Steve Vestal

Preemptive Scheduling of Multi-criticality Systems with Varying Degrees of Execution Time Assurance

This paper is based on a conjecture that the more confidence one needs in a task execution time bound (the less tolerant one is of missed deadlines), the larger and more conservative that bound tends to become in practice. We assume different tasks perform functions having different criticalities and requiring different levels of assurance. We assume a task may have a set of alternative worst-case execution times, each assured to a different level of confidence. This paper presents ways to use this information to obtain more precise schedulability analysis and more efficient preemptive fixed priority scheduling. These methods are evaluated using workloads abstracted from production avionics systems.

DOMAIN-SPECIFIC SOFTWARE ARCHITECTURES FOR GUIDANCE, NAVIGATION AND CONTROL

We describe two languages and associated tools for capturing and analyzing two different views of the architecture of an embedded system. One language is tailored to address guidance, navigation, and feedback control issues, while the other is tailored to address real-time, fault-tolerance, secure partitioning, and scalable multiprocessor issues. Both languages have tools that perform analyses appropriate for the issues each addresses, and tools to automatically configure the application software from a sufficiently detailed specification. The integrated languages and tools are intended to support a development process based on reusing an easily configurable generic architecture developed for a family of products.

Schedulability Analysis of Sporadic Tasks with Multiple Criticality Specifications

In a paper that was presented at the recently-concluded real-time systems symposium, Vestal proposed a new real-time task model that is able to represent the fact that the worst-case execution time (WCET) of a single task may be determined to different levels of accuracy with different degrees of confidence. In systems with multiple criticality requirements -different tasks need to be assured of meeting their deadlines with different levels of confidence - such multiple specifications of WCET may be exploited to obtain better processor utilization.This paper conducts a thorough study of the feasibility and schedulability questions for such multi-criticality real-time task systems when implemented upon preemptive uniprocessor platforms.

The SAE Architecture Analysis & Design Language (AADL) a standard for engineering performance critical systems

The Society of Automotive Engineers (SAE) Architecture Analysis & Design Language, AS5506, provides a means for the formal specification of the hardware and software architecture of embedded computer systems and system of systems. It was designed to support a full Model Based Development lifecycle including system specification, analysis, system tuning, integration, and upgrade over the lifecycle. It was designed to support the integration of multiple forms of analyses and to be extensible in a standard way for additional analysis approaches. A system can be automatically integrated from AADL models when fully specified and when source code is provided for the software components. Analysis of large complex systems has been demonstrated in the avionics domain.

An Overview of the SAE Architecture Analysis & Design Language (AADL) Standard: A Basis for Model-Based Architecture-Driven Embedded Systems Engineering

Architecture Description Languages provide significant opportunity for the incorporation of formal methods and engineering models into the analysis of software and system architectures. A standard is being developed for embedded real-time safety critical systems which will support the use of various formal approaches to analyze the impact of the composition of systems from hardware and software and which will allow the generation of system glue code with the performance qualities predicted. The SAE AADL standard (International Society for Automotive Engineers (SAE) Architecture Analysis & Design Language) is based on the MetaH language developed under DARPA and US Army funding and on the model driven architectural based approach demonstrated with this technology over the last 12 years. The SAE AADL standard is aimed at supporting avionics, space, automotive, robotics and other real-time concurrent processing domains including safety critical applications.

A Compositional Scheduling Framework for Digital Avionics Systems

ARINC specification 653-2 describes the interface between application software and underlying middleware in a distributed real-time avionics system. The real-time workload in this system comprises of partitions, where each partition consists of one or more processes. Processes incur blocking and preemption overheads and can communicate with other processes in the system. In this work we develop compositional techniques for automated scheduling of such partitions and processes. At present, system designers manually schedule partitions based on interactions they have with the partition vendors. This approach is not only time consuming, but can also result in under utilization of resources. In contrast, the technique proposed in this paper is a principled approach for scheduling ARINC-653 partitions and therefore should facilitate system integration.

Mode changes in a real-time architecture description language

MetaH is a language used to describe the overall configuration or architecture of a real-time avionics application. The language includes a feature called a mode, which allows the set of processes, or the connections between those processes, to be changed dynamically by the application during system operation. The language requires all possible modes of operation to be statically declared, which facilitates both automatic code assembly and real-time schedulability analysis.<<ETX>>

Scheduling and communication in MetaH

This paper describes certain aspects of an architecture description language (MetaH) and associated toolset used to specify, analyze, and automatically assemble software for real-time, fault-tolerant, secure, multi-processor systems. One goal in the design of this language and toolset was to provide design-time analysis that accurately characterizes the behavior of the actual implementation. Currently, our toolset consists of tools to automatically assemble the application software and to perform a real-time schedulability analysis for that application.<<ETX>>

Using an architecture description language for quantitative analysis of real-time systems

An architecture description language (ADL) specifies the structure of an overall system as an assembly of interacting components. ADLs can serve as input to a variety of development tools. We outline the Avionics Architecture Description Language, an emerging SAE standard for describing the architectures of hard real-time, safety-critical embedded computer systems. We describe a suite of tools that perform a set of verification, modeling and analysis, and implementation activities given an AADL specification. We summarize a study that applied these technologies using data about a complex avionics system, identifying and discussing some of the issues raised by this exercise.

Formalizing Software Architectures for Embedded Systems

This paper outlines an approach to embedded computer system development that is based on integrated use of multiple domainspecific languages; on increased use of mathematical analysis methods; and on increased integration between domain-specific specification and mathematical modeling and code generation. We first outline some general principles of this approach. We then present a bit more detail about the emerging SAE standard Avionics Architecture Description Language and our supporting MetaH toolset.We conclude with a summary of some research challenge problems, technical approaches, and preliminary results uncovered during our work.