# A Review on Key Technologies of the Distributed Integrated Modular Avionics System

## Abstract

Distributed integrated modular avionics (DIMA) system design through the distributed integrated technology, mixed critical task scheduling, real-time fault tolerant scheduling and time triggered communication mechanism, greatly enhance the reliability, safety and real-time performance of integrated electronic system. The DIMA represents the development trend of future avionics systems. This paper studies and discusses the architecture characteristics of DIMA. Then it studies and analyzes the development of key technologies in DIMA system in detail. Finally, it looks into the development trend of DIMA technology.

## Keywords

Distributed integrated modular avionics Mixed-critical task schedule Real-time fault tolerant schedule Time triggered communication Latency analysis## 1 Introduction

Since the 40s of last century, the development of avionics system has gone through four typical phase, i.e. the separate, federal, integrated modular and advanced integrated modular [1]. The development process of avionics system also reflects the evolution process of the integrated avionics technology.

In the earliest separate avionics system, each function area is separate and the sensor, processor, display, and the connection between them are connected by point to point. The federal avionics system uses MIL-STD-1553B command/response time division multiplex data bus, simplifies the connection between the existing avionics equipment, reduces the system weight and electromagnetic interference impacts, realizes the information sharing, solves the comprehensive problems of some system and processing function, and changes the traditional decentralized structure. Therefore, based on the ultra high speed integrated circuit and general module, a integrated modular avionics system is built, represented by the F-22 avionics structure, adopts the new technology after 80s.

Three integrated functional processing areas for signal processing, task processing and aircraft management have been implemented, and the signal processing function has been particularly strengthened, it realizes the three comprehensive functional processing areas of signal processing, task processing and aircraft management, especially strengthening capacity of integrated core processing. Thereby further improving the avionics system structure and achieving a higher level of integration. The advanced integrated avionics system extends the scope of function synthesis to the area of antenna aperture and sensor signal preprocessing, combining the signal processing and task processing area into a comprehensive signal and data processing area, and using an open system structure, a unified avionics network interconnection, and commercial Off-The-Shelf module, has achieved a high degree of physical and functional integration.

In recent years, with the development of the NASA Orion spacecraft electronic system in the United States and the research of the distributed electronic modules in the SCARLETT project of the European Union’s Seventh Framework Programme (FP7), It indicates that the future avionics system will develop in the direction of advanced distributed integrated modularization [2, 3, 4, 5, 6, 7].

This paper first introduces the system architecture features of the distributed integrated modular avionics system, and then elaborates the development trends of three key technologies in the distributed integrated modular avionics system, which are the mixed critical task scheduling and the schedulability analysis technology, the real-time fault-tolerant scheduling of the mixed critical system, and delay analysis technology of real-time communication network. The last part is the summary and prospect.

## 2 Architecture Characteristics of DIMA

The concept of Distributed Integrated Modular Avionics (DIMA) is derived from the SCARLETT project group of Europe-renowned research projects that focused on the avionics architecture. They developed a DIMA architecture and considered one of the main criteria of DIMA design is to achieve strict isolation at the physical level of the I/O processing module and the application processing module [2].

Compared with the traditional IMA, this will be a major change in the way of processing resource distribution. On the one hand, the I/O processing module can be placed close to remote sensors and actuators to minimize the error probability of I/O data during transmission. At the same time, it also solved the issue of heat dissipation of the backplane, thus satisfies the requirements of safety configuration. On the other hand, the physical binding relationship between the I/O processing module and the application processing module in the IMA system is relieved, which will provide a more flexible choice for system design.

In the research and application practice, the DIMA system embodies the two features of “integrated modularization” and “distribution”. On the one hand, because of the integration and modularization of the system design, the sharing of hardware resources is very high and the reusability of the modules is strong. On the other hand, distributed allocation of hardware resources allows subsystems to be isolated from the physical level.

The design of DIMA system involves three key technologies, which are mixed critical task scheduling, real-time fault-tolerant scheduling and real-time communication network delay analysis.

The mixed critical task scheduling technology is mainly used to improve the credibility of the whole DIMA system and the utilization of the system resources. The real-time fault-tolerant scheduling technology is the main method to ensure the reliability of the distributed real-time system. The time delay analysis of the real-time communication network is an important means to ensure the real-time performance of the distributed system network communication.

## 3 Mixed Critical Task Scheduling

With the continuous innovation of microelectronics and computer software/hardware technology, the function of the avionics system is becoming more and more complex. Due to the need for information integration and resource allocation, as well as the consideration of the size, weight and power of the airborne platform, the pressure to reduce operating costs and required physical resources makes avionics systems continue to evolve in the direction of integration and modularization. Different critical system functions have a tendency to converge from decentralized dedicated processing units to centralized common processing platforms [1]. Under the condition that the avionics system handles and interconnects resources across physical equipment boundaries and all platforms, multiple subsystems function sharing platforms form an integrated environment. Criticality is used to describe the degree of importance of subsystem functions or the severity of failures. Different subsystem functions have different credibility assurance requirements corresponding to their critical levels.

In order to prevent the harmful interference between the functional applications of different critical systems and protect the safety–critical performance of avionics systems, it is necessary to adopt certain isolation measures.

The ARINC653 standard [9] in the field of avionics defines the partition technology to isolate different functional applications to reduce the coupling between components and limit the application of different functions in the avionics system to its range of activities not to affect other functional applications, so as facilitate system development and verification analysis.

In the ARINC653 standard, the partition scheduling mainly completes the allocation of CPU resources through a two-tier task scheduling model, and implements the execution of application software in each partition. The upper scheduler within the operating system layer schedules multiple partitions according to the partition attributes and the upper scheduling policy and assigns an activation time window for each of them.

The lower scheduler located in each partition schedules the tasks in the partition in activation window according to the task attributes and the lower scheduling policy.

In a single-critical system, static resource allocation is often used to schedule and manage partitions. For example, Saewong et al. [10], Almeida and Pedreiras [11], and Davis and Burns [12] discussed the static resource allocation calculation method and task maximum response time analysis algorithm for the upper and lower level schedulers using the fixed priority (FP–FP) scheduling strategy. However, considering the multiple verification requirements of the mixed critical system, changes in the mission criticality level during system operation will cause changes in task status and resource requirements within the partition. A simple static resource allocation approach is not conducive to the full utilization of resources.

In order to make full use of system resources and enhance the overall credibility of the system, it is necessary to adopt a corresponding scheduling model and algorithm corresponding to the critical levels of each subsystem, and to integrate the scheduling strategies. At present, the related research work on task scheduling for mixed critical systems mainly focuses on the following two aspects: (1) robustness on running time; (2) system scheduling for design verification.

### 3.1 Robustness on Running Time

The robustness of running time is a key requirement for the design of mixed critical systems. By taking some temporal and spatial isolation measures to prevent the harmful interference between the functional applications of the systems, In particular, avoiding low-critical system functions adversely affects the correct execution of high-critical system functions. In real-time task scheduling, this robustness requirement also means that in the event that all task deadlines cannot be guaranteed such as the instantaneous overload of tasks, it must be ensured that high-critical tasks are executed first.

Although the above requirements can be achieved by providing dedicated system resources for different critical system functions, such physical isolation methods are not desirable for resource-constrained avionics systems in given constraints such as platform size, weight, and power. In addition, as mentioned above, the currently used ARINC653 standard partitioning technology can not fully utilize the integrated system resources and may lead to a priority inversion problem. Therefore, a new resource allocation and scheduling method is designed for this situation, and the resource utilization is improved by further sharing of resources while guaranteeing the robustness of the system running time. The traditional solution to the critical reversal problem is to assign priorities to tasks according to mission critical, called criticality as priority assignment (CAPA), to improve processor utilization. de Niz [8] proposes a mixed-critically driven asymmetric overload protection zero-idling scheduling algorithm. On this basis, Lakshmanan et al. [13, 14] made further extended studies. Literature [13] studies the control method of task synchronous mutual exclusion access shared resources in mixed critical systems and literature [14] proposes a resource allocation method for mixed critical tasks under a distributed environment. In view of the critical reversal problem that may occur in the two-tier task partition scheduling, Jin and Han [15] introduces partition-level criticality and proposes the dynamic allocation mechanism of partition resources, which can improve the system throughput while avoiding the critical reversal. Tamas-Selicean and Pop [16, 17] studies the mixed critical task optimization scheduling problem in the distributed architecture of the static polling two tier layer task partition scheduling model, and proposes a meta heuristic intelligent optimization method based on the Tabu search. Gu et al. [18] studied the mixed critical task scheduling for multi-core processor platform, and proposed a One Criticality One Partition (OCOP) scheduling strategy for multi-core processors. OCOP allows the system to repartition the real-time task set during critical mode switching, which in turn can better balance the resource utilization of each processor in different critical modes. Trüb et al. [19] implemented a hybrid mission-critical scheduling algorithm using adaptive time partitioning in actual multi-core systems, and verified the correctness and effectiveness of hybrid mission-critical scheduling algorithms on real avionics systems.

### 3.2 System Scheduling for Design Verification

System scheduling for design verification is another important aspect of the research of mixed-critical systems, and it is also a hot topic in safety critical real-time system of avionics [20]. A safety–critical system is a system that, once failed, will result in significant loss of life and property, as well as severe damage. Its analysis, design, and verification must take into account the credibility of system functions. With the increasing demand for system credibility in the current avionics field, safety as an important aspect of credibility has also become an important design constraint for avionics systems. For a variety of safety critical functions using a mixed critical system sharing system platform resources, the traditional design verification method will verify all functional applications based on the highest critical level credibility requirements. This conservative assumption implies strict predictive analysis. As well as excessive resource reservation, the result is too pessimistic.

The higher the critical level of system function is, the more stringent its predictability and certainty requirements are, the more conservative the corresponding task execution time is, and the more pessimistic the Worst-Case Execution Time (WCET) results. Based on this, Vestal [21] extended the traditional sporadic task model [22], pioneered the mixed critical contingency task model, and used the Audsley [23] priority assignment method in traditional real-time scheduling theory to propose A single-processor fixed-priority scheduling algorithm for mixing mission-critical tasks. Dorin et al. [24] proved that the algorithm is optimal in all single-processor fixed-priority scheduling algorithms. Baruah and Vestal [25] proposed new mixed-priority scheduling algorithms in combination with FP and EDF, Baruah [26] Considered the runtime monitoring function, the issue of fixed-priority scheduling was further studied.

Literatures [27, 28] studied the schedulability of single-processor hybrid mission-critical operations and proved that it was an NP-Hard problem, and proposed an own criticality based priority (OCBP) scheduling algorithm. The literature [29] gives a sufficient schedulability condition based on task load. The literature [30, 31] applies the OCBP algorithm to mixed critical contingent task scheduling. Based on the research work of [27, 28], Baruah and Fohler [32] proposed a time-triggered (TT) scheduling algorithm for single-processor mixed mission-critical tasks. Baruah et al. [33, 34] proposed a dynamic priority scheduling algorithm EDF-VD, which dynamically adjusts the virtual deadline of the task according to the critical level of the system. Different from the EDF-VD adjustment task with the same scaling, the paper [35] allows the virtual deadline to be adjusted separately for each task and gives a sufficient schedulability decision condition based on the task time demand function DBF [36]. In addition, the literature [37, 38] studied the problem of mixed-critical task scheduling in a multiprocessor environment. Santy et al. [39] relaxed the strictness of mixed-critical scheduling and allowed low-critiacl tasks continue for a period of time after the system critical level is raised. Yao et al. [40] adopted a system-level scheduling algorithm for the communication of mission-critical tasks, used gap-scheduling-based bandwidth allocation for mission-critical tasks, polled non-critical tasks, and used network calculus for hybrid criticality. The scheduling method performs real-time analysis.

### 3.3 System Schedulability Analysis

The real-time performance of distributed integrated system functions involves both the real-time behavior of computing and communication. The processor scheduling and communication network scheduling alone can only obtain part of the behavioral characteristics of the distributed integrated system, in order to make the entire system’s temporal behavior Predictably, it requires joint scheduling analysis of the system processor and the communication network. The schedulability analysis based on system response time is an important verification method for system time correctness. When the end-to-end response time of a transaction is less than or equal to the deadline of the transaction, the transaction can be scheduled; otherwise, the transaction is unschedulable. The system is schedulable when all transactions in the system can be scheduled. In order to calculate the end-to-end response time of the system, Holistic scheduling and schedulable analysis methods for distributed hard real-time systems are proposed in [41, 42], respectively. The scheduling analysis of the processors and the communication network based on the TDMA protocol Scheduling analysis is integrated into the same framework. The Holistic scheduling analysis method supports the linear transaction model. Based on this linear transaction model, Paleneia proved the validity of the Holistic scheduling analysis method [43]. The literature [44, 45] further studied the calculation method of the minimum response time based on the Holistic scheduling analysis method. In order to solve the problem of response time analysis of non-linear transaction models, Palencia proposed a method to support the synchronization of multiple events [46].

Holistic scheduling analysis method considers the dependencies between tasks on different processors when calculating the end-to-end response time of transactions, but does not consider the possible dependencies between different tasks on the same processor, resulting in The analysis result is too pessimistic, and the calculated response time is larger than the actual response time [47]. In order to obtain more accurate analysis results, the literature [48] extends the method by introducing static offsets. The literature [49] introduces dynamic offsets for analyzing internal dependencies and obtains higher scheduling utilization. Pop [50, 51] proposed schedulability analysis problems for time triggering and event triggering systems. The literature [52] proposes an improved method for the global schedulable analysis algorithm for the TDMA protocol network. Redell and Tomgren proposed a maximum response time analysis method based on the start phase of a given transaction [53]. Yao et al. [54] studied the scheduling problem of global scheduling algorithm in the multi-core processor platform, and used function image analysis to study the system schedulability requirements of different critical levels, and based on this, the exact range of effective virtual deadline adjustment parameters is given. On the basis of task scheduling model, combined with the scheduling theory of real-time system, Mohong [55] completed the design of the simulation based schedulability analysis algorithm for real-time systems, and developed a set of tool software for visual modeling and automation scheduling analysis. Han et al. [56] proposed a task schedulability analysis framework for distributed integrated modular avionics system, which included classic model checking (MC), statistical model checking (SMC), combined model checking three methods to analyze DIMA system schedulability under the framework. The versatility and accuracy of the analysis method provide a powerful analysis tool for the design of DIMA system task scheduling.

## 4 Real Time Fault Tolerant Scheduling

### 4.1 Traditional Fault Tolerant Technology

Avionics systems operate in a harsh physical environment or even a war environment. High reliability is of great significance and closely related to the safety of the aircraft itself. In the safety–critical avionics system, any minor error can cause irreparable damage. To ensure that the real-time tasks in the system can be completed before the deadline even if the system fails, certain methods must be used to improve the system reliability. Avoiding errors, eliminating/testing errors, predicting errors and tolerating errors is a common measure to ensure the reliability of real-time systems. The first three measures can reduce the error in the system as far as possible through perfect design, but they are impossible to solve in view of the errors that have not been detected in the process of system operation and fault tolerance is the initiative to face errors that may occur in the system. Therefore, fault tolerance design is a realistic and effective way to improve the reliability of the system.

Fault tolerance technology is to increase the reliability of resources in order to shield the effect of fault caused by the redundancy, so that in the case of local failure, the system can still execute the algorithm of the predetermined algorithm. According to the different resources, redundancy can be divided into four ways: hardware redundancy, software redundancy, time redundancy and information redundancy. Traditional fault tolerance methods include re-execution, N-version programming [57, 58, 59], recovery block [60, 61] and other fault-tolerant techniques. Although these traditional fault tolerant methods have important application value for improving the reliability of the system and prolonging the service life of the system, they do not take into account the strict real-time and system overhead of the system, so they can not be used directly in the field of resource constraint avionics. In addition, most fault-tolerant methods only consider the overall reliability requirements from the perspective of the system, but ignore the critical differences between the different system functions. So that in the event of a system failure, all tasks are indiscriminately fault-tolerant. The resulting level of fault tolerance does not well meet the reliability requirements of high-critical system functions.

### 4.2 Mixed Critical Real Time Fault Tolerant Scheduling

Real-time fault-tolerant scheduling technology is to manage and schedule redundant resources to ensure that tasks can meet deadlines even in the event of a system failure. It is the main method to achieve fault tolerance in distributed real-time systems. Traditional software fault-tolerance and hardware fault-tolerance real-time scheduling algorithms focus on system-level reliability while ignoring the differences in safety criticality between different system functions, that is, different critical tasks have correspondingly different reliability requirements. According to different error models, this reliability requirement has different description methods in real-time fault-tolerant systems. A constrained error model is a commonly used error model assumption that describes the worst case error scenario that the system may encounter by limiting the minimum interval at which errors occur consecutively or the maximum number of allowed errors to occur during a specified period of time. However, in practice, system errors occur randomly. This randomness means that it is difficult to accurately obtain the bounds of the constrained error model parameters, which may lead to a more pessimistic estimation in the system design process. The stochastic error model can describe the error characteristics through random parameters, allowing errors to occur randomly. The homogenous Poisson process (HPP) is a common random error modeling method [62].

For the constrained error model, Dobrin et al. [63] provided fault tolerance for mixed critical tasks by time redundancy, where the key performance is the number of errors that each task instance can bear. This method uses integer linear programming to determine task priority to ensure that each critical task instance can resume execution in a short time and meet the deadline, while non critical tasks are allowed to be executed on high priority to improve the system resource utilization. Literature [64] studied the fault tolerance of mixed critical systems in distributed architecture. A heuristic greedy algorithm is proposed to determine the migration of safety–critical tasks on a permanent failure processor and the parameter adjustment of a constant bandwidth server CBS on a normal working processor to maximize the quality of service of the soft real time task QoS under the condition of hard real-time task time limit requirements.

In the limited error model, deterministic real-time fault-tolerance guarantees are usually obtained in the worst-case static schedulability analysis. That is, in a given system operating environment and possible defects, the system can either be scheduled and executed successfully, or it cannot be scheduled and executed. However, taking into account the random characteristics of errors, the strict worst-case assumptions may lead to inaccurate or too pessimistic results. This absolute simplistic analysis is not applicable to random error models. In order to solve the above problems, the literature [65] introduces the concept of probabilistic real-time fault tolerance, which effectively combines probability theory with real-time analysis, and uses statistical methods to analyze the possibility of guaranteed scheduling under the stochastic error model. Based on this research, a probabilistic real-time fault-tolerant analysis method under mixed critical conditions is proposed. This method allows designers to specify mission-level reliability requirements according to their criticality, and converts mission-level reliability requirements into the task parameters which can be used by the scheduling algorithm, and gives a schedulability test method for whether the system can meet the reliability requirements of each task.

Dong and Chen [66] proposed a non periodic and non preemptive heterogeneous distributed dynamic real-time fault-tolerant model, and two fault-tolerant scheduling algorithms, DRFSA and DSFSA, were presented to meet the reliability and schedulability requirements of the traditional distributed real-time scheduling algorithm. Zhou et al. [67] proposed a fault-tolerant scheduling method based on mixed critical to ensure that tasks with different safety levels can be reconstructed when transmission errors occur, improving the safety and reliability of real-time systems.

## 5 Time Delay Analysis of Real Time Communication Network

In a distributed real-time system, tasks running on different processor nodes communicate through message passing. In order to ensure that all tasks can meet the time constraints, the communication delay between message sending and receiving must be strictly limited. This communication delay, which we call the message response time, refers to the time that elapses from when the sending task starts sending a message to when the receiving task receives the message. A complete message response time is usually composed of message generation delay, waiting delay, transmission delay and delivery delay. The overall system schedulability analysis of the above system is the simple structure of the bus topology network. The distributed hardware resources in the future avionics system are interconnected through time triggered Ethernet (TTE), using switched network topology, with high time integrity real-time communication mechanism with TDMA access, and more complex networking and communication protocols. The real-time analysis of communication messages must be carried out according to the information flow constraints and service rules of integrated interconnection and real-time communication.

### 5.1 Network Calculus

The analytical methods and important theorems and conclusions in some network environments. Sariowan [68] extended these research results, and provided corresponding application rules to make it applicable to a more general network environment. It was developed and systematized into a network calculation theory system, which is actually used for network environment performance analysis. System theory. The traditional network performance analysis theory uses random queuing theory to deduce the statistical properties of the network [69], such as average delay, throughput and so on, but the predictability or delay upper bound of end to end of communication messages is more important than statistical properties for real time networks. In order to analyze the real-time service of the network, researchers set up a special analysis method—network calculus, It was first proposed by Rene and Cruz [70, 71] and then gradually improved with the joint efforts of scholars such as Chang [72] and Le Boudec and Thiran [73], The analytical methods based on the arrival curve and service curve and some important theorems and conclusions in the network environment are proposed. Sariowan [68] extends these research results and gives appropriate application rules to be applied to a more universal network environment. It will be developed and systematized into a network calculus theory system, that is, a system theory for network environment performance analysis.

Although the deterministic network calculus gives the upper bound of the rate constraint traffic delay, the worst case scheduling scenario is the outcome of aggregation flows. But the probability of the worst case is determined by different scheduling pattern. The deterministic network calculus will lead to the pessimism of the delayed upper bound estimation, resulting in the waste of resource. Compared with deterministic network calculus, stochastic network calculus can be used to calculate the upper bounds of the performance parameters under probability guarantee and reduce the waste of resource. Probabilistic network calculus introduces probabilistic operations into deterministic network calculus to describe and analyze the statistical multiplexing characteristics of network data streams. The performance analysis based on stochastic network calculus can provide a certain degree of QoS guarantee for data flow and effectively improve the utilization of network resources, and effectively make up the shortage of the deterministic network calculus theory. In recent years, stochastic network calculus has been widely studied and is in continuous development. Jiang [74] proposed a basic theoretical framework for constructing stochastic network calculus at the SIGCOMM international annual meeting. Jiang and Liu [75] expanded the basic theoretical framework of the stochastic network calculus, and established a set of relatively complete stochastic network calculus theory system. Jiang’s work has effectively promoted the theoretical and applied research of stochastic network calculus. Filder [76] summarized and analyzed the latest theoretical results of network calculus, and pointed out that the main theoretical difficulty of the current stochastic network calculus is to caculate the upper bound of the expression *P*{*sup*_{0≤s≤t}[*F*(*s*, *t*)] > *x*}, in which the *P*{.} is the probability operator (the probability of the event), and the *sup*[.] is the operation of the upper bound of the set, and the F(s, t) is the expression of the network performance. In the use of stochastic network calculus for performance analysis, we expect to get the probability upper bound of the above expression, assuming that the probability that the delay of the expected data stream is greater than a certain threshold in the network is not more than a given value \(\upvarepsilon\) (0 < \(\upvarepsilon\) < 1). Zhao [77] has proposed two delay analysis models based on deterministic network calculus and stochastic network calculus for the uncertainty of rate constraint (RC) traffic in TTE. In deterministic network calculus, the deterministic delay upper bound of RC is obtained by constructing the aggregation arrival curve of TT traffic and the service curve of RC traffic. In the stochastic network calculus, the two state Bernoulli distribution model of RC flow is constructed by the cherry boundary theorem, and the delayed upper bound under the probabilities is obtained. Zhou [78] also puts forward multiple priority transmission mode for compatible RC traffic in TTE, and deduces the formula of traffic delay. The proposed algorithm has low computational complexity and fast computing speed. It has high practical value in the application of network calculus time delay analysis.

### 5.2 Trajectory Approach

*τ*

_{i}(

*i*= 1,2, …, n),

*t*is the starting time point of generating the data frame

*m*,

*last*

_{i}is the last access node on the delay path, \(W_{i,t}^{{last_{i} }}\) is the latest time that the data frame

*m*starts at the last node, and \(C_{i}^{{last_{i} }}\) is the longest time required by the last node to send the data frame. In literature [83, 84], the trajectory method in AFDX network is optimized, the factors of the serialization of data frame are taken into consideration and the packet technology is introduced into the traditional trajectory method. Compared with the common AFDX network calculus method, it is proved that the trajectory method based on the AFDX network is a more compact method. The formula for calculating the upper bound of delay in VL is updated to:

*h*,

*IP*

_{0}

^{ h}is the input queue of the target data frame

*m*, and

*IP*

_{ x}

^{ h}(\(1 \le {\text{x}} \le k_{h}\)) is the other input queue. \({\text{seq}}_{x}^{h} \left( {0 \le x \le k_{h} } \right)\) is the data frame sequence of the input queue

*IP*

_{ x}

^{ h}, which is composed of the data frames of the VL transmitted through the forwarding port

*h*. All frames from the frame sequence

*IP*

_{ x}

^{ h}(\(1 \le {\text{x}} \le k_{h}\)) will be multiplexed to the output queue

*OP*

^{h}. In order to maximize the delay of the target data frame

*m*at the port

*h*, all the frame sequences are planned to end at the same time \(\uptheta\). Even in such a worst case, the target data frame

*m*(belonging to

*VL*

_{i}in the input queue

*IP*

_{ x}

^{ h}) will not be blocked at the same time by all the data frames in the other queues

*IP*

_{ x}

^{ h}(\(1 \le {\text{x}} \le k_{h}\)). The Δ

_{h}is caculated as formula (3), so the optimization of the trajectory method at each forwarding port is the maximum between 0 and Δ

_{h}.

There are also some methods [85, 86, 87] for network delay calculation, such as simulation method [88, 89] and model checking method [90, 91]. However, the simulation method does not analyze the delay upper bound. Although the model checking method can determine the upper bound of the network traffic delay, the state space explosion is limited to the network size.

## 6 Trend of Future Technology Development

In task scheduling aspect, ARINC653 defines mononuclear partition scheduling rules. When multiple kernel processing systems are taken into consideration, how to implement multiple core partition scheduling becomes an important issue. At the same time, the system is integrated with the partition scheduling and network scheduling to implement the overall unified scheduling of the system. Multiple core partition scheduling strategy and distributed joint scheduling method under mixed critical characteristics will be the important problems that need to be studied and solved in the future.

In the aspect of system fault tolerance, it is necessary to further consider how to use the time triggered time synchronization mechanism and its fault localization characteristics by using time triggered architecture, to make redundant error tolerance and system reconstruction of the distributed control system resources, including the high precision time synchronization algorithm, sharing strategy of control system based on resource pool, and resource reconstruction method in distributed integrated modular system.

In the aspect of communication network delay analysis, how to construct a strict evaluation method has always been a hot issue in the research of real time systems. When considering the characteristics of partitioning, time triggering and mixed critical characteristics, The real-time evaluation method of the system under the joint scheduling strategy of partition and time-triggered and the real-time evaluation method of the system under the mixed critical characteristics can be used as research directions for follow-up work.

## 7 Conclusion

Distributed integrated modular avionics system is the development direction of the next generation of avionics, which can effectively improve the intelligent level and the reliability of avionics system, and reduce the cost at the same time. In this paper, the architecture features of DIMA are studied and analyzed, and the research and development of three key technologies in DIMA system in recent years are analyzed and discussed in detail. Finally, the development trend of DIMA future technology is put forward. The research results in this paper can provide theoretical support for the research and design of the distributed integrated modular avionics system for new aircraft in the future.

## References

- 1.Huagang Xiong and Zhonghua Wang,
*Advanced Avionics Integration Techniques*, National Defense Industry PressBerlin, 2009. pp. 1.Google Scholar - 2.R. Fuchsen, IMA NextGen: A new technology for the Scarlett program,
*Aerospace and Electronic Systems Magazine, IEEE*, Vol. 25, No. 10, pp. 10–16, 2010.CrossRefGoogle Scholar - 3.R. Wolfig and M. Jakovlievic. Distributed IMA and DO-297: Architectural, Communication And Certification Attributes. In
*IEEE 27th DASC*, 2008.Google Scholar - 4.G. Warden.
*Application of a Distributed Integrated Modular Avionics Test Bed to Sikorsky Aircraft*. http://www.tttech.com, 2010. - 5.T. Rogalski, S. Samolej and A. Tomczyk. ARINC 653 Based Time-Critical Application for European SCARLETT Project. In
*AIAA guidance, navigation, and control conference*, pages 8–11, 2011.Google Scholar - 6.T. Robati, A. Gherbi, A. E. Kouhen and J. Mullins, Design and simulation of distributed IMA architectures using TTEthernet: a model-driven approach,
*Journal of Ambient Intelligence & Humanized Computing*, Vol. 8, No. 3, pp. 1–11, 2017.CrossRefGoogle Scholar - 7.Q. Zhou, Z. Xiong, Z. Zhan, T. You and N. Jiang. The mapping mechanism between Distributed Integrated Modular Avionics and data distribution service. In
*International Conference on Fuzzy Systems & Knowledge Discovery*, pages 2502–2507, 2016.Google Scholar - 8.D. de Niz, K. Lakshmanan and R. Rajkumar. On the Scheduling of Mixed-Criticality Real-Time Task Sets. In
*IEEE 30th International Conference on Real-Time Systems Symposium*, pages 291–300, 2009.Google Scholar - 9.ARINC 653-1-2003. Avionics Application Software Standard Interface. ARINC Specification 653, 2003.Google Scholar
- 10.S. Saewong, R. Rajkumar and J. Lehoczky. Analysis of Hierarchical Fixed Priority Scheduling. In
*Proceedings of the Euromicro Conference on Real-Time Systems*. pages 173–181, NY, 2002. IEEE.Google Scholar - 11.L. Almeida and P. Pedreiras. Scheduling within temporal partitions: Response-time analysis and server design. In
*in the 4th ACM International Conference on Embedded Software*, pages 9:95–103, Italy, 2004. PisaGoogle Scholar - 12.R. I. Davis and A. Burns. Resource Sharing in Hierarchical Fixed Priority Pre-Emptive Systems. In
*IEEE 27th International Conference on Real-Time Systems Symposium, Rio de Janeiro, Brazil*, pages 257–270, 2006.Google Scholar - 13.K. Lakshmanan, D. De Niz and R. Rajkumar, et al. Resource allocation in distributed mixed-criticality cyber-physical systems. In
*IEEE 30th International Conference on Distributed Computing Systems (ICDCS)*, pages 169–178, 2010.Google Scholar - 14.K. Lakshmanan, D. de Niz and R. Rajkumar. Mixed-criticality task synchronization in zero-slack scheduling. In
*IEEE 17th Real-Time and Embedded Technology and Applications Symposium (RTAS)*, pages 47–56, 2011.Google Scholar - 15.H. W. Jin and S. Han, Temporal partitioning for mixed-criticality systems,
*Emerging Technologies & Factory Automation*, Vol. 19, No. 6, pp. 1–4, 2011.Google Scholar - 16.D. Tamas-Selicean and P. Pop. Design Optimization of Mixed-Criticality Real-Time Applications on Cost-Constrained Partitioned Architectures. In
*IEEE 30th International Conference on Real-Time Systems Symposium*, pages 24–33, 2011.Google Scholar - 17.D. Tamas-Selicean and P. Pop, Design Optimization of Mixed-Criticality Real-Time Embedded Systems,
*ACM Transactions on Embedded Computing Systems*, Vol. 14, No. 3, pp. 1–8, 2015.CrossRefGoogle Scholar - 18.Chuancai Gu, Nan Guan, Jinming Yu, et al. Partitioned Scheduling Policies on Multi-Processor Mixed-Criticality Systems.
*Journal of Software*, pp. 284–297, 2014.Google Scholar - 19.Roman Trüb, Georgia Giannopoulou, Andreas Tretter and Lothar Thiele, Implementation of Partitioned Mixed-Criticality Scheduling on a Multi-Core Platform,
*ACM Transactions on Embedded Computing Systems (TECS)*, Vol. 16, No. 5, pp. 1–21, 2017.CrossRefGoogle Scholar - 20.J. Barhorst, T. Belote, P. Binns, J. Hoffman, J. Paunicka, P. Sarathy, J. S. P. Stanfill, D. Stuart and R. Urzi.
*White paper: A research agenda for mixed-criticality systems*. http://www.cse.wustl.edu/~cdgill/CPSWEEK0_MCAR, 2009. - 21.S. Vestal. Preemptive scheduling of multi-criticality systems with varying degrees of execution time assurance. In
*IEEE Proceedings Real-Time Systems Symposium*. pages 239–243, 2007.Google Scholar - 22.A. Mok. Fundamental design problems of distributed systems for the hard real-time environment. Cambridge, MA, USA, Tech. Rep., 1983.Google Scholar
- 23.N. Audsley. Optimal Priority Assignment and Feasibility of Static Priority Tasks with Arbitrary Start Times. Technical Report YCS 164, University of York. 1991.Google Scholar
- 24.F. Dorin, P. Richard, M. Richard, et al., Schedulability and sensitivity analysis of multiple criticality tasks with fixed-priorities,
*Real-Time Systems*, Vol. 46, No. 3, pp. 305–331, 2010.CrossRefzbMATHGoogle Scholar - 25.S. Baruah and S. Vestal. Schedulability analysis of sporadic tasks with multiple criticality specifications. In
*Real-Time Systems, 2008. ECRTS’08. Euromicro Conference on*. pages 147–155, 2008. IEEE.Google Scholar - 26.S. K. Baruah, A. Burns and R. I. Davis. Response-time analysis for mixed criticality systems. In
*Real-Time Systems Symposium (RTSS), 2011 IEEE 32nd*. pages 34–43, 2011, IEEE.Google Scholar - 27.S. Baruah, V. Bonifaci, G. D’Angelo, et al., Scheduling real-time mixed-criticality jobs,
*Computers, IEEE Transactions on*, Vol. 61, No. 8, pp. 1140–1152, 2012.MathSciNetCrossRefzbMATHGoogle Scholar - 28.S. Baruah, H. Li and L. Stougie. Towards the design of certifiable mixed-criticality systems. In
*Real-Time and Embedded Technology and Applications Symposium (RTAS), 2010 16th IEEE*. pages 13–22, 2010. IEEE.Google Scholar - 29.H. Li and S. Baruah. Load-based schedulability analysis of certifiable mixed-criticality systems. In
*Proceedings of the Tenth ACM International Conference on Embedded Software*. pages 99–108, 2010, ACM.Google Scholar - 30.H. Li and S. Baruah. An algorithm for scheduling certifiable mixed-criticality sporadic task systems. In
*Real-Time Systems Symposium (RTSS), 2010 IEEE 31st*. pages 183–192, 2010, IEEE.Google Scholar - 31.N. Guan, P. Ekberg, M. Stigge, et al. Effective and efficient scheduling of certifiable mixed-criticality sporadic task systems. In
*Real-Time Systems Symposium (RTSS), 2011 IEEE 32nd*. pages 13–23, 2011, IEEE.Google Scholar - 32.S. Baruah and G. Fohler. Certification-cognizant time-triggered scheduling of mixed-criticality systems. In
*Real-Time Systems Symposium (RTSS), 2011 IEEE 32nd*. pages 3–12, 2011, IEEE.Google Scholar - 33.S. K. Baruah, V. Bonifaci, G. D’Angelo, et al. Mixed-criticality scheduling of sporadic task systems. In
*Algorithms–ESA 2011*. pages 555–566, Berlin, 2011, Springer.Google Scholar - 34.S. Baruah, V. Bonifaci, G. D’Angelo, et al. The preemptive uniprocessor scheduling of mixed-criticality implicit-deadline sporadic task systems. In
*Real-Time Systems (ECRTS), 2012 24th Euromicro Conference on*. pages 145–154, 2012, IEEE.Google Scholar - 35.P. Ekberg and W. Yi. Outstanding Paper Award: Bounding and Shaping the Demand of Mixed-Criticality Sporadic Tasks. In
*Real-Time Systems (ECRTS), 2012 24th Euromicro Conference on*. pages 135–144, 2012, IEEE.Google Scholar - 36.A. K. Mok, X. Feng and D. Chen. Resource partition for real-time systems. In
*Real-Time Technology and Applications Symposium, 2001. Proceedings. Seventh IEEE*. pages 75–84, 2001, IEEE.Google Scholar - 37.H. Li and S. Baruah. Global mixed-criticality scheduling on multiprocessors. In
*Real-Time Systems (ECRTS), 2012 24th Euromicro Conference on*. pages 166–175, 2012, IEEE.Google Scholar - 38.R. M. Pathan. Schedulability analysis of mixed-criticality systems on multiprocessors. In
*Real-Time Systems (ECRTS), 2012 24th Euromicro Conference on*. pages 309–320, 2012, IEEE.Google Scholar - 39.F. Santy, L. George, P. Thierry, et al. Relaxing mixed-criticality scheduling strictness for task sets scheduled with FP. In
*Real-Time Systems (ECRTS), 2012 24th Euromicro Conference on*. pages 155–165, 2012, IEEE.Google Scholar - 40.J. Yao, J. Wu, Q. Liu, Z. Xiong and G. Zhu, System-Level Scheduling of Mixed-Criticality Traffics in Avionics Networks,
*IEEE Access*, Vol. 4, pp. 5880–5888, 2017.CrossRefGoogle Scholar - 41.M. Spuri. Holistic Analysis of Deadline Scheduled Real-Time Distributed Systems, RR-2873, INRIA, France, 1996.Google Scholar
- 42.M. Klein, T. Ralya, B. Pollak, et al.,
*A Practitioner’s Handbook for Real-Time Analysis: Guide to Rate Monotonic Analysis for Real-Time Systems*, Kluwer Academic PublisherNorwell, 1993.CrossRefGoogle Scholar - 43.J. C. Palencia Gutiérrez, J. J. Gutiérrez García and M. González Harbour. On the schedulability analysis for distributed hard real-time systems. In
*Real-Time Systems, 1997. Proceedings., Ninth Euromicro Workshop on*. pages 136–143, 1997, IEEE.Google Scholar - 44.O. Redell and M. Sanfridson. Exact best-case response time analysis of fixed priority scheduled tasks. In
*Real-Time Systems, 2002. Proceedings. 14th Euromicro Conference on*. pages 165–172, 2002, IEEE.Google Scholar - 45.P. E. Hladik and A. M. Déplanche. Best-case response time analysis for precedence relations in hard real-time systems. In
*Real-Time Systems Symposium Work-in-Progress Session*. 2003.Google Scholar - 46.J. J. G. García, J. C. P. Gutiérrez and M. G. Harbour. Schedulability analysis of distributed hard real-time systems with multiple-event synchronization. In
*Real-Time Systems, 2000. Euromicro RTS 2000. 12th Euromicro Conference on*. pages 15–24, 2000, IEEE.Google Scholar - 47.J. C. Palencia and M. G. Harbour. Exploiting precedence relations in the schedulability analysis of distributed real-time systems. In
*Real-Time Systems Symposium, 1999. Proceedings. The 20th IEEE*. pages 328–339, 1999, IEEE.Google Scholar - 48.K. Tindell. Adding time-offsets to schedulability analysis. Technical Report UCS 221, Department of Computer Science, University of York, 1994.Google Scholar
- 49.J. C. Palencia and M. González Harbour. Schedulability analysis for tasks with static and dynamic offsets. In
*Real-Time Systems Symposium, 1998. Proceedings., The 19th IEEE*. pages 26–37, 1998, IEEE.Google Scholar - 50.T. Pop. Scheduling and Optimisation of Heterogeneous Time/Event-Triggered Distributed Embedded Systems. Linköping, 2003.Google Scholar
- 51.T. Pop. Analysis and Optimisation of Distributed Embedded Systems with Heterogeneous Scheduling Policies. Linköping, 2007.Google Scholar
- 52.M. A. O. Yugang, Yongjun ZHANG, Shiyao JIN. An Improved Schedulability Analysis Algorithm of Hard Real-Time Distributed System,
*Journal of Software*, Vol. 12, No. 2, pp. 298–302, 2001.Google Scholar - 53.O. Redell and M. Torngren. Calculating exact worst case response times for static priority scheduled tasks with offsets and jitter. In
*Real-Time and Embedded Technology and Applications Symposium, 2002. Proceedings. Eighth IEEE*. pages 164–172, 2002, IEEE.Google Scholar - 54.Yao Chen, Qiao Li, Jun Lu and Huagang Xiong. Improved schedulability analysis for multiprocessor mixed-criticality systems.
*Journal of Beijing University of Aeronautics and Astronautics*, pp. 1918–1926, 2015.Google Scholar - 55.Hong Mu. Research and Implementation of Real-time System Schedulability Analysis and Simulation Tools, Master Thesis of University of Electronic Science and Technology, 2017.Google Scholar
- 56.Pujie Han, Zhengjun Zhai, Brian Nielsen and Ulrik Nyman. A Modeling Framework for Schedulability Analysis of Distributed Avionics Systems, In
*Proceedings of MARS/VPT*, pages 150–168, 2018.Google Scholar - 57.X. L. Teng and H. Pham, A software-reliability growth model for N-version programming systems,
*IEEE Transactions on Reliability*, Vol. 51, No. 3, pp. 311–321, 2002.CrossRefGoogle Scholar - 58.X. Cai, M. R. Lyu and M. A. Vouk. An experimental evaluation on reliability features of N-version programming. In
*Proceedings of the International Symposium on Software Reliability Engineering (ISSRE 2005)*, pages 161–170, 2005.Google Scholar - 59.H. Yamachi, Y. Tsujimura, Y. Kambayashi, et al., Multi-objective genetic algorithm for solving N-version program design problem,
*Reliability Engineering and System Safety*, Vol. 91, No. 9, pp. 1083–1094, 2006.CrossRefGoogle Scholar - 60.F. Vargas, R. D. R. Fagundes and D. J. Barros. Experimental results of a recovery block scheme to handle noise in speech recognition systems. In
*Proceedings of the 11th Asian Test Symposium (ATS’02)*, pages 224–229, 2002.Google Scholar - 61.W. L. Yeung and S. A. Schneider, Design and verification of distributed recovery blocks with CSP,
*Formal Methods in System Design*, Vol. 22, No. 3, pp. 225–248, 2003.CrossRefzbMATHGoogle Scholar - 62.N. Navet, Y. Q. Song and F. Simonot, Worst-case deadline failure probability in real-time applications distributed over controller area network,
*Journal of Systems Architecture*, Vol. 46, No. 7, pp. 607–617, 2000.CrossRefGoogle Scholar - 63.R. Dobrin, H. Aysan and S. Punnekkat. Maximizing the fault tolerance capability of fixed priority schedules. In
*Embedded and Real-Time Computing Systems and Applications, 2008. RTCSA’08. 14th IEEE International Conference on*. pages 337–346, 2008, IEEE.Google Scholar - 64.P. K. Saraswat, P. Pop and J. Madsen, Task migration for fault-tolerance in mixed-criticality embedded systems,
*ACM SIGBED Review*, Vol. 6, No. 3, p. 6, 2009.CrossRefGoogle Scholar - 65.H. Aysan, R. Dobrin and S. Punnekkat. Task-Level Probabilistic Scheduling Guarantees for Dependable Real-Time Systems-A Designer Centric Approach. In
*2011 14th IEEE International Symposium on*. pages 281–287, 2011, IEEE.Google Scholar - 66.Chongjie Dong and Yuqiang Chen. Real-Time Scheduling Algorithm of Dynamic with Fault-Tolerant in Heterogeneous Distributed Systems.
*Journal of System Simulation*, pp. 1132–1140, 2017.Google Scholar - 67.Junlong Zhou, Min Yin, Zhifang Li, Kun Cao and Jianming Yan, Fault-Tolerant Task Scheduling for Mixed-Criticality Real-Time Systems,
*Journal of Circuits, Systems and Computers*, Vol. 26, No. 1, pp. 1–17, 2017.CrossRefGoogle Scholar - 68.H. Sariowan. A service curve approach to performance guarantees in integrated service networks. Ph.D. Dissertation, Univ Calif San Diego. 1996.Google Scholar
- 69.D. Bertsekas and R. Gallager,
*Data Networks*, vol. 2nd, Prentice HallUpper Saddle River, 1992.zbMATHGoogle Scholar - 70.Rene L. Cruz, A Calculus for Net work Delay, Part I: Network Elements in Isolation,
*IEEE Transaction on Information Theory*, Vol. 37, No. 1, pp. 114–131, 1991.MathSciNetCrossRefzbMATHGoogle Scholar - 71.Rene L. Cruz, A Calculus for Net work Delay, Part II: Network Analysis,
*IEEE Transaction on Information Theory*, Vol. 37, No. 1, pp. 132–141, 1991.MathSciNetCrossRefzbMATHGoogle Scholar - 72.C. S. Chang,
*Performance Guarantees in Communication Networks*, Springer-VerlagNew York, 2000.CrossRefzbMATHGoogle Scholar - 73.J.-Y. Le Boudec and P. Thiran,
*Network Calculus. LNCS*2050 ed., SpringerBerlin, 2004.Google Scholar - 74.Y. Jiang, A basic stochastic network calculus,
*ACM SIGCOMM Computer Communication Review*, Vol. 36, No. 4, pp. 123–134, 2006.CrossRefGoogle Scholar - 75.Y. Jiang and Y. Liu,
*Stochastic Network Calculus*, SpringerHeidelberg, 2008.zbMATHGoogle Scholar - 76.M. Fidler, Survey of deterministic and stochastic service curve models in the network calculus,
*Communications Surveys & Tutorials, IEEE*, Vol. 12, No. 1, pp. 59–86, 2010.CrossRefGoogle Scholar - 77.Luxi Zhao, Qiao Li, Wanqing Lin and Huagang Xiong, Stochastic network calculus for analysis of latency on TTEthernet network,
*Acta Aeronautica ET Astronautica Sinica*, Vol. 37, No. 6, pp. 1953–1962, 2016.Google Scholar - 78.Xuan Zhou, Feng He and Tong Wang. Using network calculus on worst-case latency analysis for TTEthernet in preemption transmission mode. In
*IEEE 10th International Conference on Signal Processing and Communication Systems (ICSPCS)*, pages 1–7, 2016.Google Scholar - 79.S. Martin and P. Minet. Schedulablility Analysis of Flows Scheduled with FIFO: Application to the EF Class. In
*Workshop on Parallel and Distributed Real-Time Systems*, 2006.Google Scholar - 80.H. Bauer, J. L. Scharbarg and C. Fraboul. Applying and Optimizing Trajectroy Approach for Performance Evaluation of AFDX Avionics Network. In
*ETFA*2009.Google Scholar - 81.H. Bauer, J.-L. Scharbarg and C. Fraboul, Improving the Worst-Case Delay Analysis of an AFDX Network Using an Optimized Trajectory Approach,
*IEEE Transactions Industrial Informatics*, Vol. 6, pp. 521–533, 2010.CrossRefGoogle Scholar - 82.H. Bauer, J.-L. Scharbarg and C. Fraboul, Applying trajectory approach to AFDX avionics network. In
*Proceedings of the 14th International Conference Emerging Technology Factory Automation, Mallorca*, pages 1–8, 2009.Google Scholar - 83.H. Bauer, J. L. Scharbarg and C. Fraboul, Improving the Worst-Case Delay Analysis of an AFDX Network Using an Optimized Trajectory Approach,
*IEEE Transaction Industrial Informatics*, Vol. 6, pp. 521–533, 2010.CrossRefGoogle Scholar - 84.M. Vojnovic and J. Le Boudec, Stochastic analysis of some expedited forwarding networks. In Proceedings of the Infocom, New York, 2002.Google Scholar
- 85.H. Charara, J. L. Scharbarg, J. Ermont, et al. Methods for bounding end-to-end delays on an AFDX network. In
*IEEE 18th Euromicro Conference on Real-Time Systems*, pages 197–202, 2006.Google Scholar - 86.J. L. Scharbarg and C. Fraboul,
*Methods and tools for the temporal analysis of avionic networks*, INTECH Open Access PublisherQazvin, 2010.CrossRefGoogle Scholar - 87.C. Canew and R. Guerra Global View of Methods for Evaluating End-To-End Delays on AFDX. In
*5th Real-Time Systems Seminar*. pages 6, 2011.Google Scholar - 88.H. Charara and C. Fraboul. Modelling and simulation of an avionics full duplex switched ethernet. In
*Telecommunications, 2005. advanced industrial conference on telecommunications/service assurance with partial and intermittent resources conference/e-learning on telecommunications workshop*.*aict/sapir/elete 2005. proceedings*, pages 207–212, 2005, IEEE.Google Scholar - 89.J. L. Scharbarg and C. Fraboul. Simulation for end-to-end delays distribution on a switched ethernet. In
*2010 IEEE Conference on Emerging Technologies and Factory Automation (ETFA)*, pages 1092–1099, 2007.Google Scholar - 90.M. Adnan, J. L. Scharbarg, J. Ermont, et al. Model for worst case delay analysis of an AFDX network using timed automata. In
*2010 IEEE Conference on Emerging Technologies and Factory Automation (ETFA)*, pages 1–4, 2010.Google Scholar - 91.J. Ermont and C. Fraboul. Modeling a spacewire architecture using timed automata to compute worst-case end-to-end delays. In
*2013 IEEE 18th Conference on Emerging Technologies & Factory Automation (ETFA)*, pages 1–4, 2013.Google Scholar