1 / 61

TIME TRIGGERED ARCHITECTURE

TIME TRIGGERED ARCHITECTURE. By. Mehmood Ismail Tily Huiyu Luo Lucanus Jurgen Simonson. OVERVIEW. TIME TRIGGERED ARCHITECTURE:. Overview:. Introduction Fault Tolerance Alternatives Quick review TTA Demonstrator. INTRODUCTION. TIME TRIGGERED ARCHITECTURE:. Introduction:

zeroun
Download Presentation

TIME TRIGGERED ARCHITECTURE

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. TIME TRIGGERED ARCHITECTURE By Mehmood Ismail Tily Huiyu Luo Lucanus Jurgen Simonson

  2. OVERVIEW

  3. TIME TRIGGERED ARCHITECTURE: Overview: • Introduction • Fault Tolerance • Alternatives • Quick review • TTA Demonstrator

  4. INTRODUCTION

  5. TIME TRIGGERED ARCHITECTURE: Introduction: What is TTA: • Time Triggered Architectures (TTA) • are one way to implement a distributed embedded system. • communicate based upon a static schedule. • make verification easy. • can easily be designed to be fault tolerant. • have very predictable performance. • are used for control and reliability-critical applications.

  6. TIME TRIGGERED ARCHITECTURE: Introduction: Distributed Embedded Systems: • A distributed embedded system is composed of multiple embedded processing nodes communicating over one or more channels. • Examples: • Sensors and actuators that provide a pilot with information and control of an airplane. • Automotive, production line, sensor networks • Anything in which mechanical or analog electronic control can be replaced with digital.

  7. TIME TRIGGERED ARCHITECTURE: Introduction: TTA Scheduling: • In traditional Event Triggered Architectures nodes initiate communication when events occur. • In TTA a static schedule for communication is set at design time. • Each communication task is allocated to a periodic time-slot. • If used in a distributed system the nodes must synchronize their clocks.

  8. TIME TRIGGERED ARCHITECTURE: Introduction: Makes Verification Easy: • Akin to “making root-canal painless.” • Verification is hard. • Verification is harder for more complex systems. • Complexity is a function of how many potential states the system can enter. • Why TTA is “easier”. • Dynamically scheduled (Event Triggered) communication leads to an explosion in potential states. • Statically scheduled communication reduces the number of potential states.

  9. TIME TRIGGERED ARCHITECTURE: Introduction: Fault Tolerance: • Faults are detected at both the sender and receiver of a communication because the receiver is “expecting” the communication. • Faults are addressed through redundancy. • Redundant nodes can assume the functionality of a faulty node. • Redundant communication channels can also be used.

  10. TIME TRIGGERED ARCHITECTURE: Introduction: Predictable Performance: • Response time of the system is determined by the static schedule. • In a real time system • maximum response time must be low. • it is preferable to have minimal variation in response time. • The response time of the TTA is independent of expected load and fault conditions.

  11. TIME TRIGGERED ARCHITECTURE: Introduction: Reliability-Critical Applications: • Because TTAs are • relatively easy to verify, • can easily be designed to be fault tolerant, • and have very predictable performance • they are ideally suited to reliability-critical control applications with real time requirements.

  12. FAULT TOLARENCE

  13. TIME TRIGGERED ARCHITECTURE: Fault Tolerance:Safety Critical Applications : • Applications demand systems that are able to deliver timely and dependable service even in the presence of fault. For example: brake/steer systems in automobiles.

  14. TIME TRIGGERED ARCHITECTURE: Fault Tolerance:Solution: • Faults: • Node and channel failure. • Transient and permanent failure. • How to achieve fault tolerant? • Active redundancy by replication and voting.

  15. TIME TRIGGERED ARCHITECTURE: Fault Tolerance:Channel Replication:

  16. TIME TRIGGERED ARCHITECTURE: Fault Tolerance:Node Replication:

  17. TIME TRIGGERED ARCHITECTURE: Fault Tolerance:TTA • Assures a predictable and small bounded maximum latency between a stimulus from and response to the environment. • Provides generic support for the implementation of active redundancy. • Time triggered protocol (TTP) supports replicated nodes and communication channels. • Fault-tolerance functions can be encapsulated in a dedicated autonomous layer.

  18. Time Triggered Protocol

  19. TIME TRIGGERED ARCHITECTURE: Fault Tolerance:Communication Protocol: • TTP is a TDMA based protocol organized into a set of rounds. • Each node is allowed to send a few messages in a round. • It provides autonomous time-triggered communication controlled by the controller internal Message Description List

  20. TIME TRIGGERED ARCHITECTURE: Fault Tolerance:TTP provides: • Message transport with predictable low latency. • Membership service: give all nodes consistent information about present and absent nodes. • Supports clock resynchronization. • Distributed redundancy management: removes failed nodes and reintegrate sparse and repaired nodes. • Minimum overhead and flexibility without compromising predictability.

  21. TIME TRIGGERED ARCHITECTURE: Fault Tolerance:Protocol Description: • Controller state • Mode field: identification • Time field: global time • Membership field: active or inactive node • Frame format • Start of frame field • Control field • Data field • CRC field

  22. TIME TRIGGERED ARCHITECTURE: Fault Tolerance:Description – Continued: • Clock synchronization • Since the receiver knows a priori the time of sending of each frame, the deviation is an indication of the clock difference. • Bus access is controlled by global time. • Redundancy management • Every node has a unique name and start-up number to decide its position in TDMA sequence.

  23. TIME TRIGGERED ARCHITECTURE: Fault Tolerance:Plus • Verification • Significant improvements in testability, system simulation and determinism is achieved through temporal encapsulation of nodes. • Flexibility • New mode definitions can be added. • Subsystems can be developed independently and integrated straightforward.

  24. Fault Tolerant Units

  25. TIME TRIGGERED ARCHITECTURE: Fault Tolerance:Fail Silent: • At system level, nodes either produce correct message at correct time or produce detectable incorrect message at the correct time or produce no message. • Fail silent in the temporal domain is achieved by the design of TTP communication controller, bus guardian • In value domain, use CRC (cyclic redundant check) code.

  26. TIME TRIGGERED ARCHITECTURE: Fault Tolerance:Fault Tolerant Unit: • A fail silent node is called a smallest replaceable unit (SRU). • Fault tolerant unit (FTU) is formed by a number of replicated SRUs in order to mask failures. • In other words, FTU is a group of nodes or software subsystems that compute the same function.

  27. TIME TRIGGERED ARCHITECTURE: Fault Tolerance:FTU : • SRUs that are fail silent can be used to build fail silent active redundant FTUs (FSAR). • If SRUs are not fail silent, at least three modules are needed to form the redundant FTUs.

  28. TIME TRIGGERED ARCHITECTURE: Fault Tolerance:FTU configurations:

  29. TIME TRIGGERED ARCHITECTURE: Fault Tolerance:FTU layer :

  30. TIME TRIGGERED ARCHITECTURE: Fault Tolerance:FTU Layer: • FTU layer compress redundancy service in a dedicated layer of communication. • FTU layer is sandwiched between FTU CNI and SRU CNI, and is transparent to the host computers. • Generic VLSI solutions of FTU layer is attractive due to the potential of automotive market.

  31. TIME TRIGGERED ARCHITECTURE: Fault Tolerance:A Real Example :

  32. ALTERNATIVES

  33. TIME TRIGGERED ARCHITECTURE: Alternates to Time Triggered Architecture: • Event Driven: System actions are triggered by some external event. • Advantages of TTA over EDA: • Every node is aware of time when a node is going to transmit – Predictability and Jitter-free communication • As global time base is used as control signal, integration does not require transmission of control signals between nodes. That results in easier integration. • If an application is validated with respect to its local CNI, the application software will operate predictably in the integrated system too. • Fault tolerance is achieved by active replication. Costly/ difficult in event driven. • But… • If application is not safety critical and non-periodic, event driven is better • due to higher utilization.

  34. TIME TRIGGERED ARCHITECTURE: Alternates to Time Triggered Architecture: • FLEXRAY: (Same Architecture with different name?) • Message exchange service that provides deterministic cycle based message transport. • Synchronization service • Error management service -> redundant communication path • Diagnosis service – bus guardian • Bus based/ star based topology • Communication modes (Time Triggered/ Event Driven) • Support both static (Time Triggered) and dynamic (Event Driven) modes at the same time. • PLUS: Designer gets flexibility. • MINUS: Composibility and Fault Tolerance is compromised.

  35. TIME TRIGGERED ARCHITECTURE: Alternates to Time Triggered Architecture: • Loosely Time Triggered Architecture: • Weaker (Cheaper) form of strict TTA. • Access to bus is quasi periodic • Writing and reading are performed independently in synchrony with each LOCAL clock. • Bus behave as shared memory – values are sustained and are periodically refreshed based on local clock • Is it TTA (No Global clock!!!!) • In a sense that local clock is bound by physical time and deviate from each other in a limited way • By adding additional layer of protocol on top of LTTA, coherent distribution of local clock is possible (Proof in reference [3]) • Problem: • Checking mechanism is quantitative. • boils down to DECREASE IN FAULT TOLERANCE

  36. TIME TRIGGERED ARCHITECTURE: Alternates to Time Triggered Architecture: • Timed Multitasking (TM): • Takes time centric approach to real time programming but controls timing properties through deadlines and events rather than time trigger. • Problems in Pure Event driven: Basis of scheduling is priority • Static priority may cause priority inversion and other problems related to jitters • Dynamic priority is time consuming activity • TM Concept: Tasks are Actors • Actors declare • Computing Functionality • Trigger Conditions • Execution Time • Deadlines • If enough resources are available at the runtime, actor is guaranteed to be provided with declared execution time before its deadline.

  37. TIME TRIGGERED ARCHITECTURE: Alternates to Time Triggered Architecture: • Timed Multitasking (TM): • The task receives messages in the beginning of the execution and provides result at the end of the execution even if results are generate in the middle of the execution. • Since the output of the task may immediately trigger other tasks, whose deadlines are also known, deterministic behavior can be generated. • Trigger condition can be built using real time physical events, communication packets and/or messages from other actors. • Trigger conditions must be responsible (once triggered, actor does not need any additional data to complete its computation. • The computational results are produced if and only if deadline is reached.

  38. TIME TRIGGERED ARCHITECTURE: Alternates to Time Triggered Architecture: • Timed Multitasking (TM): • What if an actor is about to miss deadline……. • Overrun Handlers – non preemptive pieces of code that are triggered by the run-time system when the corresponding actors are about to miss deadline. • But… • TM model is event driven and execution time varies, it is impossible to guarantee that all deadlines are met. Tries to preserve time determinism as much as possible. • In safety critical application, the overrun handler may trigger a mode change into a more conservative mode of operation. • System should be ready for next activation after overrun handler. + • NOT ALTERNATIVE OF TTA BUT TTOS

  39. QUICK REVIEW

  40. TIME TRIGGERED ARCHITECTURE: Quick Review: • TIME TRIGGERED ARCHITECTURE: • Every Action is triggered by time • TTP/C • TDMA Based communication protocol with STATIC MEDL (Message Description List) • Fault Tolerant clock synchronization • Fault Tolerant Layer • Active Replication • Hides details from application • Guardian node with its own clock – babbling idiot messages • Membership service

  41. TIME TRIGGERED ARCHITECTURE: Quick Review: • TTOS: • Task Model: • Simple Tasks – No communication/ synchronization mechanism with in the task • Can be pre-empted • Static Task Description List (TADL) – before run time • TTP/A: • Low cost • Based on UART • Communication Protocol • TTP/A slot • Fireworks Frame

  42. TIME TRIGGERED ARCHITECTURE: Quick Review: • Programming Language: • The communication actions are controlled by time and not by task code executed at a given host. • Need software architecture of the implementation which specifies its function and timing. • Control structure independent of a given platform (Separation of control implementation from the platform specific programming. • GIOTTO is a programming language for the distributed embedded architecture that can provide this functionality.

  43. TTA DEMONSTRATOR

  44. TIME TRIGGERED ARCHITECTURE: The TTA Demonstrator : The TTA Demonstrator : FOUR WHEEL DRIVE, FOUR WHEEL STEERING and RADIO CONTROL SYSTEM

  45. TIME TRIGGERED ARCHITECTURE: The TTA Demonstrator : • The TTA Demonstrator: First step – Identify Clusters • Clusters: • Structures that have high internal complexity and low external communicational activity • Types of Clusters: • Computational Cluster: A set of distributed communicating nodes • Environmental Cluster: Controlled object or Operator

  46. TIME TRIGGERED ARCHITECTURE: The TTA Demonstrator : • In the design: • Computational Cluster: • Car Control Cluster • Environment Cluster: • RC-operator cluster – contains RC-operator and interfaces to the car control cluster by radio signal receiver. • Car Hardware cluster - complete car hardware and its static and dynamic state. • Monitoring and diagnosis cluster – communicates with the car-control via a digital radio up-link

  47. TIME TRIGGERED ARCHITECTURE: The TTA Demonstrator :

  48. TIME TRIGGERED ARCHITECTURE: The TTA Demonstrator : • Car Control Cluster: • – Determine nodes within the computational cluster • Rule to identify Node • – Same (high computation – low communication) • Two complex tasks can be identified • Wheel speed control loop for each wheel • RC signal decoding at the interface of RC-operator cluster

  49. TIME TRIGGERED ARCHITECTURE: The TTA Demonstrator : • Car Control Cluster: • – Fault Tolerance: • Main Node: Active Replication • Wheels: Application specific redundancy – in case of a single wheel module failure, a safe state can be reached with the remaining three functional wheel modules.

  50. TIME TRIGGERED ARCHITECTURE: The TTA Demonstrator : Car Control Cluster: TRANSACTION: Sequence of Computation and Communication Between Nodes: TTP/C Node and Sensor/Actuation: TTP/A

More Related