ESEVO The Time-Triggered Architecture Bernhard Frmel based on - PowerPoint PPT Presentation

ESEVO The Time-Triggered Architecture Frömel ESEVO The Time-Triggered Architecture Bernhard Frömel based on slides by Hermann Kopetz, Christian El-Salloum, and Armin Wasicek. Institute of Computer Engineering Vienna University of Technology - 182.722 Embedded Systems Engineering LU November, 2014 1/59

ESEVO The Time-Triggered Architecture Frömel Concepts Part I Component The Time- Triggered Architecture The Time-Triggered Architecture [3][5] TTA in Research and Industry Current Research 2/59

ESEVO Technological Paradise The Time-Triggered Architecture Frömel Concepts ”[In a] Technological Paradise no acts of God can be permited and everything happens according to the Component blueprints.” [Hannes Alfven] 1 . The Time- Triggered Architecture TTA in Research and Industry Current Research We are not living in a technology paradise! 1 Nobel laureate 3/59

ESEVO Systems, Subsystems, and Components [1] The Time-Triggered Architecture ◮ System: An entity that is capable of interacting with its Frömel environment and may be sensitive to the progression of time. Concepts ◮ Environment of a System: The entities and their actions Component in the Universe of Discourse (UoD) that are not part of a The Time- system but have the capability to interact with the system. Triggered ◮ System Boundary: A dividing line between two systems or Architecture between a system and its environment. TTA in ◮ Subsystem: A subordinate system that is part of an Research and encompassing system. Industry ◮ Component: A subsystem of a system, the internal Current structure of which is of no interest. Research ◮ Cyber-Physical System (CPS): A system consisting of a computer system (the cyber system), a controlled object (a physical system) and possibly of interacting humans. ◮ Real-time system: A computer system which must produce value-correct results within time-constraints. 4/59

ESEVO Architectures and Frameworks [1] The Time-Triggered Architecture Frömel Concepts Component ◮ System Architecture: The blueprint of a design that establishes the overall structure, the major building blocks The Time- Triggered and the interfaces among these major building blocks and Architecture the environment. TTA in ◮ Architectural Style: The set of explicit or implicit rules and Research and conventions that determine the structure and Industry representation of the internals of a system, its data and Current protocols. Research 5/59

ESEVO Interface [1] The Time-Triggered Architecture Frömel Concepts ◮ Interface: A point of interaction of a system with another Component system or with the system environment. The Time- ◮ Behavior: The timed sequence of the effects of input and Triggered output actions that can be observed at an interface of a Architecture system. TTA in ◮ Deterministic Behavior: A system behaves Research and deterministically if, given an initial state at a defined Industry instant and a set of future timed inputs, the future states, Current the values and instants of all future outputs are entailed. Research ◮ Service: The intended behavior of a system. 6/59

ESEVO Time [1] The Time-Triggered Architecture Frömel Concepts Component ◮ Time: A continuous measurable physical quantity in which The Time- events occur in a sequence proceeding from the past to Triggered Architecture the present to the future. TTA in ◮ Instant: A cut of the timeline. Research ◮ Interval: A section of the timeline between two instants. and Industry ◮ Event: A happening [i.e., change of state] on the timeline. Current Research 7/59

ESEVO Data and State [1] The Time-Triggered Architecture Frömel Concepts Component The Time- ◮ State: The state of a system at a given instant is the Triggered totality of the information from the past that can have an Architecture influence on the future behaviour of a system. TTA in ◮ Information: A proposition about the state of or an action Research and in the world. Industry Current Research 8/59

ESEVO Communication [1] The Time-Triggered Architecture Frömel Concepts Component ◮ Message: A data structure that is formed for the purpose The Time- of the timely exchange of information among computer Triggered systems. Architecture ◮ Channel: A logical or physical link that transports TTA in Research information among systems at their connected interfaces. and ◮ Protocol: The set of rules that govern a communication Industry action. Current Research 9/59

ESEVO What is a Component? The Time-Triggered Architecture Frömel ”It is much easier to build a wall with bricks than with Concepts stones.”[Kopetz?] Component The Time- ◮ Component is a building block for the (ideally side-effect Triggered free) construction of larger systems. Architecture ◮ Self-contained hardware-software unit that has behavior TTA in Research and state ( not software alone!). and ◮ Has access to a global sparse time base. Industry ◮ Communicates with its environment solely over its Current Research (external) interfaces by exchange of messages. Purpose: Components process information. 10/59

ESEVO Data versus Information The Time-Triggered Architecture ◮ Data (e.g., a bit pattern) represents information. Frömel ◮ Information can only be retrieved if an explanation is Concepts either explicitly or implicitly (context, shared ontology) Component available. The Time- ◮ Mismatch problem: systems adhering to different Triggered architectural styles interpret data differently (e.g., degrees Architecture Celsius vs. degrees Fahrenheit). TTA in ◮ Concept of Itom [4]: An Itom (Information Atom) is a tuple Research and consisting of data and the associated explanation of the Industry data. Current ◮ Open research: self-describing data, machine interpretable Research explanations that can be used for gateway components . ◮ By the way: what is information? ◮ Information: A proposition about the state of or an action in the world. 11/59

ESEVO Sparse Global Time The Time-Triggered Architecture ◮ Problem: agreement on time and order of observations Frömel originating from different components. Concepts ◮ Establishment of consistent order in asynchronous setting difficult. Component ◮ Global time by local clock synchronization The Time- Triggered ◮ Reasonableness condition: Granule G of global clock must Architecture be larger than precision Π of clock synchronized components. TTA in Research ◮ π/ ∆ -precedence: Events only occur within interval π , but and not in ∆ . Industry ◮ π/ ∆ sparse global time Current ◮ Enforced/agreed π/ ∆ -precedence: interval of activity, Research interval of silence ◮ Exam question (?): Is a 1 / 4 sparse time-base sufficient as a consistent 2 global-time base? 2 Every component that has access to the sparse global time-base arrives at the same temporal order of time-stamped observations, regardless which component has observed and time-stamped a observation. 12/59

ESEVO Interfaces of a Component The Time-Triggered Architecture linking debug Frömel component Concepts config./planning local input/output Component The Time- technology independent technology dependent Triggered interfaces interfaces Architecture ◮ One interface per purpose TTA in ◮ External interfaces Research ◮ Linking Interface (LIF): Offers component’s service to other and Industry components ◮ Utility Interfaces: Configuration/Planning Interface, Current Research Diagnosis Interface, Local I/O Interface ◮ Linking Interface (LIF) as a boundary: ◮ Requires memory to store and check message for validity before it passes interface ◮ Event messages: queue, State message: shadowed memory (memory where two messages fit such that one message is always consistent) 13/59

ESEVO Message Classification The Time-Triggered Architecture Frömel Property Explanation Antonym Concepts valid A message is valid if its checksum and invalid contents are in agreement. Component checked A message is checked at source (or, in not checked short, checked) if it passes the output The Time- assertion. Triggered permitted A message is permitted with respect to not permitted Architecture a receiver if it passes the input asser- tion of that receiver. TTA in timely A message is timely if it is in agree- untimely Research ment with the temporal specification. and value-correct A message is value-correct if it is in not value-correct Industry agreement with the value specifica- Current tion. Research correct A message. is correct if it is both timely incorrect and value-correct. insidious A message is insidious if it is permitted not insidious but incorrect. 14/59