D1.1 EMMA Requirements

Introduction

Current solutions for software development in complex traffic systems normally involve a series of different standards that might be incompatible with each other. This is especially true in the case of systems that combine automotive systems within a car with the available traffic infrastructure.

Despite these differences, the sensors and actuators installed in current automotive systems need to cooperate with each other in order to provide a level of service that can be acceptable for the client. Also for this reason, the number of sensors and actuators has increased dramatically in the past years, providing close to real-time information to the drivers so that they can react accordingly.

If the interaction of these components within a car is a complex issue, the cooperation with other cars or with the infrastructure is even more challenging and requires new abstractions, solutions and paradigms that support it.

For this reason, the EMMA project is working on the development of EM2P (Emma Embedded Middleware Platform), a middleware solution based on the abstraction of Wireless Cooperating Objects (WICOs), that allows for the seamless interaction of automotive components. The focus on wireless technology comes from the necessity to reduce the amount of cables within a car and from the fact that interactions with the infrastructure from an automotive system can only be performed in a wireless fashion.

As first specified as part of the Embedded WiSeNTs project, a Cooperating Object is a collection of sensors, controllers (information processors), actuators, or other Cooperating Objects that communicate with each other in order to accomplish a common task in a more or less autonomous way.

More precisely, sensors are devices that act as inputs to the Cooperating Objects and are able to gather and retrieve information either from other Cooperating Objects or from the environment they are immersed in. Controllers are devices that act as data or information processors and cooperate with sensors and actuators in order to be able to interact with their environment. Furthermore, controllers are equipped with a storage device that allows them to perform their tasks. Actuators are devices that act as output producers and are able to interact and modify their environment using, for example, some kind of electromechanical device. Finally, Cooperating Objects are equipped with communication capabilities that, for the case of Wireless Cooperating Objects (WICOs), are based on wireless technology.

The inclusion of other Cooperating Objects as part of the definition of a Cooperating Object itself indicates that these objects can combine their sensors, controllers, and actuators in a hierarchical way and are, therefore, able to create arbitrarily complex structures. For example, in EMMA each sensor within a car’s engine is a Cooperating Objects and all of them together can be considered as a Cooperating Object as well. Likewise, the car itself, a traffic light or a more complex traffic entity can be regarded as a single Cooperating Object, which is composed of other simpler Cooperating Objects.

Methodology

In order to gather the correct requirements, eliciting requirements from all the partners involved in this project and main stakeholders, it has been considered necessary to use a suitable methodology. Thus, the VOLERE methodology has been chosen as a start point for this work, adapting its requirements specification template to the particularities and needs of EMMA.

Each of the partners involved in the project follows their own processes in the requirements definition phase of their software design activities. It was important to propose a common tool to formalise the requirements that is easy to use and adapted to the needs of the project. In this context, VOLERE is a straightforward methodology that does not require a complex analysis to be applied. Furthermore, it guarantees the participation of all relevant actors, who are further involved in the design and development that have to fulfil the requirements defined.

The adapted methodology used by EMMA, has allowed the identification, and formalisation of unambiguous requirements, defining different criteria to evaluate and asses not only the correctness of the requirement, but also whether or not they have been fulfilled by the developments carried out within the project.

On the one hand, it is important to make use of a common methodology to gather, classify and assess the requirements a priori. The management of the requirements depends on this common methodology, providing the means to trace the identification, definition, assessment, formalisation and if necessary improvement of the requirements gathered.

On the other hand, the requirements should be the key to evaluate the entire project at the end of the development phase. A set of well-defined and unambiguous requirements is needed, not only as input for any further specification and development, but also as part of the evaluation framework.

In this context, VOLERE defines the gathering process and the shell to register the requirements, classified in 27 categories in 5 main groups:

• Project drivers, the business-related forces. For example, the purpose of the project is a project driver, as are all of the stakeholders—each for different reasons.
• Project constraints, restrictions on how the product must be designed. For example, it might have to be implemented in the hand-held device being given to major customers, or it might have to use the existing servers and desktop computers, or any other hardware, software, or business practice.
• Functional requirements, the fundamental or essential subject matter of the product. They describe what the product has to do or what processing actions it is to take.
• Non-functional requirements, the properties that the functions must have, such as performance and usability. Do not be deterred by the unfortunate type name (we use it because it is the most common way of referring to these types of requirements)—these requirements are as important as the functional requirements for the product’s success.
• Project issues, the conditions under which the project will be done. The reason for including them as part of the requirements is to present a coherent picture of all factors that contribute to the success or failure of the project and to illustrate how managers can use requirements as input when managing a project.

EMMA has adapted this methodology defining a new shell and limiting the number of categories of requirements to be analysed. The project drivers and project issues are relevant to the entire EMMA project and apply to the definition of the project context and framework, already defined at the Description of Work.

Nevertheless, the constraints, functional and non-functional requirements needed to be analysed for each one of the key developments within the project: the middleware, the WICOs, the operating system and the development environment. Each partner in the consortium has helped in the definition of the requirements – especially for the middleware, operating system and development environment requirements.

Each partner has analysed its own needs, identifying the requirements and defining them accordingly to the methodology proposed. The new shell proposed has been the main tool to gather the requirements in a first step, and validate them in a second one.

For each requirement, all fields in the shell were completed in the first step, except for the ones regarding dependencies and conflicts. During the validation process, the entire set of requirements was analysed looking for dependencies and conflicts and proposing solutions, improvements or new definitions when necessary. Ideally, at the end of the process no conflicts should appear, and the number of dependencies should be as low as possible.

Last but not least, it is noteworthy to mention that, even if the methodology followed is focused on the identification of constraints, functional and non functional requirements, the other types considered by Volere, were also studied at a high level to check the overall definition of the EMMA project.

Electronic tool

Aiming at defining an optimum and complete list of requirements, a web tool based on the Volere methodology was developed. This web tool has facilitated the definition and later validation of the EMMA requirements.

For security reasons, the access to the web tool is restricted to authorised users. Anyone can fill in the registration form to request a valid user name and password. This request is processed by the administrator who decides who must be granted access to the website.

If the administrator approves the request, then, an email with the user name and password is sent to the requester. From that moment, the user will be able to access the EMMA requirements definition website.

Access to the web tool is granted after a successful identification on the system.

The application allows the administrator (a special kind of user) to control the status of the validation process from the initial definition to the final list of requirements passing through the required validation and revision status.

Definition of requirements

In this first stage all the requirements needed to accomplish the project objectives must be defined. These will be refined in future stages.

The most useful information and the main functionalities at this stage are available at the home page:

• Create a new requirement. All the fields are required except for “Comments and supporting material” which is optional. The required fields are:
  • Id. Type: The scope of this requirement (WICOs at subsystem, car or supracar level, middleware, IDE, OS). Appended by an automatically generated sequential number, this ID uniquely identifies each requirement.
  • Description: A one sentence statement which describes the intention of the requirement.
  • Type: The Volere type.
  • Rationale: A justification of the requirement.
  • Acceptance criteria: A measurement of the requirement for further verification that the solution matches the original requirement.
  • Satisfaction: The grade of satisfaction for the customer if the requirement is successfully implemented.
• Help: an external link to Volere requirements specification template.
• List of requirements: The complete list of requirements is provided with some options:
  • Filtering options: the list of requirements filtered by id. type and/or filtered by author.
  • Expand table: Show/Hide some columns, displaying more or less information about the requirement.
  • Requirements management:
    • View a requirement
    • Edit a requirement (only available for the author)
    • Delete a requirement (only available for the author)
  • Requirements tracing: After the first requirements evaluation, a new service is made available for keeping track of all the requirements history.

Validation of requirements

After the initial definition of requirements, the validation process begins. All the requirements should be approved by all the users. At this stage, conflicts and dependencies between requirements must be detected. Furthermore, any objection must be pointed out:

• Dependency: Requirements that have some dependency on other requirements.
• Conflict: Requirements that cannot be implemented if another requirement is or conflict due to a bad definition of the requirement.
• Objection: A reason or argument offered in disagreement, opposition, refusal or disapproval of the requirement.

Revision of requirements

All the dependencies, conflicts and objections encountered by the experts during the validation stage must be revised and solved. However, if the authors do not agree with the validator’s opinion, then they can make use of the “Revisor’s comments” option for pointing out their disagreement or clarifying the intention of the requirement. Note that only the authors of the requirements that have to be revised have available the icon for adding comments to the dependency, conflict or objection.

The checkboxes in “Requirements revised” column and “Validator’s approvement” column help the users to check the status of the revision and together with the possibility of adding comments facilitate the interaction and communication between the author and the validator. For security reasons, the checkboxes on the “Requirements revised” column are only enabled for the authors of the requirements who have also enabled the possibility of adding comments. Moreover, for the same reason, the checkboxes on the “Validator’s approvement” column are enabled only for the author of the validation.

The revision process consists of four steps:

• Firstly, the authors should identify which requirements have been objected to or are involved in any conflict or dependency.
• Secondly and after analysing the validator’s opinion:
  • The author may agree with the validator and proceed to modify or delete the requirement.
  • The author may disagree with the validator, therefore he/she should make appropriate comments trying to clarify the requirement with a better explanation or justify the intention of the requirement.
• Thirdly, the author should mark the checkbox of the requirement as revised.
• Finally, the validator should be aware of the revised requirements and approve the actions taken by the author for resolving the dependency/conflict/objection.

Validation process

All the partners involved in the definition of the EMMA requirements filled in the registration form and, after checking their requests, a private email was sent to each of them with the user name and password that granted them access to the web tool.

Three iterations were needed to complete the validation process.

At a first stage, a large list of requirements where defined with the collaboration of ETRA, TRW, USTUTT, ETRI, UNEW and CRF.

After that initial definition of requirements, the status of the process was changed to “1st iteration of validation” and all the partners were invited to evaluate this initial list. On this 1st iteration, several dependencies, conflicts and objections were detected.

Afterwards, the status of the process was changed to “revision” where the authors of the requirements had to revise their requirements taking into account the partners’ opinion.

At that stage, the authors did not always agree with the other partners’ opinion and made use of the “Revisor’s comments” for pointing out their disagreement or clarifying the intention of their requirement.

Finally, all the dependencies, conflicts and objections were resolved. And a new iteration of validation began.

These processes of validation and revision were iteratively released. As said above, a total of three iterations were needed until obtaining an agreement on the list of requirements.

Requirements for the EMMA Middleware

Project drivers

The purpose of the product

The heterogeneity of intelligent transport systems in terms of hardware, operating systems, programming languages, data formats and available resources implies hard problems when designing and developing distributed system applications.

The main purpose of the middleware is to abstract the hardware from the application and provide specific software features thus reducing the complexity. In other words, the application uses the middleware in order to interface with the hardware and to implement features beyond the scope of the application developer.

The middleware aims at facilitating and enhancing the development and deployment of distributed cooperative wireless objects. The middleware provides interoperability and portability of cooperative transport system applications.

Customer and stakeholders

The customers of the middleware are car manufacturers, represented by CRF in the project, and road infrastructure stakeholders, represented by Etra I+D. Furthermore, TRW Conekt contributes to the project as sensing technology expert.

Users of the product

Users of the middleware can come from two different sources:

• On-board sensors manufacturers
• Infrastructure sensors manufacturers

The middleware is designed to support a wide range of heterogeneous sensors. Thus, for demonstration purposes, CRF, TRW Conekt, ETRA and UNEW are going to adapt different sensing technologies in order to demonstrate the benefits of the middleware. These sensing technologies will act at different hierarchical levels:

• Within an automotive subsystem
• At a car level
• At a supra-car level

Project constraints

Mandated constraints

The Motor Industry Software Reliability Association (MISRA) is an organisation in the United Kingdom that promotes safety in automotive software. In 1998, MISRA published its “Guidelines for the Use of the C Language in Vehicle Based Software” that address the ambiguities of the C language and establish coding rules for the automotive industry to get high quality code. The EMMA middleware API shall follow these guidelines (Reference: MW_74). An exception is the use of function pointers in the API since an application can only be coupled loosely to a general middleware and the C programming language does not provide the needed flexibility for this purpose without function pointers.

The EMMA middleware is designed and implemented for running in two different operating systems, Qplus and NanoOS. These operating systems are proprietary of ETRI, a project partner, and will be adapted to accomplish the OS requirements specifications (Reference: MW_06).

The middleware enables interoperability among WICOs. In fact, the middleware supports direct communication between WICOs, which belong to the same composite WICO and external interaction with WICOs acting at a different hierarchical level (Reference: MW_07).

Relevant facts and assumptions

The EMMA middleware shall provide a standardised interface to a wide variety of WICOs thus reducing the development and debugging time needed to implement them.

The middleware will be tested in a set of WICOs at different hierarchical levels. It is assumed that at least three WICOs per level will be implemented in order to demonstrate the benefits of the middleware (Reference: MW_07).

The middleware shall be designed to be used either in infrastructure based environments or mobile environments. Therefore, issues such as mobility and thus dynamic introduction and removal of WICOs shall be considered because they are very common on mobile environments and directly affect the underlying EMMA middleware infrastructure. Furthermore, different devices might be connected to different networks, with different latency and bandwidth. For all these reasons, WICOs shall require middleware services which help the network to evolve and reorganise itself at any moment.

Functional specifications

The EMMA middleware shall be designed to support a wide range of applications running on different WICOs that may also be provided by third-party developers (Reference: MW_22).

The middleware shall detect failures and report them to the application. (Reference: MW_83).

Communication

The middleware shall abstract from the underlying communication technology by providing a high-level addressing mechanism. Therefore, the middleware API shall be independent of the communication protocol. (Reference: MW_51 & MW_84).

The middleware shall support communication between WICOs at the same and different hierarchical level (Reference: MW_59).

Message communication

The middleware shall provide a WICO to WICO message communication mechanism independent of the underlaying communication technology (Reference: MW_51 & MW_85).

Interaction styles

Publish/Subscribe communication

EMMA project shall provide a data-centric middleware which is mostly concerned with the communication of data and not with the publisher. The middleware shall provide mechanisms in order that publisher can announce available data types and consumer can subscribe to feeds of this data (Reference: MW_79).

In mobile sensor networks, network topologies are inherently dynamic because of node mobility and device failures. Nodes can be added and removed from the network frequently thereby creating a change in the network topology. Therefore, mechanisms to dynamically detect WICOS should be provided (Reference: MW_39) and, consequently, mechanisms for managing subscriptions updated according to data availability.

Request/Response communication

Although in general the publish/subscribe model seems more appropriate, certain applications may not be interested in receiving information as soon as possible, but only at precise moments. Thus, WICOs' available data might be discovered by other WICOs to subscribe or explicitly request one value of this data (Reference: MW_72).

Data functions

Basic data validation and aggregation functions like min, max, average and majority voting shall be provided (Reference: MW_77), but also user-defined data validation and aggregation functions should be supported (Reference: MW_78).

Installation

The installation of new modules and updates of existing components is one of the tasks that require close collaboration between the middleware, the operating system, and the development environment. The middleware shall be responsible for code update transmission (Reference: MW_28 & MW_76) and for starting and stopping modules (Reference: MW_20). The actual update of code and the concrete implementation of starting and stopping of modules shall be handled by the underlying operating system in cooperation with the application, since stopping of the module may not be allowed in all states of the system. The IDE shall be responsible for providing the modules in the correct format for the target WICO.

Configuration and monitoring

An integrated monitoring feature on the development environment would be useful for software engineers to debug and test applications and analyse WICOs cooperation in an EMMA network. To enable graphical representation of each WICO's properties in the development environment, the middleware should provide an API for monitoring WICO's properties such as public variables (Reference: MW_70). The monitoring of WICOs in run-time shall allow to produce diagnostics and solve problems easily (Reference: MW_60).

Apart from that, the configuration WICOs and the gathering of the communication and operational status of the middleware is also important (Reference: MW_20). The EMMA middleware shall provide means of configuring WICOs both statically and dynamically depending on the application (Reference: MW_55). Some WICOs may require offline (static) configuration. However, some other WICOs may require dynamic configuration during their execution cycle.

Synchronisation

If the same event is measured by two different WICOs, another WICO receiving data on this event from both measuring WICOs should be able to detect that it is the same event. To achieve this, each data item must contain the timestamp when it was measured (Reference: MW_18). Additionally, data fusion and other collaboration functionalities need WICOS are reasonably synchronized in time. Therefore, WICOS' clocks should be synchronized with the same global clock (Reference: MW_80).

Non-functional requirements

Usability and humanity

Although it is expected that users of the middleware are experienced software developers, the middleware shall be designed for ease of use (Reference: MW_12) and shall offer a simple application programming interface which provides generic abstractions for a wide range of potential applications (Reference: MW_35).

Performance

Scalability

The EMMA network should be easily scalable (Reference: MW_19). The network should be flexible enough to allow its growth anywhere and anytime without affecting network performance. WICOs should be added to (or removed from) an existing network with minimum disturbance. This feature makes it suitable for use in the road infrastructure as well as within the vehicles.

The EMMA middleware shall be scalable in order to support applications with different requirements as well as WICOs with different processing power levels (Reference: MW_45).

Safety-critical situations

Safety-critical applications cannot tolerate delays in their execution time. In the case of hard-real time systems the integration of the middleware should not affect the critical performance of the WICO (Reference: MW_49). These safety-critical applications forces to develop an up-to-date mechanism for keeping time-critical variables updated. This time-synchronization mechanism shall have a resolution of 1 msec (Reference: MW_81).

Finally, data collection and transmission should be initiated by subscriptions or requests in order to avoid unnecessary data transmission from each WICO and avoid network congestion (Reference: MW_38).

Operational

Resources constraints

Many sensing technologies within the vehicle run on hardware with very limited memory and processing power. The minimum version of the EMMA middleware shall be compact enough to fit on embedded target with less than 64K of available memory (Reference: Reference: MW_46).

Initialization

Some safety-critical sensors are required to start operating immediately after they get powered up. Thus the core of the EMMA middleware shall not require more than 1ms to initialise (Reference: MW_48).

Portability

The EMMA middleware application programming interface shall be OS independent and subsequently hardware independent (Reference: MW_56 & MW_16 & MW_57). This feature shall provide the software developer with a high level of abstraction, allowing applications to be designed without hardware or operating system limitations. The middleware shall report errors of the underlying system back to the application (Reference: MW_82). This functionality is particularly important for keeping track of communication failures that could affect the operation of the middleware.

On the other hand, since Nano Esto supports only a C programming/debugging environment, the middleware should be provided in the form of C library (Reference: MW_75). C & C++ programming languages are the most widely used programming languages in the automotive area (Reference: MW_58).

Maintainability and support

EMMA network configuration

The middleware interface should be defined in such a way that allows the creation of EMMA networks and the configuration of WICOs with minimum effort and complexity (Reference:Reference: MW_14).

Software

The EMMA middleware is expected to evolve in the future as increasingly more applications start adopting it. For this reason, interaction between WICOs developed with different EMMA releases should be possible. Thus, the EMMA middleware shall be designed to support backwards compatibility (Reference: MW_44).

The middleware shall be delivered in the form of source code. This shall be well-documented (at least 20% comments) in order to guarantee that the end-product shall need no technical support after the end of the project. Specification and design documents shall provide more detailed support (Reference: MW_15). Additionally, a user guide and API reference shall be provided (Reference: MW_17).

Security

Wireless communication between WICOs shall be secure to ensure data integrity and prevention of interference. The middleware should allow the integration of security software modules (Reference: MW_53).

Requirements for the EMMA Wireless Cooperative Objects

Functional requirements

The scope of the work

A set of WICOs at different hierarchical levels will interact by means of the embedded middleware. These hierarchical levels include:

• WICOs within an automotive subsystem
• WICOs at a car level
• WICOs at a supra-car level

The development of these wireless cooperative objects will allow to test the middleware. Moreover, WICOs at the same hierarchical level shall be able to interact (Reference: W0_03).
In case of WICOs within automotive subsystems, the implementation of engine WICOs should not significantly affect engine design (Reference: W0_08).

Functional and data requirements

Communication

WICOs shall be able to communicate with other WICOs that belong to the same hierarchical level. A set of WICOs belonging to the same hierarchical level shall be able to communicate with other WICOs that belong to different hierarchical levels. For example, the whole engine network should communicate with the rest of EMMA network as a single node (Reference: W0_04).

In mobile environments, the number of WICOs interested in certain information may vary throughout the entire lifetime of the system since WICOs will not be within range all the time. These constraints demand for a flexible communication model considering the dynamic nature of the applications. Thus, once a WICO enters an EMMA network it shall be identified as soon as possible (Reference: W1_02). Then it can announce its public variables and functions in order that interested parties can make use of them. On the contrary, those WICOs that leave the EMMA network shall be identified as inaccesible once they are out of range (Reference: W1_03).

Configuration

A WICO should be configurable statically or dynamically as defined by the manufacturer (Reference: W1_04). Even if dynamic configuration in automotive systems is not very common, it would be useful for application development and sensor performance evaluation if some WICO properties can be modified online, while the sensor is in operation.

Publisher/Consumer

A WICO can act as a publisher, consumer or both. A publisher shall produce information while a consumer shall receive information.

At the supra-car level, smartdust devices are the most potential device to be used. If so, they would gather and later forward information on the environment, such as temperature, light level, sound, magnetic field, and humidity (Reference: W2_06). Environmental information could be very valuable for transport applications.

Non-functional requirements

Performance requirements

Energy efficiency

The primary constraint in the design of the smartdust motes is volume, which in turn puts a severe constraint on energy since we do not have much room for batteries or large solar cells. This will have an effect on the lifetime of the smartdust. Thus, the motes must operate efficiently and conserve energy whenever possible.

The EMMA project will investigate an energy efficient and distributed way of data forwarding/gathering between the WICOs at the infrastructure and WICOs at the car level (Reference: W2_01 & W2_02). In fact, centralised control methods could be not suitable since a failure in the central device would affect the entire sensor network.

Reliability

A WICO shall be able to control EMMA communications without compromising system performance & reliability (Reference: W1_00). Some WICOs shall incorporate hard-real time functions. Thus the overall system performance shall not be affected by introducing EMMA.

Availability

The smartdust devices shall control their radio ranges while maintaining fully connected topology (Reference: W2_00).

Operational requirements

WICOs shall have a unique identifier in the EMMA network (Reference: W1_07). For this purpose, a WICO identification method shall be defined. Once a WICO has been identificated in the EMMA network it can start a wireless communication with other WICOs within its range. The middleware shall support communication with wireless sensor networks composed of smartdust devices (Reference: W2_03). More specifically, communication among smartdust devices shall be using Zigbee physical and medium access (MAC) layer protocols (Reference: W2_07). In addition to that the smartdust devices shall support external interface via RS232, USB, Ethernet or Zigbee. These may also be used for communication with other sensors (Reference: W2_08).

Security

Wireless networks are susceptible to interference which can cause data corruption, that means errors during transmission or retrieval. For this reason, mechanisms that ensure the integrity of data shall be provided. Furthermore, an strategy that guarantees security and privacy of data in an EMMA network will be studied (Reference: W1_08). Therefore, WICOs protected data shall only be accesible by authorised users (Reference: W1_09).

Project issues

Costs

The cost of adapting existing sensors into EMMA compatible WICOs or developing new WICOs shall not affect the overall cost of the sensor significantly. Low cost is one of the major criteria of acceptance of a new technology. This could be managed due to low memory and processing requirements (Reference: W1_06).

Requirements for the Development Environment

Functional requirements

Application-specific kernel configuration

Wireless sensor nodes have various resource constraints, and one of them is limited program memory capacity. Generally, it is not easy to upload all the features of an operating system to the sensor nodes, and therefore there exists a need for a configuration tool which builds an application-specific kernel. In that respect, the development environment will provide a kernel configuration tool for Nano OS for EMMA’s sensing middleware (Reference: DE_08).

Dynamic Deployment

An EMMA network shall consist of WICOs which are the nodes. Thus the development environment should help the user create an EMMA network with different WICOs by adding and removing them from a database (Reference: DE_14).

The development environment shall provide a GUI to graphically represent the various WICOs within the EMMA network and their interactions (Reference: DE_13). Graphical representation of entities could be very useful for managing and configuring complex networks with many different WICOs.

Each WICO shall have its own properties that could be accessed through the development environment GUI. This properties (i.e. public variables) shall be stored in a database that the user will also be able to update through the GUI (Reference: DE_12).

Moreover, the development environment shall support import/export of WICOs from different manufacturers from the EMMA network (Reference: DE_16).

As cooperating objects can be deployed in parts of a vehicle that are hard to access, the development environment shall provide specific support for dynamic deployment of software running on these systems (Reference: DE_09). This way it will be possible to easily install and update software on each cooperating object(Reference: DE_21). This work is achieved by replacing an old application with new one using wireless protocols.

Debugging

Debugging the code of cooperating objects in embedded systems is difficult since usually do not provide direct outputs to developers. Although simulation can be helpful tool when testing such software, the exact behaviour of a cooperating object can only be debugged if the code is run on the actual hardware. The EMMA development environment shall provide support to debug software components running on the actual hardware (Reference: DE_10). It shall be able to operate with debugging information received from the cooperating objects.

Additionally, the development environment’s debugger shall provide a data datalogger as part of its interface where the EMMA communication commands could be logged (Reference: DE_11). This feature shall allow capture and analyse data for testing the communication system.

Off-the-self solutions

The development envinronment shall be able to provide debugging functionality only with a GNU toolchain (Reference: DE_18). Both Esto and NanoEsto debugging interface shall be restricted to GNU's GDB.

Remote Monitoring

After deployment of all WICOs, software engineers should be able to validate functionalities of the systems. They may check out detailed status information of each WICO by setting up a direct connection to it. It is, however, not easy to capture behaviours of part of or the whole networked systems in such an environment. The EMMA development environment shall allow engineers to monitor various WICOs within an EMMA network and their interactions with support of the EMMA middleware’s data-gathering mechanism.

Version control tool

The development environment may support a version control tool (Reference: DE_17). It would be useful to keep track of the version of the database released to the rest of the consortium to confirm we are all using the same version.

Application development

The development environment shall provide support for using, compiling and linking software libraries (Reference: DE_20). Actually, the EMMA middleware and OS will exist in the form of libraries. Thus the development environment shall provide support for compiling all these libraries into a single image, which could be downloaded to the target WICO.

Non-functional requirements

Usability and humanity requirements

The development environment shall be user friendly, that means intuitive and easy to use (Reference: DE_07), and shall facilitate the implementation of embedded software for cooperative sensing objects thus reducing the development and debugging time needed to implement embedded software for WICOs (Reference: DE_01). For this purpose, the embedded system development toolset Nano-Esto for Nano-Qplus shall include an IDE, a kernel configuration tool, an emulator-based debugger, an economic firmware debugging with JTAG technology, and a sensor network simulator. On the other hand, the embedded system development toolset Esto for the Qplus shall also include a remote and non-stop debugger, a remote monitoring tool, an optimization and analysis tool for low power and a timing analyzer.

Requirements for the Operating System

Project constraints

Mandated constraints

To design the middleware it is necessary to have some experience with the OS and know its features and restrictions, therefore QPlus and NanoOS will be available and fully functional before the design phase of the middleware (Reference: OS_18).

Funtional requirements

Communication

The project is focused on the cooperation between wireless objects. For this purpose, the operating system shall provide wireless communication features that shall be used by the middleware to achieve cooperation (Reference: OS_00). These features shall include data transmission to and reception from other cooperation objects.

Apart from those wireless communication features, the operating system shall provide interfaces to communicate with the sensors and/or any other physical device acting as a hardware abstraction layer (Reference: OS_01). These interfaces shall allow to query sensor data or even send commands to the sensor device.

Multithreading

Complex WICOs will require individual threads assigned to each of the multiple application areas running on its ECU. Meanwhile, the simpler WICOs will require at least some form of interrupt handling and prioritisation for high speed response control. Therefore, the OS shall support multi-threaded applications and shall support interrupt handling mechanisms (Reference: OS_13).

Furthermore, the operating system shall provide a resource management system (Reference: OS_11) because in multi-task applications, shared resources should not be accessed at the same time to avoid inconsistencies and not desirable behaviour.

Fault tolerance

The operating system is responsible for reporting all types of faults (hardware or software related). These failures shall be handled and reported in order to act accordingly (Reference: OS_14).

Regarding to communication errors, mechanisms for detecting and recovering from channel errors, delays, packet losses, etc should be provided (Reference: OS_17). The implementation of this feature would increase reliability.

Timing features

The operating system shall provide timers which could be used in developing applications (Reference: OS_15). These timers (especially real-time) are essential in developing embedded and other applications, as well as developing system drivers.

Middleware support

The operating system shall provide an update mechanism to facilitate the middleware updates (Reference: OS_16).

Non-functional requirements

Operational requirements

The operating system shall be used by WICOs to run the middleware and also for testing applications. The operating system shall support the x86 and PowerPC architectures and those used in smartdust devices (Reference: OS_02). Moreover, the OS shall be compatible with the embedded Motorola PowerPC 405 F6 processor, attached to a Xilinx Virtex-4 ML403 Embedded Platform. This platform will be used by TRW sensors as part of implementing the validation applications (Reference: OS_04).

Maintainability and support requirements

New releases of the OS should not cause any inconvenience but new versions shall be backwards compatible (Reference: OS_09). This feature will ensure prolonged use of the OS for those applications running on it.

Project issues

User documentation and training

The OS shall provide an API and user documentation shall be supplied as part of it in order to facilitate developing drivers for system devices (Reference: OS_05). This will reduce the cost of implementing many different drivers and prevent incompatibilities with the OS.

Conclusions

The identification and formalisation of requirements is always a critical phase in any engineering process. A well-structured list of requirements, started by the discussion and agreement between the different actors involved in the project, is the key of any future success. Without this list, it would be impossible to fulfil all the expectations, leading to a situation where no one would know exactly what the expected outcome of its work was.

Indeed, it is a very dangerous situation when a group of partners with a common goal – like the EMMA consortium – does not have a clear idea of the common way to be followed. The list of requirements is the last step, but not the least, to identify expectations, needs, and interactions between the different partners in the consortium. The preliminary analysis made when the project was launched, has been formalised and structured to introduce the list of requirements for the different key pieces developed in the project: the middleware, the WICOs, the operating system and the development environment.

Further work packages and deliverables will take over the responsibility of fulfilling these requirements: WP2 will deal with the sensing technologies to be adapted and WP5 with the development of the WICOs; WP3 will produce the EM2P, and finally WP4 and WP9 will provide the development environment and the OS needed.

Glossary

• API: Application Program Interface
• CAN: Controller Area Network
• DE: Development Environment
• ECU: Electronic Control Unit
• EM2P: EMMA Embedded Middleware Platform
• GCC: GNU Compiler Collection
• GPS: Global Positioning System
• IDE: Integrated Development Environment
• JTAG: Joint Test Access Group
• MAC: Media Access Control
• MISRA: Motor Industry Software Reliability Association
• MW: Middleware
• OBD: On Board Diagnostics
• OS: Operating System
• OSEK: Open Systems and their interfaces for the Electronics in Motor vehicles
• USB: Universal Serial Bus
• VM: Vehicle Manufacturer
• WICO: Wireless Cooperative Object
• WiFi: Wireless Fidelity
• WP: Work Package