THE ENGINEERING OF COMPLEX REAL-TIME C O M P U T E R
CONTROL SYSTEMS
edited by George W. Irwin
The Queen's University of Belfast
A Special Issue Of REAL-TIME SYSTEMS The International Journal of Time-Critical Computing Systems Volume 11, No. 3 (1996)
KLUWER ACADEMIC PUBLISHERS Boston / D o r d r e c h t / L o n d o n
REAL-TIME SYSTEMS The International Journal of Time-Critical Computing Systems
Volume 11, No. 3, September 1996
Special Issue: The Engineering of Complex Real-Time Computer Control Systems Guest Editor: George W. Irwin
Preface to the Special Issue on "The Engineering of Complex Real-time Computer Control Systems". ................ George W. lrwin BASEMENT: A Distributed Real-time Architecture for Vehicle
Applications ............................................................................................................ Hans A. Hansson, Harold W. Lawson, Mikael StrOmber~, and Sven Larsson 3 A Description Language for Engineering of Complex Real-Time Systems ...................................................................................................................... .......... Alexander D. Stoyenko, Thomas J. Marlowe, and Phillip A. Lat)lante
25
A Real-Time Self-Tuning Web Tension Regulations Scheme
................................................................ Brian T. Boulter and Zhiqiang Gao 45 Application of the Genetic Algorithm to Real-Time Active Noise Control ....................... K. S. Tang, K. F. Man, S. Kwong, C. Y. Chan, and C. Y. Chu
69
Contributing Authors ...................................................................................
83
Distributors for North America: Kluwer Academic Publishers 101 Philip Drive Assinippi Park Norwell, Massachusetts 02061 USA Distributors for all other countries: Kluwer Academic Publishers Group Distribution Centre Post Office Box 322 3300 AH Dordrecht, THE NETHERLANDS
Library of Congress Cataloging-in-Publication Data
A C.I.P. Catalogue record for this book is available from the Library of Congress.
Copyright © 1997 by Kluwer Academic Publishers All rights reserved. No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, mechanical, photocopying, recording, or otherwise, without the prior written pemqission of the publisher, Kluwer Academic Publishers, 101 Philip Drive, Assinippi Park, Norwell, Massachusetts 02061 Printed on acid-free paper.
Printed in the United States of America
Real-Time Systems, 11,221-222 (1996) © 1996 Kluwer Academic Publishers, Boston. Manufactured in The Netherlands.
Preface to the Special Issue on 'The Engineering of Complex Real-Time Computer Control Systems' GEORGE W. IRWIN
[email protected]
Control Engineering Research Group, Department of Electrical and Electronic Engineering, The Queen's University of Belfast, Belfast BT9 5AH, UK
The complexity of current computer control systems arises from the engineering requirement to integrate computers, actuators and sensors for control, signal processing and data networks, visualisation and display with the technology of the application domain. Further, real-time control systems, employing embedded and distributed computing, as compared with central supervisory computers, have the added difficulty of correct task computation to time deadlines and associated reliability specifications. The breadth of the technologies involved, combined with the range of applications which encompasses aerospace, manufacturing, robotics, environmental, chemical production, electric power generation and economic systems, for example, presents difficulties in presenting the latest research developments. For this reason it has been decided to initiate a series of Special Issues in relevant journals, one of which appeared recently [ 1]. The four papers in this Special Issue are all concerned with the common theme of complex, real-time computer control. The first paper, from Hansson, Lawson, Stromberg and Larsson, reports results from a most exciting research project sponsored under the Swedish Road Transport Informatics Programme. This is concerned with the design of BASEMENT, an architecture capable of acting as a pilot platform for future distributed real-time systems within vehicles. The holistic nature of the approach is notable, in that application development is covered along with the hardware and software support. The paper describes the real-time kernel which has been developed along with two design tools, a discrete event simulator and an offline scheduler. Considerable emphasis is placed on safety critical issues, and the authors make important observations on a broad range of related work which has appeared in the literature. Application of the BASEMENT system to the implementation of an autonomous cruise controller in a Saab automobile is described. By contrast, the next contribution lies in the realm of software engineering theory. Stoyenko, Marlowe and Laplante present a new algebraic description language (CART.Spec) for specifying complex real-time applications. An integrated multi-view methodology is proposed for the engineering of complex real-time software, although discussion is confined to two, the functional and timing views. The functional view of aprogram consists of two main components, a graph of tasks and messages together with resource expressions which describe the resource management in these tasks. The timing view in CaRT-Spec can be taken as annotations on processes, their component tasks, and the resources they use.
222
GEORGE W. IRWIN
The remaining two papers deal with applications in adaptive feedback control and in digital signal processing. An adaptive controller seeks to adjust its parameters to maintain performance in the presence of significant plant parameter variations. The paper by Boulter and Gao is motivated by the problem of tension control in a web, as might be found in paper and textile production for example. Conventional PID type control with fixed settings can provide poor regulation, when physical parameters vary with the different materials being processed. In the extreme case instability may ensue producing costly machine downtime. In an effort to reduce the computational complexity associated with conventional algorithms, and to meet the hard time constraints for real-time implementation, a new self-tuning regulator is proposed. This is based on a frequency response approach and simply requires least squares solution of a set of linear algebraic equations for the controller parameters. A SIMULINK simulation of the physical web transport system is employed to determine the feasibility of hardware implementation and to investigate the adaptive control performance. The cancellation of unwanted noise pollution by anti-phase acoustic signals is the principle behind active noise control (ANC) which is the subject of the final paper by Tang, Man, Kwong and Chang. Their approach is based on the use of parameter identification techniques for the estimation of the noise dynamics and adaptive control laws to generate the required cancellation signals. Specifically, online identification of a low-order FIR model of the acoustic dynamics by Least Mean Squares, is supplemented by Genetic Algorithm based optimisation. A hardware architecture employing two TMS320C30 processors has been developed and real-time experimental results suggest a consistent noise reduction capability of over 15db(A). Finally, as guest editor, I would like to express thanks to the authors and reviewers and hope that you, the readers of the Journal of Real-time Systems, will find that the effort has been interesting and worthwhile.
2
Real-Time Systems, 11,223-244 (1996) © 1996 Kluwer Academic Publishers, Boston. Manufactured in The Netherlands.
BASEMENT: A Distributed Real-Time Architecture for Vehicle Applications HANS A. HANSSON
[email protected] Institutionenf6r datorteknik, Uppsala universitet, P.O.Box 325, S-751 05, Uppsala, Sweden HAROLD W. LAWSON Lawson FOrlag & Konsult AB, Bj6rnviigen 7, S-181 33 Liding6, Sweden
[email protected]
MIKAEL STR()MBERG Mecel AB, Chalmers teknikpark, S-412 88 G6teborg
Mikael.Stromberg @mecel.se
SVEN LARSSON Mecel AB, Chalmers teknikpark, S-412 88 G6teborg
[email protected]
Abstract. This paper presents BASEMENTTM,a distributed real-time architecture developed for vehicle intemal use in the automotive industry. The Basement concept is holistic, in the sense that it covers application development, as well as the hardware and software that provide execution and communication support. The key constituents of the concept are •
resource sharing (multiplexing) of processing and communication resources
•
a guaranteed real-time service for safety critical applications
•
a best-effort service for non-safety critical applications
•
a communication infrastructure providing efficient communication between distributed devices
•
a program development methodology allowing resource independent and application oriented development of application software.
A real-time kernel has been developed together with two design tools: a system simulator and an off-line scheduler. System development is illustrated by presenting an Intelligent Cruise Control application. BASEMENT is a registered trademark of Mecel AB.
Keywords: Distributed Real-Time System, Automotive Applications, Software Development, Real-Time Kemel, Scheduling, Simulation
1.
Introduction and R e q u i r e m e n t s
B a s e m e n t is a v e h i c l e i n t e r n a l r e a l - t i m e a r c h i t e c t u r e d e v e l o p e d in t h e V e h i c l e I n t e r n a l A r c h i t e c t u r e ( V I A ) project, w i t h i n the S w e d i s h R o a d T r a n s p o r t I n f o r m a t i c s P r o g r a m m e . T h e o b j e c t i v e h a s b e e n to d e s i g n a p l a t f o r m t h a t m e e t s the s t r i n g e n t d e m a n d s o f the a u t o m o t i v e industry. B a s e m e n t is a p i l o t for future v e h i c l e internal d i s t r i b u t e d r e a l - t i m e s y s t e m s . A s such, it is r e q u i r e d to p r o v i d e •
A communication infrastructure, allowing cost-effective communication between physically d i s t r i b u t e d units.
224
HANSSON, LAWSON, STROMBERG, AND LARSSON
An execution platform for application software, providing guaranteed services for safety critical applications, while giving acceptable response times for non safety critical applications. Resource sharing, i.e. permitting multiple vehicle internal applications to efficiently share (multiplex) communication infrastructure as well as computing resources (pro-
cessors). A priori predictability for safety critical applications, i.e. it should be possible to determine off-line (before runtime) if sufficient resources are available to guarantee required behaviour. •
Reliability, i.e. the probability of a system failure should be very low (in the range of 10 -8 faults/hour/car).
•
Facilities for communication with vehicle external equipment. Open interfaces, i.e. the interfaces, connectors, and communication protocols should be precisely defined. This is to allow different vendors to develop compatible equipment, and to facilitate the integration of components from different vendors in one system. An application development environment and methodology, providing engineers with an application oriented interface, as well as tools for efficient development and integration of applications.
•
An architecture which allows large product series to be implemented at a very low cost. Simplicity, both in terms of minimal run-time overhead (i.e. minimal amount of nonproductive code), and in terms of a simple and intuitive method for application development. This simplicity facilitates validation and formal proof of correctness.
This paper is based on the collective efforts of the Basement design team, with members from the following organizations: Mecel AB, Arcticus Systems AB, Swedish Institute of Computer Science, Lawson F6rlag & Konsult AB, Chalmers University of Technology (Dept. of Computer Engineering), and Uppsala University (Dept. of Computer Systems). Section 2 provides an overview of the Basement concept. Section 3 describes the hardware structure. Section 4 presents the software architecture, and Section 5 the software development methodology. Section 6 introduces the principles of operation. Section 7 introduces an operating system kernel, while Section 8 describes an off-line scheduling tool and a system simulator. Section 9: a Basement system realization and its application presents an Autonomous Intelligent Cruise Controller. Finally, in Section 10 some design decisions are discussed and background and related work reviewed. 2.
The Holistic View
The Basement concept provides a holistic view of developing automotive applications, in the sense that not only the execution--but also the development---of application software 4
BASEMENT: DISTRIBUTEDREAL-TIME ARCHITECTUREFOR VEHICLE APPLICATIONS 225
', Predefined components i (software circuits) !
Constraints ! I I I
I I
Resource information !
V
Abstract Behaviour
Concrete Behaviour
Target System
Figure 1. Behaviour--mapping--resources.
is considered. The structure and behaviour of application software can be described at a rather high level of abstraction. Such descriptions are independent of the actual hardware on which it will be executed. Tools are provided for mapping abstract descriptions to a particular Basement system (the resources). The design of applications is based on a hardware metaphor, in that software is built from a set of predefined (or user-defined) software components, which in analogy with hardware circuits are termed Software Circuits. The main motivation for using such a metaphor is that it allows a structuring of the software which is conceptually close to hardware design, and thus it will be familiar to engineers in the automotive industry. Also, the simple structure increases provability and improves human-to-human communication concerning designs. Figure 1 presents an idealised view of the design process. The development of application software starts by defining its abstract behaviour, which essentially amounts to building a network of software circuits. No information about timing and location is included in the abstract behaviour. Such information is provided in the subsequent phases: adding timing and other constraints yields the concrete behaviour. Resource information provided to the mapping tool describes the target system and indicates location constraints (e.g. that a particular software circuit must execute on a particular node). Based on the concrete behaviour and this information, the mapping tool generates code to be executed on the various nodes.
3.
The Hardware Architecture
A Basement system consists of a set of nodes interconnected with a communication network, as depicted in Figure 2. A node can be viewed as a computer (processor+main memory) with a network interface and a set of input/output devices (sensors and actuators) allowing interactions with the "physical process" (the vehicle). The communication network is required to be deterministic, i.e. it should provide error free transmission of data with bounded and predictable delays. The communication network also provides facilities for communication with vehicle external equipment and networks. It should be noted that Figure 2 illustrates an abstract architecture, in the sense that an
226
HANSSON, LAWSON, STROMBERG, AND LARSSON
serLvors/actuators
\I
sensors/actuators
"/
\I
"/
sensors/actuators
\I
"/
I o el..q o el..q o l
.............. ................................ I ................................ I ............ Communication Network
:'~
Gateway~
Figure 2. The hardware structure.
actual system realization might be more complex. For instance, due to reliability requirements, each node might contain several redundant processors and there might be redundant networks.
4.
The Software Architecture
Automotive applications are either safety-criticalor non safety-critical,e.g. braking is a safety-critical application whereas climate control is considered to be non safety-critical. Safety-critical real-time applications have stringent timing constraints (deadlines) that must be fulfilled under all circumstances. Also for non safety-critical applications there are usually timing constraints, but these constraints are less strict, and a failure to meet such a constraint will not result in a hazardous situation (potentially leading to an accident). The terms hard and soft real-time applications are often used to denote safety-critical and non safety-critical applications, respectively. Applications are implemented by processes (tasks) which contain program logic in the form of software circuits. In analogy with applications, a process is characterised as either being hard or soft depending on whether its timing constraints are stringent or not. A soft real-time application is implemented by one or more soft real-time processes, whereas a hard-real time application is implemented by at least one hard real-time processes, possibly together with some additional soft and/or hard processes. The basis for the software architecture is the fundamental difference between hard and soft processes. The colour RED is associated to hard processes, and BLUE to soft processes. A RED and a BLUE service is provided. A single process, as well as the set of processes handling a particular application, may be distributed over several nodes. There is a strict separation between RED and BLUE processes (see Figure 3). Since both type of processes use the same network, there is a shared communicationservice. To prevent the BLUE processes from interfering with RED network accesses, and thus violating the strict requirements on RED processes, the communicationservicereserves a certain amount of network accesses for RED processes. 6
BASEMENT: DISTRIBUTEDREAL-TIME ARCHITECTUREFOR VEHICLE APPLICATIONS 227
Red Processes
0
O O O
Blue Processes
0 O
O
®
R E D Runtime Service
0
O
B L U E Runtime Service
O
C o m m u n i c a t i o n Service
0
,
O
O
Sensor/Actuator Access
...............................
l ......................
--
•
O
....
Figure 3. Softwarestructurein one node.
The Sensor~Actuator access module provides functions for accessing the physical sensors and actuators attached to the node. Processes may share sensors, but actuators cannot be shared, i.e. several processes may read the value of a sensor, but only one process has the exclusive right to write a value to a physical actuator. The RED Runtime Service provides RED processes with sufficient execution support to guarantee that their deadlines are always met. The BLUE Runtime Service allows BLUE processes to efficiently share the remaining resources. That is, the BLUE subsystem only has to its disposal the resources (e.g. processing power and network accesses) which are not needed by RED processes.
5.
Software Development
The software development methodology is an important aspect of the concept, since it prescribes a way of developing application software for Basement systems. The methodology is based on developing sets of interconnected Software Circuits (SCs). Each SC has a set of input connectors where data is received, and a set of output connectors where data is produced (see Figure 4(a)). Communication between two or more SCs is achieved via connectors, as illustrated in Figure 4(b). Connectors are holding places for sensor and actuator values. The execution of a software circuit is enabled when appropriate data is available at all input connectors, at which time the circuit can perform its processing and produces data at the output connectors. Conceptually, the operation of a SC is partitioned into the three phases: 1. Read data from input connectors; this is an atomic operation in the sense that exactly the data present in the input connectors when the reading starts will be read.
HANSSON,LAWSON,STROMBERG,AND LARSSON
228
0
Connector
~
Software ~ Circuit
Software Circuit
Software Circuit
(a)
(b)
Figure 4. (a) A softwarecircuitand its connectors.(b) Communicationvia connectors.
Composed Software Circuit ~
. SCY ~
S
,
C
W
Figure 5. A composedsoftwarecircuit.
A Sensor
"l An Actuator
A logical sensor A Sensor ~ A logical actuator "l Transformation ~
| Transformation I An Actuator I
I
Figure 6. Sensorsandactuators.
. Perform processing. During this phase the SC cannot interact with its environment, i.e. the results can only be based on data read during phase 1, and possibly some local data contained in the SC. 3. Write data to output connectors. Software circuits can be combined to form larger software circuits, as illustrated in Figure 5. Sensors are represented by SCs without input connectors and actuators are represented by SCs without output connectors, as illustrated in Figure 6. The figure also illustrates how to define SCs that filter the values of actual sensors and actuators. Such logical sensors and actuators are useful components in application development.
BASEMENT: DISTRIBUTED REAL-TIME ARCHITECTURE FOR VEHICLE APPLICATIONS 229
Process P
P
r
~
-
J. . . . . . . . . . . . . . . . .
~
~
Actuator l ]
. . . . . . . . . . . . . . . . . . . . . . .
[<0.5ms] - f,~oc-~-~V~ .....
"7" ..........................
(a)
i
(b)
Figure 7. A process (a). Two communicatingprocesses (b). An input connector of a software circuit may either be •
direct, meaning that the arrival of data will enable reception, or
•
constrained, meaning that reception is enabled if a specified constraint is satisfied, e.g. that the connector data arrived less than 2ms ago or the empty constraint [ ] which is always satisfied.
A connector must be the output connector of exactly one SC, but can be an input connector to one or more SCs. Acyclic networks of interconnected SCs are used to program the behaviour of RED and BLUE processes, as illustrated in Figure 7 (a). Figure 7 (b) illustrates how a constrained input connector can be used for interprocess communication. Processes are either periodic or aperiodic. A periodic process is invoked regularly at fixed points in time, whereas aperiodic processes are event driven and invoked only when a particular event (or set of events) occur. The timing requirements for a periodic process are typically expressed in terms of T
a required period, expressing the time between subsequent activations of the process,
R
a release time, defining when in the period the process can be activated, and
D
a deadline, denoting the time in a period when the operations must be completed.
For an aperiodic process there is typically only a response time requirement, i.e. a requirement on the delay from the time a request for service is made to the time when that request should be serviced. A RED processes must be periodic, whereas BLUE processes may be either periodic or aperiodic. Figure 8 shows how a periodic process composed of two software circuits can be organised. A detailed description of the Software Methodology is provided in (Lawson, 1994). Central properties of the Methodology include: 1. The treatment of Software Circuits as transforms between Connectors which hold Sensor and Actuator signals.
As a result, the abstract structure and behaviour is viewed as a signal flow graph where the execution of transforms is either time driven (RED) or event driven (BLUE). Due to the 9
230
HANSSON,
{b e r i o ~ t i c
,[ ,i
SCI
process-13---
LAWSON,
STROMBERG,
rF=-5-ms - - - R=-l-n~s - - - l ~ = 3 m s
AND LARSSON
-
SC2
i. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
.1
Figure 8. P e r i o d i c p r o c e s s e s E
simplicity of the time and event driven approaches that are employed, complex communication and synchronization mechanisms are not required. The same abstract descriptions suffice for both RED and BLUE. For RED software circuits, a static schedule guarantees the execution order of the software circuits where produced signals are known to be available prior to their consumption. BLUE software circuits are typically initiated on an event driven basis including the receipt of new external signals as well as the internal production of a new Connector signals that trigger the execution of software circuit component logic. Software circuits are built from concrete behaviours developed via a restricted sequential programming style, in which simple (pre-)Programmed OPerations (POPs) are utilised. POPs are the simplest form of software circuits. More complex SCs can, as illustrated in Figure 5, be built from POPs. 2. Processes composed of software circuits can be organised according to a hierarchy of levels. Higher level processes consider lower level processes as machines that they can observe and regulate (via sensor and actuators). A useful level structuring is composed of the following: STRATEGIC CONTROL PRIMARY CONTROL INTERFACE AND CONDITIONING TERMINATOR Terminator Level The physical level composed of hardware sensors and actuators.
Interface and Conditioning For sensors, the programmed behaviours at this level provide processing logic to transform signals into processable quantities including A to D conversions. For actuators, the programmed behaviours transform digital values into actuation signals including D to A conversions. 10
BASEMENT:DISTRIBUTEDREAL-TIMEARCHITECTUREFOR VEHICLEAPPLICATIONS 231
Primary Control Programmed behaviours for fundamental control loops. The control loops provide both active (continuous sampled) and passive (on demand event-based) regulation. Primary control functions (SCs) always process logical sensor and actuator values.
Strategic Control Utilises connector information (logical sensors and actuators) to observe and regulate lower level processes. Provides strategic higher level functions including monitoring, fault detection, fault isolation, fault tolerance measures, adaptive control (including fuzzy and artificial neural net based). A strategic level control elicits changes in the lower levels via access to logical sensors and/or actuators. All applications involve the utilization of the layers up to and including Primary Control. Some applications will also employ strategic control levels.
3. Component structure is attained via the use of standard "Connectors" which are used as holding places ("latches") for signals. Various partitionings of Software Circuits reflecting the various levels of process (machine) control and various granularities (coarse grain, down to fine grain) can be employed in order to accommodate definition and utilization of standard components and/or the development of or delivery of components from suppliers. A component structure which reflects the usage of connectors and the levels of observable machines is illustrated in Figure 9. Note that the SCs may be predefined and available in a component library. Figure 9 shows the design of a simple braking system. The system is partitioned into two processes: one implementing the primary control and lower levels, and the other implementing the strategic control. Both processes are periodic; the former with a 10ms period, and the latter with a 300ms period. The processes communicate via constrained connectors: the adaptive control circuit in the strategic control process requires fresh measurements of speed, temperature and brake pressure to calculate an adjusted brake pressure which is used by the safety guard circuit in the primary control process. Note also how the safety guard circuit is inputting the disc pressure from the previous period; expressed by its constrained input from the disc pressure connector1. The software methodology is a key constituent of Basement. It provides a straightforward means of viewing the functions to be provided as an advanced form of signal processing. Consequently, the complexities introduced by more general purpose software methodologies are avoided. The hypothesis is that this minimal, but sufficient, methodology approach will yield increased understanding, provide a basis for verifiable solutions (even formally), and lead to efficient implementations which minimise the usage of non-productive code (for the application and system software). 11
HANSSON, LAWSON, STROMBERG, AND LARSSON
232
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
I
T=300ms R= Ores
STRATEGIC CONTROL SPEED--
TEMPERATURE--
ADAPTIVE~-'~ g~AKE t[ CONTROLI (PRESSURE J I
[
. . . . . . . . . . . . . . . . . . . . . . . . . . . . .
[
I
[/ ]
I
~
[TRANSFORM SCALING~ J"]PRESSURE BRAKE:~ I
SAFETY GUARD
I
T=10ms R= 0ms
Eli 1 PE AL
(DISC PRESSURE)
, INTERFACE and CONDITIONING
AtoD CONVERSION - - - -
TERMINATOR
BRAKE PEDAL
~ D to A CONVERSION [
~ i DiSC
I BRAKE
[" * ] ] [ D to A [ CONVERSION I
RIG~HT BRAKE I DISC I
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Figure 9.
6.
Partitioningto multiplecomponents.
Principles of Operation
There is, as illustrated in Section 4, a clear separation between RED and BLUE subsystems, e.g. RED and BLUE processes can only interact via logical sensors/actuators. The handling of processes in the two subsystems is independent, as will be further explained in this section.
6.1. The RED Subsystem The RED subsystem is based on the cyclic, off-line, scheduling paradigm. In this paradigm, a fixed schedule (statically defining the sharing of resources at run-time) is calculated offline. That is, information about requirements and demands (e.g. the CPU time needed for performing processing) are fed into a tool which generates static schedules; one for each node. These schedules define the execution order of processes at run-time. The 12
BASEMENT: DISTRIBUTED REAL-TIME ARCHITECTURE FOR VEHICLE APPLICATIONS
i~
ST
233
-i
Figure 10. Network scheduling.
generation of static schedules requires the scheduled processes to be periodic. That is, the RED subsystem is tailored for handling periodic safety critical processes. The length of the generated schedules is denoted the systolic base time (ST), since it defines a base frequency of a system. It is the task of the RED runtime schedulers (one in each node) to guarantee that the off-line generated schedules are followed. Since the run-time schedulers are time driven by different clocks, the precision of the clocks must be taken into account in the off-line scheduling, and a clock synchronization algorithm must be used at run-time. The Basement concept does not prescribe or preclude any particular clock synchronization algorithm, but it requires a known upper bound for the maximal difference between local clocks.
Modes and Mode-shifts Above it is assumed that all RED processes are continuously operating at fixed frequencies during the execution of the system. This might be suitable for some applications, but many applications are characterised by a set of distinct operational modes with different requirements on the processes to execute, as well as their frequencies. For instance, in the automotive environment modes can include Cold, Startup, Idling, Moving, Emergency, Fault, and Diagnosis. For each mode, the set of active processes and their frequencies must be defined. A separate static schedule is then generated for each mode, and facilities for dynamically moving from one mode to another (a mode-shift) are provided.
6.2.
The Network
The communication service is Time Division Multiplexed. Figure 10 illustrates that in the scheduling of the network a set of (n) communication slots are statically allocated in each ST, a slot being the unit of network scheduling in which one node is given the exclusive right to send one RED message 2. Note that the slots may be placed anywhere in the ST, as long as they are non-overlapping. The off-line scheduler statically assigns slots to particular nodes. Communication time not allocated by the off-line scheduler is available for BLUE communication. 13
234
HANSSON, LAWSON, STROMBERG, AND LARSSON
I,. . . . . .BLUE_P ............
RED P SC_A
~
I .
.
.
.
•
N~.~ .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
~
,,B, ~I ,
I I-~-~:~:r-
I _~ N I. .I. . . . . . . . . . . . . .
I
t
Figure 11. BLUE-RED processes interaction.
6.3.
The B L U E Subsystem
The BLUE subsystem is intended for processes that are "less safety critical" than RED processes. Consequently, the resources available to the BLUE subsystem are those remaining after (the static) allocation of resources to the RED subsystem. In contrast with the time driven operation of the RED subsystem, the BLUE subsystem is event driven, meaning that BLUE processes are activated in response to the occurrence of events. On each node handling BLUE processes, a preemptive priority driven scheduler is used for scheduling the BLUE processes. The Basement concept does not prescribe or preclude any particular method for assigning priorities to BLUE processes, i.e., both dynamic priority assignments (e.g. Earliest Deadline First (EDF)) and static assignments (e.g. Rate or Deadline Monotonic assignments) are possible. To employ the hardware metaphor as a programming style, BLUE software circuits also use connectors as holding places for sensor/actuator values. However, to allow reuse of existing software the use of semaphores and queued message passing is allowed, though not recommended. BLUE and RED processes can interact via shared connectors, as illustrated in Figure 11. The process RED_P in Figure 11 writes values in the connector A. The event of entering a new value in A will trigger the release of the BLUE process BLUE_P, which calculates a new value for the connector B. Note that B must be a constrained input connector to RED_P, since it otherwise would be possible for BLUE_P to prevent RED_P from executing SC_A. A BLUE process is either periodic or aperiodic, whereas RED processes are all periodic. There is no guarantee that deadlines of BLUE processes are met, though it might in some cases be possible to evaluate the schedulability of BLUE processes (using e.g. fixed priority scheduling theory (Audsley, Burns and Wellings, 1983)).
7.
A Basement Kernel
Within the VIA project, Arcticus Systems AB has developed a real-time kernel (Eriksson, Lawson, and Lundb~ick, 1995) combining time driven execution, as required by the RED subsystem, with event driven execution, as required by the BLUE subsystem. The objectives when developing this kernel were: •
14
Modular design, to support small single CPU configurations, as well as distributed systems where support for clock synchronization and network communication is needed.
BASEMENT: DISTRIBUTEDREAL-TIME ARCHITECTUREFOR VEHICLE APPLICATIONS 235
RED
Time
Interrupt
dispatcher
manager
manager
Error
BLUE
manager dispatcher
Run-time
Synchron-
scheduler
isation
Hardware Adaptation Layer Hardware
Figure 12. The structure of the kernel.
•
To support application development in C.
•
To support the execution of off-line scheduled (RED) processes.
•
To support the execution of event driven (BLUE) processes.
•
To guarantee the behavi0ur of RED processes, while allowing execution of BLUE processes.
•
To allow RED only, BLUE only, and mixed configurations.
•
To handle interrupts (while guaranteeing the behaviour of RED processes).
•
To make the kernel easy to port to different micro controllers.
The structure of the resulting kernel is illustrated in Figure 12. The RED dispatcher executes processes according to an off-line generated schedule, while the BLUE dispatcher is controlled by a run-time scheduler; currently using fixed priority scheduling and priority inheritance. The time available for execution of BLUE processes is the time not used by RED processes (or the kernel). The interrupt manager dispatches interrupts and keeps track of the number of interrupts, to prevent pre-defined limits to be exceeded. The error manager supports logging and invocation of error handlers. The synchronization manager handles messages and semaphores. 8.
Design Tools
To make Basement useful for development of real applications, application development tools are needed. Figure 13 presents an application development environment with the following components: •
A n E d i t o r for programming of software circuits and processes, as well as for describing
target system configurations. •
A D a t a b a s e in which pre-defined and user-defined components and designs are stored.
•
A Timing A n a l y s i s Tool for analysis of the execution time of the different software
circuits for the types of nodes on which they may execute. 15
HANSSON, LAWSON, STROMBERG, ANDLARSSON
236
[ Edit°___fr~
~
C°mpiler~Nk~
[ Database of [
[
Timinganalysis] . S°ftwar:nCircuitsL
tool ;
i
~ S y s t e ~ ~
I Simolatortoo, ! Figure 13.
|
:tSchedul'"gt°°']
Targetsystem
Anapplication development environment.
•
A Compiler for translating source code to object code, and for parsing the process definitions.
•
An off-scheduler, generating a static schedule for each target system node executing RED processes.
•
A System Simulator, allowing controlled execution of Basement software, as well as evaluation of different hardware configurations. The simulator executes the same code and uses the same schedules as real target systems.
Additional tools, not shown in Figure 13, include configuration tools and debuggers. In the following two sections we will describe the system simulator and off-line scheduler developed within the Vehicle Internal Architecture project.
8.1.
The System Simulator
The System Simulator (Emanuelsson, Sj6din, 1994) is a discrete event simulator in which application software can be simulated on a specified system configuration. The interactions with the system environment, e.g. the car and its driver, are handled by an environment simulator. The main components of the simulator tool and their interconnections are depicted in Figure 14. •
The simulator controller contains the core of the simulator, with functionality for running the simulator and gathering information about the simulated system. The kernel is a separate module in the simulator controller. It is a slightly modified version of the kernel described in Section 7.
•
The graphical user interface provides means for observing the simulation, as well as giving commands to the simulator.
16
BASEMENT:DISTRIBUTEDREAL-TIMEARCHITECTUREFORVEHICLEAPPLICATIONS 237
/I
IGrapthiraf/:eer Simulator controller Environment simulator
Figure 14.
] J
Applications
~ "~
Hardware models
Themaincomponentsofthesimulator.
The hardware models define the relevant behaviour of the hardware components. Currently; it includes CAN controllers, a CAN communication bus, and CPU clocks for different nodes. •
The applications module contains the code produced by the applications compiler (see Figure 13), together with estimated execution times. The environment simulator provides sensor values and accepts actuator values. It can be a complex (continuous and/or discrete) model of the vehicle and its environment, or it can simply request the user to input sensor values.
The simulator is implemented in C++, using the C++SIM package (Little and McCue) from University of Newcastle. The graphical user interface is developed with TeleUSE.
8.2. The Off-Line Scheduler The off-line scheduling tool (Larsson, 1994) is vital for development of applications, since it automatically performs the tedious task of mapping a set of process graphs onto a particular target system. Manual generation of schedules would (at least for realistically sized systems) introduce an unnecessary risk of errors. The scheduling tool accepts as input process graphs of the RED processes to be scheduled (see Figure 7) and a target system description (including execution times for the involved software circuits on the different nodes), and produces as output one schedule for each node executing RED processes. The schedules define the activation times for SCs. Activation of SCs at run-time according to the schedules will guarantee that the requirements defined by the process graphs will be met. The tool handles the following types of constraints/requirements on the execution of software circuits: •
Allocation, i.e. the tool decides (if not specified) on which node a particular instance of a SC should execute.
•
Precedence, i.e. requirements on the execution order of software circuits. 17
238
HANSSON,LAWSON,STROMBERG,AND LARSSON
Communication, i.e. the tool introduces and schedules (where appropriate) communication handling routines, considering that sending, transmitting and receiving messages take time. •
Minimum and maximum release times, i.e. requirements on the earliest and latest time for activating a software circuit.
•
Deadlines, i.e. requirements on the completion of software circuits.
•
Periods, i.e. the activation interval of processes.
•
Freshness, i.e. requirements on the age of data, e.g. that the value read from a sensor must not be older 10ms.
•
The tool considers that the execution of a SC may be different on different nodes.
•
The tool considers that some SCs may only be available on certain nodes.
The off-line scheduler is implemented in C++. The algorithm used consists of two parts: (1) node allocation, i.e. allocation of software circuits to system nodes, and (2) scheduling of software circuits. Our scheduler differs from other off-line schedulers (e.g. Eriksson, 1994; Eriksson, Lawson, and Lundback, 1995; Hou, Ansari, and Ren, 1994; Xu, 1993; Shepard and Gagn6, 1991; Schlatterbeck, 1992 and Fohler and Koza, 1990) in that it handles (somewhat) different requirements. It does not, as (Hou, Ansari, and Ren, 1994) and (Xu, 1993) assume that all nodes in the system are identical; it does not as (Shepard and Gagn6, 1991) require software circuits to be statically allocated to nodes; it does not as most algorithms assume that communication takes zero time; it does not as (Fohler, 1994) assume that the ticklength is the same for all nodes in the system. Furthermore, our algorithm does not use heuristic search methods to find a schedule, instead it uses (heuristic) estimations and decisions that (seem to) make the backtracking unnecessary. One benefit of this is that the execution time can be estimated in advance; in fact the execution time of the tool is O(r3), where r is the number of scheduled software circuits. However, as might be expected, the tool does not guarantee that a schedule will be found in all cases when a schedule exists.
9.
An Intelligent Cruise Controller
This section provides an example of a Basement system used for implementing an Autonomous Intelligent Cruise Controller (AICC). The AICC system can receive information from road signs and adapt the speed of the vehicle to automatically follow speed limits. Also, with a vehicle in front cruising at lower speed the AICC adapts the speed and maintains safe distance. The AICC can also receive information from the roadside (e.g. from traffic lights) to calculate a speed profile which will reduce emission by avoiding stop and go at traffic lights (a "green wave" function). The AICC system described in this section is installed in a Saab automobile, which was one of several AICC cars demonstrated at the Prometheus Board Member Meeting in Paris October 18-20, 1994. The system is implemented on a distributed micro-computer 18
BASEMENT: DISTRIBUTEDREAL-TIMEARCHITECTUREFOR VEHICLE APPLICATIONS 239
~ Throttle speed brake ~ R .~'~ |Communication/ l Transponderj
Cruise Control (" ~ ~ t~ "~ ........... in~imment] fSystemControll [Maln ........
[
(BLUE) J
I
~(RED/BLUE)J
I
CAN-bus
I
I
I
Figure 15. The architectureof the AICCsystem.
platform following the Basement concept. Figure 15 presents the system architecture. The micro-controller nodes are connected through a Controller Area Network (CAN)-bus. CAN (Road Vehicles, 1992) is a real-time communication bus developed by Bosch for use in automotive systems. The communication protocols used in our system incorporate a synchronization algorithm to allow the nodes marked RED and RED/BLUE to synchronously execute their off-line generated schedules. Some of the used actuator/sensor nodes are not equipped with CAN interfaces, and are therefore connected to the CAN-bus through gateways. This was a convenient way to obtain a flexible system that enabled rapid prototyping of the AICC system. All nodes in Figure 15 except the System Control Unit node are mainly sensor/actuator nodes responsible for primary control of the actuators and filtering of sensor values. The Electronic Servo Throttle node maintains the desired speed and acceleration provided by the System Control Unit. The Electronic Brake node supplies the System Control Unit with speed and acceleration information (in a future implementation it will also be responsible for desired deceleration). The Distance Sensor detects and measures the distance and relative speed of vehicles in front. The SRC transponder communicates with roadside beacons to obtain information about speed limits and traffic lights. The Main Instrument Controller supplies the System Control Unit with commands from the driver, as well as presenting selected information on the main instrument. The System Control Unit handles the strategic control of the AICC system. It receives information from the other nodes, and calculates (at predetermined times in the schedule) the Electronic Servo Throttle acceleration setpoint and the information to be presented to the driver. It is also responsible for supervision and failure detection. Figure 16 shows a simplified model of the software circuits used in the design of the AICC system (note that, connectors are omitted to simplify the drawing). The BLUE SRC process polls the SRC transponder every 200ms. This is fast enough considering the response times that are required for the type of information received. The RED ICC Regulator process calculates the desired acceleration setpoints based on current and future speed limits, distance to vehicle in front, and green wave driving (if traffic light information has been received). The calculated setpoints are presented to the Final control process, which decides with which value the EST should be actuated. Since the EST is a BLUE 19
HANSSON, LAWSON, STRC3MBERG,AND LARSSON
240
............. T=200ms
:N-i66~-~ ..............................
Traffic light info --
P~eh~ing I ~1
I
~1 ~,;,~,~1 r+l
I limit r s~s~drL ', info -: (SRC) "SRC %11
• ~
_. . . . ICC Regulator
i
Figure 16.
~ ~ control [ ~ ~
~
' ". . . . . . . . . . . . .
.
.
.
.
'
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
~ ~pmeetdL__A
I ...... I
[control I
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
:................ T=50ms ~, '-............ [ t-~ Coordination [', [--'~Fi&~nal,iontrol~,,'l :,~ A~ESaT~r }-F~ --~-~- ! ....... tl (I '-. .EST ...........
1: ,/[1. ', Cruise ~--i .e Cruls I switches info ]! : IMainlnstr. . : Controller)[7manltrolI-l(Ma'n!nstr"
i: ! .i
I/ I I I [~ontrouer) I :Supervisor T=100ms ~.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
Softwarecircuitmodelof the AICCsystem.
process executing on a BLUE only node not synchronised with the rest of the system it requires higher rate of parameter updates. The Supervisor process decides the overall ICC strategy based on driver requirements. It also monitors the AICC system and sends relevant information to the Main instrument controller for presentation to the driver. The AICC system described above follows the Basement concept. It is based on a previous implementation not following the new concept. From our experiences of the two AICC system implementations, we conclude that there are definite advantages of using Basement. Some of the reasons for this are that the synchronization provided by Basement decreased the communication bandwidth requirements, since the delays in the regulator loops are under precise control and since the synchronization makes over sampling unnecessary, and •
10.
that the understandability of the system behaviour has increased, due to the clear and well defined precedence relations between different processes and software circuits.
Motivation and Related Work
One of the major overriding considerations in the development of Basement has been the question of safety. Vehicle manufacturers must place this high on the requirements list. When safety critical computer-based systems are to be produced, specific properties of the system and surrounding engineering process activities must be scrutinised in detail. There are a large number of known and buried risks in all aspects of the underlying engineering activities and in their interrelationships. Consequently, risk analysis, reduction and minimization of all aspects are vital. As an important step towards risk minimization, a holistic view has been taken. The need for a holistic philosophy, as well as the impact of not having such a philosophy has been described by Lawson (1990, 1992d). In respect to the holistic view, risk reduction and minimization in computer-based systems is accomplished by a combination of various means. Via robust architectures and 20
BASEMENT: DISTRIBUTEDREAL-TIMEARCHITECTUREFOR VEHICLEAPPLICATIONS 241
design, via verifiable specifications, via thorough hazard analysis and hazard elimination, via the incorporation of safety mechanisms in software and hardware, via a well controlled engineering processes, via quality control measures, via qualified personnel selection, via control of methods and tools, to name the more prominent. It is important to observe that not only the product, but also the means of developing and supporting the product must be minimised in respect to risk. Concerning Methods and Tools for safety critical systems, Lawson (1995) has indicated the following: "Ideally, a safety critical system should be developed with a small set of well proven and well supported methods and tools that only provide the analysis and design facilities and construction mechanisms required for the safety critical Embedded Control System product (no more, no less). The risks associated with varying from this ideal position must be critically analyzed" It is our contention that the approach taken in Basement leads to a requirement for a small set of well focused methods and tools while satisfying the safety requirements as well as the various other requirements such as cost-effectiveness and short lead times. We also claim that the supporting real-time kernel, due to the straight forward application development mechanisms employed, can be minimised thus leading to a more robust and manageable solution to the dynamic run-time aspects. The approach selected for the RED and BLUE Services are based upon relevant developments in the fields of real-time systems and distributed processing. As a starting point for the RED Service, the project exploited the concepts of Cy-Clone (see Lawson, 1992b, 1992c). Cy-Clone addresses, in a holistic resource adequate manner, behaviour, mapping and resource structure issues. The notion of using a hardware paradigm (software circuits) for software development has its origin in this work. The concepts upon which Cy-Clone are based have been successfully applied in other "motion control" applications; for example, in the ATC (Automatic Train Control) system developed by Standard Radio and Telefon AB in the late 1970s for the Swedish National Railways (SJ) (see Lawson 1990). Further, we find somewhat related solutions in many time and safety critical aircraft and space applications. An early example is the SIFT (Software Implemented Fault Tolerance) computer developed at SRI International (see Wensley, et al., 1978). Through distributed processing, the goals of providing resource adequacy (sufficient parallel processing and communication capacity) is accomplished. Further, a firm basis is provided for the implementation of fault tolerant solutions. In this regard, the project gained significant insight by examining the MARS (Maintainable Real-Time System) developed at the University of Vienna (Kopetz, et al., 1989). The advantages of time driven over event driven systems, in respect to predictability and many of the other essential abilities, have been indicated by Kopetz (1992). Time driven processing coupled with resource adequacy provides for a reduction of mapping complexity (allocation and scheduling of processing and communication) and results in deterministic predictable solutions. For addressing the BLUE Service, the project had the advantage of the participation of Arcticus who has had many years of experience in delivering event driven real time kernels 21
242
HANSSON, LAWSON, S T R O M B E R G , A N D L A R S S O N
(see Lundb~ick, 1991). Further, ideas concerning the distributed nature of event driven systems were derived from several sources including (Goscinski, 1991). The notion of using a leveled approach to the development of control systems has been inspired by the robotics work of Brooks (1990) at MIT. This notion has been proved in practice in the development of the Saab Trionic Motor Management System as reported in (Lawson, Nilsson-Almstedt, and Str6mberg, 1994). The development of software circuits by defining POPs (pre-programmed domain relevant application operations) has been described by Lawson (1992a). Many of the ideas concerning fault tolerant distributed computing have their origin in the work at Chalmers Technical University. Torin (1991) has early characterised essential properties for automotive electronics. A number of research results have been obtained at Chalmers within the VIA project, including (Bridal, 1994; Bridal, Johansson, and Snedsb61, 1993; Johansson and Larsson, 1993a; Johansson and Larsson, 1993b). During the project, several other works in the area of distributed real-time systems have been examined and have influenced the thinking of the Team Basic group. For example, the work on the Spring Architecture at the University of Massachusetts (Stankovic, 1990). The subject of distributed real time systems is currently the object of research and development in many academic research projects as well as in advanced industrial projects. There are several points of views in regard to achieving a suitable solution. There has been a tendency to focus on the communication aspects (hardware, protocols and schedules) for distributed real time environments. While these aspects are important and interesting results have been attained (see for example Tindell and Clark (1994)), they represent one aspect of the goals of producing safe, reliable, cost-effective real time solutions. Attention must be given to many other issues as brought to the forefront in the Basement concept.
No~s 1. Note that, cycles containing only SCs and direct connectors are strictly forbidden, whereas a cycle containing a constrained connector is allowed, since a constrained connector only defines a flow of data, not a strict precedence relation. 2. In an actual system implementation, it might--for efficiency reasons--be the case that a finite number of nodes are allowed to send a fnite number of RED messages in each slot.
References Audsley, N. C., Bums, A., and Wellings, A. J. 1983. Deadline monotonic scheduling theory and application. Control Engineering Practice 1: 71-78. Bridal, O. 1994. Reliability estimates for repairable fault-tolerant systems. Technical Report ProVIA-94003, Department of Computer Engineering, Chalmers University of Technology, GOteborg Sweden. Bridal, O., Johansson, L.-~. and Snedsb61, R. 1993. On the design of communication protocols for safety-critical automotive applications. Technical Report ProVIA-93406, Department of Computer Engineering, Chalmers University of Technology, G6teborg Sweden. Brooks, R.A. 1990. A robust layered control system for a mobile robot. In P. H. Winston and S. A. Shellard, eds., Artificial Intelligence at MIT--Expanding Frontiers. MIT Press. Road Vehicles--Interchange of Digital Information--Controller Area Network (CAN) for High Speed Communication. 1992. ISO/DIS 11898.
22
BASEMENT: DISTRIBUTED REAL-TIME ARCHITECTURE FOR VEHICLE APPLICATIONS
243
Emanuelsson, M., and SjOdin,M. 1994. The simulator tool--final report. Technical Report ProVIA-DoCS-94104, Department of Computer Systems, Uppsala University. Eriksson, C., Lawson, H., and Lundbiick, K.-L. 1995. A real-time kernel integrated with an off-line scheduler. In Proc. 3rd IFAC/IFIP Workshop on Algorithms and Architectures for Real-Time Control, Ostend, Belgium. Eriksson, C. 1994. An object-oriented framework for the design of hard real-time systems--A study focused on realtimetalk. Technical report, Royal Institute of Technology, KTH, Ph.lic thesis. Fohler, G. 1994. Flexibility in Statically Scheduled Hard Real-Time Systems. PhD thesis, Technischen Universit~it Wien Austria. Fohler, G., and Koza, C. 1990. Heuristic scheduling for distributed hard real-time systems. Technical report, Institut fiir Technische Informatik, Technischen Universitiit Wien Austria. Goscinski, A. 1991. Distributed Operating Systems. Addison-Wesley, Reading, MA. Hou, E. S. H., Ansari, N., and Ren, H. 1994. A genetic algorithm for multiprocessor scheduling. IEEE Transactions on Parallel and Distributed Systems, 5(2): 113-120. Johansson, L.-~., and Larsson, S. 1993. A fail-safe implementation of VIA BASEMENT distributed realtime system. Technical Report ProVIA-93407, Department of Computer Engineering, Chalmers University of Technology, Gtteborg Sweden. L.-,~. Johansson and S. Larsson. 1993. Analysis of AICC fault tolerance requirements. Technical Report ProVIA-93401, Department of Computer Engineering, Chalmers University of Technology, Gtteborg Sweden. Kopetz, H. 1992. Event triggered versus time triggered. In Proc. International Workshop on Operating Systems of the 90s and Beyond, volume 563 of Lecture Notes in Computer Science, pages 87-101. Springer Verlag. Kopetz, H., Damm, A., Koza, C., Mulazzani, M., Schwabi, W., Senft, C., and Zainlinger, R. 1989. Distributed fault-tolerant real-time systems: The MARS approach. IEEE Micro, February: 25-58. Larsson, E. 1994. The scheduling tool. Technical Report ProVIA-DoCS-94204, Department of Computer Systems, Uppsala University. Lawson, H., Nilsson-Almstedt, B., and StrOmberg, M. 1994. Application function development for multiplexed automotive control systems. In Proc. Vehicular Technology Conference '94, Stockholm, pp. 1093-1097. Lawson, H. W. 1990. Philosophies for engineering computer-based system. IEEE Computer 23(12): 1859-1874. Lawson, H. W. 1992. Application machines--An approach to realizing understandable systems. The Euromicro Journal 35(1-5): 5-10. Lawson, H. W. 1992. Cy-Clone--An approach to the engineering of resource adequate cyclic real-time systems, real time systems. Real-Time Systems--The International Journal of Time-Critical Computing Systems 4(1). Lawson, H. W. 1992. Engineering predictable real-time systems: Lecture notes for the NATO advanced study institute on real-time computing. In W. A. Halang and A. D. Stoyenko, eds., Real Time Computing. Springer Verlag. ISBN 3-540-57558. Lawson, H. W. 1992. Parallel Processing in Industrial Real-Time Applications. Prentice-Hall, ISBN 0-13654518-1. Lawson, H. W. 1994. Application software development methodology for Basement platforms. Technical Report ProVIA-93602, Lawson Ftrlag och Konsult AB. Lawson, H. W. 1995. Assessment of safety critical embedded control systems ("A Safety Case Approach"). In Proc. of the Software Technology Conference (STC'95), Salt Lake City, US Department of Army, Navy, and Air Force.. Little, M. C., and McCue, D. L. Construction and Use of a Simulation Package in C+ +. Deptartment of Computing Science, University of Newcastle upon Tyne. Available at internet ftp://arjuna.ncl.ac.uk. Lundb~ick, K.-L. 1991. The Real Time Executive for Embedded Systems O'Tool (3rd edition). Arcticus AB, J~f'~illa, Sweden. Schlatterbeck, R. 1992. The MARS pre-rnntime scheduler. Technical report, Institut ftir Technische Informatik, Technischen Universit~itWien Austria. Shepard, T., and Gagnt, J. A. M. 1991. A pre-run-time scheduling algorithm for hard real-time systems. IEEE Transactions on Software Engineering 17(7): 669--677. Stankovic, J. A. 1990. The Spring Architecture. In Proceedings Euromicro'90 Workshop on Real Time, pages 104-113. IEEE Computer Society Press, Los Alamitos, CA. Tindell, K., and Clark, J. 1994. Holistic schedulability analysis for distributed hard real-time systems. Microprocessing and Microprogramming 40:117-134. Torin, J. 1991. Dependability in automotive electronics requirements, directions and drivers. Technical Report 112, Department of Computer Engineering, Chalmers Technical University, Gothenburg. Wensley, J. H., Lamport, L., Goldberg, J., Green, M. W., Levitt, K. N., Melliar-Smith, P. M., Shostak, R. E., and
23
244
HANSSON, LAWSON, STROMBERG, AND LARSSON
Weinstock, C. B. 1978. SIFT: Design and analysis of a fault-tolerant computer for aircraft control. Proceedings of the IEEE, 66(10): 1240-1255. Xu, J. 1993. Multiprocessor scheduling of processes with release times, deadlines, precedence, and exclusion relations. IEEE Transactions on Software Engineering 19(2): 139-154.
24
Real-Time Systems, 11,245-263 (1996) © 1996 Kluwer Academic Publishers, Boston. Manufactured in The Netherlands.
A Description Language for Engineering of Complex Real-Time Systems ALEXANDER D. STOYENKO*
alex@rtlab 12.njit.edu
The Real-Time Computing Laboratory, Department of Computer and Information Science,
New Jersey Institute of Technology,Newark,NJ 07102 USA THOMAS J. MARLOWE
marlowe @rtlab 12.njit.edu
Department of Mathematics and Computer Science, Seton Hall University,South Orange, NJ 07079, also researchfaculty of NJIT RTCL PHILLIP A. LAPLANTE
[email protected]
Dean of Engineering and Technology, Burlington County College~NewJersey Institute of Technology, Technology Education Center, Mt. Laurel, NJ, also researchfaculty of NJIT RTCL
Abstract. Typical in modem complex real-time applications are (1) integration of large systems, as well as development of new systems and subsystems, (2) complex, often conflicting, functional and non-functional objectives, and (3) a significant degree of distribution and parallelism. The article takes a particular approach to viewing such applications, and describing them in a new language, called CaRT-Spec. While CaRT-Spec addresses many complex application objectives, the focus of our presentation is on functionality and timeliness, i.e. schedalability.
Keywords: engineering of complex real-time systems, schedulability, real-time specification languages, resource algebras
1.
Introduction
Typical features of modern applications are (1) integration of multiple existing large systems, as well as development of new systems and subsystems, (2) complex and often conflicting objectives (such as functionality, timeliness, fault-tolerance, and security) and (3) significant component distribution and parallelism. The computer systems controlling these applications are required to provide support for these features. The resulting systems are often thus quite large, and are expected to adapt in a timely, rapid and correct fashion to frequently changing environment variables and conditions. The systems are expected to run on modern computer architectures, usually (highly) parallel, often distributed, and utilizing many heterogeneous resources. These systems are expected to function for d e c a d e s , d u e in part to the t r e m e n d o u s cost o f their d e v e l o p m e n t . Finally, the s y s t e m s n e e d to i n c o r p o r a t e - - i n a c c o r d a n c e w i t h the r e q u i r e m e n t s o f the a p p l i c a t i o n s they c o n t r o l - - a w i d e variety o f o f t e n c o n f l i c t i n g f u n c t i o n a l a n d n o n - f u n c t i o n a l objectives. G i v e n all t h e s e r e q u i r e m e n t s , it is n a t u r a l to r e f e r to t h e s e s y s t e m s as n o t m e r e l y real-time, b u t as complex as well. * This work is supported in part by the U.S. ONR Grants N00014-92-J-1367 and N00014-93-1-1047, by the U.S. NSWC Grants N60921-93-M-1912 and N60921-93M-3095, by the NATO Grant CRG-90-I077 and by the AT&T UEDP Grant 91-134.
25
246
STOYENKO, MARLOWE, AND LAPLANTE
To meet the challenge of engineering of complex real-time systems, we propose an integrated multi-view methodology. Our system views are operational, corresponding to individual operational requirements. Thus, a view need not describe an entire application, but rather focuses on a single requirement of the application. The views include the following two discussed in this paper (other views include fault-tolerance, security. . . . ). 1. The Functional view: the system is viewed as a set of active processes and dependencies, where process dependencies arise through usage of passive resources, and through direct interactions such as message passing and synchronization, or through explicit precedence constraints. 2. The Timing view: the system is viewed as a set of time-constraints on processes, and on resource and interaction requirements of a process action. For instance, in an objectbased virtual reality system, the process maintaining a set of objects may be invoked in a strictly periodic fashion, with a deadline for the update of object position and properties at the end of each period, and may require access to the display for a certain amount of time in every period. Software engineering practice typically results in systems becoming even more detailed and complex as the system matures through specification, design, implementation, testing, and maintenance. The evolving operational views thus need to include correspondingly more detail and complexity. However, the earlier, less-developed views will not only represent uncertainties and unmade decisions, but in addition often provide a higher-level view of system requirements and behavior. For this reason, our approach provides a hierarchical definition of each view. To express these views, we use an algebraic description language, CaRT-Spec. The functional view of a complex program in CaRT-Spec consists of two major components: an acyclic graph of tasks (process components) and messages, as described largely in Section 2.3, but also in part in Section 2.4, and resource expressions, specifying resource management in these tasks, described in Sections 2.5 through 2.6. CaRT-Spec is based on a resource algebra, and thus differs from most process-algebra based systems in separating processes and resources, combining tasks only in fairly simple ways, and applying most of the algebraic specification and analysis to resource usage. The timing view can be taken as annotations on processes, their component tasks, and the resources they use. CaRT-Spec uses a fairly robust model of distributed computing, and allows resources to exist on processors other than those hosting processes, and to be managed by daemons invoked (perhaps transitively) by processes. In principle, any service--high or low level---can and should be modeled as a CaRT-Spec resource in our methodology (although resource utilization deriving from process assignment to processors, and from the use of links to communicate input and output objects, may more easily remain implicit). CaRT-Spec is intended as a description/specification language, but can also be useful as an intermediate form for analysis and optimization, even if other languages, or a combination of CaRT-Spec and other languages, are used for system description. Some system functionality can be as well, and perhaps more simply, described in languages other than CaRT-Spec, and we are in the process of developing translation mechanisms from process-based descriptions into CaRT-Spec. Other functionality is most easily described in terms of resources, and 26
A DESCRIPTIONLANGUAGEFOR ENGINEERINGOF COMPLEXREAL-TIMESYSTEMS
247
may be difficult to express in other description languages. We have also found it useful to describe detailed implementations of CaRT-Spec actions (see Section 2.3) as objects (in the standard OO sense) (though the details of this are beyond the scope of this paper). The rest of the paper is organized as follows. In Section 2 the details of CaRT-Spec are presented, emphasizing the real-time aspects of our approach. Section 3 very briefly mentions the schedulability analysis of CaRT-Spec programs and transformations undertaken to facilitate efficiency the analysis. Finally, Section 4 summarizes what has been achieved and provides directions for future work.
2.
Details of CaRT-Spec
We specify a real-time application system using Complex Real-Time Application Specification (CaRT-Spec)J CaRT-Spec expresses timing and resource requirements of processes, as well as their control and data flows. By expressing what processes do and what their timing constraints are, we address the Functional and Timing operational views (as defined in the previous Section)--and will later extend this work to address other views. Unlike the majority of previous specification and design languages, CaRT-Spec programs are schedulability analyzable, 2 and combine real-time actions with timing constraints, resources, and communication.
2.1.
Why CaRT-Spec is Based on A Resource Algebra
Before proceeding with a detailed discussion, it is important to clarify the distinction between resource algebras and process algebras, and to explain why we prefer a resource algebra. The two approaches use similar operators, and give similar-looking expressions. However, a process algebra expression encodes orderings of actions, while a resource algebra encodes patterns of use of data and other resources. The distinction is in fact somewhat like distinctions being made in language programming and analysis paradigms between procedural and declarative models, and can be summarized as follows. Dependence, precedence, or mutual exclusivity based on data and resource usage is inherent in the functionality of the system, as in program dependence graphs or data flow computing languages. In contrast, dependence expressed by process algebras can be extraneous, like dependences introduced by statement order in a control flow graph (which may cause possible reordering or parallelism to be missed, or may simply introduce unnecessary delays). Moreover, process algebra summaries can miss dependence information, since, for example, two processes running in parallel can still attempt to access the same memory location, use the same resource, or synchronize with one another or with a common third process. A resource algebra, on the other hand, operates on a task flow graph restricted only by (1) explicit communication, or true dependence on a shared variable, (2) explicit parallel and choice constructs, and (3) use of shared resources, with constraints on the joint use of resources by a given task. A resource algebra cannot miss a dependence (provided the representation of resources is correct), since all dependences are encoded in the problem. 27
248
STOYENKO, MARLOWE, AND LAPLANTE
Conversely, it will impose extraneous dependences only (1) when an explicit parallel construct is used inappropriately, or (2) when summarization of information for a composite structure results in loss of precision. (It is of course also possible--but unreasonable--to deliberately introduce spurious task-graph edges, or extraneous shared resources.) Thus, in principle, a resource algebra operates at a finer granularity than a process algebra. 3 Consequently, while CaRT-Spec is similar in appearance, and in its operators, to process algebra approaches to distributed real-time systems, it differs from a process algebra in applying only data dependences (task-graph edges) and logical operators (AND and XOR) to processes, and using time-sequence operators for resource usage only. This allows a finer-grained description of behavior, and analysis of schedulability, without interfering with inference of global properties or seriously overconstraining global behavior. The relative freedom from extraneous dependences is possible in part because CARTSpec is not, as many process algebra formulations, and many of the approaches in the next section, are, an executable specification. Although it may be possible to provide a data-flowlanguage-like run-time semantics, we do not do so. Once a program is certified as satisfying specification objectives, implementations may be in any language and/or environment, and use any semantics for composite actions, provided that visible behavior is consistent with the specification. 2.2.
Previous Work
Work on CaRT-Spec is related to a number of efforts in both real-time specification languages and formal methods for real-time systems. There is a large amount of previous work, and it is clearly impossible to cite it all. Interested readers can refer to (Ostroff, 1991). Rather, the following summarizes briefly most relevant existing approaches, providing a single reasonably representative reference for each. Among real-time specification languages, there are a number of notable approaches. The synchronous language family (such as Esterel (Berry, Moisan, and Rigault, 1983)) are typically well-typed, modular real-time languages (some imperative, others functional, and yet others declarative) embodying temporal schedules and timing constraints. The synchronicity assumption essentially states that transitions of control and statements not associated with delays are instantaneous and incur no overhead. Formal design (and requirements) specification languages, such as Real-Time ASLAN (Auernheimer and Kemmerer, 1986), typically rely on the expressiveness of a standard logic and allow different levels of design (reflecting different levels of abstraction). A number of languages, such as RTRL (Dasarathy, 1985), aim at making timed mechanisms and objects first class entities. These languages typically provide for a very thorough modeling of applications' timing constraints and enforce these through language constructs (not unlike HLL-style real-time languages, such as Real-Time Euclid (Kligerman and Stoyenko, 1986)). Finally, job control languages, prototyping languages, and distributed or network languages, such as the language in (Krishnan and Volz, 1989), facilitate real or symbolic assignment and allocation of program components by bringing features rooted in typical distributed and parallel implementation platforms to the language construct level. These features include distributed clocks (separated from conventional program control 28
A DESCRIPTIONLANGUAGEFOR ENGINEERINGOF COMPLEXREAL-TIMESYSTEMS 249
flow), asynchronous communication events, and dynamic control mechanisms (such as for migration). Using the categorization of (Ostroff, 1991), formal methods for real-time systems can be divided into real-time temporal logics, event-action models, process algebras, timed Petri nets, and assertional calculi. Of these, the former three are of most relevance to CARTSpec. Within each of these methods, approaches differ not only in formalism, but also in expressivity and the forms of concurrency and/or parallelism allowed. Real-time temporal logics (for example, Clarke, Emerson and Sistla, 1986), include interval and point semantics for the division of time; there are further differences in the structure of time and clocks. Algebraic approaches (for example, Huizing, Gerth and de Roever, 1987) are usually closely related to Hoare's CSP with time (and priority and/or resource contention). Event-action models, such as Modecharts (Jahanian and Stuart, 1988), provide a high-level graphical view of systems. Petri net models (as in Berthomieu and Diaz, 1991) are augmented with time (point or interval) labels on nodes and edges.
2.3.
Overview
An application is viewed as a collection of processes. Each process has its own set (possibly empty) of critical timing constraints (such as periodicity and deadlines) to which it must adhere. The only form of synchronization currently allowed, other than the communication/synchronization implicit in a task graph model, is through resource-sharing (see next paragraph below). Each process is self-contained--it shares no data, except via parameter passing through resources. We are extending the language to allow for explicit interprocess communication. A process is a collection of steps we refer to as actions (subprocesses). Each action is associated with one or more stimuli (external for the first action of each process, and internal for all others). To proceed, an action requires not only its stimuli but also a specified set of resources. Each action likewise produces one or more reactions. The actions in each process form a single-source, single-sink directed acyclic graph (DAG), connected via precedence and reaction/stimulus edges. For a given reaction/stimulus edge, a reaction produced at its source becomes a stimulus for its target. 4 Each instance of a resource request claims a resource for a specific amount of time, either individually or in a group with other resources. Furthermore, each resource request is associated with an input parameter object and an output parameter object. Each object has an associated size; the size is only of interest should the resource and the action be on different network sites. In that case, the size (as well as the network's topology) is used to compute the cost of communication needed to transmit the object. While CaRT-Spec's processes and actions may correspond to implementation-stage software code, they more usually correspond to specification- or design-stage entities. Nonetheless, we need to define a semantics of resource usage at these earlier stages, to assure that commitments made as to simultaneous use of resources and other design decisions do not result in deadlock or other anomaly, or cause process deadlines or other constraints to be violated. 5 These assurances are obtained by symbolic execution of processes, with symbolic use of 29
250
STOYENKO, MARLOWE, AND LAPLANTE
resources, as if both processes and resource use were simulated by a workload generator. That is, given an action A that requires a resource R for 5 time units, A "executes" by holding on to R for 5 time units. Should R be preemptible, it is possible that A will execute symbolically with R for, say, 3 units out of 5, and will execute the remaining 2 units at some later time. No actual work takes place during symbolic execution, but time is spent and all resources are "used" in accordance with stated resource usage constraints. Should an action claim to require a particular set of resources to execute, the implementation is permitted to undertake any resource management scheme not in violation of the resource usage constraints specified by the action, the constraints specified by other-potentially co-executing--actions, and the basic access policies of each particular resource (for example, the number of replicas, or preemptibility). Thus, for example, the implementation may enforce strict atomic usage (claiming every resource at the beginning of the action and releasing them at the end of symbolic execution of the action), or most optimistic usage (claiming optimistically and possibly recovering later, and releasing a resource when it is no longer needed), or anything in between. An action may be preempted if all its resources are preemptible. Even preemptible actions may not be preempted, however, while they are in the process of sending or receiving resource parameter objects. A preempted action will in principle give up all its resources. Once preempted, the remainder of an action behaves as an entire new action, re-requesting the resources it still needs; however, the remainder does not, of course, need a stimulus, just as the initial segment did not produce a reaction. If at least one of the resources requested by the action is non-preemptible, the entire action is non-preemptible. An action outputs one or more reactions, each associated with a graph edge and an output parameter object. (However, some graph edges represent only precedence e d g e s - perhaps to sequentialize resource access--and may be associated with an empty message. If the sequencing is not otherwise enforced, a simple " I ' m done" signal may be required.) The parameter object is associated with a size to be used in consequent communication cost computation; similarly, external stimuli have parameters and communication costs for initial actions. If the reacting and enabled actions are on the same network site, then communication costs and consequently object size are immaterial; otherwise, the time taken to transmit the reaction (based on object size and routing information) must be taken into account. As indicated above, each reaction serves as a stimulus to one or more subsequent actions. Each process has a single final action, whose reaction is the process's output to the external environment. To simplify analysis and design, and to allow for a hierarchical view of CaRT-Spec actions, CaRT-Spec provides, as with other specification languages, logical operators. Specifically, the language allows one-to-many (fork) and many-to-one (join) AND and X O R nodes. As customary, fork and join nodes are paired (and either both AND or both XOR), and each pair cuts the graph--that is, forms a single-entry-single-exit (SESE) region--and there is no way into or out of a fork-join region from outside. AND nodes can be used either to encapsulate groups of concurrent actions, or to split or broadcast a stimulus to a set of successors, and to merge reactions from a set of predecessors. X O R nodes provide for conditional or non-deterministic execution of one of a set of nodes, and routing of the stimulus from a predecessor and reaction to a successor object. Either
30
A DESCRIPTIONLANGUAGEFOR ENGINEERINGOF COMPLEXREAL-TIMESYSTEMS 251
type also imposes precedence (control-flow) constraints. Logical operators are viewed as special resourceless actions, operating on a virtual processor--communication costs are as if the logical action did not intervene.6 The initial and/or final actions of a process may be logical. The usual symbolic execution assumptions are in force: all parts of a CaRT-Spec program are reachable unless excluded by the explicit transition conditions, and no decision made at an XOR-gate has any influence on a decision at any other gate (decisions are made independently). It is possible to express many (but not all) CaRT-Spec specifications so that only fork logical actions have multiple successors, and only join logical actions have multiple successors; most applications can be expressed with only a few exceptions to this principle, most of which are "well-behaved" hierarchically. The applications we have considered lend themselves to expression in this way. The main benefit of this approach, beyond the simplification in the analysis imposed by the simpler flow graphs and the implicit synchronization, is that fork-join regions can be summarized as nodes (or conversely, nodes expanded to regions) where all external stimuli arrive at the beginning, and all externallyvisible reactions are produced at the end. We are defining a means of summarizing patterns of resource use, discussed briefly in Section 2.5, which together with this will provide a hierarchy of processes, actions and resources (see Section 2.6). Observe that at the action level, CaRT-Spec behaves like data-driven processing, with behavioral extensions by constraints due to resources, fork-join regions and hierarchies; however, CaRT-Spec is not executable. High-level CaRT-Spec processes and resources are mapped--using a straightforward map we do not present here--to call-DAGs and implementation-level processes and objects. Timing and resource specifications of CaRT-Spec necessitate schedulability analysis techniques and algorithms for interpreting resource and timing algebra expressions. In the balance of the Section, we discuss various CaRT-Spec items in detail. Illustrations of various items are presented throughout, both through verbal descriptions and, in Section 2.6, pictorially.
2.4.
Timing Constraints in CaRT-Spec
CaRT-Spec uses two types of timing constraints. Timing constraints of the first type express the amount of time a resource is needed by the action. These constraints may be expressed either as a known constant, or as a symbolic expression. Timing constraints of the second type express process activation and deactivation criteria, and deadlines for processes. As in Real-Time Euclid (Kligerman and Stoyenko, 1986) and other languages, each process P is associated with aframe Fe, a length of time which serves as the minimal activation period for P. That is, P may not be executed more often than once per frame. The frame corresponds to a maximal activation frequency of an external real-time process. For instance, a particular sensor may have to be probed no more often than once every 100 msec. Then the corresponding software process (that accesses the sensor) has a frame of 100 msec. A process P can be either7
1. periodic, meaning that it is activated exactly once per frame Fp (with a first activation 31
STOYENKO, MARLOWE, AND LAPLANTE
252
at a particular time or event), and once activated at time to, it must complete before the frame expires at time to + Fv, or
2. aperiodic, meaning that it is activated no more often than once per flame (and the end of the frame still serves as its deadline), or
3. interval-periodic, meaning that (1) once it is activated at time to, it must complete and be deactivated by to + Fe + 8a, where and Sa is a deactivation interval size, and (2) once it is deactivated at time tl, it will be activated the next time in the time interval [tl + Fv, tl + Fv + 8a], where 3a is an activation interval size. Processes may have deadlines earlier than, but not later than, the ends of their frame. For any activation of an aperiodic or an interval-periodic process, it is assumed that the external stimulus will be triggered somehow at some time through an external event (though this event will occur no more often than once per frame, and if it occurs, no later than at the latest possible re-activation time for an interval-periodic process). The first activation of a periodic process may also be triggered by an external event, or it may occur at a specifically-stated time.
2.5.
Resources in
CaRT-Spec
The most important contribution of CaRT-Spec is its treatment of resources. Resources may correspond to objects of the external environment (such as a sensor or an autonomous guided vehicle), of the computer facilities (such as a network link, a shared variable, or a database) or, at later development stages, of software program internals (such as a semaphore). A resource may be unique (such as the rudder on a plane) or replicated (such as five identical printers in the same printing room). We denote a unique resource as Ri, for some integer i, and a replicated resource a s RiM, where there is a set of M replicas {Ril . . . . . RiM} and Ri, refers to any replica in the set. In the future, we will generalize the notion of replicated resources and allow cases where a particular resource X may be used when another resource Y is called for but not vice-versa (for example, a secure printer in place of a public printer). Resources have attributes which may be used in determining timing and other information. Resource attributes can be characterized as essential (always needed), necessary (needed in the given specification), or additional. At present, the essential attributes consist of, as indicated above, the integer attribute replicas (which can also take the value cx~) and the boolean attributepreemptible. The difference between necessary and additional attributes is more subtle, depending on the nature of system constraints and objectives, and possibly even on the current level of refinement. For example, for a given printer, the real attribute _speed_ and the boolean attribute _postscript_ are required for scheduling, and so are necessary for functional and timing constraints, but the string attribute _location_ is (probably) not. But _location_ may be a critical attribute for security, or if there is timing constraint on the printed results being reachable by the requestor, etc. An action may require no resources, a single resource or multiple resources. No matter how many resource requests are made (say N), the amounts of time each resource is needed are specified as follows: R1 = 7"1, R 2 = T2 . . . . . RN = TN, where 7],- is the amount 32
A DESCRIPTION LANGUAGE FOR ENGINEERING OF COMPLEX REAL-TIME SYSTEMS
253
of time the r e s o u r c e Ri is needed. Should an action require multiple resources, it must appear (according to the definition of an action) as if all the resources are claimed and released together (although the implementation may use another strategy if it can be shown this is provably equivalent). However, there are different possibilities for how the use of these resources may be combined. It will be seen that these operators will handle multiple non-overlapping requests to the same resource. There are a number of possible approaches to a resource algebra, even considering only the order and overlap of resource use. There are two dimensions: the generality of expressions for resource usage periods, and the logical constructors with which these constructors may be combined. A most general approach would use attribute-grammar-like or record-like constructors like R.begin and R.end, and would allow arbitrary propositional formulas combining them. What this approach gains in expressivity, however, it loses in ease of use, comprehension, and inference. An alternative approach, and the one we take here, is to use a small set of algebraic operators, chosen to correspond to the most likely or useful patterns of resource use. Further, we allow only conjunctions of formulas (specified implicitly, as a set of formulas), without negation, and only the limited amount of disjunction on alternative orderings which can be expressed by our operators. Finally, although we permit arbitrary patterns of references inside a set of formulas, we expect that in most cases a given resource will appear in only one of them, or in a small number, and in fairly structured ways. We currently identify four primary resource combinators, corresponding to sequential, orthogonal, parallel, and synchronized use of resources, and four secondary combinators (each a variant of one of the primary combinators--see Table 1), principally used in summarizing or simplifying primary expressions. We also allow grouping, and in fact require each resource expression to be fully parenthesized. Each expression simultaneously represents a statement about resource use (having a truth value in a given schedule or execution), and a composite resource to be used in the given pattern. The four primary operators are: 1.
o: The resources need to be used in a particular relative order (Sequential U s e ) .
For instance, a part may need to be polished before it is painted (though other operations may still occur after polishing but before painting). This is denoted using o as in R1 o R2. We do not provide a separate operator for an absolute order, since it is possible to enforce one by repeated application of o. o is associative but not commutative, and is always used as a binary operator. 2.
_1_: resources may not be used simultaneously (Orthogonal Use).
For example, consider an assembly process where two fixture parts are attached to a base part. Suppose further that the attachments may be made in either order but each is done by its own robot (the robots are denoted R1 and R2), and that at most one robot may be physically holding the base. We denote the fact that the two robots are never used in parallel by R1 _1_ R2. _J_is in general defined for sets of resources, 1 {Rl, R2 . . . . . Rk}, but possesses a binary shorthand as above. The only alternatives (disjunctions) in the resource algebra come from instances of _J_ and its variant -F. 33
254
.
STOYENKO, MARLOWE, AND LAPLANTE
II= The resources may be used in any pattern (Parallel Use). In particular, resource usage times may overlap, but do not have to. For instance, a process may wish to read a value from each of two independent sensors used to observe completely unrelated events. If R1 and R2 denote the two sensors, this mode of use is requested by stating R1 [I R2. As with _L, II is in general defined on sets of resources.
4.
~<: The resource usage times must be identical (Synchronized Use). For instance, a process may wish to execute a critical section, thus requiring the use of both a CPU (denoted, say, as R1) and the section (R2). The notation used in this case is RI ~< R2. Again, ~< is actually defined on sets of resources. is usable in many cases where resources have to overlap partially. In many cases, the non-overlap is not really a busy period for the active resources, and our semantics require that the process must behave as if it held all the resources for the union of their active intervals.
As already mentioned, resources are also classified as either preemptible or non-preemptible We denote preemptible resources with a superscript P, as in R~. Preemption of a resource expression is inherited from its components. Should an action request a set of resources which are all preemptible, the action itself is preemptible. Otherwise, the action cannot be preempted (but see the <>combinator in the enumeration below). Once an action is preempted, the tail of the action is itself treated as a preemptible action. It is automatically enabled by the termination of its preempting action, and has resource demands equivalent to the unused portion of the requirements of the original action, with an induced resource expression (which will not however be explicit), and will commence re-executing once the resources it needs (a subset of its original resources) are available. Note that these combinators, and in particular, II and l , impose guarantees on legal orderings: in the case of II, that any arrangement of resource busy intervals is legal, and in the case of _1_,that any ordering is. This guarantee may later be constrained in refinement of design, or by implementation decisions, or by scheduler/analyzer decisions. However, we also need to be able to express constraints without guarantees, leading to the following secondary combinators: 1.
c : If R1 C R2, then R2 must be in use while R1 is. This may be of some use as a primary combinator, but its main use is in inferring consequences of expressions involving ~ on the one hand, and o or I on the other. For instance, suppose that an action requires a CPU (denoted as R1) to execute one critical section (denoted as R2) for 3 time units and another (R3) for 5. Thus, the requirements are as follows: R1 = 8, R2 = 3 and R3 = 5. In principle, the exact specification should say (R'l ~,< R2) o (R~ ~,< R3), where R 1 and R 1 denote the usage of R1 for 3 and 5 time units, respectively. However, since we want to simplify, not complicate, we instead observe R2 o R3, R2 C R1, and R3 C R1. Unlike ~<, C is a binary operator, and is non-commutative. Chains of C are interpreted as nesting, independent of parenthesization. !
34
tt
A DESCRIPTION LANGUAGE FOR ENGINEERING OF COMPLEX REAL-TIME SYSTEMS 255
Table 1. Primaryand secondaryresource operators. Mode Sequential Orthogonal Parallel Synchronized
Primary Secondary o .1_ II ~<
o T ~ C
Difference preemption point in <> hidden constraints poss!ble hidden constraints possible C is uni-directional
. o. A binary composition operator. Differs from o by being preemptible at the
composition point even if the two operands are notmthat is, the composition point is a preemption point for the expression. For instance, suppose two resources R1 and R2 can each modify system state, and must be used in that order. Neither is preemptible, since updates should be atomic, so we would be tempted to write R1 o R2. Suppose, however, we also have a hardware monitor (in the sense of profiling code) S which snoops on system state. We would like to use S to observe a consistent state, so would like to write S 1 (R1 o R2). However, this prohibits S from snooping between the executions of R1 and R2, which we would want to do at times to see a better picture of the set of reachable states. Thus we need to write S _1_ (R1 <>R2). 3.
-I-: A set operator. The given resources are used in some pairwise-non-overlapping order. The difference between .1_ and T is that in the former case all orderings must be feasible; in the latter case, there may be additional (possibly unrepresented) constraints on the ordering. This is used only in summarizing resource requirements in a hierarchical node. The analyzer and scheduler are allowed to use only the mutual exclusivity, and must prove properties for all possible orders.
. --'~: Another set operator. The given resources are used in an unspecified manner. The difference between ~ and II is identical to the difference between T and _l_. The only guarantee is that none of the other primitives are clearly applicable--that is, for each of the other seven primitives, and each (non-trivial) subset of resources, there must be a statically realizable path for which that expression is invalid. (An example is provided shortly.) We can give a number of rules for simplifying resource expressions. There are three groups. The first are precise rules: itis always legal to replace either side by the other. The second group consists of safe approximating rules: it is always safe to replace the left side by the right, although typically with a loss of information. The third group consists of patterns from which we can infer a contradiction; any such pattern represents an inconsistent set of requirements or an invalid implementation. (Trivially, no pair of primary operators can hold for the identical instances of resources. Primary-secondary pairs are also contradictory, except for the following pairs: (any, ~-.), (_L, T), (o, T), (~>0, C) each of which generates 35
256
STOYENKO, M A R L O W E , A N D L A P L A N T E
Table 2. Sample rules for CaRT-Spec.. Group I:
Precise rules
Group II:
o is concatenating is absorbing subset promotion preemption absorption Approximating rules C is transitive approx, distribution generalized mutex Illegal pattems
Group III:
o(S) o o(T) R1 ~ R2, R1 t~ R3 R1 C R2, R2 C R1
¢~, ¢:~ ¢#
Rf o RI C R2, R2 C R3 (R1 t:~ R2) o (R3 ~ R4) (R1 o R2) A_ (R3 o R4)
~
o(S :: T) (R1, R2, R3) R1 t~ R2
R1 o =~ =:~ ~
R1 C R3 (RI o R3) ~ (R2 o R4) T (R1, R2, R3, R4)
R1 t~ R2, R1 ~ R3, R2 o R3 R1 C R2, R1 C R3, R2 _L R3
Table 3. Sample summarizing rules. Structure
Resources
Sequence PI;/)2
E1 and E2
AND node
R1 in Ei V i
X O R node
{ Ei } { Ei }
Conditions E1 and E2 preemptible any unique resource all R before any S no global order all I[ all A_ _[_, o, T, o
Composite Resource Expressions E1 o E2 E1 ~, E2 Rl,i _1_ RI,j RoS ~ (I Ei }) II ({ Ei }) A_ ({ E i }) T({ E i })
an implicit rule in Group II.) We give examples of each group in Table 2. As in Prolog, conjuncts are given as a list, separated by commas. As we indicated, the secondary combinators are principally usable in summarizing the resource usage of a sequence of nodes, or of an AND or an X O R node. Since, particularly for X O R nodes, one can get an expression which appears to take more time than would be taken on any single branch, we will allow summary expressions to include a separate time, where it can be proven that resources are not needed for more than that time by the composite node. Again, we present a number of sample rules in Table 3. The remaining rules (mostly special cases in which more information can be retained, plus additional cases for X O R ) are quite straightforward.
2.6.
Hierarchy and Refinement
In the process of development, it will frequently be convenient to move from one level of representation to another. A single action in an early phase may be replaced by an entire task graph at a later stage. Conversely, an entire task subgraph may be encapsulated: the graph is condensed by replacing the subgraph by a single node, and the node resource expressions by a summary resource expression, to achieve a simplicity of representation and ease of 36
A DESCRIPTIONLANGUAGEFOR ENGINEERINGOF COMPLEX REAL-TIME SYSTEMS 257
analysis. (Summarization of resource information was discussed in the previous Section.) In refinement, any node v may be replaced by an acyclic subgraph To. An incoming edge ei can be redirected to any node of To, and an outgoing edge eo from any node which is reachable from any incoming edges ei on which it is data-dependent. Refinement never degrades information, except through introduction of additional resource use (typically through resource use in communication, or by introduction of new resources closer to implementation level). CaRT-Spec provides a general encapsulating mechanism, in which a task subgraph T is b o x e d into a single node. The nodes of T are condensed to a single node v~r, and internal edges are replaced by the use of a channel resource with cost dependent on message size (and assignment of tasks to processors). Edges into/out of T are treated as edges into/out of yr. There are three issues in encapsulation: cycles, spurious dependences, and loss of precision of resource use information. If T is a single-entry/single-exit (SESE) region, condensation will not introduce cycles or spurious dependences. There are four cases to consider: the three composite actions, namely, (1) a sequence of actions, (2) an AND-block, (3) an XOR-block, and (4) any other SESE region. In case (1), there will also be no loss of precision in resource use; in cases (2) and (3), we can provide rules for summarizing resource use, and quantify the loss of precision. In case (4), the summarization is not automated, although we can usually tell when a given summary expression represents a loss of precision. If T is not an SESE region, then condensation inserts additional dependences via delay of T until the receipt of all incoming messages, and delay of outgoing messages until the end of T. This may introduce cycles, in which case the condensation is illegal. Even assuming the condensation is acyclic, extraneous and spurious dependences may be introduced. Finally, we will in general have no control over the degree of precision in the summary resource expression. Although such condensations will be legal in CaRT-Spec (if they are acyclic), one would both expect and hope that they would be used infrequently. In general, condensation of a subgraph arising in a refinement will be legal. The resulting task graph should be equivalent to the original (modulo any intervening refinements or condensations), but the resource expression annotating the condensed node need not be equivalent to the original expression, both because new resources or resource demands may have been introduced, or resources specialized and/or renamed, and because the rules for summarizing resources may not be capable of recovering the original expression. (Of course, the internal structure of the condensed node can be separately retained. While it will usually be infeasible to re-expand a node,"since it will complicate the solution of the system resource expressions, directed reanalysis may sometimes be able to recover a more precise resource expression, and allow the global system to be solved.) Hierarchy and refinement is clearly one of the most powerful features of CaRT-Spec. However, this feature, when used with primary and secondary resource algebraic (and process algebraic) combinators, is not immune to the common problems of precision loss. We now turn to a number of examples, to illustrate various types of precision loss, while also providing examples of the language. Consider a simplified ship weapons system of the Figure 1. Using a sonar for about 5 time units, the system detects a possible target. The target is consequently acquired making 37
258
STOYENKO, MARLOWE, AND LAPLANTE
wqoo(~ ~ t~'se~m(~ Aequ~
Tm'pt
l)etedc
rulelw~7)
Figure 1. A simplified ship weapons system ("high-detail").
(Weapon M Targetting) IIRule base
I
I I
:
Match & Lock II
(Weapon~ Targetting)
_1 q
Target ?
Figure 2. A simplified ship weapons system ("medium detail").
use of the targeting subsystem (for five time units) while reading (and claiming) the weapon that may eventually be used (for five time units also). Simultaneously, the detected possible target is identified, by comparing its signature to those stored in a known signature rule-base (for seven units). As the last step, either the weapon and the targeting subsystems are used (for eight units) to destroy the target (if recognized as hostile) or both the weapon and the targeting are freed (if the target is recognized as a friendly, this action still takes one time unit though, as the release of the weapon may involve, for instance, the physical resetting of the weapon launcher and so on). Through the use of AND/XOR-hierarchy, the level of detail in the example can be reduced to one shown in the Figure 2. 8 Notice how precision is lost from the picture. Specifically, both split-join blocks have been condensed into single blocks and individual alternafive/parallel use of resource groups has too been condensed into single groups. The detail can be reduced further through the use of SESE-hierarchy, as in the Figure 3. Notice how the latter straightline block of two actions has been condensed to a single action block, along with the overall resource requirements. 38
A DESCRIPTIONLANGUAGEFOR ENGINEERINGOF COMPLEXREAL-TIMESYSTEMS 259
Rule base C Weapon NTargetting
~ Match &Target
Detect
-I
Figure 3. A simplified ship weapons system ("low detail").
R1 O l i 2 TI
112 O R 1 T2
R1
-I
_L g2
7,2
I
Figure 4. Introduction of weaker primary combinators.
Loss of precision due to condensation of AND/XOR-blocks and straightline SESE-blocks is not the only type of loss of precision in CaRT-Spec. Other types include introduction of weaker primary combinators (see Figure 4, where _1_has replaced two uses (alternate order) of identical o'ed resources, in non-straightline SESE-paths) and introduction of weaker secondary combinators (see Figure 5, where C and --- have replaced parallel uses of t,< and II, also in non-straightline SESE-paths). Also, observe (Figure 6) that condensing SESEregions that different incoming edges enter via different actions (or similarly, those that are left via different actions), also leads to loss of precision (on the edges). To retain the ability to go back and forth, among different levels in the refinement hierarchy, CaRT-Spec requires the use of "side-information" to represent "hidden" detail. While not necessarily aesthetic in presentation,9 side-information certainly suffices for the purpose of retaining precision.
3.
Schedulability Analysis and Transformations
CaRT-Spec provides a schedulability-analyzable specification. While in the absence of shared resources, inter-task dependences, and similar complications, and in the presence of 39
260
STOYENKO, MARLOWE, AND LAPLANTE
113
_I -[
1 J Rill
IL~
A
-I
A
I
Figure 5. Introduction of weaker secondary combinators.
1+2
-I
"r4
'1"1
1 I
T3
B
B
Figure 6. Loss of precision on the edges.
40
_
114
A DESCRIPTIONLANGUAGEFOR ENGINEERINGOF COMPLEXREAL-TIMESYSTEMS 261
preemptibility, schedulability can be checked (under the assumption of a rate-monotonic or earliest-deadline-first scheduler, for instance) simply by verifying a few inequalities, only exponential-time algorithms appear to exist for systems as general as CaRT-Spec programs. In fact, the problem of verifying that deadlines can be met for all processes is NP-c0mplete, and at least as complicated as bin-packing; basically, all feasible paths through system state space are checked (Stoyenko, Hamacher and Holt, 1991). The exponential number of paths principally arises from two causes: (1) choices at conditional branch points, and (2) order of arrival of requests for resources. In principle, each feasible combination of threads has to be considered, and all have to be shown to meet timing constraints; for each, all feasible orders of resource use have to be considered, and at least one has to be shown to result in those constraints being met. (The difference in treatment is because the application has no control over branches taken in conditionals, but, through the scheduler, almost complete control on the order of resource utilizations. If, on the other hand, we are using a known scheduler, then we will use that scheduler's policy for resolving conflicts, and the only uncertainty will be the set of requests of which the scheduler is aware at a given time; if the analyzer can provide guidance to the scheduler, then finding a good order to satisfy requests for any order of arrival will be sufficient; finally, if there is a fixed but unknown scheduler, we have to show that any order in which resource requests are granted results in deadline satisfaction.) There are some obvious simplifications, such as taking obvious "must-happen-before" (e.g., a use of R before a synchronization point and a use of R after that point) information on resource use into account. Even for fairly small programs, however, these do not result in an acceptable cost for schedulability analysis. We have therefore developed a number of compile-time transformations, guaranteed not to make a schedulable program unschedulable, to reduce the cost; there is evidence to show a significant effect on cost in most cases. As the emphasis of this paper is on the CaRT-Spec language and not on its transformations or analysis, the reader is referred to (Stoyenko, Marlowe and Laplante, 1995; S toyenko and Marlowe, 1992) for details. 4.
Conclusion
The engineering of complex real-time systems requires the integrated solutions of problems related to parallel and distributed processing, real-time, security, dependability and other issues. By building on the work at the Real-Time Computing Laboratory at NJIT, and the experiences of working with our collaborators and sponsors, notably including the Engineering of Complex Systems program at the Naval Surface Warfare Center, we have defined a multi-view--in terms of Functional, Timing, Fault-Tolerance, Security and other views--methodology that allow complex systems to be specified, designed, configured, evaluated and maintained. In our work so far, we have addressed the Functional and Timing operational views. An important part of this integrated approach is our specification and design (i.e. description) language CaRT-Spec---~e focus of this paper for expressing various views. To address scalability in complex systems, CaRT-Spec is designed with hierarchical structure 41
262
STOYENKO, M A R L O W E , A N D L A P L A N T E
and summarization rules; we are continuing to refine this aspect of the CaRT-Spec syntax and semantics. Tools incorporating the techniques are being evolved within our research. One technical benefit of this work is that the methodology and CaRT-Spec are clearly independent of the application, and component libraries can easily be developed. We would like to thank Bob Harrison of NSWCDD, the participants of the NSWC's System Specification and Synthesis Ad-hoc Working Group and the members of the RealTime Computing Laboratory at NJIT, for the input and influence they have had on the ideas embodied in this document. We are indebted to Mr. Ananth Ganesh for his participation in many productive discussions and in his assistance with example Figures used in the paper.
Notes
1. The word complex naturally refers to the complexity of the real-time applications, and not to that of the specification language itself.
2. Schedulabi•ityana•ysisisatermintr•ducedbySt•yenk•whichreferst•pre-executi•ndeterminati•n•ftiming properties of real-time programs. 3. It should be understood, however, that CaRT-Spec certainly includes process algebraic features as well. A CaRT-Spec program flow is expressed through processes (and subprocesses) subject to deadlines, periods and so on. We would also like to observe that our resource algebraic approach can be combined with a richer, "conventional" process aigebra one for some valid applications. However, a discussion of how this would take place would significantly complicate the exposition of and lengthen this paper, and is thus omitted. 4. General iteration or recursion are not useful in predictable reai-fime systems; all (single-frame instances of) predictable real-time processes can in principle be unwound; the only form of iteration which cannot be removed is that of cyclic process activations. Such activations are specified using periodic activation timing criteria, and are not specifically represented in CaRT-Spec graphs. Likewise, unbounded recursion represents potentially unbounded execution time. Because CaRT-Spec must be compile-time/link-time analyzable, cyclic CARTSpec graphs cannot faithfully represent time-constrained programs (since they must take any symbolically realizable path into account--the symbolic execution assumption, discussed in more detail below), and we do not consider them further in this submission. 5. Clearly, system parameters will not in general be known in the initial phases of design. We maintain, however, that it is preferable to include a conservative-best-guess, so that effort is not expended in designing a priori infeasible systems, and even perhaps to guide design choices to mitigate perceived bottlenecks. We anticipate that in most cases the effect of system information, design choices, and process refinement will be permissive, that is, relax constraints. Still, it is of course possible that new resources, implementation refinements, or new requirements will lead to violation of previous constraints, but these should largely be easier to handle than if design had proceeded with no partial information on resource usage or communication. 6. An alternate model, which may be applicable in some situations, will view AND nodes in particular as representing explicit broadcast of inputs and merge of output data. In this model, the two bracket tasks will have costs, and need to be assigned to a (usually the same) processor. 7. This classification is not necessarily exhaustive, but indicates the classes of processes understood by CARTSpec. In particular, there are alternative and slightly different definitions for what we here call interval-periodic processes. There are also processes for which the initiation interval and the frame may differ, so that multiple instances of a process may be simultaneously live. 8. Naturally, the usual refinement process would likely to proceed in the direction of providing additional detail. However, the point here is primarily loss of precision. 9. Currently, we are not decided on this point. The obvious default here is to keep side-information in textual profiles and to re-generate more detailed levels pictorially upon a reader's request.
42
A DESCRIPTION LANGUAGE FOR ENGINEERING OF COMPLEX REAL-TIME SYSTEMS
263
References Auernheimer, B., and Kemmerer, R. A. 1986. RT-ASLAN: A specification language for real-time systems. IEEE Transactions on Software Engineering SE-12(9): 879-889. Berry, G., Moisan, S., and Rigault, J.-P. 1983. Esterel: Towards a synchronous and semantically sound high level language for real-time applications. Proceedings of the IEEE 1983 Real-Time Systems Symposium, December, pp. 30-37. Berthomieu, B., and Diaz, M. 1991. Modeling and verification of time dependent systems using time Petri nets. IEEE Transactions on Software Engineering 17(3): 259-273. Clarke, E. M., Emerson, E. A., and Sistla, A. P. 1986. Automatic verification of finite state concurrent systems using temporal logic. ACM Transactions on Programming Languages and Systems 8(2): 244-263. Dasarathy, B. 1985. Timing constraints of real-time systems: Constructs for expressing them, methods of validating them. IEEE Transactions on Software Engineering SE-11(1): 80-86. Huizing, C., Gerth, R., and de Roever, W. P. 1987. Full abstraction of a real-time denotational semantics for an Occam-like language. In Conference Record of the Fourteenth Annual ACM Symposium on Principles of Programming Languages, pages 223-238. Association for Computing Machinery--SIGPLAN. Jahanian, E, and Stuart, D. 1988. A method for verifying properties of modechart specifications. In Proceedings of the Ninth Real-lime Systems Symposium, pages 12-21. IEEE Computer Society. Kligerman, E., and Stoyenko, A. D. 1986. Real-time euclid: A language for reliable real-time systems. IEEE Transactions on Software Engineering SE-12(9): 940-949. Krishnan, P., and Volz, R. 1989. A distributed real-time language and its operational semantics. Proceedings of the IEEE 1989 Real-lime Systems Symposium pages 41-50, Santa Monica, California. Ostroff, J. S. 1991. Survey of formal methods for the specification and design of real-time systems. In Tutorial on Specifications of Time--Abstractions, Design Methods, Languages edited by K. M. Kavi. IEEE Press. Stoyenko, A. D., Hamacher, V. C., Holt, R. C. 1991. Analyzing hard-real-time programs for guaranteed schedulability. IEEE Transactions on Software Engineering SE-17(8): 737-750. Stoyenko, A. D., and Marlowe; T. J. 1992. Polynomial-time transformations and schedulability analysis of parallel real-time programs with restricted resource contention. Journal of Real-Time Systems 4(4). Stoyenko, A. D., Marlowe, T. J., and Laplante, P. A. 1995. A description language for engineering of complex real-time systems. Computer and Information Science Research Report CIS-95-22, New Jersey Institute of Technology.
43
Real-Time Systems, 11,265-287 (1996) © 1996 Kluwer Academic Publishers, Boston. Manufactured in The Netherlands.
A Real-Time Self-Tuning Web Tension
Regulation Scheme BRIAN T. BOULTER
Systems Division, Reliance Electric Corporation, 24703 Euclid Avenue, Cleveland, Ohio 44117 ZHIQIANG GAO
Dept. of Electrical Engineering, Cleveland State University, Euclid Avenue at E 24th. Street, Cleveland, Ohio 44115
Abstract. A self-tuning control scheme is proposed for tension regulation in a web transport system. A computationally efficient self-tuning method is first described. The frequency domain model of the plant is then described. Simulations of the on-line tuning are presented. The paper closes with a discussion of cognizant real-time implementation issues.
I.
Introduction
WEB tension regulators are typically implemented with a PI controller as shown in Figure 5. The PI parameters are tuned to provide a stable responsive system for the entire range of product processed through the system. This results in a system that is de-tuned for a large range of products and optimally tuned for a small range of products. Unknowns such as web damping, friction, and slippage make the derivation of analytical tuning algorithms difficult. The usual approach is to heuristically tune the PI controller on-site based on observed system performance. Typically this results in stable tension regulation until such time as a product with extreme physical parameters is processed through the system. All too often this results in unstable tension regulation which in turn requires re-tuning of the loop. A better approach would be to provide a self-tuning regulation scheme that obviates the need for empirically finding a single unique set of stable tuning parameters for the entire range of products processed through the system. To this point adaptive and/or self-tuning regulation schemes have not been considered for web transport systems. This fact can be attributed to the complexity of the existing time-domain algorithms, and the associated hardware and software implementation difficulties. K. J. Astrom in (Astrom, et al. 1993; Astrom and Wittenmark 1989; and Astrom 1993) and I. D. Landau in (Landau 1993) summarize a variety of self-tuning regulation approaches using PID and feedback/feedforward techniques. Some approaches such as the MRAS approach require multiple iterations to converge to a desired regulator design. Other approaches require the derivation of a parametric model of the plant. In general most of these approaches are computationally complex. Knowledge based systems have been implemented utilizing fuzzy logic and other rule based approaches with some success (Shirley 1987; Shin and Cui 1991; and Lee 1990). These approaches require customized rules based on the given application, and are not practical for systems that are required to be tuned on-site with minimal customization. Recent developments in the field of self-tuning 45
266
BOULTERANDGAO
control have led to some exploration of frequency domain loop shaping self-tuning algorithms. These algorithms are based on iterative procedures that minimize a cost function (Goderd, Wang and Cluett 1992; Tzes and Yurkovich 1992; and Whitfield 1986). The time required to converge to a solution cannot be known a-priori. In general, the above self-tuning techniques are not computationally efficient enough, nor is the algorithm execution time predictable enough, to be used in self-tuning regulation (STR) for web transport systems. Distributed Control Systems (DCS), todayfs standard industrial control platform, are implemented with constrained computational resources requiring efficient algorithms with predictable execution times. The STR method proposed in this paper is neither complex nor difficult to implement. It identifies controller parameters through an interpolation algorithm that utilizes a desired open loop frequency response and the frequency response of the plant. The core of the algorithm is expressed in finding the least squares solution of a system of linear equations. It is, therefore, extremely efficient and predictable. For these reasons this particular STR algorithm is attractive for self-tuning implementations in a DSP based DCS platform. The self-tuning algorithm is extensible and can be extended to any SISO control scheme. In order to introduce the reader to the proposed STR algorithm and this particular implementation, the self-tuning algorithm is derived in section 2. A web transport plant is described in section 3. The simulation results of the proposed regulator are presented in section 4. A discussion of real-time implementation considerations along with conclusions can be found in section 5.
2. Self Tuning Regulation Scheme 2.1.
Background
The most prevalent method of SISO industrial control system design in use today is the loop shaping approach. This approach hinges upon the design of a controller that satisfies a set of loop gain specifications. It requires the derivation of an approximate linear plant model. To arrive at an acceptable design, skill and experience are often required. The design procedure is typically carried out in a cut and try manner. The tools most commonly used to perform the design are Bode and/or Nichols plots. A new algorithmic loop shaping design approach is described in this section, which reduces the design problem to solving a set of linear algebraic equations. Given that the proposed design algorithm can be coded and executed autonomously by a computer, the possibility of performing loop shaping SISO controller design on-line in an autonomous self- tuning regulation scheme becomes feasible. The purpose of this paper is to describe one such scheme. Figure 1 is the block diagram of the proposed STR scheme. An FFT algorithm is used to obtain the plant frequency response Pfjw). The STR algorithm makes use of the obtained frequency response and the loop shaping algorithm described in the following section to update the controller parameters. The anti-windup switch and stimulus block are implemented to provide a frequency rich autonomous stimulus to the plant for the purpose of obtaining a meaningful plant frequency response. In 46
A REAL-TIME SELF-TUNINGWEB TENSION REGULATIONSCHEME
267
Figure 1. ProposedSTR scheme.
other real-time applications a stimulus may not be required. This is discussed in the section covering real-time implementation issues.
2.2.
A New Loop Shaping Algorithm
A popular approach used in loop shaping design translates desired closed-loop performance specifications to constraints on the loop gain. For example: Low Freq. Gain = 50 [db] at 0.1 [rad/sec] Crossover Freq. = 8 [rad/sec] Phase Margin > 40 ° High Freq. Atten. = - 4 0 [db] at 200 [rad/sec] are typical specifications for a closed loop system with a step response time to peak of approximately 0.375 [sec], approximately 10% overshoot, negligible steady state error to a step, and good high frequency noise rejection and stability robustness. They can be considered typical for web tension regulation schemes. While the above constraints are typical they are by no means all inclusive. A control system designer may want to design a controller such that non-typical constraints are accommodated. For example, stop band attenuation or pass band amplification at particular frequencies may be desired. The algorithm that is developed in the following derivation automates the design of a regulator to satisfy any such set of loop gain constraints. It minimizes the error, in a least squares sense, between any set of loop gain constraints and the loop gain resulting from the product of the measured plant frequency response and the tuned regulator. The design problem is formulated as a matrix interpolation problem. An important characteristic of the algorithm that separates it from current loop shaping approaches is that it is not iterative. The interpolation constraints are satisfied with controller parameters obtained by solving a system of linear equations. 47
268
BOULTER AND GAO
Algorithm Derivation A controller with a frequency response of Cfjw) can be designed for a given plant frequency response P(jw) such that a desired loop gain LOw) is realized. That is: LOw) = COw)P(joo)
(1)
Let:
coa,)
-
ne(jw) - dc(.jw)
Where ncOW), dc(jw) are the controller numerator and denominator polynomials respectively. (1) can be expressed as: n~Oco)POco) - GOco)LOco) = o
(2)
or:
[n¢(jw),-d~(jw)]
[
P(jw) LOw) ] = 0
(3)
The objective of the new STR algorithm is to find coefficients of the controller COo)) such that equations (1) through (3) hold at a set of chosen frequencies. The derivation of the STR algorithm is performed in two steps. The first step is to obtain a matrix equation based on (3) but expanded and expressed in terms of a finite set of independent frequencies. The second step is to perform matrix operations on the resulting equation such that a system of linear equations of the form xA = b is obtained.
Step 1) Represent (3) in terms of a finite set of independent frequencies Represent the desired loop gain LOw) as a vector of complex scalars at 1 independent frequencies For the example loop gain constraints given previously, the desired loop gain frequency response can be taken from Figure 2, and expressed as a vector of complex scalars taken at 1 frequencies: [L(jooi) 1i=1,1] = [L(jwl), L(jw2) . . . . . LOw/)]
(4)
The frequencies in LOw ) may also be weighted. Frequency weighting in the desired solution is described in (Gao and Anstaklis 1994) and (Gao 1993). 48
269
A REAL-TIME SELF-TUNING WEB TENSION REGULATION SCHEME
~
Bode Plot of Desired Loop Gnln
i :::::ii
:
: i ii :iill
~i:i::ii:
: : :iiiii
i i
i i iiii i
i :i:ii:ii i i!:i::,i i :?
i ! ; : ~
: i : i i ::
.~ool~i . .'.......si...i . °..i.i i.i..;i ]........ ;.....}....i...i i~_ !.;.i........ i..i.;..i. :.i:.:.i ii,~~ ..... 10
10
~0
lo
lO
10
I0
F~equen cy (tad/see}
lo
10
Frequencyl~rodlsec)
Figure 2. Example of a desired loop gain.
Represent the plant frequency response P(jw ) as a vector of complex scalars at 1independent frequencies The plant frequency response can be obtained via an FFT as a vector of complex scalars:
[P(jwi) 1i=1,1] = [P(jO)l), P(jco2) . . . . . P(jwt)]
(5)
The FFT algorithm must output a vector of complex scalars that is composed of elements taken at the same frequencies as those chosen for (4).
Represent the regulator COw) as a matrix Working with a controller representation in the s-domain, a regulator structure C(s) is chosen for the given application. It must be proper (the order of the numerator is less than or equal to the order of the denominator and the leading coefficient of the denominator is 1).
C(s) =
an Sn + a n _ l S n - l -.{- . . . + ao Sm + b m - 1 s m - 1 + " "
+ bo
; n _< m
(6)
49
BOULTER AND GAO
270
The regulator can be expressed in matrix form in terms of its coefficients as:
[ne(s), -de(s)] = [ao, al . . . . . an, - b o , --bl . . . . . - b m - 1 , - 1 ]
1 s
0 0
s 0
0 1
(7)
i s Sm Let Ca, be the vector containing the parameters of the controller C.p = [ao, al . . . . .
an, - b o , --bl . . . . .
-bin-l,
-1]
(8)
and let:
Si=
1 jcoi
0 0
Jn°)f 0 0
0 1 jwi
0
jmco~n
(9)
(7) can now be expressed in the frequency domain as: [nc(jcoi ), -dc(jcoi ) ] = CpSi
(10)
The plant frequency response P(jco) and the desired loop gain response L(jco) can be represented as Ci, a 2 row matrix with I columns corresponding to the number of frequency points specified in (4)• Cl
[ P(ja~l), P(jr.o2)P(j¢-o3). . . . . P(jogl) ] = L LOt°l), L(j092), L(j093) L(j09/)
(11)
. . . . .
Eq. (3) evaluated at wi, i = 1, 2 . . . . . l may now be represented as: CpSiCi = 0 Where: C~ is a 1 × (m + n + 2) matrix Si is an (m + n + 2) × 2 matrix Ci is a 2 × I matrix 50
(12)
A REAL-TIME SELF-TUNING WEB TENSION REGULATION SCHEME
271
Step 2) Perform matrix operations on (12) so that the resulting matrix equation is in the form xA ~D b Expanding SiCi yields the following matrix P(ja~l) P(jw2) ... j~OlP(jOgl) jw2P(jo92) ...
P(jOgl) ja~tP(jog/)
. . .
jnog~P(jWl) jnw~P(jwz) ... jnw~P(jog/) sigi
L(j091) jOglL(jOgl)
L(jog2) jtOEL(jo92)
"'" "'"
L(j~/)
(13)
j~L(jog/)
jmw]nL(jOgl) jmog~nL(jw2) -.. jmw~nL(jog/)
SiCi may be represented as: SiCi ~-~
[s,] BL
.4,
Where: SL = the first (n + m + 1) rows of the SiCi matrix; BL = jmog]nL(jml), jmog~nL(jm2) . . . . . jmw~nL(jco/)]
Given that the Ith entry in Cp is -1 (12) can be expressed as:
[Cp-1]
[SL]=o BL
(15)
where: [C~] = [ao . . . . . an, -bo . . . . - b i n - l ]
(16)
From (15) we obtain: [C~][SL] -- [BL] = 0
and finally: [Cp][SL] = [BL]
(17)
The matrix equation (17) is now in the desired form xA = b. (17) can now be expressed as; [a0 . . . . .
an, - b o . . . . - - b m - l ] = BL[SL] - l
(18)
Solving the set of linear equations in (17) yields the tuned regulator coefficients [C~]. [SL] is rarely square therefore a pseudoinverse is used to find the least square solution of the 51
272
BOULTER AND GAO
set of linear equations. Obtaining the least squares solution of (17) may also be expressed as finding the best fit of controller parameters such that the least squares error between the desired loop gain and the loop gain resulting from the controller design is minimized. The Moore-Penrose pseudoinverse algorithm is a suitable algorithm for this application and is described in (Matlab Reference Guide 1992). A second consideration is that [SL] and [BL] are complex matrices. To avoid the necessity of writing code for finding a pseudoinverse for a matrix with complex elements, (Gao Tabachnik, and Savescu) provides a method whereby the coefficients can be found by dividing [SL] and [B~.] into real and imaginary parts as shown in (19). The pseudoinverse may now be obtained from a matrix with all real numbers, making the coding considerably simpler. [a0 . . . . . an, - b 0 . . . . -bm-1] = [Re(BL), Im(BL)][Re(SL), Im(SL)] -1
(19)
Equation (19) forms the heart of the self-tuning algorithm. The algorithm may be summarized as follows: 1. Provide a vector of desired loop gain frequency response data (L(jcol)) at I frequencies. 2. From a set of measured input output data, taken from the plant on- line, compute the plant frequency response vector (P(jcoi)), using an FFT algorithm, at the same frequencies as L(jwl). 3. Substitute L(j~ot) and P(jc.oi) into (13) and obtain the [SL] and [BL] matrices using (14). 4. Substitute the [SL] and [BL] matrices into (19) and solve the linear system of equations using a suitable pseudoinverse algorithm. The solution yields the controller parameters. 5. If the implementation is in a discrete environment, calculate the z- domain controller coefficients using a suitable transformation technique and update the controller. A Short Discussion Regarding Controller Structure Selection The choice of the controller structure is application dependent. Care must be taken to select a controller with an order high enough to satisfy the given regulation requirements. As stated previously, the proposed STR algorithm achieves the best possible fit between the desired loop gain and the actual loop gain. This may result in approximate pole zero cancellation. Approximate pole zero cancellation has been used for many years in industrial control systems. For example the motor electrical time constant is canceled with the zero of a PI controller in motor current loops, many other examples could be given. This approach is entirely acceptable when the values of the plant poles and zeroes do not change significantly (as is the case for a given product in web transport systems). If the plant poles and zeroes do change, an STR algorithm will be employed to adjust the controller parameters to compensate for the changes. When dealing with pole zero cancellation of second order pole pairs the effectiveness of the cancellation is very much dependent on the damping of the pole pair. If the pole pair is extremely underdamped (i.e. ff < 0.1) the zeroes must be placed very close to 52
A REAL-TIMESELF-TUNINGWEB TENSIONREGULATIONSCHEME
273
the poles to effectively cancel them. The transient step response of the system will show a discernible ringing if the poles are not canceled adequately. However web transport systems rarely, if ever, encounter open loop underdamped plant pole pairs with damping factors less then 0.3 and the use of 2nd order approximate cancellation techniques can be considered acceptable, In addition the bandwidth of the closed tension loop is always chosen to be less than the frequency of any underdamped pole pairs, resulting in attenuation of the resonance. Simulation has shown that in the presence of typical web transport system open loop underdamped pole pairs the proposed STR algorithm generates regulator designs that are more than adequate for acceptable tension regulation. For this application a fourth order controller structure, as shown in Figure 6, provided adequate regulator designs. This choice was made with the a-priori knowledge that there are three dominant poles in the plant transfer function, as will be shown in the following section, and that making the regulator an order higher than the plant order provides.on-line regulator tunings that meet low frequency gain specifications. In the following section it will be shown that if a PI regulator is used the system modeled in this paper is type 2 at stall, a condition where tension is applied to the web but the line speed is zero. This is due to an inherent integration in the plant, it will not however be type 2 when the web material is moving through the tension zone. Of particular interest is the choice of domain to be used to derive the controller parameters. The Laplace domain applies to continuous systems but the real-time implementation will typically be on a computer which is discrete and any analysis relative to the derivation of the discrete controller parameters should be performed in the z-domain. However, given that the sample times of modern DCS control systems are of the order of 1-2 [msec] (which can be approximated as a pole at 2/Ts [rad/sec] or 1000-2000 [rad/sec]) and problematic natural frequencies encountered in web transport systems are less than 100 [rad/sec], the effect of sampling can be ignored and the controller parameters obtained in the Laplace domain. To find the final regulator coefficients in the z-domain a suitable transformation of the s-domain controller may be used.
3.
Modeling of a Web Transport System
A physical representation of the plant shown in Figures 5 and 6 is shown in Figure 3. The motor and gear-box have been omitted. The shaft torque of the motor drives the gear-box which in turn drives Bridle 2, producing V2. Bridle 1 is regulated by a speed regulator only and is regulated to rotate at V1, the desired operational line speed. Assuming that, 1. Unstretched web is introduced into the tension zone. 2. Bridle No. 1 is an ideal speed regulator. (Carter 1965; Parant, Coeffler and Lung 1992) show that for small signal analysis, change in tension in the tension zone (the tension zone is the length of web between the speed regulated bridle and the tension regulated bridle) can be modeled in the Laplace domain by (20) a commonly used tension model in web analysis. 53
274
BOULTER AND GAO
• lBridleNo. I
V
BridleNo.2
WdaM~erial
,i
I,
Figure 3. The physical plant.
A AT ~
m
v,
(20)
\
AT = The change in web tension in the tension zone [N] E = Web modulus of elasticity [N/cm^2] A = Web cross sectional area [cmA2] L = Web length [m] V1 = Velocity of feed roll [m/sec] V2 = Velocity of exit roll [m/sec] to = tension in the web entering the tension zone.
Modeling the motor inertia and driven roll inertia (reflected through the gear-box to the motor shaft) as a lumped inertia J, a block diagram of the plant (Figure 4) can be constructed using (20). K1 is a constant that converts motor rotational speed to linear line speed. I42 is a constant that converts web tension to a torque reflected through the gear box and felt at the motor shaft, z[N m] represents the torque produced by the motor. By is the coefficient of viscous friction. Bw is the web-damping modulus. It can be shown that the transfer function from the output of the tension regulator WrEN to the tension feedback TFDBK in Figure 6 is: K.L
V1.K2 (s/O~s + 1)
TFDBK = O)TEN
~
J.L
S
3
+
J'VI+K~'L ^2
Ks'Vl'ms ~ -t-
K'L+Ks (L't°s +VI) S
Ks'Vl'ms
where: J: Lumped Bridle/Motor inertia [Kg m^2] Ks: The inner speed loop PI proportional gain term 54
(21) "[-1
A REAL-TIME SELF-TUNING WEB TENSION REGULATION SCHEME
TFOBKINI coFDBK [K~S.]
275
V1[m / see V2[m / sec]---a
,('~,~ ~J
Figure 4. Plant block diagram (Includingweb-dampingand viscous friction).
oos: The inner speed loop PI lead frequency [rad/sec] D: The driven roll diameter [m] GR: The gear ratio K l --2.~ K2 GR.2 K = K 1 . K2- ~ 4 • ~1Note that (21) does not include web-damping (Bw) or viscous friction (By). If we include the transducer filter (see Figures 5 & 6), (21) becomes: 1
(21.a)
TFoL = (21)- s2 2.s 7}+Tff +1 Let: K v = .~ ;
It can be shown that the third order denominator in (21) can be approximately factored into the form: s + 1
+
+ 1
(22)
oJ2 55
276
BOULTER A N D G A O
Current/Torque Minor Loop (Currcnl/torqu¢
(/)REF [R.P-M.] (Shaft Speed Reference) T • n, cnslon FI Controller
] 4"[
rcfercnco input. Shaft tor ue out q )
I ~msKtR~'MI(shaftspeeAFe~xlbuck)
(Tension Reference) [ -
I
S - ~ a PI ~ Controller
[
,
im
I
TmBKt~¿(Tensi°n Feedback)
[Plant
[
]
I
Figure 5. A typical non STR web tension regulation scheme as used in industry today. where: 0)2 ~ ~ / R 2 -1- 0)CO ' COs Kv'wCO'Ws
0)1 =
~o2
(23)
Kv.R2~-~Oco.W~ ~'T - 2.~023
The equations in (23) can be shown to be satisfactory approximations of the exact values providing Kv < 10.0)co which is reasonable for all practical web transport systems. Some interesting observations can be made from (23) namely; 1. The center frequency (0)2) of the open loop 2nd order pole pair increases with a corresponding increase in the speed loop bandwidth. 2. Damping of the open loop 2nd order pole pair (~T) increases with speed loop bandwidth. In addition to the need for zero steady state error to a ramped speed reference, the above two observations provide additional impetus for the inclusion of a speed minor loop in any tension regulation scheme. From the tension loop control system design perspective, the value of ff~ in (23) is critical since the final design will depend on the installed system having a real or complex pole pair. The worst case system operating condition is at stall (V1 = 0, 0)1 = 0, ~T = 0)CO/2 • 0)2) and it is in this condition that a web tension loop is typically tuned. Unfortunately in real applications the value of ~'~ is affected by non-modeled parameters such as webdamping, mechanical friction, roll slippage, and in the case of films and paper, temperature and humidity. It can also be shown that the bandwidth (or stiffness) of upstream speed regulators (Bridle No. 1 in this case) affects fT. To summarize, the inability to analytically identify ~T in (23) is the main contributing factor to the need for heuristically tuning web tension regulators in the field. It is also clear from (23) that the frequency 0)2 varies as a function of web parameters E, A, L and the lumped inertia J. In general it is obvious that a system with no STR mechanism 56
A REAL-TIME SELF-TUNINGWEB TENSION REGULATIONSCHEME
277
(O REFIRp.M] .
Anti-Windup Switch
Stimulus
~h------~'~--q I..¢+,~'+,~s'...... ~_~
I
I /+
s ~ . a p!
r-
I"
coFDBK[R.P.M.]
Supervisoly Control. FFT Algorithra&
Plant
"1
Filter
T
t +
I
TmnKt~]
+1
Figure6. ProposedSTR regulation scheme(As implementedin simulation). needs to be tuned for stable operation with the worst case operating parameter set (quite often in and of itself hard to identify) and that for other operating parameter sets the system is running in a stable but less than desirable condition.
4. 4.1.
Self Tuning Web Tension Scheme & Simulation Self Tuning Web Tension Regulator
To clarify the difference between the traditional web tension regulation approach and the proposed approach detailed block diagrams of the two schemes are presented below (Figures 5 &6). Figure 5 represents a typical tension regulation scheme as used in industry today. ~OTENis the outer tension loop vernier contribution to line speed reference. Small changes in speed result in corresponding changes in web tension, this is the basic idea behind the use of an inner speed loop around which a tension regulator is strapped. In addition it can be shown that the use of a PI regulator for speed regulation results in a type 2 inner speed loop, a necessity for web transport systems where there must be zero steady state error to a ramped speed reference (for acceleration and deceleration of the process line). Both PI regulators are composed of a proportional gain term Kp and a zero frequency Wz~aa,the zero frequency is equal to the ratio of the integral and proportional gains K1/Kp. This representation of a PI regulator is common in industrial control systems. A transducer filter is typically employed to filter unwanted high frequency noise. For this application the corner frequency of the transducer filter was set at 20 [rad/sec], a typical value. Figure 6 is a representation of the proposed STR algorithm as implemented in the simulation described in this paper. The difference between this scheme and the scheme in Figure 5 is the replacement of the Tension Loop PI regulator with an STR regulator, an anti-windup switch, a stimulus switch and an autonomous supervisory controller. The function of the 57
278
BOULTERANDGAO
anti-windup switch and the stimulus switch is explained in the logic sequence at the end of this section. The use of a PI controller for the inner speed loop in the STR regulation scheme is desirable due to the need to ramp up to an operational line speed with zero error to a speed ramp, as described previously, as well as the need to jog the bridle for threading new web material into the process line. From Figure 1 it can be seen that a supervisory controller is implemented to provide the sequencing logic required to execute the STR algorithm. The logical sequence used in the simulation performed in this paper is as follows: 1. Set the anti-windup switch. (set the input of C(s) to zero effectively disabling C(s)). 2. Provide a step stimulus to the plant input. 3. Collect a set of input/output plant data and perform an F F r to obtain P (jogi) 4. Initiate the STR loop shaping algorithm, obtain a set of controller parameters, and update the controller. 5. Continue stimulus and monitor the feedback and tension reference. Turn offthe stimulus when the feedback matches the reference (error = 0). Release the anti-windup switch and re-enable the re-tuned controller. In other real-time applications this algorithm need not be adhered to. The more traditional STR approach may be implemented. That is, a continuous FFT may be generated from normal plant operational stimulus/response data and the controller updated periodically without the need for the anti-windup switch and an autonomous stimulus. However this is only feasible if the harmonic content of the normal operational stimulus is adequate enough to obtain a meaningful FF~. In applied tension regulation schemes the tension reference rarely changes and the feedback is always constant. This results in the need to provide an autonomous stimulus, as described above, when self-tuning is desired.
4.2. Simulation Set-Up A simulation was performed using SIMULINK and MATLAB and computation times for algorithm execution logged. The purpose of this experiment was to determine the feasibility of implementing the algorithm in hardware. Based on the results of the described simulation a hardware implementation using the Reliance Electric "Automax" hardware/software DCS platform is currently being developed. To provide realistic unmodeled dynamics viscous friction, web-damping, tension feedback white noise and line speed white noise were included. The objective of the simulation was three-fold; 1) To demonstrate an algorithm execution times that are reasonable for the described, and similar, applications. 2) To demonstrate the ability of the self-tuning algorithm to satisfactorily re-tune the controller "on-line" for a wide range of product.
58
A REAL-TIME SELF-TUNINGWEB TENSION REGULATIONSCHEME
279
Table 1. Simulationset-up parameters.
(Oriented Polypropylene)E = 2 x 105 [N/cm2] A = 10~0.1[cm 2] L Roll diameter Gear ratio Motor power Gear-in speed Inertia Max. Line speed noise Max. Transducer feedback noise Web damping modulus (Bw) Viscous friction (By) tof OJCML toco
= = = = = = = = = = = = =
10 lm] 1 [m] ~r 10 [kW] 1000 lrpm] 10 [Kg m 2] 0.02% Max. line speed 0.1% Max. Tension feedback 100 [N sec/cm 2] 0.03 [N m / rpm] 20 [rad/sec] 200 [rad/sec] 15 [rad/seel
3) To demonstrate the advantage of on-line self-tuning based on the measured frequency response of the plant as opposed to off-line tuning with the STR algorithm using the transfer function model (21.a) to obtain a theoretical plant frequency response. The parameters used in the simulation are presented in Table No. 1. The plant frequency response is obtained with the use of an FFT implemented with a Hamming window with 50% overlap. For Figures 8 and 9 the following FFT set-up was used; Ts = 0.04 [sec] (256 samples); M =
128 samples.
wi = 0.2 ~ 20 [rad/sec] (200 points) For Figures 9 and 10 the following FFT set-up was used; Ts = 0.01 [sec] (1024 samples); M = 512 samples. wi = 0.5 ~
100 [rad/sec] (200 points)
M specifies the size of the Hamming Window as described in (Ljung 1992) pp. 2-95-2-96. A SIMULINK masked s-function performs the on-line FFT and executes the self-tuning algorithm to provide the new controller parameters. During the simulation the algorithm execution times were tabulated and are presented in Table 3 below. To accomplish selftuning using the described algorithm the system is stimulated with a small speed reference step as described in section 2. Care was taken to ensure that web tension was reasonably bounded during this period. To prevent regulator windup during the plant stimulus process, the input to the tension regulator is forced to zero by setting the anti-windup switch. For the first simulation set (Figures 7 through 12) the self-tuning system was initialized with a set of poorly tuned controller parameters. Two tension steps of 5 [sec] duration (from 0 to 10 [sec] in Figures 9 and 12) were followed by a 10 [sec] data collection and regulator tuning period. After which the re-tuned STR response to three tension steps of 59
280
BOULTER AND GAO
Table 2. STR regulator parameters. Figure 7
Figure 10
coeff.
Before
After
ao
1.9992 1.6204 0.0998 0.0017 0.0000 2.2025 3.3890 3.2350 0.1136 0.0010
0.8720 0.9376 0.3554 0.0438 0.0015 0.6615 3.8308 2.2528 0.2929 0.0010
a] a2 a3 a4 bo b] b2 b3 b4
Before
After
0.2890 1.9992 0.4724 - 1.6204 0.3382 0.0998 0 . 0 4 4 1 0.0017 0.0015 0.0000 0.4561 2.2025 3.1744 3.3890 2.3997 3.2350 0.3027 0.1136 0.0010 0.0010
Theoretical Plant Frequency Response, A = 0.1 [cma2]
501 . . . .i-i..+-.4..!.-!--.i.i .... o ......... i....... dbl'50F .............i ,00,
'i
I
10
7 ] 7i(i
~! i
iio
10
i i
•
• ~ . . . . . . . .
Frequency[rad/sec] 10
i i li!!ii
o ...... iii 10
10 Frequency[rad/sec]10
10
i i li{{i '2 10
Figure 7. Theoretical freq. resp. (A = 0.1 [cm^2]).
5 [sec] duration was obtained. Figures 7 and 10 represent the theoretical plant frequency responses obtained with the use of (21.a). The plant frequency responses obtained on-line with the FFT are shown in Figures 8 and 11. These plots are presented with probabilistic bounds of 1 standard deviation as described in (Ljung 1992) pp 1-21, 22. This presentation technique is similar to that described in (Astrom 1993) section 2. The regulator coefficients before and after self tuning for Figures 9 and 12 are presented in Table No. 2. A second simulation (Figures 13 and 14) was performed to obtain a comparison between a regulator tuned off-line with the STR algorithm using transfer function (21.a) to obtain the plant frequency response (from 0 to 10 [sec]) and a regulator tuned on-line with the STR algorithm (from 20 to 35 [sec]). The on-line tuning process was the Same as that used above.
60
281
A R E A L - T I M E SELF-TUNING WEB TENSION REGULATION S C H E M E
EstimatedPlantFrequencyResponse,A = 0.1 [cm^2] 100l
i i ''il ~--i i ~'~ '. :: i ~ ii~ t i i i',':ii[ i i i iiiiii i i i i ii', 5o .......... ;.::..,%...i ..; .......................... i--.i-i-i ~,................i ..... ~..-- .i--.}..;--ii !
!
i..
1
~-~z.-,....~....i......i-->-i...i~i
~
-
....... .:
" !.. ..:,.:...[.i!>..".-.T:>~.~.~t~.~
10
10
o
t
Frequency[rad/secl
10
!/
~i
10
.....,-:~-..;..i.i~:.i~.+-+~!<<~-~i---i~:",.~i-.i.i.
10
i
~ ~~
10
i ',-il
'.i
Frequency[rad/sec] 10
10
Figure 8. Estimated freq. resp. (A = 0.1 [cm^2]).
ii~. .................. .................
.T.-.,
................... ~................... ,...................
..................i.t-it.--.,1 ~......................~......................~.................................................................. ; ....
~.11!t~
............... ~lfi7
...... ' ..... /-t
i~
............. ii ............. ~ ................. i
........ <( ........1 .....................1.............;] ....................;
°/~l,,~i;~t~ ~,;J I 1 1
-o-~tiliy
.....................~..............................................!t~-~
.......... --,~'~
,...li ..!(;;] ............................................................................................................................ i '0
5
10
15
20
25
30
35
Time[sec]
Figure 9. STR tuning (A = 0.1 [cm^2]).
61
282
BOULTER AND GAO
Theoretical Plant Frequency Response, A = 10 [em~2]
:, :. i i i[ii
'
20
~0
...............
i
~ --
i-i" .................i....
10
10
Frequency trad/sec]
-~°°t i:: i filil 10
i i~ 'iii ......... ~
.i. 10
; i
Frequency Irad/sec]
i
10
~:
10
~
!
i:~i
10
10
Figure 10. Theoretical freq. resp. (A = 10 [cm^2]).
Estimated Plant F r e q u e n c y R e s p o n s e , A = 10 [ e m ^ 2 ]
i i......~i:!i i i
10
500r
L
10
. . . . . . . .
o,".............i "
1
!
i i i:iii
F r e q u e n c y [rad/sec]
.
......
10
r-
!:'.i:.i:;; i~.~::~:*~i~"~;.:.--~*
10
Figure 11. Estimated freq. resp. (A = 10 [cm^2]).
62
.
. . . . . . .
'~ ~:~!:: '~!" i 7~.,
,ooo-,/ J ~:i iiiio 10
10
1
i ~, ; =L:I[ F r e q u e n c y [rad/sec]
10
10
283
A REAL-TIME SELF-TUNING WEB TENSION REGULATION SCHEME
ii ............................ ...................... ,H T ....................... ,.........
it................................................................................................................................. -2
0
5
10
15 Time
20
25
35
30
[sec]
Figure 12. STR tuning (A = 10 [cm^2]).
08f 0.6
. . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . .
0.4
...........
/
i
0.2 .........................
i
i,/
'
-0.2
I
...... i - i ....................i!
. . . . . . . . . . . . . . . . . . . . . . .
-0.4 •i ..................... i.tl t " ~ i
0
5
10
__
15 Time
i
20 [sec]
25
30
35
Figure 13. Theoretical v's on-line tuning (A = 0.1 [cm^2]).
63
284
BOULTER AND GAO
.................// /,
-1
i
-1 "!i]
5
10
15 20 Time [sec]
25
30
35
Figure 14. Theoretical v's on-line tuning (A ---- 10 [cm^2]). Table 3. STR algorithm execution times.
4.3.
Length of I [points]
Controller order
Pseudoinverse execution time [sec]
Algorithm execution time [sec]
50 50 50 100 100 100
2 4 8 2 4 8
0.050 0.050 0.050 0.060 0.060 0.110
0.061 0.063 0.066 0.072 0.075 0.128
Simulation Observations
The execution times for the STR algorithm were obtained using a 486 66 [mHz] PC compatible computer running SIMULINK V1.2c. It was noted that the algorithm execution time was consumed mostly by the pseudoinverse algorithm. For the simulation discussed in this paper 50 frequency points and a fourth order controller were used. An interesting observation from Table 3 is that the execution time for the pseudoinverse did not vary greatly for the range of matrix sizes that can be expected using the described algorithm. The FFT execution times will var-y greatly, depending on the choice of smoothing and windowing algorithms in addition to the number of points used in the FFT. Typically, however, in real-time applications where the STR algorithm is to be used in an adaptive regulation scheme the time-varying parameters in the controlled plant will be an order of magnitude or more slower than the execution time for the FFT. In a given application the
64
A REAL-TIMESELF-TUNINGWEB TENSION REGULATIONSCHEME
285
FFT will most probably be obtained with an off-the-shelf hardware plug-in and will run independent of the STR algorithm, providing P ( j coi) on an as-needed basis. The following set of figures summarize the results of the simulation. Figures 9 and 12 demonstrate the STR algorithms ability to tune on-line in the presence of unmodeled dynamics for two extreme product cross-sectional areas. The higher than desired overshoot can be attributed to inaccuracies in the on-line measured FFT plant frequency response. It was observed that relatively accurate plant frequency response data, as shown in Figures 8 and 11, is critical to the success of the application of the described self- tuning algorithm. Factors impacting the quality of the estimated plant frequency response are: 1) Sample Time (high frequency response). 2) The sample length (low frequency response). 3) The choice of FFT windowing algorithm (transient disturbance and noise rejection). 4) The choice of smoothing algorithm (noise rejection). 5) Harmonic content of the input stimulus (overall frequency response). These topics have been covered in (Goderdhansingh, Wang and Cluett 1992; Cunningham 1992; Whitfield 1986; and Jenkins and Watts 1968). Adequate performance of the STR algorithm on-line will depend on making appropriate choices in 1) through 5) based onthe given application and the desired loop gain. Simulation results also indicate that the choice of frequencies used in the generation of L(jw) and P(jw) govern the quality of the final self-tuned regulator design. Care should be taken to provide frequencies low enough to generate a meaningful estimation of the plants low frequency response yet high enough to provide for adequate compensation of high frequency underdamped modes. Figures 13 and 14 show clearly that off-line tuning using the approximate linear plant transfer function (21.a) to derive the estimated plant frequency response resulted in unsatisfactory loop response. This can be attributed to the unmodeled dynamics present in the simulated system but not accounted for in (21). However by generating the frequency response of the plant on-line (including the unmodeled dynamics) the STR algorithm was able to provide a regulator tuning which adequately compensated for the included unmodeled dynamics.
5.
Implementation Issues/Conclusions
The object of good tension regulation in a web transport system is to produce good product, any excessive deviation in tension typically results in product that must be scrapped. Since the stimulus required to obtain a meaningful plant frequency response with an FFT will for all practical purposes result in material that must be scrapped it follows that the self-tuning be performed seldom and generate a minimum of waste material (Quite often a processfs profit margin is tightly linked to the amount of scrap material produced in a given time period). With this in mind a real-time implementation of the described STR in an industrial environment requires some thought and planning. If it is possible to excite the web in a stall condition, waste can be minimized. Applications that would meet this criteria for example, include rolling mills and tension levelers. However, it would not be practical in the furnace sections of continuous annealing lines. Mill management systems provide a medium through which controller configurations for particular set-ups may be stored. Using such a management system would alleviate the need for initiating self-tuning for 65
286
BOULTERANDGAO
previously run product set-ups. In addition the self tuning algorithm need not be initiated for every product set-up, but rather for those where there is a significant change in product parameters or a predetermined error measure is exceeded. The step stimulus used in the simulation may not be practical for most systems. For example, materials such as steel do not stretch much and a very little change in speed results in a significant change in tension. For these systems significantly smaller random speed steps would be required. In applications where a real-time system requires the implementation of an adaptive scheme that continuously up-dates the regulator parameters, the update time will depend less on the algorithm execution time and more on the FFT execution time. In these applications care must be taken to ensure that FFT executes at least on order of magnitude faster than the fastest time-varying time constant of the controlled variable. In addition, as a rule of thumb, the FFT windowing overlap should be set at 20%-50% to eliminate transient distortion of the FFT. Stimulus schemes may be used in the same fashion as those currently implemented in MR_AS based rolling mill gauge control regulation schemes. The main advantage of the described STR algorithm over the MRAS approach in current use is that the controller parameters are obtained "instantly" relative to the time taken in current MRAS schemes to converge to a solution set of controller parameters. This paper did not investigate the use of frequency weighting in LOw) as described in (Anstaklis and Gao 1993) and (Gao and Anstaklis 1994). Use of this technique may prove useful in reducing the number of points required in the pseudoinverse. Given that the time taken to find the least squares solution to the system of linear equations of a particular application has been identified, system computational resources may be allocated in a predictable manner. This feature is extremely desirable in large systems where computational resources are constrained and emphasis is on ever increasing sample rates. In conclusion, the evident elegance and straightforward implementation of the STR algorithm presented in this paper shows great promise for its application in contemporary industrial control engineering practice. It is in no way limited to the tension problem presented, but may be applied to any of a number of SISO control applications.
References Anstaklis, R J., and Gao, Z. 1993. Polynomial and rational matrix interpolation: Theory and control applications. International Journal of Control 58(2):349-404. Astrom, K. J. 1993. Autonomous controllers. Control Engineering Practice, 1(2):227-320. Astrom, K. J., Hagglund, T., Hang, C. C., Ho, W. K. 1993. Automatic tuning and adaptation for PID controllers--a Survey. Control Engineering Practice 1(4):699-714. Astrom, K. J., and Wittenmark, B. 1989. Adaptive Control. Allison Wesley. Carter, W. C. 1965. Reducing transient strains in elastic-strip processes. Control Engineering:84-87. Cunningham, E. 1992. Digital Filtering. Ch. 6,8 and 9, Houghton Mifflin. Jenkins, G. M., and Watts, D. G. 1968. Spectral analysis and its applications. Holdan-Day. Gao, Z. 1993. An algorithmic approach to loop shaping with applications to self-tuning control systems. Proceedings of the 8th. IEEE Symposium on Intelligent Control. Gan, Z., and Anstaklis, R J. 1994. New methods for control system design using matrix interpolation. Proceedings of the 33rd IEEE Conference on Decision and Control, 2506-2511.
66
A REAL-TIMESELF-TUNINGWEB TENSIONREGULATIONSCHEME
287
Gao, Z., Tabachnik, B., and Savescu, R. Transfer function matrix identification from input-output measurements. to appear in the Journal of the Franklin Institute. Goderdhansingh, Wang, L., and Cluett, W. R. 1992. Robust control system design using direct frequency response. Proceedings of the American Control Conference, 3026-3030. Landau, I. D. 1993. Evolution of adaptive control. Journal of Dynamic Systems, Measurement and Control, Transactions of the ASME 115(2B):381-391. Lee, C. C. 1990. Fuzzy logic in control systems-Part I and II. IEEE Transactions on Systems, Man and Cybernetics 20(2):404-435. Ljung, L. 1992. MATLAB System Identification Toolbox. The Mathworks. Matlab Reference Guide. 1992. The Mathworks, 369-370. Parant, F., Coeffler, C., and Lung, C. 1992. Modeling of web tension in a continuous annealing line. Iron and Steel Engineer:46--49. Shin, K. G., and Cui, X. 1991. Design of a knowledge-based controller for intelligent control systems. 1EEE Transactions on Systems, Man, and Cybernetics 21(2). Shirley, R. S. 1987. Some lessons learned using expert systems for process control, IEEE Control Systems Magazine: 11-15. Tzes, A. P., and Yurkovich, S. 1992. On frequency domain loop shaping for self-tuning control. Proceedings of the American Control Conference, 61-65. Whitfield, A. H. 1986. Transfer function synthesis using frequency response data. International Journal of Control 43(5): 1413-1426.
67
Real-Time Systems, 11,289-302 (1996) © 1996 Kluwer Academic Publishers, Boston. Manufactured in The Netherlands.
Application of the Genetic Algorithm to Real-Time Active Noise Control K. S. TANG, K. E MAN, S. KWONG, C. Y. CHAN
City University of Hong Kong, Kowloon,Hong Kong C. Y. CHU
Department of Mechanical and Marine Engineering, Hong Kong Polytechnic University, Hong Kong
Abstract. A modified model, in the form of an FIR filter, is proposed for the modelling of the acoustic dynamics of an active noise control system. This is a low order filter formulation but consists of two independent elements--a time delay and a d.c. gain. Empirical data has shown that this model constitutes a good representation of the equivalent high order FIR filter and has the additional feature of being a high frequency noise filtering device. Because of its specific structure, the time delay and gain must be identified independently. This restricts the use of the conventional least mean squares technique for parameter optimization, as the cost function intrinsically comprises multimodal error surfaces. The use of Genetic Algorithms could be the best solution to address this issue but their unpredictable response in real-time require some special attention. A fully developed active noise control system, based on the Genetic Algorithm, to achieve the objective of noise reduction is described. To further guarantee the reliability of this approach, a supervisory scheme is incorporated for governing the realtime learning operations. A parallel hardware architecture, using two independent TMS320C30 digital signal processors, is designed for such implementation. The experimental results indicate that this approach to noise control is sound, and that noise reduction of more than 15dB(A) is consistently obtained.
Keywords: Active Noise Control, Genetic Algorithm, FIR Filtering, Parallel Real-Time Architecture
1.
Introduction
Active noise control (ANC) employing real-time algorithms and architecture is a promising trend for future development and a number of systems have been proposed, as follows: ANC systems for power transformers (Cheuk, et al., 1994; Berge, et al., 1988), duct systems (Hall, et al., 1992; Park and Kim, 1993), systems for vehicle or flight cabins (Sutton, et al., 1994; Elliott, et al., 1990) and other noisy systems (Nelson and Elliott, 1993). The main contribution to the success of these systems has been the use of parameter identification techniques for the estimation of the noise dynamics in real-time and the adaptive optimal c o n t r o l l a w s that g e n e r a t e t h e c o r r e s p o n d i n g a n t i - p h a s e a c o u s t i c s i g n a l s f o r t h e final n o i s e
cancellation. In general, gradient descent least mean squares (LMS) techniques are often adopted for identification purposes. Despite the successful outcome of such conventional ANC systems, there are many shortcomings to use this approach. One obvious phenomenon is trapping at the local optima when the LMS optimization technique is employed. This often results in a sub-optimal noise reduction performance. Another deficiency is the modelling of the acoustic paths as well as the controller itself. These are usually restricted or over 69
290
TANG, ET AL.
dimensionalized in order to meet the required performance. Hence, the ANC system lacks real-time capability. In this paper, a simple but modified finite impulse response (FIR) filter is proposed. This new model has two extra elements, a time delay and a d.c. gain. Because of its specific formulation, see eqn. (2), the common conventional least squares technique would be ill suited for the optimization of the cost function which has a multimodal error surface (So, et al., 1994). For Genetic Algorithms (GAs), on the other hand, this presents no problem. The usefulness and maturity of GAs in technical applications have already been widely reported (Alander, 1994; Goldberg, 1994). In particular, knowledge-based systems using GAs have been successfully demonstrated (Baek and Elliott, 1993; Obavashi, 1995; Mackle, et al., 1995). In the domain of real-time complex control systems such as active noise control, the use of GAs is considered to be novel and will be shown as a promising approach for coping with the complexity of the noise signal. To realize such a technical proposition in real-time, where both the speed and performance of the ANC system are of great importance, a dedicated real-time algorithm and computer architecture are required. A real-time LMS algorithm, based on a very low order FIR filter, is firstly implemented for the physical noise control. This scheme is then integrated with a parallel run time GA, operating on the modified FIR model, to improve its online performance. A supervisory scheme has been designed for the monitoring of both operations so that the noise reduction performance is guaranteed. The organization of the paper is as follows: the formulation of the active noise control problem is outlined in Section 2. The real-time system is described in Section 3, while Section 4 provides the details of the genetic process for the modified FIR filtering model. This is followed by Section 5 where a description of a supervisory scheme to govern the two operations is presented. The effectiveness of the proposed scheme is demonstrated experimentally and the results are given in Section 6. Finally, the discussion and conclusion are contained in Section 7.
2.
Problem Formulation
A generic feedforward type of ANC system is shown in Figure 1. It consists of four different parts: detector, error sensor, secondary source(s) and the controller. The detector and error sensor are electronic devices that are used for picking up the primary noise signal and error signal, respectively. The secondary sources, usually loudspeakers, are to generate the corresponding anti-phase signal for the noise signal, s(k). The principle of noise cancellation is to ensure that the controller C(z - l ) produces the appropriate control signal u(k), according to the reference signal m(k), so that the resultant error signal o(k) is minimized. This can be done by taking the objective function J as the windowed mean square error, such that
J=
70
o2(k)
min C(Z-I )Et~
k=ko
1
(1)
APPLICATION OF THE GENETIC ALGORITHM TO REAL-TIME ACTIVE NOISE CONTROL
291
Primary
AcousticPath
s(k)
~ ~
~
~ o(k)
Detector Dynamic
Controller
Secondary
AcousticPath
,
PositiveAcoustic Feedback Path
Figure1. Active noise control using feedforward control. Table1.Noise reduction for a range of F1R filters using LMS technique. No. of FIR Coefficients
Noise Reduction in (dB)
Response time (sec)
20 30 40 50 60 70 80
3.0 6.5 6.9 11.3 15.5 16.3 16.5
2.0 3.8 4.0 6.0 11.0 14.2 17.5
where k0 is the start of the sample window, N is the window size, and • is the searching domain of C(z-t). In order that eqn. (1) is a minimum, estimates of the acoustic paths using the filter model should be accurately made in deriving the controller C(z-1). An FIR filter, that has a unimodal error surface, is normally adopted for this purpose. A comprehensive study has been conducted to investigate the effectiveness of this traditional approach to noise control using the LMS technique. This approach was realized in a hardware platform based on a T M S 3 2 0 C 3 0 D S P c h i p r u n n i n g at 3 0 M H z . T h e o b t a i n e d results are tabulated in Table 1. To a c h i e v e an a c c e p t a b l e n o i s e r e d u c t i o n level, a s t a n d a r d n o r m o f m o r e than 15dB s h o u l d
be achieved when active noise technology is used. Therefore, the result indicated that FIR filters with 60 coefficients or greater have been found to be more suitable for this application. However, such a high order filter is computationally intensive and requires more than 11.0 seconds to reach a steady state noise reduction. This is considered to be too long a time when compared with human hearing responses. Considering that the ANC configuration is largely affected by the inherent nature of time 71
292
TANG,
ET AL.
lleuidue error
~l-'~-~-~, °"[ l i ~
"-I~" ~ . . . . . .... . . ., t
I i ~I~,' - l ' - lit - ~ :
., -.1. -., ~
:
....
": '":
-"1
.... i .... : .... :-I 0
4[10
200
600
800
I000
1200
1400
16~0
1800
20(]0
Samploa Relidue error 0.3
I .
/
0.1
-
-
~
- •
o.~ .......
I
.
.
. . . . . . .
~'~;
'-
,
' ':
I .
-
:
.
- -
- •
-
-
~ ~' -
. . . . . . . . . . . . . . . . . . . .
~.#i~ -
I I I I Modh?~l,, 1-tapped ,nR Model
I
.
: - ' -
~ '~ -
:
-
~' -
-
:
. . . .
\i~ ~•~ ~ .... :"
:
/
.....
!
i~ i -
-
~:'-
-
-
" -]
-0.3 0
41~1
200
~
80Q
1000
1200
1400
1600
Igflo
2(x)o
Samples
Figure 2. C o m p a r i s o n
of the conventional
and modified
FIR models.
delay, it is obvious that a large portion of the high order FIR filter is being used for the time delay modelling. Hence, a modified FIR filter that comprises a time delay element would be more appropriate than the usual high order FIR filter. As a result, a general form of the modified model for the estimation of the acoustic path process is proposed: L-l H(Z
-1)
.=
g. z -d E b i Z - n ' i
(2)
i=0
where g is the appropriate d.c gain, d is the time delay element, L is the number of taps, n is the tap separation. An evaluation process for verification of this model was conducted in terms of an acoustic path estimation. Results were compared for the conventional 81-tapped 1 FIR filter model and the modified 21-tapped 2 FIR filter model, with n = 4 in eqn. (2). The GA optimization procedure was used to ensure that an optimal performance was obtained in both cases. A double tone noise of frequencies 100Hz and 250Hz was applied for this evaluation exercise. The residue error signals o(k) due to the use of these filters are shown in Figure 2. It is evident that the low order modified FIR model is far better than the conventional higher order FIR filter. The time response is fast and high frequency filtering is also present, which is considered to be an important asset for active noise control. Judging from these results, the modified FIR model will enhance the noise reduction performance. It should be noted that the traditional LMS technique is ill suited to estimate this modified FIR model correctly, particularly for the variables of g and d, which are initially unknown and belong to the class of multimodal error surfaces for optimization. 72
APPLICATIONOF THE GENETICALGORITHMTO REAL-TIMEACTIVENOISE CONTROL 293
Having learnt that it was possible to achieve the noise control requirement using a GA, a means to improve the overall real-time control become necessary. This paper proposes a GA learning architecture for that very purpose. This structure can be designed in parallel as a complementary scheme for the overall real-time executed system. To avoid the intrinsic problem of randomness of the GA at the initial stage, and to guarantee at least some level of noise reduction at the beginning, it is necessary to combine the GA and LMS techniques in an efficient manner. Although the LMS technique may not provide the required optimal performance, its instantaneous response is an asset to the human hearing response, as well as to real time control. Therefore, both GA and LMS optimization procedures should be integrated together for that purpose. Initially, the performance of the system using a low order FIR filter with LMS optimization routines needs not be optimal, and the level of noise reduction may even be low, but the controller C(z -1) will be continuously updated when a global solution is found by the GA for the modified model in eqn. (2). This can only be realized by hardware via a communication link between the two processes. In this way, the real-time deadline is met and an optimal noise control performance i s also guaranteed. For the real-time realization of the two processes, a specific hardware parallel architecture has been developed. The block diagram of this is shown in Figure 3. It consists of two individual units, known as the Real-Time Executed System (RTES) and the Genetic Algorithm Learning System (GALS). RTES is used to provide a speedy, but controllable, solution of the system while GALS optimizes and refines the controller, in order to achieve the required optimal noise control performance. Each system is implemented using a TMS320C30 processor together with its own local memory. To prevent the data access serialization and delays experienced by each unit, a data broadcasting device has been designed to handle the distribution of the external data addressed by each unit. Such a broadcasting unit releases the dependence of each processor since each one virtually has its own input device. As a result, the inter-units communication command is greatly minimized.
3.
Real-Time Executed System (RTES)
RTES has been designed to fulfil the control objective of the ANC system. Its goal is to generate an anti-phase acoustic signal from the loudspeakers to provide noise cancellation in real-time. As indicated in Figure 1, the simplified block diagram of the acoustic dynamics, P(z -1) is the acoustic dynamics of the primary acoustic path; D(z -1) is the dynamics of the detector; C(z -1) is the controller; S(z -1) is the acoustic dynamics between the loudspeaker and the error microphone and F(z -1) is the positive acoustic feedback path from the secondary source to the detector. RTES has been designed to calculate all these functions. To further enhance the system stability, the troublesome positive acoustic feedback path F(z -1) from the secondary loudspeakers to the detector has had to be eliminated. This was made possible by the use of a piezoelectric accelerometer as the primary source detection device. This sensor only picks up the mechanical vibration rather than the actual acoustic signal, although a direct relationship between the vibration forcing signal and the acoustic 73
294
TANG, ET AL.
Data
I OutputBuffering Control I
Data I
Data aroedea=tlng Unit
Output Data
Figure3. Block diagram of the hardware
.....]' ~'
I
1~,
parallel architecture.
sound pressure waves can be established. In this way, the accelerometer only senses the noise source vibration signal and ignores the acoustic signal due to secondary sources (loudspeakers). To formulate the controller C(z -1) for noise control, the procedure for successful operation of RTES is therefore much simplified. The steps required to complete the noise control loop are as follows:
Step 1: Estimation of the transfer function from the detector to the error sensor, p(Z-1)D-I(z -1) To guarantee stability, the parameters of the transfer function P (z -1) D -1 (z -1) are estimated in the form of an FIR filter which is expressed as L--1
(3)
y ~ ciz -i i=0
Consider an interval 0 < k < N1 while the secondary source is turned off. Here
u(k)=O
and
u(k)S(z - 1 ) = 0
(4)
The resultant signal at the error sensor can be expressed as
o(k) = s(k)P(z -1) + u(k)S(z -l) 74
(5)
APPLICATION OF THE GENETIC A L G O R I T H M TO R E A L - T I M E ACTIVE NOISE C O N T R O L
295
Combining eqns. (3-5), the error signal is thus
o(k) = s(k)e(z -l) = m(k)e(z-l)D-l(z -1) L-1
= m(k) ~ CiZ-i
(6)
i=0
Based on the data sequences o(k) and re(k) obtained from detector and error sensor, the parameters ci can be estimated by the Recursive Least Squares (RLS).
S¢~p 2: Estimation of the controller, C(Z -1 ) To minimize o(k) as indicated in eqn. (5), for optimal noise cancellation, then
- s ( k ) e ( z -1) = u(k)S(z -1)
(7)
or L-I
-m(k) Z Ciz-i = [m(k)S(z-1)] C(z -1)
(8)
i=0
Similarly, the controller C(z -~) can also be modelled in the form of an FIR filter which can also be obtained by RLS when m(k)S(z -1) is available. In this case, m(k)S(z -1) is obtained by the following procedure: Consider Nl < k < N1 + N2 while the reference signal m(k) is transmitted through the secondary sources,
u(k)=m(k)
(9)
Then, from eqn. (5), L-1
m(k)S(z -1) = o(k) - m(k) y ~ ciz -i
(10)
i=0
Since ci has already been obtained in the previous step, m (k)S(z -1) can thus be obtained by eqn. (10). Although the derivations of eqns. (3) to (10) are sound, the quality of the noise control is largely dependent on the dimension of the FIR filters used and, as a result, the real-time performance is affected.
4. Genetic Algorithm Learning System (GALS) The GA is a searching process based on natural selection and genetics (Holland, 1975). The advantage of this emerging technique is its capability to locate global optima of a given cost function which can be multimodal, constrained and multi-objectives. Realizing that 75
296
TANG,ET AL.
the computational bottle neck of the estimation process of RTES is largely dependent upon the searching dimension of the FIR filters, then the use of GALS forms a rather different approach to the modelling and optimization of the dynamics of acoustic paths and the controller C(z -1), as described in Section 2. Recall the general form of the model H(z -1) in eqn. (2), L-1
H(Z -1) = g . Z -d E
biz -n'i
(11)
i=0
where bi is the FIR filter coefficient. The coefficients of the filter are then constrained as follows: bie[-1,1]
'¢i=0,1,-..,(L-1)
(12)
The advantage of this modelling is that the required FIR filter order can be greatly reduced because of the direct estimation of "g" and "d". As a result, H(z -1) becomes a much simpler modified low order FIR model. With the model H(z-1), the GA operations can be carried out with the structure of the chromosome formulated as follows:
I = {d, g, B} E dp c Z × ~R x g]L
(13)
where d ~ [0, o t ] ~ Z g ~ [0, f l ] C ~ t and B = [b0, bl,.-.,b(L-1)] ~ [ - 1 , 1]L ~ 9t L where Z and ~t are the set of integers and real numbers, respectively; ce and fl are the maximum range of "d" and "g', respectively. It should be stressed that this constrained model introduces a multimodal error surface which is considered to be impossible for the application of RLS. As a result, the GA is an ideal solution for optimizing the parameters of the transfer function P (z -1)D -l (z -1) and the controller C(z -1) with the models Hp(z -1) and Hc(z-1), respectively. Should Hp(z -1) be accurately estimated, then objective function fp is minimized, where 1 ~
[o(k) - m(k)Hp(z-l)] 2
(14/
Similar to the controller model /-/c(z-1), the objective function, fc in eqn. (15) is also minimized: NI+N2
1 E [rn(k)Hp (z-l) - (m(k)S(z-1)) Hc(z-l)] 2 fc = N---22k=Nl+l
(151
GALS guarantees that these two objective functions are globally optimized despite their multimodal nature and the constraints of Hp(z -1) and H~(z -1). A brief summary of the GA operations required to achieve the optimization goal is given below: 76
APPLICATION OF THE GENETIC ALGORITHM TO REAL-TIME ACTIVE NOISE CONTROL
297
Figure 4. Genetic algorithm cycle.
4.1. GA Cycle In general, the GA can be broken down into three main operations: Selection, Genetic Operations and Insertion. A typical GA cycle is shown in Figure 4.
4.2.
Fitness Assignment
The fitness value of the chromosome is assigned by a linear ranking scheme (Whitley, 1989) based on the objective functions, fp and fc.
4.3. Parent Selection Parent selection is a routine to emulate the "survival-of-the-fittest" mechanism of nature. This surmises that a fitter chromosome will generate a larger number of offspring and thus have a higher chance of surviving in the subsequent generation. The chromosomes in the form of eqn. (13), placed in the population pool are selected for the generation of new chromosomes (offspring) by the stochastic universal sampling (SUS) method (Baker, 1987).
4.4. Crossover The genes of the chromosome can be classified as two types: delay-gain genes [d, g] and filter coefficient genes [bo, bl . . . . . bL_l ]. A one point crossover operation (Goldberg, 1989) was applied in both type of genes independently. 77
298
TANG, ET AL.
Table 2. Relationship of r, objective value and termination generation.
4.5.
r
Objective Mean Value (fcm)
Terminated Generation Mean Value (rgm)
2 4 6 8 10 12 14 16 18 20
12.2451 1.3177 0.8662 0.5668 0.5283 0.5076 0.4894 0.4866 0.4792 0.4662
161.05 334.15 415.60 512.20 579.30 670.50 742.90 827.30 933.85 984.30
Mutation
In natural evolution, mutation is a random process where one allele of a gene is replaced by the other to produce a new genetic structure. Since the genes for delay and gain [d, g] as well as those for filter coefficients are represented by integer or real numbers, random mutation (Michalewicz, 1994) was applied.
4.6.
Insertion Scheme
The newly generated chromosome is re-inserted into the population pool if its fitness value is better than the worst one in the population pool (Goldberg, 1989).
4. 7.
Termination Criterion
Since the GA is a stochastic searching technique, it experiences a high variance in response time. Hence, the progress per generation is used to determine the termination of GALS.
t =
1 i f Fk : Fk+i 0 otherwise
V i ~ (0, r]
(16)
where l-'k is the population at k-th generation. In order to determine a proper value of r, 20 experimental trials were conducted to establish its evaluation. The relationship between the objective mean value (fcm), and the terminated generation mean (rgm) is tabulated in Table 2. A trade-offbetween the two values is made in selecting r. If the value of r > 8 is selected, a slight improvement in accuracy may be achieved but the real-time performance deteriorates. Hence, the empirical data indicated that r = 8 was a reasonable choice for terminating the GA production. When t = 1, the quality of the best chromosome in the population was compared with the one obtained in RTES. If this was found to be unacceptable, the genetic cycle was restarted. 78
APPLICATIONOF THE GENETIC ALGORITHMTO REAL-TIME ACTIVENOISE CONTROL 299
5. Supervisory Monitoring Scheme Since the system was designed to adapt to the change of noise environment, the run-time primary source signal m ( k ) had to be monitored in order to guarantee the performance requirement. This signal was then compared with the estimated signal rh(k) to confirm whether any change of environment had taken place. Here rh (k) is calculated by L-1
rh(k) = g m ~
[oti • m ( k - 1 - n . i - dm)]
(17)
i=0
The parameters oti, dm and gm are learnt by GA using the data sequence of m (k) collected in the past optimization process. Hence, the estimated error e ( k ) is expressed as: L-1
e ( k ) = m ( k ) - gm Y ~ [~i
"
m(k - 1 - n . i -dm)]
(18)
i=0
The mean (Y) and variance (tr 2) of the e ( k ) within the data sequence can thus be determined. A statistical control procedure was established to ensure the robustness of this scheme. This assumed that the process was only subjected to its natural variability and remained in a state of statistical control unless a special event occurred. If an observation exceeds the control limits, a statistically significant deviation from the normal operation is deemed to have occurred, that is when: m ( k ) - rh(k) > ~ -4- 3~r
(19)
Any change of environment will cause the restarting of the learning cycle of RTES automatically.
6. Experimental Results The performance of the system was investigated using specifically-designed experimental equipment to realize the active noise control configuration shown in Figure 1. It comprised a primary source (loudspeaker) and four additional secondary sources which were located close to the primary source with a quadpole arrangement, using four small loudspeakers. Figure 5 shows the quadpole arrangement of the primary and secondary sources. The circle indicated with the mark '+' denotes the primary noise source and the other circles with the marks '-' denote the secondary sound sources (Kido, et al., 1989). The error microphone was placed perpendicular to the vertical plane of the primary and secondary sources at a distance of about l m away from the centre of the primary source. This meant that the position of the error microphone could be in the doublet plane of symmetry in order to obtain an optimal performance (Hall, et al., 1992). The piezoelectric accelerometer was attached to the primary source. The experiments were conducted in a general laboratory with a dual tone noise signal of 100Hz and 250Hz. The sampling frequency for the Analog-to-Digital Converter was 10kHz. The parameters of the subsystems were set as below: 79
300
TANG, ET AL.
Quadpole P:S=I:4
Figure 5.
G e o m e t r y o f primary sound source ' P ' (+) and secondary sound sources ' S ' (-).
Table 3. Power s u m values for A N C system on a n d off.
ANC - OFF RTES - O N GALS - ON
Ap/dB
Ap(o))/dB
63.9 61.9 52.9
53.5 47.1 38.4
RTES
P(z-1)D -1 (z -1) and C(z) were modelled by 21-tapped FIR filters and 1000 iterations of the RLS algorithm were used to estimate the coefficient values. GALS
Hp(z -1) and Hc(z -1) were in the form of eqn. (11) with a delay parameter (d) and a gain factor (g) for the modified 21-tapped FIR filter. The searching space was as defined below: d E [0,100]cZ g 6 [0,5]c3t
B = [bo, bl . . . . . b2o] 6 [ - 1 , 1]21 6 9~21
(20)
The experimental noise level was recorded by a RION 1/3 Octave Band Real-Time Analyser SA-27. Table 3 shows the power sum levels of all the bands Ap and the power sum levels with a frequency A-weighted characteristic Ap(o)) when the ANC system is being turned on and off. The results are depicted in Figure 6. It can be seen from these results that the GA operated scheme GALS out-performs the conventional FIR filters in RTES. In addition, the dual tone frequency signals are greatly reduced by more than 15dB each. The high frequency noise is also suppressed. With 80
APPLICATIONOF THE GENETIC ALGORITHMTO REAL-TIME ACTIVE NOISE CONTROL 301
dB
Level £0
-10
.
I
.
.
.
.
.
.
.
,
.
.
.
.
.
.
.
.
,
.
.
.
.
.
.
.
.
,
.
.
.
.
.
.
.
.
iliiiiiii
-
,
,
,
, , , , , ,
,
,
,
, , , , , ,
,
,
,
,
, , 1 ,
Frequency
Figure 6. Experimentalresults.
the RTES scheme, this phenomenon was not observed and the general noise reduction performance was also very poor when using the equivalent low order FIR filters.
7.
Discussion and Conclusion
The use of a high order FIR filter, to model the complex acoustic dynamic path characteristics of an active noise control system, has been replaced by a low order, but modified, FIR filter for the enhancement of noise reduction. This new filter consists of a pure time delay element with an associated d.c. gain. Because of the GA's capability to locate the global optima in a parametric search, the experimental results indicate that noise reduction, using the proposed computing architecture, is much better than that of the conventional method. The real-time performance is also greatly improved at the mean time, due to the low order filter formulation. This research suggests that further development of the GA-based system is worthwhile. Since the GA can handle the multiple objective problem (Fonseca and Fleming, 1993 & 1994) more effectively, it is now ready for application to multiple channels for an ANC system. In this case different goals can be assigned to different positions of the quiet zone according to some specific tasks (Tang, et al., 1995). To further enhance the GA realtime capability, the advent of GA parallelism may be adopted (Chipperfield and Fleming, 1994). This concept can be realized by dedicated hardware-design processors using Field Programmable Gate Array (FPG/~ ~ ¢~hich is now being investigated by the authors. 81
302
TANG, ET AL.
Notes 1. For conventional FIR, one tap is defined as [biz -i] where i is an integer. 2. For modified FIR, one tap is defined as [biz -n'i] where i and n are both integers, n = 4 is experimentally determined.
References Alander, J. T. 1994. An Indexed Bibliography of Genetic Algorithms: Years 1957-1993. Report No. 94-1. Department of Information Technology and Production Economics, University of Vaasa. Baek, K. H., and Elliott, S. J. 1993. Natural algorithms for choosing source locations in active cntrol system. Proc. Workshop on Natural Algorithms in Signal Processing, Chelmsford, Essex, pp. 23/1-25/10. Baker, J. E. 1987. Reducing bias and inefficiency in the selection algorithms. Proc. 2nd Int. Conf. Genetic Algorithms. Lawrence Erlbaum Associates, Hillsdale, pp. 14-21. Berge O., Petterson, K. O., and Sorzdal, S. 1988. Active Cancellation of transformer noise: Field measurements. Applied Acoustics 23: 309-320. Cheuk, K. P., Man, K. F., Ho, Y. C., and Tang, K. S. 1994. Active noise control for power transformer. Proc. 1994 Int. Congress on Noise Control Engineering. Yokohama, Japan, pp. 1365-1368. Chipperfield, A. J. and Fleming, P. J. 1994. Parallel Genetic Algorithms: A Survey. ACSE Research Report, No. 518. University of Sheffield. Elliott, S. J., Nelson, P. A., Stothers, I. M., and Boucher, C. C. 1990. In-flight experiments on the active control of propeller-induced cabin noise. J. Sound and Vibration 140: 219-238. Fonseca, C. M., and Fleming, P. J. 1993. Genetic Algorithms for Multiobjective Optimization: Formulation, Discussion and Generalization. ACSE Research Report No. 466. University of Sheffield. Fonseca, C. M., and Fleming, P. J. 1994. An Overview of Evolutionary Algorithms in Multiobjective Optimization. ACSE Research Report No. 527. University of Sheffield. Goldberg, D. E. 1989. Genetic Algorithm in Search, Optimization, and Machine Learning. Addison Wesley Publishing Company. Goldberg, D. E. 1994. Genetic and evolutionary algorithms come of age. Communications of the ACM 37(3): 113-119. Hall, H. R., Ferren, W. B., and Bernhard, R. J. 1992. Active control of radiated sound from ducts. Trans. of the ASME 114:338-346. Holland, H. 1975. Adaptation in Natural and Artificial Systems. Ann Arbor: The University of Michigan Press. Kido, K., Abe, M., and Kanai, H. 1989. A new arrangement of additional sound source in an active noise control system. Proc. Inter-Noise 89, pp. 4 8 3 4 8 8 . Mackle, G., Savic, D. A., and Waiters, G. A. 1995. Application of genetic algorithms to pump scheduling for water supply. Proc. Genetic Algorithms in Engineering Systems: Innovations and Applications pp. 4 0 0 4 0 5 . Michalewicz, Z. 1994. Genetic Algorithms + Data Structures = Evolution Programs. 2nd extended Ed., SpringerVerlag. Nelson, P. A., and Elliott, S. J. 1993. Active noise control. IEEE Signal Processing Magazine 12-35. Obavashi, S. 1995. Genetic algorithm for aerodynamic inverse optimization problems. Proc. of Genetic Algorithms in Engineering Systems: Innovations and Applications, pp. 7-12. Park, Y., and Kim, H. 1993. Delayed-X algorithm for a long duct system. Proc. oflnter-Noise 93, pp. 767-770. So, H. C., Ching, P. C., and Chan, Y. T. 1994. A new algorithm for explicit adaptation of time delay. IEEE Trans Signal Processing 42(7): 1816-1820. Sutton, T. J., Elliott, S. J., and McDonald, A. M. 1994. Active control of road noise inside vehicles. Noise Control Eng. J. 42(4): 137-147. Tang, K. S., Man, K. F., Kwong, S., and Fleming, P. J. 1995. GA approach to multiple objective optimization for active noise control. Proc. Algorithms and Architectures for Real-Time Control 95, Belgium, pp. 13-19. Whitley, D. 1989. The GENITOR algorithm and selection pressure: Why ranking based allocation of reproductive trials is best. Proc. 3rd Int. Conf. Genetic Algorithms, Morgan Kaufmann Publishers, pp. 116-121.
82
Real-TimeSystems, 11,303-307 (1996) © 1996 KluwerAcademicPublishers,Boston. Manufacturedin The Netherlands.
Contributing Authors
Brian Boulter received his B.E.E. in 1990 and M.S.E.E. in 1994 from Cleveland State University he also holds a B.Th. (Theology) from the University of the State of New York. After leaving Picker International where he was engaged in the design of military x-ray systems he joined Rockwell Automation's Reliance Electric Drive Systems Division, where he is responsible for developing standard control system designs for the systems engineering group. He also functions as a corporate resource for systems modeling and analysis. He has authored several journal and conference publications in the application of modem control theory in industrial control systems.
C. Y. Chan received his BEng(Hons) in Computer Engineering from City University of Hong Kong in 1991. He is currently a research student in Electronic Engineering Department of City University of Hong Kong. His research interests are: Genetic Algorithms, Fuzzy Logic Control and Active Noise Control.
C. Y. Chu was born in Hong Kong. He obtained his MSc and PhD in Mechanical Engineering from Cranfield Institute of technology in 1979 and 1982 respectively. Before his postgraduate studies, he was an engineer with Jardine Engineering Co responsible for design, tendering, installation, testing and commissioningof HVAC systems in 1975-1978. He joined the Department of Mechanical and Marine Engineering in 1983 as a lecturer and senior lecturer in 1986. He holds his current position as a Principal Lecturer since 1989. His research interests are energy conservation, solar power and noise reduction.
83
304
Zhlquing Gao received his Ph.D. in Electrical Engineering from Univ. of Notre Dame in 1990. He joined the Department of Electrical Engineering, Cleveland State University, as an assistant professor in the same year. He was the recipient of the Outstanding Electrical Engineering Faculty Member Award in 1995 and was promoted to associate professor in 1996. Prof. Gao's main research interest is in control theory and its practical applications. He founded the Control Research Laboratory at CSU where many industry funded research projects are currently being conducted. He is the author or co-author of many journal and conference publications, encompassing areas such as linear systems, robust stability, system identification, fuzzy logic control, real-time self-tuning, fault-tolerant control system design, manufacturing systems, etc. He is regularly invited to contribute to Academic Press Theme Volumes and give lectures on state of the art control technology to practicing engineering. In the past three years, he has been serving as an associate editor on the Conference Editorial Board for the IEEE Control System Society and as a program committee member for a number of control conferences in the U.S.
~
~
i~i ¸
Dr. Hans A. Hansson received a MSc degree in Engineering Physics, a Licentiate degree in Computer Science, a BA degree in Business Administration, a Doctor of Technology degree in Computer Science from Uppsala University, Sweden, in 1981, 1984, 1984 and 1992, respectively. He is currently department chairman and senior lecturer at the Department of Computer Systems, Uppsala University, but was previously researcher at the Swedish Institute of Computer Science in Stockholm, Sweden. His research interests include timed and probabilistic modeling of distributed systems, real-time system design, scheduling theory, distributed real-time systems, and real-time communications networks. He is a member of IEEE and president of the Swedish National Association for Real-Time.
George Irwin was appointed to a personal chair in Control Engineering at The Queen's University of Belfast in 1989. His current research interests include learning systems for control, model based control and statistical process control, with applications in aerospace, electric power and chemical process control. His publications include 5 edited books and over 150 papers for which he has received three Premium Awards from the Institution of Electrical Engineers and the 1994 Honeywell Prize from the Institute of Measurement and Control. Prof. Irwin has been elected Vice-Chairman of the lEE Computing and Control Divisional Board, is a member of 84
~i¸
!i! ii~ii~i!i~ ~ ~ ~!ili~i ~
~!ii!il¸ ~
305
the EPSRC Control and Instrumentation College and serves on the Executive Committee of the UK Automatic Control Council. He is Deputy Editor-in-Chiefof Control EngineeringPractice and serves on the International Editorial Board of the lEE Proceedings on Control Theory and Applications.
S. Kwong graduated from the University of Waterloo in 1985, after which, he joined Control Data Canada as diagnostic engineer and then Bell Northern research as a Member of The Scientific Staff. In 1989, he joined the City University of Hong Kong as a Lecturer. He is currently an Assistant Professor in the Department of Computer Science. His research areas are in signal processing, data compression and genetic algorithms.
Phil Laplante is the Dean of the Burlington County College/New Jersey Instituteof Technology Technology and Engineering Center in Mount Laurel, New Jersey. This unique dual college campus delivers associate, bachelor, and master degree programs in science and engineering. Prior to that, he was the chair of the Department of Computer Science and Mathematics at Faideigh Dickinson University. He also spent seven years in industry designing high-reliability avionics software and support software. He continues to consult to industry on real-time systems and real-time image processing. Laplante has authored numerous technical papers and eight books on Computer Science. His research areas are in software engineering, real-time processing, image processing, and real-time image processing and he is a founding co-editor-in-chiefof the journal, Real-Time Imaging. He is a licensed professional engineer in New Jersey.
K. S. Tang received his BEng(Hons) in Electrical and Electronic Engineering from University of Hong Kong in 1988 and MSc from City University of Hong Kong in 1992. He has been a PhD student in the Electronic Engineering Department of the City University of Hong Kong since 1993. His research interests include Genetic Algorithms, Active Noise Control, Information System and Chaotic Theory.
85
306 Sven Larsson received a MSc degree in Electrical Engineering from Chalmers University of Technology, Goteborg, Sweden in 1988. He has been employed by Mecel AB, Goteborg, Sweden as a systems engineer since 1988 and is working with distributed embedded real-time systems for the automotive industry.
Harold W. Lawson has been active in the field of computing since 1958 with broad international experience in industrial and academic environments. Experienced in many facets of computing and computer-based systems, including software engineering, computer architecture, real-time, programming languages and compilers, operating systems, various application domains as well as computer related education and training. Lawson received the bachelor of science degree from Temple University (Philadelphia, Pennsylvania) and the PhD degree from the Royal Technical University, Stockholm. During his industrial career, he has contributed to several pioneering efforts in hardware and software technologies at Univac, IBM, Standard Computer Corporation, and Datasaab. He has held permanent and visiting professorial appointments at several universities including Polytechnic Institute of Brooklyn, University of California, Irvine, Universidad Politecnica de Barcelona, Ling0ping University, Royal Technical University, University of Malaya and Keio University. He has performed consulting and/or presented seminars for over 50 corporations and seminars at over 60 universities and colleges in North America, Europe and the Far East. Publications include several books, contributed chapters and over 80 technical contributions. Lawson is a Fellow of the IEEE, Member of the ACM since 1960, ACM National Lecturer, and IEEE European DistinguishedVisitor. He was a founding member of SIGMICRO, EUROMICRO, and the IEEE Computer Society Technical Committee on the Engineering of Computer Based Systems.
K. E Man was born in Hong Kong. He obtained his PhD award in Aerodynamics from Cranfield Institute of Technology, U.K. in 1983. He worked for Marconi Avionics, Rochester, U.K. as a Flight Control Engineer and for Hunting Engineering Bedford, U.K. as Systems Engineer in 19781980 and 1980-1981 respectively. For the period in 19841988, he was with Marconi Defence Systems, Stanmore, U.K. as a Senior and later promoted to Principal Guidance and Control Systems Engineer. In 1988, he returned to Hong Kong and joined City University of Hong Kong where he is currently a Senior Lecturer in the Department of Electronic Engineering.He also holds a position as a Concurrent Research Professor with South China University of Technology, Guangzhou China. Dr. Man an Associate Editor of IEEE Transactions on Industrial Electronics and a member of AdministrativeCommittee member of the IEEE Industrial Electronics Society. He serves both IFAC technical committees in Real-time Software Engineering, and the Algorithms and Architectures for Real-time Control. His research interests include active noise control, chaos and nonlinearcontrol systems design, and genetic algorithms.
86
307
Thomas J. Marlowe is Professor of Mathematics and Computer Science at Seton Hall University, an Affiliate Full Professor at New Jersey Institute of Technology, and a Visiting Research Associate at Rutgers University. D?. Marlowe received his B.S. in Mathematics at Seton Hall University in 1970, and holds Ph.D.'s in Mathematics (1975) and Computer Science (1989) from Rutgers University. His research interests include compilers and compiler optimization, particularly the theory of data flow analysis; language and compiler support for real-time and complex systems; engineering of multi-objective complex computer systems; and algorithmic graph theory.
Alexander D. Stoyenko received a doctorate in computer science from the University of Toronto in 1987. Subsequently, he joined IBM T. J. Watson Research Center as a Research Staff Member. Since Fall 1990, he has been been on faculty with the Department of Computer and Information Science at the New Jersey Institute of Technology, where he has founded and leads the RealTime Computing Laboratory and where he is currently an Associate Professor. Dr. Stoyenko is also the President and CEO of 21st Century Systems, Inc. His research interests are in real-time computing, distributed and parallel computing, engineering of complex computer systems, programming languages, compilers and tools, realtime imaging, biomedical computing, and software reuse and integration. Dr. Stoyenko has published over ninety times in books, refereed journals and conferences.
Mikael Striimberg received a MSc degree in Electrical Engineering from Chalmers University of Technology, Goteborg, Sweden in 1985. He is a program manager at Mecel AB, Goteborg, Sweden. Mikael has been employed by Mecel AB since 1986 and is working with distributed embedded real-time systems for the automotive industry.
87
