Prototype of fault adaptive embedded software for large-scale real-time systems

This paper describes a comprehensive prototype of large-scale fault adaptive embedded software developed for the proposed Fermilab BTeV high energy physics experiment. Lightweight self-optimizing agents embedded within Level 1 of the prototype are responsible for proactive and reactive monitoring and mitigation based on specified layers of competence. The agents are self-protecting, detecting cascading failures using a distributed approach. Adaptive, reconfigurable, and mobile objects for reliablility are designed to be self-configuring to adapt automatically to dynamically changing environments. These objects provide a self-healing layer with the ability to discover, diagnose, and react to discontinuities in real-time processing. A generic modeling environment was developed to facilitate design and implementation of hardware resource specifications, application data flow, and failure mitigation strategies. Level 1 of the planned BTeV trigger system alone will consist of 2500 DSPs, so the number of components and intractable fault scenarios involved make it impossible to design an ‘expert system’ that applies traditional centralized mitigative strategies based on rules capturing every possible system state. Instead, a distributed reactive approach is implemented using the tools and methodologies developed by the Real-Time Embedded Systems group.     

Software performance tuning of software product family architectures: Two case studies in the real-time embedded systems domain

Software performance is an important non-functional quality attribute and software performance evaluation is an essential activity in the software development process. Especially in embedded real-time systems, software design and evaluation are driven by the needs to optimize the limited resources, to respect time deadlines and, at the same time, to produce the best experience for end-users. Software product family architectures add additional requirements to the evaluation process. In this case, the evaluation includes the analysis of the optimizations and tradeoffs for the whole products in the family. Performance evaluation of software product family architectures requires knowledge and a clear understanding of different domains: software architecture assessments, software performance and software product family architecture. We have used a scenario-driven approach to evaluate performance and dynamic memory management efficiency in one Nokia software product family architecture. In this paper we present two case studies. Furthermore, we discuss the implications and tradeoffs of software performance against evolvability and maintenability in software product family architectures.     

An architectural approach with separation of concerns to address extra-functional requirements in the development of embedded real-time software systems

A large proportion of the requirements on embedded real-time systems stems from the extra-functional dimensions of time and space determinism, dependability, safety and security, and it is addressed at the software level. The adoption of a sound software architecture provides crucial aid in conveniently apportioning the relevant development concerns. This paper takes a software-centered interpretation of the ISO 42010 notion of architecture, enhancing it with a component model that attributes separate concerns to distinct design views. The component boundary becomes the border between functional and extra-functional concerns. The latter are treated as decorations placed on the outside of components, satisfied by implementation artifacts separate from and composable with the implementation of the component internals. The approach was evaluated by industrial users from several domains, with remarkably positive results.     

Verifying distributed real-time properties of embedded systems via graph transformations and model checking

Component middleware provides dependable and efficient platforms that support key functional, and quality of service (QoS) needs of distributed real-time embedded (DRE) systems. Component middleware, however, also introduces challenges for DRE system developers, such as evaluating the predictability of DRE system behavior, and choosing the right design alternatives before committing to a specific platform or platform configuration. Model-based technologies help address these issues by enabling design-time analysis, and providing the means to automate the development, deployment, configuration, and integration of component-based DRE systems. To this end, this paper applies model checking techniques to DRE design models using model transformations to verify key QoS properties of component-based DRE systems developed using Real-time CORBA. We introduce a formal semantic domain for a general class of DRE systems that enables the verification of distributed non-preemptive real-time scheduling. Our results show that model-based techniques enable design-time analysis of timed properties and can be applied to effectively predict, simulate, and verify the event-driven behavior of component-based DRE systems. This research was supported by the NSF Grants CCR-0225610 and ACI-0204028 Gabor Madl is a Ph.D. student and a graduate student researcher at the Center for Embedded Computer Systems at the University of California, Irvine. His advisor is Nikil Dutt. His research interests include the formal verification, optimization, component-based composition, and QoS management of distributed real-time embedded systems. He received his M.S. in computer science from Vanderbilt University and in computer engineering from the Budapest University of Technology and Economics. Dr. Sherif Abdelwahed received his Ph.D. degree in Electrical and Computer Engineering from the University of Toronto, Canada, in 2001. During 2000–2001, he was a research scientist with the system diagnosis group at the Rockwell Scientific Company. Since 2001 he has been with the Department of Electrical Engineering and Computer Science at Vanderbilt University as a Research Assistant Professor. His research interests include verification and control of distributed real-time systems, and model-based diagnosis of discrete-event and hybrid systems. Dr. Douglas C. Schmidt is a Professor of Computer Science, Associate Chair of the Computer Science and Engineering program, and a Senior Researcher in the Institute for Software Integrated Systems (ISIS) all at Vanderbilt University. He has published over 300 technical papers and 6 books that cover a range of research topics, including patterns, optimization techniques, and empirical analyses of software frameworks and domain-specific modeling environments that facilitate the development of distributed real-time and embedded (DRE) middleware and applications. Dr. Schmidt has served as a Deputy Office Director and a Program Manager at DARPA, where he lead the national R&D effort on middleware for DRE systems. In addition to his academic research and government service, Dr. Schmidt has over fifteen years of experience leading the development of ACE, TAO, CIAO, and CoSMIC, which are widely used, open-source DRE middleware frameworks and model-driven tools that contain a rich set of components and domain-specific languages that implement patterns and product-line architectures for high-performance DRE systems.     

Architecture for embedded open software ecosystems

Software is prevalent in embedded products and may be critical for the success of the products, but manufacturers may view software as a necessary evil rather than as a key strategic opportunity and business differentiator. One of the reasons for this can be extensive supplier and subcontractor relationships and the cost, effort or unpredictability of the deliverables from the subcontractors are experienced as a major problem.The paper proposes open software ecosystem as an alternative approach to develop software for embedded systems, and elaborates on the necessary quality attributes of an embedded platform underlying such an ecosystem. The paper then defines a reference architecture consisting of 17 key decisions together with four architectural patterns, and provides the rationale why they are essential for an open software ecosystem platform for embedded systems in general and automotive systems in particular.The reference architecture is validated through a prototypical platform implementation in an industrial setting, providing a deeper understanding of how the architecture could be realised in the automotive domain.Four potential existing platforms, all targeted at the embedded domain (Android, OKL4, AUTOSAR and Robocop), are evaluated against the identified quality attributes to see how they could serve as a basis for an open software ecosystem platform with the conclusion that while none of them is a perfect fit they all have fundamental mechanisms necessary for an open software ecosystem approach.     

A component-based process with separation of concerns for the development of embedded real-time software systems

Numerous component models have been proposed in the literature, a testimony of a subject domain rich with technical and scientific challenges, and considerable potential. Unfortunately however, the reported level of adoption has been comparatively low. Where successes were had, they were largely facilitated by the manifest endorsement, where not the mandate, by relevant stakeholders, either internal to the industrial adopter or with authority over the application domain. The work presented in this paper stems from a comprehensive initiative taken by the European Space Agency (ESA) and its industrial suppliers. This initiative also enjoyed significant synergy with interests shown for similar goals by the telecommunications and railways domain, thanks to the interaction between two parallel project frameworks. The ESA effort aimed at favouring the adoption of a software reference architecture across its software supply chain. The center of that strategy revolves around a component model and the software development process that builds on it. This paper presents the rationale, the design and implementation choices made in their conception, as well as the feedback obtained from a number of industrial case studies that assessed them.     

Standard Linux for embedded real-time robotics and manufacturing control systems

The main goal of the research presented in this paper is to evaluate the possibility of using standard Linux for embedded real-time applications in robotics and manufacturing as a consequence of dramatic improvements in hardware computing power and free software quality in the last few years. After an accurate analysis of the problems related to make Linux, a native Unix-like fair kernel, real-time, laboratory tests showed that a large variety of applications (up to 1 KHz) can be implemented using Linux and commercial-of-the-shelf hardware. Practical examples of the control systems of an unmanned surface vessel used for robotics research and of a marking machine for steelworks are reported and discussed.     

Certification of software for real-time safety-critical systems: state of the art

This paper presents an overview and discusses the role of certification in safety-critical computer systems focusing on software, and partially hardware, used in the civil aviation domain. It discusses certification activities according to RTCA DO-178B “Software Considerations in Airborne Systems and Equipment Certification” and touches on tool qualification according to RTCA DO-254 “Design Assurance Guidance for Airborne Electronic Hardware.” Specifically, certification issues as related to real-time operating systems and programming languages are reviewed, as well as software development tools and complex electronic hardware tool qualification processes are discussed. Results of an independent industry survey done by the authors are also presented.     

A compiler-hardware approach to software protection for embedded systems

Because of their rapid growth in recent years, embedded systems present a new front in vulnerability and an attractive target for attackers. Their pervasive use, including sensors and mobile devices, makes it easier for an adversary to gain physical access to facilitate both attacks and reverse engineering of the system. This paper describes a system - CODESSEAL - for software protection and evaluates its overhead. CODESSEAL aims to protect embedded systems from attackers with enough expertise and resources to capture the device and attempt to manipulate not only software, but also hardware. The protection mechanism involves both a compiler-based software tool that instruments executables and an on-chip FPGA-based hardware component that provides run-time integrity and control flow checking on the executable code. The use of reconfigurable hardware allows CODESSEAL to provide such security services as confidentiality, integrity and program-flow protection in a platform-independent manner without requiring a redesign of the processor. Similarly, the compiler instrumentation hides the security details from software developers. Software and data protection techniques are presented for our system and a performance analysis is provided using cycle accurate simulation. Our experimental results show that protecting instructions and data with a high level of security can be achieved with low performance penalty, in most cases less than 10%.     

A software integration approach for designing and assessing dependable embedded systems

Embedded systems increasingly entail complex issues of hardware-software (HW-SW) co-design. As the number and range of SW functional components typically exceed the finite HW resources, a common approach is that of resource sharing (i.e., the deployment of diverse SW functionalities onto the same HW resources). Consequently, to result in a meaningful co-design solution, one needs to factor the issues of processing capability, power, communication bandwidth, precedence relations, real-time deadlines, space, and cost. As SW functions of diverse criticality (e.g. brake control and infotainment functions) get integrated, an explicit integration requirement need is to carefully plan resource sharing such that faults in low-criticality functions do not affect higher-criticality functions.On this background, the main contribution of this paper is a dependability-driven framework that helps to conduct the integration of SW components onto HW resources such that the maintenance of system dependability over integration of diverse criticality components is assured by design.We first develop a clustering strategy for SW components into Fault Containment Modules (FCMs) such that error propagation via interaction is minimized. Subsequently, the rules of composition for FCMs with respect to error propagation are developed. To allocate the resulting FCMs to the existing HW resources we provide several heuristics, each optimizing particular attributes thereof. Further, a framework for assessing the goodness of the achieved HW-SW composition as a dependable embedded system is presented. Two new techniques for quantifying the goodness of the proposed mappings are introduced by examples, both based on a multi-criteria decision theoretic approach.     

Experimental evaluation of software development tools for safety-critical real-time systems

Since the early years of computing, programmers, systems analysts, and software engineers have sought ways to improve development process efficiency. Software development tools are programs that help developers create other programs and automate mundane operations while bringing the level of abstraction closer to the application engineer. In practice, software development tools have been in wide use among safety-critical system developers. Typical application areas include space, aviation, automotive, nuclear, railroad, medical, and military. While their use is widespread in safety-critical systems, the tools do not always assure the safe behavior of their respective products. This study examines the assumptions, practices, and criteria for assessing software development tools for building safety-critical real-time systems. Experiments were designed for an avionics testbed and conducted on six industry-strength tools to assess their functionality, usability, efficiency, and traceability. The results some light on possible improvements in the tool evaluation process that can lead to potential tool qualification for safety-critical real-time systems.     

Quantitative analysis of hardware support for real-time operating systems

Microprocessor architects, supported by advances in VLSI technology, have been enormously successful at steadily accelerating the performance of application software. However, operating system performance has lagged due to a divergence between operating system and architectural trends. Unfortunately, some recent work in this area has targeted average-case performance improvements with little or no consideration for the worst-case behavior that must be considered for real-time applications. This paper explores whether one can improve the worst-case performance of operating systems, and as a result, the schedulability of real-time task-sets, using specific hardware-assisted operating system primitives without sacrificing flexibility. The Intel 80960XA Microprocessor, which directly supports basic operating system primitives in hardware, provides an excellent platform to explore operating system hardware and software boundary issues. This paper specifically analyzes the viability of an hardware-assisted fixed-priority scheduler. Using the Real-Time Mach operating system, we did two ports to the 80960XA: one representative of generic RISC implementations, and another which exploited the hardware-supported operating system primitives. We measured the performance of the operating system primitives in both cases and found an average performance improvement factor of 3 for the hardware accelerated version. We applied a formal scheduling model to evaluate the relative performance of the two implementations for two representative real-time applications. The hardware accelerated version reduced operating system burden by factors of 2.66 and 4.1 for the avionics and inertial navigational system task sets, respectively.     

Using database machines in embedded computer systems

A discussion whether or not present database machine technology addresses the needs of embedded computer systems is presented. The interface between the embedded system and its environment tends to be complex, asynchronous, highly parallel and sometimes distributed. In addition, embedded systems are likely to have stringent resource requirements, both physical and logical. An answer to both the complexity issue and the resource limitation can be potentially found in the database machine.Functions are identified for two applications that the embedded system in general and the database machine specifically are asked to perform. Given the requirements of such applications the current database machine technology is evaluated.Finally, given the primary requirements of data security and system throughput of tactical embedded computer systems, a database machine using distributed architecture is proposed. The system has the potential for connecting multiple database machines to each host or for connecting multiple hosts to one database machine.     

Distributed real-time embedded systems: Recent advances, future trends and their impact on manufacturing plant control

Real-time and embedded systems have historically been small scale. However, advances in microelectronics and software now allow embedded systems to be composed of a large set of processing elements, and the trend is towards significant enhanced functionality, complexity, and scalability, since those systems are increasingly being connected by wired and wireless networks to create large-scale distributed real-time embedded systems (DRES). Such embedded computing and information technologies have become at the same time an enabler for future manufacturing enterprises as well as a transformer of organizations and markets. This paper discusses opportunities for using recent advances in the DRES area in the deployment of intelligent, adaptive, and reconfigurable manufacturing plant control architectures.     

The worst-case execution time tool challenge 2006

The first international worst-case execution time (WCET) Tool Challenge in 2006 used benchmark programs to evaluate academic and commercial WCET tools. It aimed to study the state-of-the-art in WCET analysis. The WCET Tool Challenge comprised two parallel evaluation approaches: an internal evaluation by the respective tool developers and an external test by a neutral person of an independent institute. The latter was conducted by the author of this paper. Focusing on the external test, we describe the rules, benchmarks, participants and discuss the obtained results. This work was supported by the ARTIST2 European Network of Excellence.     

Power optimization of embedded real-time systems and their adaptability

The article is devoted to a solution of problems of optimization of power consumption in embedded systems. First, problems of power consumption in physical CMOS are investigated, and different real-time constraints and load characteristics are discussed. Next, different methods of power consumption are considered, e.g., DMP, DVS/DFS, AVS, and ABB. Problems involving the organization of feedback and determining adaptability for different embedded systems are analyzed.