VERTAF: An Object-Oriented Application Framework for Embedded Real-Time Systems

1
VERTAF An Object-Oriented Application Framework
for Embedded Real-Time Systems

• Pao-Ann Hsiung, Trong-Yen Lee, Win-Bin See,
  Jih-Ming Fu, and Sao-Jie Chen
• National Chung Cheng UniversityChiayi-621,
  Taiwan, R.O.C.

The 5th IEEE International Symposium on
Object-Oriented Real-Time Distributed Computing
(ISORC02), April 29May 1, 2002, Washington
D.C., USA
2
Outline

• Introduction
• VERTAF Components
• Application Development
• AICC Cruise Controller Example
• Conclusions Future Work

3
Introduction
software components
formal verification
Portable Reusable Well-defined Interface
Verifiable Correct Designs Model Checking
Design Patterns Design Reuse Class Libraries
Verifiable Embedded Real-Time ApplicationFramewo
rk(VERTAF)
Integration of 3 Technologies
4
VERTAF Components
5
VERTAF Components

• Implanter Autonomous Timed Objects (ATO)
• Modeler Autonomous Timed Processes (ATP)
• Scheduler Policy Selector, Schedule Generator
• Verifier Model Checker (TATCTL)
• Generator Code Generator

6
Implanter

• Implanter provides a standard OO interface for
  designer to input application domain objects
• Autonomous Timed Object (ATO)
• Interface
• Port-Based Object (PBO), IEEE-TSE97
• Not independent, shared memory communication
• Method
• Time-triggered Message-triggered Object (TMO),
  IEEE Computer2000

7
Autonomous Timed Object
8
Modeler

• Semantic model generation for ATO
• Autonomous Timed Process (ATP)
• Each ATP is associated with one ATO
• An ATO may have several ATPs (use cases)
• Two kinds of interrupts
• Event Interrupt execute an Event-Triggered
  Method
• Timer Interrupt execute a Time-Triggered Method
• Check constraints after each iteration

9
Autonomous Timed Process
10
Call Graph Process Table

• Call Graph call relationships among ATPs
• schedulability test, resource allocation,
  scheduling, conflict resolution
• Process Table ATP properties
• resource allocation, scheduling, verification

11
Scheduler

• Policy Selector
• User selects scheduling policy
• Extended Quasi-Static Scheduling
• Rate Monotonic
• Earliest Deadline First
• VERTAF automatically decides
• Schedule Generator
• Start / finish times for each ATP process
• Priority Inversion Problem
• Priority Inheritance Protocol

12
Verifier

• Formal Verification
• Model Checking
• System Model
• ATP ? Timed Automata or Petri Nets
• Call Graph ? Assume-Guarantee Reasoning
• Property Specification
• Timed Computation Tree Logic (TCTL)
• Process Table, Call Graph, Schedules
• Tool Kernel State-Graph Manipulators (SGM)
  http//www.cs.ccu.edu.tw/pahsiung/sgm/

13
Model Checking Kernel from SGM
Symbolic_Mcheck(S, ?) Set of TA S TCTL
formula ? Let Reach Unvisited
Rinit While (Unvisited ? NULL) R?
Dequeue(Unvisited) For all out-going
transition e of R? R?? Successor_Region(R?,
e) If R?? is consistent R???Reach
Reach Reach ? R? Queue(R?,
Unvisited) Label_Region(Reach,
?) Return L(Rinit)
14
Generator

• Code Architectures
• With RTOS Multiple preemptive threads with
  synchronizations
• Without RTOS Executive kernel using either
  polling or interrupt based architecture
• Memory Bound Guaranteed by Extended
  Quasi-Static Scheduling
• Timing Constraints Guaranteed by Real-Time
  Schedulability Analysis
• Code Optimality Minimum Number of Tasks ?
  small code size

15
Application Development
Specification
Integration
Generation
16
Autonomous Intelligent Cruise Controller (AICC)
Example
Swedish Road Transport Informatics Programme
Installed in a SAAB automobile
17
AICC Example Process Table
SRC Short Range Communication, ICCReg ICC
Regulator, EST Electronic Servo Throttle
18
AICC Example Call-Graph
SRC Short Range Communication, ICCReg ICC
Regulator, EST Electronic Servo Throttle
19
AICC Example (Contd.)
With VERTAF you need only 4.8 effort
20
Conclusions

• Lesser Coding, Shorter Design Time
• Verifiably Correct Software Designs
• Automatic Code Generation
• Current Work RT-UML ? Petri Nets or Timed
  Automata ? Java or C code
• Future Work Larger Domain of Applications,
  Memory/Time Tradeoff