building partitioned architectures building partitioned
play

Building Partitioned Architectures Building Partitioned - PowerPoint PPT Presentation

Building Partitioned Architectures Building Partitioned Architectures based on the based on the Ravenscar Profile Profile Ravenscar Brian Dobbing Brian Dobbing Chief Technical Consultant Chief Technical Consultant Aonix Europe Limited, UK


  1. Building Partitioned Architectures Building Partitioned Architectures based on the based on the Ravenscar Profile Profile Ravenscar Brian Dobbing Brian Dobbing Chief Technical Consultant Chief Technical Consultant Aonix Europe Limited, UK Europe Limited, UK Aonix brian@ @uk uk. .aonix aonix.com .com brian SIGAda 2000 Laurel, November 2000 2000 Laurel, November 2000 SIGAda

  2. Agenda Agenda Agenda ■ Software Partitioning Software Partitioning ■ Software Partitioning ■ � What is it? What is it? � What is it? � � Why is it needed for high integrity systems? Why is it needed for high integrity systems? � Why is it needed for high integrity systems? � ■ Ravenscar Ravenscar Profile Profile ■ Ravenscar Profile ■ � What is it? What is it? � What is it? � � Why is it suited for high integrity systems? Why is it suited for high integrity systems? � Why is it suited for high integrity systems? � ■ Can we use the Can we use the Ravenscar Ravenscar Profile to Profile to ■ Can we use the Ravenscar Profile to ■ implement a Partitioned System? implement a Partitioned System? implement a Partitioned System? � Example using the ARINC 653 Example using the ARINC 653 � Example using the ARINC 653 � Application Executive standard Application Executive standard Application Executive standard 2

  3. Software Partition Partitioning ing Software Software Partitioning ■ Requirements to maximize processor usage Requirements to maximize processor usage ■ Requirements to maximize processor usage ■ l But must ensure But must ensure protection protection to to preserve integrity preserve integrity l But must ensure protection to preserve integrity l ■ Within Safety Critical / High Integrity Within Safety Critical / High Integrity ■ Within Safety Critical / High Integrity ■ l Spatial firewall to control access to code / data Spatial firewall to control access to code / data l Spatial firewall to control access to code / data l ■ Within Hard Real Time Systems Within Hard Real Time Systems ■ Within Hard Real Time Systems ■ l Temporal firewall to guarantee time deadlines Temporal firewall to guarantee time deadlines l Temporal firewall to guarantee time deadlines l ■ Requirements for High Availability Requirements for High Availability ■ Requirements for High Availability ■ l Replication to protect against faults Replication to protect against faults l Replication to protect against faults l l Dynamic re Dynamic re- -configuration on node failure configuration on node failure l Dynamic re-configuration on node failure l 3

  4. Partitioning - - single processor single processor Partitioning Partitioning - single processor Firewalls High Low Non-Critical Criticality Criticality Controlled Communication Kernel I/O devices Physical memory access 4

  5. Partitioning - - distributed distributed Partitioning Partitioning - distributed Hardware Nodes Firewall High Low Non-Critical Criticality Criticality Kernel Kernel I/O ports 5

  6. Partitioning – – high availability high availability Partitioning Partitioning – high availability Hardware Nodes Firewall High Hot Non- Criticality Standby Critical Replicated Communication Kernel Kernel Remote Communication 6

  7. Partitioning System Example Partitioning System Example Partitioning System Example ■ ARINC 653 Application Executive ARINC 653 Application Executive ■ ARINC 653 Application Executive ■ l Partitioning for Integrated Modular Avionics Partitioning for Integrated Modular Avionics l Partitioning for Integrated Modular Avionics l l Kernel is the “Module Operating System” Kernel is the “Module Operating System” l Kernel is the “Module Operating System” l t Controls the Module (usually the board) Controls the Module (usually the board) t Controls the Module (usually the board) t t Schedules the Application Partitions Schedules the Application Partitions t Schedules the Application Partitions t l Partition local control is via the Partition local control is via the l Partition local control is via the l “Partition Operating System” “Partition Operating System” “Partition Operating System” t Controls its Application Controls its Application t Controls its Application t t Schedules the Application Threads Schedules the Application Threads t Schedules the Application Threads t 7

  8. The Kernel in APEX The Kernel in APEX The Kernel in APEX ■ The Kernel The Kernel (Module Operating System) (Module Operating System): : ■ The Kernel (Module Operating System): ■ l Is Is H Highly ighly T Trusted rusted Software Software l Is Highly Trusted Software l l Direct Directly ly c control ontrols s the Hardware the Hardware (Supervisor mode) (Supervisor mode) l Directly controls the Hardware (Supervisor mode) l l Manages the Spatial Firewalls using the MMU Manages the Spatial Firewalls using the MMU l Manages the Spatial Firewalls using the MMU l l Manages the Temporal Firewalls using Manages the Temporal Firewalls using l Manages the Temporal Firewalls using l Fixed- -Time Time- -Slice Slice Round Round- -Robin Scheduling Robin Scheduling Fixed Fixed-Time-Slice Round-Robin Scheduling l Controls Communication with other kernels via Controls Communication with other kernels via l Controls Communication with other kernels via l I/O ports I/O ports I/O ports l Controls Detection of Faults, e.g. traps, and Controls Detection of Faults, e.g. traps, and t timeouts imeouts l Controls Detection of Faults, e.g. traps, and timeouts l l Supports Supports Application Application Partitions Partitions written written in any in any l Supports Application Partitions written in any l language anguage via Standard API via Standard API l language via Standard API 8

  9. The Partition Partition in APEX in APEX The The Partition in APEX ■ The The Application Application Partition : Partition : ■ The Application Partition : ■ l Can Can use Internal Threads or be Sequential use Internal Threads or be Sequential l Can use Internal Threads or be Sequential l l Can be written in any Language using standard API Can be written in any Language using standard API l Can be written in any Language using standard API l l Contains Code / Data Contains Code / Data all at all at one one Criticality Level Criticality Level l Contains Code / Data all at one Criticality Level l l Usually Executes in User Mode Usually Executes in User Mode l Usually Executes in User Mode l l Executes within its own Address Space Executes within its own Address Space l Executes within its own Address Space l l Executes within its Fixed Time Executes within its Fixed Time- -Slice Slice l Executes within its Fixed Time-Slice l ■ The Partition The Partition Operating System Operating System: : ■ The Partition Operating System: ■ l Schedules its Internal Threads Schedules its Internal Threads l Schedules its Internal Threads l l Implements Implements Internal Thread Internal Thread Services Services l Implements Internal Thread Services l l Interfaces to the Kernel for Inter Interfaces to the Kernel for Inter- -Partition Services Partition Services l Interfaces to the Kernel for Inter-Partition Services l 9

  10. Example Module? � Example Module? Example Module? � � Ada Java VM T Flight In-flight H Control entertain- I System ment C POS for Ada POS for K Ada Java RTS APEX Kernel (Module OS) Ada RTS H/W 10

  11. Critical Code in Ada95 Critical Code in Ada95 Critical Code in Ada95 ■ Ravenscar Ravenscar Profile Profile – – Ada Ada tasking subset for… tasking subset for… ■ Ravenscar Profile – Ada tasking subset for… ■ Safety- -Critical systems Critical systems Safety Safety-Critical systems l l l t Suitable for the most rigorous certification requirements Suitable for the most rigorous certification requirements t Suitable for the most rigorous certification requirements t High Integrity systems (lower criticality than S- -C) C) High Integrity systems (lower criticality than S High Integrity systems (lower criticality than S-C) l l l t Support functional static analysis and verification Support functional static analysis and verification t Support functional static analysis and verification t Hard Real Time systems Hard Real Time systems Hard Real Time systems l l l t Support temporal static analysis Support temporal static analysis t Support temporal static analysis t t Bounded Worst Case Bounded Worst Case e execution xecution t times imes and interrupt latency and interrupt latency t Bounded Worst Case execution times and interrupt latency t Constrained embedded systems Constrained embedded systems Constrained embedded systems l l l t Very small runtime footprint, very fast execution times Very small runtime footprint, very fast execution times t Very small runtime footprint, very fast execution times t 11

Recommend


More recommend