Abstract
The MBD approach proposed in this work is presented in this section. This approach supports the development of GALS-DECs (a set of controllers in asynchronous interaction where each controller is synchronously executed). The distributed system is specified through a single Petri net model that simultaneously supports its documentation, validation (using simulation and model-checking tools), and implementation (using automatic code generator tools). This Petri net model is platform-independent, supporting the controller implementation in heterogeneous platforms.
Access provided by Autonomous University of Puebla. Download chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
3.1 Proposed Model-Based Development Approach
The MBD approach proposed in this work is presented in this section. This approach supports the development of GALS-DECs (a set of controllers in asynchronous interaction where each controller is synchronously executed). The distributed system is specified through a single Petri net model that simultaneously supports its documentation, validation (using simulation and model-checking tools), and implementation (using automatic code generator tools). This Petri net model is platform-independent, supporting the controller implementation in heterogeneous platforms. Additionally, this model is also network-independent, supporting the interaction through heterogeneous communication networks. Therefore this model provides high flexibility in the implementation phase (to select several types of platforms and communication networks), facilitating the achievement of the desired performance, power consumption, EMI, and cost. The proposed MBD approach is presented in Fig. 3.1 through a UML activity diagram (UML 2015).
The proposed MBD approach comprises several development steps. Each step is in the scope of: the controllers’ modeling, the models’ simulation, the models’ behavioral verification, the controllers’ implementation, or the controllers’ testing. The development steps are:
-
the creation or the selection of the controllers’ sub-models. Each controller is specified through one or more Petri net sub-models, each one having synchronous and deterministic execution semantics. These sub-models may be or become reusable. This work proposes the use of Petri nets extended with the time-domain (TD) concept (presented in Sect. 3.4), with priorities (Sect. 3.3), and with inputs and outputs (Sect. 3.2), to create the sub-models of each controller;
-
the validation (simulation and verification) of each reusable sub-model. If the sub-model does not present the desired behavior or if it is not possible to create the full state-space of that sub-model, then the sub-model must be changed, corrected, or split into several sub-models, and then each sub-model must be validated again. It is required to generate the full state-space, to verify the bound of each place (the maximal number of tokens that can be in each place);
-
the automatic addition of the place bounds into the reusable sub-models. If it is possible to generate the full state-space, it is possible to calculate the place bounds and automatically add them into the sub-models. The place bounds are the bounds of the memory elements that will be used to implement the places. This is required to ensure that these sub-models can be implemented;
-
the creation of the global GALS-DEC model. The global model is created using the reusable sub-models, changing their time-domains (to ensure that sub-models from different components have different time-domains), and connecting asynchronous-channels (presented in Sect. 3.5) to their sources and targets (the transitions that are channel-sources and channel-targets). It is important to note that the reusable sub-models should be created and the asynchronous-channels should be connected, in such a way that it is not possible to simultaneously have more than one message in each asynchronous-channel. This ensures that it is not required to generate the full state-space of the global GALS-DEC model, in order to generate the communication nodes required to support the components interaction (the asynchronous-channels implementation);
-
the simulation and the verification of the global GALS-DEC model. If the global model does not specify the desired behavior, the reusable sub-models must be corrected or changed, and the previous steps must be repeated;
-
if possible, the automatic update and addition of the place bounds and asynchronous-channel bounds into the global GALS-DEC model. If it is possible to generate the full state-space of the global model, then the place bounds can be automatically updated and the asynchronous-channel bounds can be automatically added. If it is not possible to generate the full state-space, but the global model was created to ensure that the asynchronous-channel bounds are not bigger than one, then place bounds are not updated and the asynchronous-channel bounds can be automatically added and assigned the value one. This bounded model supports the components and the communication nodes implementation;
-
the automatic decomposition of the global GALS-DEC model into a set of implementable sub-models. Each of these sub-models will support the implementation of a synchronous component. An algorithm to support this decomposition is presented in Sect. 3.8;
-
the selection of the implementation platforms and of the communication networks, and the mapping of the models inputs and outputs, to the platform physical connectors;
-
the automatic code generation. The components implementation code can be automatically generated using the tools presented in Campos-Rebelo et al. (2011), Pereira et al. (2012a), and Pereira and Gomes (2013). The communication nodes implementation code can also be automatically generated; however, currently no tools are available to perform this task;
-
the code deployment into the implementation platforms;
-
the platform tests. If GALS-DEC presents the desired behavior and matches the required requirements (performance, power consumption, and so on), then the distributed controller is finished, otherwise other implementation platforms must be selected and tested, or even other communication networks should be considered. If the available platforms and communication networks were tested, without matching the desired requirements, then the reusable sub-models must be changed, to check if a different distributed controller that also has the desired behavior can match the desired requirements.
Most of these development steps were used in the application example presented in Chap. 4, illustrating the proposed model-based development approach.
3.2 Petri Nets Extended with Inputs and Outputs
To explicitly specify the interaction between the controllers and their environment, Petri nets must integrate input and output dependencies. When these controllers interact through communication channels, the inputs and outputs also support the specification of the interaction between the controllers and the communication channels. The use of three types of inputs and outputs is proposed in this book:
-
input signals and output signals;
-
input events and output events; and
-
channel targets (are inputs) and channel sources (are outputs).
Signals and events must be used in the reusable sub-models, in the global GALS-DEC models, and in the implementable sub-models, to specify the interaction between the controllers and the environment. In the reusable sub-models, channel targets and channel sources are used to specify how the controllers are affected by and affect the communication channels, whereas in the implementable sub-models, events (automatically introduced during the global model decomposition) are used to specify the interaction between the controllers and the communication channels. The channel targets and channel sources, which are associated with transitions, are ignored during: (1) the validation, if the transitions have asynchronous channels connected to them; and (2) the automatic code generation. In this work, such as in other works (like in Gomes et al. 2007a), it is proposed that: (1) input and output signals should be verified and assigned within Boolean expressions and assignment expressions; and (2) input and output events should be associated with transitions. The channel targets and channel sources should also be associated to transitions.
A Petri nets class with these inputs and outputs and associated expressions is given by:
where PN is a tuple with the common sets to define a Petri nets class [Eq. (2.1)] and IO is given by:
ie, a partial function associating transitions with sub-sets of input events:
where \(\mathcal{P}(\mathrm{IE})\) is the power set of IE (the set of all subsets of IE), and IE is the set of input events. This means that a set of input events can be associated with each transition.
oe, a partial function associating transitions with sub-sets of output events:
where \(\mathcal{P}(\mathrm{OE})\) is the power set of OE, and OE is the set of output events. This means that a set of output events can be associated with each transition.
ct, a partial function identifying some transitions as being channel targets:
where CT is the set of channel targets. This means that each transition can be target of a communication channel.
cs, a partial function identifying a set of transitions as being channel sources (sources of communication channels):
where CS is the set of channel targets.
is, a partial function associating transitions with Boolean expressions:
where BE is the set of Boolean expressions checking input signal values.
os, a partial function associating places with assignment expressions:
where \(\mathcal{P}(\mathrm{AE})\) is the power set of AE, and AE is the set of assignment expressions assigning the result of mathematical expressions to output signals.
Inputs constrain the net evolution (the transitions firing), whereas outputs are affected by the net evolution and by the net marking (the number of tokens). An input event that is associated with a transition disables the transition firing whenever it does not occur. Channel targets constrain transitions in a similar way as input events. A Boolean expression (associated with a transition) disables the transition firing when false. An output event is generated when the associated transition fires. Finally, an output signal is assigned to the result of the associated expression when the associated place is marked.
3.3 Petri Nets with Priorities
Priorities are proposed in this work to solve Petri net conflicts, as in Gomes et al. (2007a). Two (or more) transitions with the same input place are in a structural conflict, which is also an effective conflict if during the net evolution there are states where both transitions are enabled, but cannot fire simultaneously. If two transitions are enabled, but cannot fire simultaneously, which one should fire? To solve this ambiguous situation and allow autonomous execution of the model, different priorities must be assigned to transitions in conflict. This way becomes clear which of the transitions will fire. Priorities simultaneously solve structural conflicts and effective conflicts. A Petri net with a priority function is given by:
where pr is a partial function associating transitions with positive integers (\(\mathbb{N} =\{ 1,2,3,\ldots \}\)), given by:
The transition associated with the lower value is the one with higher priority. The priority function must ensure that any two transitions in a structural conflict must have different priorities:
A Petri net model with one solved conflict is presented in Fig. 3.2. Transitions “T1” and “T2” are in conflict, competing for the token that is in place “P1”. This conflict is solved assigning priority 1 (“pr:1”) to transition “T2” and priority 2 (“pr:2”) to transition “T1”. This means that transition “T2” has higher priority than transition “T1”.
3.4 The Time-Domain Concept
The time-domain concept, described in Moutinho and Gomes (2014), introduces the globally-asynchronous locally-synchronous execution semantics into Petri nets, and ensures that the created models always specify distributed systems, supporting their implementation, as desired in this work. Time-domains make Petri nets totally synchronized Petri nets with single-server semantics (such as those proposed in Moalla et al. 1978). The totally synchronized Petri nets presented in Moalla et al. (1978) are suited to model GALS systems; however, they do not ensure that the created models can be implemented as distributed systems, whereas the use of Petri nets extended with time-domains ensures that the created models have well-delimited synchronized domains, supporting their implementation as distributed controllers.
3.4.1 Petri Nets Extended with Time-Domains
A Petri nets class extended with time-domains is given by:
where td is the time-domain function. td is a function associating Petri net places and transitions with positive integers (\(\mathbb{N} =\{ 1,2,3,\ldots \}\)), as defined in Eq. (3.13).
To ensure that each sub-model cannot specify more than one component, in a Petri net model with time-domains each arc always connects two nodes (places and transitions) with the same time-domain, as defined in Eq. (3.14).
This ensures that the created models are structurally unambiguous and distributable, in order to support their implementation, and the use of automatic code generators. For instance, using Petri nets with time-domains, it is not possible to create models: (1) with structural ambiguities, such as the one presented in Fig. 2.7; and (2) that are not distributable, such as those that have transitions in conflict with different time-domains (conflicts must be solved locally).
A Petri net model with time-domains specifying three synchronous and independent components is presented in Fig. 3.3. This model has four (disconnected) sub-models: the sub-model with time-domain 1, where all nodes have time-domain 1 (“td:1”); the sub-models with time-domain 2, where all nodes have time-domain 2 (“td:2”); and the sub-model with time-domain 3, where all nodes have time-domain 3 (“td:3”).
3.4.2 Execution Semantics of Petri Nets with Time-Domains
Petri nets with time-domains have the execution semantics of totally synchronized Petri nets with single-server semantics (Moalla et al. 1978). In a Petri net model with time-domains all transitions have time-domain and all transitions with the same time-domain are synchronized by the same external event, which is implicit for that time-domain. In a specific execution state, when a synchronizing event occurs, all the associated transitions that are enabled and not in a conflict that prevent their firing will fire simultaneously in that instant. It was defined that transitions with different time-domains never fire simultaneously (as they have different synchronizing events). The Petri net model with time-domains presented in Fig. 3.3 has the following execution semantics:
-
in the sub-model with time-domain 1, only transition “T1” is enabled, and it will fire when the associated (implicit) event occurs;
-
in the sub-model with time-domain 2, both transitions “T6” and “T3” are enabled. They fire simultaneously when the associated (implicit) event occurs;
-
in the sub-model with time-domain 3, no transition is enabled;
-
in the initial state two things can happen: transition “T1” fires or transitions “T6” and “T3” fire. This shows that the behavior of the global distributed model is non-deterministic (as desired), because each sub-model is independent. However, the behavior of each sub-model is deterministic (in a specific state for specific input values, the sub-model has always the same next state), if the existing conflicts are solved.
Transitions “T4” and “T5” are in conflict, which means that this conflict must be a-priori solved to ensure deterministic and unambiguous sub-models. As previously mentioned, this book proposes the use of priorities to solve conflicts. The state-space (also known as reachability graph) that represents the global model (Fig. 3.3) behavior is presented in Fig. 3.4.
3.5 Asynchronous-Channels
3.5.1 Introduction
Three types of asynchronous communication channels were proposed in Moutinho and Gomes (2014) to specify the interaction between Petri net sub-models with time-domains, enabling the specification of globally-asynchronous locally-synchronous distributed embedded controllers (GALS-DECs). The use of time-domains ensures that the models have well-delimited synchronized domains without structural ambiguities. However, it is required to enable sub-models interaction, to support the specification among the synchronous components. To support this interaction the following channels were proposed:
-
the Simple Asynchronous Channel (SimpleAC);
-
the Acknowledged Asynchronous Channel (AckAC);
-
the Not-enabled Asynchronous Channel (NotAC).
These three asynchronous-channels provide a network-independent specification of the components interaction, as they do not specify the transmission time, which can be unbounded, between zero and infinite (a communication failure). This means that a global model (with these channels) can support the implementation using different types of communication networks and protocols. Additionally, the validation of this global model provides results that are valid regardless of the implementation support. This provides high flexibility in the implementation phase, enabling the creation of several heterogeneous prototypes (using a single global model), test them, and select the most suited one (for instance, the one that provides the desired performance with lower power consumption).
Each asynchronous-channel is listening one transition of one sub-model (with a specific time-domain) and based on that sends messages to a set of transitions of another sub-model (with another time-domain). The SimpleAC, which is an improved version of the channel introduced in Moutinho and Gomes (2012a), sends a message to the target sub-model whenever the listened transition (the source transition) fires. The AckAC sends a message to the target sub-model whenever the listened transition receives a message from another asynchronous-channel. The NotAC sends a message to the target sub-model whenever the listened transition receives a message from another asynchronous-channel and does not fire (reporting that the transition is not enabled).
When a message arrives the target sub-model, it is simultaneously delivered to the target transitions of that asynchronous channel. From those transitions, the ones that can fire, will fire in the next execution step. The message is only available (to be read) during one execution step, being destroyed after that.
A Petri net model with these three types of channels is presented in Fig. 3.5. This model has three SimpleACs (“AC1”, “AC3”, and “AC5”), one AckAC (“AC2”), and one NotAC (“AC4”):
-
“AC1” connects transition “T1” of the sub-model with time-domain 1 (“td:1”) to the transitions “T6” and “T3” of the sub-model with time-domain 2 (“td:2”);
-
“AC3” connects transition “T3” of the sub-model with time-domain 2 to the transition “T8” of the sub-model with time-domain 3 (“td:3”);
-
“AC5” connects transition “T8” of the sub-model with time-domain 3 to the transition “T5” of the sub-model with time-domain 2;
-
“AC2” connects transition “T3” of the sub-model with time-domain 2 to the transition “T2” of the sub-model with time-domain 1;
-
“AC4” connects transition “T8” of the sub-model with time-domain 3 to the transition “T4” of the sub-model with time-domain 2.
Whenever transition “T1” fires, one message is created and sent through the asynchronous-channel “AC1”, to the transitions “T6” and “T3”. Whenever transition “T3” receives a message (regardless of its firing), one message is created and sent through the asynchronous-channel “AC2”, to the transition “T2”. Finally, whenever transition “T8” receives a message and does not fire, one message is created and sent through the asynchronous-channel “AC4”, to the transition “T4”.
3.5.2 Asynchronous-Channel Definition
A Petri nets class extended with asynchronous-channels and time-domains is given by:
where AC, a set of asynchronous-channels that includes a set of SimpleACs (SAC), a set of AckACs (AAC), and a set of NotACs (NAC), is given by Eq. (3.16).
SimpleACs, AckACs, and NotACs associate transitions with sets of transitions, as presented in Eqs. (3.17)–(3.19), where \(\mathcal{P}(T)\) is the power set of T.
Each asynchronous-channel connects one transition of one component (the source transition) to a set of transitions of another component (the target transitions). This means that the target transitions of each asynchronous-channel must have the same time-domain (as they belong to a single component), as presented in Eq. (3.20).
Two asynchronous-channels cannot have the same target transition:
The AckACs and NotACs are used to provide feedback about the delivery of messages and about their influence in the target transitions. This means that: (1) the source of an AckAC is always the target of another asynchronous-channel [Eq. 3.22], and (2) the source of a NotAC is always the target of another asynchronous-channel [Eq. 3.23].
3.5.3 Asynchronous-Channels Execution Semantics
Asynchronous-channels were proposed to connect sub-models with different time-domains, specifying the asynchronous interaction among distributed and synchronous components. Each channel specifies the sending of a specific message from one component (the source) to another component (the target). These channels do not specify the communication network, protocol, and delay (the time taken by each message from the source to the target), ensuring network-independent specifications.
These three types of channels have similar execution semantics. The difference is that they report different events in the source components:
-
the SimpleAC sends a message whenever its source transition fires;
-
the AckAC sends a message whenever its source transition fires receives a message;
-
the NotAC sends a message whenever its source transition fires receives a message but does not fire (because it is disabled).
The execution semantics of a Petri net model with asynchronous-channels (such as the one presented in Fig. 3.5) can be expressed through a Petri net model where the asynchronous-channels were replaced by behaviorally equivalent sub-models (such as the one presented in Fig. 3.6). In the model from Fig. 3.6, the asynchronous-channels “AC1”, “AC2”, “AC3”, “AC4”, and “AC5” from Fig. 3.5 were replaced their behaviorally equivalent sub-models (with different coloring nodes).
The SimpleACs, the AckACs, and the NotACs behaviorally equivalent Petri net sub-models are presented in Figs. 3.7, 3.8, and 3.9. The algorithm presented in Sect. 3.6 supports the transformation of Petri net models with asynchronous-channels into Petri net models without asynchronous-channels. In all the behaviorally equivalent models:
-
the place pGoing is used to count the number of messages that were sent and that have not yet arrived into the target component;
-
the transition tDeliver firing specifies the arriving of a message. It fires when the associated event (IE) occurs. When the transition tDeliver fires, the target transitions if enabled also fire. tDeliver consumes the tokens from place pGoing, ensuring that each message is only available (to enable the target transitions) during one execution step of the target component, being destroyed after that;
-
the input event IE is non-deterministic, ensuring that these channels do not specify the communication time, as desired to obtain network-independent specifications.
Any of these behaviorally equivalent models has two target transitions (“tTarget1” and “tTargetN”); however, they can have one or more target transitions. Each asynchronous-channel can have a non-zero positive integer number of target transitions.
The models from Figs. 3.7, 3.8, and 3.9 have similar execution semantics; however, they react (create and send messages) to different types of events in the source transitions:
-
the SimpleAC creates and sends a message whenever the source transition fires, as specified in Fig. 3.7 (when the source transition fires one token is added to place “pGoing” specifying that a message is going to the target component);
-
the AckAC creates and sends a message whenever the source transition receives a message from another asynchronous-channel. When the source transition receives a message, the transition “tDeliverSource” (Fig. 3.8) also receives a message. Given that “tDeliverSource” is enabled (it is always enabled), it fires and one token is created in place “pGoing” specifying that a message is going to the target component;
-
the NotAC creates and sends a message whenever the source transition receives a message from another asynchronous-channel and does not fire. When the source transition receives a message, the transition “tNot” (Fig. 3.8) also receives a message. The transition “tNot” fires if and only if the source transition does not fire (“tNot” has lower priority than the source transition and “pXor” ensures that they cannot fire simultaneously). When “tNot” fires one token is generated in place “pGoing” specifying that a message is going to the target component.
The model presented in Fig. 3.6 supports the validation of the model from Fig. 3.5, but not its implementation or documentation. It does not support its implementation because not all nodes have time-domain and the arcs do not always connect nodes with equal time-domain. However, the use of Petri nets extended with time-domains without fulfilling all the assumptions described in Sect. 3.4 is not a problem if the models are only used for validation purposes.
3.6 Distributed GALS Models Validation
Petri net models with time-domains and asynchronous-channels can be simulated (using simulation tools) and verified (using state-space model-checking tools). An algorithm, which specifies the translation of Petri net models with time-domains and asynchronous-channels into behaviorally equivalent models with time-domains but without asynchronous-channels, is presented in this section. This algorithm was implemented in the IOPT-Tools online framework (Pereira et al. 2012a), to allow the use of their simulation and model-checking tools to simulate and verify distributed GALS models. The translation algorithm is presented in Algorithm 1 and described in the following items:
-
line 1—the Petri net model (“globalPNname”) with asynchronous-channels is copied into the “globalPN” data structure;
-
line 2—the “globalPN” is cloned into the data structure (“translatedPN”) that will have the translated model;
-
line 3—for each asynchronous-channel of the “translatedPN” data structure:
-
lines 4, 5, and 6—it is added the place “pGoing,” the transition “tDeliver,” and an arc connecting them;
-
lines 7 to 10—it is also added a test arc connecting the place “pGoing” to each target transition, where it is also associated an input event;
-
lines 11 to 13—if it is a SimpleAC, an arc connecting the source transition to the place “pGoing” is added into the “translatedPN” data structure;
-
lines 14 to 16—if it is an AckAC, an arc connecting the transition “tDeliver” of the source component to the place “pGoing” is added into the “translatedPN” data structure;
-
lines 17 to 27—if it is a NotAC, the following items are added to the “translatedPN” data structure: the transition “tNot”, the place “pXor”, arcs interconnecting them and connecting “pXor” to the source transition, priorities to the source transition and to “tNot”, an arc connecting “tNot” to “pGoing”, and a test arc connecting the place “pGoing” of the behaviorally equivalent sub-model of the asynchronous-channel that is source of the current source transition;
-
line 28—the asynchronous-channel is removed from “translatedPN”;
-
line 30—the obtained model is saved into a PNML file.
Algorithm 1 The translation algorithm that replaces asynchronous-channels by their behaviorally equivalent sub-models
Require: globalPNname
1: globalPN ← Read(globalPNname)
2: translatedPN ← globalPN
3: for all ac ∈ translatedPN. AC do
4: translatedPN. AddNewPlace(pGoing, ac. id)
5: translatedPN. AddNewTransition(tDeliver, ac. id, translatedPN. td(ac. Targets[0]), IE)
6: translatedPN. AddNewArc(pGoing, tDeliver, ac. id)
7: for all tTarget ∈ ac. Targets do
8: translatedPN. AddNewTestArc(pGoing, tTarget, ac. id)
9: translatedPN. AddEventToTransition(tTarget, IE, ac. id)
10: end for
11: if ac ∈ globalPN. SAC then
12: translatedPN. AddNewArc(ac. Source, pGoing, ac. id)
13: end if
14: if ac ∈ globalPN. AAC then
15: translatedPN. AddNewArc(tDeliver, ac. Source, pGoing, ac. id)
16: end if
17: if ac ∈ globalPN. NAC then
18: translatedPN. AddNewTransition(tNot, ac. id, IEdeliver, ac. Source)
19: translatedPN. AddNewPlace(pXor, marking = 1, ac. id)
20: translatedPN. AddNewArc(tNot, pXor, ac. id)
21: translatedPN. AddNewArc(pXor, tNot, ac. id)
22: translatedPN. AddNewArc(ac. Source, pXor, ac. id)
23: translatedPN. AddNewArc(pXor, ac. Source, ac. id)
24: translatedPN. AddNewPriorityHigherLower(ac. Source, tNot, ac. id)
25: translatedPN. AddNewArc(tNot, pGoing, ac. id)
26: translatedPN. AddNewTestArc(pGoing, ac. Source, tNot, ac. id)
27: end if
28: translatedPN. RemoveAC(ac)
29: end for
30: SaveNewPNML(translatedPN)
The algorithm that describes how to generate the state-spaces (also known as reachability graphs) of Petri net models with time-domains was proposed in Moutinho and Gomes (2011) and refined in Moutinho (2014). This algorithm, which was implemented in the IOPT-Tools, generates the state-spaces and saves them into hierarchical XML files. To analyze and verify the state-spaces (searching proprieties), standard tools for XML, like XPath and XQuery (W3C 2013) and the IOPT query engine (Pereira et al. 2012a) can be used. The state-spaces support not only the behavioral verification, but can also provide the places bounds, which are the sizes of the memory resources needed to implement the controllers.
The state-space of the model from Fig. 3.5, which of course is also the state-space of the behaviorally equivalent model presented in Fig. 3.6, is presented in Fig. 3.10. This state-space was generated in the IOPT-Tools state-space generator for GALS (Moutinho and Gomes 2012b), which implements the algorithm proposed in Moutinho and Gomes (2011) and refined in Moutinho (2014).
The model from Fig. 3.5 has the following behavior:
-
whenever transition “T1” fires, one message is sent through the asynchronous-channel “AC1” (in the behaviorally equivalent model one token is inserted in place “PAC1”);
-
when the “AC1” message arrives the target component (in the behaviorally equivalent model, the event “IEAC1” occurs), one message is sent through the asynchronous-channel “AC2” (in the behaviorally equivalent model one token is inserted in place “PAC2”), and transitions “T6” and “T3” fire (if enabled);
-
when “AC2” message arrives to the target sub-model (in the behaviorally equivalent model, this is specified by the occurrence of event “IEAC2”), the transition “T2” fires (if enabled);
-
when transition “T3” fires, one message is sent through the asynchronous-channel “AC3”;
-
when the “AC3” message arrives to the target component (in the behaviorally equivalent model, the event “IEAC3” occurs), one message is sent through the asynchronous-channel “AC4” (in the behaviorally equivalent model one token is inserted in place “PAC4”) because transition “T8” is disabled;
-
however, if transition “T8” was enabled, then a message would be sent through the asynchronous-channel “AC5” instead of “AC4”.
3.7 Bounded Petri Nets
The state-space analysis not only supports the controllers’ verification, but also supports their implementation. Each Petri net place will be implemented as a memory resource (such as a software variable or a hardware register). To select the variable type or to implement the register, it is required to know its size, which is given by the place bound. The bound of a place is the maximal number of tokens that will be simultaneously in that place. The bound of each place can easily be checked in the state-space. Figure 3.10 not only presents the state-space, but also the bounds of places and asynchronous-channels.
The model-based development approach (MBD) proposed in Sect. 3.1 includes steps where the bounds are calculated and updated. After the second step (the reusable sub-models’ verification) of proposed MBD approach the places bound are added into the sub-models. Later, after the verification of the global GALS-DEC model (where the state-space is generated), the bounds are updated, but only if it is possible to generate the full state-space. Otherwise the bounds added in the second step will remain the same. Given that the global GALS-DEC model was created to have asynchronous-channels bounded to one, it is not required to generate the full state-space to ensure its proper implementation. This is the major difference between the MBD approach proposed in this book and the MBD approach proposed in Moutinho (2014).
The places and the asynchronous-channels bounds are given by Eq. (3.24).
where:
-
P is the set of places that excludes PAC;
-
PAC is the set of places of the behaviorally equivalent sub-models that specify the asynchronous-channels;
-
n + 1 is the number of state-space nodes;
-
m is the order of a state-space node;
-
# M m (p) is the number of tokens that are in the place p in the node m of the state-space.
A bounded Petri nets class extended with time-domains and asynchronous-channels is given by Eq. (3.25).
bound is a function associating places with non-negative integers:
where \(\mathbb{N}_{0} =\{ 0,1,2,3,\ldots \}\).
3.8 Decomposition into Implementable Sub-models
After the global GALS-DEC model creation and validation, it must be decomposed into a set of implementable sub-models that support the components implementation code generation, potentially using automatic code generators, such as those from IOPT-Tools. The algorithm that supports this decomposition is presented in this section. This algorithm (Algorithm 2) reads the global GALS-DEC PNML file and creates a set of PNML files, where each file contains the sub-models that specify each component. These files that fully specify the synchronous components can be used as inputs in automatic code generators. A decomposition tool, which implements this algorithm, was added into the IOPT-Tools (Pereira et al. 2012a). The created files can be used as inputs in automatic code generators, such as those from IOPT-Tools: (1) C code generators (Campos-Rebelo et al. 2011; Pereira et al. 2012a) and (2) VHDL code generators (Gomes et al. 2007b; Pereira and Gomes 2013).
Algorithm 2 The decomposition algorithm that reads the global model and creates the implementation sub-models of each component
Require: globalPNname
1: globalPN ← Read(globalPNname)
2: timedomainList ← GetTimeDomains(globalPN)
3: for all timeD ∈ timedomainList do
4: componentPN ← globalPN
5: for all a = (x, y) ∈ componentPN. A do
6: if td(x) ≠ timeD ∨ td(y) ≠ timeD then
7: componentPN. RemoveArc(a)
8: end if
9: end for
10: for all p ∈ componentPN. P do
11: if componentPN. td(p) ≠ timeD then
12: componentPN. RemovePlace(p)
13: end if
14: end for
15: for all ac = (t s , T t ) ∈ componentPN. AC do
16: if td(t s ) = timeD ∧ ac ∈ SAC then
17: componentPN. AssignOutEvToTransition(t s , ac)
18: end if
19: if ∃(t t ∈ T t ): td(t t ) = timeD then
20: for all t t ∈ T t do
21: componentPN. AssignInEvToTransition(t t , ac)
22: end for
23: if ∃(aac = (t t , T) ∈ aac) then
24: componentPN. AddNewTransition(′tdeliver′, ac, timeD)
25: componentPN. AssignInEvToTransition(′tdeliver′, ac)
26: end if
27: for all aac = (t t , T) ∈ aac do
28: componentPN. AddNewOutEvToTransition(′tdeliver′, ac, aac)
29: end for
30: end if
31: componentPN. RemoveAC(ac)
32: end for
33: for all t ∈ componentPN. T do
34: if componentPN. td(t) ≠ timeD then
35: componentPN. RemoveTransition(t)
36: else
37: if ∃(nac = (t, T) ∈ NAC) then
38: componentPN. AddNewTransitionWithLowerPriority(′tnotenabled′, t, timeD)
39: ac: ac = (t x , T x ) ∈ ac ∧ t ∈ T x
40: componentPN. AddNewInEvToTransition(′tnotenabled′, t, ac)
41: componentPN. AddNewPlace(′pxor′, marking = 1)
42: componentPN. AddNew4Arcs(t, ′pxor′, ′tnotenabled′)
43: end if
44: for all nac = (t, T) ∈ NAC do
45: componentPN. AddNewOutEvToTransition(‘tnotenabled′, t, nac)
46: end for
47: end if
48: end for
49: CreateNewPNMLfile(componentPN)
50: end for
To create the sub-models of each component (with a specific time-domain), the algorithm:
-
reads the PNML file of the global GALS-DEC model;
-
removes the nodes (places and transitions) that do not have the time-domain of that component;
-
removes the arcs that were connected to the removed nodes;
-
removes the asynchronous-channels and introduces: (1) additional sub-models; and (2) additional input events and output events (to specify the interaction between the components and the communication nodes);
-
saves the resulting sub-models into a new PNML file.
Describing the algorithm in more detail:
-
line 1—the global Petri net model uploaded into the globalPN data structure;
-
line 2—a list with all time-domains of the globalPN is created;
-
lines 3 to 48—for each time-domain, the model of the associated component is created;
-
line 4—new data structure (componentPN) is created with a copy of the global model (at the end this new structure will contain the component model);
-
lines 5 to 9—each arc that connects one node with a different time-domain (from another component) is removed;
-
lines 10 to 14—each place with a different time-domain (from another component) is removed;
-
line 15—for each asynchronous-channel (AC)
-
lines 16 to 18—if its source transition has the (component) time-domain and the AC is a SimpleAC, an output event is associated with the source transition;
-
line 19—if any of the target transitions have the (component) time-domain;
-
lines 20 to 22—an input event is associated with each of its target transitions;
-
lines 23 to 26—if any of the target transitions is source of an AckAC, a new transition (“tdeliver”) with an associated input event is added;
-
lines 27 to 29—for each AckAC that is source of this target transition, a new output event is associated with the new transition (“deliver”);
-
line 31—the asynchronous-channel is removed;
-
line 33—for each transition (“t”);
-
lines 34 to 35—if it has a different time-domain (from another component) is removed;
-
lines 36 to 43—else, if the transition is source of a NotAC, a sub-net is added. This sub-net:
-
has a new transition (“tnotenabled”) with an input event and with lower priority than transition “t’;
-
has a new place “pxor” with one token;
-
has four new arcs: (1) one connecting the transition “t” to “pxor”; (2) one connecting “pxor” to the transition “t”; (3) one connecting “tnotenabled” to “pxor”; and (4) one connecting “pxor” to “tnotenabled”;
-
-
lines 44 to 46—for each NotAC, a new output event is associated to transition “tnotenabled”;
-
line 49—the component model is saved into a PNML file.
The decomposition of the global model presented in Fig. 3.5 produces the sub-models presented in Fig. 3.11. These sub-models support the implementation of the components of the GALS-DEC specified in Fig. 3.5. They can be used as inputs in automatic code generators, such as the C code generator (Pereira et al. 2012a) and the VHDL code generator (Pereira and Gomes 2013), available in the IOPT-tools (Pereira et al. 2012a).
3.9 The Meta-Model of PNs Extended with TDs and ACs
The meta-model of Petri nets extended with time-domains and asynchronous-channels is presented in Fig. 3.12. The proposed meta-model, which is specified through UML class diagrams and OCLs, extends PT-nets (the PT-net meta-model is presented in Fig. 2.3), and complements meta-model definition for IOPT-nets, as in Moutinho et al. (2010) and Gomes et al. (2014). OCLs are used to express constraints that cannot be expressed in the UML class diagrams. As defined in Sects. 3.4 and 3.5, this meta-model also defines that:
-
each node (a place or a transition) has a time-domain;
-
each arc connects two nodes with the same time-domain;
-
a reference transition must always refer a transition with the same time-domain;
-
a reference place must always refer a place with the same time-domain;
-
each asynchronous-channel can be a simple AC, an acknowledged AC, or a not-enabled AC;
-
each asynchronous channel has one source transition and one or more target transitions;
-
each transition cannot be target of more than one asynchronous-channel;
-
all target transitions of an asynchronous-channel must have the same time-domain;
-
the source transition of an acknowledged AC or not-enabled AC must be the target of another asynchronous-channel.
References
André C (1996) SyncCharts: a visual representation of reactive behaviors. Tech. rep. RR 95–52, rev. RR (96–56). I3S, Sophia-Antipolis
André C (2003) Semantics of S.S.M. (safe state machine). Tech. rep. Esterel Technologies, Sophia-Antipolis
André C, Peraldi MA (1993) Grafcet and synchronous languages. APII 27(1):95–105
Balbo G (2000) Introduction to stochastic Petri nets. In: Brinksma E, Hermanns H, Katoen JP (eds) Lectures on formal methods and performance analysis, first EEF/Euro summer school on trends in computer science, Berg en Dal, The Netherlands, July 3–7, 2000, revised lectures. Lecture notes in computer science, vol 2090, pp 84–155. Springer, Heidelberg
Benveniste A, Caspi P, Edwards S, Halbwachs N, Le Guernic P, de Simone R (2003) The synchronous languages 12 years later. Proc IEEE 91(1):64–83. doi:10.1109/JPROC.2002.805826
Berry G, Kishinevsky M, Singh S (2003) System level design and verification using a synchronous language. In: International conference on computer aided design, 2003. ICCAD-2003, pp 433–439. doi:10.1109/ICCAD.2003.1257813
Bhaduri P, Ramesh S (2004) Model checking of statechart models: survey and research directions. CoRR cs.SE/0407038
Bicchierai I, Bucci G, Carnevali L, Vicario E (2012) Combining UML-MARTE and preemptive time Petri nets: an industrial case study. IEEE Trans Ind Inform 9:1806–1818. doi:10.1109/TII.2012.2205399
Billington J, Vanit-Anunchai S, Gallasch G (2009) Parameterised coloured Petri net channel models. In: Jensen K, Billington J, Koutny M (eds) Transactions on Petri nets and other models of concurrency III. Lecture notes in computer science, vol 5800. Springer, Berlin/Heidelberg. doi:10.1007/978-3-642-04856-2_4
Boussinot F, De Simone R (1991) The ESTEREL language. Proc IEEE 79(9):1293–1304. doi:10.1109/5.97299
Bruno G, Agarwal R, Castella A, Pescarmona M (1995) CAB: An environment for developing concurrent application. In: De Michelis G, Diaz M (eds) Application and theory of Petri nets 1995. Lecture notes in computer science, vol 935. Springer, Berlin/Heidelberg, pp 141–160
Bunse C, Gross HG, Peper C (2007) Applying a model-based approach for embedded system development. In: Proceedings of the 33rd EUROMICRO conference on software engineering and advanced applications. IEEE Computer Society, Washington
Campos-Rebelo R, Pereira F, Moutinho F, Gomes L (2011) From IOPT Petri nets to C: An automatic code generator tool. In: 2011 9th IEEE international conference on industrial informatics (INDIN), pp 390–395
Chapiro DM (1984) Globally-asynchronous locally-synchronous systems. Ph.D. thesis, Stanford University
Christensen S, Damgaard HN (1994) Coloured Petri nets extended with channels for synchronous communication. In: Valette R (ed) Application and theory of Petri nets 1994. Lecture notes in computer science, vol 815. Springer, Berlin/Heidelberg, pp 159–178. doi:10.1007/3-540-58152-9_10
Christensen S, Petrucci L (2000) Modular analysis of Petri nets. Comput J 43(3):224–242
Costa A, Gomes L (2007) Petri net splitting operation within embedded systems co-design. In: 2007 5th IEEE international conference on industrial informatics, vol 1, pp 503–508, doi:10.1109/INDIN.2007.4384808
Costa A, Gomes L (2009) Petri net partitioning using net splitting operation. In: 7th IEEE international conference on industrial informatics (INDIN 2009), Cardiff. Available at http://dx.doi.org/10.1109/INDIN.2009.519580410.1109/INDIN.2009.5195804
Costa A, Gomes L, Barros J, Oliveira J, Reis T (2008) Petri nets tools framework supporting FPGA-based controller implementations. In: 34th annual conference of IEEE industrial electronics, 2008. IECON 2008, pp 2477–2482. doi:10.1109/IECON.2008.4758345
CPN-AMI Web site (2015). http://move.lip6.fr/software/CPNAMI/
David R, Alla H (2010a) Bases of Petri nets. In: Discrete, continuous, and hybrid Petri nets. Springer, Berlin/Heidelberg, pp 1–20. doi:10.1007/978-3-642-10669-9_1
David R, Alla H (2010b) Non-autonomous Petri nets. In: Discrete, continuous, and hybrid Petri nets. Springer, Berlin/Heidelberg, pp 61–116. doi:10.1007/978-3-642-10669-9_3
David R, Alla H (2010c) Properties of Petri nets. In: Discrete, continuous, and hybrid Petri nets. Springer, Berlin/Heidelberg, pp 21–60. doi:10.1007/978-3-642-10669-9_2
de Niz D, Bhatia G, Rajkumar R (2006) Model-based development of embedded systems: the SysWeaver approach. In: Proceedings of the 12th IEEE real-time and embedded technology and applications symposium. IEEE Computer Society, Washington
Di Natale M, Guo L, Zeng H, Sangiovanni-Vincentelli A (2010) Synthesis of multitask implementations of simulink models with minimum delays. IEEE Trans Ind Inf 6(4):637–651
Doucet F, Menarini M, Krüger IH, Gupta R, Talpin JP (2006) A verification approach for GALS integration of synchronous components. Electron Notes Theor Comput Sci 146(2):105–131. doi:10.1016/j.entcs.2005.05.038
Esterel Technologies (2005) The Esterel v7 Reference Manual Version v7.30, initial IEEE standardization proposal
Esterel Technologies (2015) Home — Esterel Technologies. http://www.esterel-technologies.com/
Estevez E, Marcos M (2012) Model-based validation of industrial control systems. IEEE Trans Ind Inform 8(2):302–310
Ferreira HA (2010) Petri nets based components within globally asynchronous locally synchronous systems. Master’s thesis, Faculdade de Ciências e Tecnologia da Universidade Nova de Lisboa. http://hdl.handle.net/10362/4796
Ferreira R, Costa A, Gomes L (2011) Intra- and inter-circuit network for Petri nets based components. In: 2011 IEEE international symposium on industrial electronics (ISIE), pp 1529–1534
Gajski DD, Zhu J, Domer R, Gerstlauer A, Zhao S (2000) SpecC: specification language and methodology. Kluwer Academic, Boston
Gamatie A, Gautier T (2010) The signal synchronous multiclock approach to the design of distributed embedded systems. IEEE Trans Parallel Distrib Syst. 21(5):641–657. doi:10.1109/TPDS.2009.125
Garavel H, Thivolle D (2009) Verification of GALS Systems by combining synchronous languages and process calculi. In: Proceedings of the 16th international SPIN workshop on model checking software, Springer, Berlin/Heidelberg, pp 241–260. doi:10.1007/978-3-642-02652-2_20
Girault C, Valk R (2003) Petri nets for system engineering: a guide to modeling, verification, and applications. Springer, Heidelberg
Glabbeek R, Goltz U, Schicke-Uffmann JW (2012) On distributability of Petri nets. In: Birkedal L (ed) Foundations of software science and computational structures. Lecture notes in computer science, vol 7213. Springer, Berlin/Heidelberg, pp 331–345
Gomes L, Barros J (2003) On structuring mechanisms for Petri nets based system design. In: IEEE conference on emerging technologies and factory automation, 2003. Proceedings. ETFA ‘03, vol 2, pp 431–438. doi:10.1109/ETFA.2003.1248731
Gomes L, Barros JP (2005) Structuring and composability issues in Petri nets modeling. IEEE Trans Ind Inform 1(2):112–123
Gomes L, Fernandes JM (eds) (2010) Behavioral modeling for embedded systems and technologies: applications for design and implementation. IGI Global, Hershey
Gomes L, Barros JP, Costa A (2005a) Modeling formalisms for embedded systems design. In: Zurawski R (ed) Embedded systems handbook. CRC, Boca Raton, pp 5–1, 5–34
Gomes L, Barros JP, Costa A, Pais R, Moutinho F (2005b) Towards usage of formal methods within embedded systems co-design. In: ETFA’2005 - 10th IEEE conference on emerging technologies and factory automation. Facolta’ di Ingegneria, Univ. Catania
Gomes L, Barros J, Costa A, Nunes R (2007a) The input-output place-transition Petri net class and associated tools. In: Proceedings of the 5th IEEE international conference on industrial informatics (INDIN’07), Vienna
Gomes L, Costa A, Barros J, Lima P (2007b) From Petri net models to VHDL implementation of digital controllers. In: Proceedings of the IECON’2007 - the 33rd annual conference of the IEEE industrial electronics society. The Grand Hotel, Taipei
Gomes L, Moutinho F, Pereira F (2013) IOPT-tools - a web based tool framework for embedded systems controller development using Petri nets. In: 2013 23rd international conference on field programmable logic and applications (FPL), pp 1–1. doi:10.1109/FPL.2013.6645633
Gomes L, Moutinho F, Pereira F, Ribeiro J, Costa A, Barros JP (2014) Extending input-output place-transition Petri nets for distributed controller systems development. In: International conference on mechatronics and control (ICMC), Jinzhou
Grkaynak FK, Oetiker S, Felber N, Kaeslin H, Fichtner W (2004) Is there hope for GALS in the future? In: Fourth ACiD-WG workshop of the european commissions fifth framework programme, Turku
Halbwachs N, Caspi P, Raymond P, Pilaud D (1991) The synchronous data flow programming language LUSTRE. Proc IEEE 79(9):1305–1320. doi:10.1109/5.97300
Hamez A, Hillah L, Kordon F, Linard A, Paviot-Adet E, Renault X, Thierry-Mieg Y (2006) New features in CPN-AMI 3: focusing on the analysis of complex distributed systems. In: Sixth international conference on application of concurrency to system design, 2006. ACSD 2006, pp 273–275. doi:10.1109/ACSD.2006.15
Han B, Billington J (2004) Experience using coloured Petri nets to model TCP’s connection management procedures. In: Proc. 5th workshop and tutorial on practical use of coloured Petri nets and the CPN tools (CPN Workshop 2004), pp 57–76
Hanisch HM, Lüder A (2000) A signal extension for petri nets and its use in controller design. Fundam. Inform. 41(4):415–431
Harel D (1987) Statecharts: a visual formalism for complex systems. Sci Comput Program 8(3):231–274. doi:10.1016/0167-6423(87)90035-9
ISO/IEC (2011) Systems and software engineering – high-level Petri nets – Part 2: Transfer format. ISO/IEC 15909-2
Jensen K (1992) Coloured Petri nets. Basic concepts, analysis methods and pratical use, vol 1. Springer, Berlin
Kleijn H, Koutny M, Rozenberg G (2006) Processes of Petri nets with localities. Tech. Rep. CS-TR-941, School of Computing Science, Newcastle University upon Tyne, Newcastle upon Tyne
Krstić M, Grass E, Gürkaynak FK, Vivet P (2007) Globally asynchronous, locally synchronous circuits: overview and outlook. IEEE Des Test Comput 24:430–441. doi:10.1109/MDT.2007.164
Kummer O (1998) Simulating synchronous channels and net instances. In: Desel J, Kemper P, Kindler E, Oberweis A (eds) Forschungsbericht, No. 694: 5. Workshop Algorithmen und Werkzeuge fr Petrinetze, Fachbereich Informatik, Universitt Dortmund, pp 73–78
LeGuernic P, Gautier T, Le Borgne M, Le Maire C (1991) Programming real-time applications with SIGNAL. Proc IEEE 79(9):1321–1336. doi:10.1109/5.97301
Liu G, Jiang C, Zhou M (2012) Process nets with channels. IEEE Trans Syst Man Cybern A Syst Hum 42(1):213–225. doi:10.1109/TSMCA.2011.2157136
Maier C, Moldt D (2001) Object coloured Petri nets - a formal technique for object oriented modelling. In: Agha G, Cindio F, Rozenberg G (eds) Concurrent object-oriented programming and Petri nets. Lecture notes in computer science, vol 2001. Springer, Berlin/Heidelberg, pp 406–427. doi:10.1007/3-540-45397-0_16
Malik A, Salcic Z, Roop PS, Girault A (2010) SystemJ: a GALS language for system level design. Comput Lang Syst Struct 36(4):317–344. doi:10.1016/j.cl.2010.01.001
Malik A, Girault A, Salcic Z (2011) A GALS language for dynamic distributed and reactive programs. In: 2011 11th international conference on application of concurrency to system design (ACSD), pp 173–182. doi:10.1109/ACSD.2011.30
Mehmood Khan A (2010) Model-based design for on-chip systems: using and extending Marte and IP-Xact. Ph.D. thesis, Universit de Nice/Sophia-Antipolis
Minas M, Frey G (2002) Visual PLC-programming using signal interpreted Petri nets. In: Proceedings of the 2002 American control conference, 2002, vol 6, pp 5019–5024. doi:10.1109/ACC.2002.1025461
Moalla M, Pulou J, Sifakis J (1978) Synchronized Petri nets: A model for the description of non-autonomous sytems. In: Winkowski J (ed) Mathematical foundations of computer science 1978. Lecture notes in computer science, vol 64. Springer, Berlin/Heidelberg, pp 374–384. doi:10.1007/3-540-08921-7_85
Moutinho F, Gomes L (2011) State space generation algorithm for GALS systems modeled by IOPT Petri nets. In: IECON 2011 - 37th annual conference on IEEE industrial electronics society, pp 2839–2844. doi:10.1109/IECON.2011.6119762
Moutinho F, Gomes L (2012a) Asynchronous-channels and time-domains extending Petri nets for GALS systems. In: Camarinha-Matos L, Shahamatnia E, Nunes G (eds) Technological innovation for value creation, IFIP advances in information and communication technology, vol 372. Springer, Boston, pp 143–150
Moutinho F, Gomes L (2012b) State Space generation for Petri nets-based GALS systems. In: Proceedings of the ICIT’2012 - IEEE international conference on industrial technology, Kos Island
Moutinho F, Gomes L (2013) Distributed embedded systems design using Petri nets. In: 2013 23rd international conference on field programmable logic and applications (FPL), pp 1–2. doi:10.1109/FPL.2013.6645617
Moutinho F, Gomes L (2014) Asynchronous-channels within Petri net-based GALS distributed embedded systems modeling. IEEE Trans Ind Inform 10(4):2024–2033. doi:10.1109/TII.2014.2341933
Moutinho F, Gomes L, Ramalho F, Figueiredo J, Barros J, Barbosa P, Pais R, Costa A (2010) Ecore representation for extending PNML for Input-Output Place-Transition nets. In: IECON 2010 - 36th annual conference on IEEE industrial electronics society, pp 2156–2161. doi:10.1109/IECON.2010.5675332
Moutinho F, Gomes L, Costa A, Pimenta J (2012) Asynchronous wrappers configuration within GALS systems specified by Petri nets. In: 2012 IEEE international symposium on industrial electronics (ISIE), pp 1357–1362
Moutinho F, Pimenta J, Gomes L (2013) Configuring communication nodes for networked embedded systems specified by Petri nets. In: 2013 IEEE international symposium on industrial electronics (ISIE)
Moutinho F (2014) Faculdade de Ciências e Tecnologia - Universidade Nova de Lisboa. Petri net based development of globally-asynchronous locally-synchronous distributed embedded systems. Ph.D. thesis
Murata T (1989) Petri nets: properties, analysis and applications. Proc IEEE 77(4):541–580
Nolte T, Passerone R (2009) Guest editorial special section on real-time and (Networked) embedded systems. IEEE Trans Ind Inform 5(3):198–201
OMG Model Driven Architecture (2015). http://www.omg.org/mda/
OMG SysML (2015) http://www.omgsysml.org/
Pereira F, Gomes L (2013) Automatic synthesis of VHDL hardware components from IOPT Petri net models. In: Proceedings of the IECON’2013 - 39th annual conference of the IEEE industrial electronics society, Vienna
Pereira F, Gomes L (2015) Cloud based IOPT Petri net simulator to test and debug embedded system controllers. In: Camarinha-Matos LM, Baldissera TA, Di Orio G, Marques F (eds) Technological innovation for cloud-based engineering systems. IFIP advances in information and communication technology, vol 450. Springer, Springer International Publishing, pp 165–175. doi:10.1007/978-3-319-16766-4_18
Pereira F, Moutinho F, Gomes L (2012a) Model-checking framework for embedded systems controllers development using IOPT Petri nets. In: 2012 IEEE international symposium on industrial electronics (ISIE), pp 1399–1404
Pereira F, Moutinho F, Ribeiro J, Gomes L (2012b) Web based IOPT Petri net editor with an extensible plugin architecture to support generic net operations. In: IECON 2012 - 38th annual conference on IEEE industrial electronics society, pp 6151–6156
Pereira F, Moutinho F, Gomes L (2014) IOPT-Tools - towards cloud design automation of digital controllers with Petri nets. In: International conference on mechatronics and control (ICMC), Jinzhou
Ramchandani C (1974) Analysis of asynchronous concurrent systems by timed Petri nets. Tech. rep., Massachusetts Institute of Technology, Cambridge
Ramesh S, Sonalkar S, Dsilva V, Chandra R N, Vijayalakshmi B (2004) A toolset for modelling and verification of GALS systems. In: Alur R, Peled D (eds) Computer aided verification. Lecture notes in computer science, vol 3114. Springer, Berlin/Heidelberg, pp 506–509. doi:10.1007/978-3-540-27813-9_47
Rausch M, Hanisch HM (1995) Net condition/event systems with multiple condition outputs. In: 1995 INRIA/IEEE symposium on emerging technologies and factory automation. ETFA ‘95, Proceedings, vol 1, pp 592–600. doi:10.1109/ETFA.1995.496811
Reisig W (1985) Petri nets: an introduction. Springer, New York,
Schatz B, APretschner, Huber F, Philipps J (2002) Model-based development of embedded systems. In: Bruel J-M, Bellahsene Z (eds) Advances in object-oriented information systems (OOIS’2002) workshops, Montpellier. Lecture notes in computer science. Springer, Berlin
SDL (2015) Sdl forum society. http://www.sdl-forum.org/SDL/index.htm
Sibertin-Blanc C (1994) Cooperative nets. In: Valette R (ed) Application and theory of Petri nets 1994. Lecture notes in computer science, vol 815. Springer, Berlin/Heidelberg, pp 471–490. doi:10.1007/3-540-58152-9_26
Silva M (1993) Introducing Petri nets. In: Practice of Petri nets in manufacturing. Springer, Netherlands, pp 1–62. doi:10.1007/978-94-011-6955-4_1
Simulink (2015) Simulation and model-based design. http://www.mathworks.com/products/simulink/
Starke P, Roch S (2002) Analysing signal net systems. Informatik-Bericht, vol 162. Humboldt-Universität zu Berlin, Berlin
SystemC (2012) IEEE standard for standard SystemC language reference manual. IEEE Std 1666-2011 (Revision of IEEE Std 1666-2005), pp 1–638. doi:10.1109/IEEESTD.2012.6134619
UML (2015) Object management group - UML. http://www.uml.org/
UML MARTE (2015) UML profile for MARTE: modeling and analysis of real-time embedded systems. http://www.omgmarte.org/
van Glabbeek RJ, Goltz U, Schicke JW (2009) On synchronous and asynchronous interaction in distributed systems. CoRR abs/0901.0048
Vyatkin V, Hanisch HM (2000) Practice of modeling and verification of distributed controllers using signal net systems. In: Burkhard H-D, Czaja L, Skowron A, Starke P (eds) Report: proceedings of the international workshop on concurrency, specification and programming. Humboldt-University, Berlin, pp 335–350; Published as report: Proceedings of the workhop on concurrency, specification and programming, vol 140, 9–11 October 2000
W3C (2013) Xquery 1.0 and xpath 2.0 formal semantics, 2nd edn. http://www.w3.org/TR/xquery-semantics/
Wang FY, Gildea K, Jungnitz H, Chen D (1994) Protocol design and performance analysis for manufacturing message specification: a Petri net approach. IEEE Trans Ind Electron 41(6): 641–653. doi:10.1109/41.334581
Wolf W (2008) Middleware architectures for distributed embedded systems. In: 2008 11th IEEE international symposium on object oriented real-time distributed computing (ISORC), pp 377–380. doi:10.1109/ISORC.2008.31
Zhao Q, Krogh B (2006) Formal verification of statecharts using finite-state model checkers. IEEE Trans Control Syst Technol 14(5):943–950. doi:10.1109/TCST.2006.876921
Zurawski R, Zhou M (1994) Petri nets and industrial applications: a tutorial. IEEE Trans Ind Electron 41(6):567–583
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this chapter
Cite this chapter
Moutinho, F., Gomes, L. (2016). Development of Distributed Embedded Controllers. In: Distributed Embedded Controller Development with Petri Nets. SpringerBriefs in Electrical and Computer Engineering, vol 150. Springer, Cham. https://doi.org/10.1007/978-3-319-20822-0_3
Download citation
DOI: https://doi.org/10.1007/978-3-319-20822-0_3
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-20821-3
Online ISBN: 978-3-319-20822-0
eBook Packages: EngineeringEngineering (R0)