Conference Paper

Zero-time communication for automotive multi-core systems under SPP scheduling

Authors:
To read the full-text of this research, you can request a copy directly from the authors.

No full-text available

Request Full-text Paper PDF

To read the full-text of this research,
you can request a copy directly from the authors.

... A popular way to achieve these goals is to implement a communication scheme following the so-called Logical Execution Time (LET) paradigm [15]. This can be effectively implemented in a real-time embedded platform by introducing multiple memory slots for shared data, such as double- [4] or triple-buffering [22] with pointer switching, or alternatively with the use of intermediate global labels and a dedicated update task that performs the copies and runs with the highest priority [5]. The LET copies can also be performed with the usage of DMA engines [23], [24]. ...
Article
In embedded computing domains, including the automotive industry, complex functionalities are split across multiple tasks that form task chains . These tasks are functionally dependent and communicate partial computations through shared memory slots based on the Logical Execution Time (LET) paradigm. This paper introduces a model that captures the behavior of a producer-consumer pair of tasks in a chain, characterizing the timing of reading and writing events. Using ring algebra, the combined behavior of the pair can be modeled as a single periodic task. The paper also presents a lightweight mechanism to eliminate jitter in an entire chain of any size, resulting in a single periodic LET task with zero jitter. All presented methods are available in a public repository.
... The Logical Execution Timing (LET) programming model [7] was recently identified as a potential candidate to facilitate the migration from single-to multi-core architectures in the automotive sector [6,2,11]. Amongst other benefits, LET is a timing specification that introduces time-and value-deterministic inter-task communication across multiple cores. ...
Chapter
The interest in the logical execution time (LET) paradigm has recently experienced a boost, especially in the automotive industry. This is because it is considered a practical candidate for migrating concurrent legacy software from single- to multi-core platforms by introducing deterministic intra- and inter-core communication. In many cases, the implementation of these individual software components roots in MATLAB/Simulink, a modeling and simulation environment, where the controller functionality is described with a block-oriented formalism and simulated with synchronous reactive semantics. Considering LET already in the modeling and simulation phase instead of deferring this to the integration phase, as it is done now, is an important step towards the idea of models being the single source of truth and to estimate the effect of LET on end-to-end timing in cause-effect-chains at an early stage. This paper presents two approaches of simulating software components with LET semantics in Simulink. In contrast to previous work, which deals with clean slate top-down approaches, we focus on legacy software (in the form of Simulink models) that does not satisfy some of the initial assumptions of the LET programming model.
Article
Modern embedded software includes complex functionalities and routines, often implemented by splitting the code across different tasks. Such tasks communicate their partial computations to their successors, forming a task chain. Traditionally, this architecture relies on the assumption of hard deadlines and timely communication. However, in actual implementations, tasks may miss their deadlines, thus affecting the propagation of their data. This paper analyses a task chain in which tasks can fail to complete their jobs according to the weakly-hard task model. We explore how missing deadlines affect chains in terms of classic latency metrics and valid data paths. Our analysis, based on mixed integer linear programming, extracts the worst-case deadline miss pattern for any given performance metric.
Conference Paper
The Logical Execution Time (LET) programming model has been recently employed as a parallel programming paradigm for multi-core platforms, in particular for porting large single-core applications to multi-core versions, which is a serious challenge faced in major industries, such as the automotive one. In this paper, we consider a transformation process from legacy single-core software to LET-based versions that are ready for multi-core, and focus on the problem of minimizing computational costs rooted in the additional buffering that is required to achieve the LET communication semantics, especially for parallel executions and in the presence of legacy event-driven functions that remain outside of the LET specifications. We propose a static analysis that proceeds top-down through successive layers of abstraction, where an optimal solution at a certain layer represents a minimal upper bound on the set of buffers determined in the next layer. We present a solution for the top layer, which is platform-independent and has no restrictions on executions of event-driven software. Furthermore, we derive optimal buffering for a second layer with a minimal platform configuration. We refer here to a three-layer implementation, which has been successfully applied to industrial automotive software, where further savings are achieved in the mapping from second layer buffers to memory locations. We also point to evaluation results, demonstrating the applicability of the approach in industrial settings.
Article
Full-text available
The theories underlying control engineering and real-time systems engineering use idealized models that mutually abstract from central aspects of the other discipline. Control theory usually assumes jitter-free sampling and negligible (constant) input-output latencies, disregarding complex real-world timing effects. Real-time systems theory uses abstract performance models that neglect the functional behavior and derives worst-case situations with limited expressiveness for control functions, e.g., In physically dominated automotive systems. In this paper, we propose an approach that integrates state-of-the art timing models into functional analysis. We combine physical, control and timing models by representing them as a network of hybrid automata. Closed-loop properties can then be verified on this hybrid automata network by using standard model checkers for hybrid systems. Since the computational complexity is critical for model checking, we discuss abstract models of timing behavior that seem particularly suited for this type of analysis. The approach facilitates systematic co-engineering between both control and real-time disciplines, increasing design efficiency and confidence in the system. The approach is illustrated by analyzing an industrial example, the control software of an electro-mechanical braking system, with the hybrid model checker Space Ex.
Conference Paper
Full-text available
Since its introduction in 2000 in the time-triggered programming language Giotto, the Logical Execution Time (LET) paradigm has evolved from a highly controversial idea to a well-understood principle of real-time programming. This chapter provides an easy-to-read overview of LET programming languages and runtime systems as well as some LET-inspired models of computation. The presentation is intuitive, by example, citing the relevant literature including more formal treatment of the material for reference.
Conference Paper
Full-text available
We introduce the paradigm of schedule-carrying code (SCC). A hard real-time program can be executed on a given platform only if there exists a feasible schedule for the real-time tasks of the program. Traditionally, a scheduler determines the existence of a feasible schedule according to some scheduling strategy. With SCC, a compiler proves the existence of a feasible schedule by generating executable code that is attached to the program and represents its schedule. An SCC executable is a real-time program that carries its schedule as code, which is produced once and can be revalidated and executed with each use. We evaluate SCC both in theory and practice. In theory, we give two scenarios, of nonpreemptive and distributed scheduling for Giotto programs, where the generation of a feasible schedule is hard, while the validation of scheduling instructions that are attached to the programs is easy. In practice, we implement SCC and show that explicit scheduling instructions can reduce the scheduling overhead up to 35% and can provide an efficient, flexible, and verifiable means for compiling Giotto programs on complex architectures, such as the TTA.
Conference Paper
Full-text available
In the last years, a progressive migration from single processor chips to multi-core computing devices has taken place in the general-purpose and embedded system market. The development of Multi-Processor Systems is already a core activity for the most important hardware companies. A lot of different solutions have been proposed to overcome the physical limits of single core devices and to address the increasing computational demand of modern multimedia applications. The Real-Time community followed this trend with an increasing number of results adapting the classical scheduling analysis to parallel computing systems. This paper will contribute to refine the schedulability analysis for Symmetric Multi-Processor (SMP) Real-Time systems composed by a set of periodic and sporadic tasks. We will focus on both fixed and dynamic priority global scheduling algorithms, where tasks can migrate from one processor to another during execution. By increasing the complexity of the analysis, we will show that an improve- ment is possible over existing schedulability tests, signifi- cantly increasing the number of schedulable task sets de- tected. The added computational effort is comparable to the cost of techniques widely used in the uniprocessor case. We believe this is a reasonable cost to pay, given the intrin- sically higher complexity of multi-processor devices.
Article
Full-text available
Giotto provides an abstract programmer's model for the implementation of embedded control systems with hard real-time constraints. A typical control application consists of periodic software tasks together with a mode-switching logic for enabling and disabling tasks. Giotto specifies time-triggered sensor readings, task invocations, actuator updates, and mode switches independent of any implementation platform. Giotto can be annotated with platform constraints such as task-to-host mappings, and task and communication schedules. The annotations are directives for the Giotto compiler, but they do not alter the functionality and timing of a Giotto program. By separating the platform-independent from the platform-dependent concerns, Giotto enables a great deal of flexibility in choosing control platforms as well as a great deal of automation in the validation and synthesis of control software. The time-triggered nature of Giotto achieves timing predictability, which makes Giotto particularly suitable for safety-critical applications.
Conference Paper
The growing demand for computing power in automotive applications can only be satisfied by embedded multi-core processors. Significant parts of such applications include OEM-owned legacy software, which has been developed for single-core platforms. While the OEM is faced with the issues of parallelizing the software and specifying the requirements to the ECU supplier, the latter has to deal with implementing the required parallelization within the integrated system. The Logical Execution Time (LET) paradigm addresses these concerns in a clear conceptual framework. We present here initial steps for applying the LET model in this respect: (1) Parallelization of legacy embedded control software, by exploiting existing inherent parallelism. The application software remains unchanged, as adaptations are only made to the middleware. (2) Using the LET programming model to ensure that the parallelized software has a correct functional and temporal behavior. The Timing Definition Language (TDL) and associated tools are employed to specify LET-based requirements, and to generate system components that ensure LET behavior. The work describes two conceptual ways for integrating TDL components in AUTOSAR.
Article
The underlying theories of both control engineering and real-time systems engineering assume idealized system abstractions that mutually neglect central aspects of the other discipline. Control engineering theory, on the one hand, usually assumes jitter free sampling and constant input-output latencies disregarding complex real-world timing effects. Real-time engineering theory, on the other hand, uses abstract performance models that neglect the functional behavior, and derives worst-case situations that have little expressiveness for control functionalities in physically dominated automotive systems. As a consequence, there is a lot of potential for a systematic co-engineering between both disciplines, increasing design efficiency and confidence. In this paper, we discuss possible approaches for such a co-engineering and their current applicability to real world problems. In particular, we compare simulation-based and formal verification techniques for various construction principles of automotive real-time control software.
Conference Paper
The advent of multi- and many-core processors comes with new challenges and opportunities for the designer of embedded real-time applications. By using parallel programming techniques (e.g. OpenMP) software engineers can leverage from the available hardware parallelism and speed up the algorithms. The inherent redundancy of multi-core architectures can also be used to implement fault-tolerance by executing code redundantly on multiple cores in parallel. Parallel programming and redundant execution are typical examples for fork-join tasks in which the program is partially parallelized. However, complex synchronization of parallel segments across multiple cores can cause unanticipated effects. This is especially problematic in hard real-time applications where data must be available in bounded time (e.g. stereo vision for pedestrian detection). The contribution of this work is a novel worst-case response time analysis which accounts for synchronization of fork-join tasks with arbitrary deadlines. We apply the analysis to the Romain framework which extends the L4 micro kernel by redundant multithreading targeted towards fault-tolerant embedded systems. By using formal analysis, we show that parallelizing workloads can lead to drastic performance impairments compared to traditional sequential execution if not done carefully.
Conference Paper
Giotto provides an abstract programmer’s model for the implementation of embedded control systems with hard real-time constraints. A typical control application consists of periodic software tasks together with a mode switching logic for enabling and disabling tasks. Giotto specifies time-triggered sensor readings, task invocations, and mode switches independent of any implementation platform. Giotto can be annotated with platform constraints such as task-to-host mappings, and task and communication schedules. The annotations are directives for the Giotto compiler, but they do not alter the functionality and timing of a Giotto program. By separating the platform-independent from the platform-dependent concerns, Giotto enables a great deal of flexibility in choosing control platforms as well as a great deal of automation in the validation and synthesis of control software. The time-triggered nature of Giotto achieves timing predictability, which makes Giotto particularly suitable for safety-critical applications.
Article
As multiprocessor systems are increasingly used in automotive real-time environments, scheduling and synchronization analysis of these platforms receive growing attention. Upcoming multicore ECUs allow the integration of previously separated functionality for body electronics or sensor fusion onto a single unit, and allow the parallelization of complex computations over multiple cores. The application of multiple CPUs turns an ECU into a highly integrated ldquonetworked systemrdquo microcosm, in which complex interdependencies can be observed due to the use of shared resources even in partitioned scheduling. To deliver predictable performance, resource arbitration protocols are required and have been proposed in literature. This paper presents an novel analytical approach to provide the worst-case response time for real-time tasks in multiprocessor systems with shared resources. The method supports realistic, event- or time-driven task activation schemes and allows to calculate tight bounds on the estimated system performance.
Article
The problem of multiprogram scheduling on a single processor is studied from the viewpoint of the characteristics peculiar to the program functions that need guaranteed service. It is shown that an optimum fixed priority scheduler possesses an upper bound to processor utilization which may be as low as 70 percent for large task sets. It is also shown that full processor utilization can be achieved by dynamically assigning priorities on the basis of their current deadlines. A combination of these two scheduling techniques is also discussed.
Conference Paper
This paper proposes a new method for deriving quantitative event information for compositional multiprocessor performance analysis. This procedure brakes down the complexity into the analysis of individual components (tasks mapped to resources) and the propagation of the timing information with the help of event models. This paper improves previous methods to derive event models in a multiprocessor system by providing tighter bounds and allowing arbitrarily shaped event models. The procedure is based on a a simple yet expressive resource model called the multiple event busy time which can be derived on the basis of classical scheduling theory -- it can therefore be provided for a large domain of scheduling policies. Our experiments show that overestimation by previous methods can be reduced significantly.
Conference Paper
Consideration is given to the problem of fixed priority scheduling of period tasks with arbitrary deadlines. A general criterion for the schedulability of such a task set is given. Worst case bounds are given which generalize the C.L. Liu and J.W. Layland (1973) bound. The results are shown to provide a basis for developing predictable distributed real-time systems
Article
SymTA/S is a system-level performance and timing analysis approach based on formal scheduling analysis techniques and symbolic simulation. The tool supports heterogeneous architectures, complex task dependencies and context aware analysis. It determines system-level performance data such as end-to-end latencies, bus and processor utilisation, and worst-case scheduling scenarios. SymTA/S furthermore combines optimisation algorithms with system sensitivity analysis for rapid design space exploration. The paper gives an overview of current research interests in the SymTA/S project.
Article
The Embedded Mac hine is a virtualmac hine that mediates in real time the interac36) between software proc esses and physicV proc esses. It separates thecA51CP)OC3 of embedded programs into two phases. The first, platform-independent c6AC6)O phase generates E c de (c de exec633 by the Embedded Mac hine), whic h supervises the timing --- not thesc heduling--- ofapplic)OCP tasks relative to external events, suc h asc loc ktic ks and sensor interrupts. Ec ode is portable and exhibits, given an input behavior, predic)OCV (i.e., deterministicFA3)c and output behavior. Thesec ond, platform-dependentcAFFF5) phasec hec ks the time safety of the E c de, that is, whether platform performanc (determined by the hardware and platform utilization (determined by the sc heduler of the operating system enable its timely exec5P)OS We have used the Embedded Mac hine toc)3PVA and execCS high-performanc cr trol applicP tions written in Giotto, suc h as the flightc ontrol system of an autonomous model helicC)OSA Categories and Subject Descriptors D.4.7 [Operating Systems]: Organization and Design--- Real-time systems and embedded systems General Terms Languages Keywords Real Time, VirtualMac 1.
Transparent distribution of real-time components based on logical execution time
  • E Farcas
  • C Farcas
  • W Pree
  • J Templ
SchedCAT: The schedulability test collection and toolkit
  • B Brandenburg
AUTOSAR SWS Operating System
  • Autosar Group
OSEK/VDX Operating System Specification
  • Osek Group
MircoC/OS-II The Real Time Kernel
  • Jean J Labrosse
pyCPA - a pragmatic Python implementation of Compositional Performance Analysis
  • J Diemer
  • P Axer