

# Libraries and Learning Services

# University of Auckland Research Repository, ResearchSpace

# Version

This is the Accepted Manuscript version. This version is defined in the NISO recommended practice RP-8-2008 <u>http://www.niso.org/publications/rp/</u>

# Suggested Reference

Sinha, R., Roop, P. S., Shaw, G., Salcic, Z., & Kuo, M. M. Y. (2016). Hierarchical and Concurrent ECCs for IEC 61499 Function Blocks. *IEEE Transactions on Industrial Informatics*, *12*(1), 59-68. doi: <u>10.1109/TII.2015.2496262</u>

# Copyright

Items in ResearchSpace are protected by copyright, with all rights reserved, unless otherwise indicated. Previously published items are made available in accordance with the copyright policy of the publisher.

© 2015 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.

http://www.ieee.org/publications\_standards/publications/rights/rights\_policies.h tml

https://researchspace.auckland.ac.nz/docs/uoa-docs/rights.htm

2

22

Q1

# Hierarchical and Concurrent ECCs for IEC 61499 Function Blocks

Roopak Sinha, *Member, IEEE*, Partha S. Roop, *Member, IEEE*, Gareth Shaw, Zoran Salcic, *Senior Member, IEEE*,
 and Matthew M. Y. Kuo

5 Abstract—IEC 61499 enables component-oriented descriptions of complex industrial processes facilitating model-driven engineer-6 ing. One aspect that is lacking, however, is the ability to directly 7 8 express Statecharts-like hierarchy and concurrency within basic 9 function blocks (BFBs). Such features can significantly enhance 10 function blocks and help create more succinct and readable 11 specifications. We propose a new syntactic extension to the stan-12 dard called hierarchical and concurrent execution control chart (HCECC). A major roadblock for any suggested changes to the 13 14 standard is the need for compliance. Our approach extends the synchronous execution semantics of IEC 61499, where HCECCs 15 are purely syntactic sugar. Using a revised synchronous semantics, 16 17 our compiler generates standard compliant C code from HCECCs. Benchmarking and usability studies reveal the relative superiority 18 19 of the proposed approach over existing approaches.

20 *Index Terms*—Execution semantics, hierarchical state 21 machines, IEEE 61499, parallel execution, statecharts.

#### I. INTRODUCTION

► HE INCREASING size and complexity of industrial con-23 24 trol systems have motivated the development of new design paradigms to aid system designers. The IEC 61499 25 standard [1], [2] proposes component-oriented models called 26 function blocks for developing distributed control systems. A 27 function block describes both control and data flow within a 28 29 single module. By providing a graphical specification framework, the standard simplifies system design with a top-down 30 approach and encourages the reuse of function blocks. 31

The unit of execution in IEC 61499 is a basic function block (BFB), which executes a finite state machine (FSM) known as an execution control chart (ECC) that describes the control flow of the block. ECCs are flat Moore-machines that allow modeling of only sequential behaviors. Therefore, a basic block cannot model concurrent behaviors. In addition, ECCs do not allow users to separate high-level behavior such as initialization

Manuscript received March 21, 2014; revised August 15, 2015; accepted October 14, 2015. Paper no. TII-15-0754.R1.

R. Sinha is with the School of Computer and Mathematical Sciences, Auckland University of Technology, Auckland, New Zealand (e-mail: roopak. sinha@aut.ac.nz).

P. S. Roop, Z. Salcic, and M. M. Y. Kuo are with the Department of Electrical and Computer Engineering, University of Auckland, Auckland, New Zealand (e-mail: p.roop@auckland.ac.nz; z.salcic@auckland.ac.nz; mkuo005@ aucklanduni.ac.nz).

G. Shaw is with Fiserv New Zealand, Auckland, New Zealand (e-mail: gareth@garethnz.com).

Color versions of one or more of the figures in this paper are available online at http://ieeexplore.ieee.org.

Digital Object Identifier 10.1109/TII.2015.2496262

and error handling of a block. As a result, more states and tran-39sitions are required to describe the same behavior compared to40other graphical formalisms.41

The standard also provides CFBs that are networks of 42 interconnected function block instances. Networks model con-43 currency and structural hierarchy that basic blocks cannot 44 handle efficiently. However, networks can easily get very com-45 plex, making them difficult to design, understand, and main-46 tain. Moreover, in networks containing many function block 47 instances, a significant amount of execution time is required 48 for the flow of events and data between instances. Not only do 49 such complex networks require a long time to design manually, 50 network behavior becomes nonobvious and there is a higher 51 chance of software bugs. 52

This issue has been noted in Annex E.1 of the IEC 53 61499 draft standard [3] as well as recent scholarly work 54 [2], [4]. These works highlight the urgent need to intro-55 duce statecharts-like [5] hierarchy and parallelism within basic 56 blocks. Statecharts are extensions of FSMs that allow a single 57 FSM to contain concurrent or parallel as well hierarchical or 58 refined behaviors. Statecharts have found popular use in the 59 design of distributed control software [6]. Unfortunately, stat-60 echarts semantics [4] are incompatible with the IEC 61499 61 standard (e.g., it does not handle data flow modeling, unlike 62 IEC 61499), and currently no extension of BFBs to model 63 Statecharts exists. 64

This paper proposes the first Statecharts-like extensions 65 of IEC 61499 called hierarchical and concurrent ECCs 66 (HCECCs), which allow explicit modeling of hierarchy and 67 concurrency within a BFB using two operators: 1) parallel; and 68 2) refinement. Any nesting of these operators can be resolved 69 to a standard CFB, making HCECCs completely compliant to 70 the standard. A synchronous execution semantics [7], [8] for 71 HCECCs is proposed, which allows a complete deterministic 72 execution of HCECCs as well as standard function blocks. The 73 main contributions of this paper are formalizing IEC 61499 74 function blocks syntax and presenting a simplified synchronous 75 semantics for the execution of function blocks, formulating 76 the HCECC framework by introducing the parallel and refine-77 ment operators, and showing how HCECCs execute using the 78 proposed simplified synchronous semantics, and presenting a 79 sound translation of HCECCs into standard-compliant CFBs. 80

This paper is organized as follows. Section II presents a 81 review of related works. Section III introduces a formalism for 82 IEC 61499 and a description of the semantics for basic and 83 CFBs. HCECCs are introduced in Section IV, and Section V 84 describes their transformation to standard-compliant composite 85

1551-3203 © 2015 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission.

See http://www.ieee.org/publications\_standards/publications/rights/index.html for more information.

86 blocks. Section IV reports experimental results and Section VII
87 provides concluding remarks and future directions.

#### II. LITERATURE REVIEW

Model-driven engineering as expounded by IEC 61499 is 89 90 founded on models of computation. The standard allows modeling control flow using events and state machines within function 91 blocks, and data flow using variables and algorithms. More 92 93 recently, researchers have employed more expressive models 94 such as statecharts [9] and synchronous data flow [10], and 95 communicating sequential processes [11] for modeling control flow in industrial strength systems. Similarly, extending data 96 97 flow modeling in industrial control systems has also been studied extensively [12]. Some formalisms like \*charts (pronounced 98 starcharts) [13] have been used to combine control and data 99 flow models. However, for IEC 61499 systems, it is not possible 100 to modify the standard. 101

The existing pool of statecharts-based frameworks serves as 102 the logical starting point to build IEC 61499 compatible models 103 104 to capture concurrency and hierarchy. Statecharts extend FSMs and allow parallelism using state diagrams with broadcast-105 based communication and hierarchy using a nested structure 106 of states. statecharts are used in a wide range of applica-107 tion domains for modeling complex systems, and have been 108 109 extended to generate popular modeling frameworks such as UML statecharts [14]. Unfortunately, statecharts and current 110 variants cannot be used in IEC 61499 because model only 111 control flow and do not capture data flow. 112

The need to introduce statecharts-like extensions within 113 114 basic blocks is well documented [2]-[4]. Comparative stud-115 ies between IEC 61499 and other frameworks like UMLstatecharts [15], [16] help highlight this gap. Unfortunately, 116 existing solutions to introduce statecharts-like extensions in 117 IEC 61499 have limited scope. In [17], component interaction 118 diagrams are proposed to allow modeling UML-statecharts like 119 120 hierarchy within function block applications. However, these diagrams do not allow designers to embed concurrency and 121 hierarchy within a single function block. In [4], ECCs within 122 BFBs are extended based on the Monaco domain-specific 123 language, which models a subset of statecharts. However, 124 125 the authors discard this extension because of an inability to 126 retrieve hierarchy from flattened ECCs, and the associated re-engineering and refactoring costs. On the other hand, the 127 128 proposed framework is not domain specific, and hierarchical and concurrent behaviors can be automatically translated 129 to networks of function blocks. In [18] and [19], informal 130 131 statecharts-based extensions to basic blocks are proposed. In all cases, the issue of complying to the standard is overlooked. 132 133 Many different execution semantics of IEC 61499 have been proposed [1], [2], [20]. As compared to other semantics, 134 the synchronous semantics developed in [7] excels in many 135 136 respects. Synchronous systems execute in logical time instances called ticks. During each tick, a system reads inputs, pro-137 cesses them, and then emits outputs. A tick or macro-step is 138 atomic and instantaneous. Internally though, macro-steps are 139 140 usually sequenced into micro-steps. A micro-step pertains to a reaction of an individual component or the propagation of 141

information within the system. Synchronous systems may suf-142 fer from causality cycles caused by inter-dependent micro-steps 143 [8]. In [7], causality cycles are avoided by introducing a one-144 tick delay in communications between the blocks in a network, 145 which slows down event propagation in large networks. The 146 semantics proposed in this paper avoids causality cycles and 147 propagation by using a static schedule for executing blocks in a 148 network, following the semantics of PRET-C [21]. 149

HCECCs allow the inclusion of concurrent and hierarchical150behaviors within basic blocks, and are a subset of Statecharts151without inter-level transitions. The simplified synchronous152semantics for IEC 61499 ensure that programs can never have153causality cycles. The proposed HCECC syntax and semantics154allow translating HCECCs into standard IEC 61499 function155block networks, making them fully standard compliant.156

#### III. FORMALIZATION OF IEC 61499 157

163

173

190

This section presents the syntax and simplified synchronous semantics of IEC 61499. A baggage handling system 159 (BHS) containing many baggage entry and exit points connected via a network of conveyor belts is used as an illustrative 161 example. 162

A. Syntax

The following key concepts and notations are used in this 164 paper. A set  $A = \{a_1, \ldots, a_n\}$  is a totally ordered set *iff* for 165 any two distinct elements  $a_i, a_j \in A, a_i <_A a_j$  if i < j or other-166 wise  $a_i <_A a_i$ .  $<_A$  is the antisymmetric and transitive ordering 167 *relation* for set A. The subscript A of  $<_A$  is omitted when the 168 context is clear. The linear sum  $C = A \oplus B$  of two ordered and 169 disjoint sets A and B is the union of A and B, with A's ele-170 ments ordered as in A and B's elements ordered as in B, and 171  $a <_C b$  for every  $a \in A$  and  $b \in B$ . 172

1) Interface: All function blocks have interfaces.

Definition 1 (Function block interface): A function block 174 interface is a tuple  $\mathcal{I} = \langle E_I, V_I, \alpha_I, E_O, V_O, \alpha_O \rangle$  where  $E_I$ , 175  $V_I, E_O$ , and  $V_O$  are finite sets of input events, input variables, output events and outputs variables, respectively.  $\alpha_I \subseteq$  177  $E_I \times V_I$  and  $\alpha_O \subseteq E_O \times V_O$  are the sets of input and output 178 associations. 179

Fig. 1 shows the interface for Conveyor\_Photoeyes\_ 180 Model, which is used in the BHS to control a conveyor belt. The 181 input events and variables appear on the left side, and outputs 182 appear on the right side. Events are transient and are present in 183 time instants when they are fired and absent otherwise. This is 184 based on the well-known synchronous approach [8]. Variables 185 have persistent values. Variables are sampled or updated every 186 time an associated event is present. For example, in Fig. 1, 187 event Init is associated with the variable ConvLength. Hence, 188 *ConvLength* is sampled whenever Init is present. 189

## 2) Basic Function Block:

Definition 2 (BFB): BFB is a tuple  $\langle \mathcal{I}, L, \text{ECC} \rangle$  with inter- 191 face  $\mathcal{I}$ . The local declarations  $L = \langle V_L, A_L \rangle$  contain an internal 192 variables set  $V_L$  and a set of algorithms  $A_L$ . ECC =  $\langle S, s_0, \lambda, T \rangle$  193 is an ECC with a finite set of states S, initial state  $s_0 \in S$ , an 194 action function  $\lambda : S \to (A_L \cup E_O)^*$  mapping states to a finite 195



F1:1 Fig. 1. Function block interface.





196 sequence of algorithm executions and/or output event emis-197 sions, and the transition function  $T: S \to 2^{(E_I \cup \{1\}) \times \mathcal{B}(\hat{V}) \times S}$ . 198 Here,  $\hat{V}$  refers to the set of all combinations of valid val-199 ues of internal, input and output variables, and  $\mathcal{B}(\hat{V})$  refers 200 to all Boolean expressions over  $\hat{V}$ . The transition function is 201 restricted such that for any  $s \in S$ , T(s) is totally ordered.

202 BFB has an interface, local declarations (internal variables 203 and algorithms), and an ECC. The Conveyor\_Photoeyes\_ Model block has the interface shown in Fig. 1, three internal 204 variables BagModel, BagExited, and BagDiverted, and the set 205 of algorithms  $A_L = \{INIT, TICK, CheckDiverters, Bag$ 206 207 *Exited*, *BaqDiverted*, *BaqIn*, *BaqMerge1*}. Algorithms 208 are written using any PLC or standard languages such as C or Java. 209

Fig. 2 shows the ECC of Conveyor\_Photoeyes\_Model. The ECC in Fig. 2 contains eight states with START as the initial state (highlighted with a bold outline). Each state has associated *actions* or a sequence of algorithm executions and output event emissions. For state INIT, the actions  $\lambda(INIT) = INIT.InitO$ correspond to executing the algorithm INIT and emitting the event *InitO*. For any state s, an outgoing transition  $t \in T(s)$ 216 is described as (e, b, s') (or  $s \xrightarrow{e, b} s'$  in short-hand), where e 217 is either a triggering input event or 1 (no triggering event), 218 b is a Boolean expression evaluated on the values of inter-219 nal, input and output variables, and s' is the destination state. 220 For example, consider the transition START  $\xrightarrow{\text{Init,true}}$  INIT. The 221 triggering event is *Init*, the Boolean condition is *true*, and the 222 destination state is INIT. For any state *s* the set of transitions 223 T(s) is totally ordered. Transition order is shown in Fig. 2 224 using the labels  $\langle 0 \rangle$ ,  $\langle 1 \rangle$ ,... For example, the first transition 225 from state IDLE is to state Tick (labeled with  $\langle 0 \rangle$ ). The order is 226 omitted when a state only has one outgoing transition. 227

*3) Composite Function Block:* CFB contains a network of 228 interconnected function block instances. Fig. 3 combines two 229 basic blocks into a CFB. 230

*Function block instances:* An instance is to a function block 231 what an object is to a class in Java or C++: the former is a named 232 *instance* of the latter *type*. An instance  $fb = \langle name, FBT \rangle$ 233 is called *name* and has the type FBT (which can be a basic 234 or composite block). The composite block in Fig. 3 contains 235 two function block instances: *BeltModel* of type Conveyor\_ 236 Belt\_Model, and *PhotoeyeModel* of type Conveyor\_ 237 Photoeyes\_Model. Instances allow easy reuse of function 238 blocks. The interface of an instance is used to connect it 239 into a network. The notation (name). (event/variable name) 240 refers to the inputs or outputs (events/variables) of an instance 241 fb. For example, the output variable *PEDetects* of instance 242 PhotoeyeModel is written as *PhotoeyeModel.PEDetects*. The 243 instances of a composite block network are contained in a 244 totally ordered set FBs. 245

*Event connections:* A CFB network contains the following 246 types of event connections (the short-hand  $s \mapsto d$  represents an 247 event connection from s to d). 248

- Input to input connections C<sub>E121</sub>: Inputs of the CFB's 249 interface may connect to inputs of instances in the net- 250 work. For example, *Tick* → BeltModel.*TICK*, as per 251 Fig. 3.
- 2) Output to input connections  $C_{EO2I}$ : Output events of one 253 instance may be read as inputs by another. For example, 254 BeltModel. $CNF \mapsto$  PhotoEyeModel.Tick A feedback 255 connection connects the output of an instance appearing 256 later in FBs (an ordered set) to the input of an earlier 257 instance in FBs. For example, PhotoEyeModel. $Cnf \mapsto$  258 BeltModel.Tick 259
- 3) Output to output connections C<sub>EO2O</sub>: Output events of 260 instances in the network may connect to output events of 261 the CFB's interface. For example, PhotoEyeModel.Cnf 262 → TickO.

*Variable connections*: Composite blocks have three types of 264 variable connections, as illustrated in Fig. 3. 265

- 1) Input to input connections  $C_{VI2I}$  connect input variables 266 of the interface to the input variables of the FB instances 267 in the network, e.g.,  $Accel \mapsto \texttt{BeltModel}.Accel$ . 268
- Output to input connections C<sub>VO2I</sub> connect the output 269 variable of one FB instance to the input of another, e.g., 270 BeltModel.EncCount → PhotoEyeModel.EncCount. 271



F3:1 Fig. 3. Network of blocks within the conveyor model CFB.

3) Output to output connections  $C_{VO2O}$  connect an output variable of an instance to an output of the interface, such as PhotoEyeModel.*PEDetects*  $\mapsto$  PEDetects.

IEC 61499 restricts variable connections such that only a single source can be connected to a destination variable in a CFB.
Moreover, only variables of the same type can be connected
together. This paper omits this aspect for the sake of readability
but without sacrificing expressiveness.

Definition 3 (CFB): A CFB is a tuple  $\langle \mathcal{I}, \text{FBNetwork} \rangle$ 280with interface  $\mathcal{I} = \langle E_I, V_I, \alpha_I, E_O, V_O, \alpha_O \rangle$ , and a net-281 work FBNetwork =  $\langle FBs, C_{events}, C_{var} \rangle$ , where  $FBs = \{fb_1, d_{var}\}$ 282 283  $fb_2, \dots fb_n$  is a finite and totally ordered set of function block instances of size n. Each  $fb_i$   $(i \in [1, n])$  is 284 a FB instance  $\langle name_i, FBT_i \rangle$ , with name  $name_i$  and a 285 function block (type)  $FBT_i$  with the interface  $\mathcal{I}_i = \langle E_{I_i},$ 286  $V_{Ii}, \alpha_{Ii}, E_{Oi}, V_{Oi}, \alpha_{Oi}$ . The event connections set  $C_{\text{events}} =$ 287  $C_{EI2I} \cup C_{EO2I} \cup C_{EO2O}$  (as per Section III-A3). The set 288 of variable connections  $C_{\text{var}} = C_{VI2I} \cup C_{VO2I} \cup C_{VO2O}$  (as 289 per Section III-A3). For any two variable connections 290 291  $(src_1, dest_1), (src_2, dest_2) \in C_{var}, dest_1 \neq dest_2.$ 

#### 292 B. Synchronous Semantics for IEC 61499

The proposed synchronous semantics for IEC 61499 is sim-293 ilar to the semantics of PRET-C [21], and guarantees the 294 absence of causality cycles due to a static ordering of execu-295 tion. Execution of blocks is divided into logical time instants 296 297 called ticks or macro-steps. During each tick, a predefined and ordered sequence of micro-steps is followed. This semantics 298 differs from the synchronous semantics proposed in [7], where 299 the order of execution of blocks may change between different 300 ticks, and blocks can only read inputs generated in the previ-301 ous tick. The proposed semantics does not require this delayed 302 propagation of events used in [7]. 303

1) Execution Semantics of BFBs: Each BFB initializes in its start state  $s_0$ . Each tick, its execution follows four steps. In step 1, the block samples input events  $(E_I)$  from the environment, and updates input variables (in  $V_I$ ) when associated input



Fig. 4. Execution semantics for composite blocks.

events are present. In step 2, the outgoing transitions of the 308 current state s are evaluated in order and the first enabled tran-309 sition is taken. A transition is enabled when the related event is 310 present and the Boolean condition evaluates to true. For exam-311 ple, if the ECC shown in Fig. 2 is in state START, and input 312  $\xrightarrow{\text{Init,true}} \texttt{INIT}$ event Init is present, the lone transition START 313 fires. If no outgoing transition is enabled, the current tick ter-314 minates. In step 3, after a transition to a destination state s'315 has fired, the actions  $\lambda(s')$  are executed. For example, if state 316 INIT is entered, the block executes algorithm *INIT* and emits 317 the event *InitO*. Finally, in step 4, output variable values are 318 updated if associated output events were emitted in step 3. 319 Thanks to the explicit ordering of ECC transitions, basic blocks 320 execute deterministically, as in step 2, only the highest priority 321 transition that is enabled fires. 322

2) Execution Semantics of Composite Blocks: A CFB is ini-323 tialized with all instances in its network in their initial states. 324 Each tick, the following sequence is executed. Fig. 4 illustrates 325 this sequence for the CFB shown in Fig. 3. In step A, interface 326 input events are sampled, and associated input variable values 327 are updated. In step B, all FB instances in the network execute 328 as per their order in the set FBs. For example, BeltModel exe-329 cutes before PhotoeyeModel. The execution of each instance 330 involves two substeps. In step B1, input events are sampled and 331

F4:1



F5:1 Fig. 5. HCECC examples. (a) Parallel HCECC. (b) Refined HCECC.

associated input variables are updated. For example, the input 332 event BeltModel.TICK is present if any of the source events 333 334 Tick of the block's interface or PhotoeyeModel.Cnf is present. For feedback connections, such as PhotoeyeModel. $Cnf \mapsto$ 335 336 BeltModel.*TICK*, the presence or absence of the source event in the previous tick is considered. Then, in step B2, each FB 337 instance is executed, based on its semantics (basic or compos-338 ite). Fig. 4 shows how both steps B1 and B2 are repeated for the 339 340 two instances in the CFB of Fig. 3. Finally, in step C, outputs of the CFB interface are updated. An output event is set to present 341 if a source event connected to it is present during the current 342 tick. All output variables associated with emitted output events 343 are also updated. 344

We can recursively substitute composite block instances with their networks to translate a CFB network into a network of basic block instances. Under the proposed semantics, CFBs can be mapped to PRET-C programs with well-formed semantics [21]. It can then be shown that CFB execution is deterministic and reactive under the proposed semantics.

351

## IV. HCECCs

HCECCs introduce parallel and refined block types to allowstatecharts-like concurrency and hierarchy in basic blocks.

354 A. Syntax

Parallel HCECCs allow concurrency within a single block.
Fig. 5(a) shows a parallel HCECC, which has an interface
and local declarations. However, unlike a basic block, the
HCECC contains two ECCs that share the interface and local
declarations.

360 Definition 4 (parallel HCECC): A parallel HCECC HCECC<sub>||</sub> 361 is a tuple  $\langle \mathcal{I}, L, \text{ECCs} \rangle$ , with interface  $\mathcal{I}$ , local declarations L, 362 and a finite ordered set ECCs = {ECC<sub>1</sub>,..., ECC<sub>n</sub>} of ECCs.

Refined HCECCs allow nesting of parallel ECCs within ECC states. Fig. 5(b) shows a refined HCECC containing an ECC with two states: START and RefinedState. The state 365 RefinedState is refined and contains two concurrent ECCs: 366 Para1 and Para2. The top-level ECC is the refined ECC, 367 RefinedState is the refined state, and Para1 and Para2 are 368 the refining behaviors. All refined and refining ECCs share the 369 interface and local declarations of the block. 370

Definition 5 (refined HCECC): A refined HCECC HCECC<sub>></sub> 371is a tuple  $\langle \mathcal{I}, L, \text{ECC}, \text{ECCs}, \triangleright \rangle$  containing an interface  $\mathcal{I}$ , local 372declarations L, a top-level refined ECC ECC, and a set ECCs 373of refining ECCs. The state-refinement function  $\triangleright : S \rightarrow 2^{\text{ECCs}}$  374(S is the set of states in ECC) maps states in ECC to an ordered 375subset of refining ECCs in ECCs.376

For the refined HCECC shown in Fig. 5(b), ECCs = 377 {Para1, Para2}, and  $\triangleright$ (START) =  $\emptyset$  (nonrefined state) and 378  $\triangleright$ (RefinedState) = {Para1, Para2}. Def. 5 defines refined 379 HCECCs with a single level of refinement, but HCECCs can 380 have nested refinement, as discussed in the next section. 381

#### B. Synchronous Semantics for HCECCs

1) Execution Semantics of Parallel HCECCs: A parallel 383 HCECC executes using the following sequence every tick. In 384 step A, the block samples input events and updates input vari-385 ables. In step B, ECCs contained in ECCs execute in order. 386 For example, the HCECC in Fig. 5(a) executes ECC1 and then 387 ECC2. Finally, in step C, an output event is emitted once if it is 388 emitted by any ECC. Associated output variables are updated to 389 the latest values assigned to them in the current tick following 390 the order of execution of ECCs in B. 391

Variable updates propagate from the first ECC to the last 392 ECC every tick. For example, for the HCECC in Fig. 5(a), if 393 ECC1 updates any internal variables, ECC2 uses the updated 394 values while executing in the same tick. ECC1 can read updates 395 by ECC2 only in the next tick. The fixed order of execution 396 ensures deterministic execution without causality issues. This 397 semantics where a block is invoked only once relative to an 398 event occurrence is fully compliant to ver. 2 of the IEC 61499 399 standard [1]. In ver. 1, a block can be invoked multiple times rel- 400 ative to an event occurrence, leading to ambiguities in execution 401 semantics. Stability research can address such issues to ensure 402 deterministic execution [22], [23]. However, stability research 403 is not required for the proposed semantics. 404

2) Execution Semantics of Refined HCECCs: Every tick, 405 a refined HCECC executes as follows. If the current state 406 is not a refined state (case 1), the HCECC executes like a 407 BFB (see Section III-B1). For example, the HCECC shown in 408 Fig. 5(b) executes like a BFB when it is in state Start. If, during the current tick, a transition to a refined state is taken, the 410 actions of the refined state, and the initial states of all refin-11 ing behaviors are executed in order. For example, if a transition 412 from state Start to the refined state RefinedState is taken, 413 the block emits the output X (action of RefinedState), fol-414 lowed by executing the actions of the initial states S1 and T1 of 415 the refining ECCs. 416

If the HCECC is in a refined state (case 2), it first samples 417 the interface inputs and updates variables (step A). Then, in 418 step B, the outgoing transitions of the refined state are evaluated. For example, if the HCECC from Fig. 5(b) is in state 420



F6:1 Fig. 6. Overview of HCECC translation.



F7:1 Fig. 7. Parallel ECCs flattened to a function block network.

421 RefinedState and the outgoing transition to state Start is 422 enabled, execution is identical to case 1 above. In step C, if no 423 transition fires in step B, the HCECC executes like a parallel 424 HCECC (see Section IV-B1)—ECCs refining the current state 425 execute in order. Finally, in step D, interface output events are 426 emitted (if emitted by any of the ECCs), and output variable 427 values are updated.

Refined HCECCs execute deterministically because in every
tick, they follow the deterministic execution semantics of basic
blocks (case 1) or parallel HCECCs (case 2).

### 431 V. TRANSLATING HCECCS TO IEC 61499

As refined HCECCs execute like parallel HCECCs, and the
semantics of parallel HCECCs are based on composite blocks,
it is possible to create a sound translation from HCECCs to
equivalent IEC 61499 function blocks as shown in Fig. 6.
Detailed proofs can be found at http://tinyurl.com/hcecc2015.

#### 437 A. Parallel HCECC to CFB Conversion

Algorithm 1 converts a parallel HCECC into a CFB by
first creating multiple FB instances, and then connecting them.
These steps are illustrated by transforming the parallel HCECC
in Fig. 5(a) to the CFB network in Fig. 7.

442 Creating FB instances: Algorithm 1 transforms each ECC
443 in the parallel HCECC into an instance of a newly created BFB
444 (lines 1–22). The newly created instances are ordered in the
445 same manner as the ECCs in the parallel HCECC (lines 8–21)
446 and are contained in the set FBs.

447 The newly created instances have the same interface  $\mathcal{I}'$ 448 (line 6) which has the same input and output events as the 449 HCECC interface, and additional input and output events *PARI* 450 and *PARO* (line 3). These additional events propagate updated 451 variable values within the network (described in the next para-452 graph).  $\mathcal{I}'$  has input variables corresponding to all input, output,

Algorithm 1. Algorithm Par2CFB **Input:** Parallel HCECC  $\langle \mathcal{I}, L, ECCs \rangle$ Output: CFB CFB 1 //Create FB instances: 2 Ordered set FBs =  $\emptyset$ :  $3 E_I' = E_I \cup \{PARI\}; E_O' = E_O \cup \{PARO\};$  $4 V_I' = V_I \cup V_L \cup V_O; V_O' = V_L \cup V_O;$  $5 \alpha_I' = \alpha_I \cup \{(PARI, v_I) | v_I \in V_L \cup V_O\};\$  $\alpha_{O}' = \alpha_{O} \cup \{(PARO, v_{O}) | v_{O} \in V_{O}\};$  $6 \mathcal{I}' = \langle E_I', V_I', \alpha_I', E_O', V_O', \alpha_O' \rangle;$ 7  $L' = \langle \emptyset, A_L \cup \{UpdateOutputs\} \rangle;$ 8 for each  $ECC = \langle S, s_0, \lambda, T \rangle \in ECCs$  do 9  $S' = S; s'_0 = s_0;$  Initialize  $\lambda', T';$ 10 for each  $s \in S$  do 11  $\lambda'(s) = \lambda(s) \oplus \{UpdateOutputs, PARO\};$ T'(s) = T(s);12 **if** there is no transition  $s \xrightarrow{1} s_1$  **then** 13 Loop state  $s_l$ ;  $S' = S' \cup \{s_l\}$ ; 14  $\lambda'(s_l) = \{UpdateOutputs, PARO\};$ 15  $T'(s) = T'(s) \oplus \{s \xrightarrow{1} s_l\};$ 16  $T'(s_l) = \{ s_l \xrightarrow{e,b} s_1 | s \xrightarrow{e,b} s_1 \};$ 17 18 end 19 end  $ECC' = \langle S', s'_0, \lambda', T' \rangle; BFB' = \langle \mathcal{I}', L', ECC' \rangle;$ 20 $fb = \langle name_i, BFB' \rangle; FBs = FBs \oplus \{fb\};$ 21 22 end 23 //Create connections; 24  $n = |\mathsf{FBs}|; C_{events} = \emptyset; C_{var} = \emptyset;$ 25 for each  $i \in [1, n]$  do 26 Select the *i*-th FB instance  $fb_i \in FBs$ ;  $C_{events} = C_{events} \cup \{ (e_I \mapsto \mathtt{fb}_i.e_I) | e_I \in E_I \};$ 27 28  $C_{events} = C_{events} \cup \{ (\mathtt{fb}_{i} \cdot e_O \mapsto e_O) | e_O \in E_O \};$ 29 if i = 1:  $C_{var} = C_{var} \cup \{(v_I \mapsto \mathbf{fb}_i \cdot v_I) | v_I \in V_I\};$ if i = n:  $C_{var} = C_{var} \cup \{(\mathtt{fb}_i . v_O \mapsto v_O) | v_O \in V_O\};$ 30 if i < n then  $fb_j = fb_{i+1}$  else  $fb_j = fb_1$ ; 31  $C_{events} = C_{events} \cup \{ (\texttt{fb}_i.PARO \mapsto \texttt{fb}_j.PARI) \};$ 32  $C_{var} = C_{var} \cup \{ (\mathtt{fb}_i.v_L \mapsto \mathtt{fb}_j.v_L | v_L \in V_L \};$ 33 34  $C_{var} = C_{var} \cup \{ (\mathtt{fb}_i . v_O \mapsto \mathtt{fb}_j . v_O | v_O \in V_O \};$ 35 end 36 //Create CFB; 37 FBNetwork =  $\langle FBs, C_{events}, C_{var} \rangle$ ; 38 CFB =  $\langle \mathcal{I}, \text{FBNetwork} \rangle$ ; 39 return CFB;

and local variables of the parallel HCECC, and its output variables correspond to all local and output variables of the parallel HCECC (line 4).  $\mathcal{I}'$  retains the input and output associations of the original HCECC. In addition, *PARI* and *PARO* are associated with each input and output variable of  $\mathcal{I}'$ , respectively. 457 The local declarations L' for each instance contains no internal variables and has local versions of all algorithms of the parallel HCECC (line 7). A new algorithm UpdateOutputs is used to ensure that each basic block instance propagates output data forward in every tick. 462

Events *PARI* and *PARO* replicate the communication 463 between the ECCs of the parallel HCECC (using internal 464



F8:1 Fig. 8. Parallel ECCs equivalent to refinement in Fig. 5(b)

variables) in the (to be created) CFB network by explicit prop-465 agation of data between the corresponding instances. Each 466 instance emits PARO every tick, forcing an update of all out-467 put variables using algorithm *UpdateOutputs* (line 11). The 468 PARO output of a FB instance is connected to the PARI input 469 of the next FB instance in the network (lines 31-35), allowing 470 a forward propagation of data from each instance. 471

Each ECC in the HCECC is converted into an ECC' of a 472 corresponding BFB instance BFB' (lines 8-22). ECC' initially 473 contains the same states and initial state as ECC (line 9) and 474 each state s from ECC retains all original actions and transi-475 tions in ECC', but also has two new actions-the execution of 476 the algorithm *UpdateOutputs* and the emission of the event 477 478 PARO for forward data propagation.

Lines 13–18 create additional *loop* states in ECC. Loop states 479 are needed to ensure that in any tick, if none of the origi-480 nal transitions inherited by the current state in ECC' are taken, 481 a transition to a loop state will ensure that the instance will 482 still correctly propagate variable values through the network by 483 484 doing actions UpdateOutputs and PARO. Therefore, for every state s that does not have an always-true transition (line 13), 485 a corresponding loop state  $s_l$  in ECC' is introduced (line 14). 486 Also, each state has an additional always-true but lowest prior-487 ity transition to its corresponding loop state (line 16). The loop 488 489 state itself has the same transitions as its corresponding state s(line 17). 490

Creation of connections: The event and variable connections 491 for each FB instance are created as follows (the *i*th FB instance 492 493 in FBs is noted as  $fb_i$ ).

- 494 1) All input/ output events of the CFB interface  $\mathcal{I}$  are con-495 nected to corresponding input and output events of  $fb_i$ (lines 27, 28). 496
- 497 2) If fb<sub>i</sub> is the *first* or *last* FB instance in the CFB network, all input or output variables (respectively) of the HCECC 498 interface  $\mathcal{I}$  are connected to the corresponding input or 499 output variables (respectively) of  $fb_i$  (lines 29, 30). 500
- 3) The PARO output event of  $fb_i$  is connected to the PARI 501 input event of the next instance  $fb_i$  (line 32).  $fb_i$  is 502 the next instance  $fb_{i+1}$  after  $fb_i$  in FBs, or if  $fb_i$  is 503 the last element of FBs, then  $fb_i$  is the first element 504 fb<sub>1</sub> of FBs (line 31). For example, in Fig 7, PARO of 505 ParallelECC1 connects to PARI of ParallelECC2 and 506 PARO of ParallelECC2 connects to PARI of instance 507 ParallelECC1. The output variables of fb<sub>i</sub> correspond-508 ing to the internal and output variables of the parallel 509 HCECC are connected to corresponding input variables 510 511 of  $fb_i$  (line 33).

#### Algorithm 2. Algorithm RemoveRefinement

- **Input:**  $\mathcal{I}, L = \langle V_L, A_L \rangle, \text{ECC} = \langle S, s_0, \lambda, T \rangle, s \in S, \text{ECCs}_s$ **Output:** Pair (ECCs<sub> $\triangleright$ </sub>,  $L_{\triangleright}$ )
- 1 //Modify locals;
- 2 Variable set  $V_L \prime = V_L \cup \{s_{\triangleright} \_ Disabled\} (s_{\triangleright} \_ Disabled \text{ is of }$ type Boolean);
- 3 Algorithm set  $A_L' = A_L \cup \{s_{\triangleright}\_Enable, s_{\triangleright}\_Disable\};$
- 4 //Create new local declarations;
- $5 L_{\triangleright} = \langle V_L \prime, A_L' \rangle;$
- 6 //Create ECCs<sub>▷</sub>;
- 7 Initialize ordered set of ECCs  $ECCs_{\triangleright} = \emptyset$ ;
- 8 //Modify ECC;
- 9 Initialize empty action map  $\lambda_0$ ;
- 10 //Modify states;
- 11 **for** each state  $s \in S$  **do**
- if  $s = s_{\triangleright}$  then 12

13 
$$\lambda_0(s) = \lambda(s) \oplus \{s_{\triangleright}\_Enable\};$$

14 end

15

- else if  $s_{\triangleright}$  has a transition (in T) to s then
- 16  $\lambda_0(s) = \lambda(s) \oplus \{s_{\triangleright} Disable\}$
- 17 end

```
18
        else
19
```

$$\lambda_0(s) = \lambda(s);$$

```
20
      end
21 end
```

```
22 ECC<sub>0</sub> = \langle S, s_0, \lambda_0, T \rangle;
```

- 23  $ECCs_{\triangleright} = ECCs_{\triangleright} \oplus \{ECC_0\};$
- 24 //Modify ECCs in ECCs<sub>s</sub>;
- 25 for each  $ECC_i = \langle S_i, s_{0_i}, \lambda_i, T_i \rangle \in ECCs_s$  do
- Create set of states  $S_{\triangleright i} = S_i \cup \{Disabled\};\$ 26
- Set state  $s_{0_{\triangleright i}} = Disabled;$ 27 28 if  $s_{\triangleright} = s_0$  then 29  $s_{0_{\triangleright i}} = s_{0_i};$ 30

## end

- 31 Initialize action map  $\lambda_{\triangleright i} = \lambda_i$ ;
- 32 Add  $\lambda_{\triangleright i}(Disabled) = \emptyset;$
- Initialize transition function  $T_{\triangleright i} = T_i$ ; 33
- 34 for each  $s \in S_{\triangleright i}$  do 35

$$T_{\triangleright i}(s) = \{s \xrightarrow{1, o_{\nu} \_ D \text{ is abled}} Disabled\} \oplus T_i(s)$$

39 end 40 end

41 Create ECC 
$$ECC_{\triangleright i} = \langle S_{\triangleright i}, s_{0 \triangleright i}, \lambda_{\triangleright i}, T_{\triangleright i} \rangle$$

42 
$$\operatorname{ECCs}_{\triangleright} = \operatorname{ECCs}_{\triangleright} \oplus \{\operatorname{ECC}_{\triangleright i}\};$$

43 end

36

37

38

44 return Pair  $(ECCs_{\triangleright}, L_{\triangleright});$ 

A proof by induction shows that the CFB generated from 512 Algorithm 1 has the same behavior the source parallel HCECC. 513

#### B. Refinement to Parallel Conversion

514

AlgorithmRemoveRefinement (Algorithm 2) translates 515 the refinement of a single state in a refined HCECC into 516 parallel ECCs. For the HCECC in Fig. 5(b), the algorithm 517

| TABLE I               |          |
|-----------------------|----------|
| HCECC AND ECC SIZE CC | MPARISON |

|     |                      | ECCs    |             |        |             | HCECCs |             |        |             |
|-----|----------------------|---------|-------------|--------|-------------|--------|-------------|--------|-------------|
| No. | Benchmark            | # Basic | Connections | States | Transitions | Unique | Connections | States | Transitions |
|     |                      | blocks  |             |        |             | blocks |             |        |             |
| B1  | Watch                | 3       | 21          | 17     | 24          | 1      | 0           | 14     | 20          |
| B2  | Distribution station | 2       | 18          | 10     | 12          | 1      | 0           | 10     | 12          |
| B3  | Drill station        | 2       | 10          | 9      | 10          | 1      | 0           | 9      | 9           |
| B4  | Water monitor        | 4       | 31          | 16     | 38          | 3      | 28          | 16     | 38          |
| B5  | Cruise controller    | 5       | 32          | 15     | 42          | 1      | 0           | 11     | 38          |
| B6  | MP3player            | 4       | 22          | 14     | 24          | 1      | 0           | 10     | 15          |

produces the parallel ECCs shown in Fig. 8. The algorithm executes as follows. Lines 1–5 of Algorithm 2 modify the local declarations, adding a new internal variable ( $s_{\triangleright}$ \_Disabled) and two new algorithms (lines 2–3). The new algorithms ( $s_{\triangleright}$ \_Enable,  $s_{\triangleright}$ \_Disable) clear and set the  $s_{\triangleright}$ \_Disabled variable respectively.

524 The first step in constructing the set  $ECCs_{\triangleright}$  of parallel ECCs involves modifying the main ECC (lines 8-22). An algo-525 526 rithm  $s_{\triangleright}$ \_Enable is added to the actions of  $s_{\triangleright}$  (line 13), so that whenever state  $s_{\triangleright}$  is reached, the variable  $s_{\triangleright}$ \_Disabled 527 is cleared (allowing refining ECCs to execute). Similarly, in 528 every state s to which  $s_{\triangleright}$  has an outgoing transition, an algo-529 rithm  $s_{\triangleright}$  Disable is added to the actions to set the variable 530  $s_{\triangleright}$ \_Disabled and to stop the refining ECCs from executing. 531 532 For example, for the parallel ECCs in Fig. 8, the action map of the first ECC is changed as follows.  $\lambda_0(\texttt{Start})$  takes the value 533  $\{RefinedState_Disable\}, and \lambda_0(RefinedState) takes the$ 534 value {RefinedState Enable, X}, where X was part of the 535 original refined HCECC. The modified main ECC is inserted as 536 537 the first element into the set  $ECCs_{\triangleright}$ . It, therefore, executes first, 538 and may enable or disable other ECCs.

Lines 24–43 modify each refining ECC, adding a new state 539 540 Disabled (line 26) to model the disabled behavior when the refined ECC is not in state  $s_{\triangleright}$ . Fig. 8 shows the Disabled state 541 542 for each of the modified refining ECCs (Para1 and Para2). 543 Disabled is set as the initial state of each refining ECC (line 27). However, if the refined state  $s_{\triangleright}$  is the initial state of the 544 refined ECC, refining ECCs' original initial states are retained 545 (line 29). The modified refining ECC states retain their actions 546 547 from the original refining ECC (line 31) and state Disabled has no actions (line 32). 548

549 The transition function for the modified refining ECC retains all original transitions (line 33). New transitions are added 550 to model the enabled/disabled behavior, based on the value 551 of the variable  $s_{\triangleright}$ \_Disabled. All states have a highest pri-552 553 ority transition to Disabled when  $s_{\triangleright}$ \_Disabled is true (line 38). Disabled has a single outgoing transition to the orig-554 inal initial state of the refining ECC (line 36). For exam-555 ple, each state in ECC Para1 in Fig. 8 has a transition 556 557 to Disabled when RefinedState\_Disabled is true, and 558 Disabled has a transition to the original initial state S1 when RefinedState\_Disabled is false. Finally, line 41 constructs 559 the modified refining ECC and adds it to  $ECCs_{\triangleright}$  on line 42. 560 561 After all refining ECCs have been processed in this way, line 562 44 returns  $ECCs_{\triangleright}$  and modified local declarations  $L_{\triangleright}$ .

A refined HCECC containing multiple (*m*) refined states is transformed into a parallel HCECC by applying Algorithm 2

TABLE II Development Time (Time in Minutes)

|     | Developer A |        | Dev  | eloper B | Developer C |        |  |
|-----|-------------|--------|------|----------|-------------|--------|--|
| No. | ECCs        | HCECCs | ECCs | HCECCs   | ECCs        | HCECCs |  |
| B1  | 8           | 4      | 11   | 7        | 53          | 40     |  |
| B2  | 5           | 3      | 14   | 10       | 50          | 34     |  |
| B3  | 4           | 2      | 9    | 4        | 30          | 18     |  |
| B4  | 11          | 10     | 23   | 20       | 70          | 45     |  |
| B5  | 12          | 6      | 19   | 10       | 43          | 25     |  |
| B6  | 8           | 3      | 20   | 9        | 35          | 16     |  |

m times (once for each refined state). HCECCs with nested 565 refinement are processed in a depth-first fashion starting from 566 the inner-most HCECC, until the block is reduced to a refined 567 HCECC with only single-level refinement. A proof of sound-568 ness of the proposed transformations can be done by induc-569 tion, showing equivalence between the execution of a refined 570 HCECC, the corresponding parallel HCECC, and the corre-571 sponding IEC 61499 program, under the proposed synchronous 572 semantics. 573

A qualitative and quantitative evaluation of HCECCs was 575 done using the Auckland Function Block Benchmark [24], 576 which contains designs varying in size and complexity of algorithms. Each benchmark was reimplemented using HCECCs, 578 and subsequently compared to the original model. All benchmarks are available at http://tinyurl.com/hcecc2015. 580

Table I compares the sizes of the standard and HCECC ver-581 sions of each benchmark. Columns 2–5, respectively, show the 582 numbers of basic blocks, connections, states and transitions 583 in the standard version. Columns 5-8, respectively, show the 584 numbers of blocks, connections, states, and transitions in the 585 HCECC version. For each benchmark, the size of the HCECC 586 version was either smaller than or the same as the standard 587 version. Most compression was achieved when refinement was 588 used because enforcing refinement-like hierarchy in standard 589 function blocks requires many more transitions and states. 590

Table II shows the times taken by three developers to develop 591 the benchmarks shown in Table I. Developer A was an expert 592 in HCECC design, developer B had some experience with 593 statecharts and a working knowledge of IEC 61499, and devel-594 oper C was completely new to both HCECCs and IEC 61499. 595 Overall, all developers took significantly lesser amount of time 596 to develop HCECCs. While these results are promising, a wider 597 usability study is beyond the scope of this paper. 598

T1:1 T1:2

> T2:1 T2:2



F9:1 Fig. 9. Multilevel refinement example.



F10:1 Fig. 10. Benchmark code size comparison.

599 HCECCs can model complex behaviors that cannot be easily created in standard function blocks. Fig. 9 shows the HCECC 600 for a conveyor controller (algorithms omitted for readability). 601 This model may react to up to three different events in a sin-602 gle tick. Modeling such behaviors using standard (flat) ECCs 603 604 results in exponentially more states and transitions, requires extra effort in creating multiple blocks and connecting them, 605 and takes longer to design and maintain. 606

We extended the function block compiler (FBC) [7] to cre-607 ate FBC-HCECC, a compiler to compile HCECCs into C code 608 609 using the proposed synchronous semantics. Fig. 10 compares code sizes produced by FORTE v1.7.1, FBRT v20081003, 610 FBC, and FBC-HCECC. For FBRT code, the Java virtual 611 machine (JVM) size was removed for a fair comparison. Code 612 generated by FBC-HCECC was on average 1.18 times smaller 613 than FBC, which in turn produced much smaller code than 614 FORTE and FBRT. In some cases, like benchmark B4, FBC-615 HCECC generated code was 1.70 times smaller than FBC. The 616 reduction in code size comes from HCECCs allowing the same 617 functionality within smaller models, as per Table I. 618

Code for each benchmark from different compilers was run
on a windows PC with an Intel Core i7 920 processor and 18GB
RAM. Java v7 (JDK and JRE) was used to compile and run
FBRT-generated code. 4DIAC and FBDK front-ends were used
to design and run FORTE and FBRT programs, respectively. C
code from FBC and FBC-HCECC was compiled using Visual
Studio's C compiler with the -O2 optimization switch. Each

 TABLE III

 Performance Comparison (Time in Milli-seconds)

|           | FORTE  | FBRT  | FBC ECC | FBC HCECC |
|-----------|--------|-------|---------|-----------|
| <b>B1</b> | 1962.6 | 77.0  | 75.0    | 24.0      |
| B2        | 1532.0 | 120.4 | 68.2    | 30.0      |
| <b>B3</b> | 387.0  | 56.3  | 44.0    | 19.0      |
| B4        | 1928.4 | 214.5 | 83.0    | 33.0      |
| B5        | 877.0  | 130.0 | 64.0    | 27.8      |
| <b>B6</b> | 1251.2 | 144.7 | 123.0   | 96.0      |
|           |        |       |         |           |

program was then executed with a common test-file containing 626 a sequence of one million input vectors. Each vector contained 627 a random event and random values for variables. A compari-628 son of the execution times is shown in Table III. FBC-HCECC 629 programs executed 1.3 to 3.1 times faster than FBC programs, 630 with an average speedup of 2.3 possibly due to smaller model 631 sizes. FBC-HCECC programs ran on average 3.8 and 42.7 632 times faster than FBRT and FORTE programs, which required 633 additional runtimes. 634

Overall, HCECCs enable more compact designs that are 635 faster to develop, smaller in code size, and execute faster 636 than standard IEC 61499 designs. A side-effect of using the 637 proposed semantics is that a fixed ordering of blocks within 638 composite blocks (and also parallel and refined HCECCs) must 639 be defined. The FBC-HCECC compiler uses the ordering as 640 per XML descriptions, which is standard practice. Designers 641 can change this ordering by editing the XML descriptions. 642 HCECCs can increase cohesion and reduce coupling between 643 blocks in some cases, such as exceptional handling scenarios. 644 However, it is possible to misuse this framework and integrate 645 loosely coupled blocks, reducing maintainability. 646

#### VII. CONCLUSION 647

This paper introduces HCECCs, consisting of hierarchical and concurrent operators for IEC 61499 ECCs, inspired 649 by statecharts. Refined HCECCs efficiently model exception 650 handling and other hierarchical behaviors, whereas parallel 651

T3:1

T3:2

663

HCECCs simplify the modeling of concurrent processes and 652 enable the monitoring of simultaneous events in a single block. 653 A synchronous semantics for IEC 61499 and HCECCs is 654 proposed under which HCECCs can be translated to CFBs. 655 656 Benchmarking results show that HCECCs provide reduced model sizes, which helps reduce development time, com-657 piled code size, and execution time. Future directions include 658 using HCECCs under other IEC 61499 semantics, optimiz-659 ing HCECC to network translation, studying how HCECCs 660 661 affect cohesion and coupling as well as code maintainability 662 or reusability, and providing tool-support for HCECCs.

#### REFERENCES

- Q2 664 [1] J. H. Christensen, T. Strasser, A. Valentini, V. Vyatkin, and A. Zoitl, "The IEC 61499 function block standard: Overview of the second edition," ISA 665 666 Autom. Week, vol. 6, 2012.
  - [2] V. Vyatkin, "IEC 61499 as enabler of distributed and intelligent automa-667 668 tion: State-of-the-art review," IEEE Trans. Ind. Informat., vol. 7, no. 4, 669 pp. 768-781, Nov. 2011.
  - [3] IEC, Committee Draft for Vote: IEC 61499-1: Function Block-Part 1 670 671 Architecture. Geneva, Switzerland: IEC, 2004.
  - 672 A. Zoitl and H. Prahofer, "Guidelines and patterns for building hierar-673 chical automation solutions in the IEC 61499 modeling language," IEEE 674 Trans. Ind. Informat., vol. 9, no. 4, pp. 2387-2396, Nov. 2013.
  - 675 D. Harel, "Statecharts: A visual formalism for complex systems," Sci. [5] 676 Comput. Programm., vol. 8, no. 3, pp. 231-274, Jun. 1987.
  - J. Kim, I. Kang, J.-Y. Choi, and I. Lee, "Timed and resource-oriented 677 678 statecharts for embedded software," IEEE Trans. Ind. Informat., vol. 6, 679 no. 4, pp. 568-578, Nov. 2010.
  - [7] L. H. Yoong, P. Roop, V. Vyatkin, and Z. Salcic, "A synchronous 680 681 approach for IEC 61499 function block implementation," IEEE Trans. 682 Comput., vol. 58, no. 12, pp. 1599-1614, Dec. 2009.
  - 683 M. Di Natale, Q. Zhu, A. Sangiovanni-Vincentelli, and S. Tripakis, [8] 684 "Optimized implementation of synchronous models on industrial LTTA 685 systems," J. Syst. Archit., vol. 60, no. 4, pp. 315-328, 2014.
  - 686 [9] M. Bonfè, C. Fantuzzi, and C. Secchi, "Design patterns for model-based 687 automation software design and implementation," Control Eng. Pract., 688 vol. 21, no. 11, pp. 1608-1619, 2013.
  - 689 [10] J.-P. Talpin et al., "Formal verification of synchronous data-flow program 690 transformations toward certified compilers," Front. Comput. Sci., vol. 7, 691 no. 5, pp. 598-616, 2013.
  - R. Nakamura, F. Arakawa, and M. Edahiro, "Simple one-to-one architec-692 [11] 693 ture for parallel execution of embedded control systems," in Proc. IEEE 694 Int. Conf. Cyber-Phys. Syst. Netw. Appl. (CPSNA), 2014, pp. 25-30.
  - P. Gaj, J. Jasperneite, and M. Felser, "Computer communication 695 [12] 696 within industrial distributed environment-A survey," IEEE Trans. Ind. 697 Informat., vol. 9, no. 1, pp. 182-189, Feb. 2013.
  - 698 [13] A. Girault, B. Lee, and E. A. Lee, "Hierarchical finite state machines with 699 multiple concurrency models," IEEE Trans. Comput.-Aided Des. Integr. 700 Circuits Syst., vol. 18, no. 6, pp. 742-760, Jun. 1999.
  - [14] D. Latella, I. Majzik, and M. Massink, "Towards a formal operational semantics of UML statechart diagrams," in *Formal Methods for Open* 701 702Object-Based Distributed Systems. New York, NY, USA: Springer, 1999, 703 pp. 331-347. 704
  - 705 A. Barji, N. Hagge, and B. Wagner, "Comparative study of using CNet, [15] 706 IEC 61499, and statecharts for behavioral models of real-time con-707 trol applications," in Proc. IEEE Conf. Emerg. Technol. Fact. Autom. (ETFA'06), 2006, pp. 750-757. 708
  - [16] D. Tikhonov, D. Schutz, S. Ulewicz, and B. Vogel-Heuser, "Towards 709 710 industrial application of model-driven platform-independent PLC pro-711 gramming using UML," in Proc. 40th Annu. IEEE Conf. Ind. Electron. 712 Soc. (IECON'14), 2014, pp. 2638-2644.
  - 713 [17] K. Thramboulidis, "Model-integrated mechatronics-toward a new 714 paradigm in the development of manufacturing systems," IEEE Trans. 715 Ind. Informat., vol. 1, no. 1, pp. 54-61, Jan. 2005.
  - 716 G. D. Shaw, P. S. Roop, and Z. Salcic, "A hierarchical and concurrent [18] 717 approach for IEC 61499 function blocks," in Proc. IEEE Conf. Emerg. 718 Technol. Fact. Autom. (ETFA'09), 2009, pp. 1-8.

- [19] V. Dubinin, V. Vyatkin, and T. Pfeiffer, "Engineering of validatable 719 automation systems based on an extension of UML combined with func-720 tion blocks of IEC 61499," in Proc. IEEE Int. Conf. Robot. Autom. 721 (ICRA'05), 2005, pp. 3996-4001. 722
- [20] V. N. Dubinin and V. Vyatkin, "Semantics-robust design patterns for IEC 723 61499," IEEE Trans. Ind. Informat., vol. 8, no. 2, pp. 279-290, May 724 725 2012.
- [21] S. Andalam, P. S. Roop, A. Girault, and C. Traulsen, "A predictable 726 727 framework for safety-critical embedded systems," IEEE Trans. Comput., vol. 63, no. 7, pp. 1600-1612, Jul. 2014. 728
- [22] F. Schumacher and A. Fay, "Formal representation of GRAFCET to auto-729 730 matically generate control code," Control Eng. Pract., vol. 33, pp. 84-93, 2014. 731
- [23] M. Sogbohossou and A. Vianou, "Formal modeling of grafcets with time petri nets," IEEE Trans. Control Syst. Technol., vol. 23, no. 5, pp. 1978-1985, Sep. 2015.
- [24] L. H. Yoong, P. S. Roop, and Z. Salcic, "Implementing constrained cyberphysical systems with IEC 61499," ACM Trans. Embedded Comput. Syst. 736 (TECS), vol. 11, no. 4, pp. 78:1-78:22, 2012. 737

Roopak Sinha (S'03-M'13) received the B.E. (Hons), M.C.E., and Ph.D. 738Q3 739 degrees.

740Q4 He has worked with INRIA, Grenoble, France, and the University of Auckland, Auckland, New Zealand. Currently, he is a Senior Lecturer with 741 the School of Computer and Mathematical Sciences, Auckland University of 742 Technology, Auckland. His research interests include next-generation formal 743 744 frameworks for designing large-scale embedded software with application in industrial automation systems, Internet-of-Things, and intelligent transporta-745 746 tion systems.

Partha S. Roop (M'94) received the Ph.D. degree in computer science (soft-747 748 ware engineering) from the University of New South Wales, Sydney, NSW, 749 Australia, in 2001.

He is currently an Associate Professor and is the Director of the Computer 750 Systems Engineering Program, Department of Electrical and Computer 751 752 Engineering, University of Auckland, Auckland, New Zealand. His research interests include the design and verification of embedded systems and exe-753 754 cutable biology. In particular, he is developing techniques for the design of embedded applications in automotive, robotics, intelligent transportation, and 755 medical devices that meet functional safety standards. 756

Gareth Shaw received the B.E. and the Ph.D. degrees in electrical and elec-757 tronic engineering from the University of Auckland, Auckland, New Zealand, 758 759 in 2007 and 2013, respectively.

He is a Mobile Development Team Lead with Fiserv New Zealand, 760 Auckland. His research interests include design languages and their com-761 pilation, distributed systems, code generation, and complex digital system 762 design. 763

Zoran Salcic (S'75-M'76-SM'98) received the B.E., M.E., and Ph.D. degrees 764 in electrical and computer engineering from Sarajevo University, Sarajevo, 765 Bosnia and Herzegovina, in 1972, 1974, and 1976, respectively. 766

He is a Professor of Computer Systems Engineering with the University of 767 768 Auckland, Auckland, New Zealand. He has authored over 300 peer-reviewed journal and conference papers, and several books. His research interests include 769 complex digital systems, custom-computing machines, embedded systems and 770 their implementation, design automation tools, hardware-software co-design, 771 772 models of computation and languages for concurrent and distributed systems, and cyber-physical systems. 773

Prof. Salcic is a Fellow of the Royal Society New Zealand. He was the recipient of the Alexander von Humboldt Research Award in 2010.

Matthew M. Y. Kuo received the B.E. (Hons) degree in electrical and computer 776 systems engineering from the University of Auckland, Auckland, New Zealand. 777 778Q5 He is currently pursuing the Ph.D. degree.

He is currently involved in an industrial project focused on the Internet of 779 780 Things with UniServices, Auckland. His research interests include synchronous programming, static timing analysis, and precision timed industrial automation 781 782 systems.

732 733

734

735

774

# QUERIES

- Q1: Please provide postal code for affiliations.
- Q2: Please provide page range for Ref. [1].
- Q3: Please provide the field of study, institutional details, location, and year of all the degrees of the author Roopak Sinha.
- Q4: Please spell out the term "INRIA".
- Q5: Please provide the institutional details of the Ph.D. degree of the author Matthew M. Y. Kuo.

2

22

Q1

# Hierarchical and Concurrent ECCs for IEC 61499 Function Blocks

Roopak Sinha, *Member, IEEE*, Partha S. Roop, *Member, IEEE*, Gareth Shaw, Zoran Salcic, *Senior Member, IEEE*, and Matthew M. Y. Kuo

5 Abstract—IEC 61499 enables component-oriented descriptions of complex industrial processes facilitating model-driven engineer-6 ing. One aspect that is lacking, however, is the ability to directly 7 8 express Statecharts-like hierarchy and concurrency within basic function blocks (BFBs). Such features can significantly enhance 9 10 function blocks and help create more succinct and readable 11 specifications. We propose a new syntactic extension to the stan-12 dard called hierarchical and concurrent execution control chart (HCECC). A major roadblock for any suggested changes to the 13 standard is the need for compliance. Our approach extends the 14 synchronous execution semantics of IEC 61499, where HCECCs 15 are purely syntactic sugar. Using a revised synchronous semantics, 16 17 our compiler generates standard compliant C code from HCECCs. Benchmarking and usability studies reveal the relative superiority 18 19 of the proposed approach over existing approaches.

20 *Index Terms*—Execution semantics, hierarchical state 21 machines, IEEE 61499, parallel execution, statecharts.

#### I. INTRODUCTION

23 ► HE INCREASING size and complexity of industrial con-24 trol systems have motivated the development of new design paradigms to aid system designers. The IEC 61499 25 standard [1], [2] proposes component-oriented models called 26 function blocks for developing distributed control systems. A 27 function block describes both control and data flow within a 28 29 single module. By providing a graphical specification frame-30 work, the standard simplifies system design with a top-down approach and encourages the reuse of function blocks. 31

The unit of execution in IEC 61499 is a basic function block (BFB), which executes a finite state machine (FSM) known as an execution control chart (ECC) that describes the control flow of the block. ECCs are flat Moore-machines that allow modeling of only sequential behaviors. Therefore, a basic block cannot model concurrent behaviors. In addition, ECCs do not allow users to separate high-level behavior such as initialization

Manuscript received March 21, 2014; revised August 15, 2015; accepted October 14, 2015. Paper no. TII-15-0754.R1.

R. Sinha is with the School of Computer and Mathematical Sciences, Auckland University of Technology, Auckland, New Zealand (e-mail: roopak. sinha@aut.ac.nz).

P. S. Roop, Z. Salcic, and M. M. Y. Kuo are with the Department of Electrical and Computer Engineering, University of Auckland, Auckland, New Zealand (e-mail: p.roop@auckland.ac.nz; z.salcic@auckland.ac.nz; mkuo005@ aucklanduni.ac.nz).

G. Shaw is with Fiserv New Zealand, Auckland, New Zealand (e-mail: gareth@garethnz.com).

Color versions of one or more of the figures in this paper are available online at http://ieeexplore.ieee.org.

Digital Object Identifier 10.1109/TII.2015.2496262

and error handling of a block. As a result, more states and tran-39sitions are required to describe the same behavior compared to40other graphical formalisms.41

The standard also provides CFBs that are networks of 42 interconnected function block instances. Networks model con-43 currency and structural hierarchy that basic blocks cannot 44 handle efficiently. However, networks can easily get very com-45 plex, making them difficult to design, understand, and main-46 tain. Moreover, in networks containing many function block 47 instances, a significant amount of execution time is required 48 for the flow of events and data between instances. Not only do 49 such complex networks require a long time to design manually, 50 network behavior becomes nonobvious and there is a higher 51 chance of software bugs. 52

This issue has been noted in Annex E.1 of the IEC 53 61499 draft standard [3] as well as recent scholarly work 54 [2], [4]. These works highlight the urgent need to intro-55 duce statecharts-like [5] hierarchy and parallelism within basic 56 blocks. Statecharts are extensions of FSMs that allow a single 57 FSM to contain concurrent or parallel as well hierarchical or 58 refined behaviors. Statecharts have found popular use in the 59 design of distributed control software [6]. Unfortunately, stat-60 echarts semantics [4] are incompatible with the IEC 61499 61 standard (e.g., it does not handle data flow modeling, unlike 62 IEC 61499), and currently no extension of BFBs to model 63 Statecharts exists. 64

This paper proposes the first Statecharts-like extensions 65 of IEC 61499 called hierarchical and concurrent ECCs 66 (HCECCs), which allow explicit modeling of hierarchy and 67 concurrency within a BFB using two operators: 1) parallel; and 68 2) refinement. Any nesting of these operators can be resolved 69 to a standard CFB, making HCECCs completely compliant to 70 the standard. A synchronous execution semantics [7], [8] for 71 HCECCs is proposed, which allows a complete deterministic 72 execution of HCECCs as well as standard function blocks. The 73 main contributions of this paper are formalizing IEC 61499 74 function blocks syntax and presenting a simplified synchronous 75 semantics for the execution of function blocks, formulating 76 the HCECC framework by introducing the parallel and refine-77 ment operators, and showing how HCECCs execute using the 78 proposed simplified synchronous semantics, and presenting a 79 sound translation of HCECCs into standard-compliant CFBs. 80

This paper is organized as follows. Section II presents a81review of related works. Section III introduces a formalism for82IEC 61499 and a description of the semantics for basic and83CFBs. HCECCs are introduced in Section IV, and Section V84describes their transformation to standard-compliant composite85

1551-3203 © 2015 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission.

See http://www.ieee.org/publications\_standards/publications/rights/index.html for more information.

86 blocks. Section IV reports experimental results and Section VII
87 provides concluding remarks and future directions.

#### II. LITERATURE REVIEW

Model-driven engineering as expounded by IEC 61499 is 89 90 founded on models of computation. The standard allows modeling control flow using events and state machines within function 91 blocks, and data flow using variables and algorithms. More 92 93 recently, researchers have employed more expressive models 94 such as statecharts [9] and synchronous data flow [10], and 95 communicating sequential processes [11] for modeling control flow in industrial strength systems. Similarly, extending data 96 97 flow modeling in industrial control systems has also been studied extensively [12]. Some formalisms like \*charts (pronounced 98 99 starcharts) [13] have been used to combine control and data flow models. However, for IEC 61499 systems, it is not possible 100 to modify the standard. 101

The existing pool of statecharts-based frameworks serves as 102 the logical starting point to build IEC 61499 compatible models 103 104 to capture concurrency and hierarchy. Statecharts extend FSMs and allow parallelism using state diagrams with broadcast-105 based communication and hierarchy using a nested structure 106 of states. statecharts are used in a wide range of applica-107 tion domains for modeling complex systems, and have been 108 109 extended to generate popular modeling frameworks such as UML statecharts [14]. Unfortunately, statecharts and current 110 variants cannot be used in IEC 61499 because model only 111 control flow and do not capture data flow. 112

The need to introduce statecharts-like extensions within 113 114 basic blocks is well documented [2]-[4]. Comparative stud-115 ies between IEC 61499 and other frameworks like UMLstatecharts [15], [16] help highlight this gap. Unfortunately, 116 existing solutions to introduce statecharts-like extensions in 117 IEC 61499 have limited scope. In [17], component interaction 118 diagrams are proposed to allow modeling UML-statecharts like 119 120 hierarchy within function block applications. However, these diagrams do not allow designers to embed concurrency and 121 hierarchy within a single function block. In [4], ECCs within 122 BFBs are extended based on the Monaco domain-specific 123 language, which models a subset of statecharts. However, 124 125 the authors discard this extension because of an inability to 126 retrieve hierarchy from flattened ECCs, and the associated re-engineering and refactoring costs. On the other hand, the 127 128 proposed framework is not domain specific, and hierarchical and concurrent behaviors can be automatically translated 129 130 to networks of function blocks. In [18] and [19], informal 131 statecharts-based extensions to basic blocks are proposed. In all cases, the issue of complying to the standard is overlooked. 132 133 Many different execution semantics of IEC 61499 have been proposed [1], [2], [20]. As compared to other semantics, 134 the synchronous semantics developed in [7] excels in many 135 136 respects. Synchronous systems execute in logical time instances called ticks. During each tick, a system reads inputs, pro-137 cesses them, and then emits outputs. A tick or macro-step is 138 atomic and instantaneous. Internally though, macro-steps are 139 140 usually sequenced into micro-steps. A micro-step pertains to a reaction of an individual component or the propagation of 141

information within the system. Synchronous systems may suffer from *causality* cycles caused by inter-dependent micro-steps 143 [8]. In [7], causality cycles are avoided by introducing a onetick delay in communications between the blocks in a network, 145 which slows down event propagation in large networks. The semantics proposed in this paper avoids causality cycles and 147 propagation by using a static schedule for executing blocks in a network, following the semantics of PRET-C [21]. 149

HCECCs allow the inclusion of concurrent and hierarchical 150 behaviors within basic blocks, and are a subset of Statecharts 151 without inter-level transitions. The simplified synchronous 152 semantics for IEC 61499 ensure that programs can never have 153 causality cycles. The proposed HCECC syntax and semantics 154 allow translating HCECCs into standard IEC 61499 function 155 block networks, making them fully standard compliant. 156

#### III. FORMALIZATION OF IEC 61499 157

163

173

190

This section presents the syntax and simplified synchronous semantics of IEC 61499. A baggage handling system 159 (BHS) containing many baggage entry and exit points connected via a network of conveyor belts is used as an illustrative 161 example. 162

A. Syntax

The following key concepts and notations are used in this 164 paper. A set  $A = \{a_1, \ldots, a_n\}$  is a totally ordered set *iff* for 165 any two distinct elements  $a_i, a_j \in A, a_i <_A a_j$  if i < j or other-166 wise  $a_j <_A a_i$ .  $<_A$  is the antisymmetric and transitive ordering 167 *relation* for set A. The subscript A of  $<_A$  is omitted when the 168 context is clear. The linear sum  $C = A \oplus B$  of two ordered and 169 disjoint sets A and B is the union of A and B, with A's ele-170 ments ordered as in A and B's elements ordered as in B, and 171  $a <_C b$  for every  $a \in A$  and  $b \in B$ . 172

1) Interface: All function blocks have interfaces.

Definition 1 (Function block interface): A function block 174 interface is a tuple  $\mathcal{I} = \langle E_I, V_I, \alpha_I, E_O, V_O, \alpha_O \rangle$  where  $E_I$ , 175  $V_I, E_O$ , and  $V_O$  are finite sets of input events, input variables, output events and outputs variables, respectively.  $\alpha_I \subseteq$  177  $E_I \times V_I$  and  $\alpha_O \subseteq E_O \times V_O$  are the sets of input and output 178 associations. 179

Fig. 1 shows the interface for Conveyor\_Photoeyes\_ 180 Model, which is used in the BHS to control a conveyor belt. The 181 input events and variables appear on the left side, and outputs 182 appear on the right side. Events are transient and are present in 183 time instants when they are fired and absent otherwise. This is 184 based on the well-known synchronous approach [8]. Variables 185 have persistent values. Variables are sampled or updated every 186 time an associated event is present. For example, in Fig. 1, 187 event Init is associated with the variable ConvLength. Hence, 188 *ConvLength* is sampled whenever Init is present. 189

## 2) Basic Function Block:

Definition 2 (BFB): BFB is a tuple  $\langle \mathcal{I}, L, \text{ECC} \rangle$  with inter- 191 face  $\mathcal{I}$ . The local declarations  $L = \langle V_L, A_L \rangle$  contain an internal 192 variables set  $V_L$  and a set of algorithms  $A_L$ . ECC =  $\langle S, s_0, \lambda, T \rangle$  193 is an ECC with a finite set of states S, initial state  $s_0 \in S$ , an 194 action function  $\lambda : S \to (A_L \cup E_O)^*$  mapping states to a finite 195



F1:1 Fig. 1. Function block interface.





196 sequence of algorithm executions and/or output event emis-197 sions, and the transition function  $T: S \to 2^{(E_I \cup \{1\}) \times \mathcal{B}(\hat{V}) \times S}$ . 198 Here,  $\hat{V}$  refers to the set of all combinations of valid val-199 ues of internal, input and output variables, and  $\mathcal{B}(\hat{V})$  refers 200 to all Boolean expressions over  $\hat{V}$ . The transition function is 201 restricted such that for any  $s \in S$ , T(s) is totally ordered.

202 BFB has an interface, local declarations (internal variables 203 and algorithms), and an ECC. The Conveyor\_Photoeyes\_ Model block has the interface shown in Fig. 1, three internal 204variables BagModel, BagExited, and BagDiverted, and the set 205 of algorithms  $A_L = \{INIT, TICK, CheckDiverters, Bag$ 206 207 *Exited*, *BaqDiverted*, *BaqIn*, *BaqMerge1*}. Algorithms 208 are written using any PLC or standard languages such as C or Java. 209

Fig. 2 shows the ECC of Conveyor\_Photoeyes\_Model. The ECC in Fig. 2 contains eight states with START as the initial state (highlighted with a bold outline). Each state has associated *actions* or a sequence of algorithm executions and output event emissions. For state INIT, the actions  $\lambda(INIT) = INIT.InitO$ correspond to executing the algorithm INIT and emitting the

event *InitO*. For any state s, an outgoing transition  $t \in T(s)$ 216 is described as (e, b, s') (or  $s \xrightarrow{e, b} s'$  in short-hand), where e 217 is either a triggering input event or 1 (no triggering event), 218 b is a Boolean expression evaluated on the values of inter-219 nal, input and output variables, and s' is the destination state. 220 For example, consider the transition START  $\xrightarrow{\text{Init,true}}$  INIT. The 221 triggering event is *Init*, the Boolean condition is *true*, and the 222 destination state is INIT. For any state *s* the set of transitions 223 T(s) is totally ordered. Transition order is shown in Fig. 2 224 using the labels  $\langle 0 \rangle$ ,  $\langle 1 \rangle$ ,... For example, the first transition 225 from state IDLE is to state Tick (labeled with  $\langle 0 \rangle$ ). The order is 226 omitted when a state only has one outgoing transition. 227

*3) Composite Function Block:* CFB contains a network of 228 interconnected function block instances. Fig. 3 combines two 229 basic blocks into a CFB. 230

*Function block instances:* An instance is to a function block 231 what an object is to a class in Java or C++: the former is a named 232 *instance* of the latter *type*. An instance  $fb = \langle name, FBT \rangle$ 233 is called *name* and has the type FBT (which can be a basic 234 or composite block). The composite block in Fig. 3 contains 235 two function block instances: *BeltModel* of type Conveyor\_ 236 Belt\_Model, and *PhotoeyeModel* of type Conveyor\_ 237 Photoeyes\_Model. Instances allow easy reuse of function 238 blocks. The interface of an instance is used to connect it 239 into a network. The notation (name). (event/variable name) 240 refers to the inputs or outputs (events/variables) of an instance 241 fb. For example, the output variable *PEDetects* of instance 242 PhotoeyeModel is written as *PhotoeyeModel.PEDetects*. The 243 instances of a composite block network are contained in a 244 totally ordered set FBs. 245

*Event connections:* A CFB network contains the following 246 types of event connections (the short-hand  $s \mapsto d$  represents an 247 event connection from s to d). 248

- Input to input connections C<sub>E121</sub>: Inputs of the CFB's 249 interface may connect to inputs of instances in the net- 250 work. For example, *Tick* → BeltModel.*TICK*, as per 251 Fig. 3.
- 2) Output to input connections  $C_{EO2I}$ : Output events of one 253 instance may be read as inputs by another. For example, 254 BeltModel. $CNF \mapsto$  PhotoEyeModel.Tick A feedback 255 connection connects the output of an instance appearing 256 later in FBs (an ordered set) to the input of an earlier 257 instance in FBs. For example, PhotoEyeModel. $Cnf \mapsto$  258 BeltModel.Tick 259
- 3) Output to output connections C<sub>EO2O</sub>: Output events of 260 instances in the network may connect to output events of 261 the CFB's interface. For example, PhotoEyeModel.Cnf 262 → TickO.

*Variable connections*: Composite blocks have three types of 264 variable connections, as illustrated in Fig. 3. 265

- 1) Input to input connections  $C_{VI2I}$  connect input variables 266 of the interface to the input variables of the FB instances 267 in the network, e.g.,  $Accel \mapsto \texttt{BeltModel}.Accel$ . 268
- Output to input connections C<sub>VO2I</sub> connect the output 269 variable of one FB instance to the input of another, e.g., 270 BeltModel.EncCount → PhotoEyeModel.EncCount. 271



F3:1 Fig. 3. Network of blocks within the conveyor model CFB.

3) Output to output connections  $C_{VO2O}$  connect an output variable of an instance to an output of the interface, such as PhotoEyeModel.*PEDetects*  $\mapsto$  PEDetects.

IEC 61499 restricts variable connections such that only a single source can be connected to a destination variable in a CFB.
Moreover, only variables of the same type can be connected
together. This paper omits this aspect for the sake of readability
but without sacrificing expressiveness.

Definition 3 (CFB): A CFB is a tuple  $\langle \mathcal{I}, \text{FBNetwork} \rangle$ 280with interface  $\mathcal{I} = \langle E_I, V_I, \alpha_I, E_O, V_O, \alpha_O \rangle$ , and a net-281 work FBNetwork =  $\langle FBs, C_{events}, C_{var} \rangle$ , where  $FBs = \{fb_1, d_{var}\}$ 282 283  $fb_2, \dots fb_n$  is a finite and totally ordered set of function block instances of size n. Each  $fb_i$   $(i \in [1, n])$  is 284 a FB instance  $\langle name_i, FBT_i \rangle$ , with name  $name_i$  and a 285 function block (type)  $FBT_i$  with the interface  $\mathcal{I}_i = \langle E_{I_i},$ 286  $V_{Ii}, \alpha_{Ii}, E_{Oi}, V_{Oi}, \alpha_{Oi}$ . The event connections set  $C_{\text{events}} =$ 287  $C_{EI2I} \cup C_{EO2I} \cup C_{EO2O}$  (as per Section III-A3). The set 288 of variable connections  $C_{\text{var}} = C_{VI2I} \cup C_{VO2I} \cup C_{VO2O}$  (as 289 per Section III-A3). For any two variable connections 290 291  $(src_1, dest_1), (src_2, dest_2) \in C_{var}, dest_1 \neq dest_2.$ 

#### 292 B. Synchronous Semantics for IEC 61499

The proposed synchronous semantics for IEC 61499 is sim-293 ilar to the semantics of PRET-C [21], and guarantees the 294 absence of causality cycles due to a static ordering of execu-295 296 tion. Execution of blocks is divided into logical time instants 297 called ticks or macro-steps. During each tick, a predefined and ordered sequence of micro-steps is followed. This semantics 298 299 differs from the synchronous semantics proposed in [7], where the order of execution of blocks may change between different 300 ticks, and blocks can only read inputs generated in the previ-301 ous tick. The proposed semantics does not require this delayed 302 propagation of events used in [7]. 303

1) Execution Semantics of BFBs: Each BFB initializes in its start state  $s_0$ . Each tick, its execution follows four steps. In step 1, the block samples input events  $(E_I)$  from the environment, and updates input variables (in  $V_I$ ) when associated input



Fig. 4. Execution semantics for composite blocks.

F4:1

events are present. In step 2, the outgoing transitions of the 308 current state s are evaluated in order and the first enabled tran-309 sition is taken. A transition is enabled when the related event is 310 present and the Boolean condition evaluates to true. For exam-311 ple, if the ECC shown in Fig. 2 is in state START, and input 312  $\xrightarrow{\text{Init,true}} \text{INIT}$ event Init is present, the lone transition START 313 fires. If no outgoing transition is enabled, the current tick ter-314 minates. In step 3, after a transition to a destination state s'315 has fired, the actions  $\lambda(s')$  are executed. For example, if state 316 INIT is entered, the block executes algorithm *INIT* and emits 317 the event *InitO*. Finally, in step 4, output variable values are 318 updated if associated output events were emitted in step 3. 319 Thanks to the explicit ordering of ECC transitions, basic blocks 320 execute deterministically, as in step 2, only the highest priority 321 transition that is enabled fires. 322

2) Execution Semantics of Composite Blocks: A CFB is ini-323 tialized with all instances in its network in their initial states. 324 Each tick, the following sequence is executed. Fig. 4 illustrates 325 this sequence for the CFB shown in Fig. 3. In step A, interface 326 input events are sampled, and associated input variable values 327 are updated. In step B, all FB instances in the network execute 328 as per their order in the set FBs. For example, BeltModel exe-329 cutes before PhotoeyeModel. The execution of each instance 330 involves two substeps. In step B1, input events are sampled and 331



F5:1 Fig. 5. HCECC examples. (a) Parallel HCECC. (b) Refined HCECC.

associated input variables are updated. For example, the input 332 event BeltModel.TICK is present if any of the source events 333 334 Tick of the block's interface or PhotoeyeModel.Cnf is present. For feedback connections, such as PhotoeyeModel. $Cnf \mapsto$ 335 336 BeltModel.*TICK*, the presence or absence of the source event in the previous tick is considered. Then, in step B2, each FB 337 338 instance is executed, based on its semantics (basic or composite). Fig. 4 shows how both steps B1 and B2 are repeated for the 339 340 two instances in the CFB of Fig. 3. Finally, in step C, outputs of the CFB interface are updated. An output event is set to present 341 if a source event connected to it is present during the current 342 tick. All output variables associated with emitted output events 343 are also updated. 344

We can recursively substitute composite block instances with their networks to translate a CFB network into a network of basic block instances. Under the proposed semantics, CFBs can be mapped to PRET-C programs with well-formed semantics [21]. It can then be shown that CFB execution is deterministic and reactive under the proposed semantics.

351

## IV. HCECCs

HCECCs introduce parallel and refined block types to allowstatecharts-like concurrency and hierarchy in basic blocks.

354 A. Syntax

Parallel HCECCs allow concurrency within a single block.
Fig. 5(a) shows a parallel HCECC, which has an interface
and local declarations. However, unlike a basic block, the
HCECC contains two ECCs that share the interface and local
declarations.

360 Definition 4 (parallel HCECC): A parallel HCECC HCECC<sub>||</sub> 361 is a tuple  $\langle \mathcal{I}, L, \text{ECCs} \rangle$ , with interface  $\mathcal{I}$ , local declarations L, 362 and a finite ordered set ECCs = {ECC<sub>1</sub>,..., ECC<sub>n</sub>} of ECCs.

Refined HCECCs allow nesting of parallel ECCs within ECC states. Fig. 5(b) shows a refined HCECC containing an ECC with two states: START and RefinedState. The state 365 RefinedState is refined and contains two concurrent ECCs: 366 Para1 and Para2. The top-level ECC is the refined ECC, 367 RefinedState is the refined state, and Para1 and Para2 are 368 the refining behaviors. All refined and refining ECCs share the 369 interface and local declarations of the block. 370

Definition 5 (refined HCECC): A refined HCECC HCECC<sub>></sub> 371is a tuple  $\langle \mathcal{I}, L, \text{ECC}, \text{ECCs}, \triangleright \rangle$  containing an interface  $\mathcal{I}$ , local 372declarations L, a top-level refined ECC ECC, and a set ECCs 373of refining ECCs. The state-refinement function  $\triangleright : S \rightarrow 2^{\text{ECCs}}$  374(S is the set of states in ECC) maps states in ECC to an ordered 375subset of refining ECCs in ECCs.376

For the refined HCECC shown in Fig. 5(b), ECCs = 377 {Para1, Para2}, and  $\triangleright$ (START) =  $\emptyset$  (nonrefined state) and 378  $\triangleright$ (RefinedState) = {Para1, Para2}. Def. 5 defines refined 379 HCECCs with a single level of refinement, but HCECCs can 380 have nested refinement, as discussed in the next section. 381

#### B. Synchronous Semantics for HCECCs

1) Execution Semantics of Parallel HCECCs: A parallel 383 HCECC executes using the following sequence every tick. In 384 step A, the block samples input events and updates input vari-385 ables. In step B, ECCs contained in ECCs execute in order. 386 For example, the HCECC in Fig. 5(a) executes ECC1 and then 387 ECC2. Finally, in step C, an output event is emitted once if it is 388 emitted by any ECC. Associated output variables are updated to 389 the latest values assigned to them in the current tick following 390 the order of execution of ECCs in B. 391

Variable updates propagate from the first ECC to the last 392 ECC every tick. For example, for the HCECC in Fig. 5(a), if 393 ECC1 updates any internal variables, ECC2 uses the updated 394 values while executing in the same tick. ECC1 can read updates 395 by ECC2 only in the next tick. The fixed order of execution 396 ensures deterministic execution without causality issues. This 397 semantics where a block is invoked only once relative to an 398 event occurrence is fully compliant to ver. 2 of the IEC 61499 399 standard [1]. In ver. 1, a block can be invoked multiple times rel- 400 ative to an event occurrence, leading to ambiguities in execution 401 semantics. Stability research can address such issues to ensure 402 deterministic execution [22], [23]. However, stability research 403 is not required for the proposed semantics. 404

2) Execution Semantics of Refined HCECCs: Every tick, 405 a refined HCECC executes as follows. If the current state 406 is not a refined state (case 1), the HCECC executes like a 407 BFB (see Section III-B1). For example, the HCECC shown in 408 Fig. 5(b) executes like a BFB when it is in state Start. If, during the current tick, a transition to a refined state is taken, the 410 actions of the refined state, and the initial states of all refin-11 ing behaviors are executed in order. For example, if a transition 412 from state Start to the refined state RefinedState is taken, 413 the block emits the output X (action of RefinedState), fol-414 lowed by executing the actions of the initial states S1 and T1 of 415 the refining ECCs. 416

If the HCECC is in a refined state (case 2), it first samples 417 the interface inputs and updates variables (step A). Then, in 418 step B, the outgoing transitions of the refined state are evaluated. For example, if the HCECC from Fig. 5(b) is in state 420



F6:1 Fig. 6. Overview of HCECC translation.



F7:1 Fig. 7. Parallel ECCs flattened to a function block network.

421 RefinedState and the outgoing transition to state Start is 422 enabled, execution is identical to case 1 above. In step C, if no 423 transition fires in step B, the HCECC executes like a parallel 424 HCECC (see Section IV-B1)—ECCs refining the current state 425 execute in order. Finally, in step D, interface output events are 426 emitted (if emitted by any of the ECCs), and output variable 427 values are updated.

Refined HCECCs execute deterministically because in every
tick, they follow the deterministic execution semantics of basic
blocks (case 1) or parallel HCECCs (case 2).

### 431 V. TRANSLATING HCECCS TO IEC 61499

As refined HCECCs execute like parallel HCECCs, and the
semantics of parallel HCECCs are based on composite blocks,
it is possible to create a sound translation from HCECCs to
equivalent IEC 61499 function blocks as shown in Fig. 6.
Detailed proofs can be found at http://tinyurl.com/hcecc2015.

#### 437 A. Parallel HCECC to CFB Conversion

Algorithm 1 converts a parallel HCECC into a CFB by
first creating multiple FB instances, and then connecting them.
These steps are illustrated by transforming the parallel HCECC
in Fig. 5(a) to the CFB network in Fig. 7.

442 Creating FB instances: Algorithm 1 transforms each ECC
443 in the parallel HCECC into an instance of a newly created BFB
444 (lines 1–22). The newly created instances are ordered in the
445 same manner as the ECCs in the parallel HCECC (lines 8–21)
446 and are contained in the set FBs.

The newly created instances have the same interface  $\mathcal{I}'$ (line 6) which has the same input and output events as the HCECC interface, and additional input and output events *PARI* and *PARO* (line 3). These additional events propagate updated variable values within the network (described in the next paragraph).  $\mathcal{I}'$  has input variables corresponding to all input, output,

Algorithm 1. Algorithm Par2CFB **Input:** Parallel HCECC  $\langle \mathcal{I}, L, ECCs \rangle$ Output: CFB CFB 1 //Create FB instances: 2 Ordered set FBs =  $\emptyset$ :  $3 E_I' = E_I \cup \{PARI\}; E_O' = E_O \cup \{PARO\};$  $4 V_{I}' = V_{I} \cup V_{L} \cup V_{O}; V_{O}' = V_{L} \cup V_{O};$  $5 \alpha_I' = \alpha_I \cup \{(PARI, v_I) | v_I \in V_L \cup V_O\};\$  $\alpha_{O}' = \alpha_{O} \cup \{(PARO, v_{O}) | v_{O} \in V_{O}\};$  $6 \mathcal{I}' = \langle E_I', V_I', \alpha_I', E_O', V_O', \alpha_O' \rangle;$ 7  $L' = \langle \emptyset, A_L \cup \{UpdateOutputs\} \rangle;$ 8 for each  $ECC = \langle S, s_0, \lambda, T \rangle \in ECCs$  do 9  $S' = S; s'_0 = s_0$ ; Initialize  $\lambda', T';$ 10 for each  $s \in S$  do 11  $\lambda'(s) = \lambda(s) \oplus \{UpdateOutputs, PARO\};$ T'(s) = T(s);12 **if** there is no transition  $s \xrightarrow{1} s_1$  **then** 13 Loop state  $s_l$ ;  $S' = S' \cup \{s_l\}$ ; 14  $\lambda'(s_l) = \{UpdateOutputs, PARO\};\$ 15  $T'(s) = T'(s) \oplus \{s \xrightarrow{1} s_l\};$ 16  $T'(s_l) = \{ s_l \xrightarrow{e,b} s_1 | s \xrightarrow{e,b} s_1 \};$ 17 18 end 19 end  $ECC' = \langle S', s'_0, \lambda', T' \rangle; BFB' = \langle \mathcal{I}', L', ECC' \rangle;$ 20 $fb = \langle name_i, BFB' \rangle; FBs = FBs \oplus \{fb\};$ 21 22 end 23 //Create connections; 24  $n = |\mathsf{FBs}|; C_{events} = \emptyset; C_{var} = \emptyset;$ 25 for each  $i \in [1, n]$  do 26 Select the *i*-th FB instance  $fb_i \in FBs$ ;  $C_{events} = C_{events} \cup \{ (e_I \mapsto \mathtt{fb}_i.e_I) | e_I \in E_I \};$ 27 28  $C_{events} = C_{events} \cup \{ (\mathtt{fb}_i.e_O \mapsto e_O) | e_O \in E_O \};$ 29 if i = 1:  $C_{var} = C_{var} \cup \{(v_I \mapsto \mathtt{fb}_i . v_I) | v_I \in V_I\};$ if i = n:  $C_{var} = C_{var} \cup \{(\mathtt{fb}_i . v_O \mapsto v_O) | v_O \in V_O\};$ 30 if i < n then  $fb_j = fb_{i+1}$  else  $fb_j = fb_1$ ; 31  $C_{events} = C_{events} \cup \{ (\texttt{fb}_i.PARO \mapsto \texttt{fb}_j.PARI) \};$ 32  $C_{var} = C_{var} \cup \{ (\mathtt{fb}_i.v_L \mapsto \mathtt{fb}_j.v_L | v_L \in V_L \};$ 33 34  $C_{var} = C_{var} \cup \{ (\mathtt{fb}_i . v_O \mapsto \mathtt{fb}_j . v_O | v_O \in V_O \};$ 35 end 36 //Create CFB; 37 FBNetwork =  $\langle FBs, C_{events}, C_{var} \rangle$ ; 38 CFB =  $\langle \mathcal{I}, \text{FBNetwork} \rangle$ ; 39 return CFB;

and local variables of the parallel HCECC, and its output variables correspond to all local and output variables of the parallel HCECC (line 4).  $\mathcal{I}'$  retains the input and output associations of the original HCECC. In addition, *PARI* and *PARO* are associated with each input and output variable of  $\mathcal{I}'$ , respectively. 457 The local declarations L' for each instance contains no internal variables and has local versions of all algorithms of the parallel HCECC (line 7). A new algorithm UpdateOutputs is used to ensure that each basic block instance propagates output data forward in every tick. 462

Events *PARI* and *PARO* replicate the communication 463 between the ECCs of the parallel HCECC (using internal 464



Fig. 8. Parallel ECCs equivalent to refinement in Fig. 5(b) F8:1

variables) in the (to be created) CFB network by explicit prop-465 agation of data between the corresponding instances. Each 466 instance emits PARO every tick, forcing an update of all out-467 put variables using algorithm *UpdateOutputs* (line 11). The 468 PARO output of a FB instance is connected to the PARI input 469 of the next FB instance in the network (lines 31-35), allowing 470 a forward propagation of data from each instance. 471

Each ECC in the HCECC is converted into an ECC' of a 472 corresponding BFB instance BFB' (lines 8-22). ECC' initially 473 contains the same states and initial state as ECC (line 9) and 474 each state s from ECC retains all original actions and transi-475 tions in ECC', but also has two new actions-the execution of 476 the algorithm *UpdateOutputs* and the emission of the event 477 478 PARO for forward data propagation.

Lines 13–18 create additional *loop* states in ECC. Loop states 479 are needed to ensure that in any tick, if none of the origi-480 nal transitions inherited by the current state in ECC' are taken, 481 a transition to a loop state will ensure that the instance will 482 still correctly propagate variable values through the network by 483 484 doing actions UpdateOutputs and PARO. Therefore, for every state s that does not have an always-true transition (line 13), 485 a corresponding loop state  $s_l$  in ECC' is introduced (line 14). 486 Also, each state has an additional always-true but lowest prior-487 ity transition to its corresponding loop state (line 16). The loop 488 489 state itself has the same transitions as its corresponding state s(line 17). 490

Creation of connections: The event and variable connections 491 for each FB instance are created as follows (the *i*th FB instance 492 493 in FBs is noted as  $fb_i$ ).

- 494 1) All input/ output events of the CFB interface  $\mathcal{I}$  are con-495 nected to corresponding input and output events of  $fb_i$ (lines 27, 28). 496
- 497 2) If fb<sub>i</sub> is the *first* or *last* FB instance in the CFB network, all input or output variables (respectively) of the HCECC 498 499 interface  $\mathcal{I}$  are connected to the corresponding input or 500 output variables (respectively) of  $fb_i$  (lines 29, 30).
- 3) The PARO output event of  $fb_i$  is connected to the PARI 501 input event of the next instance  $fb_i$  (line 32).  $fb_i$  is 502 the next instance  $fb_{i+1}$  after  $fb_i$  in FBs, or if  $fb_i$  is 503 the last element of FBs, then  $fb_i$  is the first element 504 505 fb<sub>1</sub> of FBs (line 31). For example, in Fig 7, PARO of ParallelECC1 connects to PARI of ParallelECC2 and 506 PARO of ParallelECC2 connects to PARI of instance 507 ParallelECC1. The output variables of fb<sub>i</sub> correspond-508 ing to the internal and output variables of the parallel 509 HCECC are connected to corresponding input variables 510 511 of  $fb_i$  (line 33).

#### Algorithm 2. Algorithm RemoveRefinement

- **Input:**  $\mathcal{I}, L = \langle V_L, A_L \rangle, \text{ECC} = \langle S, s_0, \lambda, T \rangle, s \in S, \text{ECCs}_s$ **Output:** Pair (ECCs<sub> $\triangleright$ </sub>,  $L_{\triangleright}$ )
- 1 //Modify locals;
- 2 Variable set  $V_L \prime = V_L \cup \{s_{\triangleright} \_Disabled\} (s_{\triangleright} \_Disabled \text{ is of }$ type Boolean);
- 3 Algorithm set  $A_L' = A_L \cup \{s_{\triangleright}\_Enable, s_{\triangleright}\_Disable\};$
- 4 //Create new local declarations;
- $5 L_{\triangleright} = \langle V_L \prime, A_L \prime \rangle;$
- 6 //Create ECCs<sub>▷</sub>;
- 7 Initialize ordered set of ECCs  $ECCs_{\triangleright} = \emptyset$ ;
- 8 //Modify ECC;
- 9 Initialize empty action map  $\lambda_0$ ;
- 10 //Modify states;
- 11 **for** each state  $s \in S$  **do**
- if  $s = s_{\triangleright}$  then 12

13 
$$\lambda_0(s) = \lambda(s) \oplus \{s_{\triangleright}\_Enable\};$$

14 end

15

- else if  $s_{\triangleright}$  has a transition (in T) to s then
- 16  $\lambda_0(s) = \lambda(s) \oplus \{s_{\triangleright} Disable\}$
- 17 end

```
18
        else
19
```

$$\lambda_0(s) = \lambda(s);$$

```
20
      end
21 end
```

22 ECC<sub>0</sub> =  $\langle S, s_0, \lambda_0, T \rangle$ ;

- 23  $ECCs_{\triangleright} = ECCs_{\triangleright} \oplus \{ECC_0\};$ 24 //Modify ECCs in ECCs<sub>s</sub>;
- 25 for each  $ECC_i = \langle S_i, s_{0_i}, \lambda_i, T_i \rangle \in ECCs_s$  do
- Create set of states  $S_{\triangleright i} = S_i \cup \{Disabled\};\$ 26
- Set state  $s_{0_{\triangleright i}} = Disabled;$ 27 28 if  $s_{\triangleright} = s_0$  then
- 29  $s_{0_{\triangleright i}} = s_{0_i};$

end

30

35

36

37

38

- 31 Initialize action map  $\lambda_{\triangleright i} = \lambda_i$ ;
- 32 Add  $\lambda_{\triangleright i}(Disabled) = \emptyset;$
- 33 Initialize transition function  $T_{\triangleright i} = T_i$ ;
- 34 for each  $s \in S_{\triangleright i}$  do
  - if s = Disabled then  $T_{\triangleright i}(s) = \{s \xrightarrow{1, !s_{\triangleright} \_ Disabled} s_{0_i}\};$

$$T_{\triangleright i}(s) = \{s \xrightarrow{1, s_{\triangleright} \_Disabled} \to Disabled\} \oplus T_i(s)$$

39 end 40 end

41 Create ECC 
$$\text{ECC}_{\triangleright i} = \langle S_{\triangleright i}, s_{0 \triangleright i}, \lambda_{\triangleright i}, T_{\triangleright i} \rangle$$

42  $ECCs_{\triangleright} = ECCs_{\triangleright} \oplus \{ECC_{\triangleright i}\};$ 

43 end

44 return Pair  $(ECCs_{\triangleright}, L_{\triangleright});$ 

A proof by induction shows that the CFB generated from 512 Algorithm 1 has the same behavior the source parallel HCECC. 513

#### B. Refinement to Parallel Conversion

514

AlgorithmRemoveRefinement (Algorithm 2) translates 515 the refinement of a single state in a refined HCECC into 516 parallel ECCs. For the HCECC in Fig. 5(b), the algorithm 517

| TABLE I                       |
|-------------------------------|
| HCECC AND ECC SIZE COMPARISON |

|     |                      | ECCs    |             |        |             | HCECCs |             |        |             |
|-----|----------------------|---------|-------------|--------|-------------|--------|-------------|--------|-------------|
| No. | Benchmark            | # Basic | Connections | States | Transitions | Unique | Connections | States | Transitions |
|     |                      | blocks  |             |        |             | blocks |             |        |             |
| B1  | Watch                | 3       | 21          | 17     | 24          | 1      | 0           | 14     | 20          |
| B2  | Distribution station | 2       | 18          | 10     | 12          | 1      | 0           | 10     | 12          |
| B3  | Drill station        | 2       | 10          | 9      | 10          | 1      | 0           | 9      | 9           |
| B4  | Water monitor        | 4       | 31          | 16     | 38          | 3      | 28          | 16     | 38          |
| B5  | Cruise controller    | 5       | 32          | 15     | 42          | 1      | 0           | 11     | 38          |
| B6  | MP3player            | 4       | 22          | 14     | 24          | 1      | 0           | 10     | 15          |

produces the parallel ECCs shown in Fig. 8. The algorithm executes as follows. Lines 1–5 of Algorithm 2 modify the local declarations, adding a new internal variable ( $s_{\triangleright}$ \_Disabled) and two new algorithms (lines 2–3). The new algorithms ( $s_{\triangleright}$ \_Enable,  $s_{\triangleright}$ \_Disable) clear and set the  $s_{\triangleright}$ \_Disabled variable respectively.

524 The first step in constructing the set  $ECCs_{\triangleright}$  of parallel ECCs involves modifying the main ECC (lines 8-22). An algo-525 526 rithm  $s_{\triangleright}$ \_Enable is added to the actions of  $s_{\triangleright}$  (line 13), so that whenever state  $s_{\triangleright}$  is reached, the variable  $s_{\triangleright}$ \_Disabled 527 528 is cleared (allowing refining ECCs to execute). Similarly, in every state s to which  $s_{\triangleright}$  has an outgoing transition, an algo-529 530 rithm  $s_{\triangleright}$  Disable is added to the actions to set the variable  $s_{\triangleright}$ \_Disabled and to stop the refining ECCs from executing. 531 532 For example, for the parallel ECCs in Fig. 8, the action map of the first ECC is changed as follows.  $\lambda_0(\texttt{Start})$  takes the value 533  $\{RefinedState_Disable\}, and \lambda_0(RefinedState) takes the$ 534 value {RefinedState Enable, X}, where X was part of the 535 original refined HCECC. The modified main ECC is inserted as 536 537 the first element into the set  $ECCs_{\triangleright}$ . It, therefore, executes first, 538 and may enable or disable other ECCs.

Lines 24–43 modify each refining ECC, adding a new state 539 540 Disabled (line 26) to model the disabled behavior when the refined ECC is not in state  $s_{\triangleright}$ . Fig. 8 shows the Disabled state 541 542 for each of the modified refining ECCs (Para1 and Para2). 543 Disabled is set as the initial state of each refining ECC (line 27). However, if the refined state  $s_{\triangleright}$  is the initial state of the 544 refined ECC, refining ECCs' original initial states are retained 545 (line 29). The modified refining ECC states retain their actions 546 547 from the original refining ECC (line 31) and state Disabled has no actions (line 32). 548

549 The transition function for the modified refining ECC retains all original transitions (line 33). New transitions are added 550 to model the enabled/disabled behavior, based on the value 551 of the variable  $s_{\triangleright}$ \_Disabled. All states have a highest pri-552 553 ority transition to Disabled when  $s_{\triangleright}$ \_Disabled is true (line 38). Disabled has a single outgoing transition to the orig-554 555 inal initial state of the refining ECC (line 36). For example, each state in ECC Para1 in Fig. 8 has a transition 556 557 to Disabled when RefinedState\_Disabled is true, and 558 Disabled has a transition to the original initial state S1 when RefinedState\_Disabled is false. Finally, line 41 constructs 559 the modified refining ECC and adds it to ECCs<sub>▷</sub> on line 42. 560 After all refining ECCs have been processed in this way, line 561 562 44 returns  $ECCs_{\triangleright}$  and modified local declarations  $L_{\triangleright}$ .

563 A refined HCECC containing multiple (*m*) refined states is 564 transformed into a parallel HCECC by applying Algorithm 2

TABLE II Development Time (Time in Minutes)

|     | Developer A |        | Deve | eloper B | Developer C |        |
|-----|-------------|--------|------|----------|-------------|--------|
| No. | ECCs        | HCECCs | ECCs | HCECCs   | ECCs        | HCECCs |
| B1  | 8           | 4      | 11   | 7        | 53          | 40     |
| B2  | 5           | 3      | 14   | 10       | 50          | 34     |
| B3  | 4           | 2      | 9    | 4        | 30          | 18     |
| B4  | 11          | 10     | 23   | 20       | 70          | 45     |
| B5  | 12          | 6      | 19   | 10       | 43          | 25     |
| B6  | 8           | 3      | 20   | 9        | 35          | 16     |

m times (once for each refined state). HCECCs with nested 565 refinement are processed in a depth-first fashion starting from 566 the inner-most HCECC, until the block is reduced to a refined 567 HCECC with only single-level refinement. A proof of sound-568 ness of the proposed transformations can be done by induc-569 tion, showing equivalence between the execution of a refined 570 HCECC, the corresponding parallel HCECC, and the corre-571 sponding IEC 61499 program, under the proposed synchronous 572 semantics. 573

| VI. | RESULTS |  |
|-----|---------|--|
|     |         |  |

A qualitative and quantitative evaluation of HCECCs was 575 done using the Auckland Function Block Benchmark [24], 576 which contains designs varying in size and complexity of algorithms. Each benchmark was reimplemented using HCECCs, 578 and subsequently compared to the original model. All benchmarks are available at http://tinyurl.com/hcecc2015. 580

Table I compares the sizes of the standard and HCECC ver-581 sions of each benchmark. Columns 2–5, respectively, show the 582 numbers of basic blocks, connections, states and transitions 583 in the standard version. Columns 5-8, respectively, show the 584 numbers of blocks, connections, states, and transitions in the 585 HCECC version. For each benchmark, the size of the HCECC 586 version was either smaller than or the same as the standard 587 version. Most compression was achieved when refinement was 588 used because enforcing refinement-like hierarchy in standard 589 function blocks requires many more transitions and states. 590

Table II shows the times taken by three developers to develop 591 the benchmarks shown in Table I. Developer A was an expert 592 in HCECC design, developer B had some experience with 593 statecharts and a working knowledge of IEC 61499, and devel-594 oper C was completely new to both HCECCs and IEC 61499. 595 Overall, all developers took significantly lesser amount of time 596 to develop HCECCs. While these results are promising, a wider 597 usability study is beyond the scope of this paper. 598

T1:1 T1:2

> T2:1 T2:2



F9:1 Fig. 9. Multilevel refinement example.



F10:1 Fig. 10. Benchmark code size comparison.

599 HCECCs can model complex behaviors that cannot be easily created in standard function blocks. Fig. 9 shows the HCECC 600 for a conveyor controller (algorithms omitted for readability). 601 This model may react to up to three different events in a sin-602 gle tick. Modeling such behaviors using standard (flat) ECCs 603 604 results in exponentially more states and transitions, requires extra effort in creating multiple blocks and connecting them, 605 and takes longer to design and maintain. 606

We extended the function block compiler (FBC) [7] to cre-607 ate FBC-HCECC, a compiler to compile HCECCs into C code 608 609 using the proposed synchronous semantics. Fig. 10 compares code sizes produced by FORTE v1.7.1, FBRT v20081003, 610 FBC, and FBC-HCECC. For FBRT code, the Java virtual 611 machine (JVM) size was removed for a fair comparison. Code 612 generated by FBC-HCECC was on average 1.18 times smaller 613 than FBC, which in turn produced much smaller code than 614 FORTE and FBRT. In some cases, like benchmark B4, FBC-615 HCECC generated code was 1.70 times smaller than FBC. The 616 reduction in code size comes from HCECCs allowing the same 617 functionality within smaller models, as per Table I. 618

Code for each benchmark from different compilers was run
on a windows PC with an Intel Core i7 920 processor and 18GB
RAM. Java v7 (JDK and JRE) was used to compile and run
FBRT-generated code. 4DIAC and FBDK front-ends were used
to design and run FORTE and FBRT programs, respectively. C
code from FBC and FBC-HCECC was compiled using Visual
Studio's C compiler with the -O2 optimization switch. Each

 TABLE III

 Performance Comparison (Time in Milli-seconds)

|           | FORTE  | FBRT  | FBC ECC | FBC HCECC |
|-----------|--------|-------|---------|-----------|
| B1        | 1962.6 | 77.0  | 75.0    | 24.0      |
| B2        | 1532.0 | 120.4 | 68.2    | 30.0      |
| <b>B3</b> | 387.0  | 56.3  | 44.0    | 19.0      |
| B4        | 1928.4 | 214.5 | 83.0    | 33.0      |
| B5        | 877.0  | 130.0 | 64.0    | 27.8      |
| <b>B6</b> | 1251.2 | 144.7 | 123.0   | 96.0      |
|           | -      |       |         |           |

program was then executed with a common test-file containing 626 a sequence of one million input vectors. Each vector contained 627 a random event and random values for variables. A compari-628 son of the execution times is shown in Table III. FBC-HCECC 629 programs executed 1.3 to 3.1 times faster than FBC programs, 630 with an average speedup of 2.3 possibly due to smaller model 631 sizes. FBC-HCECC programs ran on average 3.8 and 42.7 632 times faster than FBRT and FORTE programs, which required 633 additional runtimes. 634

Overall, HCECCs enable more compact designs that are 635 faster to develop, smaller in code size, and execute faster 636 than standard IEC 61499 designs. A side-effect of using the 637 proposed semantics is that a fixed ordering of blocks within 638 composite blocks (and also parallel and refined HCECCs) must 639 be defined. The FBC-HCECC compiler uses the ordering as 640 per XML descriptions, which is standard practice. Designers 641 can change this ordering by editing the XML descriptions. 642 HCECCs can increase cohesion and reduce coupling between 643 blocks in some cases, such as exceptional handling scenarios. 644 However, it is possible to misuse this framework and integrate 645 loosely coupled blocks, reducing maintainability. 646

#### VII. CONCLUSION 647

This paper introduces HCECCs, consisting of hierarchical and concurrent operators for IEC 61499 ECCs, inspired 649 by statecharts. Refined HCECCs efficiently model exception 650 handling and other hierarchical behaviors, whereas parallel 651

T3:1 T3:2

663

HCECCs simplify the modeling of concurrent processes and 652 enable the monitoring of simultaneous events in a single block. 653 A synchronous semantics for IEC 61499 and HCECCs is 654 proposed under which HCECCs can be translated to CFBs. 655 656 Benchmarking results show that HCECCs provide reduced model sizes, which helps reduce development time, com-657 piled code size, and execution time. Future directions include 658 using HCECCs under other IEC 61499 semantics, optimiz-659 ing HCECC to network translation, studying how HCECCs 660 661 affect cohesion and coupling as well as code maintainability

662 or reusability, and providing tool-support for HCECCs.

#### REFERENCES

- Q2 664 [1] J. H. Christensen, T. Strasser, A. Valentini, V. Vyatkin, and A. Zoitl, "The IEC 61499 function block standard: Overview of the second edition," ISA 665 666 Autom. Week, vol. 6, 2012.
  - [2] V. Vyatkin, "IEC 61499 as enabler of distributed and intelligent automa-667 668 tion: State-of-the-art review," IEEE Trans. Ind. Informat., vol. 7, no. 4, 669 pp. 768–781, Nov. 2011.
  - [3] IEC, Committee Draft for Vote: IEC 61499-1: Function Block-Part 1 670 671 Architecture. Geneva, Switzerland: IEC, 2004.
  - 672 [4] A. Zoitl and H. Prahofer, "Guidelines and patterns for building hierar-673 chical automation solutions in the IEC 61499 modeling language," IEEE 674 Trans. Ind. Informat., vol. 9, no. 4, pp. 2387-2396, Nov. 2013.
  - 675 D. Harel, "Statecharts: A visual formalism for complex systems," Sci. 676 Comput. Programm., vol. 8, no. 3, pp. 231-274, Jun. 1987.
  - J. Kim, I. Kang, J.-Y. Choi, and I. Lee, "Timed and resource-oriented 677 678 statecharts for embedded software," IEEE Trans. Ind. Informat., vol. 6, 679 no. 4, pp. 568-578, Nov. 2010.
  - [7] L. H. Yoong, P. Roop, V. Vyatkin, and Z. Salcic, "A synchronous 680 681 approach for IEC 61499 function block implementation," IEEE Trans. 682 Comput., vol. 58, no. 12, pp. 1599-1614, Dec. 2009.
  - 683 M. Di Natale, Q. Zhu, A. Sangiovanni-Vincentelli, and S. Tripakis, [8] 684 "Optimized implementation of synchronous models on industrial LTTA 685 systems," J. Syst. Archit., vol. 60, no. 4, pp. 315-328, 2014.
  - 686 [9] M. Bonfè, C. Fantuzzi, and C. Secchi, "Design patterns for model-based 687 automation software design and implementation," Control Eng. Pract., 688 vol. 21, no. 11, pp. 1608-1619, 2013.
  - 689 [10] J.-P. Talpin et al., "Formal verification of synchronous data-flow program 690 transformations toward certified compilers," Front. Comput. Sci., vol. 7, 691 no. 5, pp. 598-616, 2013.
  - R. Nakamura, F. Arakawa, and M. Edahiro, "Simple one-to-one architec-692 [11] 693 ture for parallel execution of embedded control systems," in Proc. IEEE 694 Int. Conf. Cyber-Phys. Syst. Netw. Appl. (CPSNA), 2014, pp. 25-30.
  - P. Gaj, J. Jasperneite, and M. Felser, "Computer communication 695 [12] within industrial distributed environment-A survey," IEEE Trans. Ind. 696 697 Informat., vol. 9, no. 1, pp. 182-189, Feb. 2013.
  - 698 [13] A. Girault, B. Lee, and E. A. Lee, "Hierarchical finite state machines with 699 multiple concurrency models," IEEE Trans. Comput.-Aided Des. Integr. 700 Circuits Syst., vol. 18, no. 6, pp. 742-760, Jun. 1999.
  - [14] D. Latella, I. Majzik, and M. Massink, "Towards a formal operational semantics of UML statechart diagrams," in *Formal Methods for Open* 701 702Object-Based Distributed Systems. New York, NY, USA: Springer, 1999, 703 pp. 331-347. 704
  - 705 A. Barji, N. Hagge, and B. Wagner, "Comparative study of using CNet, [15] 706 IEC 61499, and statecharts for behavioral models of real-time con-707 trol applications," in Proc. IEEE Conf. Emerg. Technol. Fact. Autom. 708 (ETFA'06), 2006, pp. 750-757.
  - [16] D. Tikhonov, D. Schutz, S. Ulewicz, and B. Vogel-Heuser, "Towards 709 710 industrial application of model-driven platform-independent PLC pro-711 gramming using UML," in Proc. 40th Annu. IEEE Conf. Ind. Electron. 712 Soc. (IECON'14), 2014, pp. 2638-2644.
  - 713 [17] K. Thramboulidis, "Model-integrated mechatronics-toward a new 714 paradigm in the development of manufacturing systems," IEEE Trans. 715 Ind. Informat., vol. 1, no. 1, pp. 54-61, Jan. 2005.
  - 716 G. D. Shaw, P. S. Roop, and Z. Salcic, "A hierarchical and concurrent [18] 717 approach for IEC 61499 function blocks," in Proc. IEEE Conf. Emerg. 718 Technol. Fact. Autom. (ETFA'09), 2009, pp. 1-8.

IEEE TRANSACTIONS ON INDUSTRIAL INFORMATICS

- [19] V. Dubinin, V. Vyatkin, and T. Pfeiffer, "Engineering of validatable 719 automation systems based on an extension of UML combined with func-720 tion blocks of IEC 61499," in Proc. IEEE Int. Conf. Robot. Autom. 721 (ICRA'05), 2005, pp. 3996-4001. 722
- [20] V. N. Dubinin and V. Vyatkin, "Semantics-robust design patterns for IEC 723 61499," IEEE Trans. Ind. Informat., vol. 8, no. 2, pp. 279-290, May 724 725 2012.
- [21] S. Andalam, P. S. Roop, A. Girault, and C. Traulsen, "A predictable 726 727 framework for safety-critical embedded systems," IEEE Trans. Comput., vol. 63, no. 7, pp. 1600-1612, Jul. 2014. 728
- [22] F. Schumacher and A. Fay, "Formal representation of GRAFCET to auto-729 730 matically generate control code," Control Eng. Pract., vol. 33, pp. 84-93, 2014. 731
- [23] M. Sogbohossou and A. Vianou, "Formal modeling of grafcets with time 732 733 petri nets," IEEE Trans. Control Syst. Technol., vol. 23, no. 5, pp. 1978-1985, Sep. 2015.
- [24] L. H. Yoong, P. S. Roop, and Z. Salcic, "Implementing constrained cyberphysical systems with IEC 61499," ACM Trans. Embedded Comput. Syst. 736 (TECS), vol. 11, no. 4, pp. 78:1-78:22, 2012. 737

Roopak Sinha (S'03-M'13) received the B.E. (Hons), M.C.E., and Ph.D. 738Q3 739 degrees.

740Q4 He has worked with INRIA, Grenoble, France, and the University of Auckland, Auckland, New Zealand. Currently, he is a Senior Lecturer with 741 the School of Computer and Mathematical Sciences, Auckland University of 742 Technology, Auckland. His research interests include next-generation formal 743 744 frameworks for designing large-scale embedded software with application in industrial automation systems, Internet-of-Things, and intelligent transporta-745 746 tion systems.

Partha S. Roop (M'94) received the Ph.D. degree in computer science (soft-747 ware engineering) from the University of New South Wales, Sydney, NSW, 748 749 Australia, in 2001.

He is currently an Associate Professor and is the Director of the Computer 750 Systems Engineering Program, Department of Electrical and Computer 751 Engineering, University of Auckland, Auckland, New Zealand. His research 752 interests include the design and verification of embedded systems and exe-753 cutable biology. In particular, he is developing techniques for the design of 754 embedded applications in automotive, robotics, intelligent transportation, and 755 medical devices that meet functional safety standards. 756

Gareth Shaw received the B.E. and the Ph.D. degrees in electrical and elec-757 tronic engineering from the University of Auckland, Auckland, New Zealand, 758 in 2007 and 2013, respectively. 759

He is a Mobile Development Team Lead with Fiserv New Zealand, 760 Auckland. His research interests include design languages and their com-761 pilation, distributed systems, code generation, and complex digital system 762 design. 763

Zoran Salcic (S'75-M'76-SM'98) received the B.E., M.E., and Ph.D. degrees 764 in electrical and computer engineering from Sarajevo University, Sarajevo, 765 Bosnia and Herzegovina, in 1972, 1974, and 1976, respectively. 766

He is a Professor of Computer Systems Engineering with the University of 767 Auckland, Auckland, New Zealand. He has authored over 300 peer-reviewed 768 journal and conference papers, and several books. His research interests include 769 complex digital systems, custom-computing machines, embedded systems and 770 their implementation, design automation tools, hardware-software co-design, 771 772 models of computation and languages for concurrent and distributed systems, and cyber-physical systems. 773

Prof. Salcic is a Fellow of the Royal Society New Zealand. He was the 774 recipient of the Alexander von Humboldt Research Award in 2010. 775

Matthew M. Y. Kuo received the B.E. (Hons) degree in electrical and computer systems engineering from the University of Auckland, Auckland, New Zealand. He is currently pursuing the Ph.D. degree.

He is currently involved in an industrial project focused on the Internet of 779 Things with UniServices, Auckland. His research interests include synchronous 780 programming, static timing analysis, and precision timed industrial automation 781 782 systems.

734 735

776 777

778Q5

# QUERIES

- Q1: Please provide postal code for affiliations.
- Q2: Please provide page range for Ref. [1].
- Q3: Please provide the field of study, institutional details, location, and year of all the degrees of the author Roopak Sinha.
- Q4: Please spell out the term "INRIA".
- Q5: Please provide the institutional details of the Ph.D. degree of the author Matthew M. Y. Kuo.