OpenComRTOS

OpenComRTOS is a commercial network-centric, formally developed real-time operating system (RTOS), aimed mainly at the embedded system market.

Overview
OpenComRTOS was developed using formal methods. It has features like the ability to support heterogeneous multi-processor systems transparently, independent of the processor word size (16-bit, 24-bit, 32-bit, 64-bit), and the communication medium (shared memory, buses, point-to-point links or virtual links on extant communication mechanisms). Typical code size on a 32-bit target processor is about 5 KiBytes.

OpenComRTOS is based on the meta-modelling paradigm of Interacting Entities. In the RTOS, the unit of execution is a Task (a function with its local workspace or stack). Task entities synchronise and communicate using intermediate Hubs entities that are decoupled from the interacting Tasks. Hubs are formally modelled as Guarded Actions. The current implementation provides the functions of traditional RTOS services like events, semaphores, ports, first in first out (FIFO) stacks, resources, packet pools, and memory pools. The user can also create custom Hub types.

OpenComRTOS uses a uniform architecture with a kernel Task, driver Tasks, and application Tasks, each having a Task input Port. The same interface is used for the Interrupt Service Routines. The underlying architecture relies on the use of prioritised packet switching with communication and routing being part of the underlying system services. One of the results is that the source code of the Tasks is independent of the mapping of Tasks and Hubs to the processing nodes in the target system.

History
The initial purpose for developing OpenComRTOS was to provide a software runtime environment supporting a coherent and unified systems engineering methodology based on Interacting Entities. This was originally developed by the Open License Society since 2005, and since 2008 further developed and commercialised by Altreonic. A formerly developed RTOS named Virtuoso    served as a guideline. Virtuoso is a distributed RTOS, developed by Eonic Systems until the technology was sold to Wind River Systems in 2001. Its overall functionality of transparent parallel processing (called the Virtual Single Processor runtime model) was a major driving force to redevelop it in a better way. OpenComRTOS is conceptually a fourth generation of Virtuoso although it was a clean room development. The Virtuoso RTOS had its origin in the pioneering Inmos Transputer, a partial hardware implementation of C.A.R. Hoare's communicating sequential processes (CSP) process algebra. Most challenging applications:
 * 1) Oil exploration system with 12,000 processors featuring microcontrollers, fixed point and floating point DSPs and a Linux host in a single network.
 * 2) Sonar system with 1,600 floating point DSPs.
 * 3) Rosetta and Giotto ESA space missions.
 * 4) Converting a 400,000 lines application running on a Portable Operating System Interface (POSIX) style RTOS to OpenComRTOS.

Formal development approach
For the development of OpenComRTOS a systematic but iterative engineering process was followed. Requirements and specifications being defined, models were developed in Leslie Lamport's temporal logic of actions (TLA+) and then model checked with the corresponding TLC model checker. Based on these models, the code was written and then a third person created new models in TLA+ to verify that the implementation was still isomorphic. The timer and associated time-out functionality for services were model checked using the Uppaal Model Checker. In 2011 Springer published the book on the OpenComRTOS project.

OpenComRTOS Designer: development environment and tools
OpenComRTOS comes with many tools. Visual Designer is a visual modelling environment whereby the user specifies node topology and application topology graphically. From these diagrams, an application specific runtime model is generated. Application specific code is provided in ANSI C for each task. Runtime execution, and interprocessor interactions, are visualised using the Event Tracer. A System Inspector allows reading out and modifying the data structures. Further modules are hostserver modules (these allow any task access to the host node services) and a Safe Virtual Machine for C. The latter requires about 3 KiBytes (10 KiBytes for program and data) and allows dynamically downloading binary-compiled C code at runtime.

Portability
OpenComRTOS was developed for embedded systems and is written in portable ANSI C, except the context switch and ISR interfaces. OpenComRTOS has been ported to the following targets: Freescale PowerPC, Texas Instruments C66xx DSP, Melexis MLX16, ARM Cortex M3/4, Xilinx MicroBlaze, LEON3, NXP CoolFlux DSP and to MS-Windows and Linux. The latter versions allow transparent integration of host nodes and serve as well cross development and simulation systems. As the RTOS kernel is identical for single or multi-processor nodes, supporting a multi-processor system requires only to write a small task level driver that can send and receives Packets.

OpenComRTOS is made available in binary, source code and Open Technology licenses. The latter provides formal models, design documents, source code and test suites.