ebook img

Formal development of a network-centric RTOS: software engineering for reliable embedded systems PDF

227 Pages·2011·4.159 MB·English
by  VerhulstEric
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Formal development of a network-centric RTOS: software engineering for reliable embedded systems

Formal Development of a Network-Centric RTOS Eric Verhulst • Raymond T. Boute Jose´ Miguel Sampaio Faria • Bernhard H.C. Sputh Vitaliy Mezhuyev Formal Development of a Network-Centric RTOS Software Engineering for Reliable Embedded Systems 123 EricVerhulst RaymondT.Boute AltreonicNV DepartmentofInformationTechnology Gemeentestraat61AB1 UniversiteitGent B3210Leuven,Belgium FacultyofEngineering [email protected] St.Pietersnieuwstraat41 9000Gent Jose´MiguelSampaioFaria Belgium RuaSradasBoasNovas776 [email protected] 4935-490Mazarefes Portugal BernhardH.C.Sputh [email protected] OpenLicenseSociety Zavelstraat160 VitaliyMezhuyev 3010Leuven OpenLicenseSociety Belgium Zavelstraat160 [email protected] 3010Leuven Belgium [email protected] ISBN978-1-4419-9735-7 e-ISBN978-1-4419-9736-4 DOI10.1007/978-1-4419-9736-4 SpringerNewYorkDordrechtHeidelbergLondon LibraryofCongressControlNumber:2011933844 (cid:2)c SpringerScience+BusinessMedia,LLC2011 Allrightsreserved.Thisworkmaynotbetranslatedorcopiedinwholeorinpartwithoutthewritten permission of the publisher (Springer Science+Business Media, LLC, 233 Spring Street, New York, NY10013, USA),except forbrief excerpts inconnection with reviews orscholarly analysis. Usein connectionwithanyformofinformationstorageandretrieval,electronicadaptation,computersoftware, orbysimilarordissimilarmethodologynowknownorhereafterdevelopedisforbidden. Theuseinthispublicationoftradenames,trademarks,servicemarks,andsimilarterms,eveniftheyare notidentifiedassuch,isnottobetakenasanexpressionofopinionastowhetherornottheyaresubject toproprietaryrights. Printedonacid-freepaper SpringerispartofSpringerScience+BusinessMedia(www.springer.com) Preface How can one improve with a factor of 10 on something that has already the reputation of being highly optimised? The answer lies in ignoring the most often wrongassumptionthatitis alreadyhighlyoptimisedandbygoingbackto basics. This inevitably includes developing a new formalisation of the problem at hand. In our case, this meant thinking anew about what a distributed RTOS (Real Time Operating System) is all about. What is the core functionality of an RTOS, of a distributed RTOS? Is there a clean way to handle task synchronisation and communication?Theresultwastheuniquenetwork-centricOpenComRTOSproject describedinthisbook. Taking this as an opportunity, we wanted to use formal methods to prove the final implementation. It turned out that formal methods can help to prove an implementation, but they really shine when used to model the architecture at an abstract level before any implementation is done. Their use has shown us again howmuchweareallinfluencedbywhatweknow.Afterallourbrainshaveahard timereasoningwithoutpriorknowledge.Hence,ourbrainstendtolookforknown patternssothatknownrulescanbeapplied. Lookingfor better and new solutionsis hamperedby prior knowledge.Formal methods help us because they allow us (or some would say: force us) to think at a more abstract level, our vision being less cluttered by implementation details. Theresultobtainedintheprojectwasaverycleanandscalablearchitecturewhile verification had almost become trivial. There is also a general assumption that trustworthy means complex and large. Great was the surprise, however, when we discovered it resulted in the opposite. The RTOS was measured to be up to 10 times smaller than a previously hand coded version that had been tweaked over several years and used in demanding systems. This means less resources and less power are needed. So, to make the world less energy-hungry,use formal methods. ThisprojecthastosomeextentreinventedtheveryconceptofwhatanRTOSis.It isawaytomodel,itisawaytosimulate,itisawaytoverify,itisawaytoprogram in a scalable and portable way concurrent systems. But our quest does not stop. v vi Preface OpenComRTOSisalsoanenablerfornewfunctionalitythatisstillbeingresearched while the book is being written. A lot of the work has to do with researching the correctsemantics to supporte.g. composability,dynamic resourcescheduling and faulttolerance.Ultimately,itmightresultinnewhardware. Last but not least, formal methods have proven not to be so hard to use as it was assumed to be. The project also demonstrated the strength of team work. Communication in a well working team is ultimately the way to get rid of the assumptionsourbrainsinvoluntarymake.Formalmethodsagainhelpbyreplacing intuitionbyabstraction.Thisbookisnotanacademicone.Itdescribesaspectsthat were exploredduringa realindustrialprojectto developa distributed RTOSfrom scratch usingformalmethods.Thereforeit containsas well a broaddiscussion on thecontextinwhichsuchRTOSareused,aswellasdeeptechnicaldetailsofsome ofthe formalmodelsused.Butas such,thedescriptionis notcompletebecauseit describesaproject,notatheory. Thebookisorganisedasfollows:Inthefirsttwochapters,wesketchthedomain of interest: trustworthy embedded real-time distributed systems. We discuss the challenges to develop applications and systems in this domain and why formal methods are becoming essential tools for the engineer working in this field. We derive from it the requirements and specifications for OpenComRTOS. In the followingtwochapterswelookatwhatformalmethodsandtoolsareavailableand introduceTLA+/TLCthatwasfinallyselectedandusedintheproject.Subsequently, wediscusstheformalTLA+models,aswellasthearchitecture,ofOpenComRTOS. Wedwellabitdeeperontheinteractionsemanticsandprovideanoverviewofthe codesize and performanceresults. Forthe interesteduser the appendixincludesa usage tutorial,as well as the mathematicaland logic foundationsbehindtemporal logicslikeTLA+.TheappendixalsocontainstheTLA+andSPINmodelsusedto comparebothformalismsinChap.3. For the interested reader, a free version of OpenComRTOSfor PC is available fromwww.altreonic.com.Thisversionalso actsas a simulatorandcrossdevelop- mentenvironmentformulti-nodetargets. Acknowledgements Thisworkhasbeenmadepossiblebythesupportofmanypeopleandorganisations: (cid:129) AlexanderKedafordevelopingtheverificationmodelsandcodegenerators. (cid:129) AnatoliyKonovalenkofordevelopingtheRTOSunittests. (cid:129) AndreyNitsenkofordevelopingthegraphicaleventtracer. (cid:129) AnnieDejongheformoralsupportandadministrativesupport. (cid:129) BernhardSputhformanagingthereleaseoftheproductandportingtheRTOS. (cid:129) DimitryPanfilovfordevelopingthefirstvisualfront-endandportingtheRTOS. (cid:129) GjaltDeJonghforhisconceptualdiscussionsandfirstimplementations. (cid:129) Jos´eMiguelFariafordevelopingthefirstformalmodels. Preface vii (cid:129) RaymondBouteforhisdeepknowledgeofformaltechniques. (cid:129) VitaliyMezhuyevforhismeta-modellinginput. The project was also financially supported by IWT of the Flemish Region and MelexisNV.Melexisalsoprovidedthefirsttargetprocessor. Linden EricVerhulst Contents ListofFigures .................................................................... xv ListofTables...................................................................... xvii PartI TrustworthyEmbeddedSystems 1 Introduction:OpenComRTOSRoleinaUnifiedSystems EngineeringMethodology.................................................. 3 1.1 Introduction............................................................ 3 1.2 A Systematic EngineeringMethodology Based onUnifiedSemanticsandInteractingEntities........................ 6 1.3 InteractingEntitiesfortheSoftwareDomain ........................ 9 1.3.1 SiliconTechnologyAdvances............................... 10 1.3.2 SiliconTechnologyLimitations............................. 10 1.3.3 TheWorldBecomesConnected............................. 11 1.4 ALinkwiththeWorkPlaninaSystemsEngineeringProject ...... 11 1.5 SystemEngineeringMethodsandEngineeringStandards........... 12 1.6 WhereDoFormalTechniquesFitin?................................. 13 2 RequirementsandSpecificationsfortheOpenComRTOSProject.... 15 2.1 BackgroundofOpenComRTOS ...................................... 15 2.2 EarlyRequirementsDerivedfromtheVirtuosoRTOS .............. 17 2.3 Real-TimeEmbeddedProgramming.................................. 19 2.3.1 WhyReal-Time?............................................. 19 2.3.2 WhyaSimpleLoopIsOftennotEnough................... 20 2.3.3 SuperloopsandStaticScheduling........................... 21 2.3.4 RateMonotonicAnalysis.................................... 24 2.3.5 PrioritybasedSchedulinginOpenComRTOS.............. 26 2.3.6 The Issue of Priority Inversion and Its InadequateSolution.......................................... 27 2.4 NextGenerationRequirements ....................................... 29 ix

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.