Conclusion and Future Work

Conclusion and Future Work

This thesis describes the design and implementation of TimeAdapt, a novel reconfig- uration model for embedded software. TimeAdapt realises a time-adaptive execution model by providing mechanisms that support the timely reaction to incoming events during an ongoing reconfiguration, while progress towards reconfiguration completion is made. This chapter summarises the achievements of this thesis and its contributions, and concludes with a discussion of potential areas of future work.

6.1

Achievements

Embedded software that is executed on a reactive embedded system often requires changes to its software structure when, for example, there is new functionality available or environmental conditions change. As reactive embedded systems have high reliabil- ity and durability constraints, these changes need to be executed, while the software is running, without stopping the system. However, embedded systems impose additional challenges on any processes that dynamically change their software, because these sys- tems need to react to incoming events within their associated processing deadlines. At the same time, reconfigurations should be completed in a manner as timely as possi- ble. An analysis of state of the art reconfiguration models that target various kinds

of embedded software, such as embedded operating software, or adaptive middleware software, highlighted the two main limitations that motivated the work presented in this thesis. Firstly, transactional reconfiguration models apply a reconfiguration execution that does not take incoming events into consideration, regardless of their timeliness con- straints. In these reconfiguration models, the processing deadlines of events are met only if the time to complete a reconfiguration falls within this deadline. Secondly, preemp- tive reconfiguration models apply a reconfiguration execution that directly interrupts an ongoing reconfiguration to process the incoming event. These models always meet an event’s deadline, however, if there is a high event arrival rate, a reconfiguration com- pletion might be delayed indefinitely. To adequately address these limitations, a new reconfiguration execution model is needed.

A time-adaptive reconfiguration model should support the dynamic adaptation of an ongoing reconfiguration process itself, as demanded by dynamic time bounds imposed by incoming events, while making progress towards reconfiguration completion. A primary challenge of this work is to maintain the dependency relationships between software en- tities in the presence of partially executed reconfigurations. Chapter 3 described the design of TimeAdapt, which follows a time-adaptive execution for its reconfigurations. TimeAdapt is designed for embedded software modelled according to the reconfigurable dataflow system model (RDF). In this model, entities, so-called actors, send data in a non-blocking manner and read data in a blocking manner. The definition of the re- configuration model on this kind of software stems from two rationales: Firstly, the RDF system model has a strong theoretical background and its abstract definition al- lows the potential implementation of TimeAdapt for a variety of embedded platforms. Secondly, the RDF represents software that is deployed on a single processor platform. This choice is for scoping reasons, and to simplify the system model in this version of TimeAdapt. The focus of the work was on the complexity of the time-adaptive reconfig- uration model. TimeAdapt itself leverages existing synchronisation mechanisms, such as bringing all affected software entities into a reconfiguration-safe state, and sequentially

executing reconfiguration actions to guarantee a functioning system before and after the reconfiguration. The main contribution of the approach is the use of a deadline-aware scheduling mechanism that decides whether to execute the next reconfiguration action or to process an incoming event. The partial execution of a reconfiguration means that most event processing deadlines can be met, since the overall reconfiguration does not need to be completed. However, the model does not directly preempt an ongoing recon- figuration action, but completes at least the currently executing reconfiguration action. The incremental execution of reconfiguration actions leads to an eventual completion of a reconfiguration. However, because TimeAdapt favours an ongoing reconfiguration over a direct processing of an incoming event, it cannot guarantee the meeting of event deadlines, especially when deadlines are smaller than reconfiguration action execution durations. As a result, the model cannot be used for embedded software that has strict deadlines on its incoming events. TimeAdapt implements two scheduling algorithms that realise the deadline-aware scheduling mechanism and that differ in the granularity of the reconfiguration actions scheduled. The pessimistic scheduling algorithm considers safe steps as atomic units and schedules them only, if the overall execution duration is within the processing deadline. The optimistic scheduling algorithm considers individual reconfiguration actions, with the possibility of a revoke of this action, if the execution duration seems to exceed the processing deadline. TimeAdapt maintains dependency relationships between software entities by partitioning the remaining reconfiguration sequence into sub-sequences that need to be executed atomically, so-called safe steps. These safe steps are determined by the reconfiguration designer at reconfiguration design time and are input to the reconfiguration manager, which then executes the safe steps at reconfiguration execution duration.

The implementation of TimeAdapt was described in Chapter 4. The set of tech- niques and algorithms of the reconfiguration model were implemented in a manner that facilitates extensibility, such as the introduction of new reconfiguration action types. As the implementation is Java-based, it can be mapped to various embedded platforms.