A Modeling Framework for Schedulability Analysis of Distributed Avionics Systems

This paper presents a modeling framework for schedulability analysis of distributed integrated modular avionics (DIMA) systems that consist of spatially distributed ARINC-653 modules connected by a unified AFDX network. We model a DIMA system as a set of stopwatch automata (SWA) in UPPAAL to analyze its schedulability by classical model checking (MC) and statistical model checking (SMC). The framework has been designed to enable three types of analysis: global SMC, global MC, and compositional MC. This allows an effective methodology including (1) quick schedulability falsification using global SMC analysis, (2) direct schedulability proofs using global MC analysis in simple cases, and (3) strict schedulability proofs using compositional MC analysis for larger state space. The framework is applied to the analysis of a concrete DIMA system.Comment: In Proceedings MARS/VPT 2018, arXiv:1803.0866

Parametric Schedulability Analysis of Fixed Priority Real-Time Distributed Systems

Parametric analysis is a powerful tool for designing modern embedded systems, because it permits to explore the space of design parameters, and to check the robustness of the system with respect to variations of some uncontrollable variable. In this paper, we address the problem of parametric schedulability analysis of distributed real-time systems scheduled by fixed priority. In particular, we propose two different approaches to parametric analysis: the first one is a novel technique based on classical schedulability analysis, whereas the second approach is based on model checking of Parametric Timed Automata (PTA). The proposed analytic method extends existing sensitivity analysis for single processors to the case of a distributed system, supporting preemptive and non-preemptive scheduling, jitters and unconstrained deadlines. Parametric Timed Automata are used to model all possible behaviours of a distributed system, and therefore it is a necessary and sufficient analysis. Both techniques have been implemented in two software tools, and they have been compared with classical holistic analysis on two meaningful test cases. The results show that the analytic method provides results similar to classical holistic analysis in a very efficient way, whereas the PTA approach is slower but covers the entire space of solutions.Comment: Submitted to ECRTS 2013 (http://ecrts.eit.uni-kl.de/ecrts13

Real-time and fault tolerance in distributed control software

Closed loop control systems typically contain multitude of spatially distributed sensors and actuators operated simultaneously. So those systems are parallel and distributed in their essence. But mapping this parallelism onto the given distributed hardware architecture, brings in some additional requirements: safe multithreading, optimal process allocation, real-time scheduling of bus and network resources. Nowadays, fault tolerance methods and fast even online reconfiguration are becoming increasingly important. All those often conflicting requirements, make design and implementation of real-time distributed control systems an extremely difficult task, that requires substantial knowledge in several areas of control and computer science. Although many design methods have been proposed so far, none of them had succeeded to cover all important aspects of the problem at hand. [1] Continuous increase of production in embedded market, makes a simple and natural design methodology for real-time systems needed more then ever

Feedback Control Goes Wireless: Guaranteed Stability over Low-power Multi-hop Networks

Closing feedback loops fast and over long distances is key to emerging applications; for example, robot motion control and swarm coordination require update intervals of tens of milliseconds. Low-power wireless technology is preferred for its low cost, small form factor, and flexibility, especially if the devices support multi-hop communication. So far, however, feedback control over wireless multi-hop networks has only been shown for update intervals on the order of seconds. This paper presents a wireless embedded system that tames imperfections impairing control performance (e.g., jitter and message loss), and a control design that exploits the essential properties of this system to provably guarantee closed-loop stability for physical processes with linear time-invariant dynamics. Using experiments on a cyber-physical testbed with 20 wireless nodes and multiple cart-pole systems, we are the first to demonstrate and evaluate feedback control and coordination over wireless multi-hop networks for update intervals of 20 to 50 milliseconds.Comment: Accepted final version to appear in: 10th ACM/IEEE International Conference on Cyber-Physical Systems (with CPS-IoT Week 2019) (ICCPS '19), April 16--18, 2019, Montreal, QC, Canad

Isolating SDN Control Traffic with Layer-2 Slicing in 6TiSCH Industrial IoT Networks

Recent standardization efforts in IEEE 802.15.4-2015 Time Scheduled Channel Hopping (TSCH) and the IETF 6TiSCH Working Group (WG), aim to provide deterministic communications and efficient allocation of resources across constrained Internet of Things (IoT) networks, particularly in Industrial IoT (IIoT) scenarios. Within 6TiSCH, Software Defined Networking (SDN) has been identified as means of providing centralized control in a number of key situations. However, implementing a centralized SDN architecture in a Low Power and Lossy Network (LLN) faces considerable challenges: not only is controller traffic subject to jitter due to unreliable links and network contention, but the overhead generated by SDN can severely affect the performance of other traffic. This paper proposes using 6TiSCH tracks, a Layer-2 slicing mechanism for creating dedicated forwarding paths across TSCH networks, in order to isolate the SDN control overhead. Not only does this prevent control traffic from affecting the performance of other data flows, but the properties of 6TiSCH tracks allows deterministic, low-latency SDN controller communication. Using our own lightweight SDN implementation for Contiki OS, we firstly demonstrate the effect of SDN control traffic on application data flows across a 6TiSCH network. We then show that by slicing the network through the allocation of dedicated resources along a SDN control path, tracks provide an effective means of mitigating the cost of SDN control overhead in IEEE 802.15.4-2015 TSCH networks