Predictable Assembly with SaveCCT

<<AutoComp>>

Power Supervison

Desired Output level

Source

Diesel Valve

Sink

Diesel Valve

<<AutoComp>>Valve Regulator

SinkT = 40 ms

Air Valve

Air Valve

Predictable Assembly with SaveCCT

Mikael ÅkerholmMRTC, Mälardalen University, http://www.mrtc.mdh.seCC Systems AB, http://www.cc-systems.com [email protected]

Mikael Åkerholm, SaveCCT lecture CBSE Course 2007

2OutlineBackground and motivationCentral Concepts of Component TechnologiesSaveCCT - A Component Technology for Vehicular Systems

Target DomainTechnology OverviewComponent ModelTools

Example application – Adaptive Crusie Controller (ACC)


3Background: Save/Save++ (and progress)

Save (2003-2006)Enabling systematic development of component-based software for safety critical embedded systems. Component technologies -> SaveCCTMDH, UU, KTH, LiTH, (ABB, Bombardier, CC Systems, CR&T, Saab, Scania, Volvo Car and Volvo TD)

Save++ (2006-2007) integrates as a part of the progress project (2006-2010) at MDH

Improved theories, methods, technologies, and tools, based on Save and Save++, -> ( SaveCCT++ )


4MotivationMore FunctionalityImprove existing FunctionalityLower price

More ElectronicsWith Software Software Crisis (1968):

•Error-Prone•Late•Expensive

•Promising, successful in the PC domain•Component Technologies, target PC Applications•Vehicular Software Different from PC Software

Need Better Software Engineering Approaches!Need Better Software Engineering Approaches!

Component-Based Software Engineering

Component TechnologyComponent TechnologyFor Vehicular Applications!For Vehicular Applications!


5Central Concepts

Component Component Framework

PlatformPlatform

Components

Components

RepositoryRepository

Supporting ToolSupporting Tool


6SaveCCT – For Vehicular Systems

Characteristcs:Many suppliersDistributed applicationsSafety Reliability Resource efficiency (Hard) Real-Time requirements


7SaveCCT Design Goals

Efficient Development:Enable utilization of CBSE advantages, provide the necessary possibilities for the target domain

Predictable Behavior:Need to be able to apply analysis of important run-time attributes during design-time, e.g., Timing, Safety, Reliability, Memory needs, Processor demands

Run-Time Efficiency:Ideally enable CBSE without run-time cost, compared to C programming with RTOS


8Process OverviewSystem System

RequirementsRequirements

ComponentComponentRequirementsRequirements

Select and AdaptSelect and Adapt

ComponentComponentVerificationVerification

SystemSystemVerificationVerification

Need forNeed forcomponent component

Develop or BuyDevelop or Buy

Verify Verify ComponentComponent


SystemSystemCompositionComposition

System System DecompositionDecomposition

Interface betweenComponent developersAnd system developers


9SaveCCT Technology Overview



10The SaveCCM component modelRestictive in comparision to PC/Internet component models

COM, .Net, EJB Enable analysis during design-time, and determinstic reproducable behaviour during run-time (test-time)

Textual xml, and graphical UML influenced syntax


11

SaveCCM Syntax:Basic ComponentPorts

Trigger, data, combinedBehaviour

Read Execute Write

<<SaveComp>>

CalculateOutput

State

IntergrationEnabled

Setpoint

Value

Control

New State

fixed_t error = Setpoint – Value;fixed_t u = fixed_mul(K, e);

if (IntegrationEnabled) u += fixed_div(NewState, T_i);

Control = LIMIT(u, 0, MAX_CONTROL);State = error;


12

SaveCCM Syntax:Basic ComponentPorts

Trigger, data, combinedBehaviour

Read Execute Write

<<SaveComp>>

CalculateOutput

State

IntergrationEnabled

Setpoint

Value

Control

New State

fixed_t error = Setpoint – Value;fixed_t u = fixed_mul(K, e);

if (IntegrationEnabled) u += fixed_div(NewState, T_i);

Control = LIMIT(u, 0, MAX_CONTROL);State = error;


13

SaveCCM Syntax:SwitchPorts

Setports determine active configurationConnection patterns

For static or dynamic reconfiguration

<<Switch>>

Mode

IntergrationEnabled

FeebackOut 1

FeedbackIn

FeebackOut 2

To PortFeedback Out 1Feedback Out 2

From PortFeedback InFeedback In

ExpressionIntegration Enabled Integration Enabled


14

SaveCCM Syntax:Assembly

PortsInternal components and connectionsEncapsulation of a “sub-system”

PI Controller<<Assembly>>

<<Switch>>

Mode

<<SaveComp>>

CalculateOutput

<<SaveComp>>

UpdateState

State

IntergrationEnabled

Setpoint

Value

FeebackOut

Feedback In

Control


15

SaveCCM Syntax:Composite ComponentPortsInternal components and connections

Restricted behaviour, read-execute-write

MultiplyAndAdd<<Composite>>

<<SaveComp>>

Multiply <<SaveComp>>Add

A

B

C

Q


16SaveCCM Formal Foundation Timed Automata with TasksSaveCCM Core

Building blocks for SaveCCM semantics:

Basic ComponentComposite ComponentConditional Connection

Port: point of interactionWhere connection meet componentTransfer data or triggeringSingle data item, overwrite semantics

On request, John may give a lecture ;o)

Finite automata with

Dense time clocks,manipulated on edges

Tasks, released whena location is reached

Dense time is possible by using a symbolic representation

x 5 y := 0T1

u!x 10


17SaveCCT Glue Code GeneratorMotivation

2 GHz256 MB RAM

<1 GB OSGraphics, User Accountsrun-time configuration

Component FrameworkRun-time Binding

DB Transactions, Web

Thypical target platform For component technologies

20 MHz256 kB RAM

>1 MB OSSyncronisation, IPC, Timing

static configuration


18SaveCCT Glue Code Generator

-

Task Allocation

Analysis

TargetCompiler

RTOS RTOS

Fully Automated Fully Automated Compile-Time StepCompile-Time Step

SaveCCMComponent Model

Intermediate Task Models

RTOSExecution Models

CrossFire, RTXCPC/Win32, CCSimTech


19

SaveCCT Tools (under continous improvement) Save IDE (under continous improvement)

Component compositionSeveral existing prototypes for graphical composition from masters thesis projects, currently under major revision

Automated connectivity to analysis tools through translations of SaveCCM XML to

timed automata with tasks ->Times (Timing and much more)Finite State Processes -> LTSA (Control loop liveness)

TestAutomated test tools, e,g., test-complete and LabView, from CCSimTech

RepositoryUnder construction, will provide means for easy selection and specialisation of components through distingushing component versions, from component variants

…


20Example Application – SaveCCT in an industrial Environment

Case Study at CC SystemsIntegrated our technology in a real industrial environment, i.e., selected development tools and hardware from the company’s repertoire

CrossFire ECU, CCSimTech simulation technique, target compiler

Implemented a “fictive” vehicular control application with the technology, and used as basis for evaluation


21

Road Signs Enabled

Current Speed

Road Sign SpeedACC Max Speed

Distance

ACC Enabled

Brake Pedal Used

<<Assembly>>50 Hz

10 Hz

Brake Signal

Throttle

Brake Assist

<<SaveComp>>

Logger HMI Outputs

<<SaveComp>>

Object Recognition

<<SaveComp>>

Mode Switch

<<Switch>>

ACCController

<<Assembly>>

Brake Assist

ACC

Max Speed

ACC ApplicationSpeed Limit

<<SaveComp>>


22

<<Assembly>>ACC Controllers

<<Assembly>>Distance

Controller

<<Assembly>>Speed

Controller

Distance

Control

RelativeSpeed

MaxSpeed

<<Assembly>>Distance

Controller

<<SaveComp>>Calc Output

<<SaveComp>>Update State

<<Assembly>>Speed

Controller

<<SaveComp>>Calc Output

<<SaveComp>>Update State

DistanceRelativeSpeed

MaxSpeed

CurrentSpeed

CurrentSpeed

Control

<<Assembly>>ACC Controllers

<<AssemblyDistance

Controller

<<Assembly>>Speed

Controller

View, hiding low level information of data flow direction and triggering.

1 23

45


23Automated Analysis of The ACCStatic WCET analysis through integration of the aiT Worst-Case Execution Time Analyser

WCET ~ 3% over-estimationContext dependent WCET analysis preferable, but not yet achieved

Timing and more through the underlying Timed Automata model

The Times tool checks e.g., Schedulability and Response times for end-2-end transactions

LivenessFinite State Processes (FSP), derived from SaveCCTLabeled Transition System Analyser (LTSA), is used to verify liveness

x 5 y := 0T1

u!x 10


24Questions

Documents

Predictable Assembly with SaveCCT