The correctness of a distributed real-time system

In this thesis we review and extend the pervasive correctness proof for an asynchronous distributed real-time system published in [KP07a]. We take a two-step approach: first, we argue about a single electronic control unit (ECU) consisting of a processor (running the OSEKtime-like operating system OLOS) and a FlexRay-like interface called automotive bus controller (ABC). We extend [KP07a] among others by a local OLOS model [Kna08] and go into details regarding the handling of interrupts and the treatment of devices. Second, we connect several ECUs via the ABCs and reason about the complete distributed system, see also [KP07b]. Note that the formalization of the scheduling correctness is reported in [ABK08b]. Through several abstraction layers we prove the correctness of the distributed system with respect to a new lock-step model COA that completely abstracts from the ABCs. By establishing the DISTR model [Kna08] it becomes possible to literally reuse the arguments from the first part of this thesis and therefore to simplify the analysis of the complete distributed system. To illustrate the applicability of DISTR, we have formally proven the top-level correctness theorem in the theorem prover Isabelle/HOL. Throughout the thesis we tie together theorems regarding: processor, ABC, compiler, micro kernel, operating system, and the worst case execution time analysis of applications and systems software.In dieser Arbeit betrachten und erweitern wir den durchgängigen Korrektheitsbeweis für ein asynchrones verteiltes Echtzeitsystem aus [KP07a]. Wir gehen in zwei Schritten vor: Zuerst betrachten wir eine einzelne elektronische Kontrolleinheit (ECU) bestehend aus einem Prozessor (welcher das OSEKtime ähnliche Betriebsystem OLOS ausführt) und einem FlexRay ähnlichem Interface, auch automobiler Bus Controller (ABC) genannt. Wir erweitern [KP07a] unter anderem um ein lokales OLOS Model [Kna08] und detaillieren die Behandlung von Interrupts sowie den Umgang mit Geräten. Im zweiten Schritt verbinden wir mehrere ECUs durch die ABCs und argumentieren über das gesamte System, siehe auch [KP07b]. Über die Formalisierung der Scheduler Korrektheit wird in [ABK08b] berichtet. Über mehrere Abstraktionsebenen beweisen wir die Korrektheit des verteilten Systems bezüglich eines neuen gleichgetakteten Modells COA in dem vollständig von den ABCs abstrahiert wird. Durch die Einführung des DISTR Models [Kna08] ist es möglich die Argumente aus dem ersten Teil dieser Arbeit in der Analyse des gesamten verteilten Systems wörtlich wieder zu verwenden. Um die Anwendbarkeit von DISTR zu verdeutlichen haben wir formal die oberste Korrektheits-Aussage im Theorembeweiser Isabelle/HOL bewiesen. Im Zuge dieser Arbeit verbinden wir Theoreme bezüglich: Prozessor, ABC, Compiler, Mikrokern, Betriebsystem und der Worst-Case Laufzeit-Analyse von Applikationen und System Software

Towards a distributed real-time system for future satellite applications

Thesis (MScEng)--University of Stellenbosch, 2003.ENGLISH ABSTRACT: The Linux operating system and shared Ethernet are alternative technologies with the potential to reduce both the development time and costs of satellites as well as the supporting infrastructure. Modular satellites, ground stations and rapid proto typing testbeds also have a common requirement for distributed real-time computation. The identified technologies were investigated to determine whether this requirement could also be met. Various real-time extensions and modifications are currently available for the Linux operating system. A suitable open source real-time extension called Real-Time Application Interface (RTAI) was selected for the implementation of an experimental distributed real-time system. Experimental results showed that the RTAI operating system could deliver deterministic realtime performance, but only in the absence of non-real-time load. Shared Ethernet is currently the most popular and widely used commercial networking technology. However, Ethernet wasn't developed to provide real-time performance. Several methods have been proposed in literature to modify Ethernet for real-time communications. A token passing protocol was found to be an effective and least intrusive solution. The Real-Time Token (RTToken) protocol was designed to guarantee predictable network access to communicating real-time tasks. The protocol passes a token between nodes in a predetermined order and nodes are assigned fixed token holding times. Experimental results proved that the protocol offered predictable network access with bounded jitter. An experimental distributed real-time system was implemented, which included the extension of the RTAI operating system with the RTToken protocol, as a loadable kernel module. Real-time tasks communicated using connectionless Internet protocols. The Real-Time networking (RTnet) subsystem of RTAI supported these protocols. Under collision-free conditions consistent transmission delays with bounded jitter was measured. The integrated RTToken protocol provided guaranteed and bounded network access to communicating real-time tasks, with limit overheads. Tests exhibited errors in some of the RTAI functionality. Overall the investigated technologies showed promise in being able to meet the distributed real-time requirements of various applications, including those found in the satellite environment.AFRIKAANSE OPSOMMING: Die Linux bedryfstelsel en gedeelde Ethernet is geïdentifiseer as potensiële tegnologieë vir satelliet bedryf wat besparings in koste en vinniger ontwikkeling te weeg kan bring. Modulêr ontwerpte satelliete, grondstasies en ontwikkeling platforms het 'n gemeenskaplike behoefte vir verspreide intydse verwerking. Verskillende tegnologieë is ondersoek om te bepaal of aan die vereiste ook voldoen kan word. Verskeie intydse uitbreidings en modifikasies is huidiglik beskikbaar vir die Linux bedryfstelsel. Die "Real-Time Application Interface" (RTAI) bedryfstelsel is geïdentifiseer as 'n geskikte intydse uitbreiding vir die implementering van 'n eksperimentele verspreide intydse stelsel. Eksperimentele resultate het getoon dat die RTAI bedryfstelsel deterministies en intyds kan opereer, maar dan moet dit geskied in die afwesigheid van 'n nie-intydse verwerkingslas. Gedeelde Ethernet is 'n kommersiële network tegnologie wat tans algemeen beskikbaar is. Die tegnologie is egter nie ontwerp vir intydse uitvoering nie. Verskeie metodes is in die literatuur voorgestelom Ethernet te modifiseer vir intydse kommunikasie. Hierdie ondersoek het getoon dat 'n teken-aangee protokol die mees effektiewe oplossing is en waarvan die implementering min inbreuk maak. Die "Real-Time Token" (RTToken) protokol is ontwerp om voorspelbare netwerk toegang tot kommunikerende intydse take te verseker. Die protokol stuur 'n teken tussen nodusse in 'n voorafbepaalde volgorde. Nodusse word ook vaste teken hou-tye geallokeer. Eksperimentele resultate het aangedui dat die protokol deterministiese netwerk toegang kan verseker met begrensde variasies. 'n Eksperimentele verspreide intydse stelsel is geïmplementeer. Dit het ingesluit die uitbreiding van die RTAI bedryfstelsel met die RTToken protokol; verpak as 'n laaibare bedryfstelsel module. Intydse take kan kommunikeer met verbindinglose protokolle wat deur die "Real-Time networking" (RTnet) substelsel van RTAI ondersteun word. Onder ideale toestande is konstante transmissie vertragings met begrensde variasies gemeet. Die integrasie van die RTToken protokol het botsinglose netwerk toegang aan kommunikerende take verseker, met beperkte oorhoofse koste as teenprestasie. Eksperimente het enkele foute in die funksionaliteit van RTAI uitgewys. In die algemeen het die voorgestelde tegnologieë getoon dat dit potensiaal het vir verskeie verspreide intydse toepassings in toekomstige satelliet en ook ander omgewings

Communication and control in an integrated manufacturing system

Typically, components in a manufacturing system are all centrally controlled. Due to possible communication bottlenecking, unreliability, and inflexibility caused by using a centralized controller, a new concept of system integration called an Integrated Multi-Robot System (IMRS) was developed. The IMRS can be viewed as a distributed real time system. Some of the current research issues being examined to extend the framework of the IMRS to meet its performance goals are presented. These issues include the use of communication coprocessors to enhance performance, the distribution of tasks and the methods of providing fault tolerance in the IMRS. An application example of real time collision detection, as it relates to the IMRS concept, is also presented and discussed

A comparison of the communication impact in CAN and TTP/C networks when supporting steer-by-wire systems

Distributed real time system is a technology that is become widely used in diverse areas of application, including systems in vehicles, aircraft, locomotives, among others. Great part of these applications is considered critic. Hereupon, such systems must be predictable in relation to its logical result and its temporal behavior, same in operating under failure having to provide tolerances. Distributed real time system requires the use of deterministic and reliable communications mechanisms. A high trend in the automotive area is the replacing of great part of the mechanical andlor hydraulic systems for electronic systems, so called control-by-wire. To reach the objectives of the control-by-wire systems, it is necessary the use of distributed real time systems with fault tolerant properties. This work presents a study about the communication requirements in x-by-wire systems. A theoretic content and a detailed study of temporal property of the CAN and TTP/C network communication are presented in the environment of simulation of the x-by-wire system

Design, Implementation, and Evaluation of a Distributed Real-Time Kernel for Distributed Robotics (Dissertation Proposal)

Modern robotics applications are becoming more complex due to greater numbers of sensors and actuators. The control of such systems may require multiple processors to meet the computational demands and to support the physical topology of the sensors and actuators. A distributed real-time system is needed to perform the required communication and processing while meeting application-specified timing constraints. We are designing and implementing a real-time kernel for distributed robotics applications. The kernel\u27s salient features are consistent, user-definable scheduling, explicit dynamic timing constraints, and a two-tiered interrupt approach. The kernel wi1l be evaluated by implementing a two-arm robot control example. Its goal is to locate and manipulate cylindrical objects with spillable contents. Using the application and the kernel, we will investigate the effects of time granularity, network type and protocol, and the handling of external events using interrupts versus polling. Our research will enhance understanding of real-time kernels for distributed robotics control

Coordinated scheduling for dynamic real-time systems

In this project, we addressed issues in coordinated scheduling for dynamic real-time systems. In particular, we concentrated on design and implementation of a new distributed real-time system called R-Shell. The design objective of R-Shell is to provide computing support for space programs that have large, complex, fault-tolerant distributed real-time applications. In R-shell, the approach is based on the concept of scheduling agents, which reside in the application run-time environment, and are customized to provide just those resource management functions which are needed by the specific application. With this approach, we avoid the need for a sophisticated OS which provides a variety of generalized functionality, while still not burdening application programmers with heavy responsibility for resource management. In this report, we discuss the R-Shell approach, summarize the achievement of the project, and describe a preliminary prototype of R-Shell system

Parametric Schedulability Analysis of Fixed Priority Real-Time Distributed Systems

Parametric analysis is a powerful tool for designing modern embedded systems, because it permits to explore the space of design parameters, and to check the robustness of the system with respect to variations of some uncontrollable variable. In this paper, we address the problem of parametric schedulability analysis of distributed real-time systems scheduled by fixed priority. In particular, we propose two different approaches to parametric analysis: the first one is a novel technique based on classical schedulability analysis, whereas the second approach is based on model checking of Parametric Timed Automata (PTA). The proposed analytic method extends existing sensitivity analysis for single processors to the case of a distributed system, supporting preemptive and non-preemptive scheduling, jitters and unconstrained deadlines. Parametric Timed Automata are used to model all possible behaviours of a distributed system, and therefore it is a necessary and sufficient analysis. Both techniques have been implemented in two software tools, and they have been compared with classical holistic analysis on two meaningful test cases. The results show that the analytic method provides results similar to classical holistic analysis in a very efficient way, whereas the PTA approach is slower but covers the entire space of solutions.Comment: Submitted to ECRTS 2013 (http://ecrts.eit.uni-kl.de/ecrts13

Language Constructs for Distributed Real-Time Consistency

In this paper, we present a model and language constructs for a distributed real-time system with the goal of allowing the structured specification of functional and timing constraints, along with explicit, early error recovery from timing faults. To do this, we draw on ideas from (non-distributed) real-time programming and distributed transaction-based systems [81]. A complete language is not specified; the constructs described are assumed to be embedded in a block-structured procedural host programming language such as C [9] or C++ [10] (our current preliminary implementation is in C). The model consists of resources, processes, and a global scheduler. Resources are abstractions that export operations to processes, and specify acceptable concurrency of operations to the scheduler. Processes manipulate resources using the exported operations, and specify synchronization and restrictions on concurrency (at the exported operation level) to the scheduler. Examples of the types of information given to the scheduler are that a set of operations should be performed simultaneously , or that a sequence of operations should be performed without interference by another process. The global scheduler embodies the entity or entities that schedule the CPU, memory, devices and other resources in the system. It performs preemptive scheduling of all resources based on dynamic priorities associated with the processes, preserves restrictions on concurrency stated by resources and processes, and is capable of giving guarantees to processes that they will receive resources during a specified future time interval. The remainder of the paper is structured as follows. In the next section, we present language constructs for an expression of timing constraints called temporal scopes, and described resources and processes. Section 3 describes what is required of the global scheduler to support these constructs, and what is entailed in guaranteeing functional consistency.\u27 We conclude in Section 4