Chengcong Si,Shihai Wang,Bin Liu

DOI: https://doi.org/10.1109/phm.2015.7380013

2015-01-01

Abstract:Integrated Modular Avionics (IMA) system is real-time and safety-critical system. Architecture Analysis and Design Language (AADL) is a standard modeling language, which has been widely used in modeling and analyzing real-time embedded systems, especially in avionics systems. The analysis of IMA systems on time domain is mainly about the verification of configuration information. However, it is only concerned about one or two constraints when it comes to safety constraint. In this paper, a new approach to safety analysis of IMA partition scheduling concerning about multi-constraint is introduced. Modeling the partitioned system with AADL and its extended property set is necessary to analyze the system. Four constraints and corresponding decision conditions are proposed to improve safety of the system. Then, the configuration file can be judged if it is eligible to the schedulability demands. The method proposed in this paper can help system integrators to do a right configuration on time domain. An example of IMA system is given in this paper as well to demonstrate our method, the model described by AADL and the analysis result is also given.

Peng Zhang,Yu Liu,Jianqi Shi,Yanhong Huang,Yongxin Zhao

DOI: https://doi.org/10.1109/access.2019.2927516

IF: 3.9

2019-01-01

IEEE Access

Abstract:In the field of intelligent connected vehicles, as the rate of in-vehicle communication continues to increase, the importance of real-time and reliability requirements has been more prominent. The time-sensitive networking (TSN) task group is dedicated to the amendments for meeting the urgent needs in the industrial field. In the implementation of the TSN, time latency bounds of critical traffic, memory bounds of nodes and utilization of transmission resources are needed to evaluate the feasibility of the TSNs. In this paper, we propose a framework called component-based analysis (CBA) to analyze these properties. In CBA, we use a data model, a resource model, and a component model to construct an abstract model of the TSNs with the system architecture and analyze the feasibility of this abstract model with real-time calculus. Moreover, we discuss the preemption mechanism mentioned in IEEE 802.1 Qbu to handle the conflict of different priority queues, which has a serious influence on the resource model of the TSNs. Finally, we validate this framework by performing an analysis on a synthetic case and compare the obtained properties with different conflict handling mechanisms.

Rémi Bastide,David Navarre,Philippe Palanque,Amélie Schyn,Pierre Dragicevic,R�mi Bastide,Am�lie Schyn

DOI: https://doi.org/10.1145/1027933.1027974

2004-01-01

Abstract:This paper presents the use of a model-based approach for the formal description of real-time embedded multimodal systems. This modeling technique has been used in the field of military fighter aircrafts. The paper presents the formal description techniques, its application on the case study of a multimodal command and control interface for the Rafale aircraft as well as its relationship with architectural model for interactive systems.

Xinying Li,Huagang Xiong

DOI: https://doi.org/10.1109/dasc.2009.5347426

2009-01-01

Abstract:Integrated Modular Avionics (IMA) has now been fully developed, and installed in practically every new airplane model that are in service today. IMA approach allows mixed criticality real-time applications to be merged into integrated system. These integrated real-time applications must meet their own timing requirements and be protected from other malfunctioning applications, while physically sharing resources such as processors and communication networks. To guarantee timing constraints and dependability of each application, an IMA-based system must be equipped with strong partitioning schemes. Based on ARINC IMA standards, we refer a model as strongly partitioned distributed real-time system which composed of three major parts that are Avionics Subsystem, End System and Avionics Full Duplex Switched Ethernet (AFDX) Communication System. We build the two-level scheduling hierarchy architecture model of Avionics Subsystem to provide spatial and temporal partitioning for real-time applications. End system provides communication interface for Avionics Subsystem and AFDX Communication system. AFDX Communication system provides reliable message transmission among applications. To evaluate the performance of an IMA-based system, simulation tool based on the discrete event system simulation method has been developed. The simulation captures additional characteristics of the system with respect to the analytical study, which is basically used to evaluate worst cases and deterministic guarantees. The tool is designed to help platform designer, applications developer and system integrator to describe and evaluate different implementation choices.

Jinchao Chen,Chenglie Du

DOI: https://doi.org/10.1109/PIC.2015.7489902

2015-01-01

Abstract:Recently the integrated modular avionics (IMA) architecture has been widely adopted by the avionics industry due to its strong partition mechanism. Although the IMA architecture can achieve effective cost reduction and reliability enhancement in the development of avionics systems, it results in a complex allocation and scheduling problem. In this paper, we analyze the schedulability of independent partitions and provide proper schedules for multi-core IMA systems. We first calculate the maximum scaling factor, by which the execution times of all partitions can be multiplied without violating the timing requirements of the systems. Then, we use the scaling factor obtained to determine whether all partitions are schedulable and produce a valid allocation for each partition. Finally, simulation experiments are conducted to show the efficiency and reliability of our approach in terms of time consumption and acceptance ratio.

Dajiang Suo,Jinxia An,Jihong Zhu

DOI: https://doi.org/10.1109/apsec.2011.27

2011-01-01

Abstract:This paper seeks to model the Integrated Modular Avionics (IMA) using Architectural Analysis and Design Language (AADL). In particular, the mechanism to describe the dynamic reconfiguration of multimodal system is presented. By translating the AADL model into Time Petri Net (TPN), some real-time and logical properties (deadlock, reach ability, missed deadline) of reconfiguration could be checked. The analysis results could then be used to adjust the design of software at the early stage of system development and ensure that the reconfiguration of IMA meets the real-time constraints.

Lisong Wang,Ying Zhou,Mingming Wang,Jun Hu

DOI: https://doi.org/10.1007/978-3-319-69096-4_35

2017-01-01

Abstract:It is of a great importance for ensuring the correctness of system reconfiguration information and the satisfiability of partition time requirement in safety and reliability of critical systems such as integrated modular avionics (IMA). This paper considers a configuration information model transformation and verification approach and scheduling validation of IMA systems in the model-driven architecture with ARINC653 specification. Considering the features of IMA systems such as time or space multi-partition, this paper firstly defines a semantic mapping from the core elements of reconfiguration information (e.g. modules, partitions, memory, process and correspondence, etc.) to the MARTE model elements, and proposes a transformation approach between system configuration information and MARTE models. Then, design a scheduling validation framework of IMA partition system and then use MAST tool to make simulation for the MARTE model to verify the schedulability. Finally, a case study is illustrated to show the effectiveness of above proposed approach.

Xiaomin Liu,Chen Cao,Xiaohu Zhao,Jinping Sun,Jianliang Zhu

DOI: https://doi.org/10.1109/dasc.2015.7311656

2015-01-01

Abstract:Distributed Integrated Modular Avionics (DIMA) system architecture is the main trend of the development in aerospace domain. The integrated computing system of DIMA system is distributed in physical form, but it is unified in the form of logical level. The DIMA architecture effectively modifies the problem of fault isolation, reconfiguration and resource utilization in IMA architecture.This paper presents the unified network, which is Time-triggered Ethernet network, in DIMA system. TTE network can be the integration approach for subsystem in DIMA system, because it has the advantages in low network delay and transmission determinism. And in order to verify the TTE network performance, network calculus is applied to analyze the network performance. A simulation model of TTE network is proposed and maximum network delay and backlog can be calculated by the network calculus.

Jinchao Chen,Chenglie Du,Pengcheng Han

DOI: https://doi.org/10.1371/journal.pone.0168064

IF: 3.7

2016-01-01

PLoS ONE

Abstract:Recently the integrated modular avionics (IMA) architecture has been widely adopted by the avionics industry due to its strong partition mechanism. Although the IMA architecture can achieve effective cost reduction and reliability enhancement in the development of avionics systems, it results in a complex allocation and scheduling problem. All partitions in an IMA system should be integrated together according to a proper schedule such that their deadlines will be met even under the worst case situations. In order to help provide a proper scheduling table for all partitions in IMA systems, we study the schedulability of independent partitions on a multiprocessor platform in this paper. We firstly present an exact formulation to calculate the maximum scaling factor and determine whether all partitions are schedulable on a limited number of processors. Then with a Game Theory analogy, we design an approximation algorithm to solve the scheduling problem of partitions, by allowing each partition to optimize its own schedule according to the allocations of the others. Finally, simulation experiments are conducted to show the efficiency and reliability of the approach proposed in terms of time consumption and acceptance ratio.

Min Zhang,Yunhui Ying

DOI: https://doi.org/10.1145/3078633.3081035

2017-01-01

Abstract:The Clock Constraint Specification Language (CCSL) is a formal language companion to MARTE (shorthand for Modeling and Analysis of Real-Time and Embedded systems), a UML profile used to facilitate the design and analysis of real-time and embedded systems. CCSL is proposed to specify constraints on the occurrences of events in systems. However, the language lacks efficient verification support to formally analyze temporal properties, which are important properties to real-time and embedded systems. In this paper, we propose an SMT-based approach to model checking of the temporal properties specified in Linear Temporal Logic (LTL) for CCSL by transforming CCSL constraints and LTL formulas into SMT formulas. We implement a prototype tool for the proposed approach and use the state-of-the-art tool Z3 as its underlying SMT solver. We model two practical real-time and embedded systems, i.e., a traffic light controller and a power window system in CCSL, and model check LTL properties of them using the proposed approach. Experimental results demonstrate the effectiveness and efficiency of our approach.

Zied Aloui,Nawfal Ahamada,Julien Denoulet,Francine Pierre,Martin Rayrole,Marc Gatti,Bertrand Granado

DOI: https://doi.org/10.4271/2016-01-2069

2017-02-22

Abstract:Avionics is one kind of domain where prevention prevails. Nonetheless fails occur. Sometimes due to pilot misreacting, flooded in information. Sometimes information itself would be better verified than trusted. To avoid some kind of failure, it has been thought to add,in midst of the ARINC664 aircraft data network, a new kind of monitoring.

Software Engineering

汤小明,张新国

DOI: https://doi.org/10.16182/j.cnki.joss.2013.07.009

2013-01-01

Abstract:Aiming at the Integrated Modular Avionics(IMA),a model of timing analysis for the temporal and spatial partitioning architecture was proposed.Based on the IPET and invariant analysis,a timing analysis tool IMATime was discussed and implemented.And then the time and size evaluations of IMATime were conducted using SNU Benchmark.Meanwhile the three-level analysis of the temporal and spatial partitioning software platform FCOS was mentioned in detail.The analysis result will not only guide the general design,but also provide the IMA-dedicated parameters,such as partition period and partition capacity.At last as a real case of IMA which integrated the Flight Control System,Navigation System and Data Transmission System,the holistic timing analysis was discussed.

Ying Wang,Dianfu Ma

DOI: https://doi.org/10.4304/jnw.8.5.1088-1095

2013-01-01

Journal of Networks

Abstract:With the ever-growing avionics functions, the modern avionics architecture is evolving from traditional federated architecture to Integrated Modular Avionics (IMA). ARINC653 is a major industry standard to support partitioning concept introduced in IMA to achieve security isolation between avionics functions with different criticalities. To decrease the complexity and improve the reliability of the design and implementation of IMA-based avionics software, this paper proposes an automatic development process based on Architecture Analysis & Design Language. An automatic model transformation approach from domain-specific models to platform-specific ARINC653 models and safety-critical ARINC653-compliant code generation technology are respectively presented during this process. A simplified multi-task flight application as a case study with preliminary experiment result is given to show the validity of this process .

Étienne André,Jawher Jerray,Sahar Mhiri

DOI: https://doi.org/10.1007/978-3-030-32505-3_7

2019-07-29

Abstract:Time4sys is a formalism developed by Thales, realizing a graphical specification for real-time systems. However, this formalism does not allow to perform formal analyses for real-time systems. So a translation of this tool to a formalism equipped with a formal semantics is needed. We present here Time4sys2imi, a tool translating Time4sys models into parametric timed automata in the input language of IMITATOR. This translation allows not only to check the schedulability of real-time systems, but also to infer some timing constraints (e.g., deadlines, offsets) guaranteeing schedulability. We successfully applied Time4sys2imi to various examples.

Software Engineering,Logic in Computer Science

Libero Nigro,Franco Cicirelli

DOI: https://doi.org/10.3390/math12060812

IF: 2.4

2024-03-11

Mathematics

Abstract:Modeling and verification of the correct behavior of embedded real-time systems with strict timing constraints is a well-known and important problem. Failing to fulfill a deadline in system operation can have severe consequences in the practical case. This paper proposes an approach to formal modeling and schedulability analysis. A novel extension of Petri Nets named Constraint Time Petri Nets (C-TPN) is developed, which enables the modeling of a collection of interdependent real-time tasks whose execution is constrained by the use of priority and shared resources like processors and memory data. A C-TPN model is reduced to a network of Timed Automata in the context of the popular Uppaal toolbox. Both functional and, most importantly, temporal properties can be assessed by exhaustive model checking and/or statistical model checking based on simulations. This paper first describes and motivates the proposed C-TPN modeling language and its formal semantics. Then, a Uppaal translation is shown. Finally, three models of embedded real-time systems are considered, and their properties are thoroughly verified.

mathematics

Jing Liu,Ping Wang,Jinlong Lin,Chao-Hsien Chu

DOI: https://doi.org/10.1109/ithings-greencom-cpscom-smartdata.2017.17

2017-01-01

Abstract:Wireless Mesh Networked Control Systems (WMNCSs) are typical cyber-physical systems widely used in industry that have to meet critical safety requirements. The control algorithm and system are usually designed by different persons. The isolated design process leads to higher integration, testing and debugging costs and poor resource utilization To bridge this gap, this paper proposes a controller/architecture co design framework for WMNCSs. This framework is based on architecture analysis and design language (AADL) and real-time calculus (RTC) theory. Firstly, we show how to build AADL model of WMNCSs, then a method of model transformation that translates AADL model to RTC model is proposed. With these two models, we can analyze the non-function properties of the system before implementation Matlab/Simulink and OSATE are integrated to support the realization of this framework We also develop several tools as plugins of OSATE to support the analysis of WMNCSs. The synthesis of above contributions is a largely automated co-design and analysis process of WMNCSs.

Ningning Chen,Huibiao Zhu

DOI: https://doi.org/10.1002/smr.2595

2024-01-01

Abstract:With the rapid popularization of smart devices, the applications and technologies of the Internet of Things (IoT) are in high demand worldwide, especially in improving development efficiency and ensuring system quality, reliability, and security. Formal methods have been successfully used to specify, verify, and analyze software and hardware systems, effectively alleviating the above problems in these systems. However, most of the existing works mainly focus on the practical applications of IoT, and there is a lack of research on modeling and analyzing IoT systems from the perspective of formal methods. In this paper, we first propose a secure mobile real-time process calculus for specifying and reasoning about IoT systems, called SMrCaIT, which supports not only value-passing communication but also name-passing communication. In addition, this calculus can strictly separate process actions and mobility modeling by providing parametric mobility models. Subsequently, we present the operational semantics of this calculus, in particular, the rules on how to secure channel communication by closing the scope of a channel and handling scope extrusion. Taking vehicle ad hoc network (VANET) as a case, the application details of SMrCaIT and its operational semantics are fully demonstrated. By using the rewrite engine Real-Time Maude, we further implement SMrCaIT and its operational semantics and verify some properties of the VANET case to indicate the effectiveness of our calculus in real-world scenes.

Christopher S. Beaverstock,Thomas S. Richardson,Alireza Maheri,Askin Isikveren

DOI: https://doi.org/10.5589/q12-003

2012-04-01

Canadian Aeronautics and Space Journal

Abstract:Flight control system design typically involves hardware and software development, requiring the definition of both continuous and discrete design parameters. The control surface topology is an example of a discrete optimization problem, whereas the tuning of control system gains is an example of a continuous one. Contemporary design practice classically involves decoupling these two problems, however, they are intrinsically linked; for example, the maximum performance attainable by the control system software is determined by the control system topology employed. The cascaded effect is that no definitive sequential roadmap of development can be established, resulting in the requirement for an iterative framework using dynamic programming or optimization methods. This paper presents a framework for aircraft design together with the Flight Control System Designer Toolkit, and the Computerised Environment for Aircraft Synthesis and Integrated Optimisation Methods. The software platform was developed for the European Framework 6 Program Simulating Stability and Control and integrates both the reliability-driven hardware analysis and the performance-driven software design. A case study is presented, based on the NASA Boeing 747–100 model, in order to demonstrate the potential impact of introducing control design early into the design process and to show the intrinsic nature of the hardware–software FCS problem.

Xinying Li,Huagang Xiong

DOI: https://doi.org/10.1109/DASC.2010.5655443

2010-01-01

Abstract:In the development of avionics systems, Integrated Modular Avionics is advocated for next generation architecture that needs integration of mixed criticality real-time applications. All real-time applications are processed by integrated avionics processing systems. To guarantee spatial and temporal isolation for these applications, the ARINC 653 standard which defines an interface for avionics real time operating systems provides hierarchy partitioning scheduling schemes. To understand of the operation of evolving avionics processing system instances and standards early in the design cycle, a flexible means is to conduct an analysis through the development of an avionic processing system model. This article focuses on the modeling and the performance analysis of avionics processing systems which based on hierarchical partitioning scheduling. Three modeling domains have been proposed: application model, architecture model, and behavioral model. To evaluate the performance of an IMA-based system, simulation environment based on the discrete event system simulation method has been developed. The simulation captures characteristics of the system such as architecture bottlenecks and system capacity. Visualization displays support the modeling framework. The simulation tool helps platform designer, applications developer and system integrator to describe and evaluate different implementation choices.

André Leblond,Michel Batteux,Antoine Rauzy

DOI: https://doi.org/10.1177/1748006x231206444

2024-01-06

Proceedings of the Institution of Mechanical Engineers Part O Journal of Risk and Reliability

Abstract:Proceedings of the Institution of Mechanical Engineers, Part O: Journal of Risk and Reliability, Ahead of Print. In this article, we propose a new approach for safety assessment of safety-critical systems. This approach, so-called Synthesis, is dedicated to the Preliminary System Safety Assessment included within the process of Safety Certification of avionic systems. The central idea consists in decomposing the assessment into two parts aiming at studying respectively the functional and the physical characteristics of the system under study. The whole approach is supported by a fully operational tool chain, dedicated to probabilistic safety assessment, which includes the AltaRica 3.0 integrated modeling environment, and a tool dedicated to the synthesis of functional minimal cutsets into physical minimal cutsets, making possible their quantitative assessment. We illustrate the benefits of the approach by means of a concrete avionic case study.

engineering, industrial, multidisciplinary,operations research & management science