- Email: [email protected]
Real-time Software Development: A Perspective
Copyright © IFAC 12th Trienrual World Congress, Sydney, Australia, 1993
REAL-TIME SOFTWARE DEVELOPMENT: A PERSPECTIVE J.A. de la Pueote* £TSI TelecomunicaciOn, Universidad Politecnica de Madrid, £-28040 Madrid, Spain
Abstract. The state of the art in concepts, methods and tools for the development of real-time software for control. is reviewed. Established results and recent developments in models of real-time systems, design methods, programming languages and operating systems are described.
Key Words. Real-time computer systems; software engineering; cornptlter control; computer software;
address these demanding requirements from different points of view. Some important aspects of these advances are discussed in the next sections.
1. INTRODUCTION Real-time software development, which for a long time was the realm of low-level, ad-hoc programming techniques, has experienced notable advances in the last years. Following the realisation of the complex nature of real-time software, a good deal of research effort has been devoted to identify the key issues and difficulties, and to develop concepts and methods which are appropriate for solving them.
2.
MODELS OF REAL-TIME SYSTEMS
The purpose of building models in engineering is to get the ability to reason about fundamental aspects of systems, abstracting from unnecessary details. A solid mathematical foundation, enabling the description and analysis of all the significant properties in an unambiguous way, is a primary requirement of any modelling technique. Other important characteristics are modular compos ability and visual representation, which enable the designer of a complex system to have a comprehensive understanding of its global behaviour.
TImeliness is the primary requirement for real-time systems. The activity of real-time control systems has to be synchronized with the dynamics of real world systems they control (Motus, 1992), which means that their activities must be performed within specified time intervals, and the data used for computations are valid only during a limited time after they are produced. Therefore, the dynamic behaviour of real-time systems must be predictable in a deterministic sense.
In the area of real-time systems, classical control engineering modelling techniques, such as transfer functions and state-space descriptions of continuous and discrete time systems, or finite automata and Petri net models of discrete event systems, can be used for describing functional and reactive aspects of system behaviour. However, the integration of continuous and discrete subsystems, the description of timing requirements, and the specification of complex data structures and algorithms which often appear in real-time systems, are not covered by these methods. On the other hand, modelling techniques based on logics and algebra have been developed for general purpose software systems. These techniques can be used to describe purely functional aspects of real-time systems, but they do not deal with reactive and time aspects. Therefore, modelling techniques which address specific problems of real-time systems
Real-time control systems usually have other requirements in addition to time predictability. They are often used to build dependable systems, i.e. systems with high reliability characteristics upon which individuals or organisations may depend. This results in stringent fault tolerance requirements (Kopetz, 1991). Aexibility and adaptability are also required more and more for the development of modem control systems, often based on artificial intelligence techniques, which are intended to cope with the problems which appear in controlling complex systems (Stankovic, 1988). Recent advances in real-time software engineering ·Supported by CICYT, project TIC89-0397
693
are required.
MelIor, 1985; Hatley and Pirbhai, 1987), and objectoriented design methods (Booch, 1986). While the latter enables good organisation of complex systems, early identification of concurrent tasks, as provided by structured design, is often considered to be better for time-critical systems (Shumate and Keller, 1992).
Extended data flow diagrams have become a common graphic notation for describing the functional behaviour of real-time systems. Their main weakness is the lack of a formal semantics for most of their elements. Some proposals have been made to overcome this problem by defining their semantics in terms of well defined formalisms (Elmstn'm et al., 1993). Nevertheless, the reactive aspects of realtime systems cannot be completely specified by data flow alone. These aspects can be better described by means of discrete state systems, modelled as finite automata or Petri nets, which provide a more convenient representation for concurrency and modularity. Recent work has been carried out on extended net models that provide a unified representation of control, data, functionality and time (Ghezzi et al., 1991), thus enabling the expression of all relevant aspects of real-time systems by a single formalism. Another interesting approach to the specification of reactive behaviour is Statecharts (Harel, 1987), an extension of finite state machines, supporting hierarchical decomposition and parallelism.
Tools and environments are available that partially support specification and design methods. A promising approach is based on executable models, graphic animation and prototyping (Harel, 1992; Pulli and Heikkinen, 1992). Prototypes enable the behaviour of the system to be validated against the final requirements at early stages of the development process, thus reducing the risk for costly errors. The main drawback of most real-time software development environments is the lack of integrated support for all the development phases. Incremental prototyping (Pulli et al., 1991) addresses this problem by supporting prototypes with components at different levels of abstraction, from specification to target code. The components of the prototype are refined starting with the highest risk ones, until there are only final elements.
Synchronous languages (Benveniste and Berry, 1991) take another approach to the formal description of real-time systems. They are based on the principles of synchrony of inputs, outputs, events and actions, and instantaneous broadcasting of signals, which enable the behaviour of a system to be described in a fully deterministic way. Examples of this kind of languages are Esterel (Berry et al., 1983) and Signal (Le Guemic et al., 1991), a block diagram language based on the specification of relations among signals, which has a close relationship with some well know concepts of control theory, such as difference equations and block diagrams. Statecharts can also be viewed as a graphic synchronous language.
4.
4.1. Task models and scheduling A critical issue of real-time systems is that of scheduling the execution of tasks in such a way that task deadlines are guaranteed. This requires accurate estimations of maximum execution times and usage of resources to be available at design time (Halang and Stoyenko, 1991). There are two basic approaches to the implementation and scheduling of real-time tasks: the cyclic executive (or time-line) approach, and the asynchronous multiprogramming approach. The former has been extensively used in industry for its qualities of simplicity, efficiency and complete determinism. On the other side, it exhibits poor maintainability, and its support of sporadic tasks is rather inadequate.
Other approaches to real-time systems specification are extensions of sequential or concurrent programming models. Real-time logic (Jahanian and Mok, 1986; Ostroff, 1990; Ghezzi et al., 1990) provides a framework for specifying and reasoning about timing properties in terms of logic formulae, but these are often terse and difficult to understand for nontrivial cases. Combinations of real-time logic with other formalisms can greatly improve its usefulness (Sowmya, 1992). Timed extensions of process algebras have also been proposed for modelling real-time control systems (Clarke and Holding, 1992).
3.
IMPLEMENTATION ISSUES
Asynchronous multiprogramming is essentially non deterministic, but use of appropriate scheduling algorithms may enable deterministic prediction of realtime behaviour. Although scheduling tasks under real-time constraints in general is a complex problem for which no simple solutions exist, efficient scheduling methods are available for restricted, though common in practice, task structures. The two dominant approaches are preemptive priority scheduling, with rate-monotonic (Liu and Layland, 1973) or deadlinemonotonic (Audsley et al., 1992) priority assignment, and deadline driven scheduling (Liu and Layland,1973).
DESIGN METHODS AND TOOLS
Two approaches to real-time system design have raised widespread interest in the last years: structured, process-oriented design methods (Ward and 694
4.2.
Programming languages
systems. These enable the development of reliable, predictable and maintainable real-time software on a solid engineering basis. Important open areas are distributed real-time systems and fault tolerance methods which are applicable to a wide range of real-time systems.
Most industrial real-time systems are developed using general purpose languages such as C, Pascal or FOR1RAN, with no special support for such features as time management, tasking or scheduling, which are implemented with the help of an executive or operating system component However, real-time languages with real-time mechanisms are available which have been introduced to some extent in industry in the recent years, notably Ada and PEARL.
6.
REFERENCES
Audsley et al. (1992). N.C. Audsley, A. Burns, M.P. Richardson, and AJ. Wellings. Deadline monotonic scheduling theory. In Luc Boullart and Juan A. de la Puente, editors, Real-Time Programming 1992. Proceedings of the IFACtlFlP Workshop. Pergamon Press, 1992.
Ada was developed as a language for large realtime embedded systems, which directly supports tasking with priorities, time management, exception handling and low-level access to hardware devices. Much effort has been devoted in the last years to analyse and improve its applicability to critical real-time systems (Sha and Goodenough, 1990), and a revision of the language is in progress which is expected to solve some deficiencies and to add new functionalities (Baker and Pazy, 1991). PEARL is a process control language with similar features. It has good expressiveness for control applications, but also has some limitations for which enhancements have been proposed (Halang, 1988).
Baker and pazy (1991). T. Baker and O. Pazy. Real-time features for Ada 9X. In Proc. IEEE Real-Time Systems Symposium. IEEE Computer Society Press, 1991.
Real-Time Euclid (Kligerman and Stoyenko, 1986) is a research language which enables direct expression of real-time and resource requirements in the program text It has many interesting features, including extensive control of task scheduling and schedulability analysis tools (Stoyenko et al., 1991).
Berry et al. (1983). G. Berry, S. Moisan, and J.P. Rigault. ESTEREL: Toward a synchronous and semantically sound high level language for real time applications. In Proc. IEEE Real-Time Systems Symposium. IEEE Computer Society Press, 1983.
For a detailed comparison of real-time programming languages, the reader is referred to the recent survey by Halang and Stoyenko (1990).
Booch (1986). Grady Booch. Object oriented development. IEEE Transactions on Software Engineering, 12(2), 1986.
4.3.
Benveniste and Berry (1991). Albert Benveniste and Gerard Berry. The synchronous approach to reactive and real-time systems. Proc.IEEE, 79(9), 1991.
Clarke and Holding (1992). PJ. Clarke and DJ. Holding. The specification, design and verification of real-time embedded control logic using CSP and TCSP. In Luc Boullart and Juan A. de la Puente, editors, Real-Time Programming 1992. Proceedings of the IFACtlFlP Workshop. Pergamon Press, 1992.
Operating systems
The most significant advances in this field are the standardization efforts on real-time extensions for POSIX, and the development of experimental distributed real-time operating systems. Real-time POSIX (pOSIXA, 1992) is opening the way for building open real-time systems, and supports recent advances in priority-based scheduling theory, based on well established practice. New experimental real-time operating systems such as MARS (Kopetz et al. ,1989) or Spring (Stankovic and Ramamritham, 1987), show innovative scheduling and fault-tolerance techniques enabling complex, dynamic, and reliable systems to be developed.
5.
Elmstr0m et al. (1993). R. Elmstr0m, R. Lintulampi, and M. Pezze. Giving semantics to SA/RT by means of high-level timed petri nets. Real-Time Systems, 5,1993. Ghezzi et al. (1990). C. Ghezzi, D. Mandrioli, and A. Morzenti. 1RIO, a logic language for executable specifications of real-time systems. J. Systems and Software, 12(2), 1990. Ghezzi et al. (1991). C. Ghezzi, D. Mandrioli, S. Morasca, and M. Pezre. A unified highlevel Petri net formalism for time-critical systems. IEEE Transactions on Software Engineering, 17(2), February 1991.
CONCLUSIONS
A wide range of concepts, methods and tools are currently available to the designer of real-time software
695
HaJang and Stoyenko (1990). Wolfgang A. HaJang and Alexander D. Stoyenko. Comparative evaluation of high-level real-time programming languages. Real-Time Systems, 2(4):365-382, 1990.
Ostroff (1990). Jonathan S. Ostroff. A logic for real-time discrete event processes. IEEE Control Systems Magazine, 10(4), 1990. POSIX.4 (1992). Real-Time Extensions for Portable Operating Systems, February 1992. IEEE 1003.4/012.
HaJang and Stoyenko (1991). Wolfgang A. HaJang and Alexander D. Stoyenko. Constructing Predictable Real-Time Systems. Kluwer Academic Publishers, Dordrecht, The Netherlands, 1991.
Pulli and Heikkinen (1992). Petri Pulli and Marko Heikkinen. Heterogeneous prototypes in concurrent engineering of embedded software. In Luc Boullart and Juan A. de la Puente, editors, Real-Time Programming 1992. Proceedings ofthe IFACtlFlP Workshop. Pergamon Press, 1992.
HaJang (1988). W.A. Halang. Additional PEARL language structures for the implementation of reliable and inherently safe real-time systems. In A. Crespo and J .A. de la Puente, editors, Real-Time Programming 1988. Proceedings ofthe IFACtlFIP Workshop. Pergamon Press, 1988.
Pulli et al. (1991). P. Pulli, R. Elmstr~m, G. Le6n, and J.A. de la Puente. IPTES- Incremental prototyping technology for embedded real-time systems. In ESPRrr Information Processing Systems and Software. Results and Progress of Selected Projects 1991. Commission of the European Communities, November 1991.
Harel (1987). D. Harel. Statecharts: A visual formalism for complex systems. Science ofComputer Programming,8(3),1987. Harel (1992). David Hare!. Biting the silver bullet. Toward a brighter future for system development IEEE Computer, 25(1):8-20,1992.
Sha and Goodenough (1990). Lui Sha and John B. Goodenough. Real-time scheduling theory and Ada. IEEE Computer, 23(4), 1990.
Hatley andPirbhai (1987). DerekJ.Hatleyandlmtiaz A. Pirbhai. Strategies for Real-Time System Specification. Dorset House, New York, 1987.
Shumate and Keller (1992). Ken Shumate and Marilyn Keller. Software Specification and Design: A DisciplinedAppproachfor Real-Time Systems. John Wiley & Sons, New York, 1992.
Jahanian and Mok (1986). F. Jahanian and A.K. Mok. Safety analysis of timing properties in realtime systems. IEEE Transactions on Software Engineering, 12(9), 1986.
Sowmya (1992). A. Sowmya. A Statecharts-based specification and verification of real-time job scheduling systems. In Luc Boullart and Juan A. de la Puente, editors, Real-Time Programming 1992. Proceedings of the IFACtlFlP Workshop. Pergamon Press, 1992.
Kligerman and Stoyenko (1986) . E. Kligerman and A.D. Stoyenko. Real-time Euclid: A language for reliable real-time systems. IEEE Transactions on Software Engineering, 12(9), 1986. Kopetz et al. (1989). H. Kopetz et al. Distributed fault tolerant real-time systems: The MARS approach. IEEE Micro, 9(1):25-41,1989.
Stankovic and Ramamritham (1987). J.A. Stankovic and K. Ramamritham. The design of the Spring kernel. In IEEE Real-Time Systems Symposium, 1987.
Kopetz (1991). Hermann Kopetz. Fault tolerance in real-time systems. In O. Jaaksoo and V. Utkin, editors, Automatic Control in the Service of Mankind. Proceedings of the 11 th IFAC World Congress, volume IV. Pergamon Press, 1991.
Stankovic (1988). J.A. Stankovic. Misconceptions about real-time programming: A serious problem for next-generation systems. IEEE Computer, 21(10):10-19, 1988.
Le Guernic et al. (1991). P. Le Guernic, T. Gauthier, M. Le Borne, and C. Le Maire. Programming real-time applications with SIGNAL. Proc. IEEE, 79(9),1991.
Stoyenko et al. (1991). A.D. Stoyenko, V.C. Hamacher, and R.C. Holt Analizing hard real-time programs for guaranteed schedulability. IEEE Transactions on Software Engineering, 17(9), 1991.
Liu and Layland (1973). C.L. Liu and J.W. Layland. Scheduling algorithms for multiprogramming in a hard-real-time environment Journal of the ACM, 20(1),1973.
Ward and Melior (1985). P.T. Ward and SJ. MelIor. Structured Development for Real-Time Systems, volume 1-3. Yourdon Press, Englewood Cliffs, NJ, 1985.
Motus (1992). Leo Motus. Time concepts in realtime software. In Luc Boullart and Juan A. de la Puente, editors, Real-Time Programming 1992. Proceedings of the IFACtlFlP Workshop. Pergamon Press, 1992. 696
REAL-TIME SOFTWARE DEVELOPMENT: A PERSPECTIVE J.A. de la Pueote* £TSI TelecomunicaciOn, Universidad Politecnica de Madrid, £-28040 Madrid, Spain
Abstract. The state of the art in concepts, methods and tools for the development of real-time software for control. is reviewed. Established results and recent developments in models of real-time systems, design methods, programming languages and operating systems are described.
Key Words. Real-time computer systems; software engineering; cornptlter control; computer software;
address these demanding requirements from different points of view. Some important aspects of these advances are discussed in the next sections.
1. INTRODUCTION Real-time software development, which for a long time was the realm of low-level, ad-hoc programming techniques, has experienced notable advances in the last years. Following the realisation of the complex nature of real-time software, a good deal of research effort has been devoted to identify the key issues and difficulties, and to develop concepts and methods which are appropriate for solving them.
2.
MODELS OF REAL-TIME SYSTEMS
The purpose of building models in engineering is to get the ability to reason about fundamental aspects of systems, abstracting from unnecessary details. A solid mathematical foundation, enabling the description and analysis of all the significant properties in an unambiguous way, is a primary requirement of any modelling technique. Other important characteristics are modular compos ability and visual representation, which enable the designer of a complex system to have a comprehensive understanding of its global behaviour.
TImeliness is the primary requirement for real-time systems. The activity of real-time control systems has to be synchronized with the dynamics of real world systems they control (Motus, 1992), which means that their activities must be performed within specified time intervals, and the data used for computations are valid only during a limited time after they are produced. Therefore, the dynamic behaviour of real-time systems must be predictable in a deterministic sense.
In the area of real-time systems, classical control engineering modelling techniques, such as transfer functions and state-space descriptions of continuous and discrete time systems, or finite automata and Petri net models of discrete event systems, can be used for describing functional and reactive aspects of system behaviour. However, the integration of continuous and discrete subsystems, the description of timing requirements, and the specification of complex data structures and algorithms which often appear in real-time systems, are not covered by these methods. On the other hand, modelling techniques based on logics and algebra have been developed for general purpose software systems. These techniques can be used to describe purely functional aspects of real-time systems, but they do not deal with reactive and time aspects. Therefore, modelling techniques which address specific problems of real-time systems
Real-time control systems usually have other requirements in addition to time predictability. They are often used to build dependable systems, i.e. systems with high reliability characteristics upon which individuals or organisations may depend. This results in stringent fault tolerance requirements (Kopetz, 1991). Aexibility and adaptability are also required more and more for the development of modem control systems, often based on artificial intelligence techniques, which are intended to cope with the problems which appear in controlling complex systems (Stankovic, 1988). Recent advances in real-time software engineering ·Supported by CICYT, project TIC89-0397
693
are required.
MelIor, 1985; Hatley and Pirbhai, 1987), and objectoriented design methods (Booch, 1986). While the latter enables good organisation of complex systems, early identification of concurrent tasks, as provided by structured design, is often considered to be better for time-critical systems (Shumate and Keller, 1992).
Extended data flow diagrams have become a common graphic notation for describing the functional behaviour of real-time systems. Their main weakness is the lack of a formal semantics for most of their elements. Some proposals have been made to overcome this problem by defining their semantics in terms of well defined formalisms (Elmstn'm et al., 1993). Nevertheless, the reactive aspects of realtime systems cannot be completely specified by data flow alone. These aspects can be better described by means of discrete state systems, modelled as finite automata or Petri nets, which provide a more convenient representation for concurrency and modularity. Recent work has been carried out on extended net models that provide a unified representation of control, data, functionality and time (Ghezzi et al., 1991), thus enabling the expression of all relevant aspects of real-time systems by a single formalism. Another interesting approach to the specification of reactive behaviour is Statecharts (Harel, 1987), an extension of finite state machines, supporting hierarchical decomposition and parallelism.
Tools and environments are available that partially support specification and design methods. A promising approach is based on executable models, graphic animation and prototyping (Harel, 1992; Pulli and Heikkinen, 1992). Prototypes enable the behaviour of the system to be validated against the final requirements at early stages of the development process, thus reducing the risk for costly errors. The main drawback of most real-time software development environments is the lack of integrated support for all the development phases. Incremental prototyping (Pulli et al., 1991) addresses this problem by supporting prototypes with components at different levels of abstraction, from specification to target code. The components of the prototype are refined starting with the highest risk ones, until there are only final elements.
Synchronous languages (Benveniste and Berry, 1991) take another approach to the formal description of real-time systems. They are based on the principles of synchrony of inputs, outputs, events and actions, and instantaneous broadcasting of signals, which enable the behaviour of a system to be described in a fully deterministic way. Examples of this kind of languages are Esterel (Berry et al., 1983) and Signal (Le Guemic et al., 1991), a block diagram language based on the specification of relations among signals, which has a close relationship with some well know concepts of control theory, such as difference equations and block diagrams. Statecharts can also be viewed as a graphic synchronous language.
4.
4.1. Task models and scheduling A critical issue of real-time systems is that of scheduling the execution of tasks in such a way that task deadlines are guaranteed. This requires accurate estimations of maximum execution times and usage of resources to be available at design time (Halang and Stoyenko, 1991). There are two basic approaches to the implementation and scheduling of real-time tasks: the cyclic executive (or time-line) approach, and the asynchronous multiprogramming approach. The former has been extensively used in industry for its qualities of simplicity, efficiency and complete determinism. On the other side, it exhibits poor maintainability, and its support of sporadic tasks is rather inadequate.
Other approaches to real-time systems specification are extensions of sequential or concurrent programming models. Real-time logic (Jahanian and Mok, 1986; Ostroff, 1990; Ghezzi et al., 1990) provides a framework for specifying and reasoning about timing properties in terms of logic formulae, but these are often terse and difficult to understand for nontrivial cases. Combinations of real-time logic with other formalisms can greatly improve its usefulness (Sowmya, 1992). Timed extensions of process algebras have also been proposed for modelling real-time control systems (Clarke and Holding, 1992).
3.
IMPLEMENTATION ISSUES
Asynchronous multiprogramming is essentially non deterministic, but use of appropriate scheduling algorithms may enable deterministic prediction of realtime behaviour. Although scheduling tasks under real-time constraints in general is a complex problem for which no simple solutions exist, efficient scheduling methods are available for restricted, though common in practice, task structures. The two dominant approaches are preemptive priority scheduling, with rate-monotonic (Liu and Layland, 1973) or deadlinemonotonic (Audsley et al., 1992) priority assignment, and deadline driven scheduling (Liu and Layland,1973).
DESIGN METHODS AND TOOLS
Two approaches to real-time system design have raised widespread interest in the last years: structured, process-oriented design methods (Ward and 694
4.2.
Programming languages
systems. These enable the development of reliable, predictable and maintainable real-time software on a solid engineering basis. Important open areas are distributed real-time systems and fault tolerance methods which are applicable to a wide range of real-time systems.
Most industrial real-time systems are developed using general purpose languages such as C, Pascal or FOR1RAN, with no special support for such features as time management, tasking or scheduling, which are implemented with the help of an executive or operating system component However, real-time languages with real-time mechanisms are available which have been introduced to some extent in industry in the recent years, notably Ada and PEARL.
6.
REFERENCES
Audsley et al. (1992). N.C. Audsley, A. Burns, M.P. Richardson, and AJ. Wellings. Deadline monotonic scheduling theory. In Luc Boullart and Juan A. de la Puente, editors, Real-Time Programming 1992. Proceedings of the IFACtlFlP Workshop. Pergamon Press, 1992.
Ada was developed as a language for large realtime embedded systems, which directly supports tasking with priorities, time management, exception handling and low-level access to hardware devices. Much effort has been devoted in the last years to analyse and improve its applicability to critical real-time systems (Sha and Goodenough, 1990), and a revision of the language is in progress which is expected to solve some deficiencies and to add new functionalities (Baker and Pazy, 1991). PEARL is a process control language with similar features. It has good expressiveness for control applications, but also has some limitations for which enhancements have been proposed (Halang, 1988).
Baker and pazy (1991). T. Baker and O. Pazy. Real-time features for Ada 9X. In Proc. IEEE Real-Time Systems Symposium. IEEE Computer Society Press, 1991.
Real-Time Euclid (Kligerman and Stoyenko, 1986) is a research language which enables direct expression of real-time and resource requirements in the program text It has many interesting features, including extensive control of task scheduling and schedulability analysis tools (Stoyenko et al., 1991).
Berry et al. (1983). G. Berry, S. Moisan, and J.P. Rigault. ESTEREL: Toward a synchronous and semantically sound high level language for real time applications. In Proc. IEEE Real-Time Systems Symposium. IEEE Computer Society Press, 1983.
For a detailed comparison of real-time programming languages, the reader is referred to the recent survey by Halang and Stoyenko (1990).
Booch (1986). Grady Booch. Object oriented development. IEEE Transactions on Software Engineering, 12(2), 1986.
4.3.
Benveniste and Berry (1991). Albert Benveniste and Gerard Berry. The synchronous approach to reactive and real-time systems. Proc.IEEE, 79(9), 1991.
Clarke and Holding (1992). PJ. Clarke and DJ. Holding. The specification, design and verification of real-time embedded control logic using CSP and TCSP. In Luc Boullart and Juan A. de la Puente, editors, Real-Time Programming 1992. Proceedings of the IFACtlFlP Workshop. Pergamon Press, 1992.
Operating systems
The most significant advances in this field are the standardization efforts on real-time extensions for POSIX, and the development of experimental distributed real-time operating systems. Real-time POSIX (pOSIXA, 1992) is opening the way for building open real-time systems, and supports recent advances in priority-based scheduling theory, based on well established practice. New experimental real-time operating systems such as MARS (Kopetz et al. ,1989) or Spring (Stankovic and Ramamritham, 1987), show innovative scheduling and fault-tolerance techniques enabling complex, dynamic, and reliable systems to be developed.
5.
Elmstr0m et al. (1993). R. Elmstr0m, R. Lintulampi, and M. Pezze. Giving semantics to SA/RT by means of high-level timed petri nets. Real-Time Systems, 5,1993. Ghezzi et al. (1990). C. Ghezzi, D. Mandrioli, and A. Morzenti. 1RIO, a logic language for executable specifications of real-time systems. J. Systems and Software, 12(2), 1990. Ghezzi et al. (1991). C. Ghezzi, D. Mandrioli, S. Morasca, and M. Pezre. A unified highlevel Petri net formalism for time-critical systems. IEEE Transactions on Software Engineering, 17(2), February 1991.
CONCLUSIONS
A wide range of concepts, methods and tools are currently available to the designer of real-time software
695
HaJang and Stoyenko (1990). Wolfgang A. HaJang and Alexander D. Stoyenko. Comparative evaluation of high-level real-time programming languages. Real-Time Systems, 2(4):365-382, 1990.
Ostroff (1990). Jonathan S. Ostroff. A logic for real-time discrete event processes. IEEE Control Systems Magazine, 10(4), 1990. POSIX.4 (1992). Real-Time Extensions for Portable Operating Systems, February 1992. IEEE 1003.4/012.
HaJang and Stoyenko (1991). Wolfgang A. HaJang and Alexander D. Stoyenko. Constructing Predictable Real-Time Systems. Kluwer Academic Publishers, Dordrecht, The Netherlands, 1991.
Pulli and Heikkinen (1992). Petri Pulli and Marko Heikkinen. Heterogeneous prototypes in concurrent engineering of embedded software. In Luc Boullart and Juan A. de la Puente, editors, Real-Time Programming 1992. Proceedings ofthe IFACtlFlP Workshop. Pergamon Press, 1992.
HaJang (1988). W.A. Halang. Additional PEARL language structures for the implementation of reliable and inherently safe real-time systems. In A. Crespo and J .A. de la Puente, editors, Real-Time Programming 1988. Proceedings ofthe IFACtlFIP Workshop. Pergamon Press, 1988.
Pulli et al. (1991). P. Pulli, R. Elmstr~m, G. Le6n, and J.A. de la Puente. IPTES- Incremental prototyping technology for embedded real-time systems. In ESPRrr Information Processing Systems and Software. Results and Progress of Selected Projects 1991. Commission of the European Communities, November 1991.
Harel (1987). D. Harel. Statecharts: A visual formalism for complex systems. Science ofComputer Programming,8(3),1987. Harel (1992). David Hare!. Biting the silver bullet. Toward a brighter future for system development IEEE Computer, 25(1):8-20,1992.
Sha and Goodenough (1990). Lui Sha and John B. Goodenough. Real-time scheduling theory and Ada. IEEE Computer, 23(4), 1990.
Hatley andPirbhai (1987). DerekJ.Hatleyandlmtiaz A. Pirbhai. Strategies for Real-Time System Specification. Dorset House, New York, 1987.
Shumate and Keller (1992). Ken Shumate and Marilyn Keller. Software Specification and Design: A DisciplinedAppproachfor Real-Time Systems. John Wiley & Sons, New York, 1992.
Jahanian and Mok (1986). F. Jahanian and A.K. Mok. Safety analysis of timing properties in realtime systems. IEEE Transactions on Software Engineering, 12(9), 1986.
Sowmya (1992). A. Sowmya. A Statecharts-based specification and verification of real-time job scheduling systems. In Luc Boullart and Juan A. de la Puente, editors, Real-Time Programming 1992. Proceedings of the IFACtlFlP Workshop. Pergamon Press, 1992.
Kligerman and Stoyenko (1986) . E. Kligerman and A.D. Stoyenko. Real-time Euclid: A language for reliable real-time systems. IEEE Transactions on Software Engineering, 12(9), 1986. Kopetz et al. (1989). H. Kopetz et al. Distributed fault tolerant real-time systems: The MARS approach. IEEE Micro, 9(1):25-41,1989.
Stankovic and Ramamritham (1987). J.A. Stankovic and K. Ramamritham. The design of the Spring kernel. In IEEE Real-Time Systems Symposium, 1987.
Kopetz (1991). Hermann Kopetz. Fault tolerance in real-time systems. In O. Jaaksoo and V. Utkin, editors, Automatic Control in the Service of Mankind. Proceedings of the 11 th IFAC World Congress, volume IV. Pergamon Press, 1991.
Stankovic (1988). J.A. Stankovic. Misconceptions about real-time programming: A serious problem for next-generation systems. IEEE Computer, 21(10):10-19, 1988.
Le Guernic et al. (1991). P. Le Guernic, T. Gauthier, M. Le Borne, and C. Le Maire. Programming real-time applications with SIGNAL. Proc. IEEE, 79(9),1991.
Stoyenko et al. (1991). A.D. Stoyenko, V.C. Hamacher, and R.C. Holt Analizing hard real-time programs for guaranteed schedulability. IEEE Transactions on Software Engineering, 17(9), 1991.
Liu and Layland (1973). C.L. Liu and J.W. Layland. Scheduling algorithms for multiprogramming in a hard-real-time environment Journal of the ACM, 20(1),1973.
Ward and Melior (1985). P.T. Ward and SJ. MelIor. Structured Development for Real-Time Systems, volume 1-3. Yourdon Press, Englewood Cliffs, NJ, 1985.
Motus (1992). Leo Motus. Time concepts in realtime software. In Luc Boullart and Juan A. de la Puente, editors, Real-Time Programming 1992. Proceedings of the IFACtlFlP Workshop. Pergamon Press, 1992. 696