Modeling and Schedulability Analysis of Hard Real-Time Distributed Systems based on Ada Components * J.L. Medina, J.J. Gutiérrez, J.M. Drake, and M.González Harbour {medinajl,gutierjj,drakej,mgh}@unican.es MAST University of Cantabria Santander (Spain) [*] Funded by CICYT (TIC99-1043-C03-03 and 1FD 1997-1799)
Objectives Real-time modeling and analysis of applications written • in Ada 95 and using Annexes D and E. Goals of this methodology: • � Based on independent models of the Platform, the Application software components, and the Real-time situations. � The semantics of the modeling components include fine details of the Ada structures. � Reusable models of the logical Ada components. � Automatic modeling of local and remote access to distributed services. � Formulated with UML: may be supported by any standard CASE tool. Vienna, June-2002 Ada-Europe 2002 2
Modeling and analysis and process Stereotypes Semantics MAST Compiler Model Logical UML MAST Model Symbol Table Analysis Tools UML RT View MAST Analysis Updater Results Vienna, June-2002 Ada-Europe 2002 3
Analysis and design tools Available tools: • � Holistic analysis � Offset-based analysis � Varying priorities analysis � Multi-processor priority assignment � Linear HOPA � Linear simulated annealing priority assignment Tools under development: • � Multiple event analysis � Multiple event priority assignment � Mono-processor and distributed simulation Vienna, June-2002 Ada-Europe 2002 4
Sections of real-time models Real-Time Model Real-Time Situation Real-Time Situation (Concurrent transactions, Workload, Timing-Requirements) Platform Model Logical Component Model (Processors, networks, timers, (Operations, shared protected operating systems, threads, resources, remote operations, ...) drivers, ...) Vienna, June-2002 Ada-Europe 2002 5
Platform model Processing_Resource Scheduling_Server 1..n 1 dispatcher 1 Scheduling_Policy 1 Processor Network Driver n 1 0..n Fixed_Priority_Processor Fixed_Priority_Network 0..n n 1 Ada_Node Ada_Channel RT_Ada_Node 1 0..n Vienna, June-2002 Ada-Europe 2002 6
Classes for modeling the logical Ada structures Operation 0..n 0..n Local_Operation Component Main 0..n 0..n Entry Task Parameter 0..n Guarded Protected 0..n Remote_Operation Remote_Call_Interface Vienna, June-2002 Ada-Europe 2002 7
Classes for modeling procedures and functions Operation 0..n Parameter Entry Local_Operation Remote_Operation Guarded APC_Operation Composite RPC_Operation Simple InMarshalling 1 InUnmarshalling Composite_Model OutMarshalling 1 OutUnmarshalling GuardEvaluation Concurrent_Model Vienna, June-2002 Ada-Europe 2002 8
Classes for modeling the real-time situations Real_Time_Situation 1..n Transaction 1 results Transaction_Results 1 trigger_event finalized 0..1 Processor Timing_Requirement External_Event_Source host 1 0..n defined 1 results Timing_Req_Results assigned 1..n instanciated transaction_activity 1 1..n 1..n Component_Instance Operation used Vienna, June-2002 Ada-Europe 2002 9
Suitability for modeling Ada structures Modeling the structures: • � The models of the Ada components (packages, tagged types, tasks, protected objects, etc.) are reusable and application-independent. � The model preserves the same structure (dependency, visibility, naming conventions, scope) of the Ada application. The model includes the timing behavior details of: • � Synchronization primitives (protected object access, task redezvous, interrupt service, etc.) � Ada tasks. � APCs and RPCs. Vienna, June-2002 Ada-Europe 2002 10
Ada constructs: model of a synchronization artifact. protected body Synchro is protected Synchro is procedure Fire is pragma Locking_Pol icy(Ceiling_Locking); begin pragma Priority(28); -- Ada task that generates the event Event:=True; -- Ada task that wai ts for theevent procedure Fi re; .. end Fire; .. entry Await; Synchro.Fire; entry when is Synchro.Await; Await Event private .. .. begin Event: B oolean:=False; Event:=False; end Synchro; end Await; end Synchro; <<Protected>> do/Lock do/Lock M_Synchro_1 Event: Named_State do/Fire_Oper do/ Await.GE Access_Policy=Immediate_Ceiling(28) <<Composite>> Fire() <<Wait_State>> do/ Await.GE do/Unlock Event <<Simple>> Fire_Oper(wcet=1.5E-6) <<Guarded> Await <<Simple>> Await.Exec(wcet=1.2E-6) do/ Await.Exec <<Simple>> Await.GE(wcet=0.8E-6) do/Lock do/Unlock do/ Await.Exec <<Named_State>> Event Await entry model Fire procedure model do/Unlock Vienna, June-2002 Ada-Europe 2002 11
Ada constructs: synchronization model limitation A general protected object can not be modeled with • this approach, since: � Guard conditions are arbitrary � Requeues can create arbitrary dependencies We can model the most frequent synchronization • patterns in real-time applications, like: � One task signals another one � Broadcast: one task signals many � Barrier: many tasks activate one � .... Vienna, June-2002 Ada-Europe 2002 12
Ada constructs: hardware interrupt ada code HW_Intr_Task; task typ e protected type Intr_Handler_Type is ; entry Await private task body HW_Intr_Task is procedure Handle; The_Handler : Intr_Handler_Type; pragma procedure Intr_Operation is begin Attach_Hand ler(Handle,Ada.Interrupts.names. ); xxx Interrupt_Priority(32); --.... pragma end Intr_Operat ion; Arrived:Boolea n:=False; end Intr_Handler_Type; begin protected type body Intr_Handler_Type is loop entry Await when Arrived is The_Handler.A wait; Intr_Operation; begin end loop; Arrived:=False; end Await; end HW_Intr_Task; Handle procedure is begin Arrived:=True; --Reset HW Interrupt controller end Handle; end Intr_Handler_Type; Vienna, June-2002 Ada-Europe 2002 13
Ada constructs: hardware interrupt model <<Task>> task obj .Thread system .Thread M_HW_Intr_Task <<obj>>The_Handler:Intr_Handler_Type <<obj>> Policy=Fixe d_Priority(The_Priority= 30) Lock <<Composite>> Handling_Process <<Simple>> I ntr_Operation(wce t=2.4E-5) do/ T he_Handler.Handle do/ The_Handler.A wait.GE Description of Handling_P rocess do/ The_Handler.Await.Exec Unlock do/ Intr_Operation <<Protected>> Intr_Handler_Type Lock <<obj>>Access_Policy=Inmediate_Ceiling(The_Priority=32) <<Simple>> Handle(wcet=0.8E-6) <<Guarded>> A wait do/ The_Handler.Await.GE <<Simple>> Await.Exec(wcet=1.8E-6) <<Simple>> Await.GE(wcet=1.2E-6) Unlock Vienna, June-2002 Ada-Europe 2002 14
Ada constructs: an APC remote invocation <<RCI_Interface>> M_Remote_Write package Remote_Write is End_Write: Timed_State procedure in Write(D: Data_Type); pragma Remote_Call_Interface; <<APC_Parameters>> <<APC>> Write(iml=256, rc:APC_Parameters) pragma Asynchronous(Write); A_Msg_Parameter <<Simple>> Write.InMarshalling(wcet=2.2E-5) end Remote_Write; InMesg_Priority = 18 <<Simple>> Write.InUnmarshalling(wcet=2.5E-5) Server_Priority = 22 <<Composite>> Write (a)Ada code of a remote call interface (b) MAST model of the remote call interface. Caller.Thread In_Msg_1.Thread Remote.Dispatcher Remote.Msg_1.Server (from Local_RT_ADA_Node) (from Network) (from Remote_RT_ADA_Node) (from Remote_RT_ADA_Node) Write.InMarshalling Write.In_Msg_1 Write.InUnMarshalling Write End_Write (c) Implicit activities diagram for APC Write. Vienna, June-2002 Ada-Europe 2002 15
An Example: Teleoperated Machine Tool Controller Station ControllerPartition <<RCI>> StationPartition Command_Manage r <<Main>> Station_Program <<Main>> CAN_Bus Reporter <<Active>> <<Protected>> <<Active>> Interrupt_Ser ver Servos_Control ler Servos_Data <<Active>> <<Protected>> <<RCI>> Job_Planner Remote_S tatus Refresher Analog/Digital Lines Machine Tool Vienna, June-2002 Ada-Europe 2002 16
Recommend
More recommend
