Enforcing Composability for Ubiquitous Computing
Systems ∗
(Extended Abstract)
Raimund Kirner
Institut für Technische Informatik
Technische Universität Wien
Treitlstraße 3/182/1
A-1040 Wien, Austria
[email protected]
Abstract
Ubiquitous computing provides a paradigm shift in computing systems to an environment
with a potentially large number of typically small networked components. At the same time
they tend to disappear from the view of the user by providing user interfaces through the
physical world. But this new paradigm also requires adapted design and engineering methods
to guarantee a certain quality of service and scalability of the system. This becomes most
important when ubiquitous computing is used in the field of dependable computing. New
concepts have to be provided to cope with the complexity of the large number of components.
In this work we address the issue of designing dependable computing systems in such an
environment by providing composability verification services.
Keywords:
ability
1
Dependable Systems, Ubiquitous Computing, Dynamic Configuration, Compos-
Introduction
Ubiquitous computing provides a new paradigm in system design. Classical computer systems
typically serve one or more users where in ubiquitous computing a potentially large number of
small networked components will provide the services. From the point of user interface, ubiquitous computing can be seen as the opposite of virtual reality, because ubiquitous computing will
integrate information displays into the everyday physical world [6]. In ubiquitous computing
the hardware will disappear from the view of the user, e.g. wearable computing [5].
This new type of computing with a large number of components requires new concepts in
hardware and software engineering. For example, the critical factor in mobile communication
∗
This work has been supported by the IST research project “High-Confidence Architecture for Distributed
Control Applications (NEXT TTA)” under contract IST-2001-32111.
is not bits per second, but pits per second per cubic meter [6]. The interoperability of a lot
of small devices in a larger intelligent environment is required. For developing algorithms and
applications, a modular, structured runtime environment should provide the scheduling, device
interface, networking and resource management primitives [1].
To allow the use of ubiquitous computing also in safety-critical environments, special care
has to be paid for the precise design of mechanisms to provide predictability and composability.
In this paper we will address the question of designing dependable computing systems in the
environment of ubiquitous computing. We will introduce the generic concept of a framework to
manage the operational requirements of all components in such a system.
2
Dependable Computing
Ubiquitous computing is currently a fast evolving research area. Depending on technical development of more flexible communication mechanism and smaller energy supply, computing nodes
will pervade more and more application areas. The number of distributed networked nodes of
applications will increase in a fast way. At the same time the complexity of the system potentially gets out of hand. In a lot of typical applications this will be only a matter of guaranteed
level of quality of service. But ubiquitous computing is also becoming to cover areas traditionally covered by embedded systems. Such systems in common have some more restricted timing
requirements.
For the case that the environment does not tolerate computation failures in time or value,
it is required to design dependable systems that use mechanisms to achieve adequate safety
requirements. The design of dependable systems requires to achieve a high level of determinism
to guarantee a certain safety class. Ubiquitous computing systems on the other side are typical
for their potentially high dynamic reconfiguration rate that does not allow to make a static
safety prediction.
The main challenge for designing dependable ubiquitous computing systems is the development of mechanisms that allows to control the complex dynamic behaviour of the system in
an acceptable way. On the one side is it important to make the integration of new nodes and
removing of retired nodes as simple as possible to avoid additional system complexity. On the
other side it is quite important to find a way to guarantee the safe operation for each nodes
within its specific safety requirements.
A reasonable solution for making ubiquitous systems dependable is the use of high-sophisticated
design of interfaces to overcome the increasing complexity problem. For each node it must be
specified in a complete way what are its specific requirements about its environment and what
is its own impact to the environment. This information can also imply priority assignments to
the nodes to enforce preference to the most critical nodes.
3
Composability Verification
Composability means the preserving of the correct behaviour of a node’s services when it is
integrated with other nodes into a system. With respect to dependable real-time computing,
Kopetz has identified the following four principles that must be adhered [3]:
1. Independent development of components: the architecture has to support the precise specification of all component services at the level of architecture design level.
2. Stability of prior services: a component is considered as a nearly autonomous subsystem
and must provide its intended services across the well-specified component interfaces.
3. Performability of the communication system: is concerned with the design of the communication system. The performability of the communication system requires that if n
components are already integrated, the integration of component n + 1 may not disturb
the correct operation.
4. Replica determinism: if fault-tolerance is implemented in the system by replication of
components, then the architecture and the components must support replica determinism.
Replica determinism for a set of components requires that all members of the set have the
same externally visible state and produce the same relevant output within a certain time
interval.
cluster
nested cluster
CVMx
CVMx.y
n4
n1
n2
n3
CVDB
Figure 1: Composability Verification Management
The central idea in our approach is to design clear component interfaces that provide precise
information about the components requirement on the environment and the services the component provides. The networked components will be grouped into clusters respectively nested
clusters. For each such cluster there must be a dedicated component that provides the configuration and planning (CP) interface [3] to other components for dynamic reintegration or
reconfiguration. The component providing the CP interface will be called composability verification manager (CVM). Configuration verification dababases (CVDB) provide more detailed
information about components. We do not mention here the underlying hardware concepts since
the requirements for reliable hardware mechanisms depends on the specific safety requirements
of the system. Certain (nested) clusters for example may use a more reliable communication
network than other.
A schematic overview of our composability verification architecture for ubiquitous systems
is given in fig. 1. The components n1 . . . n3 are currently correct configured components inside
a nested cluster with the name x.y. The cluster name contains the name of all surrounding
clusters where it is embedded. The dedicated composability verification manager for cluster x.y
is denoted as CVMx.y . In the current scenario component n4 has been recently connected to the
system and at first asks its dedicated CVMx.y for configuration and integration. CVMx.y will
compare the interface definition of n4 with the current cluster configuration and decide whether
n4 will meet its own resource requirements without disturbing operation of the other nodes.
If the component n4 will also communicate with the parent clusters, CVMx.y has to ask
CVMx of its direct parent cluster whether the integration of n4 is valid. Depending on the
concrete interface definitions of the components their interfaces would require too much memory
space to be stored inside the small node itself. For this case the system is equipped with a
CVDB service to provide the interface information of components. Each component at least
has to provide a unique id and a reference to its type. To provide fault-tolerance, the CVDB
service has to be replicated inside the system.
4
Timing Verification
To provide dependability for ubiquitous systems with real-time constraints it is required to
specify the timing constraints in the interface of each component.
Analysis techniques like worst-case execution time (WCET) respectively best-case execution
time (BCET) analysis have to be used to guarantee correct timing behaviour [2, 4].
The CVM service has to detect contractions in the timing requirements of different components. The consequence on not fullfilling these requirements could be refusal of certain components for integration. For high dependable systems that are required to use such a component
in its operation, the resulting action would be to bring the whole safety-critical cluster of the
system into a safe state.
5
Summary and Conclusion
Ubiquitous computing provides a new philosophy of how computing systems should be designed.
They consists of a lot of small networked components. At the same time ubiquitous computing
systems have a high rate of component reintegration or reconfiguration.
The design of dependable computing systems in the environment of ubiquitous computing
requires to use new design concepts to deal with the dynamic restructuring of the system in a
safe way.
In this work we have introduced a framework based on precise component interfaces to allow
composability verification before integrating a new component into the system. The system
is divided hierarchically into clusters with composability verification services at each cluster
to provide scaleability. To allow the design of still small components, a database service has
been introduced to provide all the required information for integration or reconfiguration of new
components.
The vision is to provide systems with a generic plug n’ play interface to connect miscellaneous
devices while still guaranteeing correct operation of them. To achieve this, future research
is required to combine the temporal requirements of arbitrary devices into a unique generic
interconnection interface.
References
[1] D. Estrin, D. Culler, K. Pister, and G. Sukhatme. Connecting the physical world with
pervasive networks. IEEE Pervasive Computing, 1(1):59–69, Jan.-March 2002.
[2] R. Kirner, R. Lang, G. Freiberger, and P. Puschner. Fully automatic worst-case execution
time analysis for matlab/simulink models. In Proceedings of the 14th Euromicro Conference
on Real-Time Systems, pages 29–36, Vienna, Austria, June 2002. Technical University of
Vienna, IEEE.
[3] Hermann Kopetz. The three interfaces of a smart transducer. In Proceedings of FeT‘2001
- 4th IFAC International Conference on Fieldbus Systems and their Applications, Nancy,
France, November 2001.
[4] P. Puschner and A. V. Schedl. Computing Maximum Task Execution Times – A GraphBased Approach. The Journal of Real-Time Systems, 13:67–91, 1997.
[5] T. E. Starner. Wearable computers: no longer science fiction. IEEE Pervasive Computing,
1(1):86–88, Jan.-March 2002.
[6] M. Weiser. Hot topics - ubiquitous computing. Computer, 26(10):71–72, October 1993.