mirror of
https://github.com/RIOT-OS/RIOT.git
synced 2025-01-16 19:32:49 +01:00
6ea67abefc
Initial commit of document.
337 lines
15 KiB
Markdown
337 lines
15 KiB
Markdown
|
||
- RDM: 1
|
||
- Title: RIOT Design Goals
|
||
- Author: Daniel Petry
|
||
- Status: Active
|
||
- Type: Consensus
|
||
- Created: May 2019
|
||
|
||
## Abstract
|
||
|
||
This document presents key design aspects of the RIOT operating system: its
|
||
application contexts and design rationales. It aims to reflect a consensus on
|
||
the reasoning behind RIOT design, in order to help new contributors get up to
|
||
speed more quickly and provide common ground for technical debates.
|
||
|
||
## Status
|
||
|
||
This document is a product of the community of RIOT maintainers, and aims to
|
||
represent the consensus within this community. The content of this document is
|
||
licensed with a Creative Commons CC-BY-SA license.
|
||
|
||
## Terminology
|
||
|
||
Throughout this document, the term "users" refers to developers who are using
|
||
RIOT as a basis to implement application software, without editing RIOT's
|
||
source code. The term "developers" refers to contributors to the source code of
|
||
RIOT.
|
||
|
||
# 1. Introduction
|
||
|
||
The RIOT developer community has grown from a state of a few developers in
|
||
relatively close contact to a highly distributed worldwide organisation with
|
||
members joining continuously. As a result, passing on underlying understanding
|
||
and assumptions that drive design decisions via word-of-mouth is no longer
|
||
feasible.
|
||
|
||
This document represents the consensus on a set of generalised, loose
|
||
requirements for RIOT (in a voluntary open source context, gathering strict
|
||
requirements is neither possible nor welcome).
|
||
|
||
The first section discusses some of the concrete [use cases](#2-use-cases)
|
||
which RIOT is driven by, to give a broad awareness to the developer where and
|
||
how their features will be used. Based on this bigger picture, the [design
|
||
philosophies](#3-design-philosophies) in the second section provide specific
|
||
guidance for design. These include a focus on constrained devices, a short
|
||
learning curve, and the versatility to support a huge variety of devices and
|
||
functionality.
|
||
|
||
# 2. Use cases
|
||
|
||
RIOT is a general purpose IoT operating system for low-end devices, such as
|
||
those described in [1]. These devices have a low memory footprint of kilobytes
|
||
rather than megabytes, going down to a few kilobytes in certain cases. As such,
|
||
RIOT targets separate use cases from embedded Linux. Below is a comprehensive,
|
||
but non-exhaustive list of RIOT use cases, including the general requirements
|
||
placed on the devices for each one.
|
||
|
||
These requirements demonstrate the need for RIOT to support an extremely large
|
||
number of hardware configurations: various microcontrollers bundled with
|
||
various sensors and actuators and various network transceivers (radio and
|
||
wired). On these, a large variety of software configurations is run: various
|
||
link layer technologies and network protocol stacks, serving user application
|
||
logic requiring various levels of complexity, reliability, or real-time
|
||
support.
|
||
|
||
## 2.1. Environmental sensing
|
||
|
||
Networks of remote sensor nodes can be deployed to monitor the environment (air
|
||
composition, temperature, light intensity, water quality...), or
|
||
assist with urban planning. These devices can be distributed on their own or
|
||
fit to infrastructure. In particular, the devices need to:
|
||
|
||
- Collect data on timescales of the order of hours or longer.
|
||
- Potentially be able to send data over long ranges with low power.
|
||
- Potentially operate for years without power infrastructure or maintenance.
|
||
|
||
## 2.2. Rapid prototyping, research, and experimentation
|
||
|
||
In experimentation and hacking situations, development needs to be easily
|
||
accessible, and allow a short development time and quick results. In
|
||
particular, this means that the software and hardware should:
|
||
|
||
- Let users easily write, load and run applications.
|
||
- Let users easily port third party libraries.
|
||
- Be usable with or without different features, including networking.
|
||
- Come with an easy-to-use, versatile toolkit that has a minimum of setup time.
|
||
- Let users easily run the same programs on different hardware.
|
||
|
||
## 2.3. Logistic tracking
|
||
|
||
Sensors that record environmental conditions and location can be used to manage
|
||
goods in transit. In particular, these sensors need to:
|
||
|
||
- Last for several months without charging.
|
||
- Securely collect, store and transmit sensitive data.
|
||
- Send data over long ranges to regional infrastructure.
|
||
|
||
## 2.4. Physical system monitoring and control
|
||
|
||
Distributed networks of sensors (torque, rotary position...) and actuators
|
||
(motors, solenoids...) can be employed in certain control applications, such as
|
||
automotive systems, robotics, or Industry 4.0. In particular, the nodes need to:
|
||
|
||
- Collect and send data with a low latency, or at least a well synchronized
|
||
timestamp.
|
||
- Potentially run control algorithms themselves.
|
||
- Have the timing precision to support time sensitive control.
|
||
|
||
## 2.5. Edge systems for building management and automation
|
||
|
||
Various sensing (light, temperature, humidity...) and environmental control
|
||
tasks (heating, ventilation, access control...) can be done by edge nodes in
|
||
buildings. In particular, the nodes need to be able to:
|
||
|
||
- Connect to building management system components from a range of vendors
|
||
via a range of domain specific protocols, such as BACnet and Modbus.
|
||
- Integrate with in-house cyber security management systems.
|
||
|
||
## 2.6. Smart home
|
||
|
||
Smart home use cases have monitoring and control aims which overlap with
|
||
commercial building management. However, in the smart home there is less
|
||
technical equipment, different protocols, and different system management
|
||
criteria. In particular, the nodes here need to be able to:
|
||
|
||
- Connect to home networking equipment from a range of vendors via common
|
||
protocols for constrained devices in the home, such as BLE, 802.15.4 and
|
||
WiFi.
|
||
- Ensure the privacy of end users in an easy-to-use fashion.
|
||
|
||
## 2.7. Daughterboards
|
||
|
||
Plug-in boards can give devices immediate support for a protocol or standard,
|
||
or let them outsource a task from the main processor. In particular, this
|
||
requires the board to:
|
||
|
||
- Support on-chip low-level wired communication.
|
||
|
||
## 2.8. Education
|
||
|
||
The broad technical scope of RIOT makes it useful as a basis for education.
|
||
In particular, this requires:
|
||
|
||
- The presence of didactic materials related to RIOT.
|
||
- The presence of tooling suitable to a classroom context.
|
||
|
||
# 3. Design philosophies
|
||
|
||
Below are the design philosophies that are typically followed by developers to
|
||
cater for the above use cases. The sections below include descriptions of
|
||
tradeoffs between the philosophies, and where the resolutions typically fall.
|
||
|
||
## Suitability for constrained devices
|
||
|
||
"Constrained" means that available memory, energy, and processor cycles are so
|
||
reduced as to become a dominant consideration in design requirements [1].
|
||
|
||
#### Energy efficiency
|
||
|
||
RIOT nodes sometimes need to last for several years without external power, so
|
||
they need to manage energy carefully. RIOT's tickless scheduler lets devices
|
||
sleep while they aren't active.
|
||
|
||
Developers of modules outside the core should leverage the benefits and address
|
||
the programming challenges of such a scheduler. An idling device should
|
||
conserve energy wherever possible, by default. For case specific power
|
||
management, appropriate control should be available to the user. This should
|
||
not include having to cope with scheduler details or set hardware power modes
|
||
explicitly.
|
||
|
||
#### Small memory footprint
|
||
|
||
Apart from being optimized for low memory usage, RIOT is modular so unused
|
||
features don't use up precious RAM or flash. Almost all features are provided
|
||
as optional modules that have to be enabled explicitly at compile time. A
|
||
minimal RIOT configuration starts at around <2KiB flash and <1.5KiB RAM
|
||
(including stack space for one thread and ISRs).
|
||
|
||
Starting from there, the memory usage depends on the enabled features:
|
||
|
||
- Non-networked control loop / sensing applications can fit on very small MCUs
|
||
(eg., an Atmega328P with 2KiB RAM)
|
||
- 6lowPAN networking currently starts at ~40KiB ROM and ~10KiB RAM
|
||
- A 6LoWPAN enabled CoAP server and COSE end-to-end security (with ed25519
|
||
signatures in software) requires ~60KiB ROM and ~15KiB RAM
|
||
- a file system adds ~15 KiB ROM and ~2 KiB RAM
|
||
|
||
#### Networking
|
||
|
||
RIOT should deliver communication robustness and interoperability. We prefer
|
||
open standards over proprietary solutions.
|
||
|
||
The interfaces to network stacks (netdev, sock) are designed to be agnostic to
|
||
the stack itself. The stacks themselves can therefore be interchanged freely.
|
||
The design of the default networking stack (GNRC) prioritizes modularity and
|
||
extensibility over memory usage. This ensures that users can adapt the stack to
|
||
their use cases, and developers can easily extend it as further standards and
|
||
amendments are published.
|
||
|
||
## Short learning curve
|
||
|
||
RIOT's use cases involve makers, researchers in (non-)computer science fields,
|
||
broadly skilled engineers making vertically integrated IoT proofs-of-concept,
|
||
and experienced embedded C developers.
|
||
|
||
These should be comfortable using RIOT and its tooling, on typical platforms.
|
||
RIOT should demand as little RIOT-specific learning as possible. It should,
|
||
therefore, adhere to common systems and networking standards.
|
||
|
||
## Versatility
|
||
|
||
The use cases for real-time embedded systems are manifold, and so are their
|
||
requirements. Therefore, design decisions in RIOT should not prefer one
|
||
technology or one protocol over another.
|
||
|
||
Default configurations should support as many users and use cases as possible.
|
||
RIOT should aim at providing everything users need, either in its code base or
|
||
in the external packages it supports. The list of hardware, algorithms and
|
||
other elements that RIOT supports should constantly be expanding.
|
||
|
||
## Vendor and technology independence
|
||
|
||
Vendors and technologies are supported equally, except for a bias towards open
|
||
standards. This means users can choose what's best for them, without being led
|
||
by RIOT. Moreover, RIOT is Free Software [2], which means users are free to use
|
||
it as they wish without lock-in.
|
||
|
||
## Modularity
|
||
|
||
RIOT decomposes into fine-grained modules. This level of modularity lets RIOT
|
||
address many different memory, functionality, and performance demands. It also
|
||
helps development efforts to scale in a widely distributed community.
|
||
|
||
Modules should be abstracted from one another as cleanly as possible. It should
|
||
be easy for users to manage or exploit this modularity, for example through
|
||
configuration methods, easy integration of third-party source code, or
|
||
different levels of modularity. The granularity of sub-modules for a module
|
||
should be chosen pragmatically, taking the type, context, and impact of the
|
||
module into account. Users shouldn't want to split modules, but they shouldn't
|
||
be unnecessarily fine-grained either.
|
||
|
||
## Cross-hardware portability
|
||
|
||
Users might want to write a program for one piece of hardware, and later run it
|
||
on another. RIOT should let user code be completely portable, so long as it
|
||
remains valid with the hardware.
|
||
|
||
The hardware abstraction layer should be stable, well defined and consistent.
|
||
Above the HAL, the only thing that modules should know about hardware is
|
||
whether its build dependencies are provided or not. If they aren't, the module
|
||
should adapt accordingly, or not compile.
|
||
|
||
## Real-time capabilities
|
||
|
||
Different real-time guarantees are required for different use cases. Low
|
||
frequency sensing needs only soft real-time support and can handle less timing
|
||
accuracy so long as the timers support long timescales. Sensing and control
|
||
applications which do not require hard real-time guarantees are also supported.
|
||
|
||
RIOT should deliver soft real-time guarantees which address the use cases given
|
||
in section 2. It should provide timers which can competently handle the
|
||
timescales of any application.
|
||
|
||
## Interoperability
|
||
|
||
RIOT nodes need to communicate reliably with non-RIOT nodes by carefully
|
||
implementing open protocol standards or identical technological specifications.
|
||
|
||
RIOT should support standards once they have reached a certain level of
|
||
maturity and popularity. It should be configurable so that users can choose
|
||
which (optional) features of specifications they want to include. Whatever the
|
||
configuration, nodes should handle all possible traffic in a compliant manner.
|
||
|
||
## Stability
|
||
|
||
Nodes shouldn't fail because of RIOT, whatever the platform. Assuming perfect
|
||
hardware and a moderately well-written application, they should be able to run
|
||
indefinitely.
|
||
|
||
The testing and peer review processes that ensure this should be under
|
||
continuous review and refinement, including automating them where it's
|
||
possible. Error handling should guarantee stability with minimal memory usage.
|
||
|
||
## Unified APIs
|
||
|
||
RIOT wants to ease development for users by providing a similar "look and feel"
|
||
across all our APIs.
|
||
|
||
RIOT's interfaces should only differ in the ways that their modules differ.
|
||
Where possible, layers should exist that sit on top of a certain class of
|
||
modules to give an identical interface to the user. Semantic and naming
|
||
conventions should be consistent throughout the system.
|
||
|
||
## Cyber security
|
||
|
||
RIOT nodes need to be resilient against cyber attacks.
|
||
|
||
It should be hard against all the threats a node is likely to experience,
|
||
depending on the situation, including those from computers with many times
|
||
their processing power. Security should be as easy to use as possible while
|
||
still strong. Security flaws should be patched as quickly as possible by
|
||
servicing a security alert channel with high priority. Convenient updating
|
||
mechanisms should allow users to apply patches to their nodes, wherever they
|
||
are.
|
||
|
||
# Acknowledgements
|
||
|
||
This document follows previous work on documenting RIOT's design priorities [3]
|
||
[4].
|
||
|
||
Thanks to E. Baccelli, K. Bannister, M. Lenders, M. Rottleuthner, K. Schleiser,
|
||
T. Schmidt, M. Waehlisch, K. Zandberg, and all others who have contributed to
|
||
the review of this document.
|
||
|
||
# References
|
||
|
||
[1] [C. Bormann, M. Ersue, A. Keranen: "Terminology for Constrained-Node
|
||
Networks.", RFC, No. 7228, RFC-Editor, May 2014.](https://tools.ietf.org/html/rfc7228) \
|
||
[2] [“What Is Free Software?” _GNU Operating System_, 15 Dec. 2018,
|
||
www.gnu.org/philosophy/free-sw.en.html.](https://www.gnu.org/philosophy/free-sw.en.html) \
|
||
[3] [Emmanuel Baccelli, Oliver Hahm, Mesut Günes, Matthias Wählisch, Thomas C.
|
||
Schmidt, "RIOT OS: Towards an OS for the Internet of Things," in Proceedings of
|
||
the 32nd IEEE International Conference on Computer Communications (INFOCOM),
|
||
Poster, p. 79–80, IEEE Press, April 2013.](https://www.riot-os.org/docs/riot-infocom2013-abstract.pdf) \
|
||
[4] [E. Baccelli, C. Gündogan, O. Hahm, P. Kietzmann, M. Lenders, H. Petersen,
|
||
K. Schleiser, T.C. Schmidt, M. Wählisch: "RIOT: an Open Source Operating System
|
||
for Low-end Embedded Devices in the IoT", IEEE Internet of Things Journal, Vol.
|
||
5, No. 6, p. 4428- 4440, IEEE, December 2018.](http://ilab-pub.imp.fu-berlin.de/papers/bghkl-rosos-18-prepub.pdf)
|
||
|
||
# Revisions
|
||
|
||
Rev0: initial document
|
||
|
||
## Contact
|
||
|
||
The author of this memo can be contacted via email at danielpetry@cantab.net
|