DOC PREVIEW
MIT 16 070 - Real Time System Testing

This preview shows page 1-2-14-15-30-31 out of 31 pages.

Save
View full document
View full document
Premium Document
Do you want full access? Go Premium and unlock all 31 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 31 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 31 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 31 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 31 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 31 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 31 pages.
Access to all documents
Download any document
Ad free experience

Unformatted text preview:

hperry5/4/01Real Time System Testing MIT 16.070 Lecture 32hperry5/4/01Real Time System Testing (32)• The next three lectures will focus on:– Lecture 30: (R 11.3)• How to minimize failure in real time systems• Methods used to test real time systems– Lecture 31:(R 13)• What is Software Integration?•Test Tools• An example approach for integration and test of the MIT 16.070 final project–Lecture 32:(R 11.4)•Fault Tolerance•Exception Handling•Formal Test Documentationhperry5/4/01Fault ToleranceWhat does it mean for a system to be fault tolerant?The system can operate (although performance may be degraded) inthe presence of a software or a hardware failure.How do you design a fault tolerant system?• Incorporate exception handling to tolerate missed deadlines or work around error conditions• Design fault tolerant or redundant hardware or software into thesystemAsk yourself questions…how can the system fail?hperry5/4/01Some Exception Handling MethodsQ: What if your system randomly misses data from a sensor? A: Time tag your system data and use it only if the time tag has been updated since the last time it was used.GPSSharedMemoryNavigation SensorTasksSensorsSensor datapoolsGPS data with time tag is written to shared memoryWhen other tasks come to read that data out of shared memory,they can discard the data if the new time tag = old time tag.Lat, lon, alt,time tagLat, lon, alt,time tagData consumingtaskshperry5/4/01Some Exception Handling MethodsQ: What if your system randomly misses data from a sensor? (continued)A: If data is too stale and the system cannot function properly without the new data, switch to a degraded mode of operation– In a navigation system, this might be a backup navigation mode that operates on minimal inputs, separate from those that have failed– In a space explorer robot system, this might be a zero-velocity state where the robot waits for communication of a set of new commandshperry5/4/01Some Exception Handling MethodsQ: What if data goes bad for any number of reasons? What if bad data results in...• Divide by zero in the software algorithm• Data input from sensors out of a specified range (overflow condition for the algorithm or for the data type)A: Add conditionals to your software to work around the problem.Instead of Useresult = y/x; if x !=0 then result = y/x;data = get_data(); data = get_data();if data>1000, data = 1000;if data<0, data = 0;hperry5/4/01Some Exception Handling MethodsQ: What if a critical task should hang during execution?– For example, a task is waiting on data from a sensor, but the sensor loses its data link to the processor before it can provide the data)?looptaskwhile (1)data = get_data();Retrieves data from sensorand returnshperry5/4/01Some Exception Handling MethodsA: Relieve the task from waiting by…• Designing functions with return values to indicate good/bad status • Adding timeouts on retrieving the data to those functions to drive good/bad status return.Note:• This brings up the need for call by reference in C• This concept can be expanded to operating system calls (posting mailboxes, releasing semaphores), library function calls, etc. provided the RTOS supports it.hperry5/4/01Some Exception Handling MethodsThe importance of “call by reference” to facilitate error handling• C functions can return only one value• If that value = status, how does the calling task (or function) get any information back from the task? The answer - Call by reference.Instead of Useint get_data(); int get_data(*int x)where the int returned is data: where int returned is the status and y is data:data = get_data();status = get_data(&y)hperry5/4/01Some Exception Handling MethodsWithout exception handling:int y;int get_data();void light_LED();while (1){y = get_data(); /* get data from sensor software*/if (y>100) {light_LED(); /* turn on LEDs */}} /* end infinite loop */hperry5/4/01Some Exception Handling MethodsWith exception handling:# include <stdio.h>int y, error;int get_sensor_data(int* x)void light_LED();while (1){error = get_sensor_data(&y);/* pass the function the address of y, return error */if (!error){if (y >100) light_LED(); /* turn on LEDs */}else printf("Error in data coming from sensor = %d", error);} /* end infinite loop */hperry5/4/01Exception Handling Methods - The Tradeoff• On the one hand, exception handling can guard against problems such as:– Erroneous mathematical conditions (divide by zero, overflow)– Tasks that hang waiting for inputs that will never come (due to failed hardware, poor communication link, software bug etc.)– Poor reactions to missed deadlines• On the other hand, putting in all of this exception handling takes up resources (CPU time and memory) that must be worth the trade-off• You must balance the two to achieve a robust software design that works within the timing and sizing constraints of the systemhperry5/4/01Fault Tolerance - Checking Hardware ResourcesHow can a processor check its own status?• Built-In-Test (BIT)– Ongoing diagnostics of the hardware that runs the software– Interface checks• CPU testing (done in the background)• Memory testing– Checking for memory corruption due to vibration, power surges, electrostatic discharge, single event upsets, etc.– Use error detection & recovery schemes (CRC, Hamming Code)• Watchdog Timers– Counting registers used to ensure that devices are still on line– CPU resets the timer at regular intervals. Timer overflow indicates a problem with the CPUhperry5/4/01Fault ToleranceRedundant Hardware Solutions - A two processor scheme• Primary sends replica of all its inputs to Secondary• Secondary runs same software as Primary• Secondary checks for “pulse” from Primary to verify its health• If pulse is absent, Secondary takes over the system• Requires redundant communication lines to all system components• Many military aircraft systems are built this wayPrimary Secondaryhperry5/4/01Fault ToleranceRedundant Hardware Solutions - A two processor scheme• When might this scheme fail?–––Primary Secondaryhperry5/4/01Fault Tolerance - Redundant Processors• Computers can vote on who is worthy of staying in the system -Check “pulse” to be sure the computers are on-line- Compare data outputs from computationsHow many do you need?ACBA B2?3?hperry5/4/01Fault Tolerance - Redundant ProcessorsACBA B2?3?A says B is sickB says A is sickWho is right?Who should take


View Full Document

MIT 16 070 - Real Time System Testing

Documents in this Course
optim

optim

20 pages

Load more
Download Real Time System Testing
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view Real Time System Testing and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view Real Time System Testing 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?