Partitioning and ProtectionBreakout SessionJohn RushbyComputer Science LaboratorySRI InternationalMenlo Park, California, USAJohn Rushby, SR I Partitioning and Protection: 1Overview This is an interactive session: pooling of knowledge, lessons learned, concerns fromdeveopers, certifiers, and researchers I’m the author of NASA CR-99-209347 Partitioning in Avionics Architecture:Requirements, Mechanism, and Assurance, referenced in CAST-2Available athttp://techreports.larc.nasa.gov/ltrs/PDF/1999/cr/NASA-99-cr209347.pdf I’ll start off with a brief summary Need for partitioning Partitioning mechanisms in individual processors Partitioning in bus architectures Requirements and assurance for partitioning Then it’s over to youJohn Rushby, SR I Partitioning and Protection: 2CAST 2 Definitions Partitioning is just one means of implementing the general concept of protection Partitioning is method of separating components to ensure protection (section 2.3.1of ED12B/DO-178B) The real issue is whether two or more components are protected from the actions ofeach other Component X can be said to be strictly protected from Y if any behavior of Y has noeffect on the operation of X Component X can be said to be safely protected from Y if any behavior of Y has noeffect on the safety properties of XJohn Rushby, SR I Partitioning and Protection: 3Simple PicturePartition A Partition BOperating SystemHardwareJohn Rushby, SR I Partitioning and ...
Requirements, Mechanism, and Assurance , referenced in CAST-2 Available at http://techreports.larc.nasa.gov/ltrs/PDF/ 1999/cr/NASA-99-cr209347.pdf
John Rushby, SR I
◦ Need for partitioning ◦ Partitioning mechanisms in individual processors ◦ Partitioning mechanisms in bus architectures ◦ Requirements and assurance for partitioning
•
•
• This is an deveopers, certiers, and researchers ◦
◦ ◦ Static vs. dynamic (priority-based) scheduling ◦ Static has simpler assurance, but may complicate application design ◦ Dynamic scheduling requires knowledge of pitfalls ? Priority inversions (interaction of priorities and locks) ? Correct accounting (charging for process swaps)