l 1 Introduction to Embedded Systems Edward A. Lee & Sanjit A. Seshia UC Berkeley EECS 149 Spring 2012 Copyright © 2008-12, Edward A. Lee & Sanjit A. Seshia, All rights reserved Lecture 3: Modeling Modal Behavior, Part I EECS 149, UC Berkeley: 2 Example: integrator: Continuous-time signal: Continuous-time actor: Recall Actor Model of a Continuous-Time System Integrator : RR RRx : R  R, x ⇥ (R  R), x ⇥ RRl 2 EECS 149, UC Berkeley: 3 Discrete Systems Example: count the number of cars that enter and leave a parking garage: Pure signal: Discrete actor: Counter : (R  {absent, present})P (R  {absent} ⇥ N)up : R  {absent, present}P = {up, down}EECS 149, UC Berkeley: 4 Reaction Counter : (R  {absent, present})P (R  {absent} ⇥ N)P = {up, down}For any t  R where up(t) ⇥= absent or down(t) ⇥= absent theCounter reacts. It produces an output value in N andchanges its internal state.l 3 EECS 149, UC Berkeley: 5 Inputs and Outputs at a Reaction For t ⇥ R the inputs are in a setInputs =({up, down} { absent, present})and the outputs are in a setOutputs =({count} { absent} ⇤ N) ,EECS 149, UC Berkeley: 6 State Space A practical parking garage has a finite number M of spaces,so the state space for the counter isStates = {0, 1, 2, ··· , M} .l 4 EECS 149, UC Berkeley: 7 Garage Counter Finite State Machine (FSM) in Pictures Guard g  Inputs is specified using the shorthandup ⇥ ¬downwhich meansg = {{up}} .EECS 149, UC Berkeley: 8 Garage Counter Finite State Machine (FSM) in Pictures Initial statel 5 EECS 149, UC Berkeley: 9 Garage Counter Finite State Machine (FSM) in Pictures Output EECS 149, UC Berkeley: 10 Garage Counter Mathematical Model Formally: (States, Inputs, Outputs, update, initialState), where• States = {0, 1, ··· , M}• Inputs =({up, down} ⇥{ absent, present}• Outputs =({count} ⇥{ absent} ⇤ N)• update : States  Inputs ⇥ States  Outputs• initialState = 0The picture above defines the update function.l 6 EECS 149, UC Berkeley: 11 FSM Notation transition self loop state initial state EECS 149, UC Berkeley: 12 Example: Thermostat Exercise: From this picture, construct the formal mathematical model.l 7 EECS 149, UC Berkeley: 13 More Notation: Default Transitions A default transition is enabled if no non-default transition is enabled and it either has no guard or the guard evaluates to true. When is the above default transition enabled? EECS 149, UC Berkeley: 14 Example: Traffic Light Controllerl 8 EECS 149, UC Berkeley: 15 Definitions • Stuttering transition: (possibly implicit) default transition that is enabled when inputs are absent, that does not change state, and that produces absent outputs. • Receptiveness: For any input values, some transition is enabled. Our structure together with the implicit default transition ensures that our FSMs are receptive. • Determinism: In every state, for all input values, exactly one (possibly implicit) transition is enabled. EECS 149, UC Berkeley: 16 Example: Nondeterminate FSM Model of the environment for the traffic light, abstracted using nondeterminism: Formally, the update function is replaced by a function possibleUpdates : States  Inputs ⇥ 2StatesOutputsl 9 EECS 149, UC Berkeley: 17 Behaviors and Traces • FSM behavior is a sequence of (non-stuttering) steps. • A trace is the record of inputs, states, and outputs in a behavior. • A computation tree is a graphical representation of all possible traces. FSMs are suitable for formal analysis. For example, safety analysis might show that some unsafe state is not reachable. EECS 149, UC Berkeley: 18 Uses of nondeterminism 1. Modeling unknown aspects of the environment or system ¢ Such as: how the environment changes the iRobot’s orientation 2. Hiding detail in a specification of the system ¢ We will see an example of this later (see notes) Any other reasons why nondeterministic FSMs might be preferred over deterministic FSMs?l 10 EECS 149, UC Berkeley: 19 Size Matters Non-deterministic FSMs are more compact than deterministic FSMs l ND FSM à D FSM: Exponential blow-up in #states in worst case EECS 149, UC Berkeley: 20 Non-deterministic Behavior: Tree of Computations For a fixed input sequence: ¢ A deterministic system exhibits a single behavior ¢ A non-deterministic system exhibits a set of behaviors l visualized as a computation tree . . . . . . . . . . . . . . . Deterministic FSM behavior: Non-deterministic FSM behavior:l 11 EECS 149, UC Berkeley: 21 Related points What does receptiveness mean for non-deterministic state machines? Non-deterministic ≠ Probabilistic EECS 149, UC Berkeley: 22 Example from Industry: Engine Control Source: Delphi Automotive Systems (2001)l 12 EECS 149, UC Berkeley: 23 Elements of a Modal Model (FSM) Source: Delphi Automotive Systems (2001) state initial state transition input output EECS 149, UC Berkeley: 24 It is sometimes useful to even model continuous systems as FSMs by discretizing their state space. E.g.: Discretized iRobot Hill Climberl 13 EECS 149, UC Berkeley: 25 Actor Model of an FSM This model enables composition of state machines. EECS 149, UC Berkeley: 26 What we will be able to do with FSMs FSMs provide: 1. A way to represent the system for: l Mathematical analysis l So that a computer program can manipulate it 2. A way to model the environment of a system. 3. A way to represent what the system must do and must not do – its specification. 4. A way to check whether the system satisfies its specification in its operating environment.l 14 EECS 149, UC Berkeley: 27 FSM Controller for iRobot States = {init, tilt, drive} Inputs = ? Outputs = ? update = ? Any transitions missing? EECS 149, UC Berkeley: 28 FSM Controller for iRobot (version 2) Will this robot always drive uphill? (assume that it starts facing uphill) Also need to specify “else” arcs for tilt and drivel 15 EECS 149, UC Berkeley: 29 Modeling the iRobot’s environment L level=true NL45 level=false, 45o offset NL90 level=false, 90o offset Self loops on: rotate=false Is this model deterministic? EECS 149, UC Berkeley: 30 Representing a state machine 1. Pictorial notation 2. Table representing transition relation 3. Functional notation