e n d < activity_nam e>;In D efin itio n 2, th e fo rm u la asso ciated w ith require defines-T he p ro p erties w hich m u st be satisfied by th e values of in p u t variables; the fo rm u la asso c iated w ith ensure d efin es th e p ro p e rtie s w h ich m u st be satisfied by th e values o f o u tp u t variables. T he preem ption flag if TRUE, j indicates th a t th e execution of this activity is p reem p tiv e; o th erw ise the112activity is non-preem ptive. The , containing d etailed behavior o f each atom ic activity, is th en rep re se n te d u sin g a p ro g ram d escrip tio n lan g u ag e (such as a subset of A da). T hat is, all of the in p u ts n eed not form | p a rt of the enabling function. The resulting sim plified A da PDL is lim ited to ; th e follow ing types of statem ents: assig n m en t, if, lo o p , case, n u ll, exit a n d! re tu rn .!1 In su m m a ry , th e p ro p o se d sp e cifica tio n m e th o d h as a 3 -p a rtco m p u tatio n al m odel. In th e follow ing three tables, each table sum m arizes h o w each p a rt of com putational m odel is supported.In T able 3-A, h o w th e re q u ire d p ro p e rtie s of d a ta m o d els are su p p o rted by using data graphs is described.Desired Properties in Data ModelsExpressiblePropertiesComposition• non-atomic data items are decomoosable.Conditional Sequences• supported by the 'selection', 'iteration', and 'data item' primitives.Parallel Sequences• supported by the 'concurrency', 'iteration', and'data item' primitives.Multiple Instances of The Same Type• supported by the 'replication', 'iteration', and 'data item' primitives.Timing Specification• predicates expressed by time instant variables.Table 3-A: support in specification of data modelsI113In Table 3-B, ho w the req u ired properties of control flow m odels are su p p o rted by using activity graphs is described.liesirea rro p eru es In Control Flow ModelsExpressiblePropertiesComposition• Supported by composite activities.Conditional Sequences• supported by the 'selection', 'iteration', 'activity' primitives.Parallel Sequences• supported by the'currency', 'iteration', and 'activity' primitives.Multiple Instances of The Same Type• supported by the 'replication', 'class object’, and 'iteration' primitives.Timing Specification• predicates expressed by time instant variables.Enabling and Exiting Criteria• supported by pre-condition & post-condition formulas.Table 3-B: supports in specification of control flow modelsTable 3-C show s ho w the req u ired properties of control flow m odels are su p p o rted by using the atom ic activity concept.Desirable Properties in Sequential program ModelsExpressiblePropertiesStimulus and Response Relationship• supported by pre-condition & post-condition formulas defined in Section 3.2.State Changes • supported by using ADA PDL and 'state variables'.Timing Specifications• timing constraints formulas defined in Section 3.2.Interconnections Between Programs♦ A unrestricted activity graph defines relationships between programs.Validation Joints and Criteria• supported by pre-condition & post-condition formulas defined i n Section 3.2.Table 3-C: supports in specification of sequential program models114T he sy stem s I co n sid er h e re are larg e scale system s, em p lo y in g m u ltip le h etero g en eo u s processors to achieve th e re q u ire d perform ance. F u rth e rm o re , in su ch system s, th e h ig h level (m acro) system fu n ctio n s Require m u ltip le resources and, at a single resource, th e w orkload can have a v ariety of tim in g p ro p erties w hich can n o t be re p re se n te d by a single m odel (i.e. a single type of activity). Therefore, designing schedulers for such a system involves in teg ratin g m acro- an d m icro-level w hich at th e m acro level involves scheduling of activities req u irin g m u ltip le resources a n d at the m icro level involves scheduling m u ltip le types of activities in a single iiresource. N o single scheduling policy can effectively m an ag e all types of | activ ities. To fin d a 'g o o d ' a lg o rith m fo r sc h e d u lin g c o m p u ta tio n a l activities to co n su m e reso u rces, o n e m u st be able to ch aracterize th e w orkload (i.e., h o w resource are consum ed b y these activities) im posed on each ty p e of resource. Then select a scheduling policy w hich can effectively satisfy the resource dem ands of com putational activities. In th e next section,I classify activities w ith the goal th at m ajor activity classes are of interest in eng in eerin g sem i-h ard real-tim e control system s. Each class characterizes the tim ing p ro p erties w hich in tu rn define th e scheduling problem of each class of activities.1153 .3 . TIM IN G ANALYSIS APPRO A CH ESO ften, th e arriv al tim es are n o t tak en in to acco u n t in specifyingi; sc h ed u lin g p ro b lem s. H o w ev er, th e a rriv a l tim e d e te rm in e s w h e n th e param eters of an activity instance becom e know n to a scheduler an d hence ' th e am ount of advance notice in w hich to plan. It is easy to see th at this cantj be an im p o rtan t aspect of the scheduling problem .iThe tim ing and resource specification of an activity is defined as a set of 'c o n stra in ts’ o n th e tim e in sta n ts for each a ctiv ity in stan ce. T hese co n strain ts affect th e p o ssib le legal 'schedules' g e n e ra te d by a specified scheduling policy. For exam ple, as show n below , b y specifying constraints ! o n th e re la tio n sh ip s b e tw e e n th e (j-l)th ex ecu tio n of Ai a n d th e jth execution, I can define th e tw o classical types of activities, nam ely, 'periodic' J a n d 'sporadic' activities .It is com m on to th in k of activities as being executed sporadically o r i perio d ically . T he classic n o tio n of a p erio d ic activ ity is th a t successive instances are reg u larly spaced. A t th e other extrem e, instances of sporadic activities are relatively u n c o n strain ed 6. These classic notions involve quite sim p le co n strain ts o n th e tim in g in stan ts w hich w ill be d efin ed shortly. T here are, how ever, m any possible variations b etw een these tw o extrem es. For exam ple, frequently, th e p erio d icity of a p erio d ic activity can change6For example, [Mok83] only restrict the interval between successive arrivals to be no less 'x' units of time.116w h e n the system changes its m o d e 7. T here are relatively few m odes an d m o d e changes are relatively slow , co m p ared to the p erio d of each m ode. H ow ever, if th e m ode can change frequently or an arbitrarily large nu m b er of m o d es can b e in te rle a v ed , th e re is an im m en se v a rie ty of p o ssib lei•execution seq u en ces. In th is case, it is n o t p rac tic al to u se ju st som eIm o d era te n u m b er of m odes to classify all situations. T herefore, u sin g th e ; classic n otion - th a t arrivals of successive activity instances to be sch ed u led iI ,;are predictable an d the interval betw een successive instances is a constant - jI tcan n o t com pletely m odel th e state change b eh av io r of activities. As a J so lu tio n , I su g g est one generalizes th e n o tio n of p erio d ic by relaxing th e constraints of constant intervals as described below .3 .3 .1 . A CTIV ITY TAXONOM YI classify activities based on a taxonom y of constraints o n th e a rriv a l itim es of an activity's in stan ces. A lth o u g h m an y v ariatio n s of co n strain tsjm ay be im p o sed on tim e in sta n ts a n d , th u s, form d iffe re n t ty p es of j activities, the goal of o u r classification is to identify m ajor activity classes j w h ich are of in te rest in en g in eerin g sem i-hard real-tim e control system s. 1 M y choice is b ased o n an extensive stu d y of sensor b ased, sem i-h ard realtim e system s for avionics applications. A d etailed application exam ple is described in Section 3.4 to justify th e tax o n o m y p resen ted here. T ypes of activities are rep re se n te d as n odes in th e taxonom y in F igure 3-12. The7 A m ode represents a system state in which a set of com putational activities cooperatively executed to achieve a specific system objective.117d e fin itio n of each n o d e in th e tax o n o m y w ill b e fo rm a lly d e fin e d afterw ards. The figure is m ean t for reference as th e definitions are given to aid in keeping track of the context of each definition.Figure 3-12: an activity taxonomy via classification of constraints on arrival times jAs show n in Figure 3-12, activities are d iv id ed into tw o m ajor classes: |'N o n -R ep etitiv e S poradic' a n d 'repetitive'. T he 'N o n -R ep etitiv e S poradic' j activities are expected to execute once - this co rresp o n d s to one notion of ! sporadic activity [Cheng& Stankovic88]. A n activity is specified as repetitive by en clo sin g a n ite ra te r co n stru ct in its activity graph. By characterizing the rep etitio n p ro p erties, 'repetitive' activities can be fu rth e r d iv id e d in to -tw o classes: (1) those for w hich each instance's arrival tim e is u n p red ictab le and (2) those for w h ich each in stan ce's arriv al tim e is p red ictab le. A lth o u g h sp o rad ic activities can be 'rep etitiv e w ith u n p red ictab le arrival tim es', in th e classical n o tio n [M ok83], a sim ple co n strain t m ay be im p o sed on theactivityNon-RepetitiveSporadicrepetitiveAdaptive Sporadic Generalpredictable unpredictablearrivalPeriodic TimingSporadic Spaced SporadicNRVPcd RYPcd NRCP^ RCP^ N R V P j RVPsd N R C P^ R C P ^118low er b o u n d of arrival intervals. In the follow ing, each activity class in the activ ity tax o n o m y is d e fin e d fo rm ally in term s of th e sch ed u le tim e in stan ts. A lso, successive definitions, co rresp o n d in g to n o d es 'd eep er' in| th e taxonom y, are m ore constrained th an their p a re n t class.iD efin itio n 5: A n activity w hich is expected to occur once an d n o constraints a re d efin ed on th e arriv al tim e is term ed a N o n - R e p e t i t i v e S p o r a d ic j activity.i!D efin itio n 6: A n activity w hich is expected to execute u n b o u n d ed n u m b er of tim es is term ed a re p e titiv e activity.D e fin itio n 7: A repetitive activity for w hich a constraint on th e arrival tim e of th e jth ex ecu tio n is d efin ed in tu rn s of tim e in sta n ts of th e (j-l)th execution instance is term ed a p re d ic ta b le a r riv a l activity. O th erw ise it is term ed a n on -predictable a rriva l activity.D efin itio n 8: '(1) A s p a c e d s p o r a d ic activity is a n o n -p red ictab le arriv al rep etitiv e J activity Aj w hich has a constant m inim um interval m such th at [aij" a^j-D * m Vj > 0.(2) A S p o r a d ic activity is a non-predictable arrival rep etitiv e activity Aj w hich has arrival intervals in a range of values o r are stochastically d istrib u ted values.D efin itio n 9:it(1) A g e n e r a l p e r io d ic activity is a predictable arrivals a ctiv ity Aj | w hich is constrained by aij = cdi(j-i) Vj > 0 or a^ = sdi(j-i) Vj > 0.(2) A G P cd activity is an activity Aj w hich is constrained byaij = cdi(j-i),efij = cdij - aij Vj > 0.119(3) A GPsd activity is an activity A i w hich is constrained by aij = sdi(j-i), efij = sdij - a^ Vj > 0.In th e follow ing, I u se 'v ariab le' generally to rep re se n t values w hich are ! 'u n k n o w n ' or 'restricted to a range of values'.D efin itio n 10:(1) A constant period GPC d activity, i.e., 'CPcd' activity, is a GPcd activ ity w hich has a constant period p such th ataij - ai(j_i) = p Vj > 0.O therw ise, it is a variable period GPcd activity, i.e., /VPC < J ' activity.(2) A constant period GPsd activity, i.e., 'CPsd' activity, is a GPsd activity w hich has a constant period p such th ataij - ai(j_i) = p Vj > 0.O therw ise, it is a variable period GPsd activity, i.e., 'VPsd' activity.Figure 3-13 depicts the relationships b etw een the tim ing attrib u tes for a CPcd activity.periodFigure 3-13: relationships of CPcd activities' timing attributes and state120Definition 11:(1) A restrictive VPC £ activity, i.e., a 'R V P cd' activity, is a /VPcd' activity w hich is further restricted by:i-ij = aij.O therw ise it is a unrestricted VPcd activity, i.e. a 'N R V P cd' activity.(2) A restrictive CPcd activity, i.e., a /R C P cd' activity is a 'C Pcd' activity w hich is further restricted by:rij = aii-O therw ise it is a unrestricted CPa$ activity, i.e. a 'N R C P cd' activity.(3) A restrictive VPSd activity, i.e., a 'R V P sd' activity is a 'V Psd' activity w hich is further restricted by:rij = aij.O therw ise it is a unrestricted VPSd activity, i.e. a 'N R V P sd' activity.(4) A restrictive CPsi activity, i.e., a 'R C P sd' activity is a 'C Psd' activity w hich is fu rth er restricted by:rij = aij.O therw ise it is a unrestricted CPg^ activity, i.e. a 'N R C P sd' activity.period ^ ^_________ period------------- i ------------------------ ► - c ----------- ------------- -------------\7 7rn T \ 777\ V71s i(j-l) f c i(H> / V ' ipreem pted preempted3i(j-l) ~ T i(j-l) ~ ^10-2)%/ a i i - r ii~ A/a iij » )Figure 3-14: relationships of RCPcd activities' timing attributes and state121N ote th at th e RV Psd an d RV Pcd activities co rresp o n d to th e n o tio n of 'p e rio d ic ta s k s ' w ith m o d e ch an g es w h ile R C P sd a n d R C Pcd a ctiv itie s co rresp o n d to th e classic n o tio n o f 'p e rio d ic ta sk s'. Figure 3-14 depicts the relationships of these tim ing attributes for RCPcd activities.F ro m th e d e fin itio n s, th e jth arriv a l tim e of a ’G en eral P erio d ic’ activity d e p en d s m ainly o n the intrinsic p ro p erties of th e activity ra th e r th a n h o w its (j-l)th in stan ce w as executed o r sc h ed u led . But, as w ill be d efin ed im m ed iately below , for an ’ A d a p tiv e T im in g ’ activ ity th e jth a rriv a l tim e d e p e n d s o n th e (j-l)th ex ecu tio n in stan c e of th is activity. F u rth e rm o re , the rea d y d istan ce an d th e u tilizatio n fram e of a ’general p erio d ic’ activity are predictable, b u t for an ’A daptive T im ing’ activity the jth arrival tim e d ep en d s on its (j-l)th execution instance.D e fin itio n 12: A n A daptive Tim ing activity is an activ ity A i w h ich is restricted by:a ij = ci(j-l) or aij = si(j-l) V1 > °/ efjj are dynam ically determ ined.D efin itio n 13:(1) A n 'A T C ' activity is an 'a d ap tiv e tim ing' activity w hich is fu rth er restricted by:efjj = cdjj - ajj.(2) A n 'A T S ' activity is an 'ad ap tiv e tim ing' activity w hich is further restricted by:efij = sdfj - ajj.122The relationships of tim ing attributes of an ATC ad ap tiv e activity are illu strated in Figure 3-15, th at of an ATS ad ap tiv e activity are illu strated in Figure 3-16.iC j-l)sw.i(j-l)i(j-l) i(j-l) i(j-l) i(j-l) i(j-l) i(j-l)cd.a.. C;;1 execution in this intervalFigure 3-15: relationships of AT£ activities’ timing attributes and stater 4 (j-i) <— >e f i(H> JS W . i(j-l)-------------- 1 -----------------<--------■ ------>-------- 1 -----------ai(j-l) ri(j-l) S i(j-1) Sdi(j-1) ci(j-l) C di(j-1)rdjj* * 'We f ij Jsw ijI 1\ rij s i4 - “1 execution in th is interval Figure 3-16: relationships of ATg activities' timing attributes and state123If an activity has a constant execution tim e an d th e execution of the activity is n o n -p reem p tiv e, th en th e ATC an d ATS types of activities areidentical.R eader can observe in Figure 3-13 to 3-16 th at activity A4 executes exactly once in th e interval (r^ - a^j.-j)) for every tw o successive iterations (j- 1) a n d j. U sin g th is fact, in th e fo llo w in g , I first define th e n o tio n of u tiliz a tio n factor. By u sin g this n o tio n , I sh o w th e effect of m o d e lin g j ad ap tiv e tim ing activities by periodic activities. T hen, I show h o w one can ! ! tu n e scheduling param eters of an activity such th a t th e am o u n t of resource usage is u n d e r a given bound. iD e fin itio n 14: Let T = {Tj I Tj = (aj, Ty sdj, cdj, e^, Sj, Cj), j > 0} be a set of tim e j instants tu p les of activity Ai. Each tim e instants tu p le represents the tim in g j characteristics in th e jth iteration of of activity Ai.Let Uj be the utilization factor of activity Aj in the jth iteration, th en je . Iu = 7 ------ (3-E6) jJ 0 + D J . 1L et u be the total utilization of Aj and n b e the n u m b er of execution iterations of A i , thennu = ^ «• (3-E7)7 = 1 11243.3.2. EFFECT OF MODELING ADAPTIVE TIMING ACTIVITIES BY PERIODIC ACTIVITIESij A n atu ral question is w h y it is necessary to in tro d u ce the concept ofi'a d ap tiv e tim ing' activities rath e r th a n sim ply u se p erio d ic activities. As w ill be show n in th e follow ing analysis, to use a periodic activity to m odelan ad ap tiv e tim ing activity w ill increase, even double, th e utilization factoriof an activity an d significantly degrade system perform ance.S u p p o se th a t an activ ity n e ed s 2 u n its ex ecu tio n tim e a n d tw o successive execution instances of th e activity m u st n o t exceed 8 tim e units. The d iag ram im m ed iately below depicts an acceptable schedule for this activity.W e can m odel this activity as an ATS activity w ith the execution tim e e = 2, the read y distance r = 2, the scheduling w in d o w = 6, the utilization fram e ef = 8. W ith this definition, in a feasible schedule w hich includes this activity, th e tim e in terv al b etw een tw o successive execution instances w ill n o t exceed 8 tim e units. If th is activity started at th e scheduling d ead line, th en th e u tilizatio n factor u has the sm allest value; if th e next iteration of 1 his activity sta rts rig h t at the com pletion, th e u tiliz a tio n factor has the argest value. H ence,O ne m ig h t try to m o d el this activity as a R C Pcd activity (i.e. the classical periodic activity) w hich has a period p = 8, an d an utilization factor = 0.25. The d iag ram im m ed iately below illustrates a feasible schedule for this periodic activity. 8 ------------------------ 8 --------------------- 8 H1 " I 1 I —r— i— i—i—i— 1 1 1 —i—i —i—i—i—i—i—i—i —i—i—j— t ~ 1 —i0 5 1015 20 25T herefore, m o d eled as a RCPcd activity, th e tim e in te rv al b etw eentw o successive execution instances could have a m axim um tim e interval of j|16 tim e u n its. This clearly violates the requirem ents of tim e constraints. jiIn o rd e r to m o d el this activity as a RCPcd activity a n d g u a ra n tee i m eeting tim e constraints, the p erio d m u st be decreased. L et p ' be th e new 1 p erio d , and j( P+ e) !f = t — .Then for this exam ple, p' m u st be less than or equal to 5, i.e. 2 < p ’< 5. T herefore, 1 > u > 0.4. A feasible schedule, e.g. th e o n e illu strated in the d ia g ra m b elo w , can n o t h a v e a tim e in te rv a l b e tw e e n tw o successive execution instances exceeding 8 tim e units.I510 15 20 25126D ecreasing the periodicity of a RCPcd activity can m ake it satisfy the req u ired tim e constraint, b u t th e new utilization factor can be double, i.e.e 2ew =(P+ e)\ (p + e)( ^ )u' 2 pu p + eW hen p » e, then — « 2 r uT herefore, to force an a d ap tiv e tim in g activity in to a RCPcd m odel, can resu lt in excessive resource utilization. This m ay resu lt in a non-feasible schedule particularly w hen the total w orkload is high.1273.3.3. TUNING SCHEDULING PARAMETERSO bserving eq u atio n 3-E6, for a given execution tim e, th e u tilizatio n factor decreases as th e interval b etw een th e arriv al tim e to th e next rea d y [tim e increases. This w ill resu lt in a sm aller scheduling w in d o w in th e next i iteration. O n th e o th er h a n d , if th e sm aller scheduling w in d o w is in each ite ra tio n , i.e. th e in te rv al b e tw ee n th e re a d y tim e a n d th e sc h e d u lin g d eadline, m eans less o p p o rtu n ity for a rea d y activity to be sch ed u led a n d ; gives th e scheduler less flexibility. O ne m ight conclude th at the rea d y tim e | sh o u ld be set eq u al to th e a rriv a l tim e, i.e. rd = 0, w h ich g iv es th e j scheduling w in d o w the largest possible length. W ith rd = 0, th ere are tw o | draw backs: (i) this activity can dom inate th e u se of a resource an d (ii) th e |sch ed u lin g o v erh ead m ay be h ig h er since th e n u m b er of rea d y activities jith a t are exam ined in a scheduling decision increases in p ro p o rtio n to th e I size of th e scheduling w indow . As stated earlier, utilization of a resource m ay be constrained to a specified bound. In the follow ing, I w ill derive a set of c o n strain ts for th e re a d y tim e b ased o n th e fact th a t (i) exactly one execution is allow ed b etw een th e arrival tim e a n d th e next read y tim e, (ii) j th e re a d y tim e of th e jth iteratio n is th e first sta rta b le tim e, (iii) th e j4* 1 jiteratio n m u st start by th e scheduling deadline, (iv) th e u tilizatio n factor in !teach iteration cannot exceed a specified b o u n d b . jW ith g iv en sc h ed u lin g p a ra m e te rs (sw j, rdj, efj, e ^ a n d reso u rce u tilizatio n b o u n d b (i,e., Uj < b < 1) of activity Aj, at the jth iteration, a tim e in stan ts tu p le (ajj, r^, sdjj, cdjj, e^, s^ , c^) exists an d satisfies th e follow ing equation derived from 3-E6.128T herefore,(3-E8)T herefore, for an activity w hich is req u ired to use less th an or equal jth a t rj(j+i) ^ sd i(j+1) m u st hold according to equation (3-El).3 .3 .4 . EXAM PLES O F USING TH E PRO PO SED T IM IN G ANALYSIS A PPR O A C HIIn th e follow ing exam ples, th e w o rk lo ad of a system can h av e a (activity. T he tw o exam ples illu stra te ho w to describe th e v ariatio n s ofItim in g c o n strain ts of activities for th e sensor reso u rce in an ad v an c ed j sen so r system an d h o w th e tim in g constraints of these activities can be | rep resen ted .iE xam ple 1: critical adaptive activities w ith rigid tim in g constraints.W eapon su p p o rt activities are an exam ple of this ty p e of activity. To su p p o rt an 'X' ty p e of m issile, a ra d a r system m u st p e rfo rm a sensing activ ity (e.g. se n d in g a m issile m essag e a n d th e n illu m in a tin g targ ets) successively, a n d th e tim e in te rv al b etw een th e sta rtin g p o in ts of tw o successive sensing activities m u st be w ith in a in te rv al of [6.. 10] u n its of tim e. In a d d itio n , th is ty p e of sen sin g activities is c o n sid ere d th e m ost critical activity. H o w ev er, w h e n m u ltip le m issile s u p p o rt activities areto 'b %' of a resource, its read y tim e m odified according equation 3-E8. N otev ariety of tim ing properties w hich cannot be rep resen ted by a single type of129requested, th e im portance level of each activity is defined by the im portance level of th e targ e ts to be illu m in ated . F igure 3-17 illu stra te s th e tim e in stan ts for this exam ple "m issile su p p o rt" activities.\p = 0 - i.e. this activity is non-preemptive level = 1 - i.e. this activity is most critical.! V j ,j > lar s< h>rd , = r)-aJ = 6swj = sdj - r 4ef p cd. - r .= 1 2e .= 6 J 1 ---- 1 ----- 1 ----- 1 ----- 1 ----- 1 ----- 1 I 1 ----- 1 ----- 1 ----- 1 -----1 -----t t+2 t+4 t+6 t+8 t+10 t+12 t+14 t+16 t+18 t+20 t+22 t+24 t+26a (j-D r (j-D S C(j-D 0(1 (j-1)I -------1 — M-----1 I - ;ai rj si ci aii jFigure 3-17: scheduling parameters specification of an example strict ATs activity E x am p le 2: a d a p tiv e ac tiv ities w ith so ft tim in g c o n stra in ts.T he h ig h level objectives of th is class o f activities are to m ain tain a m in im u m o verall system perform ance w ith in a specified tim e interval. A n ex am p le is an 'alert search’ activity in w h ich th e h ig h level objective is jspecified in term s of R9Q for a specified 'search' fram e from w hich efgp, the |!m ax im u m a llo w a b le e la p se d tim e b e tw e e n tw o su ccessiv e c o m p lete : scanning of a search fram e, can be com puted. j130a search frame- a SF activitySDkSBlSB2f:SB4 SB3Figure 3-18: a ’search alert ’activity repetitively scans a search frameFigure 3-18 depicts th a t a search activity rep etitiv ely scans a search frame, i.e., perform s Search Fram e (SF) activity. Each SF activity consists of 4 Search Bar (SB) activity. Each SB activity consists of 5 Search D w ell (SD) activity. T he d e co m p o sitio n is b a sed on th e k n o w le d g e of th e sen so rjcapabilities, the n u m b er of integral segm ents (i.e., search bars), n SB, an d the jn u m b er of atom ic sensing activities (i.e., search dw ell activities), n BD, in ;ieach search fram e can also be estim ated. Therefore, eBD, the p erio d betw een j each scan, can be also be com puted. In Figure 3 -1 8 ,1 assum e nSB = 4 and n SD = 20.131level = 15 - i.e. this activity's importance level is less than the 'track update’ activities.A search fram e (SF) activity is decom posed into 4 search b a r (SB) activities.A SB activity is decom posed into a sequence of search dw ell (SD) activities.[Max#SF, Current#SF] SearchAlerte f c F< Maximum ^ Revisit Time SDRequestsSearchAlertScheduler(Coordinator)SFcontrol"com m a:(a) (b)SBkSDmSBlSD(m+l)SB2SB3SD(m+3)S B lSD(m+4)(c) (d)Figure 3-19: the control flo w m odel o f a search activityF ig u re 3-19(a) specifies th a t th e sy stem u n d e r c o n sid e ra tio n is req u ire d to h an d le a set of co ncurrent Search Alert A ctivities. T he system m u st be able to h an d le u p to M ax#SF concurrent Search A lert A ctivities. A Scheduler keeps tracks of th e n u m b er of enabled Search Alert A ctivities in state variable CurrentttSF. Scheduler is also responsible for coordinating the132execution of all Search Alert activities. SD Requests (i.e., the SD activities to g eth er w ith th eir sch ed u lin g p a ra m eters) are se n t to Scheduler . The jIsch ed u ler w ill select th e h ig h est sch ed u lin g p rio rity w hich is c o m p u ted Ii•from th e sch ed u lin g policies (such as those to be discussed in C h a p te r 5). !IiiThen, an a ctiv a tio n co n tro l c o m m an d w ill b e se n t to th e selected SDitj activity. Figure 3-19(b) specifies th at each Search Alert activity rep etitiv ely p e rfo rm s an SF , i.e., Search Fram e. T he tim e in terv al b etw een each iteratio n can n o t exceed th e Maximum Revisit Time w hich is d eriv ed from th e com putational accuracy specified in the system requirem ents. Figure 3- 19(c) specifies th a t each SF activity consists of a sequence of Search Bar (SB) activities: SB l, SB2, SB3, and SB4. For 2 < k < 4, each SBk activity cannot start until SD (k-l) activity com pletes. Figure 3-19(d) specified th at each SBkI{activity consists of a coherent sequence of Search Dwell (SD) activities. The rela tio n sh ip b etw een th e m th SD and th e kth SB in a search fram e is m = 5*(k-l) +1. A lso SDm is a non-preem ptive atom ic activity for 1 < m < 20.Based on F igure 3-19(b), an SF activity is an ATc activity since its arriv al tim e (i.e., th e tim e at w h ich all th e sc h ed u lin g p a ra m e te rs are kn o w n to the scheduler) of th e jth iteration is th e com pletion tim e of th e (j- 1 l ) th iteratio n , i.e., aSF j = CgF ( j - 1 ) V > 3 > L A lso, th e read y tim e of each | instance is th e tim e at w hich the activity arrives, i.e., r SF j = aSF^ j V j, j > 1. J In every iteration, the arrival tim e of the first search b ar ( i.e., SBl) an d the first search dw ell activity ( i.e., SD1) is equal to th a t of th e search fram e, i.e., aSF,j = aSBi,j = aSDi,j 1 - 1- The com pletion deadline of th e last search bar(i.e., SB4) an d th e last search dw ell (i.e., SD20) is equal to th at of th e search fram e, i.e., cdSF^ = cdSB4 j = cdSD20 j V j, j > 1. This pro p erty also holds for the133c o m p l e t i o n t i m e , i . e . , c S F j = c SB4 j = c S D 2 0 / j V j, j > 1 . E a c h s e a r c h b a r i s a n A T Cactiv ity since aSBk^ > cSBkj Vj, j > 1 an d 1 < k < 4. Sim ilarly, each search dw ell activity is also an ATC activity. Figure 3-20 depicts th e w orkload m odel d eriv ed from the tim ing constraints specifications associated w ith the search fram e (SF) activity, the search bar activities (i.e., SBl, SB2, SB3, an d SB3), and jthe search dw ell activities (i.e., SD1-SD20).a SB4, jFigure 3-20: the w orkload m odel transformed from the activity graph specified in Figure 3-19V j > 1,1 < k < 4,1 < m < 20, m = 5*(k-l) +1 rS F ,f 3 SF, j = a SBl, j = a SDl, j r SBkTJ a SBk, j rSDm,j~ a SDm,j SBk, j SDm, j CdSF, f c d SB4, j = c d SD20, j CSF,T C SB4, j = C SD20,j aSDm, jC SD(m-l), j^F,j C SF,(j-l)1 :dSBl, jcdSB4,jaSBl,j CgBl jc d SB2, jaSB2, j SBl, icdSB3, ja.SB3, jcSBl, j134In th e a p p lica tio n u n d e r co n sid era tio n s, th e effective u se of th e jsensor has a m ajor im pact on th e o verall system perform ance. O ne of theijm ain o b jectiv es is to fin d a 'g o o d ' a lg o rith m fo r sc h e d u lin g se n so r |activities. M ost sensor activities fall into the ATC ty p e of n o n -p reem p tiv eactivity since (i) th e execution tim e of sensor activities is state d e p e n d e n t (i.e. b ased o n th e o w n sh ip m otion an d th e estim ated targ e t state) a n d is u su ally d eterm in ed a t th e latest possible m o m en t b ased on th e m o st u p-to- jdate in fo rm atio n available, (ii) th ey are n o n -p reem p tiv e activities, an d (iii)I th e sensor u tiliza tio n is subject to an u p p e r b o u n d w hich is d y n am ically d eterm in ed b ased on the high level system objectives. The m ain objective of d esig n a so ftw are arch itectu re for ad v an ced sensor system s is to fin d 'g o o d ' sen so r m an ag em en t ap p ro ach es w h ich in tu rn s are to find 'g o o d ' jialgorithm s for sch ed u lin g the n o n -p reem p tiv e ATC ty p e of activities. In th e j follow ing, I w ill define a design m eth o d o lo g y w hich allow s d ev elo p ers to ad eq u ately allocate th e com putational activities in a requirem ents m o d el totth e ru n-tim e entities in a design m odel such th a t a d irect m ap p in g relation exists b e tw e e n req u ire m e n ts a n d d esig n . T his m eth o d o lo g y also a llo w designers to validate their design iteratively at different levels.4. A D ESIG N M ETHOD OLO GY FOR REAL-TIME SOFTWAREj The design m ethodology p resen ted in this chapter treats a softw are| a rc h itectu re as a set of ru n -tim e entities, in clu d in g tasks a n d ex tern al| | in p u t/o u tp u t elem ents, w hich interact either via m essages or sh ared d ata jIi structures. A task is a p ro g ram u n it th a t m ay be executed concurrently w ith i o th er tasks. A task has a single th re a d of execution a n d is a com putationI .; u n it schedulable b y th e o p eratin g system . E xternal input elements p r o d u c e !1 iI !i in p u t req u ests w h ich in tu rn trig g er a set of low level activities to be j ! ex ecu ted by tasks. E xternal output elements co n su m e resu lts w hich are jIproduced by tasks. J\ifSpecification m eth o d s for describing th e d y n am ic stru c tu re of t h e ! ru n -tim e entities, th e sy n ch ro n izatio n a n d co m m unication b etw een these j entity, and resource consum ption an d p ro d u ctio n p ro p erties (w hich in c lu d e ! tim ing and sizing) are defined. The specification m ethods allow designers to jfe x p ress th e ir d e sig n of a so ftw a re a rc h ite c tu re at m u ltip le levels o f . a b stra c tio n s d ep en d in g on th e ty p e of analysis is em p h asized in a specific jidesig n p h ase of th e softw are d ev elo p m en t process. In a d d itio n , softw are ! a rc h ite c tu re sp e c ifie d in th e sim u la tio n a n d p e rfo rm a n c e a n a ly s is ! en v iro n m en t has a direct m ap p in g to the entities in th e actual code. H ence, i m o d ificatio n s to a so ftw are arch itectu re b ased o n conclusions from th e sim ulation a n d /o r perform ance evaluation can be easily in co rp o rated into th e actual code. Finally, th e sem antics of the re p re se n ta tio n s are d e fin e d . T he form al sem an tics fo rm th e b asis o n w h ic h to c o n stru c t tools for feasibility analysis of a design u n d e r a specific o p erational env iro n m en t or136code generation of resource m anagem ent softw are. These can be au to m ated via application of the rules to in terp ret design specifications.| A n atu ral question is w h y it is necessary to introduce softw are design| m eth o d s ra th e r th an a sim ple, direct m a p p in g approach, i.e., associating atask w ith each th re a d of activities u sin g th e sam e resource. T w o keyi! problem s h in d e r this approach.i• D irect m ap p in g can p ro d u ce an excess n u m b er of tasks.| T he h a rd w are a n d /o r the o p eratin g system s used b y sem i-h ard1 re a l-tim e sy ste m s g e n e ra lly h a v e a lim it o n th e m ax im u mn u m b e r of softw are tasks. T herefore, system atic stra te g ie s for c lassify in g activ ities in to g ro u p s a n d m a p p in g g ro u p s in to softw are tasks are required.• D irect m ap p in g does n o t p ro d u ce necessary tasks to h an d le d ata integrity an d d ata transform ation problem s.D ata can be accessed by co ncurrent th read s of activities. A d ata m an a g er m u st be created to co n tro l access to sh a re d d a ta b y 1concurrent activities such th at th e integrity an d consistency of the !d a ta can be m aintained. In addition, a specific d ata item can have tw o d ata m odels— one from the p ro d u ce r view an d the o th er from th e consum er view . A d ata tran sd u cer m u st be created to receive d a ta according to th e p ro p erties specified in th e p ro d u c e r d a ta m o d el an d , then, tran sfo rm th e d a ta in to th e d esired p ro p erties specified in th e consum er d ata m odel.A softw are architecture is specified in three parts: the d a ta m odel, the control flow m odel, an d the sequential p ro g ram m odel. The data m odel is expressed w ith a restricted d ata g ra p h . The control flo w model is expressed w ith a task g rap h in w hich each vertex rep resen ts a ru n-tim e entity, i.e., atask or an in p u t/o u tp u t d ata elem ent, a n d each arc rep resen ts th e d ata13 Z Jp ro d u c tio n /c o n su m p tio n relations b etw een tw o co m m u n icatin g entities. T he sequential program model is expressed w ith a restricted activity g rap h | w hich is a sub g rap h of an activity graph, i.e., the requirem ents specification, j G raphical n o tatio n s are u se d for rep re se n tin g (i) relatio n s b e tw ee n d a ta ! item s in a d a ta m odel, (ii) relations b etw een tw o com m unicating entities | an d the te m p o ra l/sp a tia l parallelism of in p u ts /o u tp u ts of each entity in aico n tro l flo w m o d el, a n d (iii) th e in te rn al c o m p u tatio n al stru c tu re of a i se q u en tial p ro g ra m m o d el (i.e., a task). T extual n o tatio n s a re u se d forI :specifying tim ing constraints, pre-conditions, an d post-conditions. ji1Section 4.1 show s how to take th e graphical notatio n s in tro d u ced in j Section 3.1 an d m o d ify /re stric t them so th a t task grap h s, restricted a c tiv ity , graphs, and restricted data graphs can be created. iIIn S ection 4.2, I d e fin e a lg o rith m s fo r c o n stru c tin g re s tric te d j activ ity / d a t a g ra p h s a n d p re se n t an a lg o rith m fo r d e riv in g m ax im al! restricted activity g rap h s from a given activity g rap h . I define th e tem plate for specifying a task and the textual notation for describing attributes (such as enabling p aram eters an d conditions, tim ing constraints specification) of a task. Then, I p resen t an algorithm for d eriving attrib u tes of a task from its associated restricted activity graph. Finally, I define the form al g rap h m odel for a task.In Section 4.3, I define a set of ru les for m a p p in g a req u irem en ts m odel to a softw are architecture. I th en define an alg o rith m for d eriving aitask g rap h from a given activity g rap h using these m ap p in g rules. |138W ith th e task g rap h , restricted activity a n d d a ta g rap h , th e resource m anager, and tim ing constraints specification, a com plete softw are design is 'produced.4 .1 . G RA PH IC A L PR IM ITIV ES FO R SPECIFY IN G DESIGNij The graphical notations p resen ted in this section are for specification'of restricted data graphs, restricted activity graphs, a n d task graphs. F igure 4-iI1 c o n ta in s th e g ra p h ic a l p rim itiv e s fo r sp e c ific a tio n o f re s tric te d ! d a ta /a c tiv ity graphs. These prim itives are a subset of th e n o tatio n u sed for 're q u ire m e n ts specification a n d sh o w n in F igure 3-1. T he X in d ic ate s aiin o tatio n th at is disallow ed. In each colum n, one prim itive is disallow ed.i------Sequence----- ► - Data FlowV j - p . merge j / — ' connector nr ~ X «P»*v— 'N* connector x njunction * 1 x I * connectorn nj | Activity( } Data Item© Iteration © Selectioni i i u T T H u li i|(1) node primitives (2) operator primitives (3) communication primitivesFigure 4-1: Graphical Notation for Restricted Activity/Data Graphs ,A s sta te d earlier, a task has a sin g le execution th re a d a t any tim e j instant. H ence, d ata item s w ill n o t be concurrently p ro d u ced b y a task. Based j on th e se a ssu m p tio n s, th e concurrent objects of the same class n o d e is ex clu d ed from th e node p rim itiv es in Figure 4-1(1), a n d th e concurrency ,Io p e ra to r is e x clu d ed fro m th e o p e ra to r p r im itiv e s in F ig u re 4-1(2). iIIl1 4 0 .Therefore, the a c tiv ity /d a ta graphs, constructed from prim itives in Figure 4- 1, w h ich are associated w ith a task, in a sense, is m ore r e s tric te d th en a c tiv ity /d a ta g ra p h s specified in req u ire m e n ts. H o w ev er, th e en fo rced re stric tio n s can p re v e n t o n e fro m o b v io u s m ista k es su c h as h a v in g i concurrent execution threads in a task an d hav in g concurrent consum ption | a n d /o r pro d u ctio n of d ata item s by a task. Since the restricted activity graphs are m eant for describing execution behavior of an im p le m e n ta tio n of a task, the exact interface betw een th e task's com ponent activities m u st be resolved1d u rin g d esign. T herefore, th e equivalent connector is ex clu d ed from th e j co m m u n ica tio n p rim itiv e s in Figure 4-1(3) to force th e definition of th e j exact interface betw een tasks so th at a com plete specification of a task can be !ien su red .ActivityConcurifent Objects o L thesame das©nxn.x , x.Data Flowmergeconnectorsplitconnectorjunctionconnectorrx x n ncorj Task\ Input/Output Data ElementMandatory Input Port\<Optional Input PortOutput Port(1) node primitives for (2) operator primitives (3) communication (4) node primtivesactivity/data graphs for activity/data promitives for task graphsgraphsFigure 4-2: Graphical Notations for Task Graphs141As show n in Figure 4-2, the notation in (1) an d (2) is replaced by the n o tatio n in (4). The n o tatio n in (3) is from F igure 3-1 an d th a t n o tatio n is retained except for th e equivalent connector. Therefore, for specification of a j d e s ig n , tw o se ts o f p rim itiv e s , th e 'n o d e ' p rim itiv e s a n d th e j 'com m unication' prim itives, can be used.O bserve th a t the node p rim itives in F igure 4-2(1) are only u sed for cre atin g re stric te d o r u n re stric te d a c tiv ity /d a ta g ra p h s. In th is d esig n m ethod , a run-tim e entity is a set of activities, com prising a single execution thread. This set of activities is encapsulated by th e task p rim itiv e in Figure 4-2(4), a n d th e in te rac tin g b eh av io rs of th e e n c a p su la te d activ ities are d efin e d u sin g th e rem a in in g p rim itiv es in F ig u re 4-2(4). T herefore, the p rim itiv e s in F ig u re 4-1(1) are co m p letely e lim in a te d from th e n o d e prim itives for creating task graphs.The operator p rim itives in Figure 4-2(2) are elim inated com pletely.!The rationale for doing so is as follows: j• D iffere n t ta sk s a re k n o w n to be c o n c u rre n t. T h erefo re, th e j concurrency o p e ra to r is e lim in ated to red u c e re d u n d a n c y a n d i com plexity in task graphs.I• T he d a ta co n su m p tio n an d p ro d u ctio n relatio n sh ip , re p re se n te d |Iby the data flow prim itive betw een tw o tasks is eq u iv alen t to their precedence (i.e., sequencing) relationship. T herefore, th e sequence operator is elim inated.• T im in g c o n stra in t sp e cifica tio n s can e x p re ss th e re p e titiv e beh av io r of tasks. Therefore, th e iteration operator is elim inated.142______ i• Pre-conditions, post-conditions, and p o rt connections of tasks can ex p ress th e m u tu a l exclusion of tasks. T herefore, th e selection operator is elim inated.The co m m u n ic a tio n p r im itiv e s in F ig u re 4-2(3) hav e th e sam e n o tatio n s in F igure 4-1(3). H ow ever, for each fan-in arc lab eled xi7 th ere jim u st be a task, n o t an activity, a t th e o p p o site en d of th e d a ta item x to Jt'w rite' or 'access' the com posite d ata item Xj. For each fan-out arc labeled x{,th ere m u st be a task, not an activity, at the opposite end of th e d ata item x to j 're a d ' or 'access' the com ponent d ata item Xj. !iiiThe node prim itives set in Figure 4-2(4) contains five elem ents: task, j input/output data element, mandatory input port, optional input port, an d i output port. A task rep resen ts a p ro g ram u n it w hich has a single execution !ith re a d an d consum es a b o u n d e d am o u n t of resources su ch as p rocessor J cycles an d m em ory capacities. U nlike data item s w hich are passive entities, jiin p u t/o u tp u t d ata elem ents are active entities w hich d o n o t consum e anyp ro cesso r resource. A n input data element only has a set of o u tp u t ports, jiEach in p u t data elem ent represents a source of instances of a specific set of J in p u t d ata item s. For exam ple, an antenna receiver can be rep resen ted b y an j in p u t d a ta elem ent. A n output data element only h as a set of in p u t ports, j Each o u tp u t d ata elem ent represents the repository of instances of a specific set of o u tp u t d ata item s. For exam ple, a d isp lay can b e rep re se n te d b y an o u tp u t d ata elem ent.143The mandatory input port an d optional input port define th e in p u t in te rfa c e s of a task to other tasks or d ata elem ents. A mandatory input port represents a logical location at w hich m an d ato ry in p u ts for enabling th e task attached b y the in p u t p o rt arrive. A n optional input port rep resen ts a logical lo catio n a t w h ich o p tio n a l in p u ts o f th e task arriv e . A n output port rep resen ts a logical location at w hich o u tp u ts are to be deliv ered w h en the specified conditions are m et.AG12A2 A1A ll A21A22 A12A13A14Casel: (1) A11->A12->A13; (2) A21->A22Case2: (1) A11-»A12->A14; (2) A22->A22 Figure 4-3: Two Possible Cases of Concurrent Threads144C onsider Figure 4-3 in w hich there are tw o possible com binations of co n cu rren t th re a d s of activities. In th e first case, one th re a d consists of A 1 1 ^ A 1 2 — »A13, i.e., A l l follow ed b y A12 a n d A12 follow ed by A13. The other consists of A21 — » A22, i.e., A21 follow ed b y A22. In th e second case, one th read consists of A 11-*A 12— »A14, and the o th er consists of A21-»A22. The distin ctio n is th at, in th e th rea d containing 3 activities, one case contains ! A13 and the o th er case contains A14.ii| T here are five w ays to g roup A ll, A12, A13, an d A14. M ethod 1 is toform fo u r p rim itiv e activity g rap h s, i.e., (A ll), (A12), (A13), a n d (A14). M eth o d 2 is to form one chain (A 11-*A 12) a n d tw o p rim itiv e activ ity g ra p h s— (A13) m u tu a lly exclusive w ith (A14). M eth o d 3 is to form tw o prim itive activity g rap h s— (A ll) follow ed by A(12) an d one activity subgraph (A 130A 14) w here A13 is m u tually exclusive w ith A14. M ethod 4 is to form o n e chain (A 11-»A 12) an d one activ ity su b g ra p h (A 130A 14). F inally, m eth o d 5 is to form a chain ( A ll— »A12-»(A 13© A 14)) in w hich a m u tu ally exclusive activity su b g rap h (A 130A 14) is em beded. Sim ilarly, there are tw o w ays to g ro u p A21 an d A22. M ethod 1 is to form tw o p rim itiv e activity graphs, i.e., (A21) an d (A22); m ethod 2 is to form one chain (A21— »A22).W hen o n e's d esig n objective is to m in im ize o v e rh e ad s fro m task context sw itch, then, th e objective for m ap p in g an activity g ra p h to a task g ra p h w o u ld be to m inim ize th e n u m b er of task s. T herefore th e n otion of m axim al restricted activity grap h is needed to define the criteria for deriving a task g ra p h fro m a g iv en activ ity g rap h . C o n sid e r th e activity g ra p h145d ep icted in F igure 4-3. W ith this activity g rap h , restricted activity g rap h (A 11-A 12-((A 13® A14)) a n d restricted activity g ra p h (A21-A22) are tw o m axim al restric te d activ ity g rap h . T he th ird m axim al re stric te d activity I g ra p h can be d eriv ed by rep lacin g th e startin g concurrency n o d e w ith a i 'fork' activ ity a n d rep lacin g th e e n d in g co n cu rren cy n o d e w ith a 'join'I[activity. T he 'fork' activity an d th e 'join' activity are co n n ected w ith aij sequence node p rim itiv e. T he d e ta ile d alg o rith m fo r d e riv in g a set of ; m axim al restricted activity g raphs from a given activity g rap h is described iniSection 2.iiIn F igure 4-4, activity g ra p h AG12 has tw o co n cu rren t com posite activities (A l, A2), re p re se n te d by a chain of tw o atom ic activities. The 1associated activity g rap h of activity A l is a restricted activity g ra p h since jIn e ith e r th e concurrent objects of the same class n o d e p rim itiv e n o r th e | co n cu rren cy o p e ra to r p rim itiv e is u se d in th e g ra p h . S im ilarly , th e !itassociated activity graph of activity A2 is also a restricted activity graph.AG12A2A ll A21A22 A12Threadl: A11-»A12; Thread2: A21->A22Figure 4-4: Two Concurrent Threads of Activity ChainsG iven a set of co ncurrent m axim al restricted activity g ra p h s of an activity g ra p h AG, one can use a task m a p p in g ru le th a t each m axim al jirestricted activity g rap h is m ap p ed to a task. T hus, the n u m b er of tasks in ! the d eriv ed task g rap h is equal to or g reater th an the n u m b er of m axim al j restricted activity graphs in AG. The reason for th e existence of the ’ g reater |th a n ' re la tio n is th a t a d d itio n a l task s m ay b e c re a te d for d a ta b a s e ;im anagem ent, d ata transform ation, etc. By using th e above rule, task g rap h j TG12, depicted in Figure 4-5, consists of tw o tasks, each co rresponding to a j m axim al restricted activity g rap h in Figure 4-4. j‘ TG12Dc * > - h > < 3 H * J > < 4 — < jDC c ^ > ~ 4 > 7 1 < f | D 1 2Figure 4-5: A Task Graph Derived From Mapping Each Thread of Activities Into a Task147A n i n p u t/o u tp u t m a p p in g ru le for p reserv a tio n of th e in p u t an d o u tp u t req u ire m e n ts states th a t in p u ts to a n d o u tp u ts from a m axim al restricted activity g rap h s are in h erited b y th e associated task. The re a d e r sh o u ld observe th a t there are tw o in p u t d a ta item s, i.e., A an d C a n d tw oIi o u tp u t d a ta item s, i.e., E a n d F. T1 consum es b o th in p u t d ata, a n d T2 p roduces b o th o u tp u t data. A is read in via T l’ s first port, a m andatory in p u t p o rt; B is re a d in via T l's second p o rt, also a m a n d a to ry in p u t p o rt.ij S im ilarly, E is w ritten o u t via T2's th ird port, an o u tp u t port; F is w ritten o u t via T2’s fourth port, also an o u tp u t port. Please n ote th at the in p u t A toJth e first p o rt of T1 corresponds to th e in p u t to th e atom ic activity A l l in Figure 4-4. The in p u t C to T l’s second p o rt co rresp o n d to th e in p u t to the atom ic activity A12 in Figure 4-4. A sim ilar correspondence also ho ld s for E an d F. The n o tio n of m a n d a to r y specifies ho w T1 is to be e n ab led . T he selection of e ith er a m a n d a to ry or an optional in p u t d e p e n d s on th e algorithm s selected to im plem ent the atom ic activity co rresp o n d in g to the in p u t, a n d th u s, th e selectio n d ecisio n is a d e sig n issu e (i.e., n o t a req u irem en ts issue).A n in te rfa c e m a p p in g ru le fo r p re s e rv in g th e d a ta flo w com m unication characteristics states th a t th e d a ta flow prim itives b etw een m axim al restricted activity g rap h s are to be in h erited by th e d eriv ed 4ask graph. A lso, the activity at the tail of a d ata flow prim itive is replaced w ith an o u tp u t p o r t, an d the activity at th e h e ad of a d a ta flow p rim itiv e is rep laced w ith an in p u t p o rt. O bserve th a t B and D are th e tw o d a ta flow s b e tw ee n th e tw o m axim al re stric te d activ ity g ra p h s in F ig u re 4-4 b y148application of the inheritance rule. The task g rap h in F igure 4-5 also has B an d D as the tw o d ata flow s betw een the tw o tasks.AG12A l A2A22A21A llA12A23Figure 4-6: Another Activity Graph Can Have a Derived Task GraphN o w , consider th e activity g ra p h d e p icted in F igure 4-6 w hich is com prised of tw o co n cu rren t m axim al restricted activity grap h s. In each m axim al restricted activity g rap h , there are tw o atom ic activities, executing in a m u tu a l exclusive m anner. By ap p ly in g th e m a p p in g ru les described earlier, the g rap h in Figure 4-5 is also the derived task g ra p h of this activity graph. U sing tw o sep arate in p u t p o rts in d eed indicates th a t A an d C are consum ed at tw o logical locations. H ow ever, in Figure 4-4,A an d C w ill be consum ed in th e o rd e r of A follow ed b y C. But, in Figure 4-6, A or C , notIboth, w ill be consum ed. C learly, this in p u t consum ption behavior in Figure 4-4 is different from th a t in Figure 4-6, yet th e p o rt rep resen tatio n s are n o tsufficient to m ake the distinction. Based on this observation, I conclude th a t j*textual notation m u st b e p ro v id ed such th at one can au g m en t th e g rap h to j describe the relationship betw een ports. The textual notations for describing th e p o rt relatio n s w ill be d efin ed in Section 4.2. F u rth erm o re, the p o rt149jrelatio n can also be d eriv ed from th e task 's associated restric te d activity g rap h by a set of direct m app ing rules such as those defined in Section 4.3.LFigure 4-7: An Activity May Produce Two Outputs or Consume Two InputsA ctivity g ra p h AG34, d e p icted in F igure 4-7, h as tw o c o n cu rren t m axim al restricted activity g rap h s, A3 an d A4. A3 has one in p u t an d tw o o u tp u ts; A 4 has tw o in p u ts a n d no o u tp u ts. B oth o u tp u ts of A3 are p ro d u ced by the single atom ic activity (i.e., A31) of A3. Both inputs of A4 are consum ed by the single atom ic activity (i.e., A41) of A4.TG34.xw w w w xw vxxxxw w w w xvAIxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxT4Figure 4-8: Two Tasks Communicating With Two Data Flows Via One Pair of PortsIn F igure 4-8, th e tw o tasks T3 a n d T4 are d e riv e d from th e task m a p p in g ru le. T he first in p u t p o rt of T2 is c reated b y a p p ly in g th e in p u t/o u tp u t m a p p in g rule. The tw o d a ta flow s A an d B are created by150a p p ly in g th e in te rfac e m a p p in g ru le. O b serv e th a t in F ig u re 4-8 th e fo llo w in g in fo rm a tio n is n o t ex p ressed : (i) th e te m p o ra l rela tio n sh ip s betw een pro d u ctio n of A and B (i.e., if both A an d B w ill be p ro d u ced or one j of them w ill be p ro d u ced ); (ii) th e conditions for p ro d u c in g A; (iii) th e jco n d itio n s for p ro d u c in g B; a n d (iv) the tem p o ral relatio n sh ip s b etw een |ico n su m p tio n s of A and B (i.e., if b o th A an d B w ill be consum ed o r one of th em w ill b e consum ed). B ased o n th ese o b serv atio n s, I co n clu d e th a ti[textual n o tatio n m u st be p ro v id ed such th a t one can a u g m e n t g rap h ical \ n o tatio n s describing th e relationship betw een in p u ts to an in p u t p o rt an d the relationship betw een o u tp u ts from an o u tp u t port.A ctivity g ra p h AG56, d ep icted in F ig u re 4-9, h as tw o co n cu rren t m axim al restricted activity graphs, A5 and A6. A5 has one in p u t A an d oneo u tp u t X; A6 h as tw o inputs: B a n d X , a n d one o u tp u t C . A junction/p rim itiv e w ith a d ata item X rep resen ts th a t th e o u tp u t of atom ic activity A52 w ill be co n su m ed by atom ic activity A62. H ence, X is a sh a re d d a ta w hich m ay be accessed concurrently by A52 an d A62.151AG56A6A5A51 A61A62 A521 IFigure 4-9: Two Threads of Activities ■'Concurrently Access' a Data Item X jE arlier I p o in te d o u t th at the n u m b er of tasks in th e d e riv e d task | g rap h is equal to or greater th an the num ber of m axim al restricted activity ; ; g rap h s in the p aren t activity graph. C onsider the task g ra p h in Figure 4-10 | | w hich is derived from the activity g rap h in Figure 4-9 by u sin g th e m ap p in g I ! rules described earlier. It is clear th at activity g rap h A5 is m ap p ed to task T5 !j « *- t| |an d activity g rap h A6 is m ap p ed to task T6. H ow ever, in o rd er to ensure the j d ata in teg rity of the sh ared d a ta X, a Data Manager of X task is created to jim an ag e X. O nly this task has a direct access to X (i.e., the rig h t to read and jiIw rite to X) because th e d ata item X has neither in p u t p o rts nor o u tp u t ports I 1 for in terface w ith o th er tasks. T herefore, to access X, o th e r tasks m u st ! acquire services (e.g., getY and putY ) from the Data Manager of X task. !II152Managerv v \ \ \ \ \ \ \ \ \ \ \ \ \ v v \ \ \ \ \ \ \ v^ TG56II 'iFigure 4-10: A Data Manager to Ensure the Data Integrity of Shared Data Item |iA n a tu ra l question m ay be asked. H o w w o u ld putY , getY, an d Y in {IF igure 4-10 be im p le m e n te d in a p ro g ra m m in g la n g u a g e (e.g.,, A da)? I iisuggest th at putY an d getY are im plem ented as p ro ce d u re calls w ith in the ^ context of T5 an d T6. For instance, one could code a function such as put(Y: j in d a ta _ stru ctu re) o r get(Y: in d a ta _ stru ctu re) w h e re th e datajstructure ' could be declared as an unconstrained array type. E ither function w o u ld be called by specifying the exact range bound. For exam ple, get(Y(5..10). Each of th ese fu n ctio n s w o u ld th en co n stru ct a m essag e (e.g., w ith th re e fields < destination, from , to>) by using A da attributes specifier such as Y 'address, Y’ size, a n d Y’ size. T he task creation rules such as those aforem entioned w ill be defined in Section 4.3.153AG7 every 2 secondsA 7Figure 4-11: A Periodic Activity, Iterating Every 2 Seconds j|In Figure 4-11, there is one activity, iterating every 2 seconds. In each !tite ratio n , activ ity A 7 p ro d u ce s a d a ta item B. A ctiv ity AG 7 itself is a j m axim al restricted activity graph. |s TG7 4%v\.vvvvvvvvv\v. , j " N k semaphore j watch dog r^timer-»>p>T 7 * C j L )Figure 4-12: A Periodic Task Enabled by Watch D og Timer Every 2 SecondsIn F igure 4-12, there is a task T7, an in p u t d a ta elem en t watch dog timer, a d ata flow semaphore, an d an o u tp u t d a ta elem en t B. Task T7 is associated w ith atom ic activity A 7, not the m axim al activity g rap h enclosing A 7, in Figure 4-11. This is d u e to the fact th at the tim e interval taken by the atom ic activity A 7 m ay either be shorter th an 2 seconds or exceed 2 seconds d e p e n d in g o n th e o v e ra ll sy ste m w o rk lo a d . M a k in g sem aphore a m an d a to ry in p u t for en ab lin g T7 a n d m ak in g watch dog timer g e n erate semaphore allow s the execution of T7 to be controlled b y a local scheduler. F urtherm ore, th e iteration interval (i.e., every 2 seconds) can be specified as a p a rt of the tim ing constraints associated w ith watch dog timer an d can be154m ad e kn o w n to th e scheduler. T he attrib u tes associated w ith each ty p e of no d e (i.e., in p u t data elem ent, o u tp u t d ata elem ent, task, etc.) w ill be defined in the follow ing section.A s sh o w n in th e p rec ed in g exam ples, it is clear th a t in o rd e r to rigorou sly an d concisely describe interactions betw een tasks an d 1 /O devices a n d rep re se n t tim e-oriented behaviors, each p rim itiv e m u st be au g m en ted w ith attributes. For exam ple, h o w in p u t p o rts are in terrelated , h o w o u tp u t Sports are in terrelated , ho w in p u ts to a p o rt are in terrelated , h o w o u tp u ts ifrom a p o rt are in terrelated can be expressed via textual n o tatio n s (w hichIw ill b e d e fin e d in th e n e x t se ctio n ). F u rth e rm o re , th e te m p o ra lrelatio n sh ip s am ong in p u ts an d the tim ing p ro p erties of each in p u t m u st |]also be au gm ented via tim ing constraints specification. For active elem ents, ji.e., in p u t d ata elem ents, o u tp u t d ata elem ents, an d tasks, a set of execution ! ru le s m u s t be d e fin e d . T he fo llo w in g se ctio n w ill a d d re s s issu e s a fo re m en tio n e d .I155______ i4.2. DESIGN SPECIFICATION METHODThe restricted d a ta /a c tiv ity g rap h defined below has the sam e type of com ponents as those defined for non-restricted except that the n o d e types of th e vertices in a g rap h are restricted to those defined in Figure 4-1.i4.2.1. RESTRICTED DATA GRAPHSij A restricted d ata graph RD is a 5-tuple,i RD = [G, f, g, s, e]tw here: G = [V, E] is a d ata g rap h in w hich V is the set of nodesa n d E is the set of edges.f is a function from V into the set of allow ed n o d e types Vrdp. (Vrdp is defined explicitly below .)g is a function from V in to the set of positive integers. This essentially provides a label for each node. js is a distinguished no d e called the 'start node'. ii*e is a distinguished no d e called the 'end n o d e ’. IThe set of no d e types p erm itted in a restricted d a ta g rap h is Vrdp =^dp ” { © s / © e / © s / © e ) w here Vdp = {D, © $ / © e / © s / © e / © s / © e /© s / © e )/ i e., the set of node types allow ed in a d ata g rap h except for thoseassociated w ith concurrency.D efinition 1: A w ell-form ed restricted d a ta g rap h RD ( = [G, f, g, s, e], can be recursively defined as follows:(1) Let RDk = [Gk, fk, gk, sk, ek] be any single vertex d ata graph w ith Gk = [{vk}, 0 ] fk(vk) = Di156gksk = vk e k = vk(2) Let R D j, RD2, ..., RDk be w ell-form ed restricted data graphs, RD t = [Gj, fj, gj, vg., ve.]. For th e p u rp o se of generality,the labeling function 'g' I need th e follow ing notation.Let m k = the m axim al value in th e range of g for RDk. W ithout loss of generality, I also assum e th e sets of nodes in R D l7 RD2, R D k are distinct.RD = [G, f, g, v s, ve] is a w ell-fo rm ed restricted d a ta g rap hk- 1Let M k = X m ..i =1T h en :(a)w here:G = [V, E] E =157g(v) = 'M j + g j(v ) if v e Vi g(vs ) = M mg(v ) = MmExpression.(b)0 —RD = [G, f, g, v g/ ve] is a w ell-form ed restric te d d a ta g rap h w here:G = [V,E]E = VA (ve’v * )}f(v) ="ik (v) if v e Vkf(vg) = © s_f(v ) = m)eg(v) =g(vs ) =if v e Vkgk(v) + 1 g k(v) +1158d jS )(c) ( s E )RD = [G, f, g, vs, ve] is a w ell-fo rm ed restric te d d a ta g ra p h w here:G = [V, E]mV - u V .;= i 1f(v )= £ .(v ) if v s V,g(v) = Mi +gj(v) if v s Vj nN o te th at w ith th e above definition, m atching pairs of n o d es (xj, x2) e-g-' ( ® s , © e ^ can be identified by g(xj) = g(x2).T he above definition is sufficient for construction of tools to check w h e th er a restricted d ata g ra p h is w ell-form ned. I am only in te reste d in w ell-form ed restricted d ata grap h s an d in the sequel I will dro p the adjective w ell-form ed' although it w ill alw ays be u nderstood.In th e follow ing sections, th e form al definitions of restricted activity graphs a n d m axim al restricted activity g rap h s are p resented. In ad d itio n , I present algorithm s for deriving a set of m axim al restricted activity g rap h s159from a g iv en activity g ra p h a n d checking w h e th e r m ax im al re stric te d activity g rap h s are w ell-form ed.4 .2 .2 . R ESTR IC TED ACTIVITY GRAPHSj In th e fo llo w in g d isc u ssio n o n re s tric te d a c tiv ity g ra p h s , th e jem phases are on th e aspects of th e tem p o ral relatio n sh ip a n d th e sp atial [relationship b etw een activities. I assu m e the details of d a ta g rap h s an d com m unication b etw een activities are defined. T herefore, I d o n o t include th e com m unication connectors an d in p u ts / o u tp u ts of each activity in th e 1ig rap h m odel of an activity graph. jIA restricted activity graph RA is a 5-tuple, !RA = [G, f, g, s, e] |w here: G = [V, E] is an activity g rap h in w hich V is th e set of ;nodes and E is the set of edges. ;f is a function from V into th e set of allow ed no d e types jVrap. (Vrap is defined explicitly below .)g is a function from V in to the set of positive integers. This essentially provides a label for each node.s is a distinguished n o d e called the ’ start node'. jie is a distinguished no d e called th e 'end node'.The set of n o d e types perm itted in a restricted activity g rap h is Vrap = ^ a p " (© S ' © e / © s / © e ) w here Vap = {A, © s , © e/ © s / © e / © S ' © e / © s / © e )/ i-e., the set of n o d e types allow ed in an activity g rap h except forthose associated w ith concurrency.160D efinition 2: A w ell-form ed restricted activity g rap h RA ( = [G, f, g, s, e], can be recursively defined as follows:(1) Let RAk = [Gk, fk, gk, sk, ek] be any single vertex activity graph(2) L et R A j, RA 2, ..., RAk b e w ell-fo rm ed re stric te d activ ityRAj = [Gj, fj, gj, v s., v e.]. For the p u rp o se of generality,the labeling function 'g' I need the follow ing notation. Let m k = the m axim al value in the range of g for RAk. W ithout loss of generality, I also assum e th e sets of no< R A j, RA2, R A k are distinct. k-1Let AT, = X m ..* i =1 1T hen:RA = [G, f, g, vs, ve] is a w ell-form ed restricted activity g rap h w here:w ith Gk = [{vk}, 0 ]fk(vk) = D g k(vu) = 1s k = vk e k = vkgraphs(a)G - [V, E]iii161f(v) =g(v) ='(b)f (v) if v g Vj f(vs ) = © s f(ve) = © eM i + g j( v) if v g Vi g(vs ) = M mg(ve ^ =Expression.RA kRA = [G, f, g, v s, v e] is a w ell-form ed restricted activity g rap h w here:G = [V,E]ViUl vS ’ve}e = :k L k k J I"f k (v) if v g Vk f(v)= { f ( v „ ) = @ s.f(v') = @)e g k(v) if v g Vk g(v) = S(vs > = 8k(v) + 1 g(ve> = g k(v) + 1162(d)RAi□ zRA2J L ,RA„RA = [G, f, g, vs, ve] is a w ell-form ed restricted activity g rap h w here:G = [V, E]mV = u V . i =1 *E = V S2UV » )}f(v)= f. (v) if v s Vig(v) = Mj + g i(v) ifve Vi□4.2.3. DECOMPOSITION OF AN ACTIVITY GRAPH INTO MAXIMAL RESTRICTED ACTIVITY GRAPHSIn th is section I p re se n t an alg o rith m fo r d eco m p o sin g a g iven activ ity g ra p h in to a set of m ax im al re stric te d activ ity g ra p h s. The significance of a restricted activity g ra p h is th a t it rep resen ts a sequential process an d therefore is natu rally associated w ith a task. The set of m axim al restricted activ ity g rap h s therefore co rresp o n d s to a m inim al set of tasks corresponding to th e given activity graph.I first in fo rm ally describe th e a lg o rith m a n d th e n give a d etailed d escrip tio n . As w ell be seen, th e com plexity of th e alg o rith m is 0 ( I E I )1 6 3w h ere E is th e se t of ed g es in th e activ ity g ra p h . I can achieve this com plexity if I ’ visit' each edge in the activity g rap h only once. As in m any g ra p h trav ersin g algorithm s a stack is useful for rem em b erin g p a th s th at have y et to be explored. In m y case, I w ill n eed tw o levels of stacks. The reason is th at w hile 'exploring' the nodes of the activity g rap h I m ay need to |halt th e b u ild in g of one m axim al restricted activity g rap h a n d start a new one. The activity g rap h th at I w as w orking on w ill be rem em bered in a stackland re su m e d later. T his is th e 'to p le v e l’ stack in th e alg o rith m . Thei Ijelem ents in th is stack are com plex d a ta stru c tu re s th a t reco rd all th e j!in fo rm a tio n re q u ire d to resu m e b u ild in g of th e (in co m p lete) m ax im al jrestricted activity graph. O ne of the com ponents of this stru ctu re is itself astack; nam ely, a stack of nodes th at have yet to be v isited in this partiallycom pleted m axim al restricted activity graph.Som e notations:PSS (Partial S ubgraph State)T his is th e d a ta stru c tu re u se d to reco rd all th e in fo rm atio n re q u ire d to resu m e th e c o n stru ctio n of a m ax im al re stric te d activity graph.iPSS_stack jiiThis is th e 'top level' stack in w hich PSS elem ents are p u sh e d for i later resu m p tio n . JIV ertex_stack164T his is th e 'low er level' stack an d th e re is o n e in each PSS. V ertices th a t h a v e y e t to b e v isite d in th e m ax im al restric te d activity g rap h are stored here. jiiThe alg o rith m has an 'o u ter loop' a n d an 'inner loop'. In the in n er j loop a 'cu rren t p artial g rap h ' is being constructed as n o d es in th e original 'activity g ra p h are trav e rsed . H o w ev er, if a n o d e is e n c o u n te re d w h ich jindicates concurrency (i.e., © s ,€ > s ) th en construction of the cu rren t g rap h j|is su sp e n d e d (the PSS for this g rap h is placed o n th e PSS_stack) an d alsoJnew PSS stru ctu res are initialized for each of th e successors of th e © s o r ' (&)s n ode an d the algorithm retu rn s to th e outer loop.I|In the o u ter loop, th e algorithm takes the top PSS stru ctu re from the PSS_stack (it term inates w hen the stack is em pty) and calls th e in n er loop tocontinue construction of the graph. jIIIIn itia liz a tio n of th e a lg o rith m consists sim p ly of c o n stru ctin g an initial PSS w hich corresponds to th e start n o d e of the activity g rap h b ein g I the next n o d e to visit, p u sh in g this PSS on the PSS_stack, an d in v o k in g theIo u ter loop.Before p resen tin g the d e ta ile d alg o rith m , a sm all ex am p le m ay be useful. C onsider the activity g rap h in Figure 4-13.165AGFigure 4-13: Given Activity Graph AGThe algorithm will basically processes as follows:initialization: C reate a PSS w ith n o d e A j in the vertex stack.(call this PSSj for easy reference.)o u ter loop: P op the PSS_stack entry, i.e., PSSj,Call the in n er loop.in n er loop: ad d a copy of A j to graph, find successors.Since it is an © s n o d e,(a) a d d a 'fork node' to the current g rap h(corresponds to the © s node) p u sh th e current PSS on th e PSS_stack.(b) initialize a PSS for branch to A 2(call this PSS2.) p u sh onto the PSS_stack.(c) initialize a PSS for branch to A 3n o d eth e(call this PSS3.) p u sh onto the PSS_stack.(d) re tu rn to th e outer loop.o u ter loop: p o p PSS from PSS_stack. (PSS3) invoke in n er loop.in n er loop: expand node corresponding to A 3. this w ill be the © e node.This signals the end of this g raph, an d it is outputted, retu rn to the outer loop.o u ter loop: p o p PSS from PSS_stack. (PSS2) invoke in n er loop.in n er loop: expand no d e corresponding to A 2. this w ill be the © e node.This signals the end of this g raph, an d it is outputted, retu rn to th e o u ter loop.o u ter loop: p o p PSS from PSS_stack. (PSS!)N ote: w h en PSS^ w as p u sh e d on th e stack its c u rre n tw as (§)s node. A t this point, it sh o u ld continue w ithth e (§)e n o d e w hich w ill be tran sfo rm ed to a join node. In the detailed algorithm , this is accom plished by having a global variable in w hich, w h en a g ra p h is com pleted,'end node' is recorded, invoke in n er loop.in n er loop: convert (g)e to 'join node'.got to next node A4 an d copy to graph, no successors, vertex stack is em pty, so o u tp u t graph, re tu rn to o u ter loop-o u ter loop: PSS_stack is em pty.167T erm in ate.F igure 4-14 d ep icts th e m axim al restricted activity g rap h s d eriv ed 'from the given activity g rap h AG.PSS2:PSS2:PSS1:forkjoinFigure 4-14: Maximal Restricted Activity Graphs Derived From AGAlgorithm 2: G iven an activity g rap h AG = [G, f, g, s, e] a n d G = [V, E], a set of (restricted activity graphs are produced.In p u t: G raph is represented by:(1) start vertex s,(2) en d vertex e,(3) a list of vertices, each w ith the follow ing attributes:(i) type,(ii) a list of successors,(iii) id,(iv) address of this vertex in the o u tp u t su b g rap hO u tp u t: (1) A set of m axim al restricted activity g rap h s (M RAG) an d a taskid is assigned to each.(2) N M R A G re p re se n tin g th e n u m b e r of m ax im al re stric te d activity g rap h s produced.168M ethod:pro ced u re B uildM R A G (AG):1. if C urrentV ertex is n u ll th e nbegin2. call In itializa tio nto create a stack StackJPSS,set C ur vertex of this PSS to s3. this PSS is p u sh e d onto the Stack_PSS;end;4. w h ile Stack PSS is n o t em p ty d o5. p o p a PSS from Stack_PSS;6. call ProcessVertex(PSS);7. call BuildM RA G (A G ):e n d lo o o8. o u tp u t MRAG; increm ent NM G RA by 19. delete PSS and Stack_PSS;10. re tu rn :The d ata structures and procedures used by the algorithm are given below .Global Data Structures:(1) A partial subgraph structure (PSS)Each PSS is represented by:(i) address of start vertex (Start_PSS)(i i ) address of end vertex (End_PSS)(iii) a list of vertices (RA) that each has:(a) type(b) a list of successors(c) address of corresponding vertex in the original graph(iv ) taskid(v) current vertex (Cur_vertex)(v i) a 'vertex to expand' stack (Vertex_stack) containing address of vertex in PSS and address of corresponding vertex in the original graph.(2) NodeType = {A, rk/join)(3) Start_fork_activity_id = IVI +1169(4) The id which can be assigned to a fork activity (Next_forkid)(5) A stack of PSS stacks (Stack_PSS)Each entry in StackJPSS contains address of a PSS(6 ) Last visited ending concurrency vertex (Last_C_end) procedure Initialization:(i) create and initialize a Stack_vertex_to expand stack(ii) set taskid to a newly generated id(iii) set start_PSS to s{i v ) set Cur_vertex to s(v ) setNM RAtoO1. create a new PSS (C_PSS) for the start vertex of AG , i.e..2 . push address of C PSS to StackJPSSprocedure ProcessVertex (PSS):1. w hile (Vertex_stack * empty) do begincase TRUE of ; expand the current vertex 2 .3. (f(Cur_vertex) =4. (f(Cur_vertex) = begin5.6.set Last_C_end to Cur_vertexif the pointer for (address to the vertex in theoutput graph) of corresponding vertex in7.original graph is not null then set that pointer to Cur_vertex exitend8 . (f(Cur_vertex) = <§)s ),(f(Cur_vertex) = © s > :9.10.beginpush all successors onto Vertex_stack push address of Cur_PSS to Stack_PSS170I T for each successor do12. create and initialize a PSS13. append taskid of this PSS to a taskid list14. push address of PSS onto Stack_PSSendloop15. create a fork vertex by setting its type to fork,its successors to the taskid list16. set Cur_vertex to the fork vertex17. returnend18. (f(Cur_vertex) = © e ) :begin19. if the pointer for (address to the vertex in theoutput graph) of corresponding vertex in original graph is null thenbegin20. set that pointer to Cur_vertex2 1 push all successors but the first ontoVertex_stackend22 copy this vertex to MRAG(i.e., the subgraph being created)23. pop a vertex from Vertex_stackto Cur_vertex24. exitend25. (f(Cur_vertex) = fork):begin26. create a join vertex by setting its type to join,27. set the id of the join vertex to Next_forkid28. set the successor of the join vertex tothe successor of Last_C_end29. set the successor of fork vertex to the join vertex30. set type of this vertex to ’A'31. set id to Next_forkid32. copy this vertex to MRAG33. increment Next_forkid by 1, and34. set Cur_vertex to the successor of Last_C_end35. exitend17136. (f(Cur_vertex) = join):begin37. set type of this vertex to 'A',38. copy this vertex to MRAG,end39. otherwise:begin40. copy this vertex to MRAG(i.e., the subgraph being created) 1 41. if (f(Cur vertex) thenset the successor whose type is not (f|)s1 to Cur_vertex. elsei begin, 42 push all successors but the first ontoI Vertex_stackj 43. set the first successor to Curjvertexend44. exitendendendloopT he next th ree theorem s p ro v e several im p o rtan t p ro p erties of the i p a rtitio n in g algorithm .Theorem 1: G iven an AG , th e set of restricted activity su b g rap h s, RAj =[Ga, f, g, (sj, e j ) ] ,..., RAj^ = [Gm, f, g, (sm, em)], p ro d u ced by A lgorithm 1 are m axim al restricted activity graphs.Proof. A ssu m e th a t som e Gj is n o t a m axim al restric te d activitygraph.172If Gj is n o t a m axim al activity graph, then there exists a vertex v in G and v not in Gj such th at G.^>{v} is a restricted activity graph. If v is n o t in V rap, th en G .u { v } could no be a restricted activity graph. H ence v m u st be j| itin Vra p . C o n sid er th a t v is in V . Since G . v { v }is a restricted activity j g rap h , v is either a successor of a vertex in Gj or a predecessor of a vertex inI,Gj. T hus, Let vertex q in Gj be adjacent to v.iIiBased on (Stepl9-Step24), (Step26-Step35), (Step37-Step38), or (Step40- Step44) of procedure ProcessV ertex, if v is the predecessor of q, then v w ould have been included in Gj since q, i.e., the successor of v, w as p u t in Gj. If v is j the successor of q, then v w ould also be p u t in Gj since q has been p u t in Gj. iiH ence, v m u st be in Gj w hich is a contradiction. T herefore, Gj is a m axim al j restricted activity graph. □Theorem 2 G iven an AG w ith IVI = n an d IE I = e, A lgorithm 1 requires O(e) tim e to construct all the m axim al restricted activity subgraphs of AG.Proof. T he In itializatio n step is com pleted in a b o u n d e d tim e C j. ;T he in n erL o o p trav e rses A G v ia th e o u tg o in g arcs w hich lea d to th e Jisuccessors of each vertex. T here are 'e' arcs w hich im plies th e total n u m b er j of arcs traversed to find successors is e. W hen each successor is reached, it is ' m ark ed an d som e com putation is n eed ed to keep track of vertices yet to be traversed an d th e state of the associated partial subgraph. This com putation tim e does n o t exceed som e constant C2. T herefore, the total co m p u tatio n tim e n eed ed is C j + e*C2. Therefore, A lgorithm 1 requires O(e) tim e. □173Theorem 3: G iven a A G w h ich to tally h as ’m ’ p a irs of co n cu rren cyvertices an d rep licatio n vertices, th e to tal n u m b e r of m axim al restricted activity subgraphs generated b y A lgorithm 1 is th e sum of out-degree of all jStarting concurrency vertices and starting replication vertices in AG. H ence,. mi NMRA= 1 + X d(v.) w here d(vd is the n u m b er of out-going arcs 1: i= i 1 Iassociated w ith v^ |IP roof. The p ro o f is by ind u ctio n on m . For m = 0, neither © s n o r1 0 s is en co u n tered . N o n ew PSSes are created. T herefore, the processing ■j Istays in the in n er loop, an d only th e given activity AG is th e only m axim al restricted activity g rap h produced. The hypothesis is true.iFor m = 1, the hypothesis is tru e since at step 9 th e only successor of © s (or 0 s ) is p u sh e d to V ertex_stack w h en (S)s (or 0 s ) is visited as the cu rren t | vertex. T hen, at th e next iteratio n in the 'w hile (V ertex_stack) # em p ty )' j loop, the successor p u sh e d in the p rev io u s iteratio n becom es the c u rren t vertex to be exam ined. Since the only <§)s (or 0 s ) has been visited at step 9,hence, th e rem a in in g v ertices of AG w o u ld b e co p ied in to th e o u tp u t restricted activity grap h at either Step 22, or Step 32, or Step38, or Step40.A ssum e th e in d u ctio n h ypothesis tru e for (k-1) > 1. Let AG be an activity g rap h w ith k pairs of concurrency vertices and replication vertices. Then AG m u st have an innerm ost concurrent su b g rap h AGj w hich is constricted by a start concurrency v ertex Vj an d has no c o n cu rren t co m p o n en t activities. Based on Step9, d(vj) tasks (subgraphs) are created. The starting concurrency174(replication) vertex in AG is replaced b y an activity vertex w ith a special id to denote th at d(vj) tasks are forked an d synchronization activity (i.e., join)are to follow . The en d in g concurrency (replication) vertex in AG is replacedI| w ith an activity vertex w ith the sam e id as its corresponding vertex. Let the Im odified AG be AG'. A G ', then, has (k-1) pairs of concurrency or replicationiivertices. By th e in d u ctio n h y p o th esis, th e n u m b e r of re stric te d activ ity Igraphs generated for AG', N M R A ’, is:l1 , (*-D! NMRA = 1 + X d(v.).| i - i 1iH ence th e total num ber of restricted activity activity g rap h generated for AG is:N M R A - d(y ) + NM RA =>(* -l)NMRA= d(v.) + 1+ X d(v.)= > kNMRA= 1+ X d(v.). □i = l 14 .2 .4 . AN EXAM PLE O F PA RTITIO N IN G AN A CTIV ITY G R A PHIn the follow ing I u se an exam ple activity g rap h in w hich th ere are tw o p a irs of c o n cu rren cy n o d e s to illu stra te th e re su lts of a p p ly in g A lgorithm 1. I also dem onstrate h o w T heorem 3 can be a p p lied to check if sufficient n u m b er of restricted activity g rap h s p ro d u ced from p artitio n in g a given activity graph.175F ig u re 4-15 contains an activ ity g ra p h AG in w hich th e re are 20 vertices and 26 arcs. O bserve th at there are tw o pairs of concurrency vertices, one m ark ed w ith 3 an d th e o th er m ark e d w ith 4. The o u t-d eg ree of th e1i|sta rtin g co n cu rren cy vertex m ark ed w ith '3' is 2. The o u t-d eg re e of th eii startin g concurrency vertex m arked w ith '4' is 3.AGFigure 4-15: Two Pairs of Concurrency Vertices Marked With '3' and '4'F ig u re 4-16 d ep icts th e re stric te d a ctiv ity g ra p h s g e n e ra te d b y A lgorithm 1 for th e given activity g rap h AG. A ccording to T heorem 3, the total n u m b er of restricted activity g rap h s generated should be 6, i.e., (1+ 2 + 3) = 6. O bserve that the num ber o f restricted activity g ra p h in Figure 4-14 is in d eed 6. T he restricted activity g ra p h RA6 contains tw o pairs of fork-join activities: fork(21)-join(21) a n d fork(22)-join(22). E ach fork-join activ ity chain is u se d to replace a co ncurrent subgraph. This is d u e to the fact th at176 : i - ,each c o n c u rre n t su b g ra p h in sta n tia te s a se t of c o n c u rre n t th re a d s of activities. Each th read of activities is executed b y a task. In the activity grap h containing the co n cu rren t su b g rap h , th e activity w h ich is the successor of th e e n d in g c o n c u rre n c y v ertex can n o t s ta rte d u n til all th re a d s are co m p leted . T herefore, a join activ ity is a d d e d for sy n ch ro n izatio n . For exam ple, activity H cannot start until C an d D exit. T he fork(21) p revents the task executing RA6 (i.e., task6) from p erfo rm in g activ ity H . T he join(21)i enables the execution of activity H w hen task l an d task2 notify task6 of theirico m p letio n .i _ _ _ _ _ _ _RA1 CW rRA3|~ E |task3RA5r~GFigure 4-16: Maximal Restricted Activity Graphs for AGRA6fork forktask6RA2D 1task2RA4Ftask41774.2.5. TA SK GRA PH SE arlier in Section 4.1, I inform ally described th e p ro p erties of a task, th e b u ild in g blocks for rep resen tin g h o w a task interfaces to o th er tasks or external devices, a n d ho w a restricted activity g ra p h is rela te d to a task.!|N ow , before g ettin g in to th e form alism of a task g ra p h , I first form allyjdefine the necessary inform ation for describing a task.A ta s k is described by a task descriptor w hich in clu d es th e follow ing types of inform ation: (i) p o rts — its interfaces to o th er tasks, external devices, a n d to th e ru n -tim e system ; (ii) a t t r i b u t e s — sta te v a ria b le s a n d th e ir properties; (iii) b e h a v io r— its functional specifications (e.g., pre- an d p o stc o n d itio n fo rm u la s) a n d tim in g c o n strain ts sp e cifica tio n s (e.g., state- d ep en d en t execution tim e); and (4) stru c tu re — its associated restricted activity graphs. Task descriptors m ay be w ritten in different p ro g ram m in g languages(e.g., A da, C, etc.), an d executable on different processors. D uring execution jItim e, p rocesses, w h ich are in stan ces o f tasks, ru n o n p o ssib ly sep arate jprocessors and com m unicate w ith each other via a specific set of d ata flow s, iiw hich m ay be im p lem en ted as m essages. The task tem p late defined in this jSection is n o t in te n d e d to be d irec tly tra n sla te d in to object code. The in ten tio n is to allow one to b u ild a tool w hich generates resource allocation a n d sc h e d u lin g d ire c tiv e s by sy n th e siz in g th e first th re e classes of in fo rm a tio n afo rem en tio n ed or a tool to g e n erate a co d e skeleton from in te rp retatio n of th e task's restricted activity graph. I also assum e th at the178task descriptors, w ritten an d stored in task libraries, are b u ild in g blocks for task g rap h description program s.D efin itio n 3: A ta s k is a seq u en tial p ro g ram u n it w h ich is d eclared as follow s:ta sk p o rts< po rt_ d eclaratio n s>[ < p o rt_ rela tio n _ d ec lara tio n s>attrib u tesstate v ariab les | im p o rtan ce lev el < im portance_declarations>! stru c tu re< activ ity _ g rap h _ d eclaratio n >< d ata_ g rap h _ d eclaratio n > e n d D efinition 4: A d ata ele m e n t is a sequential p ro g ram u n it w hich is declared as follows:d ata elem en t p o rts< p o rt_ d eclaratio n s>attrib u tesstate v ariab les im p o rtan ce lev el < im portance_declarations> e n d D efinition 5: A c h an n e l is an interface pro g ram u n it w hich can be specified as follows:< data_item > := < nam e>< channel> := < data_item > : fro m < port_nam e> to ;179A channel represents an arc w hich connects tw o vertices in a task graph. A vertex m ay be a task or a d ata elem ent.D e fin itio n 6: T extual n o tatio n s for sp ecificatio n s of p o r ts , a t t r i b u t e s , b e h a v io r, tim in g co n strain ts, and s tru c tu re are defined below . A lso in the follow ing d efin itio n , th e context-free syntax of the n o tatio n is describ ed u sin g a v a ria n t of B ackus-N aur Form (i.e., '{' a n d enclose a re p e a te d item ; th e item m ay ap p ear zero or m ore tim es; th e repetitions occur from left to right. A vertical bar , ' I', separates alternative item s, unless it occurs im m ediately after an opening braces, in w hich case it stands for itself.)< n am e>A nam e is a string starting w ith upper-case letter.i< co n d itio n _ fo rm u la> := < p re _ co n d itio n _ fo rm u la> I 'I< p o st_ c o n d itio n _ fo rm u la > jR efer th e syntax for specifying pre- an d post- condition form ula in i D efinition 3 of Section 3.2.3. 'Ii< p o rt_ b eh av io r_ d eclaratio n > := jw h e n < co n d itio n _ fo rm u la> Iw ith < tim in g _ co n strain t_ fo rm u la> jT he p o rt b ehavior declaration defines th e con d itio n of w hich an ! in p u t (output) p o rt is to be enabled an d th e tim ing p ro p e rty w ith w hich an in p u t (output) is to be enabled. := m an d ato ry in I o p tio n a l in I outThis attrib u te identifies if the specified p o rt is a 'm an d ato ry in p u t’ p o rt, an 'optional in p u t' port, o r an 'o u tp u t p o rt’.< p o rt_ n a m e >180A p o rt n am e is a string.< p o rt_ d e c la ra tio n > :=< p o rt_ n a m e > : < p o rt_ ty p e > < p o rt_ b e h a v io r_ d e c la ra tio n >In each p o rt declaration, one specifies th e p o rt nam e follow ed byf . i< p o rt_ d e c la ra tio n s> := {< port_declaration> } < p o rt_ d e c la ra tio n > ;< p o rt_ re la tio n _ o p e ra to r> := — > I @'A — »B' represents th at p o rt B is read after p o rt A. ’ A@B’ represents th at either p o rt A or p o rt B is read b u t n o t both. J< p o rt_ re la tio n _ p re d ic a te > IA p o rt relation predicate is a predicate expressed w ith port_nam e !an d port_relation_operator. For exam ple, ( p i— »p2)©p3 states that either p o rt p i or p o rt p3 w ill be read. If p i is read, then p2 w ill be ■ read som e tim e later w hen the enabling condition of p2 is m et. i< p o rt_ re la tio n _ d e c la ra tio n s> := !In u l l l { < p o r t _ r e l a t i o n _ p r e d i c a t e > } j< p o rt_ re la tio n _ p re d ic a te > ;W hen there are m ore th an tw o in p u t p o rts or tw o o u tp u t p o rt, a set of port_relation_form ula can be u sed to describe the tem poral re la tio n sh ip b e tw ee n in p u t p o rts o r th e tem p o ral relatio n sh ip betw een o u tp u t ports.< a c tiv ity _ g ra p h _ d e c la ra tio n > := < g ra p h _ id > ;< g ra p h _ id >A g rap h identifier is a un iq u e positive integer.< g ra p h _ id _ list> := {} < g ra p h _ id > ;< d a ta _ g ra p h _ d e c la ra tio n > := n u ll I < g ra p h _ id _ list>181O b s e rv e th a t th e o p e ra to r s u s e d fo r c o n s tru c tin g th e p o rt_ relatio n _ p red icate co rresp o n d to the sequence o p erato r p rim itiv e an d th e selection prim itive. T his suggests th at the p o rt_ relatio n _ p red icate of a task could be synthesized from the associated m axim al restricted activity. I A lgorithm 2 defines a m eth o d for deriv in g the port_relation_predicates for jail in p u t ports and o u tp u t po rts of a task.I, A lg o rith m 2: G iven a task Tj an d its associated m axim al restricted activity jg ra p h M R A G j, a set of in p u t p o rts, a set of o u tp u t p o rts, an in p u t !p o rt_ re la tio n _ p re d ic a te , a n d a n o u tp u t p o rt_ re la tio n _ p re d ic a te are produced.1.2.14.5.6 .7.8.9.10IIuse the 'Depth First Search’ to identify each vertex in MRAGi do beginif type(vertex) = © s ' thenbeginput '©' to the in port relation predicate expression buffer put ’©' to the out port relation predicate expression bufferendif type(vertex) = 'A' then beginif the activity is at heads of some com. primitives then beginif predecessor(vertex) is an activity has input then put to the ’ in port relation predicate expression buffer' create an input port and generate a port identifier put portid to the 'in port relation predicate expression buffer'endif the activity is at tails of some com. primitives then beginif predecessor(vertex) is an activity has output then18212.13.j end;14. STOP; T he task g rap h d efined below is a directed g ra p h w hich h as n odesIbeing tasks o r d ata elem ents. A n arc b etw een tw n o d es rep resen ts a d ata|flow, and th e direction of the d ata flow corresponds to th at of the arc.Ii Form ally, a task graph TG is a 6-tuple,TG = [G, f, g, t, h, s]w h ere: G = [V, E] is a d irected g rap h in w hich V is th e set ofnodes and E is the set of arcs.f is a function from V into the set of allow ed n o d e types Vtp (Vtp is defined explicitly below .)g is a function from V in to the set of p o sitiv e integers, i This essentially provides a label for each node.t is a function from V into th e set of tim in g functions (them a p p in g ch arac teristics of th is fu n c tio n is d e fin e d below .)h is a function from E into 2-tuple, i.e.,1. the set of positive integers p ro v id in g a label for each arc;2. the set of positive integers providing size of data associated w ith each arc.s is a distinguished n o d e called the 'start node'.put to the ’ out port relation predicate expression buffer' create an output port and generate a port identifier put portid to the 'out port relation predicate expression buffer'end183 'The set of no d e types perm itted in a task g rap h is Vtp = {T, Dj, DQ }, i.e., th e set of n odes allow ed are tasks, in p u t d a ta elem ents, an d o u tp u t d ata elem en ts.T he fo u rth com ponent t of th e tu p le [G, f, g, t, h, s] is a functionjim ap p in g each e le m e n t Vj in V in to tim in g specification functions. If a v e rte x Vj is in Vt, th en t (vj) is an execution fu n ctio n e (e x i, ex2 ,..., exk)w here k > 0 an d exi, ex2 ,..., exk are ex i, ex2 ,..., exk are expressions relatin g I tim ing in stan t variables or state variables of vertex v^ If a vertex Vj is in Vd, | th en t (vj) is a tu p le of tim ing specification functions [% , sw (exi, ex 2,..., exk), rd (e x i, ex2 ,..., exk), ef(ex i, ex2 ,..., exk)] w h ere x is th e initial arriv al tim e relative to system start-up tim e (i.e., t = 0) an d sw , rd, ef, an d e are tim ing specification functions as defined in D efinition 3.2-1.In su m m ary , th e p ro p o sed design specification m eth o d h as a 3-part com putational m odel. H ow each p art is su p p o rte d is described in Table 4-A, Table 4-B, an d Table 4-C.184_____ 1Desired Properties in Data ModelsExpressibliPropertiesComposition• non-atomic data items are decomposable.Conditional Sequences• supported by the ’ selection’, 'iteration', and 'data item' primitives.Parallel Sequencesnot supported, (implies non-sequential execution')Multiple Instances of The Same Typenot supported.(implies non-sequential execution')Timing Specification• predicates expressed by time instant variables.Table 4-A: Properties Supported by Restricted Data GraphsDesired Properties in Control Flow ModelsExpressibliPropertiesComposition• supported by composite activities and tasks.Conditional Sequences• supported by the ’ selection’, ’iteration’ , ’ activity’ , ’ task’, primitives.Parallel Sequences• supported by the ’ task ’ and ’ communication’ primitives.Multiple Instances of The Same Typenot supported.Timing Specification• predicates expressed by time instant variables.Enabling and Exiting Criteria• supported by pre-condition & post-condition formulas.Table 4-B: Properties Supported by Task Graphs and Restricted Activity Graphs185Desirable Propertie in Sequential program ModelsExpressibliPropertiesStimulus and Response Relationship• supported by pre-condition & post-condition formulas.State Changes • supported by using ADA PDL and 'state variables'.Timing Specifications • timing constraints formulas.Interconnections Between Programs• A restricted activity graph defines relationships between programs.Validation Points and Criteria• supported by pre-condition & post-condition formulas.Table 4-C: Properties Supported by Restricted Activity Graphs and the Task DefinitionTemplateG iven definitions of activity g rap h an d task g rap h an d algorithm s for d eriving a set of m axim al restricted activity grap h s from a activity g raph, in the follow ing, I discuss how a task g rap h can be autom atically derived.1864 .3 . D E R IV IN G AN IN IT IA L T A S K G R A P H F R O MtR E Q U IR E M E N T S |IiSo far I p resen ted a req u irem en ts specification m eth o d w ith w hich th e requirem ents specifications are expressed in the form of activity graphs, jdata g ra p h s, p ro g ra m d e scrip tio n lan g u a g e, a n d co n strain ts (in clu d in g jtim ing c o n strain ts, p re-c o n d itio n , a n d p o st-c o n d itio n fo rm u las). I also ipresented a design specification m ethod w ith w hich a design is expressed in term s of restricted d ata graphs, restricted activity graphs, task tem plates, and task g rap h s. The general scenario described in th e follow ing o u tlin es the softw are req u ire m e n ts specification, to p level d esig n , detail design, an d coding phases of the softw are developm ent process.Step 1: D efine S oftw are R equirem ents: T he tim e sequence p ro p erties of a system are expressed com pletely in term s of d ata graphs an d activity g rap h s. The decom position process is com pleted w h en all activities are d e co m p o se d in to atom ic a ctiv ities, all ato m ic activ ities are sp e c ifie d w ith p re - a n d p o st- c o n d itio n s, all d a ta ite m s are {id eco m p o sed in to atom ic d a ta item s, a n d th e req u ire d tim in g a n d j resource constraints are specified. JStep 2: P erform P a rtitio n : A n activity g rap h , rep resen tin g a req u irem en ts J specification, is p a rtitio n e d in to a set of m axim al restricted activity grap h s usin g A lgorithm 1.Step 3: D efine a Softw are A rchitecture: G iven this set of m axim al restricted activ ity g ra p h s, th e o rig in al activ ity g ra p h , d a ta g rap h , an initial softw are architecture, expressed in term s of a task g rap h , is d eriv ed based on a set of task derivation rules.1 8 7Step 4: E valuate the A rchitecture: A ssess if the p ro p o sed design satisfies the tim in g an d sizing constraints a n d o th er p e rtin e n t properties. If the p ro p o sed design does not m eet the specified requirem ents; go to S tepl ; if the designer determ ines th at the requirem ents are not realizable for j a given h a rd w a re architecture; go to Step2 to com bine som e set of | tasks into a bigger task if for exam ple the n u m b er of tasks p ro d u ced j exceeds th e lim it im posed by th e h a rd w are o r th e o p eratin g system ; jigo to Step2 to p artitio n a task in to a n u m b er of tasks if for exam ple som e tasks p ro d u ced are too large to fit in to m em ory; or go to Step3, for exam ple, w h en th e tim ing constraints cannot be satisfied an d an alternative h ard w are architecture is allow ed.A fter an initial softw are architecture has been autom atically derived, sim ulation m ay be used to assess the realizability of th e task g rap h w ith a d esirable degree of accuracy. Based on sim ulation resu lts or o th er criteria, th e designer m ay u p d a te the task g rap h , effectively o v errid in g any existing d e sig n choice. T he m o d ifie d ta s k g ra p h m ay o r m a y n o t sa tisfy requirem ents. A gain, sim ulation m ay be used to v alid ate if the new design j is realizable. jIn the follow ing, before I outline the p ro ced u re for deriving an initial task g rap h from a given activity graph. I first identify a set of synthesis rules j w hich are u sed in th e derivation.• task m ap p in g ruleThe p u rp o se of this ru le is to define a baseline set of tasks based on a given activity g rap h . The ap p ro ach is to create a task for each m axim al restricted activity graph. T he restricted activity g ra p h is labeled w ith a unique task identifier.188in p u t/o u tp u t m ap p in g ru leT he p u rp o se of this ru le is to p reserv e th e in p u t a n d o u tp u t req u irem en ts. T herefore,- if a task is created from a m axim al restricted activity g rap h , the task inherits all the in p u ts an d all the o u tp u ts from its associated m axim al restricted activity graph;- if a task is created from a junction connector, the fan -in arcs becom e the in-com ing d ata flow s of the task an d th e fan-out arcs becom e the out-going d a ta flow s of the task.|- if a task is created to replace a m erge connector, an equivalent j connector, an d a split connector, then the fan-in arcs of the m erge j connector becom e the in-com ing d ata flow s of th e task a n d the fan-out arcs of th e split connector becom e the out-going d ata flow s ;Iof th e task.p o rt_ relatio n _ p red icate d eriv atio n ru leThe p u rp o se of this ru le is to preserve th e tem p o ral p ro p erties of ! d a ta c o n s u m p tio n a n d p r o d u c tio n . T h e r e f o r e , th e ! p o rt_ re la tio n _ d e c la ra tio n of a task is s y n th e siz e d b y a p p ly | A lgorithm 2. Jitim in g conversion ru leT he p u rp o se of th is ru le is to p reserv e th e tim in g co n strain ts represented in th e execution fram e function associated w ith a pair of iteration prim itives w hich enclose a set of atom ic activities. For each p air of iteratio n prim itives w ith a c o n sta n t execution fram e fu nction in th e associated restricted activity g ra p h o f a task, a189synchronization m echanism (e.g, signal, sem aphore) is selected to be in co rp o rated into th e task g ra p h a n d m o dify th e associated restricted activity g rap h (e.g., w ait o n a signal or a sem aphore). For n o n -c o n sta n t execution fram e, an activity is ad d ed as a successor v ertex of th e en d iteratio n vertex. For b o th co n stan t an d n o n constant execution fram e, b o th the start vertex an d th e en d vertex jare deleted from the graph. I!I• interface m ap p in g rule jIT he p u rp o s e of th is ru le is to p re s e rv e th e d a ta flo w j com m unication characteristics. T herefore, tasks in h erits all d a ta ! flow prim itives betw een m axim al restricted activity graphs. j• d ata integrity ruleThe p u rp o se of this rule is to m anage data integrity for sh ared data item s. For each d a ta item X w h ich is associated w ith ju n ctio n c o n n ecto rs, a data m anager task is created for X to p ro v id e concurrent accesses to X an d m aintain integrity and consistency of X. T he d a ta item X becom es a p riv a te d a ta item of th e d a ta m anager task an d o th er tasks sen d req u ests to th e data manager for obtaining inform ation from or depositing inform ation to X.• d a ta transform ation ruleT he p u rp o se of th is ru le is to tran sfo rm a d a ta item from th e p ro d u c e r's view to th e co n su m er's view . For each d a ta item X w hich is associated w ith m erge connector, eq u iv alen t connector, a n d sp lit connector, a 'd a ta tran sfo rm er' task is created for X to receive d ata according to th e properties specified in th e associated d a ta g rap h an d split connector, an d then, transform th e d a ta into th e d esired p ro p erties specified in th e associated d a ta g ra p h of m erge connector.190G iven an activ ity g rap h AG, its associated set of com m unication prim itives CP, an d its associated set of d ata g rap h s DG, th e follow ing is an outline of steps taken for deriving a task g rap h TG.S tepl: ap p ly Algorithm 1 to obtain a set of m axim al restricted activity g raphs from AG.Step2: d eriv e an initial set of tasks by a p p ly in g th e task mapping rulesuch th at a task is created from each m axim al restricted activity graph.for each task d obegin !(1) a p p ly th e input/output m apping rule to o b ta in all th e in p u ts an d o u tp u ts of the task.(2) a p p ly th e port_relation_derivation rule to d efin e all the i n p u t p o r t s , a ll th e o u t p u t ports, the in p u t p o r t _ r e l a t i o n _ p r e d i c a t e , a n d t h e o u t p u t | p o rt_ relatio n _ p red icate.(3) ap p ly th e tim ing conversion ru le to replace each p a ir of ite ra tio n v e rtice s w h ic h h as a c o n sta n t e x ec u tio n fram e function w ith a given synchronization m echanism .e n dStep3: derive the precedence relations betw een tasks. for each com m unication prim itive c in C P d o beginif type(c) = d ata flow then begina p p ly th e interface m apping rule to create a c h a n n e l to connect191t h e t a s k s o n e a c h e n d o f t h e d a t a f l o w c :o u tp u t this channel to a 'channel_list' buffer. e n dif type(c) = junction th en beginapply the data integrity rule to create a data manager task. jcreate tw o in p u t ports: j- one for the request to rea d from the d ata item an d i- th e o th er for th e req u est to w rite in fo rm atio n in to th e ! data iitem 1ic re a te o n e o u tp u t p o r t fo r re tu rn in g th e re q u e s te d jin fo rm a tio n ito the requestor of the read) for the data manager. jichange th e junction connector into a m erge connector w hich j has the sam e d a ta item as th at associated w ith the junction j connector. T here is only one bi-directional arc betw een jthe d a ta item an d the data manager.iap p ly the input/output mapping rule to obtain all th e jin p u t and o u tp u t d ata flow s of the data manager and at the sam e tim e a p p en d these d ata flow s to CP.e n diif type(c) = equivalent th e n iIbegin. jiap p ly the data transformation rule to create a data transducer i task. Jlcreate one in p u t ports an d one o u tp u t port. !apply the input/output mapping rule to o b tain all th e |in p u t an d o u tp u t d ata flow s of th e transducer manager an d | at the sam e tim e ap p en d these d ata flow s to CP. jtI192e n ddelete c from CP.I e n dA fter one goes th ro u g h several iteratio n s of d efining th e so ftw are arch itectu re, a task g ra p h is d eriv ed . T here still is th e issu e of h o w to m a n a g e re s o u rc e s su c h th a t th e tim in g c o n s tra in ts a n d re s o u rc e requirem ents of activities in a task can be satisfied.4.4. SUM M ARYIIn this chapter, I d ev elo p ed th e m eth o d o lo g y for tran sfo rm in g th e J activity g rap h and d ata graph to a softw are design. I defined the concepts of a m axim al re stric te d activity g rap h . T hese w ere sh o w n to c o rre sp o n d to se q u e n tia l p ro cesses or tasks. In a d d itio n , an a lg o rith m fo r d e riv in g ; m axim al restricted activity g rap h s from an activity are p resen ted as w ell as th e m eth o d s for con stru ctin g task g rap h s b ased on th e d eriv ed m axim al restricted activity graph. iiJiIn th e n e x t c h a p te r, I p re s e n t an ex am p le a p p lic a tio n of th e m eth o d o lo g y in som e detail. The ex am p le is d ra w n from avionic ra d a r system s an d represents a non-trivial application.ii1935. AN EXAMPLE SENSOR SYSTEMJ A dvanced avionic rad a r system s w ere in tro d u ced in C hapter 2 as oneim p o rtan t exam ple of sem i-hard real-tim e system s. In this chapter I w ill use the m ethodology d ev elo p ed in C h ap ters 3 an d 4 for th e specification an djdesign of an exam ple avionic rad a r system w ith an electronically scanned an ten n a. T he req u ire m e n ts specification is given first u sin g th e activ ity g rap h form alism . A n initial softw are design b ased on this specification uses A lg o rith m 1 from C h a p te r 4 to g en erate th e m axim al restricted activity g ra p h s fro m th e req u ire m e n ts. I th e n u se th e ta sk g ra p h d e riv a tio n algorithm defined in Section 4.3 is to generate th e corresponding task graph.|The results of this initial design phase are presented. !iI5.1. REQ U IREM EN TS SPEC IFIC A TIO NIA dvanced avionic rad ar system s typically interface w ith tw o classes of i external physical processes: com m and processes a n d m o n ito red processes. Exam ples of com m and processes are a pilot, o th er sensor subsystem s w hich h a v e c o m m u n ic a tio n lin k s w ith th e ra d a r su b sy ste m , o r a m issio n com puter w hich gives the rad a r subsystem directives on w h at d ata to obtain a n d h o w to process it. E xam ples of m o n ito red physical processes are an airplane, a specified air space, a specified g ro u n d space, or a w eather object. As show n in th e activity g rap h in Figure 5-1, a sensor subsystem interfaces w ith command processes directly, b u t interfaces w ith monitored physical processes via a fro n t end. T hese fo u r co m p o n en ts: com m and processes, sensor su b sy ste m , fro n t end, a n d m onitored physical processes, are concurrent w ith each other an d com m unicate th ro u g h data.194&ExternalRequestsMonitoredPhysicalProcessesFrontEndCommandProcessesSensorSubsystemr Front End t StatusFigure 5-1: An Activity Graph Representing the Interaction Between a Advanced RadarSystem and Its External EnvironmentT he sensor su b syste m c o n su m e s external requests issu e d by |icommand processes an d pro d u ces track files w hich co n tain in fo rm atio n on | th e state of cu rren tly m o n ito red physical processes. T he sensor subsystem IIip ro d u ce s front end directives w hich contain a set of firm w are com m ands to j control the tim ing an d w aveform of signals to be tran sm itte d in o rd er to I sen se m o n ito re d processes. R eturned waveforms are p ro d u c e d w h en the transm itted w aveform s are reflected b y th e monitored physical processes.iT hese re tu rn e d signals are th en received by th e front end receiver w hich tran sfo rm s th e collected signals in to digital form at an d , th en , deposits the tran sfo rm e d in fo rm atio n in to th e d a ta stru c tu re s re fe rre d to as collected returns. D u rin g d ata collection, th e front end p ro d u ces front end status to indicate if the collection of th e specified signals w as com pleted norm ally or th e collection of sig n als has en co u n tere d som e a b n o rm a lity su ch as the195.signal to noise ra tio exceeding th e allo w ab le lim it. T hen, th e collected r e tu r n s are p ro cessed b y th e sensor system to fo rm o b se rv a tio n s for pred ictin g the fu tu re state of the m o n ito red physical processes such th at the sensor subsystem can d e te rm in e w h e n to ag ain o b serv e th e p h y sic al| iI processes in o rd er to n o t lose track of them . Also, b ased on th e collectedij retu rn s, the state of each observed physical process is stored in a database, j called a trackfile. The inform ation in track files are retu rn e d to com m andi I! processes eith er on d em an d or periodically at a specified tim e interval.fI3 component s: (1) Sensor Manager, (2) Signal Processing Manger, (3) Data ProcessingManager.Figure 5-2: An Activity Graph Representing a Sensor SubsystemF igure 5-2 contains a refinem ent of the sensor subsystem . T he three in p u ts: External Requests, Front End Status, an d Collected Returns, an d tw oSignal A f D ata ^ Processing Processing^R equests y ^ R e q u e sts j4 \ \FrontEndStatus^ Front End ^Requests^DataProcessing^Manager^SignalProcessingM anagerTrackFilesExternalRequestsSensorM anagerf Front ^ End l D irectives jCollectedReturnsTrackD atabaseA bort196o u tp u ts: Front End Directives and Track Files in Figure 5-1 are in h erited by the refined activity g rap h of the sensor subsystem.A s show n in Figure 5-2, a sensor subsystem is com prised of a SensorI,M a n a g er, a Signal Processing M anager, an d a Data Processing M anager, executing co n cu rren tly w ith each other. In ad d itio n to the 5 in p u t/o u tp u t ;ijd ata item s, th e re are 5 co m m unication connectors: (1) signal processing \requests, (2) abort, (3) data processing requests, (4) front end requests, a n d (5) track database. The sensor manager co n su m es th e tw o ex tern al in p u ts , external requests an d fro n t end status, a n d track database; from th is in fo rm a tio n it th en p ro d u ce s th e ex tern al o u tp u t front end directives toIdirect the fro n t en d tran sm itter as to h o w to tran sm it signals. The signal processing manager accepts th e signal processing requests from th e sensor manager; then, consum es an d processes collected returns according to th e directions specified in the signal processing requests. Signal processing for a specific signal processing request w ill be aborted if an abort is received from th e sensor manager. By com paring inform ation in th e track database, it can be d eterm in ed if the observation form ed from collected returns is associated w ith k n o w n m o n ito re d processes. A track u p d a te (T U ) data processingJrequest is issu ed to th e data processing manager w h en th e o b serv atio n is associated w ith a k n o w n m o n ito red process. A search confirm (SC_act) front end request is issu ed to th e sensor m anager fo r o b ta in in g m o re detailed a n d /o r accurate inform ation w hen th e observation is n o t associated w ith k n o w n m o n ito re d processes. F inally, th e data processing manager correlates the given observation w ith m o n ito red physical processes u sin g som e sco rin g fu n ctio n , e stim ates th e fu tu re sta te of th ese m o n ito re d_________________________________ 19 7 _p ro cesses a n d u p d a te s th e sta te in fo rm a tio n in th e track database. In ad d itio n to u p d a tin g th e track database, the data processing manager is also responsible for deleting a specific set of m onitored processes on d em an d and o u tp u ttin g the track database to track files periodically.SensorM anagercFrontEndRequestsExternalRequestsFront End Planning Directives^f Front EndA Front End DirectivesTrackDatabaseW orkload ListW orkU nitFront Front End Requests M anagerFront End PlannerFront End SchedulerData Processing RequestsFront End ^ S ta tu sAbortX o- r SignalProcessingI RequestsFigure 5-3: An Activity Graph Representing Computational Behavior of Sensor ManagerFigure 5-3 contains an activity g rap h rep resen tin g the refinem ent of the sensor manager in w hich th e 3 in p u ts and the 4 o u tp u ts of the sensor m a n a g e r are in h erite d . T his is d u e to th e ru le th a t, at each level of refinem ent, th e in p u ts an d o u tp u ts of an activity m u st be in h erited b y its associated activity g rap h rep resen tin g the refinem ent of th e activity. A lso each in p u t m u st hav e a com ponent activity in th e refin em en t to consum e it; sim ilarly, for each o u tp u t th ere m u st be a c o m p o n en t activity in the refinem ent to p roduce it.198A lso the sensor manager in Figure 5-3 is com prised of a Front EndRequests M anager, a Front End Planner, a Front End Scheduler, an d a FrontEnd Setup. In a d d itio n to th e 7 in p u t/o u tp u t d a ta item s, th e re are 3a d d itio n a l co m m unication connectors: (1) front end requests, (2) front endjplanning directives, and (3) front end workload list. The front end requests I im a n a g er co nsum es external requests. B ased on th e in fo rm a tio n in an jiexternal request, it th en p ro d u ce s front end planning directives to d irect j j usage of the front end resource, how each type of front en d activity should jibe p lan n ed , or w h at front en d activities are to be aborted. A t this level of j j refin em en t, only w hat are p ro d u ce d by the front end requests manager is j |specified. T he details of w h en , w h y , an d h o w abort, fro n t end planning jdirectives, data processing requests are p ro d u c e d are specified at th e next jllevel, i..e, th e refin em en t of th e front end requests manager. T he front end jlplanner accepts 5 in p u ts an d produces 2 o u tp u ts. Based on th e inform ation in the track database, the front end planner assesses th e tactical situ a tio n b a sed o n k n o w led g e of th e sta te of each m o n ito red processes. It th en determ ines th e relative tactical im portance level of each fro n t en d activity associated w ith each front end request by u sin g som e v alu e fu n ctio n and d e te rm in e s th e tim in g c o n strain ts of each fro n t e n d activ ity . T h en it p ro d u c e s a front end workload list in w h ic h fro n t e n d activ itie s are d escribed in clu d in g inform ation such as tim in g specification function s ef, sw , a n d rd , im portance level, a n d g ro u p id, etc. T he front end scheduler read s in th e front end workload list, uses a real-tim e sch ed u lin g algorithm , such as E a rlie s t D e a d lin e F irs t , R a te M o n o to n ic a lg o rith m s [Liu& Layland74], to select a work unit w hich is th e m o st im p o rtan t, tim e-199critical, an d tim e-inflexible activity to be perfo rm ed next by th e front end. B ased o n th e in fo rm a tio n in th e work u n it, th e front end setup th e n produces a set of firm w are com m ands to direct th e front en d tran sm itter asjto w hich w aveform s are to be transm itted an d the tim ing properties of each I w av efo rm .fiiIA lth o u g h each in p u t (each o u tp u t) of an a ctiv ity m u st h a v e a co rresp o n d in g com ponent activity to consum e (produce) it, this does n o t m ean th a t the consum er com ponent activity for each in p u t. For exam ple, the front end planner consum es tw o in p u ts, one b ein g the track database an d the o th er b ein g th e front end status. T he front end requests manager co n su m es external requests an d p ro d u ces data processing requests. T he iitem poral and spatial parallelism properties represented in the d ata graphs of ;tin p u ts an d o u tp u ts of an activity suggest h o w the activity can be refined ! such th a t th e co m p o n en t activities consum e th e in p u ts an d p ro d u c e th e i o u tp u ts according to these sam e tem poral and spatial parallelism properties, jExternalRequestsef > 0 .1 ^RequestExternalRequest' Etelete Track FileJPerformance j! Im portance uirem ent BoundJ \(a) The Data Graph for External Requests, (b) Refined Data Graph for External Request. Figure 5-4: Data Graphs Representing Properties of External RequestsFor exam ple, th e d ata g rap h in Figure 5-4(a) is th e refinem ent of the external requests w hich are th e in p u ts to th e sensor manager. T he d a taonng rap h specifies th at the external requests are a sequence o f external request. The expression 'ef > 0.1' associated w ith th e sta rtin g ite ratio n p rim itiv e specifies th at th e tim e interval, represented by the execution fram e function ef, betw een tw o instances of external requests is at least 0.1 second. The data g ra p h in F igure 5-4(b) is the refinem ent of the external request. The d ata g ra p h in F igure 5-4(b) specifies th a t an external request m ay be eith er a search request, a delete track file request, a set resource bound req u est, a set \performance requirements request, or a set importance level req u est.Front End Planning Directivesef > 0.1 < —^Front End Planning DirectiveDFront End Planning Directive^ Bound Front End ^ Usage\ f Set Activit^VA Set Activity Performance II Importance J R eq uirem en t^ Level(a) Front End Planning Directives, (b) Refined Front End Planning Directive Figure 5-5: Data Graphs Representing Properties of Front End Planning DirectivesT he d a ta g ra p h in F igure 5-5(a) is a refin em en t of th e front end planning directives w hich are th e o u tp u ts from th e sensor manager. T he d a ta g rap h specifies th a t the front end planning directives are a sequence of front end planning directive. The expression 'ef > 0.1' associated w ith the startin g iteratio n p rim itiv e specifies th at th e tim e interval, rep re se n te d by th e e x ecu tio n fram e fu n ctio n e f, b etw een tw o in stan ces o f front end planning directives is at least 0.1 second. The d ata g rap h in Figure 5-5(b) is the refinem ent of the front end planning directive. The d a ta g ra p h in Figure 5-5(b) specifies th a t a front end planning directive m ay be eith er a bound 201_front end usage directive, a set activity performance requirements d irectiv e, or a set activity importance level directive.Front End Requests Manageref > 0.1ExternalRequestExternalRequestsPerform Search Frame Planning Activity to Divide a SF into a Sequence of Search Alert (SA-act) activitiesAbortBroadcast AbortFront EndPlanningDirectivesGenerate a Delete requestGenerate Front End Planning DirectivesGenerate an SA_act requestSA actFigure 5-6: An Activity Graph Representing a Front End Request ManagerF ig u re 5-6 is a refin em en t of th e front end requests manager. This refin e m e n t h as a n ite ratin g loop w h ich is b a sed o n th e ite ra tin g loop defined in Figure 5-4(a). The su b g rap h w hich starts w ith a selection operator a n d en d s w ith th e selection operator) in F ig u re 5-6 is b ased on th e d ata g rap h d ep icted in Figure 5-5(b) for front end planning directives an d th a t an external request is com prised of eith er a search, a delete track file, o r a d ata202item rep resen ted in a front end planning directive, as d ep icted in Figure 5- |4(b).f^Front End ^ S c .r - 2 .1 ^Directivesr Timing ^Control Command V Tables Jv _______ 0 ~ ~ _ _ JFigure 5-7: A Data Graph Representing Properties of Front End Directives!The d ata g rap h depicted in Figure 5-7 specifies th a t every 0.1 second a ;!set of firm w are com m ands m u st be p ro d u ced by th e sensor manager. Since :th e tim in g of th e fro n t end request manager is n o t strictly p erio d ic, a !Isep arate com ponent (the front end setup contained in Figure 5-3) is defined jito p ro d u ce th e front end directives..T he d a ta g ra p h in F ig u re 5-8(a) is a refin e m e n t of th e fro n t end req u ests w h ich are th e o u tp u ts from th e fro n t end planner, th e sig n a l processing m anager, an d th e data processing manager. T he d a ta g ra p h specifies th a t th e front end requests are a sequence of front end request. The tim e in te rv a l b e tw ee n tw o in stan ces of front end requests is at least 0.1 second. The d a ta g ra p h in F igure 5-8(b) specifies th a t a front end request consists of a set of search alert activity (SA_act) req u ests, a set of search confirm activity (SC_act) requests, and a set of track u p d a te activity (TU_act) req u ests, all a rriv in g concurrently w ith each other. F urth erm o re, the total n u m b er of concurrent SA _act requests is lim ited b y th e m axim um nu m b er203of search fram es, denoted by m ax#fram es. The total n u m b er of concurrent SC_act requests is lim ited by the m axim um n u m b er of m onitored processes to be o b serv ed , d e n o te d b y m ax#obs. T he to tal n u m b e r of co n cu rren tiT U _act re q u e sts is lim ite d b y th e m ax im u m n u m b e r of m o n ito re d processes to be tracked, denoted by m ax#tracks.^ Front End RequestFrontEndRequests'[max#frames, current #][max#obs,current#]Tmax# tracks, current #]r Front End t Request(a) Refinement of Front End Requests, 0?) Refinement of Front End Request Figure 5-8: Data Graphs Representing Front End RequestsFigure 5-9 depicts a refin em en t of the front end planner w hich is a j co m p o n en t activity of th e sensor manager illu strated earlier in Figure 5-3. j The front end planner consists of tw o loops. The o u ter loop indicates th a t , th e tim e interval betw een tw o activations of the front end planner is greater th an 0.1 second. D uring each activation, the activities in th e in n er loop are th en perform ed.204Front End Planneref > 0.1r Track Databasefor each activitjFront End RequestsSelect a Front End RequestFrontAbortCompute SA Workload ParametersFrontEndStatusCompute SC Workloac Parameters &Decide Waveform for SCWorkloadSpecificatioComputeTUWorkloadParameters &Decide Waveform forTU&DecideWaveForm for SAGenerate Next SA actSA aclAppend to Workload ListFront End Capability & Waveform yC now ledge Bas^Figure 5-9: An Activity Representing Front End Planner i1iIn each iteratio n of th e in n er loop, a front end request is selected iibased on som e selection criteria such as first-in-first-out (FIFO). The selected front end request is th en p ro cessed acco rd in g to its type. T he front end capability & waveform knowledge base is a local static d a ta stru ctu re w hich contains inform ation ab o u t th e p ro p erties of th e fro n t en d h a rd w a re an d205firm w are. B ased o n in fo rm atio n in th e k n o w le d g e b ase an d th e state inform ation ab o u t m o n ito red processes in th e track database, the types and param eters for w aveform s to be g en erated by th e fro n t en d are co m puted an d then the w o rk lo ad specification of the fro n t en d is p ro d u ced . N ote th at the next instance of a search alert activity req u e st (SA_act) is issu ed here. 'T his is d u e to the fact th a t a search ex tern al re q u e st c o rre sp o n d s to a {sequence of search alert activities a n d each search alert activ ity is an : ad ap tiv e activity. Refer to E xam ple 2 in Section 3.3.4. for details of h o w to derive a sequence of search alert activities from a search external request.ef > 0.1WorkUnitProcessingRequestsType-1 ^ Work Unit jType-mWorkUnitWorkUnitJ(a) Refinement of Signal Processing Requests, (b) Refinement of Work Unit Figure 5-10: Data Graphs Representing Signal Processing RequestsT he d a ta g ra p h in F igure 5-10(a) is th e refin e m e n t of th e sig n a l processing requests w hich are the o u tp u ts from th e sensor manager The d a ta g ra p h specifies th a t th e signal processing requests are a sequence of signal processing requests The tim e interval b etw een tw o instances of signal processing requests is at least 0.1 second. The d a ta g ra p h in Figure 5-10(b) specifies th a t th ere are m types of w o rk units a n d th a t each work unit m aybe one of t y p e l ,..., or type-m . Each type of work unit corresponds to a signal ;!processing job g rap h in [Berk et el 89]. Recall th a t in Figure 5-3 the fro n t j _________________________________________________________________ 2 0 6 Jend scheduler com ponent activity of th e sensor manager b ro a d c a sts the work unit to both the front end setup co m p o n en t activ ity in th e sen so r m anager an d the signal processing manager. T he p u rp o se of b ro ad castin g th e work unit is to let th e signal processing manager k now th e ty p e of signal p ro cessin g re q u ire d for th e u p co m in g collected returns so th a t th e signaliiprocessing manager can p re p a re to in itiate the ty p e of so ftw a re tasks {required to perfo rm signal p ro cessin g a n d to allocate sufficient am o u n tstorage to hold the upcom ing collected returns.Signal Processing M anagerSignal Processing ^ R e q u e sts _cA bortSignalProcessingRequestsM anagerSignalProcessorGlobalJob Processing ^ Status _CollectedReturnsTrackD atabaseSignalProcessingSC_actJobM anagerFrontEnd/* .............NJobJob 1 ^G raphsv K JList JData Processing . RequestsFigure 5-11: An Activity Representing Signal Processing Manager jiF igure 5-11 dep icts a refin em en t of th e signal processing manager Jlw hich consists of three com ponent activities, th e signal processing requests m anager, th e signal processor global scheduler, and th e signal processing job manager, executing concurrently in a pipeline fashion. A t each iteration of th e signal processing requests manager, it selects a work unit usin g a FIFO policy, in terp rets this work unit, a n d instantiates a job g ra p h based on its ty p e [Berk et el 89]. This job graph is then sent to the signal processor global207scheduler w h ich w ill, u sin g reso u rce allocation policies such as lo n g est distance first (LDF), allocate jobs to each signal processor. A job list is the d a ta stru ctu re u sed to hold the jobs allocated to a signal processor. H ence, each signal processing job manager receives a job list for it to schedule.Signal Processing Job ManagerccccCollectedRetainsJobListAbortSignalProcessorLocalTrack DatabaseSignalProcessingJobExecData Processing RequestsSC actr Signal Processing ^RequestsJobProcessing . StatusFigure 5-12: An Activity Representing Signal Processing Job ManagerF ig u re 5-12 d ep icts th e activ ity g ra p h o f a signal processing job m anager w hich consists of a signal processor local scheduler an d a sig n a l processing job exec, executing concurrently in a pipeline fashion. The signal processor local scheduler selects a job fro m th e job list u s in g so m e sch ed u lin g policy such as FIFO. T hen, the selected job is disp atch ed to the signal processing job exec to be processed based on the p aram eters associated w ith the job. W hen th ere is inform ation o b serv ed in th e collected returns, th is o b se rv atio n is c o m p a red w ith th e track s in th e track database to d e te rm in e d if th e o b serv atio n m ay b e asso ciated w ith a se t of k n o w n m o n ito red processes. If th e ob serv atio n can be associated w ith a set of208k n o w n m o n ito red processes, a track update data processing request (TU_act) is issued; otherw ise, a search confirm front end request (SC_act) is issued.(a) Refinement of Data Processing Requests, (b) Refinement of D /P Task Request Figure 5-13: Data Graphs Representing Data Processing RequestsT he d a ta g ra p h in F igure 5-13(a) is th e refin e m e n t of th e d a ta processing requests w hich are the o u tp u ts from the sensor manager and the signal processing job exec in the signal processing manager. The d a ta g rap h specifies th at th e data processing requests are a sequence of D /P task request, j The tim e in terv al b etw een tw o instances of signal processing requests is at least 0.1 second. The d ata g rap h in Figure 5-13(b) specifies th a t a D /P task j request m ay be either a delete or a T 17.F ig u re 5-14 d ep icts a refin em en t of th e data processing manager w h ich consist of five co m p o n en t activities, th e signal processing requests m anager, th e signal processor global scheduler, the signal processing job m anager, the delete tracks, a n d th e output tracks, e x e c u tin g c o n cu rren tly , jiT he fu n ctio n ality of com ponents of this refin em en t is sim ilar to th a t in I Figure 11 except for th e delete tracks an d the output tracks. The delete tracksDataProcessingRequestsD /PTaskRequestf Task 1 f Delete TU ^V Request y V A Jare trig g e rre d w h e n th e front end requests manager c o m p o n e n t in the209sensor manager determ ines th a t a delete track file external request h as been received from a command process The output tracks send o u t a copy of th e track database to a command process a t a fixed tim e interval( e.g., 1 second).D ata Processing M anagerEnableTUJob Processing ^ Status .TrackD atabaseD ataProcessingRequestsM anagerD ataProcessorGlobalSchedulerr D ata Processing l RequestsO u tputTracksDeleteTracksDelete TUJobM anageriitA bort\ Track |L _ fE Jr Front ^ End ^R equests jTU Job ListTUJobG raphsFigure 5-14: An Activity Representing Data Processing ManagerF igure 5-15 depicts th e activity g ra p h of a TU job manager w hich consists of a data processor local scheduler an d a TU job exec, e x e c u tin gIconcurrently in a pipeline fashion. T he data processor local scheduler selects j a job from the job list using som e scheduling policy such as earliest deadline j first (EDF). T hen, th e selected job is d isp atch ed to th e TU job job exec to be processed based on the param eters associated w ith the job.210TU Job ManagerFront End RequestsTU Job ListDataProcessorLocalSchedulerTUJobTU Job EXECAbortTrackDatabase^TU Execution^ Frame Function ^ValueTable^Figure 5-15: An Activity Representing TU Job ManagerThe TU job exec correlates the observations w ith tracks in the track database, u p d ates the associated tracks w ith the n ew ly d eriv ed inform ation, Iife stim ates th e e rro r covariance, p red ic ts th e ta rg e t p o sitio n at th e next i u p d a te , a n d co m p u tes th e n ex t u p d a te tim e. In o rd e r n o t to lose a m onitored process and to keep the tracks w ithin the prescribed accuracy, the d u ratio n betw een tw o consecutive d ata collections fo r a m onitored process m u st be dynam ically c o m p u ted by d eterm in in g th e tim e in terv al d u rin g w hich the erro r variances deriv ed in th e K alm an filters grow s to reach the m ax im u m allo w ab le trac k in g e rro r variances. F ig u re 5-16 d e p ic ts the relationship b etw een th e perform ance requirem ents (w hich are specified as 'com putational e rro r tolerance) an d tim ing constraints.p = 0 - i.e. this activity is non-preemptiveO C = 12 - i.e. this activity's importance level is less than the 'confirm after an alertsearch’ activity.trackingerrorvariancemaximumallowableerrorswFigure 5-16: Timing Constraints Defined Based on the Growth Trend & Bounds on ErrorVarianceB ased o n th e n o tio n th a t th e e rro rs a sso c iated w ith th e sta te j in fo rm a tio n of a m o n ito red p ro cess g ro w w ith tim e a n d e rro rs have allo w ab le b o u n d , a TU execution frame function value table is form ed. In j th e table, each colum n rep resen ts th e tim e d ead lin e for th e track u p d a te j fro n t e n d activ ity (TU_act) a n d each ro w re p re se n ts a v ecto r of e rro r j covariances associated w ith each state attrib u te defined in the track database,T he next step is to apply th e design m ethodology (defined in C hapter 4) to p ro d u ce an initial task g ra p h from th e activity g ra p h o f th e sensor subsystem defined in this section.2125 .2 . DESIG N SPE C IFIC A T IO NI ap p lied the first tw o steps of the task g rap h derivation algorithm on jthe Sensor Subsystem activity g ra p h d efin ed F igure 5-2 w h ich is straig h t fo rw a rd . S te p l p ro d u ces 22 m axim al restric te d activ ity g rap h s. A m ong Jthem, 8 m axim al restricted activity g rap h s basically have th e structure, i.e., a j1 jJ ’fork' activity follow ed by a ’ join’ activity, as show n in Figure 5-17. These 8 ii !M axim al restricted activity graphs are listed below w ith the assigned taskid i follow ed by th e activity nam e in the original graph.(1) taskl (Sensor Subsystem), (2) task2 (Sensor Manager),(3) task3 (Signal Processing Manager), (4) task4 (Data Processing Manager),(5) taskl 1 (Replicator of Signal Processing Job Managers), (6) taskl 2(Signal Processing Manager),(7) taskl7(Replicator of TU Job Managers), and (8) task20(TU Job Manager).jom join(task2. task3, task4)fork(task5 task6, task7, task8)forkSensorManagertask2SensorSubsystemtaskl(a) (b)(a) MRAG of the Sensor Subsystem, (b) MRAG of the Sensor Manager Figure 5-17: MRAG s Containing Only Tork* and loin' Activities213N ext, I ap p lied th e task mapping rule to this set of g rap h s, and an initial task grap h is derived. Figure 5-18 depicts a p a rt of this task graph. (For ease of exposition, only a portion of the task g rap h is show n explicitly.)t a s k 5 < ^(Front End Requests ManagerExternal Requesttask6 < 3(Front(Front End Schedulertask8task3W taskl(FrontEnd (Signal Processing M a n a g e ^ ^ (Sensor Subsystem)task20 (Data Processing Manager)taskl 7 (TUJobManager#!)(Replicator of TUJob M a n a g e * ? ^^ ]^^ t ask 18(TUJob Manager#2)' taskl9<^(OutputFigure 5-18: A Part of the Task Graph for the Sensor Subsystem214O bserve th at task l in Figure 5-18 has one optional in p u t p o rt an d one o u tp u t port. The optional in p u t p o rt is u sed to receive en d in g m essages or signals from its forked tasks (i.e., task2, task3, an d task4). The o u tp u t p o rt is lused to send m essages or signals to enable these forked tasks. N o w observe task2. It has one m an d ato ry in p u t p o rt and one optional in p u t p o rt, an d one1o u tp u t p o rt. T he m an d ato ry in p u t p o rt is u se d to receive the d a ta o u tp u t from ta sk l. The optional in p u t p o rt is u sed to receive m essages o r signals from its forked tasks (i.e., task5, task6, task7, an d task8 as show n in Figure 5-|17(b).) The o u tp u t p o rt of task2 serves th e sam e p u rp o se as that of ta sk l. The other six tasks listed above all have sim ilar stru ctu re as task2. Based on thisI'observation, one m ig h t think th at these 8 tasks can be m erged into 1 task toired u ce the n u m b er of tasks. This is not a b a d idea if the h a rd w are selected!h a s single processor. H ow ever, if th e h a rd w a re arc h ite ctu re consists ofI Iheterogeneous m ultiprocessors, then these tasks should n o t be m erged since |Ithey should create the forked tasks on the specific types of processors th at are jispecified in resource requirem ents. :iI[Berk et el 89] describes th e h a rd w a re arch itectu re of an existing 1ia irb o rn e ra d a r sy ste m in w h ic h a h e te ro g e n e o u s m u ltip ro c e s s o rs j architecture is em ployed. Figure 5-19 depicts this architecture. A s sh o w n in th e figure, there are three types of processors, i.e., the d a ta processors, the signal processors, an d th e signal processor controller. T w o d a ta processors|can co m m u n icate w ith each o th e r v ia e ith e r th e sh a re d m em o ry or!co m m u n icatio n buses. Signal p ro cesso rs are sp ecialized p ro cesso rs forisignal processing, they are u n d e r the control of the S /P controller.T he signalIp ro ce sso r controller is a general pro cesso r w hich can com m unicate w ith215(data processors via a com m unication b u s, a n d it can com m unicate w ith J signal processors via either com m unication bus or the sh ared m em ory.Shared MemoryI IData DataProcessor Processor1-------- 2 -------2Bus to External DeviceS/P ControllerhVf3IC / 5tn C / 511p m m t 1J3n" S3rere$ sg• 1C / iO• - t$• - Ii — »N >Shared MemoryFigure 5-19: An Example Hardware Architecture for Airborne Radar SystemsU sing th e h a rd w are architecture d ep icted in F igure 5-19, th e sensor m anager task in itiated th e front end request manager task (task5), th e fro n t end planner task (task6), th e front end scheduler task (task7), a n d th e fro n t end set up task (task8) on d a ta processors. The signal processing manager216in itiates th e signal processing requests manager task (task*?), th e sig n a l processor global scheduler task, an d th e replicator of the signal processing job manager task on th e S /P controller. S im ilarly, th e data processing m anager task initiates th e data processing requests manager task, th e data ■processor global scheduler task, th e replicator of the TU job manager task, |In th e process of a p p ly in g Step 2 of th e task g ra p h d e riv a tio n jalgorithm , several tasks are m o d ified b y ap p ly in g th e tim ing conversionJrule. For exam ple, as show n in Figure 5-20, the front end requests managerlw as m odified in such a w ay th at a p a ir of iteration vertices w as rem oved, an enable signals req u est w as a d d e d , an d a generate a scheduling request activity w hich produces a DPRM_act request w ere also added. Th read er can co m pare this figure w ith F igure 5-6 w hich contains th e o rig in al activity graph.iA lso observe th at in Figure 5-20, th e front end requests manager has tw o external in p u ts an d 4 external outputs. The tw o in p u ts are consum ed by the sam e activity (read external request), an d b o th in p u ts m u st be availabletto enable th e read external request activity. H ence as show n in Figure 5-21, j b o th in p u ts arrive at the sam e m an d ato ry in p u t port. Since each o u tp u t is jip ro d u ced by a d istin c t activity, each o u tp u t is delivered a t a d istin ct o u tp u t J port. I217Front End Requests Manager[ External I RequestsExternalRequestReadExternalPerform Search Frame Planning Activity to Divide a SF into a Sequence of Search Alert(SA-ac) ) activitiesAbortBroadcast Abortront End Planning DirectivesGenerate a Delete requestGenerate an SA_act requestFront End Planning DirectivesSA actGenerate a scheduling requestDPRM actFigure 5-20: Modified MRAG of the Front End Requests ManagerCommandProcessesExternalRequestsTask5(Front End Requests Manager)EnableSignals> AbortFront Endriannmg ' DirectivesSA_actFigure 5-21: The Task Representing the Front End Requests Manager218A fter the initial task graph is derived, th e next step is to exam ine all th e com m unication p rim itiv es u se d in th e req u ire m e n ts an d d eriv e the p reced en ce relatio n s b etw een tasks. D u rin g th is p ro cess, a se t of d a ta m anagers m ay be created to m aintain d ata integrity of the sh ared data. O ne [may question w hy a d ata m anger should be im plem ented as a task and n o t ju st use a critical region. This can be an option of the designer. H ow ever, in this design, m y design decision is based o n the assum ption th at th e m em oryiu sed by the sh ared d ata m ay n o t be in th e sam e h a rd w are m odule. T here w ere 15 data m anagers created d u rin g this process. They are listed below .(1) Track data base manager, (2) Abort queue manager, (3) Signal processing requests queue manager, (3) Data processing requests queue manager, (4) Front end requests queue manager, (5) External requests queue manager, (6) Collected returns data manager, (7) Front end status handler, (8) Front end planning directives data manager, (9) Front end workload list data manager, (10) Job graphs queue manager, (11) Job list data manager, J (12) Job status queue manager, (13) TU job graphs queue manager, (14) TU job list data ! manager, and (15) TU processing status queue manager.ijT hese 15 d ata m anager all have structure sim ilar to th at of the d ata J m anager for the track database as depicted in Figure 5-22. ITracksTrackDatabaseM anagersuspemTrackD atabaseFigure 5-22: The Data Manager Created For the Shared Track Database.219 JIn this chapter, I u sed a non-trivial realistic exam ple to illustrate the p ro c e ss o f u s in g m y re q u ire m e n ts a n d d e sig n m e th o d o lo g ie s to 'sy stem atically d eriv e an in itial d esig n o f a so ftw are arch itectu re. The exam ple developm ent has d em onstrated the feasibility of the m ethodology. It seem s clear th a t these m eth o d o lo g y can fo rm th e basis fo r n e e d e d co m p u ter-aid ed design tool in w hich m a p p in g algorithm s, such as those defined in C h ap ter 4, an d design heuristics can be encoded to aid a designer to d ev elo p a n d an aly ze so ftw are arc h ite ctu re of larg e-scaled real-tim e system s.iI have com e to th e e n d o f th e p resen ta tio n of th e resu lts of th is j|research. In the next chapter, I present a sum m ary of m y thesis research an d j describe m y view s on the m ost prom ising directions for research to p ro v id e j the technology req u ired in developing softw are for th e cu rren t an d fu tu re 1 generation of sem i-hard real-tim e system s. I6. SUM M ARY A N D FUTURE RESEARCHIn the thesis abstract I listed th e m ajor contributions th a t have been m a d e a n d in th e in te rv e n in g c h a p te rs I h a v e la id o u t th e d e ta ile d d ev elo p m en t of these results. In this chapter, I w ill briefly sum m arize the resu lts th at have been achieved an d also p o in t o u t w h at I see as directions for fu tu re research.6 .1 . SUM M ARYIn su m m a ry , in th is th e sis, I h a v e d e v e lo p e d m e th o d s for specification of softw are req u irem en ts and design for sem i-hard real-tim e jjcontrol system s. I also p resen t a design m ethodology th at, g iven softw are | req u irem en ts specified u sin g this m ethodology, it allow s o n e to derive a iisoftw are design directly. jiThe requirem ents specification m ethod defined has A lford's graphic ! n o tatio n s as a p o in t of d ep artu re. To rig o ro u sly an d concisely describe ' in te ra c tio n s b e tw ee n activities a n d tim in g b e h av io rs, I e x te n d e d th is } sp e cifica tio n m e th o d in th ese areas: (i) th e g ra p h ic a l n o ta tio n s for j rep resen tin g interactions betw een activities; (ii) the syntax an d sem antics of j g rap h ic n o tatio n s; a n d (iii) th e tex tu al n o tatio n s for sp ecify in g tim in g j constraints, pre-conditions, an d post-conditions form ulas .T he classical w orkload m odels an d th e associated n o tatio n s in the req u irem en ts specification for real-tim e system s in clu d e only periodic an d sporadic activities. This I found to be insufficient to describe m any real-tim e system s. I ex te n d ed th e classical w o rk lo ad m odel w ith th e n o tio n of221ad ap tiv e activities an d also defined th e n o tio n of tim e in sta n t variables w ith w hich tim ing constraints predicates can b e expressed. T im e in sta n t variables are: (1) th e arrival tim e (i.e., th e tim e at w hich the req u e st fori; execution of an activity), (2) th e ready tim e (i.e., th e tim e before w hich the'execution of an activity cannot start), (3) th e scheduling d ead lin e (i.e., the!tim e by w hich th e execution of an activity m u st start), (4) the com pletion d e a d lin e (i.e., th e tim e by w h ich th e e x ec u tio n o f an activ ity m u st com plete), (5) th e execution tim e (i.e., th e am o u n t of execution tim e of an activity), (6) the sta rtin g tim e (i.e., th e tim e at w hich an activity begins execution), an d (7) the com pletion tim e (i.e., the tim e at w hich an activity com pletes execution.)IIn a d d itio n , I defined three tim ing specification functions to allow one to relate th e arrival tim e, the read y tim e, the scheduling deadline, and th e com pletion deadline. The scheduling w indow (sw ) function defines the set of possible values of th e in terv al b etw een a p air of read y tim e an d sch ed u lin g deadline. T he read y distance (rd) fu nction defines th e set of possible values of th e in terv al betw een a p a ir of arriv al tim e a n d read y tim e. The execution fram e (ef) function defines th e set of possible values of th e in terv al b etw een a p a ir of rea d y tim e an d com pletion deadline; an activity m u st be scheduled and com pleted in each execution fram e interval. H ence th e w orkload m odel of system resources can be represented by using th e tim e in sta n t variables an d the tim in g specification functions. U nlike th e classical w orkload m odel, this specification m eth o d for w orkload m odel jidoes not assum e th at (i) the w orkload is d ata in dependent, (ii) tim ing can be j*222 Ia p rio ri d e te rm in e d , a n d (iii) th e re is n o fee d b ac k lo o p b e tw e e n observations an d com putation.B ased o n th e n o tio n o f tim e in s ta n t v a ria b le s a n d tim in g | specification fu nctions, I d efin ed an ap p ro ach to classify th e w o rk lo adij b e h a v io r of activity. I d e fin e d fo rm u las for an aly sis o f th e reso u rceiu tiliz a tio n of an activity a n d tu n in g tim in g specification fu n ctio n s. I I classified th e tim in g relatio n sh ip s an d d efin ed a tax o n o m y of activity j classes b y re la tin g th e a rriv a l tim e of an ite ra tio n to th e sc h ed u lin g j d e a d lin e , th e sta rtin g tim e, th e co m pletion tim e, o r th e co m p letio nideadline of the previous iteration. In m y classification, I identified ad ap tiv e jIactivities w hich cannot be m odeled by the classical w orkload m odel. I also show ed th a t if one forces an adaptive activity to be scheduled as a periodic . activity, th e utilization of resources can be excessive for an ad ap tiv e activity, jan d few er activities can share th e resource. Finally, I d em o n strated ho w a [jspecification of softw are requirem ents can be system atically d eriv ed from a h ig h level system requirem ents using this m ethodology.F u rth e rm o re , sin ce th e d e s ig n is a n a tu r a l d e riv a tio n of requirem ents, requirem ents an d design are th u s linked. I believe th at this traceability together w ith different levels of design v alid atio n w ill enable softw are designers to identify crucial design errors.In m y d esig n m ethod ology, a softw are arch itectu re is specified in th ree p arts: th e d a ta m odel, the control flow m odel, a n d th e sequential p ro g ram m odel. The d a ta m odel is expressed w ith a restricted d a ta g ra p h . The control flo w m odel is expressed w ith a task g rap h in w hich each vertex223rep resen ts a ru n -tim e entity, i.e., a task or an in p u t/o u tp u t d a ta elem ent, a n d each arc re p re se n ts th e d a ta p ro d u c tio n /c o n s u m p tio n re la tio n s b etw een tw o co m m u n icatin g entities. T he seq u en tia l program m od el is | expressed w ith a restricted activity g ra p h . G raphical notations are used for j rep resen tin g (i) relations betw een d ata item s in a d ata m odel, (ii) relationsjb etw een tw o com m unicating entities an d th e te m p o ra l/sp a tia l parallelismjof in p u ts /o u tp u ts of each en tity in a control flow m odel, a n d (iii) th eI| in te rn al co m p u tatio n al stru c tu re of a seq u en tial p ro g ram m o d el (i.e., aijtask). T extual n o tatio n s are u sed for specifying tim in g constraints, p re-Ii conditions, and post-conditions. The notations and sem antics of this designi! specification m eth o d allow a design to be rep resen ted a t m u ltip le levels of abstraction. They are also ideal for m ultiple levels of design valid atio n via sim u la tio n .In addition, I defined a recursive definition for w ell-form ed restricted d ata an d activity graphs. The definitions can be the basis for analysis tools to check w h e th e r a re stric te d d a ta /a c tiv ity g ra p h is w ell-fo rm ed . T he significance of a restricted activity grap h is th at it rep resen ts a sequential process an d therefore is naturally associated w ith a task.A n algorithm for deriving a set of m axim al restricted activity grap h s from a g iv en activity g ra p h w as also p re se n te d . N o te th a t th e set of m axim al restricted activity g rap h s co rresp o n d s to a m inim al set of tasks corresponding to th e given activity graph. T hree theorem s w ere presented to p ro v e several im p o rtan t properties of th e p artitio n in g algorithm . First, th e com plexity of the algorithm is 0 ( IE I) w here E is th e set of edges in the activity graph. Second, th e restricted activity g rap h s p ro d u ced by A lgorithm ___________________________________________________________ _______________________ 2 2 4 _1 in C hapter 4 are m axim al restricted activity graph. Finally, the num ber of m axim al restricted activity g rap h p ro d u ced is equal to one p lu s th e total n u m b er of successors of starting concurrency an d replication vertices in a given activity graph.ii I, then, presented a set of synthesis rules w hich include an algorithm{for d eriv in g th e p o rt_ relatio n _ p red icates for all in p u t p o rts an d o u tp u t i ! j! p o rts of a task. In addition, I o u tlin ed the steps tak en for d eriv in g a taskg rap h from a given activity graph.Finally, I presented the requirem ents and design specifications of an exam ple avionic rad a r system w hich represents a non-trivial application of th e m ethodology in som e detail.6 .2 . FUTURE W O R KIn the follow ing sections, I briefly discuss topics for fu rth er researchiw hich are related to m y w ork on the specification an d design of sem i-hard j rea l-tim e system s. S everal are concrete, e x p erim en tal projects; o th ers req u ire additional theoretical developm ents. Jj1. Executable Specifications !jT his is a n a tu ra l extension to the req u irem en ts specification w o rk j began. O ne possible approach is to translate the requirem ents specification | into a p ro gram m ing language (such as ADA) since each graphical prim itive can be m ap p ed into a p ro gram m ing entity. For exam ple, an atom ic activity can be m a p p e d in to a function o r a p rocedure. A ir v ariab les w hich are in v o lv e d in th e p re-c o n d itio n fo rm u la an d are n o t sta te v ariab les are225considered as the in p u t param eters. All variables w hich are involved in the po st-co n d itio n form ula an d are not state variables are considered as the o u tp u t p aram eters. T he ty p e stru c tu re of th ese p aram eters can th en be! deriv ed from th e d ata g rap h associated w ith these variables. F urtherm ore,!! since th e activity b o d y w hich describes th e execution b eh av io rs of th e j atom ic activity are specified w ith a su b set of th e selected p ro g ram m in g language, the activity body becom es the b o d y of th e subprogram unit. As for th e n o n -ato m ic activ ities, th ey are m a p p e d to A d a su b p ro g ra m s by assig n in g tran sfo rm a tio n ru les to each o p e ra to r p rim itiv e s w ith in th e associated activity graph. The successor activity of a sequence operators can be in terp reted as a call to a function or a procedures w hich im plem ent thisiactivity. The selection operator is m ap p ed to a case or an if statem ent, an d (jth e iteration operator is m ap p ed to a loop construct.iThe d ata stru ctu res can be deriv ed from th e d ata g rap h since each j atom ic d a ta item is alread y defined w ith a ty p e defin itio n of a selected ! p ro g ram m in g lan g u ag e an d o p erato r p rim itiv es u sed to co n stru ct non- atom ic d ata item s m ay be u sed to m ap the constituent d ata item s in to a p a rtic u la r d a ta stru c tu re ex p ressed in to a p ro g ram m in g language. For exam ple, a selection p rim itiv e im plies th a t exactly one of the constituent d ata item s is available at any particular p o in t in tim e. W hen the d ata item s g ro u p ed via th e selection operator rep resen t different states of a device, the d a ta item s can be in terp reted as literals of an enum eration type. W hen data item s rep resen t alternative form s of data, the v arian t record type construct can be an ap p ro p riate A da representation. The inform ation associated w ith each d a ta item w o u ld be used to define a field w ith in th e v arian t record.226T he n a m e of th e re c o rd d isc rim in a n t w o u ld n e e d to co n fo rm to a convention, such as an extension to th e ty p e n am e of the v a ria n t record. The discrim inant w o u ld be declared as enum eration type, w ith each literal co rresponding to one of th e d ata item s. This w o u ld be p articu larly useful because th e d ata item s m ay also a p p ea r as exit co n d itio n s for discrete functions an enum eration type.2. R everse E ngineeringThe m aintenance of a com plex real-tim e system is a m ajor problem currently. W ith a volum inous am o u n t of code, one can quickly loose sight o f th e in te ra c tio n s o f p ro g ra m u n its. A s m e n tio n e d e a rlie r, g ra p h p rim itiv e s in m y sp e cifica tio n m e th o d o lo g ie s can b e m a p p e d in to p ro gram m ing constructs to generate code. H ow ever, for the large num ber of existing system s this is not of direct benefit. It is therefore interesting to consider reversing this process by scanning program s a n d constructing the task graphs, restricted activity graphs, and data graphs. The g raphs produced can th e n be c o m p a re d w ith th e o rig in a l d e sig n to check if th eim p le m e n ta tio n satisfies th e d e sig n specification a n d /o r b e u se d forc o n tin u al m ain ten an ce. T his w o u ld also be for p o te n tia lly u se fu l forreusability of existing designs a n d /o r code.3. Form al V erification[Jahanian& M ok86b] u se a d a ta flow m odel for system requirem ents specification an d th en tra n sla te th e g rap h m o d el in to R eal-Tim e Logic (RTL). T heir ap p ro ach cann ot be directly a p p lied to sem i-h ard real-tim e j system d u e to tw o m ajor problem s. First, th e d a ta flow m o d el is n o t_________________________________ _ 2 2 7 _sufficient for ex p ressin g req u irem en ts of se m i-h a rd real-tim e softw are. Second, real-tim e logic can express the arrival of a n event an d com pletion of an activity, b u t it needs to be extended w ith th e n otion of read y tim e, s c h e d u lin g d e a d lin e , c o m p le tio n d e a d lin e , im p o rta n c e le v e l, preem ptablility, an d variable execution tim e. A ssum ing that the RTL can be j e x te n d ed w ith th e n o tio n s afo rem en tio n ed , it is conceivable th a t th e ! control flow p ro p erties a n d tim ing constraints d efined in a req u irem en ts i specification an d a design specification can be tran slated into RTL. If this; could be accom plished, the form al verification of an activity g rap h a n d aI, task graph can be done by using the extended RTL.I4. Processors R esource M anagem ent[M untz& H orow itz] h av e stu d ie d larg e scale sem i-h ard real-tim e !|system s w hich req u ire m u ltip le heterogeneous processors to achieve th e jjreq u ire d p erform ance. In su ch system s, th e h ig h level (m acro) sy stem | functions req u ire m ultiple resources and, at a single resource, the w orkload j can have a variety of tim ing requirem ents w hich cannot be represented by a Jlsingle m odel (i.e. a single ty pe of activity). F urtherm ore, th e load on each ty p e of resource m ay be different an d tim e varying. N o single scheduling policy perform s w ell for all types of resources (e.g. sensors, processors, and m em ory) a n d in all situ atio n s (e.g. lig h t lo a d in g , h eav y lo ad in g , an d tran sien t overload).T h e re fo re , d e sig n in g sc h e d u le rs for su c h a sy stem in v o lv e s in te g ratin g m acro- a n d m icro-level w o rk lo ad a n d req u irem en ts. A t th e m acro level, th is in v o lv es sc h ed u lin g of activ ities re q u irin g m u ltip le228— 1resources, and at the m icro level, it involves scheduling m u ltip le types of activities at a single resource. This suggests a m ulti-level decision stru ctu re for resource m anagem ent. The issues, w hich m u st be ad d ressed in this type jof re s o u rc e m a n a g e m e n t, in c lu d e (i) co n cise a n d c o m p re h e n s iv e | rep re se n ta tio n of the w o rk lo ad , (ii) selection of a p p ro p ria te policies for i sch ed u lin g w orkload of each type of resource, (iii) in co rp o ratio n of high- lev el sy ste m objectives a n d rec o n ciliatio n of th e se o b jectiv es w ith contention for lim ited system resources, an d (iv) integration of the use ofij m ultiple types of physical resources.T he p relim in ary results in [M untz& W ang89] sh o w ed th a t th ere areno op tim al algorithm s for sch ed u lin g a set of in d ep e n d en t a d ap tiv e an d J!n o n -p reem p tiv e activities on a single resource. The earliest d ead lin e first | (EDF) is th e m ost preferable (the least slack tim e an d th e larg est latency ■Ifactor first algorithm s perform adequately, b u t they incur m ore scheduling ; overhead). M uch w o rk is needed to further investigate the schedulability of I a set of in d ep en d en t and d ep en d en t adaptive and non-preem ptive activities j o n m u lti-reso u rces. O ne altern ativ e su g g ested in [M untz& W ang891 is a tw o-level scheduling approach for each type of resource in w hich, at each sch ed u lin g p o in t, th e to p level (i.e. level 1) policy is u se d to select the 'ready' g ro u p w hich currently has the highest priority as com pared to other 'ready' groups. T hen the low er level (level 2) policy of the selected g ro u p is used to select the 'ready' activity in the group. A bove all, it is im perative to develop guide-lines for selection of scheduling algorithm s for th e activity| classes in th e activity taxonom y .II!|_________________________________________________________________________________________________229_ _REFERENCESAlford85] M. W . A lfo rd . "A G ra p h M o d e l B ased A p p ro a c h to Specification." In L ecture N otes in C om puter Science, Vol. 190, D istributed System s M ethods and Tools for Specification, C hapter 4, pp.131 - pp.200.I[Alford et al. 85] M. W. A lford, J. P. A nsart, G. H om m el, L. L am port, B. L iskov, G. P. M ullery, an d F. B. Schneider, "D istributed System ", Vol. 190,1985.It[Baer73] J. L. B aer. "A S u rv e y o f S om e T h e o re tic a l A sp e c ts of M ultiprocessing." In C om puting Surveys, vol. 5, N o. 1, M arch 1973, 31-80.I[Barbacci&W ing86] M. R. Barbacci an d J. M. W ing. "Durra: A Task-levelD escription L anguage." Technical R eport C M U /SE I-86-T R (D T IC -A l78975),\S oftw are E n g in eerin g In stitu te , C arnegie M ellon U n iv ersity , D ecem ber,1986.Berk et al. 89] J. V. Berk, A. H . M u n tz, a n d P. R. Stevens, "Softw are A rchitecture C oncepts for Avionics," IEEE N atio n A erospace and Electronics Conference, 23-27 M ay 1989, 88CH2759-9, vol. 4, pp. 1900-1905.Blackman86] S. S. B lackm an, "M u ltip le-T arg et T racking w ith R ad ar A pplications" ARTECH HOUSE, INC., 1986B usse et al. 81] E. Busse et al., "The d ata acquisition an d m onitoring system TOOPSY," IEEE Trans. Nucl. Sri., vol. NS-28, no. 5, pp. 3674-3679, 1981.Cadre88] C a d re T ec h n o lo g ie s Inc., "T eam w ork: A n In tro d u c tio n " V iew graphs, February, 1988Cerf72] V. G. Cerf. "M ultiprocessors, sem aphores, a n d a g rap h m odel of com putation." Ph.D. dissertation, Dep. Eng., U niv. C alifornia, Los A ngeles, 1972.2 3 0[Chen80] P. P. C hen, (ed.) Proc. Intl. C onf. o n th e E n tity-R elationship j A p p ro ach to System A nalysis a n d D esign, N o rth H o llan d , A m sterd am , j 1980.[C heng& Stankovic88] S. C h e n g a n d J. A. S ta n k o v ic , "S c h e d u lin g A lgorithm s for H ard Real-Tim e System s - A Brief Survey," in T utorial H ardReal-Tim e System s, pp. 150-173, C om puter Society O rder N u m b er 819.ii[DeM arco78] T. D e M arco . " S tru c tu re d A n a ly s is a n d S y ste m Specification." Y ourdon Press, N ew York, 1978.ti[Du&Leung88] J. D u an d J.Y.-T. Leung. "M inim izing M ean Flow Tim e w ith R elease T im e an d D ead lin e C o n strain ts." In P roceedings of R eal-T im e System s Sym posium , pp. 24-32.E strin et al. 86] G. E strin, R. S. Fenchel, R. R. R azouk, M. K. V ernon.ijS A R A (S y ste m A R c h ite cts A p p re n tic s ): M o d e lin g , A n a ly sis, a n d S im u la tio n S u p p o rt fo r D esig n o f C o n c u rre n t S ystem s." In IEEE T ransactions on Softw are E ngineering, Vol. SE-12, No.2, F ebruary 1986.[Gane79] C. G ane an d T. Sarson. "S tructured System s A nalysis: Tools an d Techniques." Prentice-H all, E nglew ood Cliffs, N . J., 1979.|Gom aa84] H . G om aa. "A S o ftw a re D esig n M e th o d fo r R eal-T im e System s." , In C om m unication of the ACM , Vol. 27, N o. 9, Septem ber 84.|Hatley84] D. J. H a tle y , "The U se o f S tru c tu re d M e th o d s in th e D ev elo p m en t of L arge Softw are-B ased A vionics System s," in A IA A /IE E E 6th D igital A vionics System s Conference, Baltim ore, MD, D ecem ber, 1984.Harel86] D. H arel. "Statecharts: A V isual Form alism for C om plex System s."1 n Science of C om puter Program m ing, 1986.H arel et al. 87] D. H arel, A. P nueli, J. P. S chm idt, R. Sherm an. "On the Form al Sem antics of Statecharts." In Proceedings of LILS 87.231[Harel88] D. H arel. "On V isual Form alism s." In C o m m u n icatio n of the k c M , Vol. 31, N o.5, M ay 1988.[Holm et al. 81] A. H o lm e t al., "Real tim e p ro g ra m m in g in a d a ta acquisition an d analysis system ," IEEE Trans. N ucl. Sci., vol. NS-28, no. 5, pp. 3731-3738,1981.iJ[Holt et al. 68] A. W . H olt, H. Saint, R. M. Shapiro, an d S. W arshall, "Final re p o rt for the in fo rm atio n system theory project." A p p lied D ata research, R om e A ir D evelopm ent C enter, N ew York, 1968.i[i-Logix87] "D o c u m e n ta tio n for th e S ta te m a te S ystem " i-L ogix Inc. U niversity Place Suite 200, 124 Mt. A u b u rn St., h a rv a rd Square, C am bridge, MA. 02138, P rinted June25, 1987.i[Jahanian& M ok86a] F. Jah an ian a n d A. K. M ok. "Safety A nalysis of T im ing Properties in Real-Tim e system s.", In IEEE T m asactions on Softw are Engineering 12(9): 890-904, Septem ber 1986.Jahanian& M ok86b] F. Jah an ian a n d A. K. M ok. "A G rap h -T h eo retic A pproach for T im ing A nalysis in Real Tim e Logic." In IEEE 1986 Real-Tim e System s Sym posium , pp.98-108.iK arp& M iller66] R. M. K arp an d R. E. M iller. "Properties of a m odel for parallel c o m p u ta tio n s: d e te rm in a c y , te rm in a tio n , q u e u in g ." SIAM J. A pplied M ath. 14 (Nov. 1966) 1390-1411.Karp& M iller67] R. M . K arp a n d R. E. M iller. "P arallel p ro g ra m sch em ata: a m ath e m a tic a l m o d el for p a ra lle l c o m p u tatio n ." In IEEE C o n feren ce R ecord o f th e 8 th A n n u a l S y m p o siu m o n S w itch in g a n d k u to m a ta Theory, Oct. 1967, 55-61.Karp& M iller69] R. M . K a rp a n d R.E. M iller. "P a ra lle l p ro g ra m schem ata." J. C om put. Sys. Sci., vol. 3 no. 4., pp. 167-195, M ay 1969.King et al. 88] D. R. K ing, R. W. Lichota, an d M. F. W ilson, "Executable j S p ecificatio n s in R e q u ire m e n ts A nalysis." In te rim R e p o rt, A d v a n ce d |2 3 2 !T echnology & R esearch, Softw are E ngineering D ivision, G ro u n d System s G roup, H ughes A ircraft Co., N ovem ber 9, 1988.[Liu&Layland73] C. L. Liu an d J. L ayland, "Scheduling alg o rith m s for m u ltip ro g ram m in g in a h ard real-tim e environm ent, " J. ACM , vol.20, no.,Jan. 1973.IlI[M arinescu87] D. C. M arinescu, "A p p ro x im ate A nalysis of D istrib u te d S em i-H ard R eal-Tim e System s," IEEE T rans, on A utom atic C ontrol, vol. j XC-32, no. 12, Decem ber 1987, pp. 1097-1100. II M arinescu et e. 84] D. C. M arinescu, F. Busch, H. H ultzsch, J. L ow sky, an d M. R ichter, "Extended d ata acquisition support," IEEE Trans. N ucl. Sci., vol. NS-31, pp. 914-924,1984.Mok83] A. K. M ok. "F undam ental D esign P roblem s for th e H a rd Real Tim e E nvironm ent." MIT Ph. D. D issertation, C am bridge MA, M ay 1983.M untz& H orow itz89] A. H. M u n tz an d E. H o ro w itz, "A F ram ew ork foriS pecification a n d D esign of S oftw are for A d v a n ce d S ensor System s", A ppeared in IEEE 10th Real-Tim e System s Sym posium , D ecem ber 1989.M untz& W ang89] A. H . M u n tz a n d K. W an g , "W o rk lo a d M o d el :i iSpecification an d A d ap tiv e S cheduling of S em i-H ard Real-Tim e C ontrols", I To A ppear in the 1st International C onference on System s Integration, A pril | 23-26,1990. ji[Myers76] G. J. M yers. "C o m p o site /S tru ctu red D esign." V an N o stra n d ! R einhold, 1976. jj ' i[Orr77] K. T. O rr. "S tructured System s D evelopm ent." Y ourdon P ress, J N ew York, 1977. !tPratt71] T. W. Pratt. "Pair gram m ars, g rap h languages, an d string-to-graph tra n sla tio n s." Jo u rn a l of C o m p u te r a n d S ystem Science, p p . 560-595,] December 1971.2 3 3[Pratt83] T. W. P ratt. "Form al specification of so ftw are u sin g H -G rap h sem antics." pp314-332, In L ecture N otes in C o m p u ter Science #153: G raph G ram m ars an d T heir A pplication to C o m p u ter Science, ed. H. Ehrig, M. N agl, and G., Rozenberg, Springer-Verlag(1983).Schindler87] M ax Schindler, "D esign tools m aster em b e d d ed softw are's real-tim e d e m a n d s ," in Electronic Design, Septem ber 17 1987, pp. 65- 66.[S h a e ta l. 86] Sha, L., Lechoczky, J. P. an d R ajkum ar, R., "Solutions for Som e Practical Problem s in P rioritized P reem ptive Scheduling", IEEE Real- Tim e System s Sym posium , 1986S prunt et al. 88] B. S p ru n t, L. Sha, a n d J. P. L ehoczky. "S cheduling S poradic an d A p erio d ic E vents in a H a rd Real-Tim e System ." Technical Report, SEI, CMU, 1988.Stim son83] G. W . S tim son. "In tro d u ctio n to A irb o rn e R adar." H u g h es A ircraft C om pany El S egundo, California; L ibrary of C ongress catalog cardnum ber: 83-83041![Stotts86] P. D. Stotts, Jr. "A H ierarchical G raph M odel of C oncurrent Real- Tim e Softw are System s." In TR-1669 of D epartm ent of C o m p u ter Science of Jn iv ersity of M aryland, College Park, June 4, 1986.W ard& M ellor85] P. T. W ard an d S. J. M ellor, "S tructured D evelopm ent o r Real-Tim e System s," Vol.1-3, Y ourdon Press, N ew York, 1985W ard86] P. T. W ard, "The T ransform ation Schema: A n E xtension of the D ata Flow D iagram to R epresent C ontrol an d Tim ing," IEEE T ransactions of Softw are E ngineering, Vol. SE-12, No. 2, pp. 198-210, Feb. 1986.Y ourdon& C onstantine78] E. Y ourdon an d L. C onstantine. "Structured Design." 2nd. ed. Y ourdon Press, N ew York, 1978.234
, containing d etailed behavior o f each atom ic activity, is th en rep re se n te d u sin g a p ro g ram d escrip tio n lan g u ag e (such as a subset of A da). T hat is, all of the in p u ts n eed not form | p a rt of the enabling function. The resulting sim plified A da PDL is lim ited to ; th e follow ing types of statem ents: assig n m en t, if, lo o p , case, n u ll, exit a n d! re tu rn .!1 In su m m a ry , th e p ro p o se d sp e cifica tio n m e th o d h as a 3 -p a rtco m p u tatio n al m odel. In th e follow ing three tables, each table sum m arizes h o w each p a rt of com putational m odel is supported.In T able 3-A, h o w th e re q u ire d p ro p e rtie s of d a ta m o d els are su p p o rted by using data graphs is described.Desired Properties in Data ModelsExpressiblePropertiesComposition• non-atomic data items are decomoosable.Conditional Sequences• supported by the 'selection', 'iteration', and 'data item' primitives.Parallel Sequences• supported by the 'concurrency', 'iteration', and'data item' primitives.Multiple Instances of The Same Type• supported by the 'replication', 'iteration', and 'data item' primitives.Timing Specification• predicates expressed by time instant variables.Table 3-A: support in specification of data modelsI113In Table 3-B, ho w the req u ired properties of control flow m odels are su p p o rted by using activity graphs is described.liesirea rro p eru es In Control Flow ModelsExpressiblePropertiesComposition• Supported by composite activities.Conditional Sequences• supported by the 'selection', 'iteration', 'activity' primitives.Parallel Sequences• supported by the'currency', 'iteration', and 'activity' primitives.Multiple Instances of The Same Type• supported by the 'replication', 'class object’, and 'iteration' primitives.Timing Specification• predicates expressed by time instant variables.Enabling and Exiting Criteria• supported by pre-condition & post-condition formulas.Table 3-B: supports in specification of control flow modelsTable 3-C show s ho w the req u ired properties of control flow m odels are su p p o rted by using the atom ic activity concept.Desirable Properties in Sequential program ModelsExpressiblePropertiesStimulus and Response Relationship• supported by pre-condition & post-condition formulas defined in Section 3.2.State Changes • supported by using ADA PDL and 'state variables'.Timing Specifications• timing constraints formulas defined in Section 3.2.Interconnections Between Programs♦ A unrestricted activity graph defines relationships between programs.Validation Joints and Criteria• supported by pre-condition & post-condition formulas defined i n Section 3.2.Table 3-C: supports in specification of sequential program models114T he sy stem s I co n sid er h e re are larg e scale system s, em p lo y in g m u ltip le h etero g en eo u s processors to achieve th e re q u ire d perform ance. F u rth e rm o re , in su ch system s, th e h ig h level (m acro) system fu n ctio n s Require m u ltip le resources and, at a single resource, th e w orkload can have a v ariety of tim in g p ro p erties w hich can n o t be re p re se n te d by a single m odel (i.e. a single type of activity). Therefore, designing schedulers for such a system involves in teg ratin g m acro- an d m icro-level w hich at th e m acro level involves scheduling of activities req u irin g m u ltip le resources a n d at the m icro level involves scheduling m u ltip le types of activities in a single iiresource. N o single scheduling policy can effectively m an ag e all types of | activ ities. To fin d a 'g o o d ' a lg o rith m fo r sc h e d u lin g c o m p u ta tio n a l activities to co n su m e reso u rces, o n e m u st be able to ch aracterize th e w orkload (i.e., h o w resource are consum ed b y these activities) im posed on each ty p e of resource. Then select a scheduling policy w hich can effectively satisfy the resource dem ands of com putational activities. In th e next section,I classify activities w ith the goal th at m ajor activity classes are of interest in eng in eerin g sem i-h ard real-tim e control system s. Each class characterizes the tim ing p ro p erties w hich in tu rn define th e scheduling problem of each class of activities.1153 .3 . TIM IN G ANALYSIS APPRO A CH ESO ften, th e arriv al tim es are n o t tak en in to acco u n t in specifyingi; sc h ed u lin g p ro b lem s. H o w ev er, th e a rriv a l tim e d e te rm in e s w h e n th e param eters of an activity instance becom e know n to a scheduler an d hence ' th e am ount of advance notice in w hich to plan. It is easy to see th at this cantj be an im p o rtan t aspect of the scheduling problem .iThe tim ing and resource specification of an activity is defined as a set of 'c o n stra in ts’ o n th e tim e in sta n ts for each a ctiv ity in stan ce. T hese co n strain ts affect th e p o ssib le legal 'schedules' g e n e ra te d by a specified scheduling policy. For exam ple, as show n below , b y specifying constraints ! o n th e re la tio n sh ip s b e tw e e n th e (j-l)th ex ecu tio n of Ai a n d th e jth execution, I can define th e tw o classical types of activities, nam ely, 'periodic' J a n d 'sporadic' activities .It is com m on to th in k of activities as being executed sporadically o r i perio d ically . T he classic n o tio n of a p erio d ic activ ity is th a t successive instances are reg u larly spaced. A t th e other extrem e, instances of sporadic activities are relatively u n c o n strain ed 6. These classic notions involve quite sim p le co n strain ts o n th e tim in g in stan ts w hich w ill be d efin ed shortly. T here are, how ever, m any possible variations b etw een these tw o extrem es. For exam ple, frequently, th e p erio d icity of a p erio d ic activity can change6For example, [Mok83] only restrict the interval between successive arrivals to be no less 'x' units of time.116w h e n the system changes its m o d e 7. T here are relatively few m odes an d m o d e changes are relatively slow , co m p ared to the p erio d of each m ode. H ow ever, if th e m ode can change frequently or an arbitrarily large nu m b er of m o d es can b e in te rle a v ed , th e re is an im m en se v a rie ty of p o ssib lei•execution seq u en ces. In th is case, it is n o t p rac tic al to u se ju st som eIm o d era te n u m b er of m odes to classify all situations. T herefore, u sin g th e ; classic n otion - th a t arrivals of successive activity instances to be sch ed u led iI ,;are predictable an d the interval betw een successive instances is a constant - jI tcan n o t com pletely m odel th e state change b eh av io r of activities. As a J so lu tio n , I su g g est one generalizes th e n o tio n of p erio d ic by relaxing th e constraints of constant intervals as described below .3 .3 .1 . A CTIV ITY TAXONOM YI classify activities based on a taxonom y of constraints o n th e a rriv a l itim es of an activity's in stan ces. A lth o u g h m an y v ariatio n s of co n strain tsjm ay be im p o sed on tim e in sta n ts a n d , th u s, form d iffe re n t ty p es of j activities, the goal of o u r classification is to identify m ajor activity classes j w h ich are of in te rest in en g in eerin g sem i-hard real-tim e control system s. 1 M y choice is b ased o n an extensive stu d y of sensor b ased, sem i-h ard realtim e system s for avionics applications. A d etailed application exam ple is described in Section 3.4 to justify th e tax o n o m y p resen ted here. T ypes of activities are rep re se n te d as n odes in th e taxonom y in F igure 3-12. The7 A m ode represents a system state in which a set of com putational activities cooperatively executed to achieve a specific system objective.117d e fin itio n of each n o d e in th e tax o n o m y w ill b e fo rm a lly d e fin e d afterw ards. The figure is m ean t for reference as th e definitions are given to aid in keeping track of the context of each definition.Figure 3-12: an activity taxonomy via classification of constraints on arrival times jAs show n in Figure 3-12, activities are d iv id ed into tw o m ajor classes: |'N o n -R ep etitiv e S poradic' a n d 'repetitive'. T he 'N o n -R ep etitiv e S poradic' j activities are expected to execute once - this co rresp o n d s to one notion of ! sporadic activity [Cheng& Stankovic88]. A n activity is specified as repetitive by en clo sin g a n ite ra te r co n stru ct in its activity graph. By characterizing the rep etitio n p ro p erties, 'repetitive' activities can be fu rth e r d iv id e d in to -tw o classes: (1) those for w hich each instance's arrival tim e is u n p red ictab le and (2) those for w h ich each in stan ce's arriv al tim e is p red ictab le. A lth o u g h sp o rad ic activities can be 'rep etitiv e w ith u n p red ictab le arrival tim es', in th e classical n o tio n [M ok83], a sim ple co n strain t m ay be im p o sed on theactivityNon-RepetitiveSporadicrepetitiveAdaptive Sporadic Generalpredictable unpredictablearrivalPeriodic TimingSporadic Spaced SporadicNRVPcd RYPcd NRCP^ RCP^ N R V P j RVPsd N R C P^ R C P ^118low er b o u n d of arrival intervals. In the follow ing, each activity class in the activ ity tax o n o m y is d e fin e d fo rm ally in term s of th e sch ed u le tim e in stan ts. A lso, successive definitions, co rresp o n d in g to n o d es 'd eep er' in| th e taxonom y, are m ore constrained th an their p a re n t class.iD efin itio n 5: A n activity w hich is expected to occur once an d n o constraints a re d efin ed on th e arriv al tim e is term ed a N o n - R e p e t i t i v e S p o r a d ic j activity.i!D efin itio n 6: A n activity w hich is expected to execute u n b o u n d ed n u m b er of tim es is term ed a re p e titiv e activity.D e fin itio n 7: A repetitive activity for w hich a constraint on th e arrival tim e of th e jth ex ecu tio n is d efin ed in tu rn s of tim e in sta n ts of th e (j-l)th execution instance is term ed a p re d ic ta b le a r riv a l activity. O th erw ise it is term ed a n on -predictable a rriva l activity.D efin itio n 8: '(1) A s p a c e d s p o r a d ic activity is a n o n -p red ictab le arriv al rep etitiv e J activity Aj w hich has a constant m inim um interval m such th at [aij" a^j-D * m Vj > 0.(2) A S p o r a d ic activity is a non-predictable arrival rep etitiv e activity Aj w hich has arrival intervals in a range of values o r are stochastically d istrib u ted values.D efin itio n 9:it(1) A g e n e r a l p e r io d ic activity is a predictable arrivals a ctiv ity Aj | w hich is constrained by aij = cdi(j-i) Vj > 0 or a^ = sdi(j-i) Vj > 0.(2) A G P cd activity is an activity Aj w hich is constrained byaij = cdi(j-i),efij = cdij - aij Vj > 0.119(3) A GPsd activity is an activity A i w hich is constrained by aij = sdi(j-i), efij = sdij - a^ Vj > 0.In th e follow ing, I u se 'v ariab le' generally to rep re se n t values w hich are ! 'u n k n o w n ' or 'restricted to a range of values'.D efin itio n 10:(1) A constant period GPC d activity, i.e., 'CPcd' activity, is a GPcd activ ity w hich has a constant period p such th ataij - ai(j_i) = p Vj > 0.O therw ise, it is a variable period GPcd activity, i.e., /VPC < J ' activity.(2) A constant period GPsd activity, i.e., 'CPsd' activity, is a GPsd activity w hich has a constant period p such th ataij - ai(j_i) = p Vj > 0.O therw ise, it is a variable period GPsd activity, i.e., 'VPsd' activity.Figure 3-13 depicts the relationships b etw een the tim ing attrib u tes for a CPcd activity.periodFigure 3-13: relationships of CPcd activities' timing attributes and state120Definition 11:(1) A restrictive VPC £ activity, i.e., a 'R V P cd' activity, is a /VPcd' activity w hich is further restricted by:i-ij = aij.O therw ise it is a unrestricted VPcd activity, i.e. a 'N R V P cd' activity.(2) A restrictive CPcd activity, i.e., a /R C P cd' activity is a 'C Pcd' activity w hich is further restricted by:rij = aii-O therw ise it is a unrestricted CPa$ activity, i.e. a 'N R C P cd' activity.(3) A restrictive VPSd activity, i.e., a 'R V P sd' activity is a 'V Psd' activity w hich is further restricted by:rij = aij.O therw ise it is a unrestricted VPSd activity, i.e. a 'N R V P sd' activity.(4) A restrictive CPsi activity, i.e., a 'R C P sd' activity is a 'C Psd' activity w hich is fu rth er restricted by:rij = aij.O therw ise it is a unrestricted CPg^ activity, i.e. a 'N R C P sd' activity.period ^ ^_________ period------------- i ------------------------ ► - c ----------- ------------- -------------\7 7rn T \ 777\ V71s i(j-l) f c i(H> / V ' ipreem pted preempted3i(j-l) ~ T i(j-l) ~ ^10-2)%/ a i i - r ii~ A/a iij » )Figure 3-14: relationships of RCPcd activities' timing attributes and state121N ote th at th e RV Psd an d RV Pcd activities co rresp o n d to th e n o tio n of 'p e rio d ic ta s k s ' w ith m o d e ch an g es w h ile R C P sd a n d R C Pcd a ctiv itie s co rresp o n d to th e classic n o tio n o f 'p e rio d ic ta sk s'. Figure 3-14 depicts the relationships of these tim ing attributes for RCPcd activities.F ro m th e d e fin itio n s, th e jth arriv a l tim e of a ’G en eral P erio d ic’ activity d e p en d s m ainly o n the intrinsic p ro p erties of th e activity ra th e r th a n h o w its (j-l)th in stan ce w as executed o r sc h ed u led . But, as w ill be d efin ed im m ed iately below , for an ’ A d a p tiv e T im in g ’ activ ity th e jth a rriv a l tim e d e p e n d s o n th e (j-l)th ex ecu tio n in stan c e of th is activity. F u rth e rm o re , the rea d y d istan ce an d th e u tilizatio n fram e of a ’general p erio d ic’ activity are predictable, b u t for an ’A daptive T im ing’ activity the jth arrival tim e d ep en d s on its (j-l)th execution instance.D e fin itio n 12: A n A daptive Tim ing activity is an activ ity A i w h ich is restricted by:a ij = ci(j-l) or aij = si(j-l) V1 > °/ efjj are dynam ically determ ined.D efin itio n 13:(1) A n 'A T C ' activity is an 'a d ap tiv e tim ing' activity w hich is fu rth er restricted by:efjj = cdjj - ajj.(2) A n 'A T S ' activity is an 'ad ap tiv e tim ing' activity w hich is further restricted by:efij = sdfj - ajj.122The relationships of tim ing attributes of an ATC ad ap tiv e activity are illu strated in Figure 3-15, th at of an ATS ad ap tiv e activity are illu strated in Figure 3-16.iC j-l)sw.i(j-l)i(j-l) i(j-l) i(j-l) i(j-l) i(j-l) i(j-l)cd.a.. C;;1 execution in this intervalFigure 3-15: relationships of AT£ activities’ timing attributes and stater 4 (j-i) <— >e f i(H> JS W . i(j-l)-------------- 1 -----------------<--------■ ------>-------- 1 -----------ai(j-l) ri(j-l) S i(j-1) Sdi(j-1) ci(j-l) C di(j-1)rdjj* * 'We f ij Jsw ijI 1\ rij s i4 - “1 execution in th is interval Figure 3-16: relationships of ATg activities' timing attributes and state123If an activity has a constant execution tim e an d th e execution of the activity is n o n -p reem p tiv e, th en th e ATC an d ATS types of activities areidentical.R eader can observe in Figure 3-13 to 3-16 th at activity A4 executes exactly once in th e interval (r^ - a^j.-j)) for every tw o successive iterations (j- 1) a n d j. U sin g th is fact, in th e fo llo w in g , I first define th e n o tio n of u tiliz a tio n factor. By u sin g this n o tio n , I sh o w th e effect of m o d e lin g j ad ap tiv e tim ing activities by periodic activities. T hen, I show h o w one can ! ! tu n e scheduling param eters of an activity such th a t th e am o u n t of resource usage is u n d e r a given bound. iD e fin itio n 14: Let T = {Tj I Tj = (aj, Ty sdj, cdj, e^, Sj, Cj), j > 0} be a set of tim e j instants tu p les of activity Ai. Each tim e instants tu p le represents the tim in g j characteristics in th e jth iteration of of activity Ai.Let Uj be the utilization factor of activity Aj in the jth iteration, th en je . Iu = 7 ------ (3-E6) jJ 0 + D J . 1L et u be the total utilization of Aj and n b e the n u m b er of execution iterations of A i , thennu = ^ «• (3-E7)7 = 1 11243.3.2. EFFECT OF MODELING ADAPTIVE TIMING ACTIVITIES BY PERIODIC ACTIVITIESij A n atu ral question is w h y it is necessary to in tro d u ce the concept ofi'a d ap tiv e tim ing' activities rath e r th a n sim ply u se p erio d ic activities. As w ill be show n in th e follow ing analysis, to use a periodic activity to m odelan ad ap tiv e tim ing activity w ill increase, even double, th e utilization factoriof an activity an d significantly degrade system perform ance.S u p p o se th a t an activ ity n e ed s 2 u n its ex ecu tio n tim e a n d tw o successive execution instances of th e activity m u st n o t exceed 8 tim e units. The d iag ram im m ed iately below depicts an acceptable schedule for this activity.W e can m odel this activity as an ATS activity w ith the execution tim e e = 2, the read y distance r = 2, the scheduling w in d o w = 6, the utilization fram e ef = 8. W ith this definition, in a feasible schedule w hich includes this activity, th e tim e in terv al b etw een tw o successive execution instances w ill n o t exceed 8 tim e units. If th is activity started at th e scheduling d ead line, th en th e u tilizatio n factor u has the sm allest value; if th e next iteration of 1 his activity sta rts rig h t at the com pletion, th e u tiliz a tio n factor has the argest value. H ence,O ne m ig h t try to m o d el this activity as a R C Pcd activity (i.e. the classical periodic activity) w hich has a period p = 8, an d an utilization factor = 0.25. The d iag ram im m ed iately below illustrates a feasible schedule for this periodic activity. 8 ------------------------ 8 --------------------- 8 H1 " I 1 I —r— i— i—i—i— 1 1 1 —i—i —i—i—i—i—i—i—i —i—i—j— t ~ 1 —i0 5 1015 20 25T herefore, m o d eled as a RCPcd activity, th e tim e in te rv al b etw eentw o successive execution instances could have a m axim um tim e interval of j|16 tim e u n its. This clearly violates the requirem ents of tim e constraints. jiIn o rd e r to m o d el this activity as a RCPcd activity a n d g u a ra n tee i m eeting tim e constraints, the p erio d m u st be decreased. L et p ' be th e new 1 p erio d , and j( P+ e) !f = t — .Then for this exam ple, p' m u st be less than or equal to 5, i.e. 2 < p ’< 5. T herefore, 1 > u > 0.4. A feasible schedule, e.g. th e o n e illu strated in the d ia g ra m b elo w , can n o t h a v e a tim e in te rv a l b e tw e e n tw o successive execution instances exceeding 8 tim e units.I510 15 20 25126D ecreasing the periodicity of a RCPcd activity can m ake it satisfy the req u ired tim e constraint, b u t th e new utilization factor can be double, i.e.e 2ew =(P+ e)\ (p + e)( ^ )u' 2 pu p + eW hen p » e, then — « 2 r uT herefore, to force an a d ap tiv e tim in g activity in to a RCPcd m odel, can resu lt in excessive resource utilization. This m ay resu lt in a non-feasible schedule particularly w hen the total w orkload is high.1273.3.3. TUNING SCHEDULING PARAMETERSO bserving eq u atio n 3-E6, for a given execution tim e, th e u tilizatio n factor decreases as th e interval b etw een th e arriv al tim e to th e next rea d y [tim e increases. This w ill resu lt in a sm aller scheduling w in d o w in th e next i iteration. O n th e o th er h a n d , if th e sm aller scheduling w in d o w is in each ite ra tio n , i.e. th e in te rv al b e tw ee n th e re a d y tim e a n d th e sc h e d u lin g d eadline, m eans less o p p o rtu n ity for a rea d y activity to be sch ed u led a n d ; gives th e scheduler less flexibility. O ne m ight conclude th at the rea d y tim e | sh o u ld be set eq u al to th e a rriv a l tim e, i.e. rd = 0, w h ich g iv es th e j scheduling w in d o w the largest possible length. W ith rd = 0, th ere are tw o | draw backs: (i) this activity can dom inate th e u se of a resource an d (ii) th e |sch ed u lin g o v erh ead m ay be h ig h er since th e n u m b er of rea d y activities jith a t are exam ined in a scheduling decision increases in p ro p o rtio n to th e I size of th e scheduling w indow . As stated earlier, utilization of a resource m ay be constrained to a specified bound. In the follow ing, I w ill derive a set of c o n strain ts for th e re a d y tim e b ased o n th e fact th a t (i) exactly one execution is allow ed b etw een th e arrival tim e a n d th e next read y tim e, (ii) j th e re a d y tim e of th e jth iteratio n is th e first sta rta b le tim e, (iii) th e j4* 1 jiteratio n m u st start by th e scheduling deadline, (iv) th e u tilizatio n factor in !teach iteration cannot exceed a specified b o u n d b . jW ith g iv en sc h ed u lin g p a ra m e te rs (sw j, rdj, efj, e ^ a n d reso u rce u tilizatio n b o u n d b (i,e., Uj < b < 1) of activity Aj, at the jth iteration, a tim e in stan ts tu p le (ajj, r^, sdjj, cdjj, e^, s^ , c^) exists an d satisfies th e follow ing equation derived from 3-E6.128T herefore,(3-E8)T herefore, for an activity w hich is req u ired to use less th an or equal jth a t rj(j+i) ^ sd i(j+1) m u st hold according to equation (3-El).3 .3 .4 . EXAM PLES O F USING TH E PRO PO SED T IM IN G ANALYSIS A PPR O A C HIIn th e follow ing exam ples, th e w o rk lo ad of a system can h av e a (activity. T he tw o exam ples illu stra te ho w to describe th e v ariatio n s ofItim in g c o n strain ts of activities for th e sensor reso u rce in an ad v an c ed j sen so r system an d h o w th e tim in g constraints of these activities can be | rep resen ted .iE xam ple 1: critical adaptive activities w ith rigid tim in g constraints.W eapon su p p o rt activities are an exam ple of this ty p e of activity. To su p p o rt an 'X' ty p e of m issile, a ra d a r system m u st p e rfo rm a sensing activ ity (e.g. se n d in g a m issile m essag e a n d th e n illu m in a tin g targ ets) successively, a n d th e tim e in te rv al b etw een th e sta rtin g p o in ts of tw o successive sensing activities m u st be w ith in a in te rv al of [6.. 10] u n its of tim e. In a d d itio n , th is ty p e of sen sin g activities is c o n sid ere d th e m ost critical activity. H o w ev er, w h e n m u ltip le m issile s u p p o rt activities areto 'b %' of a resource, its read y tim e m odified according equation 3-E8. N otev ariety of tim ing properties w hich cannot be rep resen ted by a single type of129requested, th e im portance level of each activity is defined by the im portance level of th e targ e ts to be illu m in ated . F igure 3-17 illu stra te s th e tim e in stan ts for this exam ple "m issile su p p o rt" activities.\p = 0 - i.e. this activity is non-preemptive level = 1 - i.e. this activity is most critical.! V j ,j > lar s< h>rd , = r)-aJ = 6swj = sdj - r 4ef p cd. - r .= 1 2e .= 6 J 1 ---- 1 ----- 1 ----- 1 ----- 1 ----- 1 ----- 1 I 1 ----- 1 ----- 1 ----- 1 -----1 -----t t+2 t+4 t+6 t+8 t+10 t+12 t+14 t+16 t+18 t+20 t+22 t+24 t+26a (j-D r (j-D S C(j-D 0(1 (j-1)I -------1 — M-----1 I - ;ai rj si ci aii jFigure 3-17: scheduling parameters specification of an example strict ATs activity E x am p le 2: a d a p tiv e ac tiv ities w ith so ft tim in g c o n stra in ts.T he h ig h level objectives of th is class o f activities are to m ain tain a m in im u m o verall system perform ance w ith in a specified tim e interval. A n ex am p le is an 'alert search’ activity in w h ich th e h ig h level objective is jspecified in term s of R9Q for a specified 'search' fram e from w hich efgp, the |!m ax im u m a llo w a b le e la p se d tim e b e tw e e n tw o su ccessiv e c o m p lete : scanning of a search fram e, can be com puted. j130a search frame- a SF activitySDkSBlSB2f:SB4 SB3Figure 3-18: a ’search alert ’activity repetitively scans a search frameFigure 3-18 depicts th a t a search activity rep etitiv ely scans a search frame, i.e., perform s Search Fram e (SF) activity. Each SF activity consists of 4 Search Bar (SB) activity. Each SB activity consists of 5 Search D w ell (SD) activity. T he d e co m p o sitio n is b a sed on th e k n o w le d g e of th e sen so rjcapabilities, the n u m b er of integral segm ents (i.e., search bars), n SB, an d the jn u m b er of atom ic sensing activities (i.e., search dw ell activities), n BD, in ;ieach search fram e can also be estim ated. Therefore, eBD, the p erio d betw een j each scan, can be also be com puted. In Figure 3 -1 8 ,1 assum e nSB = 4 and n SD = 20.131level = 15 - i.e. this activity's importance level is less than the 'track update’ activities.A search fram e (SF) activity is decom posed into 4 search b a r (SB) activities.A SB activity is decom posed into a sequence of search dw ell (SD) activities.[Max#SF, Current#SF] SearchAlerte f c F< Maximum ^ Revisit Time SDRequestsSearchAlertScheduler(Coordinator)SFcontrol"com m a:(a) (b)SBkSDmSBlSD(m+l)SB2SB3SD(m+3)S B lSD(m+4)(c) (d)Figure 3-19: the control flo w m odel o f a search activityF ig u re 3-19(a) specifies th a t th e sy stem u n d e r c o n sid e ra tio n is req u ire d to h an d le a set of co ncurrent Search Alert A ctivities. T he system m u st be able to h an d le u p to M ax#SF concurrent Search A lert A ctivities. A Scheduler keeps tracks of th e n u m b er of enabled Search Alert A ctivities in state variable CurrentttSF. Scheduler is also responsible for coordinating the132execution of all Search Alert activities. SD Requests (i.e., the SD activities to g eth er w ith th eir sch ed u lin g p a ra m eters) are se n t to Scheduler . The jIsch ed u ler w ill select th e h ig h est sch ed u lin g p rio rity w hich is c o m p u ted Ii•from th e sch ed u lin g policies (such as those to be discussed in C h a p te r 5). !IiiThen, an a ctiv a tio n co n tro l c o m m an d w ill b e se n t to th e selected SDitj activity. Figure 3-19(b) specifies th at each Search Alert activity rep etitiv ely p e rfo rm s an SF , i.e., Search Fram e. T he tim e in terv al b etw een each iteratio n can n o t exceed th e Maximum Revisit Time w hich is d eriv ed from th e com putational accuracy specified in the system requirem ents. Figure 3- 19(c) specifies th a t each SF activity consists of a sequence of Search Bar (SB) activities: SB l, SB2, SB3, and SB4. For 2 < k < 4, each SBk activity cannot start until SD (k-l) activity com pletes. Figure 3-19(d) specified th at each SBkI{activity consists of a coherent sequence of Search Dwell (SD) activities. The rela tio n sh ip b etw een th e m th SD and th e kth SB in a search fram e is m = 5*(k-l) +1. A lso SDm is a non-preem ptive atom ic activity for 1 < m < 20.Based on F igure 3-19(b), an SF activity is an ATc activity since its arriv al tim e (i.e., th e tim e at w h ich all th e sc h ed u lin g p a ra m e te rs are kn o w n to the scheduler) of th e jth iteration is th e com pletion tim e of th e (j- 1 l ) th iteratio n , i.e., aSF j = CgF ( j - 1 ) V > 3 > L A lso, th e read y tim e of each | instance is th e tim e at w hich the activity arrives, i.e., r SF j = aSF^ j V j, j > 1. J In every iteration, the arrival tim e of the first search b ar ( i.e., SBl) an d the first search dw ell activity ( i.e., SD1) is equal to th a t of th e search fram e, i.e., aSF,j = aSBi,j = aSDi,j 1 - 1- The com pletion deadline of th e last search bar(i.e., SB4) an d th e last search dw ell (i.e., SD20) is equal to th at of th e search fram e, i.e., cdSF^ = cdSB4 j = cdSD20 j V j, j > 1. This pro p erty also holds for the133c o m p l e t i o n t i m e , i . e . , c S F j = c SB4 j = c S D 2 0 / j V j, j > 1 . E a c h s e a r c h b a r i s a n A T Cactiv ity since aSBk^ > cSBkj Vj, j > 1 an d 1 < k < 4. Sim ilarly, each search dw ell activity is also an ATC activity. Figure 3-20 depicts th e w orkload m odel d eriv ed from the tim ing constraints specifications associated w ith the search fram e (SF) activity, the search bar activities (i.e., SBl, SB2, SB3, an d SB3), and jthe search dw ell activities (i.e., SD1-SD20).a SB4, jFigure 3-20: the w orkload m odel transformed from the activity graph specified in Figure 3-19V j > 1,1 < k < 4,1 < m < 20, m = 5*(k-l) +1 rS F ,f 3 SF, j = a SBl, j = a SDl, j r SBkTJ a SBk, j rSDm,j~ a SDm,j SBk, j SDm, j CdSF, f c d SB4, j = c d SD20, j CSF,T C SB4, j = C SD20,j aSDm, jC SD(m-l), j^F,j C SF,(j-l)1 :dSBl, jcdSB4,jaSBl,j CgBl jc d SB2, jaSB2, j SBl, icdSB3, ja.SB3, jcSBl, j134In th e a p p lica tio n u n d e r co n sid era tio n s, th e effective u se of th e jsensor has a m ajor im pact on th e o verall system perform ance. O ne of theijm ain o b jectiv es is to fin d a 'g o o d ' a lg o rith m fo r sc h e d u lin g se n so r |activities. M ost sensor activities fall into the ATC ty p e of n o n -p reem p tiv eactivity since (i) th e execution tim e of sensor activities is state d e p e n d e n t (i.e. b ased o n th e o w n sh ip m otion an d th e estim ated targ e t state) a n d is u su ally d eterm in ed a t th e latest possible m o m en t b ased on th e m o st u p-to- jdate in fo rm atio n available, (ii) th ey are n o n -p reem p tiv e activities, an d (iii)I th e sensor u tiliza tio n is subject to an u p p e r b o u n d w hich is d y n am ically d eterm in ed b ased on the high level system objectives. The m ain objective of d esig n a so ftw are arch itectu re for ad v an ced sensor system s is to fin d 'g o o d ' sen so r m an ag em en t ap p ro ach es w h ich in tu rn s are to find 'g o o d ' jialgorithm s for sch ed u lin g the n o n -p reem p tiv e ATC ty p e of activities. In th e j follow ing, I w ill define a design m eth o d o lo g y w hich allow s d ev elo p ers to ad eq u ately allocate th e com putational activities in a requirem ents m o d el totth e ru n-tim e entities in a design m odel such th a t a d irect m ap p in g relation exists b e tw e e n req u ire m e n ts a n d d esig n . T his m eth o d o lo g y also a llo w designers to validate their design iteratively at different levels.4. A D ESIG N M ETHOD OLO GY FOR REAL-TIME SOFTWAREj The design m ethodology p resen ted in this chapter treats a softw are| a rc h itectu re as a set of ru n -tim e entities, in clu d in g tasks a n d ex tern al| | in p u t/o u tp u t elem ents, w hich interact either via m essages or sh ared d ata jIi structures. A task is a p ro g ram u n it th a t m ay be executed concurrently w ith i o th er tasks. A task has a single th re a d of execution a n d is a com putationI .; u n it schedulable b y th e o p eratin g system . E xternal input elements p r o d u c e !1 iI !i in p u t req u ests w h ich in tu rn trig g er a set of low level activities to be j ! ex ecu ted by tasks. E xternal output elements co n su m e resu lts w hich are jIproduced by tasks. J\ifSpecification m eth o d s for describing th e d y n am ic stru c tu re of t h e ! ru n -tim e entities, th e sy n ch ro n izatio n a n d co m m unication b etw een these j entity, and resource consum ption an d p ro d u ctio n p ro p erties (w hich in c lu d e ! tim ing and sizing) are defined. The specification m ethods allow designers to jfe x p ress th e ir d e sig n of a so ftw a re a rc h ite c tu re at m u ltip le levels o f . a b stra c tio n s d ep en d in g on th e ty p e of analysis is em p h asized in a specific jidesig n p h ase of th e softw are d ev elo p m en t process. In a d d itio n , softw are ! a rc h ite c tu re sp e c ifie d in th e sim u la tio n a n d p e rfo rm a n c e a n a ly s is ! en v iro n m en t has a direct m ap p in g to the entities in th e actual code. H ence, i m o d ificatio n s to a so ftw are arch itectu re b ased o n conclusions from th e sim ulation a n d /o r perform ance evaluation can be easily in co rp o rated into th e actual code. Finally, th e sem antics of the re p re se n ta tio n s are d e fin e d . T he form al sem an tics fo rm th e b asis o n w h ic h to c o n stru c t tools for feasibility analysis of a design u n d e r a specific o p erational env iro n m en t or136code generation of resource m anagem ent softw are. These can be au to m ated via application of the rules to in terp ret design specifications.| A n atu ral question is w h y it is necessary to introduce softw are design| m eth o d s ra th e r th an a sim ple, direct m a p p in g approach, i.e., associating atask w ith each th re a d of activities u sin g th e sam e resource. T w o keyi! problem s h in d e r this approach.i• D irect m ap p in g can p ro d u ce an excess n u m b er of tasks.| T he h a rd w are a n d /o r the o p eratin g system s used b y sem i-h ard1 re a l-tim e sy ste m s g e n e ra lly h a v e a lim it o n th e m ax im u mn u m b e r of softw are tasks. T herefore, system atic stra te g ie s for c lassify in g activ ities in to g ro u p s a n d m a p p in g g ro u p s in to softw are tasks are required.• D irect m ap p in g does n o t p ro d u ce necessary tasks to h an d le d ata integrity an d d ata transform ation problem s.D ata can be accessed by co ncurrent th read s of activities. A d ata m an a g er m u st be created to co n tro l access to sh a re d d a ta b y 1concurrent activities such th at th e integrity an d consistency of the !d a ta can be m aintained. In addition, a specific d ata item can have tw o d ata m odels— one from the p ro d u ce r view an d the o th er from th e consum er view . A d ata tran sd u cer m u st be created to receive d a ta according to th e p ro p erties specified in th e p ro d u c e r d a ta m o d el an d , then, tran sfo rm th e d a ta in to th e d esired p ro p erties specified in th e consum er d ata m odel.A softw are architecture is specified in three parts: the d a ta m odel, the control flow m odel, an d the sequential p ro g ram m odel. The data m odel is expressed w ith a restricted d ata g ra p h . The control flo w model is expressed w ith a task g rap h in w hich each vertex rep resen ts a ru n-tim e entity, i.e., atask or an in p u t/o u tp u t d ata elem ent, a n d each arc rep resen ts th e d ata13 Z Jp ro d u c tio n /c o n su m p tio n relations b etw een tw o co m m u n icatin g entities. T he sequential program model is expressed w ith a restricted activity g rap h | w hich is a sub g rap h of an activity graph, i.e., the requirem ents specification, j G raphical n o tatio n s are u se d for rep re se n tin g (i) relatio n s b e tw ee n d a ta ! item s in a d a ta m odel, (ii) relations b etw een tw o com m unicating entities | an d the te m p o ra l/sp a tia l parallelism of in p u ts /o u tp u ts of each entity in aico n tro l flo w m o d el, a n d (iii) th e in te rn al c o m p u tatio n al stru c tu re of a i se q u en tial p ro g ra m m o d el (i.e., a task). T extual n o tatio n s a re u se d forI :specifying tim ing constraints, pre-conditions, an d post-conditions. ji1Section 4.1 show s how to take th e graphical notatio n s in tro d u ced in j Section 3.1 an d m o d ify /re stric t them so th a t task grap h s, restricted a c tiv ity , graphs, and restricted data graphs can be created. iIIn S ection 4.2, I d e fin e a lg o rith m s fo r c o n stru c tin g re s tric te d j activ ity / d a t a g ra p h s a n d p re se n t an a lg o rith m fo r d e riv in g m ax im al! restricted activity g rap h s from a given activity g rap h . I define th e tem plate for specifying a task and the textual notation for describing attributes (such as enabling p aram eters an d conditions, tim ing constraints specification) of a task. Then, I p resen t an algorithm for d eriving attrib u tes of a task from its associated restricted activity graph. Finally, I define the form al g rap h m odel for a task.In Section 4.3, I define a set of ru les for m a p p in g a req u irem en ts m odel to a softw are architecture. I th en define an alg o rith m for d eriving aitask g rap h from a given activity g rap h using these m ap p in g rules. |138W ith th e task g rap h , restricted activity a n d d a ta g rap h , th e resource m anager, and tim ing constraints specification, a com plete softw are design is 'produced.4 .1 . G RA PH IC A L PR IM ITIV ES FO R SPECIFY IN G DESIGNij The graphical notations p resen ted in this section are for specification'of restricted data graphs, restricted activity graphs, a n d task graphs. F igure 4-iI1 c o n ta in s th e g ra p h ic a l p rim itiv e s fo r sp e c ific a tio n o f re s tric te d ! d a ta /a c tiv ity graphs. These prim itives are a subset of th e n o tatio n u sed for 're q u ire m e n ts specification a n d sh o w n in F igure 3-1. T he X in d ic ate s aiin o tatio n th at is disallow ed. In each colum n, one prim itive is disallow ed.i------Sequence----- ► - Data FlowV j - p . merge j / — ' connector nr ~ X «P»*v— 'N* connector x njunction * 1 x I * connectorn nj | Activity( } Data Item© Iteration © Selectioni i i u T T H u li i|(1) node primitives (2) operator primitives (3) communication primitivesFigure 4-1: Graphical Notation for Restricted Activity/Data Graphs ,A s sta te d earlier, a task has a sin g le execution th re a d a t any tim e j instant. H ence, d ata item s w ill n o t be concurrently p ro d u ced b y a task. Based j on th e se a ssu m p tio n s, th e concurrent objects of the same class n o d e is ex clu d ed from th e node p rim itiv es in Figure 4-1(1), a n d th e concurrency ,Io p e ra to r is e x clu d ed fro m th e o p e ra to r p r im itiv e s in F ig u re 4-1(2). iIIl1 4 0 .Therefore, the a c tiv ity /d a ta graphs, constructed from prim itives in Figure 4- 1, w h ich are associated w ith a task, in a sense, is m ore r e s tric te d th en a c tiv ity /d a ta g ra p h s specified in req u ire m e n ts. H o w ev er, th e en fo rced re stric tio n s can p re v e n t o n e fro m o b v io u s m ista k es su c h as h a v in g i concurrent execution threads in a task an d hav in g concurrent consum ption | a n d /o r pro d u ctio n of d ata item s by a task. Since the restricted activity graphs are m eant for describing execution behavior of an im p le m e n ta tio n of a task, the exact interface betw een th e task's com ponent activities m u st be resolved1d u rin g d esign. T herefore, th e equivalent connector is ex clu d ed from th e j co m m u n ica tio n p rim itiv e s in Figure 4-1(3) to force th e definition of th e j exact interface betw een tasks so th at a com plete specification of a task can be !ien su red .ActivityConcurifent Objects o L thesame das©nxn.x , x.Data Flowmergeconnectorsplitconnectorjunctionconnectorrx x n ncorj Task\ Input/Output Data ElementMandatory Input Port\<Optional Input PortOutput Port(1) node primitives for (2) operator primitives (3) communication (4) node primtivesactivity/data graphs for activity/data promitives for task graphsgraphsFigure 4-2: Graphical Notations for Task Graphs141As show n in Figure 4-2, the notation in (1) an d (2) is replaced by the n o tatio n in (4). The n o tatio n in (3) is from F igure 3-1 an d th a t n o tatio n is retained except for th e equivalent connector. Therefore, for specification of a j d e s ig n , tw o se ts o f p rim itiv e s , th e 'n o d e ' p rim itiv e s a n d th e j 'com m unication' prim itives, can be used.O bserve th a t the node p rim itives in F igure 4-2(1) are only u sed for cre atin g re stric te d o r u n re stric te d a c tiv ity /d a ta g ra p h s. In th is d esig n m ethod , a run-tim e entity is a set of activities, com prising a single execution thread. This set of activities is encapsulated by th e task p rim itiv e in Figure 4-2(4), a n d th e in te rac tin g b eh av io rs of th e e n c a p su la te d activ ities are d efin e d u sin g th e rem a in in g p rim itiv es in F ig u re 4-2(4). T herefore, the p rim itiv e s in F ig u re 4-1(1) are co m p letely e lim in a te d from th e n o d e prim itives for creating task graphs.The operator p rim itives in Figure 4-2(2) are elim inated com pletely.!The rationale for doing so is as follows: j• D iffere n t ta sk s a re k n o w n to be c o n c u rre n t. T h erefo re, th e j concurrency o p e ra to r is e lim in ated to red u c e re d u n d a n c y a n d i com plexity in task graphs.I• T he d a ta co n su m p tio n an d p ro d u ctio n relatio n sh ip , re p re se n te d |Iby the data flow prim itive betw een tw o tasks is eq u iv alen t to their precedence (i.e., sequencing) relationship. T herefore, th e sequence operator is elim inated.• T im in g c o n stra in t sp e cifica tio n s can e x p re ss th e re p e titiv e beh av io r of tasks. Therefore, th e iteration operator is elim inated.142______ i• Pre-conditions, post-conditions, and p o rt connections of tasks can ex p ress th e m u tu a l exclusion of tasks. T herefore, th e selection operator is elim inated.The co m m u n ic a tio n p r im itiv e s in F ig u re 4-2(3) hav e th e sam e n o tatio n s in F igure 4-1(3). H ow ever, for each fan-in arc lab eled xi7 th ere jim u st be a task, n o t an activity, a t th e o p p o site en d of th e d a ta item x to Jt'w rite' or 'access' the com posite d ata item Xj. For each fan-out arc labeled x{,th ere m u st be a task, not an activity, at the opposite end of th e d ata item x to j 're a d ' or 'access' the com ponent d ata item Xj. !iiiThe node prim itives set in Figure 4-2(4) contains five elem ents: task, j input/output data element, mandatory input port, optional input port, an d i output port. A task rep resen ts a p ro g ram u n it w hich has a single execution !ith re a d an d consum es a b o u n d e d am o u n t of resources su ch as p rocessor J cycles an d m em ory capacities. U nlike data item s w hich are passive entities, jiin p u t/o u tp u t d ata elem ents are active entities w hich d o n o t consum e anyp ro cesso r resource. A n input data element only has a set of o u tp u t ports, jiEach in p u t data elem ent represents a source of instances of a specific set of J in p u t d ata item s. For exam ple, an antenna receiver can be rep resen ted b y an j in p u t d a ta elem ent. A n output data element only h as a set of in p u t ports, j Each o u tp u t d ata elem ent represents the repository of instances of a specific set of o u tp u t d ata item s. For exam ple, a d isp lay can b e rep re se n te d b y an o u tp u t d ata elem ent.143The mandatory input port an d optional input port define th e in p u t in te rfa c e s of a task to other tasks or d ata elem ents. A mandatory input port represents a logical location at w hich m an d ato ry in p u ts for enabling th e task attached b y the in p u t p o rt arrive. A n optional input port rep resen ts a logical lo catio n a t w h ich o p tio n a l in p u ts o f th e task arriv e . A n output port rep resen ts a logical location at w hich o u tp u ts are to be deliv ered w h en the specified conditions are m et.AG12A2 A1A ll A21A22 A12A13A14Casel: (1) A11->A12->A13; (2) A21->A22Case2: (1) A11-»A12->A14; (2) A22->A22 Figure 4-3: Two Possible Cases of Concurrent Threads144C onsider Figure 4-3 in w hich there are tw o possible com binations of co n cu rren t th re a d s of activities. In th e first case, one th re a d consists of A 1 1 ^ A 1 2 — »A13, i.e., A l l follow ed b y A12 a n d A12 follow ed by A13. The other consists of A21 — » A22, i.e., A21 follow ed b y A22. In th e second case, one th read consists of A 11-*A 12— »A14, and the o th er consists of A21-»A22. The distin ctio n is th at, in th e th rea d containing 3 activities, one case contains ! A13 and the o th er case contains A14.ii| T here are five w ays to g roup A ll, A12, A13, an d A14. M ethod 1 is toform fo u r p rim itiv e activity g rap h s, i.e., (A ll), (A12), (A13), a n d (A14). M eth o d 2 is to form one chain (A 11-*A 12) a n d tw o p rim itiv e activ ity g ra p h s— (A13) m u tu a lly exclusive w ith (A14). M eth o d 3 is to form tw o prim itive activity g rap h s— (A ll) follow ed by A(12) an d one activity subgraph (A 130A 14) w here A13 is m u tually exclusive w ith A14. M ethod 4 is to form o n e chain (A 11-»A 12) an d one activ ity su b g ra p h (A 130A 14). F inally, m eth o d 5 is to form a chain ( A ll— »A12-»(A 13© A 14)) in w hich a m u tu ally exclusive activity su b g rap h (A 130A 14) is em beded. Sim ilarly, there are tw o w ays to g ro u p A21 an d A22. M ethod 1 is to form tw o p rim itiv e activity graphs, i.e., (A21) an d (A22); m ethod 2 is to form one chain (A21— »A22).W hen o n e's d esig n objective is to m in im ize o v e rh e ad s fro m task context sw itch, then, th e objective for m ap p in g an activity g ra p h to a task g ra p h w o u ld be to m inim ize th e n u m b er of task s. T herefore th e n otion of m axim al restricted activity grap h is needed to define the criteria for deriving a task g ra p h fro m a g iv en activ ity g rap h . C o n sid e r th e activity g ra p h145d ep icted in F igure 4-3. W ith this activity g rap h , restricted activity g rap h (A 11-A 12-((A 13® A14)) a n d restricted activity g ra p h (A21-A22) are tw o m axim al restric te d activ ity g rap h . T he th ird m axim al re stric te d activity I g ra p h can be d eriv ed by rep lacin g th e startin g concurrency n o d e w ith a i 'fork' activ ity a n d rep lacin g th e e n d in g co n cu rren cy n o d e w ith a 'join'I[activity. T he 'fork' activity an d th e 'join' activity are co n n ected w ith aij sequence node p rim itiv e. T he d e ta ile d alg o rith m fo r d e riv in g a set of ; m axim al restricted activity g raphs from a given activity g rap h is described iniSection 2.iiIn F igure 4-4, activity g ra p h AG12 has tw o co n cu rren t com posite activities (A l, A2), re p re se n te d by a chain of tw o atom ic activities. The 1associated activity g rap h of activity A l is a restricted activity g ra p h since jIn e ith e r th e concurrent objects of the same class n o d e p rim itiv e n o r th e | co n cu rren cy o p e ra to r p rim itiv e is u se d in th e g ra p h . S im ilarly , th e !itassociated activity graph of activity A2 is also a restricted activity graph.AG12A2A ll A21A22 A12Threadl: A11-»A12; Thread2: A21->A22Figure 4-4: Two Concurrent Threads of Activity ChainsG iven a set of co ncurrent m axim al restricted activity g ra p h s of an activity g ra p h AG, one can use a task m a p p in g ru le th a t each m axim al jirestricted activity g rap h is m ap p ed to a task. T hus, the n u m b er of tasks in ! the d eriv ed task g rap h is equal to or g reater th an the n u m b er of m axim al j restricted activity graphs in AG. The reason for th e existence of the ’ g reater |th a n ' re la tio n is th a t a d d itio n a l task s m ay b e c re a te d for d a ta b a s e ;im anagem ent, d ata transform ation, etc. By using th e above rule, task g rap h j TG12, depicted in Figure 4-5, consists of tw o tasks, each co rresponding to a j m axim al restricted activity g rap h in Figure 4-4. j‘ TG12Dc * > - h > < 3 H * J > < 4 — < jDC c ^ > ~ 4 > 7 1 < f | D 1 2Figure 4-5: A Task Graph Derived From Mapping Each Thread of Activities Into a Task147A n i n p u t/o u tp u t m a p p in g ru le for p reserv a tio n of th e in p u t an d o u tp u t req u ire m e n ts states th a t in p u ts to a n d o u tp u ts from a m axim al restricted activity g rap h s are in h erited b y th e associated task. The re a d e r sh o u ld observe th a t there are tw o in p u t d a ta item s, i.e., A an d C a n d tw oIi o u tp u t d a ta item s, i.e., E a n d F. T1 consum es b o th in p u t d ata, a n d T2 p roduces b o th o u tp u t data. A is read in via T l’ s first port, a m andatory in p u t p o rt; B is re a d in via T l's second p o rt, also a m a n d a to ry in p u t p o rt.ij S im ilarly, E is w ritten o u t via T2's th ird port, an o u tp u t port; F is w ritten o u t via T2’s fourth port, also an o u tp u t port. Please n ote th at the in p u t A toJth e first p o rt of T1 corresponds to th e in p u t to th e atom ic activity A l l in Figure 4-4. The in p u t C to T l’s second p o rt co rresp o n d to th e in p u t to the atom ic activity A12 in Figure 4-4. A sim ilar correspondence also ho ld s for E an d F. The n o tio n of m a n d a to r y specifies ho w T1 is to be e n ab led . T he selection of e ith er a m a n d a to ry or an optional in p u t d e p e n d s on th e algorithm s selected to im plem ent the atom ic activity co rresp o n d in g to the in p u t, a n d th u s, th e selectio n d ecisio n is a d e sig n issu e (i.e., n o t a req u irem en ts issue).A n in te rfa c e m a p p in g ru le fo r p re s e rv in g th e d a ta flo w com m unication characteristics states th a t th e d a ta flow prim itives b etw een m axim al restricted activity g rap h s are to be in h erited by th e d eriv ed 4ask graph. A lso, the activity at the tail of a d ata flow prim itive is replaced w ith an o u tp u t p o r t, an d the activity at th e h e ad of a d a ta flow p rim itiv e is rep laced w ith an in p u t p o rt. O bserve th a t B and D are th e tw o d a ta flow s b e tw ee n th e tw o m axim al re stric te d activ ity g ra p h s in F ig u re 4-4 b y148application of the inheritance rule. The task g rap h in F igure 4-5 also has B an d D as the tw o d ata flow s betw een the tw o tasks.AG12A l A2A22A21A llA12A23Figure 4-6: Another Activity Graph Can Have a Derived Task GraphN o w , consider th e activity g ra p h d e p icted in F igure 4-6 w hich is com prised of tw o co n cu rren t m axim al restricted activity grap h s. In each m axim al restricted activity g rap h , there are tw o atom ic activities, executing in a m u tu a l exclusive m anner. By ap p ly in g th e m a p p in g ru les described earlier, the g rap h in Figure 4-5 is also the derived task g ra p h of this activity graph. U sing tw o sep arate in p u t p o rts in d eed indicates th a t A an d C are consum ed at tw o logical locations. H ow ever, in Figure 4-4,A an d C w ill be consum ed in th e o rd e r of A follow ed b y C. But, in Figure 4-6, A or C , notIboth, w ill be consum ed. C learly, this in p u t consum ption behavior in Figure 4-4 is different from th a t in Figure 4-6, yet th e p o rt rep resen tatio n s are n o tsufficient to m ake the distinction. Based on this observation, I conclude th a t j*textual notation m u st b e p ro v id ed such th at one can au g m en t th e g rap h to j describe the relationship betw een ports. The textual notations for describing th e p o rt relatio n s w ill be d efin ed in Section 4.2. F u rth erm o re, the p o rt149jrelatio n can also be d eriv ed from th e task 's associated restric te d activity g rap h by a set of direct m app ing rules such as those defined in Section 4.3.LFigure 4-7: An Activity May Produce Two Outputs or Consume Two InputsA ctivity g ra p h AG34, d e p icted in F igure 4-7, h as tw o c o n cu rren t m axim al restricted activity g rap h s, A3 an d A4. A3 has one in p u t an d tw o o u tp u ts; A 4 has tw o in p u ts a n d no o u tp u ts. B oth o u tp u ts of A3 are p ro d u ced by the single atom ic activity (i.e., A31) of A3. Both inputs of A4 are consum ed by the single atom ic activity (i.e., A41) of A4.TG34.xw w w w xw vxxxxw w w w xvAIxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxT4Figure 4-8: Two Tasks Communicating With Two Data Flows Via One Pair of PortsIn F igure 4-8, th e tw o tasks T3 a n d T4 are d e riv e d from th e task m a p p in g ru le. T he first in p u t p o rt of T2 is c reated b y a p p ly in g th e in p u t/o u tp u t m a p p in g rule. The tw o d a ta flow s A an d B are created by150a p p ly in g th e in te rfac e m a p p in g ru le. O b serv e th a t in F ig u re 4-8 th e fo llo w in g in fo rm a tio n is n o t ex p ressed : (i) th e te m p o ra l rela tio n sh ip s betw een pro d u ctio n of A and B (i.e., if both A an d B w ill be p ro d u ced or one j of them w ill be p ro d u ced ); (ii) th e conditions for p ro d u c in g A; (iii) th e jco n d itio n s for p ro d u c in g B; a n d (iv) the tem p o ral relatio n sh ip s b etw een |ico n su m p tio n s of A and B (i.e., if b o th A an d B w ill be consum ed o r one of th em w ill b e consum ed). B ased o n th ese o b serv atio n s, I co n clu d e th a ti[textual n o tatio n m u st be p ro v id ed such th a t one can a u g m e n t g rap h ical \ n o tatio n s describing th e relationship betw een in p u ts to an in p u t p o rt an d the relationship betw een o u tp u ts from an o u tp u t port.A ctivity g ra p h AG56, d ep icted in F ig u re 4-9, h as tw o co n cu rren t m axim al restricted activity graphs, A5 and A6. A5 has one in p u t A an d oneo u tp u t X; A6 h as tw o inputs: B a n d X , a n d one o u tp u t C . A junction/p rim itiv e w ith a d ata item X rep resen ts th a t th e o u tp u t of atom ic activity A52 w ill be co n su m ed by atom ic activity A62. H ence, X is a sh a re d d a ta w hich m ay be accessed concurrently by A52 an d A62.151AG56A6A5A51 A61A62 A521 IFigure 4-9: Two Threads of Activities ■'Concurrently Access' a Data Item X jE arlier I p o in te d o u t th at the n u m b er of tasks in th e d e riv e d task | g rap h is equal to or greater th an the num ber of m axim al restricted activity ; ; g rap h s in the p aren t activity graph. C onsider the task g ra p h in Figure 4-10 | | w hich is derived from the activity g rap h in Figure 4-9 by u sin g th e m ap p in g I ! rules described earlier. It is clear th at activity g rap h A5 is m ap p ed to task T5 !j « *- t| |an d activity g rap h A6 is m ap p ed to task T6. H ow ever, in o rd er to ensure the j d ata in teg rity of the sh ared d a ta X, a Data Manager of X task is created to jim an ag e X. O nly this task has a direct access to X (i.e., the rig h t to read and jiIw rite to X) because th e d ata item X has neither in p u t p o rts nor o u tp u t ports I 1 for in terface w ith o th er tasks. T herefore, to access X, o th e r tasks m u st ! acquire services (e.g., getY and putY ) from the Data Manager of X task. !II152Managerv v \ \ \ \ \ \ \ \ \ \ \ \ \ v v \ \ \ \ \ \ \ v^ TG56II 'iFigure 4-10: A Data Manager to Ensure the Data Integrity of Shared Data Item |iA n a tu ra l question m ay be asked. H o w w o u ld putY , getY, an d Y in {IF igure 4-10 be im p le m e n te d in a p ro g ra m m in g la n g u a g e (e.g.,, A da)? I iisuggest th at putY an d getY are im plem ented as p ro ce d u re calls w ith in the ^ context of T5 an d T6. For instance, one could code a function such as put(Y: j in d a ta _ stru ctu re) o r get(Y: in d a ta _ stru ctu re) w h e re th e datajstructure ' could be declared as an unconstrained array type. E ither function w o u ld be called by specifying the exact range bound. For exam ple, get(Y(5..10). Each of th ese fu n ctio n s w o u ld th en co n stru ct a m essag e (e.g., w ith th re e fields < destination, from , to>) by using A da attributes specifier such as Y 'address, Y’ size, a n d Y’ size. T he task creation rules such as those aforem entioned w ill be defined in Section 4.3.153AG7 every 2 secondsA 7Figure 4-11: A Periodic Activity, Iterating Every 2 Seconds j|In Figure 4-11, there is one activity, iterating every 2 seconds. In each !tite ratio n , activ ity A 7 p ro d u ce s a d a ta item B. A ctiv ity AG 7 itself is a j m axim al restricted activity graph. |s TG7 4%v\.vvvvvvvvv\v. , j " N k semaphore j watch dog r^timer-»>p>T 7 * C j L )Figure 4-12: A Periodic Task Enabled by Watch D og Timer Every 2 SecondsIn F igure 4-12, there is a task T7, an in p u t d a ta elem en t watch dog timer, a d ata flow semaphore, an d an o u tp u t d a ta elem en t B. Task T7 is associated w ith atom ic activity A 7, not the m axim al activity g rap h enclosing A 7, in Figure 4-11. This is d u e to the fact th at the tim e interval taken by the atom ic activity A 7 m ay either be shorter th an 2 seconds or exceed 2 seconds d e p e n d in g o n th e o v e ra ll sy ste m w o rk lo a d . M a k in g sem aphore a m an d a to ry in p u t for en ab lin g T7 a n d m ak in g watch dog timer g e n erate semaphore allow s the execution of T7 to be controlled b y a local scheduler. F urtherm ore, th e iteration interval (i.e., every 2 seconds) can be specified as a p a rt of the tim ing constraints associated w ith watch dog timer an d can be154m ad e kn o w n to th e scheduler. T he attrib u tes associated w ith each ty p e of no d e (i.e., in p u t data elem ent, o u tp u t d ata elem ent, task, etc.) w ill be defined in the follow ing section.A s sh o w n in th e p rec ed in g exam ples, it is clear th a t in o rd e r to rigorou sly an d concisely describe interactions betw een tasks an d 1 /O devices a n d rep re se n t tim e-oriented behaviors, each p rim itiv e m u st be au g m en ted w ith attributes. For exam ple, h o w in p u t p o rts are in terrelated , h o w o u tp u t Sports are in terrelated , ho w in p u ts to a p o rt are in terrelated , h o w o u tp u ts ifrom a p o rt are in terrelated can be expressed via textual n o tatio n s (w hichIw ill b e d e fin e d in th e n e x t se ctio n ). F u rth e rm o re , th e te m p o ra lrelatio n sh ip s am ong in p u ts an d the tim ing p ro p erties of each in p u t m u st |]also be au gm ented via tim ing constraints specification. For active elem ents, ji.e., in p u t d ata elem ents, o u tp u t d ata elem ents, an d tasks, a set of execution ! ru le s m u s t be d e fin e d . T he fo llo w in g se ctio n w ill a d d re s s issu e s a fo re m en tio n e d .I155______ i4.2. DESIGN SPECIFICATION METHODThe restricted d a ta /a c tiv ity g rap h defined below has the sam e type of com ponents as those defined for non-restricted except that the n o d e types of th e vertices in a g rap h are restricted to those defined in Figure 4-1.i4.2.1. RESTRICTED DATA GRAPHSij A restricted d ata graph RD is a 5-tuple,i RD = [G, f, g, s, e]tw here: G = [V, E] is a d ata g rap h in w hich V is the set of nodesa n d E is the set of edges.f is a function from V into the set of allow ed n o d e types Vrdp. (Vrdp is defined explicitly below .)g is a function from V in to the set of positive integers. This essentially provides a label for each node. js is a distinguished no d e called the 'start node'. ii*e is a distinguished no d e called the 'end n o d e ’. IThe set of no d e types p erm itted in a restricted d a ta g rap h is Vrdp =^dp ” { © s / © e / © s / © e ) w here Vdp = {D, © $ / © e / © s / © e / © s / © e /© s / © e )/ i e., the set of node types allow ed in a d ata g rap h except for thoseassociated w ith concurrency.D efinition 1: A w ell-form ed restricted d a ta g rap h RD ( = [G, f, g, s, e], can be recursively defined as follows:(1) Let RDk = [Gk, fk, gk, sk, ek] be any single vertex d ata graph w ith Gk = [{vk}, 0 ] fk(vk) = Di156gksk = vk e k = vk(2) Let R D j, RD2, ..., RDk be w ell-form ed restricted data graphs, RD t = [Gj, fj, gj, vg., ve.]. For th e p u rp o se of generality,the labeling function 'g' I need th e follow ing notation.Let m k = the m axim al value in th e range of g for RDk. W ithout loss of generality, I also assum e th e sets of nodes in R D l7 RD2, R D k are distinct.RD = [G, f, g, v s, ve] is a w ell-fo rm ed restricted d a ta g rap hk- 1Let M k = X m ..i =1T h en :(a)w here:G = [V, E] E =157g(v) = 'M j + g j(v ) if v e Vi g(vs ) = M mg(v ) = MmExpression.(b)0 —RD = [G, f, g, v g/ ve] is a w ell-form ed restric te d d a ta g rap h w here:G = [V,E]E = VA (ve’v * )}f(v) ="ik (v) if v e Vkf(vg) = © s_f(v ) = m)eg(v) =g(vs ) =if v e Vkgk(v) + 1 g k(v) +1158d jS )(c) ( s E )RD = [G, f, g, vs, ve] is a w ell-fo rm ed restric te d d a ta g ra p h w here:G = [V, E]mV - u V .;= i 1f(v )= £ .(v ) if v s V,g(v) = Mi +gj(v) if v s Vj nN o te th at w ith th e above definition, m atching pairs of n o d es (xj, x2) e-g-' ( ® s , © e ^ can be identified by g(xj) = g(x2).T he above definition is sufficient for construction of tools to check w h e th er a restricted d ata g ra p h is w ell-form ned. I am only in te reste d in w ell-form ed restricted d ata grap h s an d in the sequel I will dro p the adjective w ell-form ed' although it w ill alw ays be u nderstood.In th e follow ing sections, th e form al definitions of restricted activity graphs a n d m axim al restricted activity g rap h s are p resented. In ad d itio n , I present algorithm s for deriving a set of m axim al restricted activity g rap h s159from a g iv en activity g ra p h a n d checking w h e th e r m ax im al re stric te d activity g rap h s are w ell-form ed.4 .2 .2 . R ESTR IC TED ACTIVITY GRAPHSj In th e fo llo w in g d isc u ssio n o n re s tric te d a c tiv ity g ra p h s , th e jem phases are on th e aspects of th e tem p o ral relatio n sh ip a n d th e sp atial [relationship b etw een activities. I assu m e the details of d a ta g rap h s an d com m unication b etw een activities are defined. T herefore, I d o n o t include th e com m unication connectors an d in p u ts / o u tp u ts of each activity in th e 1ig rap h m odel of an activity graph. jIA restricted activity graph RA is a 5-tuple, !RA = [G, f, g, s, e] |w here: G = [V, E] is an activity g rap h in w hich V is th e set of ;nodes and E is the set of edges. ;f is a function from V into th e set of allow ed no d e types jVrap. (Vrap is defined explicitly below .)g is a function from V in to the set of positive integers. This essentially provides a label for each node.s is a distinguished n o d e called the ’ start node'. jie is a distinguished no d e called th e 'end node'.The set of n o d e types perm itted in a restricted activity g rap h is Vrap = ^ a p " (© S ' © e / © s / © e ) w here Vap = {A, © s , © e/ © s / © e / © S ' © e / © s / © e )/ i-e., the set of n o d e types allow ed in an activity g rap h except forthose associated w ith concurrency.160D efinition 2: A w ell-form ed restricted activity g rap h RA ( = [G, f, g, s, e], can be recursively defined as follows:(1) Let RAk = [Gk, fk, gk, sk, ek] be any single vertex activity graph(2) L et R A j, RA 2, ..., RAk b e w ell-fo rm ed re stric te d activ ityRAj = [Gj, fj, gj, v s., v e.]. For the p u rp o se of generality,the labeling function 'g' I need the follow ing notation. Let m k = the m axim al value in the range of g for RAk. W ithout loss of generality, I also assum e th e sets of no< R A j, RA2, R A k are distinct. k-1Let AT, = X m ..* i =1 1T hen:RA = [G, f, g, vs, ve] is a w ell-form ed restricted activity g rap h w here:w ith Gk = [{vk}, 0 ]fk(vk) = D g k(vu) = 1s k = vk e k = vkgraphs(a)G - [V, E]iii161f(v) =g(v) ='(b)f (v) if v g Vj f(vs ) = © s f(ve) = © eM i + g j( v) if v g Vi g(vs ) = M mg(ve ^ =Expression.RA kRA = [G, f, g, v s, v e] is a w ell-form ed restricted activity g rap h w here:G = [V,E]ViUl vS ’ve}e = :k L k k J I"f k (v) if v g Vk f(v)= { f ( v „ ) = @ s.f(v') = @)e g k(v) if v g Vk g(v) = S(vs > = 8k(v) + 1 g(ve> = g k(v) + 1162(d)RAi□ zRA2J L ,RA„RA = [G, f, g, vs, ve] is a w ell-form ed restricted activity g rap h w here:G = [V, E]mV = u V . i =1 *E = V S2UV » )}f(v)= f. (v) if v s Vig(v) = Mj + g i(v) ifve Vi□4.2.3. DECOMPOSITION OF AN ACTIVITY GRAPH INTO MAXIMAL RESTRICTED ACTIVITY GRAPHSIn th is section I p re se n t an alg o rith m fo r d eco m p o sin g a g iven activ ity g ra p h in to a set of m ax im al re stric te d activ ity g ra p h s. The significance of a restricted activity g ra p h is th a t it rep resen ts a sequential process an d therefore is natu rally associated w ith a task. The set of m axim al restricted activ ity g rap h s therefore co rresp o n d s to a m inim al set of tasks corresponding to th e given activity graph.I first in fo rm ally describe th e a lg o rith m a n d th e n give a d etailed d escrip tio n . As w ell be seen, th e com plexity of th e alg o rith m is 0 ( I E I )1 6 3w h ere E is th e se t of ed g es in th e activ ity g ra p h . I can achieve this com plexity if I ’ visit' each edge in the activity g rap h only once. As in m any g ra p h trav ersin g algorithm s a stack is useful for rem em b erin g p a th s th at have y et to be explored. In m y case, I w ill n eed tw o levels of stacks. The reason is th at w hile 'exploring' the nodes of the activity g rap h I m ay need to |halt th e b u ild in g of one m axim al restricted activity g rap h a n d start a new one. The activity g rap h th at I w as w orking on w ill be rem em bered in a stackland re su m e d later. T his is th e 'to p le v e l’ stack in th e alg o rith m . Thei Ijelem ents in th is stack are com plex d a ta stru c tu re s th a t reco rd all th e j!in fo rm a tio n re q u ire d to resu m e b u ild in g of th e (in co m p lete) m ax im al jrestricted activity graph. O ne of the com ponents of this stru ctu re is itself astack; nam ely, a stack of nodes th at have yet to be v isited in this partiallycom pleted m axim al restricted activity graph.Som e notations:PSS (Partial S ubgraph State)T his is th e d a ta stru c tu re u se d to reco rd all th e in fo rm atio n re q u ire d to resu m e th e c o n stru ctio n of a m ax im al re stric te d activity graph.iPSS_stack jiiThis is th e 'top level' stack in w hich PSS elem ents are p u sh e d for i later resu m p tio n . JIV ertex_stack164T his is th e 'low er level' stack an d th e re is o n e in each PSS. V ertices th a t h a v e y e t to b e v isite d in th e m ax im al restric te d activity g rap h are stored here. jiiThe alg o rith m has an 'o u ter loop' a n d an 'inner loop'. In the in n er j loop a 'cu rren t p artial g rap h ' is being constructed as n o d es in th e original 'activity g ra p h are trav e rsed . H o w ev er, if a n o d e is e n c o u n te re d w h ich jindicates concurrency (i.e., © s ,€ > s ) th en construction of the cu rren t g rap h j|is su sp e n d e d (the PSS for this g rap h is placed o n th e PSS_stack) an d alsoJnew PSS stru ctu res are initialized for each of th e successors of th e © s o r ' (&)s n ode an d the algorithm retu rn s to th e outer loop.I|In the o u ter loop, th e algorithm takes the top PSS stru ctu re from the PSS_stack (it term inates w hen the stack is em pty) and calls th e in n er loop tocontinue construction of the graph. jIIIIn itia liz a tio n of th e a lg o rith m consists sim p ly of c o n stru ctin g an initial PSS w hich corresponds to th e start n o d e of the activity g rap h b ein g I the next n o d e to visit, p u sh in g this PSS on the PSS_stack, an d in v o k in g theIo u ter loop.Before p resen tin g the d e ta ile d alg o rith m , a sm all ex am p le m ay be useful. C onsider the activity g rap h in Figure 4-13.165AGFigure 4-13: Given Activity Graph AGThe algorithm will basically processes as follows:initialization: C reate a PSS w ith n o d e A j in the vertex stack.(call this PSSj for easy reference.)o u ter loop: P op the PSS_stack entry, i.e., PSSj,Call the in n er loop.in n er loop: ad d a copy of A j to graph, find successors.Since it is an © s n o d e,(a) a d d a 'fork node' to the current g rap h(corresponds to the © s node) p u sh th e current PSS on th e PSS_stack.(b) initialize a PSS for branch to A 2(call this PSS2.) p u sh onto the PSS_stack.(c) initialize a PSS for branch to A 3n o d eth e(call this PSS3.) p u sh onto the PSS_stack.(d) re tu rn to th e outer loop.o u ter loop: p o p PSS from PSS_stack. (PSS3) invoke in n er loop.in n er loop: expand node corresponding to A 3. this w ill be the © e node.This signals the end of this g raph, an d it is outputted, retu rn to the outer loop.o u ter loop: p o p PSS from PSS_stack. (PSS2) invoke in n er loop.in n er loop: expand no d e corresponding to A 2. this w ill be the © e node.This signals the end of this g raph, an d it is outputted, retu rn to th e o u ter loop.o u ter loop: p o p PSS from PSS_stack. (PSS!)N ote: w h en PSS^ w as p u sh e d on th e stack its c u rre n tw as (§)s node. A t this point, it sh o u ld continue w ithth e (§)e n o d e w hich w ill be tran sfo rm ed to a join node. In the detailed algorithm , this is accom plished by having a global variable in w hich, w h en a g ra p h is com pleted,'end node' is recorded, invoke in n er loop.in n er loop: convert (g)e to 'join node'.got to next node A4 an d copy to graph, no successors, vertex stack is em pty, so o u tp u t graph, re tu rn to o u ter loop-o u ter loop: PSS_stack is em pty.167T erm in ate.F igure 4-14 d ep icts th e m axim al restricted activity g rap h s d eriv ed 'from the given activity g rap h AG.PSS2:PSS2:PSS1:forkjoinFigure 4-14: Maximal Restricted Activity Graphs Derived From AGAlgorithm 2: G iven an activity g rap h AG = [G, f, g, s, e] a n d G = [V, E], a set of (restricted activity graphs are produced.In p u t: G raph is represented by:(1) start vertex s,(2) en d vertex e,(3) a list of vertices, each w ith the follow ing attributes:(i) type,(ii) a list of successors,(iii) id,(iv) address of this vertex in the o u tp u t su b g rap hO u tp u t: (1) A set of m axim al restricted activity g rap h s (M RAG) an d a taskid is assigned to each.(2) N M R A G re p re se n tin g th e n u m b e r of m ax im al re stric te d activity g rap h s produced.168M ethod:pro ced u re B uildM R A G (AG):1. if C urrentV ertex is n u ll th e nbegin2. call In itializa tio nto create a stack StackJPSS,set C ur vertex of this PSS to s3. this PSS is p u sh e d onto the Stack_PSS;end;4. w h ile Stack PSS is n o t em p ty d o5. p o p a PSS from Stack_PSS;6. call ProcessVertex(PSS);7. call BuildM RA G (A G ):e n d lo o o8. o u tp u t MRAG; increm ent NM G RA by 19. delete PSS and Stack_PSS;10. re tu rn :The d ata structures and procedures used by the algorithm are given below .Global Data Structures:(1) A partial subgraph structure (PSS)Each PSS is represented by:(i) address of start vertex (Start_PSS)(i i ) address of end vertex (End_PSS)(iii) a list of vertices (RA) that each has:(a) type(b) a list of successors(c) address of corresponding vertex in the original graph(iv ) taskid(v) current vertex (Cur_vertex)(v i) a 'vertex to expand' stack (Vertex_stack) containing address of vertex in PSS and address of corresponding vertex in the original graph.(2) NodeType = {A, rk/join)(3) Start_fork_activity_id = IVI +1169(4) The id which can be assigned to a fork activity (Next_forkid)(5) A stack of PSS stacks (Stack_PSS)Each entry in StackJPSS contains address of a PSS(6 ) Last visited ending concurrency vertex (Last_C_end) procedure Initialization:(i) create and initialize a Stack_vertex_to expand stack(ii) set taskid to a newly generated id(iii) set start_PSS to s{i v ) set Cur_vertex to s(v ) setNM RAtoO1. create a new PSS (C_PSS) for the start vertex of AG , i.e..2 . push address of C PSS to StackJPSSprocedure ProcessVertex (PSS):1. w hile (Vertex_stack * empty) do begincase TRUE of ; expand the current vertex 2 .3. (f(Cur_vertex) =4. (f(Cur_vertex) = begin5.6.set Last_C_end to Cur_vertexif the pointer for (address to the vertex in theoutput graph) of corresponding vertex in7.original graph is not null then set that pointer to Cur_vertex exitend8 . (f(Cur_vertex) = <§)s ),(f(Cur_vertex) = © s > :9.10.beginpush all successors onto Vertex_stack push address of Cur_PSS to Stack_PSS170I T for each successor do12. create and initialize a PSS13. append taskid of this PSS to a taskid list14. push address of PSS onto Stack_PSSendloop15. create a fork vertex by setting its type to fork,its successors to the taskid list16. set Cur_vertex to the fork vertex17. returnend18. (f(Cur_vertex) = © e ) :begin19. if the pointer for (address to the vertex in theoutput graph) of corresponding vertex in original graph is null thenbegin20. set that pointer to Cur_vertex2 1 push all successors but the first ontoVertex_stackend22 copy this vertex to MRAG(i.e., the subgraph being created)23. pop a vertex from Vertex_stackto Cur_vertex24. exitend25. (f(Cur_vertex) = fork):begin26. create a join vertex by setting its type to join,27. set the id of the join vertex to Next_forkid28. set the successor of the join vertex tothe successor of Last_C_end29. set the successor of fork vertex to the join vertex30. set type of this vertex to ’A'31. set id to Next_forkid32. copy this vertex to MRAG33. increment Next_forkid by 1, and34. set Cur_vertex to the successor of Last_C_end35. exitend17136. (f(Cur_vertex) = join):begin37. set type of this vertex to 'A',38. copy this vertex to MRAG,end39. otherwise:begin40. copy this vertex to MRAG(i.e., the subgraph being created) 1 41. if (f(Cur vertex) thenset the successor whose type is not (f|)s1 to Cur_vertex. elsei begin, 42 push all successors but the first ontoI Vertex_stackj 43. set the first successor to Curjvertexend44. exitendendendloopT he next th ree theorem s p ro v e several im p o rtan t p ro p erties of the i p a rtitio n in g algorithm .Theorem 1: G iven an AG , th e set of restricted activity su b g rap h s, RAj =[Ga, f, g, (sj, e j ) ] ,..., RAj^ = [Gm, f, g, (sm, em)], p ro d u ced by A lgorithm 1 are m axim al restricted activity graphs.Proof. A ssu m e th a t som e Gj is n o t a m axim al restric te d activitygraph.172If Gj is n o t a m axim al activity graph, then there exists a vertex v in G and v not in Gj such th at G.^>{v} is a restricted activity graph. If v is n o t in V rap, th en G .u { v } could no be a restricted activity graph. H ence v m u st be j| itin Vra p . C o n sid er th a t v is in V . Since G . v { v }is a restricted activity j g rap h , v is either a successor of a vertex in Gj or a predecessor of a vertex inI,Gj. T hus, Let vertex q in Gj be adjacent to v.iIiBased on (Stepl9-Step24), (Step26-Step35), (Step37-Step38), or (Step40- Step44) of procedure ProcessV ertex, if v is the predecessor of q, then v w ould have been included in Gj since q, i.e., the successor of v, w as p u t in Gj. If v is j the successor of q, then v w ould also be p u t in Gj since q has been p u t in Gj. iiH ence, v m u st be in Gj w hich is a contradiction. T herefore, Gj is a m axim al j restricted activity graph. □Theorem 2 G iven an AG w ith IVI = n an d IE I = e, A lgorithm 1 requires O(e) tim e to construct all the m axim al restricted activity subgraphs of AG.Proof. T he In itializatio n step is com pleted in a b o u n d e d tim e C j. ;T he in n erL o o p trav e rses A G v ia th e o u tg o in g arcs w hich lea d to th e Jisuccessors of each vertex. T here are 'e' arcs w hich im plies th e total n u m b er j of arcs traversed to find successors is e. W hen each successor is reached, it is ' m ark ed an d som e com putation is n eed ed to keep track of vertices yet to be traversed an d th e state of the associated partial subgraph. This com putation tim e does n o t exceed som e constant C2. T herefore, the total co m p u tatio n tim e n eed ed is C j + e*C2. Therefore, A lgorithm 1 requires O(e) tim e. □173Theorem 3: G iven a A G w h ich to tally h as ’m ’ p a irs of co n cu rren cyvertices an d rep licatio n vertices, th e to tal n u m b e r of m axim al restricted activity subgraphs generated b y A lgorithm 1 is th e sum of out-degree of all jStarting concurrency vertices and starting replication vertices in AG. H ence,. mi NMRA= 1 + X d(v.) w here d(vd is the n u m b er of out-going arcs 1: i= i 1 Iassociated w ith v^ |IP roof. The p ro o f is by ind u ctio n on m . For m = 0, neither © s n o r1 0 s is en co u n tered . N o n ew PSSes are created. T herefore, the processing ■j Istays in the in n er loop, an d only th e given activity AG is th e only m axim al restricted activity g rap h produced. The hypothesis is true.iFor m = 1, the hypothesis is tru e since at step 9 th e only successor of © s (or 0 s ) is p u sh e d to V ertex_stack w h en (S)s (or 0 s ) is visited as the cu rren t | vertex. T hen, at th e next iteratio n in the 'w hile (V ertex_stack) # em p ty )' j loop, the successor p u sh e d in the p rev io u s iteratio n becom es the c u rren t vertex to be exam ined. Since the only <§)s (or 0 s ) has been visited at step 9,hence, th e rem a in in g v ertices of AG w o u ld b e co p ied in to th e o u tp u t restricted activity grap h at either Step 22, or Step 32, or Step38, or Step40.A ssum e th e in d u ctio n h ypothesis tru e for (k-1) > 1. Let AG be an activity g rap h w ith k pairs of concurrency vertices and replication vertices. Then AG m u st have an innerm ost concurrent su b g rap h AGj w hich is constricted by a start concurrency v ertex Vj an d has no c o n cu rren t co m p o n en t activities. Based on Step9, d(vj) tasks (subgraphs) are created. The starting concurrency174(replication) vertex in AG is replaced b y an activity vertex w ith a special id to denote th at d(vj) tasks are forked an d synchronization activity (i.e., join)are to follow . The en d in g concurrency (replication) vertex in AG is replacedI| w ith an activity vertex w ith the sam e id as its corresponding vertex. Let the Im odified AG be AG'. A G ', then, has (k-1) pairs of concurrency or replicationiivertices. By th e in d u ctio n h y p o th esis, th e n u m b e r of re stric te d activ ity Igraphs generated for AG', N M R A ’, is:l1 , (*-D! NMRA = 1 + X d(v.).| i - i 1iH ence th e total num ber of restricted activity activity g rap h generated for AG is:N M R A - d(y ) + NM RA =>(* -l)NMRA= d(v.) + 1+ X d(v.)= > kNMRA= 1+ X d(v.). □i = l 14 .2 .4 . AN EXAM PLE O F PA RTITIO N IN G AN A CTIV ITY G R A PHIn the follow ing I u se an exam ple activity g rap h in w hich th ere are tw o p a irs of c o n cu rren cy n o d e s to illu stra te th e re su lts of a p p ly in g A lgorithm 1. I also dem onstrate h o w T heorem 3 can be a p p lied to check if sufficient n u m b er of restricted activity g rap h s p ro d u ced from p artitio n in g a given activity graph.175F ig u re 4-15 contains an activ ity g ra p h AG in w hich th e re are 20 vertices and 26 arcs. O bserve th at there are tw o pairs of concurrency vertices, one m ark ed w ith 3 an d th e o th er m ark e d w ith 4. The o u t-d eg ree of th e1i|sta rtin g co n cu rren cy vertex m ark ed w ith '3' is 2. The o u t-d eg re e of th eii startin g concurrency vertex m arked w ith '4' is 3.AGFigure 4-15: Two Pairs of Concurrency Vertices Marked With '3' and '4'F ig u re 4-16 d ep icts th e re stric te d a ctiv ity g ra p h s g e n e ra te d b y A lgorithm 1 for th e given activity g rap h AG. A ccording to T heorem 3, the total n u m b er of restricted activity g rap h s generated should be 6, i.e., (1+ 2 + 3) = 6. O bserve that the num ber o f restricted activity g ra p h in Figure 4-14 is in d eed 6. T he restricted activity g ra p h RA6 contains tw o pairs of fork-join activities: fork(21)-join(21) a n d fork(22)-join(22). E ach fork-join activ ity chain is u se d to replace a co ncurrent subgraph. This is d u e to the fact th at176 : i - ,each c o n c u rre n t su b g ra p h in sta n tia te s a se t of c o n c u rre n t th re a d s of activities. Each th read of activities is executed b y a task. In the activity grap h containing the co n cu rren t su b g rap h , th e activity w h ich is the successor of th e e n d in g c o n c u rre n c y v ertex can n o t s ta rte d u n til all th re a d s are co m p leted . T herefore, a join activ ity is a d d e d for sy n ch ro n izatio n . For exam ple, activity H cannot start until C an d D exit. T he fork(21) p revents the task executing RA6 (i.e., task6) from p erfo rm in g activ ity H . T he join(21)i enables the execution of activity H w hen task l an d task2 notify task6 of theirico m p letio n .i _ _ _ _ _ _ _RA1 CW rRA3|~ E |task3RA5r~GFigure 4-16: Maximal Restricted Activity Graphs for AGRA6fork forktask6RA2D 1task2RA4Ftask41774.2.5. TA SK GRA PH SE arlier in Section 4.1, I inform ally described th e p ro p erties of a task, th e b u ild in g blocks for rep resen tin g h o w a task interfaces to o th er tasks or external devices, a n d ho w a restricted activity g ra p h is rela te d to a task.!|N ow , before g ettin g in to th e form alism of a task g ra p h , I first form allyjdefine the necessary inform ation for describing a task.A ta s k is described by a task descriptor w hich in clu d es th e follow ing types of inform ation: (i) p o rts — its interfaces to o th er tasks, external devices, a n d to th e ru n -tim e system ; (ii) a t t r i b u t e s — sta te v a ria b le s a n d th e ir properties; (iii) b e h a v io r— its functional specifications (e.g., pre- an d p o stc o n d itio n fo rm u la s) a n d tim in g c o n strain ts sp e cifica tio n s (e.g., state- d ep en d en t execution tim e); and (4) stru c tu re — its associated restricted activity graphs. Task descriptors m ay be w ritten in different p ro g ram m in g languages(e.g., A da, C, etc.), an d executable on different processors. D uring execution jItim e, p rocesses, w h ich are in stan ces o f tasks, ru n o n p o ssib ly sep arate jprocessors and com m unicate w ith each other via a specific set of d ata flow s, iiw hich m ay be im p lem en ted as m essages. The task tem p late defined in this jSection is n o t in te n d e d to be d irec tly tra n sla te d in to object code. The in ten tio n is to allow one to b u ild a tool w hich generates resource allocation a n d sc h e d u lin g d ire c tiv e s by sy n th e siz in g th e first th re e classes of in fo rm a tio n afo rem en tio n ed or a tool to g e n erate a co d e skeleton from in te rp retatio n of th e task's restricted activity graph. I also assum e th at the178task descriptors, w ritten an d stored in task libraries, are b u ild in g blocks for task g rap h description program s.D efin itio n 3: A ta s k is a seq u en tial p ro g ram u n it w h ich is d eclared as follow s:ta sk p o rts< po rt_ d eclaratio n s>[ < p o rt_ rela tio n _ d ec lara tio n s>attrib u tesstate v ariab les | im p o rtan ce lev el < im portance_declarations>! stru c tu re< activ ity _ g rap h _ d eclaratio n >< d ata_ g rap h _ d eclaratio n > e n d D efinition 4: A d ata ele m e n t is a sequential p ro g ram u n it w hich is declared as follows:d ata elem en t p o rts< p o rt_ d eclaratio n s>attrib u tesstate v ariab les im p o rtan ce lev el < im portance_declarations> e n d D efinition 5: A c h an n e l is an interface pro g ram u n it w hich can be specified as follows:< data_item > := < nam e>< channel> := < data_item > : fro m < port_nam e> to ;179A channel represents an arc w hich connects tw o vertices in a task graph. A vertex m ay be a task or a d ata elem ent.D e fin itio n 6: T extual n o tatio n s for sp ecificatio n s of p o r ts , a t t r i b u t e s , b e h a v io r, tim in g co n strain ts, and s tru c tu re are defined below . A lso in the follow ing d efin itio n , th e context-free syntax of the n o tatio n is describ ed u sin g a v a ria n t of B ackus-N aur Form (i.e., '{' a n d enclose a re p e a te d item ; th e item m ay ap p ear zero or m ore tim es; th e repetitions occur from left to right. A vertical bar , ' I', separates alternative item s, unless it occurs im m ediately after an opening braces, in w hich case it stands for itself.)< n am e>A nam e is a string starting w ith upper-case letter.i< co n d itio n _ fo rm u la> := < p re _ co n d itio n _ fo rm u la> I 'I< p o st_ c o n d itio n _ fo rm u la > jR efer th e syntax for specifying pre- an d post- condition form ula in i D efinition 3 of Section 3.2.3. 'Ii< p o rt_ b eh av io r_ d eclaratio n > := jw h e n < co n d itio n _ fo rm u la> Iw ith < tim in g _ co n strain t_ fo rm u la> jT he p o rt b ehavior declaration defines th e con d itio n of w hich an ! in p u t (output) p o rt is to be enabled an d th e tim ing p ro p e rty w ith w hich an in p u t (output) is to be enabled. := m an d ato ry in I o p tio n a l in I outThis attrib u te identifies if the specified p o rt is a 'm an d ato ry in p u t’ p o rt, an 'optional in p u t' port, o r an 'o u tp u t p o rt’.< p o rt_ n a m e >180A p o rt n am e is a string.< p o rt_ d e c la ra tio n > :=< p o rt_ n a m e > : < p o rt_ ty p e > < p o rt_ b e h a v io r_ d e c la ra tio n >In each p o rt declaration, one specifies th e p o rt nam e follow ed byf . i< p o rt_ d e c la ra tio n s> := {< port_declaration> } < p o rt_ d e c la ra tio n > ;< p o rt_ re la tio n _ o p e ra to r> := — > I @'A — »B' represents th at p o rt B is read after p o rt A. ’ A@B’ represents th at either p o rt A or p o rt B is read b u t n o t both. J< p o rt_ re la tio n _ p re d ic a te > IA p o rt relation predicate is a predicate expressed w ith port_nam e !an d port_relation_operator. For exam ple, ( p i— »p2)©p3 states that either p o rt p i or p o rt p3 w ill be read. If p i is read, then p2 w ill be ■ read som e tim e later w hen the enabling condition of p2 is m et. i< p o rt_ re la tio n _ d e c la ra tio n s> := !In u l l l { < p o r t _ r e l a t i o n _ p r e d i c a t e > } j< p o rt_ re la tio n _ p re d ic a te > ;W hen there are m ore th an tw o in p u t p o rts or tw o o u tp u t p o rt, a set of port_relation_form ula can be u sed to describe the tem poral re la tio n sh ip b e tw ee n in p u t p o rts o r th e tem p o ral relatio n sh ip betw een o u tp u t ports.< a c tiv ity _ g ra p h _ d e c la ra tio n > := < g ra p h _ id > ;< g ra p h _ id >A g rap h identifier is a un iq u e positive integer.< g ra p h _ id _ list> := {} < g ra p h _ id > ;< d a ta _ g ra p h _ d e c la ra tio n > := n u ll I < g ra p h _ id _ list>181O b s e rv e th a t th e o p e ra to r s u s e d fo r c o n s tru c tin g th e p o rt_ relatio n _ p red icate co rresp o n d to the sequence o p erato r p rim itiv e an d th e selection prim itive. T his suggests th at the p o rt_ relatio n _ p red icate of a task could be synthesized from the associated m axim al restricted activity. I A lgorithm 2 defines a m eth o d for deriv in g the port_relation_predicates for jail in p u t ports and o u tp u t po rts of a task.I, A lg o rith m 2: G iven a task Tj an d its associated m axim al restricted activity jg ra p h M R A G j, a set of in p u t p o rts, a set of o u tp u t p o rts, an in p u t !p o rt_ re la tio n _ p re d ic a te , a n d a n o u tp u t p o rt_ re la tio n _ p re d ic a te are produced.1.2.14.5.6 .7.8.9.10IIuse the 'Depth First Search’ to identify each vertex in MRAGi do beginif type(vertex) = © s ' thenbeginput '©' to the in port relation predicate expression buffer put ’©' to the out port relation predicate expression bufferendif type(vertex) = 'A' then beginif the activity is at heads of some com. primitives then beginif predecessor(vertex) is an activity has input then put to the ’ in port relation predicate expression buffer' create an input port and generate a port identifier put portid to the 'in port relation predicate expression buffer'endif the activity is at tails of some com. primitives then beginif predecessor(vertex) is an activity has output then18212.13.j end;14. STOP; T he task g rap h d efined below is a directed g ra p h w hich h as n odesIbeing tasks o r d ata elem ents. A n arc b etw een tw n o d es rep resen ts a d ata|flow, and th e direction of the d ata flow corresponds to th at of the arc.Ii Form ally, a task graph TG is a 6-tuple,TG = [G, f, g, t, h, s]w h ere: G = [V, E] is a d irected g rap h in w hich V is th e set ofnodes and E is the set of arcs.f is a function from V into the set of allow ed n o d e types Vtp (Vtp is defined explicitly below .)g is a function from V in to the set of p o sitiv e integers, i This essentially provides a label for each node.t is a function from V into th e set of tim in g functions (them a p p in g ch arac teristics of th is fu n c tio n is d e fin e d below .)h is a function from E into 2-tuple, i.e.,1. the set of positive integers p ro v id in g a label for each arc;2. the set of positive integers providing size of data associated w ith each arc.s is a distinguished n o d e called the 'start node'.put to the ’ out port relation predicate expression buffer' create an output port and generate a port identifier put portid to the 'out port relation predicate expression buffer'end183 'The set of no d e types perm itted in a task g rap h is Vtp = {T, Dj, DQ }, i.e., th e set of n odes allow ed are tasks, in p u t d a ta elem ents, an d o u tp u t d ata elem en ts.T he fo u rth com ponent t of th e tu p le [G, f, g, t, h, s] is a functionjim ap p in g each e le m e n t Vj in V in to tim in g specification functions. If a v e rte x Vj is in Vt, th en t (vj) is an execution fu n ctio n e (e x i, ex2 ,..., exk)w here k > 0 an d exi, ex2 ,..., exk are ex i, ex2 ,..., exk are expressions relatin g I tim ing in stan t variables or state variables of vertex v^ If a vertex Vj is in Vd, | th en t (vj) is a tu p le of tim ing specification functions [% , sw (exi, ex 2,..., exk), rd (e x i, ex2 ,..., exk), ef(ex i, ex2 ,..., exk)] w h ere x is th e initial arriv al tim e relative to system start-up tim e (i.e., t = 0) an d sw , rd, ef, an d e are tim ing specification functions as defined in D efinition 3.2-1.In su m m ary , th e p ro p o sed design specification m eth o d h as a 3-part com putational m odel. H ow each p art is su p p o rte d is described in Table 4-A, Table 4-B, an d Table 4-C.184_____ 1Desired Properties in Data ModelsExpressibliPropertiesComposition• non-atomic data items are decomposable.Conditional Sequences• supported by the ’ selection’, 'iteration', and 'data item' primitives.Parallel Sequencesnot supported, (implies non-sequential execution')Multiple Instances of The Same Typenot supported.(implies non-sequential execution')Timing Specification• predicates expressed by time instant variables.Table 4-A: Properties Supported by Restricted Data GraphsDesired Properties in Control Flow ModelsExpressibliPropertiesComposition• supported by composite activities and tasks.Conditional Sequences• supported by the ’ selection’, ’iteration’ , ’ activity’ , ’ task’, primitives.Parallel Sequences• supported by the ’ task ’ and ’ communication’ primitives.Multiple Instances of The Same Typenot supported.Timing Specification• predicates expressed by time instant variables.Enabling and Exiting Criteria• supported by pre-condition & post-condition formulas.Table 4-B: Properties Supported by Task Graphs and Restricted Activity Graphs185Desirable Propertie in Sequential program ModelsExpressibliPropertiesStimulus and Response Relationship• supported by pre-condition & post-condition formulas.State Changes • supported by using ADA PDL and 'state variables'.Timing Specifications • timing constraints formulas.Interconnections Between Programs• A restricted activity graph defines relationships between programs.Validation Points and Criteria• supported by pre-condition & post-condition formulas.Table 4-C: Properties Supported by Restricted Activity Graphs and the Task DefinitionTemplateG iven definitions of activity g rap h an d task g rap h an d algorithm s for d eriving a set of m axim al restricted activity grap h s from a activity g raph, in the follow ing, I discuss how a task g rap h can be autom atically derived.1864 .3 . D E R IV IN G AN IN IT IA L T A S K G R A P H F R O MtR E Q U IR E M E N T S |IiSo far I p resen ted a req u irem en ts specification m eth o d w ith w hich th e requirem ents specifications are expressed in the form of activity graphs, jdata g ra p h s, p ro g ra m d e scrip tio n lan g u a g e, a n d co n strain ts (in clu d in g jtim ing c o n strain ts, p re-c o n d itio n , a n d p o st-c o n d itio n fo rm u las). I also ipresented a design specification m ethod w ith w hich a design is expressed in term s of restricted d ata graphs, restricted activity graphs, task tem plates, and task g rap h s. The general scenario described in th e follow ing o u tlin es the softw are req u ire m e n ts specification, to p level d esig n , detail design, an d coding phases of the softw are developm ent process.Step 1: D efine S oftw are R equirem ents: T he tim e sequence p ro p erties of a system are expressed com pletely in term s of d ata graphs an d activity g rap h s. The decom position process is com pleted w h en all activities are d e co m p o se d in to atom ic a ctiv ities, all ato m ic activ ities are sp e c ifie d w ith p re - a n d p o st- c o n d itio n s, all d a ta ite m s are {id eco m p o sed in to atom ic d a ta item s, a n d th e req u ire d tim in g a n d j resource constraints are specified. JStep 2: P erform P a rtitio n : A n activity g rap h , rep resen tin g a req u irem en ts J specification, is p a rtitio n e d in to a set of m axim al restricted activity grap h s usin g A lgorithm 1.Step 3: D efine a Softw are A rchitecture: G iven this set of m axim al restricted activ ity g ra p h s, th e o rig in al activ ity g ra p h , d a ta g rap h , an initial softw are architecture, expressed in term s of a task g rap h , is d eriv ed based on a set of task derivation rules.1 8 7Step 4: E valuate the A rchitecture: A ssess if the p ro p o sed design satisfies the tim in g an d sizing constraints a n d o th er p e rtin e n t properties. If the p ro p o sed design does not m eet the specified requirem ents; go to S tepl ; if the designer determ ines th at the requirem ents are not realizable for j a given h a rd w a re architecture; go to Step2 to com bine som e set of | tasks into a bigger task if for exam ple the n u m b er of tasks p ro d u ced j exceeds th e lim it im posed by th e h a rd w are o r th e o p eratin g system ; jigo to Step2 to p artitio n a task in to a n u m b er of tasks if for exam ple som e tasks p ro d u ced are too large to fit in to m em ory; or go to Step3, for exam ple, w h en th e tim ing constraints cannot be satisfied an d an alternative h ard w are architecture is allow ed.A fter an initial softw are architecture has been autom atically derived, sim ulation m ay be used to assess the realizability of th e task g rap h w ith a d esirable degree of accuracy. Based on sim ulation resu lts or o th er criteria, th e designer m ay u p d a te the task g rap h , effectively o v errid in g any existing d e sig n choice. T he m o d ifie d ta s k g ra p h m ay o r m a y n o t sa tisfy requirem ents. A gain, sim ulation m ay be used to v alid ate if the new design j is realizable. jIn the follow ing, before I outline the p ro ced u re for deriving an initial task g rap h from a given activity graph. I first identify a set of synthesis rules j w hich are u sed in th e derivation.• task m ap p in g ruleThe p u rp o se of this ru le is to define a baseline set of tasks based on a given activity g rap h . The ap p ro ach is to create a task for each m axim al restricted activity graph. T he restricted activity g ra p h is labeled w ith a unique task identifier.188in p u t/o u tp u t m ap p in g ru leT he p u rp o se of this ru le is to p reserv e th e in p u t a n d o u tp u t req u irem en ts. T herefore,- if a task is created from a m axim al restricted activity g rap h , the task inherits all the in p u ts an d all the o u tp u ts from its associated m axim al restricted activity graph;- if a task is created from a junction connector, the fan -in arcs becom e the in-com ing d ata flow s of the task an d th e fan-out arcs becom e the out-going d a ta flow s of the task.|- if a task is created to replace a m erge connector, an equivalent j connector, an d a split connector, then the fan-in arcs of the m erge j connector becom e the in-com ing d ata flow s of th e task a n d the fan-out arcs of th e split connector becom e the out-going d ata flow s ;Iof th e task.p o rt_ relatio n _ p red icate d eriv atio n ru leThe p u rp o se of this ru le is to preserve th e tem p o ral p ro p erties of ! d a ta c o n s u m p tio n a n d p r o d u c tio n . T h e r e f o r e , th e ! p o rt_ re la tio n _ d e c la ra tio n of a task is s y n th e siz e d b y a p p ly | A lgorithm 2. Jitim in g conversion ru leT he p u rp o se of th is ru le is to p reserv e th e tim in g co n strain ts represented in th e execution fram e function associated w ith a pair of iteration prim itives w hich enclose a set of atom ic activities. For each p air of iteratio n prim itives w ith a c o n sta n t execution fram e fu nction in th e associated restricted activity g ra p h o f a task, a189synchronization m echanism (e.g, signal, sem aphore) is selected to be in co rp o rated into th e task g ra p h a n d m o dify th e associated restricted activity g rap h (e.g., w ait o n a signal or a sem aphore). For n o n -c o n sta n t execution fram e, an activity is ad d ed as a successor v ertex of th e en d iteratio n vertex. For b o th co n stan t an d n o n constant execution fram e, b o th the start vertex an d th e en d vertex jare deleted from the graph. I!I• interface m ap p in g rule jIT he p u rp o s e of th is ru le is to p re s e rv e th e d a ta flo w j com m unication characteristics. T herefore, tasks in h erits all d a ta ! flow prim itives betw een m axim al restricted activity graphs. j• d ata integrity ruleThe p u rp o se of this rule is to m anage data integrity for sh ared data item s. For each d a ta item X w h ich is associated w ith ju n ctio n c o n n ecto rs, a data m anager task is created for X to p ro v id e concurrent accesses to X an d m aintain integrity and consistency of X. T he d a ta item X becom es a p riv a te d a ta item of th e d a ta m anager task an d o th er tasks sen d req u ests to th e data manager for obtaining inform ation from or depositing inform ation to X.• d a ta transform ation ruleT he p u rp o se of th is ru le is to tran sfo rm a d a ta item from th e p ro d u c e r's view to th e co n su m er's view . For each d a ta item X w hich is associated w ith m erge connector, eq u iv alen t connector, a n d sp lit connector, a 'd a ta tran sfo rm er' task is created for X to receive d ata according to th e properties specified in th e associated d a ta g rap h an d split connector, an d then, transform th e d a ta into th e d esired p ro p erties specified in th e associated d a ta g ra p h of m erge connector.190G iven an activ ity g rap h AG, its associated set of com m unication prim itives CP, an d its associated set of d ata g rap h s DG, th e follow ing is an outline of steps taken for deriving a task g rap h TG.S tepl: ap p ly Algorithm 1 to obtain a set of m axim al restricted activity g raphs from AG.Step2: d eriv e an initial set of tasks by a p p ly in g th e task mapping rulesuch th at a task is created from each m axim al restricted activity graph.for each task d obegin !(1) a p p ly th e input/output m apping rule to o b ta in all th e in p u ts an d o u tp u ts of the task.(2) a p p ly th e port_relation_derivation rule to d efin e all the i n p u t p o r t s , a ll th e o u t p u t ports, the in p u t p o r t _ r e l a t i o n _ p r e d i c a t e , a n d t h e o u t p u t | p o rt_ relatio n _ p red icate.(3) ap p ly th e tim ing conversion ru le to replace each p a ir of ite ra tio n v e rtice s w h ic h h as a c o n sta n t e x ec u tio n fram e function w ith a given synchronization m echanism .e n dStep3: derive the precedence relations betw een tasks. for each com m unication prim itive c in C P d o beginif type(c) = d ata flow then begina p p ly th e interface m apping rule to create a c h a n n e l to connect191t h e t a s k s o n e a c h e n d o f t h e d a t a f l o w c :o u tp u t this channel to a 'channel_list' buffer. e n dif type(c) = junction th en beginapply the data integrity rule to create a data manager task. jcreate tw o in p u t ports: j- one for the request to rea d from the d ata item an d i- th e o th er for th e req u est to w rite in fo rm atio n in to th e ! data iitem 1ic re a te o n e o u tp u t p o r t fo r re tu rn in g th e re q u e s te d jin fo rm a tio n ito the requestor of the read) for the data manager. jichange th e junction connector into a m erge connector w hich j has the sam e d a ta item as th at associated w ith the junction j connector. T here is only one bi-directional arc betw een jthe d a ta item an d the data manager.iap p ly the input/output mapping rule to obtain all th e jin p u t and o u tp u t d ata flow s of the data manager and at the sam e tim e a p p en d these d ata flow s to CP.e n diif type(c) = equivalent th e n iIbegin. jiap p ly the data transformation rule to create a data transducer i task. Jlcreate one in p u t ports an d one o u tp u t port. !apply the input/output mapping rule to o b tain all th e |in p u t an d o u tp u t d ata flow s of th e transducer manager an d | at the sam e tim e ap p en d these d ata flow s to CP. jtI192e n ddelete c from CP.I e n dA fter one goes th ro u g h several iteratio n s of d efining th e so ftw are arch itectu re, a task g ra p h is d eriv ed . T here still is th e issu e of h o w to m a n a g e re s o u rc e s su c h th a t th e tim in g c o n s tra in ts a n d re s o u rc e requirem ents of activities in a task can be satisfied.4.4. SUM M ARYIIn this chapter, I d ev elo p ed th e m eth o d o lo g y for tran sfo rm in g th e J activity g rap h and d ata graph to a softw are design. I defined the concepts of a m axim al re stric te d activity g rap h . T hese w ere sh o w n to c o rre sp o n d to se q u e n tia l p ro cesses or tasks. In a d d itio n , an a lg o rith m fo r d e riv in g ; m axim al restricted activity g rap h s from an activity are p resen ted as w ell as th e m eth o d s for con stru ctin g task g rap h s b ased on th e d eriv ed m axim al restricted activity graph. iiJiIn th e n e x t c h a p te r, I p re s e n t an ex am p le a p p lic a tio n of th e m eth o d o lo g y in som e detail. The ex am p le is d ra w n from avionic ra d a r system s an d represents a non-trivial application.ii1935. AN EXAMPLE SENSOR SYSTEMJ A dvanced avionic rad a r system s w ere in tro d u ced in C hapter 2 as oneim p o rtan t exam ple of sem i-hard real-tim e system s. In this chapter I w ill use the m ethodology d ev elo p ed in C h ap ters 3 an d 4 for th e specification an djdesign of an exam ple avionic rad a r system w ith an electronically scanned an ten n a. T he req u ire m e n ts specification is given first u sin g th e activ ity g rap h form alism . A n initial softw are design b ased on this specification uses A lg o rith m 1 from C h a p te r 4 to g en erate th e m axim al restricted activity g ra p h s fro m th e req u ire m e n ts. I th e n u se th e ta sk g ra p h d e riv a tio n algorithm defined in Section 4.3 is to generate th e corresponding task graph.|The results of this initial design phase are presented. !iI5.1. REQ U IREM EN TS SPEC IFIC A TIO NIA dvanced avionic rad ar system s typically interface w ith tw o classes of i external physical processes: com m and processes a n d m o n ito red processes. Exam ples of com m and processes are a pilot, o th er sensor subsystem s w hich h a v e c o m m u n ic a tio n lin k s w ith th e ra d a r su b sy ste m , o r a m issio n com puter w hich gives the rad a r subsystem directives on w h at d ata to obtain a n d h o w to process it. E xam ples of m o n ito red physical processes are an airplane, a specified air space, a specified g ro u n d space, or a w eather object. As show n in th e activity g rap h in Figure 5-1, a sensor subsystem interfaces w ith command processes directly, b u t interfaces w ith monitored physical processes via a fro n t end. T hese fo u r co m p o n en ts: com m and processes, sensor su b sy ste m , fro n t end, a n d m onitored physical processes, are concurrent w ith each other an d com m unicate th ro u g h data.194&ExternalRequestsMonitoredPhysicalProcessesFrontEndCommandProcessesSensorSubsystemr Front End t StatusFigure 5-1: An Activity Graph Representing the Interaction Between a Advanced RadarSystem and Its External EnvironmentT he sensor su b syste m c o n su m e s external requests issu e d by |icommand processes an d pro d u ces track files w hich co n tain in fo rm atio n on | th e state of cu rren tly m o n ito red physical processes. T he sensor subsystem IIip ro d u ce s front end directives w hich contain a set of firm w are com m ands to j control the tim ing an d w aveform of signals to be tran sm itte d in o rd er to I sen se m o n ito re d processes. R eturned waveforms are p ro d u c e d w h en the transm itted w aveform s are reflected b y th e monitored physical processes.iT hese re tu rn e d signals are th en received by th e front end receiver w hich tran sfo rm s th e collected signals in to digital form at an d , th en , deposits the tran sfo rm e d in fo rm atio n in to th e d a ta stru c tu re s re fe rre d to as collected returns. D u rin g d ata collection, th e front end p ro d u ces front end status to indicate if the collection of th e specified signals w as com pleted norm ally or th e collection of sig n als has en co u n tere d som e a b n o rm a lity su ch as the195.signal to noise ra tio exceeding th e allo w ab le lim it. T hen, th e collected r e tu r n s are p ro cessed b y th e sensor system to fo rm o b se rv a tio n s for pred ictin g the fu tu re state of the m o n ito red physical processes such th at the sensor subsystem can d e te rm in e w h e n to ag ain o b serv e th e p h y sic al| iI processes in o rd er to n o t lose track of them . Also, b ased on th e collectedij retu rn s, the state of each observed physical process is stored in a database, j called a trackfile. The inform ation in track files are retu rn e d to com m andi I! processes eith er on d em an d or periodically at a specified tim e interval.fI3 component s: (1) Sensor Manager, (2) Signal Processing Manger, (3) Data ProcessingManager.Figure 5-2: An Activity Graph Representing a Sensor SubsystemF igure 5-2 contains a refinem ent of the sensor subsystem . T he three in p u ts: External Requests, Front End Status, an d Collected Returns, an d tw oSignal A f D ata ^ Processing Processing^R equests y ^ R e q u e sts j4 \ \FrontEndStatus^ Front End ^Requests^DataProcessing^Manager^SignalProcessingM anagerTrackFilesExternalRequestsSensorM anagerf Front ^ End l D irectives jCollectedReturnsTrackD atabaseA bort196o u tp u ts: Front End Directives and Track Files in Figure 5-1 are in h erited by the refined activity g rap h of the sensor subsystem.A s show n in Figure 5-2, a sensor subsystem is com prised of a SensorI,M a n a g er, a Signal Processing M anager, an d a Data Processing M anager, executing co n cu rren tly w ith each other. In ad d itio n to the 5 in p u t/o u tp u t ;ijd ata item s, th e re are 5 co m m unication connectors: (1) signal processing \requests, (2) abort, (3) data processing requests, (4) front end requests, a n d (5) track database. The sensor manager co n su m es th e tw o ex tern al in p u ts , external requests an d fro n t end status, a n d track database; from th is in fo rm a tio n it th en p ro d u ce s th e ex tern al o u tp u t front end directives toIdirect the fro n t en d tran sm itter as to h o w to tran sm it signals. The signal processing manager accepts th e signal processing requests from th e sensor manager; then, consum es an d processes collected returns according to th e directions specified in the signal processing requests. Signal processing for a specific signal processing request w ill be aborted if an abort is received from th e sensor manager. By com paring inform ation in th e track database, it can be d eterm in ed if the observation form ed from collected returns is associated w ith k n o w n m o n ito re d processes. A track u p d a te (T U ) data processingJrequest is issu ed to th e data processing manager w h en th e o b serv atio n is associated w ith a k n o w n m o n ito red process. A search confirm (SC_act) front end request is issu ed to th e sensor m anager fo r o b ta in in g m o re detailed a n d /o r accurate inform ation w hen th e observation is n o t associated w ith k n o w n m o n ito re d processes. F inally, th e data processing manager correlates the given observation w ith m o n ito red physical processes u sin g som e sco rin g fu n ctio n , e stim ates th e fu tu re sta te of th ese m o n ito re d_________________________________ 19 7 _p ro cesses a n d u p d a te s th e sta te in fo rm a tio n in th e track database. In ad d itio n to u p d a tin g th e track database, the data processing manager is also responsible for deleting a specific set of m onitored processes on d em an d and o u tp u ttin g the track database to track files periodically.SensorM anagercFrontEndRequestsExternalRequestsFront End Planning Directives^f Front EndA Front End DirectivesTrackDatabaseW orkload ListW orkU nitFront Front End Requests M anagerFront End PlannerFront End SchedulerData Processing RequestsFront End ^ S ta tu sAbortX o- r SignalProcessingI RequestsFigure 5-3: An Activity Graph Representing Computational Behavior of Sensor ManagerFigure 5-3 contains an activity g rap h rep resen tin g the refinem ent of the sensor manager in w hich th e 3 in p u ts and the 4 o u tp u ts of the sensor m a n a g e r are in h erite d . T his is d u e to th e ru le th a t, at each level of refinem ent, th e in p u ts an d o u tp u ts of an activity m u st be in h erited b y its associated activity g rap h rep resen tin g the refinem ent of th e activity. A lso each in p u t m u st hav e a com ponent activity in th e refin em en t to consum e it; sim ilarly, for each o u tp u t th ere m u st be a c o m p o n en t activity in the refinem ent to p roduce it.198A lso the sensor manager in Figure 5-3 is com prised of a Front EndRequests M anager, a Front End Planner, a Front End Scheduler, an d a FrontEnd Setup. In a d d itio n to th e 7 in p u t/o u tp u t d a ta item s, th e re are 3a d d itio n a l co m m unication connectors: (1) front end requests, (2) front endjplanning directives, and (3) front end workload list. The front end requests I im a n a g er co nsum es external requests. B ased on th e in fo rm a tio n in an jiexternal request, it th en p ro d u ce s front end planning directives to d irect j j usage of the front end resource, how each type of front en d activity should jibe p lan n ed , or w h at front en d activities are to be aborted. A t this level of j j refin em en t, only w hat are p ro d u ce d by the front end requests manager is j |specified. T he details of w h en , w h y , an d h o w abort, fro n t end planning jdirectives, data processing requests are p ro d u c e d are specified at th e next jllevel, i..e, th e refin em en t of th e front end requests manager. T he front end jlplanner accepts 5 in p u ts an d produces 2 o u tp u ts. Based on th e inform ation in the track database, the front end planner assesses th e tactical situ a tio n b a sed o n k n o w led g e of th e sta te of each m o n ito red processes. It th en determ ines th e relative tactical im portance level of each fro n t en d activity associated w ith each front end request by u sin g som e v alu e fu n ctio n and d e te rm in e s th e tim in g c o n strain ts of each fro n t e n d activ ity . T h en it p ro d u c e s a front end workload list in w h ic h fro n t e n d activ itie s are d escribed in clu d in g inform ation such as tim in g specification function s ef, sw , a n d rd , im portance level, a n d g ro u p id, etc. T he front end scheduler read s in th e front end workload list, uses a real-tim e sch ed u lin g algorithm , such as E a rlie s t D e a d lin e F irs t , R a te M o n o to n ic a lg o rith m s [Liu& Layland74], to select a work unit w hich is th e m o st im p o rtan t, tim e-199critical, an d tim e-inflexible activity to be perfo rm ed next by th e front end. B ased o n th e in fo rm a tio n in th e work u n it, th e front end setup th e n produces a set of firm w are com m ands to direct th e front en d tran sm itter asjto w hich w aveform s are to be transm itted an d the tim ing properties of each I w av efo rm .fiiIA lth o u g h each in p u t (each o u tp u t) of an a ctiv ity m u st h a v e a co rresp o n d in g com ponent activity to consum e (produce) it, this does n o t m ean th a t the consum er com ponent activity for each in p u t. For exam ple, the front end planner consum es tw o in p u ts, one b ein g the track database an d the o th er b ein g th e front end status. T he front end requests manager co n su m es external requests an d p ro d u ces data processing requests. T he iitem poral and spatial parallelism properties represented in the d ata graphs of ;tin p u ts an d o u tp u ts of an activity suggest h o w the activity can be refined ! such th a t th e co m p o n en t activities consum e th e in p u ts an d p ro d u c e th e i o u tp u ts according to these sam e tem poral and spatial parallelism properties, jExternalRequestsef > 0 .1 ^RequestExternalRequest' Etelete Track FileJPerformance j! Im portance uirem ent BoundJ \(a) The Data Graph for External Requests, (b) Refined Data Graph for External Request. Figure 5-4: Data Graphs Representing Properties of External RequestsFor exam ple, th e d ata g rap h in Figure 5-4(a) is th e refinem ent of the external requests w hich are th e in p u ts to th e sensor manager. T he d a taonng rap h specifies th at the external requests are a sequence o f external request. The expression 'ef > 0.1' associated w ith th e sta rtin g ite ratio n p rim itiv e specifies th at th e tim e interval, represented by the execution fram e function ef, betw een tw o instances of external requests is at least 0.1 second. The data g ra p h in F igure 5-4(b) is the refinem ent of the external request. The d ata g ra p h in F igure 5-4(b) specifies th a t an external request m ay be eith er a search request, a delete track file request, a set resource bound req u est, a set \performance requirements request, or a set importance level req u est.Front End Planning Directivesef > 0.1 < —^Front End Planning DirectiveDFront End Planning Directive^ Bound Front End ^ Usage\ f Set Activit^VA Set Activity Performance II Importance J R eq uirem en t^ Level(a) Front End Planning Directives, (b) Refined Front End Planning Directive Figure 5-5: Data Graphs Representing Properties of Front End Planning DirectivesT he d a ta g ra p h in F igure 5-5(a) is a refin em en t of th e front end planning directives w hich are th e o u tp u ts from th e sensor manager. T he d a ta g rap h specifies th a t the front end planning directives are a sequence of front end planning directive. The expression 'ef > 0.1' associated w ith the startin g iteratio n p rim itiv e specifies th at th e tim e interval, rep re se n te d by th e e x ecu tio n fram e fu n ctio n e f, b etw een tw o in stan ces o f front end planning directives is at least 0.1 second. The d ata g rap h in Figure 5-5(b) is the refinem ent of the front end planning directive. The d a ta g ra p h in Figure 5-5(b) specifies th a t a front end planning directive m ay be eith er a bound 201_front end usage directive, a set activity performance requirements d irectiv e, or a set activity importance level directive.Front End Requests Manageref > 0.1ExternalRequestExternalRequestsPerform Search Frame Planning Activity to Divide a SF into a Sequence of Search Alert (SA-act) activitiesAbortBroadcast AbortFront EndPlanningDirectivesGenerate a Delete requestGenerate Front End Planning DirectivesGenerate an SA_act requestSA actFigure 5-6: An Activity Graph Representing a Front End Request ManagerF ig u re 5-6 is a refin em en t of th e front end requests manager. This refin e m e n t h as a n ite ratin g loop w h ich is b a sed o n th e ite ra tin g loop defined in Figure 5-4(a). The su b g rap h w hich starts w ith a selection operator a n d en d s w ith th e selection operator) in F ig u re 5-6 is b ased on th e d ata g rap h d ep icted in Figure 5-5(b) for front end planning directives an d th a t an external request is com prised of eith er a search, a delete track file, o r a d ata202item rep resen ted in a front end planning directive, as d ep icted in Figure 5- |4(b).f^Front End ^ S c .r - 2 .1 ^Directivesr Timing ^Control Command V Tables Jv _______ 0 ~ ~ _ _ JFigure 5-7: A Data Graph Representing Properties of Front End Directives!The d ata g rap h depicted in Figure 5-7 specifies th a t every 0.1 second a ;!set of firm w are com m ands m u st be p ro d u ced by th e sensor manager. Since :th e tim in g of th e fro n t end request manager is n o t strictly p erio d ic, a !Isep arate com ponent (the front end setup contained in Figure 5-3) is defined jito p ro d u ce th e front end directives..T he d a ta g ra p h in F ig u re 5-8(a) is a refin e m e n t of th e fro n t end req u ests w h ich are th e o u tp u ts from th e fro n t end planner, th e sig n a l processing m anager, an d th e data processing manager. T he d a ta g ra p h specifies th a t th e front end requests are a sequence of front end request. The tim e in te rv a l b e tw ee n tw o in stan ces of front end requests is at least 0.1 second. The d a ta g ra p h in F igure 5-8(b) specifies th a t a front end request consists of a set of search alert activity (SA_act) req u ests, a set of search confirm activity (SC_act) requests, and a set of track u p d a te activity (TU_act) req u ests, all a rriv in g concurrently w ith each other. F urth erm o re, the total n u m b er of concurrent SA _act requests is lim ited b y th e m axim um nu m b er203of search fram es, denoted by m ax#fram es. The total n u m b er of concurrent SC_act requests is lim ited by the m axim um n u m b er of m onitored processes to be o b serv ed , d e n o te d b y m ax#obs. T he to tal n u m b e r of co n cu rren tiT U _act re q u e sts is lim ite d b y th e m ax im u m n u m b e r of m o n ito re d processes to be tracked, denoted by m ax#tracks.^ Front End RequestFrontEndRequests'[max#frames, current #][max#obs,current#]Tmax# tracks, current #]r Front End t Request(a) Refinement of Front End Requests, 0?) Refinement of Front End Request Figure 5-8: Data Graphs Representing Front End RequestsFigure 5-9 depicts a refin em en t of the front end planner w hich is a j co m p o n en t activity of th e sensor manager illu strated earlier in Figure 5-3. j The front end planner consists of tw o loops. The o u ter loop indicates th a t , th e tim e interval betw een tw o activations of the front end planner is greater th an 0.1 second. D uring each activation, the activities in th e in n er loop are th en perform ed.204Front End Planneref > 0.1r Track Databasefor each activitjFront End RequestsSelect a Front End RequestFrontAbortCompute SA Workload ParametersFrontEndStatusCompute SC Workloac Parameters &Decide Waveform for SCWorkloadSpecificatioComputeTUWorkloadParameters &Decide Waveform forTU&DecideWaveForm for SAGenerate Next SA actSA aclAppend to Workload ListFront End Capability & Waveform yC now ledge Bas^Figure 5-9: An Activity Representing Front End Planner i1iIn each iteratio n of th e in n er loop, a front end request is selected iibased on som e selection criteria such as first-in-first-out (FIFO). The selected front end request is th en p ro cessed acco rd in g to its type. T he front end capability & waveform knowledge base is a local static d a ta stru ctu re w hich contains inform ation ab o u t th e p ro p erties of th e fro n t en d h a rd w a re an d205firm w are. B ased o n in fo rm atio n in th e k n o w le d g e b ase an d th e state inform ation ab o u t m o n ito red processes in th e track database, the types and param eters for w aveform s to be g en erated by th e fro n t en d are co m puted an d then the w o rk lo ad specification of the fro n t en d is p ro d u ced . N ote th at the next instance of a search alert activity req u e st (SA_act) is issu ed here. 'T his is d u e to the fact th a t a search ex tern al re q u e st c o rre sp o n d s to a {sequence of search alert activities a n d each search alert activ ity is an : ad ap tiv e activity. Refer to E xam ple 2 in Section 3.3.4. for details of h o w to derive a sequence of search alert activities from a search external request.ef > 0.1WorkUnitProcessingRequestsType-1 ^ Work Unit jType-mWorkUnitWorkUnitJ(a) Refinement of Signal Processing Requests, (b) Refinement of Work Unit Figure 5-10: Data Graphs Representing Signal Processing RequestsT he d a ta g ra p h in F igure 5-10(a) is th e refin e m e n t of th e sig n a l processing requests w hich are the o u tp u ts from th e sensor manager The d a ta g ra p h specifies th a t th e signal processing requests are a sequence of signal processing requests The tim e interval b etw een tw o instances of signal processing requests is at least 0.1 second. The d a ta g ra p h in Figure 5-10(b) specifies th a t th ere are m types of w o rk units a n d th a t each work unit m aybe one of t y p e l ,..., or type-m . Each type of work unit corresponds to a signal ;!processing job g rap h in [Berk et el 89]. Recall th a t in Figure 5-3 the fro n t j _________________________________________________________________ 2 0 6 Jend scheduler com ponent activity of th e sensor manager b ro a d c a sts the work unit to both the front end setup co m p o n en t activ ity in th e sen so r m anager an d the signal processing manager. T he p u rp o se of b ro ad castin g th e work unit is to let th e signal processing manager k now th e ty p e of signal p ro cessin g re q u ire d for th e u p co m in g collected returns so th a t th e signaliiprocessing manager can p re p a re to in itiate the ty p e of so ftw a re tasks {required to perfo rm signal p ro cessin g a n d to allocate sufficient am o u n tstorage to hold the upcom ing collected returns.Signal Processing M anagerSignal Processing ^ R e q u e sts _cA bortSignalProcessingRequestsM anagerSignalProcessorGlobalJob Processing ^ Status _CollectedReturnsTrackD atabaseSignalProcessingSC_actJobM anagerFrontEnd/* .............NJobJob 1 ^G raphsv K JList JData Processing . RequestsFigure 5-11: An Activity Representing Signal Processing Manager jiF igure 5-11 dep icts a refin em en t of th e signal processing manager Jlw hich consists of three com ponent activities, th e signal processing requests m anager, th e signal processor global scheduler, and th e signal processing job manager, executing concurrently in a pipeline fashion. A t each iteration of th e signal processing requests manager, it selects a work unit usin g a FIFO policy, in terp rets this work unit, a n d instantiates a job g ra p h based on its ty p e [Berk et el 89]. This job graph is then sent to the signal processor global207scheduler w h ich w ill, u sin g reso u rce allocation policies such as lo n g est distance first (LDF), allocate jobs to each signal processor. A job list is the d a ta stru ctu re u sed to hold the jobs allocated to a signal processor. H ence, each signal processing job manager receives a job list for it to schedule.Signal Processing Job ManagerccccCollectedRetainsJobListAbortSignalProcessorLocalTrack DatabaseSignalProcessingJobExecData Processing RequestsSC actr Signal Processing ^RequestsJobProcessing . StatusFigure 5-12: An Activity Representing Signal Processing Job ManagerF ig u re 5-12 d ep icts th e activ ity g ra p h o f a signal processing job m anager w hich consists of a signal processor local scheduler an d a sig n a l processing job exec, executing concurrently in a pipeline fashion. The signal processor local scheduler selects a job fro m th e job list u s in g so m e sch ed u lin g policy such as FIFO. T hen, the selected job is disp atch ed to the signal processing job exec to be processed based on the p aram eters associated w ith the job. W hen th ere is inform ation o b serv ed in th e collected returns, th is o b se rv atio n is c o m p a red w ith th e track s in th e track database to d e te rm in e d if th e o b serv atio n m ay b e asso ciated w ith a se t of k n o w n m o n ito red processes. If th e ob serv atio n can be associated w ith a set of208k n o w n m o n ito red processes, a track update data processing request (TU_act) is issued; otherw ise, a search confirm front end request (SC_act) is issued.(a) Refinement of Data Processing Requests, (b) Refinement of D /P Task Request Figure 5-13: Data Graphs Representing Data Processing RequestsT he d a ta g ra p h in F igure 5-13(a) is th e refin e m e n t of th e d a ta processing requests w hich are the o u tp u ts from the sensor manager and the signal processing job exec in the signal processing manager. The d a ta g rap h specifies th at th e data processing requests are a sequence of D /P task request, j The tim e in terv al b etw een tw o instances of signal processing requests is at least 0.1 second. The d ata g rap h in Figure 5-13(b) specifies th a t a D /P task j request m ay be either a delete or a T 17.F ig u re 5-14 d ep icts a refin em en t of th e data processing manager w h ich consist of five co m p o n en t activities, th e signal processing requests m anager, th e signal processor global scheduler, the signal processing job m anager, the delete tracks, a n d th e output tracks, e x e c u tin g c o n cu rren tly , jiT he fu n ctio n ality of com ponents of this refin em en t is sim ilar to th a t in I Figure 11 except for th e delete tracks an d the output tracks. The delete tracksDataProcessingRequestsD /PTaskRequestf Task 1 f Delete TU ^V Request y V A Jare trig g e rre d w h e n th e front end requests manager c o m p o n e n t in the209sensor manager determ ines th a t a delete track file external request h as been received from a command process The output tracks send o u t a copy of th e track database to a command process a t a fixed tim e interval( e.g., 1 second).D ata Processing M anagerEnableTUJob Processing ^ Status .TrackD atabaseD ataProcessingRequestsM anagerD ataProcessorGlobalSchedulerr D ata Processing l RequestsO u tputTracksDeleteTracksDelete TUJobM anageriitA bort\ Track |L _ fE Jr Front ^ End ^R equests jTU Job ListTUJobG raphsFigure 5-14: An Activity Representing Data Processing ManagerF igure 5-15 depicts th e activity g ra p h of a TU job manager w hich consists of a data processor local scheduler an d a TU job exec, e x e c u tin gIconcurrently in a pipeline fashion. T he data processor local scheduler selects j a job from the job list using som e scheduling policy such as earliest deadline j first (EDF). T hen, th e selected job is d isp atch ed to th e TU job job exec to be processed based on the param eters associated w ith the job.210TU Job ManagerFront End RequestsTU Job ListDataProcessorLocalSchedulerTUJobTU Job EXECAbortTrackDatabase^TU Execution^ Frame Function ^ValueTable^Figure 5-15: An Activity Representing TU Job ManagerThe TU job exec correlates the observations w ith tracks in the track database, u p d ates the associated tracks w ith the n ew ly d eriv ed inform ation, Iife stim ates th e e rro r covariance, p red ic ts th e ta rg e t p o sitio n at th e next i u p d a te , a n d co m p u tes th e n ex t u p d a te tim e. In o rd e r n o t to lose a m onitored process and to keep the tracks w ithin the prescribed accuracy, the d u ratio n betw een tw o consecutive d ata collections fo r a m onitored process m u st be dynam ically c o m p u ted by d eterm in in g th e tim e in terv al d u rin g w hich the erro r variances deriv ed in th e K alm an filters grow s to reach the m ax im u m allo w ab le trac k in g e rro r variances. F ig u re 5-16 d e p ic ts the relationship b etw een th e perform ance requirem ents (w hich are specified as 'com putational e rro r tolerance) an d tim ing constraints.p = 0 - i.e. this activity is non-preemptiveO C = 12 - i.e. this activity's importance level is less than the 'confirm after an alertsearch’ activity.trackingerrorvariancemaximumallowableerrorswFigure 5-16: Timing Constraints Defined Based on the Growth Trend & Bounds on ErrorVarianceB ased o n th e n o tio n th a t th e e rro rs a sso c iated w ith th e sta te j in fo rm a tio n of a m o n ito red p ro cess g ro w w ith tim e a n d e rro rs have allo w ab le b o u n d , a TU execution frame function value table is form ed. In j th e table, each colum n rep resen ts th e tim e d ead lin e for th e track u p d a te j fro n t e n d activ ity (TU_act) a n d each ro w re p re se n ts a v ecto r of e rro r j covariances associated w ith each state attrib u te defined in the track database,T he next step is to apply th e design m ethodology (defined in C hapter 4) to p ro d u ce an initial task g ra p h from th e activity g ra p h o f th e sensor subsystem defined in this section.2125 .2 . DESIG N SPE C IFIC A T IO NI ap p lied the first tw o steps of the task g rap h derivation algorithm on jthe Sensor Subsystem activity g ra p h d efin ed F igure 5-2 w h ich is straig h t fo rw a rd . S te p l p ro d u ces 22 m axim al restric te d activ ity g rap h s. A m ong Jthem, 8 m axim al restricted activity g rap h s basically have th e structure, i.e., a j1 jJ ’fork' activity follow ed by a ’ join’ activity, as show n in Figure 5-17. These 8 ii !M axim al restricted activity graphs are listed below w ith the assigned taskid i follow ed by th e activity nam e in the original graph.(1) taskl (Sensor Subsystem), (2) task2 (Sensor Manager),(3) task3 (Signal Processing Manager), (4) task4 (Data Processing Manager),(5) taskl 1 (Replicator of Signal Processing Job Managers), (6) taskl 2(Signal Processing Manager),(7) taskl7(Replicator of TU Job Managers), and (8) task20(TU Job Manager).jom join(task2. task3, task4)fork(task5 task6, task7, task8)forkSensorManagertask2SensorSubsystemtaskl(a) (b)(a) MRAG of the Sensor Subsystem, (b) MRAG of the Sensor Manager Figure 5-17: MRAG s Containing Only Tork* and loin' Activities213N ext, I ap p lied th e task mapping rule to this set of g rap h s, and an initial task grap h is derived. Figure 5-18 depicts a p a rt of this task graph. (For ease of exposition, only a portion of the task g rap h is show n explicitly.)t a s k 5 < ^(Front End Requests ManagerExternal Requesttask6 < 3(Front(Front End Schedulertask8task3W taskl(FrontEnd (Signal Processing M a n a g e ^ ^ (Sensor Subsystem)task20 (Data Processing Manager)taskl 7 (TUJobManager#!)(Replicator of TUJob M a n a g e * ? ^^ ]^^ t ask 18(TUJob Manager#2)' taskl9<^(OutputFigure 5-18: A Part of the Task Graph for the Sensor Subsystem214O bserve th at task l in Figure 5-18 has one optional in p u t p o rt an d one o u tp u t port. The optional in p u t p o rt is u sed to receive en d in g m essages or signals from its forked tasks (i.e., task2, task3, an d task4). The o u tp u t p o rt is lused to send m essages or signals to enable these forked tasks. N o w observe task2. It has one m an d ato ry in p u t p o rt and one optional in p u t p o rt, an d one1o u tp u t p o rt. T he m an d ato ry in p u t p o rt is u se d to receive the d a ta o u tp u t from ta sk l. The optional in p u t p o rt is u sed to receive m essages o r signals from its forked tasks (i.e., task5, task6, task7, an d task8 as show n in Figure 5-|17(b).) The o u tp u t p o rt of task2 serves th e sam e p u rp o se as that of ta sk l. The other six tasks listed above all have sim ilar stru ctu re as task2. Based on thisI'observation, one m ig h t think th at these 8 tasks can be m erged into 1 task toired u ce the n u m b er of tasks. This is not a b a d idea if the h a rd w are selected!h a s single processor. H ow ever, if th e h a rd w a re arc h ite ctu re consists ofI Iheterogeneous m ultiprocessors, then these tasks should n o t be m erged since |Ithey should create the forked tasks on the specific types of processors th at are jispecified in resource requirem ents. :iI[Berk et el 89] describes th e h a rd w a re arch itectu re of an existing 1ia irb o rn e ra d a r sy ste m in w h ic h a h e te ro g e n e o u s m u ltip ro c e s s o rs j architecture is em ployed. Figure 5-19 depicts this architecture. A s sh o w n in th e figure, there are three types of processors, i.e., the d a ta processors, the signal processors, an d th e signal processor controller. T w o d a ta processors|can co m m u n icate w ith each o th e r v ia e ith e r th e sh a re d m em o ry or!co m m u n icatio n buses. Signal p ro cesso rs are sp ecialized p ro cesso rs forisignal processing, they are u n d e r the control of the S /P controller.T he signalIp ro ce sso r controller is a general pro cesso r w hich can com m unicate w ith215(data processors via a com m unication b u s, a n d it can com m unicate w ith J signal processors via either com m unication bus or the sh ared m em ory.Shared MemoryI IData DataProcessor Processor1-------- 2 -------2Bus to External DeviceS/P ControllerhVf3IC / 5tn C / 511p m m t 1J3n" S3rere$ sg• 1C / iO• - t$• - Ii — »N >Shared MemoryFigure 5-19: An Example Hardware Architecture for Airborne Radar SystemsU sing th e h a rd w are architecture d ep icted in F igure 5-19, th e sensor m anager task in itiated th e front end request manager task (task5), th e fro n t end planner task (task6), th e front end scheduler task (task7), a n d th e fro n t end set up task (task8) on d a ta processors. The signal processing manager216in itiates th e signal processing requests manager task (task*?), th e sig n a l processor global scheduler task, an d th e replicator of the signal processing job manager task on th e S /P controller. S im ilarly, th e data processing m anager task initiates th e data processing requests manager task, th e data ■processor global scheduler task, th e replicator of the TU job manager task, |In th e process of a p p ly in g Step 2 of th e task g ra p h d e riv a tio n jalgorithm , several tasks are m o d ified b y ap p ly in g th e tim ing conversionJrule. For exam ple, as show n in Figure 5-20, the front end requests managerlw as m odified in such a w ay th at a p a ir of iteration vertices w as rem oved, an enable signals req u est w as a d d e d , an d a generate a scheduling request activity w hich produces a DPRM_act request w ere also added. Th read er can co m pare this figure w ith F igure 5-6 w hich contains th e o rig in al activity graph.iA lso observe th at in Figure 5-20, th e front end requests manager has tw o external in p u ts an d 4 external outputs. The tw o in p u ts are consum ed by the sam e activity (read external request), an d b o th in p u ts m u st be availabletto enable th e read external request activity. H ence as show n in Figure 5-21, j b o th in p u ts arrive at the sam e m an d ato ry in p u t port. Since each o u tp u t is jip ro d u ced by a d istin c t activity, each o u tp u t is delivered a t a d istin ct o u tp u t J port. I217Front End Requests Manager[ External I RequestsExternalRequestReadExternalPerform Search Frame Planning Activity to Divide a SF into a Sequence of Search Alert(SA-ac) ) activitiesAbortBroadcast Abortront End Planning DirectivesGenerate a Delete requestGenerate an SA_act requestFront End Planning DirectivesSA actGenerate a scheduling requestDPRM actFigure 5-20: Modified MRAG of the Front End Requests ManagerCommandProcessesExternalRequestsTask5(Front End Requests Manager)EnableSignals> AbortFront Endriannmg ' DirectivesSA_actFigure 5-21: The Task Representing the Front End Requests Manager218A fter the initial task graph is derived, th e next step is to exam ine all th e com m unication p rim itiv es u se d in th e req u ire m e n ts an d d eriv e the p reced en ce relatio n s b etw een tasks. D u rin g th is p ro cess, a se t of d a ta m anagers m ay be created to m aintain d ata integrity of the sh ared data. O ne [may question w hy a d ata m anger should be im plem ented as a task and n o t ju st use a critical region. This can be an option of the designer. H ow ever, in this design, m y design decision is based o n the assum ption th at th e m em oryiu sed by the sh ared d ata m ay n o t be in th e sam e h a rd w are m odule. T here w ere 15 data m anagers created d u rin g this process. They are listed below .(1) Track data base manager, (2) Abort queue manager, (3) Signal processing requests queue manager, (3) Data processing requests queue manager, (4) Front end requests queue manager, (5) External requests queue manager, (6) Collected returns data manager, (7) Front end status handler, (8) Front end planning directives data manager, (9) Front end workload list data manager, (10) Job graphs queue manager, (11) Job list data manager, J (12) Job status queue manager, (13) TU job graphs queue manager, (14) TU job list data ! manager, and (15) TU processing status queue manager.ijT hese 15 d ata m anager all have structure sim ilar to th at of the d ata J m anager for the track database as depicted in Figure 5-22. ITracksTrackDatabaseM anagersuspemTrackD atabaseFigure 5-22: The Data Manager Created For the Shared Track Database.219 JIn this chapter, I u sed a non-trivial realistic exam ple to illustrate the p ro c e ss o f u s in g m y re q u ire m e n ts a n d d e sig n m e th o d o lo g ie s to 'sy stem atically d eriv e an in itial d esig n o f a so ftw are arch itectu re. The exam ple developm ent has d em onstrated the feasibility of the m ethodology. It seem s clear th a t these m eth o d o lo g y can fo rm th e basis fo r n e e d e d co m p u ter-aid ed design tool in w hich m a p p in g algorithm s, such as those defined in C h ap ter 4, an d design heuristics can be encoded to aid a designer to d ev elo p a n d an aly ze so ftw are arc h ite ctu re of larg e-scaled real-tim e system s.iI have com e to th e e n d o f th e p resen ta tio n of th e resu lts of th is j|research. In the next chapter, I present a sum m ary of m y thesis research an d j describe m y view s on the m ost prom ising directions for research to p ro v id e j the technology req u ired in developing softw are for th e cu rren t an d fu tu re 1 generation of sem i-hard real-tim e system s. I6. SUM M ARY A N D FUTURE RESEARCHIn the thesis abstract I listed th e m ajor contributions th a t have been m a d e a n d in th e in te rv e n in g c h a p te rs I h a v e la id o u t th e d e ta ile d d ev elo p m en t of these results. In this chapter, I w ill briefly sum m arize the resu lts th at have been achieved an d also p o in t o u t w h at I see as directions for fu tu re research.6 .1 . SUM M ARYIn su m m a ry , in th is th e sis, I h a v e d e v e lo p e d m e th o d s for specification of softw are req u irem en ts and design for sem i-hard real-tim e jjcontrol system s. I also p resen t a design m ethodology th at, g iven softw are | req u irem en ts specified u sin g this m ethodology, it allow s o n e to derive a iisoftw are design directly. jiThe requirem ents specification m ethod defined has A lford's graphic ! n o tatio n s as a p o in t of d ep artu re. To rig o ro u sly an d concisely describe ' in te ra c tio n s b e tw ee n activities a n d tim in g b e h av io rs, I e x te n d e d th is } sp e cifica tio n m e th o d in th ese areas: (i) th e g ra p h ic a l n o ta tio n s for j rep resen tin g interactions betw een activities; (ii) the syntax an d sem antics of j g rap h ic n o tatio n s; a n d (iii) th e tex tu al n o tatio n s for sp ecify in g tim in g j constraints, pre-conditions, an d post-conditions form ulas .T he classical w orkload m odels an d th e associated n o tatio n s in the req u irem en ts specification for real-tim e system s in clu d e only periodic an d sporadic activities. This I found to be insufficient to describe m any real-tim e system s. I ex te n d ed th e classical w o rk lo ad m odel w ith th e n o tio n of221ad ap tiv e activities an d also defined th e n o tio n of tim e in sta n t variables w ith w hich tim ing constraints predicates can b e expressed. T im e in sta n t variables are: (1) th e arrival tim e (i.e., th e tim e at w hich the req u e st fori; execution of an activity), (2) th e ready tim e (i.e., th e tim e before w hich the'execution of an activity cannot start), (3) th e scheduling d ead lin e (i.e., the!tim e by w hich th e execution of an activity m u st start), (4) the com pletion d e a d lin e (i.e., th e tim e by w h ich th e e x ec u tio n o f an activ ity m u st com plete), (5) th e execution tim e (i.e., th e am o u n t of execution tim e of an activity), (6) the sta rtin g tim e (i.e., th e tim e at w hich an activity begins execution), an d (7) the com pletion tim e (i.e., the tim e at w hich an activity com pletes execution.)IIn a d d itio n , I defined three tim ing specification functions to allow one to relate th e arrival tim e, the read y tim e, the scheduling deadline, and th e com pletion deadline. The scheduling w indow (sw ) function defines the set of possible values of th e in terv al b etw een a p air of read y tim e an d sch ed u lin g deadline. T he read y distance (rd) fu nction defines th e set of possible values of th e in terv al betw een a p a ir of arriv al tim e a n d read y tim e. The execution fram e (ef) function defines th e set of possible values of th e in terv al b etw een a p a ir of rea d y tim e an d com pletion deadline; an activity m u st be scheduled and com pleted in each execution fram e interval. H ence th e w orkload m odel of system resources can be represented by using th e tim e in sta n t variables an d the tim in g specification functions. U nlike th e classical w orkload m odel, this specification m eth o d for w orkload m odel jidoes not assum e th at (i) the w orkload is d ata in dependent, (ii) tim ing can be j*222 Ia p rio ri d e te rm in e d , a n d (iii) th e re is n o fee d b ac k lo o p b e tw e e n observations an d com putation.B ased o n th e n o tio n o f tim e in s ta n t v a ria b le s a n d tim in g | specification fu nctions, I d efin ed an ap p ro ach to classify th e w o rk lo adij b e h a v io r of activity. I d e fin e d fo rm u las for an aly sis o f th e reso u rceiu tiliz a tio n of an activity a n d tu n in g tim in g specification fu n ctio n s. I I classified th e tim in g relatio n sh ip s an d d efin ed a tax o n o m y of activity j classes b y re la tin g th e a rriv a l tim e of an ite ra tio n to th e sc h ed u lin g j d e a d lin e , th e sta rtin g tim e, th e co m pletion tim e, o r th e co m p letio nideadline of the previous iteration. In m y classification, I identified ad ap tiv e jIactivities w hich cannot be m odeled by the classical w orkload m odel. I also show ed th a t if one forces an adaptive activity to be scheduled as a periodic . activity, th e utilization of resources can be excessive for an ad ap tiv e activity, jan d few er activities can share th e resource. Finally, I d em o n strated ho w a [jspecification of softw are requirem ents can be system atically d eriv ed from a h ig h level system requirem ents using this m ethodology.F u rth e rm o re , sin ce th e d e s ig n is a n a tu r a l d e riv a tio n of requirem ents, requirem ents an d design are th u s linked. I believe th at this traceability together w ith different levels of design v alid atio n w ill enable softw are designers to identify crucial design errors.In m y d esig n m ethod ology, a softw are arch itectu re is specified in th ree p arts: th e d a ta m odel, the control flow m odel, a n d th e sequential p ro g ram m odel. The d a ta m odel is expressed w ith a restricted d a ta g ra p h . The control flo w m odel is expressed w ith a task g rap h in w hich each vertex223rep resen ts a ru n -tim e entity, i.e., a task or an in p u t/o u tp u t d a ta elem ent, a n d each arc re p re se n ts th e d a ta p ro d u c tio n /c o n s u m p tio n re la tio n s b etw een tw o co m m u n icatin g entities. T he seq u en tia l program m od el is | expressed w ith a restricted activity g ra p h . G raphical notations are used for j rep resen tin g (i) relations betw een d ata item s in a d ata m odel, (ii) relationsjb etw een tw o com m unicating entities an d th e te m p o ra l/sp a tia l parallelismjof in p u ts /o u tp u ts of each en tity in a control flow m odel, a n d (iii) th eI| in te rn al co m p u tatio n al stru c tu re of a seq u en tial p ro g ram m o d el (i.e., aijtask). T extual n o tatio n s are u sed for specifying tim in g constraints, p re-Ii conditions, and post-conditions. The notations and sem antics of this designi! specification m eth o d allow a design to be rep resen ted a t m u ltip le levels of abstraction. They are also ideal for m ultiple levels of design valid atio n via sim u la tio n .In addition, I defined a recursive definition for w ell-form ed restricted d ata an d activity graphs. The definitions can be the basis for analysis tools to check w h e th e r a re stric te d d a ta /a c tiv ity g ra p h is w ell-fo rm ed . T he significance of a restricted activity grap h is th at it rep resen ts a sequential process an d therefore is naturally associated w ith a task.A n algorithm for deriving a set of m axim al restricted activity grap h s from a g iv en activity g ra p h w as also p re se n te d . N o te th a t th e set of m axim al restricted activity g rap h s co rresp o n d s to a m inim al set of tasks corresponding to th e given activity graph. T hree theorem s w ere presented to p ro v e several im p o rtan t properties of th e p artitio n in g algorithm . First, th e com plexity of the algorithm is 0 ( IE I) w here E is th e set of edges in the activity graph. Second, th e restricted activity g rap h s p ro d u ced by A lgorithm ___________________________________________________________ _______________________ 2 2 4 _1 in C hapter 4 are m axim al restricted activity graph. Finally, the num ber of m axim al restricted activity g rap h p ro d u ced is equal to one p lu s th e total n u m b er of successors of starting concurrency an d replication vertices in a given activity graph.ii I, then, presented a set of synthesis rules w hich include an algorithm{for d eriv in g th e p o rt_ relatio n _ p red icates for all in p u t p o rts an d o u tp u t i ! j! p o rts of a task. In addition, I o u tlin ed the steps tak en for d eriv in g a taskg rap h from a given activity graph.Finally, I presented the requirem ents and design specifications of an exam ple avionic rad a r system w hich represents a non-trivial application of th e m ethodology in som e detail.6 .2 . FUTURE W O R KIn the follow ing sections, I briefly discuss topics for fu rth er researchiw hich are related to m y w ork on the specification an d design of sem i-hard j rea l-tim e system s. S everal are concrete, e x p erim en tal projects; o th ers req u ire additional theoretical developm ents. Jj1. Executable Specifications !jT his is a n a tu ra l extension to the req u irem en ts specification w o rk j began. O ne possible approach is to translate the requirem ents specification | into a p ro gram m ing language (such as ADA) since each graphical prim itive can be m ap p ed into a p ro gram m ing entity. For exam ple, an atom ic activity can be m a p p e d in to a function o r a p rocedure. A ir v ariab les w hich are in v o lv e d in th e p re-c o n d itio n fo rm u la an d are n o t sta te v ariab les are225considered as the in p u t param eters. All variables w hich are involved in the po st-co n d itio n form ula an d are not state variables are considered as the o u tp u t p aram eters. T he ty p e stru c tu re of th ese p aram eters can th en be! deriv ed from th e d ata g rap h associated w ith these variables. F urtherm ore,!! since th e activity b o d y w hich describes th e execution b eh av io rs of th e j atom ic activity are specified w ith a su b set of th e selected p ro g ram m in g language, the activity body becom es the b o d y of th e subprogram unit. As for th e n o n -ato m ic activ ities, th ey are m a p p e d to A d a su b p ro g ra m s by assig n in g tran sfo rm a tio n ru les to each o p e ra to r p rim itiv e s w ith in th e associated activity graph. The successor activity of a sequence operators can be in terp reted as a call to a function or a procedures w hich im plem ent thisiactivity. The selection operator is m ap p ed to a case or an if statem ent, an d (jth e iteration operator is m ap p ed to a loop construct.iThe d ata stru ctu res can be deriv ed from th e d ata g rap h since each j atom ic d a ta item is alread y defined w ith a ty p e defin itio n of a selected ! p ro g ram m in g lan g u ag e an d o p erato r p rim itiv es u sed to co n stru ct non- atom ic d ata item s m ay be u sed to m ap the constituent d ata item s in to a p a rtic u la r d a ta stru c tu re ex p ressed in to a p ro g ram m in g language. For exam ple, a selection p rim itiv e im plies th a t exactly one of the constituent d ata item s is available at any particular p o in t in tim e. W hen the d ata item s g ro u p ed via th e selection operator rep resen t different states of a device, the d a ta item s can be in terp reted as literals of an enum eration type. W hen data item s rep resen t alternative form s of data, the v arian t record type construct can be an ap p ro p riate A da representation. The inform ation associated w ith each d a ta item w o u ld be used to define a field w ith in th e v arian t record.226T he n a m e of th e re c o rd d isc rim in a n t w o u ld n e e d to co n fo rm to a convention, such as an extension to th e ty p e n am e of the v a ria n t record. The discrim inant w o u ld be declared as enum eration type, w ith each literal co rresponding to one of th e d ata item s. This w o u ld be p articu larly useful because th e d ata item s m ay also a p p ea r as exit co n d itio n s for discrete functions an enum eration type.2. R everse E ngineeringThe m aintenance of a com plex real-tim e system is a m ajor problem currently. W ith a volum inous am o u n t of code, one can quickly loose sight o f th e in te ra c tio n s o f p ro g ra m u n its. A s m e n tio n e d e a rlie r, g ra p h p rim itiv e s in m y sp e cifica tio n m e th o d o lo g ie s can b e m a p p e d in to p ro gram m ing constructs to generate code. H ow ever, for the large num ber of existing system s this is not of direct benefit. It is therefore interesting to consider reversing this process by scanning program s a n d constructing the task graphs, restricted activity graphs, and data graphs. The g raphs produced can th e n be c o m p a re d w ith th e o rig in a l d e sig n to check if th eim p le m e n ta tio n satisfies th e d e sig n specification a n d /o r b e u se d forc o n tin u al m ain ten an ce. T his w o u ld also be for p o te n tia lly u se fu l forreusability of existing designs a n d /o r code.3. Form al V erification[Jahanian& M ok86b] u se a d a ta flow m odel for system requirem ents specification an d th en tra n sla te th e g rap h m o d el in to R eal-Tim e Logic (RTL). T heir ap p ro ach cann ot be directly a p p lied to sem i-h ard real-tim e j system d u e to tw o m ajor problem s. First, th e d a ta flow m o d el is n o t_________________________________ _ 2 2 7 _sufficient for ex p ressin g req u irem en ts of se m i-h a rd real-tim e softw are. Second, real-tim e logic can express the arrival of a n event an d com pletion of an activity, b u t it needs to be extended w ith th e n otion of read y tim e, s c h e d u lin g d e a d lin e , c o m p le tio n d e a d lin e , im p o rta n c e le v e l, preem ptablility, an d variable execution tim e. A ssum ing that the RTL can be j e x te n d ed w ith th e n o tio n s afo rem en tio n ed , it is conceivable th a t th e ! control flow p ro p erties a n d tim ing constraints d efined in a req u irem en ts i specification an d a design specification can be tran slated into RTL. If this; could be accom plished, the form al verification of an activity g rap h a n d aI, task graph can be done by using the extended RTL.I4. Processors R esource M anagem ent[M untz& H orow itz] h av e stu d ie d larg e scale sem i-h ard real-tim e !|system s w hich req u ire m u ltip le heterogeneous processors to achieve th e jjreq u ire d p erform ance. In su ch system s, th e h ig h level (m acro) sy stem | functions req u ire m ultiple resources and, at a single resource, the w orkload j can have a variety of tim ing requirem ents w hich cannot be represented by a Jlsingle m odel (i.e. a single ty pe of activity). F urtherm ore, th e load on each ty p e of resource m ay be different an d tim e varying. N o single scheduling policy perform s w ell for all types of resources (e.g. sensors, processors, and m em ory) a n d in all situ atio n s (e.g. lig h t lo a d in g , h eav y lo ad in g , an d tran sien t overload).T h e re fo re , d e sig n in g sc h e d u le rs for su c h a sy stem in v o lv e s in te g ratin g m acro- a n d m icro-level w o rk lo ad a n d req u irem en ts. A t th e m acro level, th is in v o lv es sc h ed u lin g of activ ities re q u irin g m u ltip le228— 1resources, and at the m icro level, it involves scheduling m u ltip le types of activities at a single resource. This suggests a m ulti-level decision stru ctu re for resource m anagem ent. The issues, w hich m u st be ad d ressed in this type jof re s o u rc e m a n a g e m e n t, in c lu d e (i) co n cise a n d c o m p re h e n s iv e | rep re se n ta tio n of the w o rk lo ad , (ii) selection of a p p ro p ria te policies for i sch ed u lin g w orkload of each type of resource, (iii) in co rp o ratio n of high- lev el sy ste m objectives a n d rec o n ciliatio n of th e se o b jectiv es w ith contention for lim ited system resources, an d (iv) integration of the use ofij m ultiple types of physical resources.T he p relim in ary results in [M untz& W ang89] sh o w ed th a t th ere areno op tim al algorithm s for sch ed u lin g a set of in d ep e n d en t a d ap tiv e an d J!n o n -p reem p tiv e activities on a single resource. The earliest d ead lin e first | (EDF) is th e m ost preferable (the least slack tim e an d th e larg est latency ■Ifactor first algorithm s perform adequately, b u t they incur m ore scheduling ; overhead). M uch w o rk is needed to further investigate the schedulability of I a set of in d ep en d en t and d ep en d en t adaptive and non-preem ptive activities j o n m u lti-reso u rces. O ne altern ativ e su g g ested in [M untz& W ang891 is a tw o-level scheduling approach for each type of resource in w hich, at each sch ed u lin g p o in t, th e to p level (i.e. level 1) policy is u se d to select the 'ready' g ro u p w hich currently has the highest priority as com pared to other 'ready' groups. T hen the low er level (level 2) policy of the selected g ro u p is used to select the 'ready' activity in the group. A bove all, it is im perative to develop guide-lines for selection of scheduling algorithm s for th e activity| classes in th e activity taxonom y .II!|_________________________________________________________________________________________________229_ _REFERENCESAlford85] M. W . A lfo rd . "A G ra p h M o d e l B ased A p p ro a c h to Specification." In L ecture N otes in C om puter Science, Vol. 190, D istributed System s M ethods and Tools for Specification, C hapter 4, pp.131 - pp.200.I[Alford et al. 85] M. W. A lford, J. P. A nsart, G. H om m el, L. L am port, B. L iskov, G. P. M ullery, an d F. B. Schneider, "D istributed System ", Vol. 190,1985.It[Baer73] J. L. B aer. "A S u rv e y o f S om e T h e o re tic a l A sp e c ts of M ultiprocessing." In C om puting Surveys, vol. 5, N o. 1, M arch 1973, 31-80.I[Barbacci&W ing86] M. R. Barbacci an d J. M. W ing. "Durra: A Task-levelD escription L anguage." Technical R eport C M U /SE I-86-T R (D T IC -A l78975),\S oftw are E n g in eerin g In stitu te , C arnegie M ellon U n iv ersity , D ecem ber,1986.Berk et al. 89] J. V. Berk, A. H . M u n tz, a n d P. R. Stevens, "Softw are A rchitecture C oncepts for Avionics," IEEE N atio n A erospace and Electronics Conference, 23-27 M ay 1989, 88CH2759-9, vol. 4, pp. 1900-1905.Blackman86] S. S. B lackm an, "M u ltip le-T arg et T racking w ith R ad ar A pplications" ARTECH HOUSE, INC., 1986B usse et al. 81] E. Busse et al., "The d ata acquisition an d m onitoring system TOOPSY," IEEE Trans. Nucl. Sri., vol. NS-28, no. 5, pp. 3674-3679, 1981.Cadre88] C a d re T ec h n o lo g ie s Inc., "T eam w ork: A n In tro d u c tio n " V iew graphs, February, 1988Cerf72] V. G. Cerf. "M ultiprocessors, sem aphores, a n d a g rap h m odel of com putation." Ph.D. dissertation, Dep. Eng., U niv. C alifornia, Los A ngeles, 1972.2 3 0[Chen80] P. P. C hen, (ed.) Proc. Intl. C onf. o n th e E n tity-R elationship j A p p ro ach to System A nalysis a n d D esign, N o rth H o llan d , A m sterd am , j 1980.[C heng& Stankovic88] S. C h e n g a n d J. A. S ta n k o v ic , "S c h e d u lin g A lgorithm s for H ard Real-Tim e System s - A Brief Survey," in T utorial H ardReal-Tim e System s, pp. 150-173, C om puter Society O rder N u m b er 819.ii[DeM arco78] T. D e M arco . " S tru c tu re d A n a ly s is a n d S y ste m Specification." Y ourdon Press, N ew York, 1978.ti[Du&Leung88] J. D u an d J.Y.-T. Leung. "M inim izing M ean Flow Tim e w ith R elease T im e an d D ead lin e C o n strain ts." In P roceedings of R eal-T im e System s Sym posium , pp. 24-32.E strin et al. 86] G. E strin, R. S. Fenchel, R. R. R azouk, M. K. V ernon.ijS A R A (S y ste m A R c h ite cts A p p re n tic s ): M o d e lin g , A n a ly sis, a n d S im u la tio n S u p p o rt fo r D esig n o f C o n c u rre n t S ystem s." In IEEE T ransactions on Softw are E ngineering, Vol. SE-12, No.2, F ebruary 1986.[Gane79] C. G ane an d T. Sarson. "S tructured System s A nalysis: Tools an d Techniques." Prentice-H all, E nglew ood Cliffs, N . J., 1979.|Gom aa84] H . G om aa. "A S o ftw a re D esig n M e th o d fo r R eal-T im e System s." , In C om m unication of the ACM , Vol. 27, N o. 9, Septem ber 84.|Hatley84] D. J. H a tle y , "The U se o f S tru c tu re d M e th o d s in th e D ev elo p m en t of L arge Softw are-B ased A vionics System s," in A IA A /IE E E 6th D igital A vionics System s Conference, Baltim ore, MD, D ecem ber, 1984.Harel86] D. H arel. "Statecharts: A V isual Form alism for C om plex System s."1 n Science of C om puter Program m ing, 1986.H arel et al. 87] D. H arel, A. P nueli, J. P. S chm idt, R. Sherm an. "On the Form al Sem antics of Statecharts." In Proceedings of LILS 87.231[Harel88] D. H arel. "On V isual Form alism s." In C o m m u n icatio n of the k c M , Vol. 31, N o.5, M ay 1988.[Holm et al. 81] A. H o lm e t al., "Real tim e p ro g ra m m in g in a d a ta acquisition an d analysis system ," IEEE Trans. N ucl. Sci., vol. NS-28, no. 5, pp. 3731-3738,1981.iJ[Holt et al. 68] A. W . H olt, H. Saint, R. M. Shapiro, an d S. W arshall, "Final re p o rt for the in fo rm atio n system theory project." A p p lied D ata research, R om e A ir D evelopm ent C enter, N ew York, 1968.i[i-Logix87] "D o c u m e n ta tio n for th e S ta te m a te S ystem " i-L ogix Inc. U niversity Place Suite 200, 124 Mt. A u b u rn St., h a rv a rd Square, C am bridge, MA. 02138, P rinted June25, 1987.i[Jahanian& M ok86a] F. Jah an ian a n d A. K. M ok. "Safety A nalysis of T im ing Properties in Real-Tim e system s.", In IEEE T m asactions on Softw are Engineering 12(9): 890-904, Septem ber 1986.Jahanian& M ok86b] F. Jah an ian a n d A. K. M ok. "A G rap h -T h eo retic A pproach for T im ing A nalysis in Real Tim e Logic." In IEEE 1986 Real-Tim e System s Sym posium , pp.98-108.iK arp& M iller66] R. M. K arp an d R. E. M iller. "Properties of a m odel for parallel c o m p u ta tio n s: d e te rm in a c y , te rm in a tio n , q u e u in g ." SIAM J. A pplied M ath. 14 (Nov. 1966) 1390-1411.Karp& M iller67] R. M . K arp a n d R. E. M iller. "P arallel p ro g ra m sch em ata: a m ath e m a tic a l m o d el for p a ra lle l c o m p u tatio n ." In IEEE C o n feren ce R ecord o f th e 8 th A n n u a l S y m p o siu m o n S w itch in g a n d k u to m a ta Theory, Oct. 1967, 55-61.Karp& M iller69] R. M . K a rp a n d R.E. M iller. "P a ra lle l p ro g ra m schem ata." J. C om put. Sys. Sci., vol. 3 no. 4., pp. 167-195, M ay 1969.King et al. 88] D. R. K ing, R. W. Lichota, an d M. F. W ilson, "Executable j S p ecificatio n s in R e q u ire m e n ts A nalysis." In te rim R e p o rt, A d v a n ce d |2 3 2 !T echnology & R esearch, Softw are E ngineering D ivision, G ro u n d System s G roup, H ughes A ircraft Co., N ovem ber 9, 1988.[Liu&Layland73] C. L. Liu an d J. L ayland, "Scheduling alg o rith m s for m u ltip ro g ram m in g in a h ard real-tim e environm ent, " J. ACM , vol.20, no.,Jan. 1973.IlI[M arinescu87] D. C. M arinescu, "A p p ro x im ate A nalysis of D istrib u te d S em i-H ard R eal-Tim e System s," IEEE T rans, on A utom atic C ontrol, vol. j XC-32, no. 12, Decem ber 1987, pp. 1097-1100. II M arinescu et e. 84] D. C. M arinescu, F. Busch, H. H ultzsch, J. L ow sky, an d M. R ichter, "Extended d ata acquisition support," IEEE Trans. N ucl. Sci., vol. NS-31, pp. 914-924,1984.Mok83] A. K. M ok. "F undam ental D esign P roblem s for th e H a rd Real Tim e E nvironm ent." MIT Ph. D. D issertation, C am bridge MA, M ay 1983.M untz& H orow itz89] A. H. M u n tz an d E. H o ro w itz, "A F ram ew ork foriS pecification a n d D esign of S oftw are for A d v a n ce d S ensor System s", A ppeared in IEEE 10th Real-Tim e System s Sym posium , D ecem ber 1989.M untz& W ang89] A. H . M u n tz a n d K. W an g , "W o rk lo a d M o d el :i iSpecification an d A d ap tiv e S cheduling of S em i-H ard Real-Tim e C ontrols", I To A ppear in the 1st International C onference on System s Integration, A pril | 23-26,1990. ji[Myers76] G. J. M yers. "C o m p o site /S tru ctu red D esign." V an N o stra n d ! R einhold, 1976. jj ' i[Orr77] K. T. O rr. "S tructured System s D evelopm ent." Y ourdon P ress, J N ew York, 1977. !tPratt71] T. W. Pratt. "Pair gram m ars, g rap h languages, an d string-to-graph tra n sla tio n s." Jo u rn a l of C o m p u te r a n d S ystem Science, p p . 560-595,] December 1971.2 3 3[Pratt83] T. W. P ratt. "Form al specification of so ftw are u sin g H -G rap h sem antics." pp314-332, In L ecture N otes in C o m p u ter Science #153: G raph G ram m ars an d T heir A pplication to C o m p u ter Science, ed. H. Ehrig, M. N agl, and G., Rozenberg, Springer-Verlag(1983).Schindler87] M ax Schindler, "D esign tools m aster em b e d d ed softw are's real-tim e d e m a n d s ," in Electronic Design, Septem ber 17 1987, pp. 65- 66.[S h a e ta l. 86] Sha, L., Lechoczky, J. P. an d R ajkum ar, R., "Solutions for Som e Practical Problem s in P rioritized P reem ptive Scheduling", IEEE Real- Tim e System s Sym posium , 1986S prunt et al. 88] B. S p ru n t, L. Sha, a n d J. P. L ehoczky. "S cheduling S poradic an d A p erio d ic E vents in a H a rd Real-Tim e System ." Technical Report, SEI, CMU, 1988.Stim son83] G. W . S tim son. "In tro d u ctio n to A irb o rn e R adar." H u g h es A ircraft C om pany El S egundo, California; L ibrary of C ongress catalog cardnum ber: 83-83041![Stotts86] P. D. Stotts, Jr. "A H ierarchical G raph M odel of C oncurrent Real- Tim e Softw are System s." In TR-1669 of D epartm ent of C o m p u ter Science of Jn iv ersity of M aryland, College Park, June 4, 1986.W ard& M ellor85] P. T. W ard an d S. J. M ellor, "S tructured D evelopm ent o r Real-Tim e System s," Vol.1-3, Y ourdon Press, N ew York, 1985W ard86] P. T. W ard, "The T ransform ation Schema: A n E xtension of the D ata Flow D iagram to R epresent C ontrol an d Tim ing," IEEE T ransactions of Softw are E ngineering, Vol. SE-12, No. 2, pp. 198-210, Feb. 1986.Y ourdon& C onstantine78] E. Y ourdon an d L. C onstantine. "Structured Design." 2nd. ed. Y ourdon Press, N ew York, 1978.234