Classification of RTS

Dr. Hugh Melvin, Dept. of IT, NUI,G 1

Classification of RTS


RTS Definitions

• Precise definition of RTS?– Difficult due to the extent and scope of RTS– System where a substantial fraction of the design

effort goes into making sure that deadlines are met (Krishna/Shin)

• Response Time is an important parameter:– The time between the presentation of a set of inputs

to a system (stimulus) and the realisation of the required behaviour (response) including the availability of all associated outputs, is called the response time of the system (Laplante)


RTS Definitions • Alternative definitions

– System that must satisfy explicit (bounded) response-time constraints or risk severe consequences, including failure (Laplante)

– System whose logical correctness is based on both the correctness of the outputs and their timeliness (Laplante)

• Failed System– A system that cannot satisfy one or more of the

requirements stipulated in the formal system specification (Laplante)

• Applies only to Hard RTS


RTS Definitions

• Failed Systems– RTS software rather than hardware usually at fault– Emergence of Software Engineering

• Attempts by US DoD (SEI) to improve on the dismal record of software in military systems

• Has extended to general software industry• All practical system are RTS?

– Time constraints are always bounded?

• Need for Classification of RTS– Hard – Firm – Soft– Differ by the consequences of missed deadlines


RTS Definitions

• A Hard RTS is one in which failure to meet a single deadline may lead to complete and catastrophic system failure (Laplante)

• Eg.– Power Plant

• Turbine Overspeed Protection• Fuel Shutdown

– Flight Controller– ABS (Antilock Braking System)


Hard RTS

Teleperm ME System Overview

VAXMaintenance Management

System

I/O

CPU

I/O

CPU

I/O I/O

CPU CPU

Bin

ary

Fie

ld I

nput

sB

inar

y O

utpu

tsA

nalo

gue

Inpu

tsA

nalo

gue

Out

puts

Bin

ary

Fie

ld I

nput

sB

inar

y O

utpu

tsA

nalo

gue

Inpu

tsA

nalo

gue

Out

puts

Bin

ary

Fie

ld I

nput

sB

inar

y O

utpu

tsA

nalo

gue

Inpu

tsA

nalo

gue

Out

puts

I/O

CPU

AS101 AS133AS112 AS131AS017AS013

Boiler BMSTurbine

I/O

CPU

R30

I/O

CPU

I/O

CPU

I/O

CPU

AS231Unit Alarms System

PG750Maintenance

Computer

OS254OperationsComputer

Turbine Boiler

VDU 1 VDU 1

VDU 2

VDU 3

Operator’sKeyboard

MEC-RTData Storage Unit

Programmers VDU & Keyboard

VDU 2

VDU 3



Programming Room Printer

Fault Log Printer

Con

trol

Roo

m

Control R

oom

LPA0

LPA1

Local Printer

VDU 1

VDU 2


5 1/4”FDDStorage Unit

Alarms Printer

Annunciator

I/O

CPU

Local T

erminals

CPU

I/O


VDU 1

VDU 2

VDU S\E’sOffice

VDU Prog. Room

Tape DriveStorage Unit

Operators Keyboard 1

Operators Keyboard 2

S\E’s Keyboard 1

Programmers Keyboard

Annunciator

Printer 1

Printer 2

Printer Prog. Room

CS 275 Bus Bus 0 Bus 1

HW Analog Inputs

HW Binary Inputs

S\E’s VDU & Keyboard

Bus Coupler

12:45:01 23:01:97

Master Clock


Remote OperatorStation

Control Room Unit 3 Operator Station

OIS Server IBM NetFinity 5510



Station LAN

MP002

GatewayR30 Room Gateway

Communications Room

MP001

Bus ABus B

Bus Coupler

U/I

CS275Bus 0

Synogate Interfaceto CS275

CS275Bus 1

U/I

Bus ABus B

Bus Coupler

U/I

CS275Bus 0


CS275Bus 1

U/I

Bus ABus B

Bus Coupler

U/I

CS275Bus 0


CS275Bus 1

U/I

Unit 1 Unit 2 Unit 3


Burner Management System

CPU 2CPU 1 CPU 3

.. .. ........

2 out of 3

Non-Redundant Control Circuits

Double RedundantSafety Circuits Triple Redundant Safety Circuits

N8 N8

U/I U/I

Bus ABus B

CS275


Hard RTS• Emergence of Fly-by-wire control systems• Military Aircraft• Year Aircraft %Fns supported by S/W

1960 F-4 81982 F-16 452000 F-22 80

(Source: W.S Humphreys “Winning with S/W, An Exec. Stgy”, Add-Wes. 2002)

• Civilian aircraft similar• Also

– Robotics– Medical Devices– ABS / Airbag Protection

• Most Hard RTS are embedded devices with limited and very specialised software designed for specific hardware


RTS Definitions

• A Soft RTS is one in which performance is degraded but not destroyed by failure to meet response time constraints (Laplante)

• Eg.– Multitasking PC– Internet-based Multimedia

• VoIP – Note: For MM data, requirement for logical

correctness of output can be relaxed somewhat (See G.1010)


Soft RTS: Multimedia ?


Soft RTS : VoIP


RTS Definitions

• A Firm RTS is one in which a few missed deadlines will not lead to total failure, but missing more than a few may lead to complete and catastrophic system failure failure (Laplante)

• Difficult to find examples!


Firm RTS

• Somewhere in the middle– Eg. Private IP Network governed by SLA (Service

Level Agreement)• SLA specifies jitter/delay/loss/availability

– 99.999% Availability

• Lack of adherence results in :– Irate customers loss of business

– Penalties imposed on provider

– Consumer Devices• Mobile Phone / Cameras etc…

– Reservation Systems


Sample Time and Response Time• Sample time refers to the rate at which a

parameter is monitored• Sample time and Response time are both

related to the underlying physical phenomena– Eg. Power System control/protection systems for

– Steam Pressure / Turbine Speed / Overvoltage – 3 phenomena have very different natural characteristics– Require very different Sample Times and Response Times to

react safely to changing/dangerous conditions

– Eg. Flight Control / Car ABS– Sample and Response Times depend on Maximum velocity– 2 aircraft @ 600 mph = relative velocity of 1200 mph

» 1760 feet/sec (Min Vertical flight separation = 1000 ft = 0.6 sec)

– 2 cars at 120 kph = 66 m/sec .. Response time of msec reqd


Sample Time and Response Time• Hard RTS

– No point in sampling more frequently than necessary• Wasteful of CPU/Memory• Eg. Steam Pressure versus Voltage

– Response time must be guaranteed : Good Average performance is of little use

• At 35000 ft when cabin pressure is lost• When a Power station at full output is suddenly disconnected from

the National Grid• When ABS is required to work

• Soft RTS– Conventional PC OS designed for timesharing and multitasking– Complex timesharing scheduler– Good Average Performance acceptable


Analog Inputs via ADC Modules

2 Wire Transmitter4 … 20 mA

4 Wire Transmitter0 … 20 mA

2 Wire Transmitter0 … 10V

Spare

0 6600%

CPU

ASE 6DS1714-8AA

Ch 4

Ch 1

Ch 2

Ch 3

0 - 200 bar

0 - 3000 rpm

Voltage

spare


RTS Definitions• Deterministic System

– System that for each possible state and set of inputs, a unique set of outputs and the next state of the system are known Importance of thorough system specification and

testing 2OI – 2nd Order Ignorance- “You cannot test for

things you don’t know you don’t know”

• Temporal Determinism• Response Time is also known• Critical and extra reqd for RTS


RTS Definitions• CPU Utilisation (U)

– Measure of the percentage of non-idle processing– 70% is useful rule of thumb based on scheduling

theory (cf later)– Consider task 1 n where

• task i has period p i ,freq of 1/ pi and worst case execution time ei

• ei can be very difficult to quantify

• Utilisation factor (worst case) for task i ; ui = ei / pi

– Overall CPU U=

n

iiu

1


RTS Components• Hardware

– Specific to application– Tend to be I/O intensive

• Power Systems• Fly-by-wire• MM: VoIP

• Software – Specific to Application

• Assembly language / C widely used• Interface directly with hardware

– RT Programming Languages• Power Systems: Siemens OEM Programming Language• Ada is most recognised Real Time Lang. (RealTime Java?)

– Boeing 777 control written in Ada


RTS Components• RTOS

– Many Hard RTS do not have an OS as such• Cyclic Executive approach used• OS introduces too much complexity• OS not needed if embedded device is simple enough or can

be very well defined– Soft-Firm RTS often utilise RTOS

• Facilitates multiple concurrent processes• Requires Scheduler• Memory Management

Process Priorities ensure determinism Eg. Mobile Phones / PDA / Network Switches• Increasing use in Hard RTS : Mars Pathfinder

– Note: Conventional OS can be adequate for Soft/Firm RTS


Taco-generatorDrive Unit

Conveyor Belt

Thyristor Drive UnitProcessor(incl ADC/DAC)

Process Control

Signal Conditioning

Operator Interface

EY

Belt Running

Drive Temp High

Simple Control SystemProcess

Field Inputs / Outputs

Speed Setpoint


Less simple control System : Boeing 777


RTS Components• Fault Tolerant Techniques

– Full/Partial Fault Tolerance• Hardware Redundancy

– Voting schemes• Software Redundancy

– N-version Programming• Time Redundancy

– Build in time slack or roll back • Information Redundancy

– Error Detection + Correction » FEC & PLC techniques

– Note: TCP-IP based Error Detection via CRC relies on Time Redundancy for TCP traffic. Not acceptable for UDP based MM traffic

– Graceful degradation

– Failsafe operation


RTS Components

– Common hydraulic system for Steering, Brakes and Suspension

– Failsafe operation• Suspension• Braking• Steering


Fault Tolerant Techniques

CPU 1 CPU 2 CPU 3

2-out-of-3 2-out-of-32-out-of-3

2-out-of-3 2-out-of-3 2-out-of-3

2-ou

t-of

-3

Inputs Outputs

Extension Units

EAVn

ZV1 ZV2 ZV3

ZV1 ZV2 ZV3

DB-In DB-In DB-InDB-Out DB-Out DB-Out

Cen

tral

Uni

tI/

O L

evel

RAMEPROM

1

RAMEPROM

2

RAMEPROM

3


Fault Tolerant Techniques: Airbus

• 3 Main Flight Controllers

• 2 Backup Flight Controllers

• Software developed by different teams and on different platforms

• Seamless transfer• ..See video !


RTS: Closing Remarks• RTS are more concerned with predictability of

response times rather than absolute response times– Providing faster processors will convert a PC (Soft

RTS) to a faster PC (Soft RTS), not a Hard RTS. • Many Hard RTS are embedded devices

– Specific hardware– Customised and limited software– No OS– Guarantees are provided through simplicity, precise

definition and overprovisioning• Distinction between Soft-Firm RTS vague

Classification of RTS

Documents

Transcript of Classification of RTS