Concurrent Program Synthesis Based on Supervisory Control



Similar documents
ENFORCING SAFETY PROPERTIES IN WEB APPLICATIONS USING PETRI NETS

Failure Behavior Analysis for Reliable Distributed Embedded Systems

Interaction Expressions A Powerful Formalism for Describing Inter-Workflow Dependencies

Load Balancing Mechanism in Agent-based Grid

The Online Freeze-tag Problem

Design of A Knowledge Based Trouble Call System with Colored Petri Net Models

Comparing Dissimilarity Measures for Symbolic Data Analysis

A Virtual Machine Dynamic Migration Scheduling Model Based on MBFD Algorithm

Software Model Checking: Theory and Practice

TOWARDS REAL-TIME METADATA FOR SENSOR-BASED NETWORKS AND GEOGRAPHIC DATABASES

Service Network Design with Asset Management: Formulations and Comparative Analyzes

Overview of Lecture 3. Model Checking with SPIN. First attempt (revisited) Linear Temporal Logic (LTL) CDP #3

Evaluating a Web-Based Information System for Managing Master of Science Summer Projects

DAY-AHEAD ELECTRICITY PRICE FORECASTING BASED ON TIME SERIES MODELS: A COMPARISON

Automatic Search for Correlated Alarms

Storage Basics Architecting the Storage Supplemental Handout

Static and Dynamic Properties of Small-world Connection Topologies Based on Transit-stub Networks

Time-Cost Trade-Offs in Resource-Constraint Project Scheduling Problems with Overlapping Modes

Machine Learning with Operational Costs

SQUARE GRID POINTS COVERAGED BY CONNECTED SOURCES WITH COVERAGE RADIUS OF ONE ON A TWO-DIMENSIONAL GRID

An Efficient Method for Improving Backfill Job Scheduling Algorithm in Cluster Computing Systems

FDA CFR PART 11 ELECTRONIC RECORDS, ELECTRONIC SIGNATURES

Title: Stochastic models of resource allocation for services

CABRS CELLULAR AUTOMATON BASED MRI BRAIN SEGMENTATION

A MOST PROBABLE POINT-BASED METHOD FOR RELIABILITY ANALYSIS, SENSITIVITY ANALYSIS AND DESIGN OPTIMIZATION

Risk in Revenue Management and Dynamic Pricing

Rummage Web Server Tuning Evaluation through Benchmark

Two-resource stochastic capacity planning employing a Bayesian methodology

Sage Timberline Office

NAVAL POSTGRADUATE SCHOOL THESIS

Modeling and Simulation of an Incremental Encoder Used in Electrical Drives

Branch-and-Price for Service Network Design with Asset Management Constraints

Alpha Channel Estimation in High Resolution Images and Image Sequences

Service Network Design with Asset Management: Formulations and Comparative Analyzes

The impact of metadata implementation on webpage visibility in search engine results (Part II) q

Secure synthesis and activation of protocol translation agents

A Novel Architecture Style: Diffused Cloud for Virtual Computing Lab

Int. J. Advanced Networking and Applications Volume: 6 Issue: 4 Pages: (2015) ISSN:

Learning Human Behavior from Analyzing Activities in Virtual Environments

On the predictive content of the PPI on CPI inflation: the case of Mexico

Large-Scale IP Traceback in High-Speed Internet: Practical Techniques and Theoretical Foundation

From Simulation to Experiment: A Case Study on Multiprocessor Task Scheduling

Sage HRMS I Planning Guide. The HR Software Buyer s Guide and Checklist

Web Application Scalability: A Model-Based Approach

Rejuvenating the Supply Chain by Benchmarking using Fuzzy Cross-Boundary Performance Evaluation Approach

Managing specific risk in property portfolios

Multiperiod Portfolio Optimization with General Transaction Costs

COST CALCULATION IN COMPLEX TRANSPORT SYSTEMS

X How to Schedule a Cascade in an Arbitrary Graph

Memory management. Chapter 4: Memory Management. Memory hierarchy. In an ideal world. Basic memory management. Fixed partitions: multiple programs

An inventory control system for spare parts at a refinery: An empirical comparison of different reorder point methods

A Third Generation Automated Teller Machine Using Universal Subscriber Module with Iris Recognition

Multistage Human Resource Allocation for Software Development by Multiobjective Genetic Algorithm

Forensic Science International

Migration to Object Oriented Platforms: A State Transformation Approach

Corporate Compliance Policy

SOFTWARE DEBUGGING WITH DYNAMIC INSTRUMENTATION AND TEST BASED KNOWLEDGE. A Thesis Submitted to the Faculty. Purdue University.

On the (in)effectiveness of Probabilistic Marking for IP Traceback under DDoS Attacks

Project Management and. Scheduling CHAPTER CONTENTS

An important observation in supply chain management, known as the bullwhip effect,

OVERVIEW OF THE CAAMPL EARLY WARNING SYSTEM IN ROMANIAN BANKING

An Associative Memory Readout in ESN for Neural Action Potential Detection

C-Bus Voltage Calculation

Dynamic Load Balance for Approximate Parallel Simulations with Consistent Hashing

Finding a Needle in a Haystack: Pinpointing Significant BGP Routing Changes in an IP Network

Buffer Capacity Allocation: A method to QoS support on MPLS networks**

Predicate Encryption Supporting Disjunctions, Polynomial Equations, and Inner Products

CRITICAL AVIATION INFRASTRUCTURES VULNERABILITY ASSESSMENT TO TERRORIST THREATS

Expert Systems with Applications

A highly-underactuated robotic hand with force and joint angle sensors

Local Connectivity Tests to Identify Wormholes in Wireless Networks

Drinking water systems are vulnerable to

A Certification Authority for Elliptic Curve X.509v3 Certificates

A Modified Measure of Covert Network Performance

An Introduction to Risk Parity Hossein Kazemi

ALGEBRAIC SIGNATURES FOR SCALABLE WEB DATA INTEGRATION FOR ELECTRONIC COMMERCE TRANSACTIONS

This document is downloaded from DR-NTU, Nanyang Technological University Library, Singapore.

The risk of using the Q heterogeneity estimator for software engineering experiments

The fast Fourier transform method for the valuation of European style options in-the-money (ITM), at-the-money (ATM) and out-of-the-money (OTM)

On Software Piracy when Piracy is Costly

The Magnus-Derek Game

Software Cognitive Complexity Measure Based on Scope of Variables

Electronic Commerce Research and Applications

Moving Objects Tracking in Video by Graph Cuts and Parameter Motion Model

Traditional Software Development. Model Requirements and JAVA Programs. Formal Verification & Validation. What is a state?

Simulink Implementation of a CDMA Smart Antenna System

IEEE JOURNAL ON SELECTED AREAS IN COMMUNICATIONS, VOL. 29, NO. 4, APRIL Load-Balancing Spectrum Decision for Cognitive Radio Networks

Monitoring Frequency of Change By Li Qin

NOISE ANALYSIS OF NIKON D40 DIGITAL STILL CAMERA

The Economics of the Cloud: Price Competition and Congestion

Optimal Routing and Scheduling in Transportation: Using Genetic Algorithm to Solve Difficult Optimization Problems

High Quality Offset Printing An Evolutionary Approach

Optional Strain-Rate Forms for the Johnson Cook Constitutive Model and the Role of the Parameter Epsilon_0 1 AUTHOR

Sage HRMS I Planning Guide. The Complete Buyer s Guide for Payroll Software

Sage Document Management. User's Guide Version 13.1

An Efficient NURBS Path Generator for a Open Source CNC

Point Location. Preprocess a planar, polygonal subdivision for point location queries. p = (18, 11)

Franck Cappello and Daniel Etiemble LRI, Université Paris-Sud, 91405, Orsay, France

PETRI NET BASED SUPERVISORY CONTROL OF FLEXIBLE BATCH PLANTS. G. Mušič and D. Matko

Partial-Order Planning Algorithms todomainfeatures. Information Sciences Institute University ofwaterloo

Transcription:

010 American Control Conference Marriott Waterfront, Baltimore, MD, USA June 30-July 0, 010 ThB07.5 Concurrent Program Synthesis Based on Suervisory Control Marian V. Iordache and Panos J. Antsaklis Abstract The aer introduces a new area of alication of the suervisory control (SC) methods and a roject dealing with this research toic. Based on the observation that various constraints on the oeration and synchronization of concurrent rocesses can be exressed in terms of SC secifications, the aer rooses the alication of SC to the automation of concurrent rogram synthesis. Secifically, the aer rooses a three-stage aroach allowing to generate automatically the art of the rograms that deals with the coordination of concurrent rocesses. In a first stage, Petri net models are extracted from a high level secification. An SC secification is also extracted. Then, SC is alied to generate the suervisor enforcing the secification. Finally, the rograms reresenting the rocesses and the suervisor are generated. This work is motivated by the difficulty of writing correctly concurrent rograms. Since this difficulty is due to the constraints on the oeration and synchronization of concurrent rocesses, research in this area has the otential of simlifying the develoment of concurrent rograms. I. INTRODUCTION The develoment of correct software can be difficult and exensive, esecially in the context of concurrency. Thus, tools that can automate software develoment to a higher degree are of interest, in order to reduce the rogramming effort and increase the number of features of the roduct that are correct by construction. In the context of concurrency, the main difficulty is writing the rogram segments that ensure that the concurrent rocesses satisfy desired oeration and synchronization constraints. This aer considers the automatic synthesis of these rogram segments and introduces an aroach based on Suervisory Control (SC). This work is art of a roject for the develoment of a concurrency tool suite (ACTS) for the synthesis of concurrent rograms [1], [17]. The goal is to design software that based on a high level secification can generate concurrent rograms. The ACTS architecture is outlined in Figure 1. Given is a secification written in a high level secification language (HLL). Next, an analysis tool is alied to the high level secification in order to extract a lant model of the concurrent rocesses and also a secification for SC. Then, SC is alied to generate a suervisor. Finally, the lant and the suervisor are translated to rogramming code. All these stes are carried out transarently and automatically, based on the high level secification. The benefit of this aroach M. V. Iordache is with the School of Engineering & Engineering Technology, LeTourneau University, Longview, TX 75607, USA MarianIordache@letu.edu P. J. Antsaklis is with the Deartment of Electrical Engineering, University of Notre Dame, Notre Dame, IN 46556, USA antsaklis.1@nd.edu The authors gratefully acknowledge the suort of the National Science Foundation (NSF CNS-0834057). is that the rogrammer would focus on a concise high level descrition, instead of the more comlex lower level imlementation. Of course, not every tye of secifications can be handled by a SC aroach. However, the roblem of automating to a higher degree rogram synthesis raises issues intrinsically related to SC, since various high level requirements, such as fairness, absence of deadlocks, and mutual exclusion, can be seen as SC secifications. The aer is organized as follows. First, an illustrative examle is given in section II. Next, the Petri net reresentation of rograms is described in section III. The code generation aroach is described in section IV. Issues related to the design of the HLL are addressed in section V. The alication of SC methods is discussed in section VI. Related literature results are discussed in section VII. Additional information about this roject can be found in [1]. II. ILLUSTRATIVE EXAMPLE Here we consider the roblem of designing control software for an assembly oeration in a manufacturing line. Two comonents A and B are assembled into a comonent C as follows. A robot takes a art A and laces it on a conveyor, if the conveyor is stoed and no other art A is on the conveyor. Another robot takes a art B and laces it on the conveyor at the same location if the conveyor is stoed and no other art B is there. Then, the two arts A and B are assembled. Then, after the conveyor is turned on and the assembled roduct is removed, a new cycle may begin. The conveyor should not move from the time a art A or B is laced until the time when the arts are assembled. Referring to Figure 1, the SC secification corresonds to the requirements that only one art A (B) is laced on the conveyor, that the arts are laced when the conveyor is stoed, and that the conveyor should not move from the time a art A or B is laced until the time when the arts are assembled. For the rest, the secification describes the rocessing sequence and corresonds to the descrition of the lant. The role of the analysis tool is to extract a PN model of the lant and the SC secification based on a formal descrition of the secification above. A ossible solution is the PN model of the lant is shown in Figure and the SC secification given in the inequalities (1) (4). In the lant model of Figure, the rocessing sequence is shown to the left and the states of the conveyor to the right. To incororate the effect of rocessing delays, a rocessing ste is modeled by a controllable transition, an uncontrollable transition, and a lace, as shown in Figure 3. The controllable transition is fired when the command is issued and the uncontrollable transition is fired after the 978-1-444-745-7/10/$6.00 010 AACC 3378

SC secs HLL Secification Analysis DES model (lant) Suervisory Control DES and suervisor Code Generation Fig. 1. Outline of the rogram synthesis aroach. Bring A t 5 t 7 7 Bring B 1 Stoed t 4 t 5 t 7 C C 4 A brought 6 t 6 t 8 B brought Run t t 1 3 t Running Sto 3 t 6 7 t 8 1 t 4 t 1 t 3 t Assemble C t 9 CONVEYOR 6 3 t 9 9 C 1 C 3 C assembled t 10 9 controllable t 10 10 C removed t 11 uncontrollable 10 t 11 Fig.. Plant model. Fig. 4. Plant and suervisor. Fig. 3. Issue Command Command Executed A ossible way to model rocessing delays. command has been executed. For instance, in Figure, t 1 is fired when the command to turn on the conveyor is issued and t is fired when the conveyor is on. Finally, the following inequalities on the marking of the PN exress the remaining requirements of the secification. Note that µ i denotes the marking of the lace i. µ 6 + µ 9 + µ 10 1 (1) µ 6 + µ 9 + µ + µ 3 + µ 4 1 () µ 8 + µ 9 + µ 10 1 (3) µ 8 + µ 9 + µ + µ 3 + µ 4 1 (4) The inequality (1) exresses the requirement that only one art A should be laced on the conveyor. Further, () describes the requirement that the conveyor should not move from the time a art A is laced until the time when the arts A and B are assembled. The inequalities (3) and (4) exresses the similar requirements for the arts B. The suervisor enforcing (1) (4) could be designed following any of the literature SC aroaches. The rocedure resented in this aer is not limited to a articular set of SC methods. If [5] and [14] are followed, the inequalities (1) (4) are transformed to an admissible form that accounts for the artial controllability of the lant: µ 5 + µ 6 + µ 9 + µ 10 1 (5) µ 5 + µ 6 + µ 9 + µ + µ 3 + µ 4 1 (6) µ 7 + µ 8 + µ 9 + µ 10 1 (7) µ 7 + µ 8 + µ 9 + µ + µ 3 + µ 4 1 (8) The inequalities (5) (8) are imlemented by the laces C 1,, C 4 shown in Figure 4. In this examle we could associate software rocesses with the oeration sequences of the arts A, B, and C and with the conveyor. SC rovides a way to generate a coordination strategy of these rocesses such that the secified outcome is achieved. While here we have used a manufacturing examle, coordination needs arise also in urely software alications. III. PETRI NET REPRESENTATION OF PROGRAMS In this roject, a rogram consists of a number of rocesses running concurrently. The structure of each rocess 3379

1 a 3 1 a 3 e e e h f h f g 6 g b b g 7 6 7 b c d c d (a) (b) (c) (d) Fig. 5. PNs that reresent rograms are a comosition of state machine comonents. Note that the transitions with the same label are comosed. is reresented by a PN. The laces of the PN corresond to oerations erformed by the rocess. The transitions may be labeled by conditions, indicating which transition should be taken when there is a choice. Each PN token corresonds to a rocess. As a token moves from one lace to another, the execution of the corresonding rocess rogresses from one set of oerations to another. Thus, the various laces of the PN corresond to different stages in the execution of the rocess. We will denote by HPN (high level PN) a PN in which laces are labeled with instructions and transitions with conditions. In general, PN transitions may have multile inut laces and multile outut laces. The effect of firing such transitions is made recise by describing the PN structure by means of tules of the form ( 1, t, ), (, t), and (t, ), where 1,, and stand for laces and t for a transition. A ( 1, t, ) tule indicates that the PN has one arc from 1 to t and of one arc from t to. Further, when the transition t is fired, a rocess in the stage 1 continues with the stage. A (, t) air indicates that the PN has one arc from to t. Further, when the transition t is fired, a rocess in the stage terminates. A (t, ) air indicates that the PN has one arc from t to. Further, when the transition t is fired, a new rocess is created and the rocess begins in the stage. The descrition above can be alied to PNs with arbitrary weights, since reeated arcs could be used to indicate weights greater than one. Note that when a lace has multile outut transitions, if the transitions are labeled with conditions, a rocess in the stage will select the next transition to be fired based on the conditions labeling the transitions. On the contrary, if the transitions do not have conditions and there is no code associated with to select the next transition, the choice of the next transition may be made by the suervisor. Transitions with a single inut lace are fired immediately, unless controlled by a suervisor rocess. However, transitions controlled by a suervisor or involving more than one inut lace cannot be fired immediately. Rather, a rocess sends a request to fire such a transition and then waits for ermission. After ermission is granted, the signals PROCESS 1 Fig. 6. COORDINATOR PROCESS PROCESS PROCESS M Imlementation of the secification. rocess goes on with the next stage. Note that a PN may have more than one token. Each token of the PN corresonds to a different instance of the rogram associated with the PN. Note also that multile tokens in the same lace are allowed. This situation corresonds to multile rocesses in the same execution stage. By examining the way PNs are used to reresent rograms, it becomes aarent that the reachable stages and transitions of any software rocess form a state machine. That is, for any given initial osition of a token in the PN, a state machine will describe the ossible stages and transitions of the rocess associated with the token. Moreover, the PN can be seen as a arallel comosition of state machines. An examle of comosition of state machine comonents into a PN is shown in Figure 5. Therefore, without loss of generality, state machines rather than general PNs can be associated with rocesses. However, unlike to the tyical definition of state machines, note that here arbitrary markings and arbitrary arc weights are allowed. Moreover, note that associating state machines with rocesses does not simlify the SC roblem, since the arallel comosition of state machines can result in arbitrary PNs that are not necessarily state machines. IV. CODE GENERATION Code is generated according to the coordinator architecture shown in Figure 6. Thus, the result of software 3380

.. SPECS FILE SPECS FILE Fig. 8. Fig. 7. SOFTWARE SYNTHESIS TOOLS ANALYSIS LIBRARIES MAKE FILE PROC TYPE 1.C. MAKE. PROC TYPE N.C SUPERVISOR.C How the software synthesis tools are alied. SC SPECS HPN 1 HPN. HPN N SUPERVISORY CONTROL CODE SUPERVISOR GENERATION PROC TYPE 1.EXE PROC TYPE N.EXE SUPERVISOR.EXE SUPERVISOR.C PROC TYPE 1.C PROC TYPE.C. PROC TYPE N.C The software synthesis rocedure. HPN stands for high level PN. synthesis consists of a number of alication rocesses and a coordinator rocess. The alication rocesses corresond to rocesses defined in the secification. The coordinator rocess corresonds to the software imlementation of the constraints given in the secification. Thus, the coordinator rocess reresents the suervisor generated by means of SC. The suervisor (coordinator) exchanges messages with the other rocesses to ensure that their oeration resects the constraints given in the secification. Note that the number of rocesses is variable. Processes may terminate and new rocesses may be created, as described in the secification. While Figure 6 shows a single coordinator rocess, a decentralized or distributed aroach is ossible by using the corresonding SC methods. Note that a distinction is made here between rocesses and rocess tyes. Several rocesses may have the same rocess tye, that is, the same executable code. The code of the suervisor and the code of the rocess tyes is generated as shown in Figure 7, where the software synthesis rocedure is outlined in Figure 8. The coordinator aroach is illustrated here on the examle of section II. The coordinator will use four variables m 1 m 4, each corresonding to the marking of the suervisor laces C 1 C 4. The coordinator rocess is notified by the conveyor rocess each time t 4 is fired and by the assembly rocess each time t 10 and t 11 are fired. Further, before firing one of t 1, t 5, or t 7, the conveyor and the assembly rocesses request ermission from the coordinator. The coordinator determines whether t 1, t 5, and t 7 are enabled or disabled based on the solution shown in Figure 4. For instance, the coordinator enables t 1 if m 1 and m 4 1. Further, if ermission to fire t 1 is granted, m and m 4 are decremented. Similarly, if the firing of t 4 or t 10 is announced, m and m 4 are incremented. In code generation, secial attention is given to transition synchronization. Synchronization is imlemented by a coordinator rocess. When an alication rocess is ready to fire a transition t that is synchronized with other transitions, the rocess requests the coordinator ermission to fire t. Permission is granted when all other rocesses involved in the synchronization are ready. Transitions are classified as follows. A transition is controlled if the suervisory olicy disables it in certain circumstances. A transition is observed if its firings must be communicated to the suervisor. Further, t is a synchronization transition if t and there is t of a different rocess tye that has the same label and satisfies t. Moreover, if two transitions of two different rocess tyes have the same label, one of them has one outut lace but no inut lace, and none is a synchronization transition, then they are action transitions. For examle, in Figure 5(a) (c) the transitions of label e are synchronization transitions and the transitions of label b are action transitions. Note that transitions with one outut lace and no inut lace create new rocesses. Thus, when an action transition takes lace, the coordinator rocess is notified in order to generate the corresonding new rocesses. Based on the communications needs for each transition and the suervisory olicy, code generation algorithms can be develoed [17]. V. THE SPECIFICATION LANGUAGE As reviously mentioned, in our aroach (Figure 1) the secification is given in a high level secification language (HLL). As shown in Figure 8, based on the secification, a number of high level PNs (HPNs) and a suervisory control (SC) secification are extracted. Note that using HPNs instead of lace transition nets (P/T nets) is necessary due to the fact that the latter do not have the ower of Turing machines. Thus, rocesses are reresented by PNs in which laces are associated with low level code and transitions with conditions. However, this means that only the art of the secification exressed by PNs is addressed by the synthesis tools. Thus, the SC tools would only guarantee correctness for the subroblem associated with the PN structure extracted from the HLL rogram. This is because the SC tools do not take in account the low level code sections. The low level code sections embedded in the secification are simly coied, as aroriate, to the outut files. In this resect our aroach resembles the aroach taken in other rogram synthesis tools, such as lexical analyzer generators and arser generators. While the HLL will allow sections of low level code, the HLL has to rovide other ways to secify the software arts that are difficult to write manually, so that they are generated automatically. Thus, in the context of concurrent rogramming, the HLL has to address the various synchronization constraints that may be needed. 3381

The role of the HLL is to allow for rograms that are both comact and very readable. The HLL should allow users not familiar with PNs to easily generate correct code. Further, a secification written in the HLL is exected to be considerably more comact than the PN reresentation of the secification and much more comact than the result of the SC and code generation stes. Indeed, the high level secification would not detail how to imlement requirements such as mutual exclusion or liveness. Such details would be handled by the SC tools. Thus, the user would focus more on what needs to be done and less on how it should be done. Moreover, since the high level secification is more comact, the rogrammer would have less code to check for errors. VI. SUPERVISORY CONTROL In the context of concurrent rograms, SC secifications could involve constraints exressed by inequalities, such as (1) (4), constraints involving disjunctions of inequalities [15], and constraints described in terms of languages. The ability to enforce liveness or reversibility is also of great imortance. Secific to concurrent rogramming alications is also the fairness requirement. In its most basic form, it requires that regardless of external events, a rocess waiting for a resource will eventually get access to it. Some of the fairness constraints can be exressed in terms of marking inequalities or Parikh vector inequalities [13]. While some of the aforementioned secifications have simle solutions when the lant is fully controllable and observable, note that artial controllability and observability can arise in certain contexts. Uncontrollable and/or unobservable transitions may be needed in any of the following contexts: - A decentralized environment in which the transitions of one entity are unobservable and uncontrollable to the other entities. - An embedded system environment in which transitions are controllable when they can be controlled by actuators and observable when they can be detected based on sensor information. - A transition associated with an interrut can be considered uncontrollable (such as in [8]). - For certain SC roblems (such as liveness enforcement), transitions labeled by conditions have to be considered uncontrollable. Currently, the SC methods used in this roject are those imlemented in [1]. However, all available SC methods are of interest, including automata based methods. Of secial interest for future work are algorithms and heuristics to find the methods that suit best a given lant and secification. VII. LITERATURE REVIEW Due to the advent of multicore microrocessors, software tools that convert sequential code to arallel code have become increasingly imortant. However, such tools do not affect the need for concurrent rogramming. Exceting secial cases, they cannot convert a sequential algorithm to a arallel algorithm. Thus, concurrent rogramming is still necessary and remains difficult. The alication of the SC, as roosed here, could hel by automating certain asects of the develoment of concurrent rograms, esecially the asects related to the coordination of concurrent tasks. When this aroach is alied, tools converting sequential code to arallel code remain very useful, as they could imrove the execution time of the sequential segments of code of the concurrent rocesses. Note that our roject deals with the develoment of concurrent secifications and not with the conversion of sequential code to arallel code. Related to the SC theory is the aroach for rogram synthesis for reactive systems [19], [8]. The roblem is to synthesize a rogram based on a secification described in temoral logic. In terms of the SC terminology, a rogram would corresond to a suervisor. While currently our roject does not consider temoral logic secifications, these and other classes of secifications could be incororated in the future in order to increase the area of alications. The modeling and analysis of concurrent rograms using PNs has been considered before, such as in [7] and references therein. A software tool PEP has been created for the develoment, verification, and simulation of arallel rograms [], [9]. Comaring our aroach with the aroach of the PEP tool, note that the inut is described by a secification language in our work and by a low-level language in PEP. Our aroach could be used to assist the rogrammer in writing a low-level secification, while the PEP tool can be used to verify a low-level secification. Among other PN based verification aroaches, we mention [6], [6], [7] for Ada rograms. Note that our roject is on correct-by-construction synthesis, not on verification. The scheduling roblem, dealing with the execution order of concurrent tasks, has been aroached based on PN models in references such as [8], [0], [3], [4], [30]. Tyically, the results are on the sequential execution of concurrent rograms on hardware with a single comutational resource. Most often reachability analysis is used for synthesis, though there are also structural results, such as in [4]. Note that in our roject SC is to be used to assist the rogrammer in writing concurrent rograms, not just in solving the scheduling roblem based on a given concurrent rogram. Further, the intent is to focus on structural SC methods, in an attemt to avoid the state exlosion roblem of reachability based methods. Related is also the work on hardware/software codesign of [5]. There, the secification is written in a language such as Esterel [10], from which a network of codesign finite state machines (CFSMs) is extracted. Note that networks of CFSMs corresond to safe PNs [16]. Comared to our roject, while individual rocesses are modeled by state machines, the arallel comosition of the rocess models results in PNs that are tyically not safe. Moreover, we intend to use secifications at a higher level. 338

An aroach for finding and correcting otential deadlock situations in software aears in [3]. Given a rogram, a PN model is extracted first. Then, a liveness enforcing suervisor is generated. Finally, the liveness enforcement suervisor is imlemented by additional lines of code in the original rogram. This aroach has been imlemented in the software tool GADARA. Comared to our roject, we deal with rogram synthesis instead of rograms that are already written. In our roject, SC is alied not only for liveness enforcement but also to automate code generation for other requirements that can be exressed in terms of SC secifications. The alication of SC methods to software engineering has also been considered in [1], []. Moreover, certain comuter science methods, such as redicate control for distributed comutations [31] and the aforementioned scheduling aroaches, can be seen as SC methods [16]. The aroaches used to generate control software are also related to the SC. In [11], [9], control software is obtained based on condition system models. Given a condition system model and a secification language describing a sequence of states that the system should follow, control software is automatically generated [3]. Control software can also be generated using the tool Suremica [18], [4] based on finite automata secifications and methods. Note that in our roject, by using PN models, it is ossible to take advantage of both PN methods and automata methods, as automata reresent the reachability sace of PNs. Further, comared to [11], [9], we intend to use more general secifications. VIII. CONCLUSION This aer rooses the alication of suervisory control (SC) for the automatic synthesis of concurrent rograms. The roosed aroach involves three stes. Starting with a rogram descrition written in a high level secification language, a Petri net model and an SC secification is extracted. Then, a suervisor is generated using SC methods. Finally, the suervisor is converted to low level code. SC is of interest because various high level requirements can be seen as suervisory control (SC) secifications. Thus, SC methods or similar methods from related areas of research have to be alied in order to achieve a high degree of automation of the rogramming rocess. REFERENCES [1] A Concurrency Tool Suite. www.letu.edu/eole/marianiordache/acts. [] PEP homeage. htt://arsys.informatik.uni-oldenburg.de/ e. [3] Sectool homeage. htt://www.engr.uky.edu/ holloway/sectool. [4] Suremica homeage. htt://www.suremica.org. [5] F. Balarin et al. Hardware-Software Co-Design of Embedded Systems: The Polis Aroach. Kluwer Academic Publishers, 1997. [6] K. Barkaoui and J.-F. Pradat-Peyre. Verification in concurrent rogramming with Petri nets structural techniques. In High-Assurance Systems Engineering Symosium, ages 14 133, 1998. [7] E. Best, R. Devillers, and M. Koutny. Petri nets, rocess algebras and concurrent rogramming languages. In Lectures on Petri Nets II: Alications, vol. 149 of LNCS, ages 1 84. Sringer, 1998. [8] J. Cortadella et al. Task generation and comile-time scheduling for mixed data-control embedded software. In Proc. Design Automation Conf., ages 489 494, 000. [9] B. Grahlmann. The PEP tool. In Grumberg, O., editor, Comuter Aided Verification, volume 154 of Lecture Notes in Comuter Science, ages 440 443. Sringer-Verlag, 1997. [10] N. Halbwachs. Synchronous Programming of Reactive Systems. Kluwer Academic, 1993. [11] L. E. Holloway, X. Guan, and R. Sundaravadivelu. Automated synthesis and comosition of taskblocks for control of manufacturing systems. IEEE Trans. Syst. Man Cyber. Part B, 30(5):696 71, 000. [1] M. V. Iordache and P. J. Antsaklis. Software tools for the suervisory control of Petri nets based on lace invariants. Technical reort isis- 00-003, University of Notre Dame, Aril 00. [13] M. V. Iordache and P. J. Antsaklis. Suervision based on lace invariants: A survey. Discrete Event Dynamic Systems, 16:451 49, 006. [14] M. V. Iordache and P. J. Antsaklis. Suervisory Control of Concurrent Systems: A Petri Net Structural Aroach. Birkhäuser, 006. [15] M. V. Iordache and P. J. Antsaklis. Petri net suervisors for disjunctive constraints. In Proc. 007 ACC, ages 4951 4956, 007. [16] M. V. Iordache and P. J. Antsaklis. Petri nets and rogramming: A survey. In Proc. 009 ACC, ages 4994 4999, 009. [17] M. V. Iordache and P. J. Antsaklis. Synthesis of concurrent rograms based on suervisory control. Technical reort isis-009-005, University of Notre Dame, Setember 009. [18] K. Åkesson, M. Fabian, H. Flordal, and R. Malik. Suremica an integrated environment for verification, synthesis and simulation of discrete event systems. In Proc. 8th Internat. Worksho on Discrete Event Systems, ages 384 385, 006. [19] O. Kuferman and M. Vardi. Church s roblem revisited. The Bulletin of Symbolic Logic, 5():45 63, 1999. [0] E. A. Lee and D. G. Messerschmitt. Static scheduling of synchronous data flow rograms for digital signal rocessing. IEEE Transactions on Comuters, 36(1):4 35, 1987. [1] M. Lemmon and K. He. Suervisory lug-ins for distributed software. In Proc. Worksho on Software Engineering and Petri Nets, ages 155 17. University of Aarhus, 000. [] M. Lemmon, K. He, and S. Shatz. Dynamic reconfiguration of software objects using Petri nets and network unfolding. In Proc. IEEE Internat. Conf. Syst. Man Cyber., ages 3069 3074, 000. [3] B. Lin. Software synthesis of rocess-based concurrent rograms. In Proc. Design Automation Conf., ages 50 505, 1998. [4] C. Liu et al. Schedulability analysis of Petri nets based on structural roerties. In IEEE Internat. Conf. on Alication of Concurrency to System Design, 006. [5] J. O. Moody and P. J. Antsaklis. Suervisory Control of Discrete Event Systems Using Petri Nets. Kluwer Academic Publishers, 1998. [6] T. Murata, B. Shenker, and S. M. Shatz. Detection of Ada static deadlocks using Petri net invariants. IEEE Transactions on Software Engineering, 15(3):314 36, 1989. [7] M. Notomi and T. Murata. Hierarchical reachability grah of bounded Petri nets for concurrent-software analysis. IEEE Transactions on Software Engineering, 0(5):35 336, 1994. [8] A. Pnueli and R. Rosner. On the synthesis of a reactive module. In Proc. ACM Sym. Princiles of Programming Languages, ages 179 190, 1989. [9] D. Shewa, J. Ashley, and L. Holloway. Sectool.4 beta: A research tool for modular modeling, analysis, and synthesis of discrete event systems. In Proc. 8th Internat. Worksho on Discrete Event Systems, ages 477 478, 006. [30] F.-S. Su and P.-A. Hsiung. Extended quasi-static scheduling for formal synthesis and code generation of embedded software. In Proc. Internat. Sym. on Hardware/Software Codesign, ages 11 16, 00. [31] A. Tarafdar and V. K. Garg. Predicate control: synchronization in distributed comutations with look-ahead. Journal of Parallel and Distributed Comuting, ages 19 37, 004. [3] Y. Wang, T. Kelly, M. Kudlur, S. Mahlke, and S. Lafortune. The alication of suervisory control to deadlock avoidance in concurrent software. In Proc. 9th Internat. Worksho on Discrete Event Systems, ages 87 9, 008. 3383

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information