A Multi-Modal Composability Framework for Cyber-Physical Systems

Similar documents
A Modal Specification Approach for Assuring the Safety of On-Demand Medical Cyber-Physical Systems

Analysis and Implementation of Global Preemptive Fixed-Priority Scheduling with Dynamic Cache Allocation

Introduction to the Distributed Real-Time System

Resource-bound process algebras for Schedulability and Performance Analysis of Real-Time and Embedded Systems

AirTight: A Resilient Wireless Communication Protocol for Mixed- Criticality Systems

Mixed Criticality Scheduling in Time-Triggered Legacy Systems

Formal Modeling and Analysis of Stream Processing Systems

RT- Xen: Real- Time Virtualiza2on. Chenyang Lu Cyber- Physical Systems Laboratory Department of Computer Science and Engineering

Schedulability Analysis of AADL Models

AUTOBEST: A United AUTOSAR-OS And ARINC 653 Kernel. Alexander Züpke, Marc Bommert, Daniel Lohmann

ARTIST-Relevant Research from Linköping

Chapter 39: Concepts of Time-Triggered Communication. Wenbo Qiao

Static Analysis of Embedded Systems

Overhead-Aware Compositional Analysis of Real- Time Systems

Analysis and Implementation of Global Preemptive Fixed-Priority Scheduling with Dynamic Cache Allocation

Pattern-Based Analysis of an Embedded Real-Time System Architecture

Scheduling Multi-Periodic Mixed-Criticality DAGs on Multi-Core Architectures

Model-based Architectural Verification & Validation

Composition of State Machines

Constructing and Verifying Cyber Physical Systems

Context. Hardware Performance. Increasing complexity. Software Complexity. And the Result is. Embedded systems are becoming more complex every day:

Context. Giorgio Buttazzo. Scuola Superiore Sant Anna. Embedded systems are becoming more complex every day: more functions. higher performance

Real-Time Component Software. slide credits: H. Kopetz, P. Puschner

Overhead-Aware Compositional Analysis of Real-Time Systems

Deterministic Ethernet & Unified Networking

Timing Analysis on Complex Real-Time Automotive Multicore Architectures

An Introduction to TTEthernet

A Modeling Framework for Schedulability Analysis of Distributed Avionics Systems. Pujie Han MARS/VPT Thessaloniki, 20 April 2018

Cyber-Physical System Checkpointing and Recovery

Mobile and Heterogeneous databases Distributed Database System Transaction Management. A.R. Hurson Computer Science Missouri Science & Technology

RT- Xen: Real- Time Virtualiza2on from embedded to cloud compu2ng

CARTS. A Tool for Compositional Analysis of Real Time Systems

Model-based Analysis of Event-driven Distributed Real-time Embedded Systems

AADL v2.1 errata AADL meeting Sept 2014

Colored Petri Net based Timing Analysis for UAS Application Software

Formal Analysis of Timing Effects on Closed-loop Properties of Cyber Physical Systems

Investigation of System Timing Concerns in Embedded Systems: Tool-based Analysis of AADL Models

Why Actors Rock: Designing a Distributed Database with libcppa

DISTRIBUTED REAL-TIME SYSTEMS

Deterministic Networking Lab

Compositional Schedulability Analysis of Hierarchical Real-Time Systems

Formal Modeling and Analysis of Stream Processing Systems

Automated Software Synthesis for Complex Robotic Systems

Optimal Implementation of Simulink Models on Multicore Architectures with Partitioned Fixed Priority Scheduling

CORBA in the Time-Triggered Architecture

Software verification for ubiquitous computing

Real-Time Mixed-Criticality Wormhole Networks

Probabilistic Worst-Case Response-Time Analysis for the Controller Area Network

Middleware for Embedded Adaptive Dependability (MEAD)

Methods and Tools for Embedded Distributed System Timing and Safety Analysis. Steve Vestal Honeywell Labs

REDUCING CERTIFICATION GRANULARITY TO INCREASE ADAPTABILITY OF AVIONICS SOFTWARE

Joint Entity Resolution

Algorithm and Library Software Design Challenges for Tera, Peta, and Future Exascale Computing

Applying CORBA to embedded time-triggered real-time systems. S. Aslam-Mir (Sam) Principal CORBA Architect Vertel USA

Multi-Epoch Scheduling Within the Real-Time Execution Performance Agent Framework

PTIDES: A Discrete-Event-Based Programming Model for Distributed Embedded Systems

Design and Analysis of Time-Critical Systems Introduction

Introduction to Embedded Systems

PROBABILISTIC SCHEDULING MICHAEL ROITZSCH

Towards a European Strategy for Cyber Physical Systems

Towards a Runtime Verification Framework for the Ada Programming Language

State of Practice. Automatic Verification of Embedded Control Software with ASTRÉE and beyond

OVERHEADS ENHANCEMENT IN MUTIPLE PROCESSING SYSTEMS BY ANURAG REDDY GANKAT KARTHIK REDDY AKKATI

Using Hybrid Automata for Early Spacecraft Design Evaluation

Local-Deadline Assignment for Distributed Real-Time Systems

Modeling and Analysis of Distributed Control Networks

Towards Transactional Memory for Safety-Critical Embedded Systems

Energy-aware Scheduling for Frame-based Tasks on Heterogeneous Multiprocessor Platforms

Time-Triggered Ethernet

Designing a Compositional Real-Time Operating System. Christoph Kirsch Universität Salzburg

RT#Xen:(Real#Time( Virtualiza2on(for(the(Cloud( Chenyang(Lu( Cyber-Physical(Systems(Laboratory( Department(of(Computer(Science(and(Engineering(

Heckaton. SQL Server's Memory Optimized OLTP Engine

On the Homogeneous Multiprocessor Virtual Machine Partitioning Problem

Verified Switched Control System Design using Real- Time Hybrid Systems Reachability

The Embedded Systems Design Challenge. EPFL Verimag

Safety-critical embedded systems, fault-tolerant control systems, fault detection, fault localization and isolation

Distributed IMA with TTEthernet

Multi-Mode Virtualization for Soft Real-Time Systems

Introduction to Real-time Systems. Advanced Operating Systems (M) Lecture 2

Functionality assignment to partitioned multi-core architectures

Static Analysis by A. I. of Embedded Critical Software

AUTOBEST: A microkernel-based system (not only) for automotive applications. Marc Bommert, Alexander Züpke, Robert Kaiser.

Stateful Real-Time Communication Schedules

CONTENTION IN MULTICORE HARDWARE SHARED RESOURCES: UNDERSTANDING OF THE STATE OF THE ART

IBM ^ iseries Logical Partition Isolation and Integrity

Distributed Systems Fault Tolerance

Alexandre Esper, Geoffrey Nelissen, Vincent Nélis, Eduardo Tovar

Automatic Selection of Feasibility Tests With the Use of AADL Design Patterns

Compositionality in system design: interfaces everywhere! UC Berkeley

Partitioned Model for Space Applications (IMA 4 space)

Giotto Domain. 5.1 Introduction. 5.2 Using Giotto. Edward Lee Christoph Kirsch

Systems. Roland Kammerer. 10. November Institute of Computer Engineering Vienna University of Technology. Communication Protocols for Embedded

Fault tolerant scheduling in real time systems

Real-time HOOD. Analysis and Design of Embedded Systems and OO* Object-oriented Programming Jan Bendtsen Automation and Control

A Data-Centric Approach for Modular Assurance Abstract. Keywords: 1 Introduction

CS4514 Real-Time Systems and Modeling

Module 10 MULTIMEDIA SYNCHRONIZATION

MC2: Multicore and Cache Analysis via Deterministic and Probabilistic Jitter Bounding

System-level co-modeling AADL and Simulink specifications using Polychrony (and Syndex)

Distributed Systems (ICE 601) Fault Tolerance

Transcription:

S5 Symposium June 12, 2012 A Multi-Modal Composability Framework for Cyber-Physical Systems Linh Thi Xuan Phan Insup Lee PRECISE Center University of Pennsylvania

Avionics, Automotive Medical Devices Cyber-physical systems are everywhere Our daily lives depend on them! Industrial Automation 2 Power plant

Characteristic: Timing critical If unstable, UAV must go to recovery mode and perform the recovery tasks within a deadline UAV may crash if a recovery task misses deadline! 3

Goal Provide timing and performance guarantees for cyber-physical systems an old problem, but many new challenges Increasing adaptivity Increasing complexity 4

Challenge #1: Adaptivity UAV Systems run in multiple modes of operation Mode transitions triggered by system failure or environment changes 5 a task active in this mode

Problem with mode transitions Autopilot Control modified Recovery A B unstable A D C D B B C inactive active Need to execute unfinished jobs of the old mode Potential overload and deadline misses immediately after changing mode, even if each mode works correctly in isolation How to guarantee timing during mode changes? 6

Percent of functionality provided by software Challenge #2: Complexity 90 80 70 60 50 40 30 20 10 Source: NASA Study on Flight Software Complexity 0 1960 (F-4) 1964 (A-7) 1970 (F-111) 1975 (F-15) 1982 (F-16) 1990 (B-2) 2000 (F-22) Year of production Increasing number of software components Increasing resource sharing, due to SWaP constraints Problem: State space explosion 7

Approach: Compositional analysis Idea: Analyze compositionally via component abstraction and interface composition Interface exposes only as much information as is required Analysis must capture mode change behaviors Traditional focus: functional and behavioral aspects e.g., AADL interfaces Need abstraction of timing and resource aspects CPS components manage their own resources Use Multi-modal resource-aware interfaces 8

Outline Motivation Framework overview Modeling multi-modal components Compositional analysis process Abstracting components into interfaces Composing interfaces Results 9

Modeling an adaptive component Mode: a set of tasks + scheduling policy Task parameters: WCET, deadline, arrival function of input data Transition: triggered by a timing constraint or an event Mode change protocol 10

Mode change protocol Autopilot Flight modified Recovery A B unstable A D C D B C inactive active Formally defines what exactly happens during a mode transition Example: A is not affected, C is released immediately, unfinished jobs of D are discarded 11

ARINC 653: Compositional analysis Core module hardware Partition level schedule Partition 1 Partition 2... Partition n Process level schedules P 11,,P 1m1 P 21,,P 2m2 P n1,,p nmn Partition Modes: Mode changes: COLD_START/WARM_START: Only the initialization process is executed NORMAL: All processes except the initialization process are executed IDLE: No process is executed Triggered by either a partition process or an external event 12

ARINC 653: Compositional analysis Core module hardware Partition level schedule Partition 1 Partition 2... Partition n Partition 1 Interface Partition 2 Interface Partition n Interface P 11,,P 1m1 P 21,,P 2m2 P n1,,p nmn captures the resources required to guarantee correct timing behaviors of the partition s processes 13

ARINC 653: Compositional analysis Core module hardware Partition level schedule Partition 1 Partition 1 Interface Partition 2 Subsystem Interface Partition 2 Interface... Partition n Partition n Interface P 11,,P 1m1 P 21,,P 2m2 P n1,,p nmn Subsystem s interface: captures the resources required to guarantee correct timing behaviors of its partitions 14

Outline Motivation Framework overview Modeling multi-modal components Compositional analysis overview Abstracting components into interfaces Composing interfaces Results 15

resource demand Single mode: Use service function Service function: minimum number of resource units must be provided to the mode over any time interval of length t to guarantee schedulability of all tasks Computed by combining demands of all tasks A β EDF B A: deadline = 4, WCET = 1 Interface of the mode time 0 4 8 12 16 worst-case arrival pattern of A # resource units 16 β: min service required 0 1 2 3 4 5 6 7 8 9 10 time interval length Mode Task B Task A t

Multiple modes: A single transition B A C D Mode 1 mode change condition B A β β 1 2 C D abstract Mode 1 Mode 2 Mode 2 Demands vary significantly across modes Demand of each task T i at mode m: #1: Need to capture mode-dependent demands Tasks may not finish when mode change occurs unfinished tasks [ ] wcet i new tasks mode Mode 1 Mode 2 change deadline 17 #2: Need to account for carried-over demands of unfinished tasks No buffer overflow No deadline miss during initial duration after moving to mode m All new tasks meet deadlines

Multiple modes: An automaton Component may change modes one after another #3: Need to capture cascading mode changes Component C Explore each transition of a reachable mode Intermediate interface β 1 β 3 β 2 iterate Fixed point computation Termination: always guaranteed converged Interface of C 18

Multiple multi-mode components Interface needs to expose synchronization events detect incompatible communication avoid overestimating total demands of the composition a B a b Component 1 Component 2 Composition of interfaces Compute the product of interfaces Combine service functions of a composed mode Interface refinements 19

Outline Motivation Framework overview Modeling multi-modal components Compositional analysis overview Abstracting components into interfaces Composing interfaces Results 20

Results Accuracy: No deadline misses during mode transitions Unimodal analysis can underestimate resource requirements! 21

Results Accuracy: No deadline misses during mode transitions End-to-end Delay (ms) Need 700MHz Need 900 MHz Multimode Unimode Design Requirement: Delay 13ms 600 700 800 900 Processor Frequency (MHz) Efficiency: Analysis is more precise Same guarantees with fewer resources 22

Open challenges Interfaces for multicore, distributed settings Moving theory to practice Implementation issues: reduce overheads (e.g., context switches) Connecting with functional interfaces (e.g.,aadl) Composability for safety certification Apply multi-mode modeling to capture mixed-criticality systems with different certification levels Integrate mode switches with fault-tolerant techniques Combine compositional analysis with assurance cases 23

Summary Problem: Systems are becoming complex and adaptive Existing techniques are not sufficient Focus primarily on composability of functional aspects Do not consider mode change behavior (hence, can be unsafe) Approach: Compositional analysis based on multi-modal resource-aware interfaces Benefits Accurate and scalable analysis Analysis results can be used to optimize resource needs Support incremental component-based development 24

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback