Formal Scheduling Constraints for Time-Sensitive Networks

In recent years, the IEEE 802.1 Time Sensitive Networking (TSN) task group has been active standardizing time-sensitive capabilities for Ethernet networks ranging from distributed clock synchronization and time-based ingress policing to frame preemption, redundancy management, and scheduled traffic enhancements. In particular the scheduled traffic enhancements defined in IEEE 802.1Qbv together with the clock synchronization protocol open up the possibility to schedule communication in distributed networks providing real-time guarantees. In this paper we formalize the necessary constraints for creating window-based IEEE~802.1Qbv Gate Control List schedules for Time-sensitive Networks (TSN). The resulting schedules allow a greater flexibility in terms of timing properties while still guaranteeing deterministic communication with bounded jitter and end-to-end latency

Proving Determinacy of the PharOS Real-Time Operating System

International audienceExecutions in the PharOS real-time system are deterministic in the sense that the sequence of local states for every process is independent of the order in which processes are scheduled. The essential ingredient for achieving this property is that a temporal window of execution is associated with every instruction. Messages become visible to receiving processes only after the time window of the sending message has elapsed. We present a high-level model of PharOS in TLA+ and formally state and prove determinacy using the TLA+ Proof System

A Time-Triggered Constraint-Based Calculus for Avionic Systems

The Integrated Modular Avionics (IMA) architec- ture and the Time-Triggered Ethernet (TTEthernet) network have emerged as the key components of a typical architecture model for recent civil aircrafts. We propose a real-time constraint-based calculus targeted at the analysis of such concepts of avionic embedded systems. We show our framework at work on the modelisation of both the (IMA) architecture and the TTEthernet network, illustrating their behavior by the well-known Flight Management System (FMS)

Dependability assessment of by-wire control systems using fault injection

This paper is focused on the validation by means of physical fault injection at pin-level of a time-triggered communication controller: the TTP/C versions C1 and C2. The controller is a commercial off-the-shelf product used in the design of by-wire systems. Drive-by-wire and fly-by-wire active safety controls aim to prevent accidents. They are considered to be of critical importance because a serious situation may directly affect user safety. Therefore, dependability assessment is vital in their design. This work was funded by the European project `Fault Injection for TTA¿ and it is divided into two parts. In the first part, there is a verification of the dependability specifications of the TTP communication protocol, based on TTA, in the presence of faults directly induced in communication lines. The second part contains a validation and improvement proposal for the architecture in case of data errors. Such errors are due to faults that occurred during writing (or reading) actions on memory or during data storage.Blanc Clavero, S.; Bonastre Pina, AM.; Gil, P. (2009). Dependability assessment of by-wire control systems using fault injection. Journal of Systems Architecture. 55(2):102-113. doi:10.1016/j.sysarc.2008.09.003S10211355

Full duplex switched ethernet for next generation "1553B" -based applications

Over the last thirty years, the MIL-STD 1553B data bus has been used in many embedded systems, like aircrafts, ships, missiles and satellites. However, the increasing number and complexity of interconnected subsystems lead to emerging needs for more communication bandwidth. Therefore, a new interconnection system is needed to overcome the limitations of the MIL-STD 1553B data bus. Among several high speed networks, Full Duplex Switched Ethernet is put forward here as an attractive candidate to replace the MIL-STD 1553B data bus. However, the key argument against Switched Ethernet lies in its non-deterministic behavior that makes it inadequate to deliver hard timeconstrained communications. Hence, our primary objective in this paper is to achieve an accepted QoS level offered by Switched Ethernet, to support diverse "1553B"-based applications requirements. We evaluate the performance of traffic shaping techniques on Full Duplex Switched Ethernet with an adequate choice of service strategy in the switch, to guarantee the real-time constraints required by these specific 1553B-based applications. An analytic study is conducted, using the Network Calculus formalism, to evaluate the deterministic guarantees offered by our approach. Theoretical analysis are then investigated in the case of a realistic "1553B"-based application extracted from a real military aircraft network. The results herein show the ability of profiled Full Duplex Switched Ethernet to satisfy 1553B-like real-time constraints

Communication Paradigms for High-Integrity Distributed Systems with Hard Real-Time Requirements

The development and maintenance of high-integrity software is very expensive, and a specialized development process is required due to its distinctive characteristics. Namely, safety-critical systems usually execute over a distributed embedded platform with few hardware resources which must provide real-time communication and fault-tolerance. This work discusses the adequate communication paradigms for high-integrity distributed applications with hard real-time requirements, and proposes a restricted middleware based on the current schedulability theory which can be certified and capable to obtain the required predictability and timeliness of this kind of systems