An overview of the Real-Time CORBA specification

A growing class of real-time systems require end-to-end support for various quality-of-service (QoS) aspects, including bandwidth, latency, jitter and dependability. Applications include command and control, manufacturing process control, videoconferencing, large-scale distributed interactive simulation, and testbeam data acquisition. These systems require support for stringent QoS requirements. To meet this challenge, developers are turning to distributed object computing middleware, such as the Common Object Request Broker Architecture, an Object Management Group (OMG) industry standard. In complex real-time systems, DOC middleware resides between applications and the underlying operating systems, protocol stacks and hardware. CORBA helps decrease the cycle time and effort required to develop high-quality systems by composing applications using reusable software component services rather than building them entirely from scratch. The Real-Time CORBA specification includes features to manage CPU, network and memory resources. The authors describe the key Real-Time CORBA features that they feel are the most relevant to researchers and developers of distributed real-time and embedded systems     

Fail-Awareness: An Approach to Construct Fail-Safe Systems

We present a framework for building fail-safe hard real-time applications in timed asynchronous distributed systems subject to communication partitions and performance, omission, and crash failures. Most distributed systems built from commercial-off-the-shelf (COTS) processor and communication services are subject to such partitions because their COTS components do not provide hard real-time guarantees. Also custom designed systems can be subject to partitions due to unmaskable link or router failures. The basic assumption behind our approach is that each processor has a local hardware clock that proceeds within a linear envelope of real-time. This allows one to compute an upper bound on the actual delays incurred by a particular processing sequence or message transmission. Services and applications can use these computed bounds to detect when they cannot guarantee all their standard properties because of excessive delays. This allows an application to be fail-aware, that is, to detect when it cannot guarantee all its safety properties and in particular, to detect when to switch to a fail-safe mode.     

Model driven middleware: A new paradigm for developing distributed real-time and embedded systems

Distributed real-time and embedded (DRE) systems have become critical in domains such as avionics (e.g., flight mission computers), telecommunications (e.g., wireless phone services), tele-medicine (e.g., robotic surgery), and defense applications (e.g., total ship computing environments). These types of system are increasingly interconnected via wireless and wireline networks to form systems of systems. A challenging requirement for these DRE systems involves supporting a diverse set of quality of service (QoS) properties, such as predictable latency/jitter, throughput guarantees, scalability, 24x7 availability, dependability, and security that must be satisfied simultaneously in real-time. Although increasing portions of DRE systems are based on QoS-enabled commercial-off-the-shelf (COTS) hardware and software components, the complexity of managing long lifecycles (often ∼15-30 years) remains a key challenge for DRE developers and system integrators. For example, substantial time and effort is spent retrofitting DRE applications when the underlying COTS technology infrastructure changes.This paper provides two contributions that help improve the development, validation, and integration of DRE systems throughout their lifecycles. First, we illustrate the challenges in creating and deploying QoS-enabled component middleware-based DRE applications and describe our approach to resolving these challenges based on a new software paradigm called Model Driven Middleware (MDM), which combines model-based software development techniques with QoS-enabled component middleware to address key challenges faced by developers of DRE systems — particularly composition, integration, and assured QoS for end-to-end operations. Second, we describe the structure and functionality of CoSMIC (Component Synthesis using Model Integrated Computing), which is an MDM toolsuite that addresses key DRE application and middleware lifecycle challenges, including partitioning the components to use distributed resources effectively, validating software configurations, assuring multiple simultaneous QoS properties in real-time, and safeguarding against rapidly changing technology.     

ASCM:基于SOA的嵌入式安全关键中间件

由于嵌入式安全关键系统自身的特点和应用环境的特殊性,导致了设计分布式嵌入式安全关键应用比一般的嵌入式实时应用要困难得多。提出了一种新的基于SOA构架的自适应安全关键中间件,极大地简化了嵌入式安全关键系统应用的开发,并对相应的体系结构和关键技术进行了讨论。另外,针对嵌入式安全关键系统运行环境的特殊性,重点讨论了SOA构架中基于动态配置服务的端到端的自适应QoS管理机制和实时容错机制的设计和实现。     

Control-Based Adaptive Middleware for Real-Time Image Transmission over Bandwidth-Constrained Networks

Real-time image transmission is crucial to an emerging class of distributed embedded systems operating in open network environments. Examples include avionics mission replanning over Link-16, security systems based on wireless camera networks, and online collaboration using camera phones. Meeting image transmission deadlines is a key challenge in such systems due to unpredictable network conditions. In this paper, we present CAMRIT, a Control-based Adaptive Middleware framework for Real-time Image Transmission in distributed real-time embedded systems. CAMRIT features a distributed feedback control loop that meets image transmission deadlines by dynamically adjusting the quality of image tiles. We derive an analytic model that captures the dynamics of a distributed middleware architecture. A control-theoretic methodology is applied to systematically design a control algorithm with analytic assurance of system stability and performance, despite uncertainties in network bandwidth. Experimental results demonstrate that CAMRIT can provide robust real-time guarantees for a representative application scenario.     

Executable specifications for embedded distributed systems

Combining hardware components with an executable specification language facilitates the specification prototyping of embedded distributed systems. The specification language should cover process management, timing, and communication commands that real-time executive and communication task services of every node prototype can interpret. We use a technique that employs attribute grammars and either a macro processor or Prolog to execute the language     

Computing in the RAIN: a reliable array of independent nodes

The RAIN project is a research collaboration between Caltech and NASA-JPL on distributed computing and data-storage systems for future spaceborne missions. The goal of the project is to identify and develop key building blocks for reliable distributed systems built with inexpensive off-the-shelf components. The RAIN platform consists of a heterogeneous cluster of computing and/or storage nodes connected via multiple interfaces to networks configured in fault-tolerant topologies. The RAIN software components run in conjunction with operating system services and standard network protocols. Through software-implemented fault tolerance, the system tolerates multiple node, link, and switch failures, with no single point of failure. The RAIN-technology has been transferred to Rainfinity, a start-up company focusing on creating clustered solutions for improving the performance and availability of Internet data centers. In this paper, we describe the following contributions: 1) fault-tolerant interconnect topologies and communication protocols providing consistent error reporting of link failures, 2) fault management techniques based on group membership, and 3) data storage schemes based on computationally efficient error-control codes. We present several proof-of-concept applications: a highly-available video server, a highly-available Web server, and a distributed checkpointing system. Also, we describe a commercial product, Rainwall, built with the RAIN technology     

QoS中间件中实时发布/订阅服务集成评估

支持QoS的中间件技术在构造分布式实时嵌入式系统中得到了广泛应用,已成为支持实时发布/订阅服务的关键技术.评估并分析了QoS中间件中3种集成实时发布/订阅服务方法.重点研究了容器管理方式的性能,并与面向对象的实时发布/订阅服务比较.研究结果表明,容器管理方式中,CIAO中间件的等待时间稍长,有可预测性,适用于DRE系统.     

嵌入式自适应安全关键中间件设计方法研究

由于嵌入式安全关键系统自身的特点和应用环境的特殊性,导致了设计嵌入式安全关键应用比一般的嵌入式实时应用要困难得多。在分析传统嵌入式实时中间件技术应用于嵌入式安全关键系统不足的基础上,提出了一种新的自适应安全关键中间件(ASCM)的设计方法,并对相应的体系结构和关键技术进行了讨论。另外,针对嵌入式安全关键系统运行环境的特殊性,重点讨论了一种端到端的自适应服务质量(QoS)管理机制。     

面向DTV的嵌入式中间件研究与实现*

在数字电视(DTV)系统中,如何解决异构平台和操作系统对上层应用支持的问题,是实现数字电视普及的关键。数字电视中间件作为一种采用组件思想设计的软件,具有实时嵌入式特性,符合数字电视系统对效率和资源的要求及限制。它使多媒体应用能在不同硬件厂商开发的数字电视平台上运行,实现了应用程序“一次编写,多处运行”的思想,降低了数字广播服务运营的成本,用更少费用能享受到更加丰富多彩的数字化服务。     

Real-time communication in multihop networks

Communication in real-time systems has to be predictable, because unpredictable delays in the delivery of messages can adversely affect the execution of tasks dependent on these messages. We develop a scheme for providing predictable interprocess communication in real-time systems with (partially connected) point-to-point interconnection networks, which provide guarantees on the maximum delivery time for messages. This scheme is based on the concept of a real-time channel, a unidirectional connection between source and destination. A real-time channel has parameters that describe the performance requirements of the source-destination communication, e.g., from a sensor station to a control site. Once such a channel is established, the communications subsystem guarantees that these performance requirements will be met. We concentrate on methods to compute guarantees for the delivery time of messages belonging to real-time channels. We also address problems associated with allocating buffers for these messages and develop a scheme that preserves delivery time guarantees     

Introducing QoS awareness in distributed programming: QTcl

A number of distributed applications require communication services with quality of service (QoS) guarantees. Building global‐scale distributed systems with predictable properties is one of the great challenges for computer systems engineering in the new century. Work undertaken within the Internet Engineering Task Force has led to the definition of novel architectural models for the Internet with QoS support. According to these models, the network has to be appropriately configured in order to provide applications with the required performance guarantees. In next‐generation networks, enabling applications to interact with the underlying QoS services is of primary importance. Hence, several special‐purpose application programming interfaces (APIs) have been defined to let applications negotiate QoS parameters across QoS‐capable networks. However, so far, none of these APIs are available in different operating environments. We believe that such features should be embedded in programming environments for distributed applications. In this work we present how we included QoS control features in Tcl, a programming language that has been widely adopted for the development of distributed multimedia applications. Our work has led to the implementation of QTcl, an extended Tcl interpreter that provides programmers with a new set of primitives, in full compliance with the standard SCRAPI programming interface for the RSVP protocol. QTcl in highly portable, in that it enables standard QoS negotiation to be performed in a seamless fashion on the most common operating systems. Copyright © 2003 John Wiley & Sons, Ltd.     

Verifying distributed real-time properties of embedded systems via graph transformations and model checking

Component middleware provides dependable and efficient platforms that support key functional, and quality of service (QoS) needs of distributed real-time embedded (DRE) systems. Component middleware, however, also introduces challenges for DRE system developers, such as evaluating the predictability of DRE system behavior, and choosing the right design alternatives before committing to a specific platform or platform configuration. Model-based technologies help address these issues by enabling design-time analysis, and providing the means to automate the development, deployment, configuration, and integration of component-based DRE systems. To this end, this paper applies model checking techniques to DRE design models using model transformations to verify key QoS properties of component-based DRE systems developed using Real-time CORBA. We introduce a formal semantic domain for a general class of DRE systems that enables the verification of distributed non-preemptive real-time scheduling. Our results show that model-based techniques enable design-time analysis of timed properties and can be applied to effectively predict, simulate, and verify the event-driven behavior of component-based DRE systems. This research was supported by the NSF Grants CCR-0225610 and ACI-0204028 Gabor Madl is a Ph.D. student and a graduate student researcher at the Center for Embedded Computer Systems at the University of California, Irvine. His advisor is Nikil Dutt. His research interests include the formal verification, optimization, component-based composition, and QoS management of distributed real-time embedded systems. He received his M.S. in computer science from Vanderbilt University and in computer engineering from the Budapest University of Technology and Economics. Dr. Sherif Abdelwahed received his Ph.D. degree in Electrical and Computer Engineering from the University of Toronto, Canada, in 2001. During 2000–2001, he was a research scientist with the system diagnosis group at the Rockwell Scientific Company. Since 2001 he has been with the Department of Electrical Engineering and Computer Science at Vanderbilt University as a Research Assistant Professor. His research interests include verification and control of distributed real-time systems, and model-based diagnosis of discrete-event and hybrid systems. Dr. Douglas C. Schmidt is a Professor of Computer Science, Associate Chair of the Computer Science and Engineering program, and a Senior Researcher in the Institute for Software Integrated Systems (ISIS) all at Vanderbilt University. He has published over 300 technical papers and 6 books that cover a range of research topics, including patterns, optimization techniques, and empirical analyses of software frameworks and domain-specific modeling environments that facilitate the development of distributed real-time and embedded (DRE) middleware and applications. Dr. Schmidt has served as a Deputy Office Director and a Program Manager at DARPA, where he lead the national R&D effort on middleware for DRE systems. In addition to his academic research and government service, Dr. Schmidt has over fifteen years of experience leading the development of ACE, TAO, CIAO, and CoSMIC, which are widely used, open-source DRE middleware frameworks and model-driven tools that contain a rich set of components and domain-specific languages that implement patterns and product-line architectures for high-performance DRE systems.     

基于SOA的嵌入式安全关键中间件

由于嵌入式安全关键系统自身的特点和应用环境的特殊性,导致了设计分布式嵌入式安全关键应用比一般的嵌入式实时应用要困难得多。提出了一种新的基于SOA构架的自适应安全关键中间件,极大地简化了嵌入式安全关键系统应用的开发,并对相应的体系结构和关键技术进行了讨论。另外,针对嵌入式安全关键系统运行环境的特殊性,重点讨论了SOA构架中基于动态配置服务的端到端的自适应QoS管理机制和实时容错机制的设计和实现。     

Real-time dependable channels: customizing QoS attributes fordistributed systems

Communication services that provide enhanced Quality of Service (QoS) guarantees related to dependability and real time are important for many applications in distributed systems. This paper presents real-time dependable (RTD) channels, a communication-oriented abstraction that can be configured to meet the QoS requirements of a variety of distributed applications. This customization ability is based on using CactusRT, a system that supports the construction of middleware services out of software modules called micro-protocols. Each micro-protocol implements a different semantic property or property variant and interacts with other micro-protocols using an event-driven model supported by the CactusRT runtime system. In addition to RTD channels CactusRT and its implementation are described. This prototype executes on a cluster of Pentium PCs running the OpenGroup/RI MK 7.3 Mach real-time operating system and CORDS, a system for building network protocols based on the x-kernel     

Design and Verification of Distributed Recovery Blocks with CSP

A case study on the application of Communicating Sequential Processes (CSP) to the design and verification of fault-tolerant real-time systems is presented. The distributed recovery block (DRB) scheme is a design technique for the uniform treatment of hardware and software faults in real-time systems. Through a simple fault-tolerant real-time system design using the DRB scheme, the case study illustrates a paradigm for specifying fault-tolerant software and demonstrates how the different behavioural aspects of a fault-tolerant real-time system design can be separately and systematically specified, formulated, and verified using an integrated set of formal techniques based on CSP.     

Simulation-based Testing of Communication Protocols for Dependable Embedded Systems

We present a novel approach to testing fault-tolerant and real-time protocol implementations. Cesium, our testing environment, executes the protocols in a centralized simulator of the distributed system. It simulates the occurrence of inputs and the failure scenarios the protocols are designed to tolerate, while automatically verifying that the required safety and timeliness properties hold at all times during test experiments. Within this framework, the human tester can define failure operations that simulate every failure class studied in the literature. We apply our approach to two fault-tolerant protocols typical in embedded systems. The results show that Cesium can pinpoint implementation errors that would be very difficult to identify in a real system, and can also compute accurate performance predictions that would be problematic to measure in the real embedded platform without ad hoc hardware instrumentation.     

GUARDS: a generic upgradable architecture for real-time dependablesystems

The development and validation of fault-tolerant computers for critical real-time applications are currently both costly and time consuming. Often, the underlying technology is out-of-date by the time the computers are ready for deployment. Obsolescence can become a chronic problem when the systems in which they are embedded have lifetimes of several decades. This paper gives an overview of the work carried out in a project that is tackling the issues of cost and rapid obsolescence by defining a generic fault-tolerant computer architecture based essentially on commercial off-the-shelf (COTS) components (both processor hardware boards and real-time operating systems). The architecture uses a limited number of specific, but generic, hardware and software components to implement an architecture that can be configured along three dimensions: redundant channels, redundant lanes, and integrity levels. The two dimensions of physical redundancy allow the definition of a wide variety of instances with different fault tolerance strategies. The integrity level dimension allows application components of different levels of criticality to coexist in the same instance. The paper describes the main concepts of the architecture, the supporting environments for development and validation, and the prototypes currently being implemented