Industrial Challenges in Composition of Embedded …€¢Operation in a SoS Network 1980 avionics 1990 avionics 2005 Avionics 0 Software Size Radar Weapons Nav Sensors Weapon Management

BOEING is a trademark of Boeing Management Company.Copyright © 2004 Boeing. All rights reserved.

Industrial Challenges inComposition of Embedded Systems

Dr. David Corman, Dr. James Paunicka

Technical Fellow – Network Centric Operations

Boeing Phantom Works

16 October, 2006

This document does not contain technical data as defined in the International Traffic in Arms Regulations (22 CFR 120.10) or the Export Arms Regulations (15 CFR 779.1).

Boeing Technology | Phantom Works

Copyright © 2004 Boeing. All rights reserved.

NCO ThrustNCO Thrust

Who We Are

• The Boeing Company, working a rich set of application areas that willbenefit from research focused on composition of real-time embeddedsystems

• Air (manned and unmanned, commercial and military)• Space (ultra high-reliability applications)• Land (e.g., Future Combat Systems)

• Complexity of emerging system challenges is outstripping ourcapability to affordably develop and compose the next-generation ofreal-time embedded systems

• Virtually all new developments are focused on component basedsystems

• All can benefit from additional research• Most are highly dynamic and require some

level of “dependable” performance• Aircraft platforms

• Commercial– Primarily safety challenges

• Military– Security and Safety challenges– Multi-service– Piloted and autonomous aircraft– Production and research customers




Embedded Systems Technology Challenges

• Operational Complexity of Large-scaleEmbedded Systems Is Growing Exponentially• New capabilities: autonomous UAVs, Mixed

Initiative, broadband aircraft networking,• Extended capabilities: real-time mission

replanning…• Highly dynamic operating environments• Operation in a SoS Network 1980

avionics1990

avionics

2005Avionics

0

Software Size

Radar

WeaponsWeapons

Nav Sensors

WeaponManagement

Nav Sensors

WeaponManagement

Data LinksData LinksMany

ComputersMany

Computers

Multiple BusesMultiple Buses

Constrained Tactical LinksConstrained

Tactical Links

O(106) Lines of Code

O(106) Lines of CodeHard & Soft

Real-TimeHard & Soft Real-Time

Periodic & Aperiodic

Periodic & Aperiodic

Multiple Safety Criticalities

Multiple Safety Criticalities

Information Security

Information Security

MissionComputer

VehicleMgmt

COTSCOTS

• Avionics S/W challenges• Networking challenges• Information Management

challenges• Application challenges• Verification, Validation

and Certificationchallenges

• Software Engineeringchallenges

• Commercial vs militarydomain

2000Avionics




Typical Mission Computing Legacy Characteristics

• 10-100 Hz Update Rates• Up To 10-100

Processors• ~1M Lines of Code

• O(103) Components• Proprietary Hardware

• Slow CPU, smallmemory

• Fast I/O• Test-Based Verification• Mil-Std Assembly

Language• Highly Optimized For

Throughput and Memory

• Functional Architectures• Flowchart designs

• Frequently NoMaintainedRequirements or Design• Ad-hoc models used by

algorithm developers• Hardcoded Hardware

Specific Single SystemDesigns

• Isolated Use Of• Multi-processing• Schedulability analysis

– Frequently overlypessimistic to be used

David Sharp, Boeing Phantom Works, HSCC Plenary Talk, Stanford, March 2002

System size of 10 – 30M not unknown




Typical Vehicle Management Legacy Characteristics

• 80/160 Hz Update Rates• Single CPU System/

Quad Redundant• Dual/Quad Redundant

Sensors and Actuators• <100K Lines of Code• Extensive Built-In-Test

• >50% of code

• Extensive Testing• Very conservative

development culture• >50% of effort

• Control System ModelsCarefully Developed AndUsed

• Matlab/MatrixX withauto code generation

Additional Characteristics

David Sharp, Boeing Phantom Works, HSCC Plenary Talk, Stanford, March 2002




Networked System of Systems Example:FCS 18 Integrated Systems + Network + Soldier

Manned Systems Unmanned Air Vehicles

Class I

ARV-A (L)

Small (Manpackable) UGV

Non-Line of Sight Cannon Non-Line of Sight Mortar

Medical Treatmentand Evacuation

Recon andSurveillance Vehicle

Infantry CarrierVehicle

MountedCombat System

MULE: (Countermine)

MULE: (Transport)

Command andControl Vehicle

Class II Class III Class IV

Armed Robotic Vehicles

ARV RSTAARV RSTA ARV AsltARV Aslt

FCS Recovery and Maintenance Vehicle

Unmanned Ground Vehicles

Unattended Ground

Sensors

NLOS LS

Unattended Munitions

Intelligent Munitions System

Approved for Public Release, Distribution Unlimited, TACOM 14 March 2006, case 06-046.




Networked System of Systems Example:FCS Integration With Other Existing Systems

MGV

PEGASYS

WARSIM

UAV-CL IV-b

TEP

ACS

ADLER

FCS–Non FCS CIDSoldier to FCS CIDSoldier to SoldierCID

SE-CORE

NGATS

IBS

AVCATTAWACS

TSV TCO

PATRIOT

MCTIS

LFC2IS

MAGIS

MOUT-OIS

MILES XXI

F/A- 22

SIMACET

BATES

JC2

AALPS

SLAMRAMM MIPMSD

IDM

DMS-A

CLOE

BSTF

JCM

ProfilerTES PAFCS

MEADS

LLAPI

JTAGS

JLENS

GBS

Mongoose

ADOCS

APACHE

DCGS-A

CHINOOK

APKWS

CHIMSCCTT

TC-AIMS II

LFED

MC4

LLDR

AMPS/JMPS

C-130C-17

SOLDIER-CATT

C-5

TRAINING

AwaitingArchitecture

UGV

Artillery & MORTAR PROJECTILES & MISSILES

CBS

UA UE JIMSubSystemsDLSTACSIMTraining UniqueAmmo

DTSS

AMDWS

GCCS-A

MCS

ADSI

FAAD-C3I

A2C2S

IMETS

FIREFINDER (Q36)

FIREFINDER (Q37)

PHOENIX

ASTAMIDS / EO/IRSIGINT PAYLOAD

UAV CL IV

NLOS-LSLAMPAM

NETWORK

ARV(L)JAVELIN

LIGHTWEIGHT120MM cannonNON-LETHAL MUNITIONSEXCALIBURCKEMPGMMMRM/ERMElectronic Time FuseMOFAMFCSMACS

C2PC

TBMCS

NFCS

JCAD

RADIAC SETHSTAMIDS

JTRS5JAVELINMK VII

SOLDIER

CBRNRS

SentinelJSLSCADJBSDSMTSHTI-FLIR

JBPDS

Blackhawk

PROPHET

SECOMPI

TAIS

ATIA

CTIA

ONETESS

HEMTT

HMMWV

FMTV

PLSPLST

Maintenance Truck

AAFARS CAMEL

LHS FUEL FARM

LWP

HIPPO

REBS

GSTAMIDS

GMLRS

HIMARS

MLRS

ATACMS

MULE

OneSafIEWTPT

BCS3

UAV-SAR/GMTI

WIN-TMTSJTRS1JWARNGCSS-A

IMS

MGV

ACSWCEDMK-44

ASAS

NCES

ACSW

AFATDS

BFT

FBCB2

LandWarrior

HMEE

Subsystems in UA Unit of ACTION Systems Unit of EMPLOYMENT Systems Programs Outside of UE

Approved for Public Release, Distribution Unlimited, TACOM 20 Jan 2005, case 04-171.




Boeing Leverages Middleware Based Architectures toprovide Hardware and Operating System Independence

FCS SOSCOE ArchitectureHardware (CPU, Memory, IO)

Operating System & Board Support Package

RT CORBA (TAO)

OCP Extensions to TAO

Controls API

OnlineModel

ControllerGnd

Station

Hardware (CPU, Memory, IO)

Operating System & Board Support Package

RT CORBA (TAO)

OCP Extensions to TAO

Controls API

OnlineModel

ControllerGnd

Station

Open Control Platform forAutonomous Systems

Hardware (CPU, Memory, I/O)Board Support Package

Operating SystemInfrastructure Services

HUD

MPCD

Stations Station

Airframe Radar

JDAM

MK82

AIM120

AIM9L

Tgts FLIR WeaponsFly-outModel TAO

RT-OS

POSIX BSP

PC, Pow

erPC

Hardware (CPU, Memory, I/O)Board Support Package

Operating SystemInfrastructure Services

HUD

MPCD

Stations Station

Airframe Radar

JDAM

MK82

AIM120

AIM9L

Tgts FLIR WeaponsFly-outModel TAO

RT-OS

POSIX BSP

PC, Pow

erPC

Bold Stroke Product Line Architecture(F/A-18, F-15, T-45)




Avionics Software Challenges: Dynamic System Behavior

• New applications require dynamic behaviors• Mixture of hard and soft real-time tasks• Active resource management and dynamic scheduling• Mode changes with component configuration changes• Dynamic changes to system membership

– Swarms– NCO– Power conservation

• Current component/system models favor static systems• CCM• OCP

• Must meet Embedded/Real-Time constraints in a dynamic setting• Need to handle during system execution things that were typically

dealt with “out of band” at startup




Networking Challenges

• Smart routers• Help deal with massive

amounts of data• QoS in “open” networks

• Latencies• Predictability• Guaranteed delivery

• Bandwidth• Wireless• Mobile• Satellite• Airborne

• Heterogeneous/federatednetworks

• Inherently unreliablenetworks

• Networked systemsranging from Motesupwards




Networked SOS IT Challenges (cont)

Multiple Competing Dimensions & Aspects MustBe Addressed, Balanced and Integrated

OO, reuse, architectures,real-time theory, languages,

product lines, standardsto address cost, timeliness,

and quality

software to bereused in system:

OSes,Middleware,COTS/GOTS

tools, methods,environments,

etc, to buildsystems

Process TechnologiesProcess Technologies

Product ComponentsProduct ComponentsProduct TechnologiesProduct Technologies

•Affordability•Quality•Timeliness•Security•Hard/Soft Real-Time•Periodic/Aperiodic•Safety•Reliability•TRL…




Process Technology Challenges

• Design Technologies• Domain specific multi-view modeling & analysis

– Capture cross-cutting systemic concerns (deployment, composition,messaging, fault tolerance, etc.) in native architectural terms

• Integrated dynamic design space exploration & analysis– e.g. traffic analysis, system loading, operational latencies, path tracing,

safety/security non-interference, etc.• Generative technologies for correct-by-construction synthesis

– Architectural abstractions, common pattern application, synthesizedcomposition configuration, middleware integration, etc.

• Verification & Validation Technologies• Flexible & reconfigurable SoS simulation & validation

– Tailorable to specific mission context– Composable in number and type of participants, topology, etc.– Integrating real and simulated/surrogate/synthesized elements

• Completeness in varying topologies & operational contexts

Need Scalable technologies to design, analyze, verify and validate largeNetworked SoS.

Need Scalable technologies to design, analyze, verify and validate largeNetworked SoS.




Product Technology Challenges

• Product Line Architectures• Contain product variability in heterogeneous security, criticality,

timeliness & physical deployment concerns

• Component models & patterns for uber-scale systems• Enabling software variability across & within systems while addressing

cross-cutting aspects

• QoS / Resource Management• Resource & behavioral adaptation to:

– MANET topology, membership and capacity changes

– Including local vs. coordinated networked behavioral tradeoffs– Intermittent communications availability (missed updates, dropped

messages)– Changing mission context & commander’s guidance

• … while maintaining– Information separation– Multiple degrees of timeliness and criticality– Concurrent mission activities (e.g. operational & training)– Limited/competing communications throughput

• … both at the system and SoS levels

Need Composable approaches to enable heterogeneous systemvariability while addressing changing resource availability.

Need Composable approaches to enable heterogeneous systemvariability while addressing changing resource availability.




Product Technology Challenges (cont’d)

• Information Management• Maintain coherent SoS situational awareness across possibly out-of-

synch individual systems– Right information to the right user at the right time

• Programming patterns, approaches and architectures for dealing withpeer-to-peer ad hoc network communications

• Scheduling & Deployment• Hard, soft & non real-time, periodic & event-driven processing• Maintain optimal software deployment against changing user roles,

mission context, systems modes and hardware availability

• Criticality• Intermixed safety critical, mission critical and non-critical processing

– Deployment isolation, resource allocation, certification, etc.

• Information Assurance• Integrated IA architecture across GiG to the end-system user

– Accounting for USI to multiple classification levels




Product Component Challenges

• COTS Standards-based Network-centric SoS Middleware• Composable from minimal safety certifiable profile to enterprise-level

adaptive & reflective• Providing integrated network management for traffic flow reservation,

priority negotiation and admission control• Supporting pushed & pulled, method-based & data-centric

communications• Supporting static & dynamic peer-to-peer service discovery in a multi-

network changing MANET topology• Optimized for limited network throughput• With reliable communications capabilities in support of safety critical

operations• Tolerant of intermittent wireless comm failures

• IA components• High bandwidth trusted networking, cross domain and display

components in support of tactical GiG to the soldier




Multi-Entity Embedded System Challenges

• Dynamic replanning andresponse to uncertainty

• Resource and taskallocation

• Mixed initiative operations• Allocation of initiative to

human operator orautomata

• Fault-Tolerance• Heterogeneous platforms




Software Engineering Challenges

･ Creating component models/development environments for“legacy” systems･ May not always be able to select the component model first

_ Have, instead, an existing infrastructure to create a componentmodel and development environment for_ Define component model consistent with legacy platform

_ Abstractions appropriate for･ Component based development･ Existing infrastructure･ Functional and non-functional requirements

_ Generate development environment_ Modeling tools_ Code generators_ Infrastructure adapters_ Testing/analysis tools

･ Data collection･ Analysis techniques require data that:

_ Does not currently exist_ Frequently is difficult to obtain_ Too often impractical to create directly

･ Ex: timing and state transition data for legacy system/components




Avionics Software Challenges: Integration

• Component/Systemintegration is still hard

• The MoBIES problems arestill out there

• Component integrationsatisfying QoS

– Real-time– Concurrency– Distribution

• Constrained by– Large, distributed

development teams– Product line based reuse– Legacy systems, platforms

and processes• With Efficient/Effective

– Performance analysis,prediction and testing

– Testing and iterativedevelopment

Inter-ViewTranslation

ConfigurationTranslation

GenerateConfiguration


AnalysisTranslation

InputTranslation

BuildBuild

TestTest

ThreadingThreading

EventDependency

EventDependency

InvocationDependencyInvocation

Dependency

ComponentThread Map.ComponentThread Map.

ProcessProcess

ComponentAllocation

ComponentAllocation

PhysicalFault MgmtPhysical

Fault Mgmt

FaultToleranceFault

Tolerance

EventDependencies

EventDependencies

TimingTiming

LogicalFault Mgmt

LogicalFault Mgmt

ModelComponents

ModelComponents

Parse RoseParse Rose

Filter/TranslateTo XML


ModelImporterModel

Importer

Application Component

Library (ACL)

Analysis Interchange Format (AIF)

OEP Configuration

Model Editor

Instrumentation


Library (ACL)


OEP Configuration

Model Editor

Instrumentation

Lack of Embedded

System Modeling

Lack of Embedded

System Modeling

Closed Tool Interfaces


Lack Of Efficient Certifiable Code Generators


Inter-ViewTranslation

ConfigurationTranslation



AnalysisTranslation

InputTranslation

BuildBuild

TestTest

ThreadingThreading

EventDependency

EventDependency

InvocationDependencyInvocation

Dependency

ComponentThread Map.ComponentThread Map.

ProcessProcess

ComponentAllocation

ComponentAllocation

PhysicalFault MgmtPhysical

Fault Mgmt

FaultToleranceFault

Tolerance

EventDependencies

EventDependencies

TimingTiming

LogicalFault Mgmt

LogicalFault Mgmt

ModelComponents

ModelComponents

Parse RoseParse Rose



ModelImporterModel

Importer


Library (ACL)


OEP Configuration

Model Editor

Instrumentation


Library (ACL)


OEP Configuration

Model Editor

Instrumentation

Lack of Embedded

System Modeling

Lack of Embedded

System Modeling








Verification, Validation and Certification Challenges

• V&V and Certification isexpensive, and getting moreexpensive, for fielded systems

• Future advanced manned andun-manned systems may notfit naturally under current V&Vand Certification regimes

• Need approaches for efficientV&V and Certification foremerging technologies forthem to be deployable

• Multi-entity Systems• Human interaction with

Autonomy.• Fused Sensor Systems• Adaptive Systems that

change with environmentalstimulus

• Mixed Criticality- Functionsdependent on information ofvarying confidence




Program Composition of Embedded Systems (PCES)Program – Case Study in Unmanned Systems

• Challenge - Compose UAV embedded software to supportdynamic behaviors with network centric connectivity to a missioncommander on a tightly resource constrained system

• Development and composition from new UAV componentsexecuting on Product-line Reusable Scalable eMbedded (PRiSm)framework

• Demonstration as part of DARPA / ARMY / Air Force joint militaryexercise at White Sands Missile Range, New Mexico

• On-board Autonomy• Enabling Software technology for hosting autonomy on ScanEagle• C++ and Real-Time Java software platforms

– International award for Innovations in Use of Java• On-board autonomy allowed UA to map it own path in response to

high-level commands from a mission commander controllingmultiple UA

• *Public-release video*

Source: Boeing Press Release www.boeing.com/news/releases/2005/q2/nr_050420o.html




Technical Progress and Tech Transition

• RT-Java middleware,event channels, andframeworks evaluated

• Demonstrating real-time performance inembedded avionicsapplication

• Hosted on relevantembedded hardware inrelevant vehicle(ScanEagle)

• Realizing smallfootprint designs

• C++ PRiSm (Product-line Reusable ScalableEmbedded) middlewareexhibiting real-timeperformance

• Relevant hardware /relevant vehicle

Source: Boeing Public Release video for PCES demonstration




Technical Progress and TechTransition

• PCES RT-Java and C++applicationsimplementingautonomousmaneuvering inScanEagle to supporttime-critical targetrecce and monitoringof surface targetweapon strikes

• Infospace leverage inintegrated capstonedemonstration

Stallion WIT,Missile Target

No-Fly Zone

8

8

Offset Staremaneuveringdowntrack ofimpact;

Offset Staremaneuveringcrosstrack ofimpact;

Source: Boeing Public Release videofor PCES Demonstration




Public Release Video




Summary – Pervasive Industrial Strength Challenges inComposition of Embedded Systems

• Dynamicism• System of systems with

changing participants• Changing modalities of

individual systems• On-line code generation

• Heterogeneity• System of systems• Heterogeneous/federated

networks• Heterogeneous

collaborations– Ad hoc coalitions

• COTS/GOTS components inan overall system

• Fault Tolerance• Unreliable networks• High confidence• Mission effectiveness in the

presence of failures• IVHM

• Scalability• Massive data flows• Systems of many systems• Ever larger end systems

• Certification and V & V

Documents

Industrial Challenges in Composition of Embedded …€¢Operation in a SoS Network 1980 avionics 1990 avionics 2005 Avionics 0 Software Size Radar Weapons Nav Sensors Weapon Management