Transcription

1

2

3

4

5

6 Application Subsystem Component Logical View Physical View Computational Node Comm. Network Physical View

7 A B

8

9

10

11

12

13 1 A 2 B 3 C 4 D 5 E 6 1 real-time (a) 6 period 1 A C 4 D 5 4 E 5 (b) B Stable State 1 Start of Cycle A Observation of Sensor Input 2 Start of Transmission of Sensor Data B Transmission of Input Data 3 Start of Processing of Control Algorithm C Processing of Control Algorithm 4 Termination of Processing D Transmission of Output Data 5 Start of Output to Actuators E Output Operation at the Actuator 6 Termination of Output Operation Computational or Comm. Activity

14

15

16 Past Future π state is only defined during intervall Δ Δ π Time

17 A B C D E period 1 4 A C B E D 4 real-time 5

18

19

20 Multi-Cluster Systems Distributed System Multi-Core Processor Hypervisor

21

22 Picture: TTA Group

23

24

25

26

27

28

29 Goossens, K.; Dielissen, J.; Radulescu, A.: Aethereal network on chip: concepts, architectures, and implementations. In Design & Test of Computers, IEEE 22 (5), pp

30 Trusted Subsystem Trusted Resource Manager (TRM) Component Network Interface Application-Specific Subsystem Component Network Interface Time-Triggered Network-on-Chip Component Network Interface Network Interface Network Interface Network Interface Network Interface Component Component Component Component

31 TT-NoC and Network Interface Trusted Resource Manager Fault Containment in the Time Domain Global time allows coordination of sending activities No dynamic arbitration or temporal dependencies between components Transmission times are under control of the communication interface. Fault Containment in the Value Domain Assignment of dedicated slots to each component as basis for protecting data integrity of messages Network interface ensures that components write only during assigned slots Addressing under control of communication interface The TRM rejects new schedules if collisions would occur (e.g., mutual overwriting of messages). Assertions can be specified (e.g., to guarantee temporal properties of safety-relevant messages).

32

33

34

35

36 SME Univ. Industry Research O. Thales SA France ONERA France Alstom Wind S.L. Spain Ikerlan Spain STMicroelectronics France SINTEF Norway TÜV Rheinland Germany Fortiss Germany TTTech Austria Universität Siegen Germany RealTime-At-Work France TU Kaiserslautern Germany Virtual Open Systems France UPV Spain FENTISS Spain TEI Greece

37 MPSOC Network-on-a-Chip Network-on-a-Chip Network-on-a-Chip

38

39

40 HEALTHCARE AVIONICS WIND POWER Avionic Flight Control Service (Safety Critical, Class A) Entertainment / Multimedia (Not Safety-Relevant) PID Pilot Controls Controller Services of APEX Diagnosis Service Secure and Fault-Tolerant. Services of IEC I/O Service Domain-Independent Core Services for Mixed-Criticality Systems Global Time. Communication Base. Robustness Services Timely and Secure for TSP Sensors Timely and Secure Execution for TSP Storage Integrated Resource Management for TSP Different implementation choices at chip-level and cluster level

41 System Component Optional Service System Component Optional Service Application Component Application Component DREAMS SYSTEM OF NETWORKED MULTI-CORE CHIPS Off-Chip Network System Node Off-Chip GW Off-Chip Network Node Node Node Node System Node: Global Res. Manager (GRM) Application Tile Application Tile Application Tile OS DRAL DREAMS Virtualization Layer Network Interface Processor Cores OS DRAL Optional Service (MW) OS DRAL Optional Service (MW) OS DRAL Local Resource Mngmt. Tile: System Core Memory GW On-Chip Interconnect Tile: System Core I/O Tile: System Core Off-Chip/On-Chip GW Application Services Optional Platform Services Core Services Fault-tolerant global time Timely & secure exec. for TSP Timely & secure communication for TSP Integrated resource management for TSP

42 Criticality Domain Application Subsystem Component Messagebased Interface Message Logical View Physical View Physical View Cluster Node Off-Chip Network Tile Partition NoC

43

44 EN Furnaces EN / 8 / 9 Railways ISO Earth Moving Equipment ISO Automotive IEC Medical IEC Nuclear IEC Process Ind IEC Functional Safety Standard ISO Machinery IEC Machinery ISO Lifts EN ATEX IEC Electrical Drivers

45 DREAMS System of Networked Multi-Core Chips DREAMS Chip DREAMS Chip DREAMS Chip DREAMS Chip Off-Chip Networks GRM Configuration of Resources by GRM Linking Interface (Interaction between Components) DREAMS Chip Processor Core or Processor Cluster MON LRM LRS NI Processor Cfg. (Task Scheduling) Network Cfg. (Msg. Scheduling) Processor Core or Processor Cluster MON LRM LRS NI Processor Cfg. (Task Scheduling) Network Cfg. (Msg. Scheduling) NoC Global Resource Management Cfg. MON NI LRM LRS Memory (e.g., DRAM) Network Cfg. (Msg. Scheduling) Configuration for Memory Scheduling MON NI LRM LRS I/O (e.g., DRAM) Network Cfg. (Msg. Scheduling) Configuration for I/O Scheduling NI Gateway Core Network Cfg.

46 6/17/2016

47 Cross-Domain Embedded System Architecture Security Safety-Critical Multi-Core Architec. and Certification Development Methods Resource Management & Dynamic Reconfiguration Mixed-Criticality at Chip-Level Product Lines Real-Time Modeling and Timing Analysis Other Mixed-Criticality Projects Call 10 PROXIMA CONTREX Networks of Excellence HYCON HIPEAC EMSIG Embedded Components Processor cores for different criticalities (e.g., PPC, ARM) Hypervisors and OS for different criticalities (e.g., XtratuM, pikeos, KVM) On-chip and off-chip networks for different criticalities (e.g., Spidergon, TTNoC, TTE) Simulation and timing analysis tools (e.g., OPNET, RTaW-Sim) Integrate existing components for different criticalities Research and development closing technolo-gical gaps (e.g., end-to-end communication with time and space partitioning, modular safety-case for mixed-critiality product lines) Integration and consolidation of existing components (e.g., hypervisors, off-chip/on-chip networks, models) Demonstration in multiple domains Horizontal activities Interface to Related Projects Technological result: DREAMS Architecture Results of Horizontal Actions Cross-domain architectural style for mixed-criticality systems Platform of networked multicore chips Modelling and develop-ment methods for mixed-critiality systems and product lines Certification methods Industrial Demonstrators in three domains Mixed-criticality community Standards Roadmaps Awareness and expertise through training GENESYS ACROSS OVERSEE TERESA ARAMIS RECOMP CESAR CRYSTAL Actors FRESCOR DiVA CERTAIN- TY MULTI- PARTES MoSiS VARIES PEGASE TIMMO- 2-USE RECOMP TRESCCA SAFECER VERDE SCARLETT VIRTICAL

48 SAFEPOWER Background: App.N App.4 App.3 App.2 App.1 App.1 App.2 App.1 App.2 App.N Federated Architecture Multiple interconnected single-core Processors Integrated Architecture Partitioned single-core Processor Integrated Architecture Multicore Processor Real-time, partioning, reliability, security, etc. +Low Power

49 Application Railway Mixed-Criticality and Low-Power Use Case Aerospace Mixed-Criticality and Low-Power Use Case Cross-Domain SAFEPOWER Public Demonstrator WP4 WP2 SAFEPOWER Architectural Services SAFEPOWER Architecture 1. Power-aware adapti ve execution service for CERTS 2. Power-aware adapti ve communication service for CERTS 3. Power, energy and temperature extensions of health monit ors 4. Power, energy and temperature adaptat ion services for CERTS Architectural Properties 1. Key Properties for CRTES such real-time, time/space partitioning, reliability and security + 2. Low power, energy and temperature WP2 SW Hypervisor with low-power techniques for safety-critical systems (e.g., XtratuM extension) Low-power scheduling services Platform 3 (Virtual or Physical) Platform 2 (Virtual or Physical) Platform 1 (Virtual or Physical) Low-power fault-tolerance services Health and resource monit oring Security Services WP3 Safety/ Security Standards e.g., Power-aware board with power, energy and temperature measurement and management HW Power/energy scaling (DVFS, multivoltage, etc.) Low-power on-chip network for safety-critical systems (e.g., extended TTNoC, extended Nostrum) Core peripheral gating Low-power monitoring and diagnostic HW Processor cores (e.g., ARM, LEO N) Input/ output

50 Increased payload fraction with low-power mixed criticality systems Autonomous object controllers on the railway signalling network. Public Demonstrator

51