Search

CN-122019426-A - Method and device for realizing cross-domain data interaction certainty

CN122019426ACN 122019426 ACN122019426 ACN 122019426ACN-122019426-A

Abstract

The invention discloses a method and a device for realizing cross-domain data interaction certainty, which relate to the technical field of high-reliability time-sensitive networks, wherein the method comprises the steps of aligning a single writer with a cache line in advance, and distributing storage tank bits which are physically isolated and mutually noninterfere for each data source; in the periodic task domain, reading data from the storage slot based on the maximum retry budget and the upper limit of single reading time, and triggering degradation fusing when the retry upper limit is reached, thereby limiting the total time consumption of data reading within a definite boundary which can be calculated in advance. The method realizes the provability of the worst-case execution time of the system and improves the timing sequence certainty and reliability of cross-domain data interaction.

Inventors

  • SUN PENG

Assignees

  • 吉太航空科技(苏州)有限公司

Dates

Publication Date
20260512
Application Date
20251231

Claims (10)

  1. 1. A method for implementing cross-domain data interaction certainty, comprising: the method comprises the steps of binding a single writer and aligning with a cache line in advance, and distributing independent storage areas for each data source to obtain a plurality of data storage slots which are physically isolated and mutually noninterfere; In the interrupt domain, acquiring input data triggered by an external event, writing the data into a corresponding storage slot bit based on a preset instruction constraint rule, wherein the data writing time has a determined upper bound; And in the periodic task domain, based on a preset maximum retry budget and a single read time upper bound, reading data from the storage tank bit, retrying when the reading fails and the maximum retry budget is not reached, and triggering degradation fusing when the maximum retry budget is reached, thereby limiting the total consumption of data reading to be within a precalculable certainty boundary.
  2. 2. The method of implementing cross-domain data interaction certainty of claim 1, wherein the single writer binding includes: binding an interrupt service routine corresponding to a specified data source to a unique processor core by setting the interrupt affinity of the processor; during execution of the interrupt service routine, homologous interrupts are masked automatically by an interrupt controller or by software instructions to ensure that write accesses to the slot bits are not re-entrant.
  3. 3. The method of implementing cross-domain data interaction certainty of claim 1, wherein the cache line alignment includes: The size of each slot bit is forced to align with the starting memory address to an integer multiple of the processor cache line length.
  4. 4. The method of claim 1, wherein the writing data to the corresponding slot bits based on the preset instruction constraint rules comprises: And configuring an interrupt service routine to only execute a predefined fixed instruction sequence, wherein data processing operations in the fixed instruction sequence execute memory copies with a compiling period constant length, and prohibit execution of floating point operations, unbounded loops and complex branch jumps based on data contents.
  5. 5. The method for implementing cross-domain data interaction certainty as in claim 4, wherein the memory copy of the compile-time constant length is specifically: Memory copy operations from the network buffers to the corresponding storage slot bits are performed according to predefined, fixed-size payload structures.
  6. 6. The method for realizing cross-domain data interaction certainty as claimed in claim 1, wherein when the interrupt domain performs data writing, the version fingerprint state of the storage slot bit is updated before and after writing the data load; When the periodic task domain executes data reading, version fingerprints are respectively sampled before and after the data load is read by inserting a memory barrier instruction, and if the version fingerprints sampled before and after are inconsistent or the sampled version fingerprint numerical value indicates that the current state is in writing, the current reading failure is judged.
  7. 7. The method of implementing cross-domain data interaction certainty as in claim 6, wherein the version fingerprint is a monotonically increasing integer, wherein an odd value indicates that the slot bit is in a write-in state and an even value indicates a write-out state.
  8. 8. The method of implementing cross-domain data interaction certainty of claim 1, wherein the downgrading fusing includes at least: The data source that has failed the current read is marked as invalid for the current cycle and is eliminated from the voting set or multiplexed with output data that was determined to be valid for the previous cycle.
  9. 9. The method of implementing cross-domain data interaction certainty as in claim 1, wherein the certainty boundary is constrained by the relationship: ; ; wherein the method comprises the steps of For the maximum retry budget to be reached, For a single read attempt time upper bound resulting from a worst case execution time analysis of the target platform, Worst case execution time for a single read attempt; to be allocated to the first The time budget of the individual channels, In order for the voting algorithm to be time consuming, For the system control period.
  10. 10. A computer apparatus, comprising: A memory for storing computer programs/instructions; a processor for executing the computer program/instructions to implement the steps of the method of implementing cross-domain data interaction certainty of any one of claims 1 to 9.

Description

Method and device for realizing cross-domain data interaction certainty Technical Field The invention relates to a method and a device for realizing cross-domain data interaction certainty, belonging to the technical field of high-reliability time-sensitive networks. Background In modern avionic systems, the core nodes such as flight control computers receive high precision synchronization messages over redundant ethernet networks, which presents significant "production and consumption asymmetry", in which the production side is data acquisition triggered by random network interrupts (non-deterministic domain), and the consumption side is a periodic control task (deterministic domain) requiring strict periodic execution and analyzable Worst Case Execution Time (WCET). However, the existing cross-domain data interaction scheme is difficult to coordinate the contradiction, and the contradiction is mainly characterized in that readers in a lock-free snapshot mechanism are easy to fall into unbounded spin, so that the time consumption of reading is uncontrollable, if an interrupt service program contains complex analysis logic, the interrupt service program is easy to be attacked by malformed messages to cause 'interrupt livelock', high-priority tasks are tired, and multi-core parallel writing is easy to cause cache pseudo sharing and bus jitter, so that random delay is introduced. Disclosure of Invention The invention aims to provide a method and a device for realizing cross-domain data interaction certainty, which realize mathematical provability of worst-case execution time by constructing a physically isolated storage domain and implementing a periodic task reading mechanism of interrupt domain writing and budget constraint with limited instructions, obviously improve the anti-denial-of-service attack capability of a system, ensure the time sequence consistency of a cross-hardware platform and provide a data interaction solution with a deterministic time sequence boundary for avionics and other high-safety real-time systems. In order to achieve the above purpose, the invention is realized by adopting the following technical scheme. In one aspect, the present invention provides a method for implementing cross-domain data interaction certainty, including: the method comprises the steps of binding a single writer and aligning with a cache line in advance, and distributing independent storage areas for each data source to obtain a plurality of data storage slots which are physically isolated and mutually noninterfere; In the interrupt domain, acquiring input data triggered by an external event, writing the data into a corresponding storage slot bit based on a preset instruction constraint rule, wherein the data writing time has a determined upper bound; And in the periodic task domain, based on a preset maximum retry budget and a single read time upper bound, reading data from the storage tank bit, retrying when the reading fails and the maximum retry budget is not reached, and triggering degradation fusing when the maximum retry budget is reached, thereby limiting the total consumption of data reading to be within a precalculable certainty boundary. Optionally, the single writer binding includes: binding an interrupt service routine corresponding to a specified data source to a unique processor core by setting the interrupt affinity of the processor; during execution of the interrupt service routine, homologous interrupts are masked automatically by an interrupt controller or by software instructions to ensure that write accesses to the slot bits are not re-entrant. Optionally, the cache line alignment includes: The size of each slot bit is forced to align with the starting memory address to an integer multiple of the processor cache line length. Optionally, the writing the data to the corresponding storage slot bit based on the preset instruction constraint rule includes: And configuring an interrupt service routine to only execute a predefined fixed instruction sequence, wherein data processing operations in the fixed instruction sequence execute memory copies with a compiling period constant length, and prohibit execution of floating point operations, unbounded loops and complex branch jumps based on data contents. Optionally, the memory copy with the compile-time constant length specifically includes: Memory copy operations from the network buffers to the corresponding storage slot bits are performed according to predefined, fixed-size payload structures. Optionally, when the interrupt domain performs data writing, updating the version fingerprint state of the storage slot bit before and after writing the data load respectively; When the periodic task domain executes data reading, version fingerprints are respectively sampled before and after the data load is read by inserting a memory barrier instruction, and if the version fingerprints sampled before and after are inconsistent or the sampled version fing