面向拜占庭弹性的余度管理方案

综合化航空电子系统是新一代飞机的一个重要特征,其可靠性和稳定性对整个飞机的飞行和安全起着决定性作用.针对航电系统应当具有高可靠性的特点,提出一种分布式集群余度架构,并设计相应的余度管理方法,以容忍航电系统故障后可能出现的拜占庭错误,有效提高容错计算机的可靠性和容错能力.采用门限签名和集群选主两种方案优化提出的余度管理方法,降低集群中余度计算机之间的通信开销,避免影响航电系统的实时性,提高余度管理效率.通过模拟实验进行测试,结果验证了分布式集群余度管理方法可以有效提升航电系统的可靠性,增强拜占庭弹性,实现在n余度的航电系统中只要拜占庭节点数小于n/3,系统仍然能够正确运行,并且优化方案具有更低的通信开销和计算开销.     

三模容错多处理器动态实时调度算法

实时系统现在面临着越来越迫切的容错要求。目前流行的主副备份方式对于任务集有着特殊要求,要求时间限能够允许主副备份串行地执行,并且系统需要提供相应的硬件来检测处理器错误,因此限制了容错的应用范围。本文提出基于三模冗余比较的实时容错算法,采用了副本重载技术和主副本串并行混合调度策略。分析和实验结果表明,该算法具
有更好的适应性。     

Dynamic Analysis and Distributed Control of the Tetrobot Modular Reconfigurable Robotic System

Reconfigurable robotic systems can be adapted to different tasks or environments by reorganizing their mechanical configurations. Such systems have many redundant degrees of freedom in order to meet the combined demands of strength, rigidity, workspace kinematics, reconfigurability, and fault tolerance. In order to implement these new generations of robotic system, new approaches must be considered for design, analysis, and control. This paper presents an efficient distributed computational scheme which computes the kinematics, dynamics, redundancy resolution, and control inputs for real-time application to the control of the Tetrobot modular reconfigurable robots. The entire system is decomposed into subsystems based on a modular approach and Newton's equations of motion are derived and implemented using a recursive propagation algorithm. Two different dynamic resolution of redundancy schemes, the centralized Jacobian method and the distributed virtual force method, are proposed to optimize the actuating forces. Finally, distributed dynamic control algorithms provide an efficient modular implementation of the control architecture for a large family of configurations.     

实时嵌入式容错系统的关键技术研究

简要回顾了容错技术的发展过程并分析了不同故障模型下系统的客错方式.对于瞬时故障、间歇性故障的容错可采用软件冗余方法,在实时嵌入式系统中采用软件容错时必须考虑任务的可调度性;而永久性故障则采用硬件冗余方法来解决.在此基础上,描述了一种实时双机嵌入式容错系统的模型,研究了构建容错系统需要解决的双机同步、故障检测及仲裁切换等关键问题和相应的解决方法.     

双机热备容错逻辑控制电路设计与仿真

针对传统数字电路系统冗余设计复杂、切换时间长、实现电路体积大等问题,提出一种双机热备容错逻辑控制电路的设计方案.使用VHDL语言设计、一片CPLD芯片实现工作微处理器系统的故障检测与主、备微处理器系统的实时切换等时序控制功能.时序仿真结果表明,该电路判断故障成功率高,切换时间短,可以满足强实时性嵌入式系统的双机热备冗余设计.在高可靠性的微机保护系统等应用场合,该硬件冗余设计方案具有工程设计指导意义.     

基于BMP架构的多核差异化运行技术研究

随着高速网络及多核处理器技术的快速发展,业务应用的复杂度也在日益增加。为了保证复杂业务的吞吐量及实时性,基于BMP架构提出了多核环境下操作系统任务差异化运行方案,将多核处理器分为数据面与控制面,数据面核的处理能力提供给高性能要求的循环任务使用,控制面核的任务处理不影响数据面核的性能。方案在Linux内核上进行了改造实现,实验结果表明,可有效提升复杂业务实时响应及业务吞吐能力。     

Real-time scheduling algorithm for safety-critical systems on faulty multicore environments

An algorithm (called FTM) for scheduling of real-time sporadic tasks on a multicore platform is proposed. Each task has a deadline by which it must complete its non-erroneous execution. The FTM algorithm executes backups in order to recover from errors caused by non-permanent and permanent hardware faults. The worst-case schedulability analysis of FTM algorithm is presented considering an application-level error model, which is independent of the stochastic behavior of the underlying hardware-level fault model. Then, the stochastic behavior of hardware-level fault model is plugged in to the analysis to derive the probability of meeting all the deadlines. Such probabilistic guarantee is the level of assurance (i.e., reliability) regarding the correct functional and timing behaviors of the system. One of the salient features of FTM algorithm is that it executes some backups in active redundancy to exploit the parallel multicore architecture while other backups passively to avoid unnecessary execution of too many active backups. This paper also proposes a scheme to determine for each task the number of backups that should run in active redundancy in order to increase the probability of meeting all the deadlines. The effectiveness of the proposed approach is demonstrated using an example application.     

容错优先级混合式分配搜索算法

在实时系统中,由于任务未能及时产生正确结果将导致灾难性后果,容错对于实时系统的有效性及可靠性至关重要.基于最坏响应时间计算的可调度性分析,提出了一种容错优先级混合式分配搜索算法.这种算法通过允许替代任务既能运行在高优先级别上,又可运行在低优先级别上,有效地提高了系统的容错能力.通过实验测试,与目前所知的同类算法相比,在提高系统容错能力方面更为有效.     

Windows设备驱动程序的实时内核设计

针对工业控制领域中对Windows操作系统的实时性需求,提出在Windows驱动程序中设计实时内核并进行任务调度的方法.着重研究了Windows驱动实时系统的实现方案和系统结构以及实时内核的任务调度设计和任务切换过程,完成了Window s驱动实时系统的设计与开发工作.通过对所设计系统的测试,验证了系统具有较好的实时性能,能满足一般工业控制场合的需求.     

An adaptive redundancy control method for erasure-code-basedreal-time data transmission over the Internet

We propose an adaptive redundancy control method for erasure-code-based real-time data transmission over the Internet. The loss rate is an important quality of service (QoS) parameter for real-time data transmission. However, real-time data transmission over best-effort networks, such as the Internet, suffers from a frequent packet loss due to traffic congestion. Erasure-code-based loss recovery scheme is widely used for loss recovery on the Internet. We propose a redundancy estimation algorithm which considers consecutive losses since the loss recovery rate depends on the amount of redundancy data. A continuous time Markov chain is used for modeling the loss process and adjusting the number of redundant packets. Measurements and simulation results show that the proposed scheme can be used as an efficient loss recovery algorithm for real-time data transmission over the Internet     

利用固定字段的自同步加扰系统容错译码

香农指出,信源中的冗余可以在接收端被用来提高系统性能。固定字段可以看作是信源中的冗余。本文研究自同步加扰系统信源固定字段利用问题,提出由去扰数据进行固定字段检测,得出错误位置,并进一步映射为去扰前错误位置,从而在译码之前预先纠错的容错处理方法。由于容错后的数据流恢复了部分错误,误码率得到降低,因此译码结果明显改善。仿真结果显示,当信源载荷率为30%时,通过利用固定字段,容错译码可获得0.5dB左右的信噪比增益。     

An investigation of a human material handler on part flow in automated manufacturing systems

This paper presents a formal approach to resolve an important question concerning changes in the control of computerized manufacturing systems when a human operator is involved as a task-performing agent. It requires building a model of human functional specifications used in executing tasks and integrating it into a control scheme for the model. More importantly, analysis of control complexity needs to be conducted to build an effective control mechanism. In this paper, a human material handler is considered, and an assessment of part flow complexity affected by human tasks in a highly automated manufacturing system is presented. For this purpose, a formal model of human task-performing processes is proposed in terms of a part and location(s) of a task. A classification for human material handling tasks is presented based on the proposed model. Furthermore, human errors and the impact of human errors on part flow are considered. Part flow complexity of a manufacturing system from the control perspective is then investigated in terms of the human tasks and errors. A shop floor control example where a human operator performs material handling tasks is provided to illustrate the proposed model.     

TDCS: a new scheduling framework for real-time multimedia OS

ABSTRACT

The emerging real-time hyper-physical system (CPS), such as autonomous vehicle and live interactive media application, requires time deterministic behaviour. This is challenging to achieve by using the traditional general purpose operating system (GPOS). This paper presents a new design of the real-time operating system (OS) scheduling mechanism called ‘time deterministic cyclic scheduling’ (TDCS) mainly for live multimedia tasks processing. This new scheduler shares a similar philosophy as classic cyclic execution but with flexibility and dynamic configuration. This hybrid design is based on both time-reserved based cyclic execution and priority-based pre-emptive scheduling for mixed criticality applications. The simulation results show that this scheduling scheme can achieve predictable timing behaviour of task delay and jitter under high CPU utilisation. This shows that the proposed scheme is promising for low latency high-performance multimedia censoring tasks that occur in a periodic manner.     

基于检查点机制的容错实时调度算法CP-PRA

时间冗余作为容错的重要手段被广泛应用于安全关键实时系统中。传统容错调度算法为失败任务的重运行(Re-execute)预留了大量的空闲时间，但是重运行的使用会降低系统的资源利用率。提出了一种基于检查点机制的容错调度算法CP-PRA，通过降低错误恢复需要的时间，可以有效地提高系统的资源利用率。给出了该算法的可调度奈件，并证明了其算法的正确性。     

New technique: Design and implementation of the highly-reliable, low-cost housekeeping system in the ZDPS-1A pico-satellite

The ZDPS-1A pico-satellite designed in Zhejiang University with a mass of 3.5 kg and a power consumption of less than 3.5 W is the smallest satellite in China up to now. The housekeeping system (HKS) is the core part of ZDPS-1A. The reliability of HKS has an important influence on the safety of the satellite. Traditional fault-tolerant methods do not apply to ZDPS-1A due to such pico-satellite characteristics as light weight, compactness in size, energy saving, and high integration. This paper deals with a highly-reliable, low-cost design for HKS using industrial devices. The reliable strategies of HKS include a dual modular redundancy scheme, CPU warm backup, a static triple modular redundancy scheme, and two-level watchdogs. Recursive experiments, special tests, and environmental tests show that this system meets the design target. This design has already been applied to ZDPS-1A, which was launched to execute in-orbit tasks on Sept. 22, 2010. To date, the satellite has been in a proper state for more than 15 months.     

Checkpoint Management with Double Modular Redundancy Based on the Probability of Task Completion

This paper proposes a checkpoint rollback strategy for real-time systems with double modular redundancy.Without built-in fault-detection and spare processors,our scheme is able to recover from both transient and permanent faults.Two comparisons are conducted at each checkpoint.First,the states stored in two consecutive checkpoints of one processor are compared for checking integrity of the processor.The states of two processors are also compared for detecting faults and the system rolls back to the previous checkpoint whenever required by logic of the proposed scheme.A Markov model is induced by the fault recovery scheme and analyzed to provide the probability of task completion within its deadline.The optimal number of checkpoints is selected so as to maximize the probability of task completion.     

Fault-Tolerant Rate-Monotonic Scheduling

Due to the critical nature of the tasks in hard real-time systems, it is essential that faults be tolerated. In this paper, we present a scheme which can be used to tolerate faults during the execution of preemptive real-time tasks. We describe a recovery scheme which can be used to re-execute tasks in the event of single and multiple transient faults and discuss conditions that must be met by any such recovery scheme. We then extend the original Rate Monotonic Scheduling (RMS) scheme and the exact characterization of RMS to provide tolerance for single and multiple transient faults. We derive schedulability bounds for sets of real-time tasks given the desired level of fault tolerance for each task or subset of tasks. Finally, we analyze and compare those bounds with existing bounds for non-fault-tolerant and other variations of RMS.     

基于 Linux的实时控制系统的调度算法研究

在实时系统中,实时调度算法是影响实时性能的关键因素。本文首先分析了当前基于Linux的内核实时支持的相关主流技术,说明了Linux在实时性支持上的现状和弱点,综合比较了各种解决方案的优缺点。以往对实时调度算法的研究着重于硬实时性的满足,本文基于具体应用的特殊性以及当前对实时调度研究的发展趋势,对共存于同一系统中的
的周期性实时任务和非周期性任务的混合调度问题做进一步的探讨,提出一种实时任务的层次调度算法,保证了带宽的利用,克服了传统混合调度算法处理器利用率受限制、系统开销较大和非周期部分响应时间长的问题。基于这些研究成果,提出了改造方案,并在Linux操作系统中予以了实现。     

Real-Time Model-Based Fault Detection and Isolation for UGVs

The paper presents a model-based sensor fault detection and isolation system applied in real-time to unmanned ground vehicles. Structural analysis is applied on the nonlinear model of the vehicle for building the residual generation module, followed by an ad-hoc residual evaluation module for detecting single and multiple sensor faults. The overall proposed diagnosis scheme has been tested in real-time on a real mobile robot in an outdoors environment and for different tasks. The obtained experimental results are satisfactory in terms of diagnosis performance and real-time implementation.     

支持双网双主站的Modbus通信在继电保护中的应用

根据Modbus通信协议的特点以及继电保护装置中对通信可靠性的要求,提出了支持双通信网络、双主站的Modbus通信在继电保护装置中的应用。简介TModbus通信协议,系统冗余和单元冗余的概念。给出了双网双主站的通信方案,说明了为支持冗余在主站和子站设计上应该注意的问题,定量分析了采用单元冗余、系统冗余混合冗余的方式为系统可靠性提高带来的影响。说明了Modbus协议传输继电保护装置信息的数据交换过程和应当注意的问题,如镜像数据区定义,TCP粘连包的问题等。