Showing papers presented at "International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing in 1998"

The time-triggered architecture

Abstract: The Time-Triggered Architecture (TTA) is a computer architecture for distributed real-time systems in safety critical applications, such as computer controlled brakes, or computer assisted steering in an automobile. The TTA is a composable architecture for the design of large real-time systems. Its main characteristics are a common notion of time in all subsystems of the architecture and the provision of fully specified interfaces, called temporal firewalls, between these subsystems. This paper gives an overview of the TTA, discusses the architectural principles, describes the sensor/actuator interfaces in the TTA and informs about the implementation of fault-tolerance in the TTA.

Specifying and measuring quality of service in distributed object systems

Abstract: Distributed applications are difficult to build and maintain and are even more difficult when the applications are distributed over wide-area networks. Distributed Object Computing middleware has emerged to simplify the building of distributed applications by hiding implementation details behind functional interfaces. However, critical applications have non-functional requirements, such as real-time performance, dependability, or security, that are as important as the functional requirements, but are also hidden by the middleware. Because current distributed object middleware doesn't support these aspects of critical applications, application developers often find themselves bypassing the distributed object systems, effectively gaining little or no advantage from the middleware. We have developed Quality Objects (QuO), a framework for including Quality of Service (QoS) in distributed object applications. QuO supports the specification of QoS contracts between clients and service providers, runtime monitoring of contracts, and adaptation to changing system conditions. A crucial aspect of QuO is a suite of Quality Description Languages for describing states of QoS, system elements that need to be monitored to measure the current QoS, and notification and adaptation to trigger when the state of QoS in the system changes. This paper gives a brief overview of QuO and describes the syntax and semantics of CDL, the component of QDL for describing QoS contracts.

A reliable mobile agents architecture

Abstract: This paper describes the design of a novel mobile agent system that supports the flexible and reliable interaction of autonomous components in an object-oriented distributed system. It discusses the object-oriented design of the overall system together with a number of important components in terms of the most important design decisions. A detailed description of the reliability model is given in terms of the failure hypothesis and the related recovery protocols. Special emphasis is given to the generality and efficiency of the implementation and a number of preliminary experiences are described.

An adaptive approach to object-oriented real-time computing

Abstract: Real time computing is becoming an enabling technology for many important distributed applications such as flexible manufacturing, multimedia, robotics and process control. Traditionally, real time systems have been realized as isolated embedded systems. Unfortunately, this approach no longer suffices for future complex systems in the application scenarios mentioned above. In this situation, the use of an object oriented design paradigm greatly reduces the complexity of the system while improving reusability and manageability. Furthermore, the surrounding IT infrastructure is more and more accessible through object oriented interfaces (e.g. CORBA). In addition, object oriented modeling allows reflection of the dynamic characteristics of the applications mentioned above by instantiating objects dynamically. In order to meet the real time requirements in such an environment, static scheduling is not sufficient since many non predictable resource conflicts influence execution times. Therefore, the most distinguishing requirement of these complex heterogeneous systems is the need of the computing system to dynamically adapt to dynamically changing conditions. Little work has been done on integrating object oriented system design with resource allocation algorithms that are flexible enough to cope with this new requirement. The paper presents an approach for an adaptive object oriented system with integrated monitoring, dynamic execution time prediction and scheduling. It explains how this approach is applied to CORBA and C++.

An approach to distributed component-based real-time application software development

Abstract: Component-based software development would allow application software to be largely constructed rather than programmed. This approach would dramatically improve the productivity of software development. Although there are many reusable software packages available, the integration of the chosen parts remains a very difficult problem because there are many barriers of integration, including programming languages, operating systems, communication mechanism, interface, etc. In this paper, an approach to developing real-time application software based on a distributed component architecture and cross-platform and cross-language integration of these software components is presented. The Common Object Request Broker Architecture (CORBA) is used in the implementation. The distributed components will satisfy easy retrieval and integration over a heterogeneous distributed system environment. A component replication mechanism is used for providing fault-tolerance. Using object adapters with a real-time request monitor and scheduler that are transparently generated by a distributed component integration tool, real-time and fault-tolerance features can be easily incorporated in the application software.

Invocation of real-time objects in a CAN bus-system

Abstract: The paper focuses on method invocation of real-time objects in a CAN-based distributed real-time system. A simple object model is introduced, which allows the convenient modelling of hardware and software components. Related to the object model, two issues are discussed. Firstly, a model is introduced which allows to form and address object groups. This reflects a basic need in a real-time system to distribute information to multiple clients efficiently. Secondly, the paper discusses an approach to express timing requirements for object invocations. To achieve distributed consensus on communication resource access, an EDF-like approach is introduced, which takes advantage of knowledge about deadlines, the number of remaining communication activities and the remaining worst-case execution time for the invoked method at each point of time.

A purpose-oriented access control model for object-based systems

Abstract: Distributed applications are modelled in an object-based model like CORBA. Here, the system is a collection of objects. The objects are manipulated only through operations supported by themselves. The purpose-oriented model is proposed where an access rule shows for what each subject s manipulates an object o by an operation t of o so as to keep the information flow legal. The purpose of s to access o by t is modelled to be what operation u of s invokes t to manipulate o. That is, the purpose-oriented access rule is specified in the form (s:u, o:t). In the object-based system, on receipt of a request op from an object o/sub 1/, an object o/sub 2/ computes op and then sends back the response of op to o/sub 1/. Here, if the request and the response carry data, the data in o/sub 1/ and o/sub 2/ is exchanged among o/sub 1/ and o/sub 2/. Furthermore, the operations are nested in the object-based system. Even if each purpose-oriented rule between a pair of objects satisfies the information flow relation, some data in one object may illegally flow to another object through the nested invocation of operations. In this paper, we discuss what information flow is legal in the nested invocations in the purpose-oriented model of the object-based system.

An implementation model for time-triggered message-triggered object support mechanisms in CORBA-compliant COTS platforms

Abstract: Object-oriented analysis and design methodologies have become popular in development of non-real-time business data processing applications. However, conventional object-oriented techniques have had minimal impacts on development of real-time applications mainly because these techniques do not explicitly address key characteristics of real-time systems, in particular timing requirements. The Time-triggered Message-triggered Object (TMO) structuring is in our view the most natural extension of the object-oriented design and implementation techniques which allows the system designer to explicitly specify timing characteristics of data and function components of an object. To facilitate TMO-based design of real-time systems in the most cost-effective manner it is essential to provide execution support mechanisms in well-established commercial software/hardware platforms compliant with industry standards. In this paper, we present an implementation model for TMO support mechanisms in CORBA-compliant commercial-off-the-self (COTS) platforms. We first introduce a natural and simple mapping between TMO's and CORBA objects. Then, we identify the services to be provided by the TMO support subsystem and an efficient way these services should be implemented. The rest of the paper discusses an implementation of the proposed model realized on top of the Windows NT operating system and the Orbix object request.

Architecture and object model for distributed object-oriented real-time databases

Abstract: The confluence of computers, communications, and databases is quickly creating a global virtual database where many applications require real time access to both temporally accurate and multimedia data. This is particularly true in military and intelligence applications, but these required features are needed in many commercial applications as well. We are developing a distributed database, called BeeHive, which could offer features along different types of requirements: real time, fault tolerance, security, and quality of service for audio and video. Support of these features and potential trade offs between them could provide a significant improvement in performance and functionality over current distributed database and object management systems. We present a high level design for BeeHive architecture and sketch the design of the BeeHive Object Model (BOM) which extends object oriented data models by incorporating time and other features into objects.

Providing end-to-end QoS assurances in a CORBA-based system

Abstract: In this paper we describe the implementation of our end-to-end QoS-driven resource management scheme, called ERDoS, within a CORBA-compliant ORB that we call the ERDoS QoS ORB. Unlike other real-time CORBA implementations that focus on real-time support for simple client-server applications, our ERDoS QoS ORB provides end-to-end QoS support (i.e., QoS spanning computer network, and storage resources) to applications, while retaining the benefits of an open distributed object system. Specifically we present three contributions. First, we present a model for describing end-to-end applications as a combination of client-server interactions between CORBA objects. Second, we define a model for relating the user/application level QoS requirements to the corresponding resource demand requirements of these individual CORBA objects. Third, we suggest a framework for performing distributed resource management within the CORBA environment.

Exception handling in object-oriented real-time distributed systems

Abstract: Exception handling in a complex concurrent and distributed system (e.g. one involving cooperating rather than just competing activities) is often a necessary, but a very difficult, task. No widely accepted models or approaches exist in this area. The object-oriented paradigm, for all its structuring benefits, and real-time requirements each add further difficulties to the design and implementation of exception handling in such systems. In this paper, we develop a general structuring framework based on the coordinated atomic (CA) action concept for handling exceptions in an object-oriented distributed system, in which exceptions in both the value and the time domain are taken into account. In particular, we attempt to attack several difficult problems related to real-time system design and error recovery, including action-level timing constraints, time-triggered CA actions, and time-dependent exception handling. The proposed framework is then demonstrated and assessed using an industrial real-time application-the Production Cell III case study.

State restoration in a COTS-based N-modular architecture

Abstract: Mechanisms for restoring the state of a channel in an N-modular redundant architecture are necessary to prevent redundancy attrition due to transient faults and to allow failed channels to be brought back on line after repair. This paper considers software-implemented mechanisms for state restoration (SR) in a generic fault-tolerant architecture in which both the underlying hardware and operating system are commercial off-the-shelf (COTS) components. State restoration involves copying the values of state variables from the active channel(s) across to the joining channel. Concurrent updating of state variables by application tasks is considered. Two state restoration schemes are considered: Running SR and Recursive SR. In the former, each state variable is copied exactly once while concurrent updates are written through to the joining channel. In the latter state variables are copied once and then recopied recursively until no concurrent updates are detected.

Coordinated atomic actions in modelling object cooperation

Abstract: The approach described in this paper makes use of Coordinated Atomic Actions (CA actions)-a structural design mechanism, for representing the cooperation between objects, at different stages of the software development. The original concept of a CA action has been expanded for accommodating the modelling needs of the initial stages of software development. One of the motivations for using CA actions in an OO approach, is the ability of CA actions to extract from the specification of an object those issues which are related with its the collaborative activities, thus avoiding that a specification of a cooperation be scattered among the specifications of the objects. The feasibility of the approach is demonstrated in terms of a benchmark case study.

Specification of real-time interaction constraints

Abstract: We present a coordination language and its semantics for specification and implementation of object-oriented real-time systems. Real-time systems operate under real-time constraints, and our language supports expression thereof. In our language, a system is modeled by two separate but complementary descriptions: A collection of objects define the system's structure and functional behavior and a set of interaction constraints define how these objects may interact. Our language thereby supports development of real-time systems by enabling objects build in isolation or re-used from other systems to be composed via interaction constraints. We use the Actor model to describe objects and the concept of real-time synchronizers to describe interaction constraints. Our model is accompanied by a formal semantics that precisely defines what real-time constraints means, and what constitutes a program's correct real-time behaviors. The semantics defines how the system may evolve in the real-time domain, and what progress guarantees the language makes. We briefly discuss implementation problems and potential solutions.

BDL, a language of distributed reactive objects

Abstract: We introduce the definition of a language of distributed reactive objects, a Behaviour Description Language (BDL), as a unified medium for specifying, verifying, compiling and validating object-oriented distributed reactive systems. One of the novelties in BDL is its seamless integration into the Unified Modeling Language approach (UML). BDL supports a description of objects interaction which respects both the functional architecture of system designs and the declarative style of diagram descriptions. This support is implemented by means of a partial-order theoretical framework. This framework allows to specify both the causality and the control models of object interactions independently of any hypothesis on the actual configuration of the system. Given the description of such a configuration, the use of BDL offers new perspectives for a flexible verification of systems by modeling them as an asynchronous network of synchronous components. It allows an optimized code generation by using compilation techniques developed for synchronous languages. It permits an accurate validation and test of applications by supporting the manipulation of both causal and control dependencies. BDL aims at maximizing the re-usability of high-level specifications while minimizing programming effort and test-case based validation of distributed systems.

Checked transactions in an asynchronous message passing environment

Abstract: Traditionally transactions have been single-threaded. In such an environment the thread terminating the transaction is, by definition, the thread which performed the work. Therefore, transaction termination is implicitly synchronised with the completion of the transactional work. With the increased availability of both software and hardware multi-threading, transaction services are being required to allow multiple threads to be active within a transaction. In these systems it is important to guarantee that all threads have completed when a transaction is terminated otherwise some work may not be performed transactionally. In this paper we present a protocol for the enforcement of checked transactional behaviour within an asynchronous environment. We illustrate the use of the protocol within a proposed implementation for a CORBA-compliant Object Transaction Service intended for a soft real-time application which makes extensive use of concurrency and asynchronous message passing.

A CORBA-based remote monitoring system for factory automation

Abstract: Supporting rapid response to changing customer requirements, reduction in both time and cost of manufacturing process, and integration within a heterogeneous wide area networked enterprise are necessary to increase worldwide competitiveness in manufacturing. We propose a CORBA based architecture to realize that manufacturing environment. We have developed an ORB for PLC to realize that architecture. And we have developed two prototypes of a remote monitoring system for factory automation, which are a manufacturing line monitoring system and a remote PLC monitoring system which uses a Web browser, to examine feasibility and effectiveness of the proposed architecture. According to experiments with these prototypes, we show the feasibility and effectiveness of our proposed CORBA based architecture.

A soft real-time TMO platform-WTMOS-and implementation techniques

Abstract: The TMO (Time-triggered Message-triggered Object) model is a real time object model pursuing the timeliness guaranteed computing paradigm. A TMO contains two types of methods: time triggered method activated by its internal clock and message triggered method activated by a request from a client. We present the functions and the design techniques of a middleware platform to support execution of TMOs on the Windows environment, named WTMOS (Windows TMO System). The WTMOS platform does not support the concept of design time guarantee. But, as middleware platform, it supports soft real time system by trying to meet the goal of on-time activation and finishing within deadlines imposed on time triggered and message triggered methods in TMOs. It also offers used defined deadline exception handlers to compensate for the lack of timeliness guaranteed design. Besides the above functions, the activation sources of message triggered methods on WTMOS are expanded so that it can be activated not only by distributed IPC messages but also by Windows system messages. As a result, message triggered methods now can play the roll of Windows message callback functions naturally. This is to add window management facilities and interfaces of Win32 API to the TMO model. Therefore, the TMO model and WTMOS together can be regarded as a powerful development environment for typical soft real time applications such as multimedia services and virtual reality services.

Principles of constructing a timeliness-guaranteed kernel and time-triggered message-triggered object support mechanisms

Abstract: One of the major components required for the construction of future complex real-time computer systems (RTCS) needed in safety-critical applications is a timeliness-guaranteed operating system. A model of an operating system kernel called the DREAM kernel that can support both conventional real-time processes and new-style real-time objects has been formulated. The key emphasis in formulating the DREAM kernel was in the realization of guaranteed timely responses to the service requests from supported client programs. This paper presents a summary of the main structuring principles that were exploited to realize guaranteed timely service capabilities while maintaining the modular and easily expandable structure in the DREAM kernel. Implementation of real-time processes and real-time objects involves designing various calls to DREAM kernel services. A library of functions, called the DREAM library and providing user-friendly interfaces to the DREAM kernel, has been developed in the authors' laboratory. This library consists of a collection of specific C++ classes. A 32-bit prototype version of the DREAM kernel, version D3.0, encapsulated by the DREAM library that supports well-structured real-time application programming in C++ has been implemented. This prototype version has been used in efficient development of several real-time object structured applications including a non-trivial defense C/sup 3/ system, a steel factory control system, and an advanced traffic management system.

Compositional specification and structured verification of hybrid systems in cTLA

Abstract: Many modern chemical plants have to be modelled as complex hybrid systems consisting of various continuous and event-discrete components. Besides the modular and easy to read specification, the formal verification of required properties (e.g., safety properties) is a major problem, due to the complexity of the models. In practice, mostly informal argumentations exist which show that certain properties hold. The informal argumentation for one specific property does not deal with the complex system model as a whole but considers specific parts and aspects only. Our approach supports formal proofs which correspond to the informal argumentations even with respect to the use of subsystems only. It is based on the specification language cTLA supporting modular descriptions of hybrid systems. We outline cTLA and introduce the approach by means of a hybrid example system.

Concurrency control in real-time object-oriented systems: the affected set priority ceiling protocols

Abstract: This paper presents the affected set priority ceiling protocols (ASPCP) for concurrency control in real-time object-oriented systems. These protocols are based on a combination of semantic locking and priority ceiling techniques. This paper shows that the ASPCP protocols provide higher potential concurrency for object-oriented systems than existing priority ceiling protocols, while still bounding priority inversion and preventing deadlock.

Automating regression testing for real-time software in a distributed environment

Abstract: Many real time systems evolve over time due to new requirements and technology improvements. Each revision requires regression resting to ensure that existing functionality is not affected by such changes. Testing these systems often require specialized hardware and software, and both are expensive. While the overall regression testing process is similar across different organizations, the strategies and tools used by them vary according to their product needs. Hence a good framework for regression testing should provide the flexibility to configure it depending on the particular organization's needs while at the same time maximizing utilization. Manual processes are typically slow and error prone and result in under-utilization of valuable test resources. The paper proposes an automated distributed regression testing framework that provides flexibility to the user to configure it to their needs while at the same time optimizing resource usage.

Implementation of a customizable fault tolerance framework

Abstract: While there has been significant advances in fault tolerance research, the effort has focused on the design of individual fault-tolerant systems or methodologies. Recently, some research has been initiated to develop fault tolerance paradigms that can be used to provide a spectrum of fault tolerance levels. In this paper, we present the design of a fault tolerance framework that can be used to support a wide spectrum of applications with various fault tolerance requirements, various criticality levels, and various system models. The framework is designed to be parameterizable so that the user can configure it to obtain the desired features. Also, the framework is designed to be an off-the-shelf component such that application programs can be integrated within it easily to obtain the fault-tolerant version of the application system. A specialized N-modular redundancy (SNMR) scheme has been developed to serve as the primary approach for achieving efficient and cost-effective fault tolerance for the framework. In most cases, the SNMR scheme yields better performance and lower cost in providing fault tolerance as compared with conventional NMR schemes. It also enhances the scalability and customizability of the general replication method. This paper discusses the major concept of the SNMR framework and the main issues in the design and implementation of the framework, including an object-oriented overall system design and the interface protocol class hierarchy. The interface protocol class hierarchy provides a nice paradigm for the implementation of customizable, highly reusable, and easily extensible SNMR framework.

Quality-based flexibility in distributed objects

Abstract: The paper discusses how to make a distributed object system flexible so as to satisfy the application's requirement in the change of the system environment. Each object supports other objects with quality of service (QoS). The change of the system is modeled to be the change of not only types of service but also QoS supported by the objects. We discuss equivalency and compatibility relations among operations with respect to QoS. By using the QoS based relations, we discuss a QoS based compensating way to recover the object from the less qualified state. Finally, we discuss QoS based replication of objects to make required QoS available even if some replicas get less qualified; here, the replicas may not necessarily be the same.

Using the object paradigm for distributed real-time systems

Abstract: One of the primary features of almost all physically distributed software is that it has to deal with the unpredictable nature and complexity of the physical world. For example, it has to detect failures and undertake recovery procedures, it may have to reconfigure itself dynamically, and so on. In effect, all such distributed systems are de facto real time systems. As more and more software systems become distributed, the issue of architecture becomes more critical. A good architecture minimizes complexity and increases the likelihood of run time controllability. It is also key to its ability to undergo evolutionary change. Consequently, the ability to model complex layered architectures in a formal and clear way is also important. The structural modeling concepts originally defined in the ROOM (real time object oriented modeling) language provide an excellent base for this purpose.

Asynchronous protocols to meet real-time constraints: is it really sensible? How to proceed?

Abstract: This paper investigates the use of asynchronous protocols to design and build middleware whose aim is to provide run-time support for soft real-time applications. A simple and general framework is described. This framework allows to take into account timeliness constraints of upper layer applications, while using an asynchronous protocol at the underlying level. When a timeliness constraint is about to be violated, the application layer is informed and can take appropriate measures. The deadline period can then be extended if the constraint is soft enough; in the other case, a default value can be used as a result. This framework can be seen as a bridge from asynchronous systems to synchronous ones. The proposed approach is illustrated with the consensus problem. This approach is investigated in the ARGO system we are implementing. The target applications of the ARGO middleware are telecommunication applications.

A dependable distribution-transparent remote method invocation model for object-oriented distributed embedded computer systems

Abstract: Decreasing hardware costs is permitting the increased use of embedded computers to support complex and sophisticated applications in a variety of products. Many of these applications require computing nodes distributed in different physical locations interconnected by communication networks. The object oriented model with its well known properties that facilitate the design of complex software applications is a natural choice for designing distributed embedded system applications. Existing models that support remote method invocation (RMI) in object oriented distributed computer systems are more tailored towards general distributed computer systems rather than embedded systems. Moreover, efficient implementations of these RMI models are rare at this time. We analyze predominant RMI models with respect to essential features for embedded applications such as timeliness and fault handling capability. Based on this analysis, we propose the Distributed Embedded Object Model (DEOM), dependable, distribution-transparent RMI model to support the execution of distributed embedded system applications.

An object-oriented extension to PEARL90

Abstract: This paper presents an object-oriented extension to the real-time programming language PEARL. The new language preserves PEARL's expressiveness for timeliness and industrial processes and, at same time, improves the language's readability and manageability (through the better encapsulation paradigm derived from the object concept). Moreover, the resulting object model allows the definition of inter and intra object parallelism in a transparent and simple way. Besides that, some extensions are also proposed to enhance testability and safety-related aspects of the language, such as the enforcement of deterministic temporal behaviour.

CORBA in real-time settings: a problem from the manufacturing domain

Abstract: The Object Management Group's (OMG) Common Object Request Broker Architecture (CORBA) is an important and popular technology that supports the development of object based, distributed applications. The benefits promised by CORBA (abstraction, heterogeneity, etc.) are appealing in many application domains, including those that satisfy real time requirements-such as manufacturing. Unfortunately, CORBA was not specified in light of real time requirements, and so the question remains whether existing object request brokers (ORBs) can be used in real time settings, or whether developers of real time systems must await future extensions of CORBA that address real time issues or use non CORBA compliant ORBs. We describe the application of an off the shelf ORB in a real time manufacturing system developed at National institute of Standards and Technology (NIST) and tools which have been developed at the SEI for the analysis of CORBA's impact on the behavior of the system. Based on our experiences, we believe that today's ORBs can be used in real time settings, with certain caveats as outlined in the article. We also outline the concept of "composite objects", an approach for extending the range of non real time ORBs into a greater variety of real time settings.

Validating the design of dependable systems

Abstract: The paper presents an approach for the specification and verification of the correctness of dependable system designs achieved by the application of fault tolerant techniques based on equivalence relations and model checking techniques. The behaviour of the system in absence of faults is formally specified and faults are assumed as random events which interfere with the system by modifying its behaviour. The fault tolerant technique is formalized by a context, which specifies how replicas of the system cooperate to deal with faults. The system design is proved to satisfy the correctness property under a given fault hypothesis, by proving the observational equivalence between the system design specification and the fault free system specification. Additionally, model checking of a temporal logic formula which gives an abstract notion of correct behaviour can be applied to verify the correctness of the design.