Proceedings of the International Conference on Embedded Software Companion
We discuss ongoing work towards a metalanguage , execution model, and compiler tool chain that pr... more We discuss ongoing work towards a metalanguage , execution model, and compiler tool chain that promotes determinism and grants first-class citizenship to the timing aspects of computation. CCS CONCEPTS • Computer systems organization → Real-time languages; Real-time system specification; Embedded systems;
Le Centre pour la Communication Scientifique Directe - HAL - Inria, Feb 5, 2014
Over the last years, the amount of software integrated in products like cars, planes, or trains h... more Over the last years, the amount of software integrated in products like cars, planes, or trains has considerably grown in order to get more intelligent, more open and more communicating embedded systems. Due to this trend, the ability to manage the software complexity while respecting the safety constraints is now key for competitiveness in industrial domains such as automotive, aeronautic or railway. To achieve this challenge, the real-time kernel plays a major role. Unfortunately the current technologies proposed by the market are handicapped by programming models with poor or nonexistent temporal semantics. This weakness is a really blocking point to keep under control the cost and the time-tomarket of safety-related and always more complex embedded systems. To address these issues, KRONO-SAFE has extended its real-time kernel, called KRON-OS, in order to support an innovative programming model enabling to mix periodic and aperiodic real-time references while guaranteeing the freedom from interference among treatments and the determinism of system behavior on single-core and multi-core processors.
This paper has been submitted to the Grid'2007 conference.Currently deployed grids gather tog... more This paper has been submitted to the Grid'2007 conference.Currently deployed grids gather together thousands of computational and storage resources for the benefit of a large community of scientists. However, the large scale, the wide geographical spread, and at times the decision of the rightful resource owners to commit the capacity elsewhere, raises serious resource availability issues. Little is known about the characteristics of the grid resource availability, and of the impact of resource unavailability on the performance of grids. In this work, we make first steps in addressing this twofold lack of information. First, we analyze a long-term availability trace and assess the resource availability characteristics of Grid'5000, an experimental grid environment of over 2,500 processors. Based on the results of the analysis, we further propose a model for grid resource availability. Our analysis and modeling results show that grid computational resources become unavailable...
The interactions among concurrent tasks pose a challenge in the design of real-time multi-core sy... more The interactions among concurrent tasks pose a challenge in the design of real-time multi-core systems, where blocking delays that tasks may experience while accessing shared memory have to be taken into consideration. Various memory arbitration schemes have been devised that address these issues, by providing trade-offs between predictability, average-case performance, and analyzability. Time-Division Multiplexing (TDM) is a well-known arbitration scheme due to its simplicity and analyzability. However, it suffers from low resource utilization due to its non-work-conserving nature. We proposed in our recent work dynamic schemes based on TDM, showing work-conserving behavior in practice, while retaining the guarantees of TDM. These approaches have only been evaluated in a restricted setting. Their applicability in a preemptive setting appears problematic, since they may induce long memory blocking times depending on execution history. These blocking delays may induce significant jit...
The interactions among concurrent tasks pose a challenge in the design of real-time multi-core sy... more The interactions among concurrent tasks pose a challenge in the design of real-time multi-core systems, where blocking delays that tasks may experience while accessing shared memory have to be taken into consideration. Various memory arbitration schemes have been devised that address these issues, by providing trade-offs between predictability, average-case performance, and analyzability. Time-Division Multiplexing (TDM) is a well-known arbitration scheme due to its simplicity and analyzability. However, it suffers from low resource utilization due to its non-work-conserving nature. We proposed in our recent work dynamic schemes based on TDM, showing work-conserving behavior in practice, while retaining the guarantees of TDM. These approaches have only been evaluated in a restricted setting. Their applicability in a preemptive setting appears problematic, since they may induce long memory blocking times depending on execution history. These blocking delays may induce significant jit...
Enabling high-level programming models on grids is today a major challenge. A way to achieve this... more Enabling high-level programming models on grids is today a major challenge. A way to achieve this goal relies on the use of environments able to transparently and automatically provide adequate support for low-level, grid-specific issues (fault tolerance, scalability, etc.). This paper discusses the above approach when applied to grid data management. As a case study, we propose a 2-tier software architecture that supports transparent, fault-tolerant, grid-level data sharing in the ASSIST programming environment (University of Pisa), based on the JuxMem grid data sharing service (INRIA Rennes).
A timing anomaly is a counterintuitive timing behavior in the sense that a local fast execution s... more A timing anomaly is a counterintuitive timing behavior in the sense that a local fast execution slows down an overall global execution. The presence of such behaviors is inconvenient for the WCET analysis which requires, via abstractions, a certain monotony property to compute safe bounds. In this paper we explore how to systematically execute a previously proposed formal definition of timing anomalies. We ground our work on formal designs of architecture models upon which we employ guided model checking techniques. Our goal is towards the automatic detection of timing anomalies in given computer architecture designs. 2012 ACM Subject Classification Computer systems organization → Real-time systems, Computer systems organization → Embedded systems
Timing analysis of safety-critical systems derives timing bounds of applications, or software (SW... more Timing analysis of safety-critical systems derives timing bounds of applications, or software (SW), executed on dedicated platforms, or hardware (HW). The ensemble HW–SW features, from a timing perspective, two different types of computation – a SW-specific, instruction-driven timing progression and a HW-specific, cycle-driven one. The two timings are unified under a concept of timing model, which is crucial to establish a sound and precise worst-case timing reasoning. In this paper, we propose an investigation on how to systematically derive and formally prove such timing models. Our approach is exemplified on a simple, accumulator-based processor called Lipsi.
Method data transfer between real time tasks using a memory controller dma
The invention provides a method for transferring at least one data between a real-time task of a ... more The invention provides a method for transferring at least one data between a real-time task of a given producer (20) and a real time consuming task (21) of the said data, each datum being associated with a date of visibility, method being implemented in a computer (10) comprising a main memory (4), at least one processor (2) and at least one direct access to the DMA memory controller (3), each DMA controller (3 ) being configured to support data transfer between different areas of the main memory (4) under the control of an operating system (200) executed on the processors (2), characterized in that it comprises steps of, in response to initiation of transfer of data by the current instance k of an initiator task (20, 21): - creating (301) by the operating system (200) of at least one DMA descriptor to describe the DMA transfer expected ladit e given after the execution of a given instance (k-1 or k) of the task; - inserting (302) said operating system (200) of DMA descriptors in a ...
A major challenge with multi-cores in real-time systems is contention between concurrent accesses... more A major challenge with multi-cores in real-time systems is contention between concurrent accesses to shared memory. Dynamic arbitration schemes allow for an optimal utilization of the system's memory, while sacrificing time predictability. Time-Division multiplexing (TDM), on the other hand, sacrifices average-case performance in favor of predictability. In this work, we explore a dynamic arbitration scheme that is essentially based on TDM, and thus preserves many of its guarantees.
Scalable Detection of Amplification Timing Anomalies for the Superscalar TriCore Architecture
Formal Methods for Industrial Critical Systems, 2020
Real-time systems are subject to strong timing requirements, and thus rely on worst-case timing a... more Real-time systems are subject to strong timing requirements, and thus rely on worst-case timing analyses to safely address them. Undesired timing phenomena, called timing anomalies, threaten the soundness of timing analyses. In this regard, we consider the following inauspicious partnership - a compositional timing analysis and amplification timing anomalies. Precisely, we investigate how the industrial, superscalar TriCore architecture is amenable for compositional timing analyses via a formal evaluation of amplification timing anomalies. We adapt and extend a specialized abstraction, called canonical pipeline model, to quantify the amplification effects in a model of a dual-pipelined TriCore, its asynchronous store buffer, data dependencies, and structural hazards. We use model checking to efficiently detect amplification timing anomalies and report the associated complexity results.
Is This Still Normal? Putting Definitions of Timing Anomalies to the Test
2021 IEEE 27th International Conference on Embedded and Real-Time Computing Systems and Applications (RTCSA), 2021
Correctness is an important concern during the development of real-time systems. In addition to t... more Correctness is an important concern during the development of real-time systems. In addition to the functional correctness, the timing behavior is often formally verified in order to ensure that correct results are delivered in-time for all possible execution conditions. The timing behavior of real-time software is thus often validated through a rigorous timing analysis that aims at determining the worst-case execution time.Timing anomalies present a major obstacle during the validation of timing properties on modern computer platforms. Out-of-order execution and concurrent accesses to shared resources may sometimes lead to – at first sight – surprising timing behavior. Several (semi-)formal definitions have been proposed in the literature in order to capture such situations. However, as we present in this work, none of the existing definitions appears to be precise enough to be systematically used for detecting timing anomalies in modern processors with out-of-order execution.
Timing analysis of safety-critical systems derives timing bounds of applications (SW) executed on... more Timing analysis of safety-critical systems derives timing bounds of applications (SW) executed on dedicated platforms (HW). The ensemble HW-SW features, from a timing perspective, two different types of computation-a SW-specific, instruction-driven timing progression and a HW-specific, cycle-driven one. The two timings are unified under a concept of timing model, which is crucial to establish sound and precise timing reasoning. In this paper we propose an investigation on how to systematically derive and formally prove such timing models. Our approach is exemplified on a simple, accumulator-based processor called Lipsi.
Multi-core architectures pose many challenges in real-time systems, which arise from contention b... more Multi-core architectures pose many challenges in real-time systems, which arise from contention between concurrent accesses to shared memory. Among the available memory arbitration policies, Time-Division Multiplexing (TDM) ensures a predictable behavior by bounding access latencies and guaranteeing bandwidth to tasks independently from the other tasks. To do so, TDM guarantees exclusive access to the shared memory in a fixed time window. TDM, however, provides a low resource utilization as it is non-work-conserving. Besides, it is very inefficient for resources having highly variable latencies, such as sharing the access to a DRAM memory. The constant length of a TDM slot is, hence, highly pessimistic and causes an underutilization of the memory. To address these limitations, we present dynamic arbitration schemes that are based on TDM. However, instead of arbitrating at the level of TDM slots, our approach operates at the granularity of clock cycles by exploiting slack time accumulated from preceding requests. This allows the arbiter to reorder memory requests, exploit the actual access latencies of requests, and thus improve memory utilization. We demonstrate that our policies are analyzable as they preserve the guarantees of TDM in the worst case, while our experiments show an improved memory utilization. We furthermore present and evaluate an efficient hardware implementation for a variant of our arbitration strategy.
Uploads
Papers by mathieu jan