Embedded Systems
Define Failsafe
The system fails to a known safe state. Done something sensible
Describe synchronous FSMs
There is a separate synchronising clock signal • Current state & inputs examined only at active instant in clock cycle ---Typically rising edge • State changes only once in each clock cycle • For Mealy machine, output is, typically, instantaneous function of inputs & current state • Include start signal as input
Look at alarm clock example
Woot bookmarked!
What is least laxity?
- Detects missed deadlines early Priorities = decreasing function of the laxity (lower laxity → higher priority); changing priority; preemptive. (d - t) - c' where d is the process deadline, t is the real time since the cycle start, and c' is the remaining computation time. Is heavier than EDF but allows for deadline warnings
Explain: Hardware fault-tolerance: Redundancy
Masking Redundancy: Static redundancy as once the redundant copies of an element are installed, their interconnection remains fixed e.g. N-tuple modular redundancy (nMR), ECC, TMR (Triple Modular Redundancy) 3 identical copies of modules provide separate results to a voter that produces a majority vote at its output. • Dynamic Redundancy System configuration is changed in response to faults. Its success largely depends upon fault detection ability.
What is MTTF? How to calculate it
Mean Time To Failure = Expected Life MTTF of a system is the expected time of the FIRST failure in a sample of identical initially perfect systems. Similarly: - MRRT: Mean time to repair - MTBF: Mean time before failure
How to solve the limited descriptional problem of FSMs?
More powerful FSMs :D More powerful version of state machine allows guards, inputs, outputs & actions on transitions: g → i/a/o • g - guard (boolean expression, assertion or condition) • i - input (e.g. event) • a - sequence of actions • o - output • If machine is in state U, guard g is true & input i occurs, then perform actions a, generate output o & enter state V
What is the component reliability model? What are the three stages?
Note: Think HDD failures
What are two types of tasks to be scheduled?
Periodic and aperiodic (i.e. sporadic)
What are some issues with imperative languages and shared memory?
Potential deadlocks • Specification of total order of operations is an over- specification. A partial order would be sufficient. • The total order reduces the potential for optimizations Timing can not be specified • Access to shared memory leads to anomalies, that have to be pruned away by mutexes, semaphores, monitors. Messages can be as bad • Access to shared, protected resources leads to priority inversion • Termination in general undecidable
What is preemptive vs non-preemptive tasks?
Preemptitive = suspend task. Can result in unpredictable delays
Describe predictability in terms of embedded software
Programs must be both functionally predictable and timing predictable • Timing predictability implies well-defined timing characteristics for constructs, which are statically derivable • Languages overloaded with facilities & special cases usually too complex to satisfy predictability requirements
What are the pros and cons of dataflow diagrams?
Pros: * Focuses on fundamental elements of application & data flow between them Cons: * Scalability - DFDs for large applications can quickly blow up but can be split into smaller more detailed components * Definitions ambiguous mainly because of informality. Do inputs arrive simultaneously? How are reads/writes handled? * Absence of control. When to trigger a function? When is it correct to execute a function (conditionals)?
Describe rate monotonic scheduling
RM Policy: The priority of a task is monotonically decreasing function of its period - At any time a highest priority task among all those are ready for execution is allocated - Executes shortest tasks first
How frequently do we have to sample?
Reconstruction is impossible if we don't sample frequently enough. Nyquist criterion (sampling theory): Aliasing can be avoided if we restrict the frequencies of the incoming signal to less than half of the sampling rate. ps < ½ pN where pN is the period of the "fastest" sine wave or fs > 2 fN where fN is the frequency of the "fastest" sine wave fN is called the Nyquist frequency, fs is the sampling rate.
What are resolution in terms of converters?
Resolution (in bits) = number of bits produced * Resolution Q (in volts): difference between two input voltages causing the output to be incremented by 1 Q: resolution in volts per step V_FSR: difference between largest and smallest voltage n = number of voltage intervals Example: Q = Vref /4 for the previous FC
Define statecharts in terms of FSMs
Statechart = state-diagrams + depth (abstraction) + orthogonality (i.e. concurrency) + broadcast communication The Statechart notation is a kind of extended FSM with abstraction, concurrency, and communication.
Define Reliability
Survival Probability • When function is critical during the mission time.
What is the minimal path set?
The Minimal set of components whose functioning ensures the functioning of the system system: {2,3,4} {1,5} {2,5}, {1,3,4}
Define Availability
The fraction of time a system meets its specification. • Good when continuous service is important but it can be delayed or denied
What to do once a state chart of a system has been made?
Validate! Check on examples, corner cases. - Next step - fix chart - Re-validate!
What does a model of computation define?
What does it mean "to compute"? Defines: * Components and an execution model for computations for each component * Communication model for exchange of information between components
Make the graph for when state A changes to state B when the event b occurs AND the condition P is true and back to A on input a. The output is c. What's the scope of c?
c is global (can be seen everywhere in the Statechart model) • c can be used as an input on a transition • this supports communication in the model * this supports communic
What is a fault?
Fault is an erroneous state of software or hardware resulting from failures of its components
Define Dependability
Generalisation: System does the right thing at right time
How to compute reliability in a serially connected system?
Important learn! Building a reliable serial system is extraordinarily difficult and expensive!
What is Pulse Width Modulation?
* A common technique for controlling power to iniertial electrical devices. * average value of voltage (and current) fed to the load is controlled by turning the switch between supply and load on and off at a fast pace. * The longer the switch is on vs off the higher power supplied to the load *Efficiency: -- Switching is nearly lossless -- "burns" excess voltage in resistor
Why not just use the conventional thread model?
* Even the notion of "computable" is at odds with the requirements of embedded software. * In this notion, useful computation terminates but is undecidable. * In embedded software - termination IS FAILURE * Need to get predictable timings, subcomputations must terminate.
Describe and give examples of declarative computational models
* Specify properties that must be satisfied, not executable. Based on logic * It is normally easier to state and prove properties but more difficult for design. * Examples: traditional logics, predicate & temporal; real-time logic
What is a history state? How to draw it?
- The state entered is the last state the level was in when it exited. - H overrides a default state - H entrance is current level of diagram - H* entrance is to the lowest level of the diagram
Outline four methods for minimising faults
1) Fault Avoidance : How to prevent the fault occurrence. Increase reliability by conservative design and use highly reliable components. 2) Fault Tolerance: How to provide the service complying with the specification in spite of faults having occurred or occurring 3) Fault Removal: How to minimise the presence of faults 4) Fault Forecasting: How to estimate the presence, occurrence and the consequences of faults
What are four desirable features of programming languages to be used for embedded software?
1) Time access and control 2) Exception handling 3) Software management 4) Parallelism and determinancy
What are Kahn process networks (KPNs)?
A distributed model of computation. * Group of deterministic sequential processes * Communication is done through unbounded FIFO channels KPN exhibits deterministic behaviour and does not depend on the various computation and communication delays It's a common model for describing signal processing systems - Infinite streams of data are incrementally transformed by processes executing in sequence or parallel.
Describe predictability in terms of Ada, Java and C
Ada 95 standard has been specifically proposed with predictability of tasking & timing features in mind • Features such as recursion & dynamic data structures lead to unpredictable timing • e.g. dynamic storage management & garbage collection Java is highly unpredictable • Garbage collection and dynamic compilation makes perfromance prediction extremely difficult • Real time Java proposed as a way to overcome this C potentially unpredictable • Unrestricted use of dynamic memory allocation the main problem
What are A/D
Analog y Digital
How to create more usable data from discrete sensors?
Anti-aliasing filters!
Some examples of embedded systems
Atomotives Avionics
Define availability in terms of MTBF and MTTR
Availability = MTBF /(MTBF + MTTR)
C vs Java vs Ada
C • currently the most popular language used • Lacks support for embedded software development • Makes direct use of very low level posix threads. Little support for abstraction and exceptions Java - de facto standard for programming desktop applications • Explicit support for modules concurrency and exceptions • Problems for embedded s/w -unpredictability and lack of direct control • Real Time Java tries to overcome this Ada - used in safety-critical applications • Programming in the large and code reuse • Tasking Features for concurrency. High level exceptions. Real time facilities
What are three common languages used in embedded systems?
C, Java and Ada
Describe parallelism and concurrency for embedded systems.
Concurrency control: inherent feature of embedded systems • Software constructs for defining, synchronising, communication among parallel activities & scheduling their execution • In addition, to above higher level facilities, need mechanisms for finer degree of h/w control and timing -- e.g. declarations or statements that directly deal with interrupts, IO, etc.
Explain the calculation of parallel system reliability
Consider 4 identical modules are connected in parallel • System will operate correctly provided at least one module is operational. If the reliability of each module is 0.95. • The overall system reliability is 1 − (1 − 0.95)⁴ = 0.99999375
Define hard and soft deadlines
Def.: A time-constraint (deadline) is called hard if not meeting that constraint could result in a catastrophe [Kopetz, 1997]. All other time constraints are called soft.
How to avoid software faults?
Defensive programming • If you can not be sure that what you are doing is correct. • Do it in many ways. • Review and test the software. • Verify the software. • Execute the specifications. • Produce programs automatically.
What are some sources of faults?
Design errors • Manufacturing Problems • External disturbances -- Harsh environmental conditions • System Misuse Mechanical -- "wears out" --Deterioration: wear, fatigue, corrosion -- Shock: fractures, overload, etc. Electronic Hardware -- "bad fabrication; wears out" -- Latent manufacturing defects -- Operating environment: noise, heat, ESD, electro-migration -- Design defects Software -- "bad design" -- Design defects -- "Code rot" -- accumulated run-time faults • People
Explain: Hardware fault-tolerance: Fault detection
Detection is a challenge, many faults are latent and show up later (e.g. memory bit flip!) Fault detection by 1) Duplication: Two identical copies, compare results. R1 != R2 => declare fault 2) Error Detecting codes. Utilise information redundancy. E.g. Parity bits
What is Earliest Due Date (EDD)? How does it work? Give O value of implementation
EDD - Execute task with earliest deadline first. - Preemption is useless in EDD - EDD requires all tasks to be sorted by their (absolute) deadlines. Hence complexity is O(n x log(n))
Classify the following: Failure Fault Error Extent Value Duration
Failure: Component does not provide service Fault: A defect within a system Error: A deviation from the required operation of the system or subsystem Extent: Local (independent) or Distributed (related) • Value: Determinate/Indeterminate (varying values) Duration: • Transient • Intermittent • Permanent
What is the definition of a signal and how does it relate to sensors?
sensors generate signals Definition: a signal s is a mapping from the time domain DT to a value domain DV : s : DT → DV DT : continuous or discrete time domain DV : continuous or discrete value domain.
Define system reliability
tinit = after boot up
Ada vs Java vs C - Abstractions
• Ada and Java support modules in form of packages • C does not really apart from separate compilation of files
Ada vs Java vs C - Time access and control
• Ada comprehensive set of timing packages. Calendar and Real-time + Delay function • Java elaborate Date class. Coarse clock granularity - but Real Time Java has access to a nanosecond clock • C standard libraries for interfacing to calendar time. Posix thread library or pthreads has a nano second clock
Ada vs Java vs C - Exceptions
• Ada has clean scheme for declaring, raising and handling • Java extends this and integrates in OO model. • C has none
Explain Earliest Deadline First (EDF). Give O value of implementation
• Different arrival times: Preemption potentially reduces lateness. • optimal with respect to minimizing the MAXIMUM lateness. • implement with sorted queue O(n^2) * Pick nearest deadline as they arrive
What are state machines? What does an FSM consist of?
• Different forms of state machines are in use for modelling & designing systems Standard Finite State Machine (FSM) comprises: • a finite number of states • a next state function which maps states & events into states • FSM starts executing in its start state, moves from one state to another as per next state function, until it reaches halt state or exhausts input
Some Embedded HW points
• Domain/application-specific: Optimised for one fixed application/domain • Energy-efficiency often more important than raw performance, especially for battery operated devices • Power constraints: Cooling, power supply, ... • Cost: Low cost for large volume device vs Non-recurring engineering cost • Programmability: ASIC (no flexibility), ASIP, CPU, FPGA (lots of flexibility) • Complexity: Composed of individual building blocks (IP blocks)
Describe software management in terms of desirable programming language features
• Embedded software is complex - large amount of code, a variety of activities & requirements • Language features must provide help with key to managing complexity of large embedded systems i.e. decomposition & abstraction
Describe parallelism and determinacy in terms of desirable programming language features
• Embedded system/real world is inherently parallel. Deadlock and race conditions a real problem • Is program behaviour predictable and repeatable? A problem for parallel systems
Describe and give examples of imperative computational models
• Give algorithmic descriptions of behaviour which are directly executable. • Easy to produce examples and debug specifications • Allows fast prototyping & implementation of systems. • Examples: Data Flow Diagrams (DFDs), Statecharts, Tabular Languages
How does Java, C and Ada support parallelism?
• Java provides threads and shared memory plus synchronisation • C has to incorporate real-time POSIX primitives (fork, wait, spawn, etc.) for concurrency. • Can have either shared memory or use message-passing via MPI • Ada provides tasks and uses a message-passing approach.
What are some limitations of FSMs?
• Limited descriptive power - e.g. can't recognise balanced parentheses • Pure FSMs cannot model applications which produce output - Mealy machines
Describe time access and control in terms of desirable programming language features
• Mechanisms/primitives for dealing with absolute & relative time to control & monitor program timing behaviour • Basic operations: set a clock or timer, read value of timer object • Higher-level - instructions to delay a task, generate timeout signals
What are two types of FSMs and how do you calculate the output for each of them?
• Moore FSM: Output = f(current state) • Mealy FSM: Output = f(current state, inputs)
How do we extend FSM to be more suitable to embedded specific systems?
• Need to be able to model concurrency & time • Modelling concurrency: -- allow several FSMs to run in parallel -- describe communication & synchronisation between them -- make use of shared/distributed memory model • Modelling timing constraints: -- specify transition firing times -- clocks & timing events -- Need to address problem of state explosion
How to configure TMR?
• PR1, PR2 and PR3 processors execute different versions of the code for the same application. • Voter compares the results and forward the majority vote of results (two out of three).
What are some requirements of embedded model?
• Presence of programming elements • Executability (no algebraic specification) • Support for the design of large systems (e.g. OO) • Domain-specific support • Readability • Portability and flexibility • Termination • Support for non-standard I/O devices • Non-functional properties • Support for the design of dependable systems • No obstacles for efficient implementation • Adequate model of computation
What are some models of computation?
• Process Networks • Threads • Message Passing • Synchronous/Reactive (SR) • Concurrent State Machines (Statecharts and variants) • Dataflow • Rendezvous-based Models (CSP, CCS) • Time-triggered Models • Discrete-event Models • Continuous-time with ODE solvers
Some Embedded SW points
• Real-time: Timing constraints set by physical environment • Reactive: Response to physical environment • Concurrency: Physical environment is not sequential • Dependability: Impact on physical environment, safety-critical • Reliability: Fixing bugs in the field may be costly/impossible • Efficiency: Manual optimisation required • (Lack of) Abstraction: Exposure of underlying hardware to the programmer
What are two fault-tolerant software design techniques?
• Recovery block scheme (RB) Dynamic redundancy • N-version programming scheme (NVP) n-modular redundancy Hardware redundancy is needed to implement the above Software Fault-tolerance techniques.
Describe Asynchronous FSMs
• State responds immediately to input, so need some other way to identify each new input • Model assumes that inputs do not change until machine settles into its new state • Common to describe an async FSM using a state diagram: -- a labelled directed graph -- nodes represent states -- arcs represent transitions
Describe static vs dynamic scheduling
• Static. Uses a priori knowledge about deadlines and arrival times Timer triggers dispatch based on table. Predictable Dynamic useful in reacting to sporadic events • Based on only what know so far * More adaptive but less predictable
Why do we need to protect ourselves against software failure?
• To prevent software bugs from causing system disasters. To mask out software bugs. • Tolerating unanticipated design faults is much more difficult than tolerating anticipated physical faults. • Software Fault Tolerance is needed as: -- Software bugs will occur no matter what we do. No fully dependable way of eliminating these bugs. These bugs have to be tolerated.Tolerating Software Failures
Describe exception handling in terms of desirable programming language features
• Unusual behaviours in both h/w & s/w should be detected & handled gracefully • Should also be easy to distinguish between unusual & normal ones • Useful language structures: define, test and recover from exceptions