Overview of PTIDES Project

Overview of PTIDES Project

Jia ZouSlobodan Matic

Edward LeeThomas Huining Feng

Patricia Derler

University of California, Berkeley

2/21

Reliable and Evolvable Networked Time-Sensitive Systems, Integrated with Physical Processes

• Cyber Physical Systems:

3/21

CPS Requirements – Printing Press • Application aspects

• local (control)• distributed (coordination)• global (modes)

• Open standards (Ethernet)• Synchronous, Time-Triggered• IEEE 1588 time-sync protocol

• High-speed, high precision• Speed: 1 inch/ms• Precision: 0.01 inch

-> Time accuracy: 10us

Bosch-RexrothOrchestrated networked resources built with sound design principles on suitable abstractions

DETERMINISM TIMED SEMANTICS

4/21

PTIDES:

HW PlatformSoftware Component

Library

Ptides Model Code Generator

PtidyOS

Code

Plant Model

Network Model

HW in the Loop

Simulator

Causality Analysis Program Analysis

Schedulability Analysis

Analysis

Mixed Simulator

5/21

PTIDES Model• Programming Temporally Integrated Distributed Embedded Systems– Based on Discrete-Event model of computation

• Event processing is in time-stamp order• Deterministic under simple causality conditions

– fixed-point semantics– super-dense time

6/21

Causality Interface• Software components are actor-oriented– All actors are reactive• Consume input event(s) and produce output event(s)• Sensors react to the physical environment

• Interface represented by δ– δ is the minimum model time delay from the input to the

output

– Compositionality properties: Min-plus algebra

τ

Actor A

τ’δτ’ ≥ τ + δ

δδ

7/21

Model vs. Physical Time

t ≥ τ

t ≤ τ

i4

doτ1

• At sensors and actuators• Relate model time (τ) to physical time (t)

model time

physical time

τ10

t1

τ4

t40

8/21

Single Processor PTIDES Example

t ≥ τ , t ≤ τ + do

t ≤ τ

i4

doτ1

τ2

model time

physical time

τ2

t2

e2 at i2

0

0

• Bounded sensor latency (d0)

9/21

Single Processor PTIDES Example

t ≥ τ , t ≤ τ + do

t ≤ τ

i4

doτ1

τ2

model time

physical time

τ2

t2 τ2+d0

e2 safe to process if t > τ2 + do

0

0

10/21

Single Processor PTIDES Example

t ≤ τ + do

t ≤ τ

i4

doτ1

τ2

model time

physical time t2 τ1+ d0

τ10

0

e2 safe to process if t > τ2 + do

11/21

d 1

τ1

τ2

Distributed PTIDES Example

d01

Sensor

Actuator

do2

Network Interface

o3

τ

d 2

τ3

τ4

• Local event processing decisions:• Bounded communication latency (d0)• Distributed platforms time-synchronized with bounded error (e)

Merge

τ cannot be rendered unsafe by events from outside of the platform at:t > τ + do2 + e - d2

12/21

Distributed PTIDES Example

d01

Sensor

Actuator

do2

Network Interface

o3

τ

d 2

τ3

τ4

• Local event processing decisions:• Bounded communication latency (d0)• Distributed platforms time-synchronized with bounded error (e)

Merge

τ1

d 1

τ1 may result in future event of timestamp τ1’ ≥ τ1 + d1

13/21

General Execution Strategy

d01

Sensor

Actuator

do2

Network Interface

o3

τ

d 2

τ3

τ4

• An event e is safe to process if no other event e’ may render e unsafe• out of the platform -> clock test • within the same platform as e -> model delay test

Merge

τ1

d 1

τ cannot be rendered unsafe by events from outside of the platform at:t > τ + do2 + e - d2

For all events within the platform:τi + di ≥ τ

14/21

What Did We Gain?

e1 = (v1, τ1)Merge

δsafe to process analysis for e

First Point: Ensures deterministic data outputs

e2 = (v2, τ2)

safe to process analysis for e

e1, e2, …

t ≤ τ + do

t ≤ τ

i4

doτ1

τ2

Second Point: Ensures deterministic timing delay from Sensor to Actuator

15/21

What’s More…

Third Point: Decoupling of design from hardware platform

Schedulability analysis

16/21

PTIDES:

HW PlatformSoftware Component

Library

Ptides Model Code Generator

PtidyOS

Code

Plant Model

Network Model

HW in the Loop

Simulator

Causality Analysis Program Analysis

Schedulability Analysis

Analysis

Mixed Simulator

17/21

Schedulability Analysis

• Requires WCET of software components + event models

• Three cases:– Zero event processing time assumption (feasibility test)

• if P fails, P will not satisfy constraints on any hardware

– No resource sharing assumption (an event is processed as soon it is safe)• if P fails, P may still satisfy constraints on other hardware

– Resource sharing (a safe event is processed according to a scheduling algorithm)• if P fails, P does not satisfy this implementation (and algorithm)

18/21

PTIDES Scheduler Implementations• Two layer execution engine– Event coordination (safe-to-process)– Event scheduling (prioritize safe events)

• Earliest Deadline First foundation– EDF is optimal with respect to feasibility– Deadline based on path from input port to actuator

e1 = (v1, τ1)Actor A

δ

Actuator

Deadline(e1) = τ1 + δ

19/21

PTIDES:

HW PlatformSoftware Component

Library

Ptides Model Code Generator

PtidyOS

Code

Plant Model

Network Model

HW in the Loop

Simulator

Causality Analysis Program Analysis

Schedulability Analysis

Analysis

Mixed Simulator

20/21

PtidyOS

• Lightweight real-time operating system (RTOS)– Software components (actors) are “glued together”

by a code generator into an executable– Scheduler combine EDF with PTIDES

• Process events in deadline order– Interrupts

• All execution are done within ISR• Reentrant interrupts

– Experimenting with Luminary board with IEEE1588 support

21/21

PTIDES Program Design Workflow

HW Platform

PtidyOS