Embed Size (px)
Citation preview
1
VERTAF: An Object-Oriented Application Framework for
Embedded Real-Time Systems
Pao-Ann Hsiung*, Trong-Yen Lee, Win-Bin See, Jih-Ming Fu, and Sao-Jie Chen
*National Chung Cheng UniversityChiayi-621, Taiwan, R.O.C.
The 5th IEEE International Symposium on Object-Oriented Real-Time Distributed Computing (ISORC’02), April 29~May 1, 2002, Washington D.C., USA
2
Outline
Introduction VERTAF Components Application Development AICC Cruise Controller
Example Conclusions & Future Work
3
Introduction
Verifiable Embedded Real-Time Application
Framework(VERTAF)
Integration of 3 Technologies:
Design
Patterns
Design
Reuse
Class
Libraries
PortableReusable
Well-defined
Interface
VerifiableCorrect DesignsModel Checking
software component
sformal
verification
4
VERTAF Components VERTAF
Implanter Modeler Scheduler Verifier Generator
Port-Based Object
Autonomous Timed Object
Application Object
Specifier
Specification Checker
Application Object
Modeler
Process Checker
Scheduling Policy
Selector
Schedule Generator
Rate Monotonic
Earliest Deadline
First
Mixed Priority
Model Generator
Model Checker
Main Program
Schedule Code
ATP Code
Call Graph
ATO Code
Autonomous Timed Process
Timed Automata
5
VERTAF Components Implanter: Autonomous Timed
Objects (ATO) Modeler: Autonomous Timed
Processes (ATP) Scheduler: Policy Selector,
Schedule Generator Verifier: Model Checker
(TA+TCTL) Generator: Code Generator
6
Implanter Implanter provides a standard OO
interface for designer to input application domain objects
Autonomous Timed Object (ATO) Interface
Port-Based Object (PBO), IEEE-TSE’97 Not independent, shared memory
communication
Method Time-triggered Message-triggered Object
(TMO), IEEE Computer’2000
7
Autonomous Timed Object
ATO Name
Event-Triggered Methods
Time-Triggered Methods
In Ports Out Ports
Resource Ports
Configuration Ports
8
Modeler Semantic model generation for ATO Autonomous Timed Process (ATP)
Each ATP is associated with one ATO An ATO may have several ATPs (use cases)
Two kinds of interrupts Event Interrupt: execute an Event-Triggere
d Method Timer Interrupt: execute a Time-Triggered
Method Check constraints after each iteration
9
Autonomous Timed Process
Created
ATO Declaration
Instantiated
Configuration
Status Update
Updated
Periodic Task Activated
Timer Interrupt
Aperiodic Task
Activated
Event Interrupt
Event-Triggered Method
Execution
Time-Triggered Method
Execution
Error Terminated
Constraint Checking
Constraint Violated Kill Signal
Reset Kill Signal
10
Call Graph & Process Table
Call Graph: call relationships among ATPs schedulability test, resource allocation, sc
heduling, conflict resolution Process Table: ATP + properties
resource allocation, scheduling, verification
11
Scheduler Policy Selector
User selects scheduling policy Extended Quasi-Static Scheduling Rate Monotonic Earliest Deadline First
VERTAF automatically decides Schedule Generator
Start / finish times for each ATP process
Priority Inversion Problem Priority Inheritance Protocol
12
Verifier Formal Verification
Model Checking System Model
ATP Timed Automata or Petri Nets Call Graph Assume-Guarantee Reasoning
Property Specification Timed Computation Tree Logic (TCTL) Process Table, Call Graph, Schedules
Tool Kernel: State-Graph Manipulators (SGM) http://www.cs.ccu.edu.tw/~pahsiung/sgm/
13
Model Checking Kernel from SGM
Symbolic_Mcheck(S, )Set of TA S; TCTL formula ; {
Let Reach = Unvisited = {Rinit};While (Unvisited NULL) {
R = Dequeue(Unvisited);For all out-going transition e of R {
R = Successor_Region(R, e);If R is consistent & RReach {
Reach = Reach {R};Queue(R, Unvisited);
}}
}Label_Region(Reach, );Return L(Rinit);
}
14
Generator Code Architectures
With RTOSMultiple preemptive threads with synchronizations
Without RTOSExecutive kernel using either polling or interrupt
based architecture
Memory Bound Guaranteed by Extended Quasi-Static
Scheduling Timing Constraints:
Guaranteed by Real-Time Schedulability Analysis
Code Optimality : Minimum Number of Tasks small code size
15
Application Development Identify and
Instantiate ATO
Has RTOS?
Construct ATP, PT, ET, and CG
Register Resources
Schedule ATP
Construct TA & TCTL spec
Model Check
Generate Code
USER
YES
NO
VERTAF
USER/VERTAF
USER/VERTAF
VERTAF
VERTAF
VERTAF
ATO
Instances
Process_Table
Call-Graph
Scheduling Policy
Verified Call-Graph
OO Application
Program
IMPLANTER
MODELER
SCHEDULER
VERIFIER
GENERATOR
VERTAF
COMPONENTS
VERTAF APPLICATION
DEVELOPMENT STRATEGY VERTAF CLASS INSTANTIATION
Scheduled Call-Graph
Event_ Table Specificatio
n
Integration
Generation
16
Autonomous Intelligent Cruise Controller (AICC) Example
ElectronicServo Throttle
(SW)
EBS Gateway(HW/SW)
DS Gateway(HW/SW)
SRC Gateway(SW)
SRC MMI(SW)
System ControlUnit (HW)
Main InstrumentController(HW/SW)
ElectronicBrake System
DistanceSensor
Short RangeCommunication
TransponderDisplay
Throttle speed brake
RS232 RS232
Cruise ControlSwitches
Controller Area Network (CAN)-bus
RS232
Swedish Road Transport Informatics Programme Installed in a SAAB automobile
17
AICC Example: Process Table
# Task Description ObjectPeriod (ms)
Execution Time (ms) Deadline
1 Traffic Light Info SRC 200 10 400
2 Speed Limit Info SRC 200 10 400
3 Proc. Vehicle Estimator ICCReg 100 8 100
4 Speed Sensor ICCReg 100 5 100
5 Distance Control ICCReg 100 15 100
6 Green Wave Control ICCReg 100 15 100
7 Speed Limit Control ICCReg 100 15 100
8 Coord. & Final Control FinalControl 50 20 50
9 Cruise Switches Supervisor 100 15 100
10 ICC Main Control Supervisor 100 20 100
11 Cruise Info Supervisor 100 20 100
12 Speed Actuator EST 50 5 50
SRC: Short Range Communication, ICCReg: ICC Regulator, EST: Electronic Servo Throttle
18
AICC Example: Call-Graph
Traffic
Light Info
(SRC)
Speed
Limit Info
(SRC)
SRC
T=200ms
Preceding Vehicle
Estimator
(Distance Sensor)
Speed
Sensor
(EBC)
Distance
Control
Greenwave
Control
Speed Limit
ControlICC Regulator
T=100ms
CruiseSwitches
(MainInstrumentController)
ICC
Main
Control
Coordination &
Final Control
CruiseInfo(Main
InstrumentController)
SpeedActuator
(EST)
T=100msSupervisor
Final ControlEST
T=50ms
SRC: Short Range Communication, ICCReg: ICC Regulator, EST: Electronic Servo Throttle
19
AICC Example (Contd.)
WOF
WF
AFOATO
ATO
T
T
NN
NRDE
NATO is the number of ATO,
NAFO is the number of VERTAF objects,
TWF is the design time with the framework, and
TWOF is the design time without the framework.
Framework Evaluation Metric: Relative Design Effort
0480.0104
5
20
5
215
5
RDE
NATO = 5, NAFO = 21, TWF = 5 days, TWOF = 20 days With
VERTAF: you need only 4.8% effort
20
Conclusions
Lesser Coding, Shorter Design Time Verifiably Correct Software Designs Automatic Code Generation Current Work: RT-UML Petri
Nets or Timed Automata Java or C code
Future Work: Larger Domain of Applications, Memory/Time Tradeoff
