Concurrent systems composing
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

Concurrent systems composing

on

  • 289 views

A unified approach to systems engineering for trustworthy systems.

A unified approach to systems engineering for trustworthy systems.

Statistics

Views

Total Views
289
Views on SlideShare
289
Embed Views
0

Actions

Likes
0
Downloads
2
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Concurrent systems composing Presentation Transcript

  • 1. Trustworthy Forever From Deep Space To Deep Sea
  • 2. Eonic Systems (1989-2001) Virtuoso RTOS for parallel DSP, leader in high-end niche Sold to Wind River Systems in 2001 for 15 mio $ Open License Society (2004 - …) OpenComRTOS (IWT project) Innovative no-nonsense and formalised approach Systems/ software engineering with supporting tools Breakthrough results thanks to Formal Methods 5 to 10x smaller => efficiency, performance Sponsored by Melexis, Embedded Software Group ITEA EVOLVE project R&D costs valued at 2 mio € In sept 2008, Altreonic as a spin-off of OLS To productise and go commercial Flanders Drive ASIL project (safety engineering methodology)26-May-11 Altreonic NV – From Deep Space to Deep Sea - 2
  • 3.  Altreonic NV  Owned E.Verhulst, A.Dejonghe, Lancelot Research NV  Team (management in Belgium, development in Ukraïne since 2005)  Eric Verhulst - Founder CEO/CTO  Annie Dejonghe - Founder CFO/COO  Dr. Bernhard Sputh – sr. Engineering manager  Hardware subcontractor in India, Pune  Strategic partner in China, Shanghai  Liaison office in JP.  R&D projects:  EVOLVE: evolutionary/incremental certification/verification  OPENCOSS: certification framework automotive/railway/aerospace  D100LIVES: developing a 100yrs processing device (ARM, ATMEL, NXP, IMEC, …)  Product lines:  OpenComRTOS Designer  Safe Virtual Machine (for C)  StarFish SIL3/4 capable controllers (engineering stage)  GoedelWorks systems engineering platform in beta26-May-11 Altreonic NV – From Deep Space to Deep Sea - 3
  • 4. To provide the embedded market with development environments and with embedded hardware for generating applications where high-reliability and trustworthiness are “built-in” into the design as part of the development process. Trustworthy = Safety => dependability / physical quality Security => freedom from malicious faults/ data theft Usability => intuitive and pleasant to use /emotional Privacy => your data is your own Trustworthy = higher added value Application domains: Ultra low power embedded devices Distributed sensing and control Many/multicore devices Parallel supercomputing Fault tolerant/ safety critical systems26-May-11 Altreonic NV – From Deep Space to Deep Sea - 5
  • 5. Growing need for trustworthy technology: Electronics + SW replacing mechanical parts Being “embedded” everywhere: part of our life Initially mainly driven by safety: Lives at stake High economic cost “drive by wire” (e.g. Flanders Drive ASIL project) Increasingly shifting to notion of TRUST Essential question: how to develop trustworthy products in a cost-efficient way?26-May-11 Altreonic NV – From Deep Space to Deep Sea - 6
  • 6. Support the whole engineering process in a unified way from early requirements capturing till the final application giving a “push button high reliability” experience at a reduced life cycle cost Apply formalisation to tackle complexity Apply Formal Methods to prove correctness => GoedelWorks integrated development portal Maximising the commercial potential by applying its own methodology and tools for the developing of trustworthy controllers in volume. => OpenComRTOS: trusted runtime layer => StarFish: Altreonic’s customizable controllers26-May-11 Altreonic NV – From Deep Space to Deep Sea - 7
  • 7. Formalisation to deeply understand the problem domain to find better, leaner and cleaner solutions to find better architectures to improve reuse to get it right the first time Our methods: Unified semantics Speak the same language from early requirements capturing till final product / system is put to use Interacting Entities A common, yet very scalable and modular architectural model26-May-11 Altreonic NV – From Deep Space to Deep Sea - 9
  • 8. Base cost Cost of change Base cost Cost of change 300 300 Traditional Formalised Bottom-up Process Engineering Process 250 250 First time right Testing will only 200 200 demonstrate absence of = Less residual errors certain errors. = Higher reliability 150 150 Formal verification can = Less costs prove absence of any 100 100 errors. 50 50 0 026-May-11 Altreonic NV – From Deep Space to Deep Sea - 10
  • 9. GoedelWorks © Test harness Formalised requirements & OpenVE © specifications capturing Formalized modelling Project repository Simulation Code generation Modeling UserApplications OpenComRTOS © Formally developed Meta-models Runtime support for concurrency and communication OpenTracer © Unifying Visual Tracing Repository System Debugger © System Level Debugger SafeVirtualMachine Unified Semantics © StarFish Controller Virtual Machine for C © Control & processing platform Unified architectural paradigm: Interacting Entities SIL enabled with support for fault tolerance26-May-11 Altreonic NV – From Deep Space to Deep Sea - 11
  • 10. Phase1 Phase2 Phase3 Phase4Cost : + ++ ++ ++ +++ +++++ +++++++ ++++++ ++++++++++of issues System System System System Requirements Specifications System Development Integration Validation Maintenance Capturing Capturing Architecting FMEA Safety FTEA Specs Packaging Specs Hardware Specs System and Software Software System System System System Software System Safety Architectural Implementation Validation Maintenance Requirements Architecture Specs Integration Specifications Design Verification Analysis and Test System System System Domain Specific Domain Specific Domain Specific System System System Requirements Specifications Architecture Specifications Architectural Beta Released Released Updates (Normal Case) Design release Design Code Source Code Test Cases & Distribution Test Cases Test Test results System Fault Cases procedures Test Results Validation Fault Cases Results User manual ASIL process flow identified 2800 process requirements!26-May-11 Altreonic NV – From Deep Space to Deep Sea - 12
  • 11. Is an integrated set of tools, facilitating the development of high-reliability and safety critical products and systems. Integration is key in achieving reliability and trustworthiness OpenComRTOS Designer suite of tools: OpenComRTOS: unique network-centric formally developed Real Time Operating System, 5 KB(!), unique heterogeneous support – write code once, run anywhere – scalable. Open VE, a visual programming and development environment for developing and simulating real-time embedded applications OpenCookbook is a web-hosted environment supporting the systems engineering process flow (proof of concept) Tools: OpenTracer, OpenSystemInspector, Safe Virtual Machine Being integrated in GoedelWorks SaaS portal OpenComRTOS was one of the three nominees for the: StarFish Scalable, customizable, fault-tolerance capable controllers supported by OpenComRTOS suite26-May-11 Altreonic NV – From Deep Space to Deep Sea - 13
  • 12. MARKET Segment Enabler Challenges Ultra low power - hearing aids OCR small code Hardware driven market, - building control OCR low overhead role of SW not well - sensors understood Distributed - smart machines OCR network Inertia from legacy control - robotic machines heterogeneous solutions - sensing networks support Fault - process control OCR formal dev Inertia from legacy tolerant - infrastructure OCR triplication solutions systems - e-vehicles GoedelWorks StarFish - medical Multicore/manycore - handheld devices OCR easy to support Hardware driven devices - set-up boxes Parallel computing - scientific computing Intel SCC Niche - image processing • Embedded Systems and Control (src EU): • Market Size : ~ €188 000 mio with av. growth of 8% until 202026-May-11 Altreonic NV – From Deep Space to Deep Sea - 14
  • 13. Covering full value-chain from requirement to hardware to maximise added value and certifiability MODEL(S)21 METHODOLOGY11 REQUIREMENT21 SPECIFICATIONS21 Architectural Architectural Simulation Simulation CheckPoints11 Normal case Formal Formal Functional Standards Statements Test case Implementation Implementation Non-Functional Guidelines Failure case Questions Hints Entity11 Design Views21 Methodology Answers Method11 Org Specific Domain Specific Misc SubSystem Procedure Interaction Tool Function WorkPackage11 Role Interface GoedelWorks DEVLPMNT TASK11 Process Views21 Issues11 Install Result41 Validation TASK21 Result61 PreConditions31 Write-Up PreConditions51 USE CASES ChangeRequest21 Spec Approved WP completed RELEASE1 PreConditions41 Verification TASK11 PreConditions61 Result51 Test TASK11 Valid Approv Test Approv Work Approved Spec Approved Result71 Dev Task Approv Verif Task Approv OpenCookbook Systems Grammar 10.11.2009 OpenVE OpenComRTOS suite StarFish Safe Virtual Machine OpenTracer26-May-11 Altreonic NV – From Deep Space to Deep Sea - 15
  • 14. Formalised systems engineering portal for project support Awareness of safety engineering standards IEC 61508, IEC 62061, ISO DIS 26262, ISO 13849, ISO DIS 25119 and ISO 15998 Organisation specific Supports all process activities with full traceability Based on previous OpenCookBook experience SaaS: no license, but time based Additional licenses: Encryption of data Local hosting (via Open Technology License)26-May-11 Altreonic NV – From Deep Space to Deep Sea - 16
  • 15. GoedelWorks’ architecture is competitive advantage: Metamodels allow fast customisation System is “compiled” from specifications Allows semi-automatic certification User is guided through complexity of systems engineering process, and project becomes a lot easier to manage and to certify Project portal = up-to-date database Plug-ins an API for third party tools and technology Imports Flanders’ Drive ASIL methodology e.a. 2 years of dissecting standards => 3800 requirements, 100 Work Products26-May-11 Altreonic NV – From Deep Space to Deep Sea - 17
  • 16. 26-May-11 Altreonic NV – From Deep Space to Deep Sea - 19
  • 17. 26-May-11 Altreonic NV – From Deep Space to Deep Sea - 21
  • 18. Formalised but straightforward approach Full integration of tools from requirements to final applications is unique OpenComRTOS is a unique programming system, a unique network-centric RTOS, quasi-universal Formally developed and verified Scalable yet very small: typically 2 to 5 kiB/node Real-time communication support Heterogeneous target support OpenComRTOS nominated embedded award Capable of fault-tolerance (at affordable cost)26-May-11 Altreonic NV – From Deep Space to Deep Sea - 22
  • 19. Formalised systems engineering portal for project support Formalised but straightforward approach Full integration of tools from requirements to final applications is unique OpenComRTOS is a unique programming system, a unique network-centric RTOS, quasi-universal Formally developed and verified Scalable yet very small: typically 2 to 5 kiB/node Real-time communication support Heterogeneous target support OpenComRTOS nominated embedded award Capable of fault-tolerance (at affordable cost)26-May-11 Altreonic NV – From Deep Space to Deep Sea - 23
  • 20. Result of formal modeling (TLA+) Events, semaphores, FIFOs, Ports, resources, mailbox, memory pools, etc. are all variants of a generic HUB A HUB has 4 functional parts: Synchronisation point between Tasks Stores task’s waiting state if needed Predicate function: defines synchronisation conditions and lifts waiting state of tasks Synchronisation function: functional behavior after synchronisation: can be anything, including passing data All HUBs operate system-wide, but transparently: Virtual Single Processor programming model Possibility to create application specific hubs & services! => a new concurrent programming model26-May-11 Altreonic NV – From Deep Space to Deep Sea - 24
  • 21. The generic hub as metamodel Data needs to be buffered Buffer List CeilingPriority Prioity Inheritance For resources Owner Task For semaphores Count Predicate Action Synchronisation Synchronising Predicate Synchronisation W W L L Waiting Lists T T Threshold T Generic Hub (N-N) Similar to Guarded Actions or a pragmatic superset of CSP26-May-11 Altreonic NV – From Deep Space to Deep Sea - 25
  • 22. 26-May-11 Altreonic NV – From Deep Space to Deep Sea - 26
  • 23. • Up to 10x smaller than traditional design (thanks to formal development) • Less power, less memory, easier to verify, scalable ... CPU Type Codesize ARM-Cortex-M3 2.5 – 4.0kB XMOS-XS1 5.0 – 7.5kB PowerPC e600 7.1 – 9.8kB TI-C66x (DSP) 5.1 – 7.7kB Code size figures (in Bytes) obtained for our different ports, -Os Dormant ports: MLX16 (2K), Xilinx MB (5K), Leon3(5K), CoolFlux DSP(2K)26-May-11 Altreonic NV – From Deep Space to Deep Sea - 27
  • 24. Ultra low power: CoolFlux DSP core (24bit, Harvard) Code size full kernel: 2000w PM + 750w data Interrupt latency: IRQ to ISR: < 112 cycles IRQ to task: < 877 cycles Multicore capable Single chip multicore Intel SCC 48core “super computer on chip + NoC switch” (in development) Heterogeneous networked targets: Win32+Linux+ARM+MicroBlaze+XMOS+LEON3+ … demo programmed as single target26-May-11 Altreonic NV – From Deep Space to Deep Sea - 28
  • 25. Ultra low power: SoC, 2K instructions on CoolFlux DSP of NXP E.g. hearing aids Sensor and actuator networks Small code size Power saving modes, wake up by interrupt System wide routing Distributed control Network support is built in Easy to integrate redundancy Easy to distribute control and I/O No more binding glue, no more middleware layers Parallel “supercomputing” Parallel heterogeneous DSP networks PPC and TI C66XX DSP multicore, multi-chip, multi-board, …26-May-11 Altreonic NV – From Deep Space to Deep Sea - 29
  • 26. Goal: CPU independent programming Low memory needs (embedded!) Mobile, dynamic code => “embedded apps” Allows to reuse legacy binary code on any processor Results: Selected ARM Thumb1 instruction set of VM target Compactness Widely used CPU < 3 Kbytes of code for VM Executes binary compiled code Capable of native execution on ARM targets VM enhanced with safety support (option): Memory violations Stack violations Numerical exceptions26-May-11 Altreonic NV – From Deep Space to Deep Sea - 30
  • 27. Network infrastructure26-May-11 Altreonic NV – From Deep Space to Deep Sea - 31
  • 28. GoedelWorks Structured team work over the internet MODEL(S)21 METHODOLOGY11 REQUIREMENT21 SPECIFICATIONS21 Architectural Architectural Simulation Simulation CheckPoints11 Normal case Formal Formal Functional Standards Statements Test case Implementation Implementation Non-Functional Guidelines Failure case Questions Hints Entity11 Design Views21 Answers Method11 Org Specific Domain Specific Misc SubSystem Procedure Interaction Tool Function WorkPackage11 Role Interface Process Views21 DEVLPMNT TASK11 Issues11 Install Result41 Validation TASK21 Result61 PreConditions31 Write-Up PreConditions51 USE CASES ChangeRequest21 Spec Approved WP completed RELEASE1 PreConditions41 Verification TASK11 PreConditions61 Result51 Test TASK11 Valid Approv Test Approv Work Approved Spec Approved Result71 Dev Task Approv Verif Task Approv OpenCookbook Systems Grammar 10.11.200926-May-11 Altreonic NV – From Deep Space to Deep Sea - 32
  • 29. Phase Detector Low Pass Filter Voltage Control Oscillator sin(α) speed + K1 1/s 1/s angle - cos(α) K2 sin(α) cos(α) (third party tools) Simulating the algorithm in a PC doesn’t cost much, but allows to find the issues early on26-May-11 Altreonic NV – From Deep Space to Deep Sea - 33
  • 30. After simulation and model checking, select the application architecture and OpenVE start development26-May-11 Altreonic NV – From Deep Space to Deep Sea - 34
  • 31. • Networked control modules do the real work. • Added value from high reliability and high performance algorithms • Fault tolerance is a configuration option Altreonic Inside26-May-11 Altreonic NV – From Deep Space to Deep Sea - 35
  • 32. OpenVE: How are processors connected ?26-May-11 Altreonic NV – From Deep Space to Deep Sea - 36
  • 33. OpenVE How is the application structured ?26-May-11 Altreonic NV – From Deep Space to Deep Sea - 37
  • 34. The more code is generated, the less programmingerror s are made OpenVE26-May-11 Altreonic NV – From Deep Space to Deep Sea - 38
  • 35. Verification and testing is needed to confirm the work was well done OpenTracer26-May-11 Altreonic NV – From Deep Space to Deep Sea - 39
  • 36. From idea to prototype in a seamlessly integrated and controlled process26-May-11 Altreonic NV – From Deep Space to Deep Sea - 40
  • 37. 26-May-11 Altreonic NV – From Deep Space to Deep Sea - 41
  • 38. OpenComRTOS supports heterogeneous networked and many-core processor systems: Remapping tasks or RTOS entities requires no source code changes Timings will differ but logic application remains Meta-models hide complexity for user26-May-11 Altreonic NV – From Deep Space to Deep Sea - 42
  • 39. Key characteristics : Scalable performance High Reliability (SIL3) Fault Tolerance (SIL4) Target market : Robotics, Automotive, Transport, Aerospace, Machine Control. Altreonic powered (Status: engineering systems Q4)OpenComRTOSdesigner suite 26-May-11 Altreonic NV – From Deep Space to Deep Sea - 43
  • 40. Key characteristics Allows full access Fully closed enclosure (IP64 or higher) Power consumption rated at 7.5 W when using all quadrants @ > 3200 Mips Application specific mezzanines Production version will be compact and stacked or use one quadrant as unit26-May-11 Altreonic NV – From Deep Space to Deep Sea - 44
  • 41. Key characteristics : High Reliability (SIL3) → Fault Tolerance (SIL4) All-in: Traction Braking Anti-slip Stability control Active suspension Exploits transparent distributed operation of OpenComRTOS Own controllers and e-motor in development Software and Hardware redundancy enables fault-tolerant controllers in 1-, 2-, 3-, 4-, n-wheel platforms => StarFish was designed with such topology in mind26-May-11 Altreonic NV – From Deep Space to Deep Sea - 45
  • 42. • Central control moves towards distributed control • Robot has 42 “feet” = 42 controllers + central • Original design: 7000 euro hardware • Our proposal: < 1000 euro + connection to PC and operator console26-May-11 Altreonic NV – From Deep Space to Deep Sea - 46
  • 43. Innovative no-risk open licensing scheme as well as binary and source code licenses. No runtime royalties. Binary (only free targets like Win32) Single seat/single site Source code + Kernel source code and build system Open Technology license Formal models, design doc, all source code, test suites, porting guide, … of RTOS + code gens + GUI tools Right to generate extra binary licenses Small royalty For all Software and all Hardware products Maintenance/support: 20%/yr/license26-May-11 Altreonic NV – From Deep Space to Deep Sea - 47
  • 44. We need hardware that executes (software) specifications Full system engineering flow support Enables high-reliability/safety OpenComRTOS project has proven that a universal concurrent programming paradigm works: Very small code size, yet very scalable Heterogeneous for CPU and communication media Greatly due to formal(ised) development www.altreonic.com Eric.Verhulst @ altreonic.com26-May-11 Altreonic NV – From Deep Space to Deep Sea - 48