Technische Universität München Robotics and Embedded Systems
 

FTOS

 
BMBF

Model-Based Development of Fault-Tolerant Real-Time Systems

The design of fault-tolerant real-time systems is a complex task. Besides satisfying real-time requirements, it must also deliver the specified functionality in the presence of both hardware and software faults. To achieve fault-tolerance, the system has to use redundancy. This redundancy is usually achieved by replicating hardware units and executing concurrent tasks within a distributed system.

Model-based design tools promise to reduce the complexity of the design process by raising the abstraction level. However, most of the existing tools focus only on functional aspects. Code realizing non-functional requirements such as fault-tolerance mechanisms, communication, and scheduling is not targeted. However, this type of code makes up the majority of the code of a fault-tolerant real-time system.

This project proposes a model-based development tool for the design of fault-tolerant real-time systems called FTOS. FTOS focuses on the code generation of non-functional requirements and therefore complements the existing tools. The major contribution of this research is the presentation of adequate models that can be used to model fault-tolerant systems and generate the code automatically. These models comprise a formal description of the hardware architecture, the software components and their temporal behavior, the fault assumptions, and the selected fault-tolerance mechanisms.

   

Using a template-based code generator, the fault-tolerant real-time system is generated. This code generator allows an easy expansion of the code generation functionality and therefore offers a solution to handle the heterogeneity of fault-tolerant systems. In addition, the talk outlines how formal methods can be integrated to prove the correctness of the generated code.

   

Two complementary applications are used to demonstrate the practicability of the approach. The first example is a rod controlled by switched solenoids. The control program consists of a PID controller that is executed on a triple-modular redundancy (TMR) architecture. With the current setting (Intel Pentium CPU, VxWorks 6.3, Switched Ethernet) control times in the range of few milliseconds (2.5 ms for the given application) can be achieved. Only the PID control function must be implemented by the application developer, the remaining code is generated by FTOS. The second application, an elevator control, demonstrates the ability of FTOS to cope with heterogeneous hardware. Two control units (Power PC, VxWorks 6.3, CAN) perform the application logic. Five micro controllers (Atmel ATMEGA90CAN128, no OS, CAN) realize the I/O functionality for each elevator. In combination with EasyLab it was even possible to develop the whole application without writing a single line of code (zero code development).

This work is funded by the German Ministry of Education and Research BMBF under grant 01ISF12A.

People

Partners

Publications

[1] Frank Reichenbach, Dominik Sojer, Christian Buckl, and Alois Knoll. A model-driven approach for runtime reliability analysis. In Proceedings of the Sixth Latin-American Symposium on Dependable Computing, April 2013. [ DOI | .bib | .pdf ]
[2] Dominik Sojer, Christian Buckl, and Alois Knoll. Deriving fault-detection mechanisms from safety requirements. Springer Computer Science - Research and Development, 2012. [ DOI | .bib | .pdf ]
[3] Dominik Sojer, Christian Buckl, and Alois Knoll. Synthesis of diagnostic techniques based on an IEC 61508-aware metamodel. In Proceedings of the 6th Symposium on Industrial Embedded Systems (SIES2011), Work-in-Progress Session, 2011. [ DOI | .bib | .pdf ]
[4] Dominik Sojer. Synthesis of fault detection mechanisms. In Proceedings of the 35th IEEE International Computer Software andApplications Conference (COMPSAC 2011), Doctoral Symposium, 2011. [ DOI | .bib | .pdf ]
[5] Christian Buckl, Dominik Sojer, and Alois Knoll. FTOS: Model-driven development of fault-tolerant automation systems. Proceedings of the 15th IEEE International Conference on Emerging Techonologies and Factory Automation, 2010. [ DOI | .bib | .pdf ]
[6] Dominik Sojer, Christian Buckl, and Alois Knoll. Stand und Anforderungen an eine Werkzeugunterstützung zur Entwicklung von Automatisierungssoftware. Technical Report TUM-I1003, Technische Universität München, 2010. [ .bib | .pdf ]
[7] Dominik Sojer, Christian Buckl, and Alois Knoll. Formal modeling of safety requirements in the model-driven development of safety critical embedded systems. In Proceedings of the Eighth European Dependable Computing Conference(EDCC 2010), 2010. [ .bib | .pdf ]
[8] Dominik Sojer, Christian Buckl, and Alois Knoll. Vom Modell zum Code fuer IEC 61508, ISO 26262 und Co. In Proceedings of the 3rd Embedded Software Engineering Congress, 2010. [ .bib ]
[9] Dominik Sojer, Christian Buckl, and Alois Knoll. Propagation, transformation and refinement of safety requirements. In Proceedings of the 3rd Workshop on Non-functional System Propertiesin Domain Specific Modeling Languages, 2010. [ .bib | .pdf ]
[10] Christian Buckl. Model-Based Development of Fault-Tolerant Real-Time Systems. PhD thesis, Technische Universität München, 2008. [ .bib | .pdf ]
[11] Christian Buckl, Matthias Regensburger, Alois Knoll, and Gerhard Schrott. Models for automatic generation of safety-critical real-time systems. In Proceedings of the Second International Conference on Availability, Reliability and Security (ARES)), pages 580-587. IEEE, 2007. [ .bib | .pdf ]
[12] Christian Buckl, Matthias Regensburger, Alois Knoll, and Gerhard Schrott. A model-based code generator in the context of safety-critical systems. In Third Latin-American Symposium on Dependable Computing - Fast Abstracts Volume, pages 3-4, 2007. [ .bib | .pdf ]
[13] Christian Buckl, Matthias Regensburger, Alois Knoll, and Gerhard Schrott. Generic fault-tolerance mechanisms using the concept of logical execution time. In Proceedings of the 13th Pacific Rim International Symposium on Dependable Computing), pages 3-10. IEEE, 2007. [ .bib | .pdf ]
[14] Matthias Regensburger, Christian Buckl, Alois Knoll, and Gerhard Schrott. Model based development of safety-critical systems using template based code generation. In Proceedings of the 13th Pacific Rim International Symposium on Dependable Computing), pages 89-92. IEEE, 2007. [ .bib | .pdf ]
[15] Christian Buckl. Developing dependable real-time systems. In Proceedings of the Embedded World Conference, pages 285-294, 2006. [ .bib | .pdf ]
[16] Christian Buckl, Alois Knoll, and Gerhard Schrott. Template-based development of fault-tolerant embedded software. In Proceedings of the International Conference on Software Engineering Advances, pages 65-70. IEEE, 2006. [ .bib | .pdf ]
[17] Christian Buckl, Alois Knoll, and Gerhard Schrott. Model-based development of fault-tolerant embedded software. In Proceedings of the Second International Symposium on Leveraging Applications of Formal Methods, Verification and Validation (IEEE-ISoLA), pages 103-110. IEEE, 2006. [ .bib | .pdf ]
[18] Christian Buckl, Alois Knoll, and Gerhard Schrott. Zerberus System - Ein Entwicklungsmodell für sichere und zuverlässige Computersysteme. In Tagungsband Diskussionskreis Fehlertoleranz, pages 15-22. Shaker-Verlag, 2005. [ .bib | .pdf ]
[19] Christian Buckl, Alois Knoll, and Gerhard Schrott. The Zerberus language: Describing the functional model of dependable real-time systems. In Proceedings of the Second Latin-American Symposium on Dependable Computing, number 3747 in Lecture Notes in Computer Science, pages 101-120. Springer, 2005. [ .bib | .pdf ]
[20] Christian Buckl, Alois Knoll, and Gerhard Schrott. Development of dependable real-time systems with Zerberus. In Proceedings of the 11th IEEE Pacific Rim International Symposium on Dependable Computing. IEEE, 2005. [ .bib | .pdf ]