Optimizing Automotive Cyber-Physical System Specifications with Multi-Event Dependencies Stefan Andrei and Albert M. K. Cheng Our position paper focuses on the optimization of real-time cyber-physical systems with linear timing constraints, which has promising applications. In particular, our paper deals with the following paragraph from the HCSS’s call for papers: “Delays due to traffic congestion waste enormous amounts of user productivity and finite energy resources. Alternative designs and energy sources driven by user demand and new CAFÉ requirements also necessitate complex real-time control.” Cyber-physical systems are changing the way we interact with the physical world. Application domains that traditionally were related mainly to controlling physical or chemical processes have recently evolved into being massively software-intensive. For example, the automotive domain refers to modern automobiles that rely heavily on the interplay of dozens of software-enabled sub-systems. Some of these manage highly safety-relevant functionalities, such as managed braking and airbag deployment. For instance, the Anti-lock Brake System (ABS) computer technology helps ensure that the driver is able to continue steering during emergency braking. An ABS-equipped vehicle helps keep the brakes from locking up by “pulsing” each wheel independently, more rapidly than would be humanly possible. Since the system repeatedly releases the brake pressure for fractions of a second, the wheels never stop rotating, which helps the vehicle avoid going into a skid and helps the driver retain control. Real-time systems can be defined by either a structural specification (how their components work) or a behavioral specification (showing the response of each component in response to an internal or external event). A behavioral specification often suffices for verifying the timing properties of the system. Given the behavioral specification of a system (denoted by SP) and a safety assertion (denoted by SA) to be analyzed, the goal is to relate a given safety assertion with the system specification. A wide recognized specification language for real-time systems is Real-Time Logic (RTL) [2]. If SA is a theorem derivable from SP, then the system is safe. If this is the case, then we say that SP SA is a theorem or a tautology. A first algorithm to check the tautology of SP SA was based on propositional formulas written in the disjunctive normal form [1]. Since the satisfiability problem for the whole RTL is undecidable, researchers look for subclasses with decidable properties: path RTL (used to specify the railroad crossing, moveable control rods in a reactor [1], the Boeing 777 - Integrated Airplane Information Management System [2], the X-38, an autonomous spacecraft designed and built by NASA as a prototype of the International Space Station Crew Return Vehicle [3]), extended path RTL (used to specify the airport radar station [6]), and the Linear RTL (used to specify the phased array radar system [7]). All these approaches are focused on the verification and/or debugging of SP SA, and not the optimization of this tautology. However, it may happen that SP contains overly ``strong" timing constraints or SA can be improved by “stronger” timing constraints. These issues lead us to the challenging question: “Can we provide the most relaxed specification SP and/or the most tight safety assertion SA such that SP SA is a theorem?” This question represents an optimization problem, and it is the subject of this position paper. In particular, deriving the solution to this problem when applied to the automotive domain is a key challenge for the next 5 years. Motivation: Consider the following motivation for addressing this problem. Following the verification of SP SA, and the deployment of the system implementing SP, performance changes in the processing platform for the tasks specified in SP affect the computation times of the specified tasks. This leads to a different but related SP, which would violate the original SP SA theorem if SA remains the same. For instance, a slower processing platform leads to longer tasks' computation times. Performance changes in the processing platform can be the result of power-saving (a voltage-scalable CPU running at a slower speed), faulty components (one of two motors moving a railroad-crossing gate malfunctions), cost-saving (a subset of the water pumps in a process control system is shutdown), and other unexpected reasons. Deriving optimal theorems (or quantifying tolerances), therefore, will allow the system designer to determine how far the performance of the processing platform can drift from the norm without violating the SA. This is clearly a fundamental issue in the design and implementation of highly dependable real-time/embedded systems. The
processing platform for the tasks specified in SP is the collection of processors or executors which actually perform these specified tasks. For example, a specified task for execution on a processor (CPU) operating at 2GHz clock speed requires 5ms of computation time. To save power at runtime because the processor runs on a portable battery, the processor reduces its clock speed to 1GHz. This would increase the computation time of this task to 10ms. Although the SA remains the same, the SP of the implemented system changes as a result of this performance change in the processing platform (CPU). The processing platform needs not be a computer processor. As another example, consider an automotive adaptive cruise control system. In response to a sensor detecting the approach of an obstacle (vehicle ahead), the SP states that the brake is applied in 100 milliseconds. The processing platform for this task consists of two actuators. If one malfunctions, then the processing time for this task is increased to 200 milliseconds, which may violate the SA. The main idea: The previous classes (path RTL [1, 2, 3, 4, 5] and extended path RTL [6]) can only describe a timing constraint between two events. A timing constraint involving three or more events together cannot be specified by any of these subclasses. The class of Linear Real-Time Logic (LRTL) has been recently described with the purpose of verification [7], and not optimization. The authors have experience in optimization of path-RTL class [8]. However, this class has the limitation that it cannot express timing constraints involving three or more events. This position paper generalizes the optimization problem for the class of linear RTL. Briefly, the general idea of our method is to start with a SP SA tautology, and to relax SP and/or tight SA as long as SP SA remains a tautology. For instance, considering the (abstract) example of SP={x+3y-3z 10, 3x-y-9z 2} and SA={x+y-3z 5}, then it is obvious that SP SA is a tautology. If we relax SP to {x+3y-3z 14, 3x-y-9z 6}, then SP SA is still a tautology (in fact, it is an optimal one). A key challenge is representing automotive behaviors in RTL and then applying this optimization. Comparison with related work: Works on the optimization of embedded and real-time systems have focused on different levels of abstraction, from high-level component design to circuit and code-level optimizations. For example, a selected list of optimization works includes the following. Hellestrand [9] overviews the high-level architectural design issues of embedded systems, highlighting the development of these systems driven by a variety of constraints such as market adaptivity and speed. Carchiolo, Malgeri and Mangioni [10] describe the synthesis of formal specifications of the hardware/software in the co-design of embedded systems. Zhao et al [11] introduce a method to re-position code so that the worst-case execution time (WCET) of the tasks can be tightened and hence these tasks are more likely to meet their deadlines. Henzinger et al [12] employ composability to efficiently generate embedded code in the distributed Giotto. Pop, Eles and Peng [13] show how to use a frame packing technique driven by a schedulability analysis to develop more efficient multicluster distributed embedded systems. Most of these works tackle specific aspects of embedded/real-time systems design and synthesis, making them less portable in general. Furthermore, they are often tailored to particular models and architectures. It is therefore difficult to port these techniques to work on different platforms. On the other hand, our approach is based on the specification language LRTL, which is basically the standard first-order logic augmented with the occurrence function to denote an event occurrence time. This makes it general for specifying embedded/real-time systems at different levels of abstraction. Our optimization framework is also novel in that it is not tied to a particular architecture or model. Any system and safety assertions of interest that can be specified in LRTL can be optimized, making our approach applicable in a variety of settings. Moreover, since our optimization is applied to RTL specifications and safety assertions, it is also implementation-language-independent if our target is code. Code written in a variety of languages can be readily prototyped from the optimized specifications.
List of references: [1] F. Jahanian and A. K. Mok, “A graph-theoretic approach for timing analysis and its implementation,” IEEE Transactions on Computers, vol. C-36, no. 8, pp. 961–975, 1987. [2] A. K. Mok, D.-C. Tsou, and R. C. M. de Rooij. The MSP.RTL real-time scheduler synthesis tool. In Proceedings of the 17th IEEE Real-Time Systems Symposium (RTSS’96), pages 118–128. IEEE Computer Society, 1996. [3] L. E. P. Rice and A. M. K. Cheng. Timing analysis of the X-38 space station crew return vehicle avionics. In Proceedings of the 5-th IEEE-CS Real-Time Technology and Applications Symposium, pages 255–264, 1999.
[4] S. Andrei and W.-N. Chin, “Incremental satisfiability counting for real-time systems,” in Proceedings of 10th IEEE Real-Time and Embedded Technology and Applications Symposium (RTAS ’04), 2004, pp. 482–489. [5] S. Andrei,W.-N. Chin, A. M. K. Cheng, and M. Lupu, “Systematic debugging of real-time systems based on incremental satisfiability counting,” in Proceedings of 11th IEEE Real-Time and Embedded Technology and Applications Symposium (RTAS ’05), 2005, pp. 519–528. [6] S. Andrei and A. M. K. Cheng, “Faster Verification of RTL-Specified Systems via Decomposition and Constraint Extension,” Proc. 27th IEEE-CS Real-Time Systems Symposium, Rio de Janeiro, Brazil, December 2006, pp. 67-76. [7] S. Andrei and A. M. K. Cheng, “Verifying Linear Real-Time Logic Specifications”, Proc. 28th IEEE-CS Real-Time Systems Symposium, Tucson, Arizona, Dec. 2007, pp. 333-342. [8] S. Andrei and A. M. K. Cheng, “Optimization of Real-Time Systems Timing Specifications”, Proc. 12 th IEEE-CS International Conference on Embedded and Real-Time Computing Systems and Applications, Sydney, Australia, Aug. 2006., pp. 68-76. [9] G. R. Hellestrand, “Systems architecture: the empirical way: abstract architectures to ’optimal’ systems.” in EMSOFT, 2005, pp. 147–158. [10] V. Carchiolo, M. Malgeri, and G. Mangioni, “Hardware/software synthesis of formal specifications in codesign of embedded systems,” Design Automation of Electronic Systems, vol. 5, no. 3, pp. 399–432, 2000. [11] W. Zhao, D. Whalley, C. Healy, and F. Mueller, “Improving WCET by applying a WC code-positioning optimization,” ACM Transactions on Architecture and Code Optimization, vol. 2, no. 4, pp. 335–365, 2005. [12] T. A. Henzinger, C. M. Kirsch, and S. Matic, “Composable code generation for distributed giotto,” ACM SIGPLAN Notices, vol. 40, no. 7, pp. 21–30, 2005. [13] P. Pop, P. Eles, and Z. Peng, “Schedulability-driven frame packing for multicluster distributed embedded systems.” ACM Transactions on Embedded Computing Systems, vol. 4, no. 1, pp. 112–140, 2005.
Biographies: Assistant Professor Stefan Andrei is responsible for the Real-Time and Embedded Systems in the Computer Science Department at the Lamar University, Texas. He can be contacted by email at
[email protected] or by phone at (409) 880-8748. Stefan received the B.A. (1994) and M.S. (1995) with Highest Honors in Computer Science from Cuza University of Iasi, Romania, and the Ph.D. (2000) in Computer Science from Hamburg University, Romania, where he held a DAAD Scholarship (1997), a TEMPUS JEP (1998) and a Joint Japan World Bank Graduate Scholarship Program Fellowship (1998-2000). He was a Research Fellow (2002-2005) and Visiting Assistant Professor (2005-2007) at School of Computing, National University of Singapore. Dr. Andrei is the author/co-author of over 50 refereed publications in real-time/embedded systems, programming languages and other areas. He is a Member of the IEEE, IEEE Computer Society and ACM. He has been invited to present seminars, tutorials, and invited talks at over 20 conferences, universities, and organizations. He is and has been on the technical program committees of over 25 conferences, symposia, workshops, and journal editorial boards. Professor Albert M. K. Cheng directs the Real-Time Systems Laboratory in the Computer Science Department at the University of Houston. He can be contacted by email at
[email protected] or by phone at (713) 743-3353. He received the B.A. with Highest Honors in Computer Science, graduating Phi Beta Kappa, the M.S. in Computer Science with a minor in Electrical Engineering, and the Ph.D. in Computer Science, all from The University of Texas at Austin, where he held a GTE Foundation Doctoral Fellowship. He has served as a technical consultant for several organizations, including IBM and Shell, and was also a visiting faculty in the Departments of Computer Science at Rice University and at the City University of Hong Kong. Dr. Cheng is the author/co-author of over 110 refereed publications in real-time/embedded systems and related areas, and has received numerous awards, including the U.S. National Science Foundation Research Initiation Award (now known as the NSF CAREER award) and the Texas Advanced Research Program Grant. He is a Senior Member of the IEEE. He has been invited to present seminars, tutorials, panel positions, and keynotes at over 80 conferences, universities, and organizations. He is and has been on the technical program committees of over 100 conferences, symposia, workshops, and editorial boards (including the IEEE Transactions on Software Engineering, 1998-2003). Dr. Cheng is the author of the new senior/graduate-level textbook entitled “Real-Time Systems: Scheduling, Analysis, and Verification” (John Wiley & Sons), 2nd printing with updates, 2005.
