ST 10 The Simplest Model-based Device Driver

Our journey on model-based software design continues with the Hierarki model train. In previous post, we explained how we partition the embedded software into multiple hierarchical state machines (HSMs) and looked into the Train HSM that controls the overall train behaviors.

We know that a system can only be as reliable as the least reliable component. While it is beneficial to model high level behaviors using HSMs like Train, it doesn’t do us any good if the majority of low-level drivers are still written informally with lots of intertwined flags and conditional statements. Now let’s look at how we apply statechart modeling to the simplest device driver possible, one for a single GPIO interrupt.

The statechart shows a simple design to track the physical pin state with two substates named Active and Inactive. We chose these names rather than High and Low such that they work for both active-high and active-low configurations. The GpioIntCallback() static method, called from the interrupt service routine (ISR), posts a TRIGGER event to the associated GpioIn HSM. It disables the pin interrupt before the event is processed to avoid glitches on the input pin overflowing the event queue.

Everything from now on will be modeled by state machines. The TRIGGER event bridges between the physical world and our event-driven model. It tells the GpioIn HSM that the physical pin state *may* have changed. GpioIn then checks the pin state and tracks it with its logical state, Active or Inactive. To avoid race conditions, it must re-enable the pin interrupt before checking the pin state. GpioIn indicates its state updates to its client via the GPIO_IN_ACTIVE_IND and GPIO_IN_INACTIVE_IND events.

The first scope capture illustrates the tracking of the active-low output pin of a hall effect sensor (Channel 1) with the GpioIn state (Channel 2). The second capture shows the timing analysis from (1) ISR, (2) handling of TRIGGER by GpioIn, (3) entry to the Inactive state of GpioIn, to (4) handling of GPIO_IN_INACTIVE_IND by the Train HSM. It is this event that signals the arrival to a station and commands the train to slow down.