Parcus: Energy-Aware and Robust Parallelization of AUTOSAR Legacy Applications

Embedded multicore processors are an attractive alternative to sophisticated single-core processors for the use in automobile electronic control units (ECUs), due to their expected higher performance and energy efficiency. Parallelization approaches for AUTOSAR legacy software exploit these benefits. Nevertheless, these approaches focus on extracting performance neglecting the system's worst-case sensor/actuator latency and energy consumption. This paper presents Parcus, an energy-and latency-aware parallelization technique that combines both runnable-and tasklevel parallelism. Parcus explicitly models the traversal of data from sensor to actuator through task instances, enabling to consider the latency imposed by parallelization techniques. The parallel schedule quality (PSQ) metric quantifies the success of the parallelization, for which it takes the latency and the processor frequency into account. We demonstrate the applicability of Parcus with an automotive case study. The results show that Parcus can fully utilize the processor's energy-saving potential.This research received funding from the EU FP7 no. 287519 (parMERASA), the ARTEMIS-JU no. 621429 (EMC2), and the German Federal Ministry of Education and Research.Peer ReviewedPostprint (author's final draft

System Level LET with Application to Automotive Design

The logical execution time (LET) programming model has been applied in the automotive industry to master multicore programming of large task systems with complex dependencies. Recent developments in electric powertrains and autonomous vehicle functions raise parallel programming from the multicore level to the vehicle level where the requirements for LET application do not hold any more. This paper introduces System Level LET (SL LET), an extension of LET with relaxed synchronization requirements. While related extensions have been proposed for specific scheduling and communication models before, SL LET can be used with a variety of scheduling algorithms and communication semantics. Furthermore, it can be applied to systems with combinations of LET and other programming models. Yet, SL LET allows end-to-end timing guarantees and preserves essential LET properties required for automotive systems. For illustration, we apply the model to an electric vehicle use case

A time-predictable many-core processor design for critical real-time embedded systems

Critical Real-Time Embedded Systems (CRTES) are in charge of controlling fundamental parts of embedded system, e.g. energy harvesting solar panels in satellites, steering and breaking in cars, or flight management systems in airplanes. To do so, CRTES require strong evidence of correct functional and timing behavior. The former guarantees that the system operates correctly in response of its inputs; the latter ensures that its operations are performed within a predefined time budget. CRTES aim at increasing the number and complexity of functions. Examples include the incorporation of \smarter" Advanced Driver Assistance System (ADAS) functionality in modern cars or advanced collision avoidance systems in Unmanned Aerial Vehicles (UAVs). All these new features, implemented in software, lead to an exponential growth in both performance requirements and software development complexity. Furthermore, there is a strong need to integrate multiple functions into the same computing platform to reduce the number of processing units, mass and space requirements, etc. Overall, there is a clear need to increase the computing power of current CRTES in order to support new sophisticated and complex functionality, and integrate multiple systems into a single platform. The use of multi- and many-core processor architectures is increasingly seen in the CRTES industry as the solution to cope with the performance demand and cost constraints of future CRTES. Many-cores supply higher performance by exploiting the parallelism of applications while providing a better performance per watt as cores are maintained simpler with respect to complex single-core processors. Moreover, the parallelization capabilities allow scheduling multiple functions into the same processor, maximizing the hardware utilization. However, the use of multi- and many-cores in CRTES also brings a number of challenges related to provide evidence about the correct operation of the system, especially in the timing domain. Hence, despite the advantages of many-cores and the fact that they are nowadays a reality in the embedded domain (e.g. Kalray MPPA, Freescale NXP P4080, TI Keystone II), their use in CRTES still requires finding efficient ways of providing reliable evidence about the correct operation of the system. This thesis investigates the use of many-core processors in CRTES as a means to satisfy performance demands of future complex applications while providing the necessary timing guarantees. To do so, this thesis contributes to advance the state-of-the-art towards the exploitation of parallel capabilities of many-cores in CRTES contributing in two different computing domains. From the hardware domain, this thesis proposes new many-core designs that enable deriving reliable and tight timing guarantees. From the software domain, we present efficient scheduling and timing analysis techniques to exploit the parallelization capabilities of many-core architectures and to derive tight and trustworthy Worst-Case Execution Time (WCET) estimates of CRTES.Los sistemas críticos empotrados de tiempo real (en ingles Critical Real-Time Embedded Systems, CRTES) se encargan de controlar partes fundamentales de los sistemas integrados, e.g. obtención de la energía de los paneles solares en satélites, la dirección y frenado en automóviles, o el control de vuelo en aviones. Para hacerlo, CRTES requieren fuerte evidencias del correcto comportamiento funcional y temporal. El primero garantiza que el sistema funciona correctamente en respuesta de sus entradas; el último asegura que sus operaciones se realizan dentro de unos limites temporales establecidos previamente. El objetivo de los CRTES es aumentar el número y la complejidad de las funciones. Algunos ejemplos incluyen los sistemas inteligentes de asistencia a la conducción en automóviles modernos o los sistemas avanzados de prevención de colisiones en vehiculos aereos no tripulados. Todas estas nuevas características, implementadas en software,conducen a un crecimiento exponencial tanto en los requerimientos de rendimiento como en la complejidad de desarrollo de software. Además, existe una gran necesidad de integrar múltiples funciones en una sóla plataforma para así reducir el número de unidades de procesamiento, cumplir con requisitos de peso y espacio, etc. En general, hay una clara necesidad de aumentar la potencia de cómputo de los actuales CRTES para soportar nueva funcionalidades sofisticadas y complejas e integrar múltiples sistemas en una sola plataforma. El uso de arquitecturas multi- y many-core se ve cada vez más en la industria CRTES como la solución para hacer frente a la demanda de mayor rendimiento y las limitaciones de costes de los futuros CRTES. Las arquitecturas many-core proporcionan un mayor rendimiento explotando el paralelismo de aplicaciones al tiempo que proporciona un mejor rendimiento por vatio ya que los cores se mantienen más simples con respecto a complejos procesadores de un solo core. Además, las capacidades de paralelización permiten programar múltiples funciones en el mismo procesador, maximizando la utilización del hardware. Sin embargo, el uso de multi- y many-core en CRTES también acarrea ciertos desafíos relacionados con la aportación de evidencias sobre el correcto funcionamiento del sistema, especialmente en el ámbito temporal. Por eso, a pesar de las ventajas de los procesadores many-core y del hecho de que éstos son una realidad en los sitemas integrados (por ejemplo Kalray MPPA, Freescale NXP P4080, TI Keystone II), su uso en CRTES aún precisa de la búsqueda de métodos eficientes para proveer evidencias fiables sobre el correcto funcionamiento del sistema. Esta tesis ahonda en el uso de procesadores many-core en CRTES como un medio para satisfacer los requisitos de rendimiento de aplicaciones complejas mientras proveen las garantías de tiempo necesarias. Para ello, esta tesis contribuye en el avance del estado del arte hacia la explotación de many-cores en CRTES en dos ámbitos de la computación. En el ámbito del hardware, esta tesis propone nuevos diseños many-core que posibilitan garantías de tiempo fiables y precisas. En el ámbito del software, la tesis presenta técnicas eficientes para la planificación de tareas y el análisis de tiempo para aprovechar las capacidades de paralelización en arquitecturas many-core, y también para derivar estimaciones de peor tiempo de ejecución (Worst-Case Execution Time, WCET) fiables y precisas

Modeling and Analysis of Automotive Cyber-physical Systems: Formal Approaches to Latency Analysis in Practice

Based on advances in scheduling analysis in the 1970s, a whole area of research has evolved: formal end-to-end latency analysis in real-time systems. Although multiple approaches from the scientific community have successfully been applied in industrial practice, a gap is emerging between the means provided by formally backed approaches and the need of the automotive industry where cyber-physical systems have taken over from classic embedded systems. They are accompanied by a shift to heterogeneous platforms build upon multicore architectures. Scien- tific techniques are often still based on too simple system models and estimations on important end-to-end latencies have only been tightened recently. To this end, we present an expressive system model and formally describe the problem of end-to-end latency analysis in modern automotive cyber-physical systems. Based on this we examine approaches to formally estimate tight end-to-end latencies in Chapter 4 and Chapter 5. The de- veloped approaches include a wide range of relevant systems. We show that our approach for the estimation of latencies of task chains dominates existing approaches in terms of tightness of the results. In the last chapter we make a brief digression to measurement analysis since measuring and simulation is an important part of verification in current industrial practice

Performanzanalyse für Multi-Core Multi-Mode Systeme mit gemeinsam genutzten Ressourcen - Verfahren und Anwendung auf AUTOSAR -

In order to implement multi-core systems for single-mode and multi-mode real-time applications, as can be found in modern automobiles, their development process requires appropriate methods and tools for timing and performance verification. In this context, this thesis proposes first novel approaches for the analysis of worst-case blocking-times and response-times for single-mode real-time applications that share resources in partitioned multi-core systems. For this purpose a compositional performance analysis methodology is adopted and extended to take into account the contention of tasks on the processor cores and on the shared resources under different combinations of processor scheduling policies and shared resource arbitration strategies. Highly relevant is the compatibility of the proposed analysis methods with the specifications of the automotive AUTOSAR standard, which defines the combination of (1) preemptive, non-preemptive and cooperative core local scheduling with (2) lock-based arbitration of core local shared resources and spinlock-based arbitration of inter-core shared resources. Further, this thesis proposes novel timing analysis solutions for multi-mode distributed real-time systems. For such systems, the settling time of a mode change, called mode change transition latency, is identified as an important system parameter that has been neglected before. This thesis contributes a novel analysis algorithm which gives a maximum bound on each mode change transition latency of multi-mode distributed applications. Knowing the settling time of each mode change, the impact of multiple mode changes and of the possible overload situations can be handled in the early development phases of real-time systems. Finally, an approach for safely handling shared resources across mode changes is presented and a corresponding timing analysis method is contributed. The new analysis solution combines modeling and analysis elements of the multi-core and multi-mode related analysis solutions and focuses on the specification of the AUTOSAR standard. This enables system designers to handle the timing behavior of more complex systems in which the problems of mode management, multi-core scheduling and shared resource arbitration coexist. The applicability and usefulness of the contributed analysis solutions are highlighted by experimental evaluations, which are enabled by the implementation of the proposed analysis methods in a performance analysis tool framework.Um Multicore-Systeme für die Umsetzung zeitkritischer Single- und Multi-Mode Anwendungen in sicherheitskritischen Umgebungen einsetzen zu können, werden in dem Entwicklungsprozess geeignete Analysemethoden und Tools zur Bestimmung des Zeitverhaltens und der Performanz benötigt. Als erster Beitrag dieser Dissertation werden neue Analyseverfahren eingeführt, um die Worst-Case-Antwortzeiten und -Blockierungszeiten für statische Echtzeitanwendungen in Single-Mode eingebetteten Multicore-Systemen mit gemeinsam genutzten Ressourcen zu bestimmen. Die entwickelten Verfahren nutzen einen existierenden kompositionellen Performanzanalyseansatz und erweitern diesen, um verschiedene Kombinationen von partitionierenden Multiprozessor-Schedulingverfahren und –Synchronisationsmechanismen behandeln zu können. Besonders praxisrelevant ist die Möglichkeit, die Kombination von (1) preemptives, nicht-preemptives sowie kooperatives Prozessor-Scheduling und (2) Spinlock-basierten Synchronisationsmechanismen zu analysieren, die heute in AUTOSAR-konformen Automotive-Softwarearchitekturen standardisiert sind. Als zweiter Beitrag wird in dieser Dissertation ein neuer Ansatz für die Analyse der zeitlichen Auswirkungen von mehreren Szenarienübergängen in vernetzten Multi-Mode eingebetteten Systemen eingeführt. Als erste konstruktive Maßnahme ermöglicht das in dieser Arbeit präsentierte Verfahren die Berechnung der Einschwingzeit jedes Szenarioübergangs und leistet dadurch eine wichtige Hilfestellung beim Systementwurf. Auf diese Weise können die Auswirkungen der Szenarienübergänge, einschließlich der zeitlich begrenzten Überlastsituationen, kontrolliert und in den Systementwurf frühzeitig einbezogen werden. Als letzter Beitrag dieser Dissertation wird ein Ansatz für die Handhabung der Zugriffskonflikte auf gemeinsam genutzten Ressourcen in Multi-Mode eingebetteten Multicore-Systemen präsentiert und eine entsprechende Analysemethode eingeführt. Die neue Analyse kombiniert Modellierungs- und Analyse-Elemente der vorher in dieser Arbeit eingeführten Analyseansätze, und ermöglicht die Untersuchung des ungünstigsten Zeitverhaltens viel komplexer eingebetteten Multicore-Systemen. Dabei werden erneut Spezifikationen der AUTOSAR-Standards berücksichtigt. Nicht zuletzt werden alle Analysemethoden in eine Toolumgebung implementiert und für verschiedene Experimente, die deren praktische Anwendbarkeit hervorheben, angewendet

Scheduling for Mixed-criticality Hypervisor Systems in the Automotive Domain

This thesis focuses on scheduling for hypervisor systems in the automotive domain. Current practices are primarily implementation-agnostic or are limited by lack of visibility during the execution of partitions. The tasks executed within the partitions are classified as event-triggered or time-triggered. A scheduling model is developed using a pair of a deferrable server and a periodic server per partition to provide low latency for event-triggered tasks and maximising utilisation. The developed approach enforces temporal isolation between partitions and ensures that time-triggered tasks do not suffer from starvation. The scheduling model was extended to support three criticality levels with two degraded modes. The first degraded mode provides the partitions with additional capacity by trading-off low latency of event-driven tasks with lower overheads and utilisation. Both models were evaluated by forming a case study using real ECU application code. A second case study was formed inspired from the Olympus Attitude and Orbital Control System (AOCS) to further evaluate the proposed mixed-criticality model. To conclude, the contributions of this thesis are addressed with respect to the research hypothesis and possible avenues for future work are identified

A static scheduling approach to enable safety-critical OpenMP applications

Parallel computation is fundamental to satisfy the performance requirements of advanced safety-critical systems. OpenMP is a good candidate to exploit the performance opportunities of parallel platforms. However, safety-critical systems are often based on static allocation strategies, whereas current OpenMP implementations are based on dynamic schedulers. This paper proposes two OpenMP-compliant static allocation approaches: an optimal but costly approach based on an ILP formulation, and a sub-optimal but tractable approach that computes a worst-case makespan bound close to the optimal one.This work is funded by the EU projects P-SOCRATES (FP7-ICT-2013-10) and HERCULES (H2020/ICT/2015/688860), and the Spanish Ministry of Science and Innovation under contract TIN2015-65316-P.Peer ReviewedPostprint (author's final draft