Overview of PTIDES Project Jia Zou Slobodan Matic
Overview of PTIDES Project Jia Zou Slobodan Matic Edward Lee Thomas Huining Feng Patricia Derler University of California, Berkeley
Reliable and Evolvable Networked Time-Sensitive Systems, Integrated with Physical Processes • Cyber Physical Systems: 2/21
CPS Requirements – Printing Press • Application aspects • • • local (control) distributed (coordination) global (modes) • Open standards (Ethernet) • • Synchronous, Time-Triggered IEEE 1588 time-sync protocol • High-speed, high precision • • Bosch-Rexroth Speed: 1 inch/ms Precision: 0. 01 inch -> Time accuracy: 10 us Orchestrated networked resources built with sound design principles on suitable abstractions DETERMINISM TIMED SEMANTICS 3/21
PTIDES: Analysis Schedulability Analysis Causality Analysis Ptides Model Program Analysis Code Generator Code Ptidy. OS Software Component Library Mixed Simulator Plant Model HW Platform HW in the Loop Simulator Network Model 4/21
PTIDES Model • Programming Temporally Integrated Distributed Embedded Systems – Based on Discrete-Event model of computation • Event processing is in time-stamp order • Deterministic under simple causality conditions – fixed-point semantics – super-dense time 5/21
Causality Interface • Software components are actor-oriented – All actors are reactive • Consume input event(s) and produce output event(s) • Sensors react to the physical environment • Interface represented by δ – δ is the minimum model time delay from the input to the output Actor A τ’ ≥ τ + δ τ τ’ δ δ δ – Compositionality properties: Min-plus algebra 6/21
Model vs. Physical Time • At sensors and actuators • Relate model time (τ) to physical time (t) t≥τ do t≤τ τ1 i 4 model time 0 physical time 0 τ1 τ4 t 1 t 4 7/21
Single Processor PTIDES Example • Bounded sensor latency (d 0) t ≥ τ , t ≤ τ + do do t≤τ τ1 i 4 τ2 model time 0 physical time 0 τ2 e 2 at i 2 t 2 8/21
Single Processor PTIDES Example t ≥ τ , t ≤ τ + do do t≤τ τ1 i 4 τ2 model time 0 physical time 0 τ2 t 2 τ 2 + d 0 e 2 safe to process if t > τ2 + do 9/21
Single Processor PTIDES Example t ≤ τ + do do t≤τ τ1 i 4 τ2 model time 0 physical time 0 τ1 t 2 τ 1 + d 0 e 2 safe to process if t > τ2 + do 10/21
Distributed PTIDES Example • Local event processing decisions: • Bounded communication latency (d 0) • Distributed platforms time-synchronized with bounded error (e) d 1 Sensor d 01 τ2 Network Interface do 2 τ1 o 3 τ cannot be rendered unsafe by events from outside of the platform at: t > τ + do 2 + e - d 2 τ Merge Actuator τ3 τ4 d 2 11/21
Distributed PTIDES Example • Local event processing decisions: • Bounded communication latency (d 0) • Distributed platforms time-synchronized with bounded error (e) τ1 may result in future event of timestamp τ1’ ≥ τ1 + d 1 Sensor d 01 τ1 τ Network Interface do 2 o 3 Merge Actuator τ3 τ4 d 2 12/21
General Execution Strategy • An event e is safe to process if no other event e’ may render e unsafe • out of the platform -> clock test • within the same platform as e -> model delay test For all events within the platform: τ i + di ≥ τ d 1 Sensor d 01 τ1 τ Network Interface do 2 o 3 τ3 τ4 d 2 Merge Actuator τ cannot be rendered unsafe by events from outside of the platform at: t > τ + do 2 + e - d 2 13/21
What Did We Gain? e 1 = (v 1, τ1) safe to process analysis for e e 2 = (v 2, τ2) t ≤ τ + do do τ1 Merge δ First Point: Ensures deterministic data outputs e 1, e 2, … Second Point: Ensures deterministic timing delay from Sensor to Actuator t≤τ i 4 τ2 14/21
What’s More… Third Point: Decoupling of design from hardware platform Schedulability analysis 15/21
PTIDES: Analysis Schedulability Analysis Causality Analysis Ptides Model Program Analysis Code Generator Code Ptidy. OS Software Component Library Mixed Simulator Plant Model HW Platform HW in the Loop Simulator Network Model 16/21
Schedulability Analysis • Requires WCET of software components + event models • Three cases: – Zero event processing time assumption (feasibility test) • if P fails, P will not satisfy constraints on any hardware – No resource sharing assumption (an event is processed as soon it is safe) • if P fails, P may still satisfy constraints on other hardware – Resource sharing (a safe event is processed according to a scheduling algorithm) • if P fails, P does not satisfy this implementation (and algorithm) 17/21
PTIDES Scheduler Implementations • Two layer execution engine – Event coordination (safe-to-process) – Event scheduling (prioritize safe events) • Earliest Deadline First foundation – EDF is optimal with respect to feasibility – Deadline based on path from input port to actuator Actor A e 1 = (v 1, τ1) Actuator δ Deadline(e 1) = τ1 + δ 18/21
PTIDES: Analysis Schedulability Analysis Causality Analysis Ptides Model Program Analysis Code Generator Code Ptidy. OS Software Component Library Mixed Simulator Plant Model HW Platform HW in the Loop Simulator Network Model 19/21
Ptidy. OS • Lightweight real-time operating system (RTOS) – Software components (actors) are “glued together” by a code generator into an executable – Scheduler combine EDF with PTIDES • Process events in deadline order – Interrupts • All execution are done within ISR • Reentrant interrupts – Experimenting with Luminary board with IEEE 1588 support 20/21
PTIDES Program Design Workflow Ptidy. OS HW Platform 21/21
- Slides: 21