Transducer FSMs in System Design In this lecture we go through - - PowerPoint PPT Presentation

Informatics 1 School of Informatics, University of Edinburgh

1

Transducer FSMs in System Design

In this lecture we go through examples of transducer FSMs in the specification of larger systems. In the process we will discuss system design lifecycles and the role of specification at different lifecycle stages.

Informatics 1 School of Informatics, University of Edinburgh

2

Why Careful Design Matters

Average fix time Design review Code Code review Compile Test Use

P = (1 - P1) × (1 - P2) × … × (1 – Pn) where: P is probability that program is fault free Pi is probability of fault injection at stage i of n

Informatics 1 School of Informatics, University of Edinburgh

3

Example Lifecycle Stages

Requirements Architecture Specification Soft/Hardware Verified specification Verified architecture Validated requirements

FSMs used at this level

Informatics 1 School of Informatics, University of Edinburgh

4

Data Projector: Requirements

1.

Must be able to take input from either the computer or the video.

2.

Should be able to switch between computer and video while the data projector is in

• peration.

3.

Power button must be pressed twice to switch off (to prevent inadvertent shutdown).

Informatics 1 School of Informatics, University of Edinburgh

5

Data Projector: Inputs

From remote control power Signal from on/off button on remote control mode Signal from mode button on remote control From system clock time Timeout signal

Informatics 1 School of Informatics, University of Edinburgh

6

Data Projector : Outputs

To control system

• n

Signals system to start up

• ff

Signals system to shut down c Take input from computer v Take input from video spd Signals suspension of normal operation res Signals normal operation to resume

Informatics 1 School of Informatics, University of Edinburgh

7

Data Projector: Design

wait-c

• ff

comp

• n

video

• n

wait-v

power/on mode/v mode/c power/susp time/res power/susp time/res mode power/off power/off power/off mode

Informatics 1 School of Informatics, University of Edinburgh

8

wait-c

• ff

com

• n

vid

• n

wait-v

power/on mode/v mode/c power/susp time/res power/susp time/res mode power/off power/off power/off mode

Checking Requirement 1

Must be able to take input from either the computer or the video

“comp on” and “video

• n” states are

reachable from start state and from each

• ther

Informatics 1 School of Informatics, University of Edinburgh

9

wait-c

• ff

comp

• n

video

• n

wait-v

power/on mode/v mode/c power/susp time/res power/susp time/res mode power/off power/off power/off mode

Checking Requirement 2

Should be able to switch between computer and video while in operation

“mode” toggles between “comp on” and “video

• n”,

following “on” input.

Informatics 1 School of Informatics, University of Edinburgh

10

wait-c

• ff

comp

• n

video

• n

wait-v

power/on mode/v mode/c power/susp time/res power/susp time/res mode power/off power/off mode

Checking Requirement 3

Power button must be pressed twice to switch off

All routes to “off” from “comp on” or “video on” require two “power” inputs

Informatics 1 School of Informatics, University of Edinburgh

11

An Alternative Design

wait-c

• ff

comp

• n

video

• n

wait-v

power/on mode/v mode/c power/susp t i m e / r e s power/susp t i m e / r e s power/off power/off mode/v mode/c

Informatics 1 School of Informatics, University of Edinburgh

12

Informatics 1 School of Informatics, University of Edinburgh

13

Informatics 1 School of Informatics, University of Edinburgh

14

Informatics 1 School of Informatics, University of Edinburgh

15

Cruise Control: Requirements

1.

The driver must be able to turn the cruise control system off.

2.

The driver must be able to tell the system to maintain the current speed.

3.

The cruise control system must not operate after braking.

4.

The cruise control system must allow the driver to travel faster than the set speed by using the accelerator.

Informatics 1 School of Informatics, University of Edinburgh

16

Cruise Control: Inputs

From driver

• noff

On/off button set Sets cruise to current speed brake Brake pressed accP Accelerator pressed accR Accelerator released resume Resume travelling at set speed From control system correct Car is at correct speed slow Car is slower than set speed fast Car is faster than set speed

Informatics 1 School of Informatics, University of Edinburgh

17

Cruise Control: Outputs

To control system store Store current speed inc Increase the throttle dec Decrease the throttle

Informatics 1 School of Informatics, University of Edinburgh

18

Cruise Control: States

States of cruise control system

• ff

System not operational ready Switched on but no speed set set Speed set and system maintaining it wait Speed set but brake pressed so system is waiting until resume is pressed before attempting to maintain speed acc Accelerator has been pressed (but not released) to override cruise control

Informatics 1 School of Informatics, University of Edinburgh

19

Cruise Control: Design

• ff

ready set wait acc

brake,accP,accR,resume

• noff
• noff

set/store fast/dec correct slow/inc brake resume brake accP brake,set accR,set/store accP

• noff

set,brake,accP, accR,resume

• noff

accP,resume

• noff

Informatics 1 School of Informatics, University of Edinburgh

20

• ff

ready set wait acc

brake,accP,accR,resume

• noff
• noff

set/store fast/dec correct slow/inc brake resume brake accP brake,set accR,set/store accP

• noff

set,brake,accP, accR,resume

• noff

accP,resume

• noff

All states, except “off” transition to off if “onoff” pressed

Checking
 Requirement 1

The driver must be able to turn the cruise control system

• ff.

Informatics 1 School of Informatics, University of Edinburgh

21

• ff

ready set wait acc

brake,accP,accR,resume

• noff
• noff

set/store fast/dec correct slow/inc brake resume brake accP brake,set accR,set/store accP

• noff

set,brake,accP, accR,resume

• noff

accP,resume

• noff

All states (other than “off”) go to “set” via a driver command

Checking
 Requirement 2

The driver must be able to tell the system to maintain the current speed.

Informatics 1 School of Informatics, University of Edinburgh

22

• ff

ready set wait acc

brake,accP,accR,resume

• noff
• noff

set/store fast/dec correct slow/inc brake resume brake accP brake,set accR,set/store accP

• noff

set,brake,accP, accR,resume

• noff

accP,resume

• noff

Checking
 Requirement 3

The cruise control system must not operate after braking.

Braking never leads directly to “set” state

Informatics 1 School of Informatics, University of Edinburgh

23

• ff

ready set wait acc

brake,accP,accR,resume

• noff
• noff

set/store fast/dec correct slow/inc brake resume brake accP brake,set accR,set/store accP

• noff

set,brake,accP, accR,resume

• noff

accP,resume

• noff

Checking
 Requirement 4

The system must allow the driver to go faster than the set speed using the accelerator.

From “set” and “wait”, accP leads to “acc”

Informatics 1 School of Informatics, University of Edinburgh

24

An Alternative Design

• ff

ready set wait acc

brake,accP,accR,resume

• noff
• noff

set/store fast/dec correct slow/inc brake resume, set/store brake accP brake accR, set/store accP

• noff

brake,accP, accR,resume

• noff

accP,resume

• noff

s e t / s t

• r

e

Informatics 1 School of Informatics, University of Edinburgh

25

Wyoming Highway Patrol believes bus that crashed was on cruise control Three people were killed in an eight-vehicle collision …