Lecture 11 : Part I: Zones Part II: TTAs - PowerPoint PPT Presentation

About This Presentation
Title:

Lecture 11 : Part I: Zones Part II: TTAs

Description:

Can be efficiently represented as Difference Bounded Matrices (edge weighted directed graphs) ... Invent a new clock variable x0 (which will always be 0) ... – PowerPoint PPT presentation

Number of Views:28
Avg rating:3.0/5.0
Slides: 42
Provided by: dcs2
Category:

less

Transcript and Presenter's Notes

Title: Lecture 11 : Part I: Zones Part II: TTAs


1
Lecture 11 Part I ZonesPart II TTAs
  • CS5270, P.S. Thiagarajan

2
Zones
  • A more compact representation.
  • Of equivalence classes of valuations.
  • Can be efficiently represented as Difference
    Bounded Matrices (edge weighted directed graphs).
  • DBMs admit a canonical representation.
  • DBMs can be manipulated efficiently.

3
Why not regions?
  • The number of regions can be very large
  • Exponential in the number of clocks AND in the
    size of the maximal constants appearing in the
    clock constraints.
  • Practical verification becomes infeasible.

4
An Example
y
x
5
0-dimensional regions 12
y
x
6
1-dimensional regions 23
y
x
7
2-dimensional regions 12
y
x
8
Total number of regions 47
y
x
9
One Zone (2 x 5) ? (2 y 4)
y
x
10
Zones
  • A zone is a clock constraint of a particular
    form.
  • Z x ? c x y ? c ?1 ? ?2
  • ? ? lt, , gt, ?
  • c is a natural number.
  • Every region is a zone (exercise!).

11
Zone Automaton
  • Every TTA has an associated Zone automaton ZTTA.
  • This can be constructed effectively.
  • But this does not do too much for us.
  • Savings occur when we construct the Zone
    automaton on the fly to check reachability
    properties.

12
The Basic Algorithm.
  • Symbolic Reachability Analysis Algorithm
  • PASSED ? WAIT (s0, D0)
  • While WAIT ? ? do
  • take (s, D) from WAIT
  • If s sf then return YES
  • if D is not a subset of D for every (s, D)
    in PASSED then add (s, D) to PASSED.
  • For all (s1, D1) so that (s, D) ----gt
    (s1, D1),
  • add (s1, D1) to WAIT.
  • end for.
  • end if
  • end while

13
The Zone transition relation
  • (s, D) ----gt (s, D? ? I(s) )
  • D? V ? V ? D
  • D? is a zone.
  • From D we can compute D?.
  • (s, D) ---gt (s, D) if there is a transition (s,
    g, X, s) in TTS such that
  • D RX(D ? g) ? I(s)
  • RX(D) RX(V) V ? D
  • RX(V) (y) 0 if y ? X, V(y) otherwise.
  • RX(D) is a zone.
  • D is non-empty.
  • D is a zone and can be computed from D.

14
Termination
  • To ensure termination
  • Remove constraints of the form x lt m , x m, x
    y lt m and x y m if m gt Cx.
  • Replace x gt m and x ? m with x gt Cx if m gt Cx.
  • Replace y x gt m and y x ? m with y x gt Cx
    and y x ? Cx when m gt Cx.

15
Zone operations
  • We need to compute D?.
  • Given D1 and D2, we need to compute
  • D1 ? D2.
  • Given D and D we need to be able to check if D
    is a subset of D.
  • We must be able check if D is empty.

16
Zone representation.
  • A zone can be represented as a DBM
  • Difference Bounded Matrix.
  • Invent a new clock variable x0 (which will
    always be 0).
  • All basic constraints will be of the form
  • xi xj lt m or xi xj m where m is an
    integer (positive or negative).

17
Zone Representation
  • x2 lt 3 becomes x2 x0 lt 3.
  • X5 ? 7 becomes x0 x5 -7.
  • X2 x5 gt 8 becomes x5 x2 lt -8.

18
The Matrix Representation.
x_0 x_1 x_2 . . . x_j
x_n
x_0 x_1 x_2 . .x_i . x_n
xi xj 2
(2, 1)
19
The Matrix Representation.
x0 x1 x2 . . . xj
xn
x0 x1 x2 . .xi . xn
xi xj lt 2
(2, 0)
20
The Matrix Representation.
x0 x1 x2 . . .
x3
(0, 3)
x0 x1 x2 . .x3 .
8
(0, -4)
(0, 10)
(0, 2)
(0, 5) (0, 2)
21
The Graph Representation
(k, 1)
(k, 0)
x
y
x
y
y x k
y x lt k
22
The Graph Representation
10
X1
X2
-4
2
3
2
X3
X0
5
23
Closed Representations
  • Two different zones (DBMs) can represent the same
    set of valuations.
  • (y x 3, x 2, y 4) (y x 2, x 2, y 4)
  • A zone is closed if no constraint can be
    strengthened without reducing the set of
    associated valuations.
  • Two closed zones are equivalent iff they are
    identical.
  • So it is good to get closed zones.

24
Closed Zones.
  • Take the graph of the zone.
  • Remove all redundant edges.
  • The edge from x to y with weight k is redundant
    if there is a path from x to y whose weight is
    less than or equal to k.
  • Using a shortest path algorithm, the closed zone
    version can be computed in O(n3) time.

25
Closed Zones
  • If D is closed then D is a subset of D iff for
    every constraint x y m in D there is a
    constraint x y m in D with m m.
  • If D is closed then D is non-empty iff there are
    no negative weight cycles in the graph.
  • The other operations can also be performed on the
    graphs efficiently.

26
Introduction
  • TTP
  • A real-time protocol for distributed systems.
  • high dependability
  • guaranteed timeliness
  • Application domains
  • Automotive electronics
  • Fly-by-wire cockpits
  • Railway signaling systems

27
Acknowledgements
  • The following slides have been assembled from
    many web sources. In particular
  • H.Kopetz and G.Grünsteidl Digest of Papers,
    FTCS-23. (IEEE CS 23rd Intl. Symp. on
    Fault-Tolerant Computing), Aug. 1993, pp.524
    -533 Presented by Shruti Gorappa

28
Features of the TTP
  • Fault-tolerance
  • Small overhead
  • Integrates numerous services
  • Predictable message transmission
  • Message acknowledgement in group communication
  • Clock synchronization
  • Membership
  • Rapid mode change
  • Redundancy management
  • Temporary blackout handling

29
Assumptions
  • Fail-silence
  • Communication channels only have omission
    failures.
  • Nodes either deliver correct results or no
    results
  • Internal failures are detected and node turned
    off

30
System Overview
  • FTU- single or replicated nodes
  • Replicated communication channels
  • The channel is a broadcast bus
  • Access is by TDMA driven by progression of global
    time
  • Local nodes time synchronized by TTP
  • Communication by rapid and periodic message
    exchanges

31
TTP Design Rationale
  • Sparse time base
  • Messages are sent only at statically designated
    intervals
  • Inflexible compared to Event-triggered (ET)
    model, but easier to test
  • Use of apriori knowledge
  • All nodes are aware of when each node is
    scheduled to transmit
  • Sender node information need not be included in
    frame
  • Reduced overhead
  • Broadcast
  • Correctness of transmitted message can be
    concluded as soon as one receiver acknowledges
    message delivery (broadcast medium)

32
Protocol Highlights
  • Bus access
  • A FTU will have one or two time slots depending
    on class of fault-tolerance
  • Time be different for each node depending on
    amount of data that it needs to send
  • Number of slots in a TDMA round given to an FTU
    may also be different
  • Membership Service
  • If a message from a sending node does not occur
    in designated interval, its membership is set to
    0 in other nodes
  • Membership checked before transmission. A node is
    alive if
  • Its internal error detection mechanism has not
    indicated error
  • At least one of its transmitted frames has been
    correctly acknowledged.

33
Protocol Highlights
  • Temporary blackout handling
  • Correlated failure of a number of nodes
  • Identified by sudden drop in membership
  • Nodes send I-messages and perform local emergency
    control
  • After membership has stabilized, mode changed to
    global emergency service

34
Protocol Highlights
  • Temporal encapsulation of nodes
  • Communication bandwidth assigned statically
  • Time base is sparse- every input can be observed
    and reproduced exactly
  • Testability
  • Easy to test the implementation in comparison to
    ET
  • Easy to simulate finite number of execution
    scenarios
  • Uncontrolled interactions between nodes are
    prevented
  • Determinism- can replicate states of nodes

35
Strengths
  • Can provide fault-tolerant real-time performance
  • Practical (MARS platform), efficient, and
    scalable
  • Can be implemented using available hardware,
    signalling mechanisms
  • Low overhead
  • High data rates, used in both twisted fiber and
    optical channels
  • Reusability, composability, and testability

36
Weaknesses
  • The schedule is fixed so there is no bandwidth
    allocated for alarms and other spontaneous
    messages
  • All fault-tolerance mechanism is implemented at
    system level, this means that very little
    freedom is left for application specific
    implementations
  • Addition of nodes affects the existing system
    (although not the application)

37
References
  • Kopetz, H., and Grunsteidl, G., "TTP - A
    time-triggered protocol for fault-tolerant
    real-time systems",  Digest of Papers., FTCS-23.
    (IEEE CS 23rd Int' Symp. on Fault-Tolerant
    Computing), Aug. 1993, pp.524 -533
  • The Real-time Systems Research Group, Institut
    für Technische Informatik, Vienna University of
    Technology http//www.vmars.tuwien.ac.at/projects
    /ttp/ttpmain.html
  • REAL-TIME COMMUNICATION- Evaluation of protocols
    for automotive systems, MICHAEL WAERN,
    http//www.md.kth.se/RTC/MSc-theses/RT-Com-Evaluat
    ion-Waern.pdf
  • CAN bus, http//www.can-cia.org/can/protocol/
  • Time-triggered Technology, http//www.tttech.com/

38
Event-triggered Vs. Time-Triggered
  • Interface to the external physical world
  • Event-triggered.
  • Implementation architecture
  • Time- triggered?
  • Predicatable
  • Composability.
  • How to integrate the two paradigms?
  • Interesting research opportunities!

39
The Automotive Electronics Case
  • Current scene
  • Current systems contain upto 70 ECUs (Electronic
    Control Units).
  • Each ECY is developed and acts independently
    very little integration.
  • Communication
  • Event-triggered
  • Slow 500 Kbits/sec

40
The Automotive Electronics Case
  • Next Generation
  • Integrated architecture.
  • Distributed, safety-critical, real time.
  • Why?
  • Costs
  • reduce the number of ECUs.
  • Reliability
  • Safety
  • Multiple use of sensors.

41
Conclusion
  • Time-Triggered architectures and protocols are
    likely to become important.
  • Also related to synchronous programming
    languages
  • Lustre, Signal, Esterel
  • There are also other timed models
  • Timed Petri nets,
Write a Comment
User Comments (0)
About PowerShow.com