Pattern-Based Analysis of an Embedded Real-Time System Architecture

Similar documents
Investigation of System Timing Concerns in Embedded Systems: Tool-based Analysis of AADL Models

Model-Based Embedded System Engineering & Analysis of Performance-Critical Systems

Impact of Runtime Architectures on Control System Stability

The SAE Architecture Analysis and Description Language (AADL) Standard: A Basis for Architecture- Driven Embedded Systems Engineering

Model-based Architectural Verification & Validation

Flow Latency Analysis with the Architecture Analysis and Design Language (AADL)

Modeling the Implementation of Stated-Based System Architectures

CSSE 490 Model-Based Software Engineering: Architecture Description Languages (ADL)

Distributed IMA with TTEthernet

Architecture Description Languages. Peter H. Feiler 1, Bruce Lewis 2, Steve Vestal 3 and Ed Colbert 4

Mixed Critical Architecture Requirements (MCAR)

The SAE AADL Standard - An Architecture Analysis & Design Language for Embedded Real-Time Systems

xuml, AADL and Beyond

Methods and Tools for Embedded Distributed System Timing and Safety Analysis. Steve Vestal Honeywell Labs

Schedulability Analysis of AADL Models

Overall Structure of RT Systems

Error Model Annex Revision

Real-Time Component Software. slide credits: H. Kopetz, P. Puschner

Data Model Considerations for Radar Systems

SAE AADL Error Model Annex: Discussion Items

An Information Model for High-Integrity Real Time Systems

ARINC653 annex: examples

Platform modeling and allocation

A Multi-Modal Composability Framework for Cyber-Physical Systems

Time-Triggered Ethernet

Analytical Architecture Fault Models

An Encapsulated Communication System for Integrated Architectures

OSATE Analysis Support

SAE AS5643 and IEEE1394 Deliver Flexible Deterministic Solution for Aerospace and Defense Applications

European Component Oriented Architecture (ECOA ) Collaboration Programme: Architecture Specification Part 2: Definitions

Analysis and Design Language (AADL) for Quantitative System Reliability and Availability Modeling

Evaluation of numerical bus systems used in rocket engine test facilities

Communication Networks for the Next-Generation Vehicles

Model-Based Engineering with AADL: An Overview

Complexity-Reducing Design Patterns for Cyber-Physical Systems. DARPA META Project. AADL Standards Meeting January 2011 Steven P.

Embedded Systems. 6. Real-Time Operating Systems

Introduction to Real-time Systems. Advanced Operating Systems (M) Lecture 2

Precedence Graphs Revisited (Again)

Green Hills Software, Inc.

From MDD back to basic: Building DRE systems

Communication in Avionics

Efficient Embedded Runtime Systems through Port Communication Optimization

Introduction to AADL analysis and modeling with FACE Units of Conformance

System-level co-modeling AADL and Simulink specifications using Polychrony (and Syndex)

Evolving the CORBA standard to support new distributed real-time and embedded systems

Model-Based Development of Embedded Real-Time Systems

Tools for Formally Reasoning about Systems. June Prepared by Lucas Wagner

Real-Time Systems 1. Basic Concepts

Syllabus Instructors:

Traditional Approaches to Modeling

1. INTRODUCTION. four years and by 2014 the cost of 27M SLOC of software is estimated to exceed $10B (see Figure 1).

ARINC653 toolset: Ocarina, Cheddar and POK

ARINC653 AADL Annex. Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Julien Delange 07/08/2013

Systems. Roland Kammerer. 10. November Institute of Computer Engineering Vienna University of Technology. Communication Protocols for Embedded

Chapter 39: Concepts of Time-Triggered Communication. Wenbo Qiao

PTIDES: A Discrete-Event-Based Programming Model for Distributed Embedded Systems

A Data-Centric Approach for Modular Assurance Abstract. Keywords: 1 Introduction

Ensuring Schedulability of Spacecraft Flight Software

Architecture Modeling and Analysis for Embedded Systems

Executable AADL. Real Time Simulation of AADL Models. Pierre Dissaux 1, Olivier Marc 2.

Time Triggered and Event Triggered; Off-line Scheduling

Next-Generation Distributed Satellite Bus Information Systems

Diagnosis in the Time-Triggered Architecture

Exam Review TexPoint fonts used in EMF.

Programming Languages for Real-Time Systems. LS 12, TU Dortmund

02 - Distributed Systems

02 - Distributed Systems

Data Acquisition in High Speed Ethernet & Fibre Channel Avionics Systems

Time Handling in Programming Language

SE300 SWE Practices. Lecture 10 Introduction to Event- Driven Architectures. Tuesday, March 17, Sam Siewert

Networked Control Systems for Manufacturing: Parameterization, Differentiation, Evaluation, and Application. Ling Wang

Static Analysis of Embedded Systems

MATLAB Expo Simulation Based Automotive Communication Design using MATLAB- SimEvent. Sudhakaran M Anand H General Motors

DTU IMM. MSc Thesis. Analysis and Optimization of TTEthernet-based Safety Critical Embedded Systems. Radoslav Hristov Todorov s080990

Test and Evaluation of Autonomous Systems in a Model Based Engineering Context

6/20/2018 CS5386 SOFTWARE DESIGN & ARCHITECTURE LECTURE 5: ARCHITECTURAL VIEWS C&C STYLES. Outline for Today. Architecture views C&C Views

CHAPTER 8. Digital Data Bus Acquisition Formatting Standard

Multiple Views and Relationships for Quality Driven Architecture with AADL: A Multimodel for Software Product Lines

Automotive Challenges Addressed by Standard and Non-Standard Based IP D&R April 2018 Meredith Lucky VP of Sales, CAST, Inc.

Automatic Selection of Feasibility Tests With the Use of AADL Design Patterns

An Introduction to TTEthernet

Realizing Automated Driving Systems using Ethernet TSN and Adaptive AUTOSAR

DISTRIBUTED REAL-TIME SYSTEMS

Applying CORBA to embedded time-triggered real-time systems. S. Aslam-Mir (Sam) Principal CORBA Architect Vertel USA

What are Embedded Systems? Lecture 1 Introduction to Embedded Systems & Software

POK. An ARINC653-compliant operating system released under the BSD licence. Julien Delange, European Space Agency

Deterministic Ethernet & Unified Networking

Communications Infrastructure for Fractionated Spacecraft

Deterministic Ethernet as Reliable Communication Infrastructure for Distributed Dependable Systems

MULTIPLEXER / DEMULTIPLEXER IMPLEMENTATION USING A CCSDS FORMAT

Developing Dependable Software-Intensive Systems: AADL vs. EAST-ADL

CORBA in the Time-Triggered Architecture

Multithreaded Processors. Department of Electrical Engineering Stanford University

Sensor Network Applications and In-Network Processing

Wireless Sensor Networks. Application Domains. Crosslayer Protocol Design in Sensor Networks. Technology Thrusts. Wireless Sensor Networks

Flight Systems are Cyber-Physical Systems

Software Architecture. Lecture 4

ESA ADCSS Deterministic Ethernet in Space Avionics

Copyright 2018 Adventium Labs. 1

Multi-Band (Ku, C, Wideband - Satcom, Narrowband Satcom) Telemetry Test System for UAV Application

Transcription:

Pattern-Based Analysis of an Embedded Real-Time System Architecture Peter Feiler Software Engineering Institute phf@sei.cmu.edu 412-268-7790 Outline Introduction to SAE AADL Standard The case study Towards preemptive scheduling Partition scheduling End-to-end flows System redundancy 2

SAE Architecture Analysis & Design Language Notation for specification of task and communication architectures of Real-time, Embedded, Fault-tolerant, Secure, Safety-critical, Software-intensive systems Fields of application: Avionics, Automotive, Aerospace, Autonomous systems, Based on 15 Years of DARPA funded technologies Standard approved by SAE in Sept 2004 3 AADL-Based System Engineering System Analysis Schedulability Performance Reliability Fault Tolerance Dynamic Configurability Model the Architecture Abstract, but Precise Automatic Target Recognition Guidance & Control Supply Chain Mechanized Composable Components Sensor Ambulatory & Signal Application Software Information Fusion Software System Engineer System Integration Runtime System Generation Application Composition System Configuration Execution Platform Predictive System Engineering Reduced Development & Operational Cost GPS DB HTTPS Ada Runtime.......... Devices Memory Bus Processor 4

Outline Introduction to SAE AADL Standard The case study Towards preemptive scheduling Partition scheduling End-to-end flows System redundancy 5 AADL-Based Pattern Analysis SAE AADL employs Components with precisely defined execution semantics Explicit component interactions Separation of concerns Pattern-based architecture analysis approach Uses design patterns in analysis Identifies systemic problems early Enables the right choices with confidence Provides analysis-based decisions 6

Avionics Systems Embedded avionics system designs are evolving to From federated to integrated systems From static timelines to predictable preemptive scheduling Deterministic signal stream processing Efficient execution and footprint Fault tolerance & reconfiguration Towards extensible system architectures There are distinct perspectives in the design control and domain engineers application software engineers system software engineers 7 Avionics Subsystem Architecture Display Observation: No direct connection between flight director and page content manager Warning Annunciation Page Content Flight Flight Director Situation Awareness Weapons Comm. Nav Radio 1553 Access GPS 8

Outline Introduction to SAE AADL Standard The case study Towards preemptive scheduling Partition scheduling End-to-end flows System redundancy 9 From other Partitions A Cyclic Executive Implementation Switch clock mod Hyperperiod Case : call PIO call NSP call GP Case 2*: -- 10Hz call PIO call NSP call IN call GP Case 3*:... Case 4*: -- 5Hz 1 Periodic I/O 2 Navigation Sensor 3 10Hz Integrated Navigation Shared data area 4 Guidance 5 5Hz Flight Plan Cyclic callout implementation To other Partitions 6 2Hz Aircraft Performance Calculation 10

From other Partitions Interface to message-based communication A Naïve Thread-based Design Pr 2 Navigation Sensor Pr 1 Periodic I/O Pr 3 10Hz Integrated Navigation Fixed-priority threads Shared data area Pr 4 Guidance Pr 6 5Hz Flight Plan Priority assignment by developer To other Partitions Pr 9 2Hz Aircraft Performance Calculation Decreasing Priority 11 Design Decisions Taken Shared variable communication within partition Achieve efficient resource utilization Accommodate legacy code Preemptive fixed-priority thread scheduling Used Schedulability analysis (RMA) to confirm schedulability Benefit of more flexible system and efficient resource usage Priority assignment for precedence ordering to achieve desired flow Needed because of shared data communication Results in potential priority inversion and non-deterministic communication 12

Flight in AADL From Partitions Nav signal data Navigation Sensor Nav sensor data Nav sensor data Integrated Navigation 10Hz Nav data Phase delay of Periodic I/O Guidance Guidance To Partitions 5Hz Flight Plan FP data Fuel Flow FP data Nav data 2Hz Aircraft Performance Calculation Performance data 13 SAE AADL & Control Supports mid-frame communication & single sample delay Shows application rates & desired phase delay explicitly Focus on what communication is desired, not how it is implemented Assures deterministic communication when desired Support efficient communication implementation Does not prescribe scheduling protocol Supports schedulability analysis Opens dialogue between control engineers and software system engineers regarding performance tradeoffs 14

Outline Introduction to SAE AADL Standard The case study Towards preemptive scheduling Partition scheduling End-to-end flows System redundancy 15 The Partition Concept Found in ARINC 653 Runtime protected address space A virtual processor scheduled on a static timeline Contained threads (ARINC processes) are scheduled within the bounds of a scheduled partition Different partitions can use different thread scheduling protocols Communication of queued and unqueued data Inter vs. intra partition communication 16

Partition Order Side Effects Partition communication via send/receive Partition A T1 T2 Partition B T3 T4 T1 T2 T3 T4 T1 T2 T3 T4 t 0 Partition A t 1 t 2 Partition B Partition A Partition B 17 Partitioned System Design in AADL Partition as a core AADL extension Focus on partition order isolation Delayed connections insensitive to partition order Delayed connections insensitive to partition concurrency Delayed connections contribute to latency Focus on latency Immediate connections reduce latency Immediate connections constrain partition order Immediate connection cycles Detectable by analysis Direct cycle: P A.T1 -> P B.T2 -> P A.T3 Pair-wise cyclic: P A.T1 -> P B.T2 & P B.T4 -> P A.T3 Focus on flexibility Acceptable variation in phase delay Document as property 18

Outline Introduction to SAE AADL Standard The case study Towards preemptive scheduling Partition scheduling End-to-end flows System redundancy 19 Connection Patterns Connection sequences Pipeline, flow Connection tree Analyzable in AADL Branching flow Different endpoint latencies Directed acyclic graph (DAG) Flow with merge points Phase delay difference of branches at merge point Effects of phase delay oscillation in non-deterministic case Cyclic connections Feedback control, action/observation Phase delay breaks cycle 20

Flow Specification in AADL pt1 System S1 flow path F1 flow path F2 pt2 pt3 Flow Specification flow path F1: pt1 -> pt2 flow path F2: pt1 -> pt3 pt1 System implementation S1.impl C1 flow path F5 Process P2 pt2 Connection C3 flow path F7 C5 pt3 Process P1 Flow Implementation flow path F1: pt1 -> C1 -> P2.F5 -> C3 -> P1.F7 -> C5 -> pt2 21 Flight Director Command Flow Cockpit Display Request for new page Display New page content Page Content Flight Flight Director 22

Data Stream Latency Analysis Flow specifications in AADL Properties on flows: expected & actual end-to-end latency Properties on ports: expected incoming & end latency End-to-end latency contributors Delayed connections result in sampling latency Immediate periodic & aperiodic sequences result in cumulative execution time latency Phase delay shift & oscillation Potential hazard Noticeable at flow merge points Variation interpreted as noisy signal to controller Latency calculation & jitter accumulation 23 Other Flow Characteristics Miss rate of data stream Accommodates incomplete sensor readings Allows for controlled deadline misses State vs. state delta communication Data reduction technique Implies requirement for guaranteed delivery Data accuracy Reading accuracy Computational error accumulation Message acknowledgment semantics In terms of flow steps 24

Outline Introduction to SAE AADL Standard The case study Towards preemptive scheduling Partition scheduling End-to-end flows System redundancy 25 System Redundancy DM DM DM DM WAM WAM WAM WAM PCM Typical chart PCM High High speed speed bus bus FM SA CM CM FD FD FM WM 1553 1553 SA CM WM 1553 1553 bus bus 26

Redundancy Specification Redundancy abstraction Co-location constraints on execution platform binding 2X SS1 1553 4X MFD DM1 WM WAM FM MFD DM2 SS2 SA 2X PCM 2X MFD DM3 CM FD Redundancy characteristics as properties MFD DM4 27 Primary/Backup Patterns Passive Backup CSS1 Primary SS1.1 SS1.2 CSS1 Backup SS1.1 SS1.2 Hot Standby CSS1 Primary SS1.1 SS1.2 CSS1 Backup SS1.1 SS1.2 Continuous State Exchange CSS1 SS1.1 State SS1.2 Voted Output SS1.1 CSS1 SS1.2 SS1.3 28

Primary Backup Synchronization External and internal mode control Errors reported as events Supports reasoning about Primary/Backup logic Primary WAM Init/restart Primary Primaryfail Backup Mode state Primaryok init Backu p WAM state Observer 29 Observations On System Redundancy Redundancy as an abstraction Multiple redundant instances Grouping of redundant instances Redundancy protocol selection Deployment constraints Redundancy mechanism as pattern An orthogonal architecture view Nominal & anomalous behavior Modeling of redundancy logic Understandable and analyzable 30

Final Observations We demonstrated a pattern-based analysis approach Use of SAE AADL as notation for capturing architecture patterns in actual systems Early identification of systemic issues thanks to precise execution semantics of SAE AADL Full scale architecture modeling and analysis provides prediction and validation of non-functional properties 31

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback