RTSS 4
RTSS 4
RTSS 4
Bhatt
Real-time
Embedded
Software Systems
An Introduction
Sandeep Agrawal
Pankaj Bhatt
August 2001
Real-time Embedded Software Systems: An Introduction S. Agrawal & P. Bhatt
No part of this document may be reproduced or distributed in any form by any means
without prior written authorization of Tata Consultancy Services.
Real-time Embedded Software Systems: An Introduction S. Agrawal & P. Bhatt
Contents
1 BACKGROUND .............................................................................................1
7 REFERENCES ............................................................................................ 20
List of Figures
Figure 1: Timing Diagram (Source [1]) ..................................................................3
Figure 2: Linux and Real-time..................................................................................6
Figure 3: Example of a Message Sequence Diagram for a Microwave Oven......9
Figure 4: A State Chart Diagram............................................................................10
Figure 5: Cross Platform Development .................................................................14
Real-time Embedded Software Systems: An Introduction S. Agrawal & P. Bhatt
Real-time Embedded Software Systems: An Introduction S. Agrawal & P. Bhatt Page 1 of 5
1 Background
This paper is based on our experience with the design and development of real-time
embedded software systems for the telecommunications industry and does not address
the aspects related to design and development of hardware for such systems. This
paper presents a software practitioner’s view of the real-time embedded software
systems and does not attempt to address the research areas in this domain. It therefore
caters to the needs of an informed reader in the software industry and to those who
want to have an overall idea about real-time embedded systems.
Readers interested in further details in this area are encouraged to refer to various
items listed in the “Reference” section provided at the end of this paper.
2.1 Introduction
Timeliness is the single most important aspect of a real-time system. These systems
respond to a series of external inputs, which arrive in an unpredictable fashion. The
real-time systems process these inputs, take appropriate decisions and also generate
output necessary to control the peripherals connected to them. As defined by Donald
Gillies “A real-time system is one in which the correctness of the computations not only
depends upon the logical correctness of the computation but also upon the time in
which the result is produced. If the timing constraints are not met, system failure is said
to have occurred.”
It is essential that the timing constraints of the system are guaranteed to be met.
Guaranteeing timing behaviour requires that the system be predictable.
The design of a real-time system must specify the timing requirements of the system
and ensure that the system performance is both correct and timely. There are three
types of time constraints:
§ Hard: A late response is incorrect and implies a system failure. An example of such
a system is of medical equipment monitoring vital functions of a human body,
where a late response would be considered as a failure.
§ Firm: This is a combination of both hard and soft timeliness requirements. The
computation has a shorter soft requirement and a longer hard requirement. For
example, a patient ventilator must mechanically ventilate the patient a certain
amount in a given time period. A few seconds’ delay in the initiation of breath is
allowed, but not more than that.
One need to distinguish between on-line systems such as an airline reservation system,
which operates in real-time but with much less severe timeliness constraints than, say, a
Real-time Embedded Software Systems: An Introduction S. Agrawal & P. Bhatt Page 2 of 5
missile control system or a telephone switch. An interactive system with better response
time is not a real-time system. These types of systems are often referred to as soft real-
time systems. In a soft real-time system (such as the airline reservation system) late
data is still good data. However, for hard real-time systems, late data is bad data. In
this paper we concentrate on the hard and firm real-time systems only.
Most real-time systems interface with and control hardware directly. The software for
such systems is mostly custom-developed. Real-time Applications can be either
embedded applications or non-embedded (desktop) applications. Real-time systems
often do not have standard peripherals associated with a desktop computer, namely the
keyboard, mouse or conventional display monitors. In most instances, real-time systems
have a customized version of these devices.
The following table compares some of the key features of real-time software systems
with other conventional software systems.
Assume that the processing of each event must always be completed before the arrival
of the next event (i.e., when there is no buffering). Let the deadline for completing the
computation be D. If D < C, the deadline cannot be met. If T < D, the program must
still process each event in a time T, if no events are to be lost. Thus the deadline is
effectively bounded by T and we need to handle those cases where C D T.
Real-time Embedded Software Systems: An Introduction S. Agrawal & P. Bhatt Page 3 of 5
T T
C
Time
Inputs
Other components of the embedded system are similarly chosen, so as to lower the
manufacturing cost. In conventional operating systems, a programmer needing to store
a large data structure can allocate big chunks of memory without having to think of the
consequences. These systems have enough main memory and a large pool of virtual
memory (in the form of disk space) to support such allocations. The embedded systems’
developers do not enjoy such luxuries and have to manage with complex algorithms to
manage resources in the most optimized manner.
§ Memory management
§ I/O services
§ Multiprocessor support
§ Vertical application support (RTOS vendors have also begun to add services that
target specific vertical applications. For example, SNMP—Network Management
Protocol stack is offered along with pSOS RTOS.)
§ POSIX standards compliance — one trend that can help designers move from one
RTOS to another, is standards compliance. In particular, any RTOS that complies
with the POSIX standard would share a standard API (application programming
interface). LynxOS from the Lynx Real-time Systems is one RTOS that fully complies
with the POSIX standards.
Some of the areas where the RTOSs differ from conventional operating systems are:
§ Scheduling policies
§ Development environment
An RTOS is usually scaleable and is structured. It allows growth akin to the concentric
rings on a tree. The innermost ring or the kernel provides the most essential features of
the RTOS. Other features can be added as outer rings as necessary. The small kernel of
an RTOS makes it suitable for a small single processor application, whereas the outer
layers can help build large distributed real-time applications.
RTOSs most often provide priority-based task preemption. In this, the higher priority
task always preempts the lower priority task, when the former becomes ready to run.
Operating System issues such as “Priority Inversion” need to be considered in such
priority-based preemption.
RTOSs are often tailored to meet embedded systems’ requirements. These typically
provide the ability to boot from the ROM, for systems without any disk storage. Some
systems can even work with only ROM, thus significantly reducing the boot-time of the
system.
One must ask the vendor for information in the following areas, while making a
selection for a real-time operating system:
§ The interrupt latency (i.e. time from interrupt to task run): this has to be compatible
with application requirements and has to be predictable. This value depends on the
number of simultaneous pending interrupts.
§ The maximum time taken by various system calls — it should be predictable and
independent of the number of objects in the system.
§ The maximum time the operating system and drivers mask the interrupts.
Besides a good kernel, a good RTOS must also have user-friendly documentation and
support for good tools for development.
§ OSE by Enea
§ LynxOS by LynuxWorks
§ OS-9 by Microware
Linux Processes
Software
Interrupts Scheduling
Hardware
The Linux virtual memory implementation can swap out any process. Linux processes
are heavyweight and there are significant overheads in process switching. The Linux
kernel is non-preemptive, i.e., a process in the midst of a system call cannot be
preempted. Linux also disables interrupts in the critical sections of the kernel code. Due
to these reasons, Linux in itself is not suitable to meet the timing requirements of a hard
real time system.
Real Time Linux (RT-Linux) addresses this problem by slipping in a small real-time
kernel underneath Linux and running Linux as a process within its control. The control is
transferred to the Linux process whenever there is no processor requirement from a
real-time process. The following diagram depicts the operating model of RT-Linux.
Communication between the Linux and RT-Linux processes is generally achieved using
the FIFO connections or shared memory segments.
Subsystems are often organized as a set of layered packages. Many complex systems
have several layers ordered hierarchically from the most abstract (closest to the
application domain), down to the most concrete (closest to the underlying hardware).
It is most efficacious to design a layered architecture and actually implement the system
as a series of vertical slices of functionality that cut through all layers. ISO’s seven-layer
reference model is a common layered architecture for communications protocols. A
layered implementation strategy would build each layer independently and link them
together as they are completed. However, this approach has been proven to be risky
and expensive in practice because fundamental flaws that affect the overall subsystem
functionality are not caught until integration. A better implementation strategy is to
implement vertical slices. Each vertical slice implements only the portion of each layer
relevant to the purpose of the slice. This approach to implementation is called iterative
prototyping and each slice is called a prototype. The prototypes are implemented so
that each prototype builds upon the features implemented in its predecessors. The
sequence of prototypes is decided based on which features logically come first as well
as which represent the highest risk. By doing risk-based development, higher risk items
are explored and resolved as early as possible. This typically results in less rework and a
more integrated reliable system.
4.2.1 Modeling
Modeling is a proven and a well accepted engineering technique. Modeling is of more
significance in real-time systems, because of the their mission-critical usage, as in a
nuclear reactor or in flight navigation systems. The designers should be able to visualize
all possible requirements of the application and predict the system behaviour timeliness
accurately in each case; modeling helps the designers in this task. Real-time systems
follow the modeling techniques to visualize, control and document the application’s
system architecture and behaviour.
with each other. However, the hesitation in using the object technology comes from the
perception that it entails unacceptably high memory and performance overheads for a
real-time system. The abstraction mechanisms, such as polymorphism and
encapsulation, can definitely induce overheads, but if seen in conjunction with the
increasing power of the hardware, may still make the object technology a suitable
candidate for real time development.
4.2.3 Design
The following message sequence diagram shows the message interaction between a
microwave user and a microwave oven.
Real-time Embedded Software Systems: An Introduction S. Agrawal & P. Bhatt Page 9 of 9
A state chart diagram shows a state machine. This diagram models the dynamic aspects
of a system.
Real-time Embedded Software Systems: An Introduction S. Agrawal & P. Bhatt Page 10 of 10
The following example shows the state chart diagram for a commonly used real-time
embedded system—a microwave oven. This shows the various states in which a
microwave oven can exist, namely,—Off, Idle, Heating and Pause. The arrows between
the states show the state transitions.
4.2.3.3 Animation
Animation is the act of executing a model. Animation is not the same as simulation. An
animator actually runs the real application, if desired, on the target machine. This gives
the developer a better idea of the system’s behaviour than merely simulating it.
Animation can be done using Message Sequence Charts and State Chart diagrams.
4.2.5 Scheduling
Task scheduling is an important aspect of real-time systems. Real-time software
executes in response to external events. These events may be periodic, in which case,
an appropriate scheduling of events and related tasks is required to guarantee
performance. The scheduling strategy also depends on scheduling facilities that the
chosen RTOS offers, but in general, RTOSs are flexible with scheduling.
§ Environment changes
Feasibility checking
Feasibility checking is the process of determining whether the timing requirements of a
set of tasks can be satisfied, usually under a given set of resource requirements and
precedence constraints.
Dynamic best-effort approach: Tasks may be queued according to policies that take
account of time constraints. No feasibility checking is done before the tasks are queued.
Schedule construction
Schedule construction is the process of ordering the tasks to be executed and storing
this in a form that can be used by the despatching step.
Despatching
Despatching is the process of deciding which task to execute next.
Selection of the right product (and vendor) is critical for the success of any COTS-based
project. The financial stability of the vendor is definitely one of the key parameters to be
looked into before deciding on a COTS package offered by the vendor. In addition to
this, the geographical spread, availability of local support for a long term, and
responsiveness of the vendor in addressing the reported problems must be taken into
account. It may be worthwhile to conduct a detailed evaluation of the product to
determine its applicability in meeting the requirements. This evaluation should also take
into account the compatibility issues at a broader level with other software packages
under consideration for the product under development. Having historical data on the
integration of various packages is definitely helpful. This data can normally be received
from other projects that have already done such an integration exercise or a similar one.
Real-time Embedded Software Systems: An Introduction S. Agrawal & P. Bhatt Page 13 of 13
One more important aspect to be considered while making the selection of the RTOS is
the availability of tools (for example, code coverage, memory leak detection, etc.).
The COTS package selection must show substantial savings in the costs and should be
weighed against the risk of losing control (by using the COTS software). The evaluation
process must take factors other than the financial and technical into account while
making the selection of the COTS package.
4.3 Development
Such varied requirements generally necessitate the use of multiple development tools.
The following should be verified before the tools are finalized:
§ Integration of various tools with the RTOS and also integration of various
development tools amongst themselves (compatibility with each other).
§ Some of these tools will run on the host machine and in such cases, their
integration with the host operating system must be kept in mind.
§ The memory requirements of the COTS components should be well within the
overall resources available to the system.
The list of development tools includes the modeling tools, cross-platform development
tools, programming language, IDE, configuration management tools, test coverage
tools, memory leak detection tools, etc.
Cross-platform development brings issues related to differences in the source and target
environment. The developers should develop the system as per the facilities available on
the target environment and not what is available on the host. For example, the target
RTOS may not provide all standard C/C++ libraries, which are otherwise available on a
typical Windows/Unix setup, so such libraries cannot be used. Further, the code has to
be built (compiled and linked) for the target environment.
Real-time Embedded Software Systems: An Introduction S. Agrawal & P. Bhatt Page 14 of 14
Despite the advantages of using a development environment from a third party, some
designers may find it more advantageous to use a totally integrated environment from a
single vendor. When a single vendor develops both pieces of code, the development
environment can include features that are RTOS-aware. Microware, for example, offers
a comprehensive development called FasTrak for OS-9 that includes the C compiler,
source control, debugger, and other features. The FasTrak debugger is one module that
provides designers with substantial advantages based on its close ties with the RTOS. It
can display a broad range of CPU and OS resources, including: CPU and FPU registers,
stack frames, local variables, and target system memory. Moreover, it can display and
control RTOS task-level resources.
§ A language compiler should be available for the chosen RTOS and hardware
architecture of the embedded system.
§ The language should allow direct hardware control without sacrificing the
advantages of a high-level language.
Real-time Embedded Software Systems: An Introduction S. Agrawal & P. Bhatt Page 15 of 15
§ The language should provide memory management control such as dynamic and
static memory allocation.
§ Real-time systems are increasingly being designed using Object Oriented (OO)
methodology and using a language that supports OO concepts is definitely helpful.
The languages that are typically used for embedded systems are Assembly Language, C,
C++, Ada and Java.
C is by far the most popular language and the language that maximizes application
portability. C++ is used when real-time applications are developed using object-oriented
methodology.
Members of the scientific community, for example, have millions of lines of existing
Fortran code that implement proprietary numerical algorithms. Likewise, developers
targeting military applications (for the USA) may require Ada.
The availability of languages for a development project is limited to the languages that
have been ported to a specific RTOS environment, and in some cases, to languages that
have been ported to a specific target single-board computer.
Some RTOS vendors offer their own versions of popular languages as they optimize the
compiler for RTOS architecture. Microware, for example, has its own C compiler called
Ultra C.
§ Scheduling
§ Memory Management
§ Synchronization
IBM's VisualAge Micro Edition provides the environment, tools, and runtime support for
building complete, end-to-end embedded systems based on Java technology.
4.3.4 Debugging
Once the executable binary image is downloaded onto the target machine for testing
purposes, the need to set break points in the program, to observe the execution, arises.
In embedded systems, the debugger and the software being debugged execute on two
different computer systems. The remote debugger can be used to download, execute
and debug embedded software over a serial port or network connection between the
host and the target. Some examples of remote debugging tools are CADUL XDB for
pSOS, or CrossWind for VxWorks.
4.3.4.2 Emulators
Remote debuggers are useful in monitoring and controlling the state of real-time
embedded software. However, only an in-circuit emulator (ICE) allows the developer to
examine the state of the processor on which the program is running. ICE emulates the
target board processor. It is an embedded system with its own copy of the target
processor, RAM, ROM and its own embedded software. As a result, ICE is usually very
expensive. Emulators are useful in real-time tracing of the target processor. It can store
the information for each of the processor cycles that are executed, so that the
developer can see in exactly what order things happened.
4.3.4.3 Simulator
For example, VxSim is a complete prototyping and simulation tool for Tornado or
VxWorks applications. It enables application development to begin before hardware
becomes available, allowing a large portion of software testing to occur early in the
development cycle.
§ Set up application partition at launch time—create all tasks initially (at start up),
create stack space for all the tasks
§ Allocate and dispose blocks of memory (in the application heap) using partitioned
memory, which has fixed-size buffers
Real-time Embedded Software Systems: An Introduction S. Agrawal & P. Bhatt Page 17 of 17
For hard real-time systems, there is almost no opportunity to do any dynamic memory
allocation/retrieval and dynamic memory allocation should be minimized for systems
having soft/firm timing requirements. RTOSs do not provide efficient protection against
an overflow of memory stacks, as provided by traditional operating systems. So, one
would need to keep in mind the maximum stack size allowed for the functions, while
declaring local variables of the function. If the total size of local variables exceeds the
maximum limit of stack allowed, then the system can overwrite the data in the other’s
memory area. This does not apply in the case when in C++, “new” is used because
“new” allocates memory from the heap, not from the stack.
These tools are effective in detecting problems related to the memory usage of a real-
time software system. Some of these are described in the following text.
Memory leaks
Defined as memory, which is allocated but not released when the intended functionality
is achieved. This generally occurs in C/C++ with calls to malloc()/new() and the
corresponding free()/delete() not being called appropriately.
For example, this code will corrupt the low memory, since memory has not been
allocated for the pointer variable ptr.
Buffer Corruption
Defined as writing more data than the storage allocated. This typically can occur, when
say, 200 array indexes have been allocated in C / C++ and data is written to the 200th
index, whereas storage has been allocated for 0 to 199 indexes only.
Real-time Embedded Software Systems: An Introduction S. Agrawal & P. Bhatt Page 18 of 18
4.4 Testing
Verification tools allow a designer to run software against a hardware design before a
prototype has been built. They accomplish this by executing the software on a logic
simulation of the hardware design. However, logic simulations are notoriously slow,
typically running at about 1 to 10 clock cycles per second on complex designs.
§ Real-time software systems are generally more complex to develop than the
conventional systems. More training is required for developers who will work on
such systems, due to the following requirements:
At present, the tools available to support embedded programming are mostly derived
from those used for general-purpose programming tools. These tools will become more
appropriate for real-time embedded needs in the future.
In the operating system market, we may see consolidation with fewer and more robust
alternatives being available to the developers. The tools for supporting the development
of real-time embedded systems would also see significant advancement particularly
since the size of embedded applications is constantly growing, thereby making these
more complex to develop, test and maintain. The operating system market is also likely
to see the componentized operating systems, offering developers the facility to choose
the relevant components meeting the need of their applications.
The major challenges for the real-time embedded systems in the future (based on their
application) are going to be security, scalability (high) availability, and performance with
deterministic behaviour. As the real-time embedded systems become more complex in
future, maintaining them would be a big challenge. The new interactive applications of
the future may require their systems meeting stringent time constraints. Defining
distributed computing models for real-time embedded systems for networked embedded
systems, inter-operability and fault tolerance will also pose challenges, particularly in the
area of standardization of interfaces for communication between these systems.
7 References
1. Mathai Joseph, Real-time Systems: Specification, Verification and Analysis, Prentice
Hall International, London, 1996
3. Bruce Powell Douglass, Real-time UML Developing Efficient Objects for Embedded
Systems, Addison Wesley 1998.
7. David Hardin, The Real-Time Specification for Java, Dr. Dobb’s Journal, February
2000.
Real-time Embedded Software Systems: An Introduction S. Agrawal & P. Bhatt Page 21 of 21
8. http://www.embedded.com
10. Frederick M. Proctor, Linux, Real-Time Linux, & IPC, Dr. Dobb’s Journal, November
1999.
11. Grady Booch, James Rumbaugh, Ivar Jacobson, The Unified Modeling Language
User Guide, Addison Wesley.
12. Greg Bollella, Ben Brosgol, Peter Dibble, Steve Furr, James Gosling, David Hardin,
Mark Turnbull, The Real Time Specification for Java, Addison Wesley, June 2000,
http://www.rtj.org
14. Jan Ellsberger, Dieter Hosgrefe, Amardeo Sarma, SDL – Formal Object Oriented
Language for Communicating Systems, Telelogic. Prentice Hall
16. Michael Barr, Programming Embedded Systems in C and C++, O’Reilly Associates,
August 1999.
17. Milojicic Dejan, Trend Wars – Embedded Systems, IEEE Concurrency, October-
December 2000
19. Robert Rosenberg, Lessons Learnt Using COTS in Real-Time Embedded Systems,
Presented to the Joint Avionics and Weapons Systems Support Software and
Simulation Conference, June 1998, http://www.sabresys.com/whitepapers/cots.html