[go: up one dir, main page]

CN111813522A - A Virtual ARINC 653 Simulation and Verification Platform - Google Patents

A Virtual ARINC 653 Simulation and Verification Platform Download PDF

Info

Publication number
CN111813522A
CN111813522A CN202010655912.8A CN202010655912A CN111813522A CN 111813522 A CN111813522 A CN 111813522A CN 202010655912 A CN202010655912 A CN 202010655912A CN 111813522 A CN111813522 A CN 111813522A
Authority
CN
China
Prior art keywords
partition
message
queue
sent
partitions
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010655912.8A
Other languages
Chinese (zh)
Other versions
CN111813522B (en
Inventor
陈进朝
杜承烈
蒋泽军
尤涛
王丽芳
陈可可
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Northwestern Polytechnical University
Original Assignee
Northwestern Polytechnical University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Northwestern Polytechnical University filed Critical Northwestern Polytechnical University
Priority to CN202010655912.8A priority Critical patent/CN111813522B/en
Publication of CN111813522A publication Critical patent/CN111813522A/en
Application granted granted Critical
Publication of CN111813522B publication Critical patent/CN111813522B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/48Program initiating; Program switching, e.g. by interrupt
    • G06F9/4806Task transfer initiation or dispatching
    • G06F9/4843Task transfer initiation or dispatching by program, e.g. task dispatcher, supervisor, operating system
    • G06F9/4881Scheduling strategies for dispatcher, e.g. round robin, multi-level priority queues
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/50Allocation of resources, e.g. of the central processing unit [CPU]
    • G06F9/5005Allocation of resources, e.g. of the central processing unit [CPU] to service a request
    • G06F9/5027Allocation of resources, e.g. of the central processing unit [CPU] to service a request the resource being a machine, e.g. CPUs, Servers, Terminals
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/54Interprogram communication
    • G06F9/542Event management; Broadcasting; Multicasting; Notifications
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/54Interprogram communication
    • G06F9/544Buffers; Shared memory; Pipes
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/54Interprogram communication
    • G06F9/546Message passing systems or structures, e.g. queues
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2209/00Indexing scheme relating to G06F9/00
    • G06F2209/48Indexing scheme relating to G06F9/48
    • G06F2209/484Precedence
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2209/00Indexing scheme relating to G06F9/00
    • G06F2209/54Indexing scheme relating to G06F9/54
    • G06F2209/548Queue

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Multimedia (AREA)
  • Debugging And Monitoring (AREA)

Abstract

The invention discloses a virtual ARINC653 simulation verification platform, and relates to the field of airborne embedded simulation software. The method is used for solving the problems of high requirement on resource configuration and poor universality of the existing ARINC653 standard-based real-time operating system due to the fact that a source code is not public. The platform comprises partition management, a partition configuration module and a partition management module, wherein the partition management is used for creating a plurality of partitions according to XML configuration files and performing partition configuration on the plurality of partitions; scheduling the plurality of partitions according to a time window rotation mode, and scheduling a plurality of processes included in the partitions according to a priority preemption mode; the communication management is used for completing the communication between the partitions based on the sampling ports and the queue ports according to the shared memory mechanism and the partition configuration; communication between processes in the partitions is completed based on the blackboard and the cache; and the health monitoring management is used for receiving the error codes sent by the partitions and calling the processing functions corresponding to the error codes according to the error codes to perform error processing.

Description

一种虚拟ARINC 653仿真验证平台A Virtual ARINC 653 Simulation and Verification Platform

技术领域technical field

本发明涉及机载嵌入式仿真软件领域,更具体的涉及一种虚拟ARINC 653仿真验证平台。The invention relates to the field of airborne embedded simulation software, and more particularly to a virtual ARINC 653 simulation verification platform.

背景技术Background technique

近年来,信息智能时代的航空环境越来越复杂,航空电子系统也逐渐向智能化、模块化、集成化的方向发展。复杂的软硬件资源的添加对航空电子系统的处理能力和重量控制提出了更高的要求。传统的联合式架构缺乏安全性、可移植性、可扩展性,不再符合当前航空电子系统高度集成化的发展要求。所以,基于综合模块化航空电子架构(IntegratedModular Avionic,IMA)的ARINC653标准在航空电子领域越来越被广泛采用。ARINC 653标准是基于IMA架构对航空电子应用程序接口制定的规范,描述了嵌入式实时操作系统的运行时环境。它采用分区机制,各个分区根据配置要求加载到一个标准硬件平台,解决了原有架构不可扩展性和冗余问题,在保证系统的轻便性的基础上,实现了系统的安全性、可移植性和可扩展性设计。In recent years, the aviation environment in the era of information intelligence has become more and more complex, and the avionics system has gradually developed in the direction of intelligence, modularization and integration. The addition of complex software and hardware resources places higher requirements on the processing power and weight control of avionics systems. The traditional joint architecture lacks security, portability, and scalability, and no longer meets the development requirements of the current highly integrated avionics system. Therefore, the ARINC653 standard based on the Integrated Modular Avionic Architecture (IMA) is more and more widely adopted in the avionics field. The ARINC 653 standard is a specification for avionics application programming interfaces based on the IMA architecture, describing the runtime environment of an embedded real-time operating system. It adopts a partition mechanism, and each partition is loaded into a standard hardware platform according to the configuration requirements, which solves the problems of the original architecture's inextensibility and redundancy, and realizes the security and portability of the system on the basis of ensuring the portability of the system. and extensible design.

国外基于ARINC 653标准的商用操作系统包括风河公司的VxWorks653、LynuxWorks公司的LynxOS-178等,都是基于IMA架构的嵌入式实时操作系统,采用分区隔离机制,每个分区被划分到不同的处理器单元上,享有独立的资源并运行配置的分区操作系统,体现了分区的独立性,保证了某一分区的故障不会传播到其他分区;国内的分区操作系统天脉2机载操作系统,引入DO-178B规范对系统进行开发与验证,最终保证天脉2机载操作系统符合综合化、模块化系统的应用需求,在综合电子领域实现了有效应用。Foreign commercial operating systems based on the ARINC 653 standard include VxWorks653 of Wind River, LynxOS-178 of LynuxWorks, etc., which are embedded real-time operating systems based on IMA architecture, using partition isolation mechanism, and each partition is divided into different processing systems. On the server unit, it enjoys independent resources and runs the configured partition operating system, which reflects the independence of the partition and ensures that the failure of one partition will not spread to other partitions; the domestic partition operating system Tianmai 2 airborne operating system, The DO-178B specification was introduced to develop and verify the system, and ultimately ensure that the Tianmai 2 airborne operating system meets the application requirements of an integrated and modular system, and has achieved effective application in the field of integrated electronics.

现有的基于ARINC 653标准的实时操作系统因源码不公开,存在对资源配置要求高,以及通用性较差的问题。The existing real-time operating system based on the ARINC 653 standard has the problems of high resource allocation requirements and poor generality because the source code is not open.

发明内容SUMMARY OF THE INVENTION

本发明实施例提供一种虚拟ARINC 653仿真验证平台,用以解决现有的基于ARINC653标准的实时操作系统因源码不公开,存在对资源配置要求高,以及通用性较差的问题。The embodiment of the present invention provides a virtual ARINC 653 simulation verification platform, which is used to solve the problems that the existing real-time operating system based on the ARINC653 standard has high resource allocation requirements and poor versatility because the source code is not open.

本发明实施例提供了一种虚拟ARINC 653仿真验证平台,包括:The embodiment of the present invention provides a virtual ARINC 653 simulation verification platform, including:

分区管理,用于根据XML配置文件创建多个分区,并对多个所述分区进行分区配置;按照时间窗口轮转方式对多个所述分区进行调度,按照优先级抢占方式对所述分区内包括的多个进程进行调度;Partition management, used to create multiple partitions according to the XML configuration file, and perform partition configuration on the multiple partitions; schedule the multiple partitions according to the time window rotation mode, and schedule the partitions according to the priority preemption method. scheduling of multiple processes;

通信管理,用于根据共享内存机制以及所述分区配置,基于采样端口和队列端口完成所述分区与所述分区之间的通信;基于黑板和缓存完成所述分区内所述进程之间的通信;Communication management is used to complete the communication between the partition and the partition based on the sampling port and the queue port according to the shared memory mechanism and the partition configuration; complete the communication between the processes in the partition based on the blackboard and the cache ;

健康监控管理,用于接收所述分区发送的错误代码,根据所述错误代码调用与所述错误代码相对应的处理函数进行错误处理。The health monitoring management is used for receiving the error code sent by the partition, and calling a processing function corresponding to the error code to perform error processing according to the error code.

优选地,所述分区包括源端口、目的端口、队列和共享内存;其中,所述源端口采用采样队列模式或采样模式;所述目的端口采用采样队列模式或采样模式;Preferably, the partition includes a source port, a destination port, a queue and a shared memory; wherein, the source port adopts a sampling queue mode or a sampling mode; the destination port adopts a sampling queue mode or a sampling mode;

所述分区管理用于根据XML配置文件中建立源、目的与通道之间的映射关系。The partition management is used to establish the mapping relationship between the source, the destination and the channel according to the XML configuration file.

优选地,所述分区管理还用于设置主时间框架,所述主时间框架包括多个所述时间窗口,根据所述主时间框架确定每个所述分区的运行周期和调度周期,每个所述分区在所述主时间框架内占据一个或者多个所述时间窗口;Preferably, the partition management is further used to set a main time frame, the main time frame includes a plurality of the time windows, and the operation period and scheduling period of each of the partitions are determined according to the main time frame. the partition occupies one or more of the time windows within the main time frame;

当确定第一分区运行的时间窗口结束时,停止运行所述第一分区内的进程,为第二分区分配CPU资源,运行所述第二分区内的进程;其中,所述第一分区的下一个运行分区为所述第二分区。When it is determined that the time window for running the first partition ends, the process in the first partition is stopped, CPU resources are allocated to the second partition, and the process in the second partition is run; wherein, the lower part of the first partition One operating partition is the second partition.

优选地,所述分区管理还用于:Preferably, the partition management is also used for:

建立每个所述分区ID和分区状态的哈希映射,当接收到进程调度指令时,若所述第二分区的状态为NORMAL时,对所述第二分区内包括的所述进程进行调度;Establishing a hash map of each of the partition IDs and partition states, when receiving a process scheduling instruction, if the state of the second partition is NORMAL, schedule the processes included in the second partition;

当一个所述分区内包括多个具有相同优先级的所述进程时,根据先进先出算法对所述进程进行调度;或者When a plurality of the processes with the same priority are included in one of the partitions, the processes are scheduled according to a first-in, first-out algorithm; or

当一个所述分区内包括的多个所述进程具有不同优先级时,为具有最高优先级的所述进程分配时间片和所述CPU资源;其中,所述时间窗口包括多个所述时间片。When a plurality of the processes included in one of the partitions have different priorities, allocate a time slice and the CPU resource to the process with the highest priority; wherein, the time window includes a plurality of the time slices .

优选地,所述通信管理用于:Preferably, the communication management is used to:

所述队列端口用于按照先进先出的方式将接收到的待发送消息存放在消息队列中,所述进程从所述消息队列发送消息时,当确定所述消息队列为非空时,发送所述消息队列包括的第一待发送消息,并将所述第一待发送消息从所述消息队列删除;或者The queue port is used to store the received messages to be sent in the message queue in a first-in-first-out manner. When the process sends a message from the message queue, when it is determined that the message queue is not empty, send the message. the first message to be sent included in the message queue, and delete the first message to be sent from the message queue; or

采样端口用于将接收到待发送消息覆盖上一个待发送消息的方式将所述待发送消息存储在共享内存中,所述进程从所述采样端口发送消息时,当确定所述共享内存非空时,确定所述待发送消息的目的端口,根据所述目的端口发送所述所述待发送消息。The sampling port is used to store the to-be-sent message in the shared memory by overwriting the received message to be sent in the previous to-be-sent message. When the process sends a message from the sampling port, when it is determined that the shared memory is not empty When the message is sent, the destination port of the message to be sent is determined, and the message to be sent is sent according to the destination port.

优选地,所述通信管理还用于:Preferably, the communication management is also used for:

所述进程从所述队列端口发送消息时,设置延时触发器,当确定所述队列端口为空时,将所述进程的状态转换为等待状态,经历一个触发器周期后,所述进程从所述队列端口接收所述待发送消息;或者When the process sends a message from the queue port, a delay trigger is set. When it is determined that the queue port is empty, the state of the process is converted to a waiting state. After a trigger cycle, the process starts from the queue port receives the to-be-sent message; or

所述进程从所述采样端口发送消息时,设置延时触发器,当确定所述共享内存为空时,将所述进程的状态转换为等待状态,经历一个触发器周期后,所述进程从所述采样端口接收所述待发送消息。When the process sends a message from the sampling port, a delay trigger is set. When it is determined that the shared memory is empty, the state of the process is converted to a waiting state. After one trigger cycle, the process starts from The sampling port receives the to-be-sent message.

优选地,所述通信管理用于:Preferably, the communication management is used to:

所述进程从所述黑板读取消息时,若所述黑板非空,则从所述黑板读取存在的消息;When the process reads a message from the blackboard, if the blackboard is not empty, read the existing message from the blackboard;

所述向所述黑板写入消息时,若所述黑板非空,将接收到的消息覆盖所述黑板上已有消息;或者若所述黑板为空时,将接收到的消息写入所述黑板上;When writing a message to the blackboard, if the blackboard is not empty, the received message will be overwritten with the existing message on the blackboard; or if the blackboard is empty, the received message will be written into the blackboard. blackboard;

所述进程从所述缓冲队列读取消息时,若所述缓冲队列非空时,读取所述缓冲队列的第一个消息,并将所述第一个消息从所述缓冲队列删除;When the process reads a message from the buffer queue, if the buffer queue is not empty, read the first message of the buffer queue, and delete the first message from the buffer queue;

当所述进程向所述缓冲队列写入消息时,若所述缓冲队列已满,对所述进程状态转换为等待状态;或者若所述缓冲队列未满,则将消息加入到所述缓冲队列的队尾。When the process writes a message to the buffer queue, if the buffer queue is full, the process state is converted to a waiting state; or if the buffer queue is not full, the message is added to the buffer queue tail of the team.

优选地,所述通信管理还用于:Preferably, the communication management is also used for:

所述进程从所述黑板读取消息时,设置延时触发器,若所述黑板为空时,将所述进程的状态转换为等待状态,经历一个触发器周期后,所述进程从所述黑板读取消息;When the process reads a message from the blackboard, a delay trigger is set. If the blackboard is empty, the state of the process is converted to a waiting state. After a trigger cycle, the process starts from the The blackboard reads the message;

所述进程从所述缓冲队列读取消息时,设置延时触发器,若所述缓冲队列为空时,经历一个触发器周期后,所述进程从所述缓冲队列读取消息。When the process reads a message from the buffer queue, a delay trigger is set. If the buffer queue is empty, the process reads a message from the buffer queue after one trigger cycle.

本发明实施例提供一种虚拟ARINC 653仿真验证平台,包括:分区管理,用于根据XML配置文件创建多个分区,并对多个所述分区进行分区配置;按照时间窗口轮转方式对多个所述分区进行调度,按照优先级抢占方式对所述分区内包括的多个进程进行调度;通信管理,用于根据共享内存机制以及所述分区配置,基于采样端口和队列端口完成所述分区与所述分区之间的通信;基于黑板和缓存完成所述分区内所述进程之间的通信;健康监控管理,用于接收所述分区发送的错误代码,根据所述错误代码调用与所述错误代码相对应的处理函数进行错误处理。该平台包括的分区管理通过Windows系统亲缘性设定,根据任务实时性要求实现CPU资源灵活配置,保证实时任务的优先执行,实现具有实时性;通信管理通过对通信层屏蔽底层的具体实现,建立接口虚拟映射,实现通信虚拟化,实现具有可移植性;健康监控管理通过基于发布/订阅模型的数据分发服务,保证了故障信息的稳定传输,增强了虚拟仿真平台的故障处理能力。The embodiment of the present invention provides a virtual ARINC 653 simulation verification platform, including: partition management, used for creating multiple partitions according to an XML configuration file, and performing partition configuration on the multiple partitions; The partition is scheduled, and multiple processes included in the partition are scheduled according to the priority preemption mode; communication management is used to complete the partition and all the processes based on the sampling port and the queue port according to the shared memory mechanism and the partition configuration. The communication between the partitions; the communication between the processes in the partition is completed based on the blackboard and the cache; the health monitoring management is used to receive the error code sent by the partition, and call the error code according to the error code. The corresponding handler function performs error handling. The partition management included in the platform is set by the affinity of the Windows system, and the CPU resources are flexibly configured according to the real-time requirements of tasks, ensuring the priority execution of real-time tasks, and realizing real-time performance; communication management is established by shielding the specific implementation of the bottom layer for the communication layer. Interface virtual mapping realizes communication virtualization and portability; health monitoring management ensures the stable transmission of fault information through the data distribution service based on the publish/subscribe model, and enhances the fault handling capability of the virtual simulation platform.

附图说明Description of drawings

为了更清楚地说明本发明实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to explain the embodiments of the present invention or the technical solutions in the prior art more clearly, the following briefly introduces the accompanying drawings that need to be used in the description of the embodiments or the prior art. Obviously, the accompanying drawings in the following description are only These are some embodiments of the present invention. For those of ordinary skill in the art, other drawings can also be obtained according to these drawings without creative efforts.

图1为本发明实施例提供的一种虚拟ARINC 653仿真验证平台结构示意图;1 is a schematic structural diagram of a virtual ARINC 653 simulation verification platform provided by an embodiment of the present invention;

图2为本发明实施例提供的分区管理包括的两级调度模型示意图;2 is a schematic diagram of a two-level scheduling model included in partition management provided by an embodiment of the present invention;

图3为本发明实施例提供的分区调度器调度模型示意图;3 is a schematic diagram of a partition scheduler scheduling model provided by an embodiment of the present invention;

图4为本发明实施例提供的分区间通信模型示意图;4 is a schematic diagram of an inter-partition communication model provided by an embodiment of the present invention;

图5为本发明实施例提供的健康监控模型示意图。FIG. 5 is a schematic diagram of a health monitoring model provided by an embodiment of the present invention.

具体实施方式Detailed ways

下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only a part of the embodiments of the present invention, but not all of the embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those of ordinary skill in the art without creative efforts shall fall within the protection scope of the present invention.

相关概念介绍Introduction to related concepts

1、分区:分区是ARINC 653提出的核心概念,分区保证了系统的时空隔离。可以有一个或者多个进程同时存在于一个分区内,且共享分区的系统资源。1. Partition: Partition is the core concept proposed by ARINC 653, which ensures the space-time isolation of the system. One or more processes can exist in a partition at the same time and share the system resources of the partition.

2、分区调度:分区调度是按照预先设置的周期时间序列对CPU资源进行分配,每个分区按照分配给他的窗口被激活运行,分区之间没有优先级,并且每个周期内每个分区至少运行一次。2. Partition scheduling: Partition scheduling is to allocate CPU resources according to a preset cycle time sequence. Each partition is activated and operated according to the window assigned to him. There is no priority between partitions, and each partition in each cycle has at least run it once.

3、进程:进程是分区内部的可调动单元,分区内部有一个或者多个进程,每个进程只属于一个分区,同一个分区内的所有进程共享分区的系统资源,多个进程可以发执行。3. Process: A process is an adjustable unit within a partition. There are one or more processes in a partition. Each process belongs to only one partition. All processes in the same partition share the system resources of the partition, and multiple processes can be executed.

4、进程调度,每个进程都有一个当前优先级,而进程调度算法就是基于优先级的可抢占式策略。4. Process scheduling, each process has a current priority, and the process scheduling algorithm is a preemptible strategy based on priority.

5、分区间通信指同一个模块或者不同模块上运行的两个或者多个分区之间的通信,分区间的通信都是通过消息进行的,包括以下方式:5. Inter-partition communication refers to the communication between two or more partitions running on the same module or different modules. The communication between partitions is carried out through messages, including the following methods:

采样方式,采样端口的消息可以被发送,也可以被新消息覆盖;In the sampling mode, the message of the sampling port can be sent or overwritten by a new message;

队列方式,消息会在消息队列中排队,即消息队列内的消息不允许被覆盖,消息队列内的消息不会丢失,以先进先出的顺序将消息进行发送。In the queue mode, messages will be queued in the message queue, that is, the messages in the message queue are not allowed to be overwritten, the messages in the message queue will not be lost, and the messages will be sent in the order of first-in, first-out.

6、分区内通信指的是分区内进行的通信,包括以下方式:6. Intra-partition communication refers to the communication within the partition, including the following methods:

缓冲,用于分区内进程间传输数据,允许存放多个携带不同数据的消息,所以不允许覆盖;Buffering is used to transfer data between processes within a partition, allowing multiple messages with different data to be stored, so overwriting is not allowed;

黑板,用于分区内进程间传输数据,消息不允许排队,黑板的消息可以被清除或者被新消息覆盖。The blackboard is used to transfer data between processes within a partition. Messages are not allowed to be queued, and messages on the blackboard can be cleared or overwritten by new messages.

图1示例性的示出了本发明实施例提供的一种虚拟ARINC 653仿真验证平台结构示意图,如图1所示,该仿真验证平台主要包括分区管理,通信管理和健康监控管理。FIG. 1 exemplarily shows a schematic structural diagram of a virtual ARINC 653 simulation verification platform provided by an embodiment of the present invention. As shown in FIG. 1 , the simulation verification platform mainly includes partition management, communication management and health monitoring management.

分区管理设计用于解决现有的分区调度方法中调度不及时、多任务调度稳定性较差的问题,通过分析ARINC 653两级调度策略,结合Windows亲缘性设定,建立分区模型,在分区模型的基础上分析现有分区调度存在的问题,从而模拟完成Windows环境下的分区调度与进程调度。The partition management is designed to solve the problems of untimely scheduling and poor stability of multi-task scheduling in the existing partition scheduling methods. By analyzing the ARINC 653 two-level scheduling strategy, combined with the Windows affinity setting, a partition model is established. Based on the analysis of the existing problems of partition scheduling, the partition scheduling and process scheduling in the Windows environment are simulated and completed.

图2为本发明实施例提供的分区管理包括的两级调度模型示意图,如图2所示,分区管理包括有模块调度器和分区调度器,其中,模块调度器用于调度分区,因此也可以成为分区间调度,其采用时间片轮转调度算法对多个分区进行调度;相应地,分区调度器用于调度每个分区内的多个进程,其基于固定优先调度算法对分区内进程进行调度,当存在具有相同优先级的进程时,采用先进先出算法对进程进行调度。FIG. 2 is a schematic diagram of a two-level scheduling model included in partition management provided by an embodiment of the present invention. As shown in FIG. 2 , partition management includes a module scheduler and a partition scheduler. The module scheduler is used to schedule partitions, so it can also be Inter-partition scheduling, which uses the time slice round-robin scheduling algorithm to schedule multiple partitions; correspondingly, the partition scheduler is used to schedule multiple processes in each partition, and it schedules the processes within the partition based on the fixed priority scheduling algorithm. Processes with the same priority are scheduled using a first-in, first-out algorithm.

在本发明实施实施例中,在进行分区调度或者分区间调度之前,首先根据XML文件,建立虚拟模块,虚拟分区并完成虚拟分区的初始配置。具体地,根据XML配置文件中的相关模块初始信息进行虚拟模块的创建,并根据亲缘性设定,将虚拟模块绑定在不同的CPU上。进一步地,为建立的虚拟模块分配所需的共享内存,同时在一个虚拟模块内设置一个主时间框架参数,该主时间框架参数确定每个分区的运行周期和调度周期,用于后续的分区调度。需要说明的是,每个分区在主时间框架内可以占据一个时间窗口,也可以占据多个时间窗口。In the embodiment of the present invention, before performing partition scheduling or inter-partition scheduling, firstly, according to an XML file, a virtual module is established, a virtual partition is created, and the initial configuration of the virtual partition is completed. Specifically, virtual modules are created according to the initial information of the relevant modules in the XML configuration file, and virtual modules are bound to different CPUs according to the affinity setting. Further, the required shared memory is allocated for the established virtual module, and a main time frame parameter is set in a virtual module at the same time, and the main time frame parameter determines the operation period and scheduling period of each partition for subsequent partition scheduling. . It should be noted that each partition may occupy one time window within the main time frame, or may occupy multiple time windows.

然后根据XML文件中的相关分区初始信息在虚拟模块中进行虚拟分区的创建,并对分区进行信息初始化。具体地,根据XML文件中的端口初始信息和相关通道初始信息进行端口和通道的创建,并完成端口信息和通道信息的初始化;根据XML文件中相关调度初始信息建立端口与通道之间的初始映射关系,即完成了调度的初始化。Then, according to the relevant initial information of the partition in the XML file, the virtual partition is created in the virtual module, and the information of the partition is initialized. Specifically, the creation of ports and channels is performed according to the port initial information and the relevant channel initial information in the XML file, and the initialization of the port information and the channel information is completed; the initial mapping between the ports and the channels is established according to the relevant scheduling initial information in the XML file. relationship, that is, the initialization of the schedule is completed.

在进行分区间调度时,根据主时间框架参数将一个主时间框架划分成多个时间窗口,每个时间窗口运行相应的分区,各个分区基于时间片轮转的方式抢占CPU资源从而进行分区调度。具体地,分区间调度采用的是时间窗口轮转方式,主时间框架是周期性的固定长度的时间,每个分区在其中占据一个或者多个时间窗口,分区在时间窗口内执行,当一个时间窗口结束,ARINC 653仿真验证平台将进行分区切换。When performing inter-partition scheduling, a main time frame is divided into multiple time windows according to the main time frame parameters, each time window runs a corresponding partition, and each partition preempts CPU resources based on time slice rotation to perform partition scheduling. Specifically, the inter-partition scheduling adopts the time window rotation method. The main time frame is a periodic fixed-length time, in which each partition occupies one or more time windows, and the partitions are executed within the time window. When a time window At the end, the ARINC 653 simulation verification platform will perform partition switching.

分区切换就是停止当前运行分区并且启动下一个运行分区,当前运行分区时间结束时,设置该分区内的停止标识且设置分区内调度器事件,分区内调度器获得该事件之后,检测到停止标识,就停止当前正在运行的进程;然后设置下一个运行分区内的活动标识,该分区内调度器检测到该活动标识,唤醒该分区内应该运行的进程并且占用处理器运行,完成下一运行分区的激活;再根据该分区的持续时间计算出下次调度时间并更新,至此完成分区间的切换。在本发明实施例中,由于ARINC653的分区是用通用操作系统的进程模拟的,ARINC 653的进程是用通用操作系统的线程模拟的,所以分区的切换实际对应一个通用操作系统进程的停止和另一个通用操作系统进程的启动。Partition switching is to stop the current running partition and start the next running partition. When the current running partition time ends, set the stop flag in the partition and set the intra-partition scheduler event. After the intra-partition scheduler obtains the event, it detects the stop flag. Stop the currently running process; then set the activity identifier in the next running partition, the scheduler in the partition detects the activity identifier, wakes up the process that should be running in the partition and occupies the processor to run, and completes the next running partition. Activate; then calculate and update the next scheduling time according to the duration of the partition, and then complete the switching between partitions. In the embodiment of the present invention, since the partition of ARINC653 is simulated by the process of the general-purpose operating system, and the process of ARINC 653 is simulated by the thread of the general-purpose operating system, the switching of the partition actually corresponds to the stop of one general-purpose operating system process and the other The launch of a generic operating system process.

需要说明的是,在本发明实施例中,每间隔1ms分区间调度器进行一次检测,如果当前系统时间大于下一次调度时间,那么表示当前运行分区持续时间已过,应该进行分区切换。It should be noted that, in this embodiment of the present invention, the inter-partition scheduler performs a detection every 1 ms. If the current system time is greater than the next scheduling time, it means that the current running partition duration has passed, and partition switching should be performed.

具体地,若分区间调度判断当前时间窗口结束,则模块调度器通知分区调度器对当前运行分区进行挂起操作,收回当前分区占用资源,同时将该分区移入对应挂起队列中,然后分区间调度通知分区调度器恢复调度表中的下一分区,并为其分配相应资源,进而完成分区的调度。举例来说,当确定第一分区运行的时间窗口结束时,则通知分区调度器停止运行第一分区内的进程,然后为第二分区分配CPU资源,开始运行第二分区内的进行,在这里需要说明的是,第一分区的下一个分区为第二分区,即第一分区运行结束后第二分区开始运行。Specifically, if the inter-partition scheduling determines that the current time window is over, the module scheduler notifies the partition scheduler to suspend the current running partition, recover the resources occupied by the current partition, and move the partition into the corresponding pending queue, and then The scheduling notifies the partition scheduler to restore the next partition in the scheduling table and allocate corresponding resources to it, thereby completing the partition scheduling. For example, when it is determined that the time window for the first partition to run ends, the partition scheduler is notified to stop running the processes in the first partition, and then allocates CPU resources to the second partition, and starts to run the processes in the second partition, here It should be noted that the next partition of the first partition is the second partition, that is, the second partition starts to run after the first partition finishes running.

在进行分区调度时,根据分区内运行的不同进程的不同状态,分区需要维护等待队列、就绪队列、休眠队列和挂起队列,从而完成对分区内进程的管理。During partition scheduling, according to the different states of different processes running in the partition, the partition needs to maintain the waiting queue, ready queue, sleep queue and pending queue, so as to complete the management of the processes in the partition.

具体地,在分区切换时,分区调度器基于分区间调度的指令,挂起本分区正在运行的进程或者恢复本分区优先级最高的进程,从而完成分区的挂起或唤醒。在进行进程调度时,分区调度器不仅基于分区间调度的指令,还需要判断当前分区是否允许进行进程调度。Specifically, during partition switching, the partition scheduler suspends the running process of this partition or restores the process with the highest priority in this partition based on the instructions scheduled between partitions, so as to complete the suspension or wake-up of the partition. When performing process scheduling, the partition scheduler not only needs to judge whether the current partition allows process scheduling based on the instructions of inter-partition scheduling.

具体地,分区调度器通过维护系统分区状态表来判断当前分区能否进行进程调度,分区调度器先建立分区ID和分区状态的哈希映射,当接收到进程调度指令后,查询当前分区ID对应的分区状态信息,当分区状态为NORMAL时,则分区调度器开始进行进程调度;若分区状态不为NORMAL时,分区调度器需要返回错误值,说明当前分区不支持进程调度。Specifically, the partition scheduler determines whether the current partition can perform process scheduling by maintaining the system partition state table. The partition scheduler first establishes a hash map between the partition ID and the partition state. After receiving the process scheduling instruction, it queries the corresponding partition ID corresponding to the current partition. When the partition state is NORMAL, the partition scheduler starts to schedule the process; if the partition state is not NORMAL, the partition scheduler needs to return an error value, indicating that the current partition does not support process scheduling.

图3为本发明实施例提供的分区调度器调度模型示意图,如图3所示,当分区调度器执行进程调度时,包括以下几种情形:FIG. 3 is a schematic diagram of a partition scheduler scheduling model provided by an embodiment of the present invention. As shown in FIG. 3 , when the partition scheduler performs process scheduling, the following situations are included:

1)、分区调度器通过遍历就绪队列寻找当前具有最高优先级的进程,为具有最高优先级的进程分配时间片和处理器资源;1) The partition scheduler finds the current process with the highest priority by traversing the ready queue, and allocates time slices and processor resources for the process with the highest priority;

2)、当分区调度器确认就绪队列中存在更高优先级的进程时,分区调度器需要停止当前运行的进程,将正在运行的进程的状态修改为挂起态并加入相应队列,然后给具有更高优先级的进程分配时间片和处理器资源,从而完成分区内进程的调度;2) When the partition scheduler confirms that there is a higher priority process in the ready queue, the partition scheduler needs to stop the currently running process, change the state of the running process to the suspended state and join the corresponding queue, and then give the Higher priority processes allocate time slices and processor resources to complete the scheduling of processes within the partition;

3)、当分区调度器通过遍历就绪队列并确定就绪队列内包括有多个具有相同优先级的进程时,分区调度器按照先进先出的算法对就绪队列中具有多个相同优先级的进程进行调度,即按照就绪队列中现有进程的排序方式,为排在第一位的进程分配时间片和处理器资源。3) When the partition scheduler traverses the ready queue and determines that there are multiple processes with the same priority in the ready queue, the partition scheduler executes multiple processes with the same priority in the ready queue according to the first-in, first-out algorithm. Scheduling, that is, according to the sorting method of the existing processes in the ready queue, allocating time slices and processor resources to the first process.

在本发明实施例中,通信管理设计用于解决现有的分区通信方法中存在的通信不稳定、通信存在较大延迟的问题,通过使用共享内存机制,基于采样和队列模式实现分区间各分区的通信,基于黑板和缓冲模式实现分区间各进程的通信,满足稳定的、低延迟的通信要求。分区间通信和分区内通信的相互协作,保证了整个虚拟ARINC 653系统的通信完整性。In the embodiment of the present invention, the communication management is designed to solve the problems of unstable communication and relatively large delay in communication in the existing partition communication method. By using the shared memory mechanism, each partition between partitions is implemented based on sampling and queue mode. based on the blackboard and buffer mode to realize the communication of each process between the partitions, and meet the requirements of stable and low-latency communication. The inter-partition communication and intra-partition communication cooperate with each other to ensure the communication integrity of the entire virtual ARINC 653 system.

在分区间通信或者分区内通信之前,需要根据源端口、目的端口与通道的映射关系进行通信。其中,分区包括的有源端口,目的端口,队列和共享内存等。Before inter-partition communication or intra-partition communication, communication needs to be performed according to the mapping relationship between source ports, destination ports and channels. Among them, the partition includes active ports, destination ports, queues, and shared memory.

具体地,根据解析XML文件获取需要创建的共享内存的大小,进而创建队列和端口,在实际应用中,队列也称为队列数据结构,队列数据结构用来保存队列名称信息和所在地址偏移量,端口包括有队列端口和采样端口,端口用来保存端口名称和端口方向,需要说明的是,在一个分区内可以包括有多个源端口和目的端口,其中,源端口采用队列模式或采样模式,相应地,目的端口采用队列模式或采样模式。在实际应用中,队列模式通过队列端口进行通信,采样模式通过采样端口进行通信。Specifically, the size of the shared memory that needs to be created is obtained by parsing the XML file, and then the queue and port are created. In practical applications, the queue is also called the queue data structure, and the queue data structure is used to store the queue name information and the address offset where it is located. , the port includes a queue port and a sampling port, and the port is used to store the port name and port direction. It should be noted that a partition can include multiple source ports and destination ports, where the source port adopts the queue mode or sampling mode. , correspondingly, the destination port adopts queue mode or sampling mode. In practical applications, the queue mode communicates through the queue port, and the sampling mode communicates through the sampling port.

当完成通道的建立之间,则可以进行分区间的通信。在本发明实施例中,端口分为采样端口和队列端口。其中,队列端口管理消息的方式是按照先进先出的形式将消息存放在队列中,使得消息不会丢失,保证消息完整性;采样端口管理消息的方式是新消息到来会覆盖旧消息,使得目的端口读取的永远是最新消息,保证消息的时效性。When the establishment of the channel is completed, the communication between the partitions can be performed. In this embodiment of the present invention, ports are divided into sampling ports and queue ports. Among them, the method of queue port management messages is to store messages in the queue in the form of first-in, first-out, so that messages will not be lost and ensure message integrity; the method of sampling port management messages is that the arrival of new messages will overwrite old messages, so that the purpose of The latest news is always read by the port to ensure the timeliness of the news.

基于上述采样端口和队列端口,分区间通信也包括有从采样端口发送消息和从队列端口发送消息两种情形,图4为本发明实施例提供的分区间通信模型示意图,以下结合图4来介绍这两种情形:Based on the above sampling ports and queue ports, inter-partition communication also includes two situations: sending messages from the sampling port and sending messages from the queue port. FIG. 4 is a schematic diagram of an inter-partition communication model provided by an embodiment of the present invention, which is described below with reference to FIG. 4 . Both cases:

1)、进程从采样端口发送消息之前,需要先申请一块共享内存用于存储待发送消息。具体地,当有待发送消息到来时,则用接收到的待发送消息覆盖共享内存内存储的待发送消息,即共享内存中只存储一个待发送消息,且该待发送消息为最新的待发送消息。1) Before a process sends a message from the sampling port, it needs to apply for a shared memory to store the message to be sent. Specifically, when a to-be-sent message arrives, the received to-be-sent message is used to overwrite the to-be-sent message stored in the shared memory, that is, only one to-be-sent message is stored in the shared memory, and the to-be-sent message is the latest to-be-sent message .

当进程从采样端口读取消息时,即进程需要从采样端口读取待发送消息时,会同时设置延时触发器,若确认共享内存内存在待发送消息,即该共享内存为非空时,则从采样端口读取待发送消息,即进程读取该待发送消息的源端口,然后根据该源端口读取待发送消息即可;若确认共享内存内不存在待发送消息时,即该共享内存为空时,则将该进程挂起,并将该进程加入到阻塞队列中,当经历了一个触发器周期后,延时触发器将会激活被挂起的进程,该进程重新从采样端口读取待发送消息。When a process reads a message from the sampling port, that is, when the process needs to read a message to be sent from the sampling port, a delay trigger will be set at the same time. If it is confirmed that there is a message to be sent in the shared memory, that is, when the shared memory is not empty, Then read the message to be sent from the sampling port, that is, the process reads the source port of the message to be sent, and then reads the message to be sent according to the source port; if it is confirmed that there is no message to be sent in the shared memory, that is, the shared memory When the memory is empty, the process will be suspended, and the process will be added to the blocking queue. After a trigger cycle, the delay trigger will activate the suspended process, and the process will restart from the sampling port. Read the message to be sent.

2)、进程从队列端口发送消息之前,需要先申请一块共享内存,该共享内存用于存储待发送消息。具体地,当有待发送消息到来时,将该待发送消息加入到消息队列的队尾,即共享内存内存储有由多个待发送消息组成的消息队列。2) Before a process sends a message from the queue port, it needs to apply for a shared memory, which is used to store the message to be sent. Specifically, when a message to be sent arrives, the message to be sent is added to the tail of the message queue, that is, a message queue composed of a plurality of messages to be sent is stored in the shared memory.

由于队列端口是按照先进先出的方法将接收到的待发送消息存放在消息队列中,当进程从队列端口读取待发送消息时,会设置延时触发器,若确认消息队列内存在待发送消息时,即该消息队列为非空时,则将消息队列中排在最前面的第一待发送消息进行发送,然后将第一待发送消息从消息队列中删除;若确认消息队列内没有待发送消息时,即该消息队列为空时,则将该进程挂起,并将该进程加入到阻塞队列中,当经历了一个触发器周期后,延时触发器将会激活被挂起的进程,该进程重新从队列端口中读取待发送消息。Since the queue port stores the received messages to be sent in the message queue according to the first-in-first-out method, when the process reads the to-be-sent messages from the queue port, a delay trigger will be set. If it is confirmed that there are messages to be sent in the message queue message, that is, when the message queue is not empty, the first message to be sent in the message queue will be sent, and then the first message to be sent will be deleted from the message queue; if it is confirmed that there is no waiting message in the message queue When sending a message, that is, when the message queue is empty, the process will be suspended and added to the blocking queue. After a trigger cycle has elapsed, the delay trigger will activate the suspended process , the process re-reads the message to be sent from the queue port.

需要说明的是,上述第一待发送消息为排在消息队列的首位的待发送消息。It should be noted that the above-mentioned first message to be sent is the message to be sent that is ranked first in the message queue.

在介绍分区内通信之前,需要先介绍黑板和缓冲,在本发明实施例中,黑板是在程序运行过程中创建的,不需要预先进行配置,一个分区内会同时存在多个黑板,同时存在的多个黑板使用链表来管理;黑板没有消息队列,因此当新消息到来时会直接覆盖黑板上的旧消息。缓冲是在程序运行过程中创建的,不需要预先进行配置,使用链表对缓冲进行管理。Before introducing intra-partition communication, it is necessary to introduce the blackboard and buffering. In the embodiment of the present invention, the blackboard is created during the running of the program and does not need to be configured in advance. Multiple blackboards are managed using linked lists; blackboards do not have message queues, so when new messages arrive, they overwrite old messages on the blackboard. The buffer is created during the running of the program and does not need to be configured in advance. The buffer is managed by a linked list.

1)、进程从黑板读取消息时,会同时设置延时触发器,若黑板上存在消息时,则直接从黑板上读取黑板上存在的消息;若黑板上不存在消息时,则将该进程挂起,并将该进程加入到黑板的进程阻塞队列中,当经历了一个触发周期后,延时触发器将会激活挂起的进程,该进程重新从黑板上读取消息。1) When the process reads a message from the blackboard, it will set a delay trigger at the same time. If there is a message on the blackboard, it will directly read the message existing on the blackboard; if there is no message on the blackboard, it will be set. The process is suspended, and the process is added to the process blocking queue of the blackboard. After a trigger period, the delay trigger will activate the suspended process, and the process will read the message from the blackboard again.

2)、进程向黑板写入消息时,若黑板存在消息,则直接将最新消息覆盖黑板上原有的消息;若黑板上不存在消息时,则直接将最新消息写入黑板。2) When the process writes a message to the blackboard, if there is a message on the blackboard, the latest message will directly overwrite the original message on the blackboard; if there is no message on the blackboard, the latest message will be directly written into the blackboard.

3)、进程从缓冲读取消息时,会同时设置延时触发器,若缓冲队列不为空,则读取缓冲队列中的第一个消息,然后将第一个消息从缓冲队列中删除,需要说明的是,缓冲队列中的第一个消息为排在缓冲队列最前面的消息;若缓冲队列为空,则将该进程挂起,并将该进程加入到缓冲的相应进程阻塞队列中,当经历了一个触发周期后,延时触发器将会激活挂起的进程,该进程重新从缓冲队列中读取消息。3) When the process reads a message from the buffer, a delay trigger will be set at the same time. If the buffer queue is not empty, the first message in the buffer queue will be read, and then the first message will be deleted from the buffer queue. It should be noted that the first message in the buffer queue is the first message in the buffer queue; if the buffer queue is empty, the process will be suspended, and the process will be added to the corresponding process blocking queue of the buffer, When a trigger cycle has elapsed, the delay trigger will activate the suspended process, which re-reads the message from the buffer queue.

4)、进程向缓冲写入消息时,若缓冲队列已满,则对该进程进行挂起操作,将该进程状态转换为等待状态,并且将该进程加入到相应进程的阻塞队列中;若缓冲队列未满,则将消息加入到缓冲队列的队尾。4) When a process writes a message to the buffer, if the buffer queue is full, the process will be suspended, the process state will be converted to a waiting state, and the process will be added to the blocking queue of the corresponding process; If the queue is not full, the message is added to the end of the buffer queue.

健康监控管理通过使用基于数据分发服务的底层网络通信来实现用户分区和健康监控分区的资源共享。健康监控管理采用发布/订阅模型,基于主题进行数据传输,将底层通信接口重新封装,屏蔽物理层实现,并且结合分区内的APEX接口,将用户分区当做主题发布者,健康监控分区当做主题订阅者,通过中间件自动传输数据,实现功能的可扩展性和低耦合。Health monitoring management realizes resource sharing between user partitions and health monitoring partitions by using the underlying network communication based on data distribution services. The health monitoring management adopts the publish/subscribe model, transmits data based on topics, repackages the underlying communication interface, shields the physical layer implementation, and combines the APEX interface in the partition to take the user partition as the topic publisher and the health monitoring partition as the topic subscriber , which automatically transmits data through middleware to achieve functional scalability and low coupling.

健康监控管理设为挂起状态;当用户程序获取到超时或栈异常等错误码时,通过哈希映射函数获取XML配置文件中对应的错误信息;通过队列端口名获得相应端口,基于数据分发服务的错误传输函数将相应错误信息发送至健康监控分区,健康监控分区负责错误信息的显示,并将错误信息保存至本地;系统激活已经创建但处于挂起状态的错误句柄,由错误句柄引导用户的错误处理函数进入运行状态,从而实现用户自定义的错误处理程序。The health monitoring management is set to the suspended state; when the user program obtains error codes such as timeout or stack exception, the corresponding error information in the XML configuration file is obtained through the hash mapping function; the corresponding port is obtained through the queue port name, based on the data distribution service The error transfer function sends the corresponding error information to the health monitoring partition, and the health monitoring partition is responsible for displaying the error information and saving the error information to the local; The error handling function enters the running state, thereby implementing user-defined error handling procedures.

需要说明的是,在本发明实施例中,为了更好辅助健康监控管理对分区进行实时监测以及获取错误信息,本发明实施例中采取以下两种措施:It should be noted that, in the embodiment of the present invention, in order to better assist the health monitoring management to perform real-time monitoring of the partition and obtain error information, the following two measures are adopted in the embodiment of the present invention:

1)、采用高精度时钟同步技术减小分区间的延迟,提升同步精度。通过对高精度时钟协议的分析,从时间戳的实时获取、精密时钟设计进行时钟同步软件的设计,通过使用操作系统内部高精度定时器作为时钟源,通过设置偏移量时间戳和延时时间戳对时钟源进行偏移校正和延时校正,从而完成高精度时钟同步体系的设计。1) Using high-precision clock synchronization technology to reduce the delay between partitions and improve synchronization accuracy. Through the analysis of the high-precision clock protocol, the clock synchronization software is designed from the real-time acquisition of the timestamp and the design of the precise clock. By using the high-precision timer inside the operating system as the clock source, by setting the offset timestamp and delay time Offset correction and delay correction are performed on the clock source by stamping, so as to complete the design of a high-precision clock synchronization system.

2)、采用栈实时监测程序提供基于栈的故障处理。通过解析XML配置文件获得用户分区的初始化栈大小,当用户程序运行时,将程序申请的栈空间大小与初始化分区的栈大小进行对比,从而完成静态栈监测;通过实时记录并维护当前用户程序所在空间的栈顶指针和栈底指针,加上用户程序偏移量,从而实现实时动态栈监测。最终通过实时栈监测程序获取当前运行任务的实时栈信息,并将其输出到本地文件以进行后续错误状态分析。2), using the stack real-time monitoring program to provide stack-based fault handling. The initialization stack size of the user partition is obtained by parsing the XML configuration file. When the user program is running, the stack space size applied by the program is compared with the stack size of the initialization partition to complete the static stack monitoring; by real-time recording and maintaining the current user program location The stack top pointer and stack bottom pointer of the space, plus the offset of the user program, realize real-time dynamic stack monitoring. Finally, the real-time stack information of the currently running task is obtained through the real-time stack monitoring program, and it is output to the local file for subsequent error status analysis.

综上所述,本发明实施例提供一种虚拟ARINC 653仿真验证平台,包括:分区管理,用于根据XML配置文件创建多个分区,并对多个所述分区进行分区配置;按照时间窗口轮转方式对多个所述分区进行调度,按照优先级抢占方式对所述分区内包括的多个进程进行调度;通信管理,用于根据共享内存机制以及所述分区配置,基于采样端口和队列端口完成所述分区与所述分区之间的通信;基于黑板和缓存完成所述分区内所述进程之间的通信;健康监控管理,用于接收所述分区发送的错误代码,根据所述错误代码调用与所述错误代码相对应的处理函数进行错误处理。该平台包括的分区管理通过Windows系统亲缘性设定,根据任务实时性要求实现CPU资源灵活配置,保证实时任务的优先执行,实现具有实时性;通信管理通过对通信层屏蔽底层的具体实现,建立接口虚拟映射,实现通信虚拟化,实现具有可移植性;健康监控管理通过基于发布/订阅模型的数据分发服务,保证了故障信息的稳定传输,增强了虚拟仿真平台的故障处理能力。To sum up, an embodiment of the present invention provides a virtual ARINC 653 simulation verification platform, including: partition management, used for creating multiple partitions according to an XML configuration file, and performing partition configuration on the multiple partitions; rotating according to a time window A plurality of the partitions are scheduled in a manner of preemption by priority, and a plurality of processes included in the partitions are scheduled according to the priority preemption method; communication management is used to complete the sampling port and the queue port according to the shared memory mechanism and the partition configuration. The communication between the partition and the partition; the communication between the processes in the partition is completed based on the blackboard and the cache; the health monitoring management is used to receive the error code sent by the partition, and call according to the error code The processing function corresponding to the error code performs error processing. The partition management included in the platform is set by the affinity of the Windows system, and the CPU resources are flexibly configured according to the real-time requirements of tasks, ensuring the priority execution of real-time tasks, and realizing real-time performance; communication management is established by shielding the specific implementation of the bottom layer for the communication layer. Interface virtual mapping realizes communication virtualization and portability; health monitoring management ensures the stable transmission of fault information through the data distribution service based on the publish/subscribe model, and enhances the fault handling capability of the virtual simulation platform.

本领域内的技术人员应明白,本发明的实施例可提供为方法、系统、或计算机程序产品。因此,本发明可采用完全硬件实施例、完全软件实施例、或结合软件和硬件方面的实施例的形式。而且,本发明可采用在一个或多个其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器、CD-ROM、光学存储器等)上实施的计算机程序产品的形式。As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein.

本发明是参照根据本发明实施例的方法、设备(系统)、和计算机程序产品的流程图和/或方框图来描述的。应理解可由计算机程序指令实现流程图和/或方框图中的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。可提供这些计算机程序指令到通用计算机、专用计算机、嵌入式处理机或其他可编程数据处理设备的处理器以产生一个机器,使得通过计算机或其他可编程数据处理设备的处理器执行的指令产生用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的装置。The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block in the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to the processor of a general purpose computer, special purpose computer, embedded processor or other programmable data processing device to produce a machine such that the instructions executed by the processor of the computer or other programmable data processing device produce Means for implementing the functions specified in a flow or flow of a flowchart and/or a block or blocks of a block diagram.

这些计算机程序指令也可存储在能引导计算机或其他可编程数据处理设备以特定方式工作的计算机可读存储器中,使得存储在该计算机可读存储器中的指令产生包括指令装置的制造品,该指令装置实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能。These computer program instructions may also be stored in a computer-readable memory capable of directing a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory result in an article of manufacture comprising instruction means, the instructions The apparatus implements the functions specified in the flow or flows of the flowcharts and/or the block or blocks of the block diagrams.

这些计算机程序指令也可装载到计算机或其他可编程数据处理设备上,使得在计算机或其他可编程设备上执行一系列操作步骤以产生计算机实现的处理,从而在计算机或其他可编程设备上执行的指令提供用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的步骤。These computer program instructions can also be loaded on a computer or other programmable data processing device to cause a series of operational steps to be performed on the computer or other programmable device to produce a computer-implemented process such that The instructions provide steps for implementing the functions specified in the flow or blocks of the flowcharts and/or the block or blocks of the block diagrams.

尽管已描述了本发明的优选实施例,但本领域内的技术人员一旦得知了基本创造性概念,则可对这些实施例作出另外的变更和修改。所以,所附权利要求意欲解释为包括优选实施例以及落入本发明范围的所有变更和修改。Although preferred embodiments of the present invention have been described, additional changes and modifications to these embodiments may occur to those skilled in the art once the basic inventive concepts are known. Therefore, the appended claims are intended to be construed to include the preferred embodiment and all changes and modifications that fall within the scope of the present invention.

显然,本领域的技术人员可以对本发明进行各种改动和变型而不脱离本发明的精神和范围。这样,倘若本发明的这些修改和变型属于本发明权利要求及其等同技术的范围之内,则本发明也意图包含这些改动和变型在内。It will be apparent to those skilled in the art that various modifications and variations can be made in the present invention without departing from the spirit and scope of the invention. Thus, provided that these modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to include these modifications and variations.

Claims (10)

1. A virtual ARINC653 simulation verification platform, comprising:
the partition management is used for creating a plurality of partitions according to the XML configuration file and performing partition configuration on the plurality of partitions; scheduling the plurality of partitions according to a time window rotation mode, and scheduling a plurality of processes included in the partitions according to a priority preemption mode;
the communication management is used for completing the communication between the partitions based on the sampling ports and the queue ports according to a shared memory mechanism and the partition configuration; completing communication between the processes in the partitions based on the blackboard and the cache;
and the health monitoring management is used for receiving the error codes sent by the partitions and calling the processing functions corresponding to the error codes according to the error codes to perform error processing.
2. The validation platform of claim 1, wherein the partition comprises a source port, a destination port, a queue, and a shared memory; wherein the source port adopts a sampling queue mode or a sampling mode; the destination port adopts a sampling queue mode or a sampling mode;
and the partition management is used for establishing a mapping relation among a source, a destination and a channel according to the XML configuration file.
3. The validation platform of claim 1, wherein the partition management is further configured to set a master time frame, the master time frame including a plurality of the time windows, a run period and a schedule period for each of the partitions being determined from the master time frame, each of the partitions occupying one or more of the time windows within the master time frame;
when the time window of the first partition operation is determined to be finished, stopping operating the process in the first partition, allocating CPU resources for a second partition, and operating the process in the second partition; wherein the next running partition of the first partition is the second partition.
4. The validation platform of claim 3, wherein the partition management is further to:
establishing Hash mapping of each partition ID and the partition state, and scheduling the process included in the second partition if the state of the second partition is NORMAL when a process scheduling instruction is received;
when a plurality of the processes with the same priority are included in one partition, scheduling the processes according to a first-in first-out algorithm; or
When a plurality of the processes included in one of the partitions have different priorities, allocating a time slice and the CPU resource to the process having the highest priority; wherein the time window comprises a plurality of the time slices.
5. The verification platform of claim 1, wherein the communication management is to:
the queue port is used for storing the received message to be sent in a message queue according to a first-in first-out mode; when the process sends the message to be sent from the queue port, a shared memory is applied first, and the message to be sent is added to the tail of the message queue;
when the process reads the message from the queue port, setting a delay trigger, and when the message is determined to be non-empty, reading a first message to be sent included in the message queue and deleting the first message to be sent from the message queue; or when the message queue is determined to be empty, converting the state of the process into a waiting state, and after a trigger period, reading the message to be sent from the queue port by the process.
6. The verification platform of claim 1, wherein the communication management is to:
the process is used for storing the message to be sent in a shared memory in a mode of covering the received message to be sent with the previous message to be sent, and when the process sends the message to be sent from the sampling port, the process firstly applies for a shared memory and adds the message to be sent into the shared memory;
when the process reads the message from the sampling port, a delay trigger is set, and when the shared memory is determined to be non-empty, the message to be sent of the shared memory is read; or when the shared memory is determined to be not, converting the state of the process into a waiting state, and after a trigger period, reading the message to be sent from the sampling port by the process.
7. The verification platform of claim 1, wherein the communication management is to:
when the process reads the message from the blackboard, if the blackboard is not empty, reading the existing message from the blackboard;
when the message is written into the blackboard, if the blackboard is not empty, the received message covers the existing message on the blackboard; or if the blackboard is empty, writing the received message into the blackboard;
when the process reads the message from the buffer queue, if the buffer queue is not empty, reading a first message of the buffer queue, and deleting the first message from the buffer queue;
when the process writes messages into the buffer queue, if the buffer queue is full, the process state is converted into a waiting state; or if the buffer queue is not full, adding the message to the tail of the buffer queue.
8. The verification platform of claim 7, wherein the communication management is further to:
when the process reads the message from the blackboard, a delay trigger is set, if the blackboard is empty, the state of the process is converted into a waiting state, and after one trigger period, the process reads the message from the blackboard;
and when the process reads the message from the buffer queue, setting a delay trigger, and if the buffer queue is empty, after a trigger period, the process reads the message from the buffer queue.
9. The verification platform of claim 1, wherein the health monitoring management is specifically to:
receiving an error code sent by the partition, displaying the error code and storing the error code;
and activating an error handle which is created by the user partition and set to be in a suspended state, so that the user partition confirms an error processing function according to the error handle and processes error processing in the running state of the error processing function.
10. The validation platform of claim 9, wherein the error code is a timeout or a stack exception error code and hash mapping function obtained from an XML configuration file;
the XML configuration file is created for the user partition, and the error code is included in the XML configuration file.
CN202010655912.8A 2020-07-09 2020-07-09 Virtual ARINC 653 simulation verification platform Active CN111813522B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010655912.8A CN111813522B (en) 2020-07-09 2020-07-09 Virtual ARINC 653 simulation verification platform

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010655912.8A CN111813522B (en) 2020-07-09 2020-07-09 Virtual ARINC 653 simulation verification platform

Publications (2)

Publication Number Publication Date
CN111813522A true CN111813522A (en) 2020-10-23
CN111813522B CN111813522B (en) 2024-04-19

Family

ID=72843259

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010655912.8A Active CN111813522B (en) 2020-07-09 2020-07-09 Virtual ARINC 653 simulation verification platform

Country Status (1)

Country Link
CN (1) CN111813522B (en)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112445631A (en) * 2020-12-02 2021-03-05 广东博智林机器人有限公司 RTPS process communication method, device, electronic equipment and storage medium
CN112527522A (en) * 2020-12-04 2021-03-19 中国航空工业集团公司成都飞机设计研究所 Partitioned message subscribing and publishing method based on two-stage data pool
CN113312186A (en) * 2021-03-04 2021-08-27 中国航空工业集团公司西安航空计算技术研究所 Automatic generation method for inter-partition communication configuration under IMA platform
CN114880102A (en) * 2022-07-04 2022-08-09 北京智芯半导体科技有限公司 Security chip, multitask scheduling method and device thereof, and storage medium
CN117033003A (en) * 2023-10-10 2023-11-10 沐曦集成电路(上海)有限公司 Memory management method, electronic equipment and medium based on SystemVerilog
CN118277033A (en) * 2024-04-11 2024-07-02 北京经纬恒润科技股份有限公司 A simulation scheduling method, device, equipment and medium
CN119046013A (en) * 2024-09-15 2024-11-29 广州翼辉信息技术有限公司 Scheduling method of time-sharing partition operating system
WO2025091933A1 (en) * 2023-10-31 2025-05-08 华为技术有限公司 Task scheduling method and apparatus, and computing system
CN120474904A (en) * 2025-07-11 2025-08-12 苏州元脑智能科技有限公司 Switch chip fault analysis method and device

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CA2408525A1 (en) * 2000-05-09 2001-11-15 Mohamed Younis Communication handling in integrated modular avionics
EP2743830A1 (en) * 2012-12-13 2014-06-18 Eurocopter España, S.A. Flexible data communication among partitions in integrated modular avionics
US20140298091A1 (en) * 2013-04-01 2014-10-02 Nebula, Inc. Fault Tolerance for a Distributed Computing System
CN105117279A (en) * 2015-07-29 2015-12-02 西北工业大学 Partition communication method of onboard operating system under Windows
CN106919386A (en) * 2017-02-15 2017-07-04 北京航空航天大学 The method and apparatus of code is generated based on ARINC653 operating systems

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CA2408525A1 (en) * 2000-05-09 2001-11-15 Mohamed Younis Communication handling in integrated modular avionics
EP2743830A1 (en) * 2012-12-13 2014-06-18 Eurocopter España, S.A. Flexible data communication among partitions in integrated modular avionics
US20140298091A1 (en) * 2013-04-01 2014-10-02 Nebula, Inc. Fault Tolerance for a Distributed Computing System
CN105117279A (en) * 2015-07-29 2015-12-02 西北工业大学 Partition communication method of onboard operating system under Windows
CN106919386A (en) * 2017-02-15 2017-07-04 北京航空航天大学 The method and apparatus of code is generated based on ARINC653 operating systems

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
吴姣;戴小氐;张亦姝;: "基于天脉653操作系统的航空应用软件开发", 航空计算技术, no. 05 *
曹永杰;蔡栋材;李永波;: "一种飞行管理软件虚拟仿真环境的设计与应用", 航空计算技术, no. 04 *
郑智健;赵刚;孙战;薛建彬;郭燕波;: "基于分时分区操作系统软件架构的应用", 火力与指挥控制, no. 03 *

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112445631A (en) * 2020-12-02 2021-03-05 广东博智林机器人有限公司 RTPS process communication method, device, electronic equipment and storage medium
CN112527522A (en) * 2020-12-04 2021-03-19 中国航空工业集团公司成都飞机设计研究所 Partitioned message subscribing and publishing method based on two-stage data pool
CN113312186A (en) * 2021-03-04 2021-08-27 中国航空工业集团公司西安航空计算技术研究所 Automatic generation method for inter-partition communication configuration under IMA platform
CN113312186B (en) * 2021-03-04 2023-12-22 中国航空工业集团公司西安航空计算技术研究所 Automatic generation method for inter-partition communication configuration under IMA platform
CN114880102A (en) * 2022-07-04 2022-08-09 北京智芯半导体科技有限公司 Security chip, multitask scheduling method and device thereof, and storage medium
CN114880102B (en) * 2022-07-04 2022-10-25 北京智芯半导体科技有限公司 Security chip and multitask scheduling method and device thereof, and storage medium
CN117033003A (en) * 2023-10-10 2023-11-10 沐曦集成电路(上海)有限公司 Memory management method, electronic equipment and medium based on SystemVerilog
CN117033003B (en) * 2023-10-10 2024-01-19 沐曦集成电路(上海)有限公司 Memory management method, electronic equipment and medium based on SystemVerilog
WO2025091933A1 (en) * 2023-10-31 2025-05-08 华为技术有限公司 Task scheduling method and apparatus, and computing system
CN118277033A (en) * 2024-04-11 2024-07-02 北京经纬恒润科技股份有限公司 A simulation scheduling method, device, equipment and medium
CN119046013A (en) * 2024-09-15 2024-11-29 广州翼辉信息技术有限公司 Scheduling method of time-sharing partition operating system
CN120474904A (en) * 2025-07-11 2025-08-12 苏州元脑智能科技有限公司 Switch chip fault analysis method and device

Also Published As

Publication number Publication date
CN111813522B (en) 2024-04-19

Similar Documents

Publication Publication Date Title
CN111813522A (en) A Virtual ARINC 653 Simulation and Verification Platform
JP3920818B2 (en) Scheduling method and information processing system
US7549151B2 (en) Fast and memory protected asynchronous message scheme in a multi-process and multi-thread environment
JP4028444B2 (en) Scheduling method and real-time processing system
US8856801B2 (en) Techniques for executing normally interruptible threads in a non-preemptive manner
CN1318968C (en) Method and system for real-time scheduling
US8245207B1 (en) Technique for dynamically restricting thread concurrency without rewriting thread code
Snir et al. The communication software and parallel environment of the IBM SP2
JP3889726B2 (en) Scheduling method and information processing system
US20020091826A1 (en) Method and apparatus for interprocessor communication and peripheral sharing
JP2006515690A (en) Data processing system having a plurality of processors, task scheduler for a data processing system having a plurality of processors, and a corresponding method of task scheduling
WO2014090008A1 (en) Task processing method and virtual machine
WO2014110702A1 (en) Cooperative concurrent message bus, driving member assembly model and member disassembly method
CN107797848A (en) Process scheduling method, device and host device
US20040078799A1 (en) Interpartition communication system and method
CN110083460A (en) A kind of design method of the microkernel architecture using event bus technology
CN119166268B (en) Runtime virtualization method and device, and runtime virtual machine system
CN113515361A (en) A Service-Oriented Lightweight Heterogeneous Computing Cluster System
CN108958905B (en) Lightweight operating system of embedded multi-core central processing unit
CN108958904B (en) Driver framework of lightweight operating system of embedded multi-core central processing unit
CN115412500A (en) Asynchronous communication method, system, medium and device supporting load balancing strategy
Frachtenberg et al. Storm: Scalable resource management for large-scale parallel computers
WO2014110701A1 (en) Independent active member and functional active member assembly module and member disassembly method
JP2002505050A (en) Asynchronous message processing system and method
JP3653176B2 (en) Process execution control method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant