Presentation is loading. Please wait.

Presentation is loading. Please wait.

Introduction Designing cost-sensitive real-time control systems for safety-critical applications requires a careful analysis of the cost/fault-coverage.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Introduction Designing cost-sensitive real-time control systems for safety-critical applications requires a careful analysis of the cost/fault-coverage."— Presentation transcript:

1 Introduction Designing cost-sensitive real-time control systems for safety-critical applications requires a careful analysis of the cost/fault-coverage trade-offs. This further complicates the tasks of deploying the corresponding embedded SW on the execution platform, typically distributed around the plant. We propose a synthesis-based design methodology that relieves designers from specifying how to tolerate execution platform faults and involves them in the definition of the overall fault-tolerance strategy: how to address plant faults (adaptive control algorithms), selection of a cost-effective execution platform. Verification tools analyze the solution to extract timing and to check the fault behavior (replica determinism, coverage, etc.). Finally a run-time library is being developed for the deployment of the resulting distributed system. Fault Tolerant Design of Distributed Automotive Systems Claudio Pinello (pinello@eecs.berkeley.edu), Prof. Sangiovanni-Vincentelli, UC Berkeleypinello@eecs.berkeley.edu Motivation Drive-by-Wire applications Architecture faults (channels, ECUs) –hardware redundancy –software replication –redundancy management Plant Faults (plant, sensors, actuators) –estimation and control algorithms Application faults: bugs –can be reduced by disciplined coding –code generation from formal models –simulation –formal verification Fine CTRL Coarse CTRL Sens Act Input Arbiter Best Output Sens Act Design space exploration Verification provides timing + coverage If not satisfactory? –change architecture more/fewer components, vary the mix of performance –change algorithms introduce pipelining, reduce/increase granularity –change fault behavior degrade sooner/later –provide hints to the synthesis tool replicate some actors, mapping constraints, precedence constraints Specification Synthesis System Faults Design flow Actors: have criticality, inputs may have fan- in from redundant sources (replicas) Execution is synchronous and periodic: at each period all tasks are executed (data driven or time triggered), satisfying precedence constraints Inputs and Arbiters have partial firing rules Programming model: Fault-tolerant Dataflow Metropolis library to model FTDF netlists Support for simulation, fault injection and visualization Early assessment of closed loop behavior in degraded modes Proposed design flow enables –greater separation of concerns application, architecture, fault behavior –formal specification and verification of fault tolerant systems –design space exploration C. Pinello, L. P. Carloni, and A. L. Sangiovanni-Vincentelli "Fault-Tolerant Deployment of Embedded Software for Cost-Sensitive Real-Time Feedback-Control Applications," Proc. Conf. Design, Automation and Test in Europe (DATE), February 2004 Conclusions Connectivity: –bipartite graph Arch ECUs (Electronic Control Units) channels Actuator/Sensor location ECU2ECU1ECU0 Sens Act Sens Act Performance: –matrix of actor/ECU execution times –matrix of data/channel transmission times Timing analysis: dynamic (shown) and time-triggered execution Architecture Fault Behavior Failure patterns P i  Arch –subsets of Arch graph that may fail simultaneously (in a same iteration) For each P i specify which functionalities must be guaranteed –typically functionality chosen based on criticality Sample fault behavior: –{}: all actors –{ECU0} or {ECU1} or {ECU2}: only critical actors Parse.exeSynDEx Merge.exe Input ArbiterBest Output FineCTRL CoarseCTRLSens Act Input ArbiterBest Output ECU0 ECU1 ECU2 CH0 CH1 CoarseCTRL Schedule.exe Fine CTRL Coarse CTRL Sens Act Input Arbiter Best Output Sens Act FaultBehavior ECU0 ECU1 ECU2 CH0 CH1 Sens Input Coarse CTRL Coarse CTRL Fine CTRL Arbiter Best Arbiter Best Output Act Timing Verification Mapping ECU2ECU1ECU0 Sens Act Sens Act Case Studies: BMW, GM Vehicle Level Data-Flow Architecture Supervisory Control Brake by wire Power Unit Coordinator Steer By Wire Forces applied on Vehicle Torque req/ack Directional and Stability Signals Driver Interface Vehicle Dynamics Sensor Input Actuator Output Steering Position Vehicle Speed Torque req/ack

Download ppt "Introduction Designing cost-sensitive real-time control systems for safety-critical applications requires a careful analysis of the cost/fault-coverage."

Similar presentations

Embedded System, A Brief Introduction

Embedded System, A Brief Introduction
System-level Architectur Modeling for Power Aware Computing Dexin Li.

System-level Architectur Modeling for Power Aware Computing Dexin Li.
SAFe Automotive aRchItecture SAFARI. SAFARI_Presentation_Short_v1.ppt 2 / /P. Cuenot/ 2009.09.03 © Continental AG ARTEMIS/Call2 R&D Project Proposal Project.

SAFe Automotive aRchItecture SAFARI. SAFARI_Presentation_Short_v1.ppt 2 / /P. Cuenot/ © Continental AG ARTEMIS/Call2 R&D Project Proposal Project.
A Hierarchical Co-ordination Language for Interacting Real-time Tasks Arkadeb Ghosal, UC Berkeley Thomas A. Henzinger, EPFL Daniel Iercan, Politehnica

A Hierarchical Co-ordination Language for Interacting Real-time Tasks Arkadeb Ghosal, UC Berkeley Thomas A. Henzinger, EPFL Daniel Iercan, "Politehnica"
Software Modeling SWE5441 Lecture 3 Eng. Mohammed Timraz

Software Modeling SWE5441 Lecture 3 Eng. Mohammed Timraz
Verification/Simulati on –GUI for simulation and formal verification –Simulator: Exploration of dynamic behavior Checking.

Verification/Simulati on –GUI for simulation and formal verification –Simulator: Exploration of dynamic behavior Checking.
MotoHawk Training Model-Based Design of Embedded Systems.

MotoHawk Training Model-Based Design of Embedded Systems.
Fault Detection in a HW/SW CoDesign Environment Prepared by A. Gaye Soykök.

Fault Detection in a HW/SW CoDesign Environment Prepared by A. Gaye Soykök.
An Automata-based Approach to Testing Properties in Event Traces H. Hallal, S. Boroday, A. Ulrich, A. Petrenko Sophia Antipolis, France, May 2003.

An Automata-based Approach to Testing Properties in Event Traces H. Hallal, S. Boroday, A. Ulrich, A. Petrenko Sophia Antipolis, France, May 2003.
Abhijit Davare 1, Qi Zhu 1, Marco Di Natale 2, Claudio Pinello 3, Sri Kanajan 2, Alberto Sangiovanni-Vincentelli 1 1 University of California, Berkeley.

Abhijit Davare 1, Qi Zhu 1, Marco Di Natale 2, Claudio Pinello 3, Sri Kanajan 2, Alberto Sangiovanni-Vincentelli 1 1 University of California, Berkeley.
Page 1 Building Reliable Component-based Systems Chapter 16 - Component based embedded systems Chapter 16 Component based embedded systems.

Page 1 Building Reliable Component-based Systems Chapter 16 - Component based embedded systems Chapter 16 Component based embedded systems.
1 DRAFTS DRAFTS Distributed Real-time Applications Fault Tolerant Scheduling Claudio Pinello

1 DRAFTS DRAFTS Distributed Real-time Applications Fault Tolerant Scheduling Claudio Pinello
Integrated Design and Analysis Tools for Software-Based Control Systems Shankar Sastry (PI) Tom Henzinger Edward Lee University of California, Berkeley.

Integrated Design and Analysis Tools for Software-Based Control Systems Shankar Sastry (PI) Tom Henzinger Edward Lee University of California, Berkeley.
Methodologies for Wireless Sensor Networks Design Alvise Bonivento Alessandro Pinto Prof. Sangiovanni-Vincentelli U.C. Berkeley.

Methodologies for Wireless Sensor Networks Design Alvise Bonivento Alessandro Pinto Prof. Sangiovanni-Vincentelli U.C. Berkeley.
CS599 Software Engineering for Embedded Systems1 Software Engineering for Real-Time: A Roadmap Presentation by: Mandar Samant Raghbir Singh Banwait.

CS599 Software Engineering for Embedded Systems1 Software Engineering for Real-Time: A Roadmap Presentation by: Mandar Samant Raghbir Singh Banwait.
Causality Interface  Declares the dependency that output events have on input events.  D is an ordered set associated with the min ( ) and plus ( ) operators.

Causality Interface  Declares the dependency that output events have on input events.  D is an ordered set associated with the min ( ) and plus ( ) operators.
Presenter : Shih-Tung Huang Tsung-Cheng Lin Kuan-Fu Kuo 2015/6/15 EICE team Model-Level Debugging of Embedded Real-Time Systems Wolfgang Haberl, Markus.

Presenter : Shih-Tung Huang Tsung-Cheng Lin Kuan-Fu Kuo 2015/6/15 EICE team Model-Level Debugging of Embedded Real-Time Systems Wolfgang Haberl, Markus.
Scheduling with Optimized Communication for Time-Triggered Embedded Systems Slide 1 Scheduling with Optimized Communication for Time-Triggered Embedded.

Scheduling with Optimized Communication for Time-Triggered Embedded Systems Slide 1 Scheduling with Optimized Communication for Time-Triggered Embedded.
Design of Fault Tolerant Data Flow in Ptolemy II Mark McKelvin EE290 N, Fall 2004 Final Project.

Design of Fault Tolerant Data Flow in Ptolemy II Mark McKelvin EE290 N, Fall 2004 Final Project.
Modeling State-Dependent Objects Using Colored Petri Nets

Modeling State-Dependent Objects Using Colored Petri Nets

Similar presentations

Ads by Google