dr. hugh melvin, dept. of it, nui,g1 classification of rts
TRANSCRIPT
Dr. Hugh Melvin, Dept. of IT, NUI,G 1
Classification of RTS
Dr. Hugh Melvin, Dept. of IT, NUI,G 2
RTS Definitions
• Precise definition of RTS?– Difficult due to the extent and scope of RTS– System where a substantial fraction of the design
effort goes into making sure that deadlines are met (Krishna/Shin)
• Response Time is an important parameter:– The time between the presentation of a set of inputs
to a system (stimulus) and the realisation of the required behaviour (response) including the availability of all associated outputs, is called the response time of the system (Laplante)
Dr. Hugh Melvin, Dept. of IT, NUI,G 3
RTS Definitions • Alternative definitions
– System that must satisfy explicit (bounded) response-time constraints or risk severe consequences, including failure (Laplante)
– System whose logical correctness is based on both the correctness of the outputs and their timeliness (Laplante)
• Failed System– A system that cannot satisfy one or more of the
requirements stipulated in the formal system specification (Laplante)
• Applies only to Hard RTS
Dr. Hugh Melvin, Dept. of IT, NUI,G 4
RTS Definitions
• Failed Systems– RTS software rather than hardware usually at fault– Emergence of Software Engineering
• Attempts by US DoD (SEI) to improve on the dismal record of software in military systems
• Has extended to general software industry• All practical system are RTS?
– Time constraints are always bounded?
• Need for Classification of RTS– Hard – Firm – Soft– Differ by the consequences of missed deadlines
Dr. Hugh Melvin, Dept. of IT, NUI,G 5
RTS Definitions
• A Hard RTS is one in which failure to meet a single deadline may lead to complete and catastrophic system failure (Laplante)
• Eg.– Power Plant
• Turbine Overspeed Protection• Fuel Shutdown
– Flight Controller– ABS (Antilock Braking System)
Dr. Hugh Melvin, Dept. of IT, NUI,G 6
Dr. Hugh Melvin, Dept. of IT, NUI,G 7
Hard RTS
Teleperm ME System Overview
VAXMaintenance Management
System
I/O
CPU
I/O
CPU
I/O I/O
CPU CPU
Bin
ary
Fie
ld I
nput
sB
inar
y O
utpu
tsA
nalo
gue
Inpu
tsA
nalo
gue
Out
puts
Bin
ary
Fie
ld I
nput
sB
inar
y O
utpu
tsA
nalo
gue
Inpu
tsA
nalo
gue
Out
puts
Bin
ary
Fie
ld I
nput
sB
inar
y O
utpu
tsA
nalo
gue
Inpu
tsA
nalo
gue
Out
puts
I/O
CPU
AS101 AS133AS112 AS131AS017AS013
Boiler BMSTurbine
I/O
CPU
R30
I/O
CPU
I/O
CPU
I/O
CPU
AS231Unit Alarms System
PG750Maintenance
Computer
OS254OperationsComputer
Turbine Boiler
VDU 1 VDU 1
VDU 2
VDU 3
Operator’sKeyboard
MEC-RTData Storage Unit
Programmers VDU & Keyboard
VDU 2
VDU 3
Operator’sKeyboard
MEC-RTData Storage Unit
Programming Room Printer
Fault Log Printer
Con
trol
Roo
m
Control R
oom
LPA0
LPA1
Local Printer
VDU 1
VDU 2
Operator’sKeyboard
5 1/4”FDDStorage Unit
Alarms Printer
Annunciator
I/O
CPU
Local T
erminals
CPU
I/O
MEC-RTData Storage Unit
VDU 1
VDU 2
VDU S\E’sOffice
VDU Prog. Room
Tape DriveStorage Unit
Operators Keyboard 1
Operators Keyboard 2
S\E’s Keyboard 1
Programmers Keyboard
Annunciator
Printer 1
Printer 2
Printer Prog. Room
CS 275 Bus Bus 0 Bus 1
HW Analog Inputs
HW Binary Inputs
S\E’s VDU & Keyboard
Bus Coupler
12:45:01 23:01:97
Master Clock
Dr. Hugh Melvin, Dept. of IT, NUI,G 8
Remote OperatorStation
Control Room Unit 3 Operator Station
OIS Server IBM NetFinity 5510
Control Room Unit 1 Operator Station
Control Room Unit 2 Operator Station
Station LAN
MP002
GatewayR30 Room Gateway
Communications Room
MP001
Bus ABus B
Bus Coupler
U/I
CS275Bus 0
Synogate Interfaceto CS275
CS275Bus 1
U/I
Bus ABus B
Bus Coupler
U/I
CS275Bus 0
Synogate Interfaceto CS275
CS275Bus 1
U/I
Bus ABus B
Bus Coupler
U/I
CS275Bus 0
Synogate Interfaceto CS275
CS275Bus 1
U/I
Unit 1 Unit 2 Unit 3
Dr. Hugh Melvin, Dept. of IT, NUI,G 9
Burner Management System
CPU 2CPU 1 CPU 3
.. .. ........
2 out of 3
Non-Redundant Control Circuits
Double RedundantSafety Circuits Triple Redundant Safety Circuits
N8 N8
U/I U/I
Bus ABus B
CS275
Dr. Hugh Melvin, Dept. of IT, NUI,G 10
Hard RTS• Emergence of Fly-by-wire control systems• Military Aircraft• Year Aircraft %Fns supported by S/W
1960 F-4 81982 F-16 452000 F-22 80
(Source: W.S Humphreys “Winning with S/W, An Exec. Stgy”, Add-Wes. 2002)
• Civilian aircraft similar• Also
– Robotics– Medical Devices– ABS / Airbag Protection
• Most Hard RTS are embedded devices with limited and very specialised software designed for specific hardware
Dr. Hugh Melvin, Dept. of IT, NUI,G 11
RTS Definitions
• A Soft RTS is one in which performance is degraded but not destroyed by failure to meet response time constraints (Laplante)
• Eg.– Multitasking PC– Internet-based Multimedia
• VoIP – Note: For MM data, requirement for logical
correctness of output can be relaxed somewhat (See G.1010)
Dr. Hugh Melvin, Dept. of IT, NUI,G 12
Soft RTS: Multimedia ?
Dr. Hugh Melvin, Dept. of IT, NUI,G 13
Soft RTS : VoIP
Dr. Hugh Melvin, Dept. of IT, NUI,G 14
RTS Definitions
• A Firm RTS is one in which a few missed deadlines will not lead to total failure, but missing more than a few may lead to complete and catastrophic system failure failure (Laplante)
• Difficult to find examples!
Dr. Hugh Melvin, Dept. of IT, NUI,G 15
Firm RTS
• Somewhere in the middle– Eg. Private IP Network governed by SLA (Service
Level Agreement)• SLA specifies jitter/delay/loss/availability
– 99.999% Availability
• Lack of adherence results in :– Irate customers loss of business
– Penalties imposed on provider
– Consumer Devices• Mobile Phone / Cameras etc…
– Reservation Systems
Dr. Hugh Melvin, Dept. of IT, NUI,G 16
Sample Time and Response Time• Sample time refers to the rate at which a
parameter is monitored• Sample time and Response time are both
related to the underlying physical phenomena– Eg. Power System control/protection systems for
– Steam Pressure / Turbine Speed / Overvoltage – 3 phenomena have very different natural characteristics– Require very different Sample Times and Response Times to
react safely to changing/dangerous conditions
– Eg. Flight Control / Car ABS– Sample and Response Times depend on Maximum velocity– 2 aircraft @ 600 mph = relative velocity of 1200 mph
» 1760 feet/sec (Min Vertical flight separation = 1000 ft = 0.6 sec)
– 2 cars at 120 kph = 66 m/sec .. Response time of msec reqd
Dr. Hugh Melvin, Dept. of IT, NUI,G 17
Sample Time and Response Time• Hard RTS
– No point in sampling more frequently than necessary• Wasteful of CPU/Memory• Eg. Steam Pressure versus Voltage
– Response time must be guaranteed : Good Average performance is of little use
• At 35000 ft when cabin pressure is lost• When a Power station at full output is suddenly disconnected from
the National Grid• When ABS is required to work
• Soft RTS– Conventional PC OS designed for timesharing and multitasking– Complex timesharing scheduler– Good Average Performance acceptable
Dr. Hugh Melvin, Dept. of IT, NUI,G 18
Analog Inputs via ADC Modules
2 Wire Transmitter4 … 20 mA
4 Wire Transmitter0 … 20 mA
2 Wire Transmitter0 … 10V
Spare
0 6600%
CPU
ASE 6DS1714-8AA
Ch 4
Ch 1
Ch 2
Ch 3
0 - 200 bar
0 - 3000 rpm
Voltage
spare
Dr. Hugh Melvin, Dept. of IT, NUI,G 21
RTS Definitions• Deterministic System
– System that for each possible state and set of inputs, a unique set of outputs and the next state of the system are known Importance of thorough system specification and
testing 2OI – 2nd Order Ignorance- “You cannot test for
things you don’t know you don’t know”
• Temporal Determinism• Response Time is also known• Critical and extra reqd for RTS
Dr. Hugh Melvin, Dept. of IT, NUI,G 22
RTS Definitions• CPU Utilisation (U)
– Measure of the percentage of non-idle processing– 70% is useful rule of thumb based on scheduling
theory (cf later)– Consider task 1 n where
• task i has period p i ,freq of 1/ pi and worst case execution time ei
• ei can be very difficult to quantify
• Utilisation factor (worst case) for task i ; ui = ei / pi
– Overall CPU U=
n
iiu
1
Dr. Hugh Melvin, Dept. of IT, NUI,G 23
RTS Components• Hardware
– Specific to application– Tend to be I/O intensive
• Power Systems• Fly-by-wire• MM: VoIP
• Software – Specific to Application
• Assembly language / C widely used• Interface directly with hardware
– RT Programming Languages• Power Systems: Siemens OEM Programming Language• Ada is most recognised Real Time Lang. (RealTime Java?)
– Boeing 777 control written in Ada
Dr. Hugh Melvin, Dept. of IT, NUI,G 24
RTS Components• RTOS
– Many Hard RTS do not have an OS as such• Cyclic Executive approach used• OS introduces too much complexity• OS not needed if embedded device is simple enough or can
be very well defined– Soft-Firm RTS often utilise RTOS
• Facilitates multiple concurrent processes• Requires Scheduler• Memory Management
Process Priorities ensure determinism Eg. Mobile Phones / PDA / Network Switches• Increasing use in Hard RTS : Mars Pathfinder
– Note: Conventional OS can be adequate for Soft/Firm RTS
Dr. Hugh Melvin, Dept. of IT, NUI,G 25
Taco-generatorDrive Unit
Conveyor Belt
Thyristor Drive UnitProcessor(incl ADC/DAC)
Process Control
Signal Conditioning
Operator Interface
EY
Belt Running
Drive Temp High
Simple Control SystemProcess
Field Inputs / Outputs
Speed Setpoint
Dr. Hugh Melvin, Dept. of IT, NUI,G 26
Less simple control System : Boeing 777
Dr. Hugh Melvin, Dept. of IT, NUI,G 27
RTS Components• Fault Tolerant Techniques
– Full/Partial Fault Tolerance• Hardware Redundancy
– Voting schemes• Software Redundancy
– N-version Programming• Time Redundancy
– Build in time slack or roll back • Information Redundancy
– Error Detection + Correction » FEC & PLC techniques
– Note: TCP-IP based Error Detection via CRC relies on Time Redundancy for TCP traffic. Not acceptable for UDP based MM traffic
– Graceful degradation
– Failsafe operation
Dr. Hugh Melvin, Dept. of IT, NUI,G 28
RTS Components
– Common hydraulic system for Steering, Brakes and Suspension
– Failsafe operation• Suspension• Braking• Steering
Dr. Hugh Melvin, Dept. of IT, NUI,G 29
Fault Tolerant Techniques
CPU 1 CPU 2 CPU 3
2-out-of-3 2-out-of-32-out-of-3
2-out-of-3 2-out-of-3 2-out-of-3
2-ou
t-of
-3
Inputs Outputs
Extension Units
EAVn
ZV1 ZV2 ZV3
ZV1 ZV2 ZV3
DB-In DB-In DB-InDB-Out DB-Out DB-Out
Cen
tral
Uni
tI/
O L
evel
RAMEPROM
1
RAMEPROM
2
RAMEPROM
3
Dr. Hugh Melvin, Dept. of IT, NUI,G 30
Fault Tolerant Techniques: Airbus
• 3 Main Flight Controllers
• 2 Backup Flight Controllers
• Software developed by different teams and on different platforms
• Seamless transfer• ..See video !
Dr. Hugh Melvin, Dept. of IT, NUI,G 32
RTS: Closing Remarks• RTS are more concerned with predictability of
response times rather than absolute response times– Providing faster processors will convert a PC (Soft
RTS) to a faster PC (Soft RTS), not a Hard RTS. • Many Hard RTS are embedded devices
– Specific hardware– Customised and limited software– No OS– Guarantees are provided through simplicity, precise
definition and overprovisioning• Distinction between Soft-Firm RTS vague