Transparent Environment for Replicated Ravenscar Applications

Luís Miguel Pinho

Francisco Vasques

Ada-Europe 2002

Vienna, Austria

18-20 June 2002

Transparent Environment for Replicated Ravenscar Applications, Luís Miguel Pinho, Francisco Vasques, Ada Europe 2002 2

Summary

• Motivation

• System Model

• Replication Management Framework

• Repository of task interaction objects

• Example

• Conclusions

Transparent Environment for Replicated Ravenscar Applications, Luís Miguel Pinho, Francisco Vasques, Ada Europe 2002 3

Motivation

• Computer Control Systems– Are present in a wide range of application domains – Are expected to perform correctly (value and time) even in

the presence of faults• Need to guarantee real-time and fault tolerance properties of

applications

– Distributed systems

Application A

Application B

BroadcastNetwork

Sensors/Actuators

Computer SystemNode Application A

Application A Replica

Application B

Application B Replica

Replication as a means to achieve fault tolerance

Transparent Environment for Replicated Ravenscar Applications, Luís Miguel Pinho, Francisco Vasques, Ada Europe 2002 4

Motivation

• New Challenges– Commercial Off-The-Shelf Components (COTS)

• Minimise cost and time to market

• Lack of real-time and fault tolerance properties

• Requires software-based fault tolerance techniques

– Pre-emptive priority driven model• Higher flexibility

• Non-deterministic

– Increasing complexity• Manage real-time and fault tolerance requirements ...

• … together with the controlled system requirements

– A transparent and generic solution is required

Transparent Environment for Replicated Ravenscar Applications, Luís Miguel Pinho, Francisco Vasques, Ada Europe 2002 5

System Model

• Distributed fault-tolerant hard real-time applications– Application environment

• Multitasking environment

• Guaranteed execution resources

• Replicated applications

– Tolerate COTS components faults

– Provides the sameenvironment in all nodes

Hard Real-Time Application

Hard Real-Time Application

Hard Real-Time Application

Real-Time Network

Transparent Environment for Replicated Ravenscar Applications, Luís Miguel Pinho, Francisco Vasques, Ada Europe 2002 6

System Model• Defines a replication model

– Tasks are joined in components• The component as the replication unit

• A component may be spread over several nodes, and several components can share a node

• De-coupling replication and distribution roles

1 2 3 4

C1

C1’

C2’C2

1

1’

2’

2

3

44’

3’

Transparent Environment for Replicated Ravenscar Applications, Luís Miguel Pinho, Francisco Vasques, Ada Europe 2002 7

• Application development approach– From the application programmer perspective, simple

objects are available to share data and to release tasks• Applications are developed without considering replication and

distribution

– Application configuration is performed by object replacement

• Framework structure

Replication Management Framework

ObjectRepository

GenericObjects

Replica Manager

Application

I nstantiatedObjects

Application-levelMechanisms

Communication Manager

Transparent Environment for Replicated Ravenscar Applications, Luís Miguel Pinho, Francisco Vasques, Ada Europe 2002 8

Replication Management Framework

• Object Repository– Mapping common task interaction in real-time systems

• Shared Data Objects for mutual exclusion– Use of timed messages for replica determinism

• Release Event Objects for sporadic task release– With/without data

– Asynchronous task communication– Tasks can not block accessing remote data

• Remote objects are locally replicated • All writes are atomically disseminated

Transparent Environment for Replicated Ravenscar Applications, Luís Miguel Pinho, Francisco Vasques, Ada Europe 2002 9

Replication Management Framework

• Transparency– Full transparency

• Inefficient

• Difficult to know off-line the characteristics of the application

– Solution• The objects provide a transparent interface, by which

application tasks are not aware of replication and distribution issues

• In a later configuration phase, distributed/replicated resources replace those simple resources

• Full characteristics of the application are known off-line

Transparent Environment for Replicated Ravenscar Applications, Luís Miguel Pinho, Francisco Vasques, Ada Europe 2002 10

Object Repository

• Use of Generic Packages– Reuse of implementation mechanisms– Object parameterisation (configuration) at compile-time– Same Interfaces (except for instantiation)– Encapsulation

• Private implementation based in Protected Types– Mutual exclusion– Sporadic Tasks control

Transparent Environment for Replicated Ravenscar Applications, Luís Miguel Pinho, Francisco Vasques, Ada Europe 2002 11

generic ---

package Object_Repository.Release_Event is

type Release_Obj is private;

function Request_Release_Obj return Release_Obj;

procedure Wait (Obj: Release_Obj); -- potentially -- blocking

procedure Release (Obj: Release_Obj);

private -- private interface

end Object_Repository.Release_Event;

Object Repository

• Interfaces

Transparent Environment for Replicated Ravenscar Applications, Luís Miguel Pinho, Francisco Vasques, Ada Europe 2002 12

Object Repository

• Interfaces

generic ---

package Object_Repository.Inter_Group.Release_Event is

type Release_Obj is private;

function Request_Release_Obj return Release_Obj;

procedure Wait (Obj: Release_Obj); -- potentially -- blocking

procedure Release (Obj: Release_Obj);

private -- private interface

end Object_Repository.Inter_Group.Release_Event;

Transparent Environment for Replicated Ravenscar Applications, Luís Miguel Pinho, Francisco Vasques, Ada Europe 2002 13

generic -- ... package Object_Repository.Inter_Group.Release_Event is

type Release_Obj is private; -- ... private protected type Release_Receive_Type (

Prio: System.Priority; Id: FT.Obj_Id_Type) is pragma Priority(Prio); entry Wait; procedure Release; function Get_Id return FT.Obj_Id_Type; private Obj_Id: FT.Obj_Id_Type := Id; Released: Boolean := False; end Release_Receive_Type;

type Release_Obj is access all Release_Receive_Type;

end Object_Repository.Inter_Group.Release_Event;

Object Repository

• Implementation

Transparent Environment for Replicated Ravenscar Applications, Luís Miguel Pinho, Francisco Vasques, Ada Europe 2002 14

Application Example

• Simple Application

Release Eventwith Data Controller

ReleaseEvent

Wait

Release

SensorSharedData

WaitReleaseActuator

Write Read

Alarm

Transparent Environment for Replicated Ravenscar Applications, Luís Miguel Pinho, Francisco Vasques, Ada Europe 2002 15

Application Example

• Application Code: Objects

1: package Device_Event is new Object_Repository.Release_Event_With_Data(Device_Data);

2: Device_Event_Obj: Device_Event.Release_Event_With_Data_Obj;

3: package Control_Shared_Data is newObject_Repository.Shared_Data(Control_Data);

4: Control_Data_Obj: Control_Shared_Data.Shared_Data_Obj;

5: package Alarm_Event is new Object_Repository.Release_Event;

6: Alarm_Obj: Alarm_Event.Release_Event_Obj;

Transparent Environment for Replicated Ravenscar Applications, Luís Miguel Pinho, Francisco Vasques, Ada Europe 2002 16

26: task body Actuator is27: Start: Ada.Real_Time.Time := ...;28: Period: Ada.Real_Time.Time_Span := ...;29: Ctrl_Data: Control_Data;30: begin31: loop32: Replica_Manager.Request_Periodic(Start);

33: Ctrl_Data := Control_Data_Obj.Read;

34: Actuate(Ctrl_Data);

35: Start := Start + Period;36: end loop;37: end Actuator;

Application Example

• Application Code: Tasks

Transparent Environment for Replicated Ravenscar Applications, Luís Miguel Pinho, Francisco Vasques, Ada Europe 2002 17

Application Example

• Application Configuration

Release Eventwith Data

WaitReleaseEvent

WaitRelease

Sensor

(1)

Release

I ntra-ComponentCommunication

I nter-GroupCommunication

ComponentC2

ComponentC1

Controller

(2)Alarm

(4)

SharedData

Actuator

(3)

Write

ComponentC3

Read

Transparent Environment for Replicated Ravenscar Applications, Luís Miguel Pinho, Francisco Vasques, Ada Europe 2002 18

Application Example

• Application Configuration

C1C2’

C1’

1 2’

21’4

C2

4’

Node 1 Node 2 Node 3

C3

3

C3’

3’

Transparent Environment for Replicated Ravenscar Applications, Luís Miguel Pinho, Francisco Vasques, Ada Europe 2002 19

Application Example

• Application Code: Node 1

1: package Device_Event is new Object_Repository.Inter_Group.Release_Event_With_Data( Device_Data);2: Device_Event_Obj: Device_Event.Release_Event_With_Data_Obj;

3: package Control_Shared_Data is newObject_Repository.Inter_Group.Shared_Data(Control_Data);

4: Control_Data_Obj: Control_Shared_Data.Shared_Data_Obj;

5: package Alarm_Event is newObject_Repository.Intra_Comp.Deterministic_Release_Event;

6: Alarm_Obj: Alarm_Event.Release_Event_Obj;

7: task Sensor; -- no changes20: task Controller; -- no changes

-- no Task Actuator47: task Alarm; -- no changes

Transparent Environment for Replicated Ravenscar Applications, Luís Miguel Pinho, Francisco Vasques, Ada Europe 2002 20

1: package body Example_Application_Tasks is

2: package DDP renames Device_Data_Package;

3: package Device_Event_Data_P is new Object_Repository.Release_Event_With_Data ( Id => DDP.Device_Obj_Id, Prio => DDP.Device_Obj_Prio, Data_Type => DDP.Device_Data );

4: Device_Event_Obj: Device_Event_Data_P.Data_Release_Obj := Device_Event_Data_P.Request_Data_Release_Obj;

-- Other Objects and Application Tasks

5: end Example_Application_Tasks;

Application Example

• Object Instantiation: before Configuration

Transparent Environment for Replicated Ravenscar Applications, Luís Miguel Pinho, Francisco Vasques, Ada Europe 2002 21

Application Example

• Object Instantiation: after Configuration

1: package body Example_Application_Tasks is

2: package DDP renames Device_Data_Package;

3: package Device_Event_Data_P is new Object_Repository.Inter_Group.Release_Event_With_Data(

Id => DDP.Device_Obj_Id,Prio => DDP.Device_Obj_Prio,N_Replicas => DDP.Device_Data_Replicas,Data_Type => DDP.Device_Data,Data_Array_Type => DDP.Device_Data_Array,Decide => DDP.Device_Data_Decide);

4: Device_Event_Obj: Device_Event_Data_P.Data_Release_Obj := Device_Event_Data_P.Request_Data_Release_Obj;

-- Other Objects and Application Tasks

5: end Example_Application_Tasks;

Transparent Environment for Replicated Ravenscar Applications, Luís Miguel Pinho, Francisco Vasques, Ada Europe 2002 22

Conclusions

• A suitable framework for the development of fault-tolerant hard real-time applications– Targeting

• Pre-emptive fixed priority applications• COTS-based systems

• Transparency and genericity in application development– Distribution and replication only considered in a later

configuration phase – Using the semi-transparent approach predictability is

achieved

Transparent Environment for Replicated Ravenscar Applications, Luís Miguel Pinho, Francisco Vasques, Ada Europe 2002 23

The End

Thank You