The System-Level Simplex Architecture Stanley Bak Olugbemiga Adekunle Deepti Kumar Chivukula Mu Sun Marco Caccamo Lui Sha.

Slides:



Advertisements
Similar presentations
© Alan Burns and Andy Wellings, 2001 Real-Time Systems and Programming Languages n Buy Real-Time Systems: Ada 95, Real-Time Java and Real-Time POSIX by.
Advertisements

Hao wang and Jyh-Charn (Steve) Liu
ECE 720T5 Fall 2011 Cyber-Physical Systems Rodolfo Pellizzoni.
Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.
A reconfigurable system featuring dynamically extensible embedded microprocessor, FPGA, and customizable I/O Borgatti, M. Lertora, F. Foret, B. Cali, L.
EXTENSIBILITY, SAFETY AND PERFORMANCE IN THE SPIN OPERATING SYSTEM B. Bershad, S. Savage, P. Pardyak, E. G. Sirer, D. Becker, M. Fiuczynski, C. Chambers,
ECE 720T5 Fall 2012 Cyber-Physical Systems Rodolfo Pellizzoni.
MotoHawk Training Model-Based Design of Embedded Systems.
Extensibility, Safety and Performance in the SPIN Operating System Department of Computer Science and Engineering, University of Washington Brian N. Bershad,
International Workshop on Satellite Based Traffic Measurement Berlin, Germany September 9th and 10th 2002 TECHNISCHE UNIVERSITÄT DRESDEN Onboard Computer.
Team Monte Cristo Joseph Carrafa Sharon Clark Scott Hassett Alex Mason The Deep Fried Game Station.
CS533 Concepts of Operating Systems Class 14 Virtualization.
Department of Electrical and Computer Engineering Texas A&M University College Station, TX Abstract 4-Level Elevator Controller Lessons Learned.
Zach Allen Chris Chan Ben Wolpoff Shane Zinner Project Z: Stereo Range Finding Based on Motorola Dragonball Processor.
REAL-TIME SOFTWARE SYSTEMS DEVELOPMENT Instructor: Dr. Hany H. Ammar Dept. of Computer Science and Electrical Engineering, WVU.
Figure 1.1 Interaction between applications and the operating system.
Agent-Based Acceptability-Oriented Computing International Symposium on Software Reliability Engineering Fast Abstract by Shana Hyvat.
Introduction Operating Systems’ Concepts and Structure Lecture 1 ~ Spring, 2008 ~ Spring, 2008TUCN. Operating Systems. Lecture 1.
User-Level Interprocess Communication for Shared Memory Multiprocessors Brian N. Bershad, Thomas E. Anderson, Edward D. Lazowska, and Henry M. Levy Presented.
Using FPGAs with Embedded Processors for Complete Hardware and Software Systems Jonah Weber May 2, 2006.
Slide 1-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 1.
Senior Design May AbstractDesign Alex Frisvold Alex Meyer Nazmus Sakib Eric Van Buren Our project is to develop a working emulator for an Android.
RTOS Design & Implementation Swetanka Kumar Mishra & Kirti Chawla.
On-Chip Control Flow Integrity Check for Real Time Embedded Systems Fardin Abdi Taghi Abad, Joel Van Der Woude, Yi Lu, Stanley Bak, Marco Caccamo, Lui.
Stack Management Each process/thread has two stacks  Kernel stack  User stack Stack pointer changes when exiting/entering the kernel Q: Why is this necessary?
ECEn 191 – New Student Seminar - Session 8: Computer Systems ECEn 191 – New Student Seminar – Session 7: Computer Systems Computer Systems ECEn 191 New.
Computer Organization
Computer Science and Engineering Computer System Security CSE 5339/7339 Session 20 October 28, 2004.
REAL-TIME SOFTWARE SYSTEMS DEVELOPMENT Instructor: Dr. Hany H. Ammar Dept. of Computer Science and Electrical Engineering, WVU.
ECE 720T5 Winter 2014 Cyber-Physical Systems Rodolfo Pellizzoni.
Introduction and Overview Questions answered in this lecture: What is an operating system? How have operating systems evolved? Why study operating systems?
1 3-General Purpose Processors: Altera Nios II 2 Altera Nios II processor A 32-bit soft core processor from Altera Comes in three cores: Fast, Standard,
1 Feedback Based Real-Time Fault Tolerance Issues and Possible Solutions Xue Liu, Hui Ding, Kihwal Lee, Marco Caccamo, Lui Sha.
Upgrade to Real Time Linux Target: A MATLAB-Based Graphical Control Environment Thesis Defense by Hai Xu CLEMSON U N I V E R S I T Y Department of Electrical.
Three fundamental concepts in computer security: Reference Monitors: An access control concept that refers to an abstract machine that mediates all accesses.
Kernel, processes and threads Windows and Linux. Windows Architecture Operating system design Modified microkernel Layered Components HAL Interacts with.
Protecting the Public, Astronauts and Pilots, the NASA Workforce, and High-Value Equipment and Property Mission Success Starts With Safety Believe it or.
GBT Interface Card for a Linux Computer Carson Teale 1.
Trusted Computing Or How I Learned to Stop Worrying and Love the MPAA.
 AUTOMATION  PLC  SCADA  INSTRUMENTATION  DRIVES & MOTORS.
EEL Software development for real-time engineering systems.
Copyright John C. Knight SOFTWARE ENGINEERING FOR DEPENDABLE SYSTEMS John C. Knight Department of Computer Science University of Virginia.
Heterogeneous Multikernel OS Yauhen Klimiankou BSUIR
J. Christiansen, CERN - EP/MIC
Hardware Support for Trustworthy Systems Ted Huffmire ACACES 2012 Fiuggi, Italy.
© Janice Regan, CMPT 300, May CMPT 300 Introduction to Operating Systems Operating Systems Overview Part 2: History (continued)
Slide 3-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 3.
REAL-TIME SOFTWARE SYSTEMS DEVELOPMENT Instructor: Dr. Hany H. Ammar Dept. of Computer Science and Electrical Engineering, WVU.
IEEE Robotics - Requirements Presentation Presented by Jason Abbett and Devon Berry.
Writing Systems Software in a Functional Language An Experience Report Iavor Diatchki, Thomas Hallgren, Mark Jones, Rebekah Leslie, Andrew Tolmach.
EGR101-34R "lecture on hardware- software" FB 7/10/2004 Digital Electronics Logic Gates Logic gates work with the voltage level of the signals. They are.
Handling Mixed-Criticality in SoC- based Real-Time Embedded Systems Rodolfo Pellizzoni, Patrick Meredith, Min-Young Nam, Mu Sun, Marco Caccamo, Lui Sha.
Electrical and Computer Engineering University of Cyprus LAB 1: VHDL.
Title 11/5/2000 eSimplex Architecture Using MaCS Insup Lee Oleg Sokolsky Moonjoo Kim Anirban Majumdar Sampath Kannan Mahesh Viswanathan Insik Shin and.
MIDORI The Windows Killer!! by- Sagar R. Yeole Under the guidance of- Prof. T. A. Chavan.
CS533 Concepts of Operating Systems Jonathan Walpole.
Software Systems Division (TEC-SW) ASSERT process & toolchain Maxime Perrotin, ESA.
System Programming Basics Cha#2 H.M.Bilal. Operating Systems An operating system is the software on a computer that manages the way different programs.
1 Device Controller I/O units typically consist of A mechanical component: the device itself An electronic component: the device controller or adapter.
SEPTEMBER 8, 2015 Computer Hardware 1-1. HARDWARE TERMS CPU — Central Processing Unit RAM — Random-Access Memory  “random-access” means the CPU can read.
Decisive Themes, July, JL-1 ARTEMIS Decisive Theme for Integrasys Pedro A. Ruiz Integrasys July, 2011.
Overview of today’s lecture Major components of an operating system Structure and internal architecture of an operating system Monolithic Vs Micro-kernels.
1.3 Operating system services An operating system provide services to programs and to the users of the program. It provides an environment for the execution.
©Ian Sommerville 2000 Software Engineering, 6th edition. Chapter 10Slide 1 Chapter 5:Architectural Design l Establishing the overall structure of a software.
Lesson 1 PLC BASICS. PLC Definition  Programmable Logic Controllers are industrial computers that control machine and other applications.  PLC have.
Computer System Structures
John Backes, Rockwell Collins Dan DaCosta, Rockwell Collins
Maintaining Data Integrity in Programmable Logic in Atmospheric Environments through Error Detection Joel Seely Technical Marketing Manager Military &
Chapter 2 Operating System Overview
John Backes, Rockwell Collins Dan DaCosta, Rockwell Collins
Presentation transcript:

The System-Level Simplex Architecture Stanley Bak Olugbemiga Adekunle Deepti Kumar Chivukula Mu Sun Marco Caccamo Lui Sha

Building Reliable Software Use best practices from industry: –Software review –“Safe” programming languages –Extensive testing Cost: –$100-$1000 per line of code And worst of all…

“Reliable” Software Still Has Bugs! In 2007, 12 F-22s were going from Hawaii to Japan After crossing the IDL, all 12 experienced multiple system crashes –No navigation –No fuel subsystems –Limited communications –Rebooting didn’t help Formal Verification? –F-22 has 1.7 million lines of code

Our Contribution Our contribution is threefold: We present the System-Level Simplex Architecture that provides reliability for large, safety-critical systems. We formalize and verify our architecture in an AADL model, which can be immediately instantiated for applications requiring reliability. We demonstrate the System-Level Simplex Architecture in an Inverted Pendulum control system, and empirically verify its safe functionality in spite of controller/OS/middleware bugs.

Trends in Cross-Layer Systems Reliability is a cross-layer property Other examples of cross-layer properties include security, and real-time Hardware Operating System Software

Trends in Security Security protocols at the software-level (SSL) trust the operating system and hardware is secure An operating system can be compromised by a kernel rootkit or VMBR Solution: Use the hardware for security checks (Secure Boot, TPMs)‏ Hardware - TPM Operating System - SELinux Software - SSL

Trends in Real-Time Systems A real-time software application requires the operating system be aware of real-time requirements and the hardware be predictable A real-time operating system can use a real-time scheduling algorithm, but can do nothing in the face of unpredictable hardware Ideal Solution: Design hardware predictably (ASICs, deterministic hardware)‏ Practical Solution: Enforce predictable behaviour (bus monitoring and cutoff)‏ Hardware – Deterministic Processor Operating System - VxWorks Software – Flight Controller

Trends in Reliability Designing 100% correct, complex control software is infeasible Operating systems can provide isolation (microkernel) and power through abstractions, but are often large, complex, and unverified Ideal Solution: Design hardware reliably; verify all software Practical Solution: Reject OS abstractions? Accept failure? Hardware – ??? Operating System – MINIX 3 (microkernel)‏ Software – Complex Flight Controller

Trends in Reliability Designing 100% correct, complex control software is infeasible Operating systems can provide isolation (microkernel) and power through abstractions, but are often large, complex, and unverified Ideal Solution: Design hardware reliably; verify all software Practical Solution: System-Level Simplex Hardware – System-Level Simplex Operating System – MINIX 3 (microkernel)‏ Software – Complex Flight Controller

System-Level Simplex System-Level Simplex works components off the shelf (COTS) is compatible with existing engineering practices (triple modular redundancy)‏ First, develop a simple, safe controller in hardware (on a Field Programmable Gate Array [FPGA])‏ Next, develop a complex controller that can take advantage of the power of software (COTS processor + hardware)‏ Then use the complex controller when possible, but switch to the simple one to preserve system liveliness

Physical Components Motherboard CPU Memory Ram Field Programmable Gate Array (Xilinx ML505)‏ sensors actuators sensors actuators Complex Controller Decision Module Safety Controller PCIe Bus North Bridge Bus Front Side Bus Logical Mapping

Proof of Safety AADL is an architecture description language designed for real-time, embedded systems –Used by European Space Agency, Rockwell-Collins, Lockheed Martin, Airbus, and others Systems can be instantiated from an AADL Model Safety properties of a model can be proven using model checking

System-Level Simplex Model We provide a System-Level Simplex AADL Model generator to generate an initial architecture design This model is modified as the design evolves The final AADL design can then be checked for violation of System-Level Simplex requirements

System-Level Simplex: Inverted Pendulum Testbed

Overview Complex Controller CPU with Linux OS PCIe Bus IO Module Analog Input FPGA Safety Controller Decision Module A/D Converter D/A Converter Analog Output Bus module Type checker

Inverted Pendulum An inverted pendulum is an unstable system that tries to maintain an upright rod by moving the base along a track (video)‏video We used the Quanser Q4 IP04 inverted pendulum for our testbed The pendulum tells us the angle and track position which we convert to a digital signal with an A/D Converter (ADS7812P)‏ We output the digital voltage for the motor to use, which is converted to an analog using an A/D converter (DAC714P)‏

Hardware Components Our hardware components run on a Xilinx ML505 Field Programmable Gate Array (FPGA)‏ The safety controller code can be generating in Matlab given the physical properties of the inverted pendulum The decision module switches controllers when the pendulum is in danger of collapse. We can compute this state region with a Lyapunov stability function.

Decision Module Recoverable Region: Based on the dynamics of the controlled physical system, we can derive a stability envelope. Here, any state inside the red region is recoverable if we use the safety controller. Safe Region: When the state is in the green region, the system can tolerate aggressive action without immediately losing stability (we can use the complex controller). FPGA Safety Controller Envelope Calc A/DD/A Bus module Type checker PCIe Bus Software State Space

Software Components Our complex controller runs on a x86 PC with Linux RK (a real-time Linux variant)‏ The software components are interfaced with the FPGA through the PCIe bus Communication occurs through memory mapped I/O, where sensor and actuation values are viewed as memory on the FPGA The complex controller is a modified version of the safe controller with various bugs to test the System-Level Simplex design

Implementation Results By introducing bugs in the complex controller, we were able to verify that the System-Level Simplex Architecture protected the system from several potential failures

Conclusions and Future Work We proposed a system-level simplex architecture which provides reliability at the lowest (hardware) level We provide an AADL architecture generator and checker We demonstrated the System-Level Simplex Architecture on an Inverted Pendulum Control System, and empirically verified its functionality. The System-Level Simplex Architecture has fostered a funded collaboration with John Deere applied towards autonomous tractor control

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.