You are hereOpenComRTOS project book ready for review
OpenComRTOS project book ready for review
Altreonic has finalised a description of the OpenComRTOS project in the form of a book to be published by Springer. It discusses the reasons behind the project, why and how formal methods were used, and how the results were beyond our initial expectations. Its title is:
"Formal Development of a Network-Centric RTOS: Software Engineering for Trustworthy Embedded Systems".
Before the book will be printed, we are looking at giving it a last polish based on the review of a few selected readers. If interested, please contact Eric (dot) Verhulst (at) Altreonic.com stating your motivation and credentials. The selected reviewers will receive a hard copy once the book is printed. Below the preface and the T.O.C.
Preface of the book:
How can one improve with a factor of 10 on something that has already the reputation of being highly optimised? The answer lies in ignoring the most often wrong assumption that it is already highly optimised and by going back to basics. This inevitably includes developing a new formalisation of the problem at hand. In our case, this meant thinking anew about what a distributed RTOS (Real Time Operating System) is all about. What is the core functionality of an RTOS, of a distributed RTOS? Is there a clean way to handle task synchronisation and communication? The result was the unique OpenComRTOS project described in this book.
Taking this as an opportunity, we wanted to use formal methods to prove the final implementation. It turned out that formal methods can help to prove an implementation, but they really shine when used to model the architecture at an abstract level before any implementation is done. Their use has shown us again how much we are all influenced by what we know. After all our brains have a hard time reasoning without prior knowledge. Hence our brains tend to look for known patterns so that known rules can be applied.
Looking for better and new solutions is hampered by prior knowledge. Formal methods help us because they allow us (or some would say: force us) to think at a more abstract level, our vision less cluttered by implementation details. The result obtained in the project was a very clean and scalable architecture while verification had become almost trivial.
There is also a general assumption that trustworthy means complex and large. Great was the surprise however when we discovered it resulted in the opposite. The RTOS was measured to be up to 10 times smaller. This means less resources and less power are needed. So, to make the world less energy-hungry, use formal methods.
This project has to some extent reinvented the very concept of what an RTOS is. It is a way to model, it is a way to simulate, it is a way to verify, it is a way to program in a scalable and portable way concurrent systems. But our quest doesn't stop. OpenComRTOS is also an enabler for new functionality that is still being researched while the book is being written. A lot of the work has to do with researching the correct semantics to support e.g. composability, dynamic resource scheduling and fault tolerance. Ultimately, it might result in new hardware.
Last but not least, formal methods have proven not to be so hard to use as it was assumed to be. The project also demonstrated the strength of team work. Communication in a well working team is ultimately the way to get rid of the assumptions our brains involuntary make. Formal methods again help by replacing intuition by abstraction.
The book is organised as follows: In the first two chapters we sketch the domain of interest: trustworthy embedded real-time distributed systems. We discuss the challenges to develop applications and systems in this domain and why formal methods are becoming essential tools for the engineer working in this field. We derive from it the requirements and specifications for OpenComRTOS. In the following two chapters we look at what formal methods and tools are available and introduce TLA+/TLC that was finally selected and used in the project. Subsequently, we discuss the formal TLA+ models, as well as the architecture, of OpenComRTOS. We dwell a bit deeper on the interaction semantics and provide an overview of the code size and performance results. For the interested user the appendix includes a usage tutorial, as well as the mathematical and logic foundations behind temporal logics like TLA+. The appendix also contains the TLA+ and SPIN models used to compare both formalisms.
See attached file for the table of contents.
Attachment | Size |
---|---|
OpenComRTOS-project-book-TOC.pdf | 36.73 KB |
- Printer-friendly version
- Login to post comments