Principled Design of Embedded Software

Edward A. Lee

High Confidence Design for Distributed Embedded SystemsMURI Review

Project: Frameworks and Tools for High-Confidence Design of Adaptive,Distributed Embedded Control Systems (Vanderbilt, UC Berkeley, CMU, Stanford)

Berkeley, CASeptember 6, 2007

Lee, Berkeley 2

Overall Plan for “Principled Design of Embedded Software”

Build a “models to C” lab enabling experiments with Models of concurrency and time Optimization based on partial evaluation

Create sampled data models and translation to C with Polled I/O Interrupt-driven I/O

Create event-driven models and translation to C with Model of time Synthesized scheduling of reactions

Created distributed timed models and translation to C Host, supervisor, and controller interactions Time synchronization

Emphasis on repeatability and verifiability!

Status as of August 07: Ptolemy II architecture with pluggable “helpers” for both directors and actors. Demo on iRobot Create and partially on Starmac Robostix.

Lee, Berkeley 3

STARMAC Electronics

WiFi802.11b

≤ 5 Mbps

ESC & MotorsPhoenix-25, Axi 2208/26

IMU3DMG-X1

76 or 100 Hz

RangerSRF08

13 Hz Altitude

GPSSuperstar II

10 Hz

I2C400 kbps

PPM100 Hz

UART19.2 kbps

RobostixAtmega128

Low level control

UART115 kbps

CF100 Mbps

Stereo CamVidere STOC

30 fps 320x240

Firewire480 Mbps

UART115 Kbps

LIDARURG-04LX

10 Hz ranges

RangerMini-AE

10-50 Hz Altitude

BeaconTracker/DTS

1 Hz

WiFi802.11g+

≤ 54 Mbps

USB 2480 Mbps

RS232115 kbps

Timing/Analog

Analog

RS232

UART

Stargate 1.0Intel PXA255

64MB RAM, 400MHz

Supervisor, GPS

PC/104Pentium M

1GB RAM, 1.8GHz

Est. & control

Start with controller

Expand to supervisor

Finally to host

Lee, Berkeley 4

Approaches1. Model the vehicle dynamics and

develop the embedded control code to work with that model.

2. Model the controller and I/O and generate embedded C code from the model.

Lee, Berkeley 5

Simpler/Safer Testbed

We are using the iRobot Create (the platform for the Roomba vacuum cleaner) with a pluggable Command Module containing a similar Atmel microcontroller as the Starmac to shake out the code generation techniques.

Lee, Berkeley 6

• Helper-based extensible open architecture.

• Helpers for SDF (synchronous dataflow), FSM (finite state machines) and HDF (hierarchical combinations of the two).

• Helpers for a fairly extensive actor library.

• Embedded C actors for custom, platform-specific code.

Model-to-C for the Controller

Simple iRobot example that hierarchically combines SDF and FSM.

Custom C code

Lee, Berkeley 7

Each actor has a corresponding helper class which is responsible for generating the target code for that actor.

Each director (which governs the interaction between actors) has a corresponding helper class for providing MoC-specific information and orchestrating the code generation for the model.

The helper class hierarchy and package structure parallel those of the corresponding actors, to achieve modularity, maintainability, portability, efficiency and extensibility in code generation.

Actor Actor helper

Director Director helper

A Software Architecture Built for Experimentation

Lee, Berkeley 8

Director Helper Enables Experimentation with Principles of Time and Concurrency for Embedded Systems

SDF (Lee et al., Berkeley) Structured Dataflow (Kodosky et al., NI) Synchronous Languages (Berry, Caspi, Benveniste et al., France) Real time workshop (Ciolfi et al., MathWorks) HDF (Lee et al., Berkeley) Koala (Ommering et al., Philips) Giotto (Henzinger et al., Berkeley) TinyOS (Culler et al., Berkeley) Click (Kohler et al., MIT) Ptides (Lee et al., Berkeley)

Lee, Berkeley 11

Next Steps

Support interrupt-driven concurrency in generated code Create a model of time and microkernel support Implement a timed sample-data MoC Create support for event-driven computation Implement PTIDES: a timed distributed run time environment Implement timing verification based on PTIDES formalism

Lee, Berkeley 12

PTIDES Builds on Principles of Discrete Event Modeling

DE Director implements timed semantics using an event queue

Event source

Time line

Reactive actors

SignalComponents send time-

stamped events to other components, and components react in chronological order.

Whereas DE is usually a simulation technology, we are using it as a real-time MoC.

Lee, Berkeley 14

PTIDES: Our Proposed Event-Driven Model of Computation for Distributed Real-Time Systems

See “A Programming Model for Time-Synchronized Distributed Real-Time Systems”, Yang Zhao, Jie Liu, and Edward A. Lee, RTAS ’07.

PTIDES combines naturally with modal models,

lending itself to state-based verification

methods that validate timing properties.

Lee, Berkeley 16

From Our Annual Report:Objective 2

“Develop foundations of model-based software design for high-confidence, networked embedded systems applications. We will investigate new semantic foundations for modeling languages and model transformations, precisely architected software and systems platforms that guarantee system properties via construction, and new methods for static source code verification and testing, as well as for dynamic runtime verification and testing.”

“We have been implementing high confidence code generator for the Ptolemy II actor languages using partial evaluation mechanisms. The code generator transforms an actor-oriented model into target code while preserving the model's semantics.”

Lee, Berkeley 17

From Our Annual Report:Objective 3

“Develop composable tool architecture that supports high-level reusability of modeling, model analysis, verification and testing tools in domain-specific tool chains. We create new foundation for tool integration that goes beyond data modeling and data transfer.”

“We have developed PTIDES: Programming Temporally Integrated Distributed Embedded Systems. For components for embedded systems, we have further refined the Ptolemy II code generation environment and are targeting the quadrotor effort.”

Lee, Berkeley 18

From Our Annual Report:Objective 4

“Demonstrate the overall effort by creating an end-to-end design tool chain prototype for the model-based generation and verification of embedded controller code for experimental plat-forms.”

“We have begun the process of interfacing the Ptolemy toolkit with the embedded software control architecture on board our autonomous quadrotor aircraft.”