Flexible Scheduling in Middleware for Distributed rate-based real-time applications - Doctoral Dissertation, May 2002

Distributed rate-based real-time systems, such as process control and avionics mission computing systems, have traditionally been scheduled statically. Static scheduling provides assurance of schedulability prior to run-time overhead. However, static scheduling is brittle in the face of unanticipated overload, and treats invocation-to-invocation variations in resource requirements inflexibly. As a consequence, processing resources are often under-utilized in the average case, and the resulting systems are hard to adapt to meet new real-time processing requirements. Dynamic scheduling offers relief from the limitations of static scheduling. However, dynamic scheduling offers relief from the limitations of static scheduling. However, dynamic scheduling often has a high run-time cost because certain decisions are enforced on-line. Furthermore, under conditions of overload tasks can be scheduled dynamically that may never be dispatched, or that upon dispatch would miss their deadlines. We review the implications of these factors on rate-based distributed systems, and posits the necessity to combine static and dynamic approaches to exploit the strengths and compensate for the weakness of either approach in isolation. We present a general hybrid approach to real-time scheduling and dispatching in middleware, that can employ both static and dynamic components. This approach provides (1) feasibility assurance for the most critical tasks, (2) the ability to extend this assurance incrementally to operations in successively lower criticality equivalence classes, (3) the ability to trade off bounds on feasible utilization and dispatching over-head in cases where, for example, execution jitter is a factor or rates are not harmonically related, and (4) overall flexibility to make more optimal use of scarce computing resources and to enforce a wider range of application-specified execution requirements. This approach also meets additional constraints of an increasingly important class of rate-based systems, those with requirements for robust management of real-time performance in the face of rapidly and widely changing operating conditions. To support these requirements, we present a middleware framework that implements the hybrid scheduling and dispatching approach described above, and also provides support for (1) adaptive re-scheduling of operations at run-time and (2) reflective alternation among several scheduling strategies to improve real-time performance in the face of changing operating conditions. Adaptive re-scheduling must be performed whenever operating conditions exceed the ability of the scheduling and dispatching infrastructure to meet the critical real-time requirements of the system under the currently specified rates and execution times of operations. Adaptive re-scheduling relies on the ability to change the rates of execution of at least some operations, and may occur under the control of a higher-level middleware resource manager. Different rates of execution may be specified under different operating conditions, and the number of such possible combinations may be arbitrarily large. Furthermore, adaptive rescheduling may in turn require notification of rate-sensitive application components. It is therefore desirable to handle variations in operating conditions entirely within the scheduling and dispatching infrastructure when possible. A rate-based distributed real-time application, or a higher-level resource manager, could thus fall back on adaptive re-scheduling only when it cannot achieve acceptable real-time performance through self-adaptation. Reflective alternation among scheduling heuristics offers a way to tune real-time performance internally, and we offer foundational support for this approach. In particular, run-time observable information such as that provided by our metrics-feedback framework makes it possible to detect that a given current scheduling heuristic is underperforming the level of service another could provide. Furthermore we present empirical results for our framework in a realistic avionics mission computing environment. This forms the basis for guided adaption. This dissertation makes five contributions in support of flexible and adaptive scheduling and dispatching in middleware. First, we provide a middle scheduling framework that supports arbitrary and fine-grained composition of static/dynamic scheduling, to assure critical timeliness constraints while improving noncritical performance under a range of conditions. Second, we provide a flexible dispatching infrastructure framework composed of fine-grained primitives, and describe how appropriate configurations can be generated automatically based on the output of the scheduling framework. Third, we describe algorithms to reduce the overhead and duration of adaptive rescheduling, based on sorting for rate selection and priority assignment. Fourth, we provide timely and efficient performance information through an optimized metrics-feedback framework, to support higher-level reflection and adaptation decisions. Fifth, we present the results of empirical studies to quantify and evaluate the performance of alternative canonical scheduling heuristics, across a range of load and load jitter conditions. These studies were conducted within an avionics mission computing applications framework running on realistic middleware and embedded hardware. The results obtained from these studies (1) demonstrate the potential benefits of reflective alternation among distinct scheduling heuristics at run-time, and (2) suggest performance factors of interest for future work on adaptive control policies and mechanisms using this framework

RICIS Software Engineering 90 Symposium: Aerospace Applications and Research Directions Proceedings Appendices

Papers presented at RICIS Software Engineering Symposium are compiled. The following subject areas are covered: flight critical software; management of real-time Ada; software reuse; megaprogramming software; Ada net; POSIX and Ada integration in the Space Station Freedom Program; and assessment of formal methods for trustworthy computer systems

Tradespace and Affordability – Phase 2

MOTIVATION AND CONTEXT: One of the key elements of the SERC’s research strategy is transforming the practice of systems engineering – “SE Transformation.” The Grand Challenge goal for SE Transformation is to transform the DoD community’s current systems engineering and management methods, processes, and tools (MPTs) and practices away from sequential, single stovepipe system, hardware-first, outside-in, document-driven, point-solution, acquisition-oriented approaches; and toward concurrent, portfolio and enterprise-oriented, hardware-software-human engineered, balanced outside-in and inside-out, model-driven, set-based, full life cycle approaches.This material is based upon work supported, in whole or in part, by the U.S. Department of Defense through the Office of the Assistant Secretary of Defense for Research and Engineering (ASD(R&E)) under Contract H98230-08- D-0171 (Task Order 0031, RT 046).This material is based upon work supported, in whole or in part, by the U.S. Department of Defense through the Office of the Assistant Secretary of Defense for Research and Engineering (ASD(R&E)) under Contract H98230-08- D-0171 (Task Order 0031, RT 046)

The Integration of Explanation-Based Learning and Fuzzy Control in the Context of Software Assurance as Applied to Modular Avionics

A Modular Power Management System (MPMS) is an energy management system intended for highly modular applications, able to adapt to changing hardware intelligently. There is a dearth in the literature on Integrated Modular Avionics (IMA), which has previously not addressed the implications for software operating within this architecture. Namely, the adaptation of control laws to changing hardware. This work proposes some approaches to address this issue. Control laws may require adaptation to overcome hardware degradation, or system upgrades. There is also a growing interest in the ability to change hardware configurations of UASs (Unmanned Aerial Systems) between missions, to better fit the characteristics of each one. Hardware changes in the aviation industry come with an additional caveat: in order for a software system to be used in aviation it must be certified as part of a platform. This certification process has no clear guidelines for adaptive systems. Adapting to a changing platform, as well as addressing the necessary certification effort, motivated the development of the MPMS. The aim of the work is twofold. Firstly, to modify existing control strategies for new hardware. This is achieved with generalisation and transfer earning. Secondly, to reduce the workload involved with maintaining a safety argument for an adaptive controller. Three areas of work are used to demonstrate the satisfaction of this aim. Explanation-Based Learning (EBL) is proposed for the derivation of new control laws. The EBL domain theory embodies general control strategies, which are specialised to form fuzzy rules. A method for translating explanation structures into fuzzy rules is presented. The generation of specific rules, from a general control strategy, is one way to adapt to controlling a modular platform. A fuzzy controller executes the rules derived by EBL. This maintains fast rule execution as well as the separation of strategy and application. The ability of EBL to generate rules which are useful when executed by a fuzzy controller is demonstrated by an experiment. A domain theory is given to control throttle output, which is used to generate fuzzy rules. These rules have a positive impact on energy consumption in simulated flight. EBL is proposed, for rule derivation, because it focuses on generalisation. Generalisations can apply knowledge from one situation, or hardware, to another. This can be preferable to re-derivation of similar control laws. Furthermore, EBL can be augmented to include analogical reasoning when reaching an impasse. An algorithm which integrates analogy into EBL has been developed as part of this work. The inclusion of analogical reasoning facilitates transfer learning, which furthers the flexibility of the MPMS in adapting to new hardware. The adaptive capability of the MPMS is demonstrated by application to multiple simulated platforms. EBL produces explanation structures. Augmenting these explanation structures with a safetyspecific domain theory can produce skeletal safety cases. A technique to achieve this has been developed. Example structures are generated for previously derived fuzzy rules. Generating safety cases from explanation structures can form the basis for an adaptive safety argument

A Model-Based System Engineering Approach to Support System Architecting Activities in Early Aircraft Design

The aviation industry aims to reduce its environmental footprint and meet ambitious environmental targets, prompting the exploration of novel aircraft concepts and systems, such as hybrid-electric or distributed propulsion. These emerging technologies introduce complexity to aircraft system architectures, requiring innovative approaches to design, optimization, and safety assessment, particularly for system architecting. Several aspects of system architecting specification and evaluation are typically performed separately, using different people and a mix of manual and model-based processes. Connecting these activities has the potential to make the design process more efficient and effective. This thesis explores how a Model-Based Systems Engineering (MBSE) specification environment can be structured and enriched to enable a better bridge to Multidisciplinary Design Analysis and Optimization (MDAO) and Model-Based Safety Assessment (MBSA) activities. The proposed MBSE approach focuses on enhancing system specifications, particularly for unconventional system architectures, which typically feature greater variability in early design stages. Using the ARCADIA/Capella MBSE environment, a multi-level approach is proposed to structure the system architecture specification and the Property Value Management Tool (PVMT) add-on is used to facilitate the bridge to other system architecting activities. In addition, a catalogue of modeling artifacts is established to facilitate the development of various hybrid-electric system configurations. The MDAO link mechanism is demonstrated with an example from the collaborative AGILE4.0 project. Two test cases demonstrate the implementation of the approach: a hybrid-electric propulsion system and associated sub-systems for the overall approach and the landing gear braking system for the model-based Functional Hazard Analysis (FHA), as an example of an MBSA activity. Overall, this thesis helps improve the integration and collaboration between engineers working on MBSE, MDAO, and MBSA. This better integration will help to reduce the development time and risk. Therefore, the presented thesis contributes to a more efficient aircraft development process, enabling the industry to tackle the emerging needs of unconventional aircraft systems and their integration

A quality of service based framework for dynamic, dependable systems

There is currently much UK government and industry interest towards the integration of complex computer-based systems, including those in the military domain. These systems can include both mission critical and safety critical applications, and therefore require the dependable communication of data. Current modular military systems requiring such performance guarantees are mostly based on parameters and system states fixed during design time, thus allowing a predictable estimate of performance. These systems can exhibit a limited degree of reconfiguration, but this is typically within the constraints of a predefined set of configurations. The ability to reconfigure systems more dynamically, could lead to further increased flexibility and adaptability, resulting in the better use of existing assets. Current software architecture models that are capable of providing this flexibility, however, tend to lack support for dependable performance. This thesis explores the benefits for the dependability of future dynamic systems, built on a publish/subscribe model, from using Quality of Service (QoS) methods to map application level data communication requirements to available network resources. Through this, original contributions to knowledge are created, including; the proposal of a QoS framework that specifies a way of defining flexible levels of QoS characteristics and their use in the negotiation of network resources, a simulation based evaluation of the QoS framework and specifically the choice of negotiation algorithm used, and a test-bed based feasibility study. Simulation experimentation conducted comparing different methods of QoS negotiation gives a clear indication that the use of the proposed QoS framework and flexible negotiation algorithm can provide a benefit in terms of system utility, resource utilisation, and system stability. The choice of negotiation algorithm has a particularly strong impact on these system properties. The cost of these benefits comes in terms of the processing power and execution time required to reach a decision on the acceptance of a subscriber. It is suggested, given this cost, that when computational resources are limited, a simpler priority based negotiation algorithm should be used. Where system resources are more abundant, however, the flexible negotiation algorithm proposed within the QoS framework can offer further benefits. Through the implementation of the QoS framework within an existing military avionics software architecture based emulator on a test-bed, both the technical challenges that will need to be overcome and, more importantly, the potential viability for the inclusion of the QoS framework have been demonstrated

Toward a technology roadmapping methodology to enhance sustainable and digital transition in manufacturing

This paper addresses the problem of integrating sustainability and business issues in manufacturing through the implementation of Industry 4.0 and process management. The objective of this work is to propose a novel methodology to guide companies in benefitting the so-called Twin Transition (digital and sustainable) drivers at the operation level for reaching business and strategic objectives. The proposed methodology results in a unique tool to address both strategic and business objectives and sustainability through practical managerial actions and technological implementations. The road-mapping methodology is divided into five phases that, starting from the definition of corporate objective and strategy, provide a comprehensive, multi-dimensional, cross-functional plan of Industry 4.0 technology implementation and related changes in terms of processes and Information & Communication Technologies (ICT) architectures. The methodology is presented through an appli-cation case performed on an Aerospace company site devoted to the assembly, integration, and test of satellites

Advanced information processing system: The Army fault tolerant architecture conceptual study. Volume 1: Army fault tolerant architecture overview

Digital computing systems needed for Army programs such as the Computer-Aided Low Altitude Helicopter Flight Program and the Armored Systems Modernization (ASM) vehicles may be characterized by high computational throughput and input/output bandwidth, hard real-time response, high reliability and availability, and maintainability, testability, and producibility requirements. In addition, such a system should be affordable to produce, procure, maintain, and upgrade. To address these needs, the Army Fault Tolerant Architecture (AFTA) is being designed and constructed under a three-year program comprised of a conceptual study, detailed design and fabrication, and demonstration and validation phases. Described here are the results of the conceptual study phase of the AFTA development. Given here is an introduction to the AFTA program, its objectives, and key elements of its technical approach. A format is designed for representing mission requirements in a manner suitable for first order AFTA sizing and analysis, followed by a discussion of the current state of mission requirements acquisition for the targeted Army missions. An overview is given of AFTA's architectural theory of operation