Describing and Controlling Physical Processes using Java

(Brainstorm)

Wind Turbine Instrumentation Project

Goals

• We need a language the can be used to:– Formally describe the input/output of a

physical process– Formally describe a sensor that translates a

physical quantity to a digital quantity.– Formally describe the control of a physical

process.– Formally describe the interaction between

different controls of a physical process.

Goals

• The language should be able to describe constraints such as – Hard Real Time constraints– Soft Real Time constraints as a probability function.– Accuracy– Power consumption– Communication constraints (rate, delay)– Redundancy– Other parameters….

Goals

• The language should be flexible enough so verification of the constraints should be possible.

Language Options

• Invent a new language mixing up existing similar languages– Advantage: Easier to specify models and to write

tools. – Disadvantage: No existing infrastructure. More difficult

learn a new language. • Extend or annotate Java.

– Advantage: Existing infrastructure and experience. Easier to adopt.

– Disadvantage: More difficult to describe models. Tools more difficult to write to extract info. Too general and flexible to be verified for all constraints.

How Java could be extended

• There are already keywords in Java that add constranits to the execution of a program:atomic: Restrict sthe execution of blocks,

Volatile: Restricts the placement of variables

• We could have new keywords like “restrict”

Example use of “restrict”

while (true) { restrict (Time=1ms) { FFT fft1 = accelerometer1.read().fft(); FFT fft2 = accelerometer2.read().fft(); FFT fft3 = accelerometer3.read().fft(); if ( fft1.diff(fft2) > MAXFFTDIFF || fft1.diff(fft3) > MAXFFTDIFF ) { administrator.report(); } } // End of restrict}• The block is restricted to run under 1ms.

Comments

• Read() calls may happen in parallel. We need a way to specify that parallelism.

• RTJava may have already some keywords that do this.• The “restrict” keyword could be checked statically at

compilation time but it is extremely difficult or at runtime that is more practical.

• At runtime the “restrict” can be like an “assertion” that can report a problem.

• We could add this “restrict as part of the language syntax or as a compatible addition of the language.

• Example:

Using “Restrict” without Language extension

while (true) { // !-- Restrict Time=1ms { FFT fft1 = accelerometer1.read().fft(); FFT fft2 = accelerometer2.read().fft(); FFT fft3 = accelerometer3.read().fft(); if ( fft1.diff(fft2) > MAXFFTDIFF || fft1.diff(fft3) > MAXFFTDIFF ) { administrator.report(); } // !-- } End of restrict}

A preprocessor would extract the info in “//!—” and insert code for verification at runtime or to an static analyzer.