A Complete MEMS Analysis System ... Xudong Tang

A Complete MEMS Analysis System and Implementation by Xudong Tang Submitted to the Department of Electrical Engineering and Computer Science in partial fulfillment of the requirements for the degree of Master of Science in Electrical Engineering and Computer Science at the Massachusetts Institute of Technology May 2000 @ Massachusetts Institute of Teconology 2009. All Rights Reserved. A u th o r.............................................. .. . . . . . .. . . . .. . . . .. . ... . .... . .. .. .. . ... ... .. . .. .. .. . .. Department of Electrical Engineering and Computer Science May 8, 2000 Certified by .............................. Donald E. Troxel Professor of Electrical Engineering Department of Electrical Engineering and Computer Science Thesis Supervisor A ccepted by ............................ ............ Arthur C. Smith Chairman, Department Committee on Graduate Theses ENG MASSACHUSETTS INSTITUTE OF TECHNOLOGY JUN 2 200 LIBRARIES A Complete MEMS Analysis System and Implementation by Xudong Tang Submitted to the Department of Electrical Engineering and Computer Science in May 2000, in partial fulfillment of the requirements for the degree of Master of Science in Electrical Engineering and Computer Science at the Massachusetts Institute of Technology Abstract The testing and analysis of MEMS (micro electromechanical) devices are two of the main steps in designing MEMS devices. These tasks must be implemented in a way which allows them to be done remotely and by multiple users to form the whole distributed environment to a cooperative work environment. There have been programs that control different hardware, such as stage, pifoc, strobe, etc, but the implementation is local only. Problems such as how to integrate hardware controls to our Java based MEMS client/server analysis system efficiently, especially how to solve some new problem caused by remote operations (such as slowness in focusing, lack of synchrony in the user interface's button press and the process at server side or so) and how to transfer our client/server to the most popular Web server, Apache to gain more efficiency (including future software modification efficiency) will also be solved in the project. In the project, we will strive for seamless integration and interoperation and implement some particular methods to increase the performance of remote hardware control. Thesis Supervisor: Donald E. Troxel, Title: Professor of Electrical Engineering 2 Acknowledgements There are many people deserve my thanks. I only can list some of them here. I would like to thank Professor Donald Troxel for providing me with the research assistantship that has funded my graduate study at MIT. He has provided valuable feedback and insights as an advisor. Especially, he is always very patient to point out my written errors in English in my memos and thesis to stretch out my English. I would also like to thank Michael McIlrath for many informal meetings for technique questions on Apache, Java and Linux. I would like to thank my officemates, Danny Seth and Syed for providing a friendly environment for work. Danny and I always are good partners to cooperate to solve some problems in research. Many thanks to Francis Doughty. He always is willing to help us to find some former documents for the project. I would like to thank my former research advisor Dr. Nat. Durlach, he treat me so nice and kind. Finally, an extra big thank goes to my parents, my sisters. Without their encouragement, I cannot come to MIT. This work was supported by the Defense Advanced Research Project Agency under contract F30602-97-2-0106 3 Table of Contents I Introduction 8 1 .1 MM S ........................................................................................................................................ 8 1.2 Computer Microvision........................................................................................................ 8 1.3 Components of a Microvision System.................................................................................. 8 1.4 R elev an t Wo rk ........................................................................................................................... 9 1.5 Th esis S tatem en t.......................................................................................................................9 1.7 Organization of Thesis.............................................................................................................10 2 System Integration 11 2.1 Introduction of MEMS Analysis System's components...................................................... 11 2.1.1 MEMS Analysis System Structure.................................................................................. 11 2.1.2 Why we use Java and some integration problems we should solve for our system........ 11 2.1.3 Client/Server Environment............................................................................................. 12 2 .2 In tegratio n .................................................................................................................................. 13 2 .3 G o als for in tegration .................................................................................................................. 13 2 .4 S ystem in tegration ..................................................................................................................... 14 2.4.1 Integrate a Java Function..................................................................................................15 2.4.2 Integrate C/C++ or assembly source code...................................................................... 16 2.4.3 Integrate an executable file to MEMS Java Servlet......................................................... 19 3 System Performance Enhancement 24 3.1 Some problems which must be considered to speed up remote control/data acquisition.........24 3.2 Auto focus a camera and auto adjust the view field of the camera...................................... 24 3.3 Image processing algorithms for controlling the camera...................................................... 25 3.3.1 Image processing algorithms for adjusting the view field............................................. 30 3.3.2 Image processing algorithms for focusing the camera ................................................... 32 3.3.2 Procedure for the camera control.................................................................................... 35 3.4 A command line mode to control the pifoc which is error free and error tolerant................ 35 3.5 Load balance and other optimization method for the server................................................ 4 36 3.6 Use signed applet technology.................................................................................................37 3.6.1 Several ways to sign applets............................................................................................ 37 3 .6 .2 A n ex am p le .......................................................................................................................... 38 41 4 System secure mode 4.1 Introduction of security..............................................................................................................41 4.2 A complete system security model for MEMS chip remote analysis system............43 4 .2 .1 S ecu re clien t.........................................................................................................................4 4 4 .2 .2 S ecu re serv er........................................................................................................................4 5 48 5 Transfer to Apache Web server 5.1 Apache Server with Jserv support.......................................................................................... 48 5.2 Steps to transfer to Apache server....................................................................................... 49 5.2.1 Introductions to statically build Apache Jserv module for Apache................................ 49 5.2.2 Introductions to build Apache Jserv as a Dynamic Shared Object.................................. 50 5.2.3 Configuration for Apache server and Jserv................................................................... 51 5.2.4 M odify som e source codes of client/server components................................................ 53 5.2.5 Configure MEMS remote analysis system's client/server components..........................54 5.3 Secure Model fulfilled for our MEMS remote analysis and test system.............................. 54 5 .3 .1 IP filterin g ............................................................................................................................ 54 5.3.2 Connection authentication.............................................................................................. 55 5.3.2 Internal security...................................................................................................................56 57 6 Conclusion and Discussion 6 .1 C on c lu sio n ................................................................................................................................. 57 6 .2 F u tu re w o rk ................................................................................................................................ 57 7 References 60 Appendix A: Some terms for the project 61 5 62 Appendix B: Some source code 1. C code for control Pifoc...............................................................................................................62 2. Instruction set for Z-axis Control............................................................................................. 68 3. M atlab program for analysis auto focus algorithm s....................................................................70 4. Configure Apache for load balance......................................................................................... 74 5. C program for the camera auto focus control......................................................................... 75 6 List of Figures Figure 2.1 M EM S A nalysis System ................................................................................................... 11 Figure 2.2 Client/Server Structure for MEMS Analysis System................................................ 14 Figure 2.3 The integration graph for MEMS analysis application system....................................15 Figure 3.1 Images taken in different z positions........................................................................... 25 Figure 3.2 Images taken in different z positions........................................................................... 26 Figure 3.3 Projection of an image on vertical and horizontal direction.........................................26 Figure 3.4 A black-white image .................................................................................................... 27 Figure 3.5 A H igh P ass Filter ...................................................................................................... 27 Figure 3.6 The images in figure 3.1 processed by a HIPF............................................................ 28 Figure 3.7 The images in figure 3.2 processed by a HPF............................................................ 28 Figure 3.8 The relationship of the sharpness evaluation and Z.................................................. 29 Figure 3.9 Selected evaluation regions for quicker algorithms.....................................................33 Figure 3.10 The flow chart for control a camera............................................................................35 F igure 4.1 S ystem secure m odel........................................................................................................46 Figure 4.2 Clinet/Server authentication.........................................................................................47 Figure 5.1 Apache Jserv configure structure................................................................................ 7 48 Chapter 1 1 Introduction 1.1 MEMS MEMS are micro electromechanical devices incorporating small devices that react to electronic stimuli in a mechanical way. MEMS chips and VLSI chips are produced and manufactured using similar techniques. MEMS are laid out and packaged within a chip that looks similar to an electronic microchip. The main difference is that MEMS chips use small machines in addition to electronic circuits in the chip. The mechanical devices in MEMS chips move and tilt. As a result, the machines placed in the MEMS chip must be developed and tested for response and durability. That is where computer microvision arises as a good tool to use for analysis during the testing and development stages of the devices. 1.2 Computer Microvision Computer microvision consists of a microscope device for data acquisition and a computer system for data analysis and hardware control. Computer microvision may be utilized in the analysis and development of MEMS. 1.3 Components of a Microvision System The components of a computer microvision system consist of a device that allows magnification of an object under study, a computer to implement control and data processing, and a device that can collect and transmit visual data. These components imply, as is the case with the present applications, that the device or object under study is too small for direct observation. Thus, in order to observe the object, or some aspect of it, the visual data collector must be able to sense the object with some minimal amount of accuracy. There has been research to determine a fast and reliable algorithm in order to accomplish precisely this sort of detection at the subpixel level [Zoher]. Finally, the computer is also in control of the stage position of the microscope. As a result, the computer has enough information about the system to aid in the testing process. It has an understanding of what the input signals to the object under test are since it is interfaced with the excitation device. In addition, the computer can determine, to some degree of accuracy, how the 8 object under test behaves as a result of the specified input, since it has an interface with the camera system. Thus, the desired response to a specific input can be compared to the measured actual response from the MEMS device. 1.4 Relevant Work The interface and the overall architecture have been defined by several graduate students here at MIT [Carney, Jcottr, Erik] "4. The main differences between that system and the present system being designed and modified are that the old system is not a complete one and some frames for integration are not feasible or not easy to use in Java. Furthermore, the old system never really integrated hardware control, especially some executable code complied from C/C++, so it is impossible to know the real performance of the whole system. Some new problems arise from polling message structure. In the message structure, a client sends his request to the server, and the server responds to the client. If the server has some data ready for the client, the server could not send the data to the client automatically. It has to wait for the client to send a request, "Do you have message for me?" If yes, the server responds to the client's request. In some situations, such as a request to show an online video/image to client, the update rate of the image frame will be quite low. Some new problems arise from threads asynchronies. The old system has multiple threads for multi-users. But there is only one server thread for each user. If a user sends many different kinds of requests from a user interface in a short time . The whole message system will be clogged. A cooperative work environment needs our message system enhanced to support some more complicate situations, such as message can even be delayed a day or an hour to dispatch back to user (such that user A is waiting another user B to provide analysis data to him via the server). 1.5 Thesis Statement The testing and analysis of MEMS (micro electromechanical) devices are two of the main steps in designing MEMS devices. These tasks must be implemented in a way which allows them to be done remotely and by multiple users to form the whole distributed environment to a cooperative work environment. There have been programs that control different hardware, such as stage, pifoc, strobe, etc., but the implementation is local only. Problems such as how to integrate hardware controls to our Java based MEMS client/server analysis system efficiently, especially how to solve some new problem caused by remote operations (such as slowness in focusing, lack of synchrony 9 in the user interface's button press and the process at server side or so), and how to transfer our client/server to the most popular web server, Apache, to gain more efficiency (including future software modification efficiency) will also be solved in the project. In the project, we will strive for seamless integration and interoperation and implement some particular methods to increase the performance of remote hardware control. 1.7 Organization of Thesis The preceding section presented the overview of MEMS analysis system. Some general problems that must be addressed are given. The next chapter will focus on problems of integrating other software to our Java based Client/Server infrasture. Chapter 3 will describe some methods to improve the performance of the MEMS analysis system. Chapter 4 will discuss the secure considerations. Chapter 5 will show how to transfer MEMS analysis system environment from Java Server to Apache Server. Chapter 6 proposes some future work. Chapter 7 gives conclusion and a final summary. A detailed reference to the configure/install of the servlets, client programs and hardware control program for MEMS analysis system is included in the Appendices at the back of this thesis. 10 Chapter 2 System Integration 2.1 Introduction of MEMS Analysis System's Components 2.1.1 MEMS Analysis System Structure LED + 4LED+ Pifo er --- Video digitizer driver Pifoc controller ignalo g Centium Stage drifver Stage Figure 2.1 MEMS Analysis System Figure 2.1 gives the MiEMS Analysis System's structure. From a software aspect, MEMS Analysis System is a typical distributed software environment. In a few words, it is a distributed analysis environment with a client/server structure. So we want it to be platform independent, have an open structure to integrate other applications, have some kind of data security, have reasonable performance under limited network bandwidth, and to provides application interface standard for interoperability of tools. MEMS Analysis System is a heterogeneous Client/Server environment. Many specific analysis and design tools are already completed. The internet enables users remote operation of a camera, stage and other analysis hardware. In order that users can analyze the system in a cooperative way, the system should support seamlesss integration and some kind of interoperation. 2.1.2 Why we use Java and some integration problems we should solve for our system Java based client-server technology can be seamlessly integrated with the WWW. A web browser and a web server is a good Client/Server structure. It is object oriented, platform independent, and can provide security. 11 Some problems which need to be solved include: " Applet download from server cannot access local files and devices. " Sometimes, Java code is too slow to fit our requirements. " Integration of other modules developed by other language. * The security of the system. Internet application is subjected to various attack, such as IP sniff, IP hijack, IP Spoof, Trojan Horse, DNS faker. 0 The stateless nature of the HTTP protocol and the lack of communication between the web browser and the Java web server cause some problems. Possible servers for our system are Java Web Server or Apache Web Server. On the client side, Navigator, IE, Appletviewer or Hotjava are possible choices. But the Apache and Netscape combination is guaranteed to be supported by our system. 2.1.3 Client/Server Environment In order to integrate analysis tools in Linux or Unix operating system, hardware control tools programed by C/C++, the implementation of the system should be platform independent and should also allow for expansion. One of the best languages to accomplish these tasks is Java, which has the capability of creating graphical user interfaces and can be run on any browser that supports Java. Since nearly all operating systems have some kind of browser, our system can be run on most platforms. Figure 2.2 shows Client/Server Structure for MEMS Analysis System. Before the introduction of the interaction procedure, some simple explanation of to some terms is necessary. Applets are Java programs downloaded from a web server and run in a web browser. Servlets are platform-independent server side components, written in Java, which dynamically extend the Java-enabled server. They provide a general framework for services built using the request-response paradigm. Their initial use is to provide secure web-based access to data which is presented using HTML web pages, interactively viewing or modifying that data using dynamic web page generation techniques. Servlets are usually are dynamically loaded (of course, a web server can be configured to force loading and initializing particular servlets when the web server is started up). 12 All the programs for the client and server are located on our server side. Client, may use various kinds of web browsers to access our system via URL of our server. Users specify a URL like http: / /stage.mit. edu: 8080/UT to connect to the server named 'stage'. 8080 is the port number of the web server. After that, the applet stored in the server side is transferred to the client side where the applet starts up a login interface. After login, a user can choose one GUI interface from a list of GUI interfaces. Then the user gets the script file (a kind of setting file for GUI) from the server, and starts a GUI in the client side. The user can use tools in the GUI to acquire data or request other service from the server. From a software aspect, the server actually uses servlets to respond to requests from the client. According to different kinds of requests, servlets call some internal objects (classes), or some native methods, or just directly execute an executable program to get data or drive hardware or take a picture. 2.2 Integration In general, there are some problems which belong to the integration aspect which need to be solved: (1) Applet downloaded from server cannot access local files and devices, unless it is signed. (2) Sometimes, Java code is too slow to fit user's requirements. (3) Sometimes, the integration of other modules developed in other languages is necessary. So we need methods in Java code which can: (1) Integrate a Java Function. (2) Integrate C/C++ or assembly source code from .obj level. (3) Integrate Executable program (such as some Windows program or dos *.exe program). 2.3 Goals for integration (1) Enable write/read file/hardware in server side or client side (2) Enable call an executable files method I cooperated with another graduate student to integrate these modules to our MEMS analysis system: Computer Controlled Camera, Computer Controlled Waveform Generator, 13 Device Excitation, Strobe Generation, Microscope Control Computer Controlled Microscope, Waveform Generator Control, Camera Control Data Processor and Controller for System, Microvision System (3) Solve some low efficiency problems caused by call method. 0 Using image processing technique to auto focus a camera, including converting a BMIP image file to a pixel array for processing. * Solve the delay caused by polling message system. Device n Device I Gee)@ Data Base Data service Hardware Control Message process MEMS Servlets Apache 1.3.9 Web Server/Java Webserver Web Web Web Browser Browser Browser Client I Client 2 0GQ Client n Figure 2.2 Client/Server Structure for MEMS Analysis System 2.4 System integration 14 Integration problems will be faced in those situations: * when an application cannot be written entirely in Java. The standard Java class library may not support the platform-dependent features needed by the application. * You may already have a library or application written in another programming language and you wish to make it accessible to Java applications. * You may want to implement a small portion of time-critical code in a lower-level programming language, such as assembly, and then have your Java application call these functions. In Figure 2.3, The integration graph for MIEMS analysis application system is given. From it, we know most integration tasks are focused on server side's servlets implementation. Servlets are written in Java and can call other C/C++ executable code and .obj module or Java code. MEMS Server Servlet (Java Code) HTML IC++ /batch file Executable) CGI .O(in Linux)JaaApe OBJ(in NT) OJava ppe Figure 2.3 The integration graph for MEMS analysis application system Now I will give details on how to integrate these components to our system. 2.4.1 Integrate a Java Function This is rather direct. 1) Add a Button (or Menu or Icon) to interface. Change setting files your-settingjile.txt 2) Process the message of button presss event 15 In FunctionHandler.java in handlePrimitiveFunction module add a line to process the button message 3) Add the function that responds to the button In FunctionHandler.java add the function that responds to the button event 2.4.2 Integrate C/C++ or assembly source code 1. Integrated as DLL 1) Create a Java class that declares the native method. It also includes a main method which calls the native method. 2) Compile the Java class that declares the native method and the main method. Javac J123.java 3) Generate a header file for the native method using javah with the native interface flag -jni. Javah -jniJ123 4) Warp program written C or C++ to JNIC format. 5) Compile the header and implementation files into a shared library file, a DLL. 6) Now you can run the Java program. Below are example files: ---------------------- J 123.java----------------------/ the class name is the same as the file name // class J123 call a native method programmed by C class J123 { public native void displayHelloWorldo; static { System.loadLibrary("hello"); } public static void main(String[] args) { new J123().displayHelloWorldo; } I ----------- automatically generated header file J123.h-------- 16 / this file is automatic generated by Javah -jniJ123 #include <jni.h> /* Header for class J123 */ #ifndef _Included_J 123 #define _IncludedJ123 #ifdef _cplusplus extem "C" { #endif /* * Class: * Method: J123 displayHelloWorld * Signature: OV */ JNIEXPORT void JNICALL Java_J123_displayHelloWorld (JNIEnv *, jobject); #ifdef _cplusplus I #endif #endif ------------------ JNIC: try.c-------------------/ the C program implement the method used by Java program #include <jni.h> #include "j123.h" #include <stdio.h> #include <process.h> JNIEXPORT void JNICALL Java_J123_displayHelloWorld(JNEnv *env, jobject obj) { char s[80]; printf("This is a program run from Java\n"); printf("Java call JINI C\n"); printf("please input command line:\n"); gets(s); system(s); return; } 2. Integrate an executable program (such as some windows program or dos *.exe program) This can be solved by using steps similar to those above. We create a c code tile to integrate a execuitable file 17 --------------JNIC: warp.c ------------------#include <jni.h> #include "j123.h" #include <stdio.h> #include <process.h> JNIEXPORT void JNICALL Java_J123_displayHelloWorld(JNIEnv *env, jobject obj) { system("Executablefilename"); return; } Or directly use RunExec method in Java to call an executable file (.exe .bat in Windows NT or a shell file or other executable file in Linux /Unix). In 2.3.5, more detail will be given on the RunExec method for integration. Some discussion for integration 1) How to exchange data between these Java module, C/C++function, .EXE modules (1) file This is versatile, but slow, and the format is not easy to control. (2) command line Using ArgC, Argv is simeple and quick. (3). variables of environment This is quick, versatile, but has some limitations, in that Java applet can't access the environment for security reasons. To get a value from the current environment, call getenvo; char *getenv( const char *varname); Return Value: Each of these functions returns a pointer to the environment table entry containing varname. It is not safe to modify the value of the environment variable using the returned pointer. Use the _putenv function to modify the value of an environment variable. The return value is NULL if varname is not found in the environment table. 18 Parameter: varname Environment variable name Remarks: The getenv function searches the list of environment variables for varname. getenv is not case sensitive in Windows NT and Windows 95. getenv and _putenv use the copy of the environment pointed to by the global variable _environ to access the environment. getenv operates only on the data structures accessible to the run-time library and not on the environment "segment" created for the process by the operating system. Therefore, programs that use the envp argument to main or wmain may retrieve invalid information. Java programs cannot read environment variables the way that native programs can. The reason is that environment variables are platform dependent. Similar mechanisms exist, however, that allow applications to read the value of a named resources, called system properties list. (4). Java objects (array, string, etc) With the JNI framework mentioned above, both the native language side and the Java side of an application can create, update, and access Java objects and then share these objects between them. 2) Integrate Java to C/C++ Native methods written in C/C++ can also easily call Java methods. Often, you will already have developed a library of Java methods. Your native method can directly perform the functionality already incorporated in existing Java methods. The native method, using the JNI framework, can call the existing Java method, pass it the required parameters, and get the results back when the method completes. 2.4.3. Integrate an executable file to MEMS Java Servlet Note: all finished classes should be put on server side. Step1 Create the set file for a user interface. For example, trysetting.txt in Mems' D:\JavaWebServerl 1.1\public-html\guiSettings Several example files are in this directory ( please refer to Erikp's thesis" 4 ]) 19 mainFrame = Frame("Control Stage"); // Create a Frame object, name is mainFrame, / title is "Control Stage" mainMenuBar = MenuBar("Main MenuBar", mainFrame); // add menu object in the frame object control = Menu("Control", mainMenuBar); // add menu item in the menu object takeControl = Menultem("Take Control", control, takeControl()); // do same thing as above cedeControl = Menultem("Cede Control", control, cedeControl()); checkControl = Menultem("Check Control State", control, checkControl()); reset = Menultem("Reset Server", control, reseto); shutdown = Menultem("Shutdown Server", control, shutdowno); mainPanels = PanelFrame("Main Panels", mainFrame, 1, 1); / create a Panel Frame in the frame object /for putting buttons // create a panel in the Panel Frame sizeSettingsPanel = Panel("Try Panel", mainPanels); tryme = Button("trymedemo", sizeSettingsPanel, try-meo); // create a button in the panel Step2 modify client Java program Modify GUI stuff----FunctionHandlerclass in the directory D:\erikp\java\FunctionHandler\then compile it and put FunctionHandler.clasto Mems's D:\JavaWebServer].1.]\publichtml\UI\FunctionHandler so that all requests from the User interface are processed. Add the message, which is sent out by the user interface and is sent to the MIEMS Java Servlet. (1) Add the processing in handlePrimitiveFunction class to process the task launched by the button private void handlePrimitiveFunction(String wholePrimitiveFunction) StringTokenizer st = new StringTokenizer(wholePrimitiveFunction, "(", false); String primitiveFunction = st.nextTokeno; if (.. else if (primitiveFunction.equals("try-me") trymeo); // process the primitive function . The first try me is message from user interface. // The second try me is funtion call which processing the message. They are not // necessary to have the same name } (2) Provide the function which will get the service from the servlet For example: Type 1 call send message from other Module private void try-me() { String controlState = hardwareControlModule.checkControlStateo; if (controlState.equals("ACTIVE")) 20 Globals.xTranslation = Integer.toString(Integer.parseInt(Globals.xTranslation) + 0); hardwareControlModule.setStageo; //Here directly call an existed funtion which // will send message to the servlet else if (!controlState.equals("ACTIVE")) JOptionPane.showMessageDialog(null, "You do not have control of server", "Information", JOptionPane.INFORMATIONMESSAGE); We can directly send out message here or call a function that will send a message which are in the same directory with FunctionHandler. Type2 directly send message private void try-me() String sessionID; sessionlD = String.valueOf(Globals.sessionID); NVPair[] message = MessageDatabase.get("TRY-ME"); message[ 1].setValue(sessionlD); /* if you want to send some parameters here you can do like this message [2].setValue(Globals.strobeFrequency); message[3] .setValue(Globals.divisions); message[4 .setValue(Globals.phase); */ Hashtable responseH = sendMessage(message); String command = (String)responseH.get("COMMAND"); String msg = (String)responseH.get("MESSAGE"); if (command.equals("ACK")) {I else if (!command.equals("ACK")) // error(responseH); (3) Add the message definition in MessageDatabase class. in D:\erikpjava\MessageDatabase Finally, update the MessageDatabase class in Mems' D:\JavaWebServerl.J.1\public_html\ UI\MessageDatabase\ //Add a new message for a new function NVPair[] tryme = new NVPair[2]; tryme[0] = new NVPair("COMMAND", "TRY-ME"); try-me[l] = new NVPair("SESSION-ID",""); database.put("TRY-ME",tryme); 21 Step3 modify server side program (1) Register new message which will be handled----Modify MessageServlet.java at D:\jared\thesis then copy .classfile to Mems' D:JavaWebServer].].1\servlets void initMessageCenter( HardwareControl hc, DataProcessingEngine dpe, Database db) { // add a register line. messageCtr.registerHandler(new trymeHandlero); } (2)Providea message handlerfor the new message in the directory of D:\jared\thesis\MEMServer\messaging\HANDLER\and save it to Mems' D:\VavaWebServer].1.]\servlets\edu\nit\MEMServer\nessaging\Handler\ YOUR_HANDLERFILE For example, package edu.mit.MEMServer.messaging.handler; import java.io.*; import edu.mit.MEMServer.messaging.*; import edu.mit.MEMServer.data.*; import java.util.Hashtable; import java.lang.Runtime import java.util.Vector; public class try-meHandler extends MessageHandler { public try-meHandler () commandName = "TRY-ME"; //to define the message handlerprocess which /message // below check if the message format is correct public boolean isValidMessage (Message m) if ( !m.isValid( ) return false; if ( !m.getFieldValue(new String("COMMAND")).equals(commandName)) return false; if ( m.getFieldValue(new String("SESSION-ID")) != null) return false; return true; 22 public Message handle ( Message m ) { SessionList sl = ss.getSessionListo; String newSessionlD = sl.startSessiono; Hashtable h = new Hashtableo; h.put new String("COMMAND"), new String("ACK") ); //send out ACK to client h.put new String("SESSION-ID"), newSessionlD ); // send out session ID h.put new String("MESSAGE"), commandName ); // send out the comand which is processed by the servlet try { // call executiable file // set up command, arguments, and environment variables String[] envp = new String[ 1]; String prog = "stage 2";// the program(with parameters) which will be called by // JAVA the executiable things can be a shell comand, // suca as String prog = // "Ibin/ls" in Unix/Linux; Runtime rt = Runtime.getRuntime(; //'/bin/ls' or 'stage 2' Process pl = rt.exec(prog); } catch (IOException e) {} catch(SecurityException e){ } return new Message(h); Step4 create server side program Create an executable program named stage, which is called by the new handler Note: All above steps are the most complete version. Some steps are not necessary for some particular cases. 23 Chapter 3 System Performance Enhancement 3.1 Some problems which must be considered to speed up remote control/data acquisition There are several aspects to improve the performance of our MEMS remote analysis system. (1) Speed up some time critical missions. Such as use more efficient algorithms, use quicker program language, change some manual operations to automatic operations, etc. (2) Provide a client/server infrasture with higher performance. Such as server response user with multi-threads. Even response the same user's different requests with multi-threads. (3) Provide a friend interface for use to access some services. So that the system overall performance can be increased dramatically by error prevention and error tolerance. 3.2 Auto focus a camera and auto adjust the view field of the camera In the old MEMS analysis system, camera focus operation is manually done locally via observing the image on a monitor. The focus speed is fast. Now we want to remotely manipulate the stage and pifoc to focus the camera and adjust view field and user can quickly choose the region of interested of an image. Because of the band limit of the network, it is very slow to take a lot of pictures, then transfer them to the client side for the user to evaluate if the picture is in focus and in a good view field. The processing entails taking pictures then sending them to the user interface via network, after that, adjusting the camera from user interface, then take the new picture and send to user interface again via network. We iterate the process until the camera begins to send clear and correctly size pictures so then we can say the camera is in focus and is ready. All this processing is very slow. Especially, we test and find move stage in x, y axis is extremely slow and move in z axis is not as slow as in x, y axis . So it is necessary for us to use image processing technology to automate the server processing in our client/server environment. We know the picture in focus is sharper and has more high frequency components. We can design a HPF (high pass filter) to evaluate whether the picture is in focus. If we want to let a MEMS chip fully occupy the view field of the camera, we need to use image processing technology to separate foreground from background, or find a way to know where is the position on an object(a MEMS chip). 24 3.3 Image pocessing algorithms for controlling the camera In order to automate above tasks: Auto focus, auto move picture in a good view field and quickly control stage to let image is exposure in the region of interest. Several tasks should be solved first. (1) Transfer BMP format picture to pixel image array. So that we can process the image with 2-Dimensional filter. In Linux, there are no .bmp files used. This step can be neglected. (2 ) Process the pixel image array with filter to evaluate whether the image is in focus or not. (3) Find method to evaluate the picture position and try to move it to correct position. So that the image's center is in the middle of view field. (4) Responds user's request to set the region of interest Currently there is no requirement to set view field to the region of interest. Only use it to analyze the motion of interest region. So this is part of work of design a GUI actually. I have finished it. Figure 3.1 Figure 3.1 shows images taken in different z positions, the first one is taken in focus position, The other 3 taken with z move with +100 micron, +500 micron, +1000 micron. 25 image.bmp 640X480 image-1 000.bmp 640 X480 image-500.bmp 640X480 Figure 3.2 (Above) Figure 3.3 (Below) 10 6 5 4.5 / 4 I- 3.5 3 0 4 2-D image, size: 640X480 5 4 3 ~v\I 2 11 0 200 400 600 800 Projection of 2-D image on X axis 26 100 200 300 400 500 Pr ojection of 2-D image on V axis 250 200 150 100 50 n 00 image mapped from orignaJ 100 200 300 400 500 Projection of 2-D image on V axis 150 100 50 0' 0 200 600 600 400 Projection of 2-D image on X axis Figure 3.5 (Below) Figure 3.4 (Above) The impulse response h(nl 1 n2) of a 2-D High Pass Filter '1~ I - 10 I -- -Le- C 5 2- C -c '- - I 1 3 2 n1 3 n2 1 27 100 200 300 400 100 200 300 400 500 600 image0 processed by HPF 100 100 200 200 300 300 400 400 200 300 400 500 600 image+500 processed by HPF 100 200 300 400 500 600 imae+1000 processed by HPF 100 Figure 3.7(Below) Figure 3.6(Above) 100 100 200 200 300 300 400 :4 14 400 100 200 300 400 100 200 300 400 500 600 image -100 processed by HPF 500 600 image processed by HPF 100 100 200 200 300 I 300 400 400 100 200 300 400 500 600 image -1000 processed by HPF 100 200 300 400 500 image-500 processed by HPF 28 1.8 x 10 78 E CD 7 7 1 76 / (-n CO E 7 1.74 I/ CO, 1.72 k / CfJ CO, / ( 1.7 I / CO' 1 68 1.66 1 - - 2 3 6 4 7 z position sample index Figure 3.8 The relationship of evaluated shparpness-z position Figure 3.2 shows images taken in different z positions, the first one is taken in focus position, The other 3 taken with z move with -100 micron, -500 micron, -1000 micron. Figure 3.3 shows projection of image.tif (or .bmp format) on vertical and horizonital. Note, x, y axis is defined as below: 1 0 X Y Figure 3.4 shows a black-white image which is process by a noise elimination algorithm and converted to black-white. Its vertical and horizontal projections are shown in the figure too. Figure 3.5 given a HPF(High Pass Filter). 1 -3 1 H[ni,n2]= -3 9 -3 --3 1 -1 29 Figure 3.6 shows the images shown in figure 3.1 processed by the HPF in figure 3.5 Figure 3.7 shows the images shown in figure 3.2 processed by the HPF in figure 3.5 Figure 3.8 shows the sharpness evaluation measurement for different images taken in different z position. Index of z sharpness evaluation measurement correspond images 1 image-1000 169616 2 image-500 173858 3 image-100 176110 4 image0 178149 5 image+100 178431 6 image+500 167538 7 image+1000 168329 3.3.1 Image processing algorithms for adjusting the view field 1 Algorithm The algorithm is for moving an image from a biased position to the center of the view field. I find a way to evaluate the position of the picture-use projections of the picture on vertical and horizontal directions. The region without the object will have much less energy, and the projection will be much low. Please refer to Figure 3.3. The projection between 0-100 pixels on Y axis(corresponds image's up region) is low. So there is no MEMS chips in this region. So we need move the view filed down ward 100 pixels, which equals to move the object upward 100 pixels. But as we can see from Figure 3.1 and Figure 3.2, the background noise is big. There is obvious a big bright spot in the image, which is caused by refection of the light by the surface of the platform which is used for put MIEMS chips. 2 An enhanced Algorithm with noise eliminated As mentioned above, the refection of lights in the image is very annoying to our algorithm. 30 We find the characteristic of the refection has a mirror effect. All refection is strong and has nearly the equal brightness. While an object (MEMS chips) in the picture has varied brightness and irregular illumination. According to this characteristic, an enhanced Algorithm with noise eliminated given as the below: Assuming the image is saved in a pixel array hO(ij); n is height, m is width. The average gray scale for the picture is set as 75. The detection a mirror effect threshold is set as 15. The idea of the algorithms is if we find more the 15 continue bright pixels then we assert that it is in mirror effect region-the spot of light. If the spot of light location overlap with an object. It doesn't matter. At the same time, the algorithms convert the gray scale image to a binary black-white image. So each bright pixel has the same projection weight-not associate to its grayscale. % algorithms written in MATLAB AverageGrayScale=75; Mirror_effect_length=15; // picture size, n is height, m is width n=480; m=640; for i = 1:n, count=O; for j = 1:m, if hO (i, i ) > AverageGrayScale A(i, j )=1; count=count+1; if count>; Mirroreffectlength for k=begin:j A(i,k)=O; end count=O; end else A(i,j) =0; begin=j; end end end subplot (2, 2, 3); hO_x=sum(A,1); plot (hOx); xlabel('Project of subplot(2,2,2); hOy=sum(A,2); plot(hO y); xlabel('Project of 2-D image on X axis'); 2-D image on Y axis'); 31 Above algorithms can be optimized further to eliminate the spot of light. But above algorithms is enough for our to evaluate the position of the picture. The average gray scale is used as threshold for converting an image. Although this is an estimated values. But it is accurate enough for our purpose of detect the position of the image. And furthermore, it save our calculation time. The average gray scale is not sensitive to different kinds of MEMS chips. Please refer to Figure 3.4. The enhanced algorithm works very well. It can detect 0-180 (in pixels) region has no object. Compared to Figure 3.3 which uses the original algorithm, only detects 0-100 region no object. 3.3.2 Algorithms for focusing the camera 1 HPF design We want integer coefficients for the HPF so that the convolution computing is fast. Second, the sum of all amplitudes of impulse response is one, so that the filter frequency response H(wi ,C 2) is one at oi=O2=0 and pass all the DC components unaltered. This character has the effect of keep the average density of original image in the processed image. By the way, because background noise typically has high frequency components. HPF tends to increase the background noise. Some time, if necessary, we can use median filter to eliminate pepper-salt noise. But the picture quality from our camera is rather good. It is not necessary to apply a median filter on the image. 2 Algorithms First convolution the HPF's impulse response with the image. Then use the evaluation algorithm to get the image sharpness evaluation measurement. The evaluation algorithm is rather direct, first get the pixel's average brightness, then count the number of dark points which are darker than the average brightness as the image sharpness evaluation measurement. The Algorithm is defined as function GetCurrentPositionlmageEvaluationo; In the next algorithm we will use the function. % Process image by t hdl=[1 -3 1; -3 9 -3; h_O=conv2 (hd1,hO); subplot(2,2,1); image(h_0); HPF 1 -3 1]; 32 %Lmshow (hO) xlabel('imageO processed by HPF'); % below show the each picture's evaluation measurements n=480; m=640; countl=G; Pixel-average=mean(mean(h_6)); for i = 1:n, for j = 1:m, if h_6(i,j) < Pixelaverage countl=countl+l; end end end count1 3 Problems and soloution Problem 1: Speed The above algorithm is not bad, because there is no calculation of frequency components. Only there is a nine points convolution with a 640*480 array. Cost is about 9*642*482= 2.78* 106 times, about 8*642*482= 2.48*106 adds. But we can get a much quicker algorithm. The idea is to evaluate only part of the image, not the whole image. Just like some auto focus cameras in today market, we can use one sample region, three sample regions or five sample region to get the camera sharpness evaluation measurement. Figure 3.9 Selected evaluation regions for quicker evaluation algorithms Figure 3.9 givens 5 selected evaluation regions for quicker evaluation algorithms. We can use only E region or combined A,B,C,D,E one or more regions to get the evaluated sharpness measurement 33 of an image. If we use only 1/16 area of an image with 640*480, that is to say, use 160*120 that is still big enough and is accurate enough to evaluate the sharpness of an image. While calculation time will decrease to 1/16 of original calculation time! Problem2: Evaluated sharpness measurement to z is not strictly changed monotonically Please refer to Figure 3.8, we can find the evaluated sharpness measurement to z is nearly changed monotonically when search from one side (left or right side of peek point) for maximum. But not strict. Some time affected by noise will cause some variant curve. But the magnitude for the variant is small. So when search for the focus, the maximum point by change z, we need use a threshold to control the search procedure. We find threshold = 500 is good enough for the z movement step = 100 micron and the image size 640*480. By the way, in the experiment we find 100 micron as step is good enough to get a clear picture. For more accurate focus, we can use the same algorithm with different threshold to get the optimal result. Algorithm for the optimal z, the focus point is as below: Threshold=500; Zstep=100; FlagIncreaseZ= 1; Searchbacktimes=O; OldEluationMeasurement= GetCurrentPositionImageEvaluation); Note: The is algorithm mentioned in (2) Loop : move z a step with Z-step*FlagIncreaseZ NewEluationMeasurement= GetCurrentPositionImageEvaluation(); If ((NewEluationMeasurement- OldEluationMeasurement)>Threshold { // means keep search direction. FlagIncreaseZ = Flag_IncreaseZ; Try to move z a step with Z-step*FlagIncreaseZ OldEluationMeasurement=NewEluationMeasurement Goto Loop; } else { // means reverse search direction -FlagIncreaseZ; FlagIncreaseZ= // rember how many times the same Searchbacktimes += 1; point evaluated If(Searchbacktimes>=2) Goto End; Try to move z a step with Z_step*FlagIncreaseZ OldEluationMeasurement=NewEluationMeasurement Goto Loop; End: Move z to the optimized position Improved algorithm: 34 If we assume that we can set camera to the minimum z, before we begion auto focus camera. Above algorithm will be much simple. Actually we do have the command to initialize z to minimum. Threshold=500; Z-step=100; OldEluationMeasurement= GetCurrentPositionImageEvaluation(); do { Increase z one step; NewEluationMeasurement= GetCurrentPositionImageEvaluation(); OldEluationMeasurement) >Threshold if ((NewEluationMeasurementOldEluationMeasurement=NewEluationMeasuremen; else break; while(l); 3.3.3 Procedure of the camera control Add Z IF Projection No Adjust view Get an on XYfieldimageIll.<Is Yes the image sharpnested Figure 3.10 Flow chart for control a camera. Figure 3.10 gives the procedure of controlling a camera. 3.4 A command line mode to control the pifoc which is error free and error tolerant. We provide a command line window in user interface for use to control hardware. It is necessary to check the format and the correctness of the command line, so that the user need not wait until the server tells him something is wrong and needs a change of the command. All check work should be done in the client side. So checks done on the server side should be moved to the client side so that we can increase the system's performance. Please reference Appendix B part 2. 1 Command Format SEND COMPORT BAUD_RATE COMMAND <value> 35 SEND is a program for serial port communication COMPORT is COM1-COM4 BAUDRATE is 300,600,9600,19200,38400 bits/second COMMAND is one command of the command set. 2 Command Set Some of the most important commands for the E-662 operation please reference Appendix B part 2. One typical example is: SEND COM] 9600 setrem // set control mode to remote control mode SEND COM] 9600 pos 60 / set z-axis position to 60 um SEND COM] 9600 pos ? // get current position of z axis 3.5 Load balance and other optimization method for the server Scalability, load-balancing, fault-tolerance are key properties for internet content providers : As the market becomes more mature, the need for static pages web sites decreases, and the dynamic content generation, personalized, and transactional becomes a must. Java is a key technology on the server side, because of its rapid prototyping and validation phases, which give a time-to-market bonus to those who are using it. However, as the Java Virtual Machines become faster over years, people tend to ask for always more personalized and dynamic contents, and this type of application requires always more and more CPU power. Apache JServ addresses this requirement and lets you distribute your application load over as many hosts as needed. Load-balancing includes several levels for Aapche server: Level 0 : 1 host with Apache, 1 host with JServ. The JServ is hosting all servlet zones. This is the current default mode for Apache JServ (no load-balancing). JServ can be started in automatic mode. Level 1 : 1 host with Apache, n hosts with JServ. Every JServ is hosting its own servlet zone.This is a possible mode in 1.0 versions. You have to specify one JServ/zone. Apache cannot start the different JServ in automatic mode : you have to set the Manual mode to true. Level 2: 36 1 host with Apache, m*n hosts with JServ. Every zone can have the incoming load distributed on several JServs. You have to use the new "balance" parameters. (see Configuration). For every zone you have to define a set of JServ hosts that are identical (same servlet classes), and affect a logical weight for every host in that set. The traffic will be balanced between the JServs in the set, using a simple but efficient algorithm based on host weight + random. very httpd process (inside one Apache server) will randomly(modulo weight) choose a default target for each zone, and send new requests (sessions not yet created) to this target. The underlying Operating system guaranties (at least on U**xes) that equivalent processes gently share the CPU ressources, and get elected at their turn. Level 3 : p*hosts with Apache, m*n hosts with JServ. Same as Level 2, but all our p Apache servers have to use same configuration files to keep sessions alive across all of them (really mandatory: use the same routing parameters). Because current our project only use one server , so the load balance is not a real problem. But in the furure, if we want to remotely control a lot of hardware distributed in different sites of Network, this is a very important task for us to finish. Please reference Appendix B part 4 for a simple example for load balance of Apache server. 3.6 Use signed applet technology We need to use signed applet technology so that an applet can launch tools in a local machine(such as realplay5.0) or do some read/write operations in the local machine. But Navigator, IE, and Apache use different formats of certification, how to find a common solution? Our soloution is ---use Java plugin which is support by most of the browsers. 1) Convert .html files which include 'applet'tag to java plugin's html file. 2) Copy identifydb.obj from JDK home directory and certification generated to java plugin's home directory. 3.6.1 Several ways to sign applets (1)USE JDK1.1.7B or JDK1.2 " Create a certification " Created a .jar file 37 " Signed the .jar file by the certification " Run Sun's HTML Converter to convert the HTML source to enable the Sun Java Plug In (otherwise the Microsoft JVM/Netscape is used and they don't support applets signed by JDK) (2) Microsoft' tool " Used Microsoft's MakeCert and Cert2SPC with your X509 certification * Created a cab file " Signed the cab file " Run the HTML file (3)Netscape's tool " Use Netscape's sign tool " Edit Java . Re-compiled Signed Java 3.6.2 An example Below we use first method: On server side Steps 1) Package all classes used by the applet to be signed to *.jar file jar cf jar name.jar *.class YOURDLL.dll YOUEXE.exe 2) Create certification(see below for details) 3) Sign the *.jar file use the certification javakey -gs sign-specificationjile .jarfile 4) Change the .html file which uses the applet, after 'applet' Create certification (l)Create signer Javakey -cs signerName true SignerName is the name you used to sign. 38 add 'archieve=yourpackagename.jar' (2)Create Public/Private Key javakey -gk signerName DSA 512 (3) Generate singer's certification javakey -gc specification-file specificationfile include #issuer.name, #issuer.cert, #subject.name #start.date #end.date,#serial.number #out.file,etc An example of file format introduced later. On client side Enable signer--actuall add you to the list of whose x.509 certification you trust javakey -c subjectName true Navigator, IE, and apache use different formats of certification,how to find a common soloution? soloution is ---use Java plugin which is supported in most browsers. 1)convert .html files which include 'applet' tag to java plugin's html file. 2)copy identifydb.obj from JDK home directory and the certification just generated to java plugin's home directory. Preparing: download Javaplugin, HTML converter when you run your applet, start java plugin Below is example files for a certification specification file and a sign specification file ===============certspecificationfile================ # the id of the signer issuer.name=txd # the cert to use for the signing (this is where it gets it DN) issuer. cert=1 # the id of the subject subj ect .name=txd 39 # the components of the X500 name for the subject subject.real.name=txd subject.org.unit=JavaSoft subject.org=Sun MicroSystems subject.country=US # Various parameters: start and end date for validity and expiration # of the certificate. Serial number. FIle to which to output the # certificate (optional). start.date=1 Dec 1998 end.date=1 Dec 1999 serial.number=1001 out.file=txd.x509 ======================signspecificationfile=============== # Jar signing directive. This is the directive file used by javakey to # sign a jar file. # Which signer to use. This must be in the system's database. signer=txd # Cert number to use for this signer. This determines which # certificate will be included in the PKCS7 block. This is mandatory # and is 1 based. cert=1 # Cert chain depth of a chain of certificate to include. This is # currently not supported. chain=0 # The name to give to the signature file and associated signature (i.e. DUKESIGN.SF and DUKESIGN.DSA). This must be 8 # block. # characters or less. signature.file=txd 40 Chapter 4 System secure mode 4.1 Introduction of security Our system runs in a distributed environment via Internet. Java secure ensures security and robustness in the local environment, especially servlets fully use the Java advantage: memory access violation and strong typing violation are not possible, so that faulty servlets will not crash servers the way that is common in most C language server extension environments. But in a distributed system's security are caused by hacker or some programs with bugs which access resources not intended for them. Possible hacker methods on Internet are: ---IP Hijack ---IP sniffer ---- IP Spoof ---DNS faker ---Trojan Horse(fake a real program) ---not trusted Java applet exposure system private data, change system configuration Protecting our data from use by other unlicensed people is very important. There are two questions are mostly considered by users for internet applications: (1) Security of the communication. (2) Data encryption and access control. A completely secure system includes three facts: according to what you know, such as password and user name; according to what you have, such as electronic certification; or according to your fingerprint and face. Only the first two facts are under consideration in our system. SSL (Secure Socket Layer) is a protocol developed by Netscape for secure transactions across the Web. It is used to enhance HTTP; it is transparent to the browser and the server support telnet, ftp, Mosaic, httpd 1.3, etc. we use Apache 1.3.9 as our Java server and model-ssl as our SSL module. In Apache server, model-ssl is integrated seamlessly into Apache with Extended API(EAPI). We 41 support authentication both in the client and server, SSLv2, SSLv3 and 128 bits strong cryptography. Actually there are 3 most popular encryption and user authentication standards for the Web, SSL(Secure Socket Layer), SHTTP(Secure HTTP), Shen. 0 SSL SSL is proposed by Netscape for HTTP, NNTP, and FTP. It includes Server authentication (verifying server's ID to the client), encreption of data in transit and optional client authentication. SSL is implemented in several browsers, such as Netscape Navigator, Secure Mosaic, Micrsoft IE and many servers, including ones from Netscape, Microsoft, IBM, OpenMarket,etc 0 SHTTP SHTTP is a higher level protocol proposed by CommerceNet. It only supports HTTP but is potentially more extensible than SSL. Current SHTTP is implemented for OpenMarketplace Server and Secure HTTP Mosaic on Client side. 0 Shen Shen is a similar to SHTTP, it is a high level replacement for the existing HTTP protocol. No browser or server supports it. A complete structure of the software for security of C/S interaction includes: (1) Identification and Authentication We can use user ID and server ID to prevent a fake IP address of client or a fake server. Some enhancement of security for Identification and Authentication: 1)In order to prevent the Hijack of IP, we can design a API to force to check Identification periodically when a connection has been established for some time. 2)Use time stamp to ensure security of the system. Prevent IP/password Sniff. Build a time depend ID lib. 42 (2) Access Control There are two kinds of access control One is Access control to a computer and programs in a computer. Use Java CGI and Window NT server configuration, only special directory and program under special directory can access by remote application, Java applets. Another is the use of a Multi Level Security Library for client software (which is downloaded from the MEMS server) for enabling and disabling some components and services. (3) Transit Security Transit encrypted data on the network. Encryption is provide by Java API. When we use some Unix based server such as Apache or NCSA httpd and Unix based browsers such as Mosaic, we can use services from SSlayer (it is a free implementation of SSL). 1) Ordinary request When a client application receives an encrypted response, it decrypts the response according to current time stamps and ID of server to ensure it is correct server (not a faker!). When a Server gets a request, it does the similar thing as the client. After a socket between user and server is established, use event driver method to send update information to client. 2) SQL request DataBase called by JDBC==> Public Network ==> Client ==>decrypt In order to improve efficiency of Java, during communication for data in database, when data length>5k, we use Zip=====>communicaiton========>Unzip JDBC have mechanism for check if the caller can access the link too. 4.2 A complete system security model for MEMS chip remote analysis system 43 In general, we can use steps below to secure our system (1) Limit access based on a subnet (firewall) Let packets from some IP or Domain pass. It can filters spoofed IP packet. <Directory /full/path/to/directory> Such as: <limit GET POST> order mutual-failure deny from all allow from 18.62.*.* </Limit> </Directory> (2) Login mechanism consisting of user name, and password transmitted on SSL At the server side add a login service to use Java login API (3) Use trusted applet/untrusted applet mechanism efficiently (4) Authentication of both client and server (5) Use SSL or https to secure the message sent on the network. includes the following encryption algorithms:DES,RSA,RC4,IDEA and Blowfish. Not these API come with Apache SSL modules. 4.2.1 Secure client step 1 : create a socket and connect to server using normal socket calls socket (...); step 2 after we have TCP conncetion. Start SSL negotiation SSLconnect (ssl); Following two steps are optional and not required for data exchange to be successful. 1) Get the cipher - opt SSL-get-cipher (ssl); 44 2) Get server's certificate (note: beware of dynamic allocation) - opt servercert = SSL-get-peercertificate (ssl); 3) We could do all sorts of certificate verification stuff here before deallocating the certificate. X509_free (servercert); 4) DATA EXCHANGE - Send a message and receive a reply. err = SSLwrite (ssl, "Hello World!", strlen("Hello World!")); shutdown (sd, 1); /* Half close, send EOF to server. */ err = SSLread (ssl, buf, sizeof(buf) - 1); 5) Clean up. close (sd); SSL free (ssl); 4.2.2 Secure server 1)Prepare TCP/IP socket for receiving connections socket (...) =====> bind(...) =====listen(... )======>accept(...) 2)TCP connection is ready. Do server side SSL 3)Get client's certificate clientcert = SSL-get-peercertificate (ssl); 4) do all sorts of certificate verification stuff before deallocating the certificate. 5) DATA EXCHANGE - Receive message and send reply. 45 6)Clean up. Fig 4.1 gives illustration of the secure model of MIEMS chip remote analysis system Server Client Authentication(including check password) Ordinary Send(Post) & Read SSLwrite SSL read Firewall provide by Apache Server SSLwrite SSLread Ordinary Send(Post) & Read Trusted Applet Not Trusted Applet Server Authentication Client Figure 4.1 System Secure Model Fig 4.2 gives client/server communication with authentication to each other. 46 Request ~xzzzz~ IP and Domain Filter Authentication (verify client) Accept Reject Authentication (verify server) I Reject Accept Accept Response ate Figure 4.2 Clinet/Server authentication Above security features don't include security features provided by Java applets and Java servlets. As it is mentioned in Chapter 2. Our most security work is focus on server side. Servlets have access to information about their clients. When used with secure protocol such as SSL, peer identities can be determined quite reliably. Servlets relying on HTTP also have access to HTTPspecific authentication data. In the next chapter a detail realization of security consideration will be given. All the implementation is based on Apache web server. 47 Chapter 5 Transfer to Apache Web server 5.1 Apache Server with Jserv support Apache exists to provide a robust, commercial-grade, featureful, and freely-available source code implementation of an HTTP (web) server. It provides a platform upon which individuals and institutions can build reliable systems, both for experimental purposes and for mission-critical purposes. The Apache Project is jointly managed by a group of volunteers located around the world, using the Internet and the Web to communicate, plan, and develop the server and its related documentation. This is very similar to Linux. The Apache server is now the most popular web server. It has open source code and has Window/Linux/Unix versions available, and is nearly completely compatible with Sun's Java web server. We can download Apache source code, but compiling them to include Java servlet's support and configuring a secure model and other things need our further consideration. Even download source code needs some attention. Some Apache kernel source code doesn't support Apache Jservlet, or some Apache kernel source is for different C compilers. Apache Web Server with Jserv support Configuration files httpd.conf Ordinary Web Server Engine < * httpd.properity Secret key file Servlet Engine Configuration files * Servlet conf file * Servlet property file " Secret key file Figure 5.1 Apache Jserv configuration structure Figure 5.1 shows Apache Jserv configuration structure. From the figure, we know Apache Jserver's configuration. 48 A lot of Apache severs are preinstalled with Linux or Unix OS. But a lot of them don't support Jserve, the module for supporting servlets on Apache web server. 5.2 Steps to transfer to Apache server (including Apache server's configuration which supports Java Servlet) There are two ways to configure Apache Server to support a Java servlet. One method is confirgure Jserv as dynamic module, called DSOs (Dynamic Shared Objects). You can load Java Servlet support module in Linx/Unix at runtime which is rather like win32 allow us to load DLLs. Another way is configure it as static module. Before building Apache Jserv, there are some preparation are necessary: (1) Compilers including ANSI C compiler and Java Compiler, (2) Java Runtime Environment (3) JSDK 2.0 is required by Apache Jserv for proper servlet execution. 5.2.1 Introduction to statically build Apache Jserv module for Apache (1) First in Apache home directory ./configure \ Note: this is your Apache server directory\ --prefix=/usr/apache/apache_1.3.9 (2) Then run 'make install'in the same directory (3) Then on Apache Jserv home directory ./configure \ --prefix=/usr/apache/ApacheJServ-1.1\ \ --with-apache-src=/usr/apache/apache_1.3.9 Note: this is your Apache server directory --with-jdk-home=/usr/apache/javal.2/jdk]]7_v3\ Note: this is your jdk directory --with-JSDK=/usr/apache/javaservlet/jsdk2.0/lib/jsdk.jar\ --disable-debugging (4) Run 'make; make install'tomake a .jar file, compile the C code and copy the appropriate files to the appropriate locations. (5) Then cd /usr/apache/apache_1.3.9and run 'make; make install'. (6) Put this line somewhere in Apache's httpd.conf file: Include /usr/apache/ApacheJServ-1.1/conf/jserv.conf 49 Note: /usr/apache/ApacheJServ-1.1 is your directory where your Apache Jserv is located. (6) Go to your Apache home directory, then cd /conf " Make sure that the log files can be written to by the user your httpd is running as (ie: nobody). If there are errors in your configuration, they will be logged there. " Start Apache and Apache Jserv cd /yourjapache/bin/, then ./apachectlstart or use ./httpd (7) Then start Apache and try visiting the URL: where stage is your server computer name. http: //stage: SERVER PORT/servlets /Hello If that works then you have successfully setup Apache JServ. If that does not work then you should read the troubleshooting notes in http://www.apache.org 5.2.2 Introductions to build Apache Jserv as a Dynamic Shared Object (1) In Apache directory: ./configure \ --prefix=/usr/apache/apache_1.3.9\ --enable-rule=SHAREDCORE\ --enable-module=so (2) Then run: make install (3)Go to Apache Jserver ./configure \ --prefix=/usr/apache/ApacheJServ-1.1\ --with-apxs=/usr/apache/apache_1.3.9/bin/apxs\ --with-jdk-home=/usr/apache/javal.2/jdklI7_v3\ --with-JSDK=/usr/apache/javaservlet/jsdk2.0lib\ --disable-debugging (4) Run 'make; make install'to make a .jar file, compile the C code and copy the appropriate files to the appropriate locations. 50 (5) Put this line somewhere in Apache's httpd.conf file: Include /usr/apache/ApacheJServ-1.1/conf/jserv.conf LoadModule jservmodule libxec/modjserv.so (6) Go to your Apache home directory, then cd /conf * Make sure that the log files can be written to by the user your httpd is running as (ie: nobody). If there are errors in your configuration, they will be logged there. * Start Apache and Apache Jserv cd /yourjapache/bin/,then ./apachectlstart or use ./httpd (7) Then start Apache and try visiting the URL: http: //stage: SERVER PORT/servlets/Hello where 'stage' is your server computer name. If that works then you have successfully setup Apache JServ. If that does not work then you should read the troubleshooting notes in http://www.apache.org The above gives quick steps for Apache server's building up with Jserv support. But for our particular MEMS remote analysis system we need take some more steps to change configuration to fit our particular requirements. 5.2.3 Configuration for Apache server and Jserv This includes four files (1) httpd.conf file The file is located in the home directory of Apache server's conf directory. " Set ServerRoot with ServerRoot "/usr/apache/apche_1.3.9" "/usr/apache/apche_1.3.9"is the home directory of your Apache server " Set Port with Port 8080 8080 is the default port that our MEMS remote analysis system uses " Add a line like Include /usr/apache/apache 1.3.9/servlets/jserv.conf The configure file for Jserv is called here by httpd.conf " Check if User nobody Group nobody is set * Set DocumentRoot wiht DocumentRoot "/usr/apache/apache_1.3.9/publichtml" 51 So in the future, all the URL request will be search relative to this directory. Such as http://stage.mit.edu:8080/UI/ means start a default html file(usually set as 'index.html') from the server, stage's lusr/apache/apache_1.3.9/public-htm/UI/directory. (2) jserv.conf file This is a file configuing Jserv. The file is located in /usr/apache/apache_1.3.9/servlets corresponding to the location where httpd.conf calls it. We needn't edit all the file line by line. Just copy it from Jserv's examples directory, and make modification as below: * Tell Apache on Linux to load the Apache JServ communication module (For shared object builds only) so LoadModule jservmodule lusrlapache/apache_1.3.9/libexec/modjserv. " Set properties filename for Apache JServ in Automatic Mode. In manual mode this directive is ignored. Syntax: ApJServProperties [filename] ApJServPropertieslusrlapache/apache_1.3.9/servlets/jserv.properties * Set Log file for Jserv This log file is different than the log file that is in the jserv.properties file. This is the log file for the C portion of Apache JServ. On Unix, this file must have write permissions by the owner of the JVM process. In other words, if you are running Apache JServ in manual mode and Apache is running as user nobody, then the file must have its permissions set so that that user can write to it. log ApJServLogFile lusrlapache/apache_1.3.9/logs/mod-jserv. * Set Mount point for servlet zones Syntax: ApJServMount [name] Userv-url] Note: [name] is the name of the Apache URI path to mount jserv-url on Userv-url] is something like "protocol://host:port/zone" ApJServMount /servlets /servlets ApJServMount /servlet /servlets This means if user requests "http://host/servlets/TestServlet" or "http://host/servlet/TestServlet"the servlet "TestServlet" in zone "servlets" on default host through default protocol on defaul port will be requested. 52 (3) jserv.properties file As shown in (2). This is a properties file for Apache JServ in Automatic Mode. This file gives Java Virtual Machine Interpreters. As what we don in jserv.con file, we needn't edit all the file line by line. Just copy it from Jserv's examples directory, and make modification as below: * set Zones=servlets Set the zones Jserv managers. We only need one servlet zone for our MEMS remote analysis system. " Set Configuration file for each servlet zone 3.9/servlets/example.properties servlets.properties=/usr/apache/apache_1. We only have one servlet zone, called servlets, so only one corresponding configuration file for it. (4) example.properties file As show in (3), this is a configuration file for our servlet zone. 0 set the list of servlet repositories controlled by this servlet zone 1. 1/example repositories=/usr/apache/apache_1.3.9/servlets,/usr/apache/ApacheJServ- This means all request for servlets in the zone 'servlets' will be search from these directories. 5.2.4 Modify some source code of client/server components for MEMS remote analysis system. All files which set URLs of the MEMS server, setting file will be modified to URL of real host computer name, address and port number. 2 files in for the client components, 1 file for the server components are related. Client side: (1) InterfaceThread.java URL messageUrl = new URL("http", "stage.mit.edu",8080, "/servlet/memserver"); URL settingsUrl = new URL("http", "stage.mit.edu", "/public html/UI/Settings/configFile.txt"); (2) InterfaceApplet.java URL messageUrl = new URL("http", "stage.mit.edu",8080, "Iservlet/MessageServlet"); URL settings Url = new URL("http ", "stage.mit.edu ", "/public html/UI/Settings/configFile.txt"); 53 Globals.imPicture=getImage(newURL("http ", "stage.mit.edu ",8080, "/public html/UI/Settings/defaultImage.jpg")); Server side: BuildOptions.java public staticfinal String serverName = new String("stage.mit. edu"); public staticfinal int serverPort = 8080; public staticfinal String servletURL = new String("servlet/MessageServlet") 5.2.5 Configure MEMS remote analysis system's client/server components * Configure the client components Copy all the client componets (Erik's stuff which includes all the stuff /usr/apache/apache_1.3.9/public-html/UI. in UI directory) to /usr/apache/apache_1.3.9 is the home directory of Apache server. 9 Configure the server components Copy all the server componets (Jared's stuff which includes all the stuff in edu directory) to /usr/apache/apache_1.3.9/servlets/edu. /usr/apache/apache_1.3.9 is the home directory of Apache server. 0 Configure servlet's message handle program Copy MessageServlet.class to /usr/apache/apache_1.3.9/servlets. /usr/apache/apache_1.3.9 is the home directory of Apache server. 5.3 Secure Model fulfilled for our MEMS remote analysis and test system The Secure Model is given in Chapter 4, now let's see how will we realize most of it in our apache server. 5.3.1 IP filtering IP filtering is a technology of filtering incoming requests based on IP address of the client. It is a very simple and effective way to reduce the risk of external attack. To enable connections from a particular IP address it is necessary to specify it in the allowed list in the main Apache JServ 54 configuration file. Because IP filtering doesn't affect the wide audience of the web server and only the web server should be allowed to connect to servlet engine. In jserv.properties file, add the following line Security allowedAddress=18.62.*.* This means only IP address whose first two fields are 18 and 62(this is MIT's IP) are allowed to make requests to servlets. Any connection coming on the port Apache JServ is listening to from an IP address not contained in the list, is automatically ignored. 5.3.2 Connection authentication If we want to increase the security for our C/S enyironment , we may want to prevent some untrusted users generating requests from the allowed IP address. Connection authentication can be used to reduce the chance of external attack. In Apache, use a secret key, a binary file which both web server and servlet engine have a copy. This file can have any format, any length. We can even use a picture of President Clinton as a secret key. Monkey-typing around 100 bytes is safe enough. Because security of the system is strictly related to that secret key File. Anybody that can get/guess it will be able to attack the server from a correct IP. So keeping the file not readable and not writable from any untrusted user is necessary. So steps for the Connection authentication (1) create a secret key file. Without lose generality, called /etc/jserv/jserv.secret.key The content can be anything. Length >100bytes Copy it to your apache web server's conf directory(the directory has httpd.conf). Copy it to your apache servlet engine's conf directory. (2) To enable the authentication on the servlet engine side, add two lines in "jserv.properties" file Security.authentication=false Security.secretKey= /etc/jserv/jserv.secret.key 55 Enable authenication on every webserver that connects to that servlet engine by adding this line to httpd.conf file ApJServSecretKey =/etc/jserv/jserv.secret.key Make sure both web server and servlet engine have permissions to read them. 5.3.3 Internal security In 5.3.1 5.3.2, we give some methods for external security, which restrict untrusted servlet execution. Internal security deals with securing system from dangerous servlet behavior. If servlets are provided by third parties, and thus not programmed by yourself, we have to consider the internal security. The soloution is to let the different servlet engine run with different UID/GID. This allows complete separation of the servlets served by the different servlet engine instances. 56 Chapter 6 Conclusion and Discussion 6.1 Conclusion The system is extendable, secure, platform independent. We can use it to send our cherished design and test data confidentially. Although we win some and lose some here when we use an authentication mechanism, it adds some extra communicate flow to the network. As long as we trade off reasonably. We can get good performance. On the other hand we can authenticate client or server only at the begin of the section after a section is established, during the section, we can use digest authentication method, only send prearranged some dynamic identification. Usually complete system security includes 3 kinds: what you know, what you have, what your are. If necessary, we can add fingerprint or other methods as authentication method. Because we consider a lot of methods to enhance our system's performance, the system has a reasonable performance in processing users' requests of controlling hardware or obtaining data. 6.2 Future work 1) Multi clients, multi Server Authentication 2) use Java to realize interoperability based on CORBA standard 3) Workflow model for cooperation Redefine and organize work process in the system and provide cooperation service in the server, so that at correct time correct applications get correct data (code, Java applet) in time. 4) Move to a more comforatable environment---Virtual design and test and analysis environment. Especially, I want to point out here the workflow technology. 0 Work flow technology More and more companies are beginning to take full advantage of the enormous benefits associated with the term WORKFLOW. However, resistance to systems that share information and that 57 require management of processes crossing department or group boundaries remains strong. Although there are some commercial workflow software exist, most of them are used to support: Business Mission, Leadership in the Market, Consulting Services, etc. Such as ARI/NCCS of ARI company, WAPITI from Workflow Applications Ltd. There are two typical Interoperability methods: 1) DCE(Distributed Computing Environment)-Based Interoperability It is suggested by DEC, HP, IBM 2) Gate-Based Interoperability It is suggested by Sun * What the system would be alike? A trusted client connects to the MEMS server down loads client applet, and gets images and platform's states. Then the client configures the workflow components (including filling the events and action table) included in the download program and define some different kind of Web link that assign to different level of users(include IP , user ID information). The Web link can make the client to be a server that provides some special service and special information for particular users. Clients interactive with each others and with the MEMS server. To provide a peer-to-peer infrasture to seamless integrated applications distributed in different sites , so that at correct time correct applications get permitted data (code, Java applet). 0 Workflow model's components: 1) Workflow engine which start up some tasks(such as automatic routine tasks, such as "at 19:00pm, start myprogram" or according to events of that two data base server are startup and transactions can be finished now, then workflow engine finish the task) 2) Event and action table, event can be "if MEMSworkstationON or MEMS-backupstationON and StationatstanfordON" Event can be written with basic events and combine them with '&',' ',' !' Action can be some particular applications provided by user own. Or some common application provided by our Workflow software. 58 Note, "at ***time to do" something can be fulfilled by time event. So event includes information of availability of database, server, system data, system state, time, etc 3) Workflow monitor Let user check the current states of actions has finished and not finished. User can use the tool to stop a work flow too. 4) Tool for send message between clients To design a workflow model needs to analysis and redesign of work processes and strategies. Such as a Cooperation for a client A need analysis result from client B and Client C. In ordinary method, when B,C tasks finsih, then notify A with email. Or just a phone call. In workflow model, it can immediate notify A, and even launch an interface for A to process and watch the results. 59 5. References [1] D.M. Freeman and C.Q. Davis, "Using Video Microscopy to Characterize Micromechanics of Biological and Man-Made Micromechanics (invited)," Technical Digest of the Solid-State Sensor and Actuator Workshop, Hilton Head Island, June 1996, pp 16 1 - 16 7 . [2] <http://umech.mit.edu/freeman/talks/sssaw96/talk.html>, "Using Video Microscopy to Characterize Micromechanics of Biological and Man-Made Micromechanics (invited)" by Dennis Freeman and C. Quentin Davis, June 1996. [3] Z.Z. Karu, "Fast Subpixel Registration of 3-D Images," MIT, September 1997. [4] C.Q. Davis, "Measuring Nanometer, Three-Dimensional Motions with Light Microscopy," MIT, May 1997. [5] <http://umech.mit.edu/info/eck.html>, "Instructions on Using Flick," 1997. [6] James Kao, D.E. Troxel, and Somsak Kittipiyakul, "Internet Remote Microscope," CAPAM Memo No. 96-12. [7] Somsak Kittipiyakul, "Automated Remote Microscope for Inspection of Integrated Circuits," CAPAM Memo No. 96-9. [8] Manuel Perez, "Java Remote Microscope for Collaborative Inspection of Integrated Circuits," MIT, May 1997. [9] <http://nirvana.mit.edu/emsim/index.html>, "MIT EmSIm Electromigration Simulator" by Matthew Verminski, 1997. [10] R.L. Rodriguez and Carlos Labrada, "Strobe Pulse Generator for MEMS Workstation," UROP Project Supervised by D.E. Troxel, 1997. [11] J.D. Cottrell and E.J. Pedersen, "Proposed MEMStation Messages," CAPAM Memo, January 14, 1997. [12] J.C. Carney, "Message Passing Tools for Software Integration," MIT, June 1995. [13]J.D.Cottrel, "Server Arhcitecture for MEMS Characterization ," Master of Engineering Thesis, September 1998. [14]E.J. Pederson,, "User Interface for MEMS system 1999. 60 ," Master of Engineering Thesis, September Appendix A: Some terms for the project What are cookies? A "cookie" is a small piece of information sent by a web server to store on a web browser so it can later be read back from that browser. This is useful for having the browser remember some specific information. HTML a markup language that is a subset of SGML and is used to create hypertext and hypermedia documents on the World Wide Web incorporating text, graphics, sound, video, and hyperlinks Client A software program that is used to contact and obtain data from a Server software program on another computer Server A computer, or a software package, that provides a specific kind of service to client software running on other computers. Applet A small Java program that can be embedded in an HTML page. HTTP (HyperText Transfer Protocol) -- The protocol for moving hypertext files across the Internet. URL (Uniform Resource Locator) -- The standard way to give the address of any resource on the Internet 61 Appendix B: Some source code 1. C code for control Pifoc // // Pifoc control, // // by Xudong Tang Dept of EECS, MIT //****** **************************************************** #include <stdio.h> #include <conio.h> #include <dos.h> #include <ctype.h> #include <stdlib.h> #define TABLESIZE 42 #define byte char typedef struct { /for kbhit and getch /for getvect /for toupper /for atof /port name such as "COMI" char *port; unsigned int portid;//port base address such as 0x3f8 Ilirq can only be 0-15 int irq; /scratch register byte scr; /low divisor byte byte divl; byte divisor /high byte divh; //interupt enable byte byte ier; /line control register byte lcr; /modem control register byte mcr; //interupt service routine void interrupt (*intsrv)(__CPPARGS); char *buffbase;//base buffer address unsigned int bufsize;//length of buffer in bytes unsigned long inptr;//ptr for writing incoming data unsigned long outptr;/read buffer data from here }UART; typedef struct commandmappingjtable { char command[20]; char realcontrolcode[80]; }; struct command-mapping-table CommTable[]={ 62 {"set-rem","SYST:DEV:CONT:REM" }, {"set-loc","SYST:DEV:CONT:LOC" }, "cont?","SYST:DEV:CONT?" }, {"pzt?", "SYST:PZT?"}, {"dev?", "SYST:DEV?"}, {"err?", "SYST:ERR?" }, {"serv?","SYST:DEV:SERV?" }, {1"sys-volt?" ,"SYST:DEV:SERV:VOLT?" }, {"vers?","SYST:VERS?" 1 { "temp?","SYST:DEV:TEMP?"}, {"volt", "SOUR:VOLT "}, { "volt?", "SOUR:VOLT?" }, { "voltrel","SOUR:VOLT:REL "}, {i"volt_rel_up","SOUR:VOLT:REL UP"}, {"volt-reldown","SOUR:VOLT:REL DOWN"}, {"voltstep", "SOUR:VOLT:STEP "}, {"pos", "SOUR:POS "}, {"pos?", "SOUR:POS?"}, {"pos_rel","SOUR:POS:REL "}, {"pos-rel-up","SOUR:POS:REL UP" }, {"pos_reldown","SOUR:POS:REL DOWN"}, {"pos-step-def", "SOUR:POS:STEP DEF" 1, {i"pos-step", "SOUR:POS:STEP "}, {i"volt_lim_high" "SOUR: VOLT:LIM:HIGH "}, { "volt lrm_low" "SOUR:VOLT:LIM:LOW "}, { "voltlimon","SOUR:VOLT:LIM:STATE ON" 1, { "volt lim_off" "SOUR:VOLT:LIM:STATE OFF"} { "posjlim-high" ,"SOUR:POS :LIM:HIGH "}, { "pos_lim_low","SOUR:POS:LIM:LOW "}, { "poslim_on" "SOUR:POS:LIM:STATE ON" }, {i"pos_lim_off", "SOUR:POS :LIM:STATE OFF"}, {"_dc", "SOUR:FUNC DC"} , {"_sin","SOUR:FUNC SIN" }, {"_squ","SOUR:FUNC SQU"}, { "_tri","SOUR:FUNC TRI"}, {"freq" "SOUR:FREQ "}, { "puls","SOUR:PULS "}, {"volthigh","SOUR:VOLT:HIGH "}, {"volt-high-def" ,"SOUR:VOLT:HIGH DEF"}, "voltlow","SOUR:VOLT:LOW "}, {"volt-low def" ,"SOUR:VOLT:LOW DEF"}, 63 {"pos-high","SOUR:POS:HIGH "} {"pos_low","SOUR:POS:LOW "}, FILE *stream; int LockupTable(struct commandmapping-table *CmdTable, char string[]) { int ihitcount=Ohit_history[10]; for(i=O;i<TABLESIZE-1;i++) { if(_stmicmp(CmdTable[i].command, string,strlen(string))==O) { hit-history[hit-count] =i; hitcount++; if(_stmicmp(CmdTable[i].command, string,strlen(CmdTable[i].command))==O) { hitcount=l; break; } } } if(hitcount>l) { printf("too many duplicate commands with command %s, such as:\n" ,string); for(i=O;i<hitcount;i++) printf(" %s\n",CmdTable [hi thistory[i]].command); } else if (hit count==l) return(hithistory[0]); return(-1); I double setBaudRate(UART *u, double baud) { / if you have a high speed UART, clk will need / to be changed in the header file unsigned short divisor; 64 /we can't set the baudrate this high so leave it alone if(baud > (UARTCLK/16)) { return ( getBaudRate(&*u)); } /we allow 600 for a minimum baudrate I/ //this should be fixed later if(baud < 600) { return (getBaudRate(&*u)); } /the clock is always divided by 16 in the uart // changed from ... (to avoid a warning in Visual C++) /divisor = UARTCLK/(baud* 16); //KRW 12Aug98 divisor = (unsigned short) (UARTCLK/(baud* 16)); (*u).divh = divisor&OxFF0O; /only the high byte (*u).divl = divisor&OxO0FF; /only the low byte /disable interupts while updating asm cli /set the DLAB bit, then update the divisor bytes OUTPORT((*u).portid+LCR, 0x80lINPORT((*u).portid+LCR)); OUTPORT((*u).portid+DIVH,(*u).divh); OUTPORT((*u).portid+DIVL,(*u).divl); /now clear the DLAB bit OUTPORT((*u).portid+LCR, Ox7f&INPORT((*u).portid+LCR)); Ilreinable interupts asm sti return ( getBaudRate(&*u)); } II I/this will change if the clock is not 1.8432 MHz 65 // we assume that the baudrate has already been updated / the only way its not is if the functions in this // file have been bypassed. return (UARTCLK/(16*(((*u).divh*Ox100)+(*u).divl) )); I void main(int arge, char *argv[]) { char c, tmpptr[20],s[100]; /char port2[] = "COMI"; int cmdflag=0; int ij; // portsAvaliable = 0; /default settings double baud = 9600; char ctl[] = "8N1"; char port[IO] = "COMI"; if(2 > argc) { printf("serial control\n"); printf("ctl is <COM>+<BAUD>+CONTROLCOMMAND\n\n"); exit(EXITFAILURE); } else { cmdjflag=1; if(0 == strnicmp(argv[1],"COM",3)) { strcpy(port,argv[1]); sprintf(tmpptr, " +%s", argv[2]); baud = atof(tmpptr); cmd-flag=3; } if( (stream = fopen( port, "r" )) == NULL) printf( "Failled to initialize %s port not opened\n",argv[2]); I// // // 66 // // // // // // SetBaud(port,baud); i=LockupTable(CommTable,argv[cmd-flag]); if(0 > i) printf("%s : invalid command\n",argv[cmdjflag]); else { printf("command=%s\n",CommTable[i].real_control code); fwrite(CommTable[i].realcontrolcode,sizeof(char),strlen(CommTable[i].realcontrol-code),strea m); printf("argv[cmd-flag]=%s\n",argv[cmd flag]); getcho; if(argv[cmd-flag][strlen(argv[cmd-flag])-1]=='?') { j=0; for(i=0;i<2000;i++) { j = fread(&sU],sizeof(char),100, stream); printf("j=%d\n",j); } printf("%s\n",s); } else { cmd-flag++; for(i=cmdflag;i<argc;i++) fwrite(argv[i] ,sizeof(char),strlen(argv[i]),stream); } } fclose( stream) ; } } 67 2. Instruction Set for Z-axis Control By Xudong Tang 1) Command Format SEND COMPORT BAUDRATE COMMAND <value> SEND is a program for serial port communication COMPORT is COM1-COM4 BAUDRATE is 300,600,9600,19200,38400 bits/second COMMAND is one command of below 2) Command Set Some of the most important commands for the E-662 operation are: A. System Commands set _rem~loc SYST:DEV:CONT {LOCIREM} SYST:DEV:CONT? cont ? SYST:PZT? pzt ? SYST:DEV? dev ? SYST:ERR? err ? SYST:DEV:SERV? serv ? sys-volt ? SYST:DEV:SERV: VOLT? SYST:VERS? vers ? SYST:DEV:TEMP? temp ? B. Setting Voltages SOUR:VOLT <values> volt <value> SOUR:VOLT? volt ? SOUR:VOLT:REL {<value> UPIDOWN} voltrel <value> voltstep <value>I<DEF> SOUR:VOLT:STEP {<value>IDEF} C. Setting Positions pos <value> SOUR:POS <value> pos ? SOUR:POS? posjrel <value>1UPIDOWN pos-step <value>IDEF SOUR:POS:REL {<value>IUPIDOWN} SOUR:POS:STEP {<value>jDEF} D. Setting Limits voltlim-high <value> voltlimlow <value> voltlim-onloff posjlim-high <value> posjlim low <value> pos-lim-onloff SOUR:VOLT:LIM:HIGH <value> SOUR:VOLT:LIM:LOW <value> SOUR:VOLT:LIM: STATE {ONJOFF} SOUR:POS:LIM:HIGH <value> SOUR:POS:LIM:LOW <value> SOUR:POS:LIM:STATE {ONJOFF} 68 E.Dynamic Operation (Function Generator) SOUR:FUNC {{DCISINISQUITRI} funcdcjsinjsqujtri SOUR:FREQ <value> freq <value> SOUR:PULS <value> puls <value> SOUR:VOLT:HIGH {<value>IDEF} volthigh <valueIDEF> SOUR:VOLT:LOW <value>IDEF} voltlow <valueIDEF> SOUR:POS:HIGH <value> pos-high <value> SOUR:POS:LOW <value> pos-low <value> One typical example is: SEND COMI 9600 setrem // set control mode to remote control mode // set z-axis position to 60 um SEND COMI 9600 pos 60 // get current position of z axis SEND COMI 9600 pos ? 69 3. Matlab program for analysis auto focus algorithms /* show image.bmp image+100.bmp image+500.bmp image+1000.bmp in two graph*/ image-100.bmp image-500.bmp image-1000.bmp figure(1); hO=imread('image.bmp'); subplot(2,2,1); imshow(hO); xlabel('image.bmp 640X480'); //figure(2); hl=imread('image+100.bmp'); subplot(2,2,2); imshow(hl); xlabel('image+100.bmp 640X480'); h2=imread('image+500.bmp'); subplot(2,2,3); imshow(h2); xlabel('image+500.bmp 640X480'); h3=imread('image+1000.bmp'); subplot(2,2,4); imshow(h3); xlabel('image+1000.bmp 640X480'); figure(2); hO=imread('image.bmp'); subplot(2,2,1); imshow(hO); xlabel('image.bmp 640X480'); h4=imread('image-100.bmp'); subplot(2,2,2); imshow(h4); xlabel('image-100.bmp 640X480'); h5=imread('image-500.bmp'); subplot(2,2,3); imshow(h5); xlabel('image-500.bmp 640X480') h6=imread('image-1000.bmp'); subplot(2,2,4); imshow(h6); xlabel('image-1000.bmp 640X480'); /*----------------Projection----------------------------------------- subplot(2,1,1); hOx=ones(1,640)*256*480-sum(hO,l); 70 plot(hOx); xlabel('Project of subplot (2, 1, 2); 2-D image on X axis'); hOy=ones(480,1)*256*640-sum(hO,2); plot(hOy); xlabel('Project of 2-D image on Y axis'); figure (5); hO=imread('image.bmp'); subplot(2,2,1); imshow(hO); xlabel('2-D image, size : 640X480') subplot(2,2,2); hOy=sum(hO,2); plot(hOy); xlabel('Projection of 2 -D image on Y axis'); hOx=sum(hO,1); subplot(2,2,3); plot(hOx); xlabel('Projection of 2 -D image on X axis'); /* below maping an ordinary image to image which can be used to envaluate the the position of image in the view field */ figure(4); hO=imread('image.bmp'); n=480; m=640; for i = 1:n, count=O; for j = 1:m, if hO(i,j)>75 A(i,j)=l; count=count+1; if count>15 for k=begin:j A(i,k)=O; end count=O; end else A(i,j) =0; begin=j; end end end subplot(2,2,1); imshow(A); xlabel('image mapped from orignal'); 71 subplot(2,2,3); hO_x=sum(A,1); plot(hOx); xlabel('Project of 2-D image on X axis'); subplot(2,2,2); hOy=sum(A,2); plot(hOy); xlabel('Project of 2-D image on Y axis'); /**caculation high frequency components in differenct images**/ figure (1); hO=imread( image.bmp'); hl=imread( image+100.bmp'); h2=imread( image+500.bmp'); h3=imread( image+1000.bmp'); h4=imread( image-100.bmp'); h5=imread( image-500.bmp'); h6=imread( image-1000.bmp'); Hd = zeros(16,16); Hd(5:12,5:12) = 1; Hd(7:10,7:10) = 0; h = fwindl(Hd,bart lett(16)); freqz2 (h, [32 321 axis([-l 1 -1 1 0 1]); colormap(jet(64)) h=fft2(hO,1024,1024); mesh(abs(h)); figure(3); hdl=[l -3 1; -3 9 -3; 1 -3 1]; 0 1/5 01; %hd=[0 11/5 1/ 0; 1 5 -.1/5 %hdl=[O -1 0; -1 5 -1 ; 0 - 1 0>; h_O=conv2 (hdl,hO); subplot(2,2,1); image(h_0); %imshow(h_0) xlabel('imageO processed by HPF'); h_l=conv2(hdl,hl); subplot(2,2,2); %imshow(h_1); image(h_1); xlabel('image+100 processed by HPF'); h_2=conv2(hdl,h2); subplot(2,2,3); %imshow(h_2); image(h_2) xlabel('image+500 processed by HPF'); h_3=conv2(hdl,h3); 72 subplot(2,2,4); %imshow(h_3) image(h_3); xlabel('image+1000 processed by HPF'); figure(4); subplot(2,2,1); %imshow(hO); image(h_0); xlabel('image processed by HPF'); h_4=conv2(hdl,h4); subplot(2,2,2); image(h_4); xlabel('image-100 processed by HPF'); h_5=conv2(hdl,h5); subplot(2,2,3); %imcshow(h_5) image(h_5); xlabel('image-500 processed by HPF'); h_6=conv2(hdl,h6); subplot(2,2,4); %mshow(h_6) image(h_6); xlabel('image-1000 processed by HPF'); % below show the each picture's evalua ion measurements n=480; m=640; countl=G; Pixel average=mean(mean(h_6)); for i = 1:n, for j = 1:m, if h_6(i,j) < Pixelaverage countl=countl+l; end end end counti % show the impulse response of a HPF, hdl=[l -3 1; -3 9 -3; 1 -3 1]; stem3(hdl); hdl % show the cureve for move z-----pictures sharpness index=[169616 173858 176110 178149 178431 167538 168329] plot(index); xlabel('z position sample index'); ylabel('the sharpness evulation measurements'); 73 4. Configure Apahce for load balance Configuration example : # /tryl and /try2 are servlet mount points that point to the # this apache will balance new requests to seti, ionstances ApJServMount ApJServMount same zone zonel which is a set of JServ /tryl balance://setl/zonel /try2 balance://setl/zonel # /test is a servlet mount point that points balance://setl/zone2 ApJServMount /test to seti in another zone # /servlet is a servlet mount point that points to set2 balance://set2/zonel ApJServMount /servlet #set 1 description ApJServBalance setl P11450-1 ApJServBalance setl P11450-2 #set 2 description (host firstE450 has a weight exemple) ApJServBalance set2 ApJServBalance set2 1 just an Sparc5 1 firstE450 4 #JServ instances description ApJHost P11450-1 ajpvll://192.168.0.5:18500 ApJHost P11450-2 ajpvll://192.168.0.5:18501 ApJHost Sparc5 ajpvll://192.168.0.6:18500 7 85 6 0 ApJHost firstE450 ajpvll://192.168.0. : #session routing params ApJRoute ApJRoute ApJRoute ApJRoute 4, Sparc5 567jkg P11450-1 yup33 P11450-2 sunl Sparc5 9985gg55 firstE450 74 // (same PC, 2 JServs) 5. C program for the camera auto focus control /* Auto focus control program Modified by Xudong On MAY 12, 2000 get data and initialization is from Danny some APIs such as, Usage xdtfocus -roi xl,x2,x3,x4 -picname bug -expsouretime 0.05 Copyright 1998-2000 Massachusetts Institute of Technology This software is distributed under the terms of the GNU General Public * * License. */ #include <stdlib.h> #include <sys/param.h> #include <sys/stat.h> #include <unistd.h> #include <syslog.h> #include "../commands/lib.h" static int width; static int height; static char *pixel; FILE *fp; char ExecuteMe[500]; static void data-getdata(struct setting-node* storagestack, struct setting-node* tsp) { int my-pixel[1100][1100]; unsigned char *pixel array; int al,a2, a3,i,j,my-x,my-y; int pos; long count; int max=0, flag; double pixel-average; int zstep; int kk,measure[2][100]; char cmd[80]; int end; end=75; / **************************************************** end=75 is the pifoc's biggest value. my-y is the width of the picture my-x is the height of the picturer, Currently resoution for the optimize position is 1 micron. If you want to get better one, you can change for (kk=l;kk<end;kk++) with (kk=l;kk<end;kk+=YOURSTEP) 75 ccmgetformat(&width, &height, &pixel); Hello This is Xudong's routine w=%d h=%d\n",width, printf(" height); (debugging) if debug("ccmIget-format=> width %d height %d pixel %s", width, storageinitialize(storagestack, tsp, width, height, pixel); height,pixel); sicmjledon(); // auto focus system("date>>//tmp//xdt"); system("piezo init"); for (kk=l;kk<end;kk++) // // scanf("%d",&pos); printf("pos=%d\n",pos); pos=kk; if(pos>75) pos=75; if (pos <0) pos=O; sprintf(cmd, "piezo goto %d",pos); system(cmd); // set sample window myx=height-3; myy=width-3; zstep = 5; for(;;) { count=0; ccmacquireimage(storagebuffer(), 0,0,0); pixelarray = storage-buffer(); /*************below is get the average brightness of an image pixel-average=0; for(i=0;i<myx;i++) { for(j=0;j<my-y;j++) { al = (i+l) * width + j; a2 = al + width; a3= my-pixel[i][j] a2 + width; + pixelarray[al+l] ]-3*pixel-array[all = pixel-array[al-1 3*pixel array[a2-11+9*pixel-array[a2] -3*pixelarray[a2+1] + pixel-array[a3+11; pixelarray[a3-1]-3*pixel_array[a3] if(my-pixel[i] [j]<0) my-pixel [i] [ j ]=0; else if(mypixel[i][j]>256) 76 + mypixel [i] [ j)=256; pixel_average } += mypixel[i] [j; } pixel-average printf pixel average/ (myx*my-y); ("average-pixel=%8.2f\n",pixel average); // but use estimated brightness is efficent // if it is a small image, threshold is 50 // otherwise it is 85 pixelaverage=85; if(height>500) else pixel-average=50; // convolution pixelarray = storagebuffer(; // for(i=0;i<myx;i++) { for(j=0;j<myy;j++) { = (0 + i - 1) * width+j; a2 = al + width; a2 + width; a3= [2]=j {1 -3 1}; { -3 filter[2] al // use mypixel[i][j] 9 -3}; {1 -3 l}}; to precess the image = pixel array[al-1]-3*pixel-array[al] + pixel array[al+1] 3*pixel-array[a2-1]+9*pixelarray[a2] -3*pixel-array[a2+1] pixel-array[a3-1]-3*pixel-array[a3] + pixel_array[a3+1]; if (my-pixel[i][j] < pixel-average) count++; + } //////////////////printf("evaluation sharpness measurement=%d\n",count); break; // if you olny want to run the algorithm one time. We here. measure[0][kk]=kk; measure[1][kk]=count; storagebufferrelease(storage-buffer(); fflush(stdout); do{ max=0; for(kk=l;kk<end;kk++) { Z Position: %d, Sharpness: printf(" measure[0][kk],measure[1][kk]); if(measure[1][kk]>=max) { max=measure[l][kk]; 77 %d\n", stop loop flag=kk; } } /* below we want to get rid of some fake optimized points which show up by big noise */ if(flag==1) i=2; else i=flag; if (abs(measure[l][i]-measure[l][i-1])>2200) { (flag!=1) measure[l][flag]=measure[l][flag-1; measure[l][flag]=measure[l1][flag+l1; else result otherwise best adjusted!! printf(" // if is pos:%d sharpness:%d",flag,max); continue; } / *****************************************************************************/ break; while(l); printf(" Z OPTIMAL Position: %d, Sharpness: %d\n",flag,max); sprintf(cmd, "piezo goto %d",flag); system(cmd); // now really move to focus position fp=fopen("//tmp//autofocus.out","w+") if(fp!=O) fprintf(fp,"%d",flag); fclose(fp); } static void shutdown() { if (ccm cleanup) ccmcleanup(; // The ccmcleanup program returns the pifoc to local mode. This is not // good as we then need to reinitialze the pifoc to local mode. if (sicm cleanup) sicmcleanup(; if (storage-cleanup) storage-cleanup(); int init() freerun = 1; loaded sprintf // Added by Danny. This should happen before the camera is (picname, " /usr/apache/apache_1.3.9/publichtml/IMAGES/LiveImage"); 78 getdata = datagetdata; datacleanup = shutdown; loadmodule("storage"); loadmodule("sicm"); loadmodule("ccm" ) ; // getdata(NULL,NULL); // this is called by the main module (jsrgetpic) return 0; / * note above program can be optimized but not necessary for a prototype program, in order to prevent big random noise, we can do smarter in finding a optimal point. Ensure it is not too bigger than its neighbour points ****/ 79

A Complete MEMS Analysis System ... Xudong Tang

Related documents

Products

Support

A Complete MEMS Analysis System ... Xudong Tang

Related documents

Add this document to collection(s)

Add this document to saved

Suggest us how to improve StudyLib