Programmation sûre de plates-formes embarquées de type multi/pluri-cœurs

The purpose of this document is to describe an overview of my work on the topic of "programming mutli/many-core COTS in the context of aeronautics" and to propose future research work.L’objectif de ce document est de décrire une synthèse des travaux que j’ai menés autour du thème de "la programmation sûre de plates-formes embarquées" et de proposer des perspectives de recherche pour les années à venir

Formal description of ML models for unambiguous implementation

Implementing deep neural networks in safety critical systems, in particular in the aeronautical domain, will require to offer adequate specification paradigms to preserve the semantics of the trained model on the final hardware platform. We propose to extend the nnef language in order to allow traceable distribution and parallelisation optimizations of a trained model. We show how such a specification can be implemented in cuda on a Xavier platform

Modeling Cache Coherence to Expose Interference

To facilitate programming, most multi-core processors feature automated mechanisms maintaining coherence between each core\u27s cache. These mechanisms introduce interference, that is, delays caused by concurrent access to a shared resource. This type of interference is hard to predict, leading to the mechanisms being shunned by real-time system designers, at the cost of potential benefits in both running time and system complexity. We believe that formal methods can provide the means to ensure that the effects of this interference are properly exposed and mitigated. Consequently, this paper proposes a nascent framework relying on timed automata to model and analyze the interference caused by cache coherence

Modeling Cache Coherence to Expose Interference (Artifact)

To facilitate programming, most multi-core processors feature automated mechanisms maintaining coherence between each core\u27s cache. These mechanisms introduce interference, that is, delays caused by concurrent access to a shared resource. This type of interference is hard to predict, leading to the mechanisms being shunned by real-time system designers, at the cost of potential benefits in both running time and system complexity. We believe that formal methods can provide the means to ensure that the effects of this interference are properly exposed and mitigated. Consequently, we propose a nascent framework relying on timed automata to model and analyze the interference caused by cache coherence

On How to Identify Cache Coherence: Case of the NXP QorIQ T4240

Architectures used in safety critical systems have to pass certain certification standards, which require sufficient proof that they will behave as expected. Multi-core processors make this challenging by featuring complex interactions between the tasks they run. A lot of these interactions are made without explicit instructions from the program designers. Furthermore, they can have strong negative impacts on performance (and potentially affect correctness). One important such source of interactions is cache coherence, which speeds up operations in most cases, but can also lead to unexpected variations in execution time if not fully understood. Architecture documentations often lack details on the implementation of cache coherence. We thus propose a strategy to ascertain that the platform does indeed implement the cache coherence protocol its user believes it to. We also apply this strategy to the NXP QorIQ T4240, resulting in the identification of a protocol (MESIF) other than the one this architecture’s documentation led us to believe it was using (MESI)

Distributed Simulation of Heterogeneous and Real-time Systems

This work describes a framework for distributed simulation of cyber-physical systems (CPS). Modern CPS comprise large numbers of heterogeneous components, typically designed in very different tools and languages that are not or not easily composeable. Evaluating such large systems requires tools that integrate all components in a systematic, well-defined manner. This work leverages existing frameworks to facilitate the integration offers validation by simulation. A framework for distributed simulation is the IEEE High-Level Architecture (HLA) compliant tool CERTI, which provides the infrastructure for co-simulation of models in various simulation environments as well as hardware components. We use CERTI in combination with Ptolemy II, an environment for modeling and simulating heterogeneous systems. In particular, we focus on models of a CPS, including the physical dynamics of a plant, the software that controls the plant, and the network that enables the communication between controllers. We describe the Ptolemy extensions for the interaction with HLA and demonstrate the approach on a flight control system simulation

Ordonnancement de tâches périodiques avec précédences étendues sans sémaphores

National audienceCe travail porte sur l'ordonnancement de systèmes embarqués critiques. Ces systèmes sont multi-périodiques et soumis à des contraintes d'échéances. L'implémentation d'un tel système doit de plus être fonctionnellement déterministe (les mêmes sorties produites pour les mêmes entrées), ce qui nécessite de contrôler précisément l'ordre des communications entre tâches, à l'aide de contraintes de précédence. Nous nous intéressons donc à l'ordonnancement de tâches périodiques reliées par des contraintes de précédence étendues (entre tâches de périodes différentes), à l'aide de politiques basées sur les priorités. En raison du caractère critique des applications considérées, on s'intéresse à des politiques d'ordonancement sans sémaphores, afin d'éliminer tout risque d'anomalie d'ordonnancement (un système prouvé ordonnançable avant l'exécution sur la base des WCET devenant non-ordonnaçable à l'exécution en raison d'une tâche ne prenant pas son WCET). Nous proposons une politique d'ordonnancement optimale pour le problème présenté ci-dessus, en priorité dynamique

Model-based design, analysis and synthesis for multi-core and TSP avionics targets

Multi-core, and Time and Space Partitionnong sys- tems are two emerging paradigms for architecting avionics systems. They impose new steps in the development process: capturing configuration attributes, analysing their correctness, or guaranteeing performance. In this context, model-based tech- niques provide a framework to design, analyse and synthesize these systems while automating much steps. In this paper, we report on a set of extenstions of TASTE to support multi-core and TSP systems. We first present the key architectural elements of these systems, and then detail how these have been support as part of the generation toolchain. We then present experiments realized on two case studies and two hardware targets, both provided with the XtratuM hypervisor

Implementing Multi-Periodic Critical Systems: from Design to Code Generation

This article presents a complete scheme for the development of Critical Embedded Systems with Multiple Real-Time Constraints. The system is programmed with a language that extends the synchronous approach with high-level real-time primitives. It enables to assemble in a modular and hierarchical manner several locally mono-periodic synchronous systems into a globally multi-periodic synchronous system. It also allows to specify flow latency constraints. A program is translated into a set of real-time tasks. The generated code (\C\ code) can be executed on a simple real-time platform with a dynamic-priority scheduler (EDF). The compilation process (each algorithm of the process, not the compiler itself) is formally proved correct, meaning that the generated code respects the real-time semantics of the original program (respect of periods, deadlines, release dates and precedences) as well as its functional semantics (respect of variable consumption).Comment: 15 pages, published in Workshop on Formal Methods for Aerospace (FMA'09), part of Formal Methods Week 2009

Modeling Cache Coherence to Expose

International audienceTo facilitate programming, most multi-core processors feature automated mechanisms maintaining coherence between each core's cache. These mechanisms introduce interference, that is, delays caused by concurrent access to a shared resource. This type of interference is hard to predict, leading to the mechanisms being shunned by real-time system designers, at the cost of potential benefits in both running time and system complexity. We believe that formal methods can provide the means to ensure that the effects of this interference are properly exposed and mitigated. Consequently, this paper proposes a nascent framework relying on timed automata to model and analyze the interference caused by cache coherence