HIPEAC 2015. Segregation of Subsystems with Different Criticalities on Networked Multi-Core Chips in the DREAMS Architecture



Similar documents
Mixed-Criticality: Integration of Different Models of Computation. University of Siegen, Roman Obermaisser

Mixed-Criticality Systems Based on Time- Triggered Ethernet with Multiple Ring Topologies. University of Siegen Mohammed Abuteir, Roman Obermaisser

MultiPARTES. Virtualization on Heterogeneous Multicore Platforms. 2012/7/18 Slides by TU Wien, UPV, fentiss, UPM

Distributed Real-time Architecture for Mixed Criticality Systems

Industrial Application of MultiPARTES

The Temporal Firewall--A Standardized Interface in the Time-Triggered Architecture

Multicore partitioned systems based on hypervisor

XtratuM hypervisor redesign for LEON4 multicore processor

Applying Multi-core and Virtualization to Industrial and Safety-Related Applications

Real-time Operating Systems. VO Embedded Systems Engineering Armin Wasicek

A Data Centric Approach for Modular Assurance. Workshop on Real-time, Embedded and Enterprise-Scale Time-Critical Systems 23 March 2011

Open Source Implementation of Hierarchical Scheduling for Integrated Modular Avionics

Memory Isolation in Many-Core Embedded Systems

FlexRay A Communications Network for Automotive Control Systems

Deeply Embedded Real-Time Hypervisors for the Automotive Domain Dr. Gary Morgan, ETAS/ESC

Developing software for Autonomous Vehicle Applications; a Look Into the Software Development Process

Experience with the integration of distribution middleware into partitioned systems

Introduction to TTP and FlexRay real-time protocols

System Software and TinyAUTOSAR

Software Components for Reliable Automotive Systems

Comparison of FlexRay and CAN-bus for Real-Time Communication

Software Engineering for Real- Time Systems.

BASIC CONCEPTS AND RELATED WORK

Simple and error-free startup of the communication cluster. as well as high system stability over long service life are

ARINC-653 Inter-partition Communications and the Ravenscar Profile

Boeing B Introduction Background. Michael J. Morgan

VtRES Towards Hardware Embedded Virtualization Technology: Architectural Enhancements to an ARM SoC. ESRG Embedded Systems Research Group

Virtualization Technologies and Blackboard: The Future of Blackboard Software on Multi-Core Technologies

PikeOS: Multi-Core RTOS for IMA. Dr. Sergey Tverdyshev SYSGO AG , Moscow

Secure Containers. Jan Imagination Technologies HGI Dec, 2014 p1

Virtualization for Hard Real-Time Applications Partition where you can Virtualize where you have to

MiCART : Mixed Criticality Real-time Hypervisor

Notes and terms of conditions. Vendor shall note the following terms and conditions/ information before they submit their quote.

CORBA and object oriented middleware. Introduction

Real-Time Systems Hermann Härtig Real-Time Communication (following Kopetz, Liu, Schönberg, Löser)

Software Stacks for Mixed-critical Applications: Consolidating IEEE AVB and Time-triggered Ethernet in Next-generation Automotive Electronics

Outline. Introduction. Multiprocessor Systems on Chip. A MPSoC Example: Nexperia DVP. A New Paradigm: Network on Chip

Comparison of CAN, TTP and Flexray Communication Protocols

Real-Time Operating Systems for MPSoCs

Proactive, Resource-Aware, Tunable Real-time Fault-tolerant Middleware

Embedded & Real-time Operating Systems

THE RTOS AS THE ENGINE POWERING THE INTERNET OF THINGS

Trends in Embedded Software Engineering

BASIC CONCEPTS OF REAL TIME OPERATING SYSTEMS

Virtualization in the ARMv7 Architecture Lecture for the Embedded Systems Course CSD, University of Crete (May 20, 2014)

Hardware Based Virtualization Technologies. Elsie Wahlig Platform Software Architect

ARINC 653. An Avionics Standard for Safe, Partitioned Systems

SAN Conceptual and Design Basics

Deploying Global Clusters for Site Disaster Recovery via Symantec Storage Foundation on Infortrend Systems

MTCS Modular Train Control System

Hypervisors. Introduction. Introduction. Introduction. Introduction. Introduction. Credits:

SOC architecture and design

Safety and Security Features in AUTOSAR

Generic term for using the Ethernet standard in automation / industrial applications

Embedded Virtualization & Cyber Security for Industrial Automation HyperSecured PC-based Control and Operation

Linux A multi-purpose executive support for civil avionics applications?

ISOLATING UNTRUSTED SOFTWARE ON SECURE SYSTEMS HYPERVISOR CASE STUDY

Embedded Systems. 6. Real-Time Operating Systems

HP Serviceguard Cluster Configuration for Partitioned Systems

December, 7th, 2015, Assises de l Embarqué

Methods and Tools For Embedded Distributed System Scheduling and Schedulability Analysis

Designing Real-Time and Embedded Systems with the COMET/UML method

ELECTROTECHNIQUE IEC INTERNATIONALE INTERNATIONAL ELECTROTECHNICAL

WIND RIVER SECURE ANDROID CAPABILITY

Symmetric Multiprocessing

Flight Processor Virtualization

Enabling Technologies for Distributed and Cloud Computing

Seven Challenges of Embedded Software Development

Enabling Technologies for Distributed Computing

Real-Time Virtualization How Crazy Are We?

Hitachi Virtage Embedded Virtualization Hitachi BladeSymphony 10U

What is a System on a Chip?

AUTOSAR and Linux Single chip solution Implementation of Automotive Multipurpose ECU Prototype system using hypervisor solution

Syslog Analyzer ABOUT US. Member of the TeleManagement Forum

Standardized software components will help in mastering the. software should be developed for FlexRay were presented at

A M D DA S 1. 0 For the Manageability, Virtualization and Security of Embedded Solutions

Virtualization s Evolution

Safe-E. Safe-E Introduction. Coordination: Andreas ECKEL TTTech Computertechnik AG

Java Environment for Parallel Realtime Development Platform Independent Software Development for Multicore Systems

The MILS Component Integration Approach To Secure Information Sharing

Ethernet A Survey on its Fields of Application

Transcription:

HIPEAC 2015 Segregation of Subsystems with Different Criticalities on Networked Multi-Core Chips in the DREAMS Architecture University of Siegen Roman Obermaisser

Overview Mixed-Criticality Systems Modular Certification Fault Containment Integration Levels of Mixed-Criticality Systems Temporal and Spatial Partitioning of Time-Triggered Systems European Research Project DREAMS: Mixed-Criticality Systems based on Networked Multi-Core Chips 2

Mixed-Criticality Systems Need for mixed-criticality systems due to pressing requirement to reduce the number of nodes and cables Integration of functions with different importance and certification assurance levels on a shared computing platform Trend to multi-core platforms due to limited scalability of uniprocessors (Pollacks rule) Latest processors in industrial applications with multiple cores, but typically only one core is used when highly-critical tasks are involved 3

System Architecture for Mixed-Criticality Systems Architectural style with rules for the design of a mixedcriticality system Structuring the system into components (e.g., component model, interface types) Defining component interactions and linking interfaces (LIFs), e.g., time model, interaction patterns, fault model Platform with architectural services (e.g., communication, diagnosis, fault-tolerance) as a stable baseline for the implementation and integration of applications 4

Modular Certification Composition of safety arguments from individual subsystems Each application subsystem is certified to the respective level of criticality Generic arguments of a verified platform Fault containment is a fundamental requirement for modular certification "...all the hardware and software shall be treated as safety-related unless it can be shown that the implementation of the safety and non-safety functions is sufficiently independent. [IEC 61508-2, Ed. 2, p.20] Application Subsystem Component Logical View Physical View Computational Node Comm. Network Physical View

Fault Containment and Encapsulation Establishment of Fault Containment Regions (FCRs) as delimiter of the immediate impact of a fault Depends on fault assumptions (e.g., physical faults vs. design faults) Determines containment coverage of fault hypothesis Prevent or bound interference and unintended side-effects due to integration Temporal Partitioning: temporal encapsulation of resources (e.g., latency, jitter, duration of availability during a scheduled access) Spatial Partitioning: prevent FCR from altering code or private data of other partitions 6

Time-Triggered Control Schedule plan provides control signals with respect to a global time base Important in many safety-critical systems (e.g., TTP in avionics, FlexRay in automotive) Properties Temporal predictability Fault containment Absence of interference Composability Determinism 7

Time-Triggered Networks at Cluster-Level Fault containment and absence/bounding of interference using TDMA scheme enforced by local or central guardians Guardians have a priori knowledge about the permitted behavior of components Host Blocking of untimely CNI Host messages (e.g., babbling CNI idiot) Central Guardian Blocking of invalid Host CNI messages (e.g., syntax, Host CNI addressing, slightly-offspecification) Examples: TTEthernet, TTP, FlexRay, SAFEbus Host CNI Central Guardian Host CNI Host CNI Host CNI

Time-Triggered Network at Chip-Level Time-Triggered Network-on-a-Chip Global time base despite multiple clock domains Source-controlled behavior of network using network using trusted network interfaces Exclusive slots for components using a TDMA scheme Network interface as guardian for a component Trusted Resource Manager (TRM) as guardian for configuration Trusted Subsystem Trusted Resource Manager (TRM) Network Interface Component Network Interface Application-Specific Subsystem Component Network Interface Time-Triggered Network-on-Chip Network Interface Network Interface Component Network Interface Network Interface Component Component Component Component

Time-Triggered Operating Systems and Hypervisors Temporal partitioning using static cyclic schedule tables based on a time-triggered execution plan Spatial partitioning typically based on a Memory Management Unit (MMU) Multi-level hierarchic scheduling with guest operating systems in partitions Examples: XtratuM PikeOS LynxOS178 Partition Partition Partition Application GuestOS e.g., Lithos Application GuestOS e.g., Linux Hypervisor / OS VxWorks Hardware Application 10

Research Challenge: Networked Multi-Core Chips Temporal unpredictability of multi-core processors Shared resources are a source of indeterminism in execution time analysis: cache, memory accesses, bus arbitration policy No clear understanding for effects of inter-task interferences on timing analysis Low-criticality tasks must not create unpredictable effects on the execution of critical ones (time analysability) Interconnection of multi-core processors Satisfy resource requirements exceeding the resources of a single node computer Higher system reliability than component reliability End-to-end systems engineering addressing significant extra functional properties (e.g., time, energy, reliability, security) 11

Research Challenge: Heterogeneity Mixed-criticality systems typically exhibit heterogeneous platform requirements in addition to different criticality levels Dissimilar requirements in terms of timing (e.g., firm, soft, hard, non real-time) Different models of computation (e.g., dataflow, time-triggered messaging, distributed shared memory). 12

European Research Project DREAMS Project full title: Distributed REal-time Architecture for Mixed criticality Systems Project duration: October 1, 2013 Sept. 30, 2017 Type of project: Integrated Project (IP) Budget Total: 15.5 mill. EUR Industry SME Thales SA Alstom Wind S.L. STMicroelectronics TÜV Rheinland TTTech RealTime At Work Virtual Open Systems FENTISS France Spain France Germany Austria France France Spain Research O. Univ. ONERA Ikerlan SINTEF Fortiss Universität Siegen TU Kaiserslautern UPV TEI France Spain Norway Germany Germany Germany Spain Greece 13

Project Description Mixed-criticality architecture based on networked multicore chips 1. Architectural style and modelling methods 2. Virtualization technologies for security, safety, real-time performance, integrity in networked multi-core chips 3. Adaptation strategies for mixed-criticality systems 4. Development methodology and tools based on modeldriven engineering 5. Certification and mixed-criticality product lines 6. Feasibility of DREAMS architecture in real-world scenarios 7. Promoting widespread adoption and community building 28.01.2015 14

Main Technical Activities Cross-domain architectural style and models for MCS Modular certification and mixed-criticality product lines Platform with virtualization at chip and network level Adaptation strategies for mixed-criticality systems Development methodology, variability management and tools HEALTHCARE AVIONICS WIND POWER Avionic Flight Control Service (Safety Critical, Class A) Entertainment / Multimedia (Not Safety-Relevant) PID Pilot Controls Services of APEX Diagnosis Service Robustness Services Sensors Services of IEC 61131 I/O Service Storage Domain-Independent Core Services for Mixed-Criticality Systems Secure and Fault-Tolerant. Timely and Secure Timely and Secure Integrated Resource Global Time. Communication Execution Management Base. for TSP for TSP for TSP Different implementation choices at chip-level and cluster level 28.01.2015 15

Main Outcome and Results Reduced development cost and time-to-market for mixedcriticality applications Exploitation of economies of scale through cross-domain components and tools Consolidation and integration of virtualization solutions and development methods from previous projects Significant advances in virtualization techniques leading to higher reliability, security and safety Higher flexibility, adaptability and energy efficiency through integrated resource management Leverage multi-core platforms for a system perspective of mixed-criticality applications combining the chip-level and network-level 28.01.2015 16

Conclusion Increasing importance of mixed-criticality systems based on multi-core processors Temporal and spatial partitioning is the foundation for mixed-criticality integration and modular certification Technological challenges in end-to-end virtualization of resources and heterogeneous models of computations 17

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information