Design Automation for Embedded Systems

, Volume 22, Issue 1–2, pp 141–181 | Cite as

DOL-BIP-Critical: a tool chain for rigorous design and implementation of mixed-criticality multi-core systems

  • Georgia GiannopoulouEmail author
  • Peter Poplavko
  • Dario Socci
  • Pengcheng Huang
  • Nikolay Stoimenov
  • Paraskevas Bourgos
  • Lothar Thiele
  • Marius Bozga
  • Saddek Bensalem
  • Sylvain Girbal
  • Madeleine Faugere
  • Romain Soulat
  • Benoît Dupont de Dinechin


Mixed-criticality systems are promoted in industry due to their potential to reduce size, weight, power, and cost. Nonetheless, deploying mixed-criticality applications on commercial multi-core platforms remains a highly challenging problem. To name a few reasons: (i) Industrial mixed-criticality applications are usually complex reactive applications, which cannot be specified by traditional, e.g., dataflow-based, models of computation. Appropriate mixed-criticality models of computation built upon Vestal’s assumptions are missing; (ii) Scheduling such applications on multicores with shared resources, such as memory buses, requires that any timing interference among applications of different criticality is bounded in order to guarantee—the necessary for certification—temporal isolation and to enable incremental design; (iii) The implementation of isolation-preserving mixed-criticality schedulers is itself subject to certification. Hence, it needs to be not only efficient, but also provably correct. This paper proposes, for the first time, a complete design flow covering all aspects from specification, using a novel mixed-criticality aware model of computation (DOL-Critical), to correct-by-construction implementation, using the principle ‘what you verify is what you generate’ which is based on a novel variant of task automata. We demonstrate the applicability of our design flow with an industrial avionic test case on the state-of-the-art Kalray MPPA®-256.


Real-time systems Mixed-criticality systems Multi-core scheduling Rigorous design Software synthesis Avionics 



The research leading to these results has received funding from the European Union Seventh Framework Programme (FP7/2007-2013) under grant agreement number 288175 (CERTAINTY project).


  1. 1.
    Abdellatif T, Combaz J, Sifakis J (2010) Model-based implementation of real-time applications. In: EMSOFT ’10Google Scholar
  2. 2.
    AbsInt (2015) aiT worst-case execution time analyzers.
  3. 3.
    Alur R, Dill DL (1990) Automata for modeling real-time systems. In: Paterson M (ed) Proceedings of the 17th international colloquium on automata, languages and programming (ICALP), LNCS, vol 443, Springer, pp 322–335Google Scholar
  4. 4.
    Amnell T, Fersman E, Mokrushin L, Pettersson P, Yi W (2002) TIMES—a tool for modelling and implementation of embedded systems. In: Proceedings of tools and algorithms for the construction and analysis of systems, Springer, pp 460–464Google Scholar
  5. 5.
    Anderson J, Baruah S, Brandenburg B (2009) Multicore operating-system support for mixed criticality. In: Workshop on mixed criticality: roadmap to evolving UAV certificationGoogle Scholar
  6. 6.
    ARINC. ARINC 653-1 Avionics application software standard interface. Technical reportGoogle Scholar
  7. 7.
    Barhorst J, Belote T, Binns P, Hoffman J, Paunicka J, Sarathy P, Stanfill J, Stuart D, Urzi R (2009) White paper: a research agenda for mixed-criticality systems, CPS Week 2009.
  8. 8.
    Baruah S, Chattopadhyay B, Li H, Shin I (2014) Mixed-criticality scheduling on multiprocessors. Real Time Syst 50:142–177CrossRefzbMATHGoogle Scholar
  9. 9.
    Bourgos P, Basu A, Bozga M, Bensalem S, Sifakis J, Huang K (2011) Rigorous system level modeling and analysis of mixed HW/SW systems. In: Proceedings of international conference on formal methods and models for codesign, MEMOCODE 2011, pp 11–20Google Scholar
  10. 10.
    Burns A, Baruah S (2013) Towards a more practical model for mixed criticality systems. Workshop on mixed criticality, pp 1–6Google Scholar
  11. 11.
    Burns A, Davis R (2015) Mixed criticality systems: a review.
  12. 12.
    Burns A, Fleming T, Baruah S (2015) Cyclic executives, multi-core platforms and mixed criticality applications. In: Euromicro conference on real-time systems (ECRTS), pp 3–12Google Scholar
  13. 13.
    Calandrino J, Leontyev H, Block A, Devi U, Anderson J (2006) LITMUS RT: a testbed for empirically comparing real-time multiprocessor schedulers. In: RTSS, pp 111–126Google Scholar
  14. 14.
    de Dinechin B D, van Amstel D, Poulhiès M, Lager G (2014) Time-critical computing on a single-chip massively parallel processor. In: DATE’14, EDAAGoogle Scholar
  15. 15.
    de Niz D, Phan LTX (2014) Partitioned scheduling of multi-modal mixed-criticality real-time systems on multiprocessor platforms. In: RTAS, pp 111–122Google Scholar
  16. 16.
    DO-178C. RTCA/DO-178C, Software considerations in airborne systems and equipment certification (2012)Google Scholar
  17. 17.
    DOL-Critical (2014) Distributed operation layer for mixed-criticality applications.
  18. 18.
    Durrieu G, Faugère M, Girbal S, G. Pérez D, Pagetti C, Puffitsch W (2014) Predictable flight management system implementation on a multicore processor. In: ERTSS’14Google Scholar
  19. 19.
    Easwaran A (2013) Demand-based scheduling of mixed-criticality sporadic tasks on one processor. In: RTSS’13Google Scholar
  20. 20.
    Ekberg P, Yi W (2012) Bounding and shaping the demand of mixed-criticality sporadic tasks. In: ECRTS’12Google Scholar
  21. 21.
    Fersman E, Krcál P, Pettersson P, Yi W (2007) Task automata: schedulability, decidability and undecidability. Inf Comput 205(8):1149–1172MathSciNetCrossRefzbMATHGoogle Scholar
  22. 22.
    Flodin J, Lampka K, Yi W (2014) Dynamic budgeting for settling DRAM contention of co-running hard and soft real-time tasks. In: 2014 9th IEEE international symposium on Industrial embedded systems (SIES), pp 151–159Google Scholar
  23. 23.
    Giannopoulou G, Lampka K, Stoimenov N, Thiele L (2012) Timed model checking with abstractions: towards worst-case response time analysis in resource-sharing manycore systems. In: EMSOFT’12Google Scholar
  24. 24.
    Giannopoulou G, Stoimenov N, Huang P, Thiele L (2013) Scheduling of mixed-criticality applications on resource-sharing multicore systems. In: EMSOFT’13Google Scholar
  25. 25.
    Giannopoulou G, Stoimenov N, Huang P, Thiele L, de Dinechin B (2015) Mixed-criticality scheduling on cluster-based manycores with shared communication and storage resources. Real Time Syst 51:1–51CrossRefGoogle Scholar
  26. 26.
    Goossens S, Akesson B, Goossens K (2013) Conservative open-page policy for mixed time-criticality memory controllers. In: DATE’13Google Scholar
  27. 27.
    Hansson A, Goossens K, Bekooij M, Huisken J (2009) CompSoC: a template for composable and predictable multi-processor system on chips. ACM Trans Des Autom Electron Syst (TODAES) 14(1):2Google Scholar
  28. 28.
    Hassan M, Patel H, Pellizzoni R (2015) A framework for scheduling DRAM memory accesses for multi-core mixed-time critical systems. In: RTAS, pp 307–316Google Scholar
  29. 29.
    Herman J, Kenna C, Mollison M, Anderson J, Johnson D (2012) RTOS support for multicore mixed-criticality systems. In: RTAS, pp 197–208Google Scholar
  30. 30.
    Huang H-M, Gill C, Lu C (2014) Implementation and evaluation of mixed-criticality scheduling approaches for sporadic tasks. ACM Trans Embed Comput Syst 13(4s):126:1–126:25CrossRefGoogle Scholar
  31. 31.
    Huang K, Haid W, Bacivarov I, Keller M, Thiele L (2012) Embedding formal performance analysis into the design cycle of MPSoCs for real-time streaming applications. ACM Trans Embed Comput Syst (TECS) 11(1):8Google Scholar
  32. 32.
    Huang P, Giannopoulou G, Ahmed R, Bartolini DB, Thiele L (2015) An isolation scheduling model for multicores. In: RTSS, San Antonio, TX, USAGoogle Scholar
  33. 33.
    Huang P, Giannopoulou G, Stoimenov N, Thiele L (2014) Service adaptions for mixed-criticality systems. In: ASP-DAC’14Google Scholar
  34. 34.
    ISO 26262 (2011) Road vehicles—functional safety.
  35. 35.
    Kahn G (1974) The semantics of a simple language for parallel programming. In: Proceedings of IFIP congress on information processing, vol 74, pp 471–475Google Scholar
  36. 36.
    Kienhuis B, Deprettere E, Vissers K, van der Wolf P (1997) An approach for quantitative analysis of application-specific dataflow architectures. In: Internatioanl coference on application-specific systems, architectures and processors (ASAP), pp 338–349Google Scholar
  37. 37.
    Kim N, Ward BC, Chisholm M, Fu CY et al (2016) Attacking the one-out-of-m multicore problem by combining hardware management with mixed-criticality provisioning. In: RTASGoogle Scholar
  38. 38.
    Kirkpatrick S, Gelatt CD, Vecchi MP (1983) Optimization by simulated annealing. Science 220:671–680MathSciNetCrossRefzbMATHGoogle Scholar
  39. 39.
    Kotaba O, Nowotsch J, Paulitsch M, Petters SM, Theiling H (2014) Multicore in real-time systems–temporal isolation challenges due to shared resources. In: Workshop on industry-driven approaches for cost-effective certification of safety-critical, mixed-criticality systemsGoogle Scholar
  40. 40.
    Lee J, Phan K-M, Gu X, Lee J, Easwaran A, Shin I, Lee I (2014) MC-fluid: fluid model-based mixed-criticality scheduling on multiprocessors. In: RTSS, pp 41–52Google Scholar
  41. 41.
    Li H, Baruah S (2010) Load-based schedulability analysis of certifiable mixed-criticality systems. In: International conference on embedded software, EMSOFT’10Google Scholar
  42. 42.
    Melpignano D, Benini L, Flamand E, Jego B, Lepley T, Haugou G, Clermidy F, Dutoit D (2012) Platform 2012, a many-core computing accelerator for embedded SoCs: performance evaluation of visual analytics applications. In: DAC’12Google Scholar
  43. 43.
    Michael RG, David SJ (1979) Computers and intractability: a guide to the theory of NP-completeness. WH Freeman & Co., San FranciscozbMATHGoogle Scholar
  44. 44.
    Mollison MS, Erickson JP, Anderson JH, Baruah SK, Scoredos JA (2010) Mixed-criticality real-time scheduling for multicore systems. In: International conference on computer and information technology, CIT’10, IEEE, pp 1864–1871Google Scholar
  45. 45.
    Paolieri M, Quiñones E, Cazorla FJ, Bernat G, Valero M (2009) Hardware support for WCET analysis of hard real-time multicore systems. In: ISCA, pp 57–68Google Scholar
  46. 46.
    Pathan R (2012) Schedulability analysis of mixed-criticality systems on multiprocessors. In: ECRTS’12Google Scholar
  47. 47.
    Pellizzoni R, Bui BD, Caccamo M, Sha L (2008) Coscheduling of CPU and I/O transactions in COTS-based embedded systems. In: RTSS’08Google Scholar
  48. 48.
    Perrotin M, Conquet E, Dissaux P, Tsiodras T, Hugues J (2010) The TASTE Toolset: turning human designed heterogeneous systems into computer built homogeneous software. In: Proceedings of embedded real-time software and systems conferenceGoogle Scholar
  49. 49.
    Poplavko P, Bourgos P, Socci D, Bensalem S, Bozga M (2015) Multicore code generation for time-critical applications (Tool).,470.html
  50. 50.
    Poplavko P, Socci D, Bourgos P, Bensalem S, Bozga M (2015) Models for deterministic execution of real-time multiprocessor applications. In: DATEGoogle Scholar
  51. 51.
    Reineke J, Liu I, Patel HD, Kim S, Lee EA (2011) PRET DRAM controller: bank privatization for predictability and temporal isolation. In: Proceedings of the seventh IEEE/ACM/IFIP international conference on Hardware/software codesign and system synthesis, pp 99–108Google Scholar
  52. 52.
    Santy F, George L, Thierry P, Goossens J (2012) Relaxing mixed-criticality scheduling strictness for task sets scheduled with FP. In: ECRTS, IEEE, pp 155–165Google Scholar
  53. 53.
    Sha L, Caccamo M, Mancuso R, Kim J-E, Yoon M-K, Pellizzoni R, Yun H et al (2014) Single core equivalent virtual machines for hard real-time computing on multicore processors. Technical report, University of Illinois at Urbana-ChampaignGoogle Scholar
  54. 54.
    Sigrist L, Giannopoulou G, Huang P, Gomez A, Thiele L (2015) Mixed-criticality runtime mechanisms and evaluation on multicores. In: RTAS’15Google Scholar
  55. 55.
    Socci D, Poplavko P, Bensalem S, Bozga M (2013) Modeling mixed-critical systems in real-time BIP. In: ReTiMiCs’2013Google Scholar
  56. 56.
    Socci D, Poplavko P, Bourgos P, Bensalem S, Bozga M (2015) A timed-automata based middleware for time-critical multicore applications. In: Extended version of SEUS’15 workshop paper. Report TR-2015-12, VerimagGoogle Scholar
  57. 57.
    Sriram S, Bhattacharyya S (2009) Embedded multiprocessors: scheduling and synchronization. Signal processing and communications, 2nd edn. Taylor & Francis, AbingtonCrossRefGoogle Scholar
  58. 58.
    Su H, Zhu D (2013) An elastic mixed-criticality task model and its scheduling algorithm. In: DATE, pp 147–152Google Scholar
  59. 59.
    Tamas-Selicean D, Pop P (2011) Design optimization of mixed-criticality real-time applications on cost-constrained partitioned architectures. In: RTSS’11Google Scholar
  60. 60.
    Thiele L, Bacivarov I, Haid W, Huang K (2007) Mapping applications to tiled multiprocessor embedded systems. In: ACSD’07Google Scholar
  61. 61.
    Thiele L, Chakraborty S, Naedele M (2000) Real-time calculus for scheduling hard real-time systems. In: ISCASGoogle Scholar
  62. 62.
    Tobuschat S, Axer P, Ernst R, Diemer J (2013) IDAMC: a NoC for mixed criticality systems. In: RTCSA, pp 149–156Google Scholar
  63. 63.
    Triki A, Combaz J, Bensalem S, Sifakis J (2013) Model-based implementation of parallel real-time systems. In: FASE’13, SpringerGoogle Scholar
  64. 64.
    Vestal S (2007) Preemptive scheduling of multi-criticality systems with varying degrees of execution time assurance. In: RTSS’07Google Scholar
  65. 65.
    Waez MTB, Dingel J, Rudie K (2013) A survey of timed automata for the development of real-time systems. Comput Sci Rev 9:1–26CrossRefzbMATHGoogle Scholar
  66. 66.
    Wilhelm R, Grund D, Reineke J, Schlickling M, Pister M, Ferdinand C (2009) Memory hierarchies, pipelines, and buses for future architectures in time-critical embedded systems. IEEE Trans Comput Aid Des Integr Circuits Syst 28(7):966–978CrossRefGoogle Scholar
  67. 67.
    Wu ZP, Krish Y, Pellizzoni R (2013) Worst case analysis of DRAM latency in multi-requestor systems. In: RTSS, pp 372–383Google Scholar
  68. 68.
    Yan G, Zhu X, Yan R, Li G (2014) Formal throughput and response time analysis of MARTE models. In: Proceedings of formal methods and software engineering, pp 430–445Google Scholar
  69. 69.
    Yun H, Mancuso R, Wu Z-P, Pellizzoni R (2014) PALLOC: DRAM bank-aware memory allocator for performance isolation on multicore platforms. In: 2014 IEEE 20th, real-time and embedded technology and applications symposium (RTAS), pp 155–166Google Scholar
  70. 70.
    Yun H, Yao G, Pellizzoni R, Caccamo M, Sha L (2012) Memory access control in multiprocessor for real-time systems with mixed criticality. In: ECRTS’12Google Scholar

Copyright information

© Springer Science+Business Media, LLC, part of Springer Nature 2018

Authors and Affiliations

  • Georgia Giannopoulou
    • 1
    Email author
  • Peter Poplavko
    • 5
  • Dario Socci
    • 5
  • Pengcheng Huang
    • 1
  • Nikolay Stoimenov
    • 1
  • Paraskevas Bourgos
    • 6
  • Lothar Thiele
    • 1
  • Marius Bozga
    • 2
  • Saddek Bensalem
    • 2
  • Sylvain Girbal
    • 3
  • Madeleine Faugere
    • 3
  • Romain Soulat
    • 3
  • Benoît Dupont de Dinechin
    • 4
  1. 1.Computer Engineering and Communication Networks LaboratoryETH ZurichZurichSwitzerland
  2. 2.CNRS, VERIMAGUniv. Grenoble-AlpesGrenobleFrance
  3. 3.THALES Research and TechnologyPalaiseau CedexFrance
  4. 4.Kalray S.A.Montbonnot Saint MartinFrance
  5. 5.Mentor, A Siemens BusinessMontbonnotFrance
  6. 6.WINGS ICT Solutions PCAthensGreece

Personalised recommendations