Timothy Brown, Alessandro Pasetti, Wolfgang Pree, Thomas A. Henzinger, and Christoph M. Kirsch
This paper presents a concept for integrating the embedded programming methodology Giotto and the object-oriented AOCS Framework to create an environment for the rapid development of distributed software for safety-critical embedded control systems with hard real-time requirements of the kind typically found in aerospace applications.
Giotto is middleware that offers a tool-supported design methodology for implementing embedded control systems on platforms of possibly distributed sensors, actuators, CPU's, and networks. Giotto enables the decoupling of software design (functionality and timing) from implementation concerns (scheduling, communication, and mapping). It thus allows developers to concentrate on the design of the software architecture and on the implementation of the control and management functionalities required by the target application. Giotto is based on a time-triggered programming language. This ensures timing predictability and makes it particularly suitable for safety-critical applications with hard real-time constraints. Avionics systems are one of its natural target applications.
The AOCS Framework is an object-oriented software framework for embedded control systems. Software frameworks are a software reuse technology. They consist of collections of components with predefined connections that capture an architectural design optimized for a specific domain. They predefine the composition and interaction of the components of a system while at the same time allowing for customization by providing hooks where default behavior can be overridden. Frameworks differ from other reuse technologies, because they make architectural as opposed to code reuse possible, and because they rely on object composition and inheritance as functionality-extending mechanisms. The AOCS Framework was developed for the European Space Agency for satellite control systems but is suitable more generally for embedded control applications.
Giotto and the AOCS Framework are complementary technologies. The former addresses the real-time and physical realization concerns of an embedded system (timing, scheduling, communication, and mapping) while the latter addresses data structuring and task functionality concerns. The work described here arises from an attempt to integrate the two technologies to create an environment where real-time embedded control applications, because of the AOCS Framework, can be rapidly instantiated and, because of Giotto, are predictable in their timing properties even when distributed over multiple CPUs.
The key to this integration is the delegate object mechanism, which allows software components to interact as if they reside within the same address space even when they are located in different processes or on different CPUs. The fiction of a global address space is maintained by copying entire objects between CPUs in a way that guarantees consistency and timeliness. The delegate object mechanism is innovative because, unlike rival proxy-based approaches such as CORBA or DCOM, it is specifically designed to promote timing predictability and is therefore ideally suited for hard real-time applications. While proxies ensure only referential transparency (for the user, there is no logical difference between local and remote object access, but there may be a time difference), delegate objects ensure both referential and time-bound transparency (for the user, there is neither a logical nor a time difference between local and remote object access). The on-time availability of consistent delegate objects is not achieved dynamically, on demand, but scheduled statically by the Giotto compiler, which performs a global task and communication scheduling analysis.
Proceedings of the 20th Annual Digital Avionics Systems Conference (DASC), vol. 2, IEEE Press, 2001, pp. 1-11.