MultiPARTES

advertisement
MultiPARTES
Towards Model-Driven Engineering for MixedCriticality Systems: MultiPARTES Approach
A. Alonso, C. Jouvray, S. Trujillo, M.A. de Miguel, C. Grepet, J. Simó
WICERT 2013, March 22nd
Motivation and goals
 Modern electronic systems used in industry
(avionics, automotive, etc) combine applications:
– with real-time (hard and soft) & no real-time requirements
– with different levels of security
– that can be independently qualified (certified)
 This trend can imply increased validation and
certification costs
 This extra cost can be reduced by:
– Isolate the execution of different applications
– Methodology with higher abstraction level
2
MultiPARTES goals
 MultiPARTES
– FP7, in the area of ICT
– http://www.multipartes.eu
 MultiPARTES goals:
– To develop a multicore platform virtualization layer for
critical and secure embedded systems.
– To propose a methodology to enforce the rapid
development of new applications based on partitioned
systems
– To develop methods and tools to support the application
development
3
Approach Overview
 Design an embedded system
composed by a set of applications
 Execute this embedded system in a:
– Partitioned execution environment
– Multi-core platform
 Supported by a virtualization layer
 Heterogenous system
VL
VL
Processor
Processor
– Different processors (+/- predictable, +/- powerful)
4
Hypervisor
 Hypervisor based system permits to build
partitioned systems where partition:
– Are temporal & spatial isolated
– Use the appropriated OS
for each application
– Execute mono-core OSs
in a multicore platform
5
XtratuM Hypervisor
 Open source bare-metal hypervisor
for critical real-time partitioned systems
 Uses para-virtualization techniques
– Strong temporal isolation: fixed cyclic scheduler
– Strong spatial isolation: every partition is executed in
processor user mode and does not share memory.
– Robust communication mechanisms (ARINC ports)
– Robust error management via the Health-Monitor
– Devices can be directly managed by partitions. Shared
devices can be organized in a IOServer
– Resources are allocated statically through a Configuration
file (XML)
6
Development process
www.multipartes.eu
•High level system model:Set of applications and
interconnections
•Mixed-criticallity
•High level model of hardware resources:Types of
devices and properties
Resources management models
Application constraints:
criticality, time, device usage
resource availability
Methodology to enforce the
rapid development and
production of new applications
based on partitioned systems
8
MDE Approach
 Model Driven Engineering (MDE) approach
– facilitates to bridge the gap between design issues and
partitioning concerns
– Models are the main development artifacts
– Annotation for non-functional properties
 Approach based on several metamodels
9
Toolset
Multipartes
toolchain with
UML profiles
10
Platform model
 This model defines the relevant properties of the
platform
11
HW Platform Metamodel
12
Application model
 Described using UML
 Enriched with non-functional annotations
–
–
–
–
Criticality requirements: in terms of safety levels
Time requirements: based on UML MARTE
Resource needs requirements: for guaranteeing QoS
Device usage requirements
13
Partitioning

Information to be used for partitioning







Components that must be in the same partition (App)
Level of criticality (App)
Time requirements granularity (App)
Requirements on OS (App)
Components that must be executed on a processor (Par)
Hardware platform (HW)
Defining a metamodel for the partitioning model
 Requirements on partitioning that relates the platform
and the application.

Deployment model for code and configuration
generation
3
Reference platform
 A heterogeneous platform based on
– One Atom multicore processor (general platform)
• Less critical applications
• Higher computation capabilities
• General Purpose OSs
– Two LEON3 synthesized in FPGA
• Higher predictability
• More critical applications
• Lower computation capabilities
• Real-time OSs
15
Conclusions
 Mixed-criticality systems are required for industry
and are a challenging topic
 MultiPARTES approach
– Based on an XtratuM: hypervisor that provides spatial and
time isolation
– MDE: basis to facilitate system development
– Tool framework:
• Allows to define non-functional requirements related
with partitioning
• Time and safety requirements are validated
• Generation of code and configuration files
16
 Questions?
 More information:
http://www.multipartes.eu
17
Download