A Modeling Framework for Schedulability Analysis of Distributed Avionics Systems. Pujie Han MARS/VPT Thessaloniki, 20 April 2018

Similar documents
A Modeling Framework for Schedulability Analysis of Distributed Avionics Systems

Distributed IMA with TTEthernet

Ensuring Schedulability of Spacecraft Flight Software

Investigation of System Timing Concerns in Embedded Systems: Tool-based Analysis of AADL Models

SCADE. SCADE Architect System Requirements Analysis EMBEDDED SOFTWARE

AUTOBEST: A United AUTOSAR-OS And ARINC 653 Kernel. Alexander Züpke, Marc Bommert, Daniel Lohmann

Statistical Model Checking in UPPAAL

A Multi-Modal Composability Framework for Cyber-Physical Systems

An Encapsulated Communication System for Integrated Architectures

Dr. Ing. Cornelia Zahlten. Prof. Dr. Jan Peleska. Concepts and Implementation. Hard Real-Time Test Tools

In this presentation,...

The Montana Toolset: OSATE Plugins for Analysis and Code Generation

Distributed Systems Programming (F21DS1) Formal Verification

Hierarchical Composition and Abstraction In Architecture Models

Process Algebraic Approach to the Schedulability Analysis and Workload Abstraction of Hierarchical Real-Time Systems

Timing Analysis of Distributed End-to-End Task Graphs with Model-Checking

Impact of Runtime Architectures on Control System Stability

Schedulability Analysis of AADL Models

Computing and Communications Infrastructure for Network-Centric Warfare: Exploiting COTS, Assuring Performance

CONTENTION IN MULTICORE HARDWARE SHARED RESOURCES: UNDERSTANDING OF THE STATE OF THE ART

Research on Model-based IMA Resources Allocation Xiao Zhang1, a, Lisong Wang2, b

Methods and Tools for Embedded Distributed System Timing and Safety Analysis. Steve Vestal Honeywell Labs

Statistical Model Checking in UPPAAL

Compositional Schedulability Analysis of Hierarchical Real-Time Systems

Lecture 2. Decidability and Verification

Towards Compositional Testing of Real-Time Systems

A Real-Time Component Framework: Experience with CCM and ARINC-653

A Component Model and Software Architecture for CPS

MURPHY S COMPUTER LAWS

Scheduling Algorithm and Analysis

Model-based Analysis of Event-driven Distributed Real-time Embedded Systems

2. Introduction to Software for Embedded Systems

System Design and Methodology/ Embedded Systems Design (Modeling and Design of Embedded Systems)

Real-Time Component Software. slide credits: H. Kopetz, P. Puschner

Editor. Analyser XML. Scheduler. generator. Code Generator Code. Scheduler. Analyser. Simulator. Controller Synthesizer.

Modeling and Verification of Networkon-Chip using Constrained-DEVS

Process-Algebraic Interpretation of AADL Models

An Introduction to UPPAAL. Purandar Bhaduri Dept. of CSE IIT Guwahati

Resource-bound process algebras for Schedulability and Performance Analysis of Real-Time and Embedded Systems

Partitioned Model for Space Applications (IMA 4 space)

State-Based Mode Switching with Applications to Mixed-Criticality Systems

Model Checking with Automata An Overview

TIMES A Tool for Modelling and Implementation of Embedded Systems

Green Hills Software, Inc.

Impact of End System Scheduling Policies on AFDX Performance in Avionic On-Board Data Network

Modelling and verification of cyber-physical system

Modeling and Analysis of Real -Time Systems with Mutex Components

RT#Xen:(Real#Time( Virtualiza2on(for(the(Cloud( Chenyang(Lu( Cyber-Physical(Systems(Laboratory( Department(of(Computer(Science(and(Engineering(

Concurrent activities in daily life. Real world exposed programs. Scheduling of programs. Tasks in engine system. Engine system

A Synchronous IPC Protocol for Predictable Access to Shared Resources in Mixed-Criticality Systems

Introduction to Real-time Systems. Advanced Operating Systems (M) Lecture 2

Overview of Potential Software solutions making multi-core processors predictable for Avionics real-time applications

Xuandong Li. BACH: Path-oriented Reachability Checker of Linear Hybrid Automata

Overview of Timed Automata and UPPAAL

Verification in Continuous Time Recent Advances

Applications of Program analysis in Model-Based Design

Reference Model and Scheduling Policies for Real-Time Systems

A Server-based Approach for Predictable GPU Access Control

Real-time HOOD. Analysis and Design of Embedded Systems and OO* Object-oriented Programming Jan Bendtsen Automation and Control

Deterministic Ethernet & Unified Networking

Pattern-Based Analysis of an Embedded Real-Time System Architecture

MODEL CHECKING FOR PLANNING RESOURCE-SHARING PRODUCTION

Architecture Modeling and Analysis for Embedded Systems

By: Chaitanya Settaluri Devendra Kalia

Design and Analysis of Real-Time Systems Predictability and Predictable Microarchitectures

Fault-Adaptivity in Hard Real-Time Component-Based Software Systems

Safety-critical embedded systems, fault-tolerant control systems, fault detection, fault localization and isolation

Exam Review TexPoint fonts used in EMF.

CORBA in the Time-Triggered Architecture

Embedded Software Programming

Analyzing Real-Time Systems

Testing Operating Systems with RT-Tester

Module 1. Introduction:

(b) External fragmentation can happen in a virtual memory paging system.

Event-based Formalization of Safety-critical Operating System Standards: An Experience Report on ARINC 653 using Event-B

Specifications and Modeling

Towards a Sensor Network Architecture: Issues and Challenges. Muneeb Ali LUMS, Pakistan SICS, Sweden

System-level co-modeling AADL and Simulink specifications using Polychrony (and Syndex)

MANY real-time applications need to store some data

Subsystem Hazard Analysis (SSHA)

Embedded Systems. 6. Real-Time Operating Systems

First GENESYS Architectures Implemented in the INDEXYS Project

Model-based Architectural Verification & Validation

SCAlable & ReconfigurabLe Electronics platforms and Tools SCARLETT

DESIGN AND IMPLEMENTATION OF AN AVIONICS FULL DUPLEX ETHERNET (A664) DATA ACQUISITION SYSTEM

Mixed Criticality Scheduling in Time-Triggered Legacy Systems

A discrete-event simulator for early validation of avionics systems

Single Core Equivalence Framework (SCE) For Certifiable Multicore Avionics

AirTight: A Resilient Wireless Communication Protocol for Mixed- Criticality Systems

Schedulability and Memory Interference Analysis of Multicore Preemptive Real-time Systems

Overview of Scheduling a Mix of Periodic and Aperiodic Tasks

Automatic Selection of Feasibility Tests With the Use of AADL Design Patterns

Improved BDD-based Discrete Analysis of Timed Systems

Simulation of AADL models with software-in-the-loop execution

Real Time Software PROBLEM SETTING. Real Time Systems. Real Time Systems. Who is Who in Timed Systems. Real Time Systems

A Data-Centric Approach for Modular Assurance Abstract. Keywords: 1 Introduction

these developments has been in the field of formal methods. Such methods, typically given by a

Implementing Scheduling Algorithms. Real-Time and Embedded Systems (M) Lecture 9

RT- Xen: Real- Time Virtualiza2on from embedded to cloud compu2ng

Embedded Software Engineering

Transcription:

A Modeling Framework for Schedulability Analysis of Distributed Avionics Systems Pujie Han MARS/VPT Thessaloniki, 20 April 2018

Index Background Approach Modeling Case study

Index Background Approach Modeling Case study

Background Integrated Modular Avionics Integrated Modular Avionics (IMA) One function = Software downloaded to the modules Generic integrated processing modules ARINC-653 partitioning mechanism A unified high-bandwidth network Core Processor Module High-bandwidth data bus Source: ASAAC part I 1

Background Distributed Integrated Modular Avionics Distributed Integrated Modular Avionics (DIMA) Features [Wang 13 doi:10.1109/dasc.2013.6712647] IMA but distributed intelligence I/O close to actuators and sensors Computation close to actuators and sensors COTS computers and I/O units as Modules Separation into integration areas More complex schedulability analysis IMA Modules RDC AFDX Switches AFDX Link Link to Peripherals 2

Background Classic Schedulability Analysis of IMA Systems Analytical Methods Resource Model Task Model Supply Demand Response Time Analysis Schedulability Expressiveness of analytical model Limited to simplified system behavior Only real-time computation constraints Conservative assumptions Too many "pessimistic" worst case assumptions in modeling phase and response time analysis Waste of computation and communication resources Timing Anomalies: local worst-case global worst-case. 3

Background Schedulability Analysis of IMA by Model Checking Related Work by Model Checking Reachability Analyses of Formal Models Nonschedulability conditions encoded into Error states Advanced Petri Nets, Linear Hybrid Automata (LHA), Timed Automata (TA), Stopwatch Automata (SWA) Expressive to express more complex behavior State space explosion Compositional Analyses Exploit the nature of temporal isolation of partitions Reduce the complexity of reachability analyses. 4

Background Schedulability Analysis of IMA by Model Checking Formal Models in Related Work Advanced Petri Nets Coloured Petri Nets,Scheduling Time Petri Nets (Scheduling-TPNs),preemptive Time Petri Nets(pTPN) Linear Hybrid Automata, LHA Expressive, but its reachability is undecidable Timed Automata, TA Simplified LHA,the complexity of reachability is PSPACE-complete Stopwatch Automata, SWA TA + Stopwatches, effective in modeling preemption. 5

Background Limitation of Related Work Isolated computation and communication analysis System=Computer modules + Their underlying network Independent hierarchical scheduling systems Network delay in the worst case. Challenges Interactions between avionics computers are increasing Each subsystem can be distributed across the whole aircraft Network delay cannot be ignored in schedulability analysis All communications are integrated into a unified network. 6

Index Background Approach Modeling Case study

Approach A DIMA Core System We consider such a DIMA core system: ARINC-653 processing modules A unified AFDX network Two-level hierarchical scheduling Concrete task behavior Task synchronization Inter-partition communication via ARINC-653 ports 7

Approach Schedulability of DIMA systems Schedulability Properties Deadline of each real-time task Release Deadline Communication constraints 8

Approach Our Framework for Schedulability Analysis of DIMA The framework covers: Modeling in UPPAAL Stopwatch Automata ARINC-653 hierarchical scheduling Multiple real-time task types Resource sharing Inter-partition communications AFDX / FC-AE network Cover the major features of a DIMA core system SMC, a simulation-based approach, Global View avoid an exhaustive search of the state-space. Includes computation and communication. Alleviating the State Space Explosion Combination of classic and statistical model checking Verify different parts of the Compositional Method. system separately, conclude about the whole system. 9

Approach Main Procedure of the Schedulability Analysis Scheduling Configuration SMC Queries Hypothesis testing TCTL Queries Safety property 1 2 3 Yes UPPAAL UPPAAL Models SMC UPPAAL classic Yes Global Analysis Only with a Global / probability Compositional No No / May not Analysis 4 Refining Encoding system into UPPAAL SWA models Fast falsification by UPPAAL SMC Strict schedulability verification by UPPAAL classic MC Refinement of the system configuration. 10

Approach How to Perform schedulability Analysis in UPPAAL Schedulability testing in UPPAAL SMC Cannot guarantee schedulability but can quickly falsify non-schedulable schemes. Hypothesis testing: Pr[<= M](<> ErrorLocation) <= θ Schedulability Verification in Classic UPPAAL Guarantee schedulability but face state-space explosion. Safety property: A[] not ErrorLocation 11

Approach Global and Compositional Analysis Global Analysis Applied to the system with small size (Normally < 10 tasks) Partition1 Partition2 Partition3 Partition4 Partition5 End End System 1 End System 3 System 2 VL1 VL2 AFDX VL3 VL4 UPPAAL queries System Is satisfied 12

Approach Compositional Analysis Used for larger systems (Normally > 10 tasks) Check each partition including its environment individually Combine local results to derive the global property. How to decouple communication dependency from other partitions? Global and Compositional Analysis Core Module 1 Partitioned OS Partition 1 Tasks Port Partition 2 Tasks End System 1 Partition 3 Tasks End System 2 End System 3 Port Partition 4 Partition 5 Partitioned OS Port VL 1 VL 2 VL 3 AFDX Network Port Port Port Port Partitioned OS Core Module 2 Core Module 3 13

Approach Procedure for Compositional Analysis Assume-Guarantee Reasoning (MeTRiD Workshop) System Model 1 Decomposition 2 3 P 1 P 2 P n Abstraction Assumption Abstraction Assumption Abstraction Assumption Message Interfaces Model checking Model checking Model checking 4 φ 1 φ 2 φ Deduction φ n 14

Index Background Approach Modeling Case study

Modeling Overview of Modeling Framework Timed stopwatch automata in UPPAAL Scheduling layer PartitionScheduler TaskScheduler Task layer PeriodicTask SporadicTask Communication layer IPTx, IPRx VLinkTx, VLinkRx Scheduler 15

Modeling Scheduling Layer PartitionScheduler 16

Modeling Scheduling Layer TaskScheduler 17

Modeling Task Layer Task Types Periodic Task Periodic scheduling:t = Period Aperiodic Task Event-Triggered (ET): e in E: e Sporadic Task ET with a minimum separation: t Period e in E: e Timed Task Event & Time-out Triggered: e in E: e t = Period 18

Modeling Task Layer Abstract Task Instructions COMPUTE: Pure computation instruction LOCK: Attempts to acquire a mutual exclusion lock UNLOCK: Releases a lock and resume blocked tasks DELAY: Make a task suspended for a specified time SEND / RECEIVE: I/O among different partitions END: Accomplishment of the current job. 19

Modeling Task Layer Example: Instruction Branches 20

Modeling Communication Layer Example: VLTx Source: ARINC-664 part7 21

Modeling Communication Layer Example: VLTx 22

Index Background Approach Modeling Case study

Case study Object Avionics System Statistics of This Avionics System 3 Core Processing Modules 5 ARINC-653 Partitions 18 periodic tasks and 4 sporadic tasks 4 AFDX Virtual Links 2 Sampling Ports and 2 Queuing Ports M 1 P 1 P 2 ES 1 V 1 V2 M 2 P 3 P 5 M 3 P 4 ES 3 V 1 V 2 V 3 V 1 V 2 V 3 V 3 V 4 V 4 S 1 S 2 V 4 V 1 ES 2 23

Case study Workload Global analysis 22 task processes vs Compositional analysis 5 task processes Source: 2013 Carnevali, Pinzuti & Vicario, Compositional verification for hierarchical scheduling of real-time systems. 2009 Easwaran, Lee, Sokolsky & Vestal, A compositional scheduling framework for digital avionics systems 24

Case study Partition Schedule 5 Disjoint Partition Windows Partition Schedule and AFDX Configuration Major Time Frame To make a comparison, keep the temporal order of the schedule in [2013 Carnevali] and [2009 Easwaran]. M 1 P 1 P 2 M 2 P 3 P 5 M 3 P 4 AFDX Configuration 0 5 10 15 20 25 Time / ms 25

Case study Experiment Experiment Results The Experiment Results (Result), Execution Time (Time/sec.) and Memory Usage (Mem/MB) 26

Case study Experiment A Counter Example Msg2 violates the refresh period at 60000ms Network delay affects the validity of sampling messages 27

Case study Experiment Improved Partition Schedule M 1 P2 P 1 P 2 Major Time Frame P1 M 2 P 3 P 5 M 3 P 4 Experiment Results The Experiment Results (Result), Execution Time (Time/sec.) and Memory Usage (Mem/MB) 0 5 10 15 20 25 Time / ms 28

Conclusion This Framework: Modeling DIMA systems in UPPAAL Modeling and analysis in global view Combination of classic and statistical model checking Application of compositional method. Future Work: Optimization of scheduling configuration Health management. 29

谢谢聆听! Thanks for listening!

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback