Real-time and fault tolerance in distributed control software

Closed loop control systems typically contain multitude of spatially distributed sensors and actuators operated simultaneously. So those systems are parallel and distributed in their essence. But mapping this parallelism onto the given distributed hardware architecture, brings in some additional requirements: safe multithreading, optimal process allocation, real-time scheduling of bus and network resources. Nowadays, fault tolerance methods and fast even online reconfiguration are becoming increasingly important. All those often conflicting requirements, make design and implementation of real-time distributed control systems an extremely difficult task, that requires substantial knowledge in several areas of control and computer science. Although many design methods have been proposed so far, none of them had succeeded to cover all important aspects of the problem at hand. [1] Continuous increase of production in embedded market, makes a simple and natural design methodology for real-time systems needed more then ever

Functional real-time programming: the language Ruth and its semantics

Real-time systems are amongst the most safety critical systems involving computer software and the incorrect functioning of this software can cause great damage, up to and including the loss of life. If seems sensible therefore to write real-time software in a way that gives us the best chance of correctly implementing specifications. Because of the high level of functional programming languages, their semantic simplicity and their amenability to formal reasoning and correctness preserving transformation it thus seems natural to use a functional language for this task. This thesis explores the problems of applying functional programming languages to real-time by defining the real-time functional programming language Ruth. The first part of the thesis concerns the identification of the particular problems associated with programming real-time systems. These can broadly be stated as a requirement that a real-time language must be able to express facts about time, a feature we have called time expressibility. The next stage is to provide time expressibility within a purely functional framework. This is accomplished by the use of timestamps on inputs and outputs and by providing a real-time clock as an input to Ruth programs. The final major part of the work is the construction of a formal definition of the semantics of Ruth to serve as a basis for formal reasoning and transformation. The framework within which the formal semantics of a real-time language are defined requires time expressibility in the same way as the real-time language itself. This is accomplished within the framework of domain theory by the use of specialised domains for timestamped objects, called herring-bone domains. These domains could be used as the basis for the definition of the semantics of any real-time language

Kompics: a message-passing component model for building distributed systems

The Kompics component model and programming framework was designedto simplify the development of increasingly complex distributed systems. Systems built with Kompics leverage multi-core machines out of the box and they can be dynamically reconfigured to support hot software upgrades. A simulation framework enables deterministic debugging and reproducible performance evaluation of unmodified Kompics distributed systems. We describe the component model and show how to program and compose event-based distributed systems. We present the architectural patterns and abstractions that Kompics facilitates and we highlight a case study of a complex distributed middleware that we have built with Kompics. We show how our approach enables systematic development and evaluation of large-scale and dynamic distributed systems

SaunterNot -- A Personal Security System for Nursing Home Patients

With Nursing home facilities enduring staff shortages, the SaunterNot system would provide a safe and efficient way of alerting the staff if a patient suffering from a neurological disease is attempting to exit the building. Each patient who is examined and found likely to be at risk of wandering out of the building into what may become hazardous situations will be asked to wear a transponder tag. Each tag is encoded with an 8-bit identification number which is cross-referenced to their identity. When passing through a door that exits the building, a reader placed at the door will receive a signal from the transponder and trigger an alarm to alert the staff of the resident exiting the building

Runtime Verification Based on Executable Models: On-the-Fly Matching of Timed Traces

Runtime verification is checking whether a system execution satisfies or violates a given correctness property. A procedure that automatically, and typically on the fly, verifies conformance of the system's behavior to the specified property is called a monitor. Nowadays, a variety of formalisms are used to express properties on observed behavior of computer systems, and a lot of methods have been proposed to construct monitors. However, it is a frequent situation when advanced formalisms and methods are not needed, because an executable model of the system is available. The original purpose and structure of the model are out of importance; rather what is required is that the system and its model have similar sets of interfaces. In this case, monitoring is carried out as follows. Two "black boxes", the system and its reference model, are executed in parallel and stimulated with the same input sequences; the monitor dynamically captures their output traces and tries to match them. The main problem is that a model is usually more abstract than the real system, both in terms of functionality and timing. Therefore, trace-to-trace matching is not straightforward and allows the system to produce events in different order or even miss some of them. The paper studies on-the-fly conformance relations for timed systems (i.e., systems whose inputs and outputs are distributed along the time axis). It also suggests a practice-oriented methodology for creating and configuring monitors for timed systems based on executable models. The methodology has been successfully applied to a number of industrial projects of simulation-based hardware verification.Comment: In Proceedings MBT 2013, arXiv:1303.037

Fault-tolerant Algorithms for Tick-Generation in Asynchronous Logic: Robust Pulse Generation

Today's hardware technology presents a new challenge in designing robust systems. Deep submicron VLSI technology introduced transient and permanent faults that were never considered in low-level system designs in the past. Still, robustness of that part of the system is crucial and needs to be guaranteed for any successful product. Distributed systems, on the other hand, have been dealing with similar issues for decades. However, neither the basic abstractions nor the complexity of contemporary fault-tolerant distributed algorithms match the peculiarities of hardware implementations. This paper is intended to be part of an attempt striving to overcome this gap between theory and practice for the clock synchronization problem. Solving this task sufficiently well will allow to build a very robust high-precision clocking system for hardware designs like systems-on-chips in critical applications. As our first building block, we describe and prove correct a novel Byzantine fault-tolerant self-stabilizing pulse synchronization protocol, which can be implemented using standard asynchronous digital logic. Despite the strict limitations introduced by hardware designs, it offers optimal resilience and smaller complexity than all existing protocols.Comment: 52 pages, 7 figures, extended abstract published at SSS 201