Adrian Robson

Improving the Accuracy of Scheduling Analysis Applied toDistributed Systems Computing Minimal ResponseTimes and Reducing Jitter

A well-established approachto the verification of end-to-end response times for distributed,hard real-time systems is an integrated scheduling analysis ofboth task processing and message communication. Hitherto, publishedanalyses have been confined to the computation of worst-casebounds only and best-case response times have been ignored, assumedto be zero or treated approximately. However, there are compellingreasons for computing both upper and lower bounds on responsetimes, not only to allow the verification of best-case performancebut also to improve the accuracy of the overall analysis. Thispaper describes a precise best-case execution time analysis whichreduces jitter and extends distributed scheduling analysis toyield more accurate upper and lower bounds on system responsetimes. The analysis is combined with existing results for worst-caseresponses in a single scheduling algorithm to compute both upperand lower bounds on end-to-end response in distributed systems.A design tool has been developed to automatethe analysis and support the performance verification of diversereal-time systems composed of tasks executing on multiple processorswhich communicate using the Controller Area Network (CAN) fieldbus.

Validation, verification and implementation of timed protocols using AORTA

AORTA is an implementable timed process algebra which has been proposed as a design language for hard real-time systems. In this paper we show how AORTA can be used to design and model timed protocols, illustrated by the alternating bit protocol. We also describe tools which have been developed for simulation, verification and automatic implementation of AORTA systems, and outline a relationship between the formal models which are verified and the code which is generated.

A formally based hard real-time kernel

In order to demonstrably satisfy hard real-time deadlines, a system must be predictable, and in particular the kernel must be predictable. In this paper we present and analyse a predictable kernel related to AORTA, a formal design language for hard real-time systems. The features of the kernel allow AORTA designs to be verifiably and semi-automatically implemented, and enable verified guarantees to be given about the real-time behaviour of the system.

Designing and Implementing Correct Real-Time Systems

Existing formal methods for real-time largely deal with abstract models of real-time systems, and seldom address implementation issues; they are mainly used for modelling and specification. In this paper we propose an alternative approach, in which a new timed process algebra, AORTA, is used as a design language, which can be verifiably implemented. As well as introducing and formally defining the language, methods for implementation and verification are discussed.

Practical formal development of real-time systems

The complexities of real-time systems are such that it is often thought necessary to give a formal justification of their correctness especially if they are to be used in a safety-critical environment. We describe our work on a formally based design method for real-time systems which allows the timing aspects of a concurrent system to be mathematically described and verified, as well as semi-automatically implemented. Our design language, AORTA, is a timed process algebra, with features to ensure that all designs can be implemented. A predictable real-time kernel is also described, which is used in the construction of a system from an AORTA design, and which allows the timing of the implementation to be verified.<<ETX>>

Accounting for clock frequency variation in the analysis of distributed factory control systems

Microcontrollers are now widely deployed as components in distributed systems. Temporal predictability is often important for such embedded systems-i.e., software must execute within specified time bounds to maintain safe operation of the system as a whole. Microcontroller clocks exhibit random variation in resonant frequency from one component to another, a temperature sensitivity and gradual changes with time. Thus, the execution speed of software will vary when implemented on different processors of the same class. We highlight the vulnerability of standard scheduling analysis in the presence of clock frequency uncertainty when applied to the performance prediction of distributed embedded systems. We propose a modified scheduling analysis to account for the inevitable range of processor clock rates in embedded distributed systems and confirm our analysis by an empirical study using a CAN for inter-processor communication.

bCANDLE: formal modelling and analysis of CAN control systems

Embedded control systems appear in many of the manufactured products upon which society increasingly depends. System developers need better development methods in order to be more confident that the systems which they deliver will behave properly. The need is particularly pressing in the case of distributed, hard real-time control systems for which testing is notoriously difficult. In recent years, much research has been conducted into formal techniques for analysing the quantitative temporal properties of system models. Such work offers the promise of complementing testing in the validation of systems by approaches which include simulation, symbolic monitoring, assertion checking and verification. The principal contribution of this paper is the introduction of a modelling language, bCANDLE, whose intended domain comprises embedded control systems in which computing nodes communicate using one or more controller area networks (CAN). bCANDLE is a simple but expressive language which includes value passing broadcast communication, message priorities and an explicit time construct. In giving a formal semantics to bCANDLE in terms of timed transition systems, the authors present for the first time an abstract, timed formal model of CAN.

Application-oriented real-time algebra

Many attempts have been made to define timed process algebras as a route to formal reasoning about real-time systems. In this paper, we argue that existing timed process algebras unsuccessfully try to address all of the aspects which their untimed counterparts address (specification, design and modelling) whereas they would be more useful if they were restricted to one of these roles. Drawing on this, an application-oriented real-time algebra (AORTA) is introduced, with special features making it suitable for the design of real-time systems which may need to be formally verified.

Integrating AORTA with model-based data specification languages

AORTA has been proposed as an implementable real-time algebra for concurrent systems where event times, rather than values of data, are critical. In this paper we discuss an extension to AORTA to include a formal data model, allowing integration with a variety of modelbased data specification languages. An example is given using VDM with AORTA to define a time-critical system with important data attributes, and supporting software tools for AORTA and a simple imperative language are described.

A formal design and implementation method for real-time embedded systems

This paper tackles the problem of using formal methods for practical real-time system development and verification, and is based on a real example. Many formal methods for real-time systems have been proposed but this technique (AORTA) is one of the few to address the issue of how formal designs are to be implemented. Earlier papers on AORTA have been based on providing the formal semantics of the language, and on particular aspects of implementation or verification. This paper concentrates on setting AORTA within the development life cycle, and demonstrating that the approach can be adopted for non-trivial examples.