Giorgio Buttazzo, University of Pavia
Scalable applications for energy-aware processors
ABSTRACT   PDF

 


Paolo Faraboschi, Hewlett Packard Laboratories
DELI: a New Runtime Control Point in the Execution of Programs
ABSTRACT   PDF

 


Nicolas Halbwachs, Verimag
Synchronous Modelling of Asynchronous Systems
ABSTRACT    PDF

 


David Harel, Weizmann Institute
Can Behavioral Requirements be Executed? (And why would we want to do so?)
ABSTRACT   PDF

 


Christoph Kirsch, University of California, Berkeley
Principles of Real-Time Programming
ABSTRACT   PDF

 


Bran Selic, Rational
Physical Programming: Beyond Mere Logic

ABSTRACT   PDF

 


Luciano Lavagno, Politecnico di Torino and Cadence Labs
Processes, interfaces and platforms. Embedded software modeling in Metropolis
ABSTRACT    PDF

 


Nancy Leveson, MIT
An Approach to Designing Safe Embedded Software
ABSTRACT    PDF


Sharad Malik, Princeton University
Embedded Software Implementation Tools for Fully Programmable Application Specific Systems
ABSTRACT    PDF

 


Al Mok, University of Texas, Austin
Real-Time Virtual Resource: the Timely Abstraction for Embedded Systems
ABSTRACT
  PDF

 


Amir Pnueli, Weizmann Institute
Embedded Systems: Challenges in Specification and Verification
ABSTRACT   PDF

 


Douglas C. Schmidt, University of California, Irvine
Adaptive and Reflective Middleware for Distributed, Real-time, and Embedded Combat Systems

ABSTRACT    PDF

 


Lui Sha, University of Illinois at Urbana-Champaign
Dependable and Secured Evolution of Embedded System Software
ABSTRACT
   PDF




Giorgio Buttazzo
Scalable applications for energy-aware processors

Next generation processors for battery operated computing systems can work under different voltage levels to balance speed versus power consumption. In such a way, the performance of a system can be degraded to achieve a longer battery duration, or it can be increased when the battery level is high. Unfortunately, however, in the presence of timing and resource constraints, the performance of a real-time system does not always improve as the speed of the processor is increased. Similarly, when reducing the processor speed, the quality of the delivered service may not always degrade as expected. This paper presents the potential problems that may arise in a voltage-controlled real-time system and proposes an approach that allows to develop real-time applications, whose performance can be scaled in a controlled fashion as a function of the processor speed.
   
Paolo Faraboschi
DELI: a New Runtime Control Point in the Execution of Programs

We are all familiar with the method of loading and executing programs, where most traditional program transformations terminate before the program runs. The last decade has witnessed the steady growth of techniques that continue operating code manipulations while the program is running, from dynamic loaders to Java Just-In-Time compilers and emulators. The DELI (Dynamic Execution Layer Interface) captures these fundamental properties by providing fine-grain control over the execution of program: its clients can observe and potentially transform every single instructions of a program just before it runs. DELI accomplishes this by opening up an interface to the layer between the execution of application software and hardware. After describing the basic aspects of the DELI facilities (caching and linking, the hardware abstraction layer, and the transformation infrastructure), this talk discusses a potential set of applications that DELI facilitates, such as binary emulation, software patching and code streaming. Finally, the talk details a case study of embedded system emulation using DELI, presenting results of a PocketPC/SuperH system emulated on an embedded VLIW processor. In this case, DELI enables us to achieve almost-native performance on emulated code, and to easily mix-and-match native and emulated code. The results show the effectiveness of DELI to handle this class of applications, and demonstrate the importance of this new control point. The DELI works. If it ultimately works as well as we believe, we think virtually every processor - general purpose or embedded - will include such a facility. Exposing this control point will then have far-reaching changes in the way in which we execute programs on a computing system.
 
  Nicolas Halbwachs
Synchronous Modelling of Asynchronous Systems

We investigate the use of synchronous languages to model partially asynchronous systems. Through the use of intermittent activations and assertions, synchronous processes can be composed according to various asynchronous models. Common synchronization and communication mechanisms can be described. The resulting descriptions can be simulated and verified, using classical tools of synchronous programming.
   
David Harel
Can Behavioral Requirements be Executed? (And why would we want to do so?)

A novel approach to behavioral requirements for reactive systems is described, in which scenario-based requirements are "played in" directly from the system's GUI or some abstract version thereof, and behavior can then be "played out" freely, adhering to all the requirements. The approach is supported and illustrated by a tool we have built -- the play-engine. As the requirements are played in, the play-engine automatically generates a formal version in a time-enriched version of the language of live sequence charts (LSCs). As behavior is played out, the engine causes the application to react according to the universal ("must") parts of the specification; the existential ("may") parts can be monitored to check for successful completion. We will also describe a "smart" play-out mode, whereby parts of the plan for execution are computed using model-checking. Thus, we employ formal verification techniques for driving the execution. The approach appears to be useful in many stages in the development of reactive systems, and could also pave the way to systems that are constructed directly from their requirements, without the need for intra-object or intra-component modeling or coding at all.
   
Bran Selic
Physical Programming: Beyond Mere Logic

Conventional wisdom encourages software designers to take a Platonic approach to design; they are instructed to focus on ensuring the correctness of the logic of their software while playing down or even ignoring the generally unpleasant characteristics of the underlying computing platform. However, as software systems become increasingly more integrated into our everyday activities, this approach can be highly counterproductive. For example, when a software system is distributed over multiple physically distinct platforms, seemingly mundane things such as transmission delays or component failures can have a critical impact on program logic. The widely-held view that physical concerns only matter in highly specialised domains, such as real-time or fault-tolerant systems, leaves us singularly unprepared for the coming generation of Internet-based software. In this talk, we first examine the different ways in which software logic can be affected by its physical context. We then outline a conceptual framework for extending traditional software engineering concepts to deal with these issues.
   
Luciano Lavagno
Processes, interfaces and platforms. Embedded software modeling in Metropolis.

The goal of the Metropolis project is to provide a framework for modeling embedded systems across several levels of abstraction, from functional (untimed) to RTL, for various implementation choices, from dedicated hardware to programmable hardware and processors. Emphasis is placed on formal specification and refinement, in order to allow one to apply both synthesis, analysis and verification algorithms at all steps of design. The framework itself will provide some such algorithms, as well as allowing one to "plug in" new ones.
In this paper we will focus on the embedded software design problem, starting from very abstract specifications, e.g. in the form of UML diagrams, then decomposing them into networks of processes and communication media, and finally mapping them onto a platform including a processor, a Real Time Operating System and communication components. We will illustrate how a clean separation of concerns between functionality and interfaces, as well as between computation and communication, leads to better re-use and a more optimized implementation. We will also show how the problem of mapping a process network to a software platform including both non-programmable (e.g. RTOS API, TCP/IP stack) and programmable (e.g. C language) components can be formulated and solved.
   
  Nancy Leveson, MIT
An Approach to Designing Safe Embedded Software

The complexity of most embedded software limits the ability to assure safety after the fact, e.g., by testing or formal verification of code. Instead, to achieve high confidence in safety requires considering it from the start of system development and designing the software to reduce the potential for hazardous behavior. An approach to building safety into embedded software will be described that integrates system hazard analysis, tracability, and informal specifications combined with executable and analyzable models. The approach has been shown to be feasible and practical by applying it to complex systems experimentally and by its use on real projects.
   
Sharad Malik
Embedded Software Implementation Tools for Fully Programmable Application Specific Systems

A variety of diverse pressures are shaping how we will design digital systems in the near future. Shrinking geometries into the deep submicron range raise electrical design challenges that make it impossible to use existing methodologies for application specific system design. In addition, the corresponding exponential increase in the number of devices per chip results in a complexity problem which by itself threatens to cripple existing design methodologies. Finally, increased non-recurring engineering costs for masks and design tools force designs to be limited to higher volume products. All of these point to a gradual reduction of designs done using conventional ASIC (application specific integrated circuits) design methodology.

The above forces are resulting in an increase in systems that contain programmable components that are specialized for a specific application domain, while at the same time providing design flexibility that permits the same device to be used for a range of related products and also generations of a product. These systems need to satisfy one or more of high computation, low power, and real-time constraints. Architecturally, these constraints are met by exploiting concurrency at all levels - at the bit operation level through specialized functional units, at the instruction level through instruction level parallelism and at the coarse grain level through on-chip multiprocessing.

This class of highly specialized embedded systems requires specialized software implementation tools to ensure an efficient mapping of the application onto the architecture. These tools - particularly the compiler and simulator - are needed for two distinct aspects of the design. During architectural evaluation, they are needed to provide feedback about the suitability of the architecture for the application. During system implementation, they are needed to ensure efficient mapping and validation of design constraints. These functions result in requirements that make these tools different from traditional software development environments. The first requirement is the strong need for retargetability - this is critical during the architectural evaluation stage to rapidly examine a range of alternatives. The second requirement is the need to consider metrics such as power consumption, real-time constraints and size - metrics that traditionally are not used with software components.

The MESCAL (Modern Embedded Systems: Compilers, Architectures and Languages) project is focused on developing a complete set of design tools for architectural exploration, architectural evaluation as well as system implementation. This is joint work with David August at Princeton and Kurt Keutzer and Richard Newton at UC Berkeley. This presentation will focus on the software implementation tools and associated methodology used for architectural evaluation, as well as system implementation, and describes some solutions to the challenges posed by the above requirements.
   
Aloysius K. Mok
Real-Time Virtual Resource: the Timely Abstraction for Embedded Systems

Embedded systems comprise of tasks that have a wide variety of timing requirements, from the lax to the very stringent. The mixing of such tasks has been handled by specialized real-time schedulers, from the traditional cyclic executive dispatcher to sophisticated dynamic-priority schedulers. A common assumption of these real-time schedulers is the avai- lability of global knowledge of the entire task set, since this assumption is required to ensure the schedulability of the time-critical tasks notwithstanding the interference of the less time-critical tasks. In this paper, we discuss the notion of a real-time virtual resource which abstracts the sharing of a physical resource such as a CPU by multiple time-critical tasks. Each real-time virtual resource is a virtual resource in the traditional sense of operating sys- tems but its rate of service provision varies with time and is bounded. The real-time virtual resource abstraction allows tasks with wide-ranging timing criticality to be pro- grammed as if they run on dedicated but slower CPUs such that global knowledge of the tasks is not necessary for schedulability analysis. More importantly, events or signals that are timing sensitive may retain their timeliness pro- perties to within a bound under the real-time virtual resource abstraction, thereby permitting the composition of real-time tasks to preserve global timeliness properties.
   
  Douglas C. Schmidt
Adaptive and Reflective Middleware for Distributed, Real-time, and Embedded Combat Systems


Two fundamental trends are influencing the way that new distributed, real-time, and embedded (DRE) systems are being conceived and constructed:

1. Information technology of all forms is becoming highly commoditized, i.e., hardware and software artifacts are getting faster, cheaper, and better at a relatively predictable rate.

2. There's a growing acceptance of a network-centric paradigm, where distributed applications with a range of quality of service (QoS) needs are constructed by integrating separate components connected by various forms of communication services.

The interplay of these two trends has yielded new architectural concepts and services embodying layers of middleware. These layers are interposed between applications and commonly available hardware and software infrastructure to make it feasible, easier, and more cost effective to develop and evolve systems using reusable software. Middleware stems from recognizing the need for more advanced and capable support--beyond simple connectivity--to construct effective DRE systems. A significant portion of middleware-oriented R&D activities over the past decade have focused on

1. The identification, evolution, and expansion of our understanding of current middleware services in providing this style of development and

2. The need to define additional middleware layers and capabilities to meet the QoS challenges associated with constructing future mission-critical DRE systems.

While it is possible in theory to develop complex DRE systems from scratch, contemporary economic and organizational constraints, as well as increasingly complex requirements and competitive pressures, are making it implausible to do so in practice. Thus, the role is played by ``commodity-off-the-shelf'' (COTS) hardware and software has become increasingly significant. However, the current generation of COTS hardware and software components lack adequate support for mission-critical DRE systems with stringent QoS requirements. Moreover, there is a pressing need to coordinate individual advances in the solution space being addressed by different parts of the R&D community. Unless pieces of the emerging COTS solution are available as coordinated, integrated packages, their value is severely diminished and may in fact make matters worse instead of better.

Fortunately, recent advances in fundamental software technologies, such as distributed object computing (DOC) middleware frameworks and pattern-oriented software architectures, are helping address the challenges outlined above. DOC middleware frameworks provide end-to-end QoS support by coordinating lower-level hardware, networking, and endsystem mechanisms that monitor and control application- or user-centric tradeoffs. Patterns capture the "best practices" and design constraints associated with developing QoS-enabled middleware. This presentation describes recent advances and future directions in framework and pattern technologies that are needed to yield the new generation of QoS-enabled adaptive and reflective middleware systems.
   
  Lui Sha
Dependable and Secured Evolution of Embedded System Software

The design of flexible, reliable, and survivable, networked embedded systems has many challenges. One of them is the technology to support dependable and secured software upgrades, because large distributed control system have long life cycles and their downtimes are often very expensive. The techniques used for network based upgrade of general-purpose systems today are not adequate for distributed real time systems, since these techniques do not explicitly address the real time requirements and inadequately address the reliability and security requirements. The 2001 Conference on Infrastructure Protection (CIP'2001) reported that insider attacks, while a minority of all computer intrusions, inflict the most serious and expensive damage. In this talk, I will present our group's recent research on technologies for dependably and securely evolving networked embedded systems.