CN108199940B - Verification method and system for robot joint communication system model - Google Patents

Verification method and system for robot joint communication system model Download PDF

Info

Publication number
CN108199940B
CN108199940B CN201711427979.0A CN201711427979A CN108199940B CN 108199940 B CN108199940 B CN 108199940B CN 201711427979 A CN201711427979 A CN 201711427979A CN 108199940 B CN108199940 B CN 108199940B
Authority
CN
China
Prior art keywords
time
model
constraint
communication node
communication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201711427979.0A
Other languages
Chinese (zh)
Other versions
CN108199940A (en
Inventor
李晓娟
关永
孟瑶
王瑞
施智平
张倩颖
谈金东
邵振洲
张�杰
王国辉
刘永梅
吴敏华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Capital Normal University
Original Assignee
Capital Normal University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Capital Normal University filed Critical Capital Normal University
Priority to CN201711427979.0A priority Critical patent/CN108199940B/en
Publication of CN108199940A publication Critical patent/CN108199940A/en
Application granted granted Critical
Publication of CN108199940B publication Critical patent/CN108199940B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/40Bus networks
    • H04L12/40143Bus networks involving priority mechanisms
    • H04L12/4015Bus networks involving priority mechanisms by scheduling the transmission of messages at the communication node
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • H04L41/145Network analysis or design involving simulating, designing, planning or modelling of a network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/16Threshold monitoring
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/50Testing arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/40Bus networks
    • H04L2012/40208Bus networks characterized by the use of a particular bus standard
    • H04L2012/40215Controller Area Network CAN

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Manipulator (AREA)

Abstract

The invention relates to a verification method and a verification system for a robot joint communication system model, wherein the method comprises the following steps: the modeling analysis is carried out on the CAN field bus-based control system by adopting a formalization method, wherein the model abstraction is required to be carried out on the system, then the formalization modeling and the verification are carried out, whether the time automata meets the correctness and the real-time performance is judged, if the correctness does not meet the requirement, the system scheme is re-planned, if the instantaneity does not meet the requirement, the real-time performance is improved by deploying a dynamic priority strategy.

Description

Verification method and system for robot joint communication system model
Technical Field
The invention relates to the field of robot communication, in particular to a verification method and a verification system for a robot joint communication system model.
Background
The field of application of robots is becoming more and more extensive, and has not been limited to only industry, and a large number of service robots are beginning to be applied to medical treatment and home due to market demands. Due to the complexity, high concurrency and high requirement for real-time performance of the robot communication system, it is very important to ensure that the robot can complete the expected action accurately and in real time, especially in information transmission between distributed nodes of the robot, the communication delay must meet the requirement of specified response time, otherwise the stability of the system is affected or the system is subjected to errors and rushes.
The CAN bus protocol specification uses an information static priority strategy for communication, so that the real-time performance CAN be basically ensured, but the static priority strategy cannot meet the time delay requirement of transmission between nodes along with the increase of nodes on the CAN bus and the improvement of the real-time performance requirement.
At present, the CAN bus protocol is mainly verified in a control system of an electric automobile, traditional testing, simulating and simulating methods are mainly adopted in the CAN protocol verifying methods, however, the three methods have certain limitations and cannot cover all execution paths, and therefore the verifying result is incomplete. The traditional testing method is to set up a testing platform by a solid machine at the final stage of design for parameter setting and testing, the method needs to be carried out at the final stage, and the parameter setting is limited in the testing process, so that the testing result is inaccurate. The traditional simulation and emulation method mainly utilizes computer software to simulate an environment and simulate an action so as to analyze communication, but the method depends on hardware, provides limited parameter setting and also causes imperfect verification results.
Disclosure of Invention
The invention provides a verification method and a verification system for a robot joint communication system model, and aims to ensure the integrity of system design at the initial stage of design, avoid loopholes at the design stage, be rigorous, verify and analyze the correctness and the real-time performance of a CAN bus in robot communication and improve the correctness and the real-time performance of the communication of a robot joint system based on the CAN bus.
The purpose of the invention is realized by adopting the following technical scheme:
in a method of modeling and validation of a robotic joint communication system, the improvement comprising:
judging whether a time automaton model of a communication node in the robot joint communication system meets correctness constraints or not;
if the correctness constraint is not met, reconstructing a time automaton model of a communication node in the robot joint communication system;
if the correctness constraint is met, judging whether a time automaton model of the communication node meets the real-time constraint;
if the real-time constraint is met, ending the operation;
if the real-time constraint is not met, correcting the original priority of the data frame transmission of the communication node to be the highest priority, and after the data frame transmission of the communication node is finished, restoring the priority of the data frame transmission of the communication node to be the original priority of the data frame transmission of the communication node;
the communication node transmits data frames by using the CAN bus.
Preferably, the reconstructing a time automaton model of a communication node in a robot joint communication system includes:
and according to the running state of the communication nodes in the robot node communication system, constructing a time automaton model of the communication nodes in the robot node communication system by using a UPPAAL tool.
Preferably, the determining whether the time robot model of the middle communication node of the robot joint system satisfies the correctness constraint includes:
when a UPPAAL tool is used for detecting that the time automaton model of the communication node meets all constraint indexes, the time automaton model meets correctness constraints; otherwise, the correctness constraint is not satisfied;
the constraint indexes comprise that the time automaton model is in an unlocking state, the time automaton model is in a state that the joint communication nodes can successfully receive the control command sent by the main controller, the communication nodes with different priorities of the time automaton model can feed back information to the main controller, the time automaton model is in a state that the joint communication nodes can not communicate among the lower joint communication nodes, the time automaton model is in a state that only one communication node transmits data on a bus at the same moment, the time automaton model is in a state that a plurality of communication nodes request to send data at the same moment, and the time automaton model is in a state that the bus right can be always obtained by the nodes with high priorities.
Preferably, the determining whether the time automaton model of the communication node satisfies the real-time constraint includes:
and detecting whether the number of times of arbitration failure of data frame transmission requests of the time automaton model of the communication node exceeds a threshold value or not by using a UPPAAL tool, if so, not meeting the real-time constraint, and if not, meeting the real-time constraint.
A verification system for a robot joint communication system model, the system comprising:
the first judgment unit is used for judging whether a time automaton model of a communication node in the robot joint communication system meets correctness constraint or not;
the construction unit is used for reconstructing a time automaton model of a communication node in the robot joint communication system if the correctness constraint is not met;
the second judgment unit is used for judging whether the time automaton model of the communication node meets the real-time constraint or not if the correctness constraint is met;
an ending unit, configured to end the operation if the real-time constraint is satisfied;
the correcting unit is used for correcting the original priority of the data frame transmission of the communication node to be the highest priority if the real-time constraint is not met, and restoring the priority of the data frame transmission of the communication node to be the original priority of the data frame transmission of the communication node after the data frame transmission of the communication node is finished;
the communication node transmits data frames by using the CAN bus.
Preferably, the building unit includes:
the method is used for constructing the time automaton model of the communication nodes in the robot node communication system by using the UPPAAL tool according to the running state of the communication nodes in the robot node communication system.
Preferably, the first judging unit includes:
the judging module is used for judging whether the time automata model of the communication node meets the correctness constraint when the UPPAAL tool is used for detecting that the time automata model meets all constraint indexes; otherwise, the correctness constraint is not satisfied;
and the constraint indexes comprise that the time automaton model is in an unlocking state, the time automaton model is in a state that the joint communication node can successfully receive a control command sent by the main controller, the communication nodes with different priorities of the time automaton model can feed back information to the main controller, the time automaton model is in a state that the joint communication nodes can not communicate with each other, the time automaton model is in a state that only one communication node transmits data on a bus at the same moment, the time automaton model is in a state that a plurality of communication nodes request to send data at the same moment, and the time automaton model is in a state that the bus right can be always obtained by the high-priority node.
Preferably, the second determination unit includes:
and detecting whether the number of times of arbitration failure of data frame transmission requests of the time automaton model of the communication node exceeds a threshold value or not by using a UPPAAL tool, if so, not meeting the real-time constraint, and if not, meeting the real-time constraint.
The invention has the beneficial effects that:
the technical scheme provided by the invention is characterized in that a robot system based on a CAN bus is connected with a model detection method, a formalized method is used for carrying out modeling analysis on a robot joint system based on the CAN bus, the model abstraction is firstly carried out on the system, then formalized modeling and automatic verification are carried out, time automatic models of a main controller, a joint controller, a transceiver, an arbiter and the CAN bus are realized in UPPAAL, and finally correctness and real-time verification are carried out on the robot joint system based on the CAN bus.
Drawings
FIG. 1 is a flow chart of a communication method of a robot joint system based on a CAN bus, provided by the invention;
FIG. 2 is a formalized framework in an embodiment provided by the present invention;
FIG. 3 is a state diagram of a master controller in an embodiment provided by the present invention;
FIG. 4 is a state diagram of a joint controller in an embodiment provided by the present invention;
FIG. 5 is a time automaton for a master controller in an embodiment provided by the present invention;
FIG. 6 is a time automaton for a joint controller in an embodiment provided by the present invention;
FIG. 7 is a time automaton for a transceiver in an embodiment provided by the invention;
FIG. 8 is a time automaton for an arbiter in an embodiment provided by the present invention;
FIG. 9 is a time automaton for a bus in an embodiment provided by the present invention;
fig. 10 is a schematic structural diagram of a robot joint system communication system based on a CAN bus provided by the invention.
Detailed Description
The following detailed description of embodiments of the invention refers to the accompanying drawings.
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
In robot communication, a task of a service robot has the requirements of concurrency and high real-time performance, so how to design a model according to a bus protocol specification and application requirements, the correctness and the real-time performance of system design are ensured, and it is necessary to avoid a leak in a design stage, aiming at the limitation of the traditional testing, simulating and simulating method, the verification method of the robot joint communication system model provided by the invention comprises the following steps of:
step 1: judging whether a time automaton model of a communication node in the robot joint communication system meets correctness constraints or not;
step 2: if the correctness constraint is not met, reconstructing a time automaton model of a communication node in the robot joint communication system;
and step 3: if the correctness constraint is met, judging whether a time automaton model of the communication node meets the real-time constraint;
and 4, step 4: if the real-time constraint is met, ending the operation;
and 5: if the real-time constraint is not met, correcting the original priority of the data frame transmission of the communication node to be the highest priority, and after the data frame transmission of the communication node is finished, restoring the priority of the data frame transmission of the communication node to be the original priority of the data frame transmission of the communication node;
the communication node transmits data frames by using the CAN bus.
For example, the robot node communication system comprises a main controller model, a joint controller model, a transceiver model, an arbiter model and a bus model.
And according to the running state of the communication nodes in the robot node communication system, constructing a time automaton model of the communication nodes in the robot node communication system by using a UPPAAL tool.
Firstly, a formalized framework is constructed for a robot joint system based on a CAN bus. According to CAN specifications, CAN source codes and real-time requirements of a robot control system, a robot joint system based on a CAN bus is abstracted and simplified to abstract a main controller model, a joint controller model, a transceiver model, an arbiter model and a bus model, the five models are hierarchically divided according to an actual communication process, the main controller model and the joint controller model are divided into application program parts, the transceiver model and the arbiter model are divided into transceiver parts, and the bus is independently listed as a bus part. The application program part sends or receives data to the bus part through the transceiver part, and the specific architecture is shown in fig. 2. And distributing priority to each node according to the static priority strategy of the CAN bus. The whole frame system is described from bottom to top as:
System=Application‖Transceiver‖Bus;
Application=Master Controller‖Joint Controlleri∈N(i);
Transceiver=Transceiverj∈N+1(j)‖Arbitrationj∈N+1(j);
wherein: the |' represents the parallel combination of the models, N represents the number of articulated nodes hooked on the bus, and N +1 represents the total number of nodes on the bus, i.e., including the master node.
As shown in fig. 3, the master controller model needs to send a control command to the relevant node controller in one control cycle, and receive feedback information of the node controller according to the corresponding interrupt signal to prepare for the next control cycle. The master controller model is set to be in an idle state (idle), a sending state (sending), a waiting arbitration state (wait _ arb), all commands in a control period are transmitted to be in a power state (trans _ finish), and a receiving state (receiving), and the model can be formally described as follows according to the network semantics of the time automaton:
(idle,[])----count==0&&ack[i]==1-----→(sending,[])<writing(),i:=0,Send_period:=0>
(sending,[])----sendMesg[id]!-----→(wait_arb,[])
(wait_arb,[])----arbfail[id]?-----→(sending,[])
(wait_arb,[])----transmitted[id]?-----→(trans_finish,[])
(trans_finish,[])----i<NUMNODE-----→(trans_finish,[])<i:=i+1>
(trans_finish,[])----Send_period>=SendPeriod,syn!-----→(idle,[])<Send_period:=0>
(idle,[])----send_ok[id]?||interrupt[id]?-----→(receiving,[])
(receiving,[])----ack[j]==1-----→(idle,[])
as shown in fig. 4, the joint controller needs to drive the dc motor to complete corresponding movement within an execution period according to the received control command, and feed back current position information or state information to the main controller, where the execution period is set to 5 time units in this model. The joint controller model is set to idle state (idle), receive state (receiving), execute state (execute), wait for feedback state (ack _ waiting), send feedback state (ack _ send), wait for arbitration state (waiting _ arb) and feedback complete state (ack _ finish), and can be formally described as:
(idle,[])----syn?,packet[id-1].Messid==id-----→(receiving,[])
(receiving,[])---------→(execute,[t_execut<=5])<t_execut:=0>
(execute,[t_execut<=5])----interrupt[id]!,t_execut>5-----→(ack_waiting,[])
(ack_waiting,[])----packet[id-1].Mtype==2-----→(ack_send,[])<x:=0>
(ack_waiting,[])----packet[id-1].Mtype==1-----→(ack_send,[])<x:=0>
(ack_send,[])----sendMesg[id]!-----→(waiting_arb,[])
(waiting_arb,[])----Arbfail[id]?-----→(ack_send,[])
(waiting_arb,[])----transmitted[id]?-----→(ack_finish,[])
(ack_finish,[])----send_ok[id]!-----→(idle,[])<resetPacket(id),x:=0>
wherein: the bracket () is a state in the model, the first element in the bracket is the state name, the second element is the clock constraint of the state, "- - - - →" represents the state transition, the upper element represents the condition constraint corresponding to the state transition, and the synchronization signal syn! Syn? Interrupt [ id ]! Interrupt [ id ]? And the like represent interaction and synchronization constraints among the models, wherein id is a specific model participating in interaction. A constant NUMINODE representing the number of nodes on the bus represents a constant constraint in the model automaton.
The other models are constructed in a similar manner to the two models described above.
After a formal architecture is constructed, a time automaton model of a communication node in a robot node communication system needs to be constructed, and the construction steps are as follows:
analyzing the logic function of each module according to the communication characteristics of the CAN-based robot node communication system, and abstracting various possible states of each model;
and combining the functions of each module and the operation process of the whole system, and standardizing state transition rules in the modules, wherein the state transition rules comprise condition constraints, constant constraints, clock constraints and synchronization constraints.
Wherein, the time automaton model of the main controller is constructed, comprising:
the time automaton of the master controller is shown in fig. 5, the control period is represented by a local clock variable Send _ period, the master controller can Send a control command to any node in one control period, and after all the commands are sent, the master controller sends a synchronous command syn! Is the lower joint node controller receiving this syn? And then, starting to execute the command and feeding back the current position or state information to the main controller. The main controller initializes a clock variable Send _ period during the process of transferring from the initial state to the idle state. When no node requesting sending exists on the bus and each joint controller successfully feeds back after the last control period, the master controller is shifted to the start _ sending state from the idle state. Int [1,2] is used to indicate the type of frame currently being sent, and e can randomly select a data frame or a remote frame. The function writing () is used to encapsulate the frame information currently requested to be transmitted. The main controller enters an arbitration stage after sending a control command, if the arbitration is successful, the main controller shifts to a trans _ finish state, and if the arbitration is failed, the main controller returns to a start _ sending state again. After the control command is sent, the synchronous signal syn is sent! And migrates to the idle state. In the time automaton, the main controller receives interrupt [ id ]! And a signal indicating that the joint node feeds back information, and the main controller enters a preparation state. When the master controller receives the send success signal send _ ok [ e ] | from the joint controller! Thereafter, the robot enters the reception state, and when the value of the variable ack indicating that the joint node has completed the response is 1, the robot returns to the idle state to start the next round of control.
The number of lower joint nodes connected with the CAN bus in the model is declared as a constant variable, but the state machine transition model of the master control module is independent of the change of the number of the nodes, so that the multiplexing is facilitated.
Constructing a model of a temporal automaton for a joint controller, comprising:
the time robot of the joint controller is shown in fig. 6, the initial state idle represents that the joint is in an idle state, and when the robot receives a synchronization signal sent from the main controller, the robot turns to a receiving state and starts to execute the related command. The local clock variable t _ execute represents the execution cycle, and after the execution cycle is finished, the node needs to send an interrupt [ id ] | by sending an interrupt signal! And feeding back the acquired information to the main control. At this point the automaton transitions to the feedback state. Two branches are led out in the feedback state to respectively indicate that position information or state information is fed back. When the node feeds back the information, the node also needs to participate in the arbitration of the bus, the information can be sent only after the arbitration is successful, and if the arbitration is failed, the node quits the bus to wait for the next arbitration. After the information is successfully sent, send _ ok [ id ] to the main controller! The signal triggers the main controller to enter a receiving state, and the value of the variable ack is set to be 1, which indicates that the node has successfully fed back information. In order to record the number of times of arbitration failure of a node, an integer variable failNum is introduced, the priority of the node is promoted when the number of times of arbitration failure is set to be n times, the promotion is realized through a function Raise _ pri (), and after the node obtains a bus through promoting the priority and finishes transmission, the priority is recovered, and the normal operation of communication is ensured. The restoration of its priority is implemented by the function reset _ pri ().
Constructing a time robot model of a transceiver, comprising:
time automaton of transceiver as shown in fig. 7, initial idle state, when transceiver receives request signal sendMesg id | sent from node to bus! And starting to detect the bus, and if the bus is occupied by the nodes at present, turning to a waiting state. If the bus is idle, the bus time automaton will send the next! Signaling the transceiver automaton to transition to the start _ arb state, triggering the arbitration automaton and sending an arbitration start signal arb _ start [ id ]! Where id denotes the node currently participating in arbitration. The automaton migrates to the req _ trusted state after arbitration failure, indicating a request failure. And sends an arbitration end signal arb _ over [ id ] to the arbiter automaton! Simultaneously, an arbitration failure arbfail [ id ] is sent to the upper layer controller! A signal. The value of count minus 1 indicates that the number of nodes currently requesting transmission is minus one. After the arbitration is successful, the automaton transitions to the req _ suc state, indicating that the request has successfully owned the bus. An arbitration end signal arb _ over id | is also sent to the arbiter automaton! Entering into sending state, after transmission is successful, sending transmitted [ id ] to upper layer controller! A signal. And simultaneously updating the values of active and count, and resetting the bus value. A local clock variable t1 is introduced into the automaton to represent the transmission delay of the node, a position invariant is described by t1< ═ Trans _ t, and the fact that the automaton can only stay for Trans _ t time unit at most in a sending state and is about to move to an idle state is represented.
Constructing a time automaton model of an arbiter, comprising:
the time automaton of the arbiter is shown in FIG. 8, where the initial state idle indicates that the node is idle waiting for the CAN transceiver to send an arbitration request arb _ start [ id ]! . When receiving arbitration request signal, entering start _ arb state to start bus arbitration process, namely bit arbitrating 11-bit identifier of frame arbitration field according to bit, the concrete process is:
calculating a bus value: the automaton calculates the current bus value when the start _ arb state transitions to the list _ bus state. Signal [ i ]. Id [ Id ] [ i ], wherein the signal [ i ] represents the currently calculated bus value, the initial value thereof is {1,1, … 1}, Id [ Id ] [ i ] represents the 11-bit identifier sequence of the arbitration field of the frame sent by the current node, and the result of bitwise AND operation of the two arrays is the currently required bus value;
comparing whether the value of the current sending bit is the same as the obtained value of the bus, if not, the node requests to fail to send, and quitting arbitration, wherein the state of the automaton is req _ fail; if the value of the current sending bit is the same as the obtained bus value but the 11-bit identifier sequence is not completely compared, the arbitration of the next bit is continued in this way; if the value of the current sending bit is the same as the obtained bus value and the 11-bit identifiers are arbitrated completely, the node request is successful, the arbitration process is finished, and the state of the automaton is req _ success. Whether arbitration succeeds or fails, the arbitration time automaton receives an arbitration over id | signal! And returns to idle state to wait for the next arbitration. So that the entire system can continue to operate.
The model introduces a state invariant t < ═ Tbit in a listen _ bus state to describe the duration information of each bit time on the bus, wherein a local clock variable t is used as the clock constraint of the state to describe the time transition in the state. And t > -Tbit in the output branch is used as condition constraint of state transition to ensure the duration of bus upper time, namely, subsequent value comparison is carried out after the bus upper transmission is successful.
Constructing a temporal automaton model for a bus, comprising:
the time automaton for a bus is shown in fig. 9, when no node sends data to the bus and no node reads data from the bus, the bus is in an idle state. The bus is busy as long as there is a node on the bus. Two variables, namely count and active, are introduced to represent the state of the bus, wherein the count represents the number of nodes sending requests to the bus, the value of the count is added with 1 every time a node sends a request to the bus, when the value of the count is 1, the node can occupy the bus to send data when only one node sends a request currently, and when the value of the count is more than 1, a plurality of nodes send requests to the bus, the node needs to participate in bus arbitration at the moment, and the node which wins the bus can send or receive data. The active variable represents whether a node occupies the bus currently, the value of the active is 1, the bus is in a busy state at the moment, and when the value of the active is 0, the bus is converted from the busy state to an idle state.
After a time automaton model of a communication node in a robot node communication system is constructed, whether the time automaton model of the communication node in the robot joint system meets correctness constraints needs to be judged, and the method comprises the following steps:
when a UPPAAL tool is used for detecting that the time automaton model of the communication node meets all constraint indexes, the time automaton model meets correctness constraints; otherwise, the correctness constraint is not satisfied;
the constraint indexes comprise that the time automaton model is in an unlocking state, the time automaton model is in a state that the joint communication nodes can successfully receive the control command sent by the main controller, the communication nodes with different priorities of the time automaton model can feed back information to the main controller, the time automaton model is in a state that the joint communication nodes can not communicate among the lower joint communication nodes, the time automaton model is in a state that only one communication node transmits data on a bus at the same moment, the time automaton model is in a state that a plurality of communication nodes request to send data at the same moment, and the time automaton model is in a state that the bus right can be always obtained by the nodes with high priorities.
The non-deadlock state of the time automaton model of the communication node represents that the whole system can normally run, and whether a non-deadlock attribute exists in the UPPAAL or not is represented as follows: a [ ] not delay.
Joint communication nodes in a time automaton model of the communication nodes can successfully receive a control command sent in a control period of a main controller, the high efficiency of system design is concerned, whether a robot can complete corresponding actions according to instructions is also influenced, whether the Joint communication nodes can successfully receive the control command sent by the main controller in UPPAAL is represented as E < > Master.
Communication nodes of different priorities in the time automaton model of a communication node are able to feed back information to the master controller, which in uppal is expressed as: e < > (for all (i: jid _ t) i interference Joint _ controller (i).
The attribute of non-communication between the communication nodes of the lower joint in the time automaton model of the communication node is expressed as: e < > not (forall (i: jid _ t) Joint _ controller (i).
ack_waitting and
Joint_Controller(i).receiving)。
In the time automaton model of the communication node, only one communication node transmits data on the bus at the same time, which is expressed as: a [ ] not (forall (i: jid _ t) forall (j: jid _ t)
Joint_Controller(i).ack_send and Joint_Controller(j).ack_send)。
In the time automaton model of the communication node, a plurality of communication nodes request to send data at the same time, and the data is expressed as: e < > (forall (i: jid _ t) forall (j: jid _ t)
Joint_Controller(i).ack_waitting and Joint_Controller(j).
ack_waitting)。
The high priority node in the time automaton model of the communication node can always obtain the bus right, which is expressed as: a [ ] not allocation (0). req _ fail.
And if the time automaton model of the communication node does not meet the correctness constraint, reconstructing the time automaton model of the communication node in the robot joint communication system.
If the correctness constraint is met, judging whether a time automaton model of the communication node meets the real-time constraint or not, wherein the judging step comprises the following steps:
and detecting whether the number of times of arbitration failure of data frame transmission requests of the time automaton model of the communication node exceeds a threshold value or not by using a UPPAAL tool, if so, not meeting the real-time constraint, and if not, meeting the real-time constraint.
Wherein, in order to record the arbitration failure times of the nodes, an integer variable failNum is introduced.
And if the time automaton model of the communication node does not meet the real-time constraint, correcting the original transmission priority of the data frame of the communication node to be the highest priority.
And reserving a highest priority series from the 11-bit identifier of the CAN message arbitration field, upgrading the priority of the node if the real-time performance is not met in the arbitration process, increasing the priority to the highest priority, assigning a reserved sequence to the node, and restoring the priority of the data frame transmission of the communication node to the original priority of the data frame transmission of the communication node when the communication node finishes transmitting the data frame by using the CAN bus in order to ensure normal communication. Therefore, the problem that a plurality of nodes have the same priority level due to the fact that the priority level of the nodes is improved can be avoided.
A verification system of a robot joint communication system model, as shown in fig. 10, the system comprising:
the first judgment unit is used for judging whether a time automaton model of a communication node in the robot joint communication system meets correctness constraint or not;
the construction unit is used for reconstructing a time automaton model of a communication node in the robot joint communication system if the correctness constraint is not met;
the second judgment unit is used for judging whether the time automaton model of the communication node meets the real-time constraint or not if the correctness constraint is met;
an ending unit, configured to end the operation if the real-time constraint is satisfied;
the correcting unit is used for correcting the original priority of the data frame transmission of the communication node to be the highest priority if the real-time constraint is not met, and restoring the priority of the data frame transmission of the communication node to be the original priority of the data frame transmission of the communication node after the data frame transmission of the communication node is finished;
the communication node transmits data frames by using the CAN bus.
The construction unit comprises:
the method is used for constructing the time automaton model of the communication nodes in the robot node communication system by using the UPPAAL tool according to the running state of the communication nodes in the robot node communication system.
The first judgment unit includes:
the judging module is used for judging whether the time automata model of the communication node meets the correctness constraint when the UPPAAL tool is used for detecting that the time automata model meets all constraint indexes; otherwise, the correctness constraint is not satisfied;
and the constraint indexes comprise that the time automaton model is in an unlocking state, the time automaton model is in a state that the joint communication node can successfully receive a control command sent by the main controller, the communication nodes with different priorities of the time automaton model can feed back information to the main controller, the time automaton model is in a state that the joint communication nodes can not communicate with each other, the time automaton model is in a state that only one communication node transmits data on a bus at the same moment, the time automaton model is in a state that a plurality of communication nodes request to send data at the same moment, and the time automaton model is in a state that the bus right can be always obtained by the high-priority node.
The second determination unit includes:
and detecting whether the number of times of arbitration failure of data frame transmission requests of the time automaton model of the communication node exceeds a threshold value or not by using a UPPAAL tool, if so, not meeting the real-time constraint, and if not, meeting the real-time constraint.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solutions of the present invention and not for limiting the same, and although the present invention is described in detail with reference to the above embodiments, those of ordinary skill in the art should understand that: modifications and equivalents may be made to the embodiments of the invention without departing from the spirit and scope of the invention, which is to be covered by the claims.

Claims (8)

1. A method of validating a robot joint communication system model, the method comprising:
judging whether a time automaton model of a communication node in the robot joint communication system meets correctness constraints or not;
if the correctness constraint is not met, reconstructing a time automaton model of a communication node in the robot joint communication system;
if the correctness constraint is met, judging whether a time automaton model of the communication node meets the real-time constraint;
if the real-time constraint is met, ending the operation;
if the real-time constraint is not met, correcting the original priority of the data frame transmission of the communication node to be the highest priority, and after the data frame transmission of the communication node is finished, restoring the priority of the data frame transmission of the communication node to be the original priority of the data frame transmission of the communication node;
the communication node transmits data frames by using the CAN bus.
2. The method of claim 1, wherein reconstructing the temporal automaton model for the communication node in the robotic joint communication system comprises:
and constructing a time robot model of the communication nodes in the robot joint communication system by using a UPPAAL tool according to the running state of the communication nodes in the robot joint communication system.
3. The method of claim 1, wherein determining whether a time robot model of a middle communication node of the robotic joint system satisfies correctness constraints comprises:
when a UPPAAL tool is used for detecting that the time automaton model of the communication node meets all constraint indexes, the time automaton model meets correctness constraints; otherwise, the correctness constraint is not satisfied;
the constraint indexes comprise that the time automaton model is in an unlocking state, the time automaton model is in a state that the joint communication nodes can successfully receive the control command sent by the main controller, the communication nodes with different priorities of the time automaton model can feed back information to the main controller, the time automaton model is in a state that the joint communication nodes can not communicate among the lower joint communication nodes, the time automaton model is in a state that only one communication node transmits data on a bus at the same moment, the time automaton model is in a state that a plurality of communication nodes request to send data at the same moment, and the time automaton model is in a state that the bus right can be always obtained by the nodes with high priorities.
4. The method of claim 1, wherein said determining whether the time automaton model of the communication node satisfies a real-time constraint comprises:
and detecting whether the number of times of arbitration failure of data frame transmission requests of the time automaton model of the communication node exceeds a threshold value or not by using a UPPAAL tool, if so, not meeting the real-time constraint, and if not, meeting the real-time constraint.
5. A verification system for a robot joint communication system model, the system comprising:
the first judgment unit is used for judging whether a time automaton model of a communication node in the robot joint communication system meets correctness constraint or not;
the construction unit is used for reconstructing a time automaton model of a communication node in the robot joint communication system if the correctness constraint is not met;
the second judgment unit is used for judging whether the time automaton model of the communication node meets the real-time constraint or not if the correctness constraint is met;
an ending unit, configured to end the operation if the real-time constraint is satisfied;
the correcting unit is used for correcting the original priority of the data frame transmission of the communication node to be the highest priority if the real-time constraint is not met, and restoring the priority of the data frame transmission of the communication node to be the original priority of the data frame transmission of the communication node after the data frame transmission of the communication node is finished;
the communication node transmits data frames by using the CAN bus.
6. The system of claim 5, wherein the building unit comprises:
the method is used for constructing the time robot model of the communication nodes in the robot joint communication system by using the UPPAAL tool according to the running state of the communication nodes in the robot joint communication system.
7. The system of claim 5, wherein the first determining unit comprises:
the judging module is used for judging whether the time automata model of the communication node meets the correctness constraint when the UPPAAL tool is used for detecting that the time automata model meets all constraint indexes; otherwise, the correctness constraint is not satisfied; and the constraint indexes comprise that the time automaton model is in an unlocking state, the time automaton model is in a state that the joint communication node can successfully receive a control command sent by the main controller, the communication nodes with different priorities of the time automaton model can feed back information to the main controller, the time automaton model is in a state that the joint communication nodes can not communicate with each other, the time automaton model is in a state that only one communication node transmits data on a bus at the same moment, the time automaton model is in a state that a plurality of communication nodes request to send data at the same moment, and the time automaton model is in a state that the bus right can be always obtained by the high-priority node.
8. The system of claim 5, wherein the second determination unit comprises:
and detecting whether the number of times of arbitration failure of data frame transmission requests of the time automaton model of the communication node exceeds a threshold value or not by using a UPPAAL tool, if so, not meeting the real-time constraint, and if not, meeting the real-time constraint.
CN201711427979.0A 2017-12-26 2017-12-26 Verification method and system for robot joint communication system model Active CN108199940B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711427979.0A CN108199940B (en) 2017-12-26 2017-12-26 Verification method and system for robot joint communication system model

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711427979.0A CN108199940B (en) 2017-12-26 2017-12-26 Verification method and system for robot joint communication system model

Publications (2)

Publication Number Publication Date
CN108199940A CN108199940A (en) 2018-06-22
CN108199940B true CN108199940B (en) 2021-07-20

Family

ID=62584069

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711427979.0A Active CN108199940B (en) 2017-12-26 2017-12-26 Verification method and system for robot joint communication system model

Country Status (1)

Country Link
CN (1) CN108199940B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111614573B (en) * 2020-02-04 2022-05-06 华东师范大学 Formalized analysis method for scheduling and traffic shaping mechanism of time-sensitive network
CN111682992A (en) * 2020-06-03 2020-09-18 西安奇维科技有限公司 Serial bus design method of dynamic priority
CN113127344B (en) * 2021-04-06 2023-06-09 华东师范大学 Formalized modeling and verification method for ROS (reactive oxygen species) bottom communication mechanism
CN113400310B (en) * 2021-06-28 2022-07-05 首都师范大学 Formal verification method for dexterous hand inverse kinematics of three-finger robot and electronic equipment

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101551250A (en) * 2008-04-02 2009-10-07 南开大学 Mobile robot landmark dynamic configuration method and device searching facing to unknown environments
CN102567163A (en) * 2011-12-16 2012-07-11 华东师范大学 Method for identifying cooperative behaviors of components of real-time embedded system based on UPPAAL tool
CN106292543A (en) * 2015-05-14 2017-01-04 宁波舜宇光电信息有限公司 Multi-axis motion controller based on FPGA and application thereof
CN106528970A (en) * 2016-10-31 2017-03-22 耿生玲 CPS modeling and property verification method based on possibility space-time hybrid automaton

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8265793B2 (en) * 2007-03-20 2012-09-11 Irobot Corporation Mobile robot for telecommunication

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101551250A (en) * 2008-04-02 2009-10-07 南开大学 Mobile robot landmark dynamic configuration method and device searching facing to unknown environments
CN102567163A (en) * 2011-12-16 2012-07-11 华东师范大学 Method for identifying cooperative behaviors of components of real-time embedded system based on UPPAAL tool
CN106292543A (en) * 2015-05-14 2017-01-04 宁波舜宇光电信息有限公司 Multi-axis motion controller based on FPGA and application thereof
CN106528970A (en) * 2016-10-31 2017-03-22 耿生玲 CPS modeling and property verification method based on possibility space-time hybrid automaton

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
《基于UPPAAL的认知机器人控制行为建模与验证》;巩卫卫,李晓娟等;《小型微型计算机系统》;20160615;第37卷(第6期);第1279-1283页 *

Also Published As

Publication number Publication date
CN108199940A (en) 2018-06-22

Similar Documents

Publication Publication Date Title
CN108199940B (en) Verification method and system for robot joint communication system model
CN109814905B (en) Software upgrading method and device based on blockchain
CN102033543B (en) Method and system for automatic test-case generation for distributed embedded systems
CN108459966B (en) Method, device and equipment for scheduling test components and computer readable storage medium
WO2019104713A1 (en) Machine learning method, master node, work node, and system
CN111859832B (en) Chip simulation verification method and device and related equipment
Jiang et al. Safety-assured model-driven design of the multifunction vehicle bus controller
Pan et al. Modeling and verification of CAN bus with application layer using UPPAAL
CN113051019A (en) Flow task execution control method, device and equipment
CN114513404A (en) Configuration method and device of time-sensitive network and computer-readable storage medium
CN105468507A (en) Branch fulfillment detection method and apparatus
CN113658351A (en) Product production method and device, electronic equipment and storage medium
CN115657646B (en) Test method and device of CAN controller
CN115993937A (en) Method and device for realizing simulation environment of multi-process solid state disk
CN114697270B (en) Arbitration method, system, equipment and medium based on EPA network model
CN103970653A (en) Sensor network software accessibility verification method
CN108681445A (en) A kind of PLC program design method based on Timed Automata
CN115202949A (en) Chip signal monitoring device and method, computer equipment and storage medium
Ran et al. Modeling and verifying the TTCAN protocol using timed CSP
Keating et al. Model checking a TTCAN implementation
Lekidis et al. A model-based design flow for CAN-based systems
CN113687927A (en) Method, device, equipment and storage medium for scheduling and configuring flash tasks
KR101125365B1 (en) Integrated design method of communication protocols with sdl-opnet co-simmulation technique
WO2017193287A1 (en) Method, device and system for debugging multicore processor
Al-Bataineh et al. Formal modeling and analysis of a distributed transaction protocol in uppaal

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CB03 Change of inventor or designer information
CB03 Change of inventor or designer information

Inventor after: Li Xiaojuan

Inventor after: Liu Yongmei

Inventor after: Wu Minhua

Inventor after: Guan Yong

Inventor after: Meng Yao

Inventor after: Wang Rui

Inventor after: Shi Zhiping

Inventor after: Zhang Qianying

Inventor after: Shao Zhenzhou

Inventor after: Zhang Jie

Inventor after: Wang Guohui

Inventor before: Li Xiaojuan

Inventor before: Wang Guohui

Inventor before: Liu Yongmei

Inventor before: Wu Minhua

Inventor before: Guan Yong

Inventor before: Meng Yao

Inventor before: Wang Rui

Inventor before: Shi Zhiping

Inventor before: Zhang Qianying

Inventor before: Tan Jindong

Inventor before: Shao Zhenzhou

Inventor before: Zhang Jie