Using a .NET Checkability Profile to Limit Interactions between Embedded Controllers

Author

Greaves, David J. ; Gordon, Daniel ; Alvi, Atif ; Omitola, Tope

Author_Institution

Comput. Lab., Cambridge Univ., Cambridge

fYear

2008

fDate

25-31 Aug. 2008

Firstpage

555

Lastpage

561

Abstract

Within a closed domain - such as a railway train, chemical production line, vehicle or home of the future - concurrent applications running in embedded controller units (ECUs) and on servers share many common sensors, actuators and feedback paths through the physical part of the domain, while having to abide by common, basic liveness and consistency rules to ensure proper operation of that domain. This paper suggests that all ECUs must export a summary of their behaviour using a restricted subset of .NET bytecode and that the programming constructs used by all participating controllers must abide within a common upper bound so that automated formal checking of domain as a whole is possible. The upper bound is defined as a checkability profile. We describe the ROM and RAM costs of implementing this approach in one of our prototypes: a CD/DVD player for the home of the future.

Keywords

embedded systems; microcontrollers; .NET bytecode; .NET checkability profile; chemical production line; concurrent applications; consistency rules; embedded controller units; railway train; Actuators; Automatic control; Automatic programming; Chemical products; Chemical sensors; Feedback; Production; Rail transportation; Upper bound; Vehicles; .NET; Application Digest; CLR; Feature Interaction.; Incremental Model Checking; Pervasive Computing;

fLanguage

English

Publisher

ieee

Conference_Titel

Sensor Technologies and Applications, 2008. SENSORCOMM '08. Second International Conference on

Conference_Location

Cap Esterel

Print_ISBN

978-0-7695-3330-8

Electronic_ISBN

978-0-7695-3330-8

Type

conf

DOI

10.1109/SENSORCOMM.2008.76

Filename

4622719