Communicating Real-Time State Machines (CRSM)

• State machines that communicate synchronously

• Unique unidirectional channels are used for the communication (A. Shaw)

• Transitions are guarded commands

• All commands have execution or synchronization times associated with them

RT System Representation

• A real-time system is represented as a finite set of state machines, one of which represents the environment

• Machines communicate synchronously and instantaneously over unidirectional channels that connect pairs of machines

• A global description of the system consists of the set of machines and the channels.

Transitions

• Each transition is described by a guarded command:

< guard > < command [time_constraint] >

The guard is a boolean expression

A Command

• an input or output command

• an internal command

Internal Commands

• An internal command can specify – a computation, or

– a physical activity

• Examples are:

c = 0 i := i +15

Going_up (floor = 1) Open_door

Time Constraint

• The execution time for an internal command c is given by a best/worst case pair,

[ tmin(c), tmax(c) ]

• Example:

open_gate [4, 12]

Channels

• State machines communicate via channels• A channel is a direct connection between two

state machines• Channels are identified uniquely with name• Each channel has an associated event or message

type• When the message component is empty, the

channel designates a pure synchronization signal

Input/Output Commands

• An input/output can occur only if the event names (channels) of the communication match

• < chan_name > ( < message_type> ) ?< chan_name > ( < message_type > ) !

• Examples (channel instances):– Trin!– Ch_valve (4)!– Ch_valve (valve)?

Machine Communication

• The I/O times are represented by pairs of times denoting the earliest and latest times that the I/O can occur after entering a given state.

• Example:Deposit (data) ! [7, 12]

I/O

A communication between two machines is considered an I/O event

I/O Timing

• The I/O timing involves two machines: the sender and the receiver machines

• For each machine the timing constraint for the I/O defines the earliest and latest times that the communication can occur

• This times are relative to the time that the machine entered its current state

• The intersection of the sender and receiver intervals, defines the time that the actual communication is possible

I/O Timings Example

• There are two machines M1 in state U, and M2 in state X

• These two machines communicate via channel ch

M1: ch (expr) ! [ a, b ]

M2: ch (z) ? [ c, d ]

• Machine M1 entered state U at time tU

• Machine M2 entered state X at time tX

• If I/O occurs, it will happen at time:

t = max ( tU + a, tX + c)

I/O Timings (2)

• Communications occur at the earliest time

• If the intervals of the machines that attempt to communicate do not intersect, I/O is not possible

• If

( tX + c) > ( tU + b )

is communication possible?

Real-Time Clock

• Every CRSM machine has its own real-time clock

• This is another special CRSM machine that will send the current value of real-time, rt, through a clock channel to its host machine, M

• A CRSM machine in state U can execute an I/O command

Clock (x) ! [y]

RT Clock (Cont.)

• This will result in the assignment

x = rt

• The assignment will occur at relative time y relative to the time machine M entered state U

Bounded Buffer Problem

• The problem is modeled with three machines: the producer, the consumer, and the buffer

• The producer deposits data elements into the buffer

• The consumer removes data elements from the buffer

Communication Diagram of the Bounded Buffer

There are two channels:•Deposit•Remove

The Buffer Machine

The Buffer Machine (2)

• The buffer machine stores data in array Buf

• Variable in is an index of the next data element to insert into the buffer

• Variable out is an index of the next data element to remove from the buffer

• Variable full is a counter of the number of data elements in the buffer

Transitions in the Buffer

• The buffer starts in state Bo; it initializes its variables and transitions to state B1 taking a minimum of 2 and maximum of 3 time units

• In state B1, if the buffer is not full, it attempts to get data from channel Deposit ; then transitions to state B2.

• In state B2, the machine transitions to state B1; increments variables in and full. This takes a minimum of 4 and a maximum of 8 time units

Transitions in the Buffer (2)

• In state B1, if the buffer is not empty, it attempts to send data through channel Remove; then transitions to state B3.

• In state B3, it updates its variables and transitions to state B1.

Producer Machine

Consumer Machine

Timing Question

If the following timings are present:

• Producer enters state P1 at time 1000

• Consumer enters state C1 at time 1005

• Buffer enters state B1 at time 1004

1.When do communications occur?

2.In what order?

Errors in Book

• The book has an error in the Buffer diagram, page 53.

• The book has another error in second paragraph, second line, of the section Real-Time Bounded Buffer Revisited.

Train Gate System

• A one-directional railway track crosses a road• A gate at the crossing is lowered or raised under

computer control• A short distance from the crossing a sensor

(entry sensor) detects approaching trains• A short distance from the crossing a sensor (exit

sensor) detects trains leaving the area.

Physical Requirements

• The gate must be closed whenever there are trains in the area (Safety property)

• The gate must be kept open when there are no trains in the area (Progress or liveness property)

Timing Requirements

• The arriving trains have an average inter-arrival interval, a

• The gate takes z time units to close (or open).

• Some of the communication include a time delay

Train Control

• A physical safety requirement of the system is that the gate is closed whenever there are trains in the area

• The physical liveness requirement is to keep the gate open if there are no trains in the area

• The controller C controls the gate with the openg (og) and closeg (cg) commands.

Timeouts

• Activity timeouts

• Communications timeout

Activity Timeouts

• The Gate takes a maximum of z time units to close or to open

• The controller process normally waits for the Gate to open or close

• If the Gate takes longer than the maximum allocated time, the controller flags a timeout for the gate and triggers an alarm

Communication Timeouts

• The real-time systems uses synchronous communications

• In the normal case, one of the processes, either the sender or the receiver, will wait for the other to establish the communication

• A communication timer object will interrupt a process attempting to communicate, on timeout.

Train Gate SystemCommunication Diagram

Entry Sensor

Exit Sensor

Monitor (v1)

Monitor (v2)

Controller (v1)

Controller (v2)

Gate

Simulation Outputs

• Trace of events

• Performance measures– Number of trains serviced– Worst reaction time– Worst response time– Number of deadlines missed:

• Gate opening/closing

• Communication timeouts