

#### Concurrent systems composing in a reliable and efficient way

# **Eric Verhulst**

#### www.altreonic.com

Push Button High Reliability

HALL 6 - 615

#### Altreonic's mission

Altreonic confidential



From Deep Space To Deep Sea

- "To provide a unified, yet streamlined methodology with supporting tools and products to make high reliability and scalable performance cost-efficient"
- Focus is on high reliability embedded markets
- More performance and trust utilising less resources
- Application domains:
  - Ultra low power embedded devices
  - Distributed sensing and control
  - Many/multicore devices
  - Parallel supercomputing
  - Fault tolerant/ safety critical systems

Altreonic confidential

7/09/2009

#### How is this possible?





- Helps to deeply understand the problem domain
- Helps to find better, leaner and cleaner solutions
- Helps to find better architectures
- Helps to improve reuse
- Helps to get it right the first time
- Our methods:

#### Unified semantics

 Speak the same language from early requirements capturing till final product / system is put to use

#### – Interacting Entities

A common, yet very scalable and modular architectural model





#### **Unique software technology**



- Formalised but straightforward approach
- Full integration of tools from requirements to final applications is unique
- OpenComRTOS is a unique programming system, a unique network-centric RTOS, quasi-universal
  - Formally developed and verified
  - Scalable yet very small: typically 2 to 5 kiB/node
  - Real-time communication support

Altreonic confidential

- Heterogeneous target support
- OpenComRTOS nominated embedded award
- Capable of fault-tolerance
  - (at affordable cost)

7/09/2009



6

## The OpencomRTOS "HUB"



- Result of formal modeling (TLA+)
- Events, semaphores, FIFOs, Ports, resources, mailbox, memory pools, etc. are all variants of a generic HUB
- A HUB has 4 functional parts:
  - Synchronisation point between Tasks
  - Stores task's waiting state if needed
  - Predicate function: defines synchronisation conditions and lifts waiting state of tasks
  - Synchronisation function: functional behavior after synchronisation: can be anything, including passing data
- All HUBs operate system-wide, but transparently:
  - Virtual Single Processor programming model
- Possibility to create application specific hubs & services!
  - => a new concurrent programming model



#### **Resulting programming model**





#### **Codesize Figures**



• Up to 10x smaller than traditional design (thanks to formal development)

• Less power, less memory, easier to verify, scalable ...

| Service           | MLX-16 | MicroBlaze | Leon3 | ARM  | XMOS |
|-------------------|--------|------------|-------|------|------|
| L1 Hub shared     | 400    | 4756       | 4904  | 2192 | 4854 |
| L1 Port           | 4      | 8          | 8     | 4    | 4    |
| L1 Event          | 70     | 88         | 72    | 36   | 54   |
| L1 Semaphore      | 54     | 92         | 96    | 40   | 64   |
| L1 Resource       | 104    | 96         | 76    | 40   | 50   |
| L1 FIFO           | 232    | 356        | 332   | 140  | 222  |
| L1 PacketPool     | NA     | 296        | 268   | 120  | 166  |
| Total L1 Services | 1048   | 5692       | 5756  | 2572 | 5414 |

Code size figures (in Bytes) obtained for our different ports, compiled with Optimisation Os

# **Applications potential**



- SoC, 2K instructions on CoolFlux DSP of NXP
- E.g. hearing aids
- Sensor and actuator networks
  - Small code size
  - · Power saving modes, wake up by interrupt
  - System wide routing
- Distributed control

7/09/2009

- Network support is built in
- Easy to integrate redundancy
- Easy to distribute control and I/O
- No more binding glue, no more middleware layers
- Parallel "supercomputing"
  - Parallel heterogeneous DSP networks

Altreonic confidential

• Intel 48 core SCC chip

# Step1: Requirements & Specification

11





## Step2a: simulation and formal models





# Step2b: Implementation Modeling



After simulation and model checking, select the application architecture and start development

Altreoníc



7/09/2009

14



**OpenVE:** How are processors connected ?

Output Error List

Port\_A PacketPool1 Node2 Task2 Port\_B PacketPool2 Node3 Task3

Port\_C PacketPool3

Output

Xode:





# From idea to prototype in a seamlessly integrated and controlled process



#### Demo set-up





#### **Transparent and processor independent!**





- OpenComRTOS supports heterogeneous networked and many-core processor systems:
   – Remapping tasks or RTOS entities requires no
  - source code changes

Altreonic confidential

Timings will differ but logic application remains

22

Meta-models hide complexity for user

#### **StarFish customizable controllers**









#### **Binary, Source and Open Licenses**



- Innovative no-risk open licensing scheme as well as binary and source code licenses
- Binary

7/09/2009

- Single seat/single site
- No runtime royalties
- Source code
  - kernel and code gens
- Open Technology license
  - Formal models, design doc, source code, test suites,
    ... of RTOS + GUI tools

26

Right to generate extra binary licenses

Altreonic confidential

- Small royalty
- For all Software and all Hardware products

