Dagstuhl-Seminar 15121
Mixed Criticality on Multicore/Manycore Platforms
( 15. Mar – 20. Mar, 2015 )
Permalink
Organisatoren
- Sanjoy Baruah (University of North Carolina at Chapel Hill, US)
- Liliana Cucu-Grosjean (INRIA - Le Chesnay, FR)
- Robert Davis (University of York, GB)
- Claire Maiza (VERIMAG - Grenoble, FR)
Kontakt
- Andreas Dolzmann (für wissenschaftliche Fragen)
- Annette Beyer (für administrative Fragen)
Gemeinsame Dokumente
- Dagstuhl Materials Page (Use personal credentials as created in DOOR to log in)
Programm
The objective of this seminar is to bring together researchers working in fields relating to real-time systems to promote understanding of the fundamental problems affecting Mixed Criticality Systems (MCS) at all levels in the software/hardware stack and, crucially, the interfaces between them. A specific focus will be the challenges brought about by the integration of mixed criticality applications onto multi-core and many-core architectures. As these challenges cut across communities and disciplines, the sub-communities involved in real-time scheduling, real-time operating systems / runtime environments, and timing analysis (WCET) must interact more closely with each other and with specialists in hardware architectures if they are to advance rapidly. To that end, the seminar seeks to promote a lively interaction, synergies, cross-fertilization of ideas, and closer collaboration across the breadth of the real-time community.
Key research questions to be addressed include:
- How to provide effective guarantees of real-time performance to applications of different criticality levels via intelligent sharing of resources while respecting the requirements for asymmetric separation / isolation between criticality levels?
- How to provide asymmetric time separation between applications with different levels of criticality so that the impact of lower criticality applications on those of higher criticality can be tightly bounded independently of the behavior or misbehavior of the former, without significantly compromising guaranteed real-time performance?
- How to provide time composability for applications of different criticality levels, so that the timing behavior of applications determined in isolation remains valid when they are composed during system integration?
The seminar will crucially span from the low level behavior of the memory hierarchy, and network-on-chip or buses, through timing analysis that includes delays due to shared resources (e.g. cache-related or migration delays), real-time operating system behavior, and high level scheduling, and task allocation to the verification of end-to-end deadlines.
Seminar sessions will be structured around the following key themes and will pay particular attention to the interfaces between themes, as these are the areas that can most benefit from improved understanding and collaboration:
- Task and system models for MCS on multi-core and many-core platforms.
- Scheduling schemes and analyses for MCS, including the integration of appropriate models of overheads and delays.
- Run-time environments and support for MCS, including data exchange and synchronization across criticality levels, and issues relating to consistency of the criticality mode.
- Analysis of worst-case execution times relating to MCS on multi-core and many-core platforms, including cache related and migration delays.
- Mixed criticality communications mechanisms and analysis, including Network-on-Chip support.
- Probabilistic analysis techniques for MCS.
The seminar does not intend to cover security issues that relate to some MCS. While it aims to be cognisant of the needs for certification in some industries, the seminar also does not seek to address the certification process.
As with other Dagstuhl Seminars, this seminar will provide open forum for discussion without program selection or review.
Real-time systems are characterised not only by the need for functional correctness, but also the need for timing correctness. Today, real-time embedded systems are found in many diverse application areas including; automotive electronics, avionics, and space systems. In these areas, technological progress is resulting in rapid increases in both software complexity and processing demands. To address the demand for increased processor performance, silicon vendors no longer concentrate on increasing processor clock speeds, as this approach has led to problems with high power consumption and excessive heat dissipation. Instead, technological development has shifted to multicore processors, with multiple CPUs integrated onto a single chip. The broad technology trend is towards much larger numbers of cores, referred to as manycore, requiring network-on-chip rather than bus interconnects.
Requirements on Size Weight and Power consumption, as well as unremitting cost pressures, are pushing developments in avionics and automotive electronics towards the adoption of powerful embedded multicore processors, with a longer term vision of migrating to manycore. With the adoption of such technology comes the opportunity to combine different applications on the same platform, potentially dramatically reducing assembly and production costs, while also improving reliability through a reduction in harnessing. Different applications may have different criticality levels (e.g. safety-critical, mission-critical, non-critical) designating the level of assurance needed against failure. For example, in automotive electronics, cruise control is a low criticality application, whereas electric steering assistance is of high criticality. In an aerospace context, flight control and surveillance applications in Unmanned Aerial Vehicles are of high and low criticality respectively. The very low acceptable failure rates (e.g. 10^{-9} failures per hour) for high criticality applications imply the need for significantly more rigorous and costly development and verification processes than required by low criticality applications.
Combining high and low criticality applications on the same hardware platform raises issues of time separation and composition; it must be possible to prevent the timing behaviour of high criticality applications from being disturbed by low criticality ones, otherwise both need to be engineered to the same rigorous and expensive standards. Simple methods of achieving this separation, such as time partitioning or allocation to different cores can however be wasteful of processing resources. They may require more expensive hardware than necessary, increasing production costs, which is something industry is strongly motivated to avoid. Time composability is needed so that the timing behaviour of applications, determined in isolation, remains valid when they are composed during system integration. Without time composability integration of complex applications would become infeasible expensive. The transformation of real-time embedded systems into mixed criticality multicore and manycore systems is recognised as a strategically important research area in Europe and the USA.
The seminar focused on the two key conflicting requirements of Mixed Criticality Systems: separation between criticality levels for assurance and sharing for resource efficiency, along with the related requirement of time composability. The key research questions addressed were:
- How to provide effective guarantees of real-time performance to applications of different criticality levels via intelligent sharing of resources while respecting the requirements for asymmetric separation / isolation between criticality levels?
- How to provide asymmetric time separation between applications with different levels of criticality so that the impact of lower criticality applications on those of higher criticality can be tightly bounded independent of the behaviour or misbehaviour of the former, without significantly compromising guaranteed real-time performance?
- How to provide time composability for applications of different criticality levels, so that the timing behaviour of applications determined in isolation remains valid when they are composed during system integration?
The sessions of the seminar were structured around a set of themes. Particular attention was given to the interfaces between themes, as these are the areas that can benefit most from improved understanding and collaboration. The discussion groups were organized around the following themes that correspond to research challenges in mixed criticality systems (MCS):
- Platforms and Experimental Evaluation (see Section 5.1);
- Worst-Case Execution Time (see Section 5.2);
- Criticality (see Section 5.3);
- Probabilistic (see Section 5.4).
Organization of the Seminar
The seminar took place from 15th to 20th March 2015. The first day started with a keynote talk by Prof. Alan Burns (University of York), one of the most influential researchers in the Real-Time Systems field over the last 25 years. Alan reviewed advances in MCS research and underlined current open problems. An overview of his talk is provided in Section 3. The first day ended with presentations and feedback on real implementations (see Section 4) as well as identifying the main themes for group discussion.
The following three days started with presentations, which were followed by discussions either within the identified groups or in an open format.
The second day started with discussions about the motivation for mixed-criticality systems presented by three different participants (see Sections 4.4., 4.5 and 4.6). Different notations are used by different sub-communities and several presentations underlined these differences (see Sections 4.7, 4.8 and 4.9). An outline of the main ideas for probabilistic analysis of real-time systems provided the topics for the discussion group on probabilistic MCS (see Sections 4.10 and 4.11).
The morning of the third day commenced with discussions on the relation between time and MCS (see Section 4.11), which continued into the afternoon's hiking activity.
Starting from the fourth day a slot dedicated to anonymous mixed criticality supporters was added to the program allowing researchers new to the topic to identify open problems in MCS from the perspective of their different domains.
As detailed later in this report, the seminar enabled the real-time community to make important progress in articulating and reaching a common understanding on the key open problems in mixed criticality systems, as well as attracting new researchers to these open problems (see Section 6). The seminar also provided an ideal venue for commencing new collaborations, a number of which are progressing towards new research publications, see Section 7.
The seminar has helped define a research agenda for the coming years that could be supported by follow-up events, given the strong interest expressed by the participants of this seminar.
As organizers, we would like to thank Prof. Reinhard Wilhelm for encouraging us to submit the seminar proposal, Dagstuhl's Scientific Directorate for allowing us to run a seminar on mixed criticality systems, and to the staff at Schloss Dagstuhl for their superb support during the seminar itself. Finally, we would like to thank all of the participants for their strong interaction, presentations, group discussions, and work on open problems, sometimes into the early hours of the morning. We were very pleased to hear about the progress of new found collaborations, and to receive such positive feedback about the seminar itself. Thank you to everyone who participated for a most enjoyable and fruitful seminar.
- Yasmina Abdeddaim (ESIEE - Noisy le Grand, FR) [dblp]
- Sebastian Altmeyer (University of Amsterdam, NL) [dblp]
- James H. Anderson (University of North Carolina at Chapel Hill, US) [dblp]
- Sanjoy Baruah (University of North Carolina at Chapel Hill, US) [dblp]
- Marko Bertogna (University of Modena, IT) [dblp]
- Enrico Bini (Scuola Superiore Sant'Anna - Pisa, IT) [dblp]
- Björn B. Brandenburg (MPI-SWS - Kaiserslautern, DE) [dblp]
- David Broman (KTH Royal Institute of Technology, SE) [dblp]
- Alan Burns (University of York, GB) [dblp]
- Albert Cohen (ENS - Paris, FR) [dblp]
- Liliana Cucu-Grosjean (INRIA - Le Chesnay, FR) [dblp]
- Robert Davis (University of York, GB) [dblp]
- Suzanne Den Hertog (VU University of Amsterdam, NL) [dblp]
- Arvind Easwaran (Nanyang TU - Singapore, SG) [dblp]
- Pontus Ekberg (Uppsala University, SE) [dblp]
- Rolf Ernst (TU Braunschweig, DE) [dblp]
- Sébastien Faucou (University of Nantes, FR) [dblp]
- Nathan Fisher (Wayne State University, US) [dblp]
- Gerhard Fohler (TU Kaiserslautern, DE) [dblp]
- Chris Gill (Washington University - St. Louis, US) [dblp]
- Adriana Gogonel (INRIA - Le Chesnay, FR) [dblp]
- Joel Goossens (Free University of Brussels, BE) [dblp]
- Emmanuel Grolleau (ENSMA - Chasseneuil, FR) [dblp]
- Zhishan Guo (University of North Carolina at Chapel Hill, US) [dblp]
- Pengcheng Huang (ETH Zürich, CH) [dblp]
- Leandro Soares Indrusiak (University of York, GB) [dblp]
- Kai Lampka (Uppsala University, SE) [dblp]
- Björn Lisper (Mälardalen University - Västerås, SE) [dblp]
- Claire Maiza (VERIMAG - Grenoble, FR) [dblp]
- Alberto Marchetti-Spaccamela (SapienzaUniversity of Rome, IT) [dblp]
- Cristian Maxim (Airbus S.A.S. - Toulouse, FR) [dblp]
- Dorin Maxim (The Polytechnic Institute of Porto, PT) [dblp]
- Vincent Nelis (The Polytechnic Institute of Porto, PT) [dblp]
- Roman Obermaisser (Universität Siegen, DE) [dblp]
- Gabriel Parmer (George Washington University - Washington, US) [dblp]
- Sophie Quinton (INRIA - Grenoble, FR) [dblp]
- Jan Reineke (Universität des Saarlandes, DE) [dblp]
- Pascal Richard (ENSMA - Chasseneuil, FR) [dblp]
- Christine Rochange (Paul Sabatier University - Toulouse, FR) [dblp]
- Zoë Stephenson (Rapita Systems Ltd. - York, GB) [dblp]
- Sebastian Stiller (TU Berlin, DE) [dblp]
- Leen Stougie (CWI - Amsterdam, NL) [dblp]
- Lothar Thiele (ETH Zürich, CH) [dblp]
- Wang Yi (Uppsala University, SE) [dblp]
Verwandte Seminare
- Dagstuhl-Seminar 17131: Mixed Criticality on Multicore / Manycore Platforms (2017-03-26 - 2017-03-31) (Details)
Klassifikation
- networks
- operating systems
- optimization / scheduling
Schlagworte
- Real-Time Systems
- Mixed Criticality
- Multicore
- Manycore
- Scheduling
- Schedulability Analysis
- Timing Analysis
- Network-on-Chip
- Memory Architectures
- Worst-Case Execution time
- Real-Time Operating Systems