Parent Directory | Revision Log

Revision **8** -
(**show annotations**)
(**download**)
(**as text**)

*Fri Oct 7 03:14:27 2016 UTC*
(7 years, 7 months ago)
by *dashley*

File MIME type: application/x-tex

File size: 43536 byte(s)

File MIME type: application/x-tex

File size: 43536 byte(s)

Commit of Ph.D. topic proposal.

1 | %$Header: /home/dashley/cvsrep/e3ft_gpl01/e3ft_gpl01/dtaipubs/cron/2006/phdtopicpropa/phdtopicpropa.tex,v 1.20 2006/03/27 00:10:30 dashley Exp $ |

2 | \documentclass[letterpaper,10pt,titlepage]{article} |

3 | % |

4 | %\pagestyle{headings} |

5 | % |

6 | \usepackage{amsmath} |

7 | \usepackage{amsfonts} |

8 | \usepackage{amssymb} |

9 | \usepackage[ansinew]{inputenc} |

10 | \usepackage[OT1]{fontenc} |

11 | \usepackage{graphicx} |

12 | % |

13 | \begin{document} |

14 | %----------------------------------------------------------------------------------- |

15 | \title{Ph.D. Topic Proposal} |

16 | \author{\vspace{2cm}\\David T. Ashley\\\texttt{dta@e3ft.com}\\\vspace{2cm}} |

17 | \date{\vspace*{8mm}\small{Version Control $ $Revision: 1.20 $ $ \\ |

18 | Version Control $ $Date: 2006/03/27 00:10:30 $ $ (UTC) \\ |

19 | $ $RCSfile: phdtopicpropa.tex,v $ $ \\ |

20 | \LaTeX{} Compilation Date: \today{}}} |

21 | \maketitle |

22 | |

23 | %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |

24 | % |

25 | \begin{abstract} |

26 | This document describes my Ph.D. research interests and provides |

27 | supporting information. The interests |

28 | (described in \S{}\ref{srin0}) revolve around the mathematical |

29 | basis of timed automata systems and code generation |

30 | from timed automata models. |

31 | \end{abstract} |

32 | |

33 | \clearpage{} |

34 | \pagenumbering{roman} %No page number on table of contents. |

35 | \tableofcontents{} |

36 | \clearpage{} |

37 | \listoffigures |

38 | \clearpage{} |

39 | |

40 | %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |

41 | %Force the page number to 1. We don't want to number the table of contents |

42 | %page. |

43 | % |

44 | \setcounter{page}{1} |

45 | \pagenumbering{arabic} |

46 | %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |

47 | |

48 | \section{The Timed Automata Framework} |

49 | \label{staf0} |

50 | |

51 | The framework of timed automata isn't commonplace in electrical |

52 | engineering, so this section provides |

53 | a description. |

54 | |

55 | |

56 | %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |

57 | |

58 | \subsection{The Framework} |

59 | \label{staf0:stfw0} |

60 | |

61 | The formal framework of timed automata consists of systems of |

62 | automatons, each with discrete states, transitions, and |

63 | timers that can be reset to zero on transitions. |

64 | |

65 | The framework includes synchronization mechanisms between automatons (i.e. |

66 | automatons may interact in well-defined ways)\@. Synchronization mechanisms |

67 | consist of ``soft'' synchronization mechanisms and ``hard'' synchronization |

68 | mechanisms. |

69 | |

70 | \begin{itemize} |

71 | \item \emph{Soft} synchronization mechanisms involve one automaton having transition |

72 | functions that involve the discrete state or timers of another automaton. |

73 | \item \emph{Hard} synchronization mechanisms involve events. The semantics |

74 | of an event require two or more |

75 | automatons to make corresponding transitions at exactly the same time. |

76 | \end{itemize} |

77 | |

78 | The details of the framework aren't especially important, |

79 | and there are several |

80 | variations on the framework\footnote{Variations include |

81 | substates, differences in the semantics of events, and dynamics that go beyond |

82 | $\dot{t} = 1$ (i.e. hybrid systems).} that don't change the essential properties. |

83 | |

84 | The essential properties of the framework (that don't change with the variations) are: |

85 | |

86 | \begin{itemize} |

87 | \item A system of timed automata that interact via synchronization |

88 | mechanisms can be mathematically combined into a single |

89 | larger automaton with a single |

90 | discrete state space. |

91 | \item There is some symbolic method of reasoning about what values |

92 | timers can attain in each discrete state (polytopes, DBMs, etc.). |

93 | \item The symbolic reasoning about timer values often allows reasoning about |

94 | properties of the system (reachability, liveness, etc.). |

95 | \end{itemize} |

96 | |

97 | Timed automata are recognizeable to any embedded software engineer as |

98 | ``state machines''. A typical automotive embedded system consists of many |

99 | features and software components involving discrete state. For example, |

100 | software to control an automobile drivetrain with features like automatic 4-wheel drive |

101 | as well as sensor and actuator failure modes tends to have a very large discrete |

102 | space. |

103 | |

104 | As a contrived example of a system of timed automata, consider the problem of |

105 | controlling a drawbridge with one motor and two limit switches so that it goes up and down |

106 | with period $K_D + K_U$ (Fig. \ref{fig:staf0:stfw0:000}). |

107 | |

108 | \begin{figure} |

109 | \centering |

110 | \includegraphics[width=4.0in]{system01.eps} |

111 | \caption{Example Timed Automata System (Drawbridge Control)} |

112 | \label{fig:staf0:stfw0:000} |

113 | \end{figure} |

114 | |

115 | Assume that when raising the drawbridge, it is adequate to energize the motor |

116 | until the limit switch $U$ closes. However, when closing the drawbridge, |

117 | it is necessary to energize the motor for time $K_L$ beyond |

118 | when the limit switch $D$ closes (the $B_{DOWNLOCK}$ state in |

119 | Fig. \ref{fig:staf0:stfw0:01}). |

120 | |

121 | One way to design such a system is with two automata |

122 | (Fig. \ref{fig:staf0:stfw0:00} and Fig. \ref{fig:staf0:stfw0:01}) interacting via |

123 | synchronization mechnisms. |

124 | |

125 | The automaton of Fig. \ref{fig:staf0:stfw0:00} alternates between two |

126 | states with period $K_D + K_U$. At any point in time, the state of this |

127 | automaton indicates whether the drawbridge should be down or up. |

128 | |

129 | \begin{figure} |

130 | \centering |

131 | \includegraphics[height=2.5in]{exta01.eps} |

132 | \caption{Example Timed Automaton (Drawbridge Target Position Determination)} |

133 | \label{fig:staf0:stfw0:00} |

134 | \end{figure} |

135 | |

136 | The automaton of Fig. \ref{fig:staf0:stfw0:01} directly |

137 | determines the energization of the bridge motor as a function of |

138 | the limit switches $D$ and $U$, the discrete state of the automaton |

139 | of Fig. \ref{fig:staf0:stfw0:00}, and time. |

140 | In the $B_{IDLE}$ state, the motor is deenergized. |

141 | In the $B_{UP}$ state, the motor is energized to move the |

142 | drawbridge up. In the $B_{DOWN}$ and $B_{DOWNLOCK}$ states, |

143 | the motor is energized to move the drawbridge down. |

144 | |

145 | \begin{figure} |

146 | \centering |

147 | \includegraphics[width=4.6in]{exta02.eps} |

148 | \caption{Example Timed Automaton (Drawbridge Motor Control)} |

149 | \label{fig:staf0:stfw0:01} |

150 | \end{figure} |

151 | |

152 | Mathematically, the automata of Figs. |

153 | \ref{fig:staf0:stfw0:00} |

154 | and |

155 | \ref{fig:staf0:stfw0:01} can be combined to give the automaton of |

156 | Fig. \ref{fig:staf0:stfw0:02}\@. This mathematical operation is sometimes called the |

157 | ``shuffle'' operation. |

158 | |

159 | \begin{figure} |

160 | \centering |

161 | \includegraphics[width=4.6in]{exta03.eps} |

162 | \caption{Example Timed Automaton (Shuffle of Fig. \ref{fig:staf0:stfw0:00} and Fig. \ref{fig:staf0:stfw0:01})} |

163 | \label{fig:staf0:stfw0:02} |

164 | \end{figure} |

165 | |

166 | In Fig. \ref{fig:staf0:stfw0:02}, each of the eight discrete states |

167 | corresponds to one discrete state from Fig. \ref{fig:staf0:stfw0:00} |

168 | and one discrete state from In Fig. \ref{fig:staf0:stfw0:01}. |

169 | The initial state $A_{D}B_{IDLE}$ corresponds to the initial state |

170 | from In Fig. \ref{fig:staf0:stfw0:00} paired with the initial state |

171 | from Fig. \ref{fig:staf0:stfw0:01}. |

172 | |

173 | The noteworthy features of Fig. \ref{fig:staf0:stfw0:02} are: |

174 | |

175 | \begin{itemize} |

176 | \item It is the result of a mathematical algorithm applied to |

177 | Figs. \ref{fig:staf0:stfw0:00} and \ref{fig:staf0:stfw0:01}. |

178 | If the underlying system consisted of more than two automata, the |

179 | algorithm could be applied repeatedly to generate a single automaton with |

180 | a single large discrete state space. |

181 | \item The upper bound on the number of discrete states in the shuffle |

182 | of two automata is the product of the number of discrete states |

183 | in each. Note, however, that $A_{D}B_{UP}$ and $A_{U}B_{DOWN}$ |

184 | don't ``truly'' exist. The reason is that the synchronization |

185 | mechanisms between the two automata ensure that these states |

186 | are instantly exited as soon as they are entered. Thus, a system |

187 | of equivalent functionality can be constructed with six discrete |

188 | states rather than eight. |

189 | \end{itemize} |

190 | |

191 | Although the preceding example is contrived, it illustrates the flavor |

192 | of the framework and how separate automata with synchronization mechanisms can be |

193 | combined (and perhaps also ``separated'' or ``factored'', \S{}\ref{srin0:star0}). |

194 | |

195 | It should also be apparent that tools can verify a great deal about |

196 | the system through symbolic manipulation. Properties that can be verified |

197 | include: |

198 | |

199 | \begin{itemize} |

200 | \item \emph{Reachability:} it can be symbolically determined whether |

201 | or not each state is reachable (the algorithms involve determining |

202 | symbolically which values timers can achieve in each discrete state and |

203 | comparing that information against transition functions---some transitions |

204 | cannot ever be taken). |

205 | \item \emph{Liveness:} it can be symbolically determined whether the system |

206 | can enter a state where no inputs to the system can cause all of a |

207 | set of states to be reachable. |

208 | \end{itemize} |

209 | |

210 | The example comes \emph{very} close to the way practical |

211 | software systems are constructed. Generally, state machines in |

212 | software have transition functions that involve time and the states of |

213 | other state machines. |

214 | |

215 | |

216 | %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |

217 | |

218 | \subsection{Human Tendencies} |

219 | \label{staf0:shtd0} |

220 | |

221 | My experience in industry is that human beings do badly with the |

222 | design of stateful controllers. Typical tendencies: |

223 | |

224 | \begin{itemize} |

225 | \item \textbf{Bloating of the controller state space:} |

226 | \;It is very common for engineers to design a controller with |

227 | a discrete state space that is too large. The prototypical |

228 | example is an engineer who finds a way to implement a purely combinational |

229 | function using sequential logic. |

230 | |

231 | In the most humorous case (purely combinational logic implemented as |

232 | sequential logic), |

233 | the system usually behaves correctly. Serious software defects |

234 | most typically come about through \emph{subtle} design mistakes. A typical software defect |

235 | involves two or more software components with some interaction that enter |

236 | states such that the software can't recover. |

237 | \item \textbf{Inability to comprehend all possible behaviors of the system:} |

238 | Very stateful systems tend to be incompatible with human cognitive |

239 | ability. Even when the problem is well-defined and when the controller and |

240 | plant are operating perfectly, human beings don't do |

241 | well at considering every possible behavior. |

242 | \item \textbf{Inability to comprehend how the system may behave in the presence |

243 | of failures:} |

244 | Very stateful systems are often designed to be tolerant of certain types |

245 | of sensor and actuator failures (usually in the sense that the failures will |

246 | be detected and the system will employ a different algorithm to operate without |

247 | a specific sensor or actuator)\@. Such fault detection and tolerance |

248 | normally complicates the software design substantially. |

249 | |

250 | However, even without designed-in fault tolerance, there is the need to |

251 | design controllers to tolerate the faults that can occur in any practical system. |

252 | Specific scenarios that must be tolerated: |

253 | |

254 | \begin{itemize} |

255 | \item Spurious reset of the controller (which will normally reset the controller |

256 | to its initial state but leave the plant undisturbed). (This directly implies that |

257 | the system must recover from the initial state of the controller combined with |

258 | any state of the plant.) |

259 | \item State upset of the controller (due to electrical noise, internal software errors, |

260 | etc.). (This directly implies that the system must recover from any state of |

261 | the controller combined with any state of the plant.) |

262 | \end{itemize} |

263 | |

264 | Except in simple cases, human beings don't have the cognitive capacity to consider |

265 | all possible behaviors when both the controller and the plant may start in any state. |

266 | \end{itemize} |

267 | |

268 | One example that comes to mind from product development is an automobile transfer case controller |

269 | where it was discovered that if the electrical connector was removed, the transfer case mechanical |

270 | components repositioned, and the electrical connection restored; the controller would not |

271 | recover into normal operation. Human beings are not good at mentally exploring all possibilities, and even |

272 | a disciplined manual process can't be used because the combinations sometimes number in the thousands |

273 | or more. A mathematical framework and tool support are required. |

274 | |

275 | |

276 | %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |

277 | |

278 | \subsection{Code Generation} |

279 | \label{staf0:scgn0} |

280 | |

281 | In most engineering environments, software is generated |

282 | from software designs that involve timed automata. (Some of the techniques |

283 | used to create compact code are described in \S{}\ref{sfrr0}.) |

284 | |

285 | For some types of systems, there has been success in using |

286 | existing tools to generate code directly from the software design |

287 | (using tool chains from \emph{The Math Works} or \emph{I-Logix}). It is, |

288 | however, known from experience that a clever human programmer can generate |

289 | more compact code than any existing tool; so code generation tools have |

290 | not penetrated cost-sensitive automotive products involving 32K of FLASH or less. |

291 | |

292 | There are two primary arguments against manual generation of code: |

293 | |

294 | \begin{itemize} |

295 | \item Code is redundant with respect to a software design. |

296 | In general, it does not make economic sense to maintain redundant |

297 | information using human labor. |

298 | \item The act of optimizing implementations typically destroys the |

299 | clear relationship between design and code. Furthermore, changes |

300 | to the design---sometimes even small ones---can invalidate the |

301 | mathematical basis for certain optimizations. Optimized code becomes |

302 | unmaintainable. It would be more economical to evaluate the viability |

303 | of optimizations and to generate code using software tools (rather than |

304 | human labor). |

305 | \end{itemize} |

306 | |

307 | |

308 | %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |

309 | |

310 | \subsection{Formal Verification of Properties} |

311 | \label{staf0:svpr0} |

312 | |

313 | Typical design tools provide simulation capability, and there is a large |

314 | body of theory and best practice about how to design test cases based on |

315 | a stateful design. |

316 | |

317 | Still, the following problems remain: |

318 | |

319 | \begin{itemize} |

320 | \item Systems with a large discrete state space elude human |

321 | understanding. |

322 | \item It is very laborious to test systems with a large discrete |

323 | state space. |

324 | \item It isn't possible to fully test systems with a large |

325 | discrete state space. |

326 | \item It is possible (and common) to make a good faith effort at |

327 | comprehensively testing systems but still to overlook |

328 | unacceptable behavior. |

329 | \end{itemize} |

330 | |

331 | \emph{Simulation and testing are not enough.} For complex safety-critical |

332 | systems, simulation and testing do not provide enough assurance about the |

333 | behavior of the system. |

334 | |

335 | Formal verification of properties would involve making mathematical assertions |

336 | about how the system must and must not behave, and then allowing |

337 | tools to verify the properties. |

338 | |

339 | Possible types of properties: |

340 | |

341 | \begin{itemize} |

342 | \item \emph{Required behavior:} |

343 | For example: \emph{When the brake pedal switch is closed, |

344 | the brake lights must always come on within 200ms.} |

345 | \item \emph{Required absence of behavior:} |

346 | For example: \emph{The airbags can never deploy without at least one |

347 | body deformation sensor indicating body deformation.} |

348 | \item \emph{Liveness:} |

349 | For example: \emph{A certain set of states is always reachable by manipulating certain |

350 | inputs.} |

351 | \end{itemize} |

352 | |

353 | The only tool I'm aware of that allows formal verification of properties |

354 | is UPPAAL. However, the modeling framework of |

355 | UPPAAL isn't rich enough to support practical embedded systems.\footnote{The |

356 | tool chains from \emph{The Math Works} and \emph{I-Logix} don't attempt |

357 | formal verification at all.} |

358 | |

359 | I would tend to view formal verification of properties as a last line of defense |

360 | against egregious software defects (i.e. as a practice that cannot stand alone)\@. |

361 | Formal verification should be combined with all other known |

362 | best practices. |

363 | |

364 | |

365 | %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |

366 | |

367 | \section{FLASH/ROM Reduction Techniques} |

368 | \label{sfrr0} |

369 | |

370 | In this section, I mention some of the FLASH/ROM reduction techniques |

371 | used by human programmers. Important points: |

372 | |

373 | \begin{itemize} |

374 | \item All of the techniques have a mathematical basis. |

375 | \item The techniques are complex to apply and best carried out by tools. |

376 | \item The mathematical basis of the techniques is non-trivial. There are |

377 | many unexplored corners. |

378 | \item The techniques distort the correspondence (i.e. the resemblance) |

379 | between design and code, and make code unmaintainable (it would be |

380 | better only to generate code from designs and never to maintain |

381 | code directly). |

382 | \end{itemize} |

383 | |

384 | The list of techniques presented is not exhaustive (far more techniques |

385 | exist). |

386 | |

387 | %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |

388 | |

389 | \subsection{General Paradigm of Software Construction for Small Microcontrollers} |

390 | \label{sfrr0:sgsc0} |

391 | |

392 | This discussion is confined entirely to systems where a stateful design is |

393 | implemented directly as code (with no tabulation or compression of the design). |

394 | Other paradigms are possible. For example, at least one tool on the market implements |

395 | stateful designs as state transition tables that are evaluated at runtime by |

396 | a table interpreter. My experience with these types of systems is that there |

397 | is always a real-time performance penalty (but certainly not always a |

398 | FLASH penalty). My research interests do also include event-driven systems |

399 | and systems where the design is not implemented directly as code; but these |

400 | systems are not mentioned for brevity. |

401 | |

402 | The most common paradigm for small systems is ``\emph{a collection of cooperating |

403 | timed automatons}''. The most typical abstraction of these systems is a data-flow |

404 | diagram, with RAM variables (i.e. global variables) used as the interfaces. |

405 | |

406 | There is a body of theory and best practice about what separates good software designs |

407 | and implementations from bad (Parnas and the classic coupling and cohesion spectrums |

408 | come to mind). However, in small systems, it simply isn't possible to |

409 | implement the systems using classic ``good'' programming practice---formal parameters, |

410 | pointer dereferencing, and access to variables in stack frames all bloat |

411 | FLASH size under the weak instruction sets typical of small microcontrollers. |

412 | |

413 | It is helpful to take a step back and consider the possibility that global variables |

414 | (the second-strongest form of coupling in the classic coupling spectrum) aren't |

415 | inherently harmful; but rather that it is the way in which global variables are |

416 | typically used that causes harm. The harmful aspects of global variables |

417 | seem to be: |

418 | |

419 | \begin{itemize} |

420 | \item If global variables are tested \emph{and assigned} in more than place, |

421 | the variable actually becomes an automaton and adds to the |

422 | state space of the system. |

423 | \item Global variables lead to unrestrained connectivity: \emph{any} |

424 | software component can access the variables. Additionally, |

425 | state is not ``shed'' as functions return (as happens with formal |

426 | parameters and local variables)\@. This leads to connectivity |

427 | that often skips levels of the calling tree (making it very |

428 | difficult to understand the software). |

429 | \end{itemize} |

430 | |

431 | Small systems often have design rules to mitigate the harmful aspects of |

432 | global variables. The design rules tend to involve these restrictions: |

433 | |

434 | \begin{itemize} |

435 | \item A global variable used as an interface can be assigned by only one |

436 | software component (a 1-writer, $n$-reader restriction). |

437 | \item A global variable used as an interface has its readers/writers |

438 | represented in design documentation (so that the connectivity |

439 | created by the global variable isn't accidental or unrestrained). |

440 | \end{itemize} |

441 | |

442 | The design rules typically also include provisions for global variables |

443 | used as interfaces that are tested and assigned by more than one software |

444 | component (i.e. interface automatons). The simplest example of such an |

445 | interface is a semaphore that is |

446 | set \emph{T} by one software component and tested and set \emph{F} by |

447 | another software component, but the design rules are far more general. |

448 | |

449 | Note that tools can be used to allow a system to be phrased in a way |

450 | consistent with the traditional coupling spectrum but implemented |

451 | efficiently for small microcontrollers. For example, some compilers |

452 | are able to analyze the calling tree and place variables of storage |

453 | class \emph{automatic} into statically overlaid\footnote{Statically overlaid |

454 | based on the calling tree: one function's automatic variables can be overlaid |

455 | with another only if an analysis of the calling tree determines that |

456 | the two functions cannot be active at the same time.} areas of memory rather than |

457 | in a stack frame. Similar tool support could be developed for the notion of |

458 | \emph{automatic} bitfields and to restrain the connectivity introduced |

459 | by global variables to be consistent with the product design. |

460 | |

461 | |

462 | %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |

463 | |

464 | \subsection{Near versus Far (Addressing Modes)} |

465 | \label{sfrr0:snvf0} |

466 | |

467 | Most small microcontrollers (TMS370C8, 68HC05, etc.) have two |

468 | non-indexed addressing modes, typically called \emph{direct} and |

469 | \emph{extended}. Instructions using the direct addressing mode typically |

470 | have the address encoded as a single byte, and can address only locations |

471 | \$00 through \$FF\@. Instructions using the extended addressing mode |

472 | typically have the address encoded as two bytes, and can address |

473 | locations \$0000 through \$FFFF. |

474 | |

475 | For lack of better nomenclature, I'll call the RAM locations that can be addressed |

476 | using short instructions \emph{near} RAM, and the RAM locations that require |

477 | long instructions \emph{far} RAM. |

478 | |

479 | When fixed RAM locations are used as interfaces (\S{}\ref{sfrr0:sgsc0}), |

480 | one can save substantial FLASH by allocating the variables that are |

481 | referenced most often throughout the software into near RAM. |

482 | |

483 | In automotive software, variables such as gearshift position and vehicle speed |

484 | are typically referenced many times throughout FLASH. Most programmers |

485 | would automatically place these into near RAM. |

486 | |

487 | However, for most variables, it isn't obvious whether these should be placed |

488 | into near or far RAM. |

489 | |

490 | Software developers often write small utility programs to scan all software |

491 | modules to determine the number of references to each variable. This information |

492 | is then used to allocate the variables with the most references into near RAM. |

493 | |

494 | The FLASH savings from using this technique is typically large. As an example, |

495 | assume there are ten variables each referenced 50 times throughout the software. |

496 | The savings of placing these variables into near RAM versus far RAM is |

497 | typically about $50 \times 10 = 500$ bytes of FLASH (more than 1\% of a |

498 | 32K FLASH). |

499 | |

500 | |

501 | %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |

502 | |

503 | \subsection{Treatment of Time} |

504 | \label{sfrr0:stot0} |

505 | |

506 | The way that time is measured is usually the single most important decision |

507 | in a small embedded system. Typically, many software components have to |

508 | measure time intervals, so a suboptimal decision about the mechanisms |

509 | greatly increases FLASH consumption. |

510 | |

511 | The best mechanism known is to arrange all software timers into |

512 | binary decades and to decrement the timers en masse |

513 | (Fig. \ref{fig:sfrr0:stot0:00}). |

514 | |

515 | \begin{figure} |

516 | \begin{small} |

517 | \begin{verbatim} |

518 | unsigned char modulo_counter; |

519 | unsigned char timers_modulo_1[MOD1_COUNT]; |

520 | unsigned char timers_modulo_2[MOD2_COUNT]; |

521 | unsigned char timers_modulo_4[MOD4_COUNT]; |

522 | |

523 | void decrement_timers(void) |

524 | { |

525 | int i; |

526 | |

527 | modulo_counter++; |

528 | |

529 | for (i=0; i<sizeof(timers_modulo_1)/sizeof(timers_modulo_1[0]); i++) |

530 | { |

531 | if (timers_modulo_1[i]) |

532 | timers_modulo_1[i]--; |

533 | } |

534 | |

535 | if (modulo_counter & 0x01) |

536 | { |

537 | for (i=0; i<sizeof(timers_modulo_2)/sizeof(timers_modulo_2[0]); i++) |

538 | { |

539 | if (timers_modulo_2[i]) |

540 | timers_modulo_2[i]--; |

541 | } |

542 | } |

543 | |

544 | if (modulo_counter & 0x02) |

545 | { |

546 | for (i=0; i<sizeof(timers_modulo_4)/sizeof(timers_modulo_4[0]); i++) |

547 | { |

548 | if (timers_modulo_4[i]) |

549 | timers_modulo_4[i]--; |

550 | } |

551 | } |

552 | } |

553 | \end{verbatim} |

554 | \end{small} |

555 | \caption{Software Timers Decremented En Masse} |

556 | \label{fig:sfrr0:stot0:00} |

557 | \end{figure} |

558 | |

559 | When software components must measure time, a byte |

560 | (\texttt{timers\_modulo\_4[2]}, for example) is set to a non-zero value. |

561 | A separate software component, usually resembling Fig. \ref{fig:sfrr0:stot0:00} but often |

562 | implemented in assembly-language, |

563 | decrements the byte, but not below zero. |

564 | A test against zero will determine if the time period has expired. |

565 | |

566 | The single-byte mechanism combined with binary decades allows any time period |

567 | to be measured within 1:128. For example, assume that the binary decades are |

568 | $2^q \times 1ms$ (1ms, 2ms, 4ms, etc.) and then that |

569 | we wish to measure a time period of 30 minutes. Then |

570 | |

571 | \begin{equation} |

572 | 255 (2^q) \geq 1,800,000 |

573 | \end{equation} |

574 | |

575 | \begin{equation} |

576 | q = \left\lceil \log_2 \frac{1,800,000}{255} \right\rceil = 13 |

577 | \end{equation} |

578 | |

579 | A timer resolution of $2^{13} = 8,192$ms with a count of 219 or 220 would in practice be used. |

580 | For most automotive applications, measuring 30 minutes within 8 seconds is acceptable. |

581 | |

582 | It is noteworthy that using coarse software timers introduces nondeterminism |

583 | into the system (although I've never seen a problem in practice) and probably requires |

584 | some adjustment to timed automata algorithms used for verification of properties. |

585 | |

586 | |

587 | %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |

588 | |

589 | \subsection{Bitfields of Size One} |

590 | \label{sfrr0:sbfi0} |

591 | |

592 | Many small microcontrollers possess extremely efficient instructions |

593 | for clearing, setting, and testing individual bits of RAM (especially near |

594 | bits). It isn't uncommon for a microcontroller to have an instruction that |

595 | will test a bit and conditionally branch. |

596 | |

597 | Note that economies apply only to bitfields of size one. Bitfields of |

598 | other sizes require the compiler to mask and shift to obtain the value of the |

599 | bitfield, then to shift and mask to store the value back. |

600 | |

601 | The economy of bitfields of size one has several implications for the construction |

602 | of embedded software. |

603 | |

604 | \begin{itemize} |

605 | \item Variables that are conceptually Boolean should never be |

606 | maintained as full bytes. Bitfields are more efficient, both |

607 | in FLASH and RAM. |

608 | \item In many cases, it is most efficient to maintain discrete state as |

609 | bitfields rather than as a byte. A state machine with three |

610 | discrete states is often most effectively implemented as two |

611 | bitfields with state assignments 0/0, 0/1, and 1/X. |

612 | \item It is often most effective to evaluate common Boolean subexpressions and store |

613 | the results in bitfields (\S{}\ref{sfrr0:scse0}). |

614 | \end{itemize} |

615 | |

616 | |

617 | %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |

618 | |

619 | \subsection{Equivalence Classing of Discrete States} |

620 | \label{sfrr0:secd0} |

621 | |

622 | The most obvious way to construct a state machine in software is shown in |

623 | Fig. \ref{fig:sfrr0:secd0:00}. Discrete state is maintained |

624 | as a byte, and each state has a value $\in \{0, \ldots{}, 255\}$. |

625 | |

626 | \begin{figure} |

627 | \begin{small} |

628 | \begin{verbatim} |

629 | switch (state) |

630 | { |

631 | default: |

632 | case 0: |

633 | { |

634 | if (some_transition_condition) |

635 | { |

636 | state = 1; |

637 | } |

638 | break; |

639 | } |

640 | case 1: |

641 | { |

642 | if (some_other_transition_condition) |

643 | { |

644 | state = 0; |

645 | } |

646 | break; |

647 | } |

648 | case 2: |

649 | { |

650 | ... |

651 | break; |

652 | } |

653 | } |

654 | \end{verbatim} |

655 | \end{small} |

656 | \caption{Most Obvious Construction of State Machine in Software} |

657 | \label{fig:sfrr0:secd0:00} |

658 | \end{figure} |

659 | |

660 | The shortcoming of the approach shown in Fig. \ref{fig:sfrr0:secd0:00} is that |

661 | state machines are often accompanied by: |

662 | |

663 | \begin{itemize} |

664 | \item Combinational logic that implements combinational functions involving |

665 | the discrete state of the state machine being considered. |

666 | \item Transition functions in other state machines that depend on the discrete |

667 | state of the state machine being considered. |

668 | \end{itemize} |

669 | |

670 | |

671 | \begin{figure} |

672 | \begin{small} |

673 | \begin{verbatim} |

674 | if ( |

675 | (state == 0) || (state == 13) || (state == 18) || (state == 30) |

676 | || (state == 31) || (state == 51) || (state == 99) |

677 | ) |

678 | \end{verbatim} |

679 | \end{small} |

680 | \caption{Typical Test for Membership in a Set of Discrete States} |

681 | \label{fig:sfrr0:secd0:01} |

682 | \end{figure} |

683 | |

684 | This can often lead to tests of the form shown in |

685 | Fig. \ref{fig:sfrr0:secd0:01}. |

686 | Such tests are very expensive, both in FLASH consumption and in execution time. |

687 | A typical compiler must generate many compare instructions. |

688 | |

689 | One can make the observation that there are many machine instructions that |

690 | create equivalence classes within $\mathbb{Z}^+$: |

691 | |

692 | \begin{itemize} |

693 | \item An \emph{AND \#1} instruction may create equivalence classes such as |

694 | \{0, 2, 4, \ldots{}\} versus \{1, 3, 5, \ldots{}\}. Other \emph{AND} instructions |

695 | can create more complex equivalence classes. |

696 | \item A \emph{CMP \#n} instruction usually creates three equivalence classes: the integers less than $n$, |

697 | $n$, and the integers greater than $n$. |

698 | \item There are other machine instructions that create different equivalence classes. |

699 | \end{itemize} |

700 | |

701 | The critical question is whether one can assign discrete state values so as to |

702 | make the best utilization of the equivalence classes that machine instructions |

703 | naturally create. For example, if a test for 10 distinct discrete states occurs |

704 | many places in the software, it would make sense to try to assign these |

705 | state values so that they are part of an equivalence class that can be |

706 | identified immediately by one or two machine instructions. |

707 | |

708 | It should be obvious that if many different tests of discrete state are involved, |

709 | identifying an optimal or near-optimal assignment of discrete state values and |

710 | the accompanying tests would be very difficult to do by hand. This type of |

711 | optimization is best done by software tools. |

712 | |

713 | |

714 | %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |

715 | |

716 | \subsection{Ordering of Transition Functions} |

717 | \label{sfrr0:sotf0} |

718 | |

719 | It often happens that transition functions have common subexpressions. |

720 | For example, consider the code snippet in Fig. \ref{fig:sfrr0:sotf0:00}. |

721 | The subexpression ``\texttt{A \&\& B}'' is common to both transitions |

722 | out of State 0. |

723 | |

724 | \begin{figure} |

725 | \begin{small} |

726 | \begin{verbatim} |

727 | switch (state) |

728 | { |

729 | default: |

730 | case 0: |

731 | { |

732 | if (A && B && C) |

733 | { |

734 | state = 1; |

735 | } |

736 | else if (A && B && !D) |

737 | { |

738 | state = 2; |

739 | } |

740 | break; |

741 | } |

742 | case 1: |

743 | { |

744 | ... |

745 | break; |

746 | } |

747 | case 2: |

748 | { |

749 | ... |

750 | break; |

751 | } |

752 | } |

753 | \end{verbatim} |

754 | \end{small} |

755 | \caption{State Machine Before Control Flow Removal of Common Subexpression} |

756 | \label{fig:sfrr0:sotf0:00} |

757 | \end{figure} |

758 | |

759 | The code can be optimized to evaluate this subexpression only once |

760 | (Fig. \ref{fig:sfrr0:sotf0:01}). |

761 | |

762 | \begin{figure} |

763 | \begin{small} |

764 | \begin{verbatim} |

765 | switch (state) |

766 | { |

767 | default: |

768 | case 0: |

769 | { |

770 | if (A && B) |

771 | { |

772 | if (C) |

773 | { |

774 | state = 1; |

775 | } |

776 | else if (!D) |

777 | { |

778 | state = 2; |

779 | } |

780 | } |

781 | break; |

782 | } |

783 | case 1: |

784 | { |

785 | ... |

786 | break; |

787 | } |

788 | case 2: |

789 | { |

790 | ... |

791 | break; |

792 | } |

793 | } |

794 | \end{verbatim} |

795 | \end{small} |

796 | \caption{State Machine After Control Flow Removal of Common Subexpression} |

797 | \label{fig:sfrr0:sotf0:01} |

798 | \end{figure} |

799 | |

800 | In the trivial case presented, it is easy to identify the subexpression |

801 | and rearrange the code so that it is evaluated only once. However, more complex cases |

802 | involve logical implication; i.e. there is not an identifiable subexpression, but there |

803 | is still a way to rearrange the code for better efficiency. Such analysis is |

804 | best done by software tools. |

805 | |

806 | |

807 | %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |

808 | |

809 | \subsection{Common Subexpression Elimination} |

810 | \label{sfrr0:scse0} |

811 | |

812 | It often occurs that the same subexpression appears in transition functions from |

813 | more than one discrete state. It can be economical to rearrange the |

814 | code to evaluate such subexpressions |

815 | only once. Two approaches occur in practice: |

816 | |

817 | \begin{itemize} |

818 | \item The subexpression is evaluated once, regardless of discrete state, and the |

819 | result is placed in a temporary variable (often a bitfield if the expression |

820 | has a Boolean result). |

821 | \item The evaluation of the subexpression is implemented as a subroutine, and |

822 | the subroutine is called from more than one transition function. |

823 | \end{itemize} |

824 | |

825 | Each of these two approaches has advantages and disadvantages. |

826 | |

827 | Identifying common subexpressions and deciding how to eliminate the FLASH |

828 | penalty associated with duplicated code is a tedious task and best done |

829 | by software tools. |

830 | |

831 | %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |

832 | |

833 | \subsection{Farey Series Approximations} |

834 | \label{sfrr0:sfsa0} |

835 | |

836 | Many modern microcontrollers have an efficient integer multiplication |

837 | instruction, and some also have an efficient integer division instruction. |

838 | Fixed-point arithmetic is the norm in small microcontroller work, and it |

839 | is common to want to approximate functions of the form |

840 | |

841 | \begin{equation} |

842 | y = r_I x |

843 | \end{equation} |

844 | |

845 | \noindent{}with $r_I \in \mathbb{R}^+$ and $x,y \in \mathbb{Z}^+$. $r_I$ is the |

846 | ``ideal'' scaling factor, which may be irrational. |

847 | |

848 | If the processor has an integer multiplication instruction but no division |

849 | instruction, it is usually most effective to choose |

850 | |

851 | \begin{equation} |

852 | r_A = \frac{h}{2^q} \approx r_I, |

853 | \end{equation} |

854 | |

855 | \noindent{}with the division by a power of two implemented via a right shift. |

856 | |

857 | However, if the processor also has an integer division instruction, we may choose |

858 | |

859 | \begin{equation} |

860 | r_A = \frac{h}{k} \approx r_I, |

861 | \end{equation} |

862 | |

863 | \noindent{}with $k$ not required to be a power of two. The specific function |

864 | implemented is usually |

865 | |

866 | \begin{equation} |

867 | y = \left\lfloor \frac{hx}{k} \right\rfloor , |

868 | \end{equation} |

869 | |

870 | \noindent{}or perhaps |

871 | |

872 | \begin{equation} |

873 | y = \left\lfloor \frac{hx + z}{k} \right\rfloor , |

874 | \end{equation} |

875 | |

876 | \noindent{}where $z \in \mathbb{Z}$ is used to shift the result so as to |

877 | provide a tighter bound on the error introduced due to truncation of the |

878 | division. |

879 | |

880 | $h$ and $k$ are constrained by the sizes of operands accepted by the |

881 | machine instructions ($h \leq h_{MAX}$ and $k \leq k_{MAX}$). |

882 | There is an algorithm from number theory (involving Farey series and |

883 | continued fractions) that will allow the selection of $h$ and $k$ subject |

884 | to the constraints. The algorithm is $O(\log N)$ and so can be applied |

885 | to find best rational approximations even for processors that accommodate |

886 | 32- or 64-bit operands.\footnote{The computational complexity of the algorithm is |

887 | a significant point, as $2^{64}$ (or $2^{128}$) is a very large number.} |

888 | |

889 | For example, the best rational approximation to $\pi$ with |

890 | numerator and denominator not exceeding $2^{16}-1$ is 65,298/20,785\@. |

891 | On a processor with a 16-bit $\times$ 16-bit multiplication instruction and a |

892 | 32-bit / 16-bit division instruction, one can approximate |

893 | |

894 | \begin{equation} |

895 | y = \pi x |

896 | \end{equation} |

897 | |

898 | \noindent{}with |

899 | |

900 | \begin{equation} |

901 | y = \left\lfloor \frac{65,\!298 x}{20,\!785} \right\rfloor |

902 | \end{equation} |

903 | |

904 | \noindent{}very efficiently (typically 2-4 machine instructions). |

905 | |

906 | |

907 | %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |

908 | |

909 | \subsection{Vertical Counters} |

910 | \label{sfrr0:svcn0} |

911 | |

912 | The traditional arrangement for sequential logic is a |

913 | \texttt{switch()} statement (this might also be called |

914 | a ``horizontal'' counter). However, in some applications that must |

915 | implement many identical sequential mappings, it is |

916 | efficient to arrange the state vector so that the state of each sequential |

917 | mapping consists of a bit in the same position from several bytes. This |

918 | is called a ``vertical'' counter.\footnote{It is suspected that the nomenclature |

919 | \emph{vertical counter} comes about because if one arranges the 0s and 1s of |

920 | bytes horizontally, the state of an individual sequential machine consists |

921 | of a vertical row of bits.} |

922 | |

923 | An example of a vertical counter application is 3/3 debouncing---a filtering |

924 | function where a discrete input must be in the same state for 3 consecutive |

925 | instants of discrete time before the output may change to that state. |

926 | |

927 | If $A$ is the most recent sample, $B$ is the next-most-recent sample, |

928 | $C$ is the oldest sample, and $O$ is the output (assumed maintained |

929 | as a RAM location) Fig. \ref{fig:sfrr0:svcn0:00} |

930 | supplies the Karnaugh map for 3/3 |

931 | debouncing. |

932 | |

933 | \begin{figure} |

934 | \centering |

935 | \includegraphics[height=2.0in]{kmap33db.eps} |

936 | \caption{Karnaugh Map Of 3/3 Debouncing} |

937 | \label{fig:sfrr0:svcn0:00} |

938 | \end{figure} |

939 | |

940 | It can be seen from the figure that the expression for the output is |

941 | |

942 | \begin{equation} |

943 | \label{eq:sfrr0:svcn0:01} |

944 | ABC + AO + BO + CO = ABC + O(A + B + C). |

945 | \end{equation} |

946 | |

947 | Intuitively, (\ref{eq:sfrr0:svcn0:01}) makes sense---the output |

948 | will be unconditionally \emph{T} if all three of the most recent samples |

949 | are \emph{T} |

950 | ($ABC$). The output will also be \emph{T} if the previous output was \emph{T} |

951 | and at least one of the most recent samples are \emph{T} [$O(A+B+C)$]---at least |

952 | one \emph{T} recent sample blocks the output from transition to \emph{F}. |

953 | |

954 | Figure \ref{fig:sfrr0:svcn0:01} supplies the C-language |

955 | code to implement 3/3 debouncing as a vertical mapping. |

956 | A C-compiler will typically implement this code very directly |

957 | using the bitwise logical instructions of the machine. |

958 | |

959 | \begin{figure} |

960 | \begin{verbatim} |

961 | /**************************************************************/ |

962 | /* Assume: */ |

963 | /* A : Most recent sample (i.e. at t(0)), arranged as */ |

964 | /* a group of 8 bits. */ |

965 | /* B : Next most recent sample t(-1). */ |

966 | /* C : Oldest sample t(-2). */ |

967 | /* output : Debounced collection of 8 bits presented to */ |

968 | /* software internals. Note that this is both */ |

969 | /* an input (to the combinational mapping) and */ |

970 | /* the new result. */ |

971 | /**************************************************************/ |

972 | |

973 | output = (A & B & C) | (output & (A | B | C)); |

974 | |

975 | /* End of code. */ |

976 | \end{verbatim} |

977 | \caption{C-Language Implementation Of 3/3 Debouncing} |

978 | \label{fig:sfrr0:svcn0:01} |

979 | \end{figure} |

980 | |

981 | |

982 | %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |

983 | |

984 | \section{Research Interests} |

985 | \label{srin0} |

986 | |

987 | This section enumerates my specific research interests. |

988 | |

989 | |

990 | %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |

991 | |

992 | \subsection{Mathematical Properties of Timed Automata Systems} |

993 | \label{srin0:star0} |

994 | |

995 | I have interest in the mathematical properties of timed automata systems, |

996 | including these questions: |

997 | |

998 | \begin{itemize} |

999 | \item Can these systems be rearranged (independent of code generation) for more |

1000 | efficient implementation? Is there some canonical form? |

1001 | \item Can an automaton be ``factored'' into components (i.e. the reverse |

1002 | operation of ``shuffle'' illustrated in Figs. |

1003 | \ref{fig:staf0:stfw0:00}, \ref{fig:staf0:stfw0:01}, and \ref{fig:staf0:stfw0:02})? |

1004 | \item Is the factorization unique\footnote{In the same sense that the |

1005 | fundamental theorem of arithmetic guarantees that a composite |

1006 | can have only one unique factorization into primes.} |

1007 | or can it be made unique according |

1008 | to some metric? |

1009 | \item Can algorithms spot suboptimal designs and coach |

1010 | human programmers?\footnote{Example of a suboptimal design: |

1011 | identical behavior could be achieved using a simpler design.} |

1012 | \end{itemize} |

1013 | |

1014 | %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |

1015 | |

1016 | \subsection{Code Generation from Systems of Timed Automata} |

1017 | \label{srin0:snvf0} |

1018 | |

1019 | I have interest in the mathematics of code generation from systems of timed |

1020 | automata. One might make the observation that all of the techniques |

1021 | described in \S{}\ref{sfrr0} are individual and seemingly disjoint techniques that |

1022 | come about through human ingenuity. I am interested in: |

1023 | |

1024 | \begin{itemize} |

1025 | \item Any unified mathematical framework that includes all of the techniques. |

1026 | For example, can one find a common framework or way of thinking that includes both |

1027 | Farey series approximations and vertical counters? |

1028 | \item Any mathematical framework that, given a smorgasbord of disjoint techniques, |

1029 | can predict how to apply them to obtain optimal results (this is also |

1030 | a function of the processor instruction set). (Cost matrices and |

1031 | least-squares methods come to mind immediately, but I'd like to examine |

1032 | this more closely.) |

1033 | \end{itemize} |

1034 | |

1035 | %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |

1036 | |

1037 | \subsection{Code Generation and Formal Verification of Properties in the Same Framework} |

1038 | \label{srin0:sgvs0} |

1039 | |

1040 | There seem to be no existing tools that will allow code generation (from |

1041 | a timed automata model) and the |

1042 | verification of formal properties in the same framework. In addition, the tools |

1043 | that do generate code (for small systems) can't optimize as effectively as a |

1044 | human programmer. With a more sound mathematical basis for optimization, |

1045 | I believe that tools should be able to optimize more effectively |

1046 | than a human programmer. |

1047 | |

1048 | %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |

1049 | |

1050 | \subsection{Enterprise Content Management} |

1051 | \label{srin0:secm0} |

1052 | |

1053 | I administer web-based version control and defect-tracking databases. This type of |

1054 | technology is critical because human beings don't deal well with complexity and |

1055 | there is the inherent need to serialize (one bug at a time, one change at a time, etc.). |

1056 | |

1057 | I have some interest in enterprise content management |

1058 | (see, for example, \emph{Alfresco}), especially the |

1059 | buy-versus-build dilemma and the difficulty |

1060 | and cost of developing custom in-house tools that are tailored to an individual |

1061 | company's processes (I have some ideas in this area). |

1062 | |

1063 | |

1064 | %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |

1065 | \end{document} |

1066 | % |

1067 | %$Log: phdtopicpropa.tex,v $ |

1068 | %Revision 1.20 2006/03/27 00:10:30 dashley |

1069 | %Presumed final edits. |

1070 | % |

1071 | %Revision 1.19 2006/03/26 23:26:23 dashley |

1072 | %Edits. |

1073 | % |

1074 | %Revision 1.18 2006/03/26 02:22:21 dashley |

1075 | %Edits. |

1076 | % |

1077 | %End of $RCSfile: phdtopicpropa.tex,v $. |

1078 |

dashley@gmail.com | ViewVC Help |

Powered by ViewVC 1.1.25 |