[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Open License Society reinvents RTOS

Open License Society reinvents RTOS

Developed using formal modeling, OpenComRTOS is the perfect Trustworthy RTOS for deeply embedded and distributed systems

Details online at www.OpenLicenseSociety.org

Inspired by a revealing market research

While there are 100's of RTOS (Real Time Operating Systems) on the market, most of them cannot be certified. This was the result of a market study conducted by Open License Society in 2003 for the European Space Agency. It was found that while some specific ports of RTOS have been certified, most of the Commercial RTOS cannot be certified at all, and certainly not verified. Often for the simple reason that there is no design document. Open Source Software on the other hand comes with source code, but often doesn’t even have a user manual. Most of the time, the source code will have few comments and generally there will be no design document either. This can come as a surprise as the use of a RTOS is often a basic building block for embedded applications, that increasingly must meet stringent requirements in terms of safety and security. Another conclusion from the study was that the market offers inadequate and inefficient solutions, in particular for multi-processor target systems.  

Tackling the challenge using experience and formal modeling

Open License Society tackled the challenge in an innovative way. While it was a new development, it inherited years of experience with the Virtuoso RTOS of Eonic Systems, before it was acquired by Wind River Systems in 2001.
Firstly, a goal was defined to develop a systematic Systems Engineering methodology. Contrary to development activities, the engineering approach looks at the whole system to be developed. It features a consistent life-cycle view that starts when gathering early requirements and ends when the end-system becomes obsolete or is replaced by a newer technology. The important observation is that such a methodology is first of all a process of gradual refinement with modeling and simulation being important to make sure that the right system is developed. An evolutionary approach is needed whereby modularity and reuse go hand in hand. Reuse means using trustworthy components and modularity means that such components have well defined interfaces. Open License Society addresses these issues by introducing the 'Open License' model whereby the licensee not only gets the source code, but also all design documents, formal models, application examples and test suites allowing to verify any aspect of the licensed module. Another important option was the use of an 'Interacting Entities' paradigm. The first module that was developed following the new approach is OpenComRTOS. The results not only proved the approach but also bring new life to the RTOS world.

OpenComERTOS application view image

OpenComRTOS breaks new ground in the RTOS market

OpenComRTOS breaks new ground in the field of Real-Time Operating Systems. Firstly, from the start it was developed as a scalable communication layer to support multi-processor systems ranging from multi-core chips with little memory to widely distributed systems that are physically connected trough third party communication networks. Secondly, it was from the ground up developed using formal modeling*. While the first approach was inspired by the Virtual Single Processor model adopted by the Virtuoso RTOS, the second approach was instrumental not only in achieving a trustworthy component, but also in achieving unparalleled performance with a very clean and portable architecture. An additional benefit of the architectural approach is that the RTOS kernel can even be multiplied on the same processing node, e.g. to provide monitoring and supervision functions for safety critical applications.

The first release of OpenComRTOS features the so-called L0 layer. It provides kernel services for starting and stopping tasks, priority based preemptive scheduling, Packet allocation and deallocation and sending and receiving such Packets between the Tasks using intermediate Ports for synchronisation and communication. Entirely written in ANSI-C (MISRA checked), except the context switch, it can be optimized to about 840 bytes in a single processor implementation and 1600 bytes in a multi-processor implementation. The data memory needs are then less than 50 bytes for the single processor version. All services can be called in a blocking, non-blocking, blocking with time-out and asynchronous mode (at least when appropriate for the service). The kernel itself as well as the Drivers are also Tasks, increasing the modularity and decreasing the critical sections. While from the RTOS point of view the kernel essentially shuffles Packets around, for the application the Ports play the dominant role. Packets are sent to a Port where they synchronise with Packet receive request from other Tasks (or vice versa) . If no request is available, the Packets are put in a priority sorted waiting list. By its design, the L0-buffers cannot overflow.

The L0 services have been designed as the basic functions that are needed in embedded (distributed or not) applications. While already rich in semantic behaviour, more elaborate and specialised services can be added using the L1 and L2 layer. The L1 layer will typically be used to provide traditional RTOS support like e.g. events, semaphores, FIFO queues, mailboxes, memory pools and resources. The first L1 layer to be developed is an emulation of the Virtuoso API** but the architecture allows supporting other RTOS API as well, although often only in a Single Processor version. In the L2 layer, more elaborate often application specific services can be added. The L1 and L2 layer however are optional. The formal modeling approach has also proven to be very effective for this work. Although the Virtuoso RTOS has been in use for 15 years and 3 successive generations were developed, the new architecture is much cleaner and smaller and novel approaches for providing more real-time predictability in less code were discovered. Details will be announced in a later release.

To reduce further the code and memory requirements, L0 and L1 objects are statically linked with all datastructures being generated at compile time. The developer specifies his topology and application objects in an xml database file. Support is currently added in Eclipse to provide a graphical configuration tool.
As simulation is very important, the initial kernel was developed first on top of Microsoft Windows XP, whereby internode communication is emulated using sockets. While this simulator provides for a logically correct operation, it also allows to integrate existing host operating systems or existing RTOS with the nodes running OpenComRTOS. A simple serial connection can be sufficient to establish communication.

Melexis as first customer

The first customer of OpenComRTOS is Melexis (www.melexis.com), a leading supplier of semiconductor chips for the automotive and consumer markets. Melexis is mostly known for its smart sensor solutions that integrate extended temperature and high voltage resistant analog sensors, MEMS and digital controllers is a small package. The latest range of products, called the MelexCM, features a dual-core CPU with up to 32 KBytes of on-chip program flash memory and just 2KBytes of on-chip data memory. An OpenComRTOS test program using 2 tasks continually sending and receiving 8byte packets through an intermediate ports were benchmarked at 9574 Packets/second on the 7.5 Mips MelexCM chip. In the continuous loop consisting of 2 task switches, 2 send and 2 receive services, this comes down to 103 microseconds for each loop. Total memory requirements were 1230 Bytes of flash memory and 228 Bytes of data. Timing measurements were done using the on-chip high resolution timer. Interrupt latency measured as the time from a hardware interrupt to reading the data in a task was measured at 55 microseconds on this 7.5 Mips processor.

From multicore to FPGA to widely distributed applications

The application domain for OpenComRTOS is wide. As a trustworthy component, it forms a good basis for a developing applications that need safety and security support but have few processing and memory resources available. Portability itself is straightforward as it is completely written in ANSI-C. High performance, communication intensive applications will benefit from its very low memory requirements and transparent support for multi-processor applications. A natural candidate are FPGA based systems used in high band-width DSP applications. Sensor networks are another interesting application domain. OpenComRTOS also addresses the market of embedded chips that increasingly use multi-core CPUs for higher performance and lower power consumptions. In all such systems, zero-wait state memory is a scarce resource and the performance benefits from the low latency communication as well as from the low memory requirements. At the other end of the spectrum, OpenComRTOS can be used as a thin communication layer that connects heterogeneous systems together.

About Open License Society.

Open License Society ( www.OpenLicenseSociety.org ) was created to research and develop a systematic Systems Engineering methodology. A key objective is the development of Trustworthy components, by applying such a systematic systems engineering methodology and formal modeling when possible. A first trustworthy component to be released is OpenComRTOS. Open License Society was founded by Eric Verhulst, formerly the founder of Eonic Systems. Eonic systems developed the Virtuoso RTOS that featured transparent parallel processing and focused on the DSP market. Virtuoso was the de facto market leader in high-end DSP systems until it was acquired in 2001 by Wind River Systems.

*The formal modeling of OpenComRTOS was done using TLA+/TLC of Leslie Lamport in cooperation with the University of Ghent (Prof. Boute) with support of IWT.
**Virtuoso's API was called supporting 'distributed semantics' offering a pragmatic superset of CSP. The latter stands for the Communicating Sequential Process algebra, pioneered by C.A.R. Hoare and generated the transputer and the oocam programming language.

Contact data:

Eric Verhulst,  Open License Society

Zavelstraat 160, B3010 Leuven, Belgium

Tel.: +32 407 608 339

email: eric.verhulst (@) openlicensesociety.org

Leuven, 21th August 2006.