toward secure embedded systems

This forum is dedicated to feedback, discussions about ongoing or future developments, ideas and suggestions regarding the ChibiOS projects are welcome. This forum is NOT for support.
User avatar
alex31
Posts: 304
Joined: Fri May 25, 2012 10:23 am
Location: toulouse, france
Has thanked: 28 times
Been thanked: 37 times
Contact:

toward secure embedded systems

Postby alex31 » Tue Nov 17, 2020 10:20 am

Hello,

ChibiOS API offers asynchronous, non-deterministic way of programming embedded systems using the task paradigm. The trend seems to use synchronous systems, generated code, using tools like "lustre", "esterel", or expensive complete frameworks like Asterios from krono-safe to achieve robust systems that can be formally proved. I wanted to know the thoughts about that from you, embedded developers, ChibiOS authors and contributors. Is there a possible soft path between traditional asynchronous RTOS and synchronous one, or do we have to undergo a brutal change ?

Alexandre

User avatar
Giovanni
Site Admin
Posts: 13118
Joined: Wed May 27, 2009 8:48 am
Location: Salerno, Italy
Has thanked: 767 times
Been thanked: 651 times
Contact:

Re: toward secure embedded systems

Postby Giovanni » Tue Nov 17, 2020 10:48 am

Something that is a RTOS has to be deterministic by definition, what do you mean by ChibiOS being non-deterministic?

Giovanni

User avatar
alex31
Posts: 304
Joined: Fri May 25, 2012 10:23 am
Location: toulouse, france
Has thanked: 28 times
Been thanked: 37 times
Contact:

Re: toward secure embedded systems

Postby alex31 » Tue Nov 17, 2020 4:05 pm

Something that is a RTOS has to be deterministic by definition, what do you mean by ChibiOS being non-deterministic?


In the synchronous world, the scheduling is statically calculated at "compilation" each task has a predefined slot of time that it can use or not, and task are called in a static order. That, and some others properties of synchronous systems permit to do some formal proof that the system will always have desired behavior.

ChibiOS, as all other asynchronous RTOS, is not deterministic in the sense that you cannot predict, in which order task will be scheduled, it depends on the system states and inputs.

I know very few about the synchronous world, but I think it's something I have to explore since many avionic systems that have to be certified use this paradigm. Since many embedded programmers have to face these problems : design hardened and certified systems, I would ask the people knowing this field here. I don't want to use closed system like asterios, so T wanted to know if someone has already think about having mixed system to introduce synchronous paradigm in classical RTOS like ChibiOS.

Alexandre

User avatar
Giovanni
Site Admin
Posts: 13118
Joined: Wed May 27, 2009 8:48 am
Location: Salerno, Italy
Has thanked: 767 times
Been thanked: 651 times
Contact:

Re: toward secure embedded systems

Postby Giovanni » Tue Nov 17, 2020 4:17 pm

Any RTOS is able to operate synchronously using pre defined time slots and similar. In RT you could use virtual timers and schedule everything in fixed time slots without even using threads.

The problem is that any real embedded applications is handling asynchronous external events, a pure synchronous approach would degenerate into a "poll any possible asynchronous event source using predefined time intervals and process those using time-constrained code".

Deterministic for sure but good luck into doing real work using those constraints, just think at all possible interrupts sources in your average MCU, you should not have asynchronous IRQs by definition, ISRs are just asynchronous hardware-triggered tasks and those DO affect your timings.

Giovanni

User avatar
FXCoder
Posts: 284
Joined: Sun Jun 12, 2016 4:10 am
Location: Sydney, Australia
Has thanked: 117 times
Been thanked: 89 times

Re: toward secure embedded systems

Postby FXCoder » Wed Nov 18, 2020 12:03 am

This thread brought a smile to my face...
The synchronous mode described is very reminiscent of circa 1970 Single interrupt and multiple Priority Level OS.
The system interrupt takes you to the top of the "application" priority level for normal tasks.
As each Priority Level is "completed" (all tasks in a job list for that PL run in a fixed order) then the system drops down to next lower PL.
Rinse and repeat for each PL until reaching "base level" where all remaining (low priority) tasks just ran in a loop until the next system interrupt.

Everything old is new again?
--
Bob


Return to “Development and Feedback”

Who is online

Users browsing this forum: No registered users and 4 guests