Prof.emerit. Dr. Niklaus Wirth, ETH Zürich

Embedded systems and real-time programming

slides (ca. 25 KB)

Although computers have been employed for decades to control machinery and entire laboratories, the term embedded system has received renewed attention and is about to establish itself as a discipline of its own. We therefore try to identify its characteristics and peculiarities. The most outstanding single item is the role of time. The addition of timing conditions to all other specifications of a system causes real-time programming to appear as a particularly difficult and challenging subject. We ask how the rapidly growing demands can be met, and emphasize that reliability must be guaranteed in view of the potentially disastrous consequences of failures upon the controlled equipment and its environment.


Dr. Christoph Kirsch, EECS, University of California at Berkeley

Principles of real-time programming

slides (ca. 190 KB)

Real-time programming is a software engineering discipline that has
been around ever since the dawn of digital computing. The dream of
real-time programmers is to unlock the virtually unlimited potential
of software for embedded computer systems—digital computers that
are supposed to behave like analog devices. The perfect embedded
computer system is invisibly hybrid, it works according to the largely
unidentified laws of embedded software but acts according to the laws
of physics. The critical interface between embedded software and
physics is real time and yet, while physical processes evolve in real
time, software processes do not. Only the embedded computer system as
a whole—embedded software and hardware—determines a complex
notion of so-called soft time to which the software processes adhere:
mapping soft time to real time is the art of real-time programming.
We discuss various real-time programming models that support the
development of real-time programs based on different abstractions of
soft time. We informally introduce a real-time process model to study
(1) the compositionality of the real-time programming models and
(2) the semantics of real-time programs developed in these models.

CV Dr. Christoph Kirsch

Christoph Kirsch received the Dipl.-Inform. degree and the Ph.D. degree in
computer science from the University of the Saarland, Saarbruecken,
Germany, in 1996 and 1999, respectively. From 1993 until 1999 he was with
the Max-Planck Institute for Computer Science in Saarbruecken. He is
currently a Postdoctoral Researcher in the Department of Electrical
Engineering and Computer Sciences, University of California, Berkeley. His
research interests are formalisms and tools for the design and
implementation of real-time and embedded software systems.



Dr. Günther Bauer, Technical University Vienna,
Real-Time Systems Group (Prof. Dr. Kopetz)

The Time-Triggered Paradigm

slides (ca. 840 KB)

Time-triggered (TT) distributed computer systems are currently gaining increasing popularity both in the automotive world (where the TT approach is new) and in the aerospace world (where TT systems have already been in use for some time). This talk aims at giving a short introduction to the time-triggered paradigm. First, we will briefly define the term "time-triggered" with respect to embedded distributed computer systems. We will then present a set of related concepts that are important to embedded computer systems in general and, thus, also have a strong relation to time-triggered embedded computer systems in particular. We will then introduce the most important design principles for the development of time-triggered computing environments, i.e., the concept of temporal firewalls, composability, scalability, and dependability. Finally, we will present a (generic) time-triggered communication protocol. The protocol to be presented tries to provide the audience with a generic view of time-triggered communication without going into the details of any existing protocol.

CV Dr. Günther Bauer

Günther Bauer received the Dipl. degree in electrical engineering and
the Ph.D. degree in computer science from the Vienna University of
Tech-nology, Vienna, Austria. He is currently Technical Coordinator of a
European Union-funded Information Society Technologies (IST) research
project in the Real-Time Systems Group at the Vienna University of
Technology. His research interests include fault-isolation,
fault-handling, and fault-tolerance aspects of distributed hard
real-time systems. His current research work focuses on the design,
implementation, and validation of a central guardian for the
Time-Triggered Architecture (TTA).


Dr. Carsten Weich, TTTech, Vienna

Modeling Time-Triggered Applications based on the TTA

slides (ca. 5.6 MB)

This presentation will introduce a commercial off-the-shelf (COTS) approach to the automated generation of safety critical software for distributed embedded control systems. The TTP-Tools suite provides a powerful end-to-end software environment for the Time-Triggered Architecture. The tools with its integration with other standard software enable a fully automated approach to the development of distributed software.

The presentation will have three parts: First, an overview of the TTP protocol and its properties is given. Then, the TTA design approach and the commercially available tools are introduced. Finally, in a live demonstration, the tool chain with a simple example application is presented.

CV Dr. Carsten Weich

Carsten Weich received his degree in Computer Science from the Technical
University of Vienna. He worked on distributed and time-triggerd
system software and databases. His PhD thesis was on fast distributed
transaction processing. He is co-author of a book on "Programming with
Modula-3".

He worked four years as developer and project manager mainly for
time-triggered systems in the industry. He is now with TTTech Vienna.



Dr. Dietmar Millinger, DeComSys, Vienna

Modeling Time-Triggered Applications based on FlexRay

slides (ca. 870 KB)

This presentation introduces the modelling approach for
distributed real-time systems based on a time-driven
communication and operating system as implemented in
the DECOMSYS toolchain for FlexRay.

The first part describes the concepts behind the modelling
approach together with a modelling example.

The second part identifies expected challenges
for a modelling toolchain in the automotive environment.

CV Dr. Dietmar Millinger

Dietmar Millinger holds a "Doctor in Techical Science" for his studies in computer
science at the Vienna University of Technology. During his six years as research
assistant at the Institute for Computer Engineering, Department for Real-Time Systems
(Prof. Kopetz), he focused on real-time operating systems and fault-tolerance.
Subsequently, his know-how was decisive in the development of a time-triggered
operating system (TTOS) and a fault-tolerance layer for time-triggered protocols.
In DECOMSYS Dietmar Millinger is one of three managing directors
and responsible for software tool development.


Dr. Christoph Kirsch, EECS, University of California at Berkeley
Prof. Dr. Wolfgang Pree, CS, Univ. of Salzburg

From control models to real-time code using Giotto

slides I (ca. 630 KB)

slides II (ca. 2.2 MB)

Giotto provides an abstract programmers model for the implementation of
embedded control systems with hard real-time constraints. A typical
control application consists of periodic software tasks together with a
mode-switching logic for enabling and disabling tasks. Giotto specifies
time-triggered sensor readings, task invocations, actuator updates, and
mode switches independent of any implementation platform. Giotto can be
annotated with platform constraints such as task-to-host mappings, and
task and communication schedules. The annotations are directives for the
Giotto compiler, but they do not alter the functionality and timing of a
Giotto program. By separating the platform-independent from the
platform-dependent concerns, Giotto enables a great deal of flexibility in
choosing control platforms as well as a great deal of automation in the
validation and synthesis of control software. The time-triggered nature of
Giotto achieves timing predictability, which makes Giotto particularly
suitable for safety-critical applications.

After introducing the basic concepts of Giotto we present an
integration of Giotto and Simulink:We provide a Giotto
component library that allows us to design Giotto programs
within Simulink's visual development environment. The full
set of Simulink components is available for implementing
non-Giotto functionality within the Giotto components.
The Giotto components themselves are only syntactic to
Simulink. The S/G Translator tool automatically creates
Giotto semantics by transforming the syntactic Giotto
components into standard blocks provided by Simulink without
modifying the non-Giotto functionality. The translation
results in a pure Simulink model that resembles Giotto
semantics which can be simulated as well as executed with
the Simulink tool and code generators.

The S/G Translator tool also generates an intermediate model
from which the glue code is generated for the integration of
E-machine code with code generated from the Real-Time-
Workshop Embedded Coder tool. Finally, the S/G Translator
generates a Giotto program. By means of the Giotto compiler,
optimized code generation as well as schedulability analysis
are thus available.

We illustrate the model-based development and automatic code
generation by means of a throttle control system for the
MPC555 platform.

CV Dr. Christoph Kirsch

Christoph Kirsch received the Dipl.-Inform. degree and the Ph.D. degree in
computer science from the University of the Saarland, Saarbruecken,
Germany, in 1996 and 1999, respectively. From 1993 until 1999 he was with
the Max-Planck Institute for Computer Science in Saarbruecken. He is
currently a Postdoctoral Researcher in the Department of Electrical
Engineering and Computer Sciences, University of California, Berkeley. His
research interests are formalisms and tools for the design and
implementation of real-time and embedded software systems.

CV Prof. Dr. Wolfgang Pree

Wolfgang Pree is a Professor of Computer Science at the University of Salzburg, Austria, since March 2002. He holds a Dipl.-Ing. degree (1987) and a Dr.techn. degree (1992) in Computer Science from Kepler University in Linz, Austria. The Dr.techn. degree was awarded sub auspiciis praesidentis rei publicae by the president of Austria, Dr. Thomas Klestil.

He was a Visiting Assistant Professor at Washington University in St. Louis (1992-93), a guest scientist at Siemens AG Munich (1994-95), a Professor of Computer Science at the University of Constance, Germany (1996-2000), and recently spent a sabbatical at the University of California, Berkeley. His research focuses on software construction, in particular methods and tools for automating the development of real-time embedded software and for improving the reusability through generic software.


Dr. Marco Sanvido, EECS, University of California at Berkeley

xGiotto: A Programming Language with Fixed-Logic
Execution Time Semantics for Real-time Embedded Systems.

slides (ca. 290 KB)

Real-time embedded systems are characterized by (1) their tight
interaction with the environment and (2) their limited resources.
The former dictates the computation speed and response time of the
system, the latter imposes the implementation constraints.

In order to implement analyzable (and predictable) systems, a
programming language for embedded systems has therefore to be able
to address both issues. In this talk we will present xGiotto, a
domain-specific language, in which environment interaction and
execution time are explicitly addressed by the language semantics.
The goal of xGiotto is to generate code correct-by-construction
and behaviorally equivalent if executed by different platforms.

xGiotto is an extension of the original Giotto language,
developed at UC Berkeley. xGiotto differs from Giotto mainly in
the ability to deal with asynchronous events, by generalizing task
invocation, and by making the fixed-logic execution time of tasks
more flexible.

CV Dr. Marco Sanvido

Marco A.A. Sanvido is a postdoctoral researcher at the Department of
Electrical Engineering and Computer Sciences at the University of
California, Berkeley. He holds a Dipl.-Ing. degree (1996) and a
Dr.techn. degree (2002) in computer science from the Swiss Federal
Institute of Technology (ETH) in Zürich, Switzerland. His research focuses on
tools for the design and implementation of real-time embedded systems.

He is the cofounder of weControl, a spin-off company of the Swiss
Federal Institute of Technology committed to providing state of
the art, safety proven, and affordable helicopter autopilot systems for
small unmanned helicopters.


Adj.-Prof. Bran Selic, IBM Software Group–Rational Software

Modeling Real-Time System Architectures

slides (ca. 580 KB)

The architecture of a software system is crucial to the definition, implementation, and subsequent evolution of that system. Consequently, selecting a suitable architecture is probably the most fundamental aspect of the design of any large real-time software system. By its nature, an architectural specification covers the highest levels of structural and behavioral organization within a system and, therefore, it needs to be expressed using concepts that are significantly more abstract than the ones directly supported in most implementation languages. This conceptual gap causes major implementation difficulties that often lead to project failures. In this talk we first describe how such difficulties can be overcome by an approach to software design called "model-driven development". We then examine how this technique can be applied to architectural design: first by examining the requirements for an architectural modeling language a! nd then by identifying a set of concepts suitable for describing the architecture of large real-time and embedded systems. Finally, we illustrate the practical application of these concepts. Specifically, we identify two architectural patterns that can be applied to a very broad category of such systems and demonstrate their use on a representative example system.

CV Adj.-Prof. Bran Selic

Bran Selic is Principal Engineer at the Rational Software unit within the IBM Software Group in Ottawa, Canada. He has over thirty years of experience in the design and implementation of large-scale industrial software mostly in various real-time and embedded domains including aerospace, telecommunications, and robotics. He is the principal author of a popular textbook that described the application of the object paradigm to the design of large-scale real-time systems. Since 1996, he has been involved with the definition of the Unified Modeling Language (UML ) standard and its real-time variants. Mr. Selic is an adjunct professor of computer science at Carleton University in Ottawa.



Prof. Dr. Bertrand Meyer, ETH Zurich

Object-oriented development for concurrent and real-time systems

slides (ca. 530 KB)

The real-time community is still understandably skeptical about object
technology, which has not convincingly addressed the special needs of
real-time or just concurrent computations. Better solutions are, however,
on the horizon. I will describe the architecture of the SCOOP approach
to concurrent, distributed and real-time programming, based on concepts
of Eiffel and Design by Contract, and describe recent developments
towards a full implementation of the SCOOP approach including
extensions specifically tailored to real-time applications. Particular
emphasis will be given to applying the concepts of component-based
development to this area.

CV Prof. Dr. Bertrand Meyer

Bertrand Meyer is Professor of Software Engineering at ETH Zurich
and founder of Eiffel Software. He is the author of several books
on software topics.


Dr. Konstantinos Glinos, European Commission, Head of Embedded Systems Unit
of the IST programme

Embedded Systems in the 6th Framework Programme

slides (ca. 1.4 MB)

CV Dr. Kostas Glinos

Kostas Glinos has been with the European Commission since 1992. He now leads the
Embedded Systems unit of the IST Programme and just before that he was deputy head
of Future and Emerging Technologies. Before joining the Commission Kostas worked
with multinational companies and research institutes in the U.S., Greece and Belgium.
He holds a Ph.D. in Chemical Engineering and a Masters' in financial management.


Prof. Dr. Manfred Broy, TU Munich

Challenges in Automotive Software Engineering: From Demands to Solutions

slides (ca. 35 KB)

We discuss key issues and challenges for software intensive
systems. These include connectivity, reliability and safety
security as well as supplier management. We discuss
automotive trends and the significance of software such as
software as innovation driving force, new and more functionality
new and cheaper technical solutions ,customer orientation,
personalisation, individualisation, market trends, interoperability
dependability and privacy, comfort by additional services,
new business cases, new business partnerships, additional services
and after sales business.

CV Prof. Dr. Manfred Broy

Manfred Broy is Full Professor of Computer Science at the Department of Computer Science of the Technical University Munich and was its founding Dean. He received several awards, among them the Leibniz award of the Deutsche Forschungsgesellschaft.


Prof. Dr. Hermann Kopetz, TU Vienna

Dependable Embedded Control Systems—a look ahead

slides (ca. 1.1 MB)


This lectures elaborates on the future developments in the field of
dependable embedded computer systems. The key challenge in the
design of these systems is the achievement of the required reliablity
at the system level(MTTF must be better than 10**9 hours). Such an
ultra-high dependability can only be realized by fault-tolerance,
since the intrinsic System-on-a-Chip (SoC) reliability is orders of
magnitudes lower. The presentation then discusses the expected
developments in the SOC sector and comes to the conclusion that the
transient failure rate of these chips is on the increase. From the
economic point of view, only applications that command millions of
SoCs have the potential to determine the SoC market. It is concluded
that the only market in the field of dependable embedded systems that
has the required size is the automotive market. In the following
some of the key obstacles that hinder the further deployment of
electronic systems in the automotive market are analyzed and it is
stipulated that a transition from the federated architectures of
today to integrated architecture must take place. The technology
issues related to the deployment of integrated architectures,
particular in the area of fault isolation and diagnosis, require
further research.

CV Prof. Dr. Hermann Kopetz

Hermann Kopetz received his PhD in physics "sub auspiciis praesidentis" from the University of Vienna, Austria in 1968. He was a manager of a computer process control department at Voest Alpine in Linz, Austria, before joining the Technical University of Berlin as a professor for Computer Process Control in 1978. Since 1982 he is professor for Real-Time Systems at the Technical University of Vienna. Dr. Kopetz's research interests focus at the intersection of real-time systems, fault-tolerant systems, and distributed embedded systems. He is the chief architect of the Time-Triggered Architecture which evolved over the past twenty years of research. From 1990 to 1992 he was chairman of the IEEE Technical Committee on Fault-Tolerant Computing and was elected to the grade of a “Fellow of the IEEE” in 1993. Dr. Kopetz was the Chairman of the IFIP WG 10.4 on Dependable Computing and Fault-Tolerance from 1996 to 1998. In 1998 he was elected to become a full member of the Austrian Academy of Science. In July 2000 Dr. Kopetz was nominated by the Austrian Government to become one of the eight scientists to advise the Austrian Government on Science Policy.


Prof. Dr. Bertrand Meyer, ETH Zurich

Trusted components

One of the most promising avenues of progress in software engineering
is the prospect of relying on a large repository of reusable components
with specified and guaranteed quality properties. The presentation
describes the need for Trusted Components and explores two complementary
paths towards establishing this technology: a "low road" for the
analysis and certification of components built with today's
dominant technologies; and a "high road" towards the production
and correctness proof of fully contract-equipped components.

slides (ca. 580 KB)

CV Prof. Dr. Bertrand Meyer

Bertrand Meyer is Professor of Software Engineering at ETH Zurich
and founder of Eiffel Software. He is the author of several books
on software topics.


Prof. Dr. Heikki Saikkonen, Nokia Research, Helsinki

Current research topics in mobile computing

slides (ca. 25 KB)

Wireless portable devices, like cell phones and PDA's are getting
closer to the desktop computer with respect to their computing and
communication capabilities. So, in many ways Mobile Computing
shares the same challenges of the more traditional Computer Science
and Software Engineering and can exploit advances in them.
However, some technical problems like limited UI, energy
consumption and seamless adaptation to different wireless
access technologies need still more research.
Moreover, we as researchers should also pay attention to the
quest for the next "killer app" in this fast moving
and predominantly consumer driven electronics industry.

CV Prof. Dr. Heikki Saikkonen

Heikki Saikkonen is heading the Software Technology Lab at
Nokia Research Center. Before joining Nokia in 1998 he was
a professor of Computer Science at Helsinki University of
Technology where he worked in many position including
Chairman of the CS Department. His interest is in Programming
Methodology, Software Architecture and Concurrent and
Distributed Systems. He has authored several journal
papers and text books in these areas.



DI Erwin Schoitsch, Austrian Research Center Seibersdorf (ARCS)

Embedded systems roadmaps in the European Union

slides (ca. 2.9 MB)

In the AMSD – project (IST – 2001 – 37553, “Accompanying Measure on System Dependability”) a specific “meta-roadmap” exercise was undertaken on “Dependable Embedded Systems”, focussing on critical control in several technical areas such as automotive, aerospace, railways, industrial automation and process control, medical devices and systems and, as far as required, telecommunications and educational issues (requirements) have been considered.

The main objective of this study is the identification of a research agenda for the field of dependable embedded systems. Strong involvement and integration of industry (looking at the “dependable embedded systems” technology from a holistic point of view, from semiconductors to application sectors, from smart sensors/actuators to EMC design, standardization and certification issues), of scientific and applied research is the key to obtain a consistent view of technology challenges and research requirements.

The DES-roadmap project was partitioned into the following four phases:
1. Application Assessment, Taxonomy and Future Needs
2. Technology Assessment, Taxonomy and Future Directions
3. Synthesis and Analysis of the Technology/Application Matrix
4. Establishment of a Research Agenda

17 roadmaps had been analyzed, results of several workshops, working groups and other sources had been taken into account, to identify future trends in application areas, technology challenges and to establish via a technology/application matrix a roadmap and a research agenda to the future.

CV Erwin Schoitsch

Dipl.-Ing. Erwin Schoitsch, born July 1st, 1944, received his Diploma (Masters Degree) in Technical Physics and a Bachelor Degree in Computer Science at the University of Technology in Vienna. He is working at the Austrian Research Centers (ARC) Seibersdorf research, Austrias largest contract – oriented research organisation in Austria. During more than 30 years, he was project engineer and project manager in a variety of industrial projects and accompanying research involving systems with high dependability and real-time requirements (process control, telecommunication systems, railway interlocking, security management systems, advisory group of the Austrian National Bank on Austria’s electronic purse system). He was partner in many European projects in the area of dependability, software process improvement, assessment and evaluation of critical control systems (ESPITI, ENCRESS, ISA-EUNET, OLOS, ACRuDA, SPIRE, ECUA, AMSD Roadmap). He is now Research Manager of the Division of Information Technologies, and manager of the so-called “Innovation Labs”, a group of cross-divisional/cross-sectoral research projects of ARC.

He is active member of EWICS TC7 (European Workshop on Industrial Computer Systems, Technical Committee 7, Safety, Reliability and Security) and chairman of the ERCIM (European Research Consortium in Informatics and Mathematics) WG on Dependable Embedded Systems. He is active in international standardization, especially in IEC SC65A, MT12 (Maintenance of IEC 61508, Functional Safety), and lecturer at the (Postgraduate) Danube University Krems.

His interests cover Software-intensive Systems Dependability, Real-Time Systems, Software Process Assessment, Improvement and Certification, Safety and Security of Embedded Systems.


Adj.-Prof. Bran Selic, IBM Software Group–Rational Software

The Engineering of Software

slides (ca. 70 KB)

We are often so overwhelmed with the difficulty of writing logically correct software that we tend to underplay or even ignore the influence of the underlying computing platform. In some cases, this negligence has been raised to the level of a design principle, based on a dangerously naive interpretation of the idea of "platform independence". After all, it is the platform that gives life to our logic and, as we demonstrate, its effect on software can be profound. We argue that software is not as far removed from physics as many would like, that quantity can affect quality, and that, paradoxically, true platform independence cannot be achieved unless the platform is properly factored into design. We then outline a general approach that addresses this issue and show how it can be realized with UML

CV Adj.-Prof. Bran Selic

Bran Selic is Principal Engineer at the Rational Software unit within the IBM Software Group in Ottawa, Canada. He has over thirty years of experience in the design and implementation of large-scale industrial software mostly in various real-time and embedded domains including aerospace, telecommunications, and robotics. He is the principal author of a popular textbook that described the application of the object paradigm to the design of large-scale real-time systems. Since 1996, he has been involved with the definition of the Unified Modeling Language (UML ) standard and its real-time variants. Mr. Selic is an adjunct professor of computer science at Carleton University in Ottawa.


Prof. Dr. Joseph Sifakis, VERIMAG, Grenoble

Embedded Systems—Challenges and Work Directions for Europe

slides (ca. 3.3 MB)

We present challenges and work directions for fundamental R&D in embedded systems. Emphasis is given to system-centric development approaches, which focus on the end result: the system under development as the combination of hardware and software, in interaction with its physical environment. These approaches raise difficult, fundamental research problems, which are at the basis of an emerging theory, which should bring together informatics and the physical sciences. They allow tradeoffs between cost and quality, which are essential for engineering industrial embedded systems.

The work directions presented provide an encompassing view of system-centric development, by attempting to identify the key issues for moving the area forward.

CV Prof. Dr. Joseph Sifakis

Joseph Sifakis is CNRS researcher and the Director of the Verimag laboratory, in Grenoble, France. He studied Electrical Engineering at the Technical University of Athens and Computer Science at the University of Grenoble.

Joseph Sifakis worked on both theoretical and practical aspects of Concurrent Systems Specification and Verification. He contributed to the development of the state of the art in verification methods and tools by model checking for both untimed and timed systems. His current research interests include modeling, design and analysis of real-time systems with focus on composability and compositionality.

Joseph Sifakis is a member of the editorial board of several journals, member of the Steering Committee of the conferences CAV (Computer Aided Verification) and EMSOFT (Embedded Software). He is member of the Board of Governors of the Special Interest Group on Embedded Systems (SIGBED) of the ACM. He is the recipient of the CNRS silver medal in 2001.

Joseph Sifakis is the scientific coordinator of the European Accompanying Measure ARTIST on Advanced Real-time Systems.

further documents:

Embedded Systems work directions

Building models of RT systems from application software (IEEE paper, 1/2003)

Composition for component-based modeling (FMCO.02 paper)

Scheduler modeling based on the controller synthesis paradigm (Kluwer, RT systems, 2002)