Showing papers by "Alberto Sangiovanni-Vincentelli published in 2005"

Guidelines for a graduate curriculum on embedded software and systems

Abstract: The design of embedded real-time systems requires skills from multiple specific disciplines, including, but not limited to, control, computer science, and electronics This often involves experts from differing backgrounds, who do not recognize that they address similar, if not identical, issues from complementary angles Design methodologies are lacking in rigor and discipline so that demonstrating correctness of an embedded design, if at all possible, is a very expensive proposition that may delay significantly the introduction of a critical product While the economic importance of embedded systems is widely acknowledged, academia has not paid enough attention to the education of a community of high-quality embedded system designers, an obvious difficulty being the need of interdisciplinarity in a period where specialization has been the target of most education systems This paper presents the reflections that took place in the European Network of Excellence Artist leading us to propose principles and structured contents for building curricula on embedded software and systems

Platform-Based Design for Embedded Systems.

Abstract: A platform is an abstraction layer that hides the details of several possible implementation refinements of the underlying layers. It is a library of elements characterized by models that represent their functionalities and offer an estimation of (physical) quantities that are of importance for the designer. The library contains interconnects and rules that define what are the legal composition of the elements. A legal composition of elements and interconnects is called a platform instance. Platform-based design is a meet-in-the-middle process, where successive refinements of specifications meet with abstractions of potential implementations that are captured in the models of the elements of the platform. It is this characteristic that makes platform-based design a novel design method. We argue for the importance of structuring precisely the platform layers and we discuss how to define formally the transitions from one platform to the next. In particular, we emphasize the interplay of top-down constraint propagation and bottomup performance estimation while illustrating the notion of articulation point in the design process. In this context, we study the key role played by the API platform together with the micro-architecture platform in embedded system design. Also, we report on three applications of platform-based design: at the system-level, we discuss network platforms for communication protocol design and fault-tolerant platforms for the design of safety-critical applications; at the implementation level, we present analog platforms for mixed-signal integrated circuit design.

A Service-Based Universal Application Interface for Ad Hoc Wireless Sensor and Actuator Networks

Abstract: A set of services and interface primitives to be offered to an application programmer of an ad hoc wireless sensor and actuator network (AWSAN) is described. As the definition of sockets has made the use of communication services in the Internet independent of the underlying protocol stack, communication medium and even operating system, the proposed application interface, called the “sensor network services platform” (SNSP), identifies an abstraction that is offered to any sensor network application and supported by any sensor network platform. The SNSP builds on the query/command paradigm already used in several sensor network implementations and further adds time synchronization, location and naming services that support the communication and coordination among application components.

Correct-by-Construction Transformations across Design Environments for Model-Based Embedded Software Development

Abstract: Embedded software design for real time reactive system has become the bottleneck in the market introduction of complex products such as automobiles, airplanes, and industrial control plants. In particular, functional correctness and reactive performance are increasingly difficult to verify. The advent of model-based design methodologies has alleviated some of the verification-related problems by making the code-generation process flow automatically from the model description. Given the relative infancy of this approach, several companies rely upon design flows based on different tools connected together by file transfer. This way of integrating tools defeats the very purpose of the methodology introducing a high potential of errors in the transformation from one format to another and preventing formal analysis of the properties of the design. In this paper, we propose to adopt a formal transformation across different tools and we give an example of this approach by linking two tools that are widely used in the automotive domain: Simulink and ASCET. We believe that this approach can be applied to any embedded software design flow to leverage the power of all the tools in the flow.

Controller synthesis on non-uniform and uncertain discrete–time domains

Abstract: The problem of synthesizing feedback controllers that perform sensing and actuation actions on non–uniform and uncertain discrete time domains is considered. This class of problems is relevant to many application domains. For instance, in engine control a heterogenous and, to some extent, uncertain event–driven time domain is due to the behavior of the 4-stroke internal combustion engine, with which the controller has to synchronize to operate the engine properly. Similar problems arise also in standard discrete–time control systems when considering the behavior of the system with controller implementation and communication effects. The design problem is formalized in a hybrid system framework; synthesis and verification methods, based on robust stability and robust performance results, are presented. The effectiveness of the proposed methods is demonstrated in an engine control application.

An overview of embedded system design education at berkeley

Abstract: Embedded systems have been a traditional area of strength in the research agenda of the University of California at Berkeley. In parallel to this effort, a pattern of graduate and undergraduate classes has emerged that is the result of a distillation process of the research results. In this paper, we present the considerations that are driving our curriculum development and we review our undergraduate and graduate program. In particular, we describe in detail a graduate class (EECS249: Design of Embedded Systems: Modeling, Validation and Synthesis) that has been taught for six years. A common feature of our education agenda is the search for fundamentals of embedded system science rather than embedded system design techniques, an approach that today is rather unique.

Extensible and scalable time triggered scheduling

Abstract: The objective of this paper is to present how to design a system that can accommodate additional functionality with either no changes to the design or adding architectural modules without changing the implementation of the legacy functionality. This objective is very relevant to industrial domains where an architecture is designed before the full range of functionalities to support is known. We focus on an important aspect of the design of automotive systems: the scheduling problem for hard real time distributed embedded systems. Two metrics are used to capture the design goals. The metrics are optimized subject to a set of constraints within a mathematical programming framework. The cost of modifying a legacy system is characterized at an electrical control unit (ECU) component level. Results obtained in automotive applications show that the optimization framework is effective in reducing development and re-verification efforts after incremental design changes.

Efficient embedded software design with synchronous models

Abstract: Model-based design is an important approach for embedded software. The method starts from a mathematical representation of the design problem and derives the software implementation from this representation. The model that has had most success especially for control dominated application is synchronous reactive. While this model simplifies the way of dealing with concurrency by decoupling functional and timing aspects, when implemented, it may be inefficient since the synchronous assumption implies constraints that are stronger than needed. We present in this paper a method for improving the efficiency of the software design process, by relaxing computation constraints, while preserving the synchronous computation semantics, with the introduction of a particular inter-task communication mechanism. We show how this mechanism can be implemented on single processor, multi processor and distributed implementation platforms.

Maximizing the stability radius of a set of systems under real-time scheduling constraints

Abstract: We address the problem of synthesising real-time embedded controllers taking into account constraints deriving from the implementation platform, thus exploring the relation between the processor's time (or "attention") devoted to different control tasks and the overall robustness of the resulting design. Assuming a time-triggered model of computation for tasks controlling a set of independent systems and a real-time preemptive scheduling policy managing a single CPU processor board, we deal with two problems: 1) deciding whether a performance specification can be attained on a candidate platform, 2) optimising performance on a platform. The considered performance metric is the minimum stability radius attained over the different feedback loops.

Platform based design for wireless sensor networks

Abstract: The platform-based design (PBD) methodology we present has its foundations in a clear definition of the different abstraction layers of a wireless sensor network (WSN) At the application layer, we introduce the sensor network service platform that allows the user to describe the application independently from the network architecture This functional description is then mapped into an instance of the sensor network implementation platform These two layers of abstraction are the basis for the design methodology An essential feature of the methodology is the capability of defining the design as a refinement process between contiguous layers that is based on synthesis given the existence of a formal definition of the layers of abstraction We present a framework, called Rialto, which translates application specifications into network constraints Furthermore, we present a synthesis engine, called Genesis, that starting from these constraints and an abstraction of the hardware platform performance generates a topology and a communication protocol that satisfy constraints and optimizes energy consumption We present a case study that shows how the methodology covers all the aspects of the design process, from conceptual description to implementation

Tag machines

Abstract: Heterogeneity is a challenge to overcome in the design of embedded systems. We presented in the recent past a theory for the composition of heterogeneous components based on tagged systems, a behavioral (denotational) framework. in this paper, we present an operational view of tagged systems, where we focus on tag machines as mathematical artifacts that act as finitary generators of tagged systems. Properties of tag machines are investigated. A fundamental theorem on homogeneous compositionality is given as a first step towards an operational theory of heterogeneous systems.

FSM re-engineering and its application in low power state encoding

Abstract: We propose finite state machine (FSM) re-engineering, a performance enhancement framework for FSM synthesis and optimization procedure. We start with any traditional FSM synthesis and optimization procedure; then reconstruct a functionally equivalent but topologically different FSM based on the optimization objective; and conclude with another round of FSM synthesis and optimization (can be the same procedure) on the newly constructed FSM. This allows us to explore a larger solution space that includes synthesis solutions to the functionally equivalent FSMs instead of only the original FSM, making it possible to obtain solutions better than the optimal ones for the original FSM. Guided by the result of the first round FSM synthesis, the solution space exploration process can be rapid and cost-efficient. To demonstrate this framework, we develop a genetic algorithm and a fast heuristic to reengineer a low power state encoding procedure POW3 (Benini and Micheli, 1995). On average, POW3 can reduce the switching activity by 12% over nonpower-driven state encoding schemes on the MCNC FSM benchmarks. We then reengineer these benchmarks by the proposed genetic algorithm and heuristic respectively. When we apply POW3 to the reengineered FSMs, we observe an additional 8.9% and 6.0% switching activity reduction. This translates to an average of 7.9% energy reduction with little area increase. Finally, we obtain the optimal low power coding for benchmarks of small size from an integer linear programming formulation. We find that the POW3-encoded original FSMs are 27.0% worse than the optimal, but this number drops to 6.7% when we apply POW3 to the reengineered FSMs.

A formal approach to fault tree synthesis for the analysis of distributed fault tolerant systems

Abstract: Designing cost-sensitive real-time control systems for safety-critical applications requires a careful analysis of both performance versus cost aspects and fault coverage of fault tolerant solutions. This further complicates the difficult task of deploying the embedded software that implements the control algorithms on a possibly distributed execution platform (for instance in automotive applications). In this paper, we present a novel technique for constructing a fault tree that models how component faults may lead to system failure. The fault tree enables us to use existing commercial analysis tools to assess a number of dependability metrics of the system. Our approach is centered on a model of computation, Fault Tolerant Data Flow (FTDF), that enables the integration of formal verification techniques. This new analysis capability is added to an existing design framework, also based on FTDF, that enables a synthesis-based, correct-by-construction, design methodology for the deployment of real-time feedback control systems in safety critical applications.

Interchange formats for hybrid systems: review and proposal

Abstract: Interchange formats have been the backbone of the EDA industry for several years. They are used as a way of helping the development of design flows that integrate foreign tools using formats with different syntax and, more importantly, different semantics. The need for integrating tools coming from different communities is even more severe for hybrid systems because of the relative immaturity of the field and the intrinsic difficulty of the mathematical underpinnings. In this paper, we provide a discussion about interchange formats for hybrid systems, we survey the approaches used by different tools for analysis (simulation and formal verification) and synthesis of hybrid systems, and we give a recommendation for an interchange format for hybrid systems based on the Metropolis metamodel. The proposed interchange format has rigorous semantics and can accommodate the translation to and from the formats of the tools we have surveyed while providing a formal reasoning framework.

Efficient Solution of Optimal Control Problems Using Hybrid Systems

Abstract: We consider the synthesis of optimal controls for continuous feedback systems by recasting the problem to a hybrid optimal control problem: synthesize optimal enabling conditions for switching between locations in which the control is constant. An algorithmic solution is obtained by translating the hybrid automaton to a finite automaton using a bisimulation and formulating a dynamic programming problem with extra conditions to ensure non-Zenoness of trajectories. We show that the discrete value function converges to the viscosity solution of the Hamilton--Jacobi--Bellman equation as a discretization parameter tends to zero.

SERAN: a semi random protocol solution for clustered wireless sensor networks

Abstract: SERAN is a two-layer (routing and MAC) protocol for wireless sensor networks in manufacturing plants. At both layers, SERAN combines a randomized and a deterministic approach. While the randomized component provides robustness over unreliable channels, the deterministic component avoids an explosion of packet collisions and allows our protocol to scale with network size. Our solution is based on a mathematical model that characterizes performance accurately without extensive simulations. SERAN is robust against node failures and clock drifts, supports data aggregation algorithms and is easily implementable in any of the existing hardware platforms. Although SERAN was designed for manufacturing plants applications, it can be used in any type of clustered topology. We consider a representative case study and we present simulation results to show SERAN efficiency

Embedded system education: a new paradigm for engineering schools?

Abstract: Embedded systems are emerging as an essential component of modern electronic products. Embedded system design problems are posing challenges that involve entirely new skills for engineers. These skills are related to the combination of traditionally disjoint engineering disciplines. There is a shared concern that today's educational systems are not providing the appropriate foundations for embedded systems. We believe a new education paradigm is needed.We will argue this point using the example of an emerging curriculum on embedded systems at the University of California at Berkeley. This curriculum is the result of a distillation process of more than ten years of intense research work. We will present the considerations that are driving the curriculum development and we review our undergraduate and graduate program. In particular, we describe in detail a graduate class (EECS249: Design of Embedded Systems: Modeling, Validation and Synthesis) that has been taught for six years. A common feature of our education agenda is the search for fundamentals of embedded system science rather than embedded system design techniques, an approach that today is rather unique.

JPEG encoding on the Intel MXP5800: a platform-based design case study

Abstract: Multimedia systems are becoming increasingly complex and concurrent. The platform-based design (PBD) methodology (Keutzer et al., 2000) tackles these issues by recommending the use of formal models, carefully defined abstraction layers and the separation of concerns. Models of computation (Lee and Sangiovanni-Vincentelli, 1998) (MoCs) can be used within this methodology to enable specialized synthesis and verification techniques. In this paper, these concepts are leveraged in an industrial case study: the JPEG encoder application deployed on the Intel MXP5800 imaging processor. The modeling is carried out in the Metropolis (Balarin et al., 2003) design framework. We show that the system-level model using our chosen model of computation allows performance estimation within 5% of the actual implementation. Moreover, the chosen MoC is amenable to automation, which enables future synthesis techniques.

Rialto: a bridge between description and implementation of control algorithms for wireless sensor networks

Abstract: Rialto is a design framework that allows separating the description of a control application for wireless sensor networks from its physical network implementation. The methodology supported by Rialto consists of two steps:An application is described in a Rialto Model in terms of logical components queries and commands.The description is translated into an internal format called RialtoNet that is used to explore all the possible sequence of queries and commands that the application may lead to. The RialtoNet is executed and a set of constraints on the communication and sensing infrastructure is generated.The semantics of RialtoNet is based on a MoC that takes inspiration from Kahn Process Networks, but blocking rules are conveniently modified to exploit the domain specificity.Our approach offers a clear interface to the application designer as Rialto automatically bridges the gap between application and implementation. Hence, Rialto facilitates the adoption of wireless sensor networks technology in application domains, such as industrial control, where the application designer is not a communication engineer.

Metropolis: a Design Environment for Heterogeneous Systems

Abstract: Publisher Summary This chapter presents the Metropolis design environment for the design of complex electronic systems. It is based on a metamodel with formal semantics, which can be used to capture designs directly or import them from other specification languages. It also supports simulation, formal analysis, and synthesis tools. The framework is conceived to encompass different application domains. Each application domain needs different models, tools, and flows. Metropolis captures heterogeneous system designs in a unified semantic model. Heterogeneity is supported at the utmost level in Metropolis to allow this kind of customization. The formal semantics of the metamodel permits embedding of models of computation in a rigorous framework, thus favoring design reuse and design chain support. The features of the system facilitate the designers with different knowledge domains. The chapter also uses a multimedia design as an example of the use of Metropolis.

Simulation based deadlock analysis for system level designs

Abstract: In the design of highly complex, heterogeneous, and concurrent systems, deadlock detection and resolution remains an important issue. In this paper, we systematically analyze the synchronization dependencies in concurrent systems modeled in the Metropolis design environment, where system functions, high level architectures and function-architecture mappings can be modeled and simulated. We propose a data structure called the dynamic synchronization dependency graph, which captures the runtime (blocking) dependencies. A loop-detection algorithm is then used to detect deadlocks and help designers quickly isolate and identify modeling errors that cause the deadlock problems. We demonstrate our approach through a real world design example, which is a complex functional model for video processing and a high level model of function-architecture mapping.

A formal approach to system level design: metamodels and unified design environments

Abstract: The debate about efficient methods for hardware-software co-design has taken interesting turns over the years. In this paper, we argue that the essential problems to solve are prior to the decision on how to partition the system in hardware-software. We present a formal platform-based design method we have proposed over the years and a design environment, Metropolis, supporting the methodology, which starts by capturing the design specifications at the highest level of abstraction and then proceed toward an efficient implementation by subsequent refinement steps. We present the modeling strategy used in Metropolis based on formal semantics that is general enough to support the models of computation proposed so far and that facilitates the creation of new ones. Nonfunctional and declarative constraints can also be captured using a logic language.

Hybrid Systems in Automotive Electronics Design

Abstract: Automotive is certainly one of the most attractive and promising application domains for hybrid system techniques. Indeed, some hybrid models and algorithms have already been successfully applied for automotive control designs. However, despite the significant advances achieved in the past few years, hybrid methods are in general still not mature enough for their effective introduction in the automotive industry design processes at large. In this paper, we take a broad view of the development process for embedded control systems in the automotive industry with the purpose of identifying challenges and opportunities for hybrid systems in the design flow.

Fault tolerant data flow modeling using the generic modeling environment

Abstract: Designing embedded software for safety-critical, real-time feedback control applications is a complex and error prone task. Fault tolerance is an important aspect of safety. In general, fault tolerance is achieved by duplicating hardware components, a solution that is often more expensive than needed. In applications such as automotive electronics, a subset of the functionalities has to be guaranteed while others are not crucial to the safety of the operation of the vehicle. In this case, we must make sure that this subset is operational under the potential faults of the architecture. A model of computation called fault-tolerant data flow (FTDF) was recently introduced to describe at the highest level of abstraction of the design the fault tolerance requirements on the functionality of the system. Then, the problem of implementing the system efficiently on a platform consists of finding a mapping of the FTDF model on the components of the platform. A complete design flow for this kind of application requires a user-friendly graphical interface to capture the functionality of the systems with the FTDF model, algorithms for choosing an architecture optimally, (possibly automatic) code generation for the parts of the system to be implemented in software and verification tools. In this paper, we use the generic modeling environment (GME) developed at Vanderbilt University to design a graphical design capture system and to provide the infrastructure for automatic code generation. The design flow is embedded into the Metropolis environment developed at the University of California at Berkeley to provide the necessary verification and analysis framework.

Randomized Algorithms for Platform-based Design

Abstract: The design of automotive control systems is becoming increasingly complex as the level of performance required by car manufactures grows continuously and the constraints on cost and development time imposed by the market become tighter A successful design, without costly and time consuming re-desing cycles, can be achieved only be using an efficient design methodology that allows for component re-use and evaluation of platform requirements at the early stages of the design flow In this paper, we illustrate a control-implementation design methodology for the development of embedded controllers by composition of algorithms picked up from libraries Randomized algorithms and hybrid system theory are used to develop techniques for functional and architecture evaluations, which are implemented in a prototype tool

System-level design: a strategic investment for the future of the electronic industry

Abstract: A rigorous and well-supported system-level design methodology is essential to solve some of the pressing problems of the electronics. In the electronic system industry (e.g., automotive, consumer, defense, telecommunication), the reduction of the life time of products, the increasing market demands in terms of cost and features, the complexity of the design problem have created problems that are causing severe inefficiencies and may even jeopardize the economic viability of a company. In the semiconductor industry, the deep submicron effects, the increasing manufacturing and NRE costs, make the design of new circuits a very challenging proposition. These combined effects require a novel way of approaching the design problems. We present some issues and potential solutions stressing the strategic nature of system level design. Investing in methodologies, environments and tools for system-level design has to be considered strategic by all players in the electronic industry.

A structural approach to quasi-static schedulability analysis of communicating concurrent programs

Abstract: We describe a system as a set of communicating concurrent programs. Quasi-static scheduling compiles the concurrent programs into a sequential one. It uses a Petri net as an intermediate model of the system. However, Petri nets generated from many interesting applications are not schedulable. In this paper, we show the underlying mechanism which causes unschedulability in terms of the structure of a Petri net. We introduce a Petri net structural property and prove unschedulability if the property holds. We propose a linear programming based algorithm to check the property, and prove the algorithm is valid. Our approach prove unschedulability typically within a second for Petri nets generated from industrial JPEG and MPEG codecs, while the scheduler fails to terminate within 24 hours.

Integrated Electronics in the Car and the Design Chain Evolution or Revolution

Abstract: To deliver better-performing, less-expensive, and safer cars with increasingly tighter time-to-market constraints imposed by worldwide competitiveness, the future development process for automotive electronic systems must provide solutions to: the design of complex functionality with tight requirements on safety and correctness; the design of distributed architectures consisting of several subsystems with constraints on nonfunctional metrics such as cost, power consumption, weight, position, and reliability; and the mapping of the functionality (often implemented as OEM application software) onto the components of a distributed architecture with tight real-time and communication constraints.