Thomas Huining Feng

Execution Strategies for PTIDES, a Programming Model for Distributed Embedded Systems

We define a family of execution policies for a programming model called PTIDES (Programming Temporally Integrated Distributed Embedded Systems). A PTIDES application (factory automation, for example) is given as a discrete-event (DE) model of a distributed real-time system that includes sensors and actuators. The time stamps of DE events are bound to physical time at the sensors and actuators, turning the DE model into an executable specification of the system with explicit real-time constraints. This paper first defines a general execution strategy that conforms to the DE semantics, and then specializes this strategy to give practical, implementable and distributed policies. Our policies leverage network time synchronization to eliminate the need for null messages, allow independent events to be processed out of time stamp order, thus increasing concurrency and making more models feasible (w.r.t. real-time constraints), and improve fault isolation in distributed systems. The policies are given in terms of a safe to process predicate on events that depends on the time stamp of the events and the local notion of physical time. In a simple case we show how to statically check whether program execution satisfies timing constraints.

Verifying Ptolemy II Discrete-Event Models Using Real-Time Maude

This paper shows how Ptolemy II discrete-event (DE) models can be formally analyzed using Real-Time Maude. We formalize in Real-Time Maude the semantics of a subset of hierarchical Ptolemy II DE models, and explain how the code generation infrastructure of Ptolemy II has been used to automatically synthesize a Real-Time Maude verification model from a Ptolemy II design model. This enables a model-engineering process that combines the convenience of Ptolemy II DE modeling and simulation with formal verification in Real-Time Maude.

Verifying hierarchical Ptolemy II discrete-event models using Real-Time Maude

This paper defines a real-time rewriting logic semantics for a significant subset of Ptolemy II discrete-event models. This is a challenging task, since such models combine a synchronous fixed-point semantics with hierarchical structure, explicit time, and a rich expression language. The code generation features of Ptolemy II have been leveraged to automatically synthesize a Real-Time Maude verification model from a Ptolemy II design model, and to integrate Real-Time Maude verification of the synthesized model into Ptolemy II. This enables a model-engineering process that combines the convenience of Ptolemy II DE modeling and simulation with formal verification in Real-Time Maude. We illustrate such formal verification of Ptolemy II models with three case studies.

Real-Time Distributed Discrete-Event Execution with Fault Tolerance

We build on PTIDES, a programming model for distributed embedded systems that uses discrete-event (DE) models as program specifications. PTIDES improves on distributed DE execution by allowing more concurrent event processing without backtracking. This paper discusses the general execution strategy for PTIDES, and provides two feasible implementations. This execution strategy is then extended with tolerance for hardware errors. We take a program transformation approach to automatically enhance DE models with incremental checkpointing and state recovery functionality. Our fault tolerance mechanism is lightweight and has low overhead. It requires very little human intervention. We incorporate this mechanism into PTIDES for efficient execution of fault- tolerant real-time distributed DE systems.

Incremental checkpointing with application to distributed discrete event simulation

Checkpointing is widely used in robust fault-tolerant applications. We present an efficient incremental checkpointing mechanism. It requires to record only the state changes and not the complete state. After the creation of a checkpoint, state changes are logged incrementally as records in memory, with which an application can spontaneously roll back later. This incrementalism allows us to implement checkpointing with high performance. Only small constant time is required for checkpoint creation and state recording. Rollback requires linear time in the number of recorded state changes, which is bounded by the number of state variables times the number of checkpoints. We implement a Java source transformer that automatically converts an existing application into a behavior-preserving one with checkpointing functionality. This transformation is application-independent and application-transparent. A wide range of applications can benefit from this technique. Currently, it has been used for distributed discrete event simulation using the time warp technique

Automatic Model Generation for Black Box Real-Time Systems

Embedded systems are often assembled from black box components. System-level analyses, including verification and timing analysis, typically assume the system description, such as RTL or source code, as an input. There is therefore a need to automatically generate formal models of black box components to facilitate analysis. We propose a new method to generate models of real-time embedded systems based on machine learning from execution traces, under a given hypothesis about the systems model of computation. Our technique is based on a novel formulation of the model generation problem as learning a dependency graph that indicates partial ordering between tasks. Tests based on an industry case study demonstrate that the learning algorithm can scale up and that the deduced system model accurately reflects dependencies between tasks in the original design. These dependencies help us formally prove properties of the system and also extract data dependencies that are not explicitly stated in the specifications of black box components

Ptera: an event-oriented model of computation for heterogeneous systems

Many modeling techniques for embedded systems focus on events that occur in time and the causality relationships between them. Event-oriented modeling complements class-oriented, object-oriented, actor-oriented and state-oriented approaches. To facilitate event-oriented modeling, we have extended an older established model called event graphs to define new model of computation that we call Ptera (Ptolemy event relationship actors). Ptera is appropriate for modeling complex discrete-event systems. A key capability is that Ptera models conform with an actor abstract semantics that permits hierarchical composition with other models of computation such as discrete-event actors, dataflow, process networks and finite state machines. This enables their use in complex system design, where not every aspect of the system is best described with event-oriented modeling.