Model-Based Development of Fault-Tolerant Real-Time Systems

The design of fault-tolerant real-time systems is a complex task. Besides satisfying real-time requirements, it must also deliver the specified functionality in the presence of both hardware and software faults. To achieve fault-tolerance, the system has to use redundancy. This redundancy is usually achieved by replicating hardware units and executing concurrent tasks within a distributed system.

Model-based design tools promise to reduce the complexity of the design process by raising the abstraction level. However, most of the existing tools focus only on functional aspects. Code realizing non-functional requirements such as fault-tolerance mechanisms, communication, and scheduling is not targeted. However, this type of code makes up the majority of the code of a fault-tolerant real-time system.

This project proposes a model-based development tool for the design of fault-tolerant real-time systems called FTOS. FTOS focuses on the code generation of non-functional requirements and therefore complements the existing tools. The major contribution of this research is the presentation of adequate models that can be used to model fault-tolerant systems and generate the code automatically. These models comprise a formal description of the hardware architecture, the software components and their temporal behavior, the fault assumptions, and the selected fault-tolerance mechanisms.

Using a template-based code generator, the fault-tolerant real-time system is generated. This code generator allows an easy expansion of the code generation functionality and therefore offers a solution to handle the heterogeneity of fault-tolerant systems. In addition, the talk outlines how formal methods can be integrated to prove the correctness of the generated code.

Two complementary applications are used to demonstrate the practicability of the approach. The first example is a rod controlled by switched solenoids. The control program consists of a PID controller that is executed on a triple-modular redundancy (TMR) architecture. With the current setting (Intel Pentium CPU, VxWorks 6.3, Switched Ethernet) control times in the range of few milliseconds (2.5 ms for the given application) can be achieved. Only the PID control function must be implemented by the application developer, the remaining code is generated by FTOS. The second application, an elevator control, demonstrates the ability of FTOS to cope with heterogeneous hardware. Two control units (Power PC, VxWorks 6.3, CAN) perform the application logic. Five micro controllers (Atmel ATMEGA90CAN128, no OS, CAN) realize the I/O functionality for each elevator. In combination with EasyLab it was even possible to develop the whole application without writing a single line of code (zero code development).

This work is funded by the German Ministry of Education and Research BMBF under grant 01ISF12A.

People

Partners

Informatik IV, Software & Systems Engineering, Prof. Broy, Technische Universität München
Kayser-Threde

Publications

[1]	Christian Buckl. Model-Based Development of Fault-Tolerant Real-Time Systems. PhD thesis, Technische Universität München, October 2008. (http )
[2]	Christian Buckl, Matthias Regensburger, Alois Knoll, and Gerhard Schrott. Generic fault-tolerance mechanisms using the concept of logical execution time. In Proceedings of the 13th Pacific Rim International Symposium on Dependable Computing), pages 3-10. IEEE, December 2007. (.pdf )
[3]	Matthias Regensburger, Christian Buckl, Alois Knoll, and Gerhard Schrott. Model based development of safety-critical systems using template based code generation. In Proceedings of the 13th Pacific Rim International Symposium on Dependable Computing), pages 89-92. IEEE, December 2007. (.pdf )
[4]	Christian Buckl, Matthias Regensburger, Alois Knoll, and Gerhard Schrott. A model-based code generator in the context of safety-critical systems. In Third Latin-American Symposium on Dependable Computing - Fast Abstracts Volume, pages 3-4, September 2007. (.pdf )
[5]	Christian Buckl, Matthias Regensburger, Alois Knoll, and Gerhard Schrott. Models for automatic generation of safety-critical real-time systems. In Proceedings of the Second International Conference on Availability, Reliability and Security (ARES)), pages 580-587. IEEE, April 2007. (.pdf )
[6]	Christian Buckl, Alois Knoll, and Gerhard Schrott. Model-based development of fault-tolerant embedded software. In Proceedings of the Second International Symposium on Leveraging Applications of Formal Methods, Verification and Validation (IEEE-ISoLA), pages 103-110. IEEE, November 2006. (.pdf )
[7]	Christian Buckl, Alois Knoll, and Gerhard Schrott. Template-based development of fault-tolerant embedded software. In Proceedings of the International Conference on Software Engineering Advances, pages 65-70. IEEE, October 2006. (.pdf )
[8]	Christian Buckl. Developing dependable real-time systems. In Proceedings of the Embedded World Conference, pages 285-294, February 2006. (.pdf )
[9]	Christian Buckl, Alois Knoll, and Gerhard Schrott. Development of dependable real-time systems with Zerberus. In Proceedings of the 11th IEEE Pacific Rim International Symposium on Dependable Computing. IEEE, December 2005. (.pdf )
[10]	Christian Buckl, Alois Knoll, and Gerhard Schrott. The Zerberus language: Describing the functional model of dependable real-time systems. In Proceedings of the Second Latin-American Symposium on Dependable Computing, number 3747 in Lecture Notes in Computer Science, pages 101-120. Springer, October 2005. (.pdf )
[11]	Christian Buckl, Alois Knoll, and Gerhard Schrott. Zerberus System - Ein Entwicklungsmodell für sichere und zuverlässige Computersysteme. In Tagungsband Diskussionskreis Fehlertoleranz, pages 15-22. Shaker-Verlag, September 2005. (.pdf )