eece 396-1 hybrid and embedded systems: computation
DESCRIPTION
EECE 396-1 Hybrid and Embedded Systems: Computation. T. John Koo, Ph.D. Institute for Software Integrated Systems Department of Electrical Engineering and Computer Science Vanderbilt University 300 Featheringill Hall April 1, 2004 [email protected] - PowerPoint PPT PresentationTRANSCRIPT
EECE 396-1Hybrid and Embedded Systems: Computation
T. John Koo, Ph.D.
Institute for Software Integrated Systems
Department of Electrical Engineering and Computer Science
Vanderbilt University
300 Featheringill HallApril 1, 2004
http://www.vuse.vanderbilt.edu/~kootj
2
Application: Time Automata
3
Outline
Motivation Hybrid Systems Verification of Timed Automata A Design Example Future Works
4
Distributed Sensing and Sensor Networks
Creation of a fundamental unifying framework for real-time distributed/decentralized information processing with applications to sensor networks
RFM
Radio byte
Radio Packet
UART
Serial Packet
i2c
Temp
photo
Active Messages
clocksbit
byte
packet
Route map router sensor applnapplication
HW
SW
ATMEL 4 Mhz CPURFM 916 MHz radio64KB EEPROMSensor Bus:
7 Analog sensors 2 I2C buses 1 SPI bus
Runs Tiny OS2 weeks on AA batteries1% duty w/ solar power
System Architecture for Networked Sensor
5
Distributed Sensing and Sensor Networks
Networked sensors dropped from an aerial vehicle
Ad hoc networking
6
Distributed Sensing and Sensor Networks
Recovering Flow from Distributed Networks In a dense sensor scenario, environmental data can be interpolated Over a few time steps, optical flow algorithms are applied to
determine flow Accuracy of results is highly dependent on the smoothness of the
flow
Sense temperature at nodes
Interpolate to grid points Compute flow
7
RFM
Radio byte
Radio Packet
UART
Serial Packet
i2c
Temp
photo
Active Messages
clocksbit
byte
packet
Route map router sensor applnapplication
HW
SW
System Architecture for Networked Sensors
Constrained two-level scheduling model: threads + events Components: Frame (storage), Threads (concurrency), Commands, and
Handlers (events) Constrained Storage Model Very lean multithreading Layering: components issue commands to lower-level components
8
TinyOS
TinyOS - component-based operating system Modularity by assembling only the software components to
synthesize application from hardware components Components as reentrant cooperating finite state machines
RFM
Radio byte
Radio Packet
photo
clocksbit
byte
packet
sensing applicationapplication
HW
SW
ADC
command
event
10
Example: Communication
RFM Bit Level
Byte Level
Packet Level
Event fountain handling
Task handling
Put processor sleep
…
1 byte = 18 bits
1 packet = 30 bytes
11
Design Considerations Characteristic of sensor networks
Dynamical behaviors depend on the environment Deploy once and leave without future maintenance Energy consumption varies between applications
We suggest to use formal methods to verify system performance to guarantee correct operation in
every circumstances predict lifetime of a given application scenario
Functional Behaviors +Temporal Behaviors
Timed Automata
System States = Discrete States + Continuous States(Time + Energy)State Transitions = Discrete Transitions(Events) + Continuous Transitions
12
What Are Hybrid Systems?
Dynamical systems with interacting continuous and discrete dynamics
13
Why Hybrid Systems?
Modeling abstraction of Continuous systems with phased operation
(e.g. walking robots, mechanical systems with collisions, circuits with diodes)
Continuous systems controlled by discrete inputs (e.g. switches, valves, digital computers)
Coordinating processes (multi-agent systems) Important in applications
Hardware verification/CAD, real time software Manufacturing, communication networks,
multimedia Large scale, multi-agent systems
Automated Highway Systems (AHS) Air Traffic Management Systems (ATM) Uninhabited Aerial Vehicles (UAV) Power Networks
q1
xç = à xx > 68
x < 70x := x
t
x
q2
xç = à x + 100x < 82
x > 80x := x
8280
75
7068
14
Research Issues Modeling & Simulation
Control: classify discrete phenomena, existence and uniqueness of execution, Zeno [Branicky, Brockett, van der Schaft, Astrom]
Computer Science: composition and abstraction operations [Alur-Henzinger, Lynch, Sifakis, Varaiya]
Analysis & Verification Control: stability, Lyapunov techniques [Branicky, Michel], LMI techniques
[Johansson-Rantzer] Computer Science: Algorithmic [Alur-Henzinger, Sifakis, Pappas-Lafferrier-
Sastry] or deductive methods [Lynch, Manna, Pnuelli], Abstraction [Pappas-Tabuada, Koo-Sastry]
Controller Synthesis Control: optimal control [Branicky-Mitter, Bensoussan-Menaldi],
hierarchical control [Caines, Pappas-Sastry], supervisory control [Lemmon-Antsaklis], safety specifications [Lygeros-Sastry, Tomlin-Lygeros-Sastry], control mode switching [Koo-Pappas-Sastry]
Computer Science: algorithmic synthesis [Maler et.al., Wong-Toi], synthesis based on HJB [Mitchell-Tomlin]
15
Verification Deductive Methods
Theorem-Proving techniques [Lynch, Manna, Pnuelli] Model Checking
State-space exploration [Alur-Henzinger, Sifakis, Pappas-Lafferrier-Sastry]
X S
X F
Post(X S)
Post(P) = fx 2 Xj9x0 2 P 9t õ 0 s:t: x = þ(t;ri;x0)g
Check if Post(X S) \ X F = ; ?
Forward Reachable Set
Reachability Problem
16
Computational Tools
Verification based on Modal Checking
FiniteAutomata
TimedAutomata
LinearAutomata
LinearHybrid Systems
NonlinearHybrid Systems
d/dtCheckMate
Timed COSPANKRONOSTimed HSISVERITIUPPAAL
HyTechCOSPANSMVVIS…
Requiem
x1
x2
Postr(x1)
Postr(x2)
F
Postr(F)
Post2r(F)Post23(x1)
Post2r(x2)
Post[0,r](F)
Post[0,2r](F)
17
Computational Tools
Simulation Ptolemy II: ptolemy.eecs.berkeley.edu Modelica: www.modelica.org SHIFT: www.path.berkeley.edu/shift Dymola: www.dynasim.se OmSim: www.control.lth.se/~cace/omsim.html ABACUSS: yoric.mit.edu/abacuss/abacuss.html Stateflow: www.mathworks.com/products/stateflow CHARON: http://www.cis.upenn.edu/mobies/charon/ Masaccio:
http://www-cad.eecs.berkeley.edu/~tah/Publications/masaccio.html
18
Computational Tools
Simulation
Models of Computation
System Complexity
Ptolemy II
DymolaModelica
ABACUSS
SHIFT
OmSim
MasaccioCHARON
StateFlow/Simulink
19
Hybrid Modeling of Sensor Networks
HyTech Verifies functional and temporal
properties of linear hybrid automata Based on Model Checking and providing
debugging traces Hybrid Automaton with flows which are
linear in time
SHIFT Models and simulates dynamic networks
of hybrid automata Components created, interconnected,
destroyed as the system evolves Components interact through their inputs,
outputs and exported events
q1
xç= 1x ô 10
x õ 10x := 0
q2
xç= 1x ô 20
x õ 20x := 0
t
x
20
10
10 30 40 60
t
event
10 30 40 60
20
Hybrid Modeling of Sensor Networks
HyTechq1
xç1 = 1xç2 = 1
(x1;x2) 2 <2
x1 ô 3^x2 ô 2x1 := 0 x2 := x2
q2
x1 ô 1x1 := x1 x2 := 0
x1
x2
2
1
1 2 30
xç1 = 1xç2 = 1
(x1;x2) 2 <2
x1 := 0x2 := 0
q1
x1
x2
2
1
1 2 30
q2
Example start of an execution of the timed automaton
21
Hybrid Modeling of Sensor Networks
HyTechq1
xç1 = 1xç2 = 1
(x1;x2) 2 <2
x1 ô 3^x2 ô 2x1 := 0 x2 := x2
q2
x1 ô 1x1 := x1 x2 := 0
xç1 = 1xç2 = 1
(x1;x2) 2 <2
x1 := 0x2 := 0
x1
x2
2
1
1 2 30
q1
x1
x2
2
1
1 2 30
q2
Reachability Problem:Starting from somewhere in an initial set, would the set of states eventually reach somewhere in the target set?
22
Hybrid Modeling of Sensor Networks
HyTechq1
xç1 = 1xç2 = 1
(x1;x2) 2 <2
x1 ô 3^x2 ô 2x1 := 0 x2 := x2
q2
x1 ô 1x1 := x1 x2 := 0
xç1 = 1xç2 = 1
(x1;x2) 2 <2
x1 := 0x2 := 0
Equivalent Classes
x1
x2
2
1
1 2 30
q1
12x2
30x2
18x2
x1
x2
2
1
1 2 30
q2
Every point in an equivalent class has the same reachability property.
23
Hybrid Modeling of Sensor Networks
HyTechq1
xç1 = 1xç2 = 1
(x1;x2) 2 <2
x1 ô 3^x2 ô 2x1 := 0 x2 := x2
q2
x1 ô 1x1 := x1 x2 := 0
xç1 = 1xç2 = 1
(x1;x2) 2 <2
x1 := 0x2 := 0
Equivalent Classes
x1
x2
2
1
1 2 30
q1
12x2
30x2
18x2
x1
x2
2
1
1 2 30
q2
Idea: The reachability problem for timed automaton (Transition System) can be answered on a FSM (Quotient Transition System) which is defined on the quotient space of the bisimulation.
24
Bisimulation-based Abstraction
Transition System To study the reachability properties of time automata, each timed automaton is converted
into a transition system.
Consider the equivalence relation, we have the following definitions:
Definition 1 (Bisimulation)
Both initial and final sets are union of equivalence classes
25
Bisimulation-based Abstraction
Transition System
26
Bisimulation-based Abstraction
Consider the transition system and the equivalence relation, we have the following result:
Therefore, one can define the reachability preserving quotient system of the transition system
27
Bisimulation-based Abstraction
Transition System and its Quotient System
28
Overall View of TinyOS Automata
RFM
Radio byte
Radio Packet
bit
byte
packet
sensing applicationapplication
Task handler
Packet generation
rfm_clock
transmit_pack
rfm_rx_ev
rfm_tx_ev
rfm_rx_comp
rfm_tx_comp
rx_byte_ready
tx_byte_ready
tx_byte
packet_done_neg
packet_done_pos post_encode
post_decode
receive_pack
rfm_clock
rfm_rx_comp
rfm_tx_comp
29
Packet Generation and Application Automata
rt<=cbit_timept<=cidle drt=1
rt<=cbit_timept<=cgeneration drt=1
rt>= cbit_time /rt’=0, pt’=pt+1,sync rfm_clock
rt>=cbit_time/rt’=0, pt’=pt+1,sync rfm_clock
pt>=cidle/rt’=0, bit’=1,pt’=0,sync rfm_clock
pt>=cgeneration/rt’=0, bit’=0,pt’=0,sync rfm_clock
Packet_generation Application
rt=0,pt=0at=0
idle
generate
at<=cbetween dat=1
at>=cbetween/at’=0, sync transmit_pack
sync receive_pack/at’=0,sync trans_packet
cbit_time
cidle cgeneration
30
From TinyOS to Hytech
RFM
drfmt=0
sync rfm_clock/rfmt’=0,energy’=energy+crec
rfmt<=crec_handler drfmt=1
rfmt>=crec_handler/sync rfm_rx_ev
drfmt=0
sync rfm_rx_comp/
drfmt=0
sync rfm_clock/rfmt’=0,energy’=energy+ctrans
rfmt<=ctrans_handler drfmt=1
rfmt>=crec_handler/sync rfm_tx_ev
drfmt=0
syncrfm_tx_comp/
sync rfm_tx_comp/
sync rfm_rx_comp/
receive
rec_energy rec_wait
transmit
trans_waittrans_energy
Energy spent by the transceiver RFM
Packet Gen.
RFM Bit
Radio Byte
rfm_clock
rfm_rx_evrfm_rx_comp
31
From TinyOS to HyTechTask Handler
dht=0dct=0denergy=cactive
sync encode/ht’=cencode,ct’=0
sync decode/ht’=cdecode,ct’=0
ct<=ctask_post dht=0 dct=1 denergy=cactive
ct>=ctask_post/sync post_task_done
dht=0 dct=0denergy=cactive
sync rfm_rx_comp |sync rfm_tx_comp /
ht>=0dht=-1dct=0denergy=cactive
ht<=0/
sync rfm_clock/
sync rfm_clock/
sync rfm_rx_comp |sync rfm_tx_comp /
dht=0dct=0denergy=cinactive
sync encode/ht’=ht+cencode,ct’=0
sync decode/ht’=ht+cdecode,ct’=0
exec
op-waitop-exec
op
idleEnergy spent by processing events
Energy spent by posting tasks
Energy spent by processing tasks
32
Verification of TinyOS with HyTech
RFM Bit Level
Byte Level
Packet Level
idle packet level
byte levelreceiving
idle
…
transmitting
receiving
33
Verification of TinyOS with HyTech
Analysis commands for verification:init_reg := …..;
final_reg := loc[rpacket]=transmit & loc[rbyte]=receive;
reached := reach forward from init_reg endreach;
if empty(reached & final_reg)
then prints “working fine”
else print trace to final_reg using reached;
endif;
34
Power Analysis of TinyOS with HyTech
Power analysis through variable energy by using trace generation
feature of HyTech by setting final_reg = t>300000;
Power Consumption vs. # of Children
po
we
r
36
Hybrid Modeling of a Sensor Network
Uniform Distribution 100 node 100m x 100m 4 Macro Clusters Children determined
according to position distribution
37
Hybrid Modeling of a Sensor Network
4 Types of Node Automata.
Create an instance
for each node. Destroy the instance
when the node dies. Distribute the load to
its group. Notify upper group
when there is a death.
38
Hybrid Modeling of a Sensor Network
SHIFT - Describes dynamic networks of hybrid automata Components created,
interconnected, destroyed as the system evolves
Components interact through their inputs, outputs and exported events
39
Model of a node
x – Consumed energyf – Power consumptionS – Group of nodes
40
Validation Results
Need powerful nodes in group 1.
Group 1 suffers from high load and backoff time.
Group 4 dies at the same time.
41
Conclusion
Sensor nodes are aimed to be left without maintenance. Verification is needed for reliability.
Power is a detrimental concern in sensor world. Power analysis is needed for the life time of the node. Network power analysis is needed for the life time of the
network.
Modeling and Analysis are based on Hybrid Automata Verification and Power analysis with HyTech . Network power analysis with SHIFT.
42
End