Dagstuhl Seminar 18092
The Logical Execution Time Paradigm: New Perspectives for Multicore Systems
( Feb 25 – Feb 28, 2018 )
Permalink
Organizers
- Rolf Ernst (TU Braunschweig, DE)
- Stefan Kuntz (Continental Automotive GmbH - Regensburg, DE)
- Sophie Quinton (INRIA - Grenoble, FR)
- Martin Simons (Daimler AG - Böblingen, DE)
Contact
- Shida Kunz (for scientific matters)
- Annette Beyer (for administrative matters)
Dagstuhl Seminar Wiki
- Dagstuhl Seminar Wiki (Use personal credentials as created in DOOR to log in)
Shared Documents
- Dagstuhl Materials Page (Use personal credentials as created in DOOR to log in)
Schedule
The Logical Execution Time (LET) abstraction, which was originally introduced as a real-time programming paradigm, has gained traction recently in the automotive industry with the shift to multicore architectures. The objective of this Dagstuhl Seminar is to investigate new opportunities and challenges raised by the use of LET as a basis for implementing parallel execution of control software.
LET abstracts from the actual timing behavior of real-time tasks on the physical platform: Independent of when a task executes, the time interval between its reading input and writing output is fixed by the LET. This introduces a separation between functionality on the one hand, and mapping and scheduling on the other hand. It also provides a clean interface between the timing model used by the control engineer and that of the software engineer.
The LET paradigm was considered until recently by the automotive industry as not efficient enough in terms of buffer space and timing performance. The shift to embedded multicore processors has represented a game changer: The design and verification of multicore systems is a challenging area of research that is still very much in progress. Predictability clearly is a crucial issue which cannot be tackled without changes in the design process. Several OEMs and suppliers have come to the conclusion that LET might be a key enabler and a standardization effort is already under way in the automotive community to integrate LET into AUTOSAR.
The seminar will bring together researchers and practitioners from different backgrounds to discuss and sketch solutions to the problems raised by the use of LET in multicore systems, with a focus on the automotive domain. Specific questions include:
- LET was designed as a programming paradigm but is now being used as a mechanism for predictable communication. How can the principles of LET be adapted accordingly? How should LET values be chosen?
- LETs act as deadlines for tasks, which means that they must be dimensioned for the worst-case response time of tasks. This may be too inefficient in practice. Alternatives exist where a bounded number of deadline misses may be tolerated. How should LET exceptions (violations of the specified LET) be handled then? How can deadline miss patterns which still guarantee functional correctness (e.g., system stability) be established?
- How should the LET constructs be integrated into AUTOSAR? More generally, how should the design and verification process in the automotive industry be modified to integrate the LET paradigm?
- How does the use of the LET paradigm for multicore systems fit into the more general context of achieving predictability of multicore systems?
This seminar will provide a unique opportunity for participants from the automotive industry to get feedback from academia on their effort to adopt the LET paradigm. On the other hand, it will allow other participants to confront their own models and/or solutions with industrial reality and identify new research challenges. This seminar will furthermore bring together research communities which do not so often interact with each other, e.g. the synchronous, control and real-time communities. One expected outcome of this seminar is a joint statement in the Dagstuhl Report to be used from then on as a reference document on the use of LET in the automotive industry.
The Logical Execution Time (LET) abstraction, which was originally introduced as a real-time programming paradigm, has gained traction recently in the automotive industry with the shift to multicore architectures. The objective of this Dagstuhl Seminar was to investigate new opportunities and challenges raised by the use of LET as a basis for implementing parallel execution of control software.
LET abstracts from the actual timing behavior of real-time tasks on the physical platform: Independent of when a task executes, the time interval between its reading input and writing output is fixed by the LET. This introduces a separation between functionality on the one hand, and mapping and scheduling on the other hand. It also provides a clean interface between the timing model used by the control engineer and that of the software engineer.
The LET paradigm was considered until recently by the automotive industry as not efficient enough in terms of buffer space and timing performance. The shift to embedded multicore processors has represented a game changer: The design and verification of multicore systems is a challenging area of research that is still very much in progress. Predictability clearly is a crucial issue which cannot be tackled without changes in the design process. Several OEMs and suppliers have come to the conclusion that LET might be a key enabler and a standardization effort is already under way in the automotive community to integrate LET into AUTOSAR.
The seminar brought together researchers and practitioners from different backgrounds to discuss and sketch solutions to the problems raised by the use of LET in multicore systems, with a focus on the automotive domain. The program was structured around the following topics: (i) Implementations of LET; (ii) LET and related paradigms; (iii) LET and control; (iv) Future directions of LET. The fruitful discussions covered the following issues:
- LET was designed as a programming paradigm but is now being used as a mechanism for predictable communication. How can the principles of LET be adapted accordingly? How should LET values be chosen?
- LETs act as deadlines for tasks, which means that they must be dimensioned for the worst-case response time of tasks. This may be too inefficient in practice. Alternatives exist where a bounded number of deadline misses may be tolerated. How should LET exceptions (violations of the specified LET) be handled then? How can deadline miss patterns which still guarantee functional correctness (e.g., system stability) be established?
- How should the LET constructs be integrated into AUTOSAR? More generally, how should the design and verification process in the automotive industry be modified to integrate the LET paradigm?
- How does the use of the LET paradigm for multicore systems fit into the more general context of achieving predictability of multicore systems?
This seminar provided a unique opportunity for participants from the automotive industry to get feedback from academia on their effort to adopt the LET paradigm. At the same time, it allowed other participants to confront their own models and/or solutions with industrial reality and identify new research challenges. This seminar furthermore brought together research communities which do not so often interact with each other, e.g. the synchronous, control and real-time communities.
Organization of the seminar
The seminar took place from 25th to 28th February 2018. The first day started with an introduction by the organizers, followed by a talk from one of the co-founders of the LET paradigm -- Christoph Kirsch. The following two sessions included talks providing an industrial view on the challenges of implementing LET in the multi-core automotive setting. The first day continued with a session comprised of talks presenting the academic view on LET-related challenges, and concluded with breakout sessions (detailed below). The second day of the seminar started with two sessions in which LET was compared to related paradigms, such as the synchronous model. The afternoon talks focused on the connection between LET and control as well as on a possible application of the LET approach to the domain of graphical processing units. The second day concluded with another set of breakout sessions. The third day included talks exploring future directions of LET, and a final set of breakout sessions.
Breakout sessions led to very interesting and fruitful discussions, and covered, among others, the following aspects:
- Dimensioning of LET intervals: The main focus was on how to efficiently dimension LET intervals to fit specific applications, which is currently a very pragmatic and experience based activity. Moreover, the two uses of LET in the automotive setting were identified: (i)~Functional LET and (ii)~Implementation LET.
- Buffer optimization within LET: The main focus was on the management of buffers in a LET-based implementation. The following topics were identified as relevant and thus discussed: minimizing the number of used buffers, strategies to handle memory contentions when accessing buffers, location of buffers in the memory hierarchy of hardware platforms and locality affinities between buffers, impact of spatial partitioning or periodicity of LET frames (harmonic or not) the buffers.
- The synchronous approach vs LET: The focus was on the comparison between the synchronous and LET models, with a discussion of their advantages and limitations, and their positioning in the context of the needs of the automotive industry, with a special emphasis on a transition from a singlecore to a multicore setting.
- Control and LET: The main focus was on the use of the LET paradigm to implement controllers. The following topics were identified as relevant and thus discussed: Is LET the correct paradigm for controller implementation? What is a viable period choice? How are potential deadline misses handled? Can a proper fault model be conveniently incorporated into the LET methodology? Can LET lead to new contributions in the control research domain?
More details on breakout sessions are available in a dedicated section of this document, after the overview of the talks given during the seminar.
Outcome of the seminar
The seminar has already enabled several collaborations: (i) a white paper on the topic is under preparation; (ii) a special session at EMSOFT'18 will be proposed. In addition, since participants expressed very positive opinions about the seminar and were in favor of reproducing the experience, a follow-up seminar will be considered.
Finally, as organizers, we would like to thank all of the participants for their strong interaction, interesting talks, fruitful group discussions, and work on open problems.
- Leonie Ahrendts (TU Braunschweig, DE) [dblp]
- James H. Anderson (University of North Carolina at Chapel Hill, US) [dblp]
- Matthias Beckert (TU Braunschweig, DE) [dblp]
- Alessandro Biondi (Sant'Anna School of Advanced Studies - Pisa, IT) [dblp]
- Bert Boeddeker (Denso Automotive - Eching, DE) [dblp]
- Björn B. Brandenburg (MPI-SWS - Kaiserslautern, DE) [dblp]
- Sylvain Cotard (Krono Safe - Orsay, FR) [dblp]
- Marco Di Natale (Sant'Anna School of Advanced Studies - Pisa, IT) [dblp]
- Benoit Dupont de Dinechin (Kalray - Orsay, FR) [dblp]
- Rolf Ernst (TU Braunschweig, DE) [dblp]
- Glenn Farrall (Infineon - Bristol, GB) [dblp]
- Gerhard Fohler (TU Kaiserslautern, DE) [dblp]
- Alain Girault (INRIA - Grenoble, FR) [dblp]
- Mathieu Jan (CEA LIST - Gif-sur-Yvette, FR) [dblp]
- Karl Henrik Johansson (KTH Royal Institute of Technology - Stockholm, SE) [dblp]
- Sebastian Kehr (Denso Automotive - Eching, DE) [dblp]
- Christoph M. Kirsch (Universität Salzburg, AT) [dblp]
- Stefan Kuntz (Continental Automotive GmbH - Regensburg, DE) [dblp]
- Ralph Mader (Continental Automotive GmbH - Regensburg, DE) [dblp]
- Martina Maggio (Lund University, SE) [dblp]
- Florence Maraninchi (VERIMAG - Grenoble, FR) [dblp]
- Jorge Luis Martinez Garcia (Robert Bosch GmbH - Stuttgart, DE)
- Andreas Naderlinger (Universität Salzburg, AT) [dblp]
- Moritz Neukirchner (Elektrobit Automotive - Erlangen, DE) [dblp]
- Borislav Nikolic (TU Braunschweig, DE) [dblp]
- Nathan Otterness (University of North Carolina at Chapel Hill, US) [dblp]
- Claire Pagetti (ONERA - Toulouse, FR) [dblp]
- Paolo Pazzaglia (Sant'Anna School of Advanced Studies - Pisa, IT) [dblp]
- Christophe Prévot (INRIA - Grenoble, FR)
- Sophie Quinton (INRIA - Grenoble, FR) [dblp]
- Stefan Resmerita (Universität Salzburg, AT) [dblp]
- Hermann von Hasseln (Daimler Research - Stuttgart, DE) [dblp]
- Eugene Yip (Universität Bamberg, DE) [dblp]
- Dirk Ziegenbein (Robert Bosch GmbH - Stuttgart, DE) [dblp]
Classification
- modelling / simulation
- optimization / scheduling
- semantics / formal methods
Keywords
- logical execution time
- real-time systems
- control
- multicore architectures