Most structured design methods claim to address the needs of hard real-time systems. However, few contain abstractions which directly relate to common hard real-time activities, such as periodic or sporadic processes. Furthermore, the methods do not constrain the designer to produce systems which can be analysed for their timing properties. In this paper we present a structured design method called HRT-HOOD (Hard Real-Time Hierarchical Object Oriented Design). HRT-HOOD is an extension of HOOD, and includes object types which enable common hard real-time abstractions to be represented. The method is presented in the context of a hard real-time system life cycle, which enables issues of timeliness and dependability to be addressed much earlier on in the development process. We argue that this will enable dependable real-time systems to be engineered in a more cost effective manner than the current practise, which in effect treats these topics as performance issues. To illustrate our appr...

Abstract not found

This paper presents a systems life cycle and a structured design method which are tailored towards the construction of real-time systems in general, and hard real-time systems in particular. The standard systems life cycle is modified to take into account the expression and satisfaction of non-functional requirements. The HOOD design method is extended to support abstractions which explicitly cater for the characteristics and properties of hard real-time systems. The new method is called HRT-HOOD (Hard Realtime HOOD). 1. Introduction The most important stage in the development of any real-time system is the generation of a consistent design that satisfies an authoritative specification of requirements. Where real-time systems differ from the traditional data processing systems is that they are constrained by non-functional requirements (e.g. dependability and timing). Typically the standard design methodologies do not cater well for expressing these types of constraints. The objective...

. Software architecture has come to be recognized as a discipline

In recent years the functionality required of computer based control systems for safetycritical real-time applications has increased dramatically. Inevitably this has led to an explosion in the complexity ofsuchsystems and an understanding, in both academia and industry, that existing design methods are no longer adequate. One design issue that has traditionally been addressed in an ad hoc and rather simplistic manner is that of setting the topology of a distributed computer based control system. A topology consists of a con gured set of hardware and software units employed to ful l a set of logical control actions. A topology may employ multiple, possibly diverse, copies of these units to ensure that dependability, timing and functional requirements are met. A designer aims to determine the set of units to be employed and how they should be con gured. A maintainer aims to discover the e ect of a change in functionality, or the units employed, on the e ectiveness of an existing topology. Potentially there are a large number of alternative feasible topologies. Unfortunately, existing techniques rely on past experience and typically set a topology very early in the design process. At best only a fraction of the admissible topologies are considered and

Abstract. This paper defines a methodology for developing wrappers for real-time systems starting from temporal logic specifications. Error confinement wrappers are automatically generated from the specifications of the target real-time system. The resulting wrappers are the executable version of the specifications, and account for both timing and functional constraints. They are executed on-line by a runtime checker, a sort of virtual machine that interprets temporal logic. A reflective approach is used to implement an observation layer placed between the runtime checker and the target system. It allows the wrappers to obtain the necessary event and data items from the target system so as to perform at runtime the checks defined by the temporal logic specifications. The proposed method has been applied to the use of real-time microkernels in dependable systems. Fault injection is used to assess the detection coverage of the wrappers and analyze trade-offs between performance and coverage. 1.

The work of the British Aerospace Dependable Computing Systems Centre includes the development of formal techniques for use in defining and tracing requirements for software systems at the system architecture level. A basic repertoire of techniques proposed so far includes the graphical representation of timing requirements allied to model-oriented specifications of functionality. This paper gives an overview of these techniques and reports on a small study in their application conducted by British Aerospace Defence. The study uses a realistic example of an avionics system: the pilot data entry system for a waypoint database. The example is described with some technical detail. Formally analysing a timing requirement for the rate of data entry yields local timing requirements for the cockpit equipments. Conclusions assess the value of these techniques, as perceived by BAe systems developers, and propose further work in providing tool support. 1 Introduction Part of the work of the B...

This report describes an integrated approach to solving a particular system architecture design issue. Constructing architectures for safety-critical realtime control systems is a complex task. This complexity results from nonfunctional as well as functional requirements. The design issue of interest is that of setting a topology such that the dependability and timing characteristics of a system emerge during the design life-cycle. A topology is a set of configured hardware and software units. This issue has hitherto been approached in a very simplistic manner. It is solved by deciding on a logical architecture and then setting an appropriate physical architecture. We investigate one aspect of the topology issue in depth; the architectural topology problem in which a number of alternative physical resources are employed to support a logical implementation (an architectural component) of a control action (Service). We show how a quantitative evaluation of alternative architectural topol...

The need to represent timing requirements for computer systems in a formal way is being addressed by a growing number of specification techniques. However, a common weakness in these techniques is understandability, as a specification is often used to communicate between interested parties who may not possess the skills necessary to interpret a formal specification. Some atemporal specification languages deal with this problem by means of graphical notations with associated formal semantics (e.g. statecharts), although to the knowledge of the author, no such technique exists for dealing with temporal constraints in such a way. This paper presents causal timing diagrams, one possible approach for describing timing requirements graphically with an underlying formal semantics. 1. Introduction Where computer systems are to be used within high-integrity or safety-critical applications, it is essential that the risk of any kind of failure is minimised. The use of formal methods as a means...

This paper explores some issues in the expressiveness of Architecture Description Languages (ADLs) based on our work architecting large, software-intensive systems for command and control and related domains. We briefly outline and motivate several cases where current ADLs lack architecturally useful forms of expression and suggest approaches to addressing some of these cases.