The purpose of the Maruti project is to create an environment for the development and deployment of critical applications with hard real-time constraints in a reactive environment. Such applications must be able to execute on a platform consisting of distributed and heterogeneous resources and operate continuously in the presence of faults.
The Maruti project started in 1988. The first version of the system was designed as an object-oriented system with suitable extensions for objects to support real-time operation. The proof-of-concept version of this design was implemented to run on top of the Unix operating system and supported hard and non-real-time applications running in a distributed, heterogeneous environment. The feasibility of the fault-tolerant concepts incorporated in the design of Maruti system were also demonstrated. No changes to the Unix kernel were made in that implementation, which was operational in 1990. We realized that Unix is not a very hospitable host for real-time applications, as very little control over the use of resources can be exercised in that system without extensive modifications to the kernel. Therefore, based on the lessons learned from the first design, we proceeded with the design of the current version of Maruti and changed the implementation base to CMU Mach which permitted more direct control of resources.
Most recently, we have implemented Maruti directly on 486 PC hardware, providing Maruti applications total control over resources. The initial version of the distributed Maruti has also been implemented, allowing Maruti applications to run across a network in a synchronized, hard real-time manner.
We describe two integrated languages and associated tools for capturing and analyzing two different views of the architecture of an embedded system. One language is tailored to address guidance, navigation and control issues, while the other is tailored to address real-time, fault-tolerance, security and multi-processor system issues. Both languages have tools that perform analyses appropriate for the issues each addresses, and tools to automatically configure the application software from a sufficiently detailed specification. The integrated languages and tools are intended to support a development process based on reusing an easily configurable generic architecture developed for a family of products.
A real-time implementation for allocating slack to aperiodic processes in MetaH is nearing completion. The slack scheduling algorithm used is based on the slack stealer originally proposed by Lehoczky et. al., with practical extensions to allow for support of process criticalities, multiple process streams (of different criticalities) competing for pooled slack and inclusion of run-time overheads in the slack functions. Areas in need of future work are also identified.
We discuss the use of architecture specification languages to drive both automated analytic modeling and automated system implementation. We "co-generate" various formal models and an implementation from an architecture specification in a way that provides high assurance that the analysis results accurately predict implementation behavior. This approach enables improved system quality and functionality due to early and reliable design trade-off studies, rapid and low-cost system development and evolution, and increased assurance of correctness.
This paper describes certain aspects of an architecture description language (MetaH) and associated toolset used to specify, analyze, and automatically assemble software for real-time, fault-tolerant, secure, multi-processor systems. One goal in the design of this language and toolset was to provide design-time analysis that accurately characterizes the behavior of the actual implementation. Currently, our toolset consists of tools to automatically assemble the application software and to perform a real-time schedulability analysis for that application.
We have recently completed a prototype language and tool that allow formal specification, analysis, and code assembly for real-time applications. The language allows a specification at a software architectural level rather than at the functional level. The language doesn't specify what algorithms or functions individual modules compute, but instead identifies externally generated modules that are to be included in an application and how those modules are to communicate, share resources, and be scheduled. The current tool performs two functions automatically: the tool generates ``glue'' code that performs real-time process dispatching, communication, access synchronization for shared resources, etc. and uses this glue code to assemble the overall application; and the tool generates and solves a timing model for the assembled system. The timing model and assembled application code are consistent by construction, so that the results of the timing analysis provide a high degree of assurance of the schedule feasibility of the final application.
The focus of this paper is on implementation techniques for hybrid control systems. In this paper we use the term ``hybrid'' to refer to a system that combines Continuous Variable Dynamic System (CVDS) and Discrete Event Dynamic System (DEDS) models, which is a broader problem than discrete-time fixed rate sampling. We will discuss several mechanisms for implementing hybrid systems. Switches allow efficient, limited control law changes in response to events. Scheduling modes provide more expensive but more flexible control law and implementation changes in response to events. Either type of change can be triggered by either external (hardware interrupt) or internal (software-raised) events. We will discuss support for fixed rate control processes, hard deadline aperiodic processes, and queueing processes to exchange data and share resources within the same hybrid AGN&C system.
In this article, we describe the language and code generator ControlH. The development of ControlH is being supported by the ARPA Domain Specific Software Architectures (DSSA) Program. The language is designed for describing Guidance, Navigation and Control (GN&C) algorithms in a concise yet rigorous manner. Both Textual and Graphical syntaxes exist. The code generator generates high-quality, modular Ada or C from specifications. Together, the language and the code generator are used to provide software reuse and configuration at the high level of GN&C algorithm specification.
Automatic code generation has become a popular technique for generating software for control applications. The popularity of the technique is justified by the convenience of programming in a domain-specific specification language, and the elimination of communication errors between the control-law designer and the software engineer. Unfortunately, in the rapid rush toward the marketing and adoption of this technique, efforts directed toward generating high-quality code have often come half-heartedly as an afterthought. We propose some guidelines to be used to judge the quality of code generated for control applications. Many of these guidelines are directed toward the efficient use of time and space resources. Others impact the maintainability of the code, as well as the viewpoint of validation and verification. We also introduce ControlH, and its corresponding code generator. ControlH is a language developed at Honeywell for specification of control applications. Its code generator translates applications specified in ControlH into applications implemented in Ada. These applications meet our guidelines for quality code generation.
In this paper we describe the defining characteristics of the language ControlH. ControlH is being designed under the ARPA DSSA (Domain-Specific Software Architectures) Program. ControlH is designed for describing Guidance, Navigation and Control (GN&C) algorithms in a concise yet rigorous manner. The language objects, structure, data types, and operations have been tailored to the domain of GN&C algorithm specification. The language also provides hooks for optimization of the software produced from the specification. A translator has been developed which generates high-quality, modular Ada, based on ControlH specifications. The language and the translator are used to provide software reuse and configuration at the high level of GN&C algorithm specification.
This document defines the ControlH language used for specifying guidance, navigation and control models and algorithms, and the toolset available to support the language. It is the users manual for the ControlH language and toolset.
MetaH is a language for describing the software and hardware architecture of real-time fault-tolerant securely partitioned avionics systems. The toolset supports, among other things, real-time schedulability analysis and the automatic generation of "glue" code that implements real-time message passing and process dispatching for a class of multi-processor target architectures. We describe the development methodology and typical requirements that motivated the language and tools. We also give an overview of message and process scheduling in applications generated from a MetaH specification.
This document provides background and preparatory material for participants in a software architecture workshop. A software architecture workshop helps a product development group identify common or reusable elements of a software architecture. The document explains what a software architecture is, presents several examples, and discusses benefits that can be obtained by more rigorously and explicitly identifying a common software architecture for a family of products. The purpose of a workshop is to develop a more explicit definition of the software architecture that is used or can be used by the group; and to identify actions the group can take to achieve some of the benefits in their product development efforts.
Specialized application generation tools are increasingly being used to automatically produce software in various application domains such as guidance, navigation and control. Many different tools may be used together to generate or assemble different parts of the same application. We discuss a toolset we have been developing to automatically generate GN&C and embedded software and the approach we are pursuing to assure the correctness of the generated applications.
Significant previous and ongoing work exists in the area of computer-aided control engineering toolsets to support the specification and analysis of control systems. Several toolsets exist to support control system design and analysis, and a few tools exist to automatically generate control software. Analogous work on computer-aided software engineering toolsets for high-level specification and analysis of real-time systems also exists. This paper gives an overview of a toolset that extends and integrates work in both these areas to provide a multi-disciplinary toolset to support concurrent engineering of computer-based control systems. Particular emphasis is placed on concepts that appear in the toolsets for both disciplines and on aspects of multi-disciplinary development.
MetaH is a language used to describe the overall configuration or architecture of a real-time avionics application. The language includes a feature called a mode, which allows the set of processes, or the connections between those processes, to be changed dynamically by the application during system operation. The language requires all possible modes of operation to be statically declared, which facilitates both automatic code assembly and real-time schedulability analysis.
An architecture description language is used to describe the high-level structures or designs of software applications. The focus is on software modules and the communications and interactions between them, rather than on the functional or algorithmic details within a particular source module. However, in many cases a number of very detailed and pervasive decisions are critical to the successful implementation of the application, yet are not explicitly captured in designs expressed using the language. In many cases such details are manifested in the semantics of the architecture description language, which means that the architecture description language is domain-specific. This paper surveys four experimental architecture description languages, pointing out their differences as well as the common characteristics they all exhibit.
This document gives some further thoughts on a DSSA-based development process, following consumption and rumination on various process discussions within the DSSA community. This is an informal document intended to throw some ideas back into the DSSA community and get a sanity check, not to be our definition of an architecture-oriented development process. I'm writing this in the first person to emphasize the informal and parochial nature of this material. At a high level the overall DSSA process will be divided into two main segments: the accumulation of domain assets that improve the production efficiency and quality of a future stream of software products; and the use of these assets in the production of a particular software product. The former process steps deal with the definition, selection and accumulation of such assets as reference requirements and the representation used to capture them and a reference software architecture and the representation used to capture it. The latter process steps deal with the use of these assets to improve quality and productivity in the production of a specific software product.
This document defines the MetaH system (software+hardware) architecture description language and describes the available analysis and code assembly tools. It is the users manual for the MetaH language and toolset.