

# Activity Report 2019

# **Team KOPERNIC**

# Keeping wOrst case reasoning aPpropriatE foR differeNt critICalities

Inria teams are typically groups of researchers working on the definition of a common project, and objectives, with the goal to arrive at the creation of a project-team. Such project-teams may include other partners (universities or research institutions).

RESEARCH CENTER Paris

THEME Embedded and Real-time Systems

## **Table of contents**

| 1.  | Team, Visitors, External Collaborators                                                     | . 1 |
|-----|--------------------------------------------------------------------------------------------|-----|
| 2.  | Overall Objectives                                                                         | . 2 |
| 3.  | Research Program                                                                           | . 3 |
|     | 3.1. Worst case execution time estimation of a program                                     | 3   |
|     | 3.2. Deciding the schedulability of all programs running within the same cyber component   | 4   |
|     | 3.3. Deciding the schedulability of all programs communicating through predictable and non | 1-  |
|     | predictable networks                                                                       | 4   |
| 4.  | Application Domains                                                                        | 5   |
|     | 4.1. Avionics                                                                              | 5   |
|     | 4.2. Railway                                                                               | 5   |
|     | 4.3. Autonomous cars                                                                       | 5   |
|     | 4.4. Drones                                                                                | 5   |
| 5.  | Highlights of the Year                                                                     | . 5 |
| 6.  | New Software and Platforms                                                                 | . 5 |
|     | 6.1. SynDEx                                                                                | 5   |
|     | 6.2. EVT Kopernic                                                                          | 6   |
| 7.  | New Results                                                                                | . 7 |
|     | 7.1. Uniprocessor Mixed-Criticality Real-Time Scheduling                                   | 7   |
|     | 7.2. Multicore processor graph tasks scheduling                                            | 7   |
|     | 7.3. Power consumption of probabilistic real-time systems                                  | 8   |
|     | 7.4. Data-oriented scheduling approaches                                                   | 8   |
| 8.  | Partnerships and Cooperations                                                              | . 9 |
|     | 8.1. National Initiatives                                                                  | 9   |
|     | 8.2. European Initiatives                                                                  | 9   |
|     | 8.3. International Research Visitors                                                       | 9   |
| 9.  | Dissemination                                                                              | . 9 |
|     | 9.1. Promoting Scientific Activities                                                       | 9   |
|     | 9.1.1. Scientific Events: Organisation                                                     | 9   |
|     | 9.1.2. Scientific Events: Selection                                                        | 10  |
|     | 9.1.2.1. Chair of Conference Program Committees                                            | 10  |
|     | 9.1.2.2. Member of the Conference Program Committees                                       | 10  |
|     | 9.1.3. Journal                                                                             | 10  |
|     | 9.1.4. Scientific Expertise                                                                | 10  |
|     | 9.1.5. Research Administration                                                             | 10  |
|     | 9.2. Teaching - Supervision - Juries                                                       | 10  |
|     | 9.2.1. Teaching                                                                            | 10  |
|     | 9.2.2. Supervision                                                                         | 10  |
|     | 9.2.3. Juries                                                                              | 11  |
|     | 9.5. Popularization                                                                        | 11  |
|     | 9.5.1. Articles and contents                                                               | 11  |
|     | 9.5.2. Euleanon<br>0.3.3 Interventions                                                     | 11  |
| 10  | 7.J.J. IIICI VEILUOIIS<br>Bibliography                                                     | 11  |
| 10. | Divilography                                                                               |     |

## Team KOPERNIC

Creation of the Team: 2018 July 03

## **Keywords:**

## **Computer Science and Digital Science:**

A1.1.1. - Multicore, Manycore
A1.5. - Complex systems
A1.5.1. - Systems of systems
A1.5.2. - Communicating systems
A2.3. - Embedded and cyber-physical systems
A2.3.1. - Embedded systems
A2.3.2. - Cyber-physical systems
A2.3.3. - Real-time systems
A2.4.1. - Analysis

## **Other Research Topics and Application Domains:**

B5.2. - Design and manufacturingB5.2.1. - Road vehiclesB5.2.2. - RailwayB5.2.3. - AviationB5.2.4. - AerospaceB6.6. - Embedded systems

# 1. Team, Visitors, External Collaborators

### **Research Scientists**

Liliana Cucu [Team leader, Inria, Researcher, HDR] Yves Sorel [Inria, Senior Researcher]

#### **Post-Doctoral Fellow**

Roberto Medina Bonilla [Inria, Post-Doctoral Fellow, from Feb 2019]

#### **PhD Students**

Slim Ben Amor [Inria, PhD Student] Evariste Ntaryamira [France Embassy at Burundi, PhD Student, from May 2016] Walid Talaboulma [Inria, PhD Student] Kevin Zagalo [Inria, PhD Student, from Oct 2019]

#### **Technical staff**

Rihab Bennour [Inria, Engineer] Mehdi Mezouak [Inria, Engineer, until Oct 2019]

#### **Interns and Apprentices**

Maelic Louart [École Normale Supérieure de Cachan, from Apr 2019 until Aug 2019] Evariste Ntaryamira [Inria, until Mar 2019] Larissa Otsuka Peterlevitz Frigerio [Inria, from May 2019 until Jul 2019] Kartikeya Singh [Inria, from May 2019 until Jul 2019]

#### Administrative Assistants

Christine Anocq [Inria, Administrative Assistant]

Nelly Maloisel [Inria, Administrative Assistant]

#### Visiting Scientist

George Lima [Inria, from Jul 2019 until Aug 2019]

#### **External Collaborator**

Adriana Gogonel [Statinf]

# 2. Overall Objectives

## 2.1. Overall Objectives

The Kopernic members are focusing their research on studying **time for embedded communicating systems**, also known as cyber-physical systems.

The term cyber-physical systems refers to a new generation of systems with integrated computational and physical capabilities that can interact with humans through many new modalities [15]. A defibrillator, a mobile phone, an autonomous car or an aircraft, they all are CPSs. Beside constraints like power consumption, security, size and weight, CPSs may have cyber components required to fulfill their functions within a limited time interval (a.k.a. dependability), often imposed by the environment, e.g., a physical process controlled by some cyber components. The appearance of communication channels between cyber-physical components, easing the CPS utilization within larger systems, forces cyber components with high criticality to interact with lower criticality cyber components. This interaction is completed by external events from the environnement that has a time impact on the CPS. Moreover, some programs of the cyber components may be executed on predictable processors and other programs on less predictable processors. For instance, a drone that supervises an airport area may be pictured continually interacting with the airport control tower and the pilotes of the airplanes. In this exemple, the drone, the tower and the airplanes belong to a large CPS.

Different research communities study separately the three design phases of these systems: the modeling, the design and the analysis of CPSs [23]. These phases are repeated iteratively until an appropriate solution is found. During the first phase, the behavior of a system is often described using model-based methods. Other methods exist, but model-driven approaches are widely used by both the research and the industry communities. A solution described by a model is proved (functionally) correct usually by a formal verification method used during the analysis phase (third phase described below).

During the second phase of the design, the physical components (e.g., sensors and actuators) and the cyber components (e.g., programs, messages and embedded processors) are chosen often among those available on the market. However, due to the ever increasing pressure of smartphone market, the microprocessor industry provides general purpose processors based on multicore and, in a near future, based on manycore processors. These processors have complex architectures that are not time predictable due to features like multiple levels of caches and pipelines, speculative branching, communicating through shared memory or/and through a network on chip, internet, etc. Therefore, nowadays the CPS industry is facing the great challenge of estimating the corresponding worst case execution times of programs executed on these processors. Indeed, the current complexity of both processors and programs does not allow to propose reasonable worst case bounds. Then, the phase of design ends with the implementation of the cyber components on such processors, where the models are transformed in programs (or messages for the communication channels) manually or by code generation techniques [17].

During the third phase of analysis, the correctness of the cyber components is verified at program level where the functions of the cyber component are implemented. The execution times of programs are estimated either by static analysis, by measurements or by a combination of both approaches [30].

The time properties of a cyber component are subject to variability factors. We understand by variability the distance between the smallest value and the largest value of a time property. With respect to the time properties of a CPS, the factors may be classified in three main classes:

- program structure: for instance, the execution time of a program that has two main branches is obtained, if appropriate composition principles apply, as the maximum between the largest execution time of each branch. In this case the branch is a variability factor on the execution time of the program;
- processor structure: for instance, the execution time of a program on a less predictable processor (e.g., one core, two levels of cache memory and one main memory) will have a larger variability than the execution time of the same program executed on a more predictable processor (e.g., one core, one main memory). In this case the cache memory is a variability factor on the execution time of the program;
- execution environnement: for instance, the appearance of a pedestrian in front of a car triggers the execution of the program corresponding to the brakes in an autonomous car. In this case the pedestrian is a variability factor for triggering the execution of some programs. Moreover, the execution environnement may trigger branches of the programs, according to their structure.

Verifying that time properties of a CPS are met is often formalized as a scheduling problem [25], where the programs should be provided a start time within the schedule together with an assignment of resources (processor, memory, communication, etc.). The verification of a solution for a scheduling problem is known as schedulability analysis.

A cyber-physical system (CPS) has cyber (or computational) components and physical components that communicate. Our team deals with the problem of studying time properties (execution time of a program or a set of communicating programs, etc.) of the cyber components of a CPS. The cyber components may implement functions with different criticalities with respect to time and a solution should come with associated proofs of its *appropriateness* for each criticality. A solution is appropriate for a criticality level if all functions fulfill the expectations of that criticality level. Based on their mathematical foundations, the solutions are:

- either classic (or non-probabilistic) when all time properties are estimated and/or upper bounded by numerical values;
- or probabilistic when at least one time property is estimated and/or upper bounded by probability distributions.

The Kopernic members propose a **system-oriented solution** to the problem of studying time properties of the cyber components of a CPS. The solution is expected to be obtained by composing probabilistic and non-probabilistic approaches for CPSs.

We identify three main scientific objectives developed in Sections 3.1, 3.2 and 3.3. These objectives are presented from program level, where we use statistical approaches, to the level of all programs, where we use probabilistic and non-probabilistic approaches.

# **3. Research Program**

## **3.1.** Worst case execution time estimation of a program

Modern processors induce an increased variability of the execution time of programs, making difficult (or even impossible) a complete static analysis. Our objective is to propose a solution composing probabilistic and non-probabilistic approaches based both on static and on statistical analyses by answering the following **scientific challenges**:

- a classification of the variability of execution times of a program with respect to the processor features. We will use as first measure our statistical estimator based on the Extreme Value Theory [18], [20]. An implementation of the estimator is available at http://inria-rscript.serveftp.com. The access to this later page requires a login (aoste) and a password (aoste). The difficulty of this challenge is related to the definition of an element belonging to the set of variability factors and its mapping to the execution time of the program.
- 2. a compositional rule of statistical models based on Bayesian approaches. The difficulty of this challenge comes from the fact that a global maximum cannot be obtained by upper bounding the corresponding local maxima. We will use as first rule of composition a Bayesian approach [22]. We consider as first statistical model those obtained by any static analysis of the program on a basic processor. Through the Bayesian approach we add iteratively the variability due to each processor feature as a new statistical model. The convergence of the global model is decided once no variability is detected at the level of the statistical estimator providing the bounds on the execution time of the program.

The problem of estimating the worst case execution time of a program is an excellent opportunity for the Extreme Values community to validate and to evolve as the context of obtaining measures is indefinitely reproducible.

# **3.2.** Deciding the schedulability of all programs running within the same cyber component

In this context, the programs may have different time criticalities, but they share the same processor, possibly multicore <sup>1</sup>. Our objective is to propose a solution composing probabilistic and non-probabilistic approaches based on answers to the following **scientific challenges**:

- scheduling algorithms taking into account the interaction between different variability factors. The proposed scheduling algorithms are the theoretical bases of a scheduler able to guarantee the time constraints of the cyber component. The existence of time parameters described by probability distributions imposes to answer to the challenge of revisiting scheduling algorithms that lose their optimality even in the case of an unicore processor [26]. Moreover, the multicore partionning problem is, also, recognized difficult for the non-probabilistic case [29];
- 2. schedulability analyses based on the algorithms proposed previously. In the case of predictable processors, the schedulability analyses accounting for operating systems costs increase the dependability of CPSs [28]. Morever, in presence of variability factors, the additivity property of non-probabilistic approaches is lost and new composition principles are required. We will propose new composition principles based on our preliminary results on the propagation of the probabilistic constraints [16]. The definition of these principles form the challenge related to this objective.

## **3.3. Deciding the schedulability of all programs communicating through** predictable and non-predictable networks

In this case the programs of the same cyber component execute on the same processor and they may communicate with the programs of other cyber components through networks that may be predictable (network on chip) or non-predictable (internet, telecommunications). Our objective is to propose a solution to the challenge of analysing schedulability of programs, for which existing (worst case) probabilistic solutions exist [27], communicating through networks, for which probabilistic worst-case solutions [19] and average solutions exist [24]. Our solution is based on the results obtained for the two first objectives, making this third objective a longer-term one.

<sup>&</sup>lt;sup>1</sup>This case is referred as a mixed criticality approach.

# 4. Application Domains

## 4.1. Avionics

This work is based on a direct collaboration between Airbus and Inria, complementary to collaborative projects like PIA LEOC Capacites and CIFRE thesis. The time critical solutions in this context are based on temporal and spatial isolation of the programs and the understanding of multicore interferences is crucial. Our contributions belong mainly to the solutions space for the objective identified in Section 3.1.

## 4.2. Railway

This work is based on a direct collaboration with Clearsy and SNCF, complementary to collaborative projects like PIA BGLE Departs and FUI 21 Waruna. The time critical solutions in this context concern both the proposition of an appropriate scheduler and associated schedulability analyses. Our contributions belong to the solutions space of problems dealt within the objectives identified in Section 3.1.

### 4.3. Autonomous cars

This work is based on a direct collaboration with RITS (Inria project team). The time critical solutions in this context concern the interaction between programs executed on multicore processors and messages transmitted through wireless communication channels. Our contributions belong to the solutions space of all three classes of problems dealt within the objectives identified in Section 3.2.

## 4.4. Drones

This work is based on the collaborative project FUI/FEDER 22 Ceos. As in the case of autonomous cars, there is an interaction between programs and messages, suggesting that our contributions in this context belong to the solutions space of all three classes of problems dealt within the objectives identified in Section 3.2.

# 5. Highlights of the Year

## 5.1. Highlights of the Year

The Kopernic research results on statistical estimation of execution time bounds has been transferred to a startup, led by Adriana Gogonel, postdoctoral student in Kopernic team. The start-up, Statinf, has been a Carnot 2019 and Wilco 2019 laureate and it has integrated the Agoranov Deeptech incubator since September 2019.

The Kopernic leader, Liliana Cucu-Grosjean has been the IEEE RTSS2019 Track co-chair as well as the DATE2020 Real-time Systems Track co-chair.

# 6. New Software and Platforms

## 6.1. SynDEx

KEYWORDS: Distributed - Optimization - Real time - Embedded systems - Scheduling analyses

SCIENTIFIC DESCRIPTION: SynDEx is a system level CAD software implementing the AAA methodology for rapid prototyping and for optimizing distributed real-time embedded applications. It is developed in OCaML.

Architectures are represented as graphical block diagrams composed of programmable (processors) and non-programmable (ASIC, FPGA) computing components, interconnected by communication media (shared memories, links and busses for message passing). In order to deal with heterogeneous architectures it may feature several components of the same kind but with different characteristics. Two types of non-functional properties can be specified for each task of the algorithm graph. First, a period that does not depend on the hardware architecture. Second, real-time features that depend on the different types of hardware components, ranging amongst execution and data transfer time, memory, etc.. Requirements are generally constraints on deadline equal to period, latency between any pair of tasks in the algorithm graph, dependence between tasks, etc.

Exploration of alternative allocations of the algorithm onto the architecture may be performed manually and/or automatically. The latter is achieved by performing real-time multiprocessor schedulability analyses and optimization heuristics based on the minimization of temporal or resource criteria. For example while satisfying deadline and latency constraints they can minimize the total execution time (makespan) of the application onto the given architecture, as well as the amount of memory. The results of each exploration is visualized as timing diagrams simulating the distributed real-time implementation.

Finally, real-time distributed embedded code can be automatically generated for dedicated distributed realtime executives, possibly calling services of resident real-time operating systems such as Linux/RTAI or Osek for instance. These executives are deadlock-free, based on off-line scheduling policies. Dedicated executives induce minimal overhead, and are built from processor-dependent executive kernels. To this date, executives kernels are provided for: TMS320C40, PIC18F2680, i80386, MC68332, MPC555, i80C196 and Unix/Linux workstations. Executive kernels for other processors can be achieved at reasonable cost following these examples as patterns.

FUNCTIONAL DESCRIPTION: Software for optimising the implementation of embedded distributed real-time applications and generating efficient and correct by construction code

NEWS OF THE YEAR: We improved the distribution and scheduling heuristics to take into account the needs of co-simulation.

- Participant: Yves Sorel
- Contact: Yves Sorel
- URL: http://www.syndex.org

## 6.2. EVT Kopernic

KEYWORDS: Embedded systems - Worst Case Execution Time - Real-time application - Statistics

SCIENTIFIC DESCRIPTION: The EVT-Kopernic tool is an implementation of the Extreme Value Theory (EVT) for the problem of the statistical estimation of worst-case bounds for the execution time of a program on a processor. Our implementation uses the two versions of EVT - GEV and GPD - to propose two independent methods of estimation. Their results are compared and only results that are sufficiently close allow to validate an estimation. Our tool is proved predictable by its unique choice of block (GEV) and threshold (GPD) while proposant reproducible estimations.

FUNCTIONAL DESCRIPTION: EVT-Kopernic is tool proposing a statistical estimation for bounds on worstcase execution time of a program on a processor. The estimator takes into account dependences between execution times by learning from the history of execution, while dealing also with cases of small variability of the execution times.

NEWS OF THE YEAR: Any statistical estimator should come with an representative measurement protocole based on the processus of composition, proved correct. We propose the first such principle of composition while using a Bayesien modeling taking into account iteratively different measurement models. The composition model has been described in a patent submitted this year with a scientific publication under preparation.

- Participants: Adriana Gogonel and Liliana Cucu
- Contact: Adriana Gogonel
- URL: http://inria-rscript.serveftp.com/

# 7. New Results

## 7.1. Uniprocessor Mixed-Criticality Real-Time Scheduling

In the context of the FUI CEOS project 8.1.1.1, last two years we transformed the free software program PX4, which performs the autopilot of the CEOS drone, in a graph of hard real-time tasks. This transformation was intended to achieve a schedulability analysis guaranteeing the autopilot is able to perform safety critical missions since its behaviour is deemed to be hard real-time, i.e., all deadlines of all tasks are satisfied. It is worth noting that the autopilot is one of the most important programs of the drone since it maintains its stability not only during hover phases but also during automatic flight missions from one GPS point to another. This transformation resulted in a "real-time autopilot" that we called PX4-RT.

For the first version of PX4-RT we chose, as periods, the periods used in the original version of PX4 which was not hard real-time as we shown last year. Then, since these periods was inherited from an automatic control analysis achieved by initial designers of PX4 in a non hard real-time context, we had to determine the right combination of periods of tasks, allowing on the one hand to correctly control the drone, and on the other hand, using a schedulabilty analysis, to satify all the deadlines. In order to achieve this goal, we used a hardware in the loop simulation (HitL) which simulates only the sensors and the actuators, whereas the PX4-RT program runs on the Pixhawk board based on an ARM Cortex-M4 uniprocessor. Eventually, we determined some period combinations that fit our needs, other combinations did not allow the drone to follow correctly the given mission or resulted in a crash. Moreover, we verified that all the right combinations led to a schedulable set of tasks, meaning that corresponding versions of PX4-RT were hard real-time. Finally, we used with success the best combination of periods to run PX4-RT on the real drone of CEOS during a simple flight. Of course, we plan to achieve numerous realistic flights planned in the three industrial use cases of the CEOS project.

In addition to this study intended to determine the right combination of periods, we addressed two other issues. In the first one we tried to decrease the worst case execution times (WCET) of tasks in order to increase the schedulability ratio. Such decrease allows to add on the same processor new tasks presently executed on other processors, e.g., mission planning, fault tolerance, etc. Since we found out that the Kalman filter had the largest measured execution time of all the tasks, we studied the Kalman filter algorithm implemented in PX4 to decrease its WCET. We suppressed the two states of the Kalman Filter corresponding to the wind speed estimation since our drone do not have a sensor measuring this speed. Then, we suppressed the three states of the Kalman filter corresponding to the accelerometer bias whose standard deviation was close to zero. Each of these modifications brought an improvement of 15 percent in term of largest measured execution time without decreasing the performances of the drone. In the second issue we started a theoretical study about relations between the stability of a set of automatic control laws and the schedulability of the corresponding set of real-time tasks. In the literature some results exist about one control law corresponding to one real-time task. To the best of our knowledge there is no result for a set of control laws that exchange data.

Finally, we deeply studied NuttX the real-time operating system used presently to support PX4 and PX4-RT autopilot programs. Indeed, we plan to modify the scheduler of this operating system in order to manage real-time tasks more safely. In order to do that we will draw inspiration from the technique proposed in our time triggered offline scheduler that accounts for the preemption and scheduler cost [14].

## 7.2. Multicore processor graph tasks scheduling

Due to widespread of multicore processors on embedded and real-time systems, we concentrate our work on the study of the schedulability of real-time tasks with precedence constraints on such processors. We consider preemptive fixed-priority scheduling policies. First, we have proposed a response time analysis for directed acyclic graphs task model with non-probabilistic execution time and preemptive fixed-priority scheduling policy [10]. Our response time analysis improves importantly the state of the art analyses, while allowing scalable extensions for response time analysis of tasks with worst case execution times described by probability distributions. We extend this response time analysis to similar task model with probabilistic worst case execution time with the advantage of providing efficient results also for task model with nonprobabilistic worst case execution times. Our response time analysis is based on iterative equations which offer run-time enhancement compared to existing work [21] requesting the resolution of complex MILP optimization problem. In addition, we have defined priority on sub-task level enhancing the schedulability and reducing the worst-case response time. The proposed priority assignment algorithm is adapted for the studied task model and it outperforms several state-of-the art methods. We have also proposed a partitioning heuristic that assigns each sub-task to a given core. This heuristic takes into consideration communication delays between sub-tasks inside the same graph in order to minimize the communication while balancing different cores load and maximizing possible parallelism. The proposed heuristics and response time analysis (RTA) are validated on randomly generated task sets and on the PX4-RT drone autopilot programs developed by Kopernic team in FR FUI21 CEOS project.

## 7.3. Power consumption of probabilistic real-time systems

Energy consumption on real-time systems is a crucial problem nowadays as these systems are becoming complex and are expected to deliver more and more functionalities. At the same time, while the processing demand increases, the vast majority of these systems are powered by batteries and are deployed in hazardous environments making their maintenance difficult and impractical. Existing works on energy consumption and real-time systems are often based on a technique called Dynamic Voltage and Frequency Scaling (DVFS). The principle of this technique is to reduce the frequency of the processor in order to lower its input voltage, consequently reducing the energy required to power the processor. Nevertheless, by reducing the frequency of the processor, programs tend to take more time to complete their execution. In the context of real-time systems, programs need to finish their execution before a given deadline. Therefore, the goal of DVFS techniques is to derive proper frequencies that minimize energy consumption and still ensure that all deadlines of all the programs will be respected. Works carried during this postdoc are twofold. The first contribution consisted in observing how the Worst-Case Execution Time (WCET) of programs varies with regards to the frequency of the processor. Many existing works have considered that the WCET is completely scalable, i.e., a simple factor can be applied to derive a new WCET under a different frequency setup. Nevertheless, researchers have recognize that this hypothesis may be too optimistic since other components, that do not run at the same speed as the processor, e.g., the memory, are used by programs. We derived an experimental setup to observe how the execution of programs varied by setting different frequencies on the processor and the memory. We measured CPU cycles and execution times and it was clear from our experiments that the theoretical speedup bound that should be achieved when the processor is running at its maximum speed is never achieved. We also observed, that DVFS techniques could also be applied to the memory of the system, since some programs do not perform many memory request. Our experiments led to a short paper accepted for the Work-in-Progress session of the 40th Real-Time System Symposium. The paper also introduced the task model that will be used as a basis of the next contribution of the postdoc. This next contribution consists in developing RTA techniques for probabilistic real-time systems in order to derive hardware frequency setups. The inclusion of probabilistic real-time system is motivated by the ever-increasing demand of functionalities for this type of systems. To the best of our knowledge, DVFS techniques in conjunction with probabilistic real-time systems have never been studied. The solution to this optimization problem is ongoing work while preparing the submission of first results beginning of February 2020.

## 7.4. Data-oriented scheduling approaches

We consider the scheduling problem of tasks using an inter-task communication model based on a circular buffer, which eases the data consistency between tasks [13], [12]. The tasks are scheduled on one processor by a fixed priority preemptive scheduling algorithm and they have implicit deadlines. We provide a formal method calculating the optimal size for each of the buffers while ensuring data consistency, i.e., it is required that a buffer slot is accessed for reading the input data. This later slot will never be used by the producer task to write new data before the execution completion of the instances of all consumers that are currently reading from this slot. As a second contribution, we provide an analytical characterization of the temporal

validity and reachability properties of the data flowing in between communicating tasks. These two properties are characterized by considering both tasks execution and data propagation orders. Moreover, we assume that a task instance reads all its inputs data at its activation time and writes back the output data at the completion time where this data becomes immediately available for consumption. Given that, they may be several data samples available in the buffer, we say that a data sample is fresh or temporal valid if, since the time instant it is produced, its producer has not completed another execution. Given that, we use buffers whose size may be larger than one, it is obvious that the consumer task will not implicitly know which data is temporally valid. In order to use the data that reflects the current status of the system environment (valid data), we introduce a novel parameter; the sub-sampling rate used within two scheduling algorithms. These scheduling algorithms ensure the data consistency and temporal validity, while deadlines are met.

# 8. Partnerships and Cooperations

## 8.1. National Initiatives

### 8.1.1. FUI

#### 8.1.1.1. CEOS

This project was started on May 2017. Partners of the project are: ADCIS, ALERION, Aeroport de Caen, EDF, ENEDIS, RTaW, EDF, Thales Communications and Security, ESIEE engineering school and Lorraine University. The CEOS project delivers a reliable and secure system of inspections of pieces of works using professional mini-drone for Operators of Vital Importance coupled with their Geographical Information System. These inspections are carried out automatically at a lower cost than current solutions employing helicopters or off-road vehicles. Several software applications proposed by the industrial partners, are developed and integrated in the drone, within an innovative mixed-criticality approach using multi-core platforms.

## 8.2. European Initiatives

## 8.2.1. Collaborations with Major European Organizations

University of York: Real-Time System Group (UK)

Uncertainties in real-time systems: the utilization of extreme value theory has received increased efforts from our community and more rigorous principles are needed for its full understanding. Our two research teams have gathered these principles in a joint publication.

## 8.3. International Research Visitors

#### 8.3.1. Visits of International Scientists

- Prof. Christopher Gill, Washington University in St. Louis (May 2019).
- Robert Davis, University of York (July 2019).

8.3.1.1. Internships

• Kartikeya Singh (India).

## 9. Dissemination

## 9.1. Promoting Scientific Activities

### 9.1.1. Scientific Events: Organisation

## 9.1.1.1. Local Chair

The Kopernic team has hosted the 10th edition of the RTSOPS in July 2019.

## 9.1.2. Scientific Events: Selection

9.1.2.1. Chair of Conference Program Committees

Liliana Cucu-Grosjean is the track chair of IEEE RTSS2019 and DATE2020 Track co-chair for real-time systems

#### 9.1.2.2. Member of the Conference Program Committees

• Liliana Cucu: ACM RACS, RTNS, WFCS

## 9.1.3. Journal

### 9.1.3.1. Reviewer - Reviewing Activities

All members of the team are regularly serving as reviewers for the main journals of our domain: Information Processing Letter, Journal of Heuristics, Journal of Real-Time Systems, Journal of Systems Architecture, Journal of Signal Processing Systems, Leibniz Transactions on Embedded Systems, IEEE Transactions on Industrial Informatics, etc.

#### 9.1.4. Scientific Expertise

- Yves Sorel: Steering Committee of System Design and Development Tools Group of Systematic Paris-Region Cluster.
- Yves Sorel: Steering Committee of Technologies and Tools Program of SystemX Institute for Technological Research (IRT).

#### 9.1.5. Research Administration

- Liliana Cucu-Grosjean is co-chair of Inria Committee on gender equality and equal opportunities
- Yves Sorel is chair of the CUMI Paris center commission
- Liliana Cucu-Grosjean was member of Inria Evaluation Commission until September 2019
- Liliana Cucu-Grosjean is member of Inria Scientific Board and CAP CRCN since September 2019
- Liliana Cucu-Grosjean is member of Paris CLHSCT
- Liliana Cucu-Grosjean is member of CES Paris commission
- Yves Sorel is member of the CDT Paris center commission

## 9.2. Teaching - Supervision - Juries

## 9.2.1. Teaching

Master: Yves Sorel, Optimization of distributed real-time embedded systems, 38H, M2, University of Paris Sud, France

Master: Yves Sorel, Safe design of reactive systems, 18H, M2, ESIEE Engineering School, Noisy-Le-Grand, France

Engineering school: Liliana Cucu-Grosjean, Graph theory, 30H, ESIEE, Cergy, France

Master: Liliana Cucu-Grosjean, Software Engineering, 30H, ESIEE, Noisy-le-Grand, France

Master: Adriana Gogonel, Machine learning, 30H, ESIEE, Noisy-le-Grand, France

## 9.2.2. Supervision

PhD in progress: Kevin Zagalo, Statistical predictability of cyber-physical systems, UMPC, started on October 2019, supervised by Liliana Cucu and Prof. Avner Bar-Hen (CNAM)

PhD in progress: Evariste Ntaryamira, Analysis of embedded systems with time and security constraints, UPMC, started on May 2017, supervised by Liliana Cucu and Cristian Maxim (IRT SystemX)

PhD in progress: Slim Ben-Amor, Schedulability analysis of probabilistic real-time tasks under end to end constraints, UPMC, started on November 2016, supervised by Liliana Cucu.

PhD in progress: Walid Talaboulma, Probabilistic timing analysis in presence of dependences, UPMC, started November 2015, co-supervised by Liliana Cucu and Adriana Gogonel (Statinf)

#### 9.2.3. Juries

- Yves Sorel was a HDR jury member for the thesis of Luca Santinelli (ONERA), defended in May 2019.
- Liliana Cucu-Grosjean was a Phd reviewer for the thesis of Roberto Medina (Telecom Paristech), defended in January 2019.
- Liliana Cucu-grosjean was a PhD jury member of Francesco Pozo (Malardelan, Sweden), defended in October 2019.

## 9.3. Popularization

## 9.3.1. Articles and contents

• Interview with the Statinf co-founders, published on Inria web site (https://www.inria.fr/centre/paris/actualites/statinf-sonde-les-caeurs-des-systemes-embarques)

#### 9.3.2. Education

• Presentation of Adriana Gogonel at a day organized by a Creteil and Versailles Academy for outreaching Computer Science (April 2019, Paris)

### 9.3.3. Interventions

• Participation of Adriana Gogonel at a round table entitled "May we innovate within a research institute?" (March 2019, Rocquencourt).

# **10. Bibliography**

## Major publications by the team in recent years

- [1] L. CUCU-GROSJEAN, A. GOGONEL. *Simulation Device*, March 2016, n<sup>o</sup> FR2016/050504, https://hal. archives-ouvertes.fr/hal-01666599
- [2] L. CUCU-GROSJEAN, L. SANTINELLI, M. HOUSTON, C. LO, T. VARDANEGA, L. KOSMIDIS, J. ABELLA, E. MEZZETTI, E. QUIÑONES, F. J. CAZORLA. *Measurement-Based Probabilistic Timing Analysis for Multipath Programs*, in "the 24th Euromicro Conference on Real-Time Systems, ECRTS", 2012, pp. 91–101
- [3] A. GOGONEL, L. CUCU-GROSJEAN. Dispositif de caractérisation et/ou de modélisation de temps d'exécution pire-cas, June 2017, nº 1000408053, https://hal.archives-ouvertes.fr/hal-01666535
- [4] T. KLODA, A. BERTOUT, Y. SOREL. Latency analysis for data chains of real-time periodic tasks, in "the 23rd IEEE International Conference on Emerging Technologies and Factory Automation, ETFA'18", September 2018
- [5] C. MAXIM, A. GOGONEL, I. M. ASAVOAE, M. ASAVOAE, L. CUCU-GROSJEAN. Reproducibility and representativity: mandatory properties for the compositionality of measurement-based WCET estimation approaches, in "SIGBED Review", 2017, vol. 14, n<sup>o</sup> 3, pp. 24–31

[6] S. E. SAIDI, N. PERNET, Y. SOREL. Scheduling Real-time HiL Co-simulation of Cyber-Physical Systems on Multi-core Architectures, in "the 24th IEEE International Conference on Embedded and Real-Time Computing Systems and Applications", August 2018

## **Publications of the year**

## **Articles in International Peer-Reviewed Journals**

- [7] R. DAVIS, L. CUCU-GROSJEAN. A Survey of Probabilistic Schedulability Analysis Techniques for Real-Time Systems, in "Leibniz Transactions on Embedded Systems", 2019, vol. 6, n<sup>o</sup> 1, 53 p. [DOI: 10.4230/LITESv006-I001-A004], https://hal.inria.fr/hal-02158985
- [8] R. DAVIS, L. CUCU-GROSJEAN. A Survey of Probabilistic Timing Analysis Techniques for Real-Time Systems, in "Leibniz Transactions on Embedded Systems", 2019, vol. 6, n<sup>o</sup> 1, 60 p. [DOI: 10.4230/LITES-v006-I001-A003], https://hal.inria.fr/hal-02158973
- [9] S. E. SAIDI, N. PERNET, Y. SOREL. A method for parallel scheduling of multi-rate co-simulation on multicore platforms, in "Oil & Gas Science and Technology - Revue d'IFP Energies nouvelles", 2019, vol. 74, 49
   p. [DOI: 10.2516/OGST/2019009], https://hal-ifp.archives-ouvertes.fr/hal-02141707

#### **International Conferences with Proceedings**

- [10] S. BEN-AMOR, L. CUCU-GROSJEAN, D. MAXIM. Worst-case response time analysis for partitioned fixed-priority DAG tasks on identical processors, in "ETFA 2019 - 24th IEEE International Conference on Emerging Technologies and Factory Automation", Zaragoza, Spain, IEEE, 2019, pp. 1423-1426 [DOI: 10.1109/ETFA.2019.8869147], https://hal.inria.fr/hal-02407007
- [11] R. MEDINA, L. CUCU-GROSJEAN. Work-in-Progress: System-wide DVFS for real-time systems with probabilistic parameters, in "Real-Time System Symposium", York, United Kingdom, February 2020, https://hal. inria.fr/hal-02421157
- [12] E. NTARYAMIRA, C. MAXIM, L. CUCU-GROSJEAN. Data consistency and temporal validity under the circular buffer communication paradigm, in "RACS '19 - Conference on Research in Adaptive and Convergent Systems", Chongqing, China, ACM Press, 2019, pp. 51-56 [DOI: 10.1145/3338840.3355682], https://hal. inria.fr/hal-02409672

#### **Conferences without Proceedings**

[13] E. NTARYAMIRA, C. MAXIM, L. CUCU-GROSJEAN. *The temporal correlation of data in a multirate system*, in "RTNS'2019 - 27th International Conference on Real-Time Networks and Systems", Toulouse, France, November 2019, https://hal.archives-ouvertes.fr/hal-02362858

#### **Research Reports**

[14] Y. SOREL, F. NDOYE, W. TALABOULMA, M. MEZOUAK, L. CUCU-GROSJEAN. Time Triggered Offline Scheduling of Data Dependent Real-Time Tasks Accounting for the Preemption and Scheduler Cost, Inria Paris, December 2019, n<sup>o</sup> RR-9318, https://hal.inria.fr/hal-02425501

## **References in notes**

[15] R. BAHETI, H. GILL. Cyber-physical systems, IEEE, 2011

- [16] S. BEN-AMOR, D. MAXIM, L. CUCU-GROSJEAN. Schedulability analysis of dependent probabilistic realtime tasks, in "the 24th International Conference on Real-Time Networks and Systems (RTNS)", 2016
- [17] T. BOURKE, J. COLAÇO, B. PAGANO, C. PASTEUR, M. POUZET. A Synchronous-Based Code Generator for Explicit Hybrid Systems Languages, in "Compiler Construction - 24th International Conference, CC, Joint with ETAPS", 2015, pp. 69–88
- [18] S. COLES. An introduction to statistical modeling of extreme values, Springer, 2001
- [19] L. CUCU. Preliminary results for introducing dependent random variables in stochastic feasibility analysis on CAN, in "the WIP session of the 7th IEEE International Workshop on Factory Communication Systems (WFCS)", 2008
- [20] L. CUCU-GROSJEAN, L. SANTINELLI, M. HOUSTON, C. LO, T. VARDANEGA, L. KOSMIDIS, J. ABELLA, E. MEZZETI, E. QUINONES, F. CAZORLA. *Measurement-Based Probabilistic Timing Analysis for Multi-path Programs*, in "the 24th Euromicro Conference on Real-time Systems (ECRTS)", 2012
- [21] J. FONSECA, G. NELISSEN, V. NELIS, L. PINHO. Response time analysis of sporadic DAG tasks under partitioned scheduling, in "11th IEEE Symposium on Industrial Embedded Systems (SIES)", 05 2016, pp. 1-10
- [22] A. GOGONEL, L. CUCU-GROSJEAN. Dispositif de caractérisation et/ou de modélisation de temps d'exécution pire-cas, brevet 1000408053, INPI, 2017, https://hal.archives-ouvertes.fr/hal-01666535
- [23] E. LEE, S. SESHIA. Introduction to embedded systems a cyber-physical systems approach, MIT Press, 2017
- [24] J. LEHOCZKY. *Real-Time Queueing Theory*, in "the 10th IEEE Real-Time Systems Symposium (RTSS)", 1996
- [25] S. B. M. BERTOGNA, G. BUTTAZZO. Multiprocessor Scheduling for Real-Time Systems, Springer, 2015
- [26] D. MAXIM, O. BUFFET, L. SANTINELLI, L. CUCU-GROSJEAN, R. I. DAVIS. Optimal Priority Assignment Algorithms for Probabilistic Real-Time Systems, in "the 19th International Conference on Real-Time and Network Systems (RTNS)", 2011
- [27] D. MAXIM, L. CUCU-GROSJEAN. Response Time Analysis for Fixed-Priority Tasks with Multiple Probabilistic Parameters, in "the IEEE Real-Time Systems Symposium (RTSS)", 2013
- [28] F. NDOYE, Y. SOREL. Monoprocessor Real-Time Scheduling of Data Dependent Tasks with Exact Preemption Cost for Embedded Systems, in "the 16th IEEE International Conference on Computational Science and Engieering (CSE)", 2013
- [29] S. E. SAIDI, N. PERNET, Y. SOREL. Automatic Parallelization of Multi-Rate FMI-based Co-Simulation On Multi-core, in "the Symposium on Theory of Modeling & Simulation: DEVS Integrative M&S Symposium", 2017
- [30] R. WILHELM, J. ENGBLOM, A. ERMEDAHL, N. HOLSTI, S. THESING, D. WHALLEY, G. BERNAT, C. FERDINAND, R. HECKMANN, T. MITRA, F. MUELLER, I. PUAUT, P. PUSCHNER, G. STASCHULAT, P.

STENSTRÖEM. The worst-case execution time problem: overview of methods and survey of tools, in "Trans. on Embedded Computing Systems", 2008, vol. 7, n<sup>o</sup> 3, pp. 1-53