Is Truly Real-Time Computing Becoming Unachievable? Edward A. Lee Robert S. Pepper Distinguished Professor and Chair of EECS, UC Berkeley Keynote Talk.

Slides:



Advertisements
Similar presentations
Leveraging Synchronized Clocks in Distributed Applications Edward A. Lee Robert S. Pepper Distinguished Professor UC Berkeley Swarm Lab Retreat January.
Advertisements

Introduction CSCI 444/544 Operating Systems Fall 2008.
February 21, 2008 Center for Hybrid and Embedded Software Systems Cyber-Physical Systems (CPS): Orchestrating networked.
Overview of PTIDES Project
PTIDES: Programming Temporally Integrated Distributed Embedded Systems Yang Zhao, EECS, UC Berkeley Edward A. Lee, EECS, UC Berkeley Jie Liu, Microsoft.
Static Analysis of Embedded C Code John Regehr University of Utah Joint work with Nathan Cooprider.
Chess Review May 8, 2003 Berkeley, CA Classes and Inheritance in Actor- Oriented Models Stephen Neuendorffer Edward Lee UC Berkeley.
Advanced Tool Architectures Supporting Interface-Based Design
Integrated Design and Analysis Tools for Software-Based Control Systems Shankar Sastry (PI) Tom Henzinger Edward Lee University of California, Berkeley.
NSF Foundations of Hybrid and Embedded Software Systems UC Berkeley: Chess Vanderbilt University: ISIS University of Memphis: MSI A New System Science.
7th Biennial Ptolemy Miniconference Berkeley, CA February 13, 2007 Leveraging Synchronous Language Principles for Hybrid System Models Haiyang Zheng and.
Department of Electrical Engineering and Computer Sciences University of California at Berkeley Behavioral Types for Actor-Oriented Design Edward A. Lee.
Behavioral Types as Interface Definitions for Concurrent Components Center for Hybrid and Embedded Software Systems Edward A. Lee Professor UC Berkeley.
Building Unreliable Systems out of Reliable Components: The Real Time Story Edward A. Lee Professor, Chair of EE, and Associate Chair of EECS CHESS: Center.
Understandable and Scalable Concurrency Christopher Brooks Programmer/Analyst, University of California, Berkeley Edward A. Lee Robert S. Pepper Distinguished.
February 11, 2010 Center for Hybrid and Embedded Software Systems Ptolemy II - Heterogeneous Concurrent Modeling and Design.
Causality Interface  Declares the dependency that output events have on input events.  D is an ordered set associated with the min ( ) and plus ( ) operators.
Chess Review October 4, 2006 Alexandria, VA Edited and presented by Advanced Tool Architectures Edward A. Lee UC Berkeley.
8th Biennial Ptolemy Miniconference Berkeley, CA April 16, 2009 Precision Timed (PRET) Architecture Hiren D. Patel, Ben Lickly, Isaac Liu and Edward A.
Are “Embedded Systems" Just Systems Made with Small Computers? Chess: Center for Hybrid and Embedded Software Systems Invited Talk Artist International.
Review of “Embedded Software” by E.A. Lee Katherine Barrow Vladimir Jakobac.
The Case for Precision Timed (PRET) Machines Edward A. Lee Professor, Chair of EECS UC Berkeley With thanks to Stephen Edwards, Columbia University. National.
Building Unreliable Systems out of Reliable Components: The Real Time Story Edward A. Lee Professor, Chair of EE, and Associate Chair of EECS CHESS: Center.
Chapter 13 Embedded Systems
Mixing Models of Computation Jie Liu Palo Alto Research Center (PARC) 3333 Coyote Hill Rd., Palo Alto, CA joint work with Prof. Edward.
Design of Fault Tolerant Data Flow in Ptolemy II Mark McKelvin EE290 N, Fall 2004 Final Project.
7th Biennial Ptolemy Miniconference Berkeley, CA February 13, 2007 Cyber-Physical Systems: A Vision of the Future Edward A. Lee Robert S. Pepper Distinguished.
February 21, 2008 Center for Hybrid and Embedded Software Systems Mapping A Timed Functional Specification to a Precision.
NSF Foundations of Hybrid and Embedded Software Systems UC Berkeley: Chess Vanderbilt University: ISIS University of Memphis: MSI A New System Science.
SEC PI Meeting Annapolis, May 8-9, 2001 Component-Based Design of Embedded Control Systems Edward A. Lee & Jie Liu UC Berkeley with thanks to the entire.
Department of Electrical Engineering and Computer Sciences University of California at Berkeley Concurrent Component Patterns, Models of Computation, and.
MoBIES Working group meeting, September 2001, Dearborn Ptolemy II The automotive challenge problems version 4.1 Johan Eker Edward Lee with thanks.
7th Biennial Ptolemy Miniconference Berkeley, CA February 13, 2007 PTIDES: A Programming Model for Time- Synchronized Distributed Real-time Systems Yang.
Designing Predictable and Robust Systems Tom Henzinger UC Berkeley and EPFL.
Embedded Software: Leveraging Concurrent Models of Computation Edward A. Lee Professor, UC Berkeley Center for Hybrid and Embedded Software Systems (CHESS)
Embedded Software Challenges for the Next 10 Years Chess: Center for Hybrid and Embedded Software Systems Infineon Embedded Software Days Munich, Sept.
Basic Concepts The Unified Modeling Language (UML) SYSC System Analysis and Design.
Advances in Language Design
Real-Time Software Design Yonsei University 2 nd Semester, 2014 Sanghyun Park.
Architectural Design portions ©Ian Sommerville 1995 Establishing the overall structure of a software system.
Tufts University School Of Engineering Tufts Wireless Laboratory TWL Direction Almir Davis 09/28/20091.
Computing and SE II Chapter 9: Design Methods and Design Models Er-Yu Ding Software Institute, NJU.
The 14 th IEEE Real-Time and Embedded Technology and Applications Symposium, April 2008 Real-Time Distributed Discrete-Event Execution with Fault Tolerance.
Design Languages in 2010 Chess: Center for Hybrid and Embedded Software Systems Edward A. Lee Professor UC Berkeley Panel Position Statement Forum on Design.
CS 127 Introduction to Computer Science. What is a computer?  “A machine that stores and manipulates information under the control of a changeable program”
Actor Networks Edward A. Lee Robert S. Pepper Distinguished Professor Chair of EECS UC Berkeley Invited Talk Workshop Foundations and Applications of Component-based.
Parallelism without Concurrency Charles E. Leiserson MIT.
Real-Time Systems, Events, Triggers. Real-Time Systems A system that has operational deadlines from event to system response A system whose correctness.
What’s Ahead for Embedded Software? (Wed) Gilsoo Kim
Making Concurrency Mainstream Edward A. Lee Professor, Chair of EECS UC Berkeley Joint Invited Talk CONCUR: Concurrency Theory & FMICS: Formal Methods.
CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur
February 12, 2009 Center for Hybrid and Embedded Software Systems Timing-aware Exceptions for a Precision Timed (PRET)
Ptolemy Project Vision Edward A. Lee Robert S. Pepper Distinguished Professor Eighth Biennial Ptolemy Miniconference April 16, 2009 Berkeley, CA, USA.
Slide 1 Chapter 8 Architectural Design. Slide 2 Topics covered l System structuring l Control models l Modular decomposition l Domain-specific architectures.
February 11, 2016 Center for Hybrid and Embedded Software Systems Organization Faculty Edward A. Lee, EECS Alberto Sangiovanni-Vincentelli,
February 14, 2013 Center for Hybrid and Embedded Software Systems Organization Faculty Edward A. Lee, EECS Alberto Sangiovanni-Vincentelli,
Ptolemy II - Heterogeneous Concurrent Modeling and Design in Java
Ptolemy II - Heterogeneous Concurrent Modeling and Design in Java
A Precision Timed Architecture for Predictable and Repeatable Timing
Hiren D. Patel Isaac Liu Ben Lickly Edward A. Lee
Shanna-Shaye Forbes Ben Lickly Man-Kit Leung
Is Truly Real-Time Computing Becoming Unachievable?
Timing-aware Exceptions for a Precision Timed (PRET) Target
Ptolemy II - Heterogeneous Concurrent Modeling and Design in Java
An overview of the CHESS Center
Spring CS 599. Instructor: Jyo Deshmukh
Embedded Systems: A Focus on Time
Ptolemy II - Heterogeneous Concurrent Modeling and Design in Java
An overview of the CHESS Center
Presented By: Darlene Banta
Presentation transcript:

Is Truly Real-Time Computing Becoming Unachievable? Edward A. Lee Robert S. Pepper Distinguished Professor and Chair of EECS, UC Berkeley Keynote Talk Real-Time and Embedded Technology and Applications Symposium (RTAS) Bellevue, WA April 3 - April 6, 2007

Lee, Berkeley 2 The Vision: Reliable and Evolvable Networked Time-Sensitive Systems, Integrated with Physical Processes Orchestrated networked resources built with sound design principles on suitable abstractions.

Lee, Berkeley 3 The Vision: Reliable and Evolvable Networked Time-Sensitive Systems, Integrated with Physical Processes Orchestrated networked resources built with sound design principles on suitable abstractions.

Lee, Berkeley 4 A Fact About Programs Correct execution of a program in C, C#, Java, Haskell, etc. has nothing to do with how long it takes to do anything. All our computation and networking abstractions are built on this premise. Timing of programs is not repeatable, except at very coarse granularity. Programmers have to step outside the programming abstractions to specify timing behavior.

Lee, Berkeley 5 Techniques that Exploit this Fact Programming languages Virtual memory Caches Dynamic dispatch Speculative execution Power management (voltage scaling) Memory management (garbage collection) Just-in-time (JIT) compilation Multitasking (threads and processes) Component technologies (OO design) Networking (TCP) …

Lee, Berkeley 6 A Story In “fly by wire” aircraft, certification of the software is extremely expensive. Regrettably, it is not the software that is certified but the entire system. If a manufacturer expects to produce a plane for 50 years, it needs a 50-year stockpile of fly-by-wire components that are all made from the same mask set on the same production line. Even a slight change or “improvement” might affect timing and require the software to be re- certified.

Lee, Berkeley 7 Abstraction Layers The purpose for an abstraction is to hide details of the implementation below and provide a platform for design from above.

Lee, Berkeley 8 Abstraction Layers Every abstraction layer has failed for real-time programs. The design is the implementation.

Lee, Berkeley 9 Abstraction Layers How about “raising the level of abstraction” to solve these problems?

Lee, Berkeley 10 But these higher abstractions rely on an increasingly problematic fiction: WCET A war story: Ferdinand et al. determine the WCET of astonishingly simple avionics code from Airbus running on a Motorola ColdFire 5307, a pipelined CPU with a unified code and data cache. Despite the software consisting of a fixed set of non-interacting tasks containing only simple control structures, their solution required detailed modeling of the seven-stage pipeline and its precise interaction with the cache, generating a large integer linear programming problem. The technique successfully computes WCET, but only with many caveats that are increasingly rare in software. Fundamentally, the ISA of the processor has failed to provide an adequate abstraction. C. Ferdinand et al., “Reliable and precise WCET determination for a real-life processor.” EMSOFT 2001.

Lee, Berkeley 11 The Key Problem Electronics technology delivers highly and precise timing… … and the overlaying software abstractions discard it.

Lee, Berkeley 12 Real-Time and Concurrency are Integrally Intertwined Threads and objects dominate concurrent software. Threads: Sequential computation with shared memory. Objects: Collections of state variables with procedures for observing and manipulating that state. Even distributed objects create the illusion of shared memory through proxies. The components (objects) are (typically) not active. Threads weave through objects in unstructured ways. This is the source of many software problems.

Lee, Berkeley 13 My Claim Nontrivial software written with threads, and locks are incomprehensible to humans.

Lee, Berkeley 14 Is Concurrency Hard? It is not concurrency that is hard…

Lee, Berkeley 15 …It is Threads that are Hard! Threads are sequential processes that share memory. From the perspective of any thread, the entire state of the universe can change between any two atomic actions (itself an ill-defined concept). Imagine if the physical world did that…

Lee, Berkeley 16 Succinct Problem Statement Threads are wildly nondeterministic. The programmer’s job is to prune away the nondeterminism by imposing constraints on execution order (e.g., mutexes) and limiting shared data accesses (e.g., OO design).

Lee, Berkeley 17 We Can Incrementally Improve Threads Object Oriented programming Coding rules (Acquire locks in the same order…) Libraries (Stapl, Java 5.0, …) Patterns (MapReduce, …) Transactions (Databases, …) Formal verification (Blast, thread checkers, …) Enhanced languages (Split-C, Cilk, Guava, …) Enhanced mechanisms (Promises, futures, …) But is it enough to refine a mechanism with flawed foundations?

Lee, Berkeley 18 Do Threads Provide a Sound Foundation? If the foundation is bad, then we either tolerate brittle designs that are difficult to make work, or we have to rebuild from the foundations. Note that this whole enterprise is held up by threads

Lee, Berkeley 19 What are Brittle Designs? Small changes have big consequences… Patrick Lardieri, Lockheed Martin ATL, about a vehicle management system in the JSF program: “Changing the instruction memory layout of the Flight Control Systems Control Law process to optimize ‘Built in Test’ processing led to an unexpected performance change - System went from meeting real-time requirements to missing most deadlines due to a change that was expected to have no impact on system performance.” National Workshop on High-Confidence Software Platforms for Cyber-Physical Systems (HCSP-CPS) Arlington, VA November 30 –December 1, 2006

Lee, Berkeley 20 The Current State of Affairs We build real-time software on abstractions where time is irrelevant using concurrency models that are incomprehensible. Just think what we could do with the right abstractions!

Lee, Berkeley 21 My Proposed Solution Reintroduce time into the core abstractions: Bottom up: Make timing repeatable. Top down: Timed, concurrent components.

Lee, Berkeley 22 Bottom Up: Make Timing Repeatable We need a major historical event like this one: In 1980, Patterson and Ditzel did not invent reduced instruction set computers (RISC machines). See D. A. Patterson and D. R. Ditzel. “The case for the reduced instruction set computer.” ACM SIGARCH Computer Architecture News, 8(6):25–33, Oct

Lee, Berkeley 23 It is Time for Another Major Historical Event In 2007, Edwards and Lee did not invent precision-timed computers (PRET machines). See S. Edwards and E. A. Lee, "The Case for the Precision Timed (PRET) Machine," to appear in the Wild and Crazy Ideas Track of the Design Automation Conference (DAC), June see:

Lee, Berkeley 24 Can Hardware Deliver on Timed Semantics? PRET (Precision Timing) Machines Make temporal behavior as important as logical function. Timing precision is easy to achieve if you are willing to forgo performance. Let’s not do that. Challenges: Memory hierarchy (scratchpads?) Deep pipelines (interleaving?) ISAs with timing (deadline instructions?) Predictable memory management (Metronome?) Languages with timing (discrete events? Giotto?) Predictable concurrency (synchronous languages?) Composable timed components (actor-oriented?) Precision networks (TTA? Time synchronization?) Dynamic adaptibility (admission control?)

Lee, Berkeley 25 Making PRET Machines Practical Start with hardware designs on FPGAs Use soft cores Add precision-timing instructions Scale up from there e.g. Stephen Edwards (Columbia) has achieved software designs with ~40ns timing precision on simple soft cores. Source code is smaller and simpler than VHDL specification of comparable hardware. Ramp blue experimental platform, from the RAMP project. BEE 2, FPGA system, from BWRC

Lee, Berkeley 26 Our Solution Reintroduce time into the core abstractions: Bottom up: Make timing repeatable. Top down: Timed, concurrent components.

Lee, Berkeley 27 New Component Technology is more Palatable than New Languages It leverages: Language familiarity Component libraries Legacy subsystems Design tools The simplicity of sequential reasoning It allows for innovation in Distributed time-sensitive system design Hybrid systems design Service-oriented architectures Software is intrinsically concurrent Better use of multicore machines Better use of networked systems Better potential for robust design

Lee, Berkeley 28 Object Oriented vs. Actor Oriented The alternative: Actor oriented: actor name data (state) ports Input data parameters Output data What flows through an object is evolving data class name data methods call return What flows through an object is sequential control The established: Object-oriented: Things happen to objects Actors make things happen

Lee, Berkeley 29 The First (?) Actor-Oriented Programming Language The On-Line Graphical Specification of Computer Procedures W. R. Sutherland, Ph.D. Thesis, MIT, 1966 MIT Lincoln Labs TX-2 Computer Bert Sutherland with a light pen Partially constructed actor-oriented model with a class definition (top) and instance (below). Bert Sutherland used the first acknowledged object- oriented framework (Sketchpad, created by his brother, Ivan Sutherland) to create the first actor-oriented programming language (which had a visual syntax).

Lee, Berkeley 30 Examples of Actor-Oriented Systems CORBA event service (distributed push-pull) ROOM and UML-2 (dataflow, Rational, IBM) VHDL, Verilog (discrete events, Cadence, Synopsys,...) LabVIEW (structured dataflow, National Instruments) Modelica (continuous-time, constraint-based, Linkoping) OPNET (discrete events, Opnet Technologies) SDL (process networks) Occam (rendezvous) Simulink (Continuous-time, The MathWorks) SPW (synchronous dataflow, Cadence, CoWare) … Most of these are domain specific. Many of these have visual syntaxes. The semantics of these differ considerably, with significantly different approaches to concurrency.

Lee, Berkeley 31 Challenges The technology is immature: Commercial actor-oriented systems are domain-specific Development tools are limited Little language support in C++, C#, Java Modularity mechanisms are underdeveloped Type systems are primitive Compilers (called “code generators”) are underdeveloped Formal methods are underdeveloped Libraries are underdeveloped We are addressing these problems.

Lee, Berkeley 32 Enter Ptolemy II: Our Laboratory for Experiments with Models of Computation Director from a library defines component interaction semantics Large, behaviorally- polymorphic component library. Visual editor supporting an abstract syntax Type system for transported data Concurrency management supporting dynamic model structure.

Lee, Berkeley 33 Ptolemy II: Functionality of Components is Given in C or Java (which can wrap C, C++, Perl, Python, MATLAB, Web services, Grid services, …)

Lee, Berkeley 34 Example: Discrete Event Models DE Director implements timed semantics using an event queue Event source Time line Reactive actors Signal Components send time- stamped events to other components, and components react in chronological order.

Lee, Berkeley 35 Using DE Semantics in Distributed Real- Time Systems DE is usually a simulation technology. Distributing DE is done for acceleration. Hardware design languages (e.g. VHDL) use DE where time stamps are literally interpreted as real time. We are using DE for distributed real-time software, binding time stamps to real time only where necessary. PTIDES: Programming Temporally Integrated Distributed Embedded Systems (work done with Yang Zhao and Jie Liu).

Lee, Berkeley 36 PTIDES: Programming Temporally Integrated Distributed Embedded Systems with Yang Zhao and Jie Liu Consider a scenario:

Lee, Berkeley 37 PTIDES: Programming Temporally Integrated Distributed Embedded Systems with Yang Zhao and Jie Liu Assumption: Clocks on the distributed platforms are synchronized to some known precision (e.g. NTP, IEEE 1588)

Lee, Berkeley 38 PTIDES: Programming Temporally Integrated Distributed Embedded Systems with Yang Zhao and Jie Liu Bind model time to real time at the sensors: Output time stamps are ≥ real time

Lee, Berkeley 39 PTIDES: Programming Temporally Integrated Distributed Embedded Systems with Yang Zhao and Jie Liu Bind model time to real time at the actuators: Input time stamps are ≤ real time

Lee, Berkeley 40 PTIDES: Programming Temporally Integrated Distributed Embedded Systems with Yang Zhao and Jie Liu Schedulability is not violating these timing inequalities. Input time stamps are ≤ real time Output time stamps are ≥ real time

Lee, Berkeley 41 PTIDES: Programming Temporally Integrated Distributed Embedded Systems with Yang Zhao and Jie Liu Conservative distributed DE (Chandy & Misra) would block actuation unnecessarily.

Lee, Berkeley 42 PTIDES: Programming Temporally Integrated Distributed Embedded Systems with Yang Zhao and Jie Liu Optimistic distributed DE (Jefferson) would require being able to roll back the physical world.

Lee, Berkeley 43 PTIDES: Programming Temporally Integrated Distributed Embedded Systems with Yang Zhao and Jie Liu PTIDES uses static causality analysis to determine when events can be safely processed. Assume bounded network delay d Assume bounded computation time c1 Assume bounded computation time c3 Assume bounded computation time c2 Assume bounded clock error Assume bounded clock error e An event here with time stamp t can be safely merged when real time exceeds t + d + e + max(c1, c2) +c3 Assume bounded clock error e

Lee, Berkeley 44 PTIDES: Programming Temporally Integrated Distributed Embedded Systems with Yang Zhao and Jie Liu The execution model prevents remote processes from blocking local ones, and does not require backtracking. An event here with time stamp t can be safely merged when real time exceeds t + d + e + max(c1, c2) +c3

Lee, Berkeley 45 PTIDES: Programming Temporally Integrated Distributed Embedded Systems with Yang Zhao and Jie Liu However, this program is not schedulable! The resulting event here with time stamp t cannot be presented to the actuator until real time exceeds t + d + e + max(c1, c2) +c3

Lee, Berkeley 46 PTIDES: Programming Temporally Integrated Distributed Embedded Systems with Yang Zhao and Jie Liu Remote events also trigger real-time violations. Schedulability analysis tells us the program is flawed. Event with time stamp t available at real time ≥ t Event with time stamp t cannot possibly be available here before real time t ! Event with time stamp t available at real time ≥ t

Lee, Berkeley 47 PTIDES: Programming Temporally Integrated Distributed Embedded Systems with Yang Zhao and Jie Liu The program can be fixed with actors that increment the time stamps (model-time delays).

Lee, Berkeley 48 PTIDES: Programming Temporally Integrated Distributed Embedded Systems with Yang Zhao and Jie Liu This relaxes scheduling constraints... An event here with time stamp t can be safely merged when real time exceeds t + d + e  d2 + max(c1, c2) +c3

Lee, Berkeley 49 PTIDES: Programming Temporally Integrated Distributed Embedded Systems with Yang Zhao and Jie Liu … and we can derive conditions for schedulability… The model is schedulable if: 1)d + e  d2 + c1 + c3 < 0 2)d + e  d2 + c2 + c3 < 0 3)…

Lee, Berkeley 50 PTIDES: Programming Temporally Integrated Distributed Embedded Systems with Yang Zhao and Jie Liu … and being explicit about time delays means that we can analyze control system dynamics… The system is stable if … Feedback through the physical world

Lee, Berkeley 51 PTIDES: Programming Temporally Integrated Distributed Embedded Systems with Yang Zhao and Jie Liu See “A Programming Model for Time-Synchronized Distributed Real-Time Systems”, Yang Zhao, Jie Liu, and Edward A. Lee, RTAS ’07, to be presented Friday.

Lee, Berkeley 52 Is Truly Real-Time Computing Becoming Unachievable? Yes! But the problem is solvable: Actor-oriented component architectures implemented in coordination languages that complement rather than replace existing languages (e.g. PTIDES). and PRET machines that deliver repeatable timing with efficient pipelining, memory hierarchy, and networking See the Ptolemy Project for ongoing research addressing these problems:

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.