Embed Size (px)
Citation preview
04/19/23 COSC-4301-01, Lecture 1 1
Real-Time Systems, COSC-4301-01, Lecture 1
Stefan Andrei
04/19/23 COSC-4301-01, Lecture 1 2
Real-time systems COSC-5340-01 is a 3 credit points module
Assignments: 20% Research paper presentation: 30% Written final exam: 50% (open book) Module homepage:
http://galaxy.lamar.edu/~sandrei/cosc-4301-01 COSC-4301-01 is a 3 credit points module
Assignments: 40% Written final exam: 60% (open book)
04/19/23 COSC-4301-01, Lecture 1 3
Course etiquette Code of conduct
no copying for details, see webpage
You are encouraged to attend to all lectures, tutorials, and so on.
You are encouraged to ask questions. You are encouraged to offer answers.
04/19/23 COSC-4301-01, Lecture 1 4
The team Associate Professor:
Dr. Stefan Andrei, [email protected] Office hours:
8:30am-9:30am and 11:30am-12:30pm please send an email to make an appointment
Lectures based of the book: Albert M.K. Cheng: Real-time systems. Scheduling, Analysis, and
Verification, Wiley-Interscience, 2002 (first printing), 2005 (second printing), ISBN: 0-471-18406-3
Recommended books: John A. Stankovic, Marco Spuri, Krithi Ramamritham, Giorgio Buttazzo:
Deadline Scheduling for Real-Time Systems: EDF and Related Algorithms, Springer Verlag, 1998
Herman Kopetz: Real-Time Systems. Design Principles for Distributed Embedded Applications. Kluwer Academic Publishers, 1997
04/19/23 COSC-4301-01, Lecture 1 5
It is recommended to be already familiar with: Symbolic logic; Automata and languages.
What is this course all about? Real-time scheduling algorithms and
schedulability analysis. Formal analysis and verification of real-time
systems.
Pre-requisites:
04/19/23 COSC-4301-01, Lecture 1 6
Overview of this course
1. Introduction in Real-Time Systems
2. Real-time scheduling and schedulability analysis
3. Real-time logic, graph-theoretic analysis, and MODECHART
4. Model checking of finite-state systems
5. Visual formalism, statecharts, and STATEMATE
04/19/23 COSC-4301-01, Lecture 1 7
Lecture structure
Reminder of last lecture Overview Content (new notions + examples) Summary Reading suggestions Coming up next
04/19/23 COSC-4301-01, Lecture 1 8
Overview of this lecture
Introduction in Real-Time Systems What is time? What is a real-time system? Simulation Testing Verification Run-time monitoring
04/19/23 COSC-4301-01, Lecture 1 9
What is time?
Time is an essential concept in real-time systems.
Keeping time using accurate clocks is required to ensure correct operations.
Master source: Paris’s International Atomic Time (TAI - Temps Atomique International) is an average of several laboratory atomic clocks in the world.
04/19/23 COSC-4301-01, Lecture 1 10
What is time?
The earth’s rotational rate slows by a few miliseconds each day.
Universal Coordinated Time (UTC) is another master time source that performs leap corrections to the time provided by TAI, making the time length of every natural solar day constant.
04/19/23 COSC-4301-01, Lecture 1 11
Clocks synchronization UTC time signals are sent from National Institute
of Standards and Technology (NIST) radio station, in Fort Collins, Colorado, and other UTC radio stations to specialized receivers.
Selected radios, receiver-clocks, some phone-answering machines, etc, have the ability to receive these UTC signals to maintain accurate clocks.
Depending on the location of the receiver, the clocks synchronization should take into account the delay in receiving the UTC signal.
04/19/23 COSC-4301-01, Lecture 1 12
Wall clock or absolute time For computers whose time is kept by quartz-
based computer clocks, the clocks should be periodically synchronized such that they maintain a bounded drift relative to UTC.
In this course, when we want refer to wall clock or absolute time, we refer to the standard time provided by a bounded-drift computer clock on UTC.
So, there is a mapping
clock: RealTime StandardClockTime
04/19/23 COSC-4301-01, Lecture 1 13
What is a real-time system? A system that should produce the result in a
certain time. Example: Anti-lock braking controller:
“When the driver of a car applies the brake, the anti-lock braking controller analyzes the environment in which the controller is embedded (car speed, road surface, direction of travel) and activates the brake with the appropriate frequency within fractions of a second.”
Both the result (brake activation) and the time at which the result is produced are important in ensuring the safety of the car and passengers.
04/19/23 COSC-4301-01, Lecture 1 14
Real-time (computer) systems Many years ago, there were only non-real-
time computer systems (e.g., old cars braking controller);
Recently, computer hardware and software are embedded in real-time systems to monitor and control their operations (these systems are called real-time computer systems or embedded systems). Examples: the computerized version of the cars
braking controller, avionics, multimedia tools, etc.
04/19/23 COSC-4301-01, Lecture 1 15
Distinguishing embedded and real-time systems Real-time system: meets timing constraints
and respects the functional requirements.
Real-time systems
Embedded systems
Embedded system: part of another system.
04/19/23 COSC-4301-01, Lecture 1 16
Correctness of real-time systems Satisfaction of logical/functional constraints:
The result (e.g., brake activation) should be correct.
Satisfaction of timing constraints: The time at which the result is produced is also
very important (e.g., pressing the brakes should instruct the computer system to stop the car in a certain amount of time).
04/19/23 COSC-4301-01, Lecture 1 17
A model of a real-time system
A
D
X Y
S
X: space of sensor input vectors
x(t) is the value of x at time t
Y: space of decision vectors
y(t) is the value of y at time t
S: space of state vectors T: set of timing
constraints I: set of integrity
constraints
D: decision map
S X S Y D(s,x)=(s’,y) means
that given s and x at time t, then D determines the next decision y and system state s’ at time t+1.
A: relation over X and Y about the effect of a control decision on the external world.
04/19/23 COSC-4301-01, Lecture 1 18
A model of a real-time system. Example Anti-lock braking controller:
X = the vector consisting of (wheel sensors) S = the vector consisting of (car speed, direction of
travel) Y = the vector consisting of (frequency) A = the environmental constraint as a relation over
Y and X D = the decision map that based on the S X
value, it gives a value from S Y T = the timing constraint that requests the braking
mechanism to pump the brakes at a higher frequency within 100ms.
04/19/23 COSC-4301-01, Lecture 1 19
Anti-lock braking controller. Comments The frequency (decision Y) depends on S
and X. For instance, if the car is turning (direction
component) and the wheel sensor detects a wet road, then the frequency is higher (system pumps the brake more times/sec to avoid skid).
04/19/23 COSC-4301-01, Lecture 1 20
Analysis techniques
Simulation Testing Verification Run-time monitoring
04/19/23 COSC-4301-01, Lecture 1 21
Simulation Means constructing a model of an existing system to
be studied or a system to be built and then executing actions allowed in this model.
The model can be: a physical entity (e.g., scale clay model) or a computer representation.
Comparison: A computer model is usually less costly than a physical
model. A computer model can represent a non-computer entity (e.g.,
airplane, component) or a computer entity (computer system, program).
04/19/23 COSC-4301-01, Lecture 1 22
Simulation Both physical and computer models are called
simulators of the actual systems. A simulator can carry out simulated executions
of the simulated system and can display the outcomes of these executions.
Examples: A physical model of an airplane in a wind tunnel
shows the aerodynamics of the simulated plane; A software model can simulate the behavior of an
automobile crashing into a concrete barrier, showing the effects on the occupants.
04/19/23 COSC-4301-01, Lecture 1 23
Simulation
Is an inexpensive way to study the behavior of the simulated system and to study different ways to implement the actual system.
If we detect behavior or events that are inconsistent with the specification and safety assertion, we can revise the model and actual system to be built.
04/19/23 COSC-4301-01, Lecture 1 24
Simulation. Target system
Different levels of details of the actual system (called also target system) can be modeled and its events simulated by a simulator.
Example: when designing and simulating the cockpit of an aircraft, we can restrict attention to that particular component by simulating only the cockpit with inputs and outputs to the other aircraft components, without simulating the behavior of the entire aircraft.
04/19/23 COSC-4301-01, Lecture 1 25
Simulation techniques
Real-time-event simulation Discrete-event simulation Hybrid simulation
04/19/23 COSC-4301-01, Lecture 1 26
Real-time-event simulation
Example: a physical scale model of an automobile performs its actions in real-time and the observable events are recorded in real-time (crash testing simulator needs instruments of recording events in real-time).
When the physical model is an implemented target, the simulation is called testing.
04/19/23 COSC-4301-01, Lecture 1 27
Discrete-event simulation Uses a logical clock and is usually software-based. The variety of systems that can be simulated by
software-based is not limited by the speed at which the hardware executes the simulator since the simulated actions and events do not occur in real-time.
Rather, they can take place according to the speed of the simulator hardware and the instructions in the simulator program.
Example: simulation of a network of computers in a single-processor system.
04/19/23 COSC-4301-01, Lecture 1 28
Hybrid simulation
The simulator works with a partial implementation of the target system by acting as the non-implemented part.
The hybrid simulator makes it possible to predict the performance and behavior of the target system once it is completely implemented.
04/19/23 COSC-4301-01, Lecture 1 29
Simulation. Disadvantages Simulation is not able to model all possible
event-action sequences in the target system where the domain of possible sequences of observable events is infinite.
Even if the domain is finite, the number of possible sequence of events is so large that the most powerful computer resources or physical instruments may not be able to trace through all possible sequences of events in the simulated target system.
04/19/23 COSC-4301-01, Lecture 1 30
Testing Is a technique for detecting errors or problems
in implemented software, hardware, or non-computer systems.
It consists of executing or operating the system to be tested using a finite set of inputs and then checking to see if the corresponding outputs or behavior are correct with respect to the specifications.
To test a real-time system, the values as well as the timing of the inputs are important.
04/19/23 COSC-4301-01, Lecture 1 31
Approaches for testing
Exhaustive testing Functional testing Structural testing Code reading
04/19/23 COSC-4301-01, Lecture 1 32
Exhaustive testing
Considering every possible input values to be checked against the expected answers is not practical for larger systems.
For systems with infinite number of possible inputs, this approach is of course not viable.
04/19/23 COSC-4301-01, Lecture 1 33
Functional testing Uses a “black-box” approach in which the
programmer creates test data from the program specification using one or a combination of techniques such as boundary value analysis and equivalence partitioning.
The program is executed using these test data as input, and the corresponding behavior and output are compared with those described in the program specification.
If the program behavior or output deviates from the specification, the programmer attempts to identify the erroneous part of the program and correct it.
04/19/23 COSC-4301-01, Lecture 1 34
Structural testing
Is a “white-box” technique in which the programmer examines the source code of the program and then creates test data for program execution based on the percentage of the program’s statements executed.
04/19/23 COSC-4301-01, Lecture 1 35
Code reading
Code reading by stepwise abstraction requires the programmer to identify major modules in the program, determine their functions, and compose these functions to determine a function for the whole program.
The programmer then compares this derived function with the intended function as described by the program specification.
04/19/23 COSC-4301-01, Lecture 1 36
Verification Simulation and testing can reveal errors in
the simulated or actual system, but usually cannot guarantee that the system satisfies a set of requirements.
To apply formal verification techniques to a real-time system, we must first specify the system requirements and then the system to be implemented using an unambiguous specification language.
04/19/23 COSC-4301-01, Lecture 1 37
Verification. Personnel Applications expert:
He/she could be a programmer or a system designer; Formal methods expert:
A formal methods expert collaborates with the applications expert to write the requirements and system specification.
Once these specifications are written, the formal methods expert can verify whether the system specification satisfies the specified requirements using his/her favorite formal verification methods and tools.
04/19/23 COSC-4301-01, Lecture 1 38
Specification of real-time systems Structurally and functionally specification (how
the real-time system components work as well as their functions and operations): Mechanical components Electrical components Electronic components
Behavioral specification The result of each component in response to an
internal or external sequence of events.
04/19/23 COSC-4301-01, Lecture 1 39
Example: real-time anti-lock braking system in an automobile Structural-functional specification refers to:
Braking system components and sensors How they are interconnected, and How the actions of each component affect the other Example: how to connect the wheel sensors to the central
decision-making computer that controls the brake mechanism. Behavioral specification refers to:
Events and effects Example: when the wheel sensors detect wet road conditions,
the decision-making computer will instruct the brake mechanism to pump the brakes at a higher frequency within 100ms.
04/19/23 COSC-4301-01, Lecture 1 40
Timing Constraints
Behavioral specification without the complexity of the structural specification often suffices.
We restrict the specification language to handle only timing relations.
04/19/23 COSC-4301-01, Lecture 1 41
Specification and safety assertion An implementation of a real-time system is
built from the structural-functional specification.
An implementation is correct (faithful) if The behavioral specification (denoted as SP)
implies safety assertion (denoted as SA). In other words, we have to check whether SP
SA is a theorem or not.
04/19/23 COSC-4301-01, Lecture 1 42
Verification of timing properties In checking SP → SA, we may have the cases:
(safe) SA is a theorem derivable from SP; (inherently unsafe) SA is unsatisfiable with
respect to SP; (safe if additional constraints are added) the
negation of SA is satisfiable under certain conditions.
04/19/23 COSC-4301-01, Lecture 1 43
Run-time monitoring
Motivation: Despite simulation, testing, and verification, there
may be a system behavior that was not anticipated.
This unexpected behavior may be because events and actions were not modeled by the static analysis tools or may be the result of making simplified assumptions about the real-time systems.
04/19/23 COSC-4301-01, Lecture 1 44
Run-time monitoring (cont)
So, there is a need to monitor the execution of the real-time system and to make the appropriate adjustments in response to a monitored behavior that violates the specified safety and progress constraints.
Even if the real-time system meets the specified safety and progress constraints at run-time, monitoring may provide information that can improve the performance and reliability of the monitored system.
04/19/23 COSC-4301-01, Lecture 1 45
The monitoring system The monitored real-time system is the target
system and its components, such as programs, are called target programs.
The monitoring system is the system used to monitor and record the behavior of the target system.
It consists of instrumentation programs, instrumentation hardware, and other monitoring modules.
It records the behavior of interest of the target system and produces event traces.
04/19/23 COSC-4301-01, Lecture 1 46
Monitoring techniques
Intrusive monitoring Non-intrusive monitoring
The availability of monitoring systems does not mean that we can relax on the task of stringent pre-run-time analysis and verification of the target system.
Rather, monitoring should serve as an additional guarantee on the safety and reliability of the safety-critical target real-time systems.
04/19/23 COSC-4301-01, Lecture 1 47
Intrusive monitoring Uses the resources of the target system to record its
behavior and thus may alter the actual behavior of the target system.
Examples: (computer example) Insertion of print() statements in a
target program to display the values of the program variables.
(computer example) Extra statements inserted in the programs of computing nodes to record their states and the exchanges of these state variables.
(non-computer example) Addition of speed and impact-force sensing instruments in an automobile to record its performance.
04/19/23 COSC-4301-01, Lecture 1 48
Non-intrusive monitoring
Does not affect the timing and ordering events of the monitored target system.
This is important in monitoring of real-time systems where both timing and ordering of events are critical to the safety of the real-time systems.
Example: use of additional processor(s) to run monitoring programs used to record the target system’s behavior in a real-time environment.
04/19/23 COSC-4301-01, Lecture 1 49
Summary
Introduction in Real-Time Systems What is a real-time system? What is time? Simulation Testing Verification Run-time monitoring
04/19/23 COSC-4301-01, Lecture 1 50
Reading suggestions Chapter 1 of [Cheng; 2002] Chapter 1 of [Kopetz; 1997] Chapter 1 of [Stankovic, Spuri, Ramamritham,
Buttazzo; 1998]
04/19/23 COSC-4301-01, Lecture 1 51
Coming up next
Real-time scheduling and schedulability analysis (Chapter 3 of [Cheng; 2002])
04/19/23 COSC-4301-01, Lecture 1 52
Thank you for your attention!
Questions?
