Periodic Reporting for period 2 - CUSTOMER (Customizable Embedded Real-Time Systems: Challenges and Key Techniques)
Berichtszeitraum: 2021-04-01 bis 2022-09-30
Technology solutions are becoming utterly and increasingly dependent on software. Today, the functionality as well as economical value of most industrial systems and products such as cars, smartphones, and medical devices are realized in software as embedded systems. The reliability of these systems is fundamental to the functioning of our society, as evidenced by horric accidents reported inrecent years, e.g. involving auto-driving Tesla cars controlled by software. The current trend is that embedded systems will serve as an open platform to integrate an expanding number of software components, each or several jointly implementing a functionality. To be sustainable, future systems must support dynamic updates on demand over their operational life-time, e.g. in order to defend against upcoming security threats with software patches, and to enhance and customize their functionality according to the varying needs of individual users. To be feasible and to ensure the resulting systems stay safe, software updates must be performed in a component-wise and incremental manner without demanding re-designing or updating the whole system. As an example, cars offer a shared computing platform enabling new applications to be deployed over multiple smart sensors and electronic control units for better performance and new functionalities (e.g. more fuel-efcient engine control, lane following, pedestrian detection). For trips in Northern Europe, we may want to install applications for black ice- and elk-detection to drive safely; whereas, for trips in Southern Europe, software that optimizes regenerative breaking with hot batteries in humid conditions would be more useful. Another example is pacemaker. Over time (e.g. due to aging), a patient carrying such a medical device may develop a new heart problem. To treat the emerging disease, doctors may propose installing a new application instead of replacing the device with a new one, which may require an expensive surgery.
Unfortunately current design methodologies for embedded systems offer only limited support for software updates on systems in operation. Such updates are not possible today for systems like aircrafts since the resulting systems can not be guaranteed to stay safe. A crucial obstacle is that embedded systems built today are often impossible to modify or extend with new components after deployment due to their inadequate system architectures not prepared for updates. Any changes may crash the original system and/or jeopardize the safety of the resulting system. For smart phones, one may simply uninstall the new components. A car, on the other hand, is a highly safety-critical system, which must satisfy crucial safety and timing requirements on braking, driver assistance, etc. A single instance of violating such requirements may result in serious accidents or loss of human lives. While re-designing the system is not a feasible option, the existing approach today to extensively re-test the entire resulting system conguration in the lab for updates will not scale for future systems. The sheer number of possible system states and congurations prohibits testing them all. The mission of CUSTOMER is to change the way how today’s embedded systems are developed and provide the missing design paradigm and technologies for constructing embedded systems on composable architectures prepared for future (component-wise) modications, that can be updated on demand after deployment dynamically, safely and securely over their operational life-time.
Unfortunately current design methodologies for embedded systems offer only limited support for software updates on systems in operation. Such updates are not possible today for systems like aircrafts since the resulting systems can not be guaranteed to stay safe. A crucial obstacle is that embedded systems built today are often impossible to modify or extend with new components after deployment due to their inadequate system architectures not prepared for updates. Any changes may crash the original system and/or jeopardize the safety of the resulting system. For smart phones, one may simply uninstall the new components. A car, on the other hand, is a highly safety-critical system, which must satisfy crucial safety and timing requirements on braking, driver assistance, etc. A single instance of violating such requirements may result in serious accidents or loss of human lives. While re-designing the system is not a feasible option, the existing approach today to extensively re-test the entire resulting system conguration in the lab for updates will not scale for future systems. The sheer number of possible system states and congurations prohibits testing them all. The mission of CUSTOMER is to change the way how today’s embedded systems are developed and provide the missing design paradigm and technologies for constructing embedded systems on composable architectures prepared for future (component-wise) modications, that can be updated on demand after deployment dynamically, safely and securely over their operational life-time.
As the first-priority task of the project right from the beginning, CUSTOMER has now successfully developed a semantic model, named MIMOS, for real-time systems which on one hand, ensures the deterministic input-output and predictable timing behaviors of a system, and on the other hand supports incremental updates after deployment without re-designing the whole system. In MIMOS, a real-time system is described as a network of software components connected by communication channels where each component is designed to compute a collection of functions over data streams and a channel can be of two types: FIFO queues for buffering inputs and outputs, and registers for sampling time-dependent data from sources such as sensors or streams that are written and read at different rates. The components are further specified as real-time
tasks to enforce that they read inputs, compute, and write outputs at time points satisfying certain time constraints. A fixed-point semantics is developed for the model, showing that it enjoys two desired properties: (1) such a network of real-time software components computes a set of functions over data streams such that each of them, for a given set of (timed) input streams, defines a unique (timed) output stream; furthermore (2) the network can be modified by integrating new components for adding new system functions or replacing the existing components with refined ones (e.g. for better performance or security patches) without re-designing the whole system or changing the original system functions.
tasks to enforce that they read inputs, compute, and write outputs at time points satisfying certain time constraints. A fixed-point semantics is developed for the model, showing that it enjoys two desired properties: (1) such a network of real-time software components computes a set of functions over data streams such that each of them, for a given set of (timed) input streams, defines a unique (timed) output stream; furthermore (2) the network can be modified by integrating new components for adding new system functions or replacing the existing components with refined ones (e.g. for better performance or security patches) without re-designing the whole system or changing the original system functions.
The MIMOS model has been presented at COORDINATION 2022 June 13-17 - the 24th International Conference on Coordination Models and Languages.
To our best knowledge, the MIMOS model is the first semantic model for real-time systems, which is deterministic and also composable. Differently from the semantic model for the family of synchronous programming languages such as Lustre for real-time programming, MIMOS adopts asynchronous communications via FIFO channels and registers. MIMOS is deterministic: for a given set of input streams, the set of output streams determined by a MIMOS model are unique. The determinism allows that the complete behavior of the resulting system can be verified by simulation prior to the implementation and any intended update. MIMOS is composable: it allows for updates by integration of new components on a system after deployment for new functions without re-designing the whole system or interfering with the existing system functionality. Additionally, existing components may be replaced also by new ones fulfilling given requirements.
Based on MIMOS, CUSTOMER is currently developing a modelling and programming language as well as a set of software tools including a GUI, a tool for scheduling and timing analysis, a code generator for simulation and a descrition language based GEM5 for hardware architechture design and WCET estimation of software components. A compiler will be developed to generate executable code from MIMOS models for not only simulation but also final implementation on a given target platform.
To our best knowledge, the MIMOS model is the first semantic model for real-time systems, which is deterministic and also composable. Differently from the semantic model for the family of synchronous programming languages such as Lustre for real-time programming, MIMOS adopts asynchronous communications via FIFO channels and registers. MIMOS is deterministic: for a given set of input streams, the set of output streams determined by a MIMOS model are unique. The determinism allows that the complete behavior of the resulting system can be verified by simulation prior to the implementation and any intended update. MIMOS is composable: it allows for updates by integration of new components on a system after deployment for new functions without re-designing the whole system or interfering with the existing system functionality. Additionally, existing components may be replaced also by new ones fulfilling given requirements.
Based on MIMOS, CUSTOMER is currently developing a modelling and programming language as well as a set of software tools including a GUI, a tool for scheduling and timing analysis, a code generator for simulation and a descrition language based GEM5 for hardware architechture design and WCET estimation of software components. A compiler will be developed to generate executable code from MIMOS models for not only simulation but also final implementation on a given target platform.