Altreonic methodology and solutions
-
Upload
omaraltreonic -
Category
Documents
-
view
594 -
download
3
description
Transcript of Altreonic methodology and solutions
Time to Quality gives More for Less
with Altreonic’s formalised systems and software engineering methodology and tools
Firstly, it serves to analyse and under-
stand. What is the goal to be achieved? What is the real problem to be solved? Is it a real issue or does it just look like one? This analysis activity is often dominated by the use of natural language and by the presence of many stakeholders. One must be aware that at this stage the information will be incomplete, incoherent and contra-dictory, or will already assume a solution based on past experience. Making sure that all stakeholders agree on the product are system to be developed is called “Requirements and Specifications” capturing. At this stage, one must not only think in terms of the “normal” use, but also take into account fault and test conditions. If not considered up front, it can be very costly to retrofit a system with support for it.
Secondly, it serves to plan and to predict. Once the requirements and specifications are well understood, architectural model-ling can explore different ways to imple-ment the specifications. Simulation mod-elling allows “what-if” analysis and al-lows to verify that the requirements and specifications really reflect what is needed. Formal models can then be use to verify mathematically critical properties of the system.
Once all alternatives have been consid-ered, the implementation can start and we enter the domain of traditional develop-ment engineering. The architectural mod-elling will have identified several entities that provide the specified properties. These can be assigned to a Work plan that divides the work into Work Packages, each consisting of development, verifica-tion, test and validation tasks.
Think before you begin. Some people might call this wisdom, but it is at the core of sys-tems and software engineering. It serves two main goals:
From Deep Space to Deep Sea
Push button high reliability
www. Altreonic.com
Work plan view A Development Task is the core activity of a Work Package. It will develop a part of the final system according to a predefined or mandatory methodology. To verify that the development was done correctly a Verification Task is exe-cuted and when no issues are found, Test tasks
will verify that the developed entity meets the specifications. When all development is done, verified, and tested integration can start. When completed, the system can be validated against the original re-quirements and released. If all went well, the se-lected architectural model will be the implemen-tation model. This transfers the developed prod-uct or system to production entering the phase of maintenance. More upfront, less costs afterwards During the process, issues will be discovered and changes will be needed. But the further the pro-ject has proceeded, the higher the cost will be if an issue results in rework. The keyword in all these activities is formalisation. Often, it will even result in cleaner architectures Hence, a well thought out engineering process will not only result in better quality for less cost, but also provides risk reduction by finding the issues as much as possible early in the process. Altreonic provides more At Altreonic we not only formalised a specific engineering process, we took a formalised look at systems engineering in general and the resulting view is surprisingly simple. We found it can be used as for technical as well as for non-technical domains. It can even be applied in a project to develop a standards aware methodology. OpenCookbook © OpenCookbook was developed as a web based environment supporting a project from require-ments till reaching the release point. However in an organisation heuristic knowledge is key in pre-serving the competitive edge and such knowl-edge and organisational procedures can be cap-tured as well. If compliance with external stan-dards (like the IEC61508 safety standard) is needed, these can be entered as boundary condi-tions to the engineering process allowing to pre-certify while the project is executed. Documents are not written but generated as time stamped snapshots.
OpenVE © and OpenComRTOS © As many real-world systems can easily be mod-elled as a set of interacting entities, this became our main architectural paradigm. This is reflected in OpenVE a visual modelling environment. It can supports in particular OpenComRTOS. The latter was formally developed as a network-centric RTOS allowing to program from very small processors to heterogeneous distributed networks in a transparent and scalable way. The use of formal modelling has resulted in a very clean and safe architecture within a very small code size, ranging from just 1 KBytes to about 10 KBytes. Small in the embedded world means more performance and less power and less code to verify.
For information or to discuss your needs:
Contact: Altreonic NV
Gemeentestraat 61A b1
B3210 Linden—Belgium
Tel.:+32 16 202059
info.request @ altreonic.com
From Deep Space to Deep Sea
Push button high reliability
www. Altreonic.com
Altreonic’s engineering methodology: the unified view
text
Re
de
sig
n
Op
en
Pla
tfo
rm
s Op
en
Co
mR
TO
S
Op
en
VE
Op
en
Tr
ac
er
Unifying
Repository
(metamodel)
Op
en
Co
ok
Bo
ok
Tools
- Formal model bu i ld ing
- Logic s imulat ion model
- Funct iona l composi t ion
- Funct iona l decomposi t ion
- Code generat ion
Reference p la f torms wi th
arch i tectura l suppor t for
Concurrency and
communicat ion
- Requi rements captur ing
- Speci f ica t ion captur ing
- Test cases
- Fa i lures Analys is
Runt ime env i ronment
suppor t ing
d is t r ibuted
concurrency and
communicat ion
Lessons What Altreonic brings is less risk and higher quality at a lower price by shifting the effort up-front and by providing an integrated approach from early requirements to product release. In these times where trustworthiness is important, this means not only less time to market but also less time to quality. And quality in the end is al-ways a winner.
OpenCookbook
A Unified and Customizable Visual Project Development Environment for High Reliability Embedded Applications
From Deep Space to Deep Sea
Push button high reliability
www. Altreonic.com
OpenVE ©
Formalized modelling
Simulation
OpenComRTOS ©
Formally developed
Runtime support for
concurrency and
SIL 3/4 Controller ©
Control & processing platform
natively supporting distributed
OpenCookBook©
Formalised requirements &
specifications capturing
User Applications
Test harness
Modeling Activities
Formal Modeling
Modeling
Arc
hite
ctu
ral
Modelin
g
Ru
ntim
e
su
pp
ort
Hard
ware
Pla
tform
Meta-models
Unifying Repository
Unified architectural paradigm: Interacting Entities
Unified Semantics
Simulation
Requir
em
ents
checkin
g
Requir
em
ents
&
Speci
fica
tions
captu
ring
Develo
pm
ent,
Veri
ficati
on,
Test,
Validati
on
Norm
al c
ases
Test ca
ses
Fault
cas
es
work
pla
n
Embedded systems today increasingly require electronics and embedded software.:
An increasing level of functionality, including not necessary but nice-to-have features;
An increasing need for safety, requiring the devices to be smart and self-aware;
Lower cost combined with higher performance, often replacing mechanical solutions with elec-tronic ones;
High reliability and trustworthiness under all circumstances;
Flexibility and allowing to upgrade as well as to customize the system. The result is that engineers are confronted with increased complexity while market pressure will often dictate lower development cost and delivery in less time. The challenge is to cope with these increasing but conflicting demands. While electronics and software provide flexibility, their use results in an expo-nential growth of complexity. If not done systematically such projects can be very costly and carry a high risk of failure. Based on the pioneering work done at Open License Society, Altreonic offers a unique solution. We identified that trying to integrate a myriad of tools and solutions is often a root cause of problems. We took a fresh look and developed a formalized approach to systems engineering. Altreonic’s approach has simplified the engineering process to a set of clearly defined and orthogonal activities. Under the banner of “unified semantics” our approach assures that at any time people share their knowledge with as little misunderstandings as possible. Furthermore, we developed a supporting framework adapted to the needs of distributed development teams.
The OpenCookbook framework was developed as an intranet portal, resulting in a real-time specification and development database of the system or product under development. It has itera-tive and evolutionary development at its core while it guides the project members to work in a consistent manner. Requirement, Specification, Modeling, Work Packages, Development, Veri-fication, Test and Validation tasks are defined in a consistent way. Barrier conditions with mile-stones can be enforced and queries allow the project manager to view the development status at any moment. Every organization has a lot of heuristic know-how but often it is not recorded or applied in a con-sistent manner and it can take years for newcomers to absorb this knowledge. Of course, integrat-ing this knowledge requires human interaction but we have the capability and tools to facilitate this. The result is a development portal that allows reusing existing IP and platforms while pre-
serving the heuristic knowledge integrated in the on-line design wizards. OpenCookbook can be made standards aware, providing the engineering team with pre-certification support while de-veloping the system. Lastly, OpenCookbook is part of our global “Push button high reliability” approach. The project entities and how they interact can be directly linked with Altreonic’s OpenVE, a visual develop-ment environment for distributed concurrent programming. At the heart lies Altreonic’s Open-
ComRTOS, a unique real-time programming environment. It was developed using formal tech-niques and provides native and transparent support for network-centric or multicore program-ming.
The OpenCookbook portal is based on a formalised but straightforward and integrated project metamodel.
Contact: Altreonic NV
Gemeentestraat 61A b1
B3210 Linden—Belgium
Tel.:+32 16 202059
info.request @ altreonic.com
From Deep Space to Deep Sea
Push button high reliability
www. Altreonic.com
REQUIREMENT21
Normal case
Test case
Failure case
SPECIFICATIONS21
Functional
Non-Functional
MODEL(S)21
Architectural
Simulation
Formal
Implementation
DEVLPMNT TASK11
Install
Write-Up Result41PreConditions31
Spec Approved
Verification TASK11PreConditions41
Work Approved
Result51
Validation TASK21
USE CASES
PreConditions51
WP completed
Result61
WorkPackage11
OpenCookbook Systems Grammar 10.11.2009
Design Views21
Process Views21
Test TASK11PreConditions61
Spec Approved
Dev Task Approv
Verif Task Approv
Result71
RELEASE1
Valid Approv
Test Approv
Issues11
ChangeRequest21
CheckPoints11
Standards Statements
Guidelines
Questions
Hints
Answers
Org Specific
Domain Specific
Misc
METHODOLOGY11
Architectural
Simulation
Formal
Implementation
Entity11
SubSystem
Interaction
Function
Interface
Method11
Procedure
Tool
Role
Developing distributed real-time embedded applications used to be hard hard. The develop-ment is even harder when the requirements dictate the use of heterogeneous target proces-sors. The target processors might use different runtime environments, including legacy Oper-ating Systems. Altreonic’s OpenVE provides the solution. OpenVE was developed using the
same principles that govern Altreonic’s sys-t e m s e n g i n e e r i n g methodology. Using meta-modeling, embedded software engineers can define their own targets, tar-get topology, applica-tion topology, graphi-cally create the pro-gram code, build and run the executable im-ages. Before the final
target is used, they can run the application on a host operating system (Windows or Linux) allowing them to verify the behavior. A built in event tracer allows users to verify the sched-uling and task interactions. Once done, a small click of the mouse changes the target proces-sor for each node and with little or no source code changes, OpenVE generates code for the final target. The event tracer displays the execution trace on the host. The host nodes can even remain part of the system e.g. for accessing stdio services, graphic displays, file services, TCP/IP sockets, etc.
OpenVE
A Unified Visual Development Environment for High Reliability Embedded Applications
Five easy steps to develop a distributed multi-tasking application: 1. Define the topology:
Put the processing nodes on the canvas and connect them 2. Define the application:
Put the tasks on the canvas, define the properties
Put the interaction icons on the canvas by selecting from the menu events, sema-phores, ports, fifo’s, resources, memory pools, packet pool or generic hubs
Add a hostserver task to interact with the application
Connect tasks and interaction icons. Select from the available services.
Add your application specific code. 3. Build:
OpenVE will generate data structures, add drivers and system tasks,
Generate routing tables and makefiles. 4. Run and watch. 5. Verify.
Just open the tracefiles and analyse the events that happened.
From Deep Space to Deep Sea
Push button high reliability
www. Altreonic.com
What are the benefits of OpenVE? 1. Productivity. The real-time embedded engineer only needs to use a single integrated environ-ment for specifying and modeling his embedded software architecture, to simulate it and to generate code for his target. 2. Target independent. OpenVE is based on a metamodel concept. This allows the engineer to adapt it to his needs. When developing a new OpenComRTOS service, the service can be added without changing the kernel. Define a suitable icon and the service becomes part of the enhanced RTOS. Adding a new target processor is as simple as adding a folder to the file system. No changes are needed to OpenVE. What’s more, the target system can be heterogeneous, covering from 8bit microcontrollers over high-end 32 or 64bit processors, to legacy operating systems providing access services. 3. Trustworthy development. Writing software is an error prone process, especially when the application is com-plex and consists of a large number of interacting and concurrent entities. OpenVE makes this process a lot less error-prone. First of all, the programming model is so straightforward that applications can be drawn on the canvas. But secondly, OpenVE generates the whole framework so that the developer only has to fill in the core functions. 4. Performance and safety. OpenVE supports the OpenComRTOS programming model. The latter was devel-oped and verified using formal modeling techniques and can be considered as a break-through in RTOS design. It has a very clean and safe architecture still 5 to 10 times smaller than equivalent hand-written code. It’s architecture also uses a unique packet switching mechanism. No buffer overflows are possible and full scalability is guaranteed. Developers can even define their own services. The pro-gramming model remains the same, whether programming single processors, many-core CPUs or networks of widely distributed processing nodes.
The event tracer acts like a software oscilloscope for the software. The node interacti-on diagrams clearly show the interpro-cessor communica-tion. Statistical profiling data complement the analysis.
DESIGN
DEFINE
MODEL
TRUSTWORTHY PRODUCTS
GENERATE
IDEAS and CONCEPTS
Contact: Altreonic NV
Gemeentestraat 61A b1
B3210 Linden—Belgium
Tel.:+32 16 202059
info.request @ altreonic.com
From Deep Space to Deep Sea
Push button high reliability
www. Altreonic.com
OpenComRTOS breaks new grounds in the field of Real-Time Operating Systems. To enable safety critical and high reliability applications, it was from the ground up developed using formal modeling.
Conceptually it was developed as a scalable communication layer to support heterogeneous multi-processor systems, but it runs equally well on a single processor. It supports small microcontrol-lers, many-core chips with little memory as well widely distributed systems. While the programming concept was inspired by a Virtual Single Processor model, the formal ap-proach was instrumental in achieving a trustwor-thy component. Moreover, it achieves unparal-leled performance with a very clean and portable architecture. An additional benefit of the unique architectural approach is safety and scalability. OpenComRTOS provides the same kernel services as most RTOS, such as starting and stopping tasks, priority based preemptive scheduling sup-porting priority inheritance, Events, Semaphores, FIFOs, Ports, Hubs, Resources and Memory Pools. Entirely written in ANSI-C (MISRA checked)
OpenComRTOS can be scaled down to about 1 KB in a single processor code size optimized implementa-tion and 2 KB in a multi-processor implementation. The data memory requirements can be as low as 18 Bytes + 64 Bytes per task, depending on the target processor. On most processors, the full code size is be-tween 5 and 10 KBytes whereas the code generation tools will remove any unused functionality. All ser-vices can be called in blocking, non-blocking, blocking with time-out and asynchronous mode (when ap-propriate for the service). The kernel itself as well as the drivers are also tasks, increasing the modularity and reducing the critical sections. From the RTOS point of view the kernel shuffles Packets around, while for the implementation the Hubs play the dominant role. Packets are sent to a Hub where they synchronies with requests from other tasks. If no request is available, the Packets are put in a priority ordered waiting queue. By design, such buffers
cannot overflow. An-other interesting fea-ture of the Hub is that it allows the user to create his own applica-tion specific services. Simulation is very im-portant, therefore Mi-crosoft Windows and Linux are supported as v i r t u a l h a r d w a r e n o d e s . W h i l e t h i s
simulator provides for logically correct operations, it allows integrating existing host operating systems or existing RTOS with the nodes running OpenComRTOS. A simple serial connection can be sufficient to establish communication. Tracer supports to analyze task scheduling and inter-node interaction.
OpenComRTOS
a Scalable and Network-Centric RTOS for Embedded Applications
Developed using formal modeling, the perfect RTOS for deeply embedded and distributed systems
W
L
W
L
Count
Synchronising
Predicate
Owner Task
CeilingPriority
Buffer List
Predicate Action
Generic Hub (N-N)
T T
TThreshold
Synchronisation
Data needs to
be buffered
Prioity Inheritance
For semaphores
Synchronisation
Waiting Lists
For resources
From Deep Space to Deep Sea
Push button high reliability
www. Altreonic.com
The application domain for OpenComRTOS is wide. As a trustworthy component, it is a solid basis for developing applications that need safety and security support with scarce process-ing and memory resources. Its concurrent programming model, transpar-ently supporting heterogeneous targets makes it an ideal candidate for SIL3 and SIL4 level appli-cations. Its scalability is also risk reducing as processors can be added or removed with very little effort depending on the application re-quirements.
OpenComRTOS addresses the market of embed-ded chips that increasingly use many-core CPUs
for higher performance and lower power con-sumption. In all these systems, zero-wait state memory is a scarce resource. The performance benefits of using OpenComRTOS come from its low latency communication as well as from its low memory requirements. At the other end of the spectrum, OpenComRTOS can be used as a thin communication layer that connects hetero-geneous systems together. OpenComRTOS is bundled with the OpenVE Visual Development Environment under a bi-nary as well as under a unique Open License
that leaves no surprises. The latter includes source code, all design documents and formal models. A kernel porting kit facilitates porting to new targets. OpenComRTOS is not just another RTOS. It re-invents the very concept. For the first time it combines trustworthiness with small code size, performance and ease of use, even for heteroge-neous distributed applications. OpenComRTOS is a concurrent programming paradigm that was designed to be used.
Available OpenComRTOS services:
F
I
F
O
Task1
I/O Driver
Task
Task3Task2
P
O
R
T
Link Driver
Task
Task4
ISR
ISR
Communication Carrier
Hardware Layer (I/O)
Packet Pool
Sending a
Packet
Receiving a
Packet
Kernel
Task
I/O Driver
Task
ISR
Task5
R
E
S
Memory Pool
H
U
B
Virtual Single Processor
S
E
M
A
E
V
E
N
T
Application View Node Independent
L1 Hub Entity Semantics
Event
Counting Semaphore
Port
FIFO queue
Resource
Packet Pool
Memory Pool
Synchronization on Boolean
Synchronization on a counter
Synchronization with exchange of
Packet
Buffered transfer of Packets
Creates a logical critical section
Dynamic packet allocation
Dynamic memory allocation
Single phase services
_NW
_W
_WT
Two phase services
_Async
Task returns immediately
Task waits till synchronization
Task waits with time-out
Task returns and synchronizes later.
Code size figures (in 8 bit Bytes)
Service MLX16 MB Xilinx
Leon3 ARM (M3)
XMOS
Hub shared
Port
Event
Semaphore
Resource
FIFO
400
4
70
54
104
232
4756
8
88
92
96
356
4904
8
72
96
76
332
2192
4
36
40
40
140
4854
4
54
64
50
222
Total 1048 5692 5756 2572 5414
Semaphore loop benchmark (= 2 signals, 2 tests, 4 context switches)
MLX16 MB *Leon3 ARM
(M3)
XMOS
Clock MHz 6 100 40 50 100
microsecs 100.8 33.6 136.1 52.7 26.8
OpenComRTOS services have been designed as the ba-sic functions which are needed in embedded applica-tions. While already rich in semantic behavior, more elaborate and specialized services can be added using the generic Hub, an implementation of Guarded Ac-
tions. The architecture allows supporting other RTOS API as well. OpenComRTOS supports heterogeneous target systems allowing to mix 8bit, 16bit and 32bit processors or even host nodes running a traditional OS. To reduce code and memory requirements, the code is statically linked with most data structures being gener-ated at compile time. The developer specifies his topol-ogy and application graphically using OpenVE or edits directly the configuration files.
*using external memory
Contact: Altreonic NV
Gemeentestraat 61A b1
B3210 Linden—Belgium
Tel.:+32 16 202059
info.request @ altreonic.com
From Deep Space to Deep Sea
Push button high reliability
www. Altreonic.com
Altreonic’s methodology and products have a long history and a long experience behind them. Our team has been managing or developing embedded products since years. Methodology and application specific experience as well as know-how are winning combinations. Whether as coach-ing consultants or executing engineers, we can help you to get your products to market faster. Quality is our trademark, methodology and experience are our assets.
How do we operate? Each project starts with a feasibility study in team with the customer. It gathers requirements, de-velops specifications and derives the skills and resources needed. If this phase is successful, the development is started in close cooperation with the customer. Teamwork is the key.
Altreonic’s system design and
embedded software engineering services
1. Creating an organization specific project OpenCookbook. OpenCookbook is based on a formalized meta-model that combines the design and workflow view in a systematic systems engineering methodology. It is implemented as an intranet based project portal. The steps:
Developing a written description of the steps involved in creat-ing a product in your organization. It captures how the organi-zation executes its projects, but it also collects crucial heuristic knowledge and might identify weak spots.
This first description is complemented with in-depth inter-views
Creating a first integrated cookbook portal Adding standards awareness Fine-tuning it using a real project. Support for maintaining and upgrading the portal.
Your benefit: Knowledge management Systematic and faster project execution Pre-certification according to applicable standards.
2. Embedded real-time programming Embedded real-time applications are not easy to develop. At Al-treonic we are at the core of this domain, having developed a unique network centric RTOS using formal methods. We know what real-time means and how to achieve it, we know what multi-tasking is and how to make it work.
3. Formal verification of software Although this is still considered as the front-end of advanced embed-ded software engineering, we have the experience and know where the limits are. We also know how a combination of formal ap-
From Deep Space to Deep Sea
Push button high reliability
www. Altreonic.com
DESIGN
DEFINE
MODEL
TRUSTWORTHY PRODUCTS
GENERATE
IDEAS and CONCEPTS
4. Embedded DSP engineering DSP systems are a demanding domain in embedded systems. They require high performance, low memory, low power and often execute complex algorithms. At Altreonic these require-ments have been a guiding context for developing our metho-dology and our products. 5. Customer specific software engineering Given the wide range of experience within our team, we de-liver innovative solutions. We have know-how and experience in embedded systems programming, algorithm development, software verification, certification but we also have know-how and experience with embedded hardware. To achieve performant products, the individual components such as microcontrollers, RISC processors, analog interfacing and FPGAs must always tightly integrate. Our team is multi-disciplinary and routinely crosses software and hardware bor-ders. If needed, we can even develop a new block of digital logic. 6. Training in systems and software engineering Altreonic’s methodology is unique, it covers the whole domain from early requirements capturing to validation until the product is ready for production. Although we developed a coherent development environ-ment, applying a methodology is first of all a mindset. A mindset that seeks to formalize and therefore achieves better results in less time. You can train your own people in this mindset as well. These trainings are not just for engineers, but concern managers as well. 7. Training in real-time programming Real-time programming is often considered to be difficult. This is partly due to the fact that real-time programming is often misunderstood. Even some commercial RTOS are not always suitable for hard real-time programming. We can teach your engineers what real-time is and how to achieve it. We can also teach them the pitfalls. What makes these trainings unique is that we can use the for-mally developed OpenComRTOS. It is one of the smallest and highest performance RTOS in the world, enabling higher per-formance with less resources. It is also the only one which was developed for scalable multiprocessing from the start.
RTOS Formal development of a distributed RTOS, porting RTOS to new targets and boards, Development of applicati-on specific services for OpenComR-TOS. DSP FFT-analysis for 3D tomography, real-time audio processing, pressure sen-sors, soft modems, speech codecs, acoustic and line echo cancellation, EEG and EKG signal processing, ima-ge processing (such as morphological blood analysis, print preparation). Software engineering Verification of closed software loop algorithms, CSP, TLA/TLC, RTOS formal modeling, protocol analysis, UML, SysML, SDL-RT, MISRA-C, Pro-mela/SPIN, UPPAAL, CBMC Systems engineering Reconfigurable and fault-tolerant tele-communcations satellite (based on 900 FPGA with softcores) , DAB decoder, OFDM, PSK, ASK, Xilinx FPGA, SDR, SpaceWire implementation in FPGA. Project management Code generators, OpenVE, Open-Cookbook, IEC 61508 Portal developement OpenSpecs, OpenCookbook Languages and tools C/C++, Java, Python, Assembler, Li-nux, Windows, Subversion, Matlab/Simulink, Eclipse, Modelsim, Pascal, MathCAD, Plone, drupal, php, Targets MicroBlaze, LEON3 (SPARCV8), MLX16, ARM, XMOS, PowerPC, 8051, ADI 218x, ADI21060, TS101, TI54xx, TI 67xx, Freescale 547/5249.
Contact: Altreonic NV
Gemeentestraat 61A b1
B3210 Linden—Belgium
Tel.:+32 16 202059
info.request @ altreonic.com
From Deep Space to Deep Sea
Push button high reliability
www. Altreonic.com