

# On Composable System Timing, Task Timing, and WCET Analysis

#### Peter Puschner Martin Schoeberl

WCET2008

Prague, Czech Republic

June 2008



### Remember ...

we want to build safety-critical hard real-time systems

- ⇒ timing requirements have to be met!
- ⇒ adequate engineering process
  - straight-forward construction
  - easy argumentation about properties timing!

### simple concepts!!!



# **Hierarchical Design**

Hierarchical design keeps complexity manageable

 subsystems need to be (de)composable: weak/no interactions among subsystems





# **Hierarchical Design**

Hierarchical design keeps complexity manageable

 subsystems need to be (de)composable: weak/no interactions among subsystems





### We need ...



- simple, regular shape
   → dimensions are easy to assess, describe
- composability: it has the same dimensions under all circumstances (stand alone, when integrated, ...)
- failures are easy to detect

# **Simple Task**

- Precondition: inputs available
- Postcondition: outputs ready
- Stateless
- No blocking inside
- No synchronization inside
- No communication inside





# Variations of Task Timing

- Variable, data-dependent instruction XTs
   ⇒ static analysis: pessimism due to worst-case assumption
   ⇒ measurements: reduced coverage
- Different execution paths
   ⇒ handling of multitude of paths
   ⇒ static analysis: pessimism due to simplifications
   ⇒ measurements: limited coverage



### State-dependent Task Timing

- Intra-task effects (due to different paths taken)
  - ⇒ variable start state
  - $\Rightarrow$  stabilization: y/n  $\leftrightarrow$  conditional antagonistic effects?
  - ⇒ analysis: what is the worst-case start state?
- Task-external effects, no preemption
   ⇒ variable start state (see above), plus
   ⇒ handling/analysis of interferences (non-local!)
- Task-external effects, with preemption
   ⇒ "arbitrary" modification of state
   ⇒ dealing with general interferences (non-local!)



### **Dynamic State-sensitive Resource Allocation and Scheduling**

- ⇒ Instruction XT depends on very large execution history
- Static analysis: highly complex models needed; Simplifications cause pessimism
- ⇒ Anomalies: obstacle to compositional timing analysis



### Interactions in Chip-Multiprocessors

- Simultaneous multithreading
   strong coupling, e.g., due to use of same pipeline
   pessimism in static analysis
- Keeping caches coherent and consistent

   protocols: exchange of cache information causes
   variability of access time
- Shared caches and memory
   ⇒ easy to use, but highly complex to analyze (non-local effects!)



### **Avoiding Unwanted Interactions**

Protect time-relevant task state to make it predictable ⇔ spatial separation of tasks ⇔ pre-planning instead of using dynamic run-time decisions Mechanisms:

⇒ Use of single-path code (+ WCET-oriented programming)
⇒ Execution of a single thread/task per CMP core
⇒ Use of simple, in-order pipelines

Statically scheduled access to shared memory



### Summary

Timing analysis for current mechanisms is complex
Task timing is not an isolated property
⇒ no hierarchical design and analysis process
Solution

- Solution
- Task level: constant instruction XTs, in-order pipes, and single-path programming lead to invariable task XTs and make WCET analysis much easier
- Application: allocating one tasks per core eliminates intertask effects; offline planning of shared-memory access removes interferences



### What we get ...



#### Simple, regular shape

task timing is constant, i.e., stable and predictable

#### Composability

spatial and temporal task isolation eliminates interference

⇒ We're on the way back to a simple hierarchical timing analysis



### ... thank you!

### http://ti.tuwien.ac.at/rts