Timing Architecture for ESS

Programa Oficial de Doutoramento en Investigación en Tecnoloxías da Información. 5023V01[Resumo] O sistema de temporización é unha compoñente fundamental para o control e sincronización de instalacións industriais e científicas, coma aceleradores de partículas. Nesta tese traballamos na especificación e desenvolvemento do sistema de temporización para a European Spallation Source (ESS), a maior fonte de neutróns actualmente en construción. Abordamos este tra­ ballo a dous niveis: a especificación do sistema de temporización, e a imple­ mentación física de sistemas de control empregando circuítos reconfigurables. Con respecto á especificación do sistema de temporización, deseñamos e implementamos a configuración do protocolo de temporización para cumprir cos requirimentos do ESS e ideamos un modo de operación e unha aplicación para a configuración e control do sistema de temporización. Tamén presentamos unha ferramenta e unha metodoloxía para imple­ mentar sistemas de control empregando FPGAs, coma os nodos do sistema de temporización. ámbalas <lúas están baseadas en statecharts, unha repre­ sentación gráfica de sistemas que expande o concepto de máquinas de estados finitos, orientada a sistemas que necesitan ser reconfigurados rápidamente en múltiples localizacións minimizando a posibilidade de erros. A ferramenta crea automaticamente código VHDL sintetizable a partir do statechart do sistema. A metodoloxía explica o procedemento para implementar o state­ chart como unha arquitectura microprogramada en FPGAs.[Resumen] El sistema de temporización es un componente fundamental para el control y sincronización de instalaciones industriales y científicas, como aceleradores e partículas. En esta tesis trabajamos en la especificación y desarrollo el sistema de temporización para la European Spallation Source (ESS), la mayor fuente de neutrones actualmente en construcción. Abordamos este trabajo en dos niveles: la especificación del sistema de temporización, y la mplementación física de sistemas de control empleando circuitos reconfig­ rables. Con respecto a la especificación del sistema de temporización, diseñamos e implementamos la configuración del protocolo de temporización para cumplir on los requisitos de ESS e ideamos un modo de operación y una aplicación ara la configuración y control del sistema de temporización. También presentamos una herramienta y una metodología para imple­ entar sistemas de control empleando FPGAs, como los nodos del sistema e temporización. Ambas están basadas en statecharts) una representación gráfica de sistemas que expande el concepto de máquinas de estados fini­ os, orientada a sistemas que necesitan ser reconfigurados rápidamente en últiples localizaciones minimizando la posibilidad de errores. La her­ramienta crea automáticamente código VHDL sintetizable a partir del state­chart del sistema. La metodología explica el procedimiento para implemen­tar el statechart como una arquitectura microprogramada en FPGAs.[Abstract] The timing system is a key component for the control and synchronization of industrial and scientific facilities, such as particle accelerators. In this thesis we tackle the specification and development of the timing system for the European Spallation Source (ESS), the largest neutron source currently in construction. We approach this work at two levels: the specification of the timing system and the physical implementation of control systems using reconfigurable hardware. Regarding the specification of the timing system, we designed and imple­ mented the configuration of the timing protocol to fulfil the requirements of ESS and devised an operation mode andan application for the configuration and control of the timing system. We also present one too! and one methodology to implement control systems using FPGAs, such as the nodes of the timing system. Both are based on statecharts, a graphical representation of systems that expand the concepts of Finite State Machines, targeted at systems that need to be re­ configured quickly in multiple locations minimizing the chance of errors. The too! automatically creates synthesizable VHDL code from a statechart of the system. The methodology explains the procedure to implement the statechart as a microprogrammed architecture in FPGAs

Tool Support for a Method and a Language Integrating Model Refinements and Project Management

International audienceComplexity of Embedded Systeme (ES) development is increasing due of several cumulative sources. Some of them are directly related to constraints on the ES themselves, like computing power, resource constraints, and multi- or many-core programming, while other are related to the industrial context, like teamwork and parallelisation of concurrent development. In this paper we present CanHOE2, a Model Driven Engineering (MDE) tool that addresses two issues of ES development: expression of parallelism by means of objects and Hierarchical State Machines (HSM), and teamwork synchronisation

Synthesis and simulation of reprogrammable control units from hierarchical specifications

Doutoramento em Engenharia ElectrotécnicaAs máquinas finitas de estados (FSM) têm sido usadas para especificar e implementar unidades de controlo e têm sido um assunto de grande importância nas últimas cinco décadas. Devido ao aumento da complexidade das unidades de controlo e uma vez que o modelo FSM não permite descrições hierárquicas e concorrentes, novos modelos formais que suportam hierarquia e concorrência têm sido propostos com o objectivo de ultrapassar as limitações do modelo FSM e que permitem a especificação de unidades de controlo complexas usando uma metodologia de decomposição hierarquizada. Apesar disso não têm sido propostas arquitecturas de máquinas finitas de estados hierárquicas, com excepção das máquinas construídas com memória stack, que possam ser vistas como uma máquina integral que implementa internamente e de forma eficiente a transição entre os diferentes níveis hierárquicos da máquina. Esta tese aborda a síntese de máquinas de estados especificadas hierarquicamente e propõe duas arquitecturas de máquinas hierárquicas (HFSM) e uma máquina paralela hierárquica (PHFSM) contruídas com memória stack, que são flexíveis, extensíveis e reutilizáveis. Apresenta também, a metodologia de síntese lógica que permite construir a tabela de transição de estados a partir da especificação hierárquica, tabela essa que é utilizada na implementação dos modelos propostos. Considerando que é altamente recomendável a utilização de modelos formais que permitam descrições hierárquicas e concorrentes na especificação de unidades de controlo complexas, os modelos de grafos hierárquicos (HGS) e grafos paralelos hierárquicos (PHGS) são apresentados e são feitas algumas considerações acerca da sua utilização, execução e correcção. É ainda explicado como se pode validar a especificação hierárquica da funcionalidade de unidades de controlo complexas através da verificação automática e simulação da especificação baseada em HGSs. Os modelos propostos de máquinas de estados são apresentados detalhadamente tendo em atenção o seu funcionamento, implementação interna baseada em memórias e sincronização, bem como as novas facilidades de flexibilidade e extensibilidade que estes modelos apresentam. É apresentada a metodologia manual da síntese lógica que é necessário implementar a partir das especificações hierárquicas baseadas em HGSs ou PHGSs de forma a construir a tabela de transição de estados que especifica a máquina hierárquica ou paralela hierárquica, para as máquinas de estados de Moore, Mealy ou mista Moore/Mealy. É também apresentado um programa que implementa automaticamente a síntese lógica dos dois modelos de máquinas de estados hierárquicas propostos a partir da especificação feita com HGSs. Os modelos de arquitecturas propostas, bem como a metodologia de síntese, foram validadas através de uma simulação em VHDL que foi feita usando as ferramentas de simulação da Synopsys.Finite state machines (FSM) have been a topic of great importance in the last five decades and have been used to specify and implement control units. Due to the increasing complexity of control units and since the FSM model does not explicitly support hierarchy and concurrency, new state-based models with hierarchical and concurrent constructions were proposed in order to overcome the limitations of the conventional FSM model and allowing the specification of complex control units in a top-down manner. Still, there are not many hierarchical FSM architectures (HFSM) that have been proposed to implement those hierarchical specifications and most of them cannot be seen as a whole FSM implementing internally in an efficient way the switching between the different hierarchical levels of the machine, except for the HFSM with stack memory. This thesis tackles the synthesis of FSMs from hierarchical specifications and proposes two HFSMs and a parallel hierarchical FSM (PHFSM) with stack memory that can provide such facilities as flexibility, extensibility and reusability. It also presents the synthesis methodology from hierarchical specifications to the generation of state transition tables that can be used to carry out the logic synthesis of the proposed HFSM models. Considering that the use of formal state-based models that provide hierarchical and concurrent constructions is highly recommended for specifying complex control units, hierarchical graph-schemes (HGS) and parallel hierarchical graphschemes (PHGS) are used and some considerations about their execution and correctness are presented. It is also explained how HGSs can be used to specify a control algorithm and how it is possible to verify automatically its correctness and to validate the intended functionality through simulation. Using the first model of a HFSM with stack memory as a starting model, two new models that can provide flexibility, extensibility and reusability and a PHFSM model that combines hierarchy and pseudo-parallel execution of operations are proposed. Their functionality, flexibility, extensibility, synchronisation and internal realisation are fully explained. To implement a control unit specified with a set of HGSs/PHGSs it is necessary to perform the first step of the sequential logic synthesis, taking in consideration the pretended target model. The manual synthesis methodology required to build the state transition table of a HFSM/PHFSM starting from a hierarchical specification based on HGSs/PHGSs is explained for a Moore, a Mealy and a mixed Moore/Mealy FSM. A tool that automatically performs this first step for the two HFSM models proposed is also presented. In order to validate the proposed HFSM/PHFSM models and their synthesis, the models were described in VHDL for a LUT-based implementation and simulated using the Synopsys simulation tools

GRL: A Specification Language for Globally Asynchronous Locally Synchronous Systems

International audienceA GALS (Globally Asynchronous, Locally Synchronous) system consists of several synchronous subsystems that evolve concurrently and interact with each other asynchronously. Most formalisms and design tools support either the synchronous paradigm or the asynchronous paradigm but rarely combine both, which requires an intricate modeling of GALS systems. In this paper, we present a new language, called GRL (GALS Representation Language) designed to model GALS systems in an abstract and versatile manner for the purpose of formal verification. GRL has formal semantics combining the synchronous reactive model underlying dataflow languages and the asynchronous concurrent model underlying process algebras. We present the basic concepts and the main constructs of the language, together with an illustrative example

Generierung von effizienten Security-/Safety-Monitoren aus modellbasierten Beschreibungen

Computer werden heute zunehmend durch kleine Recheneinheiten mit Sensoren zur Erfassung der Außenwelt ergänzt. Diese Recheneinheiten kommunizieren untereinander und mit externen Einheiten, um Informationen weiterzugeben und sich untereinander abzustimmen. Hierdurch findet auch eine Öffnung von sicherheitskritischen eingebetteten Systemen nach außen statt. Die Systeme können nun entweder direkt oder indirekt über zusätzliche Einheiten angegriffen werden. Des Weiteren ist die auf eingebetteten Systemen eingesetzte Software durch beschränkte Ressourcen auf das Nötigste reduziert und bietet keine komplexen Sicherheitsmechanismen. Maßnahmen wie Testen von Software kann deren Fehlerfreiheit nicht sicherstellen. In realen Systemen ist zudem davon auszugehen, dass nicht bekannte Fehler existieren, die u.a. auch von Angreifern ausgenutzt werden können. Die Laufzeitüberwachung solcher Systeme hat sich als geeignet erwiesen, um auch unbekannte Angriffe und Fehler zu erkennen. Zur Spezifikation solcher Laufzeitmonitore über Beschreibungen (Signaturen) von erlaubtem und verbotenem Verhalten haben sich viele verschiedene Spezifikationssprachen herausgebildet. Diese basieren auf verschiedensten Modellierungskonzepten. Zur Generierung von Monitoren aus diesen Spezifikationen in Software und Hardware müssen für die unterschiedlichen Sprachen verschiedenste Codegeneratoren erstellt werden. Des Weiteren besitzen einige der gewöhnlich verwendeten einfach zu verstehenden Spezifikationssprachen keine formalisierte Syntax und Semantik. In dieser Arbeit wird zusammen mit [Pat14] der Model-based Security/Safety Monitor (MBSecMon)-Entwicklungsprozess vorgestellt. Dieser umfasst parallel zu dem eigentlichen Softwareentwicklungsprozess des zu überwachenden Systems die Spezifikation, die Generierung und die Einbindung von Laufzeitmonitoren. Ziel dieser Arbeit ist die Definition einer formal definierten Zwischensprache zur Repräsentation stark verschränkter nebenläufiger Kommunikationen. Zu ihrer Entwicklung werden Anforderungen basierend auf existierenden Arbeiten aufgestellt. Auf Grundlage dieser Anforderungen wird die Zwischensprache Monitor-Petrinetze (MPN) entworfen und formal definiert. Diese Zwischensprache unterstützt die Repräsentation von Signaturen, die in verschiedensten Spezifikationssprachen modelliert sind, und die Generierung von effizienten Laufzeitmonitoren für unterschiedliche Zielplattformen. Die MPNs sind ein auf Petrinetzen basierender Formalismus, der um Konzepte der Laufzeitüberwachung erweitert wurde. Es wird gezeigt, dass die MPN-Sprache alle ermittelten Anforderungen an eine solche Zwischensprache, bis auf ein Hierarchisierungskonzept für Ereignisse, das in dieser Arbeit nicht behandelt wird, erfüllt. Die MPN-Sprache wird in einem prototypischen Werkzeug zur Monitorgenerierung eingesetzt. Dieses unterstützt die MBSecMon-Spezifikationssprache [Pat14] als Eingabesprache und verwendet die MPN-Sprache als Zwischenrepräsentation zur Monitorgenerierung für verschiedenste Plattformen und Zielsprachen. Die generierten Monitore werden auf ihr Laufzeitverhalten und ihren Speicherverbrauch evaluiert. Es hat sich gezeigt, dass sich die MPN-Sprache trotz ihrer hohen Ausdrucksstärke zur einfachen Generierung effizienter Laufzeitmonitore für verschiedenste Plattformen und Zielsprachen eignet

Application of object-orientation to HDL-based designs

The increase in the scale of VLSI circuits over the last two decades has been of great importance to the development process. To cope with this ever­growing design complexity. new development techniques and methodologies have been researched and applied. The early 90's have witnessed the uptake of a new kind of design methodology based on Hardware Description Languages (HDL). This methodology has helped to master the possibilities inherent in our ability to manufacture ever-larger designs. However. while HDL based design methodology is sufficient to address today's standard ASIC sizes, it reaches its limits when considering tomorrow's design scales. Already. RISC processor chip descriptions can contain tens of thousands of HDLlines. Object-Oriented design methodology has recently had a considerable Impact in the software design community as it is tightly coupled with the handling of complex systems. Object-Orientation concentrates on data rather than functions since. throughout the design process. data are more stable than functions. Methodologies for both hardware and software have been introduced through the application of HDLs to hardware design. Common design constructs and principles that have proved successful in software language development should therefore be considered in order to assess their suitability for HDLs based designs. A new methodology was created to emphasise on encapsulation. abstraction and classification of designs. using standard VHDL constructs. This achieves higher levels of modelling along with an Improved reusability through design inheritance. The development of extended semantics for integrating Object-Orientation in the VHDL language is described. Comparisons are made between the modelling abilities of the proposed extension and other competing proposals. A UNIX based Object-Oriented to standard VHDL pre-processor is described along with translation techniques and their issues related to synthesis and simulation. This tool permitted validation of the new design methodology by application to existing design problems

The VAT tool : automatic transformation of VHDL to timed automata

Thesis (S.M.)--Massachusetts Institute of Technology, Dept. of Aeronautics and Astronautics, 2004.Includes bibliographical references (leaves 61-66).Embedded systems have become an integral part of the systems we use today. These types of systems are constrained by both stringent time requirements and limited resource availability. Traditionally, high-integrity embedded systems operated on well understood hardware platforms. The emergence of inexpensive FPGAs (Field Programmable Gate Arrays) and ASICs (Application Specific Integrated Circuits) as operational platforms for embedded software, has resulted in the system developer having to verify both the hardware and the software components. The stringent processes used over the system development lifecycle have to be augmented to account for this paradigm shift. One possible approach is to create a homogenous formal model that accounts for both the hardware and the software components of the system. This thesis focuses on making a contribution to the extraction of formal models from the VHDL specification of the operational platform. The research underlying this thesis was driven by the goals of: a) augmenting the system developer's verification and validation toolbox with a powerful yet easy-to-use tool; b) developing a tool that is modular, extensible, and adaptable to changing customer requirements; c) providing a transparent transformation process, which can be leveraged by both academia and industry. The thesis discusses in detail, the design and development of the VAT tool, that transforms VHDL specifications into finite state machines. It discusses the use of model checking on the extracted formal model and presents a visualization technique that enables manual inspection of the formal model.by Carl Nehme.S.M

Reactive processing for synchronous languages and its worst case reaction time analysis

Many embedded systems belong to the class of reactive systems. These are systems that have to react continuously to the environment at a rate that is determined by the environment. Reactive systems have two specific characteristics : their control flow requires concurrency and preemption, and, since the reactive systems are often safety-critical, we must be able to prove the correctness of the behavior and of the timing. To implement reactive systems, the synchronous languages were developed, which have a clear mathematical semantics and allow the expression of concurrency and preemption in a deterministic way. Programs in a synchronous language can be either compiled to software and run on a common processor, they can be synthesized to a hardware description, or a software/hardware co-design approach can be taken. However, the compilation of synchronous hardware into efficient code is not trivial. To improve the efficiency of the execution and at the same time simplify the compilation, reactive processors were introduced, which have an instruction set architecture that is inspired by synchronous languages. In particular, reactive processors have direct support for preemption and concurrency. Furthermore, these processors optimize the worst case reaction time, in contrast to common processors which optimize the average case reaction time. This simplifies the timing analysis, which is necessary to prove that a system meets its timing requirements. This thesis presents three contributions to reactive systems: - A formal semantics is given to the Kiel Esterel Processor (KEP), a reactive processor to execute the synchronous language Esterel. Also a compilation scheme from SyncCharts to the KEP assembler is presented, in addition to the existing compilation from Esterel into KEP assembler. - The Kiel Lustre Processor is introduced, a reactive processor for the synchronous dataflow language Lustre, which allows true parallel execution with multiple processing units. - Different approaches for the worst case reaction time analysis of KEP programs are presented: a search for the longest execution path in the KEP assembler, a formal modeling of the execution times based on interface algebras. Also an approach to use model checking to analyze the reaction time is applied to the KEP