institut fÜr datentechnik und kommunikations- netze 1 steffen stein, tu braunschweig, 2009 a...

Steffen Stein, TU Braunschweig, 2009INSTITUT FÜR DATENTECHNIK UND KOMMUNIKATIONS-NETZE

1

A Timing-Aware Update Mechanism for Networked Real-Time Systems

Steffen Stein, Moritz Neukirchner,

Harald Schrom, Rolf Ernst


2

Outline

• Motivation, Problem Statement

• Approach

• Challenges

• Framework Architecture, Update Protocol

• Demonstrator description

• Demonstration

• Conclusion


3

Motivation

• Embedded Systems are Software-Intense

• Many variants in e.g. automotive systems

• In-Field Updates are becoming common

• How do we ensure correctness?

• Lab Testing for all variants

– Becomes infeasible with number of variants

– Each update potentially adds a variant

• Our proposition

– Trustable update procedure

– Ensure correctness of individuum


4

RTE

Platform

CPU

contracting interface

application 1 application n

request assert contract

contracting interface

request assert contract

CPU

Paradigm: Contracting

• Separation of Platform and Application

– Applications request resources and assert meeting of contraints

– Platform guarantees performance

– Contracts

• Application can be accepted if sufficient platform resources exist

• Runtime Environment as broker

• Here: Focus on Performance Aspects


5

General Idea of Update Flow

Heterogeneous Networked Embedded System

Model-Based Feasibility Check engine

Contractinterface

ContractRepository

WatchdogsApplications

Annotations• WCET• Comm. Partners• Constraints• …

…arg = arg; err = CANOS_Init(); if (err != CANOS_NO_ERR) { CanBusFreeLst = NULL; CanBusUsedLst = NULL;result = err;…

Software Update

Monitoring

Adaptation


6

Challenges in Distributed Performance Analysis

• Distributed Algorithm for Performance Analysis [Isola2006]

– Exchange Event Stream Data

– Local Analysis as soon as new data is available

• Compare distributed and centralized Algorithm

– Convergence Properties (submitted to EMSOFT)

– Quality of results • does one of the algorithms yield tighter bounds?

• Consider runtime of Distributed Performance Analysis

– Busy-Window Analysis as key component

– Global iteration

• Convergence Detection


7

Challenges in Update Management

• Develop an Architecture to cope with Updates

– Strict Separation of Model and Execution Domain

– Communication over Contract Repository

• Description of Software (Contracts)

– Contents

– Representation

• Development of Update Protocol

– Interaction between Architecture Components

• Synchronization

– Exploit task graph information

– Barrier Synchronization


8

Outline


• Approach

• Challenges



• Demonstration

• Conclusion


9

General Architecture

UpdateController

Task Management

Model Management

Contract Repository

Model domain Execution domain

Application code & model

model

code

contract contract

contract

Contract interface


10

Model Domain

UpdateController

Contract Repository

Model domain

model

contract

contract

Contract interface

Model Optimization

Model Analysis

model

model

metricsmetrics

Contract Negotiation


11

Update Protocol

3. Model

Contract Enforcement

1. Annos2. Test Annos

8. OK

6. Evaluation

9. Code

12. Configuration

13. Done

Analysis Framework

Contract Negotiation

Update Controller

Contract Repository Tasks

5. Analysis

11. Parameters

4. Application wide synchronisation




12

Outline


• Approach

• Challenges



• Demonstration

• Conclusion


13

RTE Implementation Work

• Plain C

• Based on RT-Kernel uC/OS-II

• Flexible Communication Infrastructure

– Supports task migration

– API inspired by AUTOSAR

• Task and Contract Management as outlined before

– Contract Management

– Task Migration

• Distributed Analysis Engine

– Basic concepts (SPP Analysis, PJD Models)


14

Physical Demonstrator Setup

Stepper motors

Angle sensor

Track w/ photosensors

IR illumination


15

Demonstrator Application Setup

• Insertion of second Application breaks timing constraints of first

• Framework detects this

• Second Application is denied

Left Controller

D1CSensorCCommCCtrl.

T1 T2 T3

Right ControllerCAN-Bus

Analysis Core 1 Analysis Core 2


16

Demo

• Working Demo – see Demonstrator


17

Performance Data

• Update verification, acceptance and integration in fractions of a second

• Most of the time spent for CAN communication (~ 90%)

• Memory footprint of the RTE (unoptimized)

– 30kB für uC/OS

– 30kB Analysis Engine

– 170kB Contracting and Runtime Framework

– 100kB Data (scalable)

– Stacks not considered


18

Conclusion

• Distributed Performance Analysis

• Contracting Framework

• Task migration

• Integrated in a runtime Framework

• Enables performance-safe updates

• Ongoing work

– Online Optimization

– Distributed Performance Analysis

– Online Monitoring

institut fÜr datentechnik und kommunikations- netze 1 steffen stein, tu braunschweig, 2009 a...

Documents

tu braunschweig

model contract enforcement

update management

performance aspects

pjd models folie

rolf ernst folie

application applications

timingaware update mechanism