Your search keyword '"ARINC 653"' showing total 211 results

1. Towards fault-tolerance of IMA with safe dynamic reconfiguration

Author

Schubert, Tim, Friedrich, Sven, Zaeske, Wanja, and Durak, Umut

Published

2024

2. Regularity-Based Virtualization Under the ARINC 653 Standard for Embedded Systems.

Author

Dai, Guangli, Paluri, Pavan Kumar, Cheng, Albert Mo Kim, and Liu, Bozheng

Subjects

*VIRTUAL machine systems, *CENTRAL processing units, *TASK performance

Abstract

In embedded real-time virtualized systems (ERTVS), the ARINC 653 standard specifies a cyclic scheduling policy to guarantee the real-time performance of tasks in multiple Virtual Machines (VMs) residing on shared hardware. Based on this policy, the Regularity-based Resource Partitioning (RRP) model defines an efficient interface specification to hierarchically partition and assign resource slices among VMs. Although this model has received plenty of attention recently, three major pieces remain missing for applying this model in ERTVS. (1) Embedded systems are more sensitive to resource utilization efficiency since this may drastically affect their deployment cost for including additional cores. Therefore, this paper proposes an optimal and an approximate RRP resource scheduler for multi-core platforms. (2) A resource reconfiguration is required when an embedded system has to switch between operating modes, resulting in the current cyclic schedule being replaced by another pre-configured and verified cyclic schedule. This paper formalizes a new One-Hop Reconfiguration (OHR) problem tailored for mode-switch-capable embedded systems and introduces a corresponding optimal solution. (3) No RRP-based toolset is currently available for embedded systems. This paper thus presents an optimized RRP toolset tailored for embedded systems. Numerous experiments are conducted to evaluate the efficacy of this toolset. [ABSTRACT FROM AUTHOR]

Published

2022

3. A Family of Domain-Specific Languages for Integrated Modular Avionics

Author

Alves, Ricardo, Amaral, Vasco, Cintra, João, Tavares, Bruno, Barbosa, Simone Diniz Junqueira, Editorial Board Member, Filipe, Joaquim, Editorial Board Member, Ghosh, Ashish, Editorial Board Member, Kotenko, Igor, Editorial Board Member, Yuan, Junsong, Editorial Board Member, Zhou, Lizhu, Editorial Board Member, Piattini, Mario, editor, Rupino da Cunha, Paulo, editor, García Rodríguez de Guzmán, Ignacio, editor, and Pérez-Castillo, Ricardo, editor

Published

2019

4. μC/OS-II Based RTOS Kernel

Author

Li, Lian, Shi, Xianchen, Kacprzyk, Janusz, Series Editor, Pal, Nikhil R., Advisory Editor, Bello Perez, Rafael, Advisory Editor, Corchado, Emilio S., Advisory Editor, Hagras, Hani, Advisory Editor, Kóczy, László T., Advisory Editor, Kreinovich, Vladik, Advisory Editor, Lin, Chin-Teng, Advisory Editor, Lu, Jie, Advisory Editor, Melin, Patricia, Advisory Editor, Nedjah, Nadia, Advisory Editor, Nguyen, Ngoc Thanh, Advisory Editor, Wang, Jun, Advisory Editor, Barolli, Leonard, editor, Javaid, Nadeem, editor, Ikeda, Makoto, editor, and Takizawa, Makoto, editor

Published

2019

5. Design and implementation of a virtual ARINC 653 simulation platform.

Author

Chen, Jinchao, Chen, Keke, Du, Chenglie, and Liu, Yifan

Subjects

*AVIONICS, *VIRTUAL design, *COMPUTER software testing, *SYSTEMS development, *ENERGY consumption, *DEBUGGING

Abstract

The ARINC 653 operation system is currently widely adopted in the avionics industry, and has become the mainstream architecture in avionics applications because of its strong agility and reliability. Although ARINC 653 can efficiently reduce the weight and energy consumption, it results in a serious development and verification problem for avionics systems. As ARINC 653 is non-open source software and lacks effective support for software testing and debugging, it is of great significance to build a real-time simulation platform for ARINC 653 on general-purpose operating systems, improving the efficiency and effectiveness of system development and implementation. In this paper, a virtual ARINC 653 platform is designed and realized by using real-time simulation technology. The proposed platform is composed of partition management, communication management, and health monitoring management, provides the same operation interfaces as the ARINC 653 system, and allows dynamic debugging of avionics applications without requiring the actual presence of real devices. Experimental results show that the platform not only simulates the functionalities of ARINC 653, but also meets the real-time requirements of avionics applications. [ABSTRACT FROM AUTHOR]

Published

2021

6. Designing robust quadcopter software based on a real-time partitioned operating system and formal verification techniques

Author

Sergey Mikhailovich Staroletov, Maxim Stanislavovich Amosov, and Kirill Mikhailovich Shulga

Subjects

квадрокоптер, операционная система, партицирование, arinc 653, формальная верификация, Electronic computers. Computer science, QA75.5-76.95

Abstract

The creation of reliable unmanned aerial vehicles (drones) now is an important task in the science and technology, because such devices can have a lot of use-cases in the digital economy and modern life, so we need to ensure the reliability here. In this article, it is proposed to assemble a quadcopter from low-cost components in order to obtain a hardware prototype and to develop a software solution for the flight controller with high-reliability requirements, which will meet avionics software standards using existing open-source software solutions, and also apply the results as a model for teaching courses “Components of operating systems” and “Software verification”. In the study, we proceed to analyse the structure of quadcopters and flight controllers for them, represent a self-assembly solution. We describe Ardupilot as open-source software for unmanned aerial vehicles, the appropriate APM controller and methods of PID control. Today's avionics standard of reliable software for flight controllers is a real-time partitioning operating system that is capable of responding to events from devices with an expected speed, as well as sharing processor time and memory between isolated partitions. A good example of such OS is the open-source POK (Partitioned Operating Kernel). In the repository, it contains an example design of a system for the quadcopters using AADL language for modeling its hardware and software. We apply such a technique with Model-driven engineering to a demo system that runs on real hardware and contains a flight management process with PID control as a partitioned process. Using a partitioned OS brings the reliability of flight system software to the next level. And to increase the level of control logic correctness we propose to use formal verification methods and provide examples of verifiable properties at the level of code using the deductive approach as well as at the level of the cyber-physical system using Differential dynamic logic to prove the stability.

Published

2019

7. A User-Mode Scheduling Mechanism for ARINC653 Partitioning in seL4

Author

Kang, Qiao, Yuan, Cangzhou, Wei, Xin, Gao, Yanhua, Wang, Lei, Kacprzyk, Janusz, Series editor, Pal, Nikhil R., Advisory editor, Bello Perez, Rafael, Advisory editor, Corchado, Emilio S., Advisory editor, Hagras, Hani, Advisory editor, Kóczy, László T., Advisory editor, Kreinovich, Vladik, Advisory editor, Lin, Chin-Teng, Advisory editor, Lu, Jie, Advisory editor, Melin, Patricia, Advisory editor, Nedjah, Nadia, Advisory editor, Nguyen, Ngoc Thanh, Advisory editor, Wang, Jun, Advisory editor, Bhatia, Sanjiv K., editor, Mishra, Krishn K., editor, Tiwari, Shailesh, editor, and Singh, Vivek Kumar, editor

Published

2017

8. Design and architecture of real-time operating system

Author

K. M. Mallachiev, N. V. Pakulin, and A. V. Khoroshilov

Subjects

arinc 653, осрв, операционная система реального времени, има, интегрированная модульная авионика, Electronic computers. Computer science, QA75.5-76.95

Abstract

Modern airliners such as Airbus A320, Boeing 787, and Russian MS-21 use so called Integrated Modular Avionics (IMA) architecture for airborne systems. This architecture is based on interconnection of devices and on-board computers by means of uniform real-time network. It allows significant reduction of cable usage, thus leading to reducing of takeoff weight of and airplane. IMA separates functions of collecting information (sensors), action (actuators), and avionics logic implemented by applied avionics software in on-board computers. International standard ARINC 653 defines constraints on the underlying real-time operation system and programming interfaces between operating system and associated applications. The standard regulates space and time partitioning of applied IMA-related tasks. Most existing operating systems with ARINC 653 support are commercial and proprietary software. In this paper, we present JetOS, an open source real-time operating system with complete support of ARINC 653 part 1 rev 3. JetOS originates from the open source project POK, created by French researchers. At that time POK was the only one open source OS with at least partial support for ARINC 653. Despite this, POK was not feasible for practical usage: POK failed to meet a number of fundamental requirements and was executable in emulator only. During JetOS development POK code was significantly redesigned. The paper discusses disadvantages of POK and shows how we solved those problems and what changes we have made in POK kernel and individual subsystems. In particular we fully rewrote real-time scheduler, network stack and memory management. Also we have added some new features to the OS. One of the most important features is system partitions. System partition is a specialized application with extended capabilities, such as access to hardware (network card, PCI controller etc.) Introduction of system partitions allowed us moving large subsystems out of the kernel and limiting the kernel to the minimal functionality: context switching, scheduling and message pass. In particular, we have moved network subsystem to system partition. This moving reduces kernel size and potentially reduces probability on having bug in kernel and simplifies verification process.

Published

2018

9. Certifiable onboard real-time operation system JetOS for Russian aircrafts design

Author

Yu. A. Solodelov and N. K. Gorelits

Subjects

операционная система реального времени, осрв, интегрированная модульная авионика, има, сертификация, do-178c, кт-178с, arinc 653, авионика, Electronic computers. Computer science, QA75.5-76.95

Abstract

JetOS is a prospective onboard real-time operating system (RTOS). Nowadays GosNIIAS develops JetOS in the scope of the research and development project. One of the most important tasks during JetOS development is to create the DO-178C certification kit, which will allow JetOS to be used for development and modification of avionics for civil aircraft. Today there is no operating system certified in accordance with DO-178C in Russia, therefore the JetOS creation is the matter of current importance. Using DO-178C requires the developer to have very strict development processes. The arrangement of processes that satisfy the DO-178C requirements is a very responsible and demanding task because of high expectations in the fields of safety and security. JetOS is being developed primarily for onboard equipment based on the integrated modular avionics (IMA). One of the key features of IMA is the ability to execute several functional applications on one target onboard module. The obvious consequence of this feature is a necessity to have a time and resource partitioning of applications. In avionics field application partition along with a host of other features is defined in ARINC 653 international standard, so its support is the significant requirement for JetOS. ARINC 653 defines application programming interface (API) and modes of operation for onboard functional software. JetOS supports the up-to-date version of ARINC 653 (2015) with supplementary services. JetOS also supports the safety-critical graphical library - OpenGL SC; the special implementation of the OpenGL SC library is being developed along with JetOS itself. OpenGL SC services are used to draw two-dimensional and three-dimensional pictures by onboard functional software. JetOS is a certifiable modular cyber-safe real-time operating system, which is designed in order to support several hardware architectures and to be easily adopted for different hardware boards. The scope of the JetOS project also includes creation of the tools necessary for functional software development, especially aircraft systems.

Published

2018

10. A Partition Berth Allocation Scheduler Based on Resource Utilization and Load Balancing

Author

Li, Bin, Zhang, Yu, Liang, Xiaolei, Yang, Lin, Hutchison, David, Series editor, Kanade, Takeo, Series editor, Kittler, Josef, Series editor, Kleinberg, Jon M., Series editor, Mattern, Friedemann, Series editor, Mitchell, John C., Series editor, Naor, Moni, Series editor, Pandu Rangan, C., Series editor, Steffen, Bernhard, Series editor, Terzopoulos, Demetri, Series editor, Tygar, Doug, Series editor, Weikum, Gerhard, Series editor, Li, Wenfeng, editor, Ali, Shawkat, editor, Lodewijks, Gabriel, editor, Fortino, Giancarlo, editor, Di Fatta, Giuseppe, editor, Yin, Zhouping, editor, Pathan, Mukaddim, editor, Guerrieri, Antonio, editor, and Wang, Qiang, editor

Published

2016

11. The CONCERTO Methodology for Model-Based Development of Avionics Software

Author

Baldovin, Andrea, Zovi, Alessandro, Nelissen, Geoffrey, Puri, Stefano, Hutchison, David, Series editor, Kanade, Takeo, Series editor, Kittler, Josef, Series editor, Kleinberg, Jon M., Series editor, Mattern, Friedemann, Series editor, Mitchell, John C., Series editor, Naor, Moni, Series editor, Pandu Rangan, C., Series editor, Steffen, Bernhard, Series editor, Terzopoulos, Demetri, Series editor, Tygar, Doug, Series editor, Weikum, Gerhard, Series editor, de la Puente, Juan Antonio, editor, and Vardanega, Tullio, editor

Published

2015

12. A Software-Based Monitoring Framework for Time-Space Partitioned Avionics Systems

Author

Changmin Shin, Chaedeok Lim, Joongheon Kim, Heejun Roh, and Wonjun Lee

Subjects

ARINC 653, integrated modular avionics (IMA), monitoring, real-time operating system (RTOS), time and space partitioning (TSP), unmanned aerial vehicle (UAV), Electrical engineering. Electronics. Nuclear engineering, TK1-9971

Abstract

Recently, avionics systems have evolved into a time and space partitioning (TSP)-based integrated modular avionics (IMA) structure for integration into a single system from a variety of existing independently configured federated systems. The TSP-based IMA architecture is suitable for solving size, weight, and power problems in avionics systems. Partitioning real-time operating systems (RTOSs) to support TSP-based IMA have been researched, and the international aviation industry has established the ARINC 653 standard for a partitioning RTOS. The ARINC 653 standard has defined the health monitoring (HM) function for debugging. However, the HM of the ARINC 653 standard does not support monitoring and debugging functions, such as snapshot, cycle, and, redundancy monitor, which makes the system development hard. To this end, the purpose of this paper is to introduce a monitoring framework that supports high reliability and stability for RTOS and application software based on TSP structure used in avionics systems. The proposed monitoring framework is designed for Qplus-AIR, an RTOS based on the TSP structure that conforms to the ARINC 653 for aircraft systems. It is also applicable to other RTOSs based on TSP structure that does not conform to ARINC 653. It supports monitoring functions, such as snapshot, trigger, and cycle as well as various debugging functions. It also supports debugging and monitoring operations under the redundancy of avionics systems, and minimizes the intrusive effect, which is a disadvantage of the software-based debugging approach. These functionalities enable avionics system developers to monitor and measure the performance of TSP structure-based RTOS and application software in flight control system for unmanned aerial vehicles. Our evaluation results show that the proposed monitoring framework is suitable for monitoring and debugging of RTOS and application software based on TSP structure.

Published

2017

13. PDP 4PS : Periodic-Delayed Protocol for Partitioned Systems

Author

Jaouën, Antoine, Borde, Etienne, Pautet, Laurent, Robert, Thomas, Hutchison, David, editor, Kanade, Takeo, editor, Kittler, Josef, editor, Kleinberg, Jon M., editor, Kobsa, Alfred, editor, Mattern, Friedemann, editor, Mitchell, John C., editor, Naor, Moni, editor, Nierstrasz, Oscar, editor, Pandu Rangan, C., editor, Steffen, Bernhard, editor, Terzopoulos, Demetri, editor, Tygar, Doug, editor, Weikum, Gerhard, editor, George, Laurent, editor, and Vardanega, Tullio, editor

Published

2014

14. Towards Enabling Level 3A AI in Avionic Platforms

Author

Zaeske, Wanja Marlo Moritz, Brust, Clemens-Alexander, Lund, Andreas, and Durak, Umut

Subjects

Avionics||Resilience||ARINC 653||DO-178C||Fault-Tolerance, Fault-Tolerance, Resilience, DO-178C, Avionics, ARINC 653

Abstract

The role of AI evolves from human assistance over human/machine collaboration towards fully autonomous systems. As the push towards more autonomy subsequently removes the reliance on a human overseeing the system, means of self supervision must be provided to enable safe operations. This work explores dynamic reconfiguration to provide resilience to unforeseen environmental conditions that exceed the systems capabilities, but also against normal faults. We focus on providing the means for this in an ARINC 653 compliant environment, since we target avionics platforms. Scheduling and communication are two major aspects of dynamic reconfiguration. Hence, we discuss multiple respective implementation approaches. The third pillar of reconfiguration, the process of deciding when to reconfigure is also investigated. Combining these yields the building blocks for a self-supervising system.

Published

2023

15. Worst–Case Execution Time Analysis Approach for Safety–Critical Airborne Software

Author

Asensio, Esteban, Lafoz, Ismael, Coombes, Andrew, Navas, Julian, Hutchison, David, editor, Kanade, Takeo, editor, Kittler, Josef, editor, Kleinberg, Jon M., editor, Mattern, Friedemann, editor, Mitchell, John C., editor, Naor, Moni, editor, Nierstrasz, Oscar, editor, Pandu Rangan, C., editor, Steffen, Bernhard, editor, Sudan, Madhu, editor, Terzopoulos, Demetri, editor, Tygar, Doug, editor, Vardi, Moshe Y., editor, Weikum, Gerhard, editor, Keller, Hubert B., editor, Plödereder, Erhard, editor, Dencker, Peter, editor, and Klenk, Herbert, editor

Published

2013

16. Linux: A Multi-Purpose Executive Support for Civil Avionics Applications?

Author

Goiffon, Serge, Gaufillet, Pierre, and Jacquart, Renè, editor

Published

2004

17. Model-based optimization of ARINC-653 partition scheduling

Author

Brian Nielsen, Pujie Han, Ulrik Nyman, and Zhengjun Zhai

Subjects

Model checking, Mathematical optimization, Computer science, Evolutionary algorithm, Scheduling (production processes), 020207 software engineering, 02 engineering and technology, Parameter space, Partition (database), UPPAAL, 020202 computer hardware & architecture, Automaton, Model-based optimization, Partitioned scheduling, ARINC 653, Theory of computation, 0202 electrical engineering, electronic engineering, information engineering, Timed automata, Computer Science::Operating Systems, Software, Parameter sweep, Information Systems

Abstract

The architecture of ARINC-653 partitioned scheduling has been widely applied to avionics systems owing to its robust temporal isolation among applications. However, this partitioning mechanism causes the problem of how to optimize the partition scheduling of a complex system while guaranteeing its schedulability. In this paper, a model-based optimization approach is proposed. We formulate the problem as a parameter sweep application, which searches for the optimal partition scheduling parameters with respect to minimum processor occupancy via an evolutionary algorithm. An ARINC-653 partitioned scheduling system is modeled as a set of timed automata in the model checker UPPAAL. The optimizer tentatively assigns parameter settings to the models and subsequently invokes UPPAAL to verify schedulability as well as evaluate promising solutions. The parameter space is explored with an evolutionary algorithm that combines refined genetic operators and the self-adaptation of evolution strategies. The experimental results show the applicability of our optimization method. The architecture of ARINC-653 partitioned scheduling has been widely applied to avionics systems owing to its robust temporal isolation among applications. However, this partitioning mechanism causes the problem of how to optimize the partition scheduling of a complex system while guaranteeing its schedulability. In this paper, a model-based optimization approach is proposed. We formulate the problem as a parameter sweep application, which searches for the optimal partition scheduling parameters with respect to minimum processor occupancy via an evolutionary algorithm. An ARINC-653 partitioned scheduling system is modeled as a set of timed automata in the model checker UPPAAL. The optimizer tentatively assigns parameter settings to the models and subsequently invokes UPPAAL to verify schedulability as well as evaluate promising solutions. The parameter space is explored with an evolutionary algorithm that combines refined genetic operators and the self-adaptation of evolution strategies. The experimental results show the applicability of our optimization method.

Published

2021

18. Reliability Assessment Model of IMA Partition Software Using Stochastic Petri Nets

Author

Wu Zhijun, Ma Haolin, and Yue Meng

Subjects

stochastic petri nets, General Computer Science, Computer science, Reliability block diagram, 02 engineering and technology, partition software, ARINC 653, Software, 0203 mechanical engineering, 0202 electrical engineering, electronic engineering, information engineering, General Materials Science, Fault tree analysis, 020301 aerospace & aeronautics, reliability, Finite-state machine, business.industry, 020208 electrical & electronic engineering, General Engineering, Computer Science::Software Engineering, Integrated modular avionics, Failure rate, Partition (database), Software quality, fault tree analysis, Stochastic Petri net, lcsh:Electrical engineering. Electronics. Nuclear engineering, business, lcsh:TK1-9971, Algorithm

Abstract

In order to reduce the failure rate of Integrated Modular Avionics (IMA) partition software, due to the reliability block diagram (RBD) method, fault tree analysis (FTA) method and GO method cannot describe the state transition process of partition software, according to the ARINC 653 standard and the actual running status of the partition software, this paper determines the state machine and conversion delay of the partition software, and establishes the stochastic Petri nets (SPN) reliability quantitative model of the partition software. By proving that each transition in the SPN model of the partition software approximately obeying exponential distribution, and according to the reachable state tree of the SPN isomorphic to a homogeneous Markov chain (MC), the steady-state probability of the partition software in the fault state is calculated to be $5.2778^\ast 10^{-9}$ by using MC stochastic process theory. The factors affecting the reliability of the partition software are obtained, and the sensitivity of each factor to the model is studied. Finally, the relevant conclusions are drawn to provide guidance for improving the reliability of partition software.

Published

2021

19. Formal Specification and Analysis of Partitioning Operating Systems by Integrating Ontology and Refinement.

Author

Zhao, Yongwang, Sanan, David, Zhang, Fuyuan, and Liu, Yang

Abstract

Partitioning operating systems (POSs) have been widely applied in safety-critical domains from aerospace to automotive. In order to improve the safety and the certification process of POSs, the ARINC 653 standard has been developed and complied with by the mainstream POSs. Rigorous formalization of ARINC 653 can reveal hidden errors in this standard and provide a necessary foundation for formal verification of POSs and ARINC 653 applications. For the purpose of reusability and efficiency, a novel methodology by integrating ontology and refinement is proposed to formally specify and analyze POSs in this paper. An ontology of POSs is developed as an intermediate model between informal descriptions of ARINC 653 and the formal specification in Event-B. A semiautomatic translation from the ontology and ARINC 653 into Event-B is implemented, which leads to a complete Event-B specification for ARINC 653 compliant POSs. During the formal analysis, six hidden errors in ARINC 653 have been discovered and fixed in the Event-B specification. We also validate the existence of these errors in two open-source POSs, i.e., XtratuM and POK. By introducing the ontology, the degree of automatic verification of the Event-B specification reaches a higher level. [ABSTRACT FROM PUBLISHER]

Published

2016

20. Thermal-Aware Scheduling for MPSoC in the Avionics Domain: Tooling and Initial Results

Author

Zdenek Hanzalek, Pavel Zaykov, David Hornof, Michał Sójka, Matej Kafka, Ondrej Benedikt, and Premysl Sucha

Subjects

ARINC 653, Multi-core processor, Computer science, Design space exploration, business.industry, Embedded system, Benchmark (computing), System on a chip, Avionics, MPSoC, business, Scheduling (computing)

Abstract

The demand for high-performance computing leads to the adoption of modern Multi-Processor System-on-Chip platforms in the avionics domain, where many applications are safety-critical. To fulfill the safety requirements, it is vital to avoid the platform’s overheating. In this paper, we propose a task mapping method, MultiPAWS, for thermal-aware allocation of the safety-critical avionics workloads under time isolation constraints. With the help of MultiPAWS, we jointly find an optimal number of scheduling windows and their lengths and optimal mapping of the workload to these windows and available CPU cores. To guide the optimization, we introduce a thermal model based on power-characteristic coefficients, which we experimentally identify for a benchmark dataset on NXP i.MX8QuadMax platform (based on ARMv8 big.LITTLE architecture). Furthermore, to mimic the execution of safety-critical avionics applications, we introduce DEmOS, an open-source Linux-based scheduler. DEmOS provides a time-partitioned scheduling similar to the ARINC 653 standard. We use DEmOS for the experimental evaluation on the i.MX8 platform. The experimental results suggest that MultiPAWS achieves over a 12% decrease of the platform temperature compared to the minimum-utilization-based approach. Moreover, we demonstrate how MultiPAWS can be used in design space exploration for finding the tradeoff between the platform temperature and the length of the scheduling hyper-period.

Published

2021

21. ARINC 653-inspired regularity-based resource partitioning on xen

Author

Guangli Dai, Albert M. K. Cheng, and Pavan Kumar Paluri

Subjects

business.industry, Computer science, 020206 networking & telecommunications, Hypervisor, Cloud computing, 02 engineering and technology, computer.software_genre, Virtualization, 020202 computer hardware & architecture, Scheduling (computing), ARINC 653, Resource (project management), Virtual machine, Server, 0202 electrical engineering, electronic engineering, information engineering, Operating system, business, computer

Abstract

A multitude of cloud-native applications take up a significant share of today's world wide web, the majority of which implicitly require soft-real-time guarantees when hosted on servers at various data centers across the globe. With the rapid development of cloud computing and virtualization techniques, many applications have been moved onto cloud and edge platforms that require efficient virtualization techniques. This means a set of applications must be executed on a Virtual Machine (VM) and multiple VMs must be temporally and spatially scheduled on a set of CPUs. Designed to leverage the cloud infrastructure model, many of these cloud-native applications such as media servers strongly demand low data latency and high compute-resource availability, both of which must be predictable. However, state-of-art VM schedulers fail to satisfy these requirements simultaneously. The scheduling of cloud-native applications on VMs and the scheduling of VMs on physical resources (CPUs), collectively need to be real-time in nature as specified by the Hierarchical Real-Time Scheduling (HiRTS) framework. Conforming to the specifications of this framework, the Regularity-based Resource Partitioning (RRP) model has been proposed that introduces the concept of regularity to provide a near-ideal resource supply to all VMs. In this paper, we make the theoretically superior Regularity-based Resource Partitioning (RRP) model ready for prime time by implementing its associated resource partitioning algorithms for the first time ever on the popular x-86 open-source hypervisor Xen, i.e., RRP-Xen. This paper also compares and contrasts the real-time performance of RRP-Xen against contemporary Xen schedulers such as Credit and RTDS. Our contributions include: (1) a novel implementation of the RRP model on Xen's x-86 based hypervisor, thereby providing a test-bed for future researchers; (2) the first-ever multi-core ARINC 653 VM scheduler prototype on Xen; and (3) numerous experiments and theoretical analysis to determine the real-time performance of RRP-Xen under a stringent workload environment.

Published

2021

22. Dynamic Analysis of ARINC 653 RTOS with LLVM

Author

Alexey Khoroshilov and Vitaly Cheptsov

Subjects

FOS: Computer and information sciences, Computer science, business.industry, Static analysis, computer.software_genre, Software development process, Software Engineering (cs.SE), ARINC 653, Computer Science - Software Engineering, Software, Compiler, Software system, Instrumentation (computer programming), Software engineering, business, computer, Real-time operating system

Abstract

Existing standards for airborne-embedded software systems impose a number of requirements applicable to the software development cycle of hard real-time operating systems found in modern aircraft. The measures taken are meant to reduce the risks of undesired consequences, but have strongly varying costs. Dynamic instrumentation and static analysis are common practices used to automatically find software defects, from strictly non-conforming code constructions to memory corruptions or invalid control flow. LLVM analyser and sanitizer infrastructure, while regularly applied to general-purpose software, originally was not thought to be introduced to heavily restricted environments. In this paper we discuss the specifics of airborne systems with regards to dynamic instrumentation and provide practical considerations to be taken into account for the effective use of general-purpose instrumentation tools. We bring a complete LLVM stack support to JetOS, a prospective onboard real-time operating system currently being developed at ISP RAS in collaboration with GosNIIAS. As an example, we port AddressSanitizer, MemorySanitizer, and UndefinedBehaviorSanitizer and provide the details against the caveats on all relevant sides: a sanitizer, a compiler, and an operating system. In addition we suggest uninvolved optimisations and enhancements to the runtimes to maximise the effects of the tools., 7 pages

Published

2021

23. Cache Locking Content Selection Algorithms for ARINC-653 Compliant RTOS

Author

Alexy Torres Aurora Dugo, Dahman Assal, Jean-Baptiste Lefoul, Gabriela Nicolescu, and Felipe Gohring de Magalhaes

Subjects

business.industry, Computer science, 020206 networking & telecommunications, 02 engineering and technology, Avionics, Partition (database), 020202 computer hardware & architecture, Shared resource, ARINC 653, Software, Hardware and Architecture, Embedded system, 0202 electrical engineering, electronic engineering, information engineering, Cache, Isolation (database systems), business, Real-time operating system

Abstract

Avionic software is the subject of stringent real time, determinism and safety constraints. Software designers face several challenges, one of them being the interferences that appear in common situations, such as resource sharing. The interferences introduce non-determinism and delays in execution time. One of the main interference prone resources are cache memories. In single-core processors, caches comprise multiple private levels. This breaks the isolation principle imposed by avionic standards, such as the ARINC-653. This standard defines partitioned architectures where one partition should never directly interfere with another one. In cache-based architectures, one partition can modify the cache content of another partition. In this paper, we propose a method based on cache locking to reduce the non-determinism and the contention on lower level memories while improving the time performances.

Published

2019

24. Portable and Configurable Implementation of ARINC-653 Temporal Partitioning for Small Civilian UAVs

Author

Hyung-Sik Yoon, Joo-Kwang Park, Sang Hun Lee, Hyun-Chul Jo, and Hyun-Wook Jin

Subjects

Source code, General Computer Science, Computer science, media_common.quotation_subject, ComputerApplications_COMPUTERSINOTHERSYSTEMS, Scheduling (computing), Abstraction layer, ARINC 653, multi-core, Software, RTEMS, General Materials Science, media_common, business.industry, General Engineering, integrated modular avionics, Modular design, Avionics, temporal partitioning, portability, ARINC-653, Embedded system, lcsh:Electrical engineering. Electronics. Nuclear engineering, unmanned aerial vehicles, business, lcsh:TK1-9971

Abstract

The ARINC-653 standard defines temporal partitioning that enables multiple avionics applications to execute independently from each other without interference in terms of CPU resources. Though partitioning has been mainly discussed from the viewpoint of manned aircraft, it can also efficiently integrate multiple applications on civilian Unmanned Aerial Vehicles (UAVs) that have even severer limitations on size, weight, power, and cost. In order to employ ARINC-653 temporal partitioning to civilian UAVs, its implementation must be flexible enough to be applied to diverse run-time software environments and computing hardware platforms. In this paper, we suggest a portable and configurable implementation of ARINC-653 for small-sized civilian UAVs aiming for low cost, easy development, and easy extension. Our implementation provides the Operating System (OS) abstraction layer that defines the essential OS-level features and the OS-independent interfaces to the upper layer that actually implements the ARINC-653 standard. Our implementation is also modularized so that the policies of resource management in CPU scheduling and memory allocation can be easily extended and selectively configured. In addition, we implement the advanced resource management schemes to promote the benefits of multi-core processors that are already widely deployed in Commercial Off-The-Shelf (COTS) systems. We show that our ARINC-653 implementation is portable across different OS, such as Linux and RTEMS, reusing the most of source codes thanks to the layered and modular design. We also analyze the overheads of the ARINC-653 APEX interfaces and multi-core scheduling. Moreover, we conduct a case study for a small-sized quad-copter.

Published

2019

25. Designing robust quadcopter software based on a real-time partitioned operating system and formal verification techniques

Author

Amosov Maxim Stanislavovich, Shulga Kirill Mikhailovich, and Staroletov Sergey Mikhailovich

Subjects

Quadcopter, Computer science, business.industry, операционная система, партицирование, квадрокоптер, computer.software_genre, lcsh:QA75.5-76.95, ARINC 653, Software, Control theory, arinc 653, формальная верификация, Operating system, General Earth and Planetary Sciences, Avionics software, lcsh:Electronic computers. Computer science, Control logic, business, computer, Formal verification, Software verification, General Environmental Science

Abstract

The creation of reliable unmanned aerial vehicles (drones) now is an important task in the science and technology, because such devices can have a lot of use-cases in the digital economy and modern life, so we need to ensure the reliability here. In this article, it is proposed to assemble a quadcopter from low-cost components in order to obtain a hardware prototype and to develop a software solution for the flight controller with high-reliability requirements, which will meet avionics software standards using existing open-source software solutions, and also apply the results as a model for teaching courses “Components of operating systems” and “Software verification”. In the study, we proceed to analyse the structure of quadcopters and flight controllers for them, represent a self-assembly solution. We describe Ardupilot as open-source software for unmanned aerial vehicles, the appropriate APM controller and methods of PID control. Today's avionics standard of reliable software for flight controllers is a real-time partitioning operating system that is capable of responding to events from devices with an expected speed, as well as sharing processor time and memory between isolated partitions. A good example of such OS is the open-source POK (Partitioned Operating Kernel). In the repository, it contains an example design of a system for the quadcopters using AADL language for modeling its hardware and software. We apply such a technique with Model-driven engineering to a demo system that runs on real hardware and contains a flight management process with PID control as a partitioned process. Using a partitioned OS brings the reliability of flight system software to the next level. And to increase the level of control logic correctness we propose to use formal verification methods and provide examples of verifiable properties at the level of code using the deductive approach as well as at the level of the cyber-physical system using Differential dynamic logic to prove the stability.

Published

2019

26. Modeling and Verification of ARINC 653 Hierarchical Preemptive Scheduling

Author

Chenglie Du, Zhiqiang Liu, Ning Fu, Lijun Shan, and Han Peng

Subjects

ARINC 653, General Computer Science, business.industry, Computer science, Embedded system, Preemption, business

Abstract

Avionics Application Standard Software Interface (ARINC 653) is a software specification for space and time partitioning in safety-critical avionics real-time operating systems. Correctly designed task schedulers are crucial for ARINC 653 running systems. This paper proposes a model-checking-based method for analyzing and verifying ARINC 653 scheduling model. Based on priced timed automata theory, an ARINC 653 scheduling system was modeled as a priced timed automata network. The schedulability of the system was described as a set of temporal logic expressions, and was analyzed and verified by a model checker. Our research shows that it is feasible to use model checking to analyze task schedulability in an ARINC 653 hierarchical scheduling system. The method discussed modeled preemptive scheduling by using the stop/watch features of priced timed automata. Unlike traditional scheduling analysis techniques, the proposed approach uses an exhaustive method to automate analysis of the schedulability of a system, resulting in a more precise analysis

Published

2019

27. Conformance testing of ARINC 653 compliance for a safety critical RTOS using UPPAAL model checker

Author

Arshad Ebrahim, Abhishek Singh, and Meenakshi D'Souza

Subjects

Model checking, Correctness, Computer science, 020207 software engineering, Context (language use), 02 engineering and technology, Avionics, Formal methods, Reliability engineering, ARINC 653, Test case, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, Conformance testing

Abstract

Modern avionics systems have several safety critical control software that need to be accurate and provide deterministic response in real-time. Accuracy of such responses is determined by the real-time operating system (RTOS) on which the software applications run. Standards provide guidelines to ensure correctness with high assurance. The conformance of a RTOS to a standard can be achieved by executing a set of test cases against the properties listed in the standard. Conventional testing methodologies are inadequate for conformance testing due to cost and time constraints and lack of guarantees of correctness. We propose a formal methods based technique for conformance testing of a safety critical RTOS to the ARINC 653 standard. We model a space and time partitioned RTOS as a network of timed automata using UPPAAL model checker and verify conformance to functional and timing requirements. Our approach is illustrated in the context of HAL-OS, a proprietary RTOS used in avionics systems.

Published

2021

28. Resource partitioning for Integrated Modular Avionics: comparative study of implementation alternatives.

Author

Han, Sanghyun and Jin, Hyun‐Wook

Subjects

RESOURCE partitioning (Ecology), AVIONICS industry, COMPUTER architecture, COMPUTER hardware description languages

Abstract

ABSTRACT Most current generation avionics systems are based on a federated architecture, where an electronic device runs a single software module or application that collaborates with other devices through a network. This architecture makes the software development process very simple, but the hardware system becomes very complicated and it is difficult to resolve issues of size, weight, and power efficiently. An integrated architecture can address the size, weight, and power issues and provide better software reusability, testability, and reliability by means of partitioning. Partitioning provides a framework that can transparently integrate several real-time applications on the same computing device, allowing the isolation of the execution environment in terms of resources and faults. Several studies on partitioning software platforms have been reported; however, to the best of our knowledge, extensive comparison and analysis of design and implementation alternatives have not been conducted owing to the extreme complexity of their implementation and measurement. In this paper, we present three design alternatives for partitioning at the user, kernel, and virtual machine monitor levels, which are compared quantitatively. In particular, we target the worldwide standard software platform for avionics systems, that is, Aeronautical Radio, Incorporated Specification 653 (ARINC 653). Overall, our study provides valuable design references and demonstrates the characteristics of design alternatives. Copyright © 2013 John Wiley & Sons, Ltd. [ABSTRACT FROM AUTHOR]

Published

2014

29. Non-functional Attribute Modeling and Verification Method for Integrated Modular Avionics System

Author

Feiyang Liu, Hu Ning, Li Yahui, Na Wu, and Guo Peng

Subjects

ARINC 653, Correctness, Failure mode, effects, and criticality analysis, Systems Modeling Language, Computer science, Control system, Design process, Integrated modular avionics, Scheduling (computing), Reliability engineering

Abstract

Aiming at the shortcomings of standardized design and early verification of integrated modular avionics systems, this paper proposes a non-functional attribute modeling and verification method for integrated modular avionics system. We extract an architecture-centric design process for integrated modular avionics system, propose automatic transformation from SysML-based functional models to AADL-based architecture models, design AADL-Hazard sub-language, put forward AADL-based scheduling analysis for ARINC 653 system and safety analysis based on FMECA. Finally, aviation air compressor control system is chosen as a case to verify the correctness and feasibility of the method proposed in this paper. The method in this paper improves the AADL’s ability to model and verify for integrated modular avionics system, help engineersuse standardized design, multi-dimensional analysis methods in the early stage of the product, and reduces later product rework.

Published

2021

30. The Concept of an Autonomic Avionics Platform and the Resulting Software Engineering Challenges

Author

Johannes Reinhart, Bjoern Annighoefer, Matthias Brunner, and Bernd Schulz

Subjects

FOS: Computer and information sciences, 68N30, Process (engineering), business.industry, Computer science, Runtime verification, D.2.9, Fault tolerance, Systems and Control (eess.SY), Avionics, Electrical Engineering and Systems Science - Systems and Control, Autonomic computing, D.2.11, Software Engineering (cs.SE), ARINC 653, Computer Science - Software Engineering, Component (UML), FOS: Electrical engineering, electronic engineering, information engineering, Avionics software, Software engineering, business

Abstract

The self-* properties commonly associated with the concept of autonomic computing are capabilities desirable for avionics software platforms. They decrease the configuration effort and inherently provide new fault tolerance and resource savings possibilities. The rigid certification process and the requirements for a static and predetermined system behavior are, however, in contradiction with the adaptive and flexible nature of autonomic computing systems. We propose a partition-based architecture providing autonomic features for avionics software platforms while being compliant to regulations and accepted technologies, such as ARINC 653. The core is a platform consciousness based on a domain-specific model and a novel MAP-QE-K cycle. Moreover, we suggest a planning intelligence, a virtual qualification authority, and a minimized execution unit. For each component we define the required design assurance level and possible realization techniques. We discuss the overall feasibility and point out central challenges in the fields of runtime verification and models at runtime. These challenges need to be solved up to the realization of autonomic avionics, e.g. a virtual security assessment and a qualifiable domain-specific model database., Comment: 7 pages, 5 figures

Published

2021

31. Architecture-based avionics application software reliability model with consideration of IMA environment.

Author

Sun Haiyan, Su Pengfei, Yang Haiyan, and Wu Ji

Abstract

Recently, there is an obvious growing trend in use of Integrated Modular Avionics (IMA) in developing aircraft functionalities. The IMA platform defined by ARINC 653 provides runtime environment and reliability assurance such as space and time partition for avionics application. When applying the certification from FAA, the avionics application provider has to provide the safety and reliability evidences that the software run in the IMA platform. Therefore, the effects of IMA platform as runtime environment need to be considered when predicting the reliability of avionics application. In this paper, we focus on proposing an avionics system architecture (in AADL) based reliability prediction model with the consideration of IMA platform runtime environment. This architecture-based model predicts the avionics application reliability by analyzing the systematic and random impacts of IMA platform runtime environment on the failure rate of avionics application. The model is analyzed with a small but complete architecture model of avionics application. [ABSTRACT FROM PUBLISHER]

Published

2012

32. A customizable and ARINC 653 quasi-compliant hypervisor.

Author

Tavares, A., Carvalho, A., Rodrigues, P., Garcia, P., Gomes, T., Cabral, J., Cardoso, P., Montenegro, S., and Ekpanyapong, M.

Abstract

This paper presents a novel hypervisor, developed for aerospace applications using an object oriented approach that embodies time and space partitioning (TSP) on a PowerPC (PPC) core embedded in a FPGA, for the NetworkCentric core avionics [1] - an architecture of cooperating components and managed by a real-time operating system, to implement dependable computing and targeting simplicity. To support Integrated Modular Architecture (IMA) [2] partitioned software architectures, the proposed hypervisor adapted to the aerospace application domain the Popek and Goldberg's [3] fidelity, efficiency and resource control virtualization requirements, and extends them with additional ones like timing determinism, reactivity and improved dependability. A distinctive feature of this hypervisor is its I/O device virtualization approach that guarantees real-time performance and small trusted computing base. The object oriented approach will be particularly useful to customize key components of the hypervisor (with different granularity levels) such as partition scheduling and the communications manager using generative programming techniques (Aspect Oriented Programming (AOP) and template meta-programming). [ABSTRACT FROM PUBLISHER]

Published

2012

33. A Configurable, Extensible Implementation of Inter-Partition Communication for Integrated Modular Avionics.

Author

Lee, Sang-Hun, Han, Sanghyun, and Jin, Hyun-Wook

Abstract

Aerial vehicles consist of many electronic devices connected through various networks. Thus, we should be able to describe them very clearly and easily to configure network channels. It is also highly desirable to have a framework that allows adding new network devices or protocols to the existing systems while minimizing the effects on the existing software. At the same time, since there are several kinds of network protocols available, an abstraction that supports multiple protocols in a transparent manner are essential to provide the portability of avionics applications. To address these, we extend the XML-based configuration of ARINC 653 so that the description of network devices and protocols can be done very systematically. In addition, we introduce the network manager that provides a transparent abstraction over multiple networks and efficient way of adding a new network protocol without modifications of existing software. We implement our design over Ethernet, Control Area Network (CAN) and POSIX Inter-Process Communication (IPC), and show its performance in terms of communication latency and jitter. [ABSTRACT FROM PUBLISHER]

Published

2012

34. Baget real-time operating system family (features, comparison, and future development).

Author

Godunov, A. and Soldatov, V.

Subjects

*COMPUTER operating system standards, *REAL-time computing, *POSIX (Computer software standard), *COMPUTER software, *SYSTEM analysis, *COMPUTER systems

Abstract

Main features of Baget 2.0 and Baget 3.0 Russian real-time operating systems (RTOSs) are discussed. Their similarities and differences are examined. Ways of further development of RTOS Baget are considered. [ABSTRACT FROM AUTHOR]

Published

2014

35. Integration of Data Distribution Service into Partitioned Real-time Embedded Systems

Author

Xiaoguang Hu, Boyang Song, Jin Xiao, Qing Zhou, Guofeng Zhang, and Shuo Wang

Subjects

business.industry, Computer science, Interoperability, Data Distribution Service, 020206 networking & telecommunications, 020207 software engineering, 02 engineering and technology, Software portability, ARINC 653, Embedded system, Middleware, 0202 electrical engineering, electronic engineering, information engineering, Systems architecture, Isolation (database systems), business

Abstract

Data Distribution Service (DDS) middleware facilitates interoperability and portability of components by building the underlying communication network in mixed-criticality systems with real-time requirements, especially those in conformity with Future Airborne Capability Environment (FACE) technical standard. Partitioning is the key technology permitting applications with different levels of criticality to execute in a same hardware on strict isolation in time and space. A system architecture is proposed to realize the integration of DDS into partitioned real-time embedded systems compliant with ARINC- 653 specification. The architecture allows communications among applications through the DDS middleware, whether they are executed in a partitioned system or not. Then an Unmanned Aerial Vehicle (UAV) combat scenario is simulated to exemplify the design feasibility. Evaluation tests show the communication stability can be obtained whether an ARINC-653 compliance system interconnect with heterogeneous systems or homogeneous systems. Based on the reliable configuration, the average communication time is stable at around 272.60μs in former situation and 281.32μs in the latter. And the specific performance difference between the two cases is further analyzed.

Published

2020

36. When security affects schedulability of TSP systems: trade-offs observed by design space exploration

Author

Frank Singhoff, Ill-ham Atchadam, Laurent Lemarchand, Karim Bigou, Hai Nam Tran, Lab-STICC_UBO_CACS_MOCS, Institut Brestois du Numérique et des Mathématiques (IBNM), Université de Brest (UBO)-Université de Brest (UBO)-Laboratoire des sciences et techniques de l'information, de la communication et de la connaissance (Lab-STICC), Institut Mines-Télécom [Paris] (IMT)-IMT Atlantique Bretagne-Pays de la Loire (IMT Atlantique), Institut Mines-Télécom [Paris] (IMT)-École Nationale d'Ingénieurs de Brest (ENIB)-École Nationale Supérieure de Techniques Avancées Bretagne (ENSTA Bretagne)-Université de Bretagne Sud (UBS)-Université de Brest (UBO)-Centre National de la Recherche Scientifique (CNRS)-Université Bretagne Loire (UBL)-Institut Mines-Télécom [Paris] (IMT)-IMT Atlantique Bretagne-Pays de la Loire (IMT Atlantique), Institut Mines-Télécom [Paris] (IMT)-École Nationale d'Ingénieurs de Brest (ENIB)-École Nationale Supérieure de Techniques Avancées Bretagne (ENSTA Bretagne)-Université de Bretagne Sud (UBS)-Centre National de la Recherche Scientifique (CNRS)-Université Bretagne Loire (UBL), Laboratoire des sciences et techniques de l'information, de la communication et de la connaissance (Lab-STICC), École Nationale d'Ingénieurs de Brest (ENIB)-Université de Bretagne Sud (UBS)-Université de Brest (UBO)-Télécom Bretagne-Institut Brestois du Numérique et des Mathématiques (IBNM), Université de Brest (UBO)-Université européenne de Bretagne - European University of Brittany (UEB)-École Nationale Supérieure de Techniques Avancées Bretagne (ENSTA Bretagne)-Institut Mines-Télécom [Paris] (IMT)-Centre National de la Recherche Scientifique (CNRS)-École Nationale d'Ingénieurs de Brest (ENIB)-Université de Bretagne Sud (UBS)-Université de Brest (UBO)-Télécom Bretagne-Institut Brestois du Numérique et des Mathématiques (IBNM), Université de Brest (UBO)-Université européenne de Bretagne - European University of Brittany (UEB)-École Nationale Supérieure de Techniques Avancées Bretagne (ENSTA Bretagne)-Institut Mines-Télécom [Paris] (IMT)-Centre National de la Recherche Scientifique (CNRS), and Institut Mines-Télécom [Paris] (IMT)-École Nationale d'Ingénieurs de Brest (ENIB)-École Nationale Supérieure de Techniques Avancées Bretagne (ENSTA Bretagne)-Université de Bretagne Sud (UBS)-Université de Brest (UBO)-Centre National de la Recherche Scientifique (CNRS)-Université Bretagne Loire (UBL)

Subjects

021110 strategic, defence & security studies, Design space exploration, Computer science, Distributed computing, Trade offs, 0211 other engineering and technologies, Active redundancy, 02 engineering and technology, Avionics, Partition (database), 020202 computer hardware & architecture, Scheduling (computing), ARINC 653, 0202 electrical engineering, electronic engineering, information engineering, [INFO]Computer Science [cs], ComputingMilieux_MISCELLANEOUS

Abstract

ARINC 653 introduces the concept of partition that allows time and space isolation in real-time avionic systems. Tasks are assigned to partitions according to various objective functions or constraints such as safety, performance, and security. Some of these objective functions may be conflicting as an improvement of one objective leads to a decrease of another. For example, improving safety by active redundancy may decrease performance. In this paper, we investigate the conflicting aspect between schedulability and security in Time and Space Partitioning (TSP) systems. Many researches have shown that enforcing the security of a system results in an overhead affecting its schedulability. We formulate a design space exploration (DSE) process with a meta-heuristic to explore solutions defined by the tasks to partitions assignment according to security requirements and timing constraints. Experiments are conducted with the Cheddar scheduling analyzer to characterize applications that are concerned by this conflicting issue and to evaluate the tradeoffs between schedulability and security.

Published

2020

37. Design of Virtual Simulation Experiment Platform Based on ARINC 653 Specification

Author

Jinchao Chen, Chenglie Du, Qing Gu, and Keke Chen

Subjects

Source code, business.industry, Computer science, media_common.quotation_subject, Avionics, Integrated modular avionics, Partition (database), Communications management, ARINC 653, Embedded system, System integration, Avionics software, business, media_common

Abstract

Integrated Modular Avionics (IMA) has become the mainstream in avionics system because of its advanced design and excellent performance. However, the disadvantage of the high price, not published source code and limited resource problems makes the development and verification of avionics software more and more complicated. It is of great significance to provide a software testing environment on the general operating system in avionics software development and system integration. In this paper, a virtual ARINC 653 system simulation platform is designed and built by using virtual experiment technology. The platform contains partition management, communication management and health monitoring management, and effectively solves the limited test resources of avionics system. Experimental results show that the performance of the proposed platform is excellent, and meets the real-time requirements of applications.

Published

2020

38. Harmonizing ARINC 653 and Realtime POSIX for Conformance to the FACE Technical Standard

Author

Joel Sherrill and Gedare Bloom

Subjects

Source lines of code, Application programming interface, Computer science, business.industry, 020208 electrical & electronic engineering, 02 engineering and technology, ARINC 429, Avionics, computer.software_genre, 020202 computer hardware & architecture, ARINC 653, Software, RTEMS, POSIX, 0202 electrical engineering, electronic engineering, information engineering, Operating system, business, computer

Abstract

The avionics industry is converging toward the next generation of software standards produced by The Open Group via the Future Airborne Capability Environment (FACE) consortium and related FACE Technical Standard. The standard combines ARINC 653, a previous avionics standard, with subsets of POSIX 1003.1 that are closely aligned with the POSIX realtime profiles PSE52, PSE53, and PSE54. In this paper, we describe our approach to design, implement, and certify a system with FACE Conformance to the FACE Operating System Segment Safety Base profile. Our approach integrates the ARINC 653-compliant Deos with RTEMS, an open-source real-time operating system (RTOS). Our goal in combining Deos/RTEMS was to achieve certification of FACE Conformance in a low-cost manner by relying on existing, mature software that already provides the majority of the functionality required by the FACE Technical Standard. We reached our goal with under 10,000 source lines of code (SLOC) written to integrate RTEMS into Deos and implement any additional POSIX application programming interfaces (APIs) and tests needed for certification.

Published

2020

39. Security in Mixed Time and Event Triggered Cyber-Physical Systems using Moving Target Defense

Author

Xenofon Koutsoukos, Bradley Potteiger, Abhishek Dubey, Feiyang Cai, and Zhenkai Zhang

Subjects

Computer science, Address space, business.industry, 020208 electrical & electronic engineering, Testbed, Code reuse, Cyber-physical system, Control reconfiguration, 020207 software engineering, Memory corruption, 02 engineering and technology, ARINC 653, Embedded system, 0202 electrical engineering, electronic engineering, information engineering, Code injection, business

Abstract

Memory corruption attacks such as code injection, code reuse, and non-control data attacks have become widely popular for compromising safety-critical Cyber-Physical Systems (CPS). Moving target defense (MTD) techniques such as instruction set randomization (ISR), address space randomization (ASR), and data space randomization (DSR) can be used to protect systems against such attacks. CPS often use time-triggered architectures to guarantee predictable and reliable operation. MTD techniques can cause time delays with unpredictable behavior. To protect CPS against memory corruption attacks, MTD techniques can be implemented in a mixed time and event-triggered architecture that provides capabilities for maintaining safety and availability during an attack. This paper presents a mixed time and event-triggered MTD security approach based on the ARINC 653 architecture that provides predictable and reliable operation during normal operation and rapid detection and reconfiguration upon detection of attacks. We leverage a hardware-in-the-loop testbed and an advanced emergency braking system (AEBS) case study to show the effectiveness of our approach.

Published

2020

40. Execution Model to Reduce the Interference of Shared Memory in ARINC 653 Compliant Multicore RTOS

Author

Mi-Young Kwon, Sihyeong Park, Hyungshin Kim, and Hoon-Kyu Kim

Subjects

Computer science, CPU cache, Time division multiple access, 02 engineering and technology, lcsh:Technology, lcsh:Chemistry, ARINC 653, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, General Materials Science, Instrumentation, Real-time operating system, Execution model, lcsh:QH301-705.5, Fluid Flow and Transfer Processes, execution model, business.industry, lcsh:T, Process Chemistry and Technology, General Engineering, interference analysis, Avionics, lcsh:QC1-999, 020202 computer hardware & architecture, Computer Science Applications, Shared memory, lcsh:Biology (General), lcsh:QD1-999, lcsh:TA1-2040, Embedded system, multicore architecture, avionics systems, real-time system, business, lcsh:Engineering (General). Civil engineering (General), Software verification, lcsh:Physics

Abstract

Multicore architecture is applied to contemporary avionics systems to deal with complex tasks. However, multicore architectures can cause interference by contention because the cores share hardware resources. This interference reduces the predictable execution time of safety-critical systems, such as avionics systems. To reduce this interference, methods of separating hardware resources or limiting capacity by core have been proposed. Existing studies have modified kernels to control hardware resources. Additionally, an execution model has been proposed that can reduce interference by adjusting the execution order of tasks without software modification. Avionics systems require several rigorous software verification procedures. Therefore, modifying existing software can be costly and time-consuming. In this work, we propose a method to apply execution models proposed in existing studies without modifying commercial real-time operating systems. We implemented the time-division multiple access (TDMA) and acquisition execution restitution (AER) execution models with pseudo-partition and message queuing on VxWorks 653. Moreover, we propose a multi-TDMA model considering the characteristics of the target hardware. For the interference analysis, we measured the L1 and L2 cache misses and the number of main memory requests. We demonstrated that the interference caused by memory sharing was reduced by at least 60% in the execution model. In particular, multi-TDMA doubled utilization compared to TDMA and also reduced the execution time by 20% compared to the AER model.

Published

2020

41. A Modular SystemC RTOS Model for Uncertainty Analysis

Author

Giulio M. Mancuso, Fabio Cremona, Alessandro Ulisse, and Lorenzo Lazzara

Subjects

Design space exploration, Computer science, business.industry, Probabilistic logic, Modular design, ARINC 653, SystemC, Embedded system, business, computer, Formal verification, Real-time operating system, Software verification, computer.programming_language

Abstract

Nowadays the complexity of embedded systems is constantly increasing and several different types of applications concurrently execute on the same computational platform. Hence these systems have to satisfy real-time constraints and support real-time communication. The design and verification of these systems is very complex, full formal verification is not always possible and the run-time verification is the only feasible path to follow. In this context, the possibility to simulate their behavior becomes a crucial aspect. This paper proposes a SystemC modular RTOS model to assist the design and the verification of real-time embedded systems. The model architecture has been designed to capture all the typical functionalities that every RTOS owns, in order to easily reproduce the behavior of a large class of RTOS. The RTOS model can support functional simulation for design space exploration to rapidly evaluate the impact of different RTOS configurations (such as scheduling policies) on the overall system performances. Moreover the model can be used for software verification by implementing specific RTOS APIs over the generic services provided by the model, allowing the simulation of a real application without changing any instruction. The proposed approach enables the user to model non-deterministic behaviors at architectural and application level by means of probabilistic distributions. This allows to assess system performances of complex embedded systems under uncertain behavior (e.g. execution time). A use case is proposed considering an instance of the model compliant with the ARINC 653 specification, which requires spatial and temporal segregation, and where typical RTOS performances are assessed given the probability distributions of execution time and aperiodic task activation.

Published

2020

42. Empirical Study of Real-Time Hypervisors for Industrial Systems

Author

Christoph Ruland and Asmaa Tellabi

Subjects

ARM architecture, ARINC 653, Empirical research, Computer science, Operating system, x86, Hypervisor, Central processing unit, Virtualization, computer.software_genre, computer, Scheduling (computing)

Abstract

Latest developments in virtualization technologies made it useful for a large selection of general purposes solutions to be integrated easily in multiple platforms. This technology is used for data centers in order to reduce cost, space and power which are the reasons why this technology is successful. Various markets are currently assessing the utilization of virtualization technology for hosting their services and infrastructures. Virtualization performances and innovations have significantly in terms of performances over the last couple of years. At the same time it still faces some challenges regarding performances for real-time applications. Xen is a well-known open-source type 1 hypervisor, which is the reason why it was used in this experiment. Another bare metal hypervisor called XtratuM will be used to explore the characteristics of the ARINC 653 scheduler. Performances of applications are influenced by the scheduling and network I/O tasks. The main contribution of this paper is that it compares the performances of real time schedulers of these two hypervisors; it also presents data performances of these schedulers on two different architectures, on an x86 based processor and also on ARM processors.

Published

2019

43. Aligning Deos and RTEMS with the FACE safety base operating system profile

Author

Joel Sherrill, Gary Gilliland, and Gedare Bloom

Subjects

Software_OPERATINGSYSTEMS, Computer science, 020208 electrical & electronic engineering, 02 engineering and technology, Avionics, computer.software_genre, 020202 computer hardware & architecture, Paravirtualization, ARINC 653, RTEMS, POSIX, 0202 electrical engineering, electronic engineering, information engineering, Computer Science (miscellaneous), Operating system, ComputerSystemsOrganization_SPECIAL-PURPOSEANDAPPLICATION-BASEDSYSTEMS, Reference architecture, Engineering (miscellaneous), computer, Real-time operating system, PATH (variable)

Abstract

The Open Group Future Airborne Capability Environment (FACE ™ ) Consortium has developed a reference architecture and standard for real-time embedded avionics systems. The FACE Technical Standard defines required capabilities for real-time operating systems (RTOS), portable components, and a shared data model to facilitate information exchange between components. FACE RTOS requirements are based on ARINC 653 and POSIX 1003.1b with tailoring to address the safety and security needs of avionics systems. Deos is a safety-certified RTOS that supports ARINC 653 but not POSIX. In contrast, RTEMS is an open source RTOS that supports POSIX but not ARINC 653. Integrating a paravirtualized RTEMS with Deos combines the strengths of both and provides a path to conformance with the FACE Safety Base operating system profile. This paper presents the FACE operating system profiles and discusses the technical challenges of the paravirtualization and integration effort.

Published

2018

44. Integration of Data Distribution Service and distributed partitioned systems

Author

Marisol García-Valls, Chenyang Lu, Imad Eddine Touahria, and Jorge Domínguez-Poblete

Subjects

Computer science, business.industry, Distributed computing, 020208 electrical & electronic engineering, Interoperability, Data Distribution Service, 02 engineering and technology, Modular design, Avionics, Integrated modular avionics, 020202 computer hardware & architecture, Scheduling (computing), ARINC 653, Criticality, Hardware and Architecture, Embedded system, 0202 electrical engineering, electronic engineering, information engineering, business, Software

Abstract

Avionics systems are complex and time-critical systems that are progressively adopting more flexible (though equally robust) architectural designs. Although a number of current avionics systems follow federated architectures, the Integrated Modular Avionics (IMA) paradign is becoming the dominant style in the more modern developments. The reason is that the IMA concept promotes modular designs where applications with different levels of criticality can execute in an isolated manner in the same hardware. This approach complies with the requirements of cost, safety, and weight of the avionics systems. FACE standard (Future Airborne Capability Environment) defines the architectural baseline for easing integration in avionics systems, including the communication functions across distributed components. As specified in FACE, middleware will be integrated into avionics systems to ease development of portable components that can interoperate effectively. This paper describes the usage of publish-subscribe middleware (precisely, DDS – Data Distribution Service for real-time systems) into a fully distributed partitioned system. We describe, from a practical point of view, the integration of the middleware communication overhead into the hierarchical scheduling (as compliant with ARINC 653) to allow the usage of middleware in the partitions. We explain the design of a realiable communication setting, exemplified on a distributed monitoring application in a partitioned environment. The obtained implementation results show that, given the stable communication overhead of the middleware, it can be integrated in the time windows of partitions.

Published

2018

45. Extracting architectural information from source code of ARINC 653-compatible application software using CEGAR-based approach

Author

S L Lesovoy

Subjects

Source code, business.industry, Computer science, media_common.quotation_subject, Application software, computer.software_genre, архитектурные модели, lcsh:QA75.5-76.95, интегрированная модульная авионика (има), ARINC 653, Embedded system, General Earth and Planetary Sciences, lcsh:Electronic computers. Computer science, business, computer, алгоритм cegar, архитектурная информация, General Environmental Science, media_common

Abstract

It may be useful to analyze and reuse some components of legacy systems during development of new systems. By using a model-based approach it is possible to build an architecture model from the existing source code of the legacy system. The purpose of using architecture models is to analyze the system’s static and dynamic features during the development process. These features may include real-time performance, resources consumption, reliability etc. The architecture models can be used as for system analysis as well as for reusing some components of the legacy system in the new design. In many cases it will allow to avoid creation of a new system from scratch. For creation of the architectural models various modeling languages can be used. In the present work Architecture Analysis & Design Language (AADL) is used. The paper describes an algorithm of extracting architectural information from source code of ARINC 653-compatible application software. ARINC 653 specification defines the requirements for software components of Integrated Modular Avionics (IMA) systems. To access the various services of ARINC 653 based OS an application software uses function calls defined in the APplication/Executive (APEX) interface. Architectural information in source code of application software compliant with ARINC 653 specification includes different objects and their attributes such as processes in each partition, objects for interpartition and intrapartition communications, as well as global variables. To collect the architectural information, it is necessary to extract all APEX calls from source code of application software. The extracted architectural information can be further used for creation the architecture models of the system. For source code analysis an approach based on Counterexample-guided abstraction refinement (CEGAR) algorithm is used. CEGAR algorithm explores possible execution paths of the program using its representation in the form of Abstract Reachability Graph (ARG). In a classical CEGAR algorithm a path in a program to be explored is called a counterexample and it means a path to the error state. In CPAchecker tool the basic predicate-based CEGAR algorithm has been extended for explicit-value analysis. In this paper the extended for explicit-value analysis CEGAR algorithm is applied for the task of extracting architecture information from source code. The main contribution of this paper is the application the ideas of counterexample and path feasibility check for the task of extracting the architectural information from source code.

Published

2018

46. Реализация каналов спецификации ARINC 653 в операционной системе реального времени Багет 3

Author

V. A. Soldatov, I. I. Homenkov, and A. N. Godunov

Subjects

ARINC 653, Computer science, Operating system, computer.software_genre, Real-time operating system, computer

Published

2017

47. Implementation of Intra-Partition Communication in Layered ARINC 653 for Drone Flight-Control Program

Author

Hyun-Chul Jo, Joo-Kwang Park, Hyun-Wook Jin, and Jooho Kim

Subjects

ARINC 653, Computer science, Operating system, computer.software_genre, Partition (database), computer, Drone

Published

2017

48. Response-Time Analysis in Hierarchically-Scheduled Time-Partitioned Distributed Systems

Author

Juan M. Rivas, J. Carlos Palencia, J. Javier Gutiérrez, and Michael González Harbour

Subjects

Schedule, Computer science, Distributed computing, Response time, 020207 software engineering, 02 engineering and technology, Parallel computing, Partition (database), Clock synchronization, 020202 computer hardware & architecture, Scheduling (computing), ARINC 653, Computational Theory and Mathematics, Hardware and Architecture, Signal Processing, Component-based software engineering, 0202 electrical engineering, electronic engineering, information engineering, Communications protocol

Abstract

This paper develops an offset-based response-time analysis technique for analyzing complex distributed real-time systems where processing and communication resources use the time-partitioning strategy to isolate the operation of separate software components. Time partitioning may be provided in the processors by an ARINC 653 compliant operating system, and in the networks via the TTP communication protocol. The software components executed by the system may themselves be distributed and complex, composed of many concurrent tasks and with one or more end-to-end flows that may have end-to-end timing requirements. The developed analysis supports hierarchical scheduling where a primary scheduler performs time partitioning into separate partitions, and secondary fixed-priority schedulers dispatch the different concurrent tasks inside each partition. It also supports end-to-end flows that are either synchronized with the partition schedule or not. This is the first time that this kind of analysis is developed. An evaluation of an improvement introduced in the analysis is discussed. Two representative case studies are described.

Published

2017

49. Handling heterogeneous partitioned systems through ARINC-653 and DDS

Author

J. Javier Gutiérrez and Héctor Pérez

Subjects

020203 distributed computing, Computer science, business.industry, Distributed computing, 020207 software engineering, Hypervisor, Context (language use), 02 engineering and technology, Avionics, Domain (software engineering), Software development process, ARINC 653, Software, Hardware and Architecture, Middleware, 0202 electrical engineering, electronic engineering, information engineering, Software engineering, business, Law

Abstract

Many cyber-physical systems in the avionics domain are mission- or safety-critical systems. In this context, standard distribution middleware has recently emerged as a potential solution to interconnect heterogeneous partitioned systems, as it would bring important benefits throughout the software development process. A remaining challenge, however, is reducing the complexity associated with current distribution middleware standards which leads to prohibitive certification costs. To overcome this complexity, this work explores the use of the DDS distribution middleware standard on top of a software platform based on the ARINC-653 specification. Furthermore, it discusses how both technologies can be integrated in order to apply them in mission and safety-critical scenarios. We present and discuss a set of feasible system architectures to combine DDS and ARINC-653 standards as a solution to the future development of heterogeneous mixed-criticality systems.We analyse the integration of DDS and ARINC-653 by identifying the issues that may compromise the integration of both standards, and we also propose solutions to address them.We analyze and evaluate a case-study from the avionics domain to demonstrate the validity of the approach.The approach represents a further step towards the development of a safety-critical profile for DDS.

Published

2017

50. Global Optimization of Fixed-Priority Real-Time Systems by RTOS-Aware Control-Flow Analysis

Author

Christian Dietrich, Martin Hoffmann, and Daniel Lohmann

Subjects

business.industry, Computer science, OSEK, Real-time computing, Optimizing compiler, 020207 software engineering, Fault tolerance, 02 engineering and technology, Static analysis, 020202 computer hardware & architecture, ARINC 653, Control flow analysis, Hardware and Architecture, Embedded system, 0202 electrical engineering, electronic engineering, information engineering, business, Real-time operating system, Software, Compile time

Abstract

Cyber--physical systems typically target a dedicated purpose; their embedded real-time control system, such as an automotive control unit, is designed with a well-defined set of functionalities. On the software side, this results in a large amount of implicit and explicit static knowledge about the system and its behavior already at compile time. Compilers have become increasingly better at extracting and exploiting such static knowledge. For instance, many optimizations have been lifted up to the interprocedural or even to the whole-program level. However, whole-program optimizations generally stop at the application--kernel boundary: control-flow transitions between different threads are not yet analyzed. In this article, we cross the application--kernel boundary by combining the semantics of a real-time operating system (RTOS) with deterministic fixed-priority scheduling (e.g., OSEK/AUTOSAR, ARINC 653, μITRON, POSIX.4) and the explicit application knowledge to enable system-wide, flow-sensitive compiler optimizations. We present two methods to extract a cross-kernel, control-flow--graph that provides a global view on all possible execution paths of a real-time system. Having this knowledge at hand, we tailor the operating system kernel more closely to the particular application scenario. For the example of a real-world safety-critical control system, we present three possible use cases. (1) Runtime optimizations, by means of specialized system calls for each call site, allow one speed up the kernel execution path by 28% in our benchmark scenario. Furthermore, we target transient hardware fault tolerance with two automated software-based countermeasures: (2) generation of OS state assertions on the expected system behavior, and (3) a system-wide dominator-region based control-flow error detection, both of which leverage significant robustness improvements.

Published

2017