1 / 60

CPE555A: Real-Time Embedded Systems

CPE555A: Real-Time Embedded Systems. Lecture 11 Ali Zaringhalam Stevens Institute of Technology. 1. 1. Outline. Non-deterministic FSM Transition types Default Reset Termination History Hierarchical FSM FSM Composition. CS555A – Real-Time Embedded Systems

carl
Télécharger la présentation

CPE555A: Real-Time Embedded Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CPE555A:Real-Time Embedded Systems Lecture 11 Ali Zaringhalam Stevens Institute of Technology 1 1

  2. Outline • Non-deterministic FSM • Transition types • Default • Reset • Termination • History • Hierarchical FSM • FSM Composition CS555A – Real-Time Embedded Systems Stevens Institute of Technology CS555A – Real-Time Embedded Systems Stevens Institute of Technology 2

  3. FSM Structure - 1 • FSM consists of a set of states and transitions • One initial state • Any number of final states (0-N) • Guard expressions gating transitions • Any number of output actions • Any number of set actions for extended variables CS555A – Real-Time Embedded Systems Stevens Institute of Technology

  4. FSM Structure - 2 • Firing phase operations • Read inputs • Evaluate guards on outgoing transitions of the current state • Choose a transition whose guard evaluates to true • Execute the output actions on the chosen transition, if any CS555A – Real-Time Embedded Systems Stevens Institute of Technology

  5. FSM Structure - 3 • Post-fire operations • Execute the set actions of the chosen transition, which sets values of extended variables • Change the current state to the destination of the chosen transition CS555A – Real-Time Embedded Systems Stevens Institute of Technology

  6. Deterministic FSM • A state machine is said to be deterministic if, for each state, there is at most one transition enabled by each input value. • The update function is a 1-1 mapping CS555A – Real-Time Embedded Systems Stevens Institute of Technology

  7. Non-Deterministic FSM • If for each state, more than one transition is enabled by an input value, the FSM is non-deterministic • The update function is 1-many mapping In the heating state both red transitions fire on any input. • The update function of a non-deterministic FSM has a 1-many mapping between (state, inputs) -> (state, output) • It is useful to think of it as a multi-valued function CS555A – Real-Time Embedded Systems Stevens Institute of Technology

  8. Example: Non-Deterministic FSM CS555A – Real-Time Embedded Systems Stevens Institute of Technology

  9. Non-Deterministic FSM Model • In a nondeterministic FSM, if more than one transition is enabled and they are all marked • nondeterministic, then one is chosen in the fire phase based on some environment criteria. In this model the SDF director picks a transition at random. • The selection criteria is not a part of the FSM specification which only models that both transitions are possible. CS555A – Real-Time Embedded Systems Stevens Institute of Technology

  10. Example CS555A – Real-Time Embedded Systems Stevens Institute of Technology

  11. Traffic Light Extended FSM What happens 60 seconds go by and there is no pedestrian? • Model is time-triggered • Assumes one reaction per second. • Default transition • Guard: true • Action: none Initial state. Re-init count=0. CS555A – Real-Time Embedded Systems Stevens Institute of Technology

  12. Stuttering & Receptiveness • A stuttering reaction is one where the inputs and outputs are all absent and the machine does not change state. No progress is made and nothing changes • In the “green” state, the FSM stutters after 60 seconds and no pedestrian arrival • Receptiveness: In a receptive FSM, for each state, there is at least one transition possible on each input symbol • Even in the stuttering “green” state, the FSM transitions when a pedestrian arrives • So the FSM is receptive CS555A – Real-Time Embedded Systems Stevens Institute of Technology

  13. Modeling the Environment With Non-Deterministic FSM • In the “none” state there is no pedestrian present. • At every clock tick, the model simulates the presence/absence of a pedestrian in a non-deterministic fashion. • This non-deterministic state machine can be used to model the environment for the pedestrian input • Initial state is “crossing” • The initial state of the traffic light controller is “red” • In the “none” state the guard on both transitions are enabled • The model doesn’t say which is taken. It just says that both transitions are possible • You can add your own recipe for deciding which transition is taken • Typically one is picked at random based on some probability distribution CS555A – Real-Time Embedded Systems Stevens Institute of Technology

  14. Non-Deterministic FSM as a Specification Tool • Requirement on the behavior of the traffic light controller. • Red -> Green => Yellow => Red => Green =>…….. • Modeling unknown aspects of the environment • Example: pedestrian crossing event • Hiding details in the specification of a system • Example specification • Transition Red -> Green -> Yellow -> Red in this order • The model doesn’t say anything about timing • Note that transitions other than in Green -> Yellow -> Red -> Green order are not allowed • The actual traffic controller FSM we just saw meets this specification CS555A – Real-Time Embedded Systems Stevens Institute of Technology

  15. Behaviors & Traces • FSM behavior consists of a sequence of steps • A trace is the record of inputs, outputs and states in a behavior • A computation tree is a graphical representation of all possible traces • FSMs are suitable for formal analysis of system behavior, such as reachability of unsafe states • Is there a transition from yellow -> green? • This can be verified with a verification tool against the specification. CS555A – Real-Time Embedded Systems Stevens Institute of Technology

  16. CS555A – Real-Time Embedded Systems Stevens Institute of Technology

  17. Counter Example 6.4 CS555A – Real-Time Embedded Systems Stevens Institute of Technology

  18. Counter Example 6.4 • SDF: Synchronous Data Flow • SDF manages flow of data • After final state is reached, the postfire action returns “false” and the director terminates execution of ALL actors (not just the one that moved to the final state) • Model is similar to a “for” loop with a finite number of iterations. In each iteration, each actor in the flow sequence is invoked with data-in and data-out • When there is no data (i.e., input is absent), FSM will not react CS555A – Real-Time Embedded Systems Stevens Institute of Technology

  19. Example 6.5 • Notice that unlike in the SDF case, there is no input into the FSMActor. • The FSM fires each time there is a clock input from the SR director • Both FSMActor & Display actors are fired in each cycle • The NonStrictDisplay displays “absent” when there is no input • A normal display will display nothing • SR: Synchronous Reactive • Manages periodic events which may or may not be accompanied by data • So FSM can react to absence of data as well • After final state is reached , the postfire action returns “false” and the director terminates execution of this actor but continues to execute other actors • Model is similar to a polling thread. Periodically, the input is polled and an action is taken depending on presence/absence of input • When there is no data (i.e., input is absent), FSM can react as well CS555A – Real-Time Embedded Systems Stevens Institute of Technology

  20. Example 6.7 CS555A – Real-Time Embedded Systems Stevens Institute of Technology

  21. Example 6.7 CS555A – Real-Time Embedded Systems Stevens Institute of Technology

  22. Simplification With Default Transitions • Must separately test for • Presence/absence of reset signal • Value of the reset signal (0/1) CS555A – Real-Time Embedded Systems Stevens Institute of Technology

  23. Immediate Transition • If a state A has an immediate transition to another state B, then that transition will be taken in the same firing as a transition into state A if the guard on the immediate transition is true. The transition into and out of A will occur in the same firing • A is called a transient state. Immediate transition. Transient state CS555A – Real-Time Embedded Systems Stevens Institute of Technology

  24. Example 6.9 Reset Final Reset Final No absent outout into display until termination Immediate transition. CS555A – Real-Time Embedded Systems Stevens Institute of Technology

  25. Simplifying FSM Description We can use default, immediate and non-deterministic behavior to simplify FSM modeling CS555A – Real-Time Embedded Systems Stevens Institute of Technology

  26. Two Solutions • Brute-force deterministic solution • Simplified non-deterministic solution with default and immediate transitions CS555A – Real-Time Embedded Systems Stevens Institute of Technology

  27. Brute Force Solution CS555A – Real-Time Embedded Systems Stevens Institute of Technology

  28. A Better Solution CS555A – Real-Time Embedded Systems Stevens Institute of Technology

  29. The refinement of a state is another nested FSM. • The outer FSM is in state B if the refinement of B is in either C or D. CS555A – Real-Time Embedded Systems Stevens Institute of Technology

  30. FSM Flattening & Depth-First Semantics • Note that when g4 = true AND g1 = true, C does NOT transition to D but both outputs a4 and a1 are generated. • C->D followed by D->A are logically simultaneous. • g2=true causes A-> B = { C | D} • Two ways to exit C • g1=true causes C->A • g4=true causes C->D • What happens if both g1=true and g4=true? • Different semantics are possible and used • Depth-first semantic: deepest refinement reacts first, followed by the container FSM • Consider what happens when g1=true AND g4=true Initial state. Initial state of refinement. CS555A – Real-Time Embedded Systems Stevens Institute of Technology

  31. Order of Operations & Conflicts • The innermost output a4 happens before a1 • If they conflict the outer output dominates CS555A – Real-Time Embedded Systems Stevens Institute of Technology

  32. With preemptive transitions, the ambiguity of conflicting outputs goes away. Red originating circle in the arrow indicates preemptive transition. CS555A – Real-Time Embedded Systems Stevens Institute of Technology

  33. Full arrowhead indicates History transition CS555A – Real-Time Embedded Systems Stevens Institute of Technology

  34. You must track all four possible states: (A,C), (A,D), (B,C) and (B,D). CS555A – Real-Time Embedded Systems Stevens Institute of Technology

  35. Empty arrowhead indicates Reset transition CS555A – Real-Time Embedded Systems Stevens Institute of Technology

  36. FSM Flattening & Depth-First Semantics With a reset transition, you do not have to track all four possible states: (A,C), (A,D), (B,C) and (B,D). Transition from A -> B will always start in C. Empty arrowhead indicates Reset transition • g2=true causes A-> B = { C | D} • Two ways to exit C • g1=true causes C->A • g4=true causes C->D • What happens if both g1=true and g4=true? • Different semantics are possible and used • Depth-first semantic: deepest refinement reacts first, followed by the container FSM • Consider what happens when g1=true AND g4=true CS555A – Real-Time Embedded Systems Stevens Institute of Technology

  37. Ptolemy & Text Symbols Full arrowhead indicates History transition Empty arrowhead indicates Reset transition • In Ptolemy • Full arrowhead stands for reset transition • History transition is indicated by a H at the arrowhead CS555A – Real-Time Embedded Systems Stevens Institute of Technology

  38. Example 6.11 CS555A – Real-Time Embedded Systems Stevens Institute of Technology

  39. Hierarchical Model The self transition from faulty back to itself is a history transition because its purpose is to only count iterations, not to interfere with the execution of the refinement which is to output heating/cooling rate. CS555A – Real-Time Embedded Systems Stevens Institute of Technology

  40. Termination Transition • A termination transition is a transition that is enabled only when the refinements of the current state reach a final state. • Note that a state can have more than one refinement CS555A – Real-Time Embedded Systems Stevens Institute of Technology

  41. Example 6.12 • Transition is: • Preemptive transition • Reset transition • Termination transition is taken when: • Refinement A transitions to doneA • Refinement B transitions to doneB Two refinements for the same actor. CS555A – Real-Time Embedded Systems Stevens Institute of Technology

  42. Type checking: the outputs of A must be in the set of acceptable inputs to B. CS555A – Real-Time Embedded Systems Stevens Institute of Technology

  43. If the composition is asynchronous, then the output of A must be buffered before B can use it. • If the composition is synchronous, then both A and B react. But the reaction of A precedes the reaction of A. So the output of A is available as input into B. (Programming analogy is a program which calls A. A in turn calls B on the stack and passes its output parameters as input.) CS555A – Real-Time Embedded Systems Stevens Institute of Technology

  44. When a is present A outputs b & self-transitions B outputs c and self-transition FSM remains in state (s1, s3) When a is absent, b is also absent (s1, s3) transition to (s2, s4) Both A and B react together If they didn’t, one could go thru (s2, s3) on the way from (s1, s3) to (s2, s4) Example: Synchronous Cascade (s1, s4) and (s2, s3) are unreachable from the init state. CS555A – Real-Time Embedded Systems Stevens Institute of Technology

  45. Example CS555A – Real-Time Embedded Systems Stevens Institute of Technology

  46. Traffic Light Extended FSM What happens 60 seconds go by and there is no pedestrian? • Model is time-triggered • Assumes one reaction per second. • Default transition • Guard: true • Action: none Initial state. Re-init count=0. CS555A – Real-Time Embedded Systems Stevens Institute of Technology

  47. Composition of Traffic Light With Pedestrian Light The pedR & pedG signals control the pedestrian light signal. sigR from the traffic ligh FSM CS555A – Real-Time Embedded Systems Stevens Institute of Technology

  48. Composition of two FSMs sigR from traffic light FSM feeds the pedestrian FSM CS555A – Real-Time Embedded Systems Stevens Institute of Technology

  49. State Enumeration • State = (Traffic light state, pedestrian light state) • (red, red) • (red, green) • (yellow, red) • (yellow, green) • (green, red) • (green , green) • (pending, red) • (pending, green) • 61 distinct values for count variable • 56 distinct values for pcount variable • 8x61x56 distinct states • How may are reachable? State combinations in red font are not safe and must be made unreachable by design What guarantees that this state is not reached? CS555A – Real-Time Embedded Systems Stevens Institute of Technology

  50. FSM Flattening CS555A – Real-Time Embedded Systems Stevens Institute of Technology

More Related