Dr. Ing. Cornelia Zahlten. Prof. Dr. Jan Peleska. Concepts and Implementation. Hard Real-Time Test Tools

Similar documents
In this presentation,...

Testing Operating Systems with RT-Tester

Applied Formal Methods - From CSP to Executable Hybrid Specifications

Turn Indicator Model Overview

AUTOBEST: A United AUTOSAR-OS And ARINC 653 Kernel. Alexander Züpke, Marc Bommert, Daniel Lohmann

TOWARDS HARDWARE VERIFICATION

Real-Time Component Software. slide credits: H. Kopetz, P. Puschner

The AUTOSAR Timing Model --- Status and Challenges. Dr. Kai Richter Symtavision GmbH, Germany

CEC 450 Real-Time Systems

Module 12: I/O Systems

A Modeling Framework for Schedulability Analysis of Distributed Avionics Systems. Pujie Han MARS/VPT Thessaloniki, 20 April 2018

Model-Based Testing for the Second Generation of Integrated Modular Avionics

Embedded Software Engineering

Model-Based Testing for the Second Generation of Integrated Modular Avionics

Module 11: I/O Systems

Model-based testing in the automotive industry challenges and solutions

Module 12: I/O Systems

TDDD07 Real-time Systems Lecture 10: Wrapping up & Real-time operating systems

Real-Time Programming

SE300 SWE Practices. Lecture 10 Introduction to Event- Driven Architectures. Tuesday, March 17, Sam Siewert

Operating Systems (2INC0) 2018/19. Introduction (01) Dr. Tanir Ozcelebi. Courtesy of Prof. Dr. Johan Lukkien. System Architecture and Networking Group

System-level co-modeling AADL and Simulink specifications using Polychrony (and Syndex)

Operating Systems Overview. Chapter 2

Practical Model-based Testing With Papyrus and RT-Tester

COMPLEX EMBEDDED SYSTEMS

ADS2 Features & Functions A User s Perspective. Test & Integration Systems Products Software Solutions Service & Support

DESIGN AND IMPLEMENTATION OF AN AVIONICS FULL DUPLEX ETHERNET (A664) DATA ACQUISITION SYSTEM

The Embedded Systems Design Challenge. EPFL Verimag

A Predictable RTOS. Mantis Cheng Department of Computer Science University of Victoria

The Real Time Thing. What the hack is real time and what to do with it. 22C3 30. December Erwin Erkinger e.at

CSI3131 Final Exam Review

Chapter 13: I/O Systems

Input/Output Systems

Developing and Testing Networked Avionics Systems and Devices By Troy Troshynski, Avionics Interface Technologies

Multimedia Systems 2011/2012

Overall Structure of RT Systems

Applied Formal Methods - From CSP to Executable Hybrid Specifications

SCAlable & ReconfigurabLe Electronics platforms and Tools SCARLETT

Typical modules include interfaces to ARINC-429, ARINC-561, ARINC-629 and RS-422. Each module supports up to 8 Rx or 8Tx channels.

I/O Systems. Amir H. Payberah. Amirkabir University of Technology (Tehran Polytechnic)

Chapter 13: I/O Systems

Subsystem Hazard Analysis (SSHA)

HW/SW Design Space Exploration on the Production Cell Setup

Testing Distributed Systems

ECE 612: Embedded and Real-Time Systems

The control of I/O devices is a major concern for OS designers

Distributed IMA with TTEthernet

Chapter 13: I/O Systems

Chapter 13: I/O Systems. Chapter 13: I/O Systems. Objectives. I/O Hardware. A Typical PC Bus Structure. Device I/O Port Locations on PCs (partial)

Operating real equipments with fully simulated On Board Computer

Introduction to Computing and Systems Architecture

Embedded Software Programming

Input-Output (I/O) Input - Output. I/O Devices. I/O Devices. I/O Devices. I/O Devices. operating system must control all I/O devices.

SIR C R REDDY COLLEGE OF ENGINEERING

Today s topic: Real Time Programming with Ada

Testing. Lydie du Bousquet, Ioannis Parissis. TAROT Summer School July (TAROT 2009)

Simulation of AADL models with software-in-the-loop execution

Overview. Implementing Gigabit Routers with NetFPGA. Basic Architectural Components of an IP Router. Per-packet processing in an IP Router

I/O AND DEVICE HANDLING Operating Systems Design Euiseong Seo

Scuola Superiore Sant Anna. I/O subsystem. Giuseppe Lipari

ReconOS: An RTOS Supporting Hardware and Software Threads

I/O Devices. Nima Honarmand (Based on slides by Prof. Andrea Arpaci-Dusseau)

SWE 760 Lecture 1: Introduction to Analysis & Design of Real-Time Embedded Systems

Lecture 13 Input/Output (I/O) Systems (chapter 13)

Chapter 13: I/O Systems

Impact of Runtime Architectures on Control System Stability

Device-Functionality Progression

Chapter 12: I/O Systems. I/O Hardware

SPACE: SystemC Partitioning of Architectures for Co-design of real-time Embedded systems

OPERATING SYSTEMS CS3502 Spring Processor Scheduling. Chapter 5

Chapter 13: I/O Systems

Chapter 5 CPU scheduling

Administrative Stuff. We are now in week 11 No class on Thursday About one month to go. Spend your time wisely Make any major decisions w/ Client

What are Embedded Systems? Lecture 1 Introduction to Embedded Systems & Software

by I.-C. Lin, Dept. CS, NCTU. Textbook: Operating System Concepts 8ed CHAPTER 13: I/O SYSTEMS

L05 Programmable logic controller

EC EMBEDDED AND REAL TIME SYSTEMS

Implementation of the hardwired AFDX NIC

CSE 451: Operating Systems Winter I/O System. Gary Kimura

CEC 450 Real-Time Systems

Comp 204: Computer Systems and Their Implementation. Lecture 18: Devices

Developing deterministic networking technology for railway applications using TTEthernet software-based end systems

Abstract. Testing Parameters. Introduction. Hardware Platform. Native System

Model Based Development of Embedded Control Software

CSE 4/521 Introduction to Operating Systems. Lecture 24 I/O Systems (Overview, Application I/O Interface, Kernel I/O Subsystem) Summer 2018

Modeling and Simulation for Heterogeneous systems

COT 4600 Operating Systems Fall Dan C. Marinescu Office: HEC 439 B Office hours: Tu-Th 3:00-4:00 PM

Specifications Part 1

Today: I/O Systems. Architecture of I/O Systems

Programming Languages for Real-Time Systems. LS 12, TU Dortmund

Devices. Today. Comp 104: Operating Systems Concepts. Operating System An Abstract View 05/01/2017. Devices. Devices

An Programming Language with Fixed-Logical Execution Time Semantics for Real-time Embedded Systems

Lecture 15: I/O Devices & Drivers

I/O Systems. 04/16/2007 CSCI 315 Operating Systems Design 1

Chapter 2 Operating System Overview

Introduction to Parallel Performance Engineering

DSP/BIOS Kernel Scalable, Real-Time Kernel TM. for TMS320 DSPs. Product Bulletin

4. Hardware Platform: Real-Time Requirements

Reservation-Based Scheduling for IRQ Threads

Comparison of CAN Gateway Modules for Automotive and Industrial Control Applications

Transcription:

Hard Real-Time Test Tools Concepts and Implementation Prof. Dr. Jan Peleska Centre for Computing Technologies, University of Bremen, Germany Dr. Ing. Cornelia Zahlten Verified Systems International GmbH, Bremen, Germany 4th ICSTEST International Conference on Software Testing April 2-4, 2003, Cologne

In this presentation,...... we describe concepts and techniques for automated testing of hard real-time systems Test specification formalisms describing rules for automated Discrete and time-continuous test data generation Test evaluation ( test oracles ) Hardware and operating system support for testing in hard real-time

Background and Related Work Theoretical foundations of the modelling techniques used have been elaborated by T. A. Henzinger (Hybrid Automata) Authors research teams at TZI and Verified Systems (algorithms for automatic test data generation and test evaluation) Brinksma, Cardell-Oliver, Tretmans, Nielsen et. al. (alternative approaches to test automation) E. Bryant (ordered binary decision diagrams) Real-time concepts are based on / inspired by results of T. A. Henzinger (GIOTTO real-time programming language) H. Kopetz (Time-Triggered Architecture for real-time systems) Authors research teams at TZI and Verified Systems (Linux real-time kernel extensions, user thread scheduling, unified communication concept) ARINC 653 Standard for avionics operating system API

Background and Related Work All concepts described here have been implemented in Verified s test automation tool RT-Tester Applications are currently performed for SW integration testing HW/SW integration testing system testing of Aircraft controllers for the Airbus families: A318-SDF Smoke Detection Facility A318/A340-500/600 CIDS Cabin Communication System A380 IMA Modules controllers with Integrated Modular Avionics architecture Train control and interlocking components (Siemens) RT-Tester automation tool has been qualified for testing specific A/C controllers according to RTCA DO-178B

Recall: Hard Real-Time Testing...... Investigates the behaviour of the system under test (SUT) with respect to correctness of Discrete data transformations Evolution of continuous observables over time speed, temperature, thrust, Sequencing of inputs and outputs Synchronisation Timing of SUT outputs with respect to deadlines earliest/latest points in time for expected outputs

A Glimpse at Theory: Test Specification Formalisms for Hard Real-Time Systems Question: How much expressive power is required for suitable hard real-time systems test specification formalisms? Answer from theoretical research (Hybrid Automata): Formalisms need to express facts about States and events Cooperating parallel system components Initial conditions invariants flow conditions Trigger conditions for state transitions Actions

Hybrid Automaton (one sequential component) State Variables Initial condition State invariant int n1,, nk; enum { red, green } z; float x1,, xm; x1 <= x2 and n1 = 0 x1 <= x2 + n2 dx1/dt = c and x2 < f(t) Jump condition Event Action [x1 > x2] e / x2 = x3 and x1 < x3 Flow condition x2 > x1 d x2/dt = -0,5 Transition Transition label Control Modes

Hybrid Automata Control Modes: Principal states describing the operational modes of the (sub-)system State Variables: discrete variables (int, enum, ) and continuous variables (float, complex, ) State Space = control modes + state variables Transitions: change between control modes Labels: transition specification Jump condition: must hold for variables Event: input signal which triggers transition if jump condition holds Action: list of output signals and predicate specifying how variables are changed when transition occurs may be deterministic (x = 5) or nondeterministic (x < y)

Hybrid Automata (continued) Control modes and variables may be changed when transitions take place Continuous variables change over time according to the flow condition specified for actual control mode System may stay in control mode as long as the associated state invariant holds System may take transition as soon as jump condition holds and (optional) input event occurs This concept allows to specify deadlines for system reactions via invariants and jump conditions

Hybrid Automata (continued) u = 0 C u < 5 [2 < u] / x = 7 du / dt = 1 After entering control mode C, system will leave this mode within time interval (deadline) [2,5) time units, setting x to 7.

Adapting Theory to Real-Time Testing Practice: A List of Problems For practical hard real-time testing, the following problems have to be solved: Interface abstraction: How should SUT interface data be abstracted in test specifications? How is SUT interface data mapped to abstract specification data and vice versa? Communication concept: How should parallel test system components interact with each other and with SUT?

Adapting Theory to Real-Time Testing Practice: A List of Problems Parallel execution: How can Stimulation of test-specific SUT reactions Simulation of environment components Checking of SUT reactions be performed in parallel and in real-time? Generation of input data: How should SUT input ports be stimulated in real-time, in order to Trigger specific SUT reactions (transitions) Establish invariant conditions in specific SUT states Establish flow conditions on continuous SUT inputs?

Adapting Theory to Real-Time Testing Practice: A List of Problems Checking of output data: How can we check SUT outputs against State transitions describing the expected SUT behaviour State invariants and Flow conditions which should be enforced by SUT - preferably on-the-fly?

Adapting Theory to RT-Testing Practice: Solutions Interface Abstraction Interface Modules are used as adapters between test specifications and SUT interfaces (SW or HW interfaces) Events and state variables are refined to the concrete SUT input interfaces and associated data SUT outputs are abstracted to the events and variable values used on test specification level.

Example: Interface Abstraction Concrete CAN message generated from abstract AM output Abstract output interface of AM AM 1 (identical to SWI test) AM 2 (identical to SWI test) output(can_smk_msg,lav_s,alarm) input(arc_label052,lav_s,alarm) IFM_CAN_HSI can_msg = csp2can( ); CAN Driver Layer can_send(can_msg); IFM_ARC_HSI arc2csp( arc_msg ); ARINC Driver Layer arc_msg = arc_recv(); CAN Message Identifier CAN Data Frame CAN Bus ARINC Bus 28 27 26 25 24... 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0 7 6 5 4 3 2 1 0 SUT can_recv() 0 1 0 1 0 0 Driver 0 0 Layer 0 0 0 1 0 1 arc_send( ) 1 0 0 0 0 0 0 1 0 Msg Type Fct Code Module ID LAV_S System Id Smk Detection System void smkctrl() { msg=getsmkmsg(); putarcmsg(msg); } Byte 1 Alarm

Adapting Theory to RT-Testing Practice: Solutions Communication concept On abstract level, all interfaces are identified as ports Sampling ports offer operations Read and keep current data value in port Write new value to port Used for communication of sensor/actuator data and state variables Queuing ports are FIFO buffers with operations Append to end of queue Read and delete first element of queue Read and keep first element of queue Used for communication of messages and events

Adapting Theory to RT-Testing Practice: Solutions Parallel execution: Parallel components are allocated as Abstract Machines on dedicated Light Weight Processes (LWPs) Light weight processes in multi-processor environments may use CPUs exclusively User thread scheduling of Abstract Machines on LWPs without participation of the operating system kernel Port communication mechanism is implemented by Communication Control Layer

RT-Tester Organisational Model for Testing A/C Controllers Test Engine AM 1 AM 2 AM 3... AM n AML CCL abstract port data IFM ARINC 429 IFM Serial IFM CAN IFM AFDX IFM DIGI-I/O IFML physical interface data System Under Test : A318-SDF, A318/A340 CIDS, A380 IMA Module

Solutions LWPs, Abstract Machines and Interface Modules RT-Tester Engine RT-Tester process all LWPs on reserved CPUs LWP 1 LWP 2 LWP 3 User Thread Scheduler Communication Control Layer Abstract Machine 11... User Thread Scheduler Communication Control Layer Abstract Machine 21... User Thread Scheduler Communication Control Layer Abstract Machine 31... Other Processes (soft real-time): Standard Linux Scheduling Visualisation Test management ftp, SNMP TCP/IP Abstract Machine 1k Abstract Machine 2m Abstract Machine 3n Interface Module 11... Interface Module 21 Interface Module 31...... CPU 1 CPU 2 CPU 3 CPU 4

Adapting Theory to RT-Testing Practice: Solutions Parallel execution (continued): Explicit mapping from I/O interrupts to CPUs High resolution real-time clock and timers Avoid PCI bus and memory bus bottlenecks by means of test engine cluster consisting of 2 or more PCs Communication between cluster nodes via highspeed message passing (DMA) over Myrinet link Accuracy better than 100microsec without using specialised hardware

Test Engine Cluster Configuration for A380 IMA Testing System Under Test special I/O DIGI - I/O I/O AFDX PCI bus PCI bus serial DIGI - I/O I/O DIGI - I/O I/O DIGI - I/O I/O VMIPCI VME-PCI RTT Cluster Node 1 parallel AFDX AFDX AFDX AFDX RTT Cluster Node 2 PCI bus CAN CAN CAN AFDX ARINC 429 RTT Cluster Node 3 VME bus Computer special interface VMIVME VME-PCI PCI VME Bridge (reflective memory) Myrinet MYRINET SWITCH CAN AFDX AFDX CAN Myrinet Myrinet IMA Component Module 1 IMA Component Module 2

Adapting Theory to RT-Testing Practice: Solutions Generation of input data example: Control of Fasten Seat Belts Signs switch FSB signs on (FSBsigns = true) within 500msec if Cockpit switch FSBswOn has been activated or Cabin pressure is low (CPC1on or CPC2on) and automatic FSB switching has been configured (CONF_FSB_CPC)for this situation Landing gears are down and locked (LDGdownLck) and automatic FSB switching has been configured (CONF_FSB_LDG)

Adapting Theory to RT-Testing Practice: Solutions Generation of input data example: Logical condition C for FSB SIGNS ON : C FSBswOn or (CONF_FSB_CPC and (CPC1on or CPC2on))or (CONF_FSB_LDG and LDGdownLck)

Example continued: specification of FSB controller FSBsigns = F not C [not C]/FSBsigns = F (not C)and u < 500 du/dt = 1 [C]/u = 0 [C]/u = 0 [not C]/u = 0 [not C]/u = 0 C and u < 500 du/dt = 1 [C]/FSBsigns = T C and FSBsigns

Example continued: Input Generation for Condition C Automatic generation with Ordered Binary Decision Diagrams (OBDD): Every path of OBDD defines combination of input values to make C true or false FSBswOn F CONF_FSB_CPC T CPC1on F T CPC2on F F T CONF_FSB_LDG T T LDGdownLck F F T C FALSE TRUE

Example continued: Input Generation for Condition C Test system simulates SUT transitions between control modes in parallel to SUT execution In each control mode, test system generates input data vector, so that Every possible transition will be taken Every possible data combination for making conditions true or false is generated from OBDD If too many combinations exist, heuristics are applied to generate relevant combinations users may specify such combinations to optimise data generation process

Conclusion Hybrid Automata have suitable expressive power for testing real-time systems with both discrete and time-continuous interfaces (sensors, actuators) For using Hybrid Automata in the context of testing, A hard real-time testing environment has been developed based on Port communication Network of cooperating Abstract Machines (AM) performing test control, simulation and checking and Interface Modules (IFM) for mapping data between AM and SUT interfaces Specialised user thread scheduling for AM and IFM on reserved CPUs hard real-time extension of Linux kernel Test engine cluster platform based on multi processor PC linked via Myrinet

Conclusion For using Hybrid Automata in the context of testing (continued), Test data generation algorithms have been developed based on Graph traversal in real-time for coverage of control modes User-specified selection of discrete input data to SUT or Automatic selection of input data based on binary decision diagrams Stepwise t-integration of flow conditions solutions of differential equation may be imported from Matlab or similar tools

Conclusion For using Hybrid Automata in the context of testing (continued), Algorithms for automatic evaluation of SUT responses ( Test Oracles ) have been developed based on Graph traversal algorithms for checking SUT outputs against expected transitions between control modes Pre-compiled correctness conditions for checking invariants and jump conditions Comparison of time-continuous SUT outputs on actuator interfaces against reference functions derived from flow conditions

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback