Principled Design of Embedded Software
Edward A. Lee
High Confidence Design for Distributed Embedded SystemsMURI Review
Project: Frameworks and Tools for High-Confidence Design of Adaptive,Distributed Embedded Control Systems (Vanderbilt, UC Berkeley, CMU, Stanford)
Berkeley, CASeptember 6, 2007
Lee, Berkeley 2
Overall Plan for “Principled Design of Embedded Software”
Build a “models to C” lab enabling experiments with Models of concurrency and time Optimization based on partial evaluation
Create sampled data models and translation to C with Polled I/O Interrupt-driven I/O
Create event-driven models and translation to C with Model of time Synthesized scheduling of reactions
Created distributed timed models and translation to C Host, supervisor, and controller interactions Time synchronization
Emphasis on repeatability and verifiability!
Status as of August 07: Ptolemy II architecture with pluggable “helpers” for both directors and actors. Demo on iRobot Create and partially on Starmac Robostix.
Lee, Berkeley 3
STARMAC Electronics
WiFi802.11b
≤ 5 Mbps
ESC & MotorsPhoenix-25, Axi 2208/26
IMU3DMG-X1
76 or 100 Hz
RangerSRF08
13 Hz Altitude
GPSSuperstar II
10 Hz
I2C400 kbps
PPM100 Hz
UART19.2 kbps
RobostixAtmega128
Low level control
UART115 kbps
CF100 Mbps
Stereo CamVidere STOC
30 fps 320x240
Firewire480 Mbps
UART115 Kbps
LIDARURG-04LX
10 Hz ranges
RangerMini-AE
10-50 Hz Altitude
BeaconTracker/DTS
1 Hz
WiFi802.11g+
≤ 54 Mbps
USB 2480 Mbps
RS232115 kbps
Timing/Analog
Analog
RS232
UART
Stargate 1.0Intel PXA255
64MB RAM, 400MHz
Supervisor, GPS
PC/104Pentium M
1GB RAM, 1.8GHz
Est. & control
Start with controller
Expand to supervisor
Finally to host
Lee, Berkeley 4
Approaches1. Model the vehicle dynamics and
develop the embedded control code to work with that model.
2. Model the controller and I/O and generate embedded C code from the model.
Lee, Berkeley 5
Simpler/Safer Testbed
We are using the iRobot Create (the platform for the Roomba vacuum cleaner) with a pluggable Command Module containing a similar Atmel microcontroller as the Starmac to shake out the code generation techniques.
Lee, Berkeley 6
• Helper-based extensible open architecture.
• Helpers for SDF (synchronous dataflow), FSM (finite state machines) and HDF (hierarchical combinations of the two).
• Helpers for a fairly extensive actor library.
• Embedded C actors for custom, platform-specific code.
Model-to-C for the Controller
Simple iRobot example that hierarchically combines SDF and FSM.
Custom C code
Lee, Berkeley 7
Each actor has a corresponding helper class which is responsible for generating the target code for that actor.
Each director (which governs the interaction between actors) has a corresponding helper class for providing MoC-specific information and orchestrating the code generation for the model.
The helper class hierarchy and package structure parallel those of the corresponding actors, to achieve modularity, maintainability, portability, efficiency and extensibility in code generation.
Actor Actor helper
Director Director helper
A Software Architecture Built for Experimentation
Lee, Berkeley 8
Director Helper Enables Experimentation with Principles of Time and Concurrency for Embedded Systems
SDF (Lee et al., Berkeley) Structured Dataflow (Kodosky et al., NI) Synchronous Languages (Berry, Caspi, Benveniste et al., France) Real time workshop (Ciolfi et al., MathWorks) HDF (Lee et al., Berkeley) Koala (Ommering et al., Philips) Giotto (Henzinger et al., Berkeley) TinyOS (Culler et al., Berkeley) Click (Kohler et al., MIT) Ptides (Lee et al., Berkeley)
Lee, Berkeley 11
Next Steps
Support interrupt-driven concurrency in generated code Create a model of time and microkernel support Implement a timed sample-data MoC Create support for event-driven computation Implement PTIDES: a timed distributed run time environment Implement timing verification based on PTIDES formalism
Lee, Berkeley 12
PTIDES Builds on Principles of Discrete Event Modeling
DE Director implements timed semantics using an event queue
Event source
Time line
Reactive actors
SignalComponents send time-
stamped events to other components, and components react in chronological order.
Whereas DE is usually a simulation technology, we are using it as a real-time MoC.
Lee, Berkeley 14
PTIDES: Our Proposed Event-Driven Model of Computation for Distributed Real-Time Systems
See “A Programming Model for Time-Synchronized Distributed Real-Time Systems”, Yang Zhao, Jie Liu, and Edward A. Lee, RTAS ’07.
PTIDES combines naturally with modal models,
lending itself to state-based verification
methods that validate timing properties.
Lee, Berkeley 16
From Our Annual Report:Objective 2
“Develop foundations of model-based software design for high-confidence, networked embedded systems applications. We will investigate new semantic foundations for modeling languages and model transformations, precisely architected software and systems platforms that guarantee system properties via construction, and new methods for static source code verification and testing, as well as for dynamic runtime verification and testing.”
“We have been implementing high confidence code generator for the Ptolemy II actor languages using partial evaluation mechanisms. The code generator transforms an actor-oriented model into target code while preserving the model's semantics.”
Lee, Berkeley 17
From Our Annual Report:Objective 3
“Develop composable tool architecture that supports high-level reusability of modeling, model analysis, verification and testing tools in domain-specific tool chains. We create new foundation for tool integration that goes beyond data modeling and data transfer.”
“We have developed PTIDES: Programming Temporally Integrated Distributed Embedded Systems. For components for embedded systems, we have further refined the Ptolemy II code generation environment and are targeting the quadrotor effort.”
Lee, Berkeley 18
From Our Annual Report:Objective 4
“Demonstrate the overall effort by creating an end-to-end design tool chain prototype for the model-based generation and verification of embedded controller code for experimental plat-forms.”
“We have begun the process of interfacing the Ptolemy toolkit with the embedded software control architecture on board our autonomous quadrotor aircraft.”