Execution Model of IEC61499 Function Block
advertisement
Execution Model of IEC61499 Function Block
based on Sequential Hypothesis
Valeriy Vyatkin, Victor Dubinin
Disclaimer:
This paper summarizes two talks given by V. Vyatkin at INDIN and ETFA
conferences in 2006. It is intended to be submitted to a journal (somewhere
sometime) but may undergo substantial modifications until then. For the time being,
if you wish refer to it please do it as follows:
V. Vyatkin, V. Dubinin, Execution Model of IEC61499 Function Blocks based on
Sequential Hypothesis, paper draft, private communication
Your critical comments will be very much appreciated!
Abstract
This paper advocates an execution model of IEC 61499 which implies purely
sequential execution of function blocks within a resource. Implementation of this
model apparently is less resource demanding than of other execution models. Most
importantly, an attempt is made to base this execution model on very few rules
derived from the standard’s text.
I.
INTRODUCTION
The function block architecture of the IEC 61499 standard is being discussed in the
automation community for several years. In 2005 it has been finally standardized as
an open component-based architecture for industrial process measurement and
control systems [1]. The IEC 61499 architecture allows complete description of
distributed embedded systems within its framework. The core elements of this
architecture are: function blocks – an encapsulation model, application, device – a
deployment model, and system – a collection of interconnected devices with
applications deployed to them. The standard, however, allows for ambiguous
interpretation of function block execution rules, see [7, 9, 5] for details.
This paper discusses an execution model of function blocks which is based
on the assumption of sequential execution of such blocks within a single
computational container (resource in IEC 61499 terminology). This assumption
is referred to as sequential hypothesis. The idea of sequential execution is not
invented in this paper – it has been discussed earlier, for example, in [4], [5] and
[6] and even was partially implemented in compilers and run-time platforms.
This paper attempts to justify this approach as the most grounded by the letter
and spirit of the IEC 61499. Having said this, we admit that there could be good
reasons in favor of other execution models. Their implementation and use,
however, require explicit definition of the assumptions taken and of the
amendments made to the standard, to avoid any confusion and to enable
portability of function block applications. Such an approach would increase the
credibility of the standard and would simplify understanding of the functional
block concept by application developers.
The paper is structured as follows. In Section II the IEC 61499 architecture is briefly
introduced. In Section III we attempt to show, what an implementation of the
function blocks may include and point out some issues with the semantic rule
definitions in the Standard’s text. In Section IV the success metrics and challenges
for implementation of this architecture are outlined. In Section V we look more
specifically into the issue of event passing, and event-driven activation of a function
block. Section VI discusses the issue of transition evaluation in basic function blocks
using an example. In Section VII the most essential rules of a function block
execution model are presented in form of six postulates. Section VIII discusses first
four postulates influencing the rules of basic function block evaluation. Section IX
shows that the postulates 5 and 6 naturally lead to the sequential hypothesis – an
execution model with purely sequential invocation of function blocks within a
network. Section X proposes an informal implementation idea of this sequential
model. Section XI discusses benefits and shortcomings of the sequential model and
outlines an alternative, ‘parallel’ model of execution. The paper is concluded with
summary outcomes and acknowledgements.
II. MAIN FEATURES OF IEC 61499
The development of the IEC61499 architecture was started around 1995 with a goal
perceived as a narrow means of interconnecting Programmable Logic Controllers
(PLC) and of software applications running in them. However, it has gradually
evolved in a more flexible and elegant concept providing for a function based and
hardware independent design of distributed automation systems. The IEC 61499
architecture provides answers to several questions like:
- How to re-use efficiently the intellectual property developed in automation
projects?
- How to make controllers more intelligent yet predictable and reliable?
The IEC61499 architecture is based on several pillars, the most important of
which is the concept of a function block. The concept is analogous (but not identical)
to the idea of a software component. The distinction becomes clearer now with the
proliferation of hybrid hardware/software co-design technologies. This concept is
high level (i.e. is not relying on a particular programming language, operating
systems, etc.). The same time it is precise enough to capture the desired function
unambiguously.
A. Component with event and data interfaces
The desire was to encapsulate the behavior inside the block defining clear interfaces
between the block and its environment. This intends to improve the re-use potential
of the component.
B. Component with a state machine inside
State machine is a simple visual yet mathematically rigorous way of capturing
behavior. It is widely used in computer applications. In IEC 61499 basic function
block a state machine (called Execution Control Chart, ECC for short) defines the
reaction of the block on input events in a given state. The reaction can consist in
execution of several algorithms computing some values as functions of input and
internal variable, followed by emitting of one or several output events.
C. Model of a distributed system
The function block concept of IEC61499 implies two stage design process
supported by the corresponding artifacts of the architecture: applications and system
configurations. An application is a network of function block instances
interconnected by event and data connections. It completely captures the desired
functionality but does not include any knowledge of the devices and their
interconnections. That is why an application usually does not include function blocks
implementing data transfer over networks, as well as other hardware-dependent
functions, like reading of input signals. Potentially it can be mapped to many
possible configurations of devices. A system configuration adds these fine details,
representing the full picture of devices, connected by networks and with function
blocks allocated to them. Each device (or more precisely, each resource of a device)
is populated by a network of function blocks which is a part of the original
application. Technically, such a network is an application as well (that however
includes service interface function blocks).
D. Shortcomings of the standard
The trial use of IEC61499 has revealed that the standard has no means to define:
−
−
−
Real-time properties of applications, such as desired reaction time;
Real-time properties of resources, their scheduling, polling of data by SIFBs
and communication;
Properties of algorithms (like periodic, one off, etc.)
III. IMPLEMENTATION OF FUNCTION BLOCKS
A vague idea in the beginning of the standard’s development process was to create
an abstraction for a PLC populated with some programs and participating in a
network with other PLCs.
As the concept has been evolving, the idea has been very much influenced by
the pioneering work of Dr. James Christensen who has shown how to execute
function blocks directly in Function Block Development Kit (FBDK) on Function
Block Runtime execution environment (FBRT) [2], that is implemented using Java.
The concept of function block is quite abstract. It assumes that the function
blocks are executed by compliant devices. Implementation of an IEC 61499
compliant device on a particular platform (that is a combination of hardware (CPU
and peripherals), an operating system, and a particular programming language),
requires translation of the function block to this language or its interpretation by
another program that can run on the given platform. Thus, we understand
implementation of function blocks as a mapping of the IEC61499 artefacts to the
constructs of a particular platform as illustrated in Figure 1.
Figure 1. Implementation of a function-block compliant device requires platformspecific translation of function blocks to executable code.
While the ultimate goal of an implementation is to produce correctly working
executable code, doing it for a variety of devices may require a lot of efforts. This
explains the choice of JAVA for the first trial implementation of function blocks.
JAVA possesses certain attributes of platform independence, so it is enough to define
mapping of function blocks to JAVA structures (classes). JAVA provides further
platform independence, as it runs on different operating systems and different
hardware architectures. However, JAVA brings also overheads, such as nondeterminism, slower execution, and excessive memory requirements.
Figure 2. Java-based implementation of function blocks provides for easier
development of compliant devices on account of Java’s platform-independence.
The idea of direct execution of function blocks implies that specification of
their execution semantic can be done without references to the underlying
platforms.
Unfortunately, in the previous publications on this topic, e.g. [2, 4] the execution
semantics of the function block formalism has been often confused with particular
properties of platform dependent implementations, mainly FBDK and JAVA. To the
best of the authors knowledge, the first attempt to propose a pure function block
semantic definition was done in [8, 9] followed by an application example in [10].
These works, though incomplete, prove that the standard provides definitions that are
sufficiently deep to talk about direct execution of function block applications and,
therefore, about execution semantics of this formalism.
The idea of independent semantic definition leads to the introduction of an
intermediate level of abstraction between the function blocks syntax and details of a
particular platform, as illustrated in Figure 3. By defining a platform independent
semantic model of function blocks much richer variety of device platforms can be
targeted, also those which do not support JAVA or where using JAVA is not practical.
Figure 3. Reaching platform independence by defining an intermediate semantic
layer.
However, many authors have pointed out, that the picture of execution model
provided by the standard is incomplete and, sometimes, self contradictory.
Nevertheless, the standard is a serious normative document and it shall be
carefully analysed in order to derive correct execution model according with
standard’s letter and spirit. Our experience shows that semantic definitions in IEC
61499 can be related to one of the following classes:
A. Well defined semantic properties of function blocks;
B. Elements of the semantic that are present in the standard explicitly, but
scattered around the text;
C. Semantic-relevant definitions that are present either implicitly or
completely left ‘implementation-dependent’. In some cases conclusions can
be made by analogy.
What is the way to define such an execution model then? A feasible approach
would be:
•
•
•
Implement cases A in a more formal way than it is done in the standard;
Collect and collate cases (B);
Suggest interpretation of the issues (C) not contradicting with the cases (A)
and (B);
As a result, a complete execution model of IEC61499 can be developed. The
model can be described formally or even semi-formally. An attempt to formal
description, although yet incomplete, has been shown in [9].
Due to the ambiguity and incompleteness of the standard, an explicit execution
semantic of function blocks is important for many reasons. In fact any
implementation implies an implicit development of a semantic. Explicitly defined
complete and consistent execution model would enormously contribute to the
credibility of the standard, and improve such performance metrics, such as
portability of function block applications and determinism of their execution.
In subsequent Sections we provide examples of dealing with cases of all three
classes. This way we prepare the reader to applying similar kind of reasoning when
discussing the Sequential Hypothesis.
IV. CHALLENGES
Industrial automation systems specified and implemented using the directly
executable function blocks of IEC61499 need to exhibit the following properties:
A. Determinism
A deterministic Function Block application gives same outputs for same inputs
in the same state at every run. If determinism is guaranteed for any application, does
it hold for any system? Apparently this is not necessarily, as the underlying
communication mechanism can, for example, toggle the order of messages, and
cause different outputs as a result.
B. Reactivity
The classic definition of reactivity [3] can be applied to Function Block
Applications as follows: an application eventually emits some output (reaction) after
an input stimuli. This, however, requires explicit definition of the correspondence
between inputs and outputs, which is not always obvious.
A stricter requirement is to give the reaction within certain time interval. A
Function Block Application gives output for an input stimuli within some time
interval.
Suppose we can determine explicit correspondence between input and output
events. In this case an application is said to preserve event sequence if reaction on
the first event occurs before reaction on the second.
C. Portability
A Function Block Application is portable if it gives same outputs for same
inputs being executed on any compliant run-time platform and device. Portability is
one of targeted key features of IEC 61499.
Achieving these properties is the main challenge for
implementing standard’s compliant devices, compilers and tools.
engineers
V. WHERE EVENTS COME FROM AND WHAT HAPPENS WHEN AN EVENT ARISES?
Implementation of the concept of event (and of event connection between blocks) is
the most confusing in the standard.
Function blocks have event and data inputs and outputs that constitute their interface.
Events are emitted by function blocks and are passed from an event output of one
block to event input of another by means of event connections. This is illustrated in a
simple example in Figure 4,a .
a)
b)
Figure 4: a) An example of two function blocks connected by event and data
connections; b) Illustration of a single run of FBT2.
What happens when an event ‘arrives’ at its destination? Some code gets executed
until an exit point is reached as illustrated in Figure 4, b. This activity will be
referred to as a single run of a function block. Which exactly code will be executed
during the single run is determined by the block’s ECC. According to the standard a
run ends when there no more transitions to clear in the ECC.
Implementation of the event passing mechanism raises a number of questions, for
example:
- How not to loose an event and what if event is lost?
- What is the minimum time interval between events?
- If a block issues two events simultaneously – which one ‘arrives’ to the
destination first?
- What if an event arrives when the destination function block is busy?
What literally happens in the example above is described in the Standard (Section
“Composite function blocks/Behavior of instances”) as follows:
“…occurrence of an event at the event output of the first block shall cause the
scheduling of an invocation of the execution control function of the second block,
with an occurrence of an event at the associated event input of the second block.”
From this rule one can conclude that the event receiver FB_Receiver will be
executed sometime after the event has been emitted by FB_Emitter (the word
‘scheduled’ suggests that it not necessarily should happen immediately). The
standard does not set any restrictions on the time when it should happen. The
execution of the FB_Receiver will be done by invocation of its Execution Control
Chart.
The behaviour of a basic function block upon occurrence of an input event is
described by the famous Table 1 in 5.2.2 whose (partial) copy is presented below in
Figure 5.
State
s0
s1
s0
t2
t1
s1
t4
s2
t3
s2
Transition
t1
t2
t3
t4
Condition
Invoke ECC
No transition clears
A transition clears
Actions completed
Operations
--Evaluate
transitions
Perform actions
Operations
Sample inputs
Figure 5. Table 1 from [1], 5.2.2, defining the ECC operation state machine.
VI. EXAMPLE-I: ORDER OF TRANSITIONS EVALUATION IN BASIC FUNCTION BLOCKS
The problem discussed in this Section is important for implementation of basic
function blocks as it concerns the rules of ECC evaluation.
Let us consider a basic function block in Figure 6 reacting on event EI1 when both
Boolean inputs COND1 and COND2 have values true. The current state of the ECC
is STATE1. The question is: which out of two transitions STATE1 → STATE2 or
STATE1 → STATE3 to clear in this situation?
Figure 6. Basic function block.
Let us see, what the standard says about this case. First of all, the famous Table 1 in
Section 5.2.2 “Basic Function blocks/ Behaviour of Instances”, remark c) says that:
“The order in which the transition conditions are evaluated corresponds to the
order in which they are declared following the textual syntax defined in Annex B.2.1,
or equivalently in the XML syntax defined in IEC 61499-2”
One thing what this sentence suggests clearly and unambiguously is that we
won’t be able to determine the transition to clear looking only at the graphical
notation of ECC. Its text source or XML source is required. Besides, the reference to
order in XML is not a very good idea, since by its nature XML is not supposed to
carry any information in the order of its elements (a better idea would be to add an
explicit transition order parameter).
Function block editing tools could add to the confusion. As illustrated in Figure 7,
even the function block editor of FBDK would produce the same graphical
representation of ECC for transitions differently ordered in XML. Transition
STATE1 -> STATE3 is the first in the list in the left screenshot and is the second in
the right screenshot. So, these two ECCs will have different behaviour in the
situation described in this example, but they would look the same graphically.
a)
b)
Figure 7. Function Block Editor of FBDK produces identically looking ECCs which
will have different behaviour.
First conclusions:
1. Semi-formal description of execution model for basic function block execution
is provided in the standard.
2. The description is sufficiently unambiguous and can be used directly for an
implementation, however, it contains references to the issues bringing potential
ambiguity (order of transitions in XML).
VII. POSTULATES
A few assertions regarding the execution of function blocks can form an axiomatic
basis of its execution model. It would be wise to keep this set of postulates as small
as possible. We assume that all other properties of an execution model can be
derived from the postulates. Altering one or several postulates can give us
completely different execution model. Theoretical study of this approach in general
and of this set of postulates in particular is very much encouraged.
At this stage we suggest the following set of postulates:
Table 1: Postulates critical for the function block execution model
#
1
Statement: A Function Block can be activated only by an event occurrence at
its event input
Roots in the standard: Implicit, derived from 5.3.2#3:
“…occurrence of an event at the event output of the first block shall cause the
scheduling of an invocation of the execution control function of the second
block, with an occurrence of an event at the associated event input of the second
block.”
Comment: This refers to Basic and Composite blocks. Service Interface
Function Blocks (SIFBs) can be activated from within, by internal events of the
resource, e.g. timer interrupts, external signals, etc. These, however can be
specified explicitly when the SIFB is created.
3
4
Statement: Execution (a single run) is a critical section
Properties of a single run of a basic FB
2
Roots in the standard text: Explicit, by remark e) to the Table 1 in 5.2.2:
e) All operations performed from an occurrence of transition t1 to an
occurrence of t2 shall be implemented as a critical region with a lock on the
function block instance.
Comment: We interpret it as: “A function block run” cannot be preempted by
another function block run. It could however be preempted by resource to
register external events and put them in the queue.
Statement: A single run of a basic function block is “short”
Roots in the standard text: Implicit
Comment:
Statement: Event input of a function block clears after single ECC transition,
regardless of was this event used in the evaluation or not
Roots in the standard: Added
5
Statement: Output events are issued immediately after the corresponding action
is completed
Roots in the standard text: Implicit
6
Statement: If a function block emits several output events in one state of ECC,
they are emitted sequentially
Roots in the standard text: Partially follows from the postulate 5 and other
explicit definitions
So far there have been different semantic ideas tried in research
implementations. The NPMTR model (“Non-Preemptive Multi-Threaded Resource”)
is implemented in FBRT. Sequential semantic was discussed in [4] and [6] and
implemented in run-time platforms µCrons and FUBER respectively. Semantic
based on PLC-like scan of inputs followed by subsequent re-evaluation of FB –
network was developed in [12, 13]. The essential difference of these three
approaches is in the way how blocks in the network are activated which depends on
the way of event passing, determined by the postulates 4 and 6.
VIII.
PROPERTIES OF SINGLE RUN
A. Reference to event inputs
Postulates 1-4 relate to the properties of a single run. These properties depend on the
way of treating input events, e.g. their references in ECC transition conditions.
According to the Standard the names of event inputs can be used in the conditions of
transitions:
Each EC transition shall have an associated Boolean condition, equivalent to a
Boolean expression utilizing one or more event input variables, input variables,
output variables, or internal variables of the function block
This definition clearly allows several event input names to be used in one condition.
On the other hand, as pointed out in syntax of conditions formally defined in BNF in
Annex B.2.1 (and is normative by Note "c" of Table 1, 5.2.2) and shown in Table 2
allows at most one event variable name.
Table 2. Excerpt from Annex B.2.1
ec_transition_condition ::= event_input_name
| guard_condition
| event_input_name ('&' | 'AND')
(guard_variable | '(' guard_condition ')')
guard_variable ::= input_variable_name
| output_variable_name
| internal_variable_name
<Shall be of BOOL type>
guard_condition ::= expression
<as defined in IEC 61131-3>
<Shall evaluate to a BOOL value>
The reasons of that discrepancy are explained in [15] as follows:
In particular guard_variable cannot contain an event_input_name,
so the implication is there (but not the explicit statement) that neither can the guard
condition contain an event_input_name. Furthermore, at the provisions for
algorithm invocation in 5.2.2 there is no longer any provision for an event input
state machine; therefore, there would be no way to use an event input name to
represent its "state". The conclusion one should draw is that "events are not stateful"
(although the process underlying the propagation of events may have states such as
"blocked") and that the Working Group forgot to go back and modify 5.2.1.3#8 after
changing everything else to get closer to a subset of Harel State Charts.
The issue of how many event input names to allow in a condition reflects the
fundamental shift from the FB model in which event input variables could have been
stored and ‘used’ many times, to the model where an event is just a cause of an FB
invocation and disappears after that. However, the interpretation of event variable
names proposed in NPMTR seems to be inconsistent and counterintuitive. This is
further illustrated in the next Section.
B. Example-II: How long an event is alive?
Let us consider another issue relevant to the implementation of the event processing
in a basic function block: how long information about event remains active inside a
basic function block? (And, by the way, shall the same policy apply (whatever it is)
in service interface function blocks?).
Continuing the same example, we found that after the EI1 event the transition
State1-> State3 will happen. Shall the run stop in State 3? Since the transition
condition from State 3 to State4 is true, it can follow the transition State1->State3, as
illustrated in Figure 8.
a)
b)
c)
Figure 8. Shall the run started in State 1 by EI1 continue until State4 or it stops at
State3?
Answer to this question depends on whether the EI1 variable remains true after
the transition State1-> State 2 occurred? To find it out we again shall read the
standard.
The rules for the input events “clearance” are not defined in the standard in
sufficient detail. The famous Table 1 ([1], Section 5.2.2) contains no clue on when
EI1 shall be true and when it resets to false. This gives some freedom in the
implementation leading to implementations with potentially different behaviour of
the same function block application. However, it is interesting to note that the earlier
drafts of the standard, e.g. Publicly Available Specification (PAS) released in 2002
[IEC61499 PAS, 2002], contained more details on the event clearance. The PAS was
using a Boolean latch variable for every input event. The rules were defined when to
set and when to clear this variable.
In the final version of the standard it was chosen to omit these definitions. The
reasons are explained in [5] as follows:
The “event latching” model was removed to avoid the combinatorial complexity of
application states … intent of the Standard: events not relevant to control of
algorithm execution are discarded.
Additional explanations were provided in [11] as follows:
“… in the older drafts an event input was modelled as a bistable state machine
whose state could be represented as a Boolean variable. Quite complex rules were
defined for when the variable could be "cleared" which as … research showed could
lead to unanticipated complexity and unsafe conditions. The FBRT never even
implemented that model.
Event inputs are no longer modelled that way. An event is now consistently
modelled as an "instantaneous occurrence" throughout the architecture. So there is
no such thing as "clearing an event" because it is never "set". One might think of the
event as a single pulse on the transition line…”
Although we support this argumentation, still event variables can be used in
conditions of ECC transitions, so formal rules need to be defined (when to set
and when to reset them) in order to resolve the question illustrated in this
example. It has nothing to do with combinatorial complexity of event latch
implementation or with the length of queue needed to store unprocessed events
arrived during execution of the function block.
The suggested answer form the postulate #4 – an input event can be used at most
once. Arrival of event activates the function block and leads to evaluation of ECC
conditions going out of the current ECC state even if this event is not used in any of
these conditions. This interpretation is consistent with the spirit of event as
instantaneous occurrence.
C. Example-III: What to do with ‘not Eventful’ Transitions?
In this example we considering a function block having the same interface as the
previously used “Sample’ but with different ECC inside as shown in Figure 9. The
block receives two events, one with both COND1 and COND2 equal to false, and the
other when both inputs became true, as illustrated in Figure 9,b.
a)
b)
Figure 9 . (a) ECC of function block and (b) timing diagram describing its input sequence.
It is clear that upon the first occurrence of EI1 the ECC will transfer from State 1 to
the State 2. The question is how the next event will be interpreted?
For example, the new version of the function block development kit (FBDK)
released in March, 2006 has the execution semantics following the NPMTR
approach [5] described as follows [14]: “…transitions containing no events will only
be evaluated once, at the completion of an EC state. So if you have any EC states
with no "eventful" transitions, you have to be able to guarantee that at least one (and
preferably only one) guard condition will be true upon completion of the State.
Otherwise the ECC will freeze in the culpable state.”
So, in that version of FBDK the ECC would not react on the second occurrence
of EI1 at all. In our view this is a counter-intuitive interpretation, as the state
machine in the Table 1 ([1], Section 5.2.2) explicitly implies three things:
1. Function block is activated by an input event
2. Input data variables associated with the input event are sampled at every
occurrence of that event.
3. ECC is evaluated at every input event.
So, it is difficult to see why ‘not eventful’ should not be interpreted the same
way as ‘eventful’ and get evaluated causing subsequent ECC transition?
IX. SEQUENTIAL HYPOTHESIS
th
The 6 postulate defines the behaviour exemplified in Figure 10. We believe that the
spirit of the 6th postulate implies the execution model which we further refer to as
“Sequential hypothesis”. Removing the 6th postulate will imply a possibility of
parallel function block execution within one resource. This model may also look
quite feasible and is implementable. However, we believe that it does not accord well
to the letter and the spirit of the standard. Argumentation in favour of the 6th
postulate is as follows.
Let us consider example in Figure 10. FB0 is activated by event input EI
and DI in that moment is TRUE. The run of FB0 will consist of STATE2 and
STATE3. When the ALG1 is completed and EO1 is to be issued, the question is if
the FB1 will be activated immediately or after the run of FB0 is completed? Then, in
STATE3, the question is whether to issue EO2 right after ALG2 is completed or wait
until ALG3 completes and issue EO2 and EO3 together? In the latter case, shall FB2
and FB3 shall be started simultaneously? Answers to these questions are determined
by postulates #5 and #6.
Figure 10. Run of FB0 consists of passing through STATE2 and ending in STATE3,
issuing EO1, EO2 and EO3.
Although the Standard leaves unanswered the issue when the output events of a
Basic FB are issued, three options are possible:
1) Output event is emitted immediately after the corresponding algorithm in
the action is completed;
2) After all actions of a state are completed;
3) After the single run of the basic FB is completed.
The interpretation 3) was explicitly present in the previous drafts of the standard but
was discarded. According to that interpretation, events EO1, EO2 and EO3 in our
example should be emitted together at the end of the run.
From that we conclude that the interpretation 3) is less attractive than 1) and 2). The
interpretations 1) and 2) are not different in the order of generated events and can be
only different in their timestamps.
We adopted the interpretation 1) which forms the Postulate #5.
As for the states with several actions, the Standard says explicitly that the
actions associated with an ECC state are executed sequentially, one after another.
Following the spirit of Postulate#5 it is quite logical to assume that in a single state
output events shall be executed immediately after the corresponding algorithm
completes, i.e. sequentially with respect to each other. This forms the Postulate #6.
Both these postulates imply that there is no such thing as concurrent execution
of function blocks within a single resource, or pre-emption of one block by another.
Indeed, what happens after an output event is emitted, is defined by the clause 3
in 5.3.2 as follows:
If an event output of a component function block is connected to an event input
of a second component function block, occurrence of an event at the event
output of the first block shall cause the scheduling of an invocation of the
execution control function of the second block, with an occurrence of an event at
the associated event input of the second block.
From that one can conclude that even though output events can be emitted during a
function block run, their recipient will not be started immediately, but will be just
scheduled and started after this run is completed. As a consequence of the Sequential
Hypothesis the following assertion can be made:
Proposition 1:
In a resource there is no more than one non-SIFB function block is in the run
state at any moment of time.
Remark. The sequential Hypothesis essentially relies on the Postulate 3. If the
algorithms are not short, that could lead to unnecessary delay in invocation of
already scheduled blocks, which could be counter-intuitive.
X. HOW TO IMPLEMENT THE SEQUENTIAL HYPOTHESIS
A. Informal implementation algorithm
Implementation of the sequential hypothesis requires further details as follows:
-
-
Emitting an event by a function block means request to the scheduler of the
resource to pass the event to the destination function block. The scheduler
ensures that two or more event inputs of a basic FB or SIFB never occur
simultaneously;
A resource (FB scheduler) maintains the queue of external events and can be in
one of two states (see the state machine in Figure 11 and the description in Table
3):
o Receptive to external events in SIFBs;
o Not receptive to external event in SIFBs (when executing FB). When
an event arises in such a state it is stored in a FIFO queue. The queue is
processed in the next receptive state of the resource.
Table 3: Description of the resource state machine operation
State/
Transition
S1
Description
Check if the queue of external events is not
empty
While the queue is not empty
For each event :
Take (and remove) it from the queue;
Activate the recipient SIFB and pass the
events arising from its execution to the
FB scheduler of the resource;
Figure 11: State machine
of resource operation;
S2
t1
t2
FB Scheduler selects next FB from its queue
and starts its execution
Queue of scheduled blocks is not empty
Scheduled block completed its execution
B. Example: Implementation of the Sequential Hypothesis
Let us consider a network of function blocks shown in Figure 12. The network is
allocated to a device that has single resource.
Figure 12. Function block network activated by an external event through block SIFB_S
The device has one input channel which is polled by the function block SIFB_S.
Arrival of an external event at this channel causes activation of the rest of the
network. The execution process is illustrated in Figure 13.
Figure 13. Timing diagram representing activity of blocks in the network.
Scheduling of block activations and registration of arrived external events is
implemented using two queues of First-In First-Out kind (FIFO): Scheduling FIFO,
further referred to as Queue 1 and SIFBs FIFO, referred to as Queue 2. Queue 1
stores the events passed from a block to another block. Queue 2 stores occurrences of
external events that occur while the resource is in the non receptive state S2. It is
needed to ensure the processing of input events will follow the order of their
occurrence. In our example, the network is activated by arrival of an external event
to the input channel Ev. Arrival of an external event interrupts the execution of a
function block which is preempted by execution of the resource, which places the
corresponding request to the Queue 2. This can be seen in case of the execution of
FB_C. Pre-emption of the FB_C execution by the Scheduler after the second
occurrence of Ev does not contradict the 3rd postulate as no other FB is executed
while the pre-emption occurred, so the integrity of the FB network evaluation is not
affected.
When resource returns to the receptive state it checks if the Queue 2 is not
empty and adds the request of kind r → S to the Queue 1, clearing the Queue 2. Then
it takes next request from the top of Queue 1 and executes the corresponding
function block (that is target of the request, i.e. in case of request r → S the service
interface block S is executed.)
Remark: In a more general case the queues 1 and 2 may not necessarily be FIFO but
just sets of requests where scheduler places the requests and from where it selects an
event to activate next function block.
XI. HOW GOOD IS THE SEQUENTIAL HYPOTHESIS FOR A SYSTEM DEVELOPER?
Benefits of the Sequential Hypothesis for application developer are:
- more predictable model of execution in terms of reaction time and invocation
sequence;
- requires less resources i.e. will lead to potentially more efficient
implementations:
o direct call invocation in NPMTR model requires stack space and
context switching;
o can be implemented in one thread;
-
allows customisation for handling real-time constraints, and other priority
mechanisms;
The question of “How good is this model for developers” can be answered only
after certain trial period of using the tools and devices that comply with this semantic
model. The most popular at the moment FBDK/FBRT follows different semantic
(NPMTR), so the final comparison is yet to be made. However, there is a possibility
of an alternative semantic which could allow for parallel execution of function
blocks.
As illustrated in Figure 14, splitting an event connection to two or more blocks
(left side), is currently interpreted as implicit E_SPLIT block (right side), that leads
to sequential scheduling of FB2 and FB3 under Sequential Hypothesis.
Figure 14. Event fork can lead to parallel execution of function blocks.
However, the event fork in Figure 14 can be interpreted by many developers as
parallel invocation of FB2 and FB3, and this vision is quite intuitive. The main
reason to think about sequential execution of function blocks is the sequential nature
of modern computers. The function blocks are not necessarily to be implemented as
sequential software code, they could be compiled into hardware form, where it is
only natural to work in parallel.
The parallel execution of function blocks within a resource can be achieved by
modifying Postulates #5 and #6, for example as follows:
Postulate #5’ Output events are issued immediately after the corresponding
action is completed. The destination function block is invoked right after the event is
issued.
Postulate#6’ If a function block emits several output events in one state of ECC,
they are emitted simultaneously.
With this set of postulates our execution model becomes Parallel Hypothesis,
whose discussion, however is beyond the scope of this paper. We acknowledge that
there could be good reasons in favour of Parallel Hypothesis, such as:
- better fit to the ‘not so short’ algorithms assumption;
- more intuitive in ‘event-forking’ situations;
- better fit to multi core hardware implementation;
However, at this stage we see that Sequential Hypothesis is the best grounded by the
current text of IEC 61499 and shall be adopted as the base of its complete execution
model.
XII. CONCLUSIONS
The Sequential Hypothesis advocated in this paper is better grounded by the spirit
and letter of IEC61499, than the most widely used NPMTR semantics of function
blocks. It promises more predictable and less resource-consuming run-time behavior.
The sequential model is especially suitable for blocks with short algorithms, such as
rungs of ladder diagrams.
XIII.
ACKNOWLEDGEMENTS
The authors are grateful to James Christensen, Partha Roop, Yoong Li Hsien, José
Lastra, Alois Zoitl, Christoph Sünder and all other colleagues for valuable comments
and ideas.
XIV.
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
REFERENCES
Function blocks for industrial-process measurement and control systems - Part
1: Architecture, International Electrotechnical Commission, Geneva, 2005
Function
Block
Development
Kit
(FBDK),
http://www.holobloc.com/doc/fbdk/index.htm
Z. Manna and A. Pnueli. Models for reactivity. Acta Informatica, 30:609--678,
1993
Zoitl A., Grabmair G., Auinger F., and Sunder C. Executing real-time
constrained control applications modelled in IEC 61499 with respect to dynamic
reconfiguration, 3rd IEEE Conference on Industrial Informatics, Proceedings,
Perth, Australia, August 2005
C. Sünder, A. Zoitl, J. H. Christensen, V. Vyatkin, R. Brennan, A. Valentini, L.
Ferrarini, K. Thramboulidis, T. Strasser, J. L.Martinez-Lastra, and F. Auinger:
Usability and Interoperability of IEC 61499 based distributed automation
systems, 4th IEEE Conference on Industrial Informatics (INDIN 2006),
Proceedings, Singapore, 2006
G. Čengić, O. Ljungkrantz, and K. Ǻkesson, “Formal Modeling of Function
Block Applications Running in IEC 61499 Execution Runtime,” in 11th IEEE
International Conference on Emerging Technologies and Factory Automation
(ETFA), Prague, September 2006.
L. Ferrarini and C. Veber, Implementation approaches for the execution model
of IEC 61499 applications, 2nd IEEE Conference on Industrial Informatics,
Proceedings, Berlin, June 2004.
V. Dubinin, V. Vyatkin “Formalized definition and modelling of IEC 61499
function block systems”, Letters of Tertiary Education Institutions, Volga
region, Russia, Penza State University Publishers, 2005, N 5, pp.76-89
V. Dubinin, V. Vyatkin, Towards a Formal Semantics of IEC 61499 Function
Blocks, 4th IEEE Conference on Industrial Informatics (INDIN’2006),
Singapore, 2006
V. Dubinin, V. Vyatkin, H.-M. Hanisch, “Using Prolog for Modelling And
Verification of IEC 61499 Function Blocks and Applications”, 11th IEEE
Conference on Emerging Technologies and Factory Automation (ETFA 2006),
Proceedings, Prague, 2006
J. Christensen, private communication, October, 2005
L. Ferrarini, M. Romanò, and C. Veber, Automatic Generation of AWL Code
from IEC 61499 Applications, 4th IEEE Conference on Industrial Informatics
(INDIN 2006), Proceedings, Singapore, 2006
J. LM Lastra, L. Godinho, A. Lobov, R. Tuokko, An IEC 61499 Application
generator for Scan-Based Industrial Controllers, 3rd IEEE Conference on
Industrial Informatics, Proceedings, Perth, Australia, August 2005
J. Christensen, remark on the execution semantic in the new version of FBDK,
2006, March, - private communication.
J. Christensen, remark on transition condition syntax and its impact on event
clearance, 2006, October, - private communication.
