A Review on Key Technologies of the Distributed Integrated Modular Avionics System

  • Hongchun Wang
  • Wensheng Niu


Distributed integrated modular avionics (DIMA) system design through the distributed integrated technology, mixed critical task scheduling, real-time fault tolerant scheduling and time triggered communication mechanism, greatly enhance the reliability, safety and real-time performance of integrated electronic system. The DIMA represents the development trend of future avionics systems. This paper studies and discusses the architecture characteristics of DIMA. Then it studies and analyzes the development of key technologies in DIMA system in detail. Finally, it looks into the development trend of DIMA technology.


Distributed integrated modular avionics Mixed-critical task schedule Real-time fault tolerant schedule Time triggered communication Latency analysis 

1 Introduction

Since the 40s of last century, the development of avionics system has gone through four typical phase, i.e. the separate, federal, integrated modular and advanced integrated modular [1]. The development process of avionics system also reflects the evolution process of the integrated avionics technology.

In the earliest separate avionics system, each function area is separate and the sensor, processor, display, and the connection between them are connected by point to point. The federal avionics system uses MIL-STD-1553B command/response time division multiplex data bus, simplifies the connection between the existing avionics equipment, reduces the system weight and electromagnetic interference impacts, realizes the information sharing, solves the comprehensive problems of some system and processing function, and changes the traditional decentralized structure. Therefore, based on the ultra high speed integrated circuit and general module, a integrated modular avionics system is built, represented by the F-22 avionics structure, adopts the new technology after 80s.

Three integrated functional processing areas for signal processing, task processing and aircraft management have been implemented, and the signal processing function has been particularly strengthened, it realizes the three comprehensive functional processing areas of signal processing, task processing and aircraft management, especially strengthening capacity of integrated core processing. Thereby further improving the avionics system structure and achieving a higher level of integration. The advanced integrated avionics system extends the scope of function synthesis to the area of antenna aperture and sensor signal preprocessing, combining the signal processing and task processing area into a comprehensive signal and data processing area, and using an open system structure, a unified avionics network interconnection, and commercial Off-The-Shelf module, has achieved a high degree of physical and functional integration.

In recent years, with the development of the NASA Orion spacecraft electronic system in the United States and the research of the distributed electronic modules in the SCARLETT project of the European Union’s Seventh Framework Programme (FP7), It indicates that the future avionics system will develop in the direction of advanced distributed integrated modularization [2, 3, 4, 5, 6, 7].

This paper first introduces the system architecture features of the distributed integrated modular avionics system, and then elaborates the development trends of three key technologies in the distributed integrated modular avionics system, which are the mixed critical task scheduling and the schedulability analysis technology, the real-time fault-tolerant scheduling of the mixed critical system, and delay analysis technology of real-time communication network. The last part is the summary and prospect.

2 Architecture Characteristics of DIMA

The concept of Distributed Integrated Modular Avionics (DIMA) is derived from the SCARLETT project group of Europe-renowned research projects that focused on the avionics architecture. They developed a DIMA architecture and considered one of the main criteria of DIMA design is to achieve strict isolation at the physical level of the I/O processing module and the application processing module [2].

Compared with the traditional IMA, this will be a major change in the way of processing resource distribution. On the one hand, the I/O processing module can be placed close to remote sensors and actuators to minimize the error probability of I/O data during transmission. At the same time, it also solved the issue of heat dissipation of the backplane, thus satisfies the requirements of safety configuration. On the other hand, the physical binding relationship between the I/O processing module and the application processing module in the IMA system is relieved, which will provide a more flexible choice for system design.

As shown in Fig. 1, the distributed modular electronics (DME) system architecture in the SCARLETT project shows that DME strictly isolates the core processing components from I/O processing components, and provides connected communications for dispersed components through an avionic data communication network (ADCN).
Fig. 1

Distributed modular electronic system architecture

In the research and application practice, the DIMA system embodies the two features of “integrated modularization” and “distribution”. On the one hand, because of the integration and modularization of the system design, the sharing of hardware resources is very high and the reusability of the modules is strong. On the other hand, distributed allocation of hardware resources allows subsystems to be isolated from the physical level.

The DIMA system uses high-precision timing “virtual backplanes” for data access to perform precise distributed processing. Figure 2 gives a schematic diagram of distributed hardware resource interconnection through time triggered Ethernet (TTE) in this architecture. TTE provides a precise timing transmission protocol for data communication to ensure the overall clock synchronization of the distributed resources, high time integrity communication mechanisms with TDMA access [8].
Fig. 2

TTE network interconnection schematic diagram

The design of DIMA system involves three key technologies, which are mixed critical task scheduling, real-time fault-tolerant scheduling and real-time communication network delay analysis.

The mixed critical task scheduling technology is mainly used to improve the credibility of the whole DIMA system and the utilization of the system resources. The real-time fault-tolerant scheduling technology is the main method to ensure the reliability of the distributed real-time system. The time delay analysis of the real-time communication network is an important means to ensure the real-time performance of the distributed system network communication.

3 Mixed Critical Task Scheduling

With the continuous innovation of microelectronics and computer software/hardware technology, the function of the avionics system is becoming more and more complex. Due to the need for information integration and resource allocation, as well as the consideration of the size, weight and power of the airborne platform, the pressure to reduce operating costs and required physical resources makes avionics systems continue to evolve in the direction of integration and modularization. Different critical system functions have a tendency to converge from decentralized dedicated processing units to centralized common processing platforms [1]. Under the condition that the avionics system handles and interconnects resources across physical equipment boundaries and all platforms, multiple subsystems function sharing platforms form an integrated environment. Criticality is used to describe the degree of importance of subsystem functions or the severity of failures. Different subsystem functions have different credibility assurance requirements corresponding to their critical levels.

In order to prevent the harmful interference between the functional applications of different critical systems and protect the safety–critical performance of avionics systems, it is necessary to adopt certain isolation measures.

The ARINC653 standard [9] in the field of avionics defines the partition technology to isolate different functional applications to reduce the coupling between components and limit the application of different functions in the avionics system to its range of activities not to affect other functional applications, so as facilitate system development and verification analysis.

In the ARINC653 standard, the partition scheduling mainly completes the allocation of CPU resources through a two-tier task scheduling model, and implements the execution of application software in each partition. The upper scheduler within the operating system layer schedules multiple partitions according to the partition attributes and the upper scheduling policy and assigns an activation time window for each of them.

The lower scheduler located in each partition schedules the tasks in the partition in activation window according to the task attributes and the lower scheduling policy.

In a single-critical system, static resource allocation is often used to schedule and manage partitions. For example, Saewong et al. [10], Almeida and Pedreiras [11], and Davis and Burns [12] discussed the static resource allocation calculation method and task maximum response time analysis algorithm for the upper and lower level schedulers using the fixed priority (FP–FP) scheduling strategy. However, considering the multiple verification requirements of the mixed critical system, changes in the mission criticality level during system operation will cause changes in task status and resource requirements within the partition. A simple static resource allocation approach is not conducive to the full utilization of resources.

In order to make full use of system resources and enhance the overall credibility of the system, it is necessary to adopt a corresponding scheduling model and algorithm corresponding to the critical levels of each subsystem, and to integrate the scheduling strategies. At present, the related research work on task scheduling for mixed critical systems mainly focuses on the following two aspects: (1) robustness on running time; (2) system scheduling for design verification.

3.1 Robustness on Running Time

The robustness of running time is a key requirement for the design of mixed critical systems. By taking some temporal and spatial isolation measures to prevent the harmful interference between the functional applications of the systems, In particular, avoiding low-critical system functions adversely affects the correct execution of high-critical system functions. In real-time task scheduling, this robustness requirement also means that in the event that all task deadlines cannot be guaranteed such as the instantaneous overload of tasks, it must be ensured that high-critical tasks are executed first.

Although the above requirements can be achieved by providing dedicated system resources for different critical system functions, such physical isolation methods are not desirable for resource-constrained avionics systems in given constraints such as platform size, weight, and power. In addition, as mentioned above, the currently used ARINC653 standard partitioning technology can not fully utilize the integrated system resources and may lead to a priority inversion problem. Therefore, a new resource allocation and scheduling method is designed for this situation, and the resource utilization is improved by further sharing of resources while guaranteeing the robustness of the system running time. The traditional solution to the critical reversal problem is to assign priorities to tasks according to mission critical, called criticality as priority assignment (CAPA), to improve processor utilization. de Niz [8] proposes a mixed-critically driven asymmetric overload protection zero-idling scheduling algorithm. On this basis, Lakshmanan et al. [13, 14] made further extended studies. Literature [13] studies the control method of task synchronous mutual exclusion access shared resources in mixed critical systems and literature [14] proposes a resource allocation method for mixed critical tasks under a distributed environment. In view of the critical reversal problem that may occur in the two-tier task partition scheduling, Jin and Han [15] introduces partition-level criticality and proposes the dynamic allocation mechanism of partition resources, which can improve the system throughput while avoiding the critical reversal. Tamas-Selicean and Pop [16, 17] studies the mixed critical task optimization scheduling problem in the distributed architecture of the static polling two tier layer task partition scheduling model, and proposes a meta heuristic intelligent optimization method based on the Tabu search. Gu et al. [18] studied the mixed critical task scheduling for multi-core processor platform, and proposed a One Criticality One Partition (OCOP) scheduling strategy for multi-core processors. OCOP allows the system to repartition the real-time task set during critical mode switching, which in turn can better balance the resource utilization of each processor in different critical modes. Trüb et al. [19] implemented a hybrid mission-critical scheduling algorithm using adaptive time partitioning in actual multi-core systems, and verified the correctness and effectiveness of hybrid mission-critical scheduling algorithms on real avionics systems.

3.2 System Scheduling for Design Verification

System scheduling for design verification is another important aspect of the research of mixed-critical systems, and it is also a hot topic in safety critical real-time system of avionics [20]. A safety–critical system is a system that, once failed, will result in significant loss of life and property, as well as severe damage. Its analysis, design, and verification must take into account the credibility of system functions. With the increasing demand for system credibility in the current avionics field, safety as an important aspect of credibility has also become an important design constraint for avionics systems. For a variety of safety critical functions using a mixed critical system sharing system platform resources, the traditional design verification method will verify all functional applications based on the highest critical level credibility requirements. This conservative assumption implies strict predictive analysis. As well as excessive resource reservation, the result is too pessimistic.

The higher the critical level of system function is, the more stringent its predictability and certainty requirements are, the more conservative the corresponding task execution time is, and the more pessimistic the Worst-Case Execution Time (WCET) results. Based on this, Vestal [21] extended the traditional sporadic task model [22], pioneered the mixed critical contingency task model, and used the Audsley [23] priority assignment method in traditional real-time scheduling theory to propose A single-processor fixed-priority scheduling algorithm for mixing mission-critical tasks. Dorin et al. [24] proved that the algorithm is optimal in all single-processor fixed-priority scheduling algorithms. Baruah and Vestal [25] proposed new mixed-priority scheduling algorithms in combination with FP and EDF, Baruah [26] Considered the runtime monitoring function, the issue of fixed-priority scheduling was further studied.

Literatures [27, 28] studied the schedulability of single-processor hybrid mission-critical operations and proved that it was an NP-Hard problem, and proposed an own criticality based priority (OCBP) scheduling algorithm. The literature [29] gives a sufficient schedulability condition based on task load. The literature [30, 31] applies the OCBP algorithm to mixed critical contingent task scheduling. Based on the research work of [27, 28], Baruah and Fohler [32] proposed a time-triggered (TT) scheduling algorithm for single-processor mixed mission-critical tasks. Baruah et al. [33, 34] proposed a dynamic priority scheduling algorithm EDF-VD, which dynamically adjusts the virtual deadline of the task according to the critical level of the system. Different from the EDF-VD adjustment task with the same scaling, the paper [35] allows the virtual deadline to be adjusted separately for each task and gives a sufficient schedulability decision condition based on the task time demand function DBF [36]. In addition, the literature [37, 38] studied the problem of mixed-critical task scheduling in a multiprocessor environment. Santy et al. [39] relaxed the strictness of mixed-critical scheduling and allowed low-critiacl tasks continue for a period of time after the system critical level is raised. Yao et al. [40] adopted a system-level scheduling algorithm for the communication of mission-critical tasks, used gap-scheduling-based bandwidth allocation for mission-critical tasks, polled non-critical tasks, and used network calculus for hybrid criticality. The scheduling method performs real-time analysis.

3.3 System Schedulability Analysis

The real-time performance of distributed integrated system functions involves both the real-time behavior of computing and communication. The processor scheduling and communication network scheduling alone can only obtain part of the behavioral characteristics of the distributed integrated system, in order to make the entire system’s temporal behavior Predictably, it requires joint scheduling analysis of the system processor and the communication network. The schedulability analysis based on system response time is an important verification method for system time correctness. When the end-to-end response time of a transaction is less than or equal to the deadline of the transaction, the transaction can be scheduled; otherwise, the transaction is unschedulable. The system is schedulable when all transactions in the system can be scheduled. In order to calculate the end-to-end response time of the system, Holistic scheduling and schedulable analysis methods for distributed hard real-time systems are proposed in [41, 42], respectively. The scheduling analysis of the processors and the communication network based on the TDMA protocol Scheduling analysis is integrated into the same framework. The Holistic scheduling analysis method supports the linear transaction model. Based on this linear transaction model, Paleneia proved the validity of the Holistic scheduling analysis method [43]. The literature [44, 45] further studied the calculation method of the minimum response time based on the Holistic scheduling analysis method. In order to solve the problem of response time analysis of non-linear transaction models, Palencia proposed a method to support the synchronization of multiple events [46].

Holistic scheduling analysis method considers the dependencies between tasks on different processors when calculating the end-to-end response time of transactions, but does not consider the possible dependencies between different tasks on the same processor, resulting in The analysis result is too pessimistic, and the calculated response time is larger than the actual response time [47]. In order to obtain more accurate analysis results, the literature [48] extends the method by introducing static offsets. The literature [49] introduces dynamic offsets for analyzing internal dependencies and obtains higher scheduling utilization. Pop [50, 51] proposed schedulability analysis problems for time triggering and event triggering systems. The literature [52] proposes an improved method for the global schedulable analysis algorithm for the TDMA protocol network. Redell and Tomgren proposed a maximum response time analysis method based on the start phase of a given transaction [53]. Yao et al. [54] studied the scheduling problem of global scheduling algorithm in the multi-core processor platform, and used function image analysis to study the system schedulability requirements of different critical levels, and based on this, the exact range of effective virtual deadline adjustment parameters is given. On the basis of task scheduling model, combined with the scheduling theory of real-time system, Mohong [55] completed the design of the simulation based schedulability analysis algorithm for real-time systems, and developed a set of tool software for visual modeling and automation scheduling analysis. Han et al. [56] proposed a task schedulability analysis framework for distributed integrated modular avionics system, which included classic model checking (MC), statistical model checking (SMC), combined model checking three methods to analyze DIMA system schedulability under the framework. The versatility and accuracy of the analysis method provide a powerful analysis tool for the design of DIMA system task scheduling.

4 Real Time Fault Tolerant Scheduling

4.1 Traditional Fault Tolerant Technology

Avionics systems operate in a harsh physical environment or even a war environment. High reliability is of great significance and closely related to the safety of the aircraft itself. In the safety–critical avionics system, any minor error can cause irreparable damage. To ensure that the real-time tasks in the system can be completed before the deadline even if the system fails, certain methods must be used to improve the system reliability. Avoiding errors, eliminating/testing errors, predicting errors and tolerating errors is a common measure to ensure the reliability of real-time systems. The first three measures can reduce the error in the system as far as possible through perfect design, but they are impossible to solve in view of the errors that have not been detected in the process of system operation and fault tolerance is the initiative to face errors that may occur in the system. Therefore, fault tolerance design is a realistic and effective way to improve the reliability of the system.

Fault tolerance technology is to increase the reliability of resources in order to shield the effect of fault caused by the redundancy, so that in the case of local failure, the system can still execute the algorithm of the predetermined algorithm. According to the different resources, redundancy can be divided into four ways: hardware redundancy, software redundancy, time redundancy and information redundancy. Traditional fault tolerance methods include re-execution, N-version programming [57, 58, 59], recovery block [60, 61] and other fault-tolerant techniques. Although these traditional fault tolerant methods have important application value for improving the reliability of the system and prolonging the service life of the system, they do not take into account the strict real-time and system overhead of the system, so they can not be used directly in the field of resource constraint avionics. In addition, most fault-tolerant methods only consider the overall reliability requirements from the perspective of the system, but ignore the critical differences between the different system functions. So that in the event of a system failure, all tasks are indiscriminately fault-tolerant. The resulting level of fault tolerance does not well meet the reliability requirements of high-critical system functions.

4.2 Mixed Critical Real Time Fault Tolerant Scheduling

Real-time fault-tolerant scheduling technology is to manage and schedule redundant resources to ensure that tasks can meet deadlines even in the event of a system failure. It is the main method to achieve fault tolerance in distributed real-time systems. Traditional software fault-tolerance and hardware fault-tolerance real-time scheduling algorithms focus on system-level reliability while ignoring the differences in safety criticality between different system functions, that is, different critical tasks have correspondingly different reliability requirements. According to different error models, this reliability requirement has different description methods in real-time fault-tolerant systems. A constrained error model is a commonly used error model assumption that describes the worst case error scenario that the system may encounter by limiting the minimum interval at which errors occur consecutively or the maximum number of allowed errors to occur during a specified period of time. However, in practice, system errors occur randomly. This randomness means that it is difficult to accurately obtain the bounds of the constrained error model parameters, which may lead to a more pessimistic estimation in the system design process. The stochastic error model can describe the error characteristics through random parameters, allowing errors to occur randomly. The homogenous Poisson process (HPP) is a common random error modeling method [62].

For the constrained error model, Dobrin et al. [63] provided fault tolerance for mixed critical tasks by time redundancy, where the key performance is the number of errors that each task instance can bear. This method uses integer linear programming to determine task priority to ensure that each critical task instance can resume execution in a short time and meet the deadline, while non critical tasks are allowed to be executed on high priority to improve the system resource utilization. Literature [64] studied the fault tolerance of mixed critical systems in distributed architecture. A heuristic greedy algorithm is proposed to determine the migration of safety–critical tasks on a permanent failure processor and the parameter adjustment of a constant bandwidth server CBS on a normal working processor to maximize the quality of service of the soft real time task QoS under the condition of hard real-time task time limit requirements.

In the limited error model, deterministic real-time fault-tolerance guarantees are usually obtained in the worst-case static schedulability analysis. That is, in a given system operating environment and possible defects, the system can either be scheduled and executed successfully, or it cannot be scheduled and executed. However, taking into account the random characteristics of errors, the strict worst-case assumptions may lead to inaccurate or too pessimistic results. This absolute simplistic analysis is not applicable to random error models. In order to solve the above problems, the literature [65] introduces the concept of probabilistic real-time fault tolerance, which effectively combines probability theory with real-time analysis, and uses statistical methods to analyze the possibility of guaranteed scheduling under the stochastic error model. Based on this research, a probabilistic real-time fault-tolerant analysis method under mixed critical conditions is proposed. This method allows designers to specify mission-level reliability requirements according to their criticality, and converts mission-level reliability requirements into the task parameters which can be used by the scheduling algorithm, and gives a schedulability test method for whether the system can meet the reliability requirements of each task.

Dong and Chen [66] proposed a non periodic and non preemptive heterogeneous distributed dynamic real-time fault-tolerant model, and two fault-tolerant scheduling algorithms, DRFSA and DSFSA, were presented to meet the reliability and schedulability requirements of the traditional distributed real-time scheduling algorithm. Zhou et al. [67] proposed a fault-tolerant scheduling method based on mixed critical to ensure that tasks with different safety levels can be reconstructed when transmission errors occur, improving the safety and reliability of real-time systems.

5 Time Delay Analysis of Real Time Communication Network

In a distributed real-time system, tasks running on different processor nodes communicate through message passing. In order to ensure that all tasks can meet the time constraints, the communication delay between message sending and receiving must be strictly limited. This communication delay, which we call the message response time, refers to the time that elapses from when the sending task starts sending a message to when the receiving task receives the message. A complete message response time is usually composed of message generation delay, waiting delay, transmission delay and delivery delay. The overall system schedulability analysis of the above system is the simple structure of the bus topology network. The distributed hardware resources in the future avionics system are interconnected through time triggered Ethernet (TTE), using switched network topology, with high time integrity real-time communication mechanism with TDMA access, and more complex networking and communication protocols. The real-time analysis of communication messages must be carried out according to the information flow constraints and service rules of integrated interconnection and real-time communication.

5.1 Network Calculus

The analytical methods and important theorems and conclusions in some network environments. Sariowan [68] extended these research results, and provided corresponding application rules to make it applicable to a more general network environment. It was developed and systematized into a network calculation theory system, which is actually used for network environment performance analysis. System theory. The traditional network performance analysis theory uses random queuing theory to deduce the statistical properties of the network [69], such as average delay, throughput and so on, but the predictability or delay upper bound of end to end of communication messages is more important than statistical properties for real time networks. In order to analyze the real-time service of the network, researchers set up a special analysis method—network calculus, It was first proposed by Rene and Cruz [70, 71] and then gradually improved with the joint efforts of scholars such as Chang [72] and Le Boudec and Thiran [73], The analytical methods based on the arrival curve and service curve and some important theorems and conclusions in the network environment are proposed. Sariowan [68] extends these research results and gives appropriate application rules to be applied to a more universal network environment. It will be developed and systematized into a network calculus theory system, that is, a system theory for network environment performance analysis.

Although the deterministic network calculus gives the upper bound of the rate constraint traffic delay, the worst case scheduling scenario is the outcome of aggregation flows. But the probability of the worst case is determined by different scheduling pattern. The deterministic network calculus will lead to the pessimism of the delayed upper bound estimation, resulting in the waste of resource. Compared with deterministic network calculus, stochastic network calculus can be used to calculate the upper bounds of the performance parameters under probability guarantee and reduce the waste of resource. Probabilistic network calculus introduces probabilistic operations into deterministic network calculus to describe and analyze the statistical multiplexing characteristics of network data streams. The performance analysis based on stochastic network calculus can provide a certain degree of QoS guarantee for data flow and effectively improve the utilization of network resources, and effectively make up the shortage of the deterministic network calculus theory. In recent years, stochastic network calculus has been widely studied and is in continuous development. Jiang [74] proposed a basic theoretical framework for constructing stochastic network calculus at the SIGCOMM international annual meeting. Jiang and Liu [75] expanded the basic theoretical framework of the stochastic network calculus, and established a set of relatively complete stochastic network calculus theory system. Jiang’s work has effectively promoted the theoretical and applied research of stochastic network calculus. Filder [76] summarized and analyzed the latest theoretical results of network calculus, and pointed out that the main theoretical difficulty of the current stochastic network calculus is to caculate the upper bound of the expression P{sup0≤st[F(st)] > x}, in which the P{.} is the probability operator (the probability of the event), and the sup[.] is the operation of the upper bound of the set, and the F(s, t) is the expression of the network performance. In the use of stochastic network calculus for performance analysis, we expect to get the probability upper bound of the above expression, assuming that the probability that the delay of the expected data stream is greater than a certain threshold in the network is not more than a given value \(\upvarepsilon\) (0 < \(\upvarepsilon\) < 1). Zhao [77] has proposed two delay analysis models based on deterministic network calculus and stochastic network calculus for the uncertainty of rate constraint (RC) traffic in TTE. In deterministic network calculus, the deterministic delay upper bound of RC is obtained by constructing the aggregation arrival curve of TT traffic and the service curve of RC traffic. In the stochastic network calculus, the two state Bernoulli distribution model of RC flow is constructed by the cherry boundary theorem, and the delayed upper bound under the probabilities is obtained. Zhou [78] also puts forward multiple priority transmission mode for compatible RC traffic in TTE, and deduces the formula of traffic delay. The proposed algorithm has low computational complexity and fast computing speed. It has high practical value in the application of network calculus time delay analysis.

5.2 Trajectory Approach

The trajectory approach is another method to calculate the deterministic upper bound of the end-to-end response time in a distributed system [79, 80, 81]. The trajectory method is different from the whole analysis method such as the network calculus, which is not the worst scene on all nodes that are passed, but also does not set the arrival curve and service curve of the data flow, but deals with the data flow according to the occasional mode, and only pays attention to the worst case of the current data packet on its transmission trajectory. Only in the actual network can we enter the scope of the discussion of the trajectory method, and the delay boundary obtained by the trajectory method is more accurate than the network calculus. The core idea of the trajectory method is that the maximum delay of messages can be obtained by postponing messages through the “busy period” of nodes. Based on the conventional trajectory calculation method, the IRIT Laboratory of the Toulouse University proposed a trajectory method for calculating the upper bound of packet delay in AFDX networks [82]. According to the trajectory method of AFDX network, the upper bound of VL delay is:
$$R_{i} = \mathop {\hbox{max} }\limits_{t \ge 0} \left( {W_{i,t}^{{last_{i} }} + C_{i}^{{last_{i} }} - t} \right)$$
The VL corresponding data traffic is recorded as τi (i = 1,2, …, n), t is the starting time point of generating the data frame m, lasti is the last access node on the delay path, \(W_{i,t}^{{last_{i} }}\) is the latest time that the data frame m starts at the last node, and \(C_{i}^{{last_{i} }}\) is the longest time required by the last node to send the data frame. In literature [83, 84], the trajectory method in AFDX network is optimized, the factors of the serialization of data frame are taken into consideration and the packet technology is introduced into the traditional trajectory method. Compared with the common AFDX network calculus method, it is proved that the trajectory method based on the AFDX network is a more compact method. The formula for calculating the upper bound of delay in VL is updated to:
$$R_{i} = \mathop {\hbox{max} }\limits_{t \ge 0} \left[ {\left( {W_{i,t}^{{last_{i} }} - \sum\limits_{\begin{subarray}{l} h \in P_{i} \\ h \ne first_{i} \end{subarray} } {\hbox{max} \left( {0,\Delta_{h} } \right)} } \right) + C_{i}^{{last_{i} }} - t} \right]$$
In the maximum delay formula of the optimal trajectory method, the added reduction is the sum of the delay values of the excess computation. As shown in Fig. 3, in the forwarding port h, IP 0 h is the input queue of the target data frame m, and IP x h (\(1 \le {\text{x}} \le k_{h}\)) is the other input queue. \({\text{seq}}_{x}^{h} \left( {0 \le x \le k_{h} } \right)\) is the data frame sequence of the input queue IP x h , which is composed of the data frames of the VL transmitted through the forwarding port h. All frames from the frame sequence IP x h (\(1 \le {\text{x}} \le k_{h}\)) will be multiplexed to the output queue OPh. In order to maximize the delay of the target data frame m at the port h, all the frame sequences are planned to end at the same time \(\uptheta\). Even in such a worst case, the target data frame m (belonging to VLi in the input queue IP x h ) will not be blocked at the same time by all the data frames in the other queues IP x h (\(1 \le {\text{x}} \le k_{h}\)). The Δh is caculated as formula (3), so the optimization of the trajectory method at each forwarding port is the maximum between 0 and Δh.
$$\Delta_{h} = \mathop {\hbox{max} }\limits_{{1 \le x \le k_{h} }} \left( {\hbox{min} \left( {l_{x}^{h} } \right)} \right) - { \hbox{max} }\left( {l_{0}^{h} } \right)$$
Fig. 3

Optimization of trajectory method

There are also some methods [85, 86, 87] for network delay calculation, such as simulation method [88, 89] and model checking method [90, 91]. However, the simulation method does not analyze the delay upper bound. Although the model checking method can determine the upper bound of the network traffic delay, the state space explosion is limited to the network size.

6 Trend of Future Technology Development

In task scheduling aspect, ARINC653 defines mononuclear partition scheduling rules. When multiple kernel processing systems are taken into consideration, how to implement multiple core partition scheduling becomes an important issue. At the same time, the system is integrated with the partition scheduling and network scheduling to implement the overall unified scheduling of the system. Multiple core partition scheduling strategy and distributed joint scheduling method under mixed critical characteristics will be the important problems that need to be studied and solved in the future.

In the aspect of system fault tolerance, it is necessary to further consider how to use the time triggered time synchronization mechanism and its fault localization characteristics by using time triggered architecture, to make redundant error tolerance and system reconstruction of the distributed control system resources, including the high precision time synchronization algorithm, sharing strategy of control system based on resource pool, and resource reconstruction method in distributed integrated modular system.

In the aspect of communication network delay analysis, how to construct a strict evaluation method has always been a hot issue in the research of real time systems. When considering the characteristics of partitioning, time triggering and mixed critical characteristics, The real-time evaluation method of the system under the joint scheduling strategy of partition and time-triggered and the real-time evaluation method of the system under the mixed critical characteristics can be used as research directions for follow-up work.

7 Conclusion

Distributed integrated modular avionics system is the development direction of the next generation of avionics, which can effectively improve the intelligent level and the reliability of avionics system, and reduce the cost at the same time. In this paper, the architecture features of DIMA are studied and analyzed, and the research and development of three key technologies in DIMA system in recent years are analyzed and discussed in detail. Finally, the development trend of DIMA future technology is put forward. The research results in this paper can provide theoretical support for the research and design of the distributed integrated modular avionics system for new aircraft in the future.


  1. 1.
    Huagang Xiong and Zhonghua Wang, Advanced Avionics Integration Techniques, National Defense Industry PressBerlin, 2009. pp. 1.Google Scholar
  2. 2.
    R. Fuchsen, IMA NextGen: A new technology for the Scarlett program, Aerospace and Electronic Systems Magazine, IEEE, Vol. 25, No. 10, pp. 10–16, 2010.CrossRefGoogle Scholar
  3. 3.
    R. Wolfig and M. Jakovlievic. Distributed IMA and DO-297: Architectural, Communication And Certification Attributes. In IEEE 27th DASC, 2008.Google Scholar
  4. 4.
    G. Warden. Application of a Distributed Integrated Modular Avionics Test Bed to Sikorsky Aircraft., 2010.
  5. 5.
    T. Rogalski, S. Samolej and A. Tomczyk. ARINC 653 Based Time-Critical Application for European SCARLETT Project. In AIAA guidance, navigation, and control conference, pages 8–11, 2011.Google Scholar
  6. 6.
    T. Robati, A. Gherbi, A. E. Kouhen and J. Mullins, Design and simulation of distributed IMA architectures using TTEthernet: a model-driven approach, Journal of Ambient Intelligence & Humanized Computing, Vol. 8, No. 3, pp. 1–11, 2017.CrossRefGoogle Scholar
  7. 7.
    Q. Zhou, Z. Xiong, Z. Zhan, T. You and N. Jiang. The mapping mechanism between Distributed Integrated Modular Avionics and data distribution service. In International Conference on Fuzzy Systems & Knowledge Discovery, pages 2502–2507, 2016.Google Scholar
  8. 8.
    D. de Niz, K. Lakshmanan and R. Rajkumar. On the Scheduling of Mixed-Criticality Real-Time Task Sets. In IEEE 30th International Conference on Real-Time Systems Symposium, pages 291–300, 2009.Google Scholar
  9. 9.
    ARINC 653-1-2003. Avionics Application Software Standard Interface. ARINC Specification 653, 2003.Google Scholar
  10. 10.
    S. Saewong, R. Rajkumar and J. Lehoczky. Analysis of Hierarchical Fixed Priority Scheduling. In Proceedings of the Euromicro Conference on Real-Time Systems. pages 173–181, NY, 2002. IEEE.Google Scholar
  11. 11.
    L. Almeida and P. Pedreiras. Scheduling within temporal partitions: Response-time analysis and server design. In in the 4th ACM International Conference on Embedded Software, pages 9:95–103, Italy, 2004. PisaGoogle Scholar
  12. 12.
    R. I. Davis and A. Burns. Resource Sharing in Hierarchical Fixed Priority Pre-Emptive Systems. In IEEE 27th International Conference on Real-Time Systems Symposium, Rio de Janeiro, Brazil, pages 257–270, 2006.Google Scholar
  13. 13.
    K. Lakshmanan, D. De Niz and R. Rajkumar, et al. Resource allocation in distributed mixed-criticality cyber-physical systems. In IEEE 30th International Conference on Distributed Computing Systems (ICDCS), pages 169–178, 2010.Google Scholar
  14. 14.
    K. Lakshmanan, D. de Niz and R. Rajkumar. Mixed-criticality task synchronization in zero-slack scheduling. In IEEE 17th Real-Time and Embedded Technology and Applications Symposium (RTAS), pages 47–56, 2011.Google Scholar
  15. 15.
    H. W. Jin and S. Han, Temporal partitioning for mixed-criticality systems, Emerging Technologies & Factory Automation, Vol. 19, No. 6, pp. 1–4, 2011.Google Scholar
  16. 16.
    D. Tamas-Selicean and P. Pop. Design Optimization of Mixed-Criticality Real-Time Applications on Cost-Constrained Partitioned Architectures. In IEEE 30th International Conference on Real-Time Systems Symposium, pages 24–33, 2011.Google Scholar
  17. 17.
    D. Tamas-Selicean and P. Pop, Design Optimization of Mixed-Criticality Real-Time Embedded Systems, ACM Transactions on Embedded Computing Systems, Vol. 14, No. 3, pp. 1–8, 2015.CrossRefGoogle Scholar
  18. 18.
    Chuancai Gu, Nan Guan, Jinming Yu, et al. Partitioned Scheduling Policies on Multi-Processor Mixed-Criticality Systems. Journal of Software, pp. 284–297, 2014.Google Scholar
  19. 19.
    Roman Trüb, Georgia Giannopoulou, Andreas Tretter and Lothar Thiele, Implementation of Partitioned Mixed-Criticality Scheduling on a Multi-Core Platform, ACM Transactions on Embedded Computing Systems (TECS), Vol. 16, No. 5, pp. 1–21, 2017.CrossRefGoogle Scholar
  20. 20.
    J. Barhorst, T. Belote, P. Binns, J. Hoffman, J. Paunicka, P. Sarathy, J. S. P. Stanfill, D. Stuart and R. Urzi. White paper: A research agenda for mixed-criticality systems., 2009.
  21. 21.
    S. Vestal. Preemptive scheduling of multi-criticality systems with varying degrees of execution time assurance. In IEEE Proceedings Real-Time Systems Symposium. pages 239–243, 2007.Google Scholar
  22. 22.
    A. Mok. Fundamental design problems of distributed systems for the hard real-time environment. Cambridge, MA, USA, Tech. Rep., 1983.Google Scholar
  23. 23.
    N. Audsley. Optimal Priority Assignment and Feasibility of Static Priority Tasks with Arbitrary Start Times. Technical Report YCS 164, University of York. 1991.Google Scholar
  24. 24.
    F. Dorin, P. Richard, M. Richard, et al., Schedulability and sensitivity analysis of multiple criticality tasks with fixed-priorities, Real-Time Systems, Vol. 46, No. 3, pp. 305–331, 2010.CrossRefzbMATHGoogle Scholar
  25. 25.
    S. Baruah and S. Vestal. Schedulability analysis of sporadic tasks with multiple criticality specifications. In Real-Time Systems, 2008. ECRTS’08. Euromicro Conference on. pages 147–155, 2008. IEEE.Google Scholar
  26. 26.
    S. K. Baruah, A. Burns and R. I. Davis. Response-time analysis for mixed criticality systems. In Real-Time Systems Symposium (RTSS), 2011 IEEE 32nd. pages 34–43, 2011, IEEE.Google Scholar
  27. 27.
    S. Baruah, V. Bonifaci, G. D’Angelo, et al., Scheduling real-time mixed-criticality jobs, Computers, IEEE Transactions on, Vol. 61, No. 8, pp. 1140–1152, 2012.MathSciNetCrossRefzbMATHGoogle Scholar
  28. 28.
    S. Baruah, H. Li and L. Stougie. Towards the design of certifiable mixed-criticality systems. In Real-Time and Embedded Technology and Applications Symposium (RTAS), 2010 16th IEEE. pages 13–22, 2010. IEEE.Google Scholar
  29. 29.
    H. Li and S. Baruah. Load-based schedulability analysis of certifiable mixed-criticality systems. In Proceedings of the Tenth ACM International Conference on Embedded Software. pages 99–108, 2010, ACM.Google Scholar
  30. 30.
    H. Li and S. Baruah. An algorithm for scheduling certifiable mixed-criticality sporadic task systems. In Real-Time Systems Symposium (RTSS), 2010 IEEE 31st. pages 183–192, 2010, IEEE.Google Scholar
  31. 31.
    N. Guan, P. Ekberg, M. Stigge, et al. Effective and efficient scheduling of certifiable mixed-criticality sporadic task systems. In Real-Time Systems Symposium (RTSS), 2011 IEEE 32nd. pages 13–23, 2011, IEEE.Google Scholar
  32. 32.
    S. Baruah and G. Fohler. Certification-cognizant time-triggered scheduling of mixed-criticality systems. In Real-Time Systems Symposium (RTSS), 2011 IEEE 32nd. pages 3–12, 2011, IEEE.Google Scholar
  33. 33.
    S. K. Baruah, V. Bonifaci, G. D’Angelo, et al. Mixed-criticality scheduling of sporadic task systems. In Algorithms–ESA 2011. pages 555–566, Berlin, 2011, Springer.Google Scholar
  34. 34.
    S. Baruah, V. Bonifaci, G. D’Angelo, et al. The preemptive uniprocessor scheduling of mixed-criticality implicit-deadline sporadic task systems. In Real-Time Systems (ECRTS), 2012 24th Euromicro Conference on. pages 145–154, 2012, IEEE.Google Scholar
  35. 35.
    P. Ekberg and W. Yi. Outstanding Paper Award: Bounding and Shaping the Demand of Mixed-Criticality Sporadic Tasks. In Real-Time Systems (ECRTS), 2012 24th Euromicro Conference on. pages 135–144, 2012, IEEE.Google Scholar
  36. 36.
    A. K. Mok, X. Feng and D. Chen. Resource partition for real-time systems. In Real-Time Technology and Applications Symposium, 2001. Proceedings. Seventh IEEE. pages 75–84, 2001, IEEE.Google Scholar
  37. 37.
    H. Li and S. Baruah. Global mixed-criticality scheduling on multiprocessors. In Real-Time Systems (ECRTS), 2012 24th Euromicro Conference on. pages 166–175, 2012, IEEE.Google Scholar
  38. 38.
    R. M. Pathan. Schedulability analysis of mixed-criticality systems on multiprocessors. In Real-Time Systems (ECRTS), 2012 24th Euromicro Conference on. pages 309–320, 2012, IEEE.Google Scholar
  39. 39.
    F. Santy, L. George, P. Thierry, et al. Relaxing mixed-criticality scheduling strictness for task sets scheduled with FP. In Real-Time Systems (ECRTS), 2012 24th Euromicro Conference on. pages 155–165, 2012, IEEE.Google Scholar
  40. 40.
    J. Yao, J. Wu, Q. Liu, Z. Xiong and G. Zhu, System-Level Scheduling of Mixed-Criticality Traffics in Avionics Networks, IEEE Access, Vol. 4, pp. 5880–5888, 2017.CrossRefGoogle Scholar
  41. 41.
    M. Spuri. Holistic Analysis of Deadline Scheduled Real-Time Distributed Systems, RR-2873, INRIA, France, 1996.Google Scholar
  42. 42.
    M. Klein, T. Ralya, B. Pollak, et al., A Practitioner’s Handbook for Real-Time Analysis: Guide to Rate Monotonic Analysis for Real-Time Systems, Kluwer Academic PublisherNorwell, 1993.CrossRefGoogle Scholar
  43. 43.
    J. C. Palencia Gutiérrez, J. J. Gutiérrez García and M. González Harbour. On the schedulability analysis for distributed hard real-time systems. In Real-Time Systems, 1997. Proceedings., Ninth Euromicro Workshop on. pages 136–143, 1997, IEEE.Google Scholar
  44. 44.
    O. Redell and M. Sanfridson. Exact best-case response time analysis of fixed priority scheduled tasks. In Real-Time Systems, 2002. Proceedings. 14th Euromicro Conference on. pages 165–172, 2002, IEEE.Google Scholar
  45. 45.
    P. E. Hladik and A. M. Déplanche. Best-case response time analysis for precedence relations in hard real-time systems. In Real-Time Systems Symposium Work-in-Progress Session. 2003.Google Scholar
  46. 46.
    J. J. G. García, J. C. P. Gutiérrez and M. G. Harbour. Schedulability analysis of distributed hard real-time systems with multiple-event synchronization. In Real-Time Systems, 2000. Euromicro RTS 2000. 12th Euromicro Conference on. pages 15–24, 2000, IEEE.Google Scholar
  47. 47.
    J. C. Palencia and M. G. Harbour. Exploiting precedence relations in the schedulability analysis of distributed real-time systems. In Real-Time Systems Symposium, 1999. Proceedings. The 20th IEEE. pages 328–339, 1999, IEEE.Google Scholar
  48. 48.
    K. Tindell. Adding time-offsets to schedulability analysis. Technical Report UCS 221, Department of Computer Science, University of York, 1994.Google Scholar
  49. 49.
    J. C. Palencia and M. González Harbour. Schedulability analysis for tasks with static and dynamic offsets. In Real-Time Systems Symposium, 1998. Proceedings., The 19th IEEE. pages 26–37, 1998, IEEE.Google Scholar
  50. 50.
    T. Pop. Scheduling and Optimisation of Heterogeneous Time/Event-Triggered Distributed Embedded Systems. Linköping, 2003.Google Scholar
  51. 51.
    T. Pop. Analysis and Optimisation of Distributed Embedded Systems with Heterogeneous Scheduling Policies. Linköping, 2007.Google Scholar
  52. 52.
    M. A. O. Yugang, Yongjun ZHANG, Shiyao JIN. An Improved Schedulability Analysis Algorithm of Hard Real-Time Distributed System, Journal of Software, Vol. 12, No. 2, pp. 298–302, 2001.Google Scholar
  53. 53.
    O. Redell and M. Torngren. Calculating exact worst case response times for static priority scheduled tasks with offsets and jitter. In Real-Time and Embedded Technology and Applications Symposium, 2002. Proceedings. Eighth IEEE. pages 164–172, 2002, IEEE.Google Scholar
  54. 54.
    Yao Chen, Qiao Li, Jun Lu and Huagang Xiong. Improved schedulability analysis for multiprocessor mixed-criticality systems. Journal of Beijing University of Aeronautics and Astronautics, pp. 1918–1926, 2015.Google Scholar
  55. 55.
    Hong Mu. Research and Implementation of Real-time System Schedulability Analysis and Simulation Tools, Master Thesis of University of Electronic Science and Technology, 2017.Google Scholar
  56. 56.
    Pujie Han, Zhengjun Zhai, Brian Nielsen and Ulrik Nyman. A Modeling Framework for Schedulability Analysis of Distributed Avionics Systems, In Proceedings of MARS/VPT, pages 150–168, 2018.Google Scholar
  57. 57.
    X. L. Teng and H. Pham, A software-reliability growth model for N-version programming systems, IEEE Transactions on Reliability, Vol. 51, No. 3, pp. 311–321, 2002.CrossRefGoogle Scholar
  58. 58.
    X. Cai, M. R. Lyu and M. A. Vouk. An experimental evaluation on reliability features of N-version programming. In Proceedings of the International Symposium on Software Reliability Engineering (ISSRE 2005), pages 161–170, 2005.Google Scholar
  59. 59.
    H. Yamachi, Y. Tsujimura, Y. Kambayashi, et al., Multi-objective genetic algorithm for solving N-version program design problem, Reliability Engineering and System Safety, Vol. 91, No. 9, pp. 1083–1094, 2006.CrossRefGoogle Scholar
  60. 60.
    F. Vargas, R. D. R. Fagundes and D. J. Barros. Experimental results of a recovery block scheme to handle noise in speech recognition systems. In Proceedings of the 11th Asian Test Symposium (ATS’02), pages 224–229, 2002.Google Scholar
  61. 61.
    W. L. Yeung and S. A. Schneider, Design and verification of distributed recovery blocks with CSP, Formal Methods in System Design, Vol. 22, No. 3, pp. 225–248, 2003.CrossRefzbMATHGoogle Scholar
  62. 62.
    N. Navet, Y. Q. Song and F. Simonot, Worst-case deadline failure probability in real-time applications distributed over controller area network, Journal of Systems Architecture, Vol. 46, No. 7, pp. 607–617, 2000.CrossRefGoogle Scholar
  63. 63.
    R. Dobrin, H. Aysan and S. Punnekkat. Maximizing the fault tolerance capability of fixed priority schedules. In Embedded and Real-Time Computing Systems and Applications, 2008. RTCSA’08. 14th IEEE International Conference on. pages 337–346, 2008, IEEE.Google Scholar
  64. 64.
    P. K. Saraswat, P. Pop and J. Madsen, Task migration for fault-tolerance in mixed-criticality embedded systems, ACM SIGBED Review, Vol. 6, No. 3, p. 6, 2009.CrossRefGoogle Scholar
  65. 65.
    H. Aysan, R. Dobrin and S. Punnekkat. Task-Level Probabilistic Scheduling Guarantees for Dependable Real-Time Systems-A Designer Centric Approach. In 2011 14th IEEE International Symposium on. pages 281–287, 2011, IEEE.Google Scholar
  66. 66.
    Chongjie Dong and Yuqiang Chen. Real-Time Scheduling Algorithm of Dynamic with Fault-Tolerant in Heterogeneous Distributed Systems. Journal of System Simulation, pp. 1132–1140, 2017.Google Scholar
  67. 67.
    Junlong Zhou, Min Yin, Zhifang Li, Kun Cao and Jianming Yan, Fault-Tolerant Task Scheduling for Mixed-Criticality Real-Time Systems, Journal of Circuits, Systems and Computers, Vol. 26, No. 1, pp. 1–17, 2017.CrossRefGoogle Scholar
  68. 68.
    H. Sariowan. A service curve approach to performance guarantees in integrated service networks. Ph.D. Dissertation, Univ Calif San Diego. 1996.Google Scholar
  69. 69.
    D. Bertsekas and R. Gallager, Data Networks, vol. 2nd, Prentice HallUpper Saddle River, 1992.zbMATHGoogle Scholar
  70. 70.
    Rene L. Cruz, A Calculus for Net work Delay, Part I: Network Elements in Isolation, IEEE Transaction on Information Theory, Vol. 37, No. 1, pp. 114–131, 1991.MathSciNetCrossRefzbMATHGoogle Scholar
  71. 71.
    Rene L. Cruz, A Calculus for Net work Delay, Part II: Network Analysis, IEEE Transaction on Information Theory, Vol. 37, No. 1, pp. 132–141, 1991.MathSciNetCrossRefzbMATHGoogle Scholar
  72. 72.
    C. S. Chang, Performance Guarantees in Communication Networks, Springer-VerlagNew York, 2000.CrossRefzbMATHGoogle Scholar
  73. 73.
    J.-Y. Le Boudec and P. Thiran, Network Calculus. LNCS2050 ed., SpringerBerlin, 2004.Google Scholar
  74. 74.
    Y. Jiang, A basic stochastic network calculus, ACM SIGCOMM Computer Communication Review, Vol. 36, No. 4, pp. 123–134, 2006.CrossRefGoogle Scholar
  75. 75.
    Y. Jiang and Y. Liu, Stochastic Network Calculus, SpringerHeidelberg, 2008.zbMATHGoogle Scholar
  76. 76.
    M. Fidler, Survey of deterministic and stochastic service curve models in the network calculus, Communications Surveys & Tutorials, IEEE, Vol. 12, No. 1, pp. 59–86, 2010.CrossRefGoogle Scholar
  77. 77.
    Luxi Zhao, Qiao Li, Wanqing Lin and Huagang Xiong, Stochastic network calculus for analysis of latency on TTEthernet network, Acta Aeronautica ET Astronautica Sinica, Vol. 37, No. 6, pp. 1953–1962, 2016.Google Scholar
  78. 78.
    Xuan Zhou, Feng He and Tong Wang. Using network calculus on worst-case latency analysis for TTEthernet in preemption transmission mode. In IEEE 10th International Conference on Signal Processing and Communication Systems (ICSPCS), pages 1–7, 2016.Google Scholar
  79. 79.
    S. Martin and P. Minet. Schedulablility Analysis of Flows Scheduled with FIFO: Application to the EF Class. In Workshop on Parallel and Distributed Real-Time Systems, 2006.Google Scholar
  80. 80.
    H. Bauer, J. L. Scharbarg and C. Fraboul. Applying and Optimizing Trajectroy Approach for Performance Evaluation of AFDX Avionics Network. In ETFA 2009.Google Scholar
  81. 81.
    H. Bauer, J.-L. Scharbarg and C. Fraboul, Improving the Worst-Case Delay Analysis of an AFDX Network Using an Optimized Trajectory Approach, IEEE Transactions Industrial Informatics, Vol. 6, pp. 521–533, 2010.CrossRefGoogle Scholar
  82. 82.
    H. Bauer, J.-L. Scharbarg and C. Fraboul, Applying trajectory approach to AFDX avionics network. In Proceedings of the 14th International Conference Emerging Technology Factory Automation, Mallorca, pages 1–8, 2009.Google Scholar
  83. 83.
    H. Bauer, J. L. Scharbarg and C. Fraboul, Improving the Worst-Case Delay Analysis of an AFDX Network Using an Optimized Trajectory Approach, IEEE Transaction Industrial Informatics, Vol. 6, pp. 521–533, 2010.CrossRefGoogle Scholar
  84. 84.
    M. Vojnovic and J. Le Boudec, Stochastic analysis of some expedited forwarding networks. In Proceedings of the Infocom, New York, 2002.Google Scholar
  85. 85.
    H. Charara, J. L. Scharbarg, J. Ermont, et al. Methods for bounding end-to-end delays on an AFDX network. In IEEE 18th Euromicro Conference on Real-Time Systems, pages 197–202, 2006.Google Scholar
  86. 86.
    J. L. Scharbarg and C. Fraboul, Methods and tools for the temporal analysis of avionic networks, INTECH Open Access PublisherQazvin, 2010.CrossRefGoogle Scholar
  87. 87.
    C. Canew and R. Guerra Global View of Methods for Evaluating End-To-End Delays on AFDX. In 5th Real-Time Systems Seminar. pages 6, 2011.Google Scholar
  88. 88.
    H. Charara and C. Fraboul. Modelling and simulation of an avionics full duplex switched ethernet. In Telecommunications, 2005. advanced industrial conference on telecommunications/service assurance with partial and intermittent resources conference/e-learning on telecommunications workshop. aict/sapir/elete 2005. proceedings, pages 207–212, 2005, IEEE.Google Scholar
  89. 89.
    J. L. Scharbarg and C. Fraboul. Simulation for end-to-end delays distribution on a switched ethernet. In 2010 IEEE Conference on Emerging Technologies and Factory Automation (ETFA), pages 1092–1099, 2007.Google Scholar
  90. 90.
    M. Adnan, J. L. Scharbarg, J. Ermont, et al. Model for worst case delay analysis of an AFDX network using timed automata. In 2010 IEEE Conference on Emerging Technologies and Factory Automation (ETFA), pages 1–4, 2010.Google Scholar
  91. 91.
    J. Ermont and C. Fraboul. Modeling a spacewire architecture using timed automata to compute worst-case end-to-end delays. In 2013 IEEE 18th Conference on Emerging Technologies & Factory Automation (ETFA), pages 1–4, 2013.Google Scholar

Copyright information

© Springer Science+Business Media, LLC, part of Springer Nature 2018

Authors and Affiliations

  1. 1.School of Computer Science and TechnologyXi Dian UniversityXi’anChina
  2. 2.Institute of Flight Control, Tianjin Institute for Advanced Equipments of Tsinghua UniversityBeijingChina
  3. 3.Aeronautical Computing Technique Research InstituteXi’anChina

Personalised recommendations