ACTORS AND COLOURED PETRI NETS IN THE DEVELOPMENT LIFE CYCLE OF DISTRIBUTED REAL TIME SYSTEMS Giancarlo Fortino, Libero Nigro, Francesco Pupo Dipartimento di Elettronica Informatica e Sistemistica Università della Calabria, I-87036 Rende (CS) - Italy Email: {g.fortino,l.nigro,f.pupo}@unical.it Abstract: This paper describes an actor-based framework for the development of distributed real- time systems which centres on a holistic approach to the fulfilment of application functional and temporal requirements through an application tuneable operating software in the form of a reflective scheduling structure. The framework makes it possible to prototype and execute a specification of a given system by Coloured Petri Nets in order to verify behavioural and timing constraints. The methodology favours a smooth transformation of an analysed system to a design and implementation in popular object-oriented languages like C++ and Java. Keywords: actors, modularity, timing constraints, Coloured Petri Nets, temporal analysis. 1. INTRODUCTION In the last years many efforts have been devoted to an exploitation of modularisation and more general software engineering principles in the real-time area, e.g., (Bergmans and Aksit, 1996) (Ren et al., 1996). The main difficulty is concerned with a selection of suitable abstractions which can favour modularisation without impairing fundamental aspects of real time design such as time management (scheduling) and control of the underlying physical architecture. Conventional solutions, e.g., based on plain sequential object-oriented mechanisms or built on top of standard, possibly stripped-down, Operating Systems relying on over-killing concurrent facilities (e.g., scheduling driven by priority and pre- emption) can be inadequate for real time since they can be lacking of essential abstractions (e.g., concurrency) or cannot be able of guaranteeing a time-predictable environment. This work claims that an integrated approach based on user-defined scheduling and selected real time abstractions can be the basis for a predictable and modular architecture for time critical systems. A methodology is proposed for distributed real-time systems which is based on an adaptation of the Actor model (Agha, 1986) with a reflective and time-driven scheduling structure (Kirk et al., 1997) (Nigro and Pupo, 1997). The methodology defines a full system development life cycle. Specification and verification activities are supported by Coloured Petri Nets (CPN) (Jensen, 1992) (Nigro and Pupo, 1998) which allow a formal description of the basic building components. Property analysis, e.g., checking that timing constraints are met, rests on prototype execution and simulation. The CPN model can be iteratively evaluated during a development as more precise timing information is available from the final target architecture. The approach ensures a smooth transition from system analysis to design and implementation in popular object-oriented languages. 2. A MODULAR APPROACH TO REAL TIME PROGRAMMING In the proposed approach (Kirk et al., 1997) (Nigro and Pupo, 1997) a system is decomposed into a collection of subsystems linked one to another by a (possibly deterministic) communications network. A subsystem is the unit of programming in-the-large. Timing constraints can be local and/or global. An interaction policy is required in general at the system level in order for the subsystems to correctly co-operate in the fulfilment of system-wide timing constraints. A subsystem is structured as a group of actors plus a control machine (see Fig. 1) which is in charge of message scheduling and dispatching. Actors are the basic building blocks in-the-small. They interact one to another by buffered messages. To help modularisation and time predictability, a variant of the Actor model (Agha, 1986) is actually adopted. Actors are modelled as finite state machines which implement functional behaviour only, i.e., message services. Processing a message consists of a state transition and the execution of an atomic action. At most a single message can be under processing in an actor at a given time. As in the Actor model three basic operations are provided: • new, for the creation of new actors. The data component of an actor includes as attributes a set of acquaintances, i.e., the known actors (including itself) to which messages can be sent • send, for transmitting an asynchronous message to a destination actor. The message can carry data values. The sender continues immediately after a send