EECE 396-1 Hybrid and Embedded Systems: Computation

EECE 396-1Hybrid and Embedded Systems: Computation

T. John Koo, Ph.D.

Institute for Software Integrated Systems

Department of Electrical Engineering and Computer Science

Vanderbilt University

300 Featheringill HallApril 1, 2004

[email protected]

http://www.vuse.vanderbilt.edu/~kootj

2

Application: Time Automata

3

Outline

Motivation Hybrid Systems Verification of Timed Automata A Design Example Future Works

4

Distributed Sensing and Sensor Networks

Creation of a fundamental unifying framework for real-time distributed/decentralized information processing with applications to sensor networks

RFM

Radio byte

Radio Packet

UART

Serial Packet

i2c

Temp

photo

Active Messages

clocksbit

byte

packet

Route map router sensor applnapplication

HW

SW

ATMEL 4 Mhz CPURFM 916 MHz radio64KB EEPROMSensor Bus:

7 Analog sensors 2 I2C buses 1 SPI bus

Runs Tiny OS2 weeks on AA batteries1% duty w/ solar power

System Architecture for Networked Sensor

5


Networked sensors dropped from an aerial vehicle

Ad hoc networking

6


Recovering Flow from Distributed Networks In a dense sensor scenario, environmental data can be interpolated Over a few time steps, optical flow algorithms are applied to

determine flow Accuracy of results is highly dependent on the smoothness of the

flow

Sense temperature at nodes

Interpolate to grid points Compute flow

7

RFM

Radio byte

Radio Packet

UART

Serial Packet

i2c

Temp

photo

Active Messages

clocksbit

byte

packet

Route map router sensor applnapplication

HW

SW

System Architecture for Networked Sensors

Constrained two-level scheduling model: threads + events Components: Frame (storage), Threads (concurrency), Commands, and

Handlers (events) Constrained Storage Model Very lean multithreading Layering: components issue commands to lower-level components

8

TinyOS

TinyOS - component-based operating system Modularity by assembling only the software components to

synthesize application from hardware components Components as reentrant cooperating finite state machines

RFM

Radio byte

Radio Packet

photo

clocksbit

byte

packet

sensing applicationapplication

HW

SW

ADC

command

event

10

Example: Communication

RFM Bit Level

Byte Level

Packet Level

Event fountain handling

Task handling

Put processor sleep

…

1 byte = 18 bits

1 packet = 30 bytes

11

Design Considerations Characteristic of sensor networks

Dynamical behaviors depend on the environment Deploy once and leave without future maintenance Energy consumption varies between applications

We suggest to use formal methods to verify system performance to guarantee correct operation in

every circumstances predict lifetime of a given application scenario

Functional Behaviors +Temporal Behaviors

Timed Automata

System States = Discrete States + Continuous States(Time + Energy)State Transitions = Discrete Transitions(Events) + Continuous Transitions

12

What Are Hybrid Systems?

Dynamical systems with interacting continuous and discrete dynamics

13

Why Hybrid Systems?

Modeling abstraction of Continuous systems with phased operation

(e.g. walking robots, mechanical systems with collisions, circuits with diodes)

Continuous systems controlled by discrete inputs (e.g. switches, valves, digital computers)

Coordinating processes (multi-agent systems) Important in applications

Hardware verification/CAD, real time software Manufacturing, communication networks,

multimedia Large scale, multi-agent systems

Automated Highway Systems (AHS) Air Traffic Management Systems (ATM) Uninhabited Aerial Vehicles (UAV) Power Networks

q1

xç = à xx > 68

x < 70x := x

t

x

q2

xç = à x + 100x < 82

x > 80x := x

8280

75

7068

14

Research Issues Modeling & Simulation

Control: classify discrete phenomena, existence and uniqueness of execution, Zeno [Branicky, Brockett, van der Schaft, Astrom]

Computer Science: composition and abstraction operations [Alur-Henzinger, Lynch, Sifakis, Varaiya]

Analysis & Verification Control: stability, Lyapunov techniques [Branicky, Michel], LMI techniques

[Johansson-Rantzer] Computer Science: Algorithmic [Alur-Henzinger, Sifakis, Pappas-Lafferrier-

Sastry] or deductive methods [Lynch, Manna, Pnuelli], Abstraction [Pappas-Tabuada, Koo-Sastry]

Controller Synthesis Control: optimal control [Branicky-Mitter, Bensoussan-Menaldi],

hierarchical control [Caines, Pappas-Sastry], supervisory control [Lemmon-Antsaklis], safety specifications [Lygeros-Sastry, Tomlin-Lygeros-Sastry], control mode switching [Koo-Pappas-Sastry]

Computer Science: algorithmic synthesis [Maler et.al., Wong-Toi], synthesis based on HJB [Mitchell-Tomlin]

15

Verification Deductive Methods

Theorem-Proving techniques [Lynch, Manna, Pnuelli] Model Checking

State-space exploration [Alur-Henzinger, Sifakis, Pappas-Lafferrier-Sastry]

X S

X F

Post(X S)

Post(P) = fx 2 Xj9x0 2 P 9t õ 0 s:t: x = þ(t;ri;x0)g

Check if Post(X S) \ X F = ; ?

Forward Reachable Set

Reachability Problem

16

Computational Tools

Verification based on Modal Checking

FiniteAutomata

TimedAutomata

LinearAutomata

LinearHybrid Systems

NonlinearHybrid Systems

d/dtCheckMate

Timed COSPANKRONOSTimed HSISVERITIUPPAAL

HyTechCOSPANSMVVIS…

Requiem

x1

x2

Postr(x1)

Postr(x2)

F

Postr(F)

Post2r(F)Post23(x1)

Post2r(x2)

Post[0,r](F)

Post[0,2r](F)

17

Computational Tools

Simulation Ptolemy II: ptolemy.eecs.berkeley.edu Modelica: www.modelica.org SHIFT: www.path.berkeley.edu/shift Dymola: www.dynasim.se OmSim: www.control.lth.se/~cace/omsim.html ABACUSS: yoric.mit.edu/abacuss/abacuss.html Stateflow: www.mathworks.com/products/stateflow CHARON: http://www.cis.upenn.edu/mobies/charon/ Masaccio:

http://www-cad.eecs.berkeley.edu/~tah/Publications/masaccio.html

18

Computational Tools

Simulation

Models of Computation

System Complexity

Ptolemy II

DymolaModelica

ABACUSS

SHIFT

OmSim

MasaccioCHARON

StateFlow/Simulink

19

Hybrid Modeling of Sensor Networks

HyTech Verifies functional and temporal

properties of linear hybrid automata Based on Model Checking and providing

debugging traces Hybrid Automaton with flows which are

linear in time

SHIFT Models and simulates dynamic networks

of hybrid automata Components created, interconnected,

destroyed as the system evolves Components interact through their inputs,

outputs and exported events

q1

xç= 1x ô 10

x õ 10x := 0

q2

xç= 1x ô 20

x õ 20x := 0

t

x

20

10

10 30 40 60

t

event

10 30 40 60

20


HyTechq1

xç1 = 1xç2 = 1

(x1;x2) 2 <2

x1 ô 3^x2 ô 2x1 := 0 x2 := x2

q2

x1 ô 1x1 := x1 x2 := 0

x1

x2

2

1

1 2 30

xç1 = 1xç2 = 1

(x1;x2) 2 <2

x1 := 0x2 := 0

q1

x1

x2

2

1

1 2 30

q2

Example start of an execution of the timed automaton

21


HyTechq1

xç1 = 1xç2 = 1

(x1;x2) 2 <2

x1 ô 3^x2 ô 2x1 := 0 x2 := x2

q2

x1 ô 1x1 := x1 x2 := 0

xç1 = 1xç2 = 1

(x1;x2) 2 <2

x1 := 0x2 := 0

x1

x2

2

1

1 2 30

q1

x1

x2

2

1

1 2 30

q2

Reachability Problem:Starting from somewhere in an initial set, would the set of states eventually reach somewhere in the target set?

22


HyTechq1

xç1 = 1xç2 = 1

(x1;x2) 2 <2

x1 ô 3^x2 ô 2x1 := 0 x2 := x2

q2

x1 ô 1x1 := x1 x2 := 0

xç1 = 1xç2 = 1

(x1;x2) 2 <2

x1 := 0x2 := 0

Equivalent Classes

x1

x2

2

1

1 2 30

q1

12x2

30x2

18x2

x1

x2

2

1

1 2 30

q2

Every point in an equivalent class has the same reachability property.

23


HyTechq1

xç1 = 1xç2 = 1

(x1;x2) 2 <2

x1 ô 3^x2 ô 2x1 := 0 x2 := x2

q2

x1 ô 1x1 := x1 x2 := 0

xç1 = 1xç2 = 1

(x1;x2) 2 <2

x1 := 0x2 := 0

Equivalent Classes

x1

x2

2

1

1 2 30

q1

12x2

30x2

18x2

x1

x2

2

1

1 2 30

q2

Idea: The reachability problem for timed automaton (Transition System) can be answered on a FSM (Quotient Transition System) which is defined on the quotient space of the bisimulation.

24

Bisimulation-based Abstraction

Transition System To study the reachability properties of time automata, each timed automaton is converted

into a transition system.

Consider the equivalence relation, we have the following definitions:

Definition 1 (Bisimulation)

Both initial and final sets are union of equivalence classes

25


Transition System

26


Consider the transition system and the equivalence relation, we have the following result:

Therefore, one can define the reachability preserving quotient system of the transition system

27


Transition System and its Quotient System

28

Overall View of TinyOS Automata

RFM

Radio byte

Radio Packet

bit

byte

packet

sensing applicationapplication

Task handler

Packet generation

rfm_clock

transmit_pack

rfm_rx_ev

rfm_tx_ev

rfm_rx_comp

rfm_tx_comp

rx_byte_ready

tx_byte_ready

tx_byte

packet_done_neg

packet_done_pos post_encode

post_decode

receive_pack

rfm_clock

rfm_rx_comp

rfm_tx_comp

29

Packet Generation and Application Automata

rt<=cbit_timept<=cidle drt=1

rt<=cbit_timept<=cgeneration drt=1

rt>= cbit_time /rt’=0, pt’=pt+1,sync rfm_clock

rt>=cbit_time/rt’=0, pt’=pt+1,sync rfm_clock

pt>=cidle/rt’=0, bit’=1,pt’=0,sync rfm_clock

pt>=cgeneration/rt’=0, bit’=0,pt’=0,sync rfm_clock

Packet_generation Application

rt=0,pt=0at=0

idle

generate

at<=cbetween dat=1

at>=cbetween/at’=0, sync transmit_pack

sync receive_pack/at’=0,sync trans_packet

cbit_time

cidle cgeneration

30

From TinyOS to Hytech

RFM

drfmt=0

sync rfm_clock/rfmt’=0,energy’=energy+crec

rfmt<=crec_handler drfmt=1

rfmt>=crec_handler/sync rfm_rx_ev

drfmt=0

sync rfm_rx_comp/

drfmt=0

sync rfm_clock/rfmt’=0,energy’=energy+ctrans

rfmt<=ctrans_handler drfmt=1

rfmt>=crec_handler/sync rfm_tx_ev

drfmt=0

syncrfm_tx_comp/

sync rfm_tx_comp/

sync rfm_rx_comp/

receive

rec_energy rec_wait

transmit

trans_waittrans_energy

Energy spent by the transceiver RFM

Packet Gen.

RFM Bit

Radio Byte

rfm_clock

rfm_rx_evrfm_rx_comp

31

From TinyOS to HyTechTask Handler

dht=0dct=0denergy=cactive

sync encode/ht’=cencode,ct’=0

sync decode/ht’=cdecode,ct’=0

ct<=ctask_post dht=0 dct=1 denergy=cactive

ct>=ctask_post/sync post_task_done

dht=0 dct=0denergy=cactive

sync rfm_rx_comp |sync rfm_tx_comp /

ht>=0dht=-1dct=0denergy=cactive

ht<=0/

sync rfm_clock/

sync rfm_clock/

sync rfm_rx_comp |sync rfm_tx_comp /

dht=0dct=0denergy=cinactive

sync encode/ht’=ht+cencode,ct’=0

sync decode/ht’=ht+cdecode,ct’=0

exec

op-waitop-exec

op

idleEnergy spent by processing events

Energy spent by posting tasks

Energy spent by processing tasks

32

Verification of TinyOS with HyTech

RFM Bit Level

Byte Level

Packet Level

idle packet level

byte levelreceiving

idle

…

transmitting

receiving

33

Verification of TinyOS with HyTech

Analysis commands for verification:init_reg := …..;

final_reg := loc[rpacket]=transmit & loc[rbyte]=receive;

reached := reach forward from init_reg endreach;

if empty(reached & final_reg)

then prints “working fine”

else print trace to final_reg using reached;

endif;

34

Power Analysis of TinyOS with HyTech

Power analysis through variable energy by using trace generation

feature of HyTech by setting final_reg = t>300000;

Power Consumption vs. # of Children

po

we

r

36

Hybrid Modeling of a Sensor Network

Uniform Distribution 100 node 100m x 100m 4 Macro Clusters Children determined

according to position distribution

37


4 Types of Node Automata.

Create an instance

for each node. Destroy the instance

when the node dies. Distribute the load to

its group. Notify upper group

when there is a death.

38


SHIFT - Describes dynamic networks of hybrid automata Components created,

interconnected, destroyed as the system evolves

Components interact through their inputs, outputs and exported events

39

Model of a node

x – Consumed energyf – Power consumptionS – Group of nodes

40

Validation Results

Need powerful nodes in group 1.

Group 1 suffers from high load and backoff time.

Group 4 dies at the same time.

41

Conclusion

Sensor nodes are aimed to be left without maintenance. Verification is needed for reliability.

Power is a detrimental concern in sensor world. Power analysis is needed for the life time of the node. Network power analysis is needed for the life time of the

network.

Modeling and Analysis are based on Hybrid Automata Verification and Power analysis with HyTech . Network power analysis with SHIFT.

42

End

Documents

EECE 396-1 Hybrid and Embedded Systems: Computation