Designing for evolvability: building blocks for evolvable real-time systems

Fielded real-time systems including many defense systems, manufacturing plants and commercial aircraft avionics typically have long lifetimes ranging from a few years to even a few decades. Available technologies, system needs and customer goals change over this lifetime, and changes to a deployed system become very desirable. We argue that such evolution must and can be supported with new system abstractions, and that real-time systems designed with these abstractions can be evolved and incrementally tested. We present two possible run-time abstractions which can act as basic building blocks to construct "evolvable real-time systems". These building blocks can be used to evolve deployed systems in general and real-time systems in particular. First, the replaceable unit abstraction alloys an existing software module to be replaced online by another module with similar or enhanced functionality. Such replacement is transparent to the rest of the system. Secondly, the "cell" abstraction represents a protected module which cannot be harmed by other modules. Based on this notion is an "extensible cell", which allows a deployed module to be extended functionally without the fear of hurting its (fully certified) functionality even when the extensions can fail in unexpected ways. These two abstractions have been implemented in a real-time POSIX testbed used in the Simplex architecture and our findings are reported. Both abstractions are built on the Real-Time Publisher/Subscriber communication model with modifications necessitated by safe evolutionary requirements. We conclude that guaranteed enforcement of the semantics of these two building blocks can only be provided using operating system enforced resource reservation and communication rights.