- Email: [email protected]
PARUS — Computer-aided System of Designing Software for Distributed Control Systems
Co p'Tight © I F.-\ C 11th T riennia l Wo rld Congress. Tallilln . Eston ia. l ·SSR. 1' 190
PARUS - COMPUTER-AIDED SYSTEM OF DESIGNING SOFTWARE FOR DISTRIBUTED CONTROL SYSTEMS D. I. Buyanovsky, D. S. Gershuni, M. V. Dudkin, A. I. Kazmin, N. N. Karpinskaya and A. A. Menn I nstitute of Control ScifllCf. Moscow . USSR
Abstract. The paper deals with the analisys of the main abilities and functional principles of the PARUS system, intended for computer-aided designing of software for distributed control systems. The main properties and distinguishing features of the PARUS system are validated by analysis of the known strategies of real-time design systems . Some technological and optimizational designing tools are described which utilize functional, time and reliability specifications of a target control system and computing means . Keywords. Distributed microprocessor system ; hard real time; distributed operating system ; tuning tools. technological link, enables a multiple amplification of the effect gained as a result of application of each separate designing tools . The integrated design system, called "PARUS" is the subject of this work. Three base strategies of designing the real time target systems are most widely used . The aim of all these development strategies consists in creating the requisites for corelated work of development engineers team, making modification and improvement of designed system easier . The first strategy is to be conditionally refered to as a module designing [3] . The idea of this strategy is formal and nonformal decomposition of a designed system into modules and each one performs the preassigned set of functions . The module strategy has a number of advantages; in particular , many results of constructing a module structure have been obtained on the basis of initial specifications. The module strategy is properly supported by modern programming languages . However , in designing the hard real time distributed systems the drawback of the module strategy become evident. They occur due to the fact that a module, by its nature, is a static construction, and it makes the designed system structure
I NTRODUCTI ON Distributed microprocessor systems CONS) are widely used in construction of new control system, in particular, embedded system to control dynamic objects, operating in hard real time [1,2]. Methods of designing the software for distributed control systems, tools for design possess essential special features, distinguishing them from the previous generation of control systems which utilized singleprocessor computers . Automatization of distributed systems development requ ires new means of software analysis and synthesis, taking into account various aspects of computers interaction. Significant reduction of development terms and DMS software quality improvement can be attained by elaboration of computer-aided design systems, which provide development engineer with modern tools : automated working stations , technological and optimizational design packages, special programming languages , generator of the operational systems from metasystems, which take into account all particularities of the problem to be solved. The combined utilization of the above means, corelated by one 379
noncorelated with the dynamics of its functioning . Therefore, special dynamical constructions, revealing the intramodule and intermodule structure of control and data flow have to be introduced . A particular case of the module strategy is the object-oriented strategy, based on the theory of data abstract types which is realized with the help of a mechanism of a remote procedures call . The second strategy is known under the name of real-time systems structural design (4) . This strategy is utilizing much from the investigations of the systems controlled by the data flow. However this strategy differs from the flow structure by strongly centralized scheme, controlling the computation in the target system. The structural design is perfectly suitable for such target systems, which can be represented by the set of subprograms to be called by the main controlling program in an assigned order . This is the prinCiple used in construction of many one-machine real-time systems . For the magority of the DMS types this approach is essentially limiting the parallelism in operation . The DMSs require more decentralized sscheme to control a computation process . However, among DMSs there exist structures, adequate strategies of the main calling program. Many aircraft and cosmic systems of control utilize, on a large scale, multiplex channels for computers, sensors and actuators communications . These systems are equipped with controlling computers, assigning the sequence of information transmission to all facilities connected to a multiplex channel . The third and a last one among wellknown strategies acquired the name of a process strategy (5). Contrary to the module design the application of the process strategy in the first stage makes it possible to isolate the dynamical object - agents (processes). Agents interaction rules are established and especially the rules of transmitting data from agent to agent . Potential advantages of this strategy for DMSs are perfect parallelism of the Its main obtained target systems . drawback, revealed in designing of
large-scale systems consists in the lack of hierarchy between the dynamical components-agents . It become evident, for example, when applying the process strategy,the explicit naming of agents is, as a rule, used in transmitting the data. It is essentially reduces the mobility of the target system and makes difficult formation of multiply used agents. Application of process strategy innvolves some complexities of agents allocation on DMS computers, especially, in those cases, when several agents use the same procedures. In designing the DMS software the time constraints and fault-tolerance requirements are of great significance. From this view-point the DMS functions are most conveniently considered as some totality of control problems and each of them can be periodical with some period or aperiodical with some guaranteed response time and it can be estimate by some characteristics of a required reliability. None of the above-considered strategies fully provides fulfilment all modern requirements of designing. However, the choice of strategies affects the working hours of designing the target system meeting the assigned constraints . Since the stractural strategy is connected with the data flow it is, to a larger extent, adequate to reliability requiments; the process strategy is based on the control structures and therefore it is more convenient in the analysis of time properties. Thus, each of the existing strategies has significant advantages, which manifest depending on the features of a designed target system. Due to this circumstance, an attempt was made to combine the abilities of various strategies in the PARUS system. PARUS system is, to a larger extent, oriented to the process strategy. However, to make a target system hierarchic, to simplify its modifications and to create prerequisites for a dynamical reconfiguration the elements of the module strategy have been introduced in the systems . Particularly, there is a possibility to match the control system functions with the agents interaction structure. This possibility is supported
by the language of statical discription of modules communications . Introduction of a supervisor in the target system is admissible and it operates on the principle of the main calling program, which is characteristic for the structural strategy and agents priorities as well . Utilization of the process and structural priorities can be also used in programs debugging . DISTINGUISHING FEATURES OF PARUS SYSTEM In accordance with the process strategy the program realized on the DMSs is represented in the form of totality of agents among which the messages are transmitted through intermediates - ports . It is assumed that agents activity may manifest only as a response to an event which is a message receipt . It is easy to show that such typical ways of activation as interrupt from the external devices or timer, the start of one agent on the directive of the other one and remote call of procedures are simulated by the messages . Tuning tools, included in the PARUS system, allow the realization of the following functions : - dividing the target problems of control into agents under the condition that each initial problem of controling an object or technological process is assigned by the structural schemes of a special kind or by a set of procedures; - distributing the agents among the DMS processors and assigning the program communication channels between the agents , feasible taking into account a availability of active and/ or duplicate copies of agents; - optimal reservation of functional agents and synthesizing of system agents to the assigned with respect specifications, i . e. such agents which provide inspection of DMSs operation, as well as switching-over the agents from one processor to another in the case of DMSs reconfiguration due to faults of some processsors ; - assigning priorities for agents, making a schedule for DMS microcomputers and communication channels , providing fulfilment of time constraints; - forming automatically the conditions
for an agent to be ready to operate and conditions permitting the transmission of prepared data to other agents in the stage of the target generating; - debugging separate programs and groups of agents with the help of computer-aided debugging means, wich provide the work with the program under debugging in terms of the initial programing language, as well as modelling the real hardware functining in debugging by creating the conditions close to operational ones; There exists quite a great number of reseaches and functioning tools , solving some of the above problems [6,7,8,9] . There are considerably less results which allow combinig of separate problems solutions in one target-oriented technological chain. It is a complicated task to describe the solution method of all the above problems within the framework of one report, therefore only some of them will be considered. TUNING TOOLS The set of PARUS tuning tools can be devided into two groups - optimizational and technological ones. Technological means are intend for automatization of realization of target system using functional specifications, while optimizational ones - for realization of time and hardware constraints as well as for satisfying the requirement of faulttolerance. Devision making with the use of optimizational tuning tools is, as a rule, realized in the space of a very large dimension . Therefore designing of man-machine systems to choose the values of parameters of distributed computation process, has become a usual practice. Tuning tools input is specifications and experimental data, obtained by making use of technological means and stored in the database, containing the following information: - characteristics of each functional program, such as realization time on some average processor, memory capacity, number and types of input and output arguments, admissibility of interruption in the course of function; - information on hardware, containing actual or admissible number of processors, 3H I
perfomance restrictions of each processor , its storage capacity, types of external devices, topology of processors communications, types and perfomance restrictions of communication channels; - requirements of application scopes such as a period of execution for periodically realized problems, admissible response time for aperiodical problems and some others. decision Optimizational problems making is performed in the search space whose structure can be represented in a as follows: Let simplified form X(1) .. . XCn) are decision space variables, determining the parameters of a computation process . Each variable XCi) acquires the values from the finite set XC i). Insert each XC i) into the partiallyordered set ni' manifesting our knowledges on a value of the variable XCi) . The least element n is the value wi ' fully corresponding to nondeterminate variable XCi). The largest values are concrete values from XCi) . an Procedures of generating admissible decision consist in searching the way to such maximal element of the partially-ordered search space n1 x .. . which corresponds to admissible solutions of optimizational problems. Each link of such a way is up-dating some variable value, i . e. a required parameter of distributed computational process . Optimizational problems solution consists of procedures of estimate and motion in the partially-ordered search space n1 x ... X The latter is quite time-consuming, since a separate step of such motion is the alternative choice in the space of large dimension. Effectivness of step depends on the skill of the designing engineer Cwhen manually operated) and on the euristic procedures eccessible for him in this step. The main method of euristic procedures formation is isolation of separate subproblems and subgoals of designing, decomposition of the variables space into separate groups of variables based on the subject field specifics. Typical subgoals can be: combining the procedures into agents; reservation of agents to attain the assigned fault-tolerance level; assignment of
on,
on.
agents to the machines, satisfying the memory and perfomance constraints, determination of a processors communication topological scheme. In choosing and developing the optimization algoritms the great attention was given to their mutual corelation and in particular to possibility of their utilization in the process strategy of designing as well as to possibility of functioning under the conditions of incomplete determinacy of input data . Some of these algoritms are to be considered now; for example, distribution of agents among computers . Formulation of the described problems is given in somewhat simplified form . In this case only one goal is stated , i . e. to show the sequence of a step-wise choice of subgoal and design decision making. The problem of distribution is formulated in the following way : we assign m agents CA 1 . .. Am) and n processors CP 1 .. . Pn), m~n . It is required to find a distribution in which an assigned cost function is minimized under the known constraints on resourses . Like in all other optimizational problems the cost function is local for a given subgoal of design. The function of cost in the problem can be formulated taking into account the two components : the cost of a program realized on a processor element and cost of data transmission . PARUS utilized the algoritms which allow the automatic solution of the distribution problems in the case of data transmission via conventional and broadcasting communication channels and it essential increases the effectiveness of distribution . Next subgoal can be agents redundancy [10] , i. e. simultaneous allocation of several one-type agents. With utilizing the redundancy there arises a possibIlity to create faulttolerant control systems . Fault- tolerance can be insured by transferring the functions of a faulty processor to the other processor which is sound at the present moment and its memory contains the agents and data,required for system functioning and for agents activization. Let it be N processors and the set
CA . ) of agents and each of them requires
th~ storage capacity Sj ' It is required to allocate each agent on the subset of processors Ri in order to minimize the probability of a DMS failure Pounder the constraints: ~ Sj$ SoVkCk =1 ... N) j
(A . E D)c) J
agents where D)c is the set of distributited for the processor K. As a result of the initial distribution, each agent can be allocated in several processors. However, a unique agent copy should be implemented at any moment of time of the DMS working cycle. Therefore it is necessary to choose a processor on which one of the agent copies should be started both in the initial moment of the working cycle and after each fault. The choice problem can be solved by applying the criterion of processor uniform loading . To solve the choice problem it is expedient to use simple and fast algoritms, since the optimal solution in this case cannot be obtained because of the problem statement as it is: in the case of fault the execution place of only those agents is redistributed, which realized on a faulty processor . The above example demonstraates only two sequential subgoals of design. Realization of distribution problems steps and duplicating can be multiply performed in the design process in an arbitrary sequence. The order of design decision making or rejection of the earlier accepted ones are fully determined by a designing engineer. TECHNOLOGICAL TUNING TOOLS Only two of the tuning tools are described here: a prototype of a distributed operatir.g system and debugging system of distributed programs. The PARUS prototype operational system [11) is very little alike the conventional operating systems [12). It can be hardly represented in the form of stricty limited set of system programs control and assistance are used for The applied problems operation . composition of PARUS programs is changed depending on the field of application and a type of the DMS.The PARUS system can be characterized not only as a ready-made
operating system but rather as a means for computer-aided development of a target OS. The PARUS system has three main objects - nucleus, agents, ports, from which the remaining objects are constructed . Each DMS processor has a nucleus . It fulfils such system functions which weakly depend on the DMS structure and controlled object features . The system functions, essentially dependent on a controlled object and DMS features,taken away from the nucleus and given to the special objects, are called the system agents . The example of such function are: monitoring of control system operation; processing of emergency situations; reconfiguration; information recovery after some faults or failure; interaction with nuclei of other processors. Agent is a component object of local OS . Agent components are procedure, control block and control routine. The procedures are functional contents of an agent, i.e. they realize either one of several functions to control target objects or DMSs . The second component is a control block, required for sequrity of information which is necessary for the nucleus to control an agent . And finally, the third component of an agent is control routine which determines the sequence of calling the procedure depending on the messages received by an agent. It is also organizes agent interaction with the port belonging to it [13). Introduction of control programs is conditioned by the necessity to make the functional procedures independent of their environment, in other words, independent of a nucleus and mutual allocation of procedures on the DMS processors . Control programs make it possible to bind the procedure developed by different programers in one agent, to organize interaction of applied procedures and fulfil a number of other functions relieving the application programers of the necessity to take into account the destributed system realization particularities . A typical control program fulfils the following set of actions : 1. It analyses the state and, probably, ~83
the contents of the input ports . 2. Depending on the analysis results it calls the required functional procedures . Procedures contained in agent can operate only sequentially, while the agents of one local OS may interrupt one another, generating quasiparallel computational process . 3. It passes over the operation results of the procedures, included in this agent, to the output port . It should be noted that the word "passes over" should not be understood literally. Most frequently it is possible to pass over only an output data address but not the data themselves. 4. It supplies the nucleus with the situation which should be fulfiled in order to consider the agent ready for the next start . Situation is a logical combination of the agent input ports states . In the control program the situation is assigned as a disjunctive normal form without negations above the names of input ports. Situation mechanism allows an essential increase of OS effectiveness, since expectations of events combinations occurs with no additional agents transfer into an active state. 5. It returns the activity to a local OS . If control program functioning does not depend on the values of data supplied to the agent input ports, then the control program can be automatically synthesized. To do that a special language is required to describe the finite set of situation whose fulfilment can be potentially used to activize the agent . Control problem behaviour is assigned by mapping, matching for each conjunct in current situation agents procedures set which should be fulfiled, agent's input ports from which these procedures input parameters should be taken and into which agent's output ports the results should be installed. In PARUS the agents binding is implemented at the next level of hierarchy - in the language of static configuration (13) . At this level the agents act as indivisible objects, fully assigned by the totality of their ports . Between the input ports of some agents and other agents output ports the statical and variant communication can be established . Static
communication determines unchanged pairs of bound ports and variant communication admit alternative port connection. PARUS provides for a remote calliing of procedures . For this purpose the mechanism of dynamic commutation (13) is introduced which allows binding of the ports in the course of DMS operation. Dynamic communication is realized by the operating system means which provide an automatic return of the remote procedure results to an agent which called . In static configuration language the additional ports can be introduced to activize or interrupt the agents, recovering their workability in the case of failure, i.e. to control agent functioning, depending on the system operation mode. Messages to these ports are realized by system agents and procedures of interruptions processing . The agent cannot use the data, supplied to the ports during computational process, however these ports can be used in additional situations which make it pOSSible, for example, to activize redundant copies of agents if the main ones are out of order (10). For the real-time distributed systems one of the most vital and complex problems is deSigning the means of programs computer-aided debugging (14) . Parallel program behaviour may depend not only on the input data but on the time relations of program agents parallely executed on different computers . Such indeterminacy of parallel programs may lead to nonreprodusability of results for various debugging runs even with the fixed input data set, and it makes errors lokalizing difficult . The amount of information state of a characterizing the computational process in DMSs is essentially increasing, since besides the states of separate agents in DMSs the agents interaction should be taken into consideration . Traditional debugging means allow program behaviour monitoring only on one computer. At the same time serious difficulties are connected with the debugging of interaction of agents, realized on different computers . The main algoritmic method, used in PARUS system debugging is generating and 3tH
analysing the program state space. At each moment of time some state, expressed in terms of situations, corresponds to each agent . Distributed system can be described by the set of agent-state pairs, whose dimension equals the number of agents in the system. Description of agents interaction course in a distributed computer system can be maximum concretized at the cost of the choice of a corresponding set of states . Within the framework of this work several structures of stand complexes, solving the problems of programs debugging on DMS, were designed. In these complexes a debugging computer plays an important role. It concentrates all information of distributed system operation . For a programer, debugging the program, it is sufficient to watch the display, to obtain all information of a computational process current. Debugging computer decrease the debugging system influence on programs under debugging . Finally, a debugging computer organizes the debugging mode in quasireal time. It includes a system timer, its manipulations may slow-down a phisical time of all distributed system operation, leaving a model time unchanged. CONCLUSION The main distinguishing feature of the PARUS system consists in the presence of computer-aided design mechanisms and flexible means of target systems generatIon . It essentially improves effectiveness,reduces designing time and increases fault-tolerance of a target system. The PARUS system supports twolevel design scheme of embedded software. It provides for realization of simultaneous and independent development of functional control programs . References 1. Coulas M.F. , Macewen G.H ., Marquis G. (1987) RNet : A hard-real-time distributed programing system. IIEE trans on computers, v.C-36. ~,1917-1932. 2. Reghabathi H.K .. Hamacher V.C. (1980) . A costructlve solution to the extensibility problem in real-time computer systems . The AUERBACH Annual 1980 best computer papers ,Amsterdam: North-Holland. pp. 35-56. 3. Parnas D. L. (1972) . A technique for specification with software module
examples. Communications of the ACM, v.15, n.5, 330-336. 4. Ward P.T., MelIor S. (1985) . Structured development of real-time systems. N. Y.: Yordan. vols 1,2 . 5. Cherry G., Crawford B. (1985) . The PAMELA Methodology. Thought tools, Reston. 6. Mok A. K. (1985) . SARTOR - a design environment for real-time systems. Proc Computer software and applications conf .. pp . 174-179. 7. Sloman M. , Kramer J . , Magee J . , Twidle K. (1986) . Flexible communication structure for distributed embedded systems . IEEE P!:QL ~ L v. 133. !L!... 201-211. 8. Chu W.W. , Leung K. K. (1987) . Module replication and assignment for real-time distributed processing systems . Proc IEEE. v. 75. ~ 547-562 . 9. Dudkin M. V. , Kaz'min A. I ., Menn A. A. , (1986)'FMS software Popolitiv V.N . development systems. Proc of the 5th lFAC/ IFIPI lMACS/IFORS ~ "Robotics and flexible manufacturing systems" . Suzdal. USSR, ~ 1986. M. :IFAC, pp . 338-341 . 10. Buyanovski D. I., Menn A.A. (1989) . Methods of increasing computer complexes fault-tolerance by means of distributed operating systems. Voprosi kibernetiki : Multimachine and multiprocessor computer systems. M.NS . USSR Academy of Science on "Cybernetics", 83-102. 11 . Kazmin A. I ., Menn A. A. , Buyanovski D. I.(1987) . Distributed operating system PARUS . Institute of Control Science, p. 42 . 12. Menn A. A. (1988) . Distributed operating systems of computer control Automation and remote systems . control. ~ 1-27. 13 . Buyanovski D. I . . Menn A.A. (1988) . The synchronization and message exchange mechanism in the real-time distributed operating system PARUS . Tanulayok MTA Szamitastechical es AuytomatizalisiKutato Intezet. Budapest. 208. 95-102 . 14. Buyanovski D. 1., Dudkin M. V. , Kaz' min A. 1., Menn A. A. ,Popolitov V. N. (988) Reliability techniques and debugging tools for distributed FMS control software, in Russian. Proc of 4th Yugoslav-Soviet ~ on "Applied robotics and flexible automation", Inst . za Industrijska systeme: Novi Sad, pp . 169-174 .
PARUS - COMPUTER-AIDED SYSTEM OF DESIGNING SOFTWARE FOR DISTRIBUTED CONTROL SYSTEMS D. I. Buyanovsky, D. S. Gershuni, M. V. Dudkin, A. I. Kazmin, N. N. Karpinskaya and A. A. Menn I nstitute of Control ScifllCf. Moscow . USSR
Abstract. The paper deals with the analisys of the main abilities and functional principles of the PARUS system, intended for computer-aided designing of software for distributed control systems. The main properties and distinguishing features of the PARUS system are validated by analysis of the known strategies of real-time design systems . Some technological and optimizational designing tools are described which utilize functional, time and reliability specifications of a target control system and computing means . Keywords. Distributed microprocessor system ; hard real time; distributed operating system ; tuning tools. technological link, enables a multiple amplification of the effect gained as a result of application of each separate designing tools . The integrated design system, called "PARUS" is the subject of this work. Three base strategies of designing the real time target systems are most widely used . The aim of all these development strategies consists in creating the requisites for corelated work of development engineers team, making modification and improvement of designed system easier . The first strategy is to be conditionally refered to as a module designing [3] . The idea of this strategy is formal and nonformal decomposition of a designed system into modules and each one performs the preassigned set of functions . The module strategy has a number of advantages; in particular , many results of constructing a module structure have been obtained on the basis of initial specifications. The module strategy is properly supported by modern programming languages . However , in designing the hard real time distributed systems the drawback of the module strategy become evident. They occur due to the fact that a module, by its nature, is a static construction, and it makes the designed system structure
I NTRODUCTI ON Distributed microprocessor systems CONS) are widely used in construction of new control system, in particular, embedded system to control dynamic objects, operating in hard real time [1,2]. Methods of designing the software for distributed control systems, tools for design possess essential special features, distinguishing them from the previous generation of control systems which utilized singleprocessor computers . Automatization of distributed systems development requ ires new means of software analysis and synthesis, taking into account various aspects of computers interaction. Significant reduction of development terms and DMS software quality improvement can be attained by elaboration of computer-aided design systems, which provide development engineer with modern tools : automated working stations , technological and optimizational design packages, special programming languages , generator of the operational systems from metasystems, which take into account all particularities of the problem to be solved. The combined utilization of the above means, corelated by one 379
noncorelated with the dynamics of its functioning . Therefore, special dynamical constructions, revealing the intramodule and intermodule structure of control and data flow have to be introduced . A particular case of the module strategy is the object-oriented strategy, based on the theory of data abstract types which is realized with the help of a mechanism of a remote procedures call . The second strategy is known under the name of real-time systems structural design (4) . This strategy is utilizing much from the investigations of the systems controlled by the data flow. However this strategy differs from the flow structure by strongly centralized scheme, controlling the computation in the target system. The structural design is perfectly suitable for such target systems, which can be represented by the set of subprograms to be called by the main controlling program in an assigned order . This is the prinCiple used in construction of many one-machine real-time systems . For the magority of the DMS types this approach is essentially limiting the parallelism in operation . The DMSs require more decentralized sscheme to control a computation process . However, among DMSs there exist structures, adequate strategies of the main calling program. Many aircraft and cosmic systems of control utilize, on a large scale, multiplex channels for computers, sensors and actuators communications . These systems are equipped with controlling computers, assigning the sequence of information transmission to all facilities connected to a multiplex channel . The third and a last one among wellknown strategies acquired the name of a process strategy (5). Contrary to the module design the application of the process strategy in the first stage makes it possible to isolate the dynamical object - agents (processes). Agents interaction rules are established and especially the rules of transmitting data from agent to agent . Potential advantages of this strategy for DMSs are perfect parallelism of the Its main obtained target systems . drawback, revealed in designing of
large-scale systems consists in the lack of hierarchy between the dynamical components-agents . It become evident, for example, when applying the process strategy,the explicit naming of agents is, as a rule, used in transmitting the data. It is essentially reduces the mobility of the target system and makes difficult formation of multiply used agents. Application of process strategy innvolves some complexities of agents allocation on DMS computers, especially, in those cases, when several agents use the same procedures. In designing the DMS software the time constraints and fault-tolerance requirements are of great significance. From this view-point the DMS functions are most conveniently considered as some totality of control problems and each of them can be periodical with some period or aperiodical with some guaranteed response time and it can be estimate by some characteristics of a required reliability. None of the above-considered strategies fully provides fulfilment all modern requirements of designing. However, the choice of strategies affects the working hours of designing the target system meeting the assigned constraints . Since the stractural strategy is connected with the data flow it is, to a larger extent, adequate to reliability requiments; the process strategy is based on the control structures and therefore it is more convenient in the analysis of time properties. Thus, each of the existing strategies has significant advantages, which manifest depending on the features of a designed target system. Due to this circumstance, an attempt was made to combine the abilities of various strategies in the PARUS system. PARUS system is, to a larger extent, oriented to the process strategy. However, to make a target system hierarchic, to simplify its modifications and to create prerequisites for a dynamical reconfiguration the elements of the module strategy have been introduced in the systems . Particularly, there is a possibility to match the control system functions with the agents interaction structure. This possibility is supported
by the language of statical discription of modules communications . Introduction of a supervisor in the target system is admissible and it operates on the principle of the main calling program, which is characteristic for the structural strategy and agents priorities as well . Utilization of the process and structural priorities can be also used in programs debugging . DISTINGUISHING FEATURES OF PARUS SYSTEM In accordance with the process strategy the program realized on the DMSs is represented in the form of totality of agents among which the messages are transmitted through intermediates - ports . It is assumed that agents activity may manifest only as a response to an event which is a message receipt . It is easy to show that such typical ways of activation as interrupt from the external devices or timer, the start of one agent on the directive of the other one and remote call of procedures are simulated by the messages . Tuning tools, included in the PARUS system, allow the realization of the following functions : - dividing the target problems of control into agents under the condition that each initial problem of controling an object or technological process is assigned by the structural schemes of a special kind or by a set of procedures; - distributing the agents among the DMS processors and assigning the program communication channels between the agents , feasible taking into account a availability of active and/ or duplicate copies of agents; - optimal reservation of functional agents and synthesizing of system agents to the assigned with respect specifications, i . e. such agents which provide inspection of DMSs operation, as well as switching-over the agents from one processor to another in the case of DMSs reconfiguration due to faults of some processsors ; - assigning priorities for agents, making a schedule for DMS microcomputers and communication channels , providing fulfilment of time constraints; - forming automatically the conditions
for an agent to be ready to operate and conditions permitting the transmission of prepared data to other agents in the stage of the target generating; - debugging separate programs and groups of agents with the help of computer-aided debugging means, wich provide the work with the program under debugging in terms of the initial programing language, as well as modelling the real hardware functining in debugging by creating the conditions close to operational ones; There exists quite a great number of reseaches and functioning tools , solving some of the above problems [6,7,8,9] . There are considerably less results which allow combinig of separate problems solutions in one target-oriented technological chain. It is a complicated task to describe the solution method of all the above problems within the framework of one report, therefore only some of them will be considered. TUNING TOOLS The set of PARUS tuning tools can be devided into two groups - optimizational and technological ones. Technological means are intend for automatization of realization of target system using functional specifications, while optimizational ones - for realization of time and hardware constraints as well as for satisfying the requirement of faulttolerance. Devision making with the use of optimizational tuning tools is, as a rule, realized in the space of a very large dimension . Therefore designing of man-machine systems to choose the values of parameters of distributed computation process, has become a usual practice. Tuning tools input is specifications and experimental data, obtained by making use of technological means and stored in the database, containing the following information: - characteristics of each functional program, such as realization time on some average processor, memory capacity, number and types of input and output arguments, admissibility of interruption in the course of function; - information on hardware, containing actual or admissible number of processors, 3H I
perfomance restrictions of each processor , its storage capacity, types of external devices, topology of processors communications, types and perfomance restrictions of communication channels; - requirements of application scopes such as a period of execution for periodically realized problems, admissible response time for aperiodical problems and some others. decision Optimizational problems making is performed in the search space whose structure can be represented in a as follows: Let simplified form X(1) .. . XCn) are decision space variables, determining the parameters of a computation process . Each variable XCi) acquires the values from the finite set XC i). Insert each XC i) into the partiallyordered set ni' manifesting our knowledges on a value of the variable XCi) . The least element n is the value wi ' fully corresponding to nondeterminate variable XCi). The largest values are concrete values from XCi) . an Procedures of generating admissible decision consist in searching the way to such maximal element of the partially-ordered search space n1 x .. . which corresponds to admissible solutions of optimizational problems. Each link of such a way is up-dating some variable value, i . e. a required parameter of distributed computational process . Optimizational problems solution consists of procedures of estimate and motion in the partially-ordered search space n1 x ... X The latter is quite time-consuming, since a separate step of such motion is the alternative choice in the space of large dimension. Effectivness of step depends on the skill of the designing engineer Cwhen manually operated) and on the euristic procedures eccessible for him in this step. The main method of euristic procedures formation is isolation of separate subproblems and subgoals of designing, decomposition of the variables space into separate groups of variables based on the subject field specifics. Typical subgoals can be: combining the procedures into agents; reservation of agents to attain the assigned fault-tolerance level; assignment of
on,
on.
agents to the machines, satisfying the memory and perfomance constraints, determination of a processors communication topological scheme. In choosing and developing the optimization algoritms the great attention was given to their mutual corelation and in particular to possibility of their utilization in the process strategy of designing as well as to possibility of functioning under the conditions of incomplete determinacy of input data . Some of these algoritms are to be considered now; for example, distribution of agents among computers . Formulation of the described problems is given in somewhat simplified form . In this case only one goal is stated , i . e. to show the sequence of a step-wise choice of subgoal and design decision making. The problem of distribution is formulated in the following way : we assign m agents CA 1 . .. Am) and n processors CP 1 .. . Pn), m~n . It is required to find a distribution in which an assigned cost function is minimized under the known constraints on resourses . Like in all other optimizational problems the cost function is local for a given subgoal of design. The function of cost in the problem can be formulated taking into account the two components : the cost of a program realized on a processor element and cost of data transmission . PARUS utilized the algoritms which allow the automatic solution of the distribution problems in the case of data transmission via conventional and broadcasting communication channels and it essential increases the effectiveness of distribution . Next subgoal can be agents redundancy [10] , i. e. simultaneous allocation of several one-type agents. With utilizing the redundancy there arises a possibIlity to create faulttolerant control systems . Fault- tolerance can be insured by transferring the functions of a faulty processor to the other processor which is sound at the present moment and its memory contains the agents and data,required for system functioning and for agents activization. Let it be N processors and the set
CA . ) of agents and each of them requires
th~ storage capacity Sj ' It is required to allocate each agent on the subset of processors Ri in order to minimize the probability of a DMS failure Pounder the constraints: ~ Sj$ SoVkCk =1 ... N) j
(A . E D)c) J
agents where D)c is the set of distributited for the processor K. As a result of the initial distribution, each agent can be allocated in several processors. However, a unique agent copy should be implemented at any moment of time of the DMS working cycle. Therefore it is necessary to choose a processor on which one of the agent copies should be started both in the initial moment of the working cycle and after each fault. The choice problem can be solved by applying the criterion of processor uniform loading . To solve the choice problem it is expedient to use simple and fast algoritms, since the optimal solution in this case cannot be obtained because of the problem statement as it is: in the case of fault the execution place of only those agents is redistributed, which realized on a faulty processor . The above example demonstraates only two sequential subgoals of design. Realization of distribution problems steps and duplicating can be multiply performed in the design process in an arbitrary sequence. The order of design decision making or rejection of the earlier accepted ones are fully determined by a designing engineer. TECHNOLOGICAL TUNING TOOLS Only two of the tuning tools are described here: a prototype of a distributed operatir.g system and debugging system of distributed programs. The PARUS prototype operational system [11) is very little alike the conventional operating systems [12). It can be hardly represented in the form of stricty limited set of system programs control and assistance are used for The applied problems operation . composition of PARUS programs is changed depending on the field of application and a type of the DMS.The PARUS system can be characterized not only as a ready-made
operating system but rather as a means for computer-aided development of a target OS. The PARUS system has three main objects - nucleus, agents, ports, from which the remaining objects are constructed . Each DMS processor has a nucleus . It fulfils such system functions which weakly depend on the DMS structure and controlled object features . The system functions, essentially dependent on a controlled object and DMS features,taken away from the nucleus and given to the special objects, are called the system agents . The example of such function are: monitoring of control system operation; processing of emergency situations; reconfiguration; information recovery after some faults or failure; interaction with nuclei of other processors. Agent is a component object of local OS . Agent components are procedure, control block and control routine. The procedures are functional contents of an agent, i.e. they realize either one of several functions to control target objects or DMSs . The second component is a control block, required for sequrity of information which is necessary for the nucleus to control an agent . And finally, the third component of an agent is control routine which determines the sequence of calling the procedure depending on the messages received by an agent. It is also organizes agent interaction with the port belonging to it [13). Introduction of control programs is conditioned by the necessity to make the functional procedures independent of their environment, in other words, independent of a nucleus and mutual allocation of procedures on the DMS processors . Control programs make it possible to bind the procedure developed by different programers in one agent, to organize interaction of applied procedures and fulfil a number of other functions relieving the application programers of the necessity to take into account the destributed system realization particularities . A typical control program fulfils the following set of actions : 1. It analyses the state and, probably, ~83
the contents of the input ports . 2. Depending on the analysis results it calls the required functional procedures . Procedures contained in agent can operate only sequentially, while the agents of one local OS may interrupt one another, generating quasiparallel computational process . 3. It passes over the operation results of the procedures, included in this agent, to the output port . It should be noted that the word "passes over" should not be understood literally. Most frequently it is possible to pass over only an output data address but not the data themselves. 4. It supplies the nucleus with the situation which should be fulfiled in order to consider the agent ready for the next start . Situation is a logical combination of the agent input ports states . In the control program the situation is assigned as a disjunctive normal form without negations above the names of input ports. Situation mechanism allows an essential increase of OS effectiveness, since expectations of events combinations occurs with no additional agents transfer into an active state. 5. It returns the activity to a local OS . If control program functioning does not depend on the values of data supplied to the agent input ports, then the control program can be automatically synthesized. To do that a special language is required to describe the finite set of situation whose fulfilment can be potentially used to activize the agent . Control problem behaviour is assigned by mapping, matching for each conjunct in current situation agents procedures set which should be fulfiled, agent's input ports from which these procedures input parameters should be taken and into which agent's output ports the results should be installed. In PARUS the agents binding is implemented at the next level of hierarchy - in the language of static configuration (13) . At this level the agents act as indivisible objects, fully assigned by the totality of their ports . Between the input ports of some agents and other agents output ports the statical and variant communication can be established . Static
communication determines unchanged pairs of bound ports and variant communication admit alternative port connection. PARUS provides for a remote calliing of procedures . For this purpose the mechanism of dynamic commutation (13) is introduced which allows binding of the ports in the course of DMS operation. Dynamic communication is realized by the operating system means which provide an automatic return of the remote procedure results to an agent which called . In static configuration language the additional ports can be introduced to activize or interrupt the agents, recovering their workability in the case of failure, i.e. to control agent functioning, depending on the system operation mode. Messages to these ports are realized by system agents and procedures of interruptions processing . The agent cannot use the data, supplied to the ports during computational process, however these ports can be used in additional situations which make it pOSSible, for example, to activize redundant copies of agents if the main ones are out of order (10). For the real-time distributed systems one of the most vital and complex problems is deSigning the means of programs computer-aided debugging (14) . Parallel program behaviour may depend not only on the input data but on the time relations of program agents parallely executed on different computers . Such indeterminacy of parallel programs may lead to nonreprodusability of results for various debugging runs even with the fixed input data set, and it makes errors lokalizing difficult . The amount of information state of a characterizing the computational process in DMSs is essentially increasing, since besides the states of separate agents in DMSs the agents interaction should be taken into consideration . Traditional debugging means allow program behaviour monitoring only on one computer. At the same time serious difficulties are connected with the debugging of interaction of agents, realized on different computers . The main algoritmic method, used in PARUS system debugging is generating and 3tH
analysing the program state space. At each moment of time some state, expressed in terms of situations, corresponds to each agent . Distributed system can be described by the set of agent-state pairs, whose dimension equals the number of agents in the system. Description of agents interaction course in a distributed computer system can be maximum concretized at the cost of the choice of a corresponding set of states . Within the framework of this work several structures of stand complexes, solving the problems of programs debugging on DMS, were designed. In these complexes a debugging computer plays an important role. It concentrates all information of distributed system operation . For a programer, debugging the program, it is sufficient to watch the display, to obtain all information of a computational process current. Debugging computer decrease the debugging system influence on programs under debugging . Finally, a debugging computer organizes the debugging mode in quasireal time. It includes a system timer, its manipulations may slow-down a phisical time of all distributed system operation, leaving a model time unchanged. CONCLUSION The main distinguishing feature of the PARUS system consists in the presence of computer-aided design mechanisms and flexible means of target systems generatIon . It essentially improves effectiveness,reduces designing time and increases fault-tolerance of a target system. The PARUS system supports twolevel design scheme of embedded software. It provides for realization of simultaneous and independent development of functional control programs . References 1. Coulas M.F. , Macewen G.H ., Marquis G. (1987) RNet : A hard-real-time distributed programing system. IIEE trans on computers, v.C-36. ~,1917-1932. 2. Reghabathi H.K .. Hamacher V.C. (1980) . A costructlve solution to the extensibility problem in real-time computer systems . The AUERBACH Annual 1980 best computer papers ,Amsterdam: North-Holland. pp. 35-56. 3. Parnas D. L. (1972) . A technique for specification with software module
examples. Communications of the ACM, v.15, n.5, 330-336. 4. Ward P.T., MelIor S. (1985) . Structured development of real-time systems. N. Y.: Yordan. vols 1,2 . 5. Cherry G., Crawford B. (1985) . The PAMELA Methodology. Thought tools, Reston. 6. Mok A. K. (1985) . SARTOR - a design environment for real-time systems. Proc Computer software and applications conf .. pp . 174-179. 7. Sloman M. , Kramer J . , Magee J . , Twidle K. (1986) . Flexible communication structure for distributed embedded systems . IEEE P!:QL ~ L v. 133. !L!... 201-211. 8. Chu W.W. , Leung K. K. (1987) . Module replication and assignment for real-time distributed processing systems . Proc IEEE. v. 75. ~ 547-562 . 9. Dudkin M. V. , Kaz'min A. I ., Menn A. A. , (1986)'FMS software Popolitiv V.N . development systems. Proc of the 5th lFAC/ IFIPI lMACS/IFORS ~ "Robotics and flexible manufacturing systems" . Suzdal. USSR, ~ 1986. M. :IFAC, pp . 338-341 . 10. Buyanovski D. I., Menn A.A. (1989) . Methods of increasing computer complexes fault-tolerance by means of distributed operating systems. Voprosi kibernetiki : Multimachine and multiprocessor computer systems. M.NS . USSR Academy of Science on "Cybernetics", 83-102. 11 . Kazmin A. I ., Menn A. A. , Buyanovski D. I.(1987) . Distributed operating system PARUS . Institute of Control Science, p. 42 . 12. Menn A. A. (1988) . Distributed operating systems of computer control Automation and remote systems . control. ~ 1-27. 13 . Buyanovski D. I . . Menn A.A. (1988) . The synchronization and message exchange mechanism in the real-time distributed operating system PARUS . Tanulayok MTA Szamitastechical es AuytomatizalisiKutato Intezet. Budapest. 208. 95-102 . 14. Buyanovski D. 1., Dudkin M. V. , Kaz' min A. 1., Menn A. A. ,Popolitov V. N. (988) Reliability techniques and debugging tools for distributed FMS control software, in Russian. Proc of 4th Yugoslav-Soviet ~ on "Applied robotics and flexible automation", Inst . za Industrijska systeme: Novi Sad, pp . 169-174 .