As the main research contribution, this thesis presents design and verification techniques for model-based development of RTES, addressing expressiveness and analyzability for architectural and behavioural models. Finally, the research contributions are validated using representative examples of RTES as well as an industrial case study.

These two operating systems represent two extremes, where Linux is more focused towards soft real-time systems and seL4 towards pure hard real-time safety-critical systems. This thesis addresses the problems mentioned above and aims to provide reliable and deadline-constrained communication via IWSANs for industrial automation systems.

It facilitates re-usability and it makes timing analysis of software systems easier.

In industrial automation, Industrial Wireless Sensor Networks (IWSNs) have been increasingly applied due to a great number of benefits such as convenient installation, flexible deployment and cost efficiency. Linux-based systems have in general less strict demands on correctness and more requirements on usability.

In modern times, the human life is intrinsically associated with real-time embedded systems (RTES) with increasingly safety-critical and mission-critical features, for instance, in domains such as automotive and avionics.


Although industrial automation systems are usually designed to be tolerant of certain communication errors, successive transmission failures may still cause the downtime of industrial applications, which might lead to significant economic losses or even serious accidents. On network layer, routing protocol plays an important role in both communication reliability and latency.

However, there iddt several challenges to be addressed, such as, expressiveness, to represent the real-time and causality behaviour, and analyzability, to support verification of functional and timing behaviour during early-phases of system development.

Conclusively, there are many challenges when it comes to scheduler synthesis. For example, the avionics-specification ARINC and the safety-critical operating systems seL4 and PikeOS safely divide resources for independent safety-critical applications by using hierarchical scheduling.

TBD Next presentation dates are: To address these concerns, model-based frameworks and component-based design methodologies have emerged as a theis solution.

The hierarchical division, that we refer to as hierarchical scheduling, has other advantages as well.


We have also contributed with a novel approach to verify hierarchical schedulers, and a code generator called TAtoC (Timed Automata to C) which contributes to the effective run-time performance of synthesized timed-automata models.

The work in this thesis is focused on the practical aspects of timing isolation among subsystems. However, transmissions over wireless channels in industrial environments are prone to noise and interferences, resulting in frequent erroneous packet deliveries.

The correctness aspect includes strategies on how to verify hierarchical schedulers, but also how to minimize the scheduler overhead and achieve as good run-time performance as possible.

Next, we have provided a real-time semantic basis, in order to support expressiveness and verification for structural and behavioural models.

We have advanced the state-of-the-art in this research area by introducing a new synchronization protocol called RRP (Rollback Resource Policy) that improves on the robustness and run-time performance compared to the existing protocols.

