when target isinside workspace: followoutside: point towardswith appropriate tool
Four RTs:
joint space move
cartesian space move
target aiming(trajectory following)
tool change (at initialposition (q1 = 0, q2 = 0))
ArmX 2D simulation
Motivation Orccad BZR Case study Discrete control handlers Perspectives
Case study: ArmX robot arm
two linksrotational joints (q1,q2)
robotic tool changertwo tools: gripper, pointer
application: when target isinside workspace: followoutside: point towardswith appropriate tool
Four RTs:
joint space move
cartesian space move
target aiming(trajectory following)
tool change (at initialposition (q1 = 0, q2 = 0))
ArmX 2D simulation
Motivation Orccad BZR Case study Discrete control handlers Perspectives
Discrete control handlers of continuous control tasks
Discrete control of tasks sequencings and mode changes
Discrete and continuous layers
tasksreal-time
robotsystem
sensors actuators
DCS ctrlr
tasks automataapplication &
computingsystem
physicalsystem
control loop
continuous
discretecontrol loop
exceptions,stops activations
BZR program
Local task automata, coordinated by application automatawith discrete supervisor, enforcing logical objective
Motivation Orccad BZR Case study Discrete control handlers Perspectives
Discrete control handlers of continuous control tasks
Discrete control of tasks sequencings and mode changes
Discrete and continuous layers
tasksreal-time
robotsystem
sensors actuators
DCS ctrlr
tasks automataapplication &
computingsystem
physicalsystem
control loop
continuous
discretecontrol loop
exceptions,stops activations
BZR program
Local task automata, coordinated by application automatawith discrete supervisor, enforcing logical objective
Motivation Orccad BZR Case study Discrete control handlers Perspectives
Language-level integration: Robot Tasks
BZR/Heptagon programming of the generic RT control automatonExample of ArmXcmove:
t2_Reconf
activate_ArmXcmove_WinX
T3_ArmXcmoveOutbound
Outwork
ReadyToStart/ReadyToStart_WinX
FinTransite_WinX
/ActivateArmXcmove_WinX,Prev_rt_WinX
T3 = Errtrack or Outbound or Redbut
START_ArmXcmove
FinTransite_WinX
RS
A
Trap_AbortAI
I
Trap_T3
Reconf
Errtrack
T3
T3 / T3_ArmXcmove
START_ArmXcmove / Started_ArmXcmove
readyToStart_WinX
prev_rt_WinX
Outwork / goodEndCmove
/t2_Reconf,t2_ArmXcmoveReconfor
Redbut
started_ArmXcmove
goodEndCmove
t2_ArmXcmove
inputs & outputs: interaction with application level, andfrom sensors and RTOS, to RTOS
behaviour: phases (initialization, control)exceptions (T2, T3)
Motivation Orccad BZR Case study Discrete control handlers Perspectives
Language-level integration: Robot Tasks
BZR/Heptagon programming of the generic RT control automatonExample of ArmXcmove:
t2_Reconf
activate_ArmXcmove_WinX
T3_ArmXcmoveOutbound
Outwork
ReadyToStart/ReadyToStart_WinX
FinTransite_WinX
/ActivateArmXcmove_WinX,Prev_rt_WinX
T3 = Errtrack or Outbound or Redbut
START_ArmXcmove
FinTransite_WinX
RS
A
Trap_AbortAI
I
Trap_T3
Reconf
Errtrack
T3
T3 / T3_ArmXcmove
START_ArmXcmove / Started_ArmXcmove
readyToStart_WinX
prev_rt_WinX
Outwork / goodEndCmove
/t2_Reconf,t2_ArmXcmoveReconfor
Redbut
started_ArmXcmove
goodEndCmove
t2_ArmXcmove
inputs & outputs: interaction with application level, andfrom sensors and RTOS, to RTOS
behaviour: phases (initialization, control)exceptions (T2, T3)
Motivation Orccad BZR Case study Discrete control handlers Perspectives
Language-level integration: Robot Tasks
BZR/Heptagon programming of the generic RT control automatonExample of ArmXcmove:
t2_Reconf
activate_ArmXcmove_WinX
T3_ArmXcmoveOutbound
Outwork
ReadyToStart/ReadyToStart_WinX
FinTransite_WinX
/ActivateArmXcmove_WinX,Prev_rt_WinX
T3 = Errtrack or Outbound or Redbut
START_ArmXcmove
FinTransite_WinX
RS
A
Trap_AbortAI
I
Trap_T3
Reconf
Errtrack
T3
T3 / T3_ArmXcmove
START_ArmXcmove / Started_ArmXcmove
readyToStart_WinX
prev_rt_WinX
Outwork / goodEndCmove
/t2_Reconf,t2_ArmXcmoveReconfor
Redbut
started_ArmXcmove
goodEndCmove
t2_ArmXcmove
inputs & outputs: interaction with application level, andfrom sensors and RTOS, to RTOS
behaviour: phases (initialization, control)exceptions (T2, T3)
Motivation Orccad BZR Case study Discrete control handlers Perspectives
Language-level integration: Robot Procedure
Global automaton: synchronous compositionof local task automata and application
Example: complete BZR program (simpli�ed).
application Task C Task CTTask FTask JoutWork
inWork
T2C
StartCTStartFStartJStartC
goodEndJmove goodEndCT
Motivation Orccad BZR Case study Discrete control handlers Perspectives
Language-level integration: Robot Procedure
Global automaton: synchronous compositionof local task automata and application
Example: complete BZR program (simpli�ed).
application Task C Task CTTask FTask JoutWork
inWork
T2C
StartCTStartFStartJStartC
goodEndJmove goodEndCT
Motivation Orccad BZR Case study Discrete control handlers Perspectives
Global BZR node, with contract
node procRobot (goodEndCT,goodEndJmove,t2,outWork,inWork:bool)
returns ( startC, startF, startJ, startCT:bool)
goodtool = ( ActifCJ implies CTcj) & (ActifF implies CTf);
ex = ActifF xor ActifCJ xor ActifCT;
assume (not (inWork & outWork))
enforce (goodtool)
with (ok1,ok2,ok3:bool)
ActifJActifC
InitinWork and not ok2inWork and ok2 / startC
Wait
ok2 / startC
goodEndJmove / startC
T2 / startJActifCJ
outWork outWorkok3 / startCT
Init ActifCT
goodEndCT
goodEndCT
CTfCTcj
goodEndCT
Wait
Init
inWorkinWork
ActifF
ok1 / startFoutWork and
ok1 / startF
outWork and not ok1
BZR programming methodology:
possible behaviors
: 4 automata in ‖ : 1 observer, 3 task mgrsTasks F and C/J can be delayed by control (ok1, ok2)Task CT can be triggered by control (ok3)
declarative contract
: (with assumption)
right tool for right task: goodtool
mutual exclusion and default control: ex
Motivation Orccad BZR Case study Discrete control handlers Perspectives
Global BZR node, with contract
node procRobot (goodEndCT,goodEndJmove,t2,outWork,inWork:bool)
returns ( startC, startF, startJ, startCT:bool)
goodtool = ( ActifCJ implies CTcj) & (ActifF implies CTf);
ex = ActifF xor ActifCJ xor ActifCT;
assume (not (inWork & outWork))
enforce (goodtool)
with (ok1,ok2,ok3:bool)
ActifJActifC
InitinWork and not ok2inWork and ok2 / startC
Wait
ok2 / startC
goodEndJmove / startC
T2 / startJActifCJ
outWork outWorkok3 / startCT
Init ActifCT
goodEndCT
goodEndCT
CTfCTcj
goodEndCT
Wait
Init
inWorkinWork
ActifF
ok1 / startFoutWork and
ok1 / startF
outWork and not ok1
BZR programming methodology:
possible behaviors: 4 automata in ‖ : 1 observer, 3 task mgrsTasks F and C/J can be delayed by control (ok1, ok2)Task CT can be triggered by control (ok3)
declarative contract
: (with assumption)
right tool for right task: goodtool
mutual exclusion and default control: ex
Motivation Orccad BZR Case study Discrete control handlers Perspectives
Global BZR node, with contract
node procRobot (goodEndCT,goodEndJmove,t2,outWork,inWork:bool)
returns ( startC, startF, startJ, startCT:bool)
goodtool = ( ActifCJ implies CTcj) & (ActifF implies CTf);
ex = ActifF xor ActifCJ xor ActifCT;
assume (not (inWork & outWork))
enforce (goodtool)
with (ok1,ok2,ok3:bool)
ActifJActifC
InitinWork and not ok2inWork and ok2 / startC
Wait
ok2 / startC
goodEndJmove / startC
T2 / startJActifCJ
outWork outWorkok3 / startCT
Init ActifCT
goodEndCT
goodEndCT
CTfCTcj
goodEndCT
Wait
Init
inWorkinWork
ActifF
ok1 / startFoutWork and
ok1 / startF
outWork and not ok1
BZR programming methodology:
possible behaviors: 4 automata in ‖ : 1 observer, 3 task mgrsTasks F and C/J can be delayed by control (ok1, ok2)Task CT can be triggered by control (ok3)
declarative contract: (with assumption)
right tool for right task: goodtool
mutual exclusion and default control: ex
Motivation Orccad BZR Case study Discrete control handlers Perspectives
Global BZR node, with contract
node procRobot (goodEndCT,goodEndJmove,t2,outWork,inWork:bool)
returns ( startC, startF, startJ, startCT:bool)
goodtool = ( ActifCJ implies CTcj) & (ActifF implies CTf);
ex = ActifF xor ActifCJ xor ActifCT;
assume (not (inWork & outWork))
enforce (goodtool & ex)
with (ok1,ok2,ok3:bool)
ActifJActifC
InitinWork and not ok2inWork and ok2 / startC
Wait
ok2 / startC
goodEndJmove / startC
T2 / startJActifCJ
outWork outWorkok3 / startCT
Init ActifCT
goodEndCT
goodEndCT
CTfCTcj
goodEndCT
Wait
Init
inWorkinWork
ActifF
ok1 / startFoutWork and
ok1 / startF
outWork and not ok1
BZR programming methodology:
possible behaviors: 4 automata in ‖ : 1 observer, 3 task mgrsTasks F and C/J can be delayed by control (ok1, ok2)Task CT can be triggered by control (ok3)
declarative contract: (with assumption)
right tool for right task: goodtoolmutual exclusion and default control: ex
Motivation Orccad BZR Case study Discrete control handlers Perspectives
Typical scenarionode procRobot (goodEndCT,goodEndJmove,t2,outWork,inWork:bool)
returns ( startC, startF, startJ, startCT:bool)
goodtool = ( ActifCJ implies CTcj) & (ActifF implies CTf);
ex = ActifF xor ActifCJ xor ActifCT;
assume (not (inWork & outWork))
enforce (goodtool & ex)
with (ok1,ok2,ok3:bool)
ActifJActifC
InitinWork and not ok2inWork and ok2 / startC
Wait
ok2 / startC
goodEndJmove / startC
T2 / startJActifCJ
outWork outWorkok3 / startCT
Init ActifCT
goodEndCT
goodEndCT
CTfCTcj
goodEndCT
Wait
Init
inWorkinWork
ActifF
ok1 / startFoutWork and
ok1 / startF
outWork and not ok1
CJmove is Active (F or CT not), tool observer is in CTcj.
the user clicks outside of the workspace → input outWorktransition: CJ to its initial state; F quits initial, condition ok1contract goodtool: ⇒ ok1 = false: F to Wait;contract ex: ⇒ ok3 = true: CT to ActiveCT ends (no inWork) → input GoodEndCTtransition: CT to Init; tool observer to CTf
contracts ex and goodtool: ⇒ ok1 = true: F to Active
Motivation Orccad BZR Case study Discrete control handlers Perspectives
Typical scenarionode procRobot (goodEndCT,goodEndJmove,t2,outWork,inWork:bool)
returns ( startC, startF, startJ, startCT:bool)
goodtool = ( ActifCJ implies CTcj) & (ActifF implies CTf);
ex = ActifF xor ActifCJ xor ActifCT;
assume (not (inWork & outWork))
enforce (goodtool & ex)
with (ok1,ok2,ok3:bool)
ActifJActifC
InitinWork and not ok2inWork and ok2 / startC
Wait
ok2 / startC
goodEndJmove / startC
T2 / startJActifCJ
outWork outWorkok3 / startCT
Init ActifCT
goodEndCT
goodEndCT
CTfCTcj
goodEndCT
Wait
Init
inWorkinWork
ActifF
ok1 / startFoutWork and
ok1 / startF
outWork and not ok1
CJmove is Active (F or CT not), tool observer is in CTcj.the user clicks outside of the workspace → input outWorktransition: CJ to its initial state; F quits initial, condition ok1contract goodtool: ⇒ ok1 = false: F to Wait;contract ex: ⇒ ok3 = true: CT to Active
CT ends (no inWork) → input GoodEndCTtransition: CT to Init; tool observer to CTf
contracts ex and goodtool: ⇒ ok1 = true: F to Active
Motivation Orccad BZR Case study Discrete control handlers Perspectives
Typical scenarionode procRobot (goodEndCT,goodEndJmove,t2,outWork,inWork:bool)
returns ( startC, startF, startJ, startCT:bool)
goodtool = ( ActifCJ implies CTcj) & (ActifF implies CTf);
ex = ActifF xor ActifCJ xor ActifCT;
assume (not (inWork & outWork))
enforce (goodtool & ex)
with (ok1,ok2,ok3:bool)
ActifJActifC
InitinWork and not ok2inWork and ok2 / startC
Wait
ok2 / startC
goodEndJmove / startC
T2 / startJActifCJ
outWork outWorkok3 / startCT
Init ActifCT
goodEndCT
goodEndCT
CTfCTcj
goodEndCT
Wait
Init
inWorkinWork
ActifF
ok1 / startFoutWork and
ok1 / startF
outWork and not ok1
CJmove is Active (F or CT not), tool observer is in CTcj.the user clicks outside of the workspace → input outWorktransition: CJ to its initial state; F quits initial, condition ok1contract goodtool: ⇒ ok1 = false: F to Wait;contract ex: ⇒ ok3 = true: CT to ActiveCT ends (no inWork) → input GoodEndCTtransition: CT to Init; tool observer to CTf
contracts ex and goodtool: ⇒ ok1 = true: F to Active
Motivation Orccad BZR Case study Discrete control handlers Perspectives
Executive-level integration
Implementation of the executionmachine:
real-time threads,triggered by clocks
automaton:
highest-priority taskevents received throughFIFOfast transition (µsecs)
Linux/Posix threads,Xenomai
Robot_Procedure
Robot_Task 1
Robot_Task 2
.
.
.
Observers
TMobs3
TMobs2
TMobs1
TM1
TM2
Controller
Controller
Controller
TM3
TMobs4
FIFO
Manager
Automaton
Asynchronous SynchronousInterface
Logical signals
Control signals
Controller
Sémaphore
Output
Outputs
Inputs
Parameters
Parameters
Parameters
Parameters
ClocksGeneration
Motivation Orccad BZR Case study Discrete control handlers Perspectives
Executive-level integration
Implementation of the executionmachine:
real-time threads,triggered by clocks
automaton:
highest-priority taskevents received throughFIFOfast transition (µsecs)
Linux/Posix threads,Xenomai
Robot_Procedure
Robot_Task 1
Robot_Task 2
.
.
.
Observers
TMobs3
TMobs2
TMobs1
TM1
TM2
Controller
Controller
Controller
TM3
TMobs4
FIFO
Manager
Automaton
Asynchronous SynchronousInterface
Logical signals
Control signals
Controller
Sémaphore
Output
Outputs
Inputs
Parameters
Parameters
Parameters
Parameters
ClocksGeneration
Motivation Orccad BZR Case study Discrete control handlers Perspectives
Executive-level integration
Implementation of the executionmachine:
real-time threads,triggered by clocks
automaton:
highest-priority taskevents received throughFIFOfast transition (µsecs)
Linux/Posix threads,Xenomai
Robot_Procedure
Robot_Task 1
Robot_Task 2
.
.
.
Observers
TMobs3
TMobs2
TMobs1
TM1
TM2
Controller
Controller
Controller
TM3
TMobs4
FIFO
Manager
Automaton
Asynchronous SynchronousInterface
Logical signals
Control signals
Controller
Sémaphore
Output
Outputs
Inputs
Parameters
Parameters
Parameters
Parameters
ClocksGeneration
Motivation Orccad BZR Case study Discrete control handlers Perspectives
Executive-level integration
Implementation of the executionmachine:
real-time threads,triggered by clocks
automaton:
highest-priority taskevents received throughFIFOfast transition (µsecs)
Linux/Posix threads,Xenomai
Robot_Procedure
Robot_Task 1
Robot_Task 2
.
.
.
Observers
TMobs3
TMobs2
TMobs1
TM1
TM2
Controller
Controller
Controller
TM3
TMobs4
FIFO
Manager
Automaton
Asynchronous SynchronousInterface
Logical signals
Control signals
Controller
Sémaphore
Output
Outputs
Inputs
Parameters
Parameters
Parameters
Parameters
ClocksGeneration
Motivation Orccad BZR Case study Discrete control handlers Perspectives
Conclusion & Perspectives
Conclusions
Discrete control of real-time continuous control tasks
application of DCS to computing system
Integration of tools
BZR synchronous language & Orccad design environment
Case study Robot arm, speci�cation & simulation
Perspectives
more integration designing controllable runtime executives
more elaborate models
�ner grain, e.g. fault tolerance [FMSD09]
more DCS costs on paths, reachability, dynamical controllers
more applications e.g. GreenIT (sustainable IT)Green4IT: energy/power consumption models
for sensor networks, servers and parallel computingIT4Green: applying control programming techniques
to program e.g., "intelligent" buildings
Motivation Orccad BZR Case study Discrete control handlers Perspectives
Conclusion & Perspectives
Conclusions
Discrete control of real-time continuous control tasks
application of DCS to computing system
Integration of tools
BZR synchronous language & Orccad design environment
Case study Robot arm, speci�cation & simulation
Perspectives
more integration designing controllable runtime executives
more elaborate models
�ner grain, e.g. fault tolerance [FMSD09]
more DCS costs on paths, reachability, dynamical controllers
more applications e.g. GreenIT (sustainable IT)Green4IT: energy/power consumption models
for sensor networks, servers and parallel computingIT4Green: applying control programming techniques
to program e.g., "intelligent" buildings