mixed criticality systems view from the industry side
play

Mixed Criticality Systems view from the industry side MAXI M - PowerPoint PPT Presentation

Nov 13, 2023 •47 likes •287 views

Mixed Criticality Systems view from the industry side MAXI M Cristia n Airb us Ope ra tio ns S.A.S Da g stuhl Se mina r - 27/ 03/ 2017 Criticality (notions) itic ality is a de sig na tio n o f the le ve l o f a ssura nc e Cr a g

  1. Mixed Criticality Systems – view from the industry side MAXI M Cristia n Airb us Ope ra tio ns S.A.S Da g stuhl Se mina r - 27/ 03/ 2017

  2. Criticality (notions) itic ality is a de sig na tio n o f the le ve l o f a ssura nc e Cr • a g a inst fa ilure ne e de d fo r a syste m c o mpo ne nt. – Sa fe ty inte g rity le ve l SIL • F o r a vio nic s so ftwa re o Be fo re 2012 – DO 178B • Afte r 2012 – DO 178C • DO 178C is a n upda te d ve rsio n o f DO178B • F o r a vio nic s ha rdwa re o DO254 • – De sig n Assura nc e L e ve l DAL •

  3. DAL – Design Assurance Level De te rmine d fro m the sa fe ty a sse ssme nt pro c e ss • a nd ha za rd a na lysis (ARP4761) Failure With Level Objectives Failure Rate condition independence 10 -9 /h A Catastrophic 71 (66) 33 (25) 10 -7 /h B Hazardous 69 (65) 21 (14) 10 -5 /h C Major 62 (57) 8 (2) 10 -3 /h D Minor 26 (28) 5 (0) E No Safety Effect 0 (0) 0 (0) n/a *with inde pe nde nc e = se pa ra tio n o f re spo nsib ilitie s in the • ve r ific ation and validation pr oc e ss

  4. Objectives Distribution in DO-178B 45 DAL A 40 DAL B 35 DAL C 30 DAL D 25 20 15 10 5 0 Planning Dev. Verif. CM QA Cert.

  5. Examples DO-178C Safety Levels e ve ls C&D Sa fe ty- Critic a l L e ve ls A&B Sa fe ty- Critic a l L Anti-missile de fe nse • F ly-b y-wire c o ntro ls • Da ta mining • Auto -pilo t • He a lth mo nito ring • Air-tra ffic Se pa ra tio n Co ntro l • Missio n pla nning a nd • Gla ss Co c kpit I nfo rma tio n Displa y • imple me nta tio n Ra da r • Missio n simula tio n a nd tra ining • Je t E ng ine Co ntro l • Ne two rk-c e ntric o pe ra tio n • I F F (frie nd o r fo e ) • Re a l-time da ta re c o rding a nd • Missile g uida nc e • a na lysis Missile la unc h • Se lf-he a ling c o mmunic a tio n • Missile se lf-de struc t ne two rks • T e le me try • We a po ns ta rg e ting •

  6. System development process

  7. Relations ARP-DO

  8. Why Vestal’s model doesn’t fit to avionics (industry) Vestal Industry Criticality applies to a task The criticality is given to a function (a system-level property) Multiple WCET values for higher One WCET value is given for criticality tasks certification Better CPU usage is obtained through Difficulty in implementation of a the existence of C LO scheduling tasks having different WCETs (partition allocation) Failure in timing assumption of high Spatial isolation doesn’t allow failures criticality tasks result in dropping in a function to affect any other lower criticality tasks function Criticality mode change in the case of Functions are given a certain criticality time violations according to its SIL and any change of its criticality is subject to a new certification procedure

  9. Bridge between MCS research and practice titioning fo r (sa fe ty) a ssura nc e vs. shar ing fo r par • e ffic ie nt re so urc e usa g e IMA – I nte g ra te d Mo dula r Avio nic s • a ult isola tion : a fa ult in a n a pplic a tio n must no t pro pa g a te to o the r F o a pplic a tio ns. Any fa ult must b e ha ndle d e ithe r b y the fa iling a pplic a tio n itse lf o r b y the syste m. Spa tia l isola tion : a pplic a tio ns must e xe c ute in inde pe nde nt physic a l o me mo ry a ddre ss spa c e s. T he syste m must c o ntro l tha t a pplic a tio ns c a nno t a c c e ss a ny me mo ry a re a s tha t ha ve no t b e e n spe c ific a lly a llo c a te d to the m. e mpora l isola tion : the re a l-time b e ha vio r o f a n a pplic a tio n must b e T o c o rre c t inde pe nde ntly o f the e xe c utio n o f o the r a pplic a tio ns. T he a llo c a tio n o f the syste m re so urc e s to a n a pplic a tio n is no t influe nc e d b y o the rs, a nd c a n b e a na lyze d in a inde pe nde nt wa y

  10. IMA Concept Conventional Avionics IMA Avionics FWS (Flight Warning) FW FCDC Avionics Functions FCDC (Flight Computer WBBC Data Concentrator) WBBC (Weight and Balance Backup Computer) Splitting up of avionics functions into applications then integrated on shared IMA resources

  11. IMA Concept Co nve ntio na l a vio nic s: • o Ge ne ra lly spe a king , fo r a g ive n syste m, e a c h supplie r re spo nsib le fo r the de ve lo pme nt o f o ne o r se ve ra l func tio ns pro vide s a c o mpute r o T his me a ns tha t e a c h supplie r pe rfo rms the fo llo wing de ve lo pme nts: I nputs/ Outputs c a rds • Po we r supply c a rd • Pro c e ssing c a rd • Built-in te st e q uipme nt So ftwa re de ve lo pme nt pla tfo rm • Mo dula r a vio nic s: • o I mple me nta tio n o f se ve ra l func tio ns sha ring the c o mpute r re so urc e s Pro c e ssing Re so urc e (CPU time ) • Me mo ry • I nput/ Output c a pa c ity •

  12. IMA - Example

  13. IMA Concept - Partitioning • Pa rtitio ning = func tio na l se pa ra tio n o f a vio nic s a pplic a tio ns o Spa c e : SPAT I AL (Me mo ry) pa rtitio ning o T ime : T E MPORAL pa rtitio ning o I / Os : Co mmunic a tio n b use s pa rtitio ning • F a ult c o nta inme nt • I nc re me nta l De ve lo pme nt • I nc re me nta l Ve rific a tio n a nd Ce rtific a tio n • Ro b ust pa rtitio ning a llo ws c o ha b ita tio n o f so ftwa re o f multiple c ritic a lity le ve ls

  14. IMA Concept : Spatial Partitioning • E nsure s re stric te d a c c e sse s to me mo ry a re a s • Pa rtitio ning b e twe e n o Avio nic s a pplic a tio ns o Applic a tio n a nd Co re So ftwa re • Me mo ry pro te c tio n pro vide d b y me c ha nism imple me nte d in o Pro c e sso r ( Po we rPC MMU tha nks to pa g e ta b le s a nd BAT s ) o CPU b o a rd c hipse t ( De dic a te d Me mo ry Co ntro lle r Pro te c tio n Re g iste rs )

  15. IMA Concept : Temporal Partitioning T he te mpo ra l pa rtitio ning is e nsure d b y a • me c ha nism na me d SL I CE R De te rministic sc he duling me tho do lo g y b a se d o n • sta tic c o nfig ura tio n file s Uninte rrupte d a c c e ss to c o mmo n re so urc e s during • a ssig ne d time pe rio ds o f pa rtitio ns

  16. Partitions: Major Frames (MAF) A pa rtitio n ha s 2 te mpo ra l fe a ture s: • o Pe rio d o Dura tio n A ma jo r fra me (MAF ) o f fixe d dura tio n is pe rio dic a lly re pe a te d • o E a c h pa rtitio n is a c tiva te d a t le a st o nc e pe r MAF o MAF : multiple o f a ll the pa rtitio n pe rio ds P3 period P2 period P1 period P2 P1 P2 P1 P3 P2 P1 P2 P1 P3 MAF MAF P2 : Partition 2 P3 : Partition 3 P1 : Partition 1

  17. Partitions: Minor Frames (MIF) al Mino r F ra me s (MI F s) A MAF is c ompose d of one or se ve r • MAF = n * MIF MI F s dura tio n : fixe d b ut c o nfig ura b le a nd pe rio dic a lly re pe a te d • ime Window : 0, 1 o r se ve ra l CPU time slic e s within a MI F Par tition T •

  18. Process – Properties Pro c e ss = Pro g ra mming unit c o nta ine d within a pa rtitio n whic h • e xe c ute s c onc ur e ntly with o the r pro c e sse s o f the sa me r pa rtitio n E q uiva le nt o f a syste m’ s ta sk • No t visib le o utside o f the pa rtitio n • Cre a te d a nd initia lize d a t pa rtitio n initia liza tio n time • Sta rte d/ Sto ppe d during pa rtitio n init pro c e ss o r during • NORMAL mo de E a c h pro c e ss ha s a prio rity le ve l, pro c e sse s c a n sha re the • sa me prio rity le ve l T he pro c e ss in the re a dy sta te with the hig he st c urre nt prio rity • is a lwa ys e xe c uting while the pa rtitio n is a c tive Any pro c e ss c a n b e pre e mpte d • b y a pro c e ss with a hig he r c urre nt prio rity o b y a pa rtitio n time slic e e xpira tio n o b y a sync hro no us e rro r e xc e ptio n o

  19. Process – Management Pro c e ss b e ha vio r ma y b e : • Sync hro no us (pe rio dic ): pro c e ss pe rio d is a multiple o f the pa rtitio n o pe rio d it b e lo ng s to Async hro no us (a pe rio dic ) o Bo th type s o f pro c e sse s c a n c o -e xist in the sa me • pa rtitio n Pro c e ss ma na g e me nt is e nsure d b y the sc he dule r • me c ha nism Sc he duling a lg o rithm : prio rity pre e mptive • a c c o rding to the pre e mptio n le ve l o f the pa rtitio n

  20. Process – Management If a process within a section of code is interrupted by the end of a partition • window (slice), it is guaranteed to be the first to execute when the partition is resumed ( if not preempted by another higher priority process ). The execution context is saved and restored upon each process switch. •

  21. Process - Time Management T ime c a pa c ity = time g ive n to a pro c e ss to me e t its pro c e ssing • re q uire me nts De a dline fo r a pe rio dic pro c e ss = re le a se po int + time c a pa c ity • De a dline fo r a n a pe rio dic pro c e ss = • o c urre nt time + time c a pa c ity whe n pa rtitio n sta tus e nte rs NORMAL _MODE o c urre nt time + b udg e t time upo n RE PL E NISH_APE RI ODI C c a ll A de a dline ma y o c c ur e ve n whe n the pro c e ss is no t running • (inside o r o utside the pa rtitio n windo w) A de a dline is o nly ha ndle d inside a pa rtitio n windo w o f its o wn • pa rtitio n A de a dline misse d sha ll b e a sso c ia te d to a sa nc tio n lo c a l to the • pa rtitio n

  22. Periodic process deadlines

  23. Aperiodic process deadlines

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Mixed Criticality A Personal View Alan Burns Contents Some discussion on the notion of mixed

Mixed Criticality A Personal View Alan Burns Contents Some discussion on the notion of mixed

Mixed Criticality A Personal View Alan Burns Contents Some discussion on the notion of mixed criticality A brief overview of the literature An augmented system model Open issues (as I see it) What is Criticality A

568 views • 25 slides
Programming with Time for Mixed Criticality Systems Dagstuhl Seminar, March 16-20, 2015 Mixed

Programming with Time for Mixed Criticality Systems Dagstuhl Seminar, March 16-20, 2015 Mixed

Programming with Time for Mixed Criticality Systems Dagstuhl Seminar, March 16-20, 2015 Mixed Criticality on Multicore/Manycore Platforms David Broman Associate Professor, KTH Royal Institute of Technology Assistant Research Engineer,

202 views • 6 slides
AdaptMC A Control-Theoretic Approach for Achieving Resilience in Mixed-Criticality Systems

AdaptMC A Control-Theoretic Approach for Achieving Resilience in Mixed-Criticality Systems

AdaptMC A Control-Theoretic Approach for Achieving Resilience in Mixed-Criticality Systems Alessandro V. Papadopoulos, Enrico Bini, Sanjoy Baruah, Alan Burns Embedded system ! 2 Mixed-criticality system C Each task has its Monitoring

456 views • 27 slides
Mixed Criticality Systems: Beyond Transient Faults Abhilash Thekkilakattil, Alan Burns, Radu

Mixed Criticality Systems: Beyond Transient Faults Abhilash Thekkilakattil, Alan Burns, Radu

Mixed Criticality Systems: Beyond Transient Faults Abhilash Thekkilakattil, Alan Burns, Radu Dobrin and Sasikumar Punnekkat Motivation and Contribution State of the art of mixed criticality scheduling mainly focuses on WCET overruns WCET

258 views • 23 slides
State-Based Mode Switching with Applications to Mixed-Criticality Systems Pontus Ekberg , Martin

State-Based Mode Switching with Applications to Mixed-Criticality Systems Pontus Ekberg , Martin

State-Based Mode Switching with Applications to Mixed-Criticality Systems Pontus Ekberg , Martin Stigge, Nan Guan & Wang Yi Uppsala University, Sweden WMC 2013 Mixed Criticality as Mode Switching At a switch between modes (e.g., lo to hi),

627 views • 48 slides
A Practical Degradation Model for Mixed Criticality Systems Vijaya Kumar Sundar, Arvind Easwaran

A Practical Degradation Model for Mixed Criticality Systems Vijaya Kumar Sundar, Arvind Easwaran

A Practical Degradation Model for Mixed Criticality Systems Vijaya Kumar Sundar, Arvind Easwaran Nanyang Technological University (NTU), Singapore May 8, 2019 Research Outline Research Objective: A new degradation model for Mixed Criticality

1.02k views • 87 slides
mixed criticality systems (Experience from MultiPARTES, DREAMS and PROXIMA FP7) Dr. Jon Perez

mixed criticality systems (Experience from MultiPARTES, DREAMS and PROXIMA FP7) Dr. Jon Perez

Road to certification in multicore partitioned mixed criticality systems (Experience from MultiPARTES, DREAMS and PROXIMA FP7) Dr. Jon Perez Dr. Alfons Crespo November 04 th , 2014. Berlin. AUTOSAR Working Group Agenda Introduction

595 views • 31 slides
The Feasibility Analysis of Mixed-Criticality Systems Saravanan Ramanathan, Xiaozhe Gu, Arvind

The Feasibility Analysis of Mixed-Criticality Systems Saravanan Ramanathan, Xiaozhe Gu, Arvind

Motivation Open Problem Possible Solution Design Methodology The Feasibility Analysis of Mixed-Criticality Systems Saravanan Ramanathan, Xiaozhe Gu, Arvind Easwaran Nanyang Technological University, Singapore July 5, 2016 NTU RTSOPS2016 1

1.67k views • 18 slides
Mixed-Criticality Systems with Permitted Failure Probability Zhishan Guo , Luca Santinelli * , and

Mixed-Criticality Systems with Permitted Failure Probability Zhishan Guo , Luca Santinelli * , and

EDF Schedulability Analysis on Mixed-Criticality Systems with Permitted Failure Probability Zhishan Guo , Luca Santinelli * , and Kecheng Yang Department of Computer Science, UNC Chapel Hill *ONERA The French Aerospace Lab at Toulouse The

432 views • 42 slides
Guaranteeing some service upon mode switch in mixed-criticality systems Zhishan Guo Department

Guaranteeing some service upon mode switch in mixed-criticality systems Zhishan Guo Department

Guaranteeing some service upon mode switch in mixed-criticality systems Zhishan Guo Department of Computer Science, Missouri S&T Presented at Dagstuhl Seminar 17131 Mar. 28, 2017 MC & Vestals Interpretation MC: functionalities

570 views • 15 slides
Non Preemptive Scheduling of Periodic Mixed Criticality Real-Time Systems Jasdeep Singh, Luca

Non Preemptive Scheduling of Periodic Mixed Criticality Real-Time Systems Jasdeep Singh, Luca

Non Preemptive Scheduling of Periodic Mixed Criticality Real-Time Systems Jasdeep Singh, Luca Santinelli, Federico Reghenzani Konstantinos Bletsas, Zhishan Guo Outline Real-time systems Probabilistic Real-time systems Mixed

573 views • 11 slides
Mixed Criticality Systems and Multicore Roman Obermaisser Agenda 09:00 09:30 Welcome and

Mixed Criticality Systems and Multicore Roman Obermaisser Agenda 09:00 09:30 Welcome and

Mixed Criticality Systems and Multicore Roman Obermaisser Agenda 09:00 09:30 Welcome and Introductions Prof Dr Roman Obermaisser, University of Siegen Short keynote address Prof Dr Heinrich Daembkes, ARTEMIS IA President The

671 views • 12 slides
Availability Enhancement and Analysis for Mixed-Criticality Systems on Multi-core Roberto MEDINA,

Availability Enhancement and Analysis for Mixed-Criticality Systems on Multi-core Roberto MEDINA,

Availability Enhancement and Analysis for Mixed-Criticality Systems on Multi-core Roberto MEDINA, Etienne BORDE, Laurent PAUTET Design, Automation & Test Europe March 22nd 2018 Overview Research and Industrial Context 1

227 views • 21 slides
Uniprocessor scheduling of mixed-criticality implicit-deadline sporadic task systems with K levels

Uniprocessor scheduling of mixed-criticality implicit-deadline sporadic task systems with K levels

Uniprocessor scheduling of mixed-criticality implicit-deadline sporadic task systems with K levels Sanjoy Baruah 1 Vincenzo Bonifaci 2 Gianlorenzo DAngelo 3 Haohan Li 6 Alberto Marchetti-Spaccamela 4 Suzanne Van Der Ster 5 Leen Stougie 5 1 The

541 views • 29 slides
Mixed-Criticality Systems Based on Time- Triggered Ethernet with Multiple Ring Topologies

Mixed-Criticality Systems Based on Time- Triggered Ethernet with Multiple Ring Topologies

Mixed-Criticality Systems Based on Time- Triggered Ethernet with Multiple Ring Topologies University of Siegen Mohammed Abuteir, Roman Obermaisser Naturwissenschaftlich-Technische Fakultt Department Elektrotechnik und Informatik / Embedded

433 views • 21 slides
Bounding and Shaping the Demand of Mixed-Criticality Sporadic Tasks Pontus Ekberg & Wang Yi

Bounding and Shaping the Demand of Mixed-Criticality Sporadic Tasks Pontus Ekberg & Wang Yi

Bounding and Shaping the Demand of Mixed-Criticality Sporadic Tasks Pontus Ekberg & Wang Yi Uppsala University, Sweden ECRTS 2012 Mixed-criticality sporadic tasks D i : Relative deadline T i : Period L i : Criticality (lo or hi) Pontus

801 views • 39 slides
DEVELOPING INDUSTRY AND BILATERAL COOPERATION THROUGH INNOVATION THE AERONAUTICS CASE Anderson

DEVELOPING INDUSTRY AND BILATERAL COOPERATION THROUGH INNOVATION THE AERONAUTICS CASE Anderson

DEVELOPING INDUSTRY AND BILATERAL COOPERATION THROUGH INNOVATION THE AERONAUTICS CASE Anderson Correia, Reitor ITA Aeronautics Institute of Technology Anders Blom, Director INNOVAIR Swedish Strategic Innovation Program for Aeronautics

726 views • 17 slides
Beyond r-process: The Cocoon emission in the early macronova in GW170817 Hamid Hamidani,

Beyond r-process: The Cocoon emission in the early macronova in GW170817 Hamid Hamidani,

Beyond r-process: The Cocoon emission in the early macronova in GW170817 Hamid Hamidani, Kunihito Ioka, & Kenta Kiuchi 2019 5 22 24 r Review Fernandez Metzger 2016 Numerical

445 views • 25 slides
Using the Merit Badge Workbook, follow the instructions to fill out parts of the FIVE sections 1.

Using the Merit Badge Workbook, follow the instructions to fill out parts of the FIVE sections 1.

Using the Merit Badge Workbook, follow the instructions to fill out parts of the FIVE sections 1. Do the following: a. b. c. d. e. = 5 2. Do TWO of the following: a. b. c. d. e. f. = 2 3. Do ONE of the following: a. b. = 1

853 views • 64 slides
Mechanism Feasibility Design Task Dr. James Gopsill Design & Manufacture 2 Mechanism

Mechanism Feasibility Design Task Dr. James Gopsill Design & Manufacture 2 Mechanism

2017 Mechanism Feasibility Design Task Dr. James Gopsill Design & Manufacture 2 Mechanism Feasibility Design 1 Lecture 3 2017 Contents 1. Last Week 2. The Convertible Roof System 3. Boundary Calculations 4. Modelling the

492 views • 31 slides
HOW V VIRTUAL BEC ECOMES R REA EAL Post-forming a timber gridshell with Kangaroo (G_02.1)

HOW V VIRTUAL BEC ECOMES R REA EAL Post-forming a timber gridshell with Kangaroo (G_02.1)

HOW V VIRTUAL BEC ECOMES R REA EAL Post-forming a timber gridshell with Kangaroo (G_02.1) Issues in technology (2014) - Photo by Helene Detje

275 views • 11 slides
Kangaroo: An Efficient Constraint-Based Local Search System Using Lazy Propagation M.A.Hakim

Kangaroo: An Efficient Constraint-Based Local Search System Using Lazy Propagation M.A.Hakim

Kangaroo: An Efficient Constraint-Based Local Search System Using Lazy Propagation M.A.Hakim Newton 1 , 2 , Duc Nghia Pham 1 , 2 , Abdul Sattar 1 , 2 , Michael Maher 1 , 3 , 4 1 National ICT Australia, 2 IIIS, Griffith University 3 CSE, University

427 views • 26 slides
ConversationStory! Fri Dec 8 11:08:37 CST 2017 github: ConversationStory! Dr Bean (

ConversationStory! Fri Dec 8 11:08:37 CST 2017 github: ConversationStory! Dr Bean (

ConversationStory! Fri Dec 8 11:08:37 CST 2017 github: ConversationStory! Dr Bean ( ) Recording 30 seconds. Each person must tell his/her story and answer 2 Uploading files If you cant find your partner, do it with someone

181 views • 4 slides
Conditionals: between language and reasoning Class 1 - Introduction

Conditionals: between language and reasoning Class 1 - Introduction

Conditionals: between language and reasoning Class 1 - Introduction www.ivanociardelli.altervista.org/conditionals ivano.ciardelli@lmu.de Two switches Imagine a long hallway with a light in the middle and with two switches, one at each end.

1.37k views • 57 slides

More recommend