BUILDING POWER CONSUMPTION MODELS FROM EXECUTABLE TIMED I/O AUTOMATA - PowerPoint PPT Presentation

BUILDING POWER CONSUMPTION MODELS FROM EXECUTABLE TIMED I/O AUTOMATA SPECIFICATIONS Nicola Paoletti Department of Computer Science, University of Oxford Joint work with Benoit Barbot, Marta Kwiatkowska and Alexandru Mereacre

MOTIVATION Embedded devices central for safety-critical applications CHALLENGE : design methods that ensure both Design-time requirements Energy-efficiency and (e.g. safety properties) (e.g. battery lifetime) Low-consumption hardware + Formal models + verification tuning of the device Need for integrated HW/SW co-design methods

MOTIVATION Need for integrated HW/SW co-design methods SOLUTION : Hardware-in-the-loop (HIL) optimisation HIL SIMULATION Plant Controller OPTIMISATION ALGORITHM

CONTRIBUTION PROBLEM 1 PROBLEM 2 Synthesise controller parameters such that: Derive data-driven predictive Safety properties are satisfied and power consumption models • Energy consumption is optimised from HW measurements •

CONTRIBUTION PROBLEM 1 PROBLEM 2 Synthesise controller parameters such that: Derive data-driven predictive Safety properties are satisfied and power consumption models • Energy consumption is optimised from HW measurements • Framework for HIL energy optimisation of embedded devices • Model-based : control system as network of timed I/O automata in MATLAB • Stateflow Integrates HIL optimisation with parameter synthesis methods to compute set • of safe parameters Improved HIL simulation through new method for code generation from • Stateflow diagrams Evaluation on temperature controller and cardiac pacemaker •

SYSTEM DESIGN LEVEL TIOA/STATEFLOW MODELS Plant Controller CODE GENERATION HIL OPTIMISATION LEVEL Plant Controller NEW PARAMETERS OPTIMISATION ALGORITHM Power monitor POWER READINGS HIL SIMULATION C. Barker et al. Hardware-in-the-loop simulation and energy optimization of cardiac pacemakers . EMBC’15

SYSTEM DESIGN LEVEL TIOA/STATEFLOW MODELS SAFE REGION PARAMETER Plant Controller SYNTHESIS PETRI NETS TRANSLATION AND CODE GENERATION Battery model HIL OPTIMISATION LEVEL OPTIMISATION Plant Controller Probabilistic power ALGORITHM BUILD model POWER BATTERY MODEL LIFETIME Power monitor POWER DATA-DRIVEN READINGS CONSUMPTION MODEL HIL SIMULATION NEW PARAMETERS THIS WORK

SYSTEM DESIGN LEVEL TIOA/STATEFLOW MODELS SAFE REGION PARAMETER Plant Controller SYNTHESIS PROBLEM 1 Synthesise safe and efficient PETRI NETS TRANSLATION AND CODE GENERATION controller parameters Battery model HIL OPTIMISATION LEVEL OPTIMISATION Plant Controller Probabilistic power ALGORITHM BUILD model POWER BATTERY MODEL LIFETIME Power monitor POWER DATA-DRIVEN READINGS CONSUMPTION MODEL HIL SIMULATION NEW PROBLEM 2 PARAMETERS Derive data-driven predictive power consumption models

SYSTEM DESIGN LEVEL TIOA/STATEFLOW MODELS SAFE REGION PARAMETER Plant Controller SYNTHESIS PETRI NETS TRANSLATION AND CODE GENERATION SYSTEM DESIGN Battery model HIL OPTIMISATION LEVEL OPTIMISATION Plant Controller Probabilistic power ALGORITHM BUILD model POWER BATTERY MODEL LIFETIME Power monitor POWER DATA-DRIVEN READINGS CONSUMPTION MODEL HIL SIMULATION NEW PARAMETERS

TIMED I/O AUTOMATA WITH PRIORITY AND DATA (TIOA) Real-valued variables ( clocks and data ) + • parameters x :=0 O ff Priorities define a total ordering of the • I, t ≥ θ , edges out of each location L o ff ! , x ≥ T on ∧ t< θ , x := 0 L on ! , Guards and updates may depend (non- • x := 0 linearly) on variables and parameters II, t< θ , x :=0 On OnP No continuous flows, but can be • x ≥ T p specified indirectly through update functions A subset of Stateflow modelling • language

TIMED I/O AUTOMATA WITH PRIORITY AND DATA (TIOA) Real-valued variables ( clocks and data ) + • parameters x :=0 O ff Priorities define a total ordering of the • I, t ≥ θ , edges out of each location L o ff ! , x ≥ T on ∧ t< θ , x := 0 L on ! , Guards and updates may depend (non- • x := 0 linearly) on variables and parameters II, t< θ , x :=0 On OnP No continuous flows, but can be • x ≥ T p specified indirectly through update functions A subset of Stateflow modelling • language Networks of TIOAs : multiple components synchronizing on input? and • output! actions Urgency + priorities à deterministic dynamics •

EXAMPLE – TEMPERATURE CONTROLLER Thermostat LED Boiler II, z ≥ T inc , z :=0 , II, y ≥ T fon , ` :=0 , y :=0 x :=0 t = t − 0 . 004 · T inc O ff I, t ≥ θ , FO ff FOn t := t 0 , L o ff ! , z :=0 x ≥ T on ∧ t< θ , x := 0 O ff II, y ≥ T fon , ` :=1 , L on ! , y :=0 L on ? , x := 0 I, L o ff ? I, L on ? I, y :=0 I, II, t< θ , x :=0 L o ff ? , L o ff ? , On ` :=0 On OnP ` :=0 ` :=0 x ≥ T p O ff II, z ≥ T inc , z :=0 , t = t + 0 . 04 · T inc CONTROLLER PLANT

COMPUTATION OF SAFE REGION TIOA/STATEFLOW MODELS Set of safe parameters computed with a SMT-based • algorithm (adapted from [HSB15]) PARAMETER Bounded safety properties • SYNTHESIS Exhaustive exploration of bounded counter- • examples to safety SAFE REGION Discrete encoding in the theory of bit-vectors, using • interval-based abstractions M. Kwiatkowska et al. Synthesising Robust and Optimal Parameters for Cardiac Pacemakers Using Symbolic and Evolutionary Computation Techniques . HSB’15

TRANSLATION INTO TIMED PETRI NETS Petri Nets provide efficient intermediate • II, y ≥ T fon , ` :=0 , y :=0 x :=0 O ff representation for code generation FO ff FOn I, t ≥ θ , L o ff ! , x ≥ T on ∧ t< θ , II, y ≥ T fon , ` :=1 , x := 0 Timed Petri Nets (TPN) with deterministic L on ! , y :=0 • L on ? , x := 0 I, y :=0 I, L o ff ? , II, t< θ , x :=0 L o ff ? , delays, priorities and data ` :=0 On OnP ` :=0 ` :=0 O ff x ≥ T p Translation procedure: • TIOA component A j à TPN place p j T fon T fon • { ` := 0 } { ` := 1 } 2 Location of TIOA A j à Marking of place p j • 1 1 P 2 2 2 TIOA edges à TPN transitions • 2 1 2 (synchronisations as single transitions) 1 2 t ≥ ✓ t ≥ ✓ T on { ` := 0 } { ` := 0 } 1 1 2 2 Resulting TPN is very compact and • 2 2 preserves semantics of TIOA network P 1 1 2 1 T p t < ✓

CODE GENERATION Executable C code from TPN translation • Cross-platform : same code for plant and controller • Actions sent and received through HW (serial, BT, …) •

CODE GENERATION Executable C code from TPN translation • Cross-platform : same code for plant and controller • Actions sent and received through HW (serial, BT, …) • TPNs allow for static pre-computation of enabled transitions à fast event • scheduling and real-time HIL simulation HIL simulation algorithm uses power saving modes of embedded device • when idle, to obtain consistent energy readings Implemented by extending Cosmos tool [Ballarini15] that already features • C code generation from TPNs P. Ballarini, et al. HASL: A new approach for performance evaluation and model checking from concepts to experimentation . Performance Evaluation, 2015.

HIL OPTIMISATION SYSTEM DESIGN LEVEL TIOA/STATEFLOW MODELS SAFE REGION PARAMETER Plant Controller SYNTHESIS PETRI NETS TRANSLATION AND CODE GENERATION Battery model HIL OPTIMISATION LEVEL OPTIMISATION Plant Controller Probabilistic power ALGORITHM BUILD model POWER BATTERY MODEL LIFETIME Power monitor POWER DATA-DRIVEN READINGS CONSUMPTION MODEL HIL SIMULATION NEW PARAMETERS

POWER MODEL BUILDER Embedded controller attached to power monitor device • Energy readings used to estimate probabilistic power consumption model • Same structure as controller TIOA network • x :=0 4 O ff x 10 + rewards describing • 2 I, t ≥ θ , L o ff ! , 1.5 x ≥ T on ∧ t< θ , x := 0 Density probability that each L on ! , 1 x := 0 0.5 II, t< θ , x :=0 transition consumes a specific On OnP 0 0 0.05 0.1 0.15 0.2 Energy (mA ⋅ ms) x ≥ T p amount of energy 4 x 10 2 1.5 Density 1 0.5 0 0 0.05 0.1 0.15 0.2 Energy (mA ⋅ ms)

BATTERY MODEL KINETIC BATTERY MODEL ✓ y 2 ( t ) Available dy 1 ( t ) 1 − c − y 1 ( t ) ◆ = − i ( t ) + k charge dt c ✓ y 2 ( t ) Bound charge ◆ dy 2 ( t ) 1 − c − y 1 ( t ) = − k Current dt c i(t) is piecewise constant, and • 1 0.9 y 1 updated with the electrical Battery Capacity 0.8 y 2 0.7 current values sampled from 0.6 0.5 the probabilistic power model 0.4 0.3 0.2 0.1 Battery lifetime computed by • 0 -0.1 deriving the analytical solution 0 5000 10000 15000 20000 25000 for y 1 (t) at each subdomain Time(s)

BATTERY LIFETIME OPTIMISATION OPTIMIZATION PROBLEM Arguments: safe controller parameters Objective function: expected battery lifetime Gaussian Process Optimization Approximate optimization method • Builds online a statistical model of the objective function from • available samples using Gaussian Process regression Uses the model for finding new parameters to sample • Trade-off between improving objective function ( exploitation ) and • reducing variance ( exploration ) Advantage: returns not just optimal parameters , but also a predictive model

EXPERIMENTS DESKTOP ARDUINO FIO MONSOON Plant Controller Power monitor 5V USB TO SERIAL Resistors + motor