DOL-BIP-Critical: a tool chain for rigorous design and implementation of mixed-criticality multi-core systems

Abstract

Mixed-criticality systems are promoted in industry due to their potential to reduce size, weight, power, and cost. Nonetheless, deploying mixed-criticality applications on commercial multi-core platforms remains a highly challenging problem. To name a few reasons: (i) Industrial mixed-criticality applications are usually complex reactive applications, which cannot be specified by traditional, e.g., dataflow-based, models of computation. Appropriate mixed-criticality models of computation built upon Vestal’s assumptions are missing; (ii) Scheduling such applications on multicores with shared resources, such as memory buses, requires that any timing interference among applications of different criticality is bounded in order to guarantee—the necessary for certification—temporal isolation and to enable incremental design; (iii) The implementation of isolation-preserving mixed-criticality schedulers is itself subject to certification. Hence, it needs to be not only efficient, but also provably correct. This paper proposes, for the first time, a complete design flow covering all aspects from specification, using a novel mixed-criticality aware model of computation (DOL-Critical), to correct-by-construction implementation, using the principle ‘what you verify is what you generate’ which is based on a novel variant of task automata. We demonstrate the applicability of our design flow with an industrial avionic test case on the state-of-the-art Kalray MPPA®-256.

This is a preview of subscription content, access via your institution.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15

Notes

  1. 1.

    These models are used in our tool-chain for timing analysis (Sect. 4.2). The concrete class of applications and targets architectures that can be specified in DOL-Critical is described in Sect. 5.

  2. 2.

    Conventional sporadic tasks assume \(a_i=1\).

  3. 3.

    RTE specifies a shared resource, as described in Sect. 8.3.

  4. 4.

    In reality, the blackboard is defined and implemented as a more complex object [17], for which the given simplified definition provides a reasonable abstraction.

References

  1. 1.

    Abdellatif T, Combaz J, Sifakis J (2010) Model-based implementation of real-time applications. In: EMSOFT ’10

  2. 2.

    AbsInt (2015) aiT worst-case execution time analyzers. https://www.absint.com/ait/

  3. 3.

    Alur R, Dill DL (1990) Automata for modeling real-time systems. In: Paterson M (ed) Proceedings of the 17th international colloquium on automata, languages and programming (ICALP), LNCS, vol 443, Springer, pp 322–335

  4. 4.

    Amnell T, Fersman E, Mokrushin L, Pettersson P, Yi W (2002) TIMES—a tool for modelling and implementation of embedded systems. In: Proceedings of tools and algorithms for the construction and analysis of systems, Springer, pp 460–464

  5. 5.

    Anderson J, Baruah S, Brandenburg B (2009) Multicore operating-system support for mixed criticality. In: Workshop on mixed criticality: roadmap to evolving UAV certification

  6. 6.

    ARINC. ARINC 653-1 Avionics application software standard interface. Technical report

  7. 7.

    Barhorst J, Belote T, Binns P, Hoffman J, Paunicka J, Sarathy P, Stanfill J, Stuart D, Urzi R (2009) White paper: a research agenda for mixed-criticality systems, CPS Week 2009. http://www.cse.wustl.edu/~cdgill/CPSWEEK09_MCAR

  8. 8.

    Baruah S, Chattopadhyay B, Li H, Shin I (2014) Mixed-criticality scheduling on multiprocessors. Real Time Syst 50:142–177

    Article  MATH  Google Scholar 

  9. 9.

    Bourgos P, Basu A, Bozga M, Bensalem S, Sifakis J, Huang K (2011) Rigorous system level modeling and analysis of mixed HW/SW systems. In: Proceedings of international conference on formal methods and models for codesign, MEMOCODE 2011, pp 11–20

  10. 10.

    Burns A, Baruah S (2013) Towards a more practical model for mixed criticality systems. Workshop on mixed criticality, pp 1–6

  11. 11.

    Burns A, Davis R (2015) Mixed criticality systems: a review. https://www-users.cs.york.ac.uk/burns/review.pdf

  12. 12.

    Burns A, Fleming T, Baruah S (2015) Cyclic executives, multi-core platforms and mixed criticality applications. In: Euromicro conference on real-time systems (ECRTS), pp 3–12

  13. 13.

    Calandrino J, Leontyev H, Block A, Devi U, Anderson J (2006) LITMUS RT: a testbed for empirically comparing real-time multiprocessor schedulers. In: RTSS, pp 111–126

  14. 14.

    de Dinechin B D, van Amstel D, Poulhiès M, Lager G (2014) Time-critical computing on a single-chip massively parallel processor. In: DATE’14, EDAA

  15. 15.

    de Niz D, Phan LTX (2014) Partitioned scheduling of multi-modal mixed-criticality real-time systems on multiprocessor platforms. In: RTAS, pp 111–122

  16. 16.

    DO-178C. RTCA/DO-178C, Software considerations in airborne systems and equipment certification (2012)

  17. 17.

    DOL-Critical (2014) Distributed operation layer for mixed-criticality applications. http://www.tik.ee.ethz.ch/~certainty/dolc.html

  18. 18.

    Durrieu G, Faugère M, Girbal S, G. Pérez D, Pagetti C, Puffitsch W (2014) Predictable flight management system implementation on a multicore processor. In: ERTSS’14

  19. 19.

    Easwaran A (2013) Demand-based scheduling of mixed-criticality sporadic tasks on one processor. In: RTSS’13

  20. 20.

    Ekberg P, Yi W (2012) Bounding and shaping the demand of mixed-criticality sporadic tasks. In: ECRTS’12

  21. 21.

    Fersman E, Krcál P, Pettersson P, Yi W (2007) Task automata: schedulability, decidability and undecidability. Inf Comput 205(8):1149–1172

    MathSciNet  Article  MATH  Google Scholar 

  22. 22.

    Flodin J, Lampka K, Yi W (2014) Dynamic budgeting for settling DRAM contention of co-running hard and soft real-time tasks. In: 2014 9th IEEE international symposium on Industrial embedded systems (SIES), pp 151–159

  23. 23.

    Giannopoulou G, Lampka K, Stoimenov N, Thiele L (2012) Timed model checking with abstractions: towards worst-case response time analysis in resource-sharing manycore systems. In: EMSOFT’12

  24. 24.

    Giannopoulou G, Stoimenov N, Huang P, Thiele L (2013) Scheduling of mixed-criticality applications on resource-sharing multicore systems. In: EMSOFT’13

  25. 25.

    Giannopoulou G, Stoimenov N, Huang P, Thiele L, de Dinechin B (2015) Mixed-criticality scheduling on cluster-based manycores with shared communication and storage resources. Real Time Syst 51:1–51

    Article  Google Scholar 

  26. 26.

    Goossens S, Akesson B, Goossens K (2013) Conservative open-page policy for mixed time-criticality memory controllers. In: DATE’13

  27. 27.

    Hansson A, Goossens K, Bekooij M, Huisken J (2009) CompSoC: a template for composable and predictable multi-processor system on chips. ACM Trans Des Autom Electron Syst (TODAES) 14(1):2

    Google Scholar 

  28. 28.

    Hassan M, Patel H, Pellizzoni R (2015) A framework for scheduling DRAM memory accesses for multi-core mixed-time critical systems. In: RTAS, pp 307–316

  29. 29.

    Herman J, Kenna C, Mollison M, Anderson J, Johnson D (2012) RTOS support for multicore mixed-criticality systems. In: RTAS, pp 197–208

  30. 30.

    Huang H-M, Gill C, Lu C (2014) Implementation and evaluation of mixed-criticality scheduling approaches for sporadic tasks. ACM Trans Embed Comput Syst 13(4s):126:1–126:25

    Article  Google Scholar 

  31. 31.

    Huang K, Haid W, Bacivarov I, Keller M, Thiele L (2012) Embedding formal performance analysis into the design cycle of MPSoCs for real-time streaming applications. ACM Trans Embed Comput Syst (TECS) 11(1):8

    Google Scholar 

  32. 32.

    Huang P, Giannopoulou G, Ahmed R, Bartolini DB, Thiele L (2015) An isolation scheduling model for multicores. In: RTSS, San Antonio, TX, USA

  33. 33.

    Huang P, Giannopoulou G, Stoimenov N, Thiele L (2014) Service adaptions for mixed-criticality systems. In: ASP-DAC’14

  34. 34.

    ISO 26262 (2011) Road vehicles—functional safety. https://www.iso.org/standard/43464.html

  35. 35.

    Kahn G (1974) The semantics of a simple language for parallel programming. In: Proceedings of IFIP congress on information processing, vol 74, pp 471–475

  36. 36.

    Kienhuis B, Deprettere E, Vissers K, van der Wolf P (1997) An approach for quantitative analysis of application-specific dataflow architectures. In: Internatioanl coference on application-specific systems, architectures and processors (ASAP), pp 338–349

  37. 37.

    Kim N, Ward BC, Chisholm M, Fu CY et al (2016) Attacking the one-out-of-m multicore problem by combining hardware management with mixed-criticality provisioning. In: RTAS

  38. 38.

    Kirkpatrick S, Gelatt CD, Vecchi MP (1983) Optimization by simulated annealing. Science 220:671–680

    MathSciNet  Article  MATH  Google Scholar 

  39. 39.

    Kotaba O, Nowotsch J, Paulitsch M, Petters SM, Theiling H (2014) Multicore in real-time systems–temporal isolation challenges due to shared resources. In: Workshop on industry-driven approaches for cost-effective certification of safety-critical, mixed-criticality systems

  40. 40.

    Lee J, Phan K-M, Gu X, Lee J, Easwaran A, Shin I, Lee I (2014) MC-fluid: fluid model-based mixed-criticality scheduling on multiprocessors. In: RTSS, pp 41–52

  41. 41.

    Li H, Baruah S (2010) Load-based schedulability analysis of certifiable mixed-criticality systems. In: International conference on embedded software, EMSOFT’10

  42. 42.

    Melpignano D, Benini L, Flamand E, Jego B, Lepley T, Haugou G, Clermidy F, Dutoit D (2012) Platform 2012, a many-core computing accelerator for embedded SoCs: performance evaluation of visual analytics applications. In: DAC’12

  43. 43.

    Michael RG, David SJ (1979) Computers and intractability: a guide to the theory of NP-completeness. WH Freeman & Co., San Francisco

    MATH  Google Scholar 

  44. 44.

    Mollison MS, Erickson JP, Anderson JH, Baruah SK, Scoredos JA (2010) Mixed-criticality real-time scheduling for multicore systems. In: International conference on computer and information technology, CIT’10, IEEE, pp 1864–1871

  45. 45.

    Paolieri M, Quiñones E, Cazorla FJ, Bernat G, Valero M (2009) Hardware support for WCET analysis of hard real-time multicore systems. In: ISCA, pp 57–68

  46. 46.

    Pathan R (2012) Schedulability analysis of mixed-criticality systems on multiprocessors. In: ECRTS’12

  47. 47.

    Pellizzoni R, Bui BD, Caccamo M, Sha L (2008) Coscheduling of CPU and I/O transactions in COTS-based embedded systems. In: RTSS’08

  48. 48.

    Perrotin M, Conquet E, Dissaux P, Tsiodras T, Hugues J (2010) The TASTE Toolset: turning human designed heterogeneous systems into computer built homogeneous software. In: Proceedings of embedded real-time software and systems conference

  49. 49.

    Poplavko P, Bourgos P, Socci D, Bensalem S, Bozga M (2015) Multicore code generation for time-critical applications (Tool). http://www-verimag.imag.fr/Multicore-Time-Critical-Code,470.html

  50. 50.

    Poplavko P, Socci D, Bourgos P, Bensalem S, Bozga M (2015) Models for deterministic execution of real-time multiprocessor applications. In: DATE

  51. 51.

    Reineke J, Liu I, Patel HD, Kim S, Lee EA (2011) PRET DRAM controller: bank privatization for predictability and temporal isolation. In: Proceedings of the seventh IEEE/ACM/IFIP international conference on Hardware/software codesign and system synthesis, pp 99–108

  52. 52.

    Santy F, George L, Thierry P, Goossens J (2012) Relaxing mixed-criticality scheduling strictness for task sets scheduled with FP. In: ECRTS, IEEE, pp 155–165

  53. 53.

    Sha L, Caccamo M, Mancuso R, Kim J-E, Yoon M-K, Pellizzoni R, Yun H et al (2014) Single core equivalent virtual machines for hard real-time computing on multicore processors. Technical report, University of Illinois at Urbana-Champaign

  54. 54.

    Sigrist L, Giannopoulou G, Huang P, Gomez A, Thiele L (2015) Mixed-criticality runtime mechanisms and evaluation on multicores. In: RTAS’15

  55. 55.

    Socci D, Poplavko P, Bensalem S, Bozga M (2013) Modeling mixed-critical systems in real-time BIP. In: ReTiMiCs’2013

  56. 56.

    Socci D, Poplavko P, Bourgos P, Bensalem S, Bozga M (2015) A timed-automata based middleware for time-critical multicore applications. In: Extended version of SEUS’15 workshop paper. Report TR-2015-12, Verimag

  57. 57.

    Sriram S, Bhattacharyya S (2009) Embedded multiprocessors: scheduling and synchronization. Signal processing and communications, 2nd edn. Taylor & Francis, Abington

    Book  Google Scholar 

  58. 58.

    Su H, Zhu D (2013) An elastic mixed-criticality task model and its scheduling algorithm. In: DATE, pp 147–152

  59. 59.

    Tamas-Selicean D, Pop P (2011) Design optimization of mixed-criticality real-time applications on cost-constrained partitioned architectures. In: RTSS’11

  60. 60.

    Thiele L, Bacivarov I, Haid W, Huang K (2007) Mapping applications to tiled multiprocessor embedded systems. In: ACSD’07

  61. 61.

    Thiele L, Chakraborty S, Naedele M (2000) Real-time calculus for scheduling hard real-time systems. In: ISCAS

  62. 62.

    Tobuschat S, Axer P, Ernst R, Diemer J (2013) IDAMC: a NoC for mixed criticality systems. In: RTCSA, pp 149–156

  63. 63.

    Triki A, Combaz J, Bensalem S, Sifakis J (2013) Model-based implementation of parallel real-time systems. In: FASE’13, Springer

  64. 64.

    Vestal S (2007) Preemptive scheduling of multi-criticality systems with varying degrees of execution time assurance. In: RTSS’07

  65. 65.

    Waez MTB, Dingel J, Rudie K (2013) A survey of timed automata for the development of real-time systems. Comput Sci Rev 9:1–26

    Article  MATH  Google Scholar 

  66. 66.

    Wilhelm R, Grund D, Reineke J, Schlickling M, Pister M, Ferdinand C (2009) Memory hierarchies, pipelines, and buses for future architectures in time-critical embedded systems. IEEE Trans Comput Aid Des Integr Circuits Syst 28(7):966–978

    Article  Google Scholar 

  67. 67.

    Wu ZP, Krish Y, Pellizzoni R (2013) Worst case analysis of DRAM latency in multi-requestor systems. In: RTSS, pp 372–383

  68. 68.

    Yan G, Zhu X, Yan R, Li G (2014) Formal throughput and response time analysis of MARTE models. In: Proceedings of formal methods and software engineering, pp 430–445

  69. 69.

    Yun H, Mancuso R, Wu Z-P, Pellizzoni R (2014) PALLOC: DRAM bank-aware memory allocator for performance isolation on multicore platforms. In: 2014 IEEE 20th, real-time and embedded technology and applications symposium (RTAS), pp 155–166

  70. 70.

    Yun H, Yao G, Pellizzoni R, Caccamo M, Sha L (2012) Memory access control in multiprocessor for real-time systems with mixed criticality. In: ECRTS’12

Download references

Acknowledgements

The research leading to these results has received funding from the European Union Seventh Framework Programme (FP7/2007-2013) under grant agreement number 288175 (CERTAINTY project).

Author information

Affiliations

Authors

Corresponding author

Correspondence to Georgia Giannopoulou.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Peter Poplavko, Dario Socci and Paraskevas Bourgos—Ex-employees of VERIMAG (“The presented research was performed while working at VERIMAG”).

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Giannopoulou, G., Poplavko, P., Socci, D. et al. DOL-BIP-Critical: a tool chain for rigorous design and implementation of mixed-criticality multi-core systems. Des Autom Embed Syst 22, 141–181 (2018). https://doi.org/10.1007/s10617-018-9206-3

Download citation

Keywords

  • Real-time systems
  • Mixed-criticality systems
  • Multi-core scheduling
  • Rigorous design
  • Software synthesis
  • Avionics