Chapter

Subjecting Legacy Simulink Models to Timing Specifications

Authors:
To read the full-text of this research, you can request a copy directly from the author.

Abstract

The interest in the logical execution time (LET) paradigm has recently experienced a boost, especially in the automotive industry. This is because it is considered a practical candidate for migrating concurrent legacy software from single- to multi-core platforms by introducing deterministic intra- and inter-core communication. In many cases, the implementation of these individual software components roots in MATLAB/Simulink, a modeling and simulation environment, where the controller functionality is described with a block-oriented formalism and simulated with synchronous reactive semantics. Considering LET already in the modeling and simulation phase instead of deferring this to the integration phase, as it is done now, is an important step towards the idea of models being the single source of truth and to estimate the effect of LET on end-to-end timing in cause-effect-chains at an early stage. This paper presents two approaches of simulating software components with LET semantics in Simulink. In contrast to previous work, which deals with clean slate top-down approaches, we focus on legacy software (in the form of Simulink models) that does not satisfy some of the initial assumptions of the LET programming model.

No full-text available

Request Full-text Paper PDF

To read the full-text of this research,
you can request a copy directly from the author.

Conference Paper
Full-text available
In the Logical Execution Time (LET) programming model, fixed execution times of software tasks are specified and a dedicated middleware is employed to ensure their realization , achieving increased system robustness and predictability. This paradigm has been proposed as a top-down development process, which is hardly applicable to a large body of legacy control software encountered in the embedded industry. Applying LET to legacy software entails challenges such as: satisfying legacy constraints, minimizing additional computational costs, maintaining control quality, and dealing with event-triggered computations. Such challenges are addressed here by a systematic approach, where program analysis and modification techniques are employed to introduce efficient buffering into the legacy system such that the given LET specifications are met. The approach has been implemented in a tool suite that performs fully automated transformation of the legacy software and may be carried out incrementally. This paper presents an application to large-scale automotive embedded software, as well as an evaluation of the achieved LET-based behavior for industrial engine control software.
Article
Full-text available
Model-based development of CPS is based on the capability of early verification of system properties on a model of the controls and the controlled physical system, and the capability of producing automatically an implementation of the model. Unfortunately, in the development of complex distributed or highly concurrent systems, the scheduling and communication delays may significantly affect the behavior of the controls. We present a framework for adding the model of schedulers, tasks and messages to Simulink models and to verify by simulation the impact of scheduling and execution times delays on the performance of the controls. Our toolset is highly modular and extensible and allows application to existing models with limited changes and even the automatic synthesis of the task and message model from an external specification.
Conference Paper
Full-text available
In a time-triggered system, activities like task releasing, operational mode switches, sensor readings and actuations are all initiated at predetermined time instants. This paper proposes an extension of the TDL (Timing Definition Language) time-triggered compositional framework, and presents, based on the widely-applied methods, a condition for its schedulability. The schedulability condition developed accounts for multiple concurrently executing modules, multiple operational modes and mode switches. This way the system schedulability can be guaranteed in any execution condition.
Article
Full-text available
Real-time software components based on the logical execu- tion time (LET) paradigm exhibit equivalent observable be- havior independent from the execution platform respectively the simulation environment. Thus, LET ensures a perfect match between simulation and execution on a potentially dis- tributed hardware without having to consider platform spe- cific details already in the application model. Especially for complex multi-mode multi-rate systems, a virtual machine (VM) is the favored approach to ensure the correct timing behavior. Simulation environments typically provide a trigger mechanism that allows for implementing such a VM. This pa- per discusses data dependency problems that may arise when simulating LET-based components and which considerably limit the applicability of existing approaches in practice. The identified shortcomings concern components with cyclic data flow, control loops involving plants without delay, and the combination of LET-based and conventional components. We present an execution mechanism based on a 2-step 3-phase VM architecture that overcomes these limitations. The pre- sented approach is implemented in MATLAB/Simulink and applicable for mixed time- and event-triggered systems.
Article
Full-text available
This paper describes the visual representation of the Timing Definition Language (TDL), a high-level textual description language for timing aspects of em- bedded real-time systems. For this purpose we have designed and implemented the so-called TDL:VisualCreator tool. The paper first presents the core concepts of TDL and then for each TDL construct the textual and its corresponding visual representation. We also point out how the TDL:VisualCreator tool is integrated with the visual development and simulation environment MATLAB/Simulink from a user's point of view.
Article
Full-text available
An abstract is not available.
Conference Paper
Full-text available
This paper describes two different approaches of simulating embedded control software whose real-time requirements are explicitly specified by means of the Logical Execution Time (LET) abstraction introduced in the Giotto project. As simulation environments we chose the black-box MATLAB/Simulink product and the open-source project Ptolemy II. The paper first sketches the modeling of LET-based components with the Timing Definition Language (TDL). As the LET abstraction allows the platform-independent modeling of the timing behavior of embedded software, a correct simulation of TDL components is equivalent to the behavior on a specific platform. We integrated TDL with both MATLAB/Simulink and Ptolemy and highlight the differences and similarities of the particular TDL simulation. Keywordssimulation of real-time behavior-real-time modeling-Simulink-Ptolemy-Logical Execution Time (LET)-Timing Definition Language (TDL)
Conference Paper
Full-text available
We summarize some current trends in embedded systems design and point out some of their characteristics, such as the chasm be- tween analytical and computational models, and the gap between safety- critical and best-eort engineering practices. We call for a coherent sci- entific foundation for embedded systems design, and we discuss a few key demands on such a foundation: the need for encompassing several mani- festations of heterogeneity, and the need for constructivity in design. We believe that the development of a satisfactory Embedded Systems Design Science provides a timely challenge and opportunity for reinvigorating computer science.
Article
Full-text available
A methodology for control software development based on Giotto, a domain-specific high-level programming language for control applications is presented. Thus, the Giotto methodology is illustrated by reimplementing the controller for an autonomously flying model helicopter originally developed at the Swiss Federal Institute of Technology (ETH) Zurich. It is demonstrated that Giotto introduces a negligible overhead and at the same time increases the reliability and reusability of the control software.
Article
Full-text available
Giotto provides an abstract programmer's model for the implementation of embedded control systems with hard real-time constraints. A typical control application consists of periodic software tasks together with a mode-switching logic for enabling and disabling tasks. Giotto specifies time-triggered sensor readings, task invocations, actuator updates, and mode switches independent of any implementation platform. Giotto can be annotated with platform constraints such as task-to-host mappings, and task and communication schedules. The annotations are directives for the Giotto compiler, but they do not alter the functionality and timing of a Giotto program. By separating the platform-independent from the platform-dependent concerns, Giotto enables a great deal of flexibility in choosing control platforms as well as a great deal of automation in the validation and synthesis of control software. The time-triggered nature of Giotto achieves timing predictability, which makes Giotto particularly suitable for safety-critical applications.
Conference Paper
The Logical Execution Time (LET) programming model has been recently employed as a parallel programming paradigm for multi-core platforms, in particular for porting large single-core applications to multi-core versions, which is a serious challenge faced in major industries, such as the automotive one. In this paper, we consider a transformation process from legacy single-core software to LET-based versions that are ready for multi-core, and focus on the problem of minimizing computational costs rooted in the additional buffering that is required to achieve the LET communication semantics, especially for parallel executions and in the presence of legacy event-driven functions that remain outside of the LET specifications. We propose a static analysis that proceeds top-down through successive layers of abstraction, where an optimal solution at a certain layer represents a minimal upper bound on the set of buffers determined in the next layer. We present a solution for the top layer, which is platform-independent and has no restrictions on executions of event-driven software. Furthermore, we derive optimal buffering for a second layer with a minimal platform configuration. We refer here to a three-layer implementation, which has been successfully applied to industrial automotive software, where further savings are achieved in the mapping from second layer buffers to memory locations. We also point to evaluation results, demonstrating the applicability of the approach in industrial settings.
Article
The logical execution time (LET) model increases the compositionality of real-time task sets. Removal or addition of tasks does not influence the communication behavior of other tasks. In this work, we extend a multicore operating system running on a time-predictable multicore processor to support the LET model. For communication between tasks we use message passing on a time-predictable network-on-chip to avoid the bottleneck of shared memory. We report our experiences and present results on the costs in terms of memory and execution time.
Conference Paper
The growing demand for computing power in automotive applications can only be satisfied by embedded multi-core processors. Significant parts of such applications include OEM-owned legacy software, which has been developed for single-core platforms. While the OEM is faced with the issues of parallelizing the software and specifying the requirements to the ECU supplier, the latter has to deal with implementing the required parallelization within the integrated system. The Logical Execution Time (LET) paradigm addresses these concerns in a clear conceptual framework. We present here initial steps for applying the LET model in this respect: (1) Parallelization of legacy embedded control software, by exploiting existing inherent parallelism. The application software remains unchanged, as adaptations are only made to the middleware. (2) Using the LET programming model to ensure that the parallelized software has a correct functional and temporal behavior. The Timing Definition Language (TDL) and associated tools are employed to specify LET-based requirements, and to generate system components that ensure LET behavior. The work describes two conceptual ways for integrating TDL components in AUTOSAR.
Article
Model-based design of embedded control systems using Synchronous Reactive (SR) models is among the best practices for software development in the automotive and aeronautic industry. SR models allow to formally verify the correctness of the design and automatically generate the implementation code. This feature is a major productivity enhancement and, more importantly, can ensure correct-by-design software provided that the code generator is provably correct. This paper presents an improvement of code generation technology for SR obtained via a novel algorithm for optimizing the multitask implementation of Simulink models on single-processor platforms with limited availability of memory. Existing code generation tools require the addition of zero-order hold (ZOH) blocks, and therefore additional memory, and possibly also additional functional delays whenever there is a rate transition in the computation and communication flow. Our algorithm leverages a novel efficient encoding of the scheduling feasibility region to find the task implementation of function blocks with minimum additional functional delays within timing and memory constraints. The algorithm is applied to an automotive case study with tens of function blocks and very high utilization to test its applicability to complex systems.
Model-based development of embedded control software with TDL and Simulink
  • G Stieglbauer
Stieglbauer, G.: Model-based Development of Embedded Control Software with TDL and Simulink. Ph.D. thesis, University of Salzburg (2007)
Timing Definition Language (TDL) 1.5 specification
  • J Templ
Templ, J.: Timing Definition Language (TDL) 1.5 specification. Tech. rep., University of Salzburg (July 2009), http://www.softwareresearch.net 23. The MathWorks: Simulink Reference, R2018a (2018)
EDF schedulability analysis for an extended timing definition language
  • T Kloda
  • B Ausbourg
  • L Santinelli
Kloda, T., d'Ausbourg, B., Santinelli, L.: EDF schedulability analysis for an extended timing definition language. In: Proceedings of the 9th IEEE International Symposium on Industrial Embedded Systems, SIES 2014, Pisa, Italy, June 18-20, 2014. pp. 30-40 (2014)
Synthesis of multitask implementations of simulink models with minimum delays. Industrial Informatics
  • Di Natale
  • M Guo
  • L Zeng
  • H Sangiovanni-Vincentelli
Di Natale, M., Guo, L., Zeng, H., Sangiovanni-Vincentelli, A.: Synthesis of multitask implementations of simulink models with minimum delays. Industrial Informatics, IEEE Transactions on 6(4), 637-651 (Nov 2010)