Transducer FSMs in System Design In this lecture we go through examples of transducer FSMs in the specification of larger systems. In the process we will discuss system design lifecycles and the role of specification at different lifecycle stages. Informatics 1 School of Informatics, University of Edinburgh 1
Why Careful Design Matters Average fix time Code Design review Use Code review Test Compile P = (1 - P 1 ) × (1 - P 2 ) × … × (1 – P n ) where: P is probability that program is fault free Pi is probability of fault injection at stage i of n Informatics 1 School of Informatics, University of Edinburgh 2
Example Lifecycle Stages Requirements Validated requirements Architecture Verified architecture FSMs used Specification Verified specification at this level Soft/Hardware Informatics 1 School of Informatics, University of Edinburgh 3
Data Projector: Requirements Must be able to take input from either the 1. computer or the video. Should be able to switch between computer 2. and video while the data projector is in operation. Power button must be pressed twice to 3. switch off (to prevent inadvertent shutdown). Informatics 1 School of Informatics, University of Edinburgh 4
Data Projector: Inputs From remote control power Signal from on/off button on remote control mode Signal from mode button on remote control From system clock time Timeout signal Informatics 1 School of Informatics, University of Edinburgh 5
Data Projector : Outputs To control system on Signals system to start up off Signals system to shut down c Take input from computer v Take input from video spd Signals suspension of normal operation res Signals normal operation to resume Informatics 1 School of Informatics, University of Edinburgh 6
Data Projector: Design mode/v power/on video comp off on on mode/c power/susp power/off time/res power/susp time/res power/off power/off mode wait-c wait-v mode Informatics 1 School of Informatics, University of Edinburgh 7
Must be able to take input Checking from either the computer or Requirement 1 the video mode/v power/on vid com off on on mode/c “comp on” and “video power/susp power/off on” states are time/res power/susp time/res reachable from start power/off state and from each power/off other mode wait-c wait-v mode Informatics 1 School of Informatics, University of Edinburgh 8
Should be able to switch Checking between computer and video Requirement 2 while in operation mode/v power/on video comp off on on mode/c “mode” power/susp toggles power/off time/res power/susp between time/res “comp on” and “video power/off on”, power/off following “on” input. mode wait-c wait-v mode Informatics 1 School of Informatics, University of Edinburgh 9
Power button must be pressed Checking twice to switch off Requirement 3 mode/v power/on video comp off on on mode/c All routes to “off” from power/susp time/res “comp on” or power/susp time/res “video on” power/off require two power/off “power” inputs mode wait-c wait-v mode Informatics 1 School of Informatics, University of Edinburgh 10
An Alternative Design wait-v power/off power/susp t mode/c i m e / r e s mode/v power/on video comp off on on mode/c t i m power/susp e / r e mode/v s power/off wait-c Informatics 1 School of Informatics, University of Edinburgh 11
Informatics 1 School of Informatics, University of Edinburgh 12
Informatics 1 School of Informatics, University of Edinburgh 13
Informatics 1 School of Informatics, University of Edinburgh 14
Cruise Control: Requirements The driver must be able to turn the cruise 1. control system off. The driver must be able to tell the system to 2. maintain the current speed. The cruise control system must not operate 3. after braking. The cruise control system must allow the 4. driver to travel faster than the set speed by using the accelerator. Informatics 1 School of Informatics, University of Edinburgh 15
Cruise Control: Inputs From driver onoff On/off button set Sets cruise to current speed brake Brake pressed accP Accelerator pressed accR Accelerator released resume Resume travelling at set speed From control system correct Car is at correct speed slow Car is slower than set speed fast Car is faster than set speed Informatics 1 School of Informatics, University of Edinburgh 16
Cruise Control: Outputs To control system store Store current speed inc Increase the throttle dec Decrease the throttle Informatics 1 School of Informatics, University of Edinburgh 17
Cruise Control: States States of cruise control system off System not operational ready Switched on but no speed set set Speed set and system maintaining it wait Speed set but brake pressed so system is waiting until resume is pressed before attempting to maintain speed acc Accelerator has been pressed (but not released) to override cruise control Informatics 1 School of Informatics, University of Edinburgh 18
Cruise Control: Design brake,accP,accR,resume correct slow/inc brake fast/dec brake,set set wait ready set/store resume accR,set/store onoff onoff brake onoff accP accP onoff acc off onoff accP,resume set,brake,accP, accR,resume Informatics 1 School of Informatics, University of Edinburgh 19
Checking The driver must be able to turn the cruise control system Requirement 1 off. brake,accP,accR,resume correct slow/inc brake fast/dec brake,set set wait ready set/store resume accR,set/store All states, onoff onoff brake except “off” onoff transition accP accP to off if “onoff” pressed onoff acc off onoff accP,resume set,brake,accP, accR,resume Informatics 1 School of Informatics, University of Edinburgh 20
Checking The driver must be able to tell the system to maintain the Requirement 2 current speed. brake,accP,accR,resume correct brake slow/inc fast/dec brake,set set wait ready resume set/store All states accR,set/store onoff onoff (other than “off”) brake go to “set” onoff accP via a driver accP command onoff acc off onoff accP,resume set,brake,accP, accR,resume Informatics 1 School of Informatics, University of Edinburgh 21
Checking The cruise control system must not operate after Requirement 3 braking. brake,accP,accR,resume correct slow/inc brake fast/dec brake,set set wait ready set/store resume accR,set/store onoff onoff Braking brake never leads onoff accP directly to accP “set” state onoff acc off onoff accP,resume set,brake,accP, accR,resume Informatics 1 School of Informatics, University of Edinburgh 22
Checking The system must allow the driver to go faster than the set Requirement 4 speed using the accelerator. brake,accP,accR,resume correct brake slow/inc fast/dec brake,set set wait ready set/store resume accR,set/store onoff onoff From “set” brake and “wait”, onoff accP accP leads accP to “acc” onoff acc off onoff accP,resume set,brake,accP, accR,resume Informatics 1 School of Informatics, University of Edinburgh 23
An Alternative Design brake,accP,accR,resume correct resume, slow/inc fast/dec set/store brake set/store wait ready set brake onoff e r o t accP brake s / t e onoff onoff s accR, accP set/store onoff off acc onoff accP,resume brake,accP, accR,resume Informatics 1 School of Informatics, University of Edinburgh 24
Wyoming Highway Patrol believes bus that crashed was on cruise control Three people were killed in an eight-vehicle collision … Informatics 1 School of Informatics, University of Edinburgh 25
Recommend
More recommend
