Managing temporal allocation in Integrated Modular Avionics

International audienceRecent civil airborne platforms are produced using Integrated Modular Avionics (IMA). IMA promotes both sharing of execution and communication resources by the avionics applications. Designs following IMA decrease the weight of avionics equipment and improve the whole system scalability. However, the price to pay for these benefits is an increase of the system's complexity, triggering a challenging system integration process. Central to this integration step are the timing requirements of avionics applications: the system integrator has to find a mapping of applications and communications on the available target architecture (processing modules, networks, etc.) such as end-to-end delay constraints are met. These challenges stress the need for a tool capable of evaluating different integration choices in the early design stages of IMA. In this paper, we present and formalize the problem of spatial and temporal integration of an IMA system. Then, we focus on the temporal allocation problem which is critical to ensure a proper timely behavior of the system. Two main properties are presented to ensure perfect data transmission for hard real-time flows. To quantify the quality of a set of valid temporal allocations, CPM utilization and communication robustness performance criteria are defined. We show on an example that both criteria are antagonist and that they can be leveraged to choose an allocation that either improves the system computing performance or the robustness of the network

Fault management via dynamic reconfiguration for integrated modular avionics

The purpose of this research is to investigate fault management methodologies within Integrated Modular Avionics (IMA) systems, and develop techniques by which the use of dynamic reconfiguration can be implemented to restore higher levels of systems redundancy in the event of a systems fault. A proposed concept of dynamic configuration has been implemented on a test facility that allows controlled injection of common faults to a representative IMA system. This facility allows not only the observation of the response of the system management activities to manage the fault, but also analysis of real time data across the network to ensure distributed control activities are maintained. IMS technologies have evolved as a feasible direction for the next generation of avionic systems. Although federated systems are logical to design, certify and implement, they have some inherent limitations that are not cost beneficial to the customer over long life-cycles of complex systems, and hence the fundamental modular design, i.e. common processors running modular software functions, provides a flexibility in terms of configuration, implementation and upgradability that cannot be matched by well-established federated avionic system architectures. For example, rapid advances of computing technology means that dedicated hardware can become outmoded by component obsolescence which almost inevitably makes replacements unavailable during normal life-cycles of most avionic systems. To replace the obsolete part with a newer design involves a costly re-design and re-certification of any relevant or interacting functions with this unit. As such, aircraft are often known to go through expensive mid-life updates to upgrade all avionics systems. In contrast, a higher frequency of small capability upgrades would maximise the product performance, including cost of development and procurement, in constantly changing platform deployment environments. IMA is by no means a new concept and work has been carried out globally in order to mature the capability. There are even examples where this technology has been implemented as subsystems on service aircraft. However, IMA flexible configuration properties are yet to be exploited to their full extent; it is feasible that identification of faults or failures within the system would lead to the exploitation of these properties in order to dynamically reconfigure and maintain high levels of redundancy in the event of component failure. It is also conceivable to install redundant components such that an IMS can go through a process of graceful degradation, whereby the system accommodates a number of active failures, but can still maintain appropriate levels of reliability and service. This property extends the average maintenance-free operating period, ensuring that the platform has considerably less unscheduled down time and therefore increased availability. The content of this research work involved a number of key activities in order to investigate the feasibility of the issues outlined above. The first was the creation of a representative IMA system and the development of a systems management capability that performs the required configuration controls. The second aspect was the development of hardware test rig in order to facilitate a tangible demonstration of the IMA capability. A representative IMA was created using LabVIEW Embedded Tool Suit (ETS) real time operating system for minimal PC systems. Although this required further code written to perform IMS middleware functions and does not match up to the stringent air safety requirements, it provided a suitable test bed to demonstrate systems management capabilities. The overall IMA was demonstrated with a 100kg scale Maglev vehicle as a test subject. This platform provides a challenging real-time control problem, analogous to an aircraft flight control system, requiring the calculation of parallel control loops at a high sampling rate in order to maintain magnetic suspension. Although the dynamic properties of the test rig are not as complex as a modern aircraft, it has much less stringent operating requirements and therefore substantially less risk associated with failure to provide service. The main research contributions for the PhD are: 1.A solution for the dynamic reconfiguration problem for assigning required systems functions (namely a distributed, real-time control function with redundant processing channels) to available computing resources whilst protecting the functional concurrency and time critical needs of the control actions. 2.A systems management strategy that utilises the dynamic reconfiguration properties of an IMA System to restore high levels of redundancy in the presence of failures. The conclusion summarises the level of success of the implemented system in terms of an appropriate dynamic reconfiguration to the response of a fault signal. In addition, it highlights the issues with using an IMA to as a solution to operational goals of the target hardware, in terms of design and build complexity, overhead and resources

Design of Energy-efficient Hierarchical Scheduling for Integrated Modular Avionics Systems

AbstractRecently the integrated modular avionics (IMA) architecture which introduces the concept of resource partitions becomes popular as an alternative to the traditional federated architecture. This study investigates the problem of designing hierarchical scheduling for IMA systems. The proposed scheduler model enables strong temporal partitioning, so that multiple hard real-time applications can be easily integrated into an uniprocessor platform. This paper derives the mathematic relationships among partition cycle, partition capacity and schedulability under the real-time condition, and then proposes an algorithm for optimizing partition parameters. Real-time tasks with arbitrary deadlines are considered for generality. To further improve the basic algorithm and reduce the energy consumption for embedded systems in aircraft, a power optimization approach is also proposed by exploiting the slack time. Experimental results show that the designed system can guarantee the hard real-time requirement and reduce the power consumption by at least 14%

Multi-core devices for safety-critical systems: a survey

Multi-core devices are envisioned to support the development of next-generation safety-critical systems, enabling the on-chip integration of functions of different criticality. This integration provides multiple system-level potential benefits such as cost, size, power, and weight reduction. However, safety certification becomes a challenge and several fundamental safety technical requirements must be addressed, such as temporal and spatial independence, reliability, and diagnostic coverage. This survey provides a categorization and overview at different device abstraction levels (nanoscale, component, and device) of selected key research contributions that support the compliance with these fundamental safety requirements.This work has been partially supported by the Spanish Ministry of Economy and Competitiveness under grant TIN2015-65316-P, Basque Government under grant KK-2019-00035 and the HiPEAC Network of Excellence. The Spanish Ministry of Economy and Competitiveness has also partially supported Jaume Abella under Ramon y Cajal postdoctoral fellowship (RYC-2013-14717).Peer ReviewedPostprint (author's final draft

Improving supply chain management in construction: what can be learned from the aerospace industry?

In order to provide for controllable delivery, reliable lead times and efficient customer response, lean manufacturing and platform assembly practices play an important role in supply chains in the aerospace industry. The adoption of lean manufacturing practices ensures an efficient delivery of products to the market. Benefits from the development of platform strategies are a more reliable materials supply and an improved logistics control. The aerospace industry is characterized by a small number of major global players and many small ones. A major part of the design and production has been contracted out to suppliers. In this paper the basic similarities and differences between the construction and aerospace industry and supply chains are analysed. A comparative study of aerospace and construction supply chains is presented to indicate and discuss the applicability of supply chain management concepts to construction, and the improvement potential of these concepts regarding supply chain management in construction. It is concluded that in particular the practice of platform assembly is a fruitful concept to be applied in the construction industry

GPU devices for safety-critical systems: a survey

Graphics Processing Unit (GPU) devices and their associated software programming languages and frameworks can deliver the computing performance required to facilitate the development of next-generation high-performance safety-critical systems such as autonomous driving systems. However, the integration of complex, parallel, and computationally demanding software functions with different safety-criticality levels on GPU devices with shared hardware resources contributes to several safety certification challenges. This survey categorizes and provides an overview of research contributions that address GPU devices’ random hardware failures, systematic failures, and independence of execution.This work has been partially supported by the European Research Council with Horizon 2020 (grant agreements No. 772773 and 871465), the Spanish Ministry of Science and Innovation under grant PID2019-107255GB, the HiPEAC Network of Excellence and the Basque Government under grant KK-2019-00035. The Spanish Ministry of Economy and Competitiveness has also partially supported Leonidas Kosmidis with a Juan de la Cierva Incorporación postdoctoral fellowship (FJCI-2020- 045931-I).Peer ReviewedPostprint (author's final draft

Avionics standards, software and IMA

International audienceThe paper covers the definition of Integrated Modular Avionics (IMA), the associated avionics standards and the impact on the Avionics Software. ARINC and RTCA/EUROCAE committees, in which all Avionic stakeholders are involved, developed these standards. 2005 is a key year for standardization: ARINC653 part1 supplement2 and part3 are ready for publishing, RTCA-SC200 / EUROCAE-WG60 is under ballot. The concepts of IMA, the new architecture in Avionics, were defined in the late Eighties and published for the first time in the ARINC651 standard in 1991. The IMA concepts were firstly applied on Boeing 777, extended and used on Airbus A380 and now selected for the future Boeing 787. These concepts divide the avionic embedded domain into Platform (Hardware+Core Software) and Applications instead of Hardware and Software. Several applications of different criticality levels could reside on the same platform. The consequences were the development of new standards and guidelines for supporting these concepts, e.g.:-ARINC653 defines the API and the behavior of the Core Software services.-DO-255/ED-96 contains the description of an Avionic Computing Resource (a platform separated from its hosted applications).-DO-248B/ED-94B clarifies DO-178B/ED-12B and defines concepts like robust partitioning.-SC200/WG60 (future ED-124) contains the IMA Development Guidance and Certification.-SC205/WG71 has started. It reviews and extends DO-178B/ED-12B and DO-248B/ED-94B in regard of new technologies The paper describes the objectives and the results of these standardization committees. It focuses on ARINC653 and ED-124 standards and presents shortly the associated standards

The CONCERTO methodology for model-based development of avionics SW

20th International Conference on Reliable Software Technologies - Ada-Europe 2015 (Ada-Europe 2015), 22 to 26, Jun, 2015, Madrid, Spain.The development of high-integrity real-time systems, including their certification, is a demanding endeavour in terms of time, skills and effort involved. This is particularly true in application domains such as the avionics, where composable design is to be had to allow subdividing monolithic systems into components of smaller complexity, to be outsourced to developers subcontracted down the supply chain. Moreover, the increasing demand for computational power and the consequent interest in multicore HW architectures complicates system deployment. For these reasons, appropriate methodologies and tools need to be devised to help the industrial stakeholders master the overall system design complexity, while keeping manufacturing costs affordable. In this paper we present some elements of the CONCERTO platform, a toolset to support the end-to-end system development process from system modelling to analysis and validation, prior to code generation and deployment. The approach taken by CONCERTO is demonstrated for an illustrative avionics setup, however it is general enough to be applied to a number of industrial domains including the space, telecom and automotive. We finally reason about the benefits to an industrial user by comparing to similar initiatives in the research landscape

On the analysis of the timing behaviour of time randomised caches

Time Randomised caches (TRc), which can be implemented at hardware level or with software means on conventional deterministic cache designs, have been proposed for real-time systems as key enablers for Probabilistic Timing Analysis (PTA) and in particular its measurement-based variant: Measurement-Based Probabilistic Timing Analysis (MBPTA). A key parameter of MBPTA is the number of runs required to ensure representativity of the execution time measurements taken at analysis time with respect to execution times that can occur during system deployment, so that MBPTA can trustworthily be applied. In this thesis, we propose several methods to determine whether the number of observations taken at analysis, as part of the normal MBPTA application process, capture the cache events significantly impacting execution time and Worst-Case Execution Time (WCET). If this is not the case, our techniques provide the user with the number of extra runs required so that cache events are captured ensuring trustworthiness on MBPTA provided WCET estimates. Our techniques have been evaluated using a set of synthetic benchmarks and a real avionics application