Table Of ContentAspect Awareness in the Development of
Configurable System Software
—
Aspektgewahrheit bei der Entwicklung
konfigurierbarer Systemsoftware
Der Technischen Fakultät der
Universität Erlangen-Nürnberg
zur Erlangung des Grades
D -I
OKTOR NGENIEUR
vorgelegt von
Daniel Lohmann
Erlangen — 2008
Als Dissertation genehmigt von
der Technischen Fakultät der
Universität Erlangen-Nürnberg
Tag der Einreichung: 27.10.2008
Tag der Promotion: 30.03.2009
Dekan: Prof. Dr.-Ing. Johannes Huber
Berichterstatter: Prof. Dr.-Ing. Wolfgang Schröder-Preikschat
Prof. Dr.-Ing. Olaf Spinczyk
Prof. Dr.-Ing. Jörg Nolte
Abstract
More than 98 percent of the worldwide annual production of microprocessors ends
up in embedded systems – typically employed in goods of mass production, like cars,
appliances, or toys. Such embedded systems are subject to an enormous hardware-cost
pressure. System software for this domain has to cope not only with a broad variety of
requirementsandplatforms,butespeciallywithstrictresourceconstraints. Tocompete
againstproprietarysystems (andtherebytoallow forreuse), asystem-softwareproduct
line for embedded systems has to be highly configurable and tailorable. However, this
flexibility has to be provided in a way that meets the strict resource constraints.
Thestateoftheartfortheoverhead-freeimplementationoffine-grainedconfigurability
in system software is conditional compilation with the C preprocessor. However, this
approach leads to scattered and tangled code and does not scale up. At the same time,
thedemandsonconfigurabilityofsystemsoftwarearestillincreasing. AUTOSAROS,a
new industry standard for automotive operating systems, requires configurability of even
fundamental architectural system policies, such as protection and isolation strategies.
This thesis evaluates aspect-oriented programming (AOP) as a first-class concept for im-
plementing configurability in resource-constrained systems. It shows that a well-directed,
pragmatic application of AOP leads to a much better separation of concerns in the imple-
mentationofconfigurablesystemsoftware–withoutcompromisingonresourcethriftiness.
Moreover, the suggested approach of aspect-aware operating-system development facilitates
providing even fundamental architectural policies as configurable features.
The suitability of AOP is evaluated with state-of-the-art operating systems from the
embedded-systems domain. The practicability of aspect-aware operating-system devel-
opment is validatedby the design anddevelopment of the CiAOoperating-system family,
which is the first operating system that has been designed and developed with AOP
concepts from the very beginning. CiAO combines a competitive implementation of the
AUTOSAR-OS standard with a highly configurable architecture.
i
ii
Acknowledgments
Many people have supported me in writing this thesis and deserve to be mentioned here.
It seemsto be commonpractice tomention them ina strictly hierarchicalorder (not to
say top-down) starting with the supervising professors. However, as I shall point out in
Chapter 3, this thesis follows a bottom-up approach.
Soletmestartwiththedomestiquesofscience–thestudentswhowrotestudyanddiploma
theses under my supervision, in which they evaluated some of my crazy ideas: GEORG
BLASCHKE, CHRISTOPH ELSNER, WANJA HOFER, FABIAN SCHELER, JOCHEN STREICHER,
and REINHARD TARTLER. Boys, it was fun working with you – and still is! Given that five
of the six of you have continued with science afterwards (a fact I am admittedly a bit
proud of) and have even become colleagues, it can’t have been too bad :-)
Speaking of colleagues (and continuing bottom-up): Many thanks go to MEIK FELSER,
RÜDIGER KAPITZA, and CHRISTIAN WAWERSICH, who shared with me the good times and
the bad times of thesis writing. Christian, I am really happy that you finished the thing
before me. The party ain’t over ’till “The Fat Lady Sings”!
A significant part of the CiAO implementation was done during my time at the University
of Victoria, BC, Canada. I wish to thank YVONNE COADY and especially CHRIS MATTHEWS,
who supported me in all “aspects” of life during that time, and FIONN YAXLEY and CALEY
CAMPBELL, who did the same in all aspects of living.
Many thanks go to FRANK BELLOSA, who taught me the hidden politics of science during
his post-doc time in Erlangen, and to JÜRGEN KLEINÖDER, who has been doing the same
with respect to the hidden secrets of administration.
So we have passed the post-doc level and eventually arrived at the supervising professors:
My special thanks go to OLAF SPINCZYK and WOLFGANG SCHRÖDER-PREIKSCHAT. It was
Olaf who invited me to join Wosch’s group in Erlangen after we met at AOSD 2003 in
Boston. Together, wecarried out alot of great research– which wouldnever have been
possible without the open, inspiring and encouraging atmosphere Wosch cultivates within
his group.
Finally, I wish to thank those people whose support was neither bottom-up nor top-down,
but just there when I needed it. BERNHARD GABLER did a great job of proofreading and
language polishing. But above all there was my wife Katja, who took care of me and
raised my spirits – again and again.
Erlangen, April 2009
iii
iv
Contents
1. Introduction 1
1.1. Motivation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.2. Purpose of This Thesis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
1.3. Title and Objectives. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
1.4. Structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
1.5. Typographical Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . 8
2. Background,Context,andStateoftheArt 9
2.1. System Software for Embedded Systems . . . . . . . . . . . . . . . . . . . 11
2.1.1. Properties of Embedded Systems . . . . . . . . . . . . . . . . . . . 11
2.1.2. Hardware for Embedded Systems . . . . . . . . . . . . . . . . . . . 12
2.1.3. The Role of System Software . . . . . . . . . . . . . . . . . . . . . 14
2.1.4. The Role of Operating Systems . . . . . . . . . . . . . . . . . . . . 16
2.1.5. Implementation Techniques for Customizable Operating Systems . 18
2.1.6. From Customizing to Configuring of System Software . . . . . . . . 23
2.2. Software Product Lines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
2.2.1. Concepts and Terminology of Software Product Lines . . . . . . . . 25
2.2.2. History of Software Product-Line Engineering . . . . . . . . . . . . 26
2.2.3. Specifying the Problem Space . . . . . . . . . . . . . . . . . . . . . 27
2.2.4. The Problem Space of Configurable Operating Systems . . . . . . . 29
2.2.5. Implementing the Solution Space . . . . . . . . . . . . . . . . . . 30
2.3. Aspect-Oriented Programming . . . . . . . . . . . . . . . . . . . . . . . . . 32
2.3.1. The Problem of “Crosscutting Concerns” . . . . . . . . . . . . . . . 33
2.3.2. Queue Example: Scattering and Tangling in a Simple Product Line 33
2.3.3. Dimensions of Crosscutting . . . . . . . . . . . . . . . . . . . . . . 35
2.3.4. Concepts and Terminology of Aspect-Oriented Programming . . . . 36
2.3.5. Queue Example: Solution Space Implementation with AspectC++ 38
2.3.6. History of AOP Languages . . . . . . . . . . . . . . . . . . . . . . . 41
2.3.7. AOP in Operating Systems . . . . . . . . . . . . . . . . . . . . . . . 42
2.3.8. AOP Critique . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
2.4. Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
v
Contents
3. ProblemAnalysisandSuggestedApproach 47
3.1. Problem Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
3.1.1. How Configurability Becomes Manifest in the Code – The eCos Case 49
3.1.2. Going Ahead – The Case for Configurable Architecture . . . . . . . 58
3.1.3. Problem Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
3.2. Is AOP the Solution? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
3.3. Suggested Approach . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
3.3.1. Language Level . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
3.3.2. Implementation Level . . . . . . . . . . . . . . . . . . . . . . . . . 65
3.3.3. Design Level . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
3.4. Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
4. LanguageLevel–AspectsDemystified: EvaluationandEvolutionofAspectC++ 67
4.1. General Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
4.1.1. AOP Fundamentals: A Recap . . . . . . . . . . . . . . . . . . . . . 69
4.1.2. Requirements on an Aspect Language for System Software . . . . . 69
4.1.3. The Expected Cost of Aspects . . . . . . . . . . . . . . . . . . . . . 74
4.1.4. Aspect Languages for Embedded System Development . . . . . . . 76
4.1.5. Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
4.2. Generic Advice . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
4.2.1. Generic Advice – Motivation . . . . . . . . . . . . . . . . . . . . . . 81
4.2.2. ExtendingtheJoin-PointAPIforGenericandGenerativeProgramming 83
4.2.3. Example: Checking for Invalid Object Identifiers in AUTOSAR OS . 86
4.2.4. Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
4.3. AspectC++ Overhead . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
4.3.1. Code Generation of AC++ . . . . . . . . . . . . . . . . . . . . . . . 88
4.3.2. Benchmarks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
4.4. Discussion of Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
4.4.1. Qualitative Effects . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
4.4.2. Quantitative Effects . . . . . . . . . . . . . . . . . . . . . . . . . . 94
4.5. Further Related Work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
4.5.1. AOP in Pure C++ . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
4.5.2. Generic Advice in Other Aspect Languages . . . . . . . . . . . . . . 97
4.5.3. Aspect Language Overhead . . . . . . . . . . . . . . . . . . . . . . 97
4.6. Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
5. ImplementationLevel–AspectsinAction: PracticingConfigurabilitybyAOP 99
5.1. Case Study “eCos” – Objectives and Study Design . . . . . . . . . . . . . . 101
5.2. Aspectizing the eCos Kernel . . . . . . . . . . . . . . . . . . . . . . . . . . 101
5.2.1. Refactoring Concerns into Aspects . . . . . . . . . . . . . . . . . . 102
5.2.2. The Cost of Large-Scale AOP . . . . . . . . . . . . . . . . . . . . . 107
5.3. Improving eCos Configurability by AOP . . . . . . . . . . . . . . . . . . . . 113
5.3.1. Turning Synchronization and Preemption into Optional Features . . 113
5.3.2. Adding a New Feature: The Kernel Stack Aspect . . . . . . . . . . . 115
vi
Contents
5.4. Discussion of Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116
5.4.1. The Implementation of Configurability by AOP . . . . . . . . . . . 117
5.4.2. Consequences for Aspect-Aware Operating-System Developement . 119
5.5. Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120
6. DesignLevel–CiAOAspects: Aspect-AwareOperating-SystemDevelopment 121
6.1. A Brief Overview of CiAO . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
6.1.1. Goals and Approach . . . . . . . . . . . . . . . . . . . . . . . . . . 123
6.1.2. General Structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
6.1.3. Kernel Personalities and Features . . . . . . . . . . . . . . . . . . . 125
6.1.4. Configuration of System Components, Abstractions, and Objects . . 125
6.2. CiAO Design Principles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
6.3. Aspect-Aware Development Idioms . . . . . . . . . . . . . . . . . . . . . . 128
6.3.1. Roles and Types of Classes and Aspects . . . . . . . . . . . . . . . . 128
6.3.2. Diagram Notation . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
6.3.3. Loose Coupling by Advice-Based Binding . . . . . . . . . . . . . . . 129
6.3.4. Visible Transitions by Explicit Join Points . . . . . . . . . . . . . . . 132
6.3.5. Minimal Extensions by Extension Slices . . . . . . . . . . . . . . . 135
6.3.6. Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137
6.4. Case Study “Continuation” . . . . . . . . . . . . . . . . . . . . . . . . . . . 137
6.4.1. Continuation Features . . . . . . . . . . . . . . . . . . . . . . . . . 138
6.4.2. Continuation Design . . . . . . . . . . . . . . . . . . . . . . . . . . 138
6.4.3. Implementation for TriCore . . . . . . . . . . . . . . . . . . . . . . 140
6.4.4. Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146
6.5. Case Study “Interrupt Synchronization” . . . . . . . . . . . . . . . . . . . 146
6.5.1. CiAO Interrupt Synchronization Models . . . . . . . . . . . . . . . 147
6.5.2. Design . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149
6.5.3. Implementation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
6.5.4. Interrupt Latency Comparison . . . . . . . . . . . . . . . . . . . . 156
6.5.5. Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
6.6. Case Study “CiAO-AS” . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158
6.6.1. Analysis Results – From Requirements to Concerns . . . . . . . . . 158
6.6.2. Development Results – From Concerns to Classes and Aspects . . . 162
6.6.3. Evaluation Results – From Configurations To Cost . . . . . . . . . . 164
6.6.4. Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166
6.7. Discussion of Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167
6.7.1. Obliviousness Versus Awareness . . . . . . . . . . . . . . . . . . . . 168
6.7.2. AOP Critique – Revisited . . . . . . . . . . . . . . . . . . . . . . . . 168
6.8. Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169
7. Summary,Conclusions,andFurtherIdeas 171
7.1. Summary and Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . . . 173
7.2. Contributions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174
7.3. Further Ideas . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174
vii
Contents
A. Appendix: AspectC++ 177
A.1. Language Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179
A.1.1. Design Rationale . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179
A.1.2. AspectC++ Grammar Extensions . . . . . . . . . . . . . . . . . . . 180
A.1.3. Join-Point Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180
A.2. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182
A.2.1. Observer Pattern with AspectC++ . . . . . . . . . . . . . . . . . . 182
A.2.2. Caching with AspectC++ . . . . . . . . . . . . . . . . . . . . . . . 184
A.3. AspectC++ Language Quick Reference . . . . . . . . . . . . . . . . . . . . 190
A.3.1. Syntax Extensions . . . . . . . . . . . . . . . . . . . . . . . . . . . 190
A.3.2. Join-Point Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190
A.3.3. Aspects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190
A.3.4. Advice Declarations . . . . . . . . . . . . . . . . . . . . . . . . . . 190
A.3.5. Match Expressions . . . . . . . . . . . . . . . . . . . . . . . . . . . 191
A.3.6. Predefined Pointcut Functions . . . . . . . . . . . . . . . . . . . . . 191
A.3.7. Join-Point API . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192
A.4. Around-Advice Implementation in AC++-0.9 and AC++-1.0PRE1 . . . . 194
A.4.1. Code Generation with AC++-0.9 . . . . . . . . . . . . . . . . . . 194
A.4.2. Code Generation with AC++-1.0PRE1 . . . . . . . . . . . . . . . . 196
B. Appendix: CaseStudy“WeatherMon” 199
B.1. WeatherMon Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201
B.2. Designing for Configurability with AOP and OOP . . . . . . . . . . . . . . 203
B.2.1. Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203
B.2.2. The OO Version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203
B.2.3. The AO Version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205
B.3. AOP and OOP Idioms for Configurability . . . . . . . . . . . . . . . . . . . 206
B.3.1. Issue 1: Working with Configuration-Dependent Sensor and Actua-
tor Sets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206
B.3.2. Issue 2: Implementation of Generic Actuators . . . . . . . . . . . . 209
B.3.3. Issue 3: Implementation of Nongeneric Actuators . . . . . . . . . . 210
B.3.4. Design Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212
B.4. The Cost of Configurability in Deeply Embedded Systems . . . . . . . . . . 213
B.4.1. Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213
B.4.2. Overall Scalability . . . . . . . . . . . . . . . . . . . . . . . . . . . 215
B.4.3. Memory Cost . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217
B.4.4. Run-Time Cost . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218
B.5. Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218
Bibliography 219
viii
Description:evaluated AOP and OOP versions of an embedded weather-station product line based on a small 8-bit microcontroller. 1.5. Typographical Conventions. Boldface indicates the introduction of a new term or, in some few occasions, the accentu- ation of an important result. In some cases, the introduction
