Academia.eduAcademia.edu

Outline

Title
Abstract
Key Takeaways
Introduction
On Master Data Concurrency
Conclusion
References

On the Determinism of Multi-core Processors

Profile image of Bruno MonsuezBruno Monsuez

2013

https://doi.org/10.4230/OASICS.FSFMA.2013.32
visibility

description

15 pages

link

1 file

Abstract

Hard real time systems are evolving in order to respond to the increasing demand in complex functionalities while taking advantage of newer hardware. Software development for safety critical systems has to comply with strict requirements that will facilitate the certification process. During this process, each part of the system is evaluated, requiring a certain level of assurance in order to provide confidence in the product. In particular there must be a level of confidence that the system behaves deterministically that may be based on functionality, resources and time. The success of system verification depends greatly on the capacity to determine its exact behavior. Nonetheless, hardware evolved in order to maximize the average computation power throughput with little to no regard to the deterministic aspect. Therefore modern architectural features of processors, like pipelines, cache memories and co-processors, make it hard to verify that all the needed properties are respected...

Key takeaways
sparkles

AI

  1. Determinism in multi-core processors is crucial for safety-critical hard real-time systems.
  2. WCET estimation faces challenges from modern processor features and multi-core architectures.
  3. DO-178B and IEC-61508 standards mandate compliance for functional and non-functional safety characteristics.
  4. Complex interactions in multi-core systems complicate verification of execution time and memory access.
  5. A unified methodology for analyzing multi-core architectures remains absent, impacting certification processes.

Related papers

Towards Certifiable Multicore-based Platforms for Avionics
Ali sher Awan
View PDFchevron_right
Utilizing multicore architectures to enhance software verification in real-time embedded systems
Padraig Fogarty

2013

UTILIZING MULTICORE ARCHITECTURES TO ENHANCE SOFTWARE VERIFICATION IN REAL-TIME EMBEDDED SYSTEMS Padraig Justin Fogarty The hypothesis of this research is that new techniques are required to facilitate software verification on the highly-integrated, but resource constrained, real-time embedded systems; which are widely used in safety-critical applications. Software verification is an essential but expensive undertaking which often consumes as much or more resources than design activities; this is particularly the case in embedded systems that require functional safety. This research explores the existing techniques for software verification on these systems and the verification challenges posed by modern highly-integrated devices. The author then proposes a novel target-level verification approach which addresses some of these challenges. Advances in semiconductor manufacturing processes have fuelled the relentless shrinking of IC design geometries. This has dramatically reduced the...

View PDFchevron_right
Real-Time Computing on Multicore Processors
Rodolfo Pellizzoni

Computer, 2016

lthough multicore technology has many benefits for real-time systems-among them, decreased weight and power, fewer cooling requirements, and increased CPU bandwidth per processor-multicore chips pose problems that stem from the cores interfering with one another when accessing shared resources. Interference is compounded in real-time systems, which are based on the assumption that worst-case execution time (WCET) is constant; that is, a software task's measured WCET must be the same whether that task executes alone or with other tasks. This assumption holds for single-core chips, but not for multicore chips unless they have isolation mechanisms between cores. Measurements we performed on a commercial multicore platform (Freescale P4080) revealed that a task's WCET can increase by as much as 600 percent when a task on one core runs with logically independent tasks in other cores. Because of the potential for large and random delay spikes, the US Federal Aviation Administration (FAA), European Aviation Safety Agency (EASA), and Transport Canada specify that only single-core chips can be used unless intercore interference is specifically defined and handled. 1 Indeed, DO-178C: Software Considerations in Airborne Systems and Equipment Certification, the primary document by which certification authorities such as the FAA, the EASA, and Transport Canada approve all commercial software-based aerospace systems, was developed for the certification of software in single-core computers. 2 With a single-core chip, architects can assume a constant WCET and can thus schedule tasks and partition resources without unanticipated delays. Hence, the ideal solution is to certifiably bound intercore interference in a multicore chip such that each core can be used as a single-core computer. As part of studying the feasibility of such a solution, we developed the Single-Core Equivalent (SCE) technology package, which addresses interference problems that arise when cores concurrently access DRAM, the memory bus, shared cache resources, I/O resources, and the on-chip network. With SCE, each core can be used as if it were a single-core chip, allowing the timing analysis and certification of software in a core independently of software in other cores. This has implications for avionics Architects of multicore chips for avionics must define and bound intercore interference, which requires assuming a constant worstcase execution time for tasks executing on the chip. With the Single Core Equivalent technology package, engineers can treat each core as if it were a single-core chip.

View PDFchevron_right
Processor Support for Temporal Predictability - The SPEAR Design Example
Peter Puschner

The demand for predictable timing behavior is characteristic for real-time applications. Experience has shown that this property cannot be achieved by software alone but rather requires support from the processor. This situation is analyzed and mapped to a design rationale for SPEAR (Scalable Processor for Embedded Applications in Real-time Environments), a processor that has been designed to meet the specific temporal demands of real-time systems. At the hardware level, SPEAR guarantees interrupt response with minimum temporal jitter and minimum delay. Furthermore, the processor provides an instruction set that only has constant-time instructions. At the software level, SPEAR supports the implementation of temporally predictable code according to the single-path programming paradigm. Altogether, these features support writing of code with minimal jitter and provide the basis for exact temporal predictability. Experimental results show that SPEAR indeed exhibits the anticipated high...

View PDFchevron_right
Identifying the sources of unpredictability in COTS-based multicore systems
Dakshina Dasari

Proceedings of the 8th IEEE International Symposium on Industrial Embedded Systems, SIES 2013, 2013

COTS-based multicores are now the preferredchoice for hosting embedded applications owing to their immensecomputational capabilities, small form factor and low powerconsumption. Many of these embedded applications have real-timerequirements and real-time system designers must be ableassess them for their predictability and provide guarantees (atdesign time) that they deliver the correct functional behaviorwithin predefined time bounds. However, the underlyingarchitecture of commercially available multicores is extremelycomplex and non-amenable to straightforward timing analysis.In this paper, we highlight the architectural features leading totemporal unpredictability, which mainly involve shared hardwareresources, such as buses, caches, and memories. We explore someof the existing work in timing analysis with respect to thesefeatures, identify their limitations, and present some unaddressedissues that must be dealt with to ensure safe deployment of real-timesystems.

View PDFchevron_right
Deterministic Execution Model on COTS Hardware
Eric Noulard

Lecture Notes in Computer Science, 2012

In order to be able to use multicore COTS hardware in critical systems, we put forward a time-oriented execution model and provide a general framework for programming and analysing a multicore compliant with the execution model.

View PDFchevron_right
Automatic Formal Verification of Liveness for Pipelined Processors with Multicycle Functional Units
Miroslav Velev

Lecture Notes in Computer Science, 2005

Previous work on microprocessor formal verification has almost exclusively addressed the proof of safety-that if a processor does something during a step, it will do it correctly-as also observed in [2], while ignoring the proof of liveness-that a processor will complete a new instruction after a finite number of steps. Several authors used theorem proving to check liveness [15][16][17][19][23][28][32][34], but invested extensive manual work. This paper is the first to prove liveness for pipelined processors with multicycle functional units in an automatic way. Functional units in recent state-of-the-art processors usually have latencies of up to 20-30 cycles, and rarely up to 200 cycles, but it is expected that the memory latencies in next generation high-performance designs will reach 1,000 cycles [13]. Thus, the need to develop automatic techniques to prove the liveness of pipelined processors where the functional units can have latencies of up to thousands of cycles. In the current paper, the implementation and specification are described in the highlevel hardware description language HDL [46], based on the logic of Equality with Uninterpreted Functions and Memories (EUFM) [7]. In EUFM, word-level values are abstracted with terms (see Sect. 4) whose only relevant property is that of equality with other terms. Restrictions on the style for describing high-level processors [35][36] reduced the number of terms that appear in both positive and negated equality comparisons-and are so called g-terms (for general terms)-and increased the number of

View PDFchevron_right
Increasing the determinism in real-time operating systems for ERC32 architecture
Sebastián Prieto

2006

To develop on-board software in embedded space applications, it is often a requirement to use a real-time operating system, since these systems must assure that the timing constraints associated to each task are guaranteed. Furthermore, it's desirable that the execution time of the real-time application in any scenario is as deterministic as possible (i.e., it takes always the same time to perform the task). Typical real-time operating systems focus on increasing performance by focusing on scheduler design, device driver writing, heavy machine-level code optimisations, etc. However, the main goal must be to behave in as a deterministic way as possible. The work related to this paper is centred in real-time, embedded operating systems research on the ERC32 architecture, an E.S.A. (European Space Agency) standard architecture for space applications. This architecture is SPARC V7 instruction set compliant and has a lot of features built-in for space applications, but some aspects o...

View PDFchevron_right
A Multi-core processor for hard real-time systems
Mateo Valero

2011

La consulta d'aquesta tesi queda condicionada a l'acceptació de les següents condicions d'ús: La difusió d'aquesta tesi per mitjà del servei TDX (www.tesisenxarxa.net) ha estat autoritzada pels titulars dels drets de propietat intel•lectual únicament per a usos privats emmarcats en activitats d'investigació i docència. No s'autoritza la seva reproducció amb finalitats de lucre ni la seva difusió i posada a disposició des d'un lloc aliè al servei TDX. No s'autoritza la presentació del seu contingut en una finestra o marc aliè a TDX (framing). Aquesta reserva de drets afecta tant al resum de presentació de la tesi com als seus continguts. En la utilització o cita de parts de la tesi és obligat indicar el nom de la persona autora. ADVERTENCIA. La consulta de esta tesis queda condicionada a la aceptación de las siguientes condiciones de uso: La difusión de esta tesis por medio del servicio TDR (www.tesisenred.net) ha sido autorizada por los titulares de los derechos de propiedad intelectual únicamente para usos privados enmarcados en actividades de investigación y docencia. No se autoriza su reproducción This thesis also investigates a solution to verify the timing correctness of HRTs without requiring any modification in the core design: we design a hardware unit which is interfaced with the processor and integrated into a functional-safety aware methodology. This unit monitors the execution time of a block of instructions and it detects if it exceeds the WCET. Concretely, we show how to handle timing faults on a real industrial automotive platform. X 8 Conclusions 8.1 Thesis Conclusions .

View PDFchevron_right
Work-in-Progress: Design-Space Exploration of Multi-Core Processors for Safety-Critical Real-Time Systems
Dolly Sapra

2017 IEEE Real-Time Systems Symposium (RTSS), 2017

In this paper we outline Design Space Exploration methodology aimed at homogeneous multi-core architectures, where the safety-criticality is the crux of a system design. Multi-core architectures provide better computational abilities, but at the same time complicate the computation of timing bounds. Determining suitable architectures that achieve timing requirements is an important aspect for a system designer. The proposed work conceptualizes ways to automate and explore different design facets of a multi-core processor. The intention is to ensure that the particular application meets its deadlines, while optimizing other objectives such as minimizing hardware costs, energy consumption and floor area. The automated exploration builds upon Mulitcore Response Time Analysis for timing verification and multicube for heuristic search methods. The aim is to generate an architecture design in the end that can be used directly to build a custom application specific processor.

View PDFchevron_right

References (32)

  1. Aeroflex. UT699 LEON 3FT/SPARCTM V8 MicroProcessor, Functional Manual, 2012.
  2. Aeroflex Gaisler AB. GR712RC -Dual-Core LEON3FT SPARC V8 Processor, User's Manual, 2011.
  3. ARM. AMBA Specification (Rev 2), 1999.
  4. Christoph C., Christian F., Gernot G., Grund D., Maiza C., Reineke J., Triquet B., and Wilhelm R. Predictability considerations in the design of multi-core embedded systems. In Proceedings of Embedded Real Time Software and Systems, pages 36-42, May 2010.
  5. S. Chattopadhyay and A. Roychoudhury. Scalable and precise refinement of cache timing analysis via model checking. In Proceedings of the 2011 IEEE 32nd RTSS, RTSS'11, 2011.
  6. S. Chattopadhyay, A. Roychoudhury, and T. Mitra. Modeling shared cache and bus in multi- cores for timing analysis. In Proceedings of the 13th International Workshop on Software 38; Compilers for Embedded Systems, SCOPES'10, pages 6:1-6:10, New York, NY, USA, 2010. ACM.
  7. F. Chen, D. Zhang, and Z. Wang. Characterizing the inter-thread interference of multi- core architectures for accurate wcet estimations of real-time applications. In Przeglad Elektrotechniczny, 2012.
  8. N. Drach, A. Seznec, and D. Windheiser. Direct-mapped versus set-associative pipelined caches. In Proceedings of the IFIP WG10.3 working conference on Parallel architectures and compilation techniques, PACT 95, 1995.
  9. D. Hardy, T. Piquet, and I. Puaut. Using bypass to tighten WCET estimates for multi-core processors with shared instruction caches. In Proceedings of the 2009 30th IEEE Real-Time Systems Symposium, RTSS'09, pages 68-77, Washington, DC, USA, 2009. IEEE Computer Society.
  10. D. Hardy and I. Puaut. WCET analysis of multi-level non-inclusive set-associative instruc- tion caches. In Proceedings of the 2008 Real-Time Systems Symposium, RTSS'08, pages 456-466, Washington, DC, USA, 2008. IEEE Computer Society.
  11. D. Hardy and I. Puaut. Estimation of cache related migration delays for multi-core pro- cessors with shared instruction caches. In Laurent George and Maryline Chetto andMikael Sjodin, editors, 17th International Conference on RTNS, pages 45-54, Paris, France, 2009.
  12. R. Heckmann, M. Langenbach, S. Thesing, and R. Wilhelm. The influence of processor ar- chitecture on the design and the results of WCET tools. Proceedings of the IEEE, 91(7):1038 -1054, july 2003.
  13. International Electrotechnical Commission. IEC 61508 Functional safety of electrical/elec- tronic/programmable electronic safety-related systems, 2010.
  14. A. Kadlec, R. Kirner, and P. Puschner. Avoiding timing anomalies using code trans- formations. In Proc. 13th IEEE International Symposium on Object/Component/Service- Oriented Real-Time Distributed Computing, pages 123-132, May. 2010.
  15. T. Kelter, H. Falk, P. Marwedel, S. Chattopadhyay, and A. Roychoudhury. Bus-aware multicore WCET analysis through TDMA offset bounds. In Proceedings of the 2011 23rd Euromicro Conference on Real-Time Systems, ECRTS'11, pages 3-12, Washington, DC, USA, 2011. IEEE Computer Society.
  16. R. Kirner, A. Kadlec, and P. Puschner. Precise worst-case execution time analysis for processors with timing anomalies. In Real-Time Systems, 2009. ECRTS'09. 21st Euromicro Conference on, pages 119-128, July.
  17. Y. Liang, H. Ding, T. Mitra, A. Roychoudhury, Y. Li, and V. Suhendra. Timing analysis of concurrent programs running on shared cache multi-cores. Real-Time Syst., 48(6):638-680, November 2012.
  18. F S F M A ' 1 3
  19. P. Panda, N. Dutt, and A. Nicolau. Efficient utilization of scratch-pad memory in embedded processor applications. In Proceedings of the 1997 European conference on Design and Test, EDTC'97, pages 7-, Washington, DC, USA, 1997. IEEE Computer Society.
  20. M. Paolieri, E. Quiñones, F. Cazorla, G. Bernat, and M. Valero. Hardware support for WCET analysis of hard real-time multicore systems. SIGARCH Comput. Archit. News, 37(3):57-68, June 2009.
  21. V. A. Paun and B. Monsuez. Adaptable and precise worst case execution time estimation tool. In LCTES 2012 Work-in-Progress Proceedings, LCTES'12, 2012.
  22. Radio Technical Commission for Aeronautics. DO-178B Software Considerations in Air- borne Systems and Equipment Certification.
  23. J. Reineke, D. Grund, C. Berg, and R. Wilhelm. Timing predictability of cache replacement policies. Real-Time Syst., 37(2):99-122, November 2007.
  24. M. Schoeberl. Time-predictable cache organization. In Proceedings of the First Inter- national Workshop on Software Technologies for Future Dependable Distributed Systems (STFSSD 2009), pages 11-16. IEEE Computer Society, 2009.
  25. M. Schoeberl, B. Huber, and W. Puffitsch. Data cache organization for accurate timing analysis. Real-Time Systems, DOI: 10.1007/s11241-012-9159-8:1-28, 2012.
  26. SPARC International Inc. SPARC V8 architecture manual, Revision SAV080SI9308, 1992.
  27. Xavier Vera, Björn Lisper, and Jingling Xue. Data caches in multitasking hard real-time systems. In Proceedings of the 24th IEEE International Real-Time Systems Symposium, RTSS'03, pages 154-, Washington, DC, USA, 2003. IEEE Computer Society.
  28. I. Wenzel, R. Kirner, P. Puschner, and B. Rieder. Principles of timing anomalies in super- scalar processors. In Quality Software, 2005. (QSIC 2005). Fifth International Conference on, pages 295 -303, sept. 2005.
  29. M. Wolf and M. Lam. A data locality optimizing algorithm. In Proceedings of the ACM SIGPLAN 1991 conference on Programming language design and implementation, PLDI'91, pages 30-44, New York, NY, USA, 1991. ACM.
  30. J. Yan and W. Zhang. Hybrid multi-core architecture for boosting single-threaded perform- ance. SIGARCH Comput. Archit. News, 35(1):141-148, March 2007.
  31. J. Yan and W. Zhang. WCET analysis for multi-core processors with shared L2 instruc- tion caches. In Real-Time and Embedded Technology and Applications Symposium, 2008. RTAS'08. IEEE, pages 80 -89, april 2008.
  32. J. Yan and W. Zhang. Accurately estimating worst-case execution time for multi-core processors with shared direct-mapped instruction caches. In 15th IEEE International Con- ference RTCSA'09, 2009.

Related papers

Deterministic platform software for hard real-time systems using multi-core COTS
Sylvain Girbal

2015 IEEE/AIAA 34th Digital Avionics Systems Conference (DASC), 2015

Future generations of avionic equipments are expected to embed multi-core processors. Using Components Off-The-Shelf (COTS) processors is considered both by the industrial and academic communities, as well as certification authorities. However, in the safety-critical domain, a common issue with COTS multi-core processors is their lack of predictability, directly linked to the difficulty to foresee and manage inter-core interferences due to shared hardware resources. A possible solution consists in defining a Usage Domain that constrains the use of shared resources down to a level for which interference situations are known and their impact on software execution time is acceptable. Nevertheless, COTS processors have not been designed to see their behavior restricted by such usage domains, and do not provide dedicated mechanisms for that purpose. Hence the usage domains are enforced by more complex mechanisms implemented in dedicated pieces of software running below the applicative level. We call them Deterministic Platform Software (DPS). The objective of this paper is to propose an overview of existing DPS solutions, and propose criteria leading to a uniform classification. Additionally, we propose a mapping of these solutions to a selection of avionic use cases.

View PDFchevron_right
Models for Deterministic Execution of Real-Time Multiprocessor Applications
Peter Poplavko

Design, Automation & Test in Europe Conference & Exhibition (DATE), 2015, 2015

With the proliferation of multi-cores in embedded real-time systems, many industrial applications are being (re-)targeted to multiprocessor platforms. However, exactly reproducible data values at the outputs as function of the data and timing of the inputs is less trivial to realize in multiprocessors, while it can be imperative for various practical reasons. Also for parallel platforms it is harder to evaluate the task utilization and ensure schedulability, especially for end-to-end communication timing constraints and aperiodic events. Based upon reactive system extensions of Kahn process networks, we propose a model of computation that employs synchronous events and event priority relations to ensure deterministic execution. For this model, we propose an online scheduling policy and establish a link to a well-developed scheduling theory. We also implement this model in publicly available prototype tools and evaluate them on state-of-the art multi-core hardware, with a streaming benchmark and an avionics case study.

View PDFchevron_right
Relaxed determinism: Making redundant execution on multiprocessors practical
david lie

2007

Given that the majority of future processors will contain an abundance of execution cores, redundant execution can offer a promising method for increasing the availability and resilience against intrusions of computing systems. However, redundant execution systems rely on the premise that when external input is duplicated identically to a set of replicas executing the same program, the replicas will produce identical outputs unless they are compromised or experience an error. Unfortunately, threaded applications exhibit non-determinism that breaks this premise and current redundant execution systems are unable to account for this non-determinism, especially on multiprocessors. In this paper, we introduce a method called relaxed determinism that is utilized by our system, called Replicant, to support redundant execution with reasonable performance while tolerating non-determinism.

View PDFchevron_right
Verifying Nondeterministic Implementations of Deterministic Systems
Kyle Nelson

Formal Methods in Computer-Aided Design, 1996

Some modern systems with a simple deterministic high-level specification have implementations that exhibit highly nondeterministic behavior. Such systems maintain a simple operation semantics at the high-level. However their underlying implementations exploit parallelism to enhance performance leading to interaction among operations and contention for resources. The deviation from the sequential execution model not only leads to nondeterminism in the implementation but creates the potential for serious design errors. This paper presents a methodology for formal verification of such systems. An abstract specification describes the high-level behavior as a set of operations. A mapping relates the sequential semantics of these operations to the underlying nondeterminism in the implementation. Symbolic Trajectory Evaluation, a modified form of symbolic simulation, is used to perform the actual verification. The methodology is currently being used to verify portions of a superscalar processor which implements the PowerPC architecture. Our initial work on the fixed point unit indicates that this is a promising approach for verification of processors.

View PDFchevron_right
Reasoning about the reliability of multi-version, diverse real-time systems
Bev Littlewood

2010

This paper is concerned with the development of reliable real-time systems for use in high integrity applications. It advocates the use of diverse replicated channels, but does not require the dependencies between the channels to be evaluated. Rather it develops and extends the approach of Littlewood and Rushby (for general systems) by investigating a two channel system in which one channel, A, is produced to a high level of reliability (i.e. has a very low failure rate), while the other, B, employs various forms of static analysis to sustain an argument that it is perfect (i.e. it will never miss a deadline). The first channel is fully functional, the second contains a more restricted computational model and contains only the critical computations. Potential dependencies between the channels (and their verification) are evaluated in terms of aleatory and epistemic uncertainty. At the aleatory level the events "A fails" and "B is imperfect" are independent. Moreover, unlike the general case, independence at the epistemic level is also proposed for common forms of implementation and analysis for real-time systems and their temporal requirements (deadlines). As a result, a systematic approach is advocated that can be applied in a real engineering context to produce highly reliable real-time systems, and to support numerical claims about the level of reliability achieved.

View PDFchevron_right
580 California St., Suite 400
San Francisco, CA, 94104
© 2025 Academia. All rights reserved