DOCSLIB.ORG

Formalizing Software Architectures for Embedded Systems

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Formalizing Software Architectures for Embedded Systems Formalizing Software Architectures for Embedded Systems Pam Binns and Steve Vestal This work has been brought to you by DARPA AFOSR AMCOM Outline Avionics Architecture Description Language (MetaH) Overview and motivation Structure and syntax Computation and communication Reliability and safety Implementing systems Research Activities Integrated partitioned time-and-event workloads Efficient low-latency distributed system scheduling Hybrid automata scheduling and analysis Integrated reliability and system safety Dynamic reconfiguration Integrated and Traceable Specification, Analysis, Implementation design feed-back formal modeling verification and analysis methods and tools discipline-specific design notations and editing and visualization tools implementation methods and tools implementation Increase assurance the implementation behaves the way the models say it will behave Improve quality of system design through more accurate and rapid design-time evaluation Decreased modeling, implementation, debugging and verification effort Integrated Modular Avionics System Integration Target Hardware Specifications MatLab Re-engineering of legacy software ControlH MetaH Software & Systems M MATRIXx Integration Toolset Traditional Development Other Complete Specialized Toolsets Executable System Meta-Tooling An Open Systems Solution • Compatible with existing standards (e.g. Ada, C/C++, POSIX) • Emerging SAE standard Avionics Architecture Description Language • first ballot scheduled 2003 • industry and government participation, e.g. Army Boeing Dassault NIST Rockwell/Collins Smiths Industries Navy Lockheed-Martin Honeywell Pratt/Whitney Raytheon Airbus • Potential UML-RT profile for safety-critical hard real-time MetaH Toolset Functions source modules AADL specifications graphical textual editor editor compliance syntax and checker semantics checker HW/SW binder middleware schedulability reliability partition configurer analyzer analyzer analyzer make linear hybrid automata load image formal verification AMCOM Effort Saved Using MetaH total project savings 50%, re-target savings 90% 8000 7000 6000 Man Hours 5000 4000 3000 Traditional 2000 Approach 1000 Using 0 MetaH Review 3-DOF Trans- Current 6-DOF RT- late Trans- Test MetaH 6DOF form RT- MetaH Current 6DOF Build Debug Missile Debug Re-target Development cost (NRE) is usually a small fraction of life cycle cost (LCC). Maximizing design quality is often more important than minimizing design effort. Outline Avionics Architecture Description Language (MetaH) Overview and motivation Structure and syntax Computation and communication Reliability and safety Implementing systems Research Activities Integrated partitioned time-and-event workloads Efficient low-latency distributed system scheduling Hybrid automata scheduling and analysis Integrated reliability and system safety Dynamic reconfiguration Specification Language is Hierarchical and Compositional A A Interface to B C objects of type A A.X B C D E F Leaf objects describe software Implementation X for and hardware components objects of type A (zero or more allowed) Software Descriptions and Composition Application Groupings of functional Mode subsystems and connections between Macro them Connections Process Package/Monitor Subprogram Port Type Port Variable Event Descriptions of source code Hardware Descriptions and Composition Application Groupings of functional System subsystems and connections between Connections them Descriptions of physical Device hardware objects Memory Processor Channel AADL will combine application, macro and system into a single more powerful system category with improved support for software/hardware co-design, virtual machine and layered system specification, etc. Outline Avionics Architecture Description Language (MetaH) Overview and motivation Structure and syntax Computation and communication Reliability and safety Implementing systems Research Activities Integrated partitioned time-and-event workloads Efficient low-latency distributed system scheduling Hybrid automata scheduling and analysis Integrated reliability and system safety Dynamic reconfiguration Computation and Communication process release time deadline execution time message in message out Process are repetitively dispatched periodic (time-triggered) aperiodic (event-triggered) Message input/output occurs at release times and deadlines Periodic workloads have deterministic functional dependency independent of execution and communication times (if schedulable) independent of software/hardware binding Shared objects are supported Messages Data is copied by an automatically configured executive – from an out port variable after sender completion – to an in port variable before the start of receiver execution Connections and transfers may – be undelayed (with implied execution order constraints) – have single sample delay There is a combined event-with-data connection User selection among real-time semaphore protocols for shared objects Events Have Continuous Signal Semantics Event signal rise time may be time different on different processors. rise times fall time Event signal fall time is identical and fault-tolerant on all processors. • default event duration is the period of the raising process • mode changes occur at the falling edge of the triggering event • events arriving at executing aperiodics may nudge, signal or interrupt • meaningful semantics for logical operations on events Dynamic Reconfiguration A mode is a configuration of active processes and connections. Process B Mode changes stop and start subsets Mode A of processes and change patterns of Process message and event connections. A Event connections create a hierarchical mode transition diagram. Process C Mode B Schedulability Analysis Given • process/processor and message/channel bindings • process periods, deadlines, criticalities • sequence of modules executed by a process • module nominal and worst-case compute times Compute • processor and channel schedulability • processor, channel, process, module utilizations • parametric compute time sensitivity analysis Outline Avionics Architecture Description Language (MetaH) Overview and motivation Structure and syntax Computation and communication Reliability and safety Implementing systems Research Activities Integrated partitioned time-and-event workloads Efficient low-latency distributed system scheduling Hybrid automata scheduling and analysis Integrated reliability and system safety Dynamic reconfiguration Stochastic Automata Fault Model error_free error_free permanent error propagation permanent fault synchronization fault failed propagate propagate failed processor processor Component error models are specified as stochastic automata Error propagation synchronizations can be determined from • architecture specification • voting protocol specifications For Poisson rates, Markov chain system model can be generated Fault-Tolerance and Safety Features A process may be time and space partitioned Safety/design assurance level may be specified for any component Hazardous run-time capabilities enabled on a per-process basis Executive consensus protocol is plug-replaceable Message data errors detected and reported (but not corrected) Process error handling semantics are defined Model generators output human-readable, structured models Reliability Analysis Given • possible fault types and error states • system architecture (potential propagation paths) • consensus/voting planes • operational versus failed system configurations • mission duration Compute • Pr(fail) Partition Isolation Analysis Given • time-and-space partitions in architecture • safety/assurance level (A..E) for each component Verifies • no error in a component with lower safety level can propagate to a component with higher safety level Outline Avionics Architecture Description Language (MetaH) Overview and motivation Structure and syntax Computation and communication Reliability and safety Implementing systems Research Activities Integrated partitioned time-and-event workloads Efficient low-latency distributed system scheduling Hybrid automata scheduling and analysis Integrated reliability and system safety Dynamic reconfiguration Code Integration/Generation Automatically configures an executive/middleware – Generates time-driven dispatcher for periodic processes and messages – Generates message passing code – Generates code to vector events for processes, messages, mode changes – Tailors an API to the services required by and authorized for each process Automatically performs compiles and links needed for each processor image Middleware Structure Application Application Application Application Application process process process process process Automatically generated MetaH executive components MetaH executive library components target-specific library components Run-time or RTOS Processor A Processor B One downloadable image file is generated for each processor. Outline Avionics Architecture Description Language (MetaH) Overview and motivation Structure and syntax Computation and communication Reliability and safety Implementing systems Research Activities Integrated partitioned time-and-event workloads Efficient low-latency distributed system scheduling Hybrid automata scheduling and analysis Integrated reliability and system safety Dynamic reconfiguration Complex Embedded Workload Issues and Goals Hard real-time scheduling theory limited to • repetitive weakly-interacting tasks • fixed bounds on arrival rates and compute times Event-driven models are more
Load more

Recommended publications
  • Strategic Use of the Internet and E-Commerce: Cisco Systems
    Journal of Strategic Information Systems 11 (2002) 5±29 www.elsevier.com/locate/jsis Strategic use of the Internet and e-commerce: Cisco Systems Kenneth L. Kraemer*, Jason Dedrick Graduate School of Management and Center for Research on Information Technology and Organizations, University of California, Irvine, 3200 Berkeley Place, Irvine, CA 92697-4650, USA Accepted 3October 2001 Abstract Information systems are strategic to the extent that they support a ®rm's business strategy. Cisco Systems has used the Internet and its own information systems to support its strategy in several ways: (1) to create a business ecology around its technology standards; (2) to coordinate a virtual organiza- tion that allows it to concentrate on product innovation while outsourcing other functions; (3) to showcase its own use of the Internet as a marketing tool. Cisco's strategy and execution enabled it to dominate key networking standards and sustain high growth rates throughout the 1990s. In late 2000, however, Cisco's market collapsed and the company was left with billions of dollars in unsold inventory, calling into question the ability of its information systems to help it anticipate and respond effectively to a decline in demand. q 2002 Elsevier Science B.V. All rights reserved. Keywords: Internet; e-commerce; Cisco Systems; Virtual Organization; Business Ecology 1. Introduction Information systems are strategic to the extent that they are used to support or enable different elements of a ®rm's business strategy (Porter and Millar, 1985). Cisco Systems, the world's largest networking equipment company, has used the Internet, electronic commerce (e-commerce), and information systems as part of its broad strategy of estab- lishing a dominant technology standard in the Internet era.
    [Show full text]
  • Networking Hardware: Absolute Beginner's Guide T Networking, 3Rd Edition Page 1 of 15
    Chapter 3: Networking Hardware: Absolute Beginner's Guide t Networking, 3rd Edition Page 1 of 15 Chapter 3: Networking Hardware In this chapter z Working with network interface cards z Selecting and installing a NIC z Using hubs z Working with PC motherboards z Understanding processors and PC RAM z Working with hard drives z Differentiating server and client hardware Our Age of Anxiety is, in great part, the result of trying to do today’s jobs with yesterday’s tools. –Marshall McLuhan Now that we’ve discussed the different kinds of networks and looked at network topologies, we should spend some time discussing the hardware involved in networking. This chapter will concentrate on the connectivity devices that define the network topology—the most important being the network interface card. We will also take a look at hubs, routers, and switches. Another important aspect of building your network is selecting the hardware for your client PCs and your network servers. There are many good primers on computer hardware—for example, the Absolute Beginner’s Guide to PC Upgrades, published by Que. Also, numerous advanced books, such as Upgrading and Repairing PCs (by Scott Mueller, also from Que), are available, so we won't cover PC hardware in depth in this chapter. We will take a look at motherboards, RAM, and hard drives because of the impact these components have on server performance. We will also explore some of the issues related to buying client and server hardware. Let's start our discussion with the network interface card. We can then look at network connectivity devices and finish up with some information on PC hardware.
    [Show full text]
  • Computer Networking in Nuclear Medicine
    CONTINUING EDUCATION Computer Networking In Nuclear Medicine Michael K. O'Connor Department of Radiology, The Mayo Clinic, Rochester, Minnesota to the possibility of not only connecting computer systems Objective: The purpose of this article is to provide a com­ from different vendors, but also connecting these systems to prehensive description of computer networks and how they a standard PC, Macintosh and other workstations in a de­ can improve the efficiency of a nuclear medicine department. partment (I). It should also be possible to utilize many other Methods: This paper discusses various types of networks, network resources such as printers and plotters with the defines specific network terminology and discusses the im­ nuclear medicine computer systems. This article reviews the plementation of a computer network in a nuclear medicine technology of computer networking and describes the ad­ department. vantages and disadvantages of such a network currently in Results: A computer network can serve as a vital component of a nuclear medicine department, reducing the time ex­ use at Mayo Clinic. pended on menial tasks while allowing retrieval and transfer­ WHAT IS A NETWORK? ral of information. Conclusions: A computer network can revolutionize a stan­ A network is a way of connecting several computers to­ dard nuclear medicine department. However, the complexity gether so that they all have access to files, programs, printers and size of an individual department will determine if net­ and other services (collectively called resources). In com­ working will be cost-effective. puter jargon, such a collection of computers all located Key Words: Computer network, LAN, WAN, Ethernet, within a few thousand feet of each other is called a local area ARCnet, Token-Ring.
    [Show full text]
  • An Extensible System-On-Chip Internet Firewall
    An Extensible System-On-Chip Internet Firewall ----- ----- ----- ----- ----- ----- ABSTRACT Internet Packets A single-chip, firewall has been implemented that performs packet filtering, content scanning, and per-flow queuing of Internet Fiber packets at Gigabit/second rates. All of the packet processing Ethernet Backbone Switch operations are performed using reconfigurable hardware within a Switch single Xilinx Virtex XCV2000E Field Programmable Gate Array (FPGA). The SOC firewall processes headers of Internet packets Firewall in hardware with layered protocol wrappers. The firewall filters packets using rules stored in Content Addressable Memories PC 1 (CAMs). The firewall scans payloads of packets for keywords PC 2 using a hardware-based regular expression matching circuit. Lastly, the SOC firewall integrates a per-flow queuing module to Internal Hosts Internet mitigate the effect of Denial of Service attacks. Additional features can be added to the firewall by dynamic reconfiguration of FPGA hardware. Figure 1: Internet Firewall Configuration network, individual subnets can be isolated from each other and Categories and Subject Descriptors be protected from other hosts on the Internet. I.5.3 [Pattern Recognition]: Design Methodology; B.4.1 [Data Communications]: Input/Output Devices; C.2.1 [Computer- Recently, new types of firewalls have been introduced with an Communication Networks]: Network Architecture and Design increasing set of features. While some types of attacks have been thwarted by dropping packets based on the value of packet headers, new types of firewalls must scan the bytes in the payload General Terms of the packets as well. Further, new types of firewalls need to Design, Experimentation, Network Security defend internal hosts from Denial of Service (DoS) attacks, which occur when remote machines flood traffic to a victim host at high Keywords rates [1].
    [Show full text]
  • Cisco Systems (A): Evolution to E-Business
    Case #1-0001 Cisco Systems (A): Evolution to E-Business "We view the Internet as a prototype of how organizations eventually will shape themselves in a truly global economy. It is a self ruling entity." —John Morgridge, Annual Report, 1993 Cisco Systems, says president and CEO John Chambers, is “an end-to-end networking company.” Its products and services enable the construction of corporate information superhighways, a driving concern of today’s CEOs, seeking to become “e-business” leaders in their industries. Defining “e-business” can prove more difficult than embracing it, however. In executive programs at the Tuck School, Professor Phil Anderson frequently asks participants, “How will you know when you have seen the first e-business within your industry?” Typically, there is little consensus. Is it mass customization? Streamlined production processes? One- to-one marketing? Cisco’s Internet Business Systems Group (IBSG), an internal consulting group, advises senior executives on information technology investment strategies. The group is closer to major corporate buying decisions than anyone at Cisco. As advocates for Cisco’s equipment, group members’ main struggle is identifying the benefits of becoming an e-business, which are wide, varied, and difficult to quantify. Additionally, the initial infrastructure investment is large enough to prompt many CEOs to wonder whether it’s really worthwhile to become an e-business. Trying to build a business case (calculate an ROI) for making a major IT investment can be an exercise in frustration. Says Sanjeev Agrawal, a director within the IBSG, “Can you show me the ROI of going to sixth grade? The amount of time it is going to take to try to go through the logic of that is not worth it.” The IBSG hopes that potential customers will look to Cisco as an example of how a company can make the most of information technology.
    [Show full text]
  • Ch05-Hardware.Pdf
    5 Networking Hardware In the last couple of years, an unprecedented surge in interest in wireless networking hardware has brought a huge variety of inexpensive equipment to the market. So much variety, in fact, that it would be impossible to catalog every available component. In this chapter, well look at the sort of features and attributes that are desirable in a wireless component, and see several examples of commercial and DIY gear that has worked well in the past. Wired wireless With a name like “wireless”, you may be surprised at how many wires are involved in making a simple point-to-point link. A wireless node consists of many components, which must all be connected to each other with appropri- ate cabling. You obviously need at least one computer connected to an Eth- ernet network, and a wireless router or bridge attached to the same network. Radio components need to be connected to antennas, but along the way they may need to interface with an amplifier, lightning arrestor, or other de- vice. Many components require power, either via an AC mains line or using a DC transformer. All of these components use various sorts of connectors, not to mention a wide variety of cable types and thicknesses. Now multiply those cables and connectors by the number of nodes you will bring online, and you may well be wondering why this stuff is referred to as “wireless”. The diagram on the next page will give you some idea of the ca- bling required for a typical point-to-point link.
    [Show full text]
  • UNIT :II Hardware and Software Requirements for E-Commerce Web Server Meaning • It Refers to a Common Computer, Which Provides
    UNIT :II Hardware and Software Requirements for E-Commerce Web Server Meaning • It refers to a common computer, which provides information to other computers on the internet. • It is either the hardware (the computer) or the software (the computer programs) that stores the digital information (web content) and delivers it through Internet whenever required. The three components to a web server • The Hardware • Operating system software • web server software Website & Internet Utility Programs Meaning of Website • A Website is a collection of related web pages on a web server maintained by any individual or organization. • A website is hosted on web server, accessible via internet or private LAN through an internet address called URL (Uniform Resource Locator). All publicly accessible websites collectively constitute the WWW (world wide web) Meaning of Utility Programs These are software tools to help users in developing, writing and documenting programs (a sequence of instructions to a computer) There are 2 types of utility programs 1) File Management Utilities – it helps in creating, copying, printing, erasing and renaming the files. 2) Program Development Utilities – it is useful in assembler, compiler, linker, locator etc, Website & utility programs include: Electronic Mail – sending & receiving messages globally via internet. Use Net News – it’s a software that enables a group of internet users to exchange their view, ideas, information on some common topic of interest with all members belonging to the group. Ex:-politics, social issues, sports etc. Real Time Chatting – It is an internet program available to users across the net to talk to each other, text messages, video chat and video conference via internet.
    [Show full text]
  • Review Article an Overview of Multiple Sequence Alignments and Cloud Computing in Bioinformatics
    Hindawi Publishing Corporation ISRN Biomathematics Volume 2013, Article ID 615630, 14 pages http://dx.doi.org/10.1155/2013/615630 Review Article An Overview of Multiple Sequence Alignments and Cloud Computing in Bioinformatics Jurate Daugelaite,1 Aisling O’ Driscoll,2 and Roy D. Sleator1 1 Department of Biological Sciences, Cork Institute of Technology,RossaAvenue,Bishopstown,Cork,Ireland 2 Department of Computing, Cork Institute of Technology, Rossa Avenue, Bishopstown, Cork, Ireland Correspondence should be addressed to Roy D. Sleator; [email protected] Received 24 May 2013; Accepted 23 June 2013 Academic Editors: M. Glavinovic and X.-Y. Lou Copyright © 2013 Jurate Daugelaite et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. Multiple sequence alignment (MSA) of DNA, RNA, and protein sequences is one of the most essential techniques in the fields of molecular biology, computational biology, and bioinformatics. Next-generation sequencing technologies are changing the biology landscape, flooding the databases with massive amounts of raw sequence data. MSA of ever-increasing sequence data sets is becoming a significant bottleneck. In order to realise the promise of MSA for large-scale sequence data sets, it is necessary for existing MSA algorithms to be run in a parallelised fashion with the sequence data distributed over a computing cluster or server farm. Combining MSA algorithms with cloud computing technologies is therefore likely to improve the speed, quality, and capability for MSA to handle large numbers of sequences. In this review, multiple sequence alignments are discussed, with a specific focus on the ClustalW and Clustal Omega algorithms.
    [Show full text]
  • High-Performance Computing (HPC) What Is It and Why Do We Care?
    High-Performance Computing (HPC) What is it and why do we care? Partners Funding bioexcel.eu Reusing this material This work is licensed under a Creative Commons Attribution- NonCommercial-ShareAlike 4.0 International License. http://creativecommons.org/licenses/by-nc- sa/4.0/deed.en_US This means you are free to copy and redistribute the material and adapt and build on the material under the following terms: You must give appropriate credit, provide a link to the license and indicate if changes were made. If you adapt or build on the material you must distribute your work under the same license as the original. bioexcel.eu Defining HPC Q: What is high-performance computing? bioexcel.eu Defining HPC Q: What is high-performance computing? A: Using a high-performance computer (a supercomputer)… bioexcel.eu Defining HPC Q: What is a high-performance computer? bioexcel.eu Defining HPC Q: What is a high-performance computer? A: bioexcel.eu Defining HPC Q: What is a high-performance computer? A: a machine that combines a large number* of processors and makes their combined computing power available to use Based fundamentally on parallel computing: using many processors (cores**) at the same time to solve a problem * this number keeps on increasing over time ** define cores vs processors clearly in lecture on hardware building blocks bioexcel.eu Generic Parallel Machine (computer cluster) • Rough conceptual model is a collection of laptops • Connected together by a network so they can all communicate • Each laptop is a laptop1 compute node laptop2
    [Show full text]
  • Path Computation Enhancement in SDN Networks
    Path Computation Enhancement in SDN Networks by Tim Huang Bachelor of Computer Science in ChengDu College of University of Electronic Science and Technology of China, ChengDu, 2011 A thesis presented to Ryerson University in partial fulfillment of the requirements for the degree of Master of Applied Science in the Program of Computer Networks Toronto, Ontario, Canada, 2015 c Tim Huang 2015 AUTHOR’S DECLARATION FOR ELECTRONIC SUBMISSION OF A THESIS I hereby declare that I am the sole author of this thesis. This is a true copy of the thesis, including any required final revisions, as accepted by my examiners. I authorize Ryerson University to lend this thesis to other institutions or individuals for the purpose of scholarly research. I further authorize Ryerson University to reproduce this thesis by photocopying or by other means, in total or in part, at the request of other institutions or individuals for the purpose of scholarly research. I understand that my dissertation may be made electronically available to the public. iii Path Computation Enhancement in SDN Networks Master of Applied Science 2015 Tim Huang Computer Networks Ryerson University Abstract Path computation is always the core topic in networking. The target of the path computation is to choose an appropriate path for the traffic flow. With the emergence of Software-defined networking (SDN), path computation moves from the distributed network nodes to a centralized controller. In this thesis, we will present a load balancing algorithm in SDN framework for popular data center networks and a fault management approach for hybrid SDN networks. The proposed load balancing algorithm computes and selects appropriate paths based on characteristics of data center networks and congestion status.
    [Show full text]
  • The Lee Center for Advanced Networking CALIFORNIA INSTITUTE of TECHNOLOGY 2 the Lee Center Table of Contents
    The Lee Center for Advanced Networking CALIFORNIA INSTITUTE OF TECHNOLOGY 2 the lee center table of contents The Lee Center for Advanced Networking CALIFORNIA INSTITUTE OF TECHNOLOGY introduction ������������������������������������������������������������������������������������������������������������������������������������������4 f o r w a r d ��������������������������������������������������������������������������������������������������������������������������������������������������������������5 research overview Natural Information Networks ���������������������������������������������������������������������������������������������������������������������������������������6 Sense and Respond Systems ����������������������������������������������������������������������������������������������������������������������������������������� 10 The Architecture of Robust, Evolvable Networks ������������������������������������������������������������������������������������������������������� 12 Research in Two-sided Matching Markets ������������������������������������������������������������������������������������������������������������������� 16 Network Equivalence ����������������������������������������������������������������������������������������������������������������������������������������������������� 18 Low-power Data Communication Circuits for Advanced Integrated Systems ���������������������������������������������������������20 Distributed Integrated Circuit Design for the 21st Century ��������������������������������������������������������������������������������������22
    [Show full text]
  • A Layman's Guide to Layer 1 Switching
    White Paper A layman’s guide to Layer 1 Switching The world of network engineering and platforms is complex and full of acronyms and new vocabulary. This guide serves as an introduction to Layer 1 switching, explaining in layman’s terms the OSI model, the functionality of crosspoint switches, the concept of latency, clock and data recovery as well as programmable switches. Great if you are getting started, useful if you are just looking for a quick refresher. The OSI Model The Open Systems Interconnection (OSI) model is a conceptual model that characterizes and standardizes the internal functions of a communication system by partitioning it into abstract layers of functionality. It has been ratified in 1984 and has ever since been a key reference as to how network protocols and devices should communicate and interoperate with each other. The lowest layer of the internal functions of a communication system is known as layer 1, the physical layer. The physical layer consists of the basic networking hardware technologies which transmit data, moving it across the network interface. All of the other layers of a network perform useful functions to create and / or interpret messages sent, but they must all be transmitted down through a layer 1 OSI MODEL device, where they are physically sent out over the network. DATA LAYER The main functions of the physical layer are: DATA APPLICATION • Encoding and Signalling: The physical layer transforms the data from bits that reside within a computer or other device into signals that can be sent over the network as DATA PRESENTATION voltage, light pulses or radio waves that represent ones and zeroes.
    [Show full text]