Adaptive Time-Triggered Multi-Core Architecture

Coordination Models and Languages, 2020

Coordination is a well established computing paradigm with a plethora of languages, abstractions and approaches. Yet, we are not aware of any adoption of the principle of coordination in the broad domain of cyber-physical systems, where non-functional properties, such as execution/response time, energy consumption and security are as crucial as functional correctness. We propose a coordination approach, including a functional coordination language and its associated tool flow, that considers time, energy and security as first-class citizens in application design and development. We primarily target cyber-physical systems running on off-the-shelf heterogeneous multi-core platforms. We illustrate our approach by means of a real-world use case, an unmanned aerial vehicle for autonomous reconnaissance mission, which we develop in close collaboration with industry.

Distributed Computing and Internet Technology, 2017

Real-time safety-critical systems are getting more complex by integrating multiple applications with different criticality levels on a single platform. The increasing complexity in the design of mixedcriticality real-time systems has motivated researchers to move from uniprocessor to multiprocessor platforms. In this paper, we focus on the time-triggered scheduling of both independent and dependent mixedcriticality jobs on an identical multiprocessor platform. We show that our algorithm is more efficient than the Mixed criticality Priority Improvement (MCPI) algorithm, the only existing such algorithm for a multiprocessor platform.

American Journal of Embedded Systems and Applications, 2014

For many real-time embedded systems, Time-Triggered Cooperative (TTC) scheduling algorithms provide simple and reliable solution at low cost. Previous work in this area has focused on the development of a wide range of TTC implementations for various purposes (e.g. for achieving low-jitter characteristics, reducing CPU power consumption or dealing with task-overruns). Despite the great deal of work in this area, it can be said that each previous scheduler implementation was created to address only one particular problem in TTC algorithm. For applications which require extremely high degree of reliability, a combinational TTC architecture-that incorporates multiple features-can be an appropriate solution. This paper describes the implementation of an adaptive, highly-predictable TTC scheduler that addresses both jitter and task-overrun problems simultaneously. Furthermore, the presented scheduler incorporates an online technique for measuring the practical "worst-case execution time" for each task during system runtime. The behavior of the proposed scheduler is compared with a set of previously developed schedulers in terms of timing jitter, task-overrun handling capability and resource requirements for practical real-time implementations.

2015 IEEE 17th International Conference on High Performance Computing and Communications, 2015 IEEE 7th International Symposium on Cyberspace Safety and Security, and 2015 IEEE 12th International Conference on Embedded Software and Systems, 2015

Modern safety-critical systems, such as avionics, tend to be mixed-critical, because integration of different tasks with different assurance requirements can effectively reduce their costs in terms of hardware, at the risk, however to increase the costs for certification, in particular in the context of proving their schedulability. To simplify the certification costs such systems use Time Triggered (TT) scheduling paradigm, and a generalization of the Time Triggered (TT) scheduling paradigm Single Time Mode (STTM). We present a state-of-the art STTM algorithm which works optimally on single core and shows good experimental results for multi-cores. In addition, because the algorithm can be applied on top of any memoryless scheduling policy, we show that applying it to list scheduling leads to support of task graph (precedence) dependencies and/or non-preemptive scheduling, for which our algorithm also shows good experimental results.

Information Control Problems in Manufacturing 2006, 2006

Recently, the development of control systems for safety-critical industrial applications has gained special attention in the international committees. Some standards such as the IEC-61508 introduce guidelines for risk assessment considering failure rates less than 10 −6 per year. For a distributed system to meet that requirement, one alternative is to employ fault-tolerance techniques such as active redundancy and message cross-checking. Considering that for cost and locality reasons the processing units of these distributed systems are usually interconnected through a shared bus, the underlying communication platform becomes the most important building block. It must provide low-level support for deterministic data transmission as well as a global time base to coordinate the actions of replicated units. Within this context, this paper presents a time-triggered extension of the CAN protocol as a communication architecture for safety-critical applications. Unlike other related work that rely on a centralized reference of time, our communication platform is enhanced with a low cost, essentially distributed clock synchronization algorithm.

2015

Loosely Time-Triggered Architectures (LTTAs) are a proposal for constructing distributed embedded control systems. They build on the quasi-periodic architecture, where computing units execute 'almost periodically', by adding a thin layer of middleware that facilitates the implementation of synchronous applications. In this paper, we show how the deployment of a synchronous application on a quasi-periodic architecture can be modeled using a synchronous formalism. Then we detail two protocols, Back-Pressure LTTA, reminiscent of elastic circuits, and Time-Based LTTA, based on waiting. Compared to previous work, we present controller models that can be compiled for execution and a simplified version of the Time-Based protocol. We also compare the LTTA approach with architectures based on clock synchronization.

IFAC Proceedings Volumes, 2000

SEIT A addresses the systems engineering of safety-critical distributed realtime systems with a special focus on time-triggered architectures. An innovative methodology and a corresponding engineering environment is developed which aims for a higher maturity at early development steps. Key features are the support for a virtual systems integration and the tighter interconnection between the functional development process and the safety analysis process. The supporting tool components are designed and implemented in the course of the SETT A project. The methodology is evaluated by pilot applications from the automotive. aerospace, and railway domain.

International Journal of Engineering and Technology, 2017

Time-triggered system provides more attractive options for many safety-related and safety-critical embedded systems. The work is mainly concerned with developing novel scheduling algorithms and implementation techniques which can be automated and ensured predictability during the process of time-triggered cooperative architecture. The major objective of this work is to modify an automated scheduling technique for use with time-triggered cooperative based on the employment of multiple timer interrupts. The results show that proposed algorithm provides the effective schedulability and can help in a significant reduction of scheduling time as compared with a traditional scheduler. Index Terms-Time-triggered architecture, time-triggered cooperative scheduler, multiple timer interrupts.

Journal of Systems and Software, 2019

Cyber physical systems (CPSs) are a fast-evolving technology based on a strong synergy between heterogeneous sensing, networking, computation and control modules. When coping with critical applications that require real-time performance and autonomous operation in uncertain conditions, the design of such complex systems is still facing significant difficulties. A particular challenge in this respect derives from the software intensive nature of these systems-the need to develop flexible and specifically tailored task scheduling techniques. In our view, an appropriate line of thinking is to take advantage of mixed criticality concepts following the lessons learned from avionics and automotive domains, where complexity, safety, determinism and real-time constraints are extreme. From this perspective, our work aims at facilitating the integration of mixed criticality systems-based strategy in cyber physical systems by identifying the particularities of the latter and their influence on scheduling mechanisms, by describing the standard mixed-criticality task model in the cyber physical systems context, and by analyzing and proposing the most suitable scheduling algorithms to be implemented in cyber physical systems. Moreover, the perspectives on future developments in this area are discussed, as new horizons in research arise with the integration of mixed criticality concepts in the cyber physical systems context.

2016 IEEE 25th International Symposium on Industrial Electronics (ISIE), 2016

There is a huge discrepancy between off-the-shelf (COTS) hardware architectures and requirements for embedded industrial applications. Industrial systems are getting more complex by the day, and an interaction of highly diverse components within these systems is unavoidable. An implementation of such systems on COTS hardware is challenging. Platforms based on single-core CPUs is becoming limited, and use of multicore architectures yields safety risks, and overall inefficiency. Tailored architectures provide adequate service but they lack flexibility and therefore their economic justification is limited. Emerging technologies i.e., hybrid system-on-chip combined with novel architectural concepts are filling blind spots between COTS architectures and embedded industrial applications.The paper presents the implementation of an MPSoC architecture on a hybrid system-on-a-chip platform. This architecture provides unique capabilities for embedded applications, in particular, the possibility to host mixed-criticiality and cross-domain applications.

2008 47th IEEE Conference on Decision and Control, 2008

In this paper we consider Loosely Time-Triggered Architectures (LTTA) as a networked infrastructure for deploying discrete control. LTTA are distributed architectures in which 1/ each computing unit is triggered by its own local clock, 2/ the local clocks are not synchronized, and 3/ communication is by the following principle: each communication link acts as a shared and sustained variable that can be, at will, written by the source node and read by the destination node. The loose communication medium used can cause duplication and/or loss of events, as well as distorsion of the synchronization between events occurring at different nodes of the network. While LTT architectures possess significant advantages, their use for distributed discrete control raises serious difficulties. Together with other authors, the authors of this paper have proposed a comprehensive design methodology ensuring the preservation of semantics, from specification to implementation over LTTA. This technique uses sophisticated token based protocols alike so-called elastic circuits recently introduced for asynchronous hardware. In this paper we propose a completely different approach, with no flow of token, and entirely time based. Our approach relies on upsampling and suitable use of local counters. We prove the preservation of semantics, from specification to implementation on LTTA with this technique, and we study its performance.

2018

We observe a tremendous trend towards mixed-criticality systems, where subsystems of different safety assurance level coexist and interact. In addition, embedded systems are demanded to be efficient in terms of energy consumption to achieve longer operation time with the same battery capacity. This paper introduces a novel architecture for an adaptive time-triggered communication at the chip-level, which addresses the above challenges. In the proposed architecture, time-triggered communication offers safety by establishing temporal and spatial segregation of the communication channels. In addition, adaptivity enables the communication backbone to adapt the injection time of message according to the real execution time of computational tasks, thereby decreasing the overall makespan of the application and increasing the sleep time. In addition to power saving, adaptivity helps to achieve fault recovery, as a faulty subsystem can be shut down and replaced by a backup subsystem. The pro...

ACM Transactions on Embedded Computing Systems, 2016

Loosely Time-Triggered Architectures (LTTAs) are a proposal for constructing distributed embedded control systems. They build on the quasi-periodic architecture, where computing units execute nearly periodically , by adding a thin layer of middleware that facilitates the implementation of synchronous applications. In this article, we show how the deployment of a synchronous application on a quasi-periodic architecture can be modeled using a synchronous formalism. Then we detail two protocols, Back-Pressure LTTA, reminiscent of elastic circuits, and Time-Based LTTA, based on waiting. Compared to previous work, we present controller models that can be compiled for execution, a simplified version of the Time-Based protocol and optimizations for systems using broadcast communication. We also compare the LTTA approach with architectures based on clock synchronization.

The 23rd Digital Avionics Systems Conference (IEEE Cat. No.04CH37576), 2004

Time-Triggered Architectures (TTA) and SCADE are both well-established technologies and tools for building safety-critical embedded software. Both are based on the same time-triggered approach;

2014

By integrating components for sensing, communicating, computing and actuating, Cyber-Physical Systems (CPSs) enable software applications to monitor and control events in the physical world. It is widely anticipated that CPSs will become pervasive in personal and industrial applications. As deployed CPSs will impact safety of humans and infrastructure, certifying their correctness is imperative. For an important class of systems, correctness requires guaranteed timing properties. For instance, in an automatic stability program of an automobile, the worst-case endto-end delay between sensing and actuating could be upper-bounded. Analysis of such hard real-time guarantees in CPSs is inherently challenging, because the timing models exhibit variability due to multiple reasons. Firstly, as CPSs are distributed and heterogeneous, events do not arrive periodically. Secondly, on modern processors, resource availability can be non-uniform due to physical effects such as overheating or low energy supply. Thirdly, timing models can be uncertain either due to incorrect calibration or simultaneous analysis of multiple designs. Finally, due to complex components in such CPSs, such as caches, rare and transient phenomena can result in deviation from nominal timing models. In three parts of the thesis, we present three templates of solutions to compute hard real-time guarantees in the presence of the said variability. • Variability in arrival patterns of events can be absorbed by a runtime manager which monitors and adapts to incoming events. We illustrate this by compositionally building demand bound servers and cool-shapers from efficient constituent units.