Soft-RT PLC runtime heart¶
This chapter captures the requirements for using taktora-executor as the runtime
heart of a soft-real-time PLC. It follows from the gap analysis between
typical PLC architecture (Beckhoff TwinCAT, Siemens TIA, B&R Automation
Studio, Rockwell Logix) and the abstractions taktora-executor provides today.
The decomposition is two-tier:
Top-level feature — PLC runtime heart on iceoryx2 (FEAT_0010) — the umbrella capability.
Sub-features — capability themes, each one
:satisfies:the top-level feature.Requirements — concrete shall-clauses that
:satisfies:a sub-feature.
Sub-features are grouped into foundation capabilities (already provided by taktora-executor v0.1) and gap capabilities (must be added before the runtime credibly serves as a soft-RT PLC heart). Foundation reqs reference the existing API surface; gap reqs describe TBD work.
The umbrella decomposes into fourteen sub-features, each on its own page (see the toctree). Foundation capabilities — cyclic scan execution (Cyclic scan execution (FEAT_0011)), event-driven I/O dispatch (Event-driven I/O dispatch (FEAT_0012)), deterministic logic sequencing (Deterministic logic sequencing (FEAT_0013)), cycle-time watchdog (Cycle-time watchdog (FEAT_0014)), real-time worker scheduling (Real-time worker scheduling (FEAT_0015)), and cooperative shutdown (Cooperative shutdown (FEAT_0016)) — already exist in taktora-executor v0.1. Gap capabilities — bounded-time dispatch (Bounded-time dispatch (FEAT_0017)), cycle-overrun fault primitive (Cycle-overrun fault primitive (FEAT_0018)), mode / state-machine framework (Mode / state-machine framework (FEAT_0019)), retentive state (Retentive state (FEAT_0020)), scan-cycle observability (Scan-cycle observability (FEAT_0021)), PREEMPT_RT validation harness (PREEMPT_RT validation harness (FEAT_0022)), fieldbus integration interface (Fieldbus integration interface (FEAT_0023)), and the framework internal-fault model (Framework internal-fault model (FEAT_0024)) — are prerequisites for credibly calling the runtime a soft-real-time PLC heart.
Top-level feature¶
A Rust runtime that schedules, sequences, and observes the cyclic execution of PLC-style logic (read inputs → run logic → write outputs) under soft-real-time constraints, with iceoryx2 as the inter-process data plane. The runtime targets non-safety industrial automation, robotics control loops, and machine-monitoring scenarios. Hard-real-time bounds, safety certification, IEC 61131-3 frontends, hot-standby, and specific fieldbus protocol stacks are explicitly out of scope; the runtime integrates with such concerns but does not implement them. |
Requirements at a glance¶
ID |
Title |
Status |
Satisfies |
|---|---|---|---|
Cyclic scan execution |
open |
||
Event-driven I/O dispatch |
open |
||
Deterministic logic sequencing |
open |
||
Cycle-time watchdog |
open |
||
Real-time worker scheduling |
open |
||
Cooperative shutdown |
open |
||
Bounded-time dispatch |
open |
||
Cycle-overrun fault primitive |
open |
||
Mode / state-machine framework |
open |
||
Retentive state |
open |
||
Scan-cycle observability |
open |
||
PREEMPT_RT validation harness |
open |
||
Fieldbus integration interface |
open |
||
Framework internal-fault model |
open |
||
Configurable scan period |
implemented |
||
One execution per scan period |
implemented |
||
Scan-cycle execution observability |
implemented |
||
Subscriber-triggered ingestion |
implemented |
||
Publisher-driven emission |
implemented |
||
Zero-copy IPC transport |
implemented |
||
Notification-drop visibility |
implemented |
||
Sequential chain execution |
implemented |
||
Parallel DAG execution |
implemented |
||
Abort propagation |
implemented |
||
Conditional inclusion |
implemented |
||
Subscriber deadline detection |
implemented |
||
Per-execute timing visibility |
implemented |
||
Core-affinity assignment |
implemented |
||
SCHED_FIFO priority on Linux |
implemented |
||
Signal-driven shutdown |
open |
||
Programmatic shutdown wakeup |
implemented |
||
No heap allocation in dispatch |
implemented |
||
Statically-sized task pool |
open |
||
Pre-allocated error slot |
implemented |
||
Wait-free completion signalling |
open |
||
Per-task overrun fault transition |
implemented |
||
Executor-wide overrun fault transition |
implemented |
||
Fault-handler item dispatch |
implemented |
||
Fault state observability |
implemented |
||
Mode lifecycle |
open |
||
Mode transition triggers |
open |
||
Per-mode task gating |
open |
||
Mode change observability |
open |
||
Process-restart persistence |
open |
||
Memory-mapped backing |
open |
||
Crash-atomic checkpoints |
open |
||
Recovery status reporting |
open |
||
Per-task latency percentiles |
implemented |
||
Per-task maximum jitter |
implemented |
||
Per-task overrun counter |
implemented |
||
Statistics query API |
implemented |
||
Allocation-free telemetry update |
implemented |
||
Per-task exact min/max execute duration |
implemented |
||
Per-task deadline lateness |
implemented |
||
Per-task scan index and faulted-scan emission |
implemented |
||
Documented worst-case jitter |
draft |
||
Cyclictest-style benchmark harness |
draft |
||
Documented reproducer procedure |
draft |
||
Harness consumes runtime telemetry |
draft |
||
Adapter-driven I/O |
open |
||
Out-of-tree driver crates |
open |
||
Protocol-neutral runtime |
open |
||
Framework-invariant violation triggers fail-fast |
draft |
||
User-item panic is contained, not a fail-fast |
implemented |
||
User-registered fatal handler |
draft |
||
Absolute-grid cyclic dispatch (bounded long-run lateness) |
implemented |
||
Run-loop immunity to spurious wait interruptions |
implemented |
||
Tight dispatch-thread timer slack |
implemented |
||
Per-task skipped-slot count |
implemented |
||
Exact-extreme SLO conformance gate |
implemented |
||
Sub-octave percentile precision |
draft |
||
At-most-one borrowed-job submit per barrier phase |
implemented |
- Cyclic scan execution
- Event-driven I/O dispatch
- Deterministic logic sequencing
- Cycle-time watchdog
- Real-time scheduling
- Cooperative shutdown
- Bounded-time dispatch
- Cycle-overrun fault primitive
- Mode / state-machine framework
- Retentive state
- Scan-cycle observability
- PREEMPT_RT validation harness
- Fieldbus integration interface
- Framework internal-fault model
Cross-cutting traceability¶
Every requirement in this chapter :satisfies: exactly one parent feature;
every sub-feature :satisfies: PLC runtime heart on iceoryx2 (FEAT_0010). The needtables on
this page and on PLC runtime — architecture will populate as
spec artefacts are authored.
ID |
Title |
Status |
Satisfies |
|---|---|---|---|
PLC runtime heart on iceoryx2 |
open |
||
Cyclic scan execution |
open |
||
Event-driven I/O dispatch |
open |
||
Deterministic logic sequencing |
open |
||
Cycle-time watchdog |
open |
||
Real-time worker scheduling |
open |
||
Cooperative shutdown |
open |
||
Bounded-time dispatch |
open |
||
Cycle-overrun fault primitive |
open |
||
Mode / state-machine framework |
open |
||
Retentive state |
open |
||
Scan-cycle observability |
open |
||
PREEMPT_RT validation harness |
open |
||
Fieldbus integration interface |
open |
||
Framework internal-fault model |
open |
Safety refinements¶
The PLC runtime (taktora-executor) carries four TSRs from the SEooC
safety concept (see Technical Safety Concept — TSRs):
Integrity-level declaration... (TSR_0003) (integrity-level declaration and process isolation for executable items) — draft;
ExecutableItemtrait and registration API need an integrity-level field. See Process boundary as spatial... (ADR_0050).Missed-deadline detection w... (TSR_0004) (missed-deadline detection within one cycle) — implemented by the executor’s existing deadline monitor.
Cross-process hosting mode (TSR_0009) (cross-process hosting mode) — draft; the executor must support a mode that hosts only SC items and cross-references QM items via iceoryx2.
Heartbeat for Element B mon... (TSR_0010) (heartbeat for Element B monitor) — draft; no liveness heartbeat surface exists today.