On Model Based Synthesis of Embedded Control Software

Many Embedded Systems are indeed Software Based Control Systems (SBCSs), that is control systems whose controller consists of control software running on a microcontroller device. This motivates investigation on Formal Model Based Design approaches for control software. Given the formal model of a plant as a Discrete Time Linear Hybrid System and the implementation specifications (that is, number of bits in the Analog-to-Digital (AD) conversion) correct-by-construction control software can be automatically generated from System Level Formal Specifications of the closed loop system (that is, safety and liveness requirements), by computing a suitable finite abstraction of the plant. With respect to given implementation specifications, the automatically generated code implements a time optimal control strategy (in terms of set-up time), has a Worst Case Execution Time linear in the number of AD bits $b$, but unfortunately, its size grows exponentially with respect to $b$. In many embedded systems, there are severe restrictions on the computational resources (such as memory or computational power) available to microcontroller devices. This paper addresses model based synthesis of control software by trading system level non-functional requirements (such us optimal set-up time, ripple) with software non-functional requirements (its footprint). Our experimental results show the effectiveness of our approach: for the inverted pendulum benchmark, by using a quantization schema with 12 bits, the size of the small controller is less than 6% of the size of the time optimal one.

💡 Research Summary

The paper addresses the growing prevalence of software‑based control systems (SBCSs) in modern embedded devices, where the controller is implemented as code running on a microcontroller. Recognizing the need for formally verified, resource‑constrained control software, the authors adopt a model‑based design methodology that starts from a formal plant model expressed as a Discrete‑Time Linear Hybrid System (DTLHS). This model captures both continuous dynamics and discrete control actions, providing a mathematically precise description of the physical process.

Given a specific implementation constraint—namely the number of bits b used by the analog‑to‑digital (AD) converter—the DTLHS is abstracted into a finite‑state model. Each continuous state variable is quantized into 2^b intervals, and the resulting abstract states form a finite transition system that conservatively over‑approximates the original dynamics. Safety (state‑invariant) and liveness (progress) specifications are supplied at the system level, and a synthesis engine automatically computes a control strategy that satisfies these specifications on the abstract model.

A key contribution of the work is the explicit trade‑off between system‑level non‑functional requirements (e.g., optimal set‑up time, allowable ripple) and software‑level non‑functional constraints (code footprint, worst‑case execution time). Prior approaches that target time‑optimal control produce a control table whose size grows exponentially with b, quickly exceeding the memory limits of typical microcontrollers. To mitigate this, the authors propose a “small controller” synthesis that relaxes certain performance margins—most notably the allowable ripple—thereby enabling a more compact representation of the control law. The resulting code retains a worst‑case execution time (WCET) that scales linearly with b, preserving real‑time guarantees, while its memory consumption scales polynomially, making it suitable for low‑resource platforms.

Experimental validation is performed on the classic inverted‑pendulum benchmark. Using a 12‑bit quantization scheme, the optimal controller occupies a large memory footprint, whereas the synthesized small controller occupies less than 6 % of that size. Despite the reduction in code size, the pendulum is still stabilized within acceptable settling time and ripple bounds, demonstrating that the performance degradation is modest compared to the substantial memory savings.

The paper also discusses practical techniques to curb state‑space explosion during abstraction. Symmetry detection eliminates redundant states, transition pruning removes infeasible edges, and a multi‑resolution quantization hierarchy allows coarse‑grained abstraction where fine precision is unnecessary. These optimizations dramatically reduce the runtime of the synthesis algorithm, making the approach feasible for real‑world design cycles.

In summary, the authors present a rigorous, automated pipeline that transforms a high‑level hybrid plant model and implementation constraints into verified control software, while explicitly balancing timing optimality against memory usage. This contribution is especially relevant for ultra‑low‑power, memory‑constrained microcontrollers that must still guarantee safety‑critical behavior. Future work may extend the methodology to nonlinear hybrid models, multi‑input‑multi‑output systems, and adaptive quantization strategies, further broadening its applicability across the embedded control domain.