Time to Quality gives More for Less
       with Altreonic’s formalised systems and software engineering
Work plan view                                           OpenVE © and OpenComRTOS ©
A Development Task is the core activit...
        A Unified and Customizable Visual Project Development Environment
                    for High Reliab...
MODEL(S)21              METHODOLOGY11

                   A Unified Visual Development Environment
                   for High Reliability Embedded Applic...
The event tracer
                                                                                                  acts li...
     a Scalable and Network-Centric RTOS for Embedded Applications
         Developed using formal modeling, t...
Available OpenComRTOS services:                                                 The application domain for OpenComRTOS is
Altreonic’s system design and
embedded software engineering services

Altreonic’s methodology and products have a long his...
RTOS                                      4. Embedded DSP engineering
 Formal development of a distributed
 RTOS, porting ...
Upcoming SlideShare
Loading in …5

Altreonic methodology and solutions


Published on

Altreonic methodology and integrated embedded software solutions.

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Altreonic methodology and solutions

  1. 1. Time to Quality gives More for Less with Altreonic’s formalised systems and software engineering methodology and tools Think before you begin. Some people might call this wisdom, but it is at the core of sys- tems and software engineering. It serves two main goals: Firstly, it serves to analyse and under- Secondly, it serves to plan and to predict. stand. What is the goal to be achieved? Once the requirements and specifications What is the real problem to be solved? Is it are well understood, architectural model- a real issue or does it just look like one? ling can explore different ways to imple- This analysis activity is often dominated by ment the specifications. Simulation mod- the use of natural language and by the elling allows “what-if” analysis and al- presence of many stakeholders. One must lows to verify that the requirements and be aware that at this stage the information specifications really reflect what is will be incomplete, incoherent and contra- needed. Formal models can then be use to dictory, or will already assume a solution verify mathematically critical properties based on past experience. of the system. Once all alternatives have been consid- Making sure that all stakeholders agree on ered, the implementation can start and we the product are system to be developed is enter the domain of traditional develop- called “Requirements and Specifications” ment engineering. The architectural mod- capturing. elling will have identified several entities At this stage, one must not only think in that provide the specified properties. terms of the “normal” use, but also take These can be assigned to a Work plan that into account fault and test conditions. If not divides the work into Work Packages, considered up front, it can be very costly to each consisting of development, verifica- retrofit a system with support for it. tion, test and validation tasks. From Deep Space to Deep Sea www. Altreonic.com Push button high reliability
  2. 2. Work plan view OpenVE © and OpenComRTOS © A Development Task is the core activity of a As many real-world systems can easily be mod- Work Package. It will develop a part of the final elled as a set of interacting entities, this became system according to a predefined or mandatory our main architectural paradigm. This is reflected methodology. To verify that the development in OpenVE a visual modelling environment. It was done correctly a Verification Task is exe- can supports in particular OpenComRTOS. The cuted and when no issues are found, Test tasks latter was formally developed as a network- will verify that the developed entity meets the centric RTOS allowing to program from very specifications. small processors to heterogeneous distributed When all development is done, verified, and networks in a transparent and scalable way. The tested integration can start. When completed, the use of formal modelling has resulted in a very system can be validated against the original re- clean and safe architecture within a very small quirements and released. If all went well, the se- code size, ranging from just 1 KBytes to about 10 lected architectural model will be the implemen- KBytes. Small in the embedded world means tation model. This transfers the developed prod- more performance and less power and less code uct or system to production entering the phase of to verify. maintenance. More upfront, less costs afterwards - Requirements capturing - Formal model building During the process, issues will be discovered and - - Specification capturing Test cases - - Logic simulation model Functional composition - Failures Analysis changes will be needed. But the further the pro- - Functional decomposition - Code generation ject has proceeded, the higher the cost will be if o k o an issue results in rework. The keyword in all k B O O nT o p these activities is formalisation. Often, it will even o p e C e ra n n result in cleaner architectures pe V ce Tools E r O Hence, a well thought out engineering process will not only result in better quality for less cost, but also provides risk reduction by finding the Unifying R ed es ig n text Repository issues as much as possible early in the process. (metamodel) Altreonic provides more At Altreonic we not only formalised a specific S O T engineering process, we took a formalised look at Op R en m Pl o systems engineering in general and the resulting at C fo view is surprisingly simple. We found it can be rm n e p s O used as for technical as well as for non-technical Reference plaftorms with architectural support for Runtime environment supporting Concurrency and domains. It can even be applied in a project to communication distributed concurrency and communication develop a standards aware methodology. Altreonic’s engineering methodology: the unified view OpenCookbook © OpenCookbook was developed as a web based Lessons environment supporting a project from require- What Altreonic brings is less risk and higher ments till reaching the release point. However in quality at a lower price by shifting the effort up- an organisation heuristic knowledge is key in pre- front and by providing an integrated approach serving the competitive edge and such knowl- from early requirements to product release. In edge and organisational procedures can be cap- these times where trustworthiness is important, tured as well. If compliance with external stan- this means not only less time to market but also dards (like the IEC61508 safety standard) is less time to quality. And quality in the end is al- needed, these can be entered as boundary condi- ways a winner. tions to the engineering process allowing to pre- certify while the project is executed. Documents are not written but generated as time stamped For information or to discuss your needs: snapshots. From Deep Space to Deep Sea Contact: Altreonic NV Gemeentestraat 61A b1 www. Altreonic.com B3210 Linden—Belgium Tel.:+32 16 202059 Push button high reliability info.request @ altreonic.com
  3. 3. OpenCookbook A Unified and Customizable Visual Project Development Environment for High Reliability Embedded Applications Embedded systems today increasingly require electronics and embedded software.:  An increasing level of functionality, including not necessary but nice-to-have features;  An increasing need for safety, requiring the devices to be smart and self-aware;  Lower cost combined with higher performance, often replacing mechanical solutions with elec- tronic ones;  High reliability and trustworthiness under all circumstances;  Flexibility and allowing to upgrade as well as to customize the system. The result is that engineers are confronted with increased complexity while market pressure will often dictate lower development cost and delivery in less time. The challenge is to cope with these increasing but conflicting demands. While electronics and software provide flexibility, their use results in an expo- nential growth of complexity. If not done systematically such projects can be very costly and carry a high risk of failure. Based on the pioneering work done at Open License Society, Altreonic offers a unique solution. We identified that trying to integrate a myriad of tools and solutions is often a root cause of problems. We took a fresh look and developed a formalized approach to systems engineering. Altreonic’s approach has simplified the engineering process to a set of clearly defined and orthogonal activities. Under the banner of “unified semantics” our approach assures that at any time people share their knowledge with as little misunderstandings as possible. Furthermore, we developed a supporting framework adapted to the needs of distributed development teams. OpenCookBook© Test harness OpenVE © Formalised requirements & Formalized modelling specifications capturing Mod Simulation elin g Ac g tiv i rin Modeling Form tie s tu ion al ap ulat c Sim Mo de es lin as s g ns l case es tio a s m tc a ca or es lt c ifi User Ar Mo N T u ec Applications Fa ch de Sp ite lin ct g ur & cki nts al nts che reme ng Meta- e em models i qu uir OpenComRTOS © Re Req Formally developed Runtime support Runtime support for Unifying concurrency and n, Repository atio n , Ve tion kpla rific men alida wor SIL 3/4 Controller © Pl rdw t V Ha at Unified Dev Test, fo are Control & processing platform Semantics elop rm natively supporting distributed Unified architectural paradigm: Interacting Entities From Deep Space to Deep Sea www. Altreonic.com Push button high reliability
  4. 4. MODEL(S)21 METHODOLOGY11 REQUIREMENT21 SPECIFICATIONS21 Architectural Architectural Simulation Simulation CheckPoints11 Normal case Formal Formal Functional Standards Statements Test case Implementation Implementation Non-Functional Guidelines Failure case Questions Hints Entity11 Method11 Design Views21 Answers Org Specific Domain Specific Misc SubSystem Procedure Interaction Tool Function WorkPackage11 Role Interface Process Views21 DEVLPMNT TASK11 Issues11 Install Result41 Validation TASK21 Result61 PreConditions31 Write-Up PreConditions51 USE CASES ChangeRequest21 Spec Approved WP completed RELEASE1 PreConditions41 Verification TASK11 PreConditions61 Result51 Test TASK11 Valid Approv Test Approv Work Approved Spec Approved Result71 Dev Task Approv Verif Task Approv OpenCookbook Systems Grammar 10.11.2009 The OpenCookbook portal is based on a formalised but straightforward and integrated project metamodel. The OpenCookbook framework was developed as an intranet portal, resulting in a real-time specification and development database of the system or product under development. It has itera- tive and evolutionary development at its core while it guides the project members to work in a consistent manner. Requirement, Specification, Modeling, Work Packages, Development, Veri- fication, Test and Validation tasks are defined in a consistent way. Barrier conditions with mile- stones can be enforced and queries allow the project manager to view the development status at any moment. Every organization has a lot of heuristic know-how but often it is not recorded or applied in a con- sistent manner and it can take years for newcomers to absorb this knowledge. Of course, integrat- ing this knowledge requires human interaction but we have the capability and tools to facilitate this. The result is a development portal that allows reusing existing IP and platforms while pre- serving the heuristic knowledge integrated in the on-line design wizards. OpenCookbook can be made standards aware, providing the engineering team with pre-certification support while de- veloping the system. Lastly, OpenCookbook is part of our global “Push button high reliability” approach. The project entities and how they interact can be directly linked with Altreonic’s OpenVE, a visual develop- ment environment for distributed concurrent programming. At the heart lies Altreonic’s Open- ComRTOS, a unique real-time programming environment. It was developed using formal tech- niques and provides native and transparent support for network-centric or multicore program- ming. From Deep Space to Deep Sea Contact: Altreonic NV Gemeentestraat 61A b1 www. Altreonic.com B3210 Linden—Belgium Tel.:+32 16 202059 Push button high reliability info.request @ altreonic.com
  5. 5. OpenVE A Unified Visual Development Environment for High Reliability Embedded Applications Developing distributed real-time embedded applications used to be hard hard. The develop- ment is even harder when the requirements dictate the use of heterogeneous target proces- sors. The target processors might use different runtime environments, including legacy Oper- ating Systems. Altreonic’s OpenVE provides the solution. OpenVE was developed using the same principles that govern Altreonic’s sys- tems engineering methodology. Using meta-modeling, embedded software engineers can define their own targets, tar- get topology, applica- tion topology, graphi- cally create the pro- gram code, build and run the executable im- ages. Before the final target is used, they can run the application on a host operating system (Windows or Linux) allowing them to verify the behavior. A built in event tracer allows users to verify the sched- uling and task interactions. Once done, a small click of the mouse changes the target proces- sor for each node and with little or no source code changes, OpenVE generates code for the final target. The event tracer displays the execution trace on the host. The host nodes can even remain part of the system e.g. for accessing stdio services, graphic displays, file services, TCP/IP sockets, etc. Five easy steps to develop a distributed multi-tasking application: 1. Define the topology:  Put the processing nodes on the canvas and connect them 2. Define the application:  Put the tasks on the canvas, define the properties  Put the interaction icons on the canvas by selecting from the menu events, sema- phores, ports, fifo’s, resources, memory pools, packet pool or generic hubs  Add a hostserver task to interact with the application  Connect tasks and interaction icons. Select from the available services.  Add your application specific code. 3. Build:  OpenVE will generate data structures, add drivers and system tasks,  Generate routing tables and makefiles. 4. Run and watch. 5. Verify.  Just open the tracefiles and analyse the events that happened. From Deep Space to Deep Sea www. Altreonic.com Push button high reliability
  6. 6. The event tracer acts like a software oscilloscope for the software. The node interacti- on diagrams clearly show the interpro- cessor communica- tion. Statistical profiling data complement the analysis. What are the benefits of OpenVE? 1. Productivity. IDEAS and CONCEPTS The real-time embedded engineer only needs to use a single integrated environ- ment for specifying and modeling his embedded software architecture, to simulate it and to generate code for his target. 2. Target independent. DEFINE OpenVE is based on a metamodel concept. This allows the engineer to adapt it to his needs. When developing a new OpenComRTOS service, the service can be added without changing the kernel. Define a suitable icon and the service becomes part of the enhanced RTOS. Adding a new target processor is as simple as adding a folder to the file system. No changes are needed to OpenVE. What’s more, the target system can be heterogeneous, covering from 8bit microcontrollers over high- end 32 or 64bit processors, to legacy operating systems providing access services. DESIGN 3. Trustworthy development. Writing software is an error prone process, especially when the application is com- plex and consists of a large number of interacting and concurrent entities. OpenVE makes this process a lot less error-prone. First of all, the programming model is so MODEL straightforward that applications can be drawn on the canvas. But secondly, OpenVE generates the whole framework so that the developer only has to fill in the core functions. 4. Performance and safety. GENERATE OpenVE supports the OpenComRTOS programming model. The latter was devel- oped and verified using formal modeling techniques and can be considered as a break-through in RTOS design. It has a very clean and safe architecture still 5 to 10 times smaller than equivalent hand-written code. It’s architecture also uses a unique packet switching mechanism. No buffer overflows are possible and full TRUSTWORTHY scalability is guaranteed. Developers can even define their own services. The pro- PRODUCTS gramming model remains the same, whether programming single processors, many-core CPUs or networks of widely distributed processing nodes. From Deep Space to Deep Sea Contact: Altreonic NV Gemeentestraat 61A b1 www. Altreonic.com B3210 Linden—Belgium Tel.:+32 16 202059 Push button high reliability info.request @ altreonic.com
  7. 7. OpenComRTOS a Scalable and Network-Centric RTOS for Embedded Applications Developed using formal modeling, the perfect RTOS for deeply embedded and distributed systems OpenComRTOS breaks new grounds in the field of Real-Time Operating Systems. To enable safety critical and high reliability applications, it was from the ground up developed using formal modeling. Conceptually it was developed as a scalable communication layer to support heterogeneous multi- processor systems, but it runs equally well on a Data needs to single processor. It supports small microcontrol- Buffer List be buffered lers, many-core chips with little memory as well Prioity Inheritance CeilingPriority widely distributed systems. For resources Owner Task While the programming concept was inspired by For semaphores Count a Virtual Single Processor model, the formal ap- Predicate Action proach was instrumental in achieving a trustwor- Synchronisation thy component. Moreover, it achieves unparal- Synchronising Predicate leled performance with a very clean and portable Synchronisation architecture. An additional benefit of the unique architectural approach is safety and scalability. W W OpenComRTOS provides the same kernel services Waiting Lists L L as most RTOS, such as starting and stopping T T tasks, priority based preemptive scheduling sup- porting priority inheritance, Events, Semaphores, Threshold T Generic Hub (N-N) FIFOs, Ports, Hubs, Resources and Memory Pools. Entirely written in ANSI-C (MISRA checked) OpenComRTOS can be scaled down to about 1 KB in a single processor code size optimized implementa- tion and 2 KB in a multi-processor implementation. The data memory requirements can be as low as 18 Bytes + 64 Bytes per task, depending on the target processor. On most processors, the full code size is be- tween 5 and 10 KBytes whereas the code generation tools will remove any unused functionality. All ser- vices can be called in blocking, non-blocking, blocking with time-out and asynchronous mode (when ap- propriate for the service). The kernel itself as well as the drivers are also tasks, increasing the modularity and reducing the critical sections. From the RTOS point of view the kernel shuffles Packets around, while for the implementation the Hubs play the dominant role. Packets are sent to a Hub where they synchronies with requests from other tasks. If no request is available, the Packets are put in a priority ordered waiting queue. By design, such buffers cannot overflow. An- other interesting fea- ture of the Hub is that it allows the user to create his own applica- tion specific services. Simulation is very im- portant, therefore Mi- crosoft Windows and Linux are supported as virtual hardware nodes. While this simulator provides for logically correct operations, it allows integrating existing host operating systems or existing RTOS with the nodes running OpenComRTOS. A simple serial connection can be sufficient to establish communication. Tracer supports to analyze task scheduling and inter-node interaction. From Deep Space to Deep Sea www. Altreonic.com Push button high reliability
  8. 8. Available OpenComRTOS services: The application domain for OpenComRTOS is wide. As a trustworthy component, it is a solid L1 Hub Entity Semantics basis for developing applications that need safety and security support with scarce process- Event Synchronization on Boolean ing and memory resources. Counting Semaphore Synchronization on a counter Its concurrent programming model, transpar- Port Synchronization with exchange of ently supporting heterogeneous targets makes it Packet an ideal candidate for SIL3 and SIL4 level appli- FIFO queue Buffered transfer of Packets cations. Its scalability is also risk reducing as Resource Creates a logical critical section processors can be added or removed with very Packet Pool Dynamic packet allocation little effort depending on the application re- Memory Pool Dynamic memory allocation quirements. Single phase services Application View Node Independent _NW Task returns immediately S E H _W Task waits till synchronization Task1 Task3 M A U B Memory Pool Task2 _WT Task waits with time-out Two phase services F I F Receiving a P O R Sending a Task5 _Async Task returns and synchronizes later. Task4 O Packet T Packet Packet Pool Kernel R Task E OpenComRTOS services have been designed as the ba- E V E I/O Driver Task S I/O Driver Task sic functions which are needed in embedded applica- Link Driver Task N T tions. While already rich in semantic behavior, more ISR ISR elaborate and specialized services can be added using ISR the generic Hub, an implementation of Guarded Ac- Communication Carrier Hardware Layer (I/O) tions. The architecture allows supporting other RTOS API as well. OpenComRTOS supports heterogeneous Virtual Single Processor target systems allowing to mix 8bit, 16bit and 32bit processors or even host nodes running a traditional OS. OpenComRTOS addresses the market of embed- To reduce code and memory requirements, the code is ded chips that increasingly use many-core CPUs statically linked with most data structures being gener- for higher performance and lower power con- ated at compile time. The developer specifies his topol- sumption. In all these systems, zero-wait state ogy and application graphically using OpenVE or edits memory is a scarce resource. The performance directly the configuration files. benefits of using OpenComRTOS come from its low latency communication as well as from its Code size figures (in 8 bit Bytes) low memory requirements. At the other end of the spectrum, OpenComRTOS can be used as a Service MLX16 MB Leon3 ARM XMOS Xilinx (M3) thin communication layer that connects hetero- geneous systems together. Hub shared 400 4756 4904 2192 4854 Port 4 8 8 4 4 OpenComRTOS is bundled with the OpenVE Event 70 88 72 36 54 Visual Development Environment under a bi- Semaphore 54 92 96 40 64 nary as well as under a unique Open License Resource 104 96 76 40 50 that leaves no surprises. The latter includes FIFO 232 356 332 140 222 source code, all design documents and formal Total 1048 5692 5756 2572 5414 models. A kernel porting kit facilitates porting to new targets. Semaphore loop benchmark (= 2 signals, 2 tests, 4 context switches) OpenComRTOS is not just another RTOS. It re- MLX16 MB *Leon3 ARM XMOS invents the very concept. For the first time it (M3) combines trustworthiness with small code size, performance and ease of use, even for heteroge- Clock MHz 6 100 40 50 100 neous distributed applications. OpenComRTOS microsecs 100.8 33.6 136.1 52.7 26.8 is a concurrent programming paradigm that was designed to be used. *using external memory From Deep Space to Deep Sea Contact: Altreonic NV Gemeentestraat 61A b1 www. Altreonic.com B3210 Linden—Belgium Tel.:+32 16 202059 Push button high reliability info.request @ altreonic.com
  9. 9. Altreonic’s system design and embedded software engineering services Altreonic’s methodology and products have a long history and a long experience behind them. Our team has been managing or developing embedded products since years. Methodology and application specific experience as well as know-how are winning combinations. Whether as coach- ing consultants or executing engineers, we can help you to get your products to market faster. Quality is our trademark, methodology and experience are our assets. How do we operate? Each project starts with a feasibility study in team with the customer. It gathers requirements, de- velops specifications and derives the skills and resources needed. If this phase is successful, the development is started in close cooperation with the customer. Teamwork is the key. 1. Creating an organization specific project OpenCookbook. OpenCookbook is based on a formalized meta-model that combines IDEAS and the design and workflow view in a systematic systems engineering CONCEPTS methodology. It is implemented as an intranet based project portal. The steps:  Developing a written description of the steps involved in creat- ing a product in your organization. It captures how the organi- DEFINE zation executes its projects, but it also collects crucial heuristic knowledge and might identify weak spots.  This first description is complemented with in-depth inter- views  Creating a first integrated cookbook portal  Adding standards awareness DESIGN  Fine-tuning it using a real project.  Support for maintaining and upgrading the portal. Your benefit:  Knowledge management  Systematic and faster project execution MODEL  Pre-certification according to applicable standards. 2. Embedded real-time programming GENERATE Embedded real-time applications are not easy to develop. At Al- treonic we are at the core of this domain, having developed a unique network centric RTOS using formal methods. We know what real- time means and how to achieve it, we know what multi-tasking is TRUSTWORTHY and how to make it work. PRODUCTS 3. Formal verification of software Although this is still considered as the front-end of advanced embed- ded software engineering, we have the experience and know where the limits are. We also know how a combination of formal ap- From Deep Space to Deep Sea www. Altreonic.com Push button high reliability
  10. 10. RTOS 4. Embedded DSP engineering Formal development of a distributed RTOS, porting RTOS to new targets DSP systems are a demanding domain in embedded systems. and boards, Development of applicati- They require high performance, low memory, low power and on specific services for OpenComR- often execute complex algorithms. At Altreonic these require- TOS. ments have been a guiding context for developing our metho- dology and our products. DSP FFT-analysis for 3D tomography, real- 5. Customer specific software engineering time audio processing, pressure sen- sors, soft modems, speech codecs, Given the wide range of experience within our team, we de- acoustic and line echo cancellation, liver innovative solutions. We have know-how and experience EEG and EKG signal processing, ima- in embedded systems programming, algorithm development, ge processing (such as morphological software verification, certification but we also have know-how blood analysis, print preparation). and experience with embedded hardware. Software engineering To achieve performant products, the individual components Verification of closed software loop such as microcontrollers, RISC processors, analog interfacing algorithms, CSP, TLA/TLC, RTOS and FPGAs must always tightly integrate. Our team is multi- formal modeling, protocol analysis, disciplinary and routinely crosses software and hardware bor- UML, SysML, SDL-RT, MISRA-C, Pro- ders. If needed, we can even develop a new block of digital mela/SPIN, UPPAAL, CBMC logic. 6. Training in systems and software engineering Systems engineering Reconfigurable and fault-tolerant tele- Altreonic’s methodology is unique, it covers the whole domain communcations satellite (based on 900 from early requirements capturing to validation until the FPGA with softcores) , DAB decoder, product is ready for production. OFDM, PSK, ASK, Xilinx FPGA, SDR, SpaceWire implementation in FPGA. Although we developed a coherent development environ- ment, applying a methodology is first of all a mindset. A Project management mindset that seeks to formalize and therefore achieves better Code generators, OpenVE, Open- results in less time. You can train your own people in this Cookbook, IEC 61508 mindset as well. These trainings are not just for engineers, but concern managers as well. Portal developement OpenSpecs, OpenCookbook 7. Training in real-time programming Languages and tools Real-time programming is often considered to be difficult. C/C++, Java, Python, Assembler, Li- This is partly due to the fact that real-time programming is nux, Windows, Subversion, Matlab/ often misunderstood. Even some commercial RTOS are not Simulink, Eclipse, Modelsim, Pascal, always suitable for hard real-time programming. We can teach MathCAD, Plone, drupal, php, your engineers what real-time is and how to achieve it. We can also teach them the pitfalls. Targets MicroBlaze, LEON3 (SPARCV8), What makes these trainings unique is that we can use the for- MLX16, ARM, XMOS, PowerPC, 8051, mally developed OpenComRTOS. It is one of the smallest and ADI 218x, ADI21060, TS101, TI54xx, TI highest performance RTOS in the world, enabling higher per- 67xx, Freescale 547/5249. formance with less resources. It is also the only one which was developed for scalable multiprocessing from the start. From Deep Space to Deep Sea Contact: Altreonic NV Gemeentestraat 61A b1 www. Altreonic.com B3210 Linden—Belgium Tel.:+32 16 202059 Push button high reliability info.request @ altreonic.com