the time-triggered architecture
DESCRIPTION
The Time-Triggered Architecture. Krishnakumar B [email protected] Institute for Software Integrated Systems Vanderbilt University, Nashville, TN. Outline of Talk. Overview of TTA Architecture Model Design Principles Communication Fault Tolerance Design Methodology Questions ?. - PowerPoint PPT PresentationTRANSCRIPT
January 23rd, 2003
The Time-Triggered Architecture
Krishnakumar [email protected]
Institute for Software Integrated Systems
Vanderbilt University, Nashville, TN
2
Krishnakumar B The Time-Triggered Architecture
ISIS, Vanderbilt University
Outline of Talk⢠Overview of TTA⢠Architecture Model⢠Design Principles ⢠Communication⢠Fault Tolerance⢠Design Methodology⢠Questions ?
3
Krishnakumar B The Time-Triggered Architecture
ISIS, Vanderbilt University
Time-Triggered Architecture⢠Treatment of physical time as a first-order
quantity⢠Provides fault-tolerant global time base⢠Decomposes a large application into:
â Clustersâ Nodesâ Combination of both
⢠Use global time to specify interfaces between nodes
⢠Communication and agreement protocols
4
Krishnakumar B The Time-Triggered Architecture
ISIS, Vanderbilt University
Model of Time⢠Time progresses along a dense timeline⢠Duration â Interval delimited by two instants⢠Event occurs at an instant
â E.g. Observation of state
⢠Time-stampingâ Assign state of node-local global time to event
⢠How to synchronize clocks ?
5
Krishnakumar B The Time-Triggered Architecture
ISIS, Vanderbilt University
Sparse Time Base
⢠Continuum of time is partitioned ⢠Infinite sequence of alternating durations of activity &
silence⢠Duration of the activity interval > precision of clock
synchronization⢠All events that occur within an interval of activity
considered simultaneous⢠External representation of time
6
Krishnakumar B The Time-Triggered Architecture
ISIS, Vanderbilt University
RT Entities and RT Images ⢠TTA system
â Node, Communication Network Interface, Hostâ Time domain and value domain
7
Krishnakumar B The Time-Triggered Architecture
ISIS, Vanderbilt University
RT Entities and RT Images (ContdâŚ)⢠Real-Time Entities
â State variables used to model dynamics of systemâ Change their state as time progressesâ Mix of both static and dynamic attributesâ E.g Flow of a liquid in a pipe, Temperature of valve
⢠Observationâ State of RT Entity at a particular instant tobs
â Observation = <Name, Value, tobs>⢠Real-Time Image
â Temporally accurate picture of RT entity at instant tâ Duration b/w time of observation and instant t <
dacc
⢠Observation valid forever, not true of validity of image
8
Krishnakumar B The Time-Triggered Architecture
ISIS, Vanderbilt University
State-Information vs Event-Information
⢠State attribute â Property of a RT entity at a particular instant
⢠State Information â (state variable, value, time of observation)â Idempotent, atleast-once semanticsâ Sender-side â Not consumedâ Receiver-side â Update-in-place, non-consuming read
⢠Eventâ Sudden change of state of an RT Entity at an instant
⢠Event Informationâ (state variable, value difference, time of event)â Exactly-once semanticsâ Sender-side â Consumed on sendingâ Receiver-side â Queued and consumed on reading
9
Krishnakumar B The Time-Triggered Architecture
ISIS, Vanderbilt University
Structure of TTA⢠Node
â Self-contained unit⢠Communication system
â Replicated channels â Autonomousâ Executes periodicallyâ a priori TDMA schedule
⢠Fetch Instantâ Reads state message
from CNI⢠Delivery instant
â Delivers it to CNI of all other nodes of cluster
â Overwriting previous version of state message
⢠Fetch, delivery instants in message scheduling table
10
Krishnakumar B The Time-Triggered Architecture
ISIS, Vanderbilt University
Interconnection topology⢠TTA-bus
â Replicated passive busesâ Each node has 3
subsystems⢠Node, 2 guardians⢠Spatial proximity faults
⢠Fail-safe vs fail-operational⢠TTA-star
â Independent guardiansâ n+2 packages vs 3nâ Reshape physical signals
& resilient to Slightly-off-specification (SOS) faults
â Additional monitoring, better EMI characteristics
11
Krishnakumar B The Time-Triggered Architecture
ISIS, Vanderbilt University
Design Principles of TTA⢠Consistent Distributed Computing Base⢠Unification of Interfaces â Temporal Firewalls⢠Composability⢠Scalability⢠Transparent Fault Tolerance⢠Openness
12
Krishnakumar B The Time-Triggered Architecture
ISIS, Vanderbilt University
Consistent Distributed Computing Base
⢠Distributed algorithms dependent on consistent data
⢠TTA exploits short error detection latency of protocolâ Error-detection at protocol levelâ Distributed agreement (membership) algorithm
⢠Checking membership of all nodes to ascertain correct operation
⢠Detect faulty outgoing link
⢠Violation of fault-hypothesisâ Distributed agreement protocol unable to reach
conclusionâ Result: Clique avoidance algorithm is activated
13
Krishnakumar B The Time-Triggered Architecture
ISIS, Vanderbilt University
Unification of Interfaces â Temporal Firewalls
⢠Uni-directional data-flow interfacesâ Elementary â Uni-directional control flowâ Composite â Bi-directional control flow
⢠TTA CNI is an elementary interface⢠Control-error propagation prevented by design⢠Interface called temporal firewall
14
Krishnakumar B The Time-Triggered Architecture
ISIS, Vanderbilt University
Different Interfaces of a Node⢠Real-Time Service (RS) Interface
â Provides timely real-time services to node environment
â Must satisfy temporal specification under all conditionsâ Affects temporal composability
⢠Diagnostic & Maintenance (DM) Interfaceâ Opens channel to internals of a nodeâ Useful in configuring node parametersâ Retrieve node parameters for fault diagnosisâ Doesnât affect temporal composability
⢠Configuration Planning (CP) Interfaceâ Connect node to other nodes of a systemâ Used during integration phase to generate âglueââ Not time critical
15
Krishnakumar B The Time-Triggered Architecture
ISIS, Vanderbilt University
Composability⢠Independent development of nodes
â Differentiate between node and architecture designâ Precise specification of all node services =>
independent design of nodes⢠Stability of Prior services
â Validated service of a node should be unaffected by integration of node into a system
⢠Constructive Integrationâ n nodes already integrated => addition of n+1
doesnât affect previous n nodes⢠Replica determinism
â All members have same externally visibile stateâ Produce same output messages atmost d time units
apart
16
Krishnakumar B The Time-Triggered Architecture
ISIS, Vanderbilt University
Scalability⢠Complexity of system should not increase with growth of
system⢠In TTA, CNIs provides abstraction
â Encapsulate properties of environment â Only essential properties available to nodes
⢠Example - Gateway nodes
17
Krishnakumar B The Time-Triggered Architecture
ISIS, Vanderbilt University
Transparent Fault-Tolerance⢠Active redundancy by replication and voting⢠Active replication is complex
â Shouldnât be done at application level⢠TTA provides dedicated Fault-Tolerance layer
â Fault-tolerant CNI (FTU-CNI)
18
Krishnakumar B The Time-Triggered Architecture
ISIS, Vanderbilt University
Openness⢠Standardize interfaces ⢠TTA interfaces submitted for standardization
by OMG⢠Inter-operation with CORBA clients⢠RS, DM and CP interfaces available at the ORB
level
19
Krishnakumar B The Time-Triggered Architecture
ISIS, Vanderbilt University
Communication⢠Deliver information between CNIs
â Within interval delimited by fetch and delivery instants
⢠TTP/C Protocolâ Autonomous, fault-tolerant, TDMA based transportâ Fault-tolerant clock synchronizationâ Membership service
⢠Inform every node about âhealthâ of every other node⢠Doubles as multicast acknowledgment ⢠Used in implementing fault-tolerant clock
synchronization
â Clique avoidance to detect and eliminate the formation of cliques when fault-hypothesis is violated
20
Krishnakumar B The Time-Triggered Architecture
ISIS, Vanderbilt University
Communication (contdâŚ)⢠TTP/A protocol
â Time-triggered field-bus protocol of TTAâ Connects low-cost smart transducers to a node of TTAâ Two types of rounds â Master/Slave (MS) & Multi-
partner (MP)⢠MS â Read/write records from IFS to implement DM and CP⢠MP â Periodic, implements the RS service
21
Krishnakumar B The Time-Triggered Architecture
ISIS, Vanderbilt University
Event Message Channels & Performance
⢠Event message channels â Created by allocating portion of TT communicationâ Push-pull model for eventsâ Filter service & Garbage collection service
⢠Performance of TTAâ Time distribution needs inter-frame gap of 5 Îźsâ 80% bandwidth utilization => 20 Îźs for send-phaseâ 40,000 messages / secondâ 10 clients => 250 Îźs sampling period => 4kHz loopâ Amount of data
⢠5 Mbps => 12 bytes / 20 Οs⢠1 Gbps => 2400 bytes / 20 Οs
22
Krishnakumar B The Time-Triggered Architecture
ISIS, Vanderbilt University
Fault Tolerance⢠Fault Hypothesis
â States types and number of faults that the system should tolerate
⢠TTA-star clusterâ Can tolerate an arbitrary failure of a single nodeâ Single faulty unit detected by membership protocol â Isolated within two rounds (for single fault)
⢠Fault-tolerant Units â Triple Modular redundancy
23
Krishnakumar B The Time-Triggered Architecture
ISIS, Vanderbilt University
Fault Tolerance (contdâŚ)⢠Till now assumed that environment complies with fault-hypothesis⢠If environment violates fault hypothesis
â TTA activates never-give-up strategyâ Initiated by TTP/C protocol in combination with applicationâ Only when necessary resources are unavailable to provide minimum
required service⢠Redundant transducers
â Requires two independent TTP/A field buses
24
Krishnakumar B The Time-Triggered Architecture
ISIS, Vanderbilt University
Design Methodology⢠Architecture Design
â Decompose into clusters and nodesâ Can use top-down or bottom-upâ Specify CNIs of nodes in both the temporal &
value domains⢠Node design
â Delivery and fetch instants⢠Used as pre-condition and post-condition by
applications
⢠Validationâ Formal methods for consistent distributed
computing base algorithmsâ Reproducable, observed without probe effect,
DM interface
25
Krishnakumar B The Time-Triggered Architecture
ISIS, Vanderbilt University
Concluding Remarks⢠Autonomous clusters and nodes⢠Global time used to specify interfaces among
nodes⢠Two-phased design
â Architecture and Component (Node) design
⢠Take advantage of global time⢠Currently occupies a niche position
â Time considered a nuisance in mainstream computing
⢠Real-Time is an integral part of real-worldâ Cannot be abstracted away
26
Krishnakumar B The Time-Triggered Architecture
ISIS, Vanderbilt University
Questions ?