

## Avionics Compositional System of Systems Simulation and Modeling Tool Chain ASSIST

October 28, 2019

**Tool Expo for Model Based Embedded Systems Development** 

Contact Information:

Phillip Suematsu, Dhruv Monga, Howard Warner, Juan Gutierrez

Physical Optics Corporation 1845 W. 205th Street, Torrance, CA 90501 Phone: 310-320-3088 Email: {psuematsu, dmonga, hwarner, jgutierrez}@poc.com

This work is performed under contract #: W911W6-18-C-0047, W911W6-18-C-0012 W911W6-19-C-0015, W911W6-19-C-0038

DISTRIBUTION A. Approved for public release: distribution unlimited.



## **PHYSICAL OPTICS CORPORATION BACKGROUND**

- Founded in 1985
- Small Business, Employee Owned
- Financially Strong & Profitable every year
- 270 employees 30 Ph.D.s, 112 Engineers
- Revenue Over \$115M (2019)
- 117,344 sq. ft. facilities, 4 buildings
- 2020 Expansion Additional 53,700 sq.ft., 2 buildings
- Over 160 issued patents 60 technologies
- Strategic Advisory Board







# **POC AREAS OF FOCUS**

YSICAL OPTICS CORPORATION



# **PROBLEM STATEMENT AND SOLUTION APPROACH**

- Use of Multicore Processors in Avionics
  - Difficult due to inability to verify performance during requirements, design and implementation stages
  - Analysis of hard real-time and soft real-time requirements needed

#### Solution Approach

- Rigorous specification of requirements and design using Architecture Analysis & Design Language (AADL)
- Input data
  - System design and specification in terms of AADL components
  - Avionics system configuration using AADL specifications
- Output
  - Model parameters from AADL specifications
  - Data analysis results
    - Positive match between specifications and designed system
    - Specification violations/contradictions in designed system and deficiencies
- Use of simulation and virtual integration to verify requirements and design



# Avionics Compositional System of Systems Simulation and Modeling Tool Chain (ASSIST)



## **GOAL: ANALYZE DEPENDENCIES AMONG COMPONENTS**





## **ASSIST FEATURES**



Technology that makes a difference.®

DISTRIBUTION A. Approved for public release: distribution unlimited.

# AADL COMPONENT MODELING FUNCTIONALITY

#### AADL Software Components

- Thread, Process: models subprogram execution
- Data: models data access latency
- Subprogram: statistical model of code execution and data access times

#### AADL Hardware Components

- Processor
  - Scheduler: models thread preemption using priority queue
  - *Memory: models context switching and latencies caused by cache misses*
  - Device: models sensor and communication components
  - Bus: data exchange mechanism between components

#### AADL Properties

- Timing (Compute execution time, deadline), memory access
- Component Connections
  - Control, data flows
  - Connection features
    - In/Out/both, direction, ports, (a)synchronous



# SUPPORTED AADL FEATURES

- Package specification
  - Annex libraries not processed
- Import declaration
- Component Types
  - Software Category: Subprogram, Thread, Process
  - Execution Category: Memory, Processor, Bus, Device
  - Composite Category: System
  - Features
  - Flows
  - Properties
  - Extends
- Component Implementations
  - Subcomponents
  - Calls
  - Connections
  - Flows
  - Properties

- Subcomponents
  - Array dimensions
  - Refined to
    - Port support only
- Features
  - Direction: in, out, in out
  - Ports: event, data, event data
  - Requires
  - Provides
- Subprograms
  - Call sequence
  - Execution time
- Bus access connections
- Flow specifications
  - Types: source, sink, path
- End-to-End Flow specifications
- Property Sets
- Property Types
  - Basic data types, Reference, Record



# SOLUTION

- Avionics Compositional System of Systems Simulation and Modeling Tool Chain (ASSIST)
- Analysis of hard real-time and soft real-time requirements
  - Aviation system of systems simulation using representative use case
  - Generating configuration for simulation
  - Verification of system against architecture model defined in AADL
- Approach
  - Discrete event simulation of an SoS with multi-core processors
  - Input data: AADL specifications, external data sources
  - Output
    - SoS model characterized by parameters from AADL specifications
    - Data analysis results
      - Positive matches between specifications and designed system features
      - Specification violations/contradictions in designed system and deficiencies



# **ASSIST HIGH LEVEL ARCHITECTURE**





## **MULTICORE PROCESSORS IN AVIONICS**

#### ASSIST design motivated by Multicore Processor Analysis

 Federal Aviation Administration Study - Assurance of Multicore Processors in Airborne Systems <a href="http://www.tc.faa.gov/its/worldpac/techrpt/tc16-51.pdf">http://www.tc.faa.gov/its/worldpac/techrpt/tc16-51.pdf</a>

#### • Statistics recommended by FAA and collected by ASSIST:

- Core utilization (% utilized averaged over ms)
- Processing time per sensor message
- Processing time per thread
- Cache miss (+hit) counts and miss (+hit) rates/ms
- Thread execution details:
  - Assigned processor
  - State transitions (running, executing, waiting on resource, idle)
- Deadline violations
- Flow rates per message



## DEMONSTRATION SCENARIO (AADL MEETING OCT 2019, WASHINGTON DC)

- Virtual Integration via ASSIST Simulation featuring Hardware In the Loop (HWIL)
- Hardware: POC's flight data recorder
  - Current input sensors: turbine, fire, acceleration, altitude
  - (Modified) system design includes:
    - Multi-Core CPU, RAM, Caches, Bus
    - An additional video sensor (live feed)
- Software: Data processing framework
  - Threads, processes, subprograms to record data from sensors
- Scenario #1:
  - Flight Data Recorder (FDR) simulation using a dual core system
    - Simulate feeds from sensors (timing, message-size, order of message arrival modeled )
  - Additional messages from video: data-size, timing
- Scenario #2
  - Perform joint FDR+video simulation using a **quad** core system



## CHALLENGES IN SYSTEM IMPLEMENTATION

- Mismatch in simulation rate and data-arrival rate
  - Require tradeoff between simulation times and modeling fidelity
- Running multiple simulations simultaneously not possible on a dedicated laptop
- Modeling large systems will require platforms with high computational capabilities
- Ease of software distribution among stakeholders for evaluation during Capstone event
- Computing Approach Scalable with Size and Complexity of Simulations Is Needed



## **DEMONSTRATION SETUP**





#### Dual Core:

- Without video camera: no violations, normal/expected operating behavior
- Adding a video camera:
  - CPUs are unable to process additional data.
  - Limited computation capabilities result in deadline violations and increased processing time for all critical sensor tasks.

## Quad Core:

- Without video camera: no violations, normal/expected operating behavior
- Adding a video camera:
  - Data rate is still too high for any single CPU to handle
  - **However**, additional cores are available so the critical sensor processing tasks are not affected



## **RESULTS – DUAL CORE**













 thread2.ExecutingProcessor:
 1 (64%)
 0 (34%)

 thread3.ExecutingProcessor:
 1 (72%)
 0 (26%)

 thread4.ExecutingProcessor:
 0 (67%)
 1 (31%)

 videoThread1.ExecutingProcessor:
 1 (88%)
 0 (10%)

















onailer.messageRate
 onfler.messageRate
 onfler.messageRate
 ongla.messageRate
 onpla.messageRate
 onpla.messageRate
 onpla.messageRate
 onpla.messageRate





## **RESULTS – QUAD CORE**





0.00008

0.00006



onvideoin1.moving\_average onvideoout.moving\_average



Technology that makes a difference.®

Aircraft Sensor Awaiting Resource (percentage time per ms)

# **COMPARATIVE ANALYSIS**

#### **Processor Core Utilization**

- Dual Core: 72% / 64%
- Quad Core: 45% / 44% / 78% / 47% (additional headroom) √

**Thread Preemption Latency** 

- Dual Core: ~15-20 instances preemption exceeds 10%
- Quad Core: 0 instances preemption exceeds 10% √

**Processing Deadline Violations** 

- Dual Core: 4 critical threads 100's violations
- Quad Core: only non-critical video thread √



**Dual Core** 

Core Utilization (percent time per ms)

#### **Quad Core**





Technology that makes a difference.®

DISTRIBUTION A. Approved for public release: distribution unlimited.

videoproc.deadlineViolations

11:33:25

11:33:20

11:33:05

11:33:10

freproc.deadlineViolations
 tatprocA.deadlineViolations
 tatprocB.deadlineViolations
 tatprocC.deadlineViolations

11:33:15

vibproc.deadlineViolations videoproc.deadlineViolations

## **NEXT STEPS**

#### • ARINC 653

- Virtual Processor Partitioning
- Additional Summary Statistics
- AADL Features
  - Parameters
  - Access to peripherals
  - Programming languages

#### GUI Improvements

- Improve interface to add files and simulate. Most of the technical work is done – just need to clean it up.
- Improve GUI for comparing and contrasting variations in SoS AADL models

#### Cloud Infrastructure – deploy as cluster on Amazon

– Currently working on deploying on Kubernetes

