Section: New Results

Real-Time Systems Compilation

Participants : Dumitru Potop Butucaru, Hugo Pompougnac, Jad Khatib.

This work took place in the framework of the PIA ES3CAP project (see section 9.2.5) and in close collaboration with Inria PARKAS, Airbus, Safran Aircraft Engines, Kalray, and the IRT Saint-Exupéry. It funded the last year of Keryan Didier PhD thesis (before the Paris Kairos subteam was created).

The key difficulty of real-time scheduling is that timing analysis and resource allocation depend on each other. An exhaustive search for the optimal solution not being possible for complexity reasons, heuristic approaches are used to break this dependency cycle. Two such approaches are typical in real-time systems design. The first one uses unsafe timing characterizations for the tasks (e.g. measurements) to build the system, and then checks the respect of real-time requirements through a global timing analysis. The second approach uses a formal model of the hardware platform enabling timing characterizations that are safe for all possible resource allocations (worst-case bounds). So far, the practicality of the second approach had never been established. Automated real-time parallelization flows still relied on simplified hypotheses ignoring much of the timing behavior of concurrent tasks, communication and synchronization code. And even with such unsafe hypotheses, few studies and tools considered the (harmonic) multi-periodic task graphs of real-world control applications, and the problem of statically managing all their computational, memory, synchronization and communication resources.

Our work has provided the first demonstration of the feasibility of the second approach, showing good practical results for classes of real-world applications and multiprocessor execution platforms whose timing predictability allows keeping pessimism under control. This requires something that is missing in previous work:the tight orchestration of all implementation phases: WCET analysis, resource allocation, generation of glue code ensuring the sequencing of tasks on cores and the synchronization and memory coherency between the cores, compilation and linking of the resulting C code. This orchestration is conducted on a very detailed timing model that considers both the tasks and the generated glue code, and which includes resource access interferences due to multi-core execution. Orchestration is not a mere combination of existing tools and algorithms. Enabling predictable execution and keeping pessimism under control requires the formal and algorithmic integration of all design phases, which in turn required the definition of an application normalization phase that facilitates timing analysis, of an original code generation algorithm designed to provide mapping-independent worst-case execution time bounds, and of new real-time scheduling algorithms capable of orchestrating memory allocation and scheduling.

Extensive results on the application of this method to real-file avionics case studies (>5000 unique nodes) mapped on the Kalray MPPA256 Bostan many-core have been presented in [15], [21] and in the PhD thesis of Keryan Didier, defended in September.

The Kalray MPPA platform provides excellent support for safety-critical real-time implementation, by allowing the computation of static WCET bounds. This is no longer true on more classical multi-cores such as those with ARM and POWER micro-architecture. We are currently aiming at extending our method to allow mapping on such multi-cores. Full schedulability guarantees cannot be provided on such platforms. Instead, our aim is to allow the synthesis of implementations that are functionally correct, efficient, and where impredictability is reduced to a minimum by eliminating controllable sources of timing variability. This line of work has been pursued in the context of the collaboration contracts with Airbus and IRT Saint-Exupéry. First results are promising.

Further extensions of our method are under way, most notably to cover timing predictable architectures different from the Kalray MPPA 256.