1
SRC ETAB Summer StudyColorado Springs, June 25-26, 2001
Model-Based Approaches toEmbedded Software Design
Edward A. LeeUC Berkeley & GSRC
Edward A. Lee, Berkeley, 2
Why is Embedded Software an Issuefor Semiconductor Manufacturers?
Silicon without software is gettingrarer.
Time-to-volume is often dominatedby SW development.
Software requirements affecthardware design.
Embedded SW design is gettingharder (networking, complexity).
Mainstream SW engineering is notaddressing embedded SW well.
primeexample
today
2
Edward A. Lee, Berkeley, 3
Why is Embedded SW not justSoftware on Small Computers?
Interaction with physical processessensors, actuators, processes
Critical properties are not all functionalreal-time, fault recovery, power, security, robustness
Heterogeneoushardware/software, mixed architectures
Concurrentinteraction with multiple processes
Reactiveoperating at the speed of the environment
These feature look more like hardware!
Edward A. Lee, Berkeley, 4
Why not Leave This Problem to theSoftware Experts?E.g. Object-Oriented Design
Call/return imperative semanticsConcurrency is via ad-hoc calling conventions
band-aids: futures, proxies, monitorsPoorly models the environment
which does not have call/return semanticsLittle to say about time
ComponentEntityCompositeEntity
AtomicActor
CompositeActor
0..10..n
«Interface»Actor
+getDirector() : Director+getExecutiveDirector() : Director+getManager() : Manager+inputPortList() : List+newReceiver() : Receiver+outputPortList() : List
«Interface»Executable
+fire()+initialize()+postfire() : boolean+prefire() : boolean+preinitialize()+stopFire()+terminate()+wrapup()
Director
Object modelingemphasizes inheritanceand procedural interfaces.
We need to emphasizeconcurrency,communication, andtemporal abstractions.
3
Edward A. Lee, Berkeley, 5
Why not Leave This Problem to theSoftware Experts (cont)?
E.g. Real-Time CorbaComponent specification includes:
worst case execution timetypical execution timecached execution timepriorityfrequencyimportance
This is an elaborate prayer…
Edward A. Lee, Berkeley, 6
Hardware Experts Have Something toTeach to the Software World
Concurrencythe synchrony abstractionevent-driven modeling
Reusabilitycell librariesinterface definition
Reliabilityleveraging limited abstractionsleveraging verification
Heterogeneitymixing synchronous and asynchronous designsresource management
4
Edward A. Lee, Berkeley, 7
Alternative View of SW Architecture:Actors with Ports and Attributes
PortPort
Actor ActorLink
Relation
ActorPort
connection
connection conn
ectio
n
Link
Link
Attributes Attributes
Attributes
Model of Computation:
• Messaging schema• Flow of control• Concurrency
Examples:
• Synchronous circuits•Time triggered• Process networks• Discrete-event systems• Dataflow systems• Publish & subscribe
Key idea: The model of computation is part of the frameworkwithin which components are embedded rather than part of thecomponents themselves.
Edward A. Lee, Berkeley, 8
Examples of Actors+PortsSoftware Architectures
VHDL, Verilog, SystemC (Various)Simulink (The MathWorks)Labview (National Instruments)OCP, open control platform (Boeing)SPW, signal processing worksystem (Cadence)System studio (Synopsys)ROOM, real-time object-oriented modeling (Rational)Port-based objects (U of Maryland)I/O automata (MIT)Polis & Metropolis (UC Berkeley)Ptolemy & Ptolemy II (UC Berkeley)…
5
Edward A. Lee, Berkeley, 9
What an Embedded Program MightLook Like
Edward A. Lee, Berkeley, 10
Simple Example: Controlling anInverted Pendulum with Embedded SW
The Furuta pendulum hasa motor controlling theangle of an arm, fromwhich a free-swingingpendulum hangs. Theobjective is to swing thependulum up and thenbalance it.
6
Edward A. Lee, Berkeley, 11
Metaphor forDisk drive controllersManufacturing equipmentAutomotive:
Drive-by-wire devicesEngine controlAntilock braking systems, traction control
AvionicsFly-by-wire devicesNavigationflight control
Certain “software radio” functionsPrinting and paper handlingSignal processing (audio, video, radio)…
Edward A. Lee, Berkeley, 12
Execution
An execution of themodel displays varioussignals and at the bottomproduces a 3-D animationof the physical system.
Model by Johan Eker
7
Edward A. Lee, Berkeley, 13
Top-Level Model
The top-level is a continuous-time model that specifies thedynamics of the physical system as a set of nonlinear ordinarydifferential equations, and encapsulates a closed loop controller.
Framework by Jie Liu
Edward A. Lee, Berkeley, 14
A Modal Controller
The controlleritself is modal,with three modesof operation,where a differentcontrol law isspecified foreach mode.
Framework by Xiaojun Liu
8
Edward A. Lee, Berkeley, 15
The Discrete Controllers
Three discretesubmodels(dataflowmodels) specifycontrol laws foreach of threemodes ofoperation.
Framework by Steve Neuendorffer
Edward A. Lee, Berkeley, 16
This is System-Level ModelingSRC funding in system-level modeling, simulation, anddesign work 5-10 years ago has had demonstrable impactvia:
SystemCVSIA standards effortsCadence SPW & VSSSynopsys Cocentric StudioAgilent ADS (RF + DSP)…
Much of this work is now starting to address embeddedsoftware issues.
9
Edward A. Lee, Berkeley, 17
The Key Idea
Components are actors with portsInteraction is governed by a model of computation
flow of controlmessaging protocolsnon-functional properties (timing, resource management, …)
So what is a model of computation?
It is the “laws of physics” governing the interaction betweencomponentsIt is the modeling paradigm
Edward A. Lee, Berkeley, 18
Model of Computation
What is a component? (ontology)States? Processes? Threads? Differential equations?Constraints? Objects (data + methods)?
What knowledge do components share? (epistemology)Time? Name spaces? Signals? State?
How do components communicate? (protocols)Rendezvous? Message passing? Continuous-time signals?Streams? Method calls? Events in time?
What do components communicate? (lexicon)Objects? Transfer of control? Data structures? ASCII text?
10
Edward A. Lee, Berkeley, 19
Domains – Realizations of Models ofComputation
CSP – concurrent threads with rendezvousCT – continuous-time modelingDE – discrete-event systemsDDE – distributed discrete-event systemsDT – discrete time (cycle driven)FSM – finite state machinesGiotto – time driven cyclic modelsGR – graphicsPN – process networksSDF – synchronous dataflowxDF – other dataflow
Each of these defines a component ontology and an interactionsemantics between components. There are many morepossibilities!
Edward A. Lee, Berkeley, 20
Domain
Domain
Domain
Hierarchical, Compositional Models
Actors with ports arebetter than objectswith methods forembedded systemdesign.
11
Edward A. Lee, Berkeley, 21
Heterogeneity – Hierarchical Mixturesof Models of Computation
Modal ModelsFSM + anything
Hybrid systemsFSM + CT
Mixed-signal systemsDE + CTDT + CT
Complex systemsResource managementSignal processingReal time
Edward A. Lee, Berkeley, 22
Key Advantages
Domains are specializedleantargetedoptimizableunderstandable
Domains are mixable (hierarchically)structureddisciplined interactionunderstandable interaction
12
Edward A. Lee, Berkeley, 23
Model = DesignWe need modeling “languages” for humans to
realize complex functionalityunderstand the designformulate the questionspredict the behavior
The issue is “model” or “design” not “hardware” or “software”
Invest in:modeling “languages” for systemsfinding the useful abstractionscomputational systems theorycomposable abstractionsexpressing time, concurrency, power, etc.
Edward A. Lee, Berkeley, 24
Composing SystemsWe need systematic methods for composing systems
component frameworkscomposition semanticson-the-fly composition, admission controllegacy component integration
Invest in:methods and toolsreference implementationssemantic frameworks and theoriesdefining architectural frameworksstrategies for distribution, partitioningstrategies for controlling granularity and modularity
13
Edward A. Lee, Berkeley, 25
TransformationsWe need theory of transformations between abstractions
relationships between abstractionsgenerators (transformers, synthesis tools)multi-view abstractionsmodel abstractors (create reduced-order models)abstractions of physical environmentsverifiable transformations
Invest in:open generator infrastructure (methods, libraries)theories of generatorsmethods for correct by construction transformersco-compilation
Edward A. Lee, Berkeley, 26
Conclusions
Semiconductor manufacturers should not ignoreembedded software.
Software experts are unlikely to solve theembedded software problem on their own.
Actors with ports are better than objects withmethods for embedded system design.
Well-founded models of computation matter agreat deal, and specialization can help.