ROS2기반의 자동차 사이버 시스템을 위한 기능적/시간적 정확성을 보장하는 실시간 시뮬레이션 기법

학위논문 (석사) -- 서울대학교 대학원 : 공과대학 컴퓨터공학부, 2021. 2. 이창건.This dissertation proposes an approach for functionally and temporally correct simulation of cyber system based on ROS2 framework. In the previous work, the simulation approach was proposed that overcomes the limitations, which only guaranteeing the functional correctness of the existing simulation approach by guaranteeing the temporal correctness and simultaneously performs the task efficiently by reordering jobs. Recognizing that the ROS2 cyber system differs from the traditional automotive cyber systems, this dissertation can be applied to the ROS2 cyber system while maintaining the key idea of the previous simulation approach. In the proposed approach, a system model for ROS2 cyber system is defined. Based on this, the cyber systems schedule is predicted, and a precedence relationship graph is generated so that the existing simulation technique can be applied. The proposed method measures the simulation capacity, together with other simulation algorithms, through a randomly generated workload, and it is shown that the proposed approach has the highest simulation capacity in a single core simulator. Therefore, the existing functional/ temporally correct simulation approach can be applied to the cyber system of automotive system based on ROS2 framework, and by utilizing this, it is possible to correctly and effectively simulate the ROS2 cyber system.본 논문은 ROS2를 기반으로 설계된 자동차 사이버 시스템을 기능적/시간적으로 정확하게 시뮬레이션하는 방법론을 제안한다. 앞선 연구에서는 기존의 시뮬레이션 기법들의 기능적인 정확성만 보장하는 문제에서 발생하는 한계점을 극복하고 동시에 효율적으로 작업을 수행하는 시뮬레이션 기법이 제안되었다. ROS2 기반의 자동차 사이버 시스템에서는 기능 수행의 행태가 기존의 자동차 사이버 시스템과는 다르다는 것을 인지하여 본 논문에서는 앞선 연구에서 제안하는 시뮬레이션 기법의 핵심 아이디어가 유지되면서 ROS2 기반의 자동차 사이버 시스템에 적용이 될 수 있도록 시뮬레이션 기법을 제안한다. 제안하는 방법에서는 ROS2 스케줄링을 고려한 시스템 모델을 정의하고 이를 기반으로 실제 사이버 시스템의 스케줄을 예측하고 선행 관계 그래프를 생성하여 기존의 시뮬레이션 기법이 그대로 적용될 수 있도록 한다. 제안하는 방법은 임의적으로 생성된 워크로드를 통해 다른 시뮬레이션 알고리즘과 함께 시뮬레이션 용량을 측정하고, 제안하는 방법이 싱글코어 시뮬레이터에서 가장 높은 시뮬레이션 용량을 가지는 것을 보인다. 따라서, 기존의 기능적/시간적으로 정확한 시뮬레이션 기법이 ROS2 기반의 자동차 사이버 시스템에서도 적용이 가능하며, 이를 활용하여 기존의 자동차 사이버 시스템뿐만 아니라 ROS2 기반의 자동차 사이버 시스템을 효과적으로 시뮬레이션 할 수 있다.1 Introduction 1 1.1 Motivation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 1.2 Organization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 2 Backgrounds 4 2.1 Overview of Functionally and Temporally Correct Simulation . . . 4 2.2 ROS2 Scheduling . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 3 Proposed Approach 10 3.1 System Model for ROS2 Cyber System . . . . . . . . . . . . . . . 10 3.2 Offline Phase . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 3.3 Online Phase . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 4 Evaluation 18 4.1 Experimental Setup . . . . . . . . . . . . . . . . . . . . . . . . . . 18 4.2 Simulation Results . . . . . . . . . . . . . . . . . . . . . . . . . . 19 5 Conclusion 21 References 23Maste

사이버-물리 시스템을 위한 기능적/시간적 정확성 보장 시뮬레이션 기법

학위논문 (박사)-- 서울대학교 대학원 공과대학 전기·컴퓨터공학부, 2017. 8. 이창건.When developing a Cyber-Physical System (CPS), simulators are commonly used to predict the final performance of the system at the design phase. However, current simulation tools do not consider timing behaviors of the cyber-system such as varying execution times and task preemptions. Thus, their control performance predictions are far different from the real performance, and this leads to enormous time and cost for a system development, because multiple re-design and re-implementation phases are required, until an acceptable system configuration is determined. Motivated by this limitation, this dissertation proposes functionally and temporally correct simulation for the cyber-side of a CPS. The key idea of the proposed approach is to keep the data and time correctness only at the physical interaction points to maximally enjoy the freedom of scheduling simulated jobs. For this, we transform the simulation problem to a real-time job scheduling problem with precedence constraints necessary for the functional and temporal correctness. Then, we propose an efficient scheduling algorithm for the functionally and temporally correct real-time simulation. The proposed approach significantly improves the real-time simulation capacity of the state-of-the-art simulation methods while keeping the functional and temporal correctness. Our evaluation through both synthetic workload and actual implementation confirms both high accuracy and high efficiency of our approach compared with other state-of-the-art methods.1 Introduction 1 1.1 Motivation and Objective 1 1.2 Approach 3 1.3 Contributions 8 1.4 Organization 8 2 Related Work 10 2.1 Design and Verification of Cyber-Physical Systems 10 2.2 Verification Approaches 12 2.2.1 Model-Based Simulations 12 2.2.2 Cycle-Accurate Simulations and Host-Compiled Simulations 14 2.2.3 Real-Time Execution Platforms 15 2.2.4 Distributed Simulations 16 2.3 Job Scheduling Approaches 17 3 System Model and Problem Description 22 3.1 Description on the real cyber-system 23 3.2 Description on the simulated cyber-system 27 3.3 Formal definition of the simulation problem 28 4 Real-Time Simulation for Deterministic Cyber-Systems 31 4.1 Introduction 31 4.2 Construction of Offline Guider 31 4.3 Online Progressive Scheduling of Simulated Jobs 34 4.4 Evaluation 38 5 Real-Time Simulation for Non-Deterministic Cyber-Systems 45 5.1 Introduction 45 5.2 Overview of Approach 45 5.3 Construction of Offline Guider 50 5.4 Online Progressive Scheduling of Simulated Jobs 63 5.5 Evaluation 74 5.5.1 Evaluation Using Synthesized Cyber-Systems 78 5.5.2 Implementation 86 6 Practical Discussions 95 6.1 Data Exchange Delay 95 6.2 Simulation Overhead 97 6.2.1Offline Overhead 97 6.2.2 Online Overhead 100 6.3 Other Useful Features 100 7 Extension for Multicore Simulation PC 102 8 Conclusion 108 8.1 Summary 108 8.2 Future Work 108 References 110Docto

Qduino: a cyber-physical programming platform for multicore Systems-on-Chip

Emerging multicore Systems-on-Chip are enabling new cyber-physical applications such as autonomous drones, driverless cars and smart manufacturing using web-connected 3D printers. Common to those applications is a communicating task pipeline, to acquire and process sensor data and produce outputs that control actuators. As a result, these applications usually have timing requirements for both individual tasks and task pipelines formed for sensor data processing and actuation. Current cyber-physical programming platforms, such as Arduino and embedded Linux with the POSIX interface do not allow application developers to specify those timing requirements. Moreover, none of them provide the programming interface to schedule tasks and map them to processor cores, while managing I/O in a predictable manner, on multicore hardware platforms. Hence, this thesis presents the Qduino programming platform. Qduino adopts the simplicity of the Arduino API, with additional support for real-time multithreaded sketches on multicore architectures. Qduino allows application developers to specify timing properties of individual tasks as well as task pipelines at the design stage. To this end, we propose a mathematical framework to derive each task’s budget and period from the specified end-to-end timing requirements. The second part of the thesis is motivated by the observation that at the center of these pipelines are tasks that typically require complex software support, such as sensor data fusion or image processing algorithms. These features are usually developed by many man-year engineering efforts and thus commonly seen on General-Purpose Operating Systems (GPOS). Therefore, in order to support modern, intelligent cyber-physical applications, we enhance the Qduino platform’s extensibility by taking advantage of the Quest-V virtualized partitioning kernel. The platform’s usability is demonstrated by building a novel web-connected 3D printer and a prototypical autonomous drone framework in Qduino

Modeling and Analysis of Automotive Cyber-physical Systems: Formal Approaches to Latency Analysis in Practice

Based on advances in scheduling analysis in the 1970s, a whole area of research has evolved: formal end-to-end latency analysis in real-time systems. Although multiple approaches from the scientific community have successfully been applied in industrial practice, a gap is emerging between the means provided by formally backed approaches and the need of the automotive industry where cyber-physical systems have taken over from classic embedded systems. They are accompanied by a shift to heterogeneous platforms build upon multicore architectures. Scien- tific techniques are often still based on too simple system models and estimations on important end-to-end latencies have only been tightened recently. To this end, we present an expressive system model and formally describe the problem of end-to-end latency analysis in modern automotive cyber-physical systems. Based on this we examine approaches to formally estimate tight end-to-end latencies in Chapter 4 and Chapter 5. The de- veloped approaches include a wide range of relevant systems. We show that our approach for the estimation of latencies of task chains dominates existing approaches in terms of tightness of the results. In the last chapter we make a brief digression to measurement analysis since measuring and simulation is an important part of verification in current industrial practice

Compilation de systèmes temps réel

I introduce and advocate for the concept of Real-Time Systems Compilation. By analogy with classical compilation, real-time systems compilation consists in the fully automatic construction of running, correct-by-construction implementations from functional and non-functional specifications of embedded control systems. Like in a classical compiler, the whole process must be fast (thus enabling a trial-and-error design style) and produce reasonably efficient code. This requires the use of fast heuristics, and the use of fine-grain platform and application models. Unlike a classical compiler, a real-time systems compiler must take into account non-functional properties of a system and ensure the respect of non-functional requirements (in addition to functional correctness). I also present Lopht, a real-time systems compiler for statically-scheduled real-time systems we built by combining techniques and concepts from real-time scheduling, compilation, and synchronous languages

Operating System Contribution to Composable Timing Behaviour in High-Integrity Real-Time Systems

The development of High-Integrity Real-Time Systems has a high footprint in terms of human, material and schedule costs. Factoring functional, reusable logic in the application favors incremental development and contains costs. Yet, achieving incrementality in the timing behavior is a much harder problem. Complex features at all levels of the execution stack, aimed to boost average-case performance, exhibit timing behavior highly dependent on execution history, which wrecks time composability and incrementaility with it. Our goal here is to restitute time composability to the execution stack, working bottom up across it. We first characterize time composability without making assumptions on the system architecture or the software deployment to it. Later, we focus on the role played by the real-time operating system in our pursuit. Initially we consider single-core processors and, becoming less permissive on the admissible hardware features, we devise solutions that restore a convincing degree of time composability. To show what can be done for real, we developed TiCOS, an ARINC-compliant kernel, and re-designed ORK+, a kernel for Ada Ravenscar runtimes. In that work, we added support for limited-preemption to ORK+, an absolute premiere in the landscape of real-word kernels. Our implementation allows resource sharing to co-exist with limited-preemptive scheduling, which extends state of the art. We then turn our attention to multicore architectures, first considering partitioned systems, for which we achieve results close to those obtained for single-core processors. Subsequently, we shy away from the over-provision of those systems and consider less restrictive uses of homogeneous multiprocessors, where the scheduling algorithm is key to high schedulable utilization. To that end we single out RUN, a promising baseline, and extend it to SPRINT, which supports sporadic task sets, hence matches real-world industrial needs better. To corroborate our results we present findings from real-world case studies from avionic industry

Proceedings Work-In-Progress Session of the 13th Real-Time and Embedded Technology and Applications Symposium

The Work-In-Progress session of the 13th IEEE Real-Time and Embedded Technology and Applications Symposium (RTAS\u2707) presents papers describing contributions both to state of the art and state of the practice in the broad field of real-time and embedded systems. The 17 accepted papers were selected from 19 submissions. This proceedings is also available as Washington University in St. Louis Technical Report WUCSE-2007-17, at http://www.cse.seas.wustl.edu/Research/FileDownload.asp?733. Special thanks go to the General Chairs – Steve Goddard and Steve Liu and Program Chairs - Scott Brandt and Frank Mueller for their support and guidance

Dependable Embedded Systems

This Open Access book introduces readers to many new techniques for enhancing and optimizing reliability in embedded systems, which have emerged particularly within the last five years. This book introduces the most prominent reliability concerns from today’s points of view and roughly recapitulates the progress in the community so far. Unlike other books that focus on a single abstraction level such circuit level or system level alone, the focus of this book is to deal with the different reliability challenges across different levels starting from the physical level all the way to the system level (cross-layer approaches). The book aims at demonstrating how new hardware/software co-design solution can be proposed to ef-fectively mitigate reliability degradation such as transistor aging, processor variation, temperature effects, soft errors, etc. Provides readers with latest insights into novel, cross-layer methods and models with respect to dependability of embedded systems; Describes cross-layer approaches that can leverage reliability through techniques that are pro-actively designed with respect to techniques at other layers; Explains run-time adaptation and concepts/means of self-organization, in order to achieve error resiliency in complex, future many core systems

Predictable and composable system-on-chip memory controllers

Contemporary System-on-Chip (SoC) become more and more complex, as increasing integration results in a larger number of concurrently executing applications. These applications consist of tasks that are mapped on heterogeneous multi-processor platforms with distributed memory hierarchies, where SRAMs and SDRAMs are shared by a variety of arbiters. Some applications have real-time requirements, meaning that they must perform a particular computation before a deadline to guarantee functional correctness, or to prevent quality degradation. Mapping the applications on the platform such that all real-time requirements are satisfied is very challenging. The number of possible mappings of tasks to processing elements and data structures to memories may be large, and appropriate configuration settings must be determined once the mapping is chosen. Verifying that a particular mapping satisfies all application requirements is typically done by system-level simulation. However, resource sharing causes interference between applications, making their temporal behaviors inter-dependent. All concurrently executing applications must hence be verified together, causing the verification complexity of the system to increase exponentially with the number of applications. Together these factors contribute to making the integration and verification process a dominant part of SoC development, both in terms of time and money. Predictable and composable systems are proposed to manage the increasing verification complexity. Predictable systems provide lower bounds on application performance, while applications in composable systems are completely isolated and cannot affect each other’s temporal behavior by even a single clock cycle. Predictable systems enable formal verification that covers all possible interactions with the platform. However, this assumes that the behavior of an application is captured in a performance model, which is not the case for many applications. Composability offers a complementary verification approach by letting these applications be verified independently by simulation with linear verification complexity. A limitation of current predictable and composable systems is that there are no memory controllers supporting the concepts in a general way. Current SRAM controllers can be shared in a predictable way with a variety of arbiters, but are only composable if statically scheduled or shared using time-division multiplexing. Existing SDRAM controllers are not composable, and are either unpredictable or limited to applications that are statically scheduled. This thesis addresses the limitations of current predictable and composable systems by proposing a general predictable and composable memory controller, thereby addressing the mapping and verification problem in embedded systems. The proposed memory controller is divided into a front-end and a back-end. The back-end is specific for DDR2/DDR3 SDRAM and makes the memory behave in a predictable manner using precomputed memory patterns that are dynamically combined at run time. The front-end contains buffering and an arbiter in the class of Latency-Rate (LR) servers, which is a class with many well-known predictable arbiters. We extend this class with a Credit-Controlled Static-Priority (CCSP) arbiter that is developed specifically for shared resources with latency-critical requestors and high loads, such as memories. Three key features of CCSP are: 1) It accommodates latency-critical requestors with low bandwidth requirements without wasting bandwidth. 2) Over-allocated bandwidth can be made negligible at an increased area cost, without affecting latency. 3) It has a small implementation that runs fast enough to keep up with most DDR2/DDR3 memories. The proposed front-end is general and can be used with other predictable resources, such as SRAM controllers. The proposed memory controller hence supports multiple arbiter and memory types, thus addressing the diversity in modern SoCs. The combination of front-end and predictable memory behaves like a LR server, which is the shared resource abstraction used in this work. In essence, a LR server guarantees a requestor a minimum bandwidth and a maximum latency, enabling formal verification of real-time requirements. The LR server model is compatible with several commonly used formal analysis frameworks, such as network calculus and data-flow analysis. Our memory controller hence allows any combination of predictable memory and LR arbiter to be used transparently for formal verification of applications with any of these frameworks. Sharing a predictable memory at run-time results in interference between requestors, making the memory controller non-composable. This is addressed by adding a Delay Block to the front-end that delays all signals sent from the front-end to a requestor to always emulate worst-case interference. This makes requestors unable to affect each other’s temporal behavior, which is sufficient to guarantee composability on the level of applications. Our predictable memory controller hence offers composable service with a variety of memory and arbiter types, which widely extends the scope of composable platforms. Another benefit of this approach is that it enables composable service to be dynamically enabled and disabled, enabling requestors that do not require composable service to use slack bandwidth to improve performance. The predictable and composable memory controller is supported by a configuration flow that automatically computes memory patterns and arbiter settings to satisfy given bandwidth and latency requirements. The flow uses abstraction to separate the configuration of the memory and the arbiter, enabling settings to be computed in a streamlined fashion for all supported memories and arbiters