Download presentation
Presentation is loading. Please wait.
1
Architecture Modeling and Analysis for Embedded Systems Overview of AADL and related research activities in RTG Oleg Sokolsky September 19, 2008
2
9/19/2008 Architecture modeling with AADL 2 of 90 Overview Background –Architecture description languages –Embedded and real-time systems AADL: ADL for embedded systems Analysis of embedded systems with AADL –Basic analysis –Schedulability analysis with ACSR –Performance analysis with Real-Time Calculus
3
9/19/2008 Architecture modeling with AADL 3 of 90 Architecture vs. behavior How it is constructed vs. is does Traditionally, behavior was considered more important
4
9/19/2008 Architecture modeling with AADL 4 of 90 Components, ports, and connections Components are boxes with interfaces Component interfaces described by ports: –Control, data, resource access Connections establish control and data flows The nature of components may be abstracted –Hardware or software, or hybrid Example of ADL: –Software ADLs, e.g., Wright or ACME –Some UML diagrams
5
9/19/2008 Architecture modeling with AADL 5 of 90 Why architectural modeling? Helps structure the system into manageable pieces with –well-defined functionality –clear interfaces Avoids integration problems by checking connections between components –Helps manage change! Supports code generation
6
9/19/2008 Architecture modeling with AADL 6 of 90 Overview Background –Architecture description languages –Embedded and real-time systems AADL: ADL for real-time systems Analysis of embedded systems with AADL –Basic analysis –Schedulability analysis with ACSR –Performance analysis with Real-Time Calculus
7
9/19/2008 Architecture modeling with AADL 7 of 90 Embedded system architectures Tight resource and timing constraints –Resource contention: main source of timing violations Include both hardware and software –Increasingly distributed and heterogeneous –Message transmission affect timing as much as processor execution Analysis is important to assess system designs early in the development cycle
8
9/19/2008 Architecture modeling with AADL 8 of 90 8 Architectural vs. analysis modeling Architectural modeling Model transformation Performance and timing analysis Close to the application domain, easy to build and understand. (Semi-)automatic and traceable Approximate and scalable
9
9/19/2008 Architecture modeling with AADL 9 of 90 Real-time systems The science of system development under resource and timing constraints –System is partitioned into a set of communicating tasks –Tasks communicate with sensors, other tasks, and actuators Impose precedence constraints s s s Task 1 Task 2 Task 3 Task 4 a a
10
9/19/2008 Architecture modeling with AADL 10 of 90 Task execution Tasks are invoked periodically or by events –Must complete by a deadline Tasks are mapped to processors Tasks compete for shared resources –Resource contention can violate timing constraints dormant runningpreempted blocked invoked invoke complete
11
9/19/2008 Architecture modeling with AADL 11 of 90 Real-time scheduling Processor scheduling –Task execution is preemptable –Tasks assigned to the same processor are selected according to priorities –Priorities are assigned to satisfy deadlines Static or dynamic Resource scheduling –Mutual exclusion Often non-preemptable –Correlated with processor scheduling
12
9/19/2008 Architecture modeling with AADL 12 of 90 Overview Background –Architecture description languages –Embedded and real-time systems AADL: ADL for real-time systems Analysis of embedded systems with AADL –Basic analysis –Schedulability analysis with ACSR –Performance analysis with Real-Time Calculus
13
9/19/2008 Architecture modeling with AADL 13 of 90 AADL highlights Architecture Analysis and Design Language Oriented towards modeling embedded and real- time systems –Platform and software components –Control, data, and access connections Formal execution semantics in terms of hybrid automata SAE standard AS-5506
14
9/19/2008 Architecture modeling with AADL 14 of 90 Platform components Processor Memory Bus Device AADL components Software components Thread Thread group Data Subprogram Process System components System process System data device bus processor memory thread group subroutine thread
15
9/19/2008 Architecture modeling with AADL 15 of 90 Component interfaces (types) Features –Points for external connections E.g., data ports Flows –End-to-end internal connections Properties –Attributes useful for analysis
16
9/19/2008 Architecture modeling with AADL 16 of 90 Component implementations Internal structure of the component –Subcomponents are type references –Connections conform with flows in the type –External features conform with the type –Internal features conform with subcomponent types
17
9/19/2008 Architecture modeling with AADL 17 of 90 Features and connections Communication –Ports and port groups –Port connections Resource access –Required and provided access –Access connections Kinds of port connections: –Event or data event –Data
18
9/19/2008 Architecture modeling with AADL 18 of 90 Port connections Semantic port connection –Ultimate source to ultimate destination Thread, processor, or device Type checking of connections –Directions and types must match
19
9/19/2008 Architecture modeling with AADL 19 of 90 Thread components Thread represents a sequential flow of control –Can have only data as subcomponents Threads are executable components –Execution goes through a number of states Active or inactive –Behaviors are specified by hybrid automata
20
9/19/2008 Architecture modeling with AADL 20 of 90 Suspended Initialized Thread Inactive Uninitialized Thread Active DeactivateComplete: ActiveIn NewMode: Terminate: Terminated Thread Dispatch: Complete: Fault: Recovered: InitializeComplete: ActiveInInitMode: InactiveInInitMode: InactiveInNewMode: ActivateComplete: FinalizeComplete: Thread State with Source Code Execution Initialize Activate Deactivate Finalize Compute Recover Thread State Repaired: Active Member of current mode Inactive Not member of current mode Thread states
21
9/19/2008 Architecture modeling with AADL 21 of 90 Thread Hybrid Automata
22
9/19/2008 Architecture modeling with AADL 22 of 90 Thread properties Dispatch protocol –periodic, aperiodic, sporadic, or background Period –For periodic and sporadic threads Execution time range and deadline –for all execution states separately (initialize, compute, activate, etc.)
23
9/19/2008 Architecture modeling with AADL 23 of 90 Periodic threads are dispatched periodically –Event arrivals are queued Non-periodic threads are dispatched by incoming events Events can be raised –By executing threads –Via external connections –By the environment (faults etc.) T2T1 Thread dispatch Complete Dispatch 100ms
24
9/19/2008 Architecture modeling with AADL 24 of 90 Other software components Process –Represents virtual address space –Provides memory protection Thread group –Organization of threads within a process –Can be recursive Subprogram –Represents entry points in executable code –Calls can be local or remote
25
9/19/2008 Architecture modeling with AADL 25 of 90 Platform components Processor –Abstraction of scheduling and execution –May contain memory subcomponents –Scheduling protocol, context switch times Memory –Size, memory protocol, access times Bus –Latency, bandwidth, message size
26
9/19/2008 Architecture modeling with AADL 26 of 90 Component bindings Software components are bound to platform components Binding mechanism: –Properties specify allowed and actual bindings Allows for exploration of design alternatives data memory thread processor bus
27
9/19/2008 Architecture modeling with AADL 27 of 90 Putting it all together: systems Hierarchical collection of components memory processor bus
28
9/19/2008 Architecture modeling with AADL 28 of 90 Putting it all together: systems A different perspective on the same system memory processor bus
29
9/19/2008 Architecture modeling with AADL 29 of 90 Modes Mode: Subset of components, connections, etc. Modes represent alternative configurations Compute Estimate fault recover Nominal Degraded recoverfault
30
9/19/2008 Architecture modeling with AADL 30 of 90 Overview Background –Architecture description languages –Embedded and real-time systems AADL: ADL for real-time systems Analysis of embedded systems with AADL –Basic analysis –Schedulability analysis with ACSR –Performance analysis with Real-Time Calculus
31
9/19/2008 Architecture modeling with AADL 31 of 90 Static architectural analysis Type checking –Types of connected ports –Allowed bindings –Ultimate connection sources and destinations Constraint checking –Capacity of memory component for data components bound to it? –Bus capacity for bound connections
32
9/19/2008 Architecture modeling with AADL 32 of 90 Connections to conventional tools Relies on thread semantics Processor scheduling processor T1 Scheduling_protocol => RM Period => 100ms Compute_Deadline => 100ms Compute_Execution_Time => [2ms,7ms] T2 T3 Period => 35ms Compute_Deadline => 35ms Compute_Execution_Time => [1ms,5ms] Period => 20ms Compute_Deadline => 20ms Compute_Execution_Time => [200us,500us] RMA tool
33
9/19/2008 Architecture modeling with AADL 33 of 90 Overview Background –Architecture description languages –Embedded and real-time systems AADL: ADL for real-time systems Analysis of embedded systems with AADL –Basic analysis –Schedulability analysis with ACSR –Performance analysis with Real-Time Calculus
34
9/19/2008 Architecture modeling with AADL 34 of 90 Dynamic architectural analysis Advanced processor scheduling processor T1 T2 T3 Scheduling_protocol => Slack_Server 10ms State space exploration
35
9/19/2008 Architecture modeling with AADL 35 of 90 ACSR basics: events and actions Process: a modeling unit Steps of a process –(Logically) instantaneous events –Timed actions Events are used for communication –Inputs, outputs, and internal: a? b! Actions require resource access –Take one or more units of time
36
9/19/2008 Architecture modeling with AADL 36 of 90 Modeling basics: processes Sequential execution –P 1 performs an event and becomes P 1 ’; P 1 ’ performs an action and becomes P 1 Choice of steps –P 2 can input an event or idle P1P1 P1’P1’ go? {compute} P2P2 P2’P2’ go? {compute} { }
37
9/19/2008 Architecture modeling with AADL 37 of 90 Modeling basics: time progress Timing model –Time is global –All concurrent processes need to pass time together –Passing time is an explicit choice P 1 cannot pass time, but P 2 can P1P1 P1’P1’ go? {compute} P2P2 P2’P2’ go? {compute} { }
38
9/19/2008 Architecture modeling with AADL 38 of 90 Timeouts and interrupts Execution can be abandoned by time progress or external events P2P2 P2’P2’ go? {compute} { } PtPt PiPi stop? t max
39
9/19/2008 Architecture modeling with AADL 39 of 90 Task skeleton A preemptable task T with execution time [c min,c max ]
40
9/19/2008 Architecture modeling with AADL 40 of 90 Task skeleton A non-preemptable task T with execution time [c min,c max ]
41
9/19/2008 Architecture modeling with AADL 41 of 90 Task activation An activator process invokes the task and keeps track of deadlines –Periodic activation with period p and deadline = period –Aperiodic activation by the completion of task T’ with deadline d
42
9/19/2008 Architecture modeling with AADL 42 of 90 Parallel composition Event synchronization Time synchronization P1P1 P1’P1’ go! P2P2 P2’P2’ go? || P 1 ||P 2 P 1 ’||P 2 ’ P1P1 P1’P1’ {cpu} P2P2 P2’P2’ {bus} || P 1 ||P 2 P 1 ’||P 2 ’ {cpu,bus}
43
9/19/2008 Architecture modeling with AADL 43 of 90 Resource conflicts Resources are used exclusively Alternatives must be provided P1P1 P1’P1’ {cpu} P2P2 P2’P2’ {bus} || P 1 ||P 2 P 1 ’||P’ 2 {cpu,bus} P1P1 P1’P1’ {cpu} P2P2 P2’P2’ || X P 2 ’’ {cpu}{ } P 1 ||P 2 ’’ P 1 ||P’ 2 {cpu} {bus}
44
9/19/2008 Architecture modeling with AADL 44 of 90 Priorities and preemption Access to resources in action steps and to event channels is controlled by priorities: {(r 1,p 1 ),(r 2,p 2 )}(e?,p) Preemption relation on events and actions - {(cpu,1),(bus,2)} - {(cpu,2)} {(cpu,1),(bus,2)} - ( ,1) P1P1 P1’P1’ {(cpu,1)} || { } P2P2 P2’P2’ {(cpu,2)} { } P 1 ||P 2 P 1 ||P 2 ’ {(cpu,2)} { }
45
9/19/2008 Architecture modeling with AADL 45 of 90 Scheduling with priorities Priorities in a task reflect scheduling policy Static or dynamic priorities –A task with EDF priorities:
46
9/19/2008 Architecture modeling with AADL 46 of 90 Enforcing progress: resource closure Resource-constrained progress –Processes should not wait unnecessarily In a closed system, processes have exclusive use of system resources P1P1 P1’P1’ {(cpu,1)} || { } P2P2 P2’P2’ {(cpu,2)} { } P 1 ||P 2 P 1 ||P 2 ’ {(cpu,2)} {(cpu,0)} [] {cpu} [
47
9/19/2008 Architecture modeling with AADL 47 of 90 Schedulability analysis Detect two kinds of problems: –Resource conflicts –Timing violations Schedulable systems are deadlock-free Analysis method: –Deadlock detection –Efficient methods for state-space exploration exist –Execution trace to a deadlocked state is produced
48
9/19/2008 Architecture modeling with AADL 48 of 90 Translation of AADL into ACSR For each thread –generate skeleton thread states resources and dependencies (thread connections) –populate skeleton timing: period, deadlines (thread properties) events to raise (out event connections) –generate activator (dispatch policy property) For each processor –generate priorities for mapped threads scheduling policy (processor property)
49
9/19/2008 Architecture modeling with AADL 49 of 90 Overview Background –Architecture description languages –Embedded and real-time systems AADL: ADL for real-time systems Analysis of embedded systems with AADL –Basic analysis –Schedulability analysis with ACSR –Performance analysis with Real-Time Calculus
50
9/19/2008 Architecture modeling with AADL 50 of 90 Performance of stream processing Many embedded systems process streams of events/data –Media players, control systems Each event triggers task execution to process –While the task is busy, events are queued Performance measures: –End-to-end latency –Buffer space Resource bottlenecks
51
9/19/2008 Architecture modeling with AADL 51 of 90 51 Modular Performance Analysis Developed at ETH Zurich since 2003 Based on: –Max-Plus/Min-Plus Algebra [Quadrat et al., 1992] –Network Calculus [Le Boudec & Thiran, 2001] –Real-Time Calculus [Chakraborty et al.,2000] Supported by a Matlab toolbox Next 8 slides courtesy of Ernesto Wandeler, ETHZ
52
9/19/2008 Architecture modeling with AADL 52 of 90 Abstraction for Performance Analysis Processor/Network Task/Message Input Stream Service Model Load Model Concrete Instance Abstract Representation Task / Processing Model
53
9/19/2008 Architecture modeling with AADL 53 of 90 Load Model t [ms] events Event Stream 2.5 Arrival Curve & Delay d demand [ms] 2.5 deadline = d Service Model Load Model Processing Model
54
9/19/2008 Architecture modeling with AADL 54 of 90 Load Model t [ms] events Event Stream 2.5 Arrival Curve & Delay d demand [ms] 2.5 number of events in in t=[0.. 2.5] ms deadline = d Service Model Load Model Processing Model
55
9/19/2008 Architecture modeling with AADL 55 of 90 Load Model t [ms] events Event Stream maximum / minimum arriving demand in any interval of length 2.5 ms 2.5 Arrival Curve & Delay d demand [ms] 2.5 deadline = d Service Model Load Model Processing Model
56
9/19/2008 Architecture modeling with AADL 56 of 90 Load Model t [ms] events Event Stream 2.5 Arrival Curve & Delay d demand [ms] 2.5 deadline = d Service Model Load Model Processing Model ll uu
57
9/19/2008 Architecture modeling with AADL 57 of 90 Load Model - Examples periodicperiodic w/ jitter periodic w/ burstcomplex Service Model Load Model Processing Model
58
9/19/2008 Architecture modeling with AADL 58 of 90 Service Model t [ms] availability Resource Availability maximum/minimum available service in any interval of length 2.5 ms available service in t=[0.. 2.5] ms 2.5 uu ll Service Curves [ l, u ] service [ms] 2.5 Service Model Load Model Processing Model
59
9/19/2008 Architecture modeling with AADL 59 of 90 Service Model - Examples full resource bounded delay TDMA resourceperiodic resource Service Model Load Model Processing Model
60
9/19/2008 Architecture modeling with AADL 60 of 90 d Task / Processing Model ’’ ’’ Service Model Load Model Processing Model
61
9/19/2008 Architecture modeling with AADL 61 of 90 d Task / Processing Model ’’ ’’ Service Model Load Model Processing Model Real-Time Calculus
62
9/19/2008 Architecture modeling with AADL 62 of 90 d Task / Processing Model ’’ ’’ Service Model Load Model Processing Model Real-Time Calculus
63
9/19/2008 Architecture modeling with AADL 63 of 90 Scheduling / Arbitration FP GPS EDF TDMA
64
9/19/2008 Architecture modeling with AADL 64 of 90 Analysis: Delay and Backlog delay d max backlog b max ll uu [ l, u ] [ l, u ] [ l’, u’ ] [ l’, u’ ] RTC Service Model Load Model Processing Model
65
9/19/2008 Architecture modeling with AADL 65 of 90 RTC performance analysis Construct the graph of abstract components –Connected by stream or resource edges Associate input arrival and service curves with source nodes If the graph is acyclic –Compute output curves of each node in the topological order O/w, break cycles and iterate to fixed point Supported by a MATLAB toolbox
66
9/19/2008 Architecture modeling with AADL 66 of 90 Model transformation AADL model is transformed into an RTC model Load: –Input event streams + periodic tasks Service: –Processors + buses Processing components –Threads + connections Connections –Flows provide load connections –Mappings provide service connections
67
9/19/2008 Architecture modeling with AADL 67 of 90 Transformation algorithm Traverse AADL model, collect processing components and input loads Construct graph of processing components based on flows, component mappings, priorities Test if the graph has cycles –If not, done Analysis requires one iteration –O/w, cut the “back” edges Analysis requires fixed point computation Check convergence on the cut edges
68
9/19/2008 Architecture modeling with AADL 68 of 90 Transformation illustrated 2 1 2 1
69
9/19/2008 Architecture modeling with AADL 69 of 90 Transformation illustrated 2 1 2 1 1 2 ==?
70
9/19/2008 Architecture modeling with AADL 70 of 90 Case study: wireless architecture Model a typical application-level architecture –ISA100 application layer as the basis –Study applicability of AADL The need for AADL v2 extensions Perform analysis of several configurations –Find out which modeling approaches work Modeling alarm timeouts as implicit flow did not work at all! –Study performance as function of model size –Scalability of RTC
71
9/19/2008 Architecture modeling with AADL 71 of 90 ISA100 highlights The network contains multiple sensor nodes connected to the wired network through gateways –Wired network is the source of various loads Three flow types: –Periodically published sensor data (TDMA) –Parameter traffic (client/server, CSMA) –Alarm traffic (client/server, CSMA)
72
9/19/2008 Architecture modeling with AADL 72 of 90 ISA100 highlights Parameter cache in the gateway –If the requested parameter is in the cache, it is returned to the operator –Otherwise, a request to the relevant sensor node is sent The response is placed in the gateway and returned to the operator Alarm queue –If queue is full, alarm is dropped Node times out and retransmits –O/w, alarm is queued and acknowledged
73
9/19/2008 Architecture modeling with AADL 73 of 90 February 27, 2008 Honeywell Project Review 73 Architecture model – overall
74
9/19/2008 Architecture modeling with AADL 74 of 90 Architecture model – gateway
75
9/19/2008 Architecture modeling with AADL 75 of 90 Properties Component mapping subcomponents software: process GatewaySoftware.Impl; hardware: processor GatewayHW; properties Actual_Processor_Binding => reference hardware applies to software; Connection mapping connections edconn0: event data port sensor.publish -> gateway.publish { Actual_Connection_Binding => reference mediumWless.mediumTDMA; };
76
9/19/2008 Architecture modeling with AADL 76 of 90 Properties Computation logger: thread AlarmLogger { RTC::Priority => 4; }; thread AlarmLogger properties Dispatch_Protocol => Aperiodic; Compute_Execution_Time => 10 Ms.. 20 Ms; end AlarmLogger; Transmission bus WirelessTDMAdata ParamMsg properties properties Propagation_Delay => 500 Us.. 1 Ms; Bandwidth => 100 Kbps; Source_Data_Size => 512B end WirelessTDMA;end ParamMsg;
77
9/19/2008 Architecture modeling with AADL 77 of 90 Challenges Modeling cache effects –Flow depends on cache lookup Split flow with a scaling factor –Cache is a shared data component Resource contention not modeled Modeling alarm queue –Alarms may be dropped and retransmitted Hard to model directly –Instead, model conditions for no retransmits
78
9/19/2008 Architecture modeling with AADL 78 of 90 More challenges Resource partitioning –CSMA and TDMA are the same medium Modeled separately, need to be kept coherent when parameters change –Virtual buses in AADL v2 – more natural Multiplicity of components –Many sensor nodes huge model, lots of copy & paste => errors –Arrays in AADL v2 – more compact
79
9/19/2008 Architecture modeling with AADL 79 of 90 79 Additional properties Several aspects necessary for analysis are not captured by standard properties of AADL –Some are proposed for v2 (need to be amended) Property set for missing properties: RTC –Input stream properties Input_Timing, Input_Jitter –Output stream properties Output_Rate
80
9/19/2008 Architecture modeling with AADL 80 of 90 Analysis model - I
81
9/19/2008 Architecture modeling with AADL 81 of 90 Analysis model - II
82
9/19/2008 Architecture modeling with AADL 82 of 90 Adding multiple nodes More processing blocks, more CSMA flows
83
9/19/2008 Architecture modeling with AADL 83 of 90 Analysis results Interesting values: –End-to-end delays of flows –Buffer requirement b Q for alarm delivery b Q alarms are never lost –Buffer requirements High values indicate that the system does not have enough throughput for the load Configurations analyzed: –Firmware download – infrequent, long –Network noise – frequent, bursty; short
84
9/19/2008 Architecture modeling with AADL 84 of 90 End-to-end delays – alarm flow Linear for ample throughput
85
9/19/2008 Architecture modeling with AADL 85 of 90 End-to-end delays – alarm flow … dramatic increase for low throughput
86
9/19/2008 Architecture modeling with AADL 86 of 90 Alarm queue requirements Same for both loads; mostly depends on downstream
87
9/19/2008 Architecture modeling with AADL 87 of 90 Scalability – total analysis time
88
9/19/2008 Architecture modeling with AADL 88 of 90 Scalability –time per iteration Experiments require 4-6 iterations
89
9/19/2008 Architecture modeling with AADL 89 of 90 Scalability results Analysis time is much more sensitive to –curve shapes –ranges of timing constants which, of course, affect curve shapes than to the number of blocks to process Lots of simple nodes are much more efficient to analyze than even a few complex nodes “Divide and conquer” approaches are possible to explore isolated changes
90
9/19/2008 Architecture modeling with AADL 90 of 90 Summary Architectural modeling and analysis –aids in design space exploration –records design choices –enforces architectural constraints AADL –Targets embedded systems –Builds on well-established theory of RTS –As a standard, encourages tool development Architectural analysis (+component semantics) –Schedulability (by transformation to ACSR) –Performance (by transformation to RTC)
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.