Presentation is loading. Please wait.

Presentation is loading. Please wait.

..................................... Model for Supporting High Integrity and Fault Tolerance Brian Dobbing, Aonix Europe Ltd Chief Technical Consultant.

Published byJulius Kelly Modified over 9 years ago

Similar presentations

Presentation on theme: "..................................... Model for Supporting High Integrity and Fault Tolerance Brian Dobbing, Aonix Europe Ltd Chief Technical Consultant."— Presentation transcript:

1 ..................................... Model for Supporting High Integrity and Fault Tolerance Brian Dobbing, Aonix Europe Ltd Chief Technical Consultant November 1999

2 ............................................... November 1999 High Integrity and Fault Tolerance Background n Real-Time Core Specification is Released n High Integrity Profile –A subset of APIs in the RT-Core –Address requirements of Fault Tolerance High Integrity and Safety Critical systems –Work in progress, led by Aonix Draft circulated for internal J-Consortium review CALL FOR PARTICIPATION e.g. from Telecoms

3 ............................................... November 1999 High Integrity and Fault Tolerance Characteristics Partitioning Minimal Size Determinism Certifiability Fault Tol High Integ Safety Crit

4 ............................................... November 1999 High Integrity and Fault Tolerance Partitioning - single processor Non-Critical e.g. JVM Critical Component I/O devices Physical memory access Other peripherals Network Controlled Communication

5 ............................................... November 1999 High Integrity and Fault Tolerance Partitioning - hot standby Network Critical Component Controlled Communication Critical Component I/O devices / Physical memory Controlled Communication Messages

6 ............................................... November 1999 High Integrity and Fault Tolerance Partitioning - distribution Network Critical Component Controlled Communication Critical Component I/O devices / Physical memory Controlled Communication Non-Critical Component Messages Support for Distributed Systems is being addressed by “Real-Time and Embedded Distributed Middleware Profile”

7 ............................................... November 1999 High Integrity and Fault Tolerance Partitioning - interfaces Critical Component Remote Method Invocation Interface Parameters / Results (No Addresses) Physical Memory

8 ............................................... November 1999 High Integrity and Fault Tolerance Partition Construction n Static Linking only –Need to verify statically every byte loaded n Native code execution only –Temporal constraints prohibit interpreters n “Control” of the processor –HI partition will (normally) contain main() –Low-level interaction with underlying board Intended to be user-configurable

9 ............................................... November 1999 High Integrity and Fault Tolerance Memory Management (1) Execution Stack Default Allocation Context Per Thread Stackable Objects plus dynamic call frames Non-Stackable Objects No garbage collector!

10 ............................................... November 1999 High Integrity and Fault Tolerance Memory Management (2) n Allocation context re-used for each run() –Useful for Periodic, Sporadic, Interrupt tasks n Special allocation context supported –Programmatic reclamation for Ongoing tasks n Allocation context must be non-fragmenting

11 ............................................... November 1999 High Integrity and Fault Tolerance Concurrency n Periodic tasks (threads) –Scheduled by the runtime system n Sporadic tasks (threads) –Additional to RT Core, run by signalling Events n Interrupt “tasks” (handlers) –Triggered by hardware / software interrupt n Ongoing tasks (not run automatically) –Often background tasks in an infinite loop

12 ............................................... November 1999 High Integrity and Fault Tolerance Task Interaction n Remove asynchronous task-to-task actions –Stop, Interrupt, Wakeup, Suspend / Resume –Important for replica determinism n PCP used for Synchronized methods –Mutual exclusive access to Shared Resources –Tight bound on the blocking time (no queues) –Used in preference to mutexes, semaphores n Atomic regions used for interrupt handlers –Can signal Event object to run Sporadic task

13 ............................................... November 1999 High Integrity and Fault Tolerance Task Interaction Example Periodic Task Sporadic Task Interrupt Task PCP Object putget Event object signalrun H/w interrupt run

14 ............................................... November 1999 High Integrity and Fault Tolerance Scheduling n Priorities as in the RT-Core –Interrupt range + non-interrupt range n Normal FIFO_Within_Priorities scheduling n Task inherits ceiling priority when in PCP n Each task has : –Base priority (at creation time) –Active priority (for scheduling) Higher of base and any inherited priority

15 ............................................... November 1999 High Integrity and Fault Tolerance Sequential Execution n Need to be able to support : –Access to physical memory addresses for example RT Core IO class and Device I/O Registry –Exception handling Needed for failure recovery (roll back state) –Finally clauses Tidy up when failure occurs n Must exclude any non-determinism –Needed for replica consistency in fault tolerance

16 ............................................... November 1999 High Integrity and Fault Tolerance Fault Tolerance (1) n Hardware-related considerations –Keep standby replicas as identical as possible Eliminate constructs with race conditions Predictable execution even if clocks vary slightly –Allow access to physical addresses e.g fast DMA to compare / update state in replica –No addresses exported from HI partition Simplifies switching to replica on failure

17 ............................................... November 1999 High Integrity and Fault Tolerance Fault Tolerance (2) n Software-related considerations –Checkpoint objects at specific points Save state in durable (persistent) storage Allow access to physical addresses for this storage –Detect and recover from data errors Exception catching Roll back to saved state –Tidy up in normal and exception case Finally clauses

18 ............................................... November 1999 High Integrity and Fault Tolerance Summary (1) n The HI Profile supports : –Partitioning Controlled access to code and data –Determinism in sequential and concurrency –Small footprint runtime system n Proposed features : –Simplified memory management scheme Including access to physical memory addresses –Simplified threads kernel –Full exception handling and “finally” clauses

19 ............................................... November 1999 High Integrity and Fault Tolerance Summary (2) n The HI Profile will be : –Compatible with the Real-Time Core definition –Compatible with the Distributed Middleware profile n A full solution for the entire range of software requirements Needs YOUR review comments & participation

Download ppt "..................................... Model for Supporting High Integrity and Fault Tolerance Brian Dobbing, Aonix Europe Ltd Chief Technical Consultant."

Similar presentations

More on Processes Chapter 3. Process image _the physical representation of a process in the OS _an address space consisting of code, data and stack segments.

More on Processes Chapter 3. Process image _the physical representation of a process in the OS _an address space consisting of code, data and stack segments.
Chorus and other Microkernels Presented by: Jonathan Tanner and Brian Doyle Articles By: Jon Udell Peter D. Varhol Dick Pountain.

Chorus and other Microkernels Presented by: Jonathan Tanner and Brian Doyle Articles By: Jon Udell Peter D. Varhol Dick Pountain.
Adapted from A. Burns, B. Dobbing, T. Vardanega: Guide for the use of the Ada Ravenscar Profile in high integrity systems, Univ. of York Tech. Report YCS-2003-348,

Adapted from A. Burns, B. Dobbing, T. Vardanega: Guide for the use of the Ada Ravenscar Profile in high integrity systems, Univ. of York Tech. Report YCS ,
Real-Time Kernels and Operating Systems Basic Issue - Purchase commercial “off-the- shelf” system or custom build one Basic Functions –Task scheduling.

Real-Time Kernels and Operating Systems Basic Issue - Purchase commercial “off-the- shelf” system or custom build one Basic Functions –Task scheduling.
Threads, SMP, and Microkernels Chapter 4. Process Resource ownership - process is allocated a virtual address space to hold the process image Scheduling/execution-

Threads, SMP, and Microkernels Chapter 4. Process Resource ownership - process is allocated a virtual address space to hold the process image Scheduling/execution-
Chapter 4 Threads, SMP, and Microkernels Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design.

Chapter 4 Threads, SMP, and Microkernels Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design.
Computer Systems/Operating Systems - Class 8

Computer Systems/Operating Systems - Class 8
Chapter 13 Embedded Systems

Chapter 13 Embedded Systems
Chapter 13 Embedded Systems Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design Principles,

Chapter 13 Embedded Systems Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design Principles,
ECE 526 – Network Processing Systems Design Software-based Protocol Processing Chapter 7: D. E. Comer.

ECE 526 – Network Processing Systems Design Software-based Protocol Processing Chapter 7: D. E. Comer.
Chapter 5 Processes and Threads Copyright © 2008.

Chapter 5 Processes and Threads Copyright © 2008.
1 Threads CSCE 351: Operating System Kernels Witawas Srisa-an Chapter 4-5.

1 Threads CSCE 351: Operating System Kernels Witawas Srisa-an Chapter 4-5.
490dp Synchronous vs. Asynchronous Invocation Robert Grimm.

490dp Synchronous vs. Asynchronous Invocation Robert Grimm.
Architectural Support for OS March 29, 2000 Instructor: Gary Kimura Slides courtesy of Hank Levy.

Architectural Support for OS March 29, 2000 Instructor: Gary Kimura Slides courtesy of Hank Levy.
Figure 2.8 Compiler phases. 2.8.1 Compiling. Figure 2.9 Object module. 2.8.2 Linking.

Figure 2.8 Compiler phases Compiling. Figure 2.9 Object module Linking.
INTRODUCTION OS/2 was initially designed to extend the capabilities of DOS by IBM and Microsoft Corporations. To create a single industry-standard operating.

INTRODUCTION OS/2 was initially designed to extend the capabilities of DOS by IBM and Microsoft Corporations. To create a single industry-standard operating.
1 Concurrent and Distributed Systems Introduction 8 lectures on concurrency control in centralised systems - interaction of components in main memory -

1 Concurrent and Distributed Systems Introduction 8 lectures on concurrency control in centralised systems - interaction of components in main memory -
G22.3250-001 Robert Grimm New York University Extensibility: SPIN and exokernels.

G Robert Grimm New York University Extensibility: SPIN and exokernels.
Introduction to Operating Systems – Windows process and thread management In this lecture we will cover Threads and processes in Windows Thread priority.

Introduction to Operating Systems – Windows process and thread management In this lecture we will cover Threads and processes in Windows Thread priority.
Chapter 13 Embedded Systems

Chapter 13 Embedded Systems

Similar presentations

Ads by Google