This thesis makes a contribution towards the certification of reconfigurable real-time mission critical software systems. In highly reconfigurable software systems it is possible for a situation to arise where the system expends most or all of its resources on reconfiguring, and thus cannot provide sufficient resources to conduct intended computing functions. This anomaly has been termed "configuration thrashing" by the author due to its loose analogy to memory thrashing. If configuration thrashing is not eliminated, or at least minimised, then it is possible for circumstance to occur where reconfigurable systems cannot be certified due to potential failure to meet deadlines caused by configuration thrashing. The elimination of reconfiguration thrashing is a step towards certifiable dynamic reconfigurable systems capable of enforcing deadlines. The elimination of reconfiguration thrashing is necessary, though not sufficient, for this goal. In order to restrict configuration thrashing it is necessary to understand the possibilities available within reconfigurable software. A VDM-SL model is presented to explore the options available for reconfigurable architectures, and has allowed many operators to be formally specified providing a much greater understanding of the tasks involved in reconfiguration. The thesis demonstrates how model checkers can be used to check software processes for configuration thrashing using predefined CSP models, thus allowing system programmers to engineer configuration thrashing out of systems. However, model checkers are susceptible to state space explosion, particularly if models are large and / or complex, which may make the use of the model checkers impractical or even impossible for some systems. The thesis therefore also explores potential run-time solutions to configuration thrashing. These solutions allow developers to include additional logic / processes within their systems in order to eliminate configuration thrashing (without the use of model checkers). Several options are explored in-depth, from providing mechanisms for developers to choose when reconfiguration can / cannot occur, to a rule based solution. The exploration of the rule based solution explores issues such as rule expression, rule predictability, as well as potential core rules. The two approaches taken within this thesis to eliminate, or at least restrict sufficiently, configuration thrashing form a basis which would allow for the certification of reconfigurable real-time mission critical software systems.
展开▼
