Upload
gautam
View
31
Download
0
Embed Size (px)
DESCRIPTION
The Time-Triggered Architecture. Krishnakumar B [email protected] Institute for Software Integrated Systems Vanderbilt University, Nashville, TN. Outline of Talk. Overview of TTA Architecture Model Design Principles Communication Fault Tolerance Design Methodology Questions ?. - PowerPoint PPT Presentation
Citation preview
January 23rd, 2003
The Time-Triggered Architecture
Krishnakumar [email protected]
Institute for Software Integrated Systems
Vanderbilt University, Nashville, TN
2
Krishnakumar B The Time-Triggered Architecture
ISIS, Vanderbilt University
Outline of Talk• Overview of TTA• Architecture Model• Design Principles • Communication• Fault Tolerance• Design Methodology• Questions ?
3
Krishnakumar B The Time-Triggered Architecture
ISIS, Vanderbilt University
Time-Triggered Architecture• Treatment of physical time as a first-order
quantity• Provides fault-tolerant global time base• Decomposes a large application into:
– Clusters– Nodes– Combination of both
• Use global time to specify interfaces between nodes
• Communication and agreement protocols
4
Krishnakumar B The Time-Triggered Architecture
ISIS, Vanderbilt University
Model of Time• Time progresses along a dense timeline• Duration – Interval delimited by two instants• Event occurs at an instant
– E.g. Observation of state
• Time-stamping– Assign state of node-local global time to event
• How to synchronize clocks ?
5
Krishnakumar B The Time-Triggered Architecture
ISIS, Vanderbilt University
Sparse Time Base
• Continuum of time is partitioned • Infinite sequence of alternating durations of activity &
silence• Duration of the activity interval > precision of clock
synchronization• All events that occur within an interval of activity
considered simultaneous• External representation of time
6
Krishnakumar B The Time-Triggered Architecture
ISIS, Vanderbilt University
RT Entities and RT Images • TTA system
– Node, Communication Network Interface, Host– Time domain and value domain
7
Krishnakumar B The Time-Triggered Architecture
ISIS, Vanderbilt University
RT Entities and RT Images (Contd…)• Real-Time Entities
– State variables used to model dynamics of system– Change their state as time progresses– Mix of both static and dynamic attributes– E.g Flow of a liquid in a pipe, Temperature of valve
• Observation– State of RT Entity at a particular instant tobs
– Observation = <Name, Value, tobs>• Real-Time Image
– Temporally accurate picture of RT entity at instant t– Duration b/w time of observation and instant t <
dacc
• Observation valid forever, not true of validity of image
8
Krishnakumar B The Time-Triggered Architecture
ISIS, Vanderbilt University
State-Information vs Event-Information
• State attribute – Property of a RT entity at a particular instant
• State Information – (state variable, value, time of observation)– Idempotent, atleast-once semantics– Sender-side – Not consumed– Receiver-side – Update-in-place, non-consuming read
• Event– Sudden change of state of an RT Entity at an instant
• Event Information– (state variable, value difference, time of event)– Exactly-once semantics– Sender-side – Consumed on sending– Receiver-side – Queued and consumed on reading
9
Krishnakumar B The Time-Triggered Architecture
ISIS, Vanderbilt University
Structure of TTA• Node
– Self-contained unit• Communication system
– Replicated channels – Autonomous– Executes periodically– a priori TDMA schedule
• Fetch Instant– Reads state message
from CNI• Delivery instant
– Delivers it to CNI of all other nodes of cluster
– Overwriting previous version of state message
• Fetch, delivery instants in message scheduling table
10
Krishnakumar B The Time-Triggered Architecture
ISIS, Vanderbilt University
Interconnection topology• TTA-bus
– Replicated passive buses– Each node has 3
subsystems• Node, 2 guardians• Spatial proximity faults
• Fail-safe vs fail-operational• TTA-star
– Independent guardians– n+2 packages vs 3n– Reshape physical signals
& resilient to Slightly-off-specification (SOS) faults
– Additional monitoring, better EMI characteristics
11
Krishnakumar B The Time-Triggered Architecture
ISIS, Vanderbilt University
Design Principles of TTA• Consistent Distributed Computing Base• Unification of Interfaces – Temporal Firewalls• Composability• Scalability• Transparent Fault Tolerance• Openness
12
Krishnakumar B The Time-Triggered Architecture
ISIS, Vanderbilt University
Consistent Distributed Computing Base
• Distributed algorithms dependent on consistent data
• TTA exploits short error detection latency of protocol– Error-detection at protocol level– Distributed agreement (membership) algorithm
• Checking membership of all nodes to ascertain correct operation
• Detect faulty outgoing link
• Violation of fault-hypothesis– Distributed agreement protocol unable to reach
conclusion– Result: Clique avoidance algorithm is activated
13
Krishnakumar B The Time-Triggered Architecture
ISIS, Vanderbilt University
Unification of Interfaces – Temporal Firewalls
• Uni-directional data-flow interfaces– Elementary – Uni-directional control flow– Composite – Bi-directional control flow
• TTA CNI is an elementary interface• Control-error propagation prevented by design• Interface called temporal firewall
14
Krishnakumar B The Time-Triggered Architecture
ISIS, Vanderbilt University
Different Interfaces of a Node• Real-Time Service (RS) Interface
– Provides timely real-time services to node environment
– Must satisfy temporal specification under all conditions– Affects temporal composability
• Diagnostic & Maintenance (DM) Interface– Opens channel to internals of a node– Useful in configuring node parameters– Retrieve node parameters for fault diagnosis– Doesn’t affect temporal composability
• Configuration Planning (CP) Interface– Connect node to other nodes of a system– Used during integration phase to generate “glue”– Not time critical
15
Krishnakumar B The Time-Triggered Architecture
ISIS, Vanderbilt University
Composability• Independent development of nodes
– Differentiate between node and architecture design– Precise specification of all node services =>
independent design of nodes• Stability of Prior services
– Validated service of a node should be unaffected by integration of node into a system
• Constructive Integration– n nodes already integrated => addition of n+1
doesn’t affect previous n nodes• Replica determinism
– All members have same externally visibile state– Produce same output messages atmost d time units
apart
16
Krishnakumar B The Time-Triggered Architecture
ISIS, Vanderbilt University
Scalability• Complexity of system should not increase with growth of
system• In TTA, CNIs provides abstraction
– Encapsulate properties of environment – Only essential properties available to nodes
• Example - Gateway nodes
17
Krishnakumar B The Time-Triggered Architecture
ISIS, Vanderbilt University
Transparent Fault-Tolerance• Active redundancy by replication and voting• Active replication is complex
– Shouldn’t be done at application level• TTA provides dedicated Fault-Tolerance layer
– Fault-tolerant CNI (FTU-CNI)
18
Krishnakumar B The Time-Triggered Architecture
ISIS, Vanderbilt University
Openness• Standardize interfaces • TTA interfaces submitted for standardization
by OMG• Inter-operation with CORBA clients• RS, DM and CP interfaces available at the ORB
level
19
Krishnakumar B The Time-Triggered Architecture
ISIS, Vanderbilt University
Communication• Deliver information between CNIs
– Within interval delimited by fetch and delivery instants
• TTP/C Protocol– Autonomous, fault-tolerant, TDMA based transport– Fault-tolerant clock synchronization– Membership service
• Inform every node about “health” of every other node• Doubles as multicast acknowledgment • Used in implementing fault-tolerant clock
synchronization
– Clique avoidance to detect and eliminate the formation of cliques when fault-hypothesis is violated
20
Krishnakumar B The Time-Triggered Architecture
ISIS, Vanderbilt University
Communication (contd…)• TTP/A protocol
– Time-triggered field-bus protocol of TTA– Connects low-cost smart transducers to a node of TTA– Two types of rounds – Master/Slave (MS) & Multi-
partner (MP)• MS – Read/write records from IFS to implement DM and CP• MP – Periodic, implements the RS service
21
Krishnakumar B The Time-Triggered Architecture
ISIS, Vanderbilt University
Event Message Channels & Performance
• Event message channels – Created by allocating portion of TT communication– Push-pull model for events– Filter service & Garbage collection service
• Performance of TTA– Time distribution needs inter-frame gap of 5 μs– 80% bandwidth utilization => 20 μs for send-phase– 40,000 messages / second– 10 clients => 250 μs sampling period => 4kHz loop– Amount of data
• 5 Mbps => 12 bytes / 20 μs• 1 Gbps => 2400 bytes / 20 μs
22
Krishnakumar B The Time-Triggered Architecture
ISIS, Vanderbilt University
Fault Tolerance• Fault Hypothesis
– States types and number of faults that the system should tolerate
• TTA-star cluster– Can tolerate an arbitrary failure of a single node– Single faulty unit detected by membership protocol – Isolated within two rounds (for single fault)
• Fault-tolerant Units – Triple Modular redundancy
23
Krishnakumar B The Time-Triggered Architecture
ISIS, Vanderbilt University
Fault Tolerance (contd…)• Till now assumed that environment complies with fault-hypothesis• If environment violates fault hypothesis
– TTA activates never-give-up strategy– Initiated by TTP/C protocol in combination with application– Only when necessary resources are unavailable to provide minimum
required service• Redundant transducers
– Requires two independent TTP/A field buses
24
Krishnakumar B The Time-Triggered Architecture
ISIS, Vanderbilt University
Design Methodology• Architecture Design
– Decompose into clusters and nodes– Can use top-down or bottom-up– Specify CNIs of nodes in both the temporal &
value domains• Node design
– Delivery and fetch instants• Used as pre-condition and post-condition by
applications
• Validation– Formal methods for consistent distributed
computing base algorithms– Reproducable, observed without probe effect,
DM interface
25
Krishnakumar B The Time-Triggered Architecture
ISIS, Vanderbilt University
Concluding Remarks• Autonomous clusters and nodes• Global time used to specify interfaces among
nodes• Two-phased design
– Architecture and Component (Node) design
• Take advantage of global time• Currently occupies a niche position
– Time considered a nuisance in mainstream computing
• Real-Time is an integral part of real-world– Cannot be abstracted away
26
Krishnakumar B The Time-Triggered Architecture
ISIS, Vanderbilt University
Questions ?