Separation of Concerns in Model-Based Development of Distributed Real-Time Systems

Separation of Concerns in Model-Based Development of Distributed Real-Time Systems

Dionisio de Niz (Carnegie-Mellon University, USA), Gaurav Bhatia (Carnegie-Mellon University, USA) and Raj Rajkumar (Carnegie-Mellon University, USA)
DOI: 10.4018/978-1-60566-750-8.ch006
OnDemand PDF Download:
No Current Special Offers


Software is increasingly being used to enable new features in systems in multiple domains. These domains include automotive, avionics, telecomunication, and industrial automation. Because the user of these systems is not aware of the presence of the software, this type of software is known as embedded software. More importantly, such a software, and the whole system in general, must satisfy not only logical functional requirements but also parafunctional (a.k.a. nonfunctional) properties such as timeliness, security, and reliability. Traditional development languages and tools provide powerful abstractions such as functions, classes, and objects to build a functional structure that reduces complexity and enables software reuse. However, the software elements responsible for the parafunctional behaviors are frequently scattered across the functional structure. This scattering prevents the easy identification of these elements and their independent manipulation/reuse to achieve a specific parafunctional behavior. As a result, the complexity of parafunctional behaviors cannot be reduced and even worse, the construction of those behaviors can corrupt the functional structure of the software. In this chapter, we propose a model-based framework for designing embedded real-time systems to enable a decomposition structure that reduces the complexity of both functional and parafunctional aspects of the software. This decomposition enables the separation of the functional and parafunctional aspects of the system into semantic dimensions (e.g., event-flow, timing, deployment, fault-tolerant) that can be represented, manipulated, and modified independent of one another from an end-user point of view. The realizations of these dimensions, however, do interact on the target platform since they consume common resources and impose constraints. These interactions can be captured during model construction and resource demands mediated during platform deployment. The use of semantic dimensions results in three significant benefits. First of all, it preserves the independence of the functional structure from parafunctional behaviors. Secondly, it enables the user to manipulate different parafunctional concerns (e.g., timeliness, reliability) independent of one another. Lastly, it enables the reuse of compositions along any dimension from other systems. The second core abstraction in our modeling approach is an entity called a coupler. A coupler expresses a particular relationship between two or more components, and can also be used recursively. Couplers enable the hierarchical decomposition of functional as well as parafunctional aspects. Aided by semantic dimensions and multiple coupler types, our framework enables the auto-generation of glue code to produce a fully deployable system. Our framework can also construct a detailed timing and resource model. This model in turn is used to optimize the usage of a given hardware configuration, or synthesize a configuration to suit a given software model. Our framework is implemented in a tool (de Niz, Bhatia & Rajkumar 2006) called SysWeaver that had been used to generate glue code and analyze the timing behavior of avionics, automotive, and software-radio pilot systems.
Chapter Preview


Embedded systems can be found in a large variety of products with which we interact daily. These systems take their name from the fact that even though they are enabled by software (called embedded software), this software is concealed inside the physical device. The user then relates to the system as if it were an smart and flexible device. The key appeal of software is its flexibility and the potential for low-cost functional upgrades. Due to this appeal, the functionality delivered previously by hardware and mechanical artifacts is steadily migrating to software. Examples of this migration are software radios (Mitola, 2002) and automotive drive-by-wire (Isermann, Schwarz, & Stolzl, 2002) capabilities. These efforts are looking to leverage software to improve and reuse functionality in the most cost-effective manner.

Unfortunately, the flexibility of software is also a problem given that it is possible to express incorrect behaviors that a more inflexible system would not allow. For instance, to test whether a switch is in the On position in software, a test needs to be encoded, e.g., switch == On. However, a typo can transform such a test into an assignment, e.g., switch = On. In contrast, when that test is encoded into an electrical system, the switch could be implemented as current getting into the circuit where an error would be easily detectable and diagnosed by perhaps the blowing of a fuse. As a result, the development of embedded software requires a verification process more complex than the one used to develop the analog system being replaced.

Embedded systems need to be functionally equivalent to the analog systems they replace along with being able to achieve that in a timely manner. This is because such analog systems interact with physical phenomena as can be the case of a braking system or a signal analyzer. This timeliness requirement is known as a real-time requirement and systems with these requirements are called real-time systems. These types of embedded systems are known as embedded real-time systems.

As an example, consider the system depicted in Figure 1. This system depicts a simplified version of an Anti-Lock Braking System (ABS). This system works as follows. The speed sensor samples the speed of the wheel and sends the samples to the brake controller. The brake controller looks for abnormal deceleration that only happens an instant before the wheel will start to skid. If such deceleration is detected, then the controller sends a command to release the pressure on the brake to prevent the wheel from skidding.

Figure 1.

Anti-lock braking system


Two timing requirements are important in this ABS braking system. First, the frequency at which the speed of the wheel is sampled must be high enough to observe the physical feature that signals the start of skidding. Secondly, the reaction time between the discovery of the abnormal deceleration and the release of the brake must be fast enough to ensure that skidding is avoided. These two requirements, known in the real-time theory as period and deadline, must then be verified. To do this verification, it is necessary to know the worst-case execution time (WCET) of the software functions being executed. Given the WCET, it is possible to answer whether such software can be executed periodically as defined by the period and if it can complete before its deadline.

In addition to timing requirements, other requirements such as reliability and security may need to be satisfied in an embedded real-time system. We identify these requirements, typically known as non-functional requirements, as para-functional requirements to avoid a negative connotation of the non-functional term. The implication of these para-functional requirements is that the development process requires designing, implementing and testing of not only functionality but also of constructs (e.g., replication for reliability) that ensure that para-functional requirements are satisfied. Para-functional requirements complicate the addition and reuse of functionality. The addition of new functionality can break para-functional assumptions, such as the WCET, and the reuse of functionality in another application has to be verified against both the functional specification and the para-functional requirements.

Complete Chapter List

Search this Book: