Figure 5 - uploaded by Stephane Louise
Content may be subject to copyright.
Contexts in source publication
Context 1
... latter can then extract the message. Figure 5 shows the same example as Figure 4, but with agents communicating through a local area network (LAN). A network deadline ND is set to precede visibility date t0, thereby freeing a network window (defined here by the gray rectangle). ...
Context 2
... segment is attributed to a single agent and is statically sized offline according to transmission needs (see Figure 7). When the SEND instruction is processed, these segments are "filled" with letters from the system layer of the appropriate agent (in Figure 5, this corresponds to the actual delay s). Such a mechanism enables allocation of independent static bandwidths and ensures data flow control for each agent. ...
Context 3
... order to limit its impact on the system, it is namely performed at several independent intervals by producer agents in their own execution context. Taking the same example as in Figure 5, this corresponds to an extension of actual delay s. Pilot's temporal impact on the system is then significantly decreased. ...
Similar publications
![Figure 4: M = 4, η MAX = 4, rsf = 0.5, n ∈ [2, 10], N R = 5.](profile/Alessandro-Biondi/publication/308703560/figure/fig3/AS:634815963463688@1528363328759/M-4-e-MAX-4-rsf-05-n-2-10-N-R-5_Q320.jpg)
![Figure 5: M = 4, ψ = 0.5, rsf = 0.5, n ∈ [2, 10], N R = 5.](profile/Alessandro-Biondi/publication/308703560/figure/fig5/AS:634815963471873@1528363328799/M-4-ps-05-rsf-05-n-2-10-N-R-5_Q320.jpg)
![Figure 5: Train scheduling and re-routing scheme [D'Ariano08]](profile/Andrea-Dariano/publication/259012500/figure/fig4/AS:667781498404870@1536222924214/Train-scheduling-and-re-routing-scheme-DAriano08_Q320.jpg)
Citations
... Such isolation properties are the result of an imple-mentation process, but sometimes they are required at the specification level on partitioning units such as applications [7] or tasks [82]. Such specification-level isolation requirements constrain the implementation process. ...
... [7,80]) and programming languages (e.g. [82]), as well as the parallel implementation methods cited above provide dedicated constructs to enforce isolation properties. ...
The implementation of hard real-time systems involves a lot of steps that are traditionally manual. The growing complexity of such systems and hardware platforms on which they are executed makes increasingly difficult to ensure the correctness of those steps, in particular for the timing properties of the system on multi-core platform. This leads to the need for automation of the whole implementation process. In this thesis, we provide a method for automatic parallel implementation of real-time systems. The method bridge the gap between real-time systems implementation and compilation by integrating parallelization, scheduling, memory allocation, and code generation around a precise timing model and analysis that rely on strong hypothesis on the execution platform and the form of the generated code. The thesis also provides an implementation model for dataflow multithreaded software. Using the same formal ground as the first contribution, the dataflow synchronous formalisms, the model represents multithreaded implementations in a Lustre-like language extended with mapping annotations. This model allows formal reasoning on the correctness of all the mapping decisions used to build the implementation. We propose an approach toward the proof of correctness of the functionality of the implementation with respect to the functional specifications.
... Based on Time-Triggered Approach [77], Oasis [24,87] is a framework dedicated to model and implement safety-critical real-time systems. An Oasis application is defined as a set of parallel communicating tasks called agents. ...
Real-time embedded systems change our lives on a daily basis. Their complexity is increasing with the diversity of their applications and the improvements in processor architectures. These systems are usually multi-periodic, since their components communicate with each other at different rates. Real-time systems are often critical to human lives, their malfunctioning could lead to catastrophic consequences. Therefore, one of the major challenges faced by academic and industrial communities is the efficient use of powerful and complex platforms, to provide optimal performance and meet the time constraints. Real-time system can be found in autonomous systems, such as air-planes, self-driving cars and drones. In this context, our study focuses on modeling and scheduling critical real-time systems using data flow formalisms. The contributions of this thesis are threefold: First, we define a general and intuitive communication model within multi-periodic systems. We demonstrate that the communications between multi-periodic tasks can be directly expressed as a particular class of “Synchronous Data Flow Graph” (SDFG). The size of this latter is equal to the communication graph size. Moreover, the SDFG model has strong mathematical background and software analysis tools which provide a compromise between the application expressiveness and analyses. Then, the SDFG model allows precise definition of the latency. Accordingly, we express the latency between two communicating tasks using a closed formula. In the general case, we develop an exact evaluation method to calculate the worst case system latency from a given input to a connected outcome. Then, we frame this value using two algorithms that compute its upper and lower bounds. Finally, we show that these bounds can be computed using a polynomial amount of computation time, while the time required to compute the exact value increases linearly according to the average repetition factor. Finally, we address the mono-processor scheduling problem of non-preemtive strictly periodic systems subject to communication constraints. Based on the SDFG theoretical results, we propose an optimal algorithm using MILP formulations. The scheduling problem is known to be NP-complete in the strong sense. In order to solve this issue, we proposed three heuristics: linear programming relaxation, simple and ACAP heuristics. For the second and the third heuristic if no feasible solution is found, a partial solution is computed.
... The Oasis [27,77,78] environment provides a framework for implementing multi-task safety-critical real-time systems. In Oasis, an application is a set of parallel communicating tasks called agents. ...
The increasing complexity of embedded applications in modern cars has increased the need of computing power. To meet this need, the European automotive standard AUTOSAR has introduced the use of \multicore platforms. However, \multicore platform for critical automotive applications raises several issues. In particular, it is necessary to respect the functional specification and to guarantee deterministically the data exchanges between cores. In this thesis, we consider multi-periodic systems specified and validated with \mat. So, we developed a framework to deploy \mat applications on AUTOSAR \multicore. This framework guarantees the functional and temporal determinism and exploits the parallelism. Our contribution is threefold. First, we identify the communication mechanisms in \mat. Then, we prove that the dataflow in a multi-periodic \mat system is modeled by a SDFG. The SDFG formalism is an excellent analysis tool to exploit the parallelism. In fact, it is very popular in the literature and it is widely studied for the deployment of dataflow applications on multi/many-core. Then, we develop methods to realize the dataflow expressed by the SDFG in a preemptive \rt scheduling. These methods use theoretical results on SDFGs to guarantee deterministic precedence constraints without using blocking synchronization mechanisms. As such, both the functional and temporal determinism are guaranteed. Finally, we characterize the impact of dataflow requirements on tasks. We propose a partitioning technique that minimizes this impact. We show that this technique promotes the construction of a partitioning and a feasible scheduling when it is used to initiate multi-objective research and optimization algorithms. %As such, we reduce the number of design iterations and shorten the design time.
... Regarding the target implementation, we consider PharOS [9] framework. It is an extension of the OA-SIS framework [31,36,67,68] implemented for the automotive applications. Oasis and PharOS implementations comprise a programming language ΨC (Parallel synchronous C), which is an extension of C. ...
... PharOS [9] is an extension of the OASIS framework [31,36,67,68] implemented for the automotive applications. It consists in a framework for safety-critical real-time systems, based on the time-triggered paradigm. ...
In hard real-time embedded systems, design and specification methods and their associated tools must allow development of temporally deterministic systems to ensure their safety. To achieve this goal, we are specifically interested in methodologies based on the Time-Triggered (TT) paradigm. This paradigm allows preserving by construction number of properties, in particular, end-to-end real-time constraints. However, ensuring correctness and safety of such systems remains a challenging task. Existing development tools do not guarantee by construction specification respect. Thus, a-posteriori verification of the application is generally a must. With the increasing complexity of embedded applications, their a-posteriori validation becomes, at best, a major factor in the development costs and, at worst, simply impossible. It is necessary, therefore, to define a method that allows the development of correct-by-construction systems while simplifying the specification process.High-level component-based design frameworks that allow design and verification of hard real-time systems are very good candidates for structuring the specification process as well as verifying the high-level model.The goal of this thesis is to couple a high-level component-based design approach based on the BIP (Behaviour-Interaction-Priority) framework with a safety-oriented real-time execution platform implementing the TT approach (the PharOS Real-Time Operating System). To this end, we propose an automatic transformation process from BIPmodels into applications for the target platform (i.e. PharOS).The process consists in a two-step semantics-preserving transformation. The first step transforms a BIP model coupled to a user-defined task mapping into a restricted one, which lends itself well to an implementation based on TT communication primitives. The second step transforms the resulting model into the TT implementation provided by the PharOS RTOS.We provide a tool-flow that automates most of the steps of the proposed approach and illustrate its use on an industrial case study for a flight Simulator application and a medium voltage protection relay application. In both applications, we compare functionalities of both original, intermediate and final model in order to confirm the correctness of the transformation. For the first application, we study the impact of the task mapping on the generated implementation. And for the second application, we study the impact of the transformation on some performance aspects compared to a manually written version.
... In our framework, systems consist of components represented as timed automata that may synchronize on particular actions to coordinate their activities. Timed automata are strictly more expressive [3] than time-deterministic systems considered in time-triggered approaches [4][5][6][7]. Our framework also differs from the one proposed in [8] and [9] by considering not only binary, but also multiparty (n-ary) synchronizations, a.k.a. ...
... Oasis [21][22][23][24] is a framework for safety-critical real-time systems, based on a time-triggered architecture. Oasis is a framework encompassing models, methodologies, and tools for the development of embedded critical software exhibiting completely deterministic temporal behavior. ...
Correct distributed implementation of real-time systems has always been a challenging task. The coordination of components executing on a distributed platform has to be ensured by complex communication protocols taking into account their timing constraints. In this thesis, we propose rigorous design flow starting from a high-level model of an application software in BIP (Behavior, Interaction, Priority) and leading to a distributed implementation. The design flow involves the use of model transformations while preserving the functional properties of the original BIP models. A BIP model consists of a set of components synchronizing through multiparty interactions and priorities. Our method transforms high-level BIP models into Send/Receive models that operate using asynchronous message passing. The obtained models are directly implementable on a given platform. We present three solutions for obtaining Send/Receive BIP models. -In the first solution, we propose Send/Receive models with a centralized scheduler that implements interactions and priorities. Atomic components of the original models are transformed into Send/Receive components that communicate with the centralized scheduler via Send/Receive interactions. The centralized scheduler is required to schedule interactions under some conditions defined by partial state models. Those models represent high-level representation of parallel execution of BIP models. - In the second solution, we propose to decentralize the scheduler. The obtained Send/Receive models are structured in 3 layers: (1) Send/Receive atomic components, (2) a set of schedulers each one handling a subset of interactions, and (3) a set of components implementing a conflict resolution protocol. With the above solutions, we assume that the obtained Send/Receive models are implemented on platforms that provide fast communications (e.g. multi-process platforms) to meet perfect synchronization in components. This is because the obtained schedulers are modeled such that interactions scheduling corresponds exactly to execution in components. - In the third solution, we propose Send/Receive models that execute correctly even if communications are not fast enough. This solution is based on the fact that schedulers plan interactions execution and notify components in advance. In order to plan correctly the interactions, we show that the schedulers are required to observe additional components, in addition to the ones participating in the interactions. We present also a method to optimize the number of observed components, based on the use of static analysis techniques. From a given Send/Receive model, we generate a distributed implementation where Send/Receive interactions are implemented by TCP sockets. The experimental results on non trivial examples and case studies show the efficiency of our design flow.
... This is done by means of a programmable electronic system to achieve some standardization requirements and not with electromechanical devices. We make an original approach in the lift eco-system, which uses a deterministic operating system [1] from Krono-safe Company (spin off CEA). To ensure the safety of people transportation, system availability should be considered behind the relevant safety. ...
As part of new lift control generation, we will analyze a transition case from an electrical/electro-mechanical components to a networked control system. The main element we focus on in the lift system is the safety chain. This paper will describe the analysis of dependability requirements (IEC 61508) for the next electronic lift control.
... Therefore and from the programming model point of view, OASIS can be transparently extended to various architectures without requiring changes in the software architectures of applications. For instance, the OASIS approach have been extended from mono-processor to distributed [26] or SMP architectures [27] transparently from the application developer point of view. All low-level details such as network scheduling or allocation of cores to agents is managed by the OASIS tool chain and its associated kernel. ...
The complexity of modern embedded systems increases as they incorporate new concerns such as distribution and mobility. These new features need to be considered as early as possible in the software development life cycle. Model driven engineering promotes an intensive use of models and is now widely seen as a solution to master the development of complex systems such as embedded ones. Component-based software engineering is another major trend that gains acceptance in the embedded world because of its properties such as reuse, modularity, and flexibility.
This article proposes the Flex-eWare component model (FCM) for designing and implementing modern embedded systems. The FCM unifies model driven engineering and component-based software engineering and has been evaluated in several application domains with different requirements: wireless sensor networks, distributed client/server applications, and control systems for electrical devices. This approach highlights a new concept: flexibility points that arise at several stages of the development process, that is, in the model (design phase), in the execution platform, and during the execution itself. This flexibility points are captured with model libraries that can extend the FCM. Copyright
... On the other hand, the second software platform PharOS originates from OASIS [5], a set of tools for the development and execution of hard real-time applications developed to fulfill the needs of the nuclear industry and thus needed to comply with the highest nuclear safety level. [6]. ...
The migration of many vehicle security features from mechanical solutions (lock and key) to electronic based systems (transponder and RF transceiver) has led to the need for purely electrically operated locking mechanisms. One such an example is a steering column lock, which locks and unlocks the steering wheel movement via a reversible electric motor. The safety case for this system (in respect to ISO26262) is highly complex, as there is no single safe state of the steering column lock hardware because there is a wider system level interlock required. The employed control platform uses ASIL D capable multicore microcontroller hardware, together with the first implementation of AutoSAR® version 4.0 operating system to demonstrate a real world usage of the newly specified encapsulation and monitoring mechanisms using the multicore extensions of AutoSAR and those of PharOS. This paper describes a brief outline of the example steering column lock, the main safety goals, the safety case, the safety architecture employed (hardware and software), and the verification and validation of the mechanisms employed. Finally, a short summary will be made of the issues discovered and the workarounds employed to be able to achieve the defined safety goals and reaction times.
... Note that independent does not mean that we cannot handle communication: for example, the synchronization problem is possibly solved using lock-free mechanisms. As we will see in section 3, our work can be extended to more general task models such as the OASIS task model [10]. ...
... Also, the issue of optimizing the memory footprint of the scheduler working data (weight sets) should be given further attention, for instances with large hyperperiod. Finally we would like to apply our method to time-triggered task models [10]. ...
We present a new approach to decrease task preemptions and migrations in optimal global real-time schedules on symmetric multiprocessors. Contrary to classical approaches, our method proceeds in two steps, one off-line to place jobs on intervals and one on-line to schedule them dynamically inside each interval. We propose a new linear programming formulation and a local scheduler which exhibits low complexity and produces few task preemptions and migrations. We compare our approach with other optimal scheduling algorithms, using the implicit-deadline periodic task model. Simulation results illustrate the competitiveness of our approach with respect to task preemptions and migrations.
