Martin Schlager

A comparison of partitioning operating systems for integrated systems

In present-day electronic systems, application subsystems from different vendors and with different criticality levels are integrated within the same hardware. Hence, encapsulation of these subsystems is required in the temporal as well as in the spatial domain. Partitioning Operating Systems (OSs) are employed to allow shared access of applications to critical resources within an integrated system. In this paper we will discuss fundamental properties of partitioning OSs and compare features of existing solutions. Thereby, we will investigate on LynxOS which is a partitioning OS according to ARINC653, on Tresos, a partitioning OS in accordance with AUTomotive Open System ARchitecture (AUTOSAR), as well as on two prototypical partitioning OS realizations that have been implemented within the Dependable Embedded COmponents and Systems (DECOS) project, an integrated project within the Sixth Framework Programme of the European Commission.

Interface Design for Hardware-in-the-Loop Simulation

This paper presents a scalable approach to interface between a time-triggered distributed hardware-in-the-loop (HIL) simulator and the system under test (SUT) via smart virtual transducers (SVTs). An SVT is an element of an HIL simulator and implements two interfaces - a standardized digital interface to a time-triggered transducer network and a transducer-specific interface. The main contribution of the approach is a separation of the execution of the simulation model and the deterministic interaction via an arbitrary transducer interface. The benefit of such separation is the temporal decoupling between simulation model execution and interaction with the SUT. Furthermore, the approach leads to a reduction of complexity of the simulation setup. The application of the approach is shown by an SVT prototype that is used to simulate a temperature sensor

Encapsulating application subsystems using the DECOS core OS

This paper presents an approach to structured integration of different application subsystems on the same embedded hardware, as currently developed in DECOS (Dependable Embedded Components and Systems), an integrated project within the Sixth Framework Programme of the European Commission. Those application subsystems can have different criticality levels and vendors. Furthermore, reliable communication among application subsystems is a major concern. Focusing on the Encapsulated Execution Environment (EEE), which separates application subsystems in the space AND the time domain, this approach outlines the concepts and principles of an exokernel operating system, of partitioning, and of virtualization. The Core Operating System (COS) is described as a case study, including the hardware used, the current feature set, and benchmark values of central COS operations. This paper also presents a model for a platform-independent application interface layer. Parts of this interface layer are generated from task specification to provide tasks with tailored communication services.

Modeling distributed embedded applications on an interface file system

This paper presents a framework for generic modeling of distributed embedded applications. An application is decomposed into services and mapped on a set of distributed nodes, whereas each node hosts one or more services. Each service is described by four interfaces: a real-time input/output, a configuration and planning (CP), and a diagnostic and management (DM) interface. The overall application is described by a cluster configuration description that specifies the interaction of services within and across nodes. The application requirements, the service properties of a node, and the interaction of the services as well as the application mapping are described formally with XML descriptions. The XML format allows a language-neutral and extensible semantic description of interfaces supporting the implementation of context-aware tools for modeling, scheduling, monitoring, simulation, and validation. A central concept of the model is the interface file system (IFS) that acts as a distributed shared memory and transparently implements the interfaces to services from other nodes. In principle, the communication system that updates the data in the IFS data is not bound to a specific implementation as long as it fulfills the given timing requirements. The presented concepts are applied in a case study that uses the time-triggered fieldbus protocol TTP/A for the implementation of a small sensor fusion application

A framework for hardware-in-the-loop testing of an integrated architecture

An electrical shutter including a first electromagnet for initiating opening of the shutter and a second electromagnet for initiating closing of the shutter. Each of the electromagnets has an operational time lag associated therewith, and the time lag of the first electromagnet is greater than the time lag of the second electromagnet. The control circuit of the present invention includes delay means, in the form of a variable resistor, for delaying the energization of the second electromagnet to compensate for the difference in the time lags of the first and second electromagnets.

Model-Based Development of Distributed Embedded Real-Time Systems with the DECOS Tool-Chain

The increasing complexity of distributed embedded systems, as found today in airplanes or cars, becomes more and more a critical cost-factor for their development. Model-based approaches have recently demonstrated their potential for both improving and accelerating (software) development processes. Therefore, in the project DECOS1, which aims at improving system architectures and development of distributed safety-critical embedded systems, an integrated, model-driven tool-chain is established, accompanying the system development process from design to deployment. This paper gives an overview of this tool-chain and outlines important design decisions and features. Copyright

A Simulation Framework for Virtual Integration of Integrated Systems

The simulation of distributed applications on virtual integration platforms has the benefit of shortening the time-to-market by reducing the required number of physical prototype setups. This paper presents a simulation framework for a novel type of platforms for large distributed real-time systems, namely integrated architectures based on time-triggered control (e.g., DECOS architecture). The simulation framework captures the specific temporal properties of the execution platform in an integrated architecture, where the communication resources (e.g., network bandwidth) and the computational resources (e.g., CPU time of node computers) are shared between multiple application subsystems. The simulation framework combines a simulation of the communication system, a simulation of the operating system, an environmental simulation, and application code created from MATLAB/Simulink models of the application behavior. We show an implementation of the introduced framework for the DECOS architecture and describe an example based on an automotive headlamp system.

Benefits and Implications of the DECOS Encapsulation Approach

In contrast to federated architectures, an inte- grated architecture provides means to support mixed-criticality systems, i.e., systems that consist of distributed application parts (subsystems) with different criticality levels, on top of the same physical hardware. A major prerequisite for the integration of subsystems with different criticality levels, is given by a strong and reliable protection of the subsystems against each other - both in space and time. Within DECOS, an Encapsulated Execution Environment is set up in order to establish the required level of protection by providing a mixture of hardware (e.g., memory protection) and software mechanisms (e.g., real- time operating system). The development of an Encapsulated Execution Environ- ment is driven by the enormous advances in the domain of dependable real-time control systems in the past decade and the increase of system size in terms of required hardware components (ECUs). This paper shall give an overview of the benefits of the chosen approach and will investigate on its implications. Thereby, it will examine the need for proper development methods that assist the application developer. For instance, the emulation of a subsystem or its parts within an in- tegrated architecture through a simulation requires appropriate approaches. Index Terms—Dependable systems, embedded, mixed- criticality, integrated architecture, DECOS.

Impact of Dependable Software Development Guidelines on Timing Analysis

The knowledge of the worst-case execution time (WCET) of real-time tasks is mandatory to ensure correct timing behavior of real-time systems. However, in practice an exact WCET analysis is often intractable due to limitations in computability and analysis complexity of real-size programs. In this paper we analyze how development guidelines for dependable software support and simplify WCET analysis. We investigate three guidelines and their impact on WCET analyzability. DO-178B as a production guide for avionics software expresses requirements that are relevant for timing analysis. The MISRA guidelines include C programming guidelines that improve the WCET analyzability of software. Finally, ARINC 655, a standard for software architectures of avionic systems, provides examples on how to simplify timing analysis already at the design level as early as in system design. The argument of this paper is that careful system design and programming improves the timing analyzability of real-time systems

Fault-Tolerant Compensation of the Propagation Delay for Hard Real-Time Systems

In control systems the jitter is a relevant problem since the majority of theoretical results for analysis and design of time-invariant systems do not apply for timevariant systems. Reducing the jitter increases the stability of the closed control-loop thus leading to enhanced reliability. This paper presents a general model that can be applied to bus topologies as well as to star topologies. Based on this model an algorithm is presented that allows to improve the precision of a set of distributed clocks by measuring the propagation delay of the communication lines in a fault-tolerant way and compensating the jitter introduced by the propagation delay. Some fault-tolerant architectures already provide means for coping with propagation delays but require manually entering the values in a configuration-tool. With this algorithm the system supports this errorprone task by providing validity checks for the entered values or measuring these values automatically thus rendering this maintenance step obsolete.