200 likes | 213 Views
VERTAF is an application framework for developing embedded real-time systems. It provides reusable and verifiable components, design patterns, and class libraries, allowing for shorter design time and automatic code generation. The framework integrates technologies such as formal verification, model checking, and design reuse.
E N D
VERTAF: An Object-Oriented Application Framework for Embedded Real-Time Systems Pao-Ann Hsiung*, Trong-Yen Lee, Win-Bin See, Jih-Ming Fu, and Sao-Jie Chen *National Chung Cheng UniversityChiayi-621, Taiwan, R.O.C. The 5th IEEE International Symposium on Object-Oriented Real-Time Distributed Computing (ISORC’02), April 29~May 1, 2002, Washington D.C., USA
Outline • Introduction • VERTAF Components • Application Development • AICC Cruise Controller Example • Conclusions & Future Work
Introduction software components formal verification Portable Reusable Well-defined Interface Verifiable Correct Designs Model Checking Design Patterns Design Reuse Class Libraries Verifiable Embedded Real-Time ApplicationFramework(VERTAF) Integration of 3 Technologies:
VERTAF Components • Implanter: Autonomous Timed Objects (ATO) • Modeler: Autonomous Timed Processes (ATP) • Scheduler: Policy Selector, Schedule Generator • Verifier: Model Checker (TA+TCTL) • Generator: Code Generator
Implanter • Implanter provides a standard OO interface for designer to input application domain objects • Autonomous Timed Object (ATO) • Interface • Port-Based Object (PBO), IEEE-TSE’97 • Not independent, shared memory communication • Method • Time-triggered Message-triggered Object (TMO), IEEE Computer’2000
Modeler • Semantic model generation for ATO • Autonomous Timed Process (ATP) • Each ATP is associated with one ATO • An ATO may have several ATPs (use cases) • Two kinds of interrupts • Event Interrupt: execute an Event-Triggered Method • Timer Interrupt: execute a Time-Triggered Method • Check constraints after each iteration
Call Graph & Process Table • Call Graph: call relationships among ATPs • schedulability test, resource allocation, scheduling, conflict resolution • Process Table: ATP + properties • resource allocation, scheduling, verification
Scheduler • Policy Selector • User selects scheduling policy • Extended Quasi-Static Scheduling • Rate Monotonic • Earliest Deadline First • VERTAF automatically decides • Schedule Generator • Start / finish times for each ATP process • Priority Inversion Problem • Priority Inheritance Protocol
Verifier • Formal Verification • Model Checking • System Model • ATP Timed Automata or Petri Nets • Call Graph Assume-Guarantee Reasoning • Property Specification • Timed Computation Tree Logic (TCTL) • Process Table, Call Graph, Schedules • Tool Kernel: State-Graph Manipulators (SGM) http://www.cs.ccu.edu.tw/~pahsiung/sgm/
Model Checking Kernel from SGM Symbolic_Mcheck(S, ) Set of TA S; TCTL formula ; { Let Reach = Unvisited = {Rinit}; While (Unvisited NULL) { R = Dequeue(Unvisited); For all out-going transition e of R { R = Successor_Region(R, e); IfR is consistent & RReach { Reach = Reach {R}; Queue(R, Unvisited); } } } Label_Region(Reach, ); ReturnL(Rinit); }
Generator • Code Architectures • With RTOS Multiple preemptive threads with synchronizations • Without RTOS Executive kernel using either polling or interrupt based architecture • Memory Bound Guaranteed by Extended Quasi-Static Scheduling • Timing Constraints: Guaranteed by Real-Time Schedulability Analysis • Code Optimality : Minimum Number of Tasks small code size
Application Development Specification Integration Generation
Autonomous Intelligent Cruise Controller (AICC) Example Swedish Road Transport Informatics ProgrammeInstalled in a SAAB automobile
# Task Description Object Period (ms) Execution Time (ms) Deadline 1 Traffic Light Info SRC 200 10 400 2 Speed Limit Info SRC 200 10 400 3 Proc. Vehicle Estimator ICCReg 100 8 100 4 Speed Sensor ICCReg 100 5 100 5 Distance Control ICCReg 100 15 100 6 Green Wave Control ICCReg 100 15 100 7 Speed Limit Control ICCReg 100 15 100 8 Coord. & Final Control FinalControl 50 20 50 9 Cruise Switches Supervisor 100 15 100 10 ICC Main Control Supervisor 100 20 100 11 Cruise Info Supervisor 100 20 100 12 Speed Actuator EST 50 5 50 AICC Example: Process Table SRC: Short Range Communication, ICCReg: ICC Regulator, EST: Electronic Servo Throttle
AICC Example: Call-Graph SRC: Short Range Communication, ICCReg: ICC Regulator, EST: Electronic Servo Throttle
Framework Evaluation Metric: Relative Design Effort NATO is the number of ATO, NAFO is the number of VERTAF objects, TWF is the design time with the framework, and TWOF is the design time without the framework. NATO = 5, NAFO = 21, TWF = 5 days, TWOF = 20 days AICC Example (Contd.) With VERTAF: you need only 4.8% effort
Conclusions • Lesser Coding, Shorter Design Time • Verifiably Correct Software Designs • Automatic Code Generation • Current Work: RT-UML Petri Nets or Timed Automata Java or C code • Future Work: Larger Domain of Applications, Memory/Time Tradeoff