Modeling and Analysis of NGC System using Ptolemy II

(1)

Available Online at

www.ijecse.org

ISSN: 2277-1956

Modeling and Analysis of NGC System using Ptolemy

II

Archana Sreekumar

1

_{, Ranjith R}

2

_,

_{Radhamani Pillay V}

3

_,

_{Santanu Dasgupta}

4

1 2 _{Amrita Vishwa Vidyapeetham, India} 3_{AMMACHI Labs, Amrita Vishwa Vidyapeetham, India}

4_{Mohandas College of Engineering, India}

Abstract- Model based system design has been used in real time embedded systems for validating and testing during the development lifecycle. Computation models - synchronous dataflow model (SDF) and Discrete Event (DE) have been used and finite state machine has been integrated with SDF and Discrete Event (DE) modeling domains for simulating the functionalities in the system. Here a case study of resource augmented Navigation, Guidance and Control unit of onboard computers in satellite launch vehicle has been selected as a frame work and fault tolerant algorithm has been modeled and simulated with Ptolemy II. Feasibility of the scheduling of the fault tolerant algorithm has been analyzed and dependencies existing between different components and processes in the system have been investigated. The future work consists of modeling original functionality of NGC units inside each state of FSM and can be validated for the correct performance. Non-deterministic communication and clock drifts can be accounted into the model.

Keywords – Safety critical System, Dependability, Model based system design, Cyber-Physical systems

I.INTRODUCTION

Real time systems need to be dependable and well validated before the physical implementation. Missing of deadlines in a hard critical real time system may cause catastrophic consequences which may be loss of human life or prohibitive cost. Examples of such system include satellite launch vehicle, patient monitoring machine, air bag controller, process controllers, etc. Dependability need to be assured in such systems, which causes the system to continue operation in spite of any faults occurrences in the system. Fault tolerance techniques form common methods to ensure dependable performance in hard real time systems.

Cyber physical systems include modeling of physical and computational processes with equal importance of both [1]. Cyber physical systems have higher system complexity and times spend for developing such systems has been much higher. The developed system has to ensure predictability and resolve all the possible issues. Model based system design has been use for validation and also code generation in embedded systems. This method helps in improving design, validation, coding and testing in different levels of abstraction. Ptolemy II is a model based system design tool developed by Berkeley University and can be used for developing models using different model of computations (MoCs) at different hierarchical levels.

In this paper a case study of Navigation, Guidance and Control (NGC) unit has been selected and the validation and analysis of system architecture as well as resilient fault tolerance algorithm implemented in the system has been performed. The traditional dual redundant hot standby NGC system in satellite launch vehicle has been resource augmented for achieving better performance and resilient fault tolerance. The interaction between different components and processes in the system and scheduling of different tasks in the system has been analyzed using Ptolemy.

(2)

II.BACK GROUND STUDY

High levels of system design faces problem when it comes to integration, typical problem have been hardware-software co-design, interfaces [2]. In real time systems exact timing and throughput estimations have been important and a model of real time systems should satisfy requirements like simplicity, concurrency, synchronization, ease of analysis, versatility, etc. Model based system design has been a powerful design technique in cyber-physical systems [3]. A cyber-physical system represents the coupling of physical environment, embedded computation and physical processes [3]. Present day, component based design has been used an important approach in coping with the complexity of modern day embedded systems [4]. By dividing the complex system into different interacting components, the design problem has been converted to the design of individual components and their interactions [4].

Ptolemy II has been a component based modeling and simulating environment. It can be used for modeling and simulating distributed hybrid systems, where such a system has been specified as hierarchy of models [5]. Hierarchical component based modeling known as models of computation have been used in Ptolemy. It supports various models of computation like Synchronous Data Flow model (SDF), Kahn Process Network, Discrete Event modeling (DE), Continuous Time models (CT), Modal Models [6]. The basic components of these models have been known as ‘actors’ and they have interface ports for communication. Integration of these actors produces a ‘composite actor’, these actors also include communication ports which medicate communication within the inside actors and outside actors. The interactions between these actors have been defined and implemented using ‘directors’, which in short gives the communication mechanism and execution order of these actors in the model. The messages have been encapsulated in tokens and ports which send out these tokens have been called output ports while those receives the tokens have been called input ports. The type of ports restricts the type of token each port can receive and pass through.

NGC system of onboard computers has a hot standby dual redundant architecture [7]. The system makes use of this redundancy to overcome the permanent hardware faults in the system. Hardware redundancies have been commonly used fault tolerance methods to overcome hardware faults [8]. Dual redundancy, triple modular redundancies are commonly used hardware redundancy mechanisms, hot standby architectures causes no outage times on fault occurrences. The synchronization cost and low weight and volume constraints dictate for the use of dual redundancy than triple modular redundancy.

III.SYSTEM MODEL

Navigation, Guidance and Control units in onboard computers in satellite launch vehicles have been hot standby dual redundant [8]. The system consists of two chains of processors. Navigation, Guidance and Control units in primary chain have been represented as N1, G1 and N2 while the secondary or redundant chain components have been represented as N2, G2, and C2. Navigation and Guidance tasks are executed in every major cycle of 500ms while control tasks are executed in every minor cycle of 20ms.

(3)

exits under utilization of resources during fault free execution. Weight critical system like avionics system need to improve the performance keeping in mind constraints like power, weight, cost, etc. Resource augmentation in such a dual redundant system helps in achieving better performance and fault tolerance. The critical tasks in a functional system like Navigation, Guidance or control have been duplicated in both the primary and redundant units, while non-critical tasks have been shared among these units. The extra computational resources available in augmented system have been utilized for scheduling optional tasks which improves the performance of the system [9] and for enhanced fault tolerance. Optional tasks can be system dependent or system independent; system independent optional tasks can be discarded without causing any performance degradation. In this system dependent optional task are allotted to primary unit while system independent optional tasks are allotted to redundant units.

A. Modes of Operation –

The system operates in three different modes, mode 1, mode 2 and mode 3 [10]. System starts operating in mode 3 which is the default mode of operation, where optional tasks in primary units are scheduled and optional tasks in secondary units are discarded. The secondary units schedules more number of non-critical tasks compared to primary units in mode 3. Occurrence of permanent hardware fault in the primary unit causes the system to switch to a different mode of operation, mode 1 or mode 2 operations. Critical tasks, non-critical tasks and optional task in primary units are indicates as C, N1 and O1, while in the secondary unit tasks are indicated as C, N2 and O2. In mode 1 operation, healthy unit schedules critical tasks and all other non-critical tasks. Mode 2 operations causes the healthy unit to schedule critical tasks, critical tasks and optional tasks allotted for itself, it discards the non-critical task allotted for the failed unit.

B. Fault Tolerance–

The extra slack margin available due to augmentation can be effectively utilized for implementing fault tolerance mechanisms to tolerate permanent hardware and software faults, transient hardware and software faults. Hot standby dual redundancy helps to tolerate permanent hardware faults. Periodic health check has been conducted in every functional unit during every minor cycle; this health signal helps the redundant and succeeding units to get alerted with the health status of any other node. As the final output is taken from the control unit no augmentation has been considered for this unit. The output has been taken from primary chain control unit (C1) during fault free condition while a fault in C1 causes the internal electronics to switch to secondary chain control unit(C2) for obtaining outputs.

IV.PTOLEMY II- MODELING

(4)

Figure 2. Traditional dual redundant NGC system

(5)

Figure 4. Switching Circuit

The guidance and control unit modal models have extra input ports for receiving synchronization signals from the preceding units [Figure 5]. Generic ‘display’ actor displays the outputs produced during each state, here the state name and synchronization signals have been produced as outputs.

Figure 5. FSM model - traditional dual redundant Guidance unit

(6)

Figure 6. Model for resource augmented navigation and traditional dual redundant navigation unit

(7)

been accurately obtained through the simulation. The output generated as a result of simulation of traditional dual redundant system is given Figure 9.

Simulation of model consisting of augmented navigation unit and traditional dual redundant navigation unit helps in effective comparison of the scheduling between the both. Time instants and tasks executed during each instant of time have been displayed in the window. Figure 9 gives the simulation results of the model consisting of augmented navigation unit and traditional dual redundant navigation unit.

Figure 8. Simulation results of traditional NGC system

Figure 9. Simulation results of Augmented and traditional Navigation unit

V.CONCLUSION

Embedded system are usually complicated, to reduce the sophistication and to increase the level of abstraction model based system design approaches has been selected. Feasibility of the fault tolerance algorithm in the case study of augmented NGC system has been analyzed using model based system design. The sequential flow of functionality has been implemented using FSM and time synchronization, time latencies, co-simulation of different components has been addressed. In this model we have not accounted any non-deterministic communication or transition and clock drifts, the model can be further enhanced by considering these aspects. The tasks performed during each task execution in the NGC system can be modeled using Ptolemy II and can be validated.

(8)

REFERENCE

[1] Kanduri, Anil, Amir-Mohammad Rahmani, Pasi Liljeberg, Kaiyu Wan, Ka Lok Man, and Juha Plosila. "A multicore approach to model-based analysis and design of Cyber-Physical Systems." In SoC Design Conference (ISOCC), 2013 International, pp. 278-281. IEEE, 2013.

[2] Teich, Juergen, Lothar Thiele, and Edward A. Lee. "Modeling and simulation of heterogeneous real-time systems based on a deterministic discrete event model." In System Synthesis, 1995., Proceedings of the Eighth International Symposium on, pp. 156-161. IEEE, 1995.

[3] Jensen, Jeff C., Danica H. Chang, and Edward Lee. "A model-based design methodology for cyber-physical systems." In Wireless Communications and Mobile Computing Conference (IWCMC), 2011 7th International, pp. 1666-1671. IEEE, 2011.

[4] Xiong, Yuhong, Edward Lee, Xiaojun Liu, Yang Zhao, and Lizhi C. Zhong. "The design and application of structured types in Ptolemy II." In Granular Computing, 2005 IEEE International Conference on, vol. 2, pp. 683-688. IEEE, 2005.

[5] Liu, Jie, Xiaojun Liu, and Edward Lee. "Modeling distributed hybrid systems in Ptolemy II." InAmerican Control Conference, 2001. Proceedings of the 2001, vol. 6, pp. 4984-4985. IEEE, 2001.

[6] Brooks, Christopher, Edward Lee, and Stavros Tripakis. "Exploring models of computation with Ptolemy II.", IEEE/ACM/IFIP International Conference on InHardware/Software Codesign and System Synthesis (CODES+ ISSS) 2010, pp. 331-332. IEEE, 2010.

[7] Basu et al, ‘A fault tolerant computer system for Indian satellite launch vehicle programme’, Sadhana, vol.11, pp.221-231,oct 1987.

[8] Hitt E F and Mulcare D, “The Fault tolerant Avionics”, in Digital Avionics Handbook, 2nd_{Edition, edited by Cary R} Spitzer,(CRC press LLC, 2007), chapter 28.

[9] Robert Ian Davis, ‘On exploiting spare capacity in hard real time systems’, University of York, July 1995.