

This research is supported by NSF under grant number #CNS-1302563







#### **MULTI-CORE PLATFORMS**

Multi-core become mainstream for embedded applications.



The major manufacturing companies produce multi-core systems for general-purpose computing.



2010

FAA publishes CAST-32A position paper to address multi-core systems. Robust Partitioning + SafetyNet.



#### INTRODUCTION

## 2016

No certification standard, no consolidated technology.

#### **FAA POSITION**

#### **NO STANDARD**

## 2017

2



#### **MULTI-CORE PLATFORMS**

Multi-core become mainstream for embedded applications.



The major manufacturing companies produce multi-core systems for general-purpose computing.



2010

FAA publishes CAST-32A position paper to address multi-core systems. Robust Partitioning + SafetyNet.



#### INTRODUCTION

## 2016

#### **FAA POSITION**



#### ~ 1.7 million lines of code in a F-22 Fighter Jet



~ 20 million lines of code in S Class Mercedes-Benz

2017



#### **MULTI-CORE CHALLENGES**

#### **PORTING / INTEGRATION**

How can existing code-bases be reused when adopting multi-cores?



#### PREDICTABILITY

How to achieve a level of predictability that is equivalent to single-cores without excessive pessimism?

How to certify multi-core platforms? And how much will that cost?

#### INTRODUCTION

#### UNDERSTANDING

Multi-cores are significantly more complex machines. Can sufficient understanding be achieved for a safe use?

#### CERTIFICATION

#### THE TIMING ISSUE



## PREDICTABILITY

computation is performed in parallel, but

shared and memory

INTRODUCTION

#### From **multiple** single-core systems



#### To a **single** multi-core system







#### THE TIMING ISSUE

#### LOCKHEED MARTIN by

#### Setup

- **Observe** execution • time of **single** task
- Run independent  $\bullet$ tasks on other cores (co-runners)
- Observed task is • memory intensive
- Co-runners are memory intensive



#### INTRODUCTION







SCE & CAST-32A

How SCE fits in the context of state-of-the-art multicore avionics certification guidance



#### INTRODUCTION

[CAST-32A] CAST Position Paper on Multi-core Processors, Certification Authorities Software Team (CAST), November 2016 (Rev 0). Available at: https://www.faa.gov/aircraft/air cert/design approvals/air software/cast/cast papers/media/cast-32A.pdf



#### MCP Platforms with Robust Partitioning

MCP\_Planning\_2: *how shared resources are used so as to avoid or mitigate the* 

MCP\_Resource\_Usage\_3: *identification* of interference channels (shared memory, cache, interconnect, I/O) and means of mitigation

MCP\_Resource\_Usage\_4: *identification* of resources, their allocation, and verification that usage does not exceed limits

MCP\_Software\_1: with robust partitioning it is possible to "verify applications on the MCP" and determine their WCETs separately"





Instance of software reference architecture for commercial cache-based multi-core systems.



MANAGEMENT



*m* Application Cores

Shared last-level cache

Shared memory controller

Shared DRAM memory



Instance of software reference architecture for commercial cache-based multi-core systems.



MANAGEMENT



*m* Application Cores

[RTAS'13] (best paper award) Colored Lockdown

Shared memory controller

Shared DRAM memory



Instance of software reference architecture for commercial cache-based multi-core systems.



MANAGEMENT



*m* Application Cores

[RTAS'13] (best paper award) Colored Lockdown

Shared memory controller

[RTAS'14]





Instance of software reference architecture for commercial cache-based multi-core systems.



MANAGEMENT



*m* Application Cores

[RTAS'13] (best paper award) Colored Lockdown

#### [Yun-RTAS'13] MemGuard

[RTAS'14]

#### PALLOC



Instance of software reference architecture for commercial cache-based multi-core systems.



MANAGEMENT

framework of OS-level Software Solutions

> [RTAS'13] (best paper award)

Colored Lockdown

#### [Yun-RTAS'13] MemGuard

[RTAS'14]

PALLOC

SCE single-core equivalence

[IEEE Comp'16] [ECRTS'15]

9





Colored Lockdown

MemGuard

PALLOC

# single-core equivalence

MANAGEMENT



## SCE Implementation using COTS hardware \*





(best paper award)







#### MANAGEMENT

[RTAS'13] Renato Mancuso, Roman Dudko, Emiliano Betti, Marco Casati, Marco Caccamo, Rodolfo Pellizzoni, Real-Time Cache Management Framework for Multi-Core Architectures. In Proceedings of the 19th IEEE International Conference on Real-Time and Embedded Technology and Applications Symposium (RTAS 2013), Philadelphia, PA, USA, 2013



Addresses all the sources of interference

Converts the LLC cache in a deterministic object at the granularity of a single memory page

Allows the use of legacy code

Provides flexibility in cache assignment

100% hits on **allocated** pages

misses on **non-allocated** pages



#### COLORED LOCKDOWN [RTAS'13]



LOCKDOWN









#### **CACHE-BASED**



- Used to move page mapping across sets (up/down)
- Leverages on the **virtual** → **physical** translation layer
- Transparent to the application

- Used to allocate pages on selected ways (left/right)
- Relies on architecture-specific lockdown features
- Once allocated, pages trigger cache hits until deallocation





#### PROFILING FOR CACHES [RTAS'13]

#### **PROFILE-DRIVEN CACHE ALLOCATION**



**Extract memory traces and** produce memory usage profile.



#### MANAGEMENT

Absolute virtual memory addresses may change



#### PROGRESSIVE LOCKDOWN [ECRTS'15]



## WCET(1) := task worst-case excution time with 1 active core

#### MANAGEMENT

14



#### DRAM PRIVATE BANK ENFORCEMENT

- Each DIMM contains multiple (8~16) banks
- Different banks can be accessed in parallel



[RTAS'14] Heechul Yun, Renato Mancuso, Zheng-Pei Wu, Rodolfo Pellizzoni. PALLOC: DRAM Bank-Aware Memory Allocator for Performance Isolation on Multicore Platforms. *IEEE Intl. Conference on Real-Time and Embedded Technology and Applications Symposium* (RTAS 2014), Berlin, Germany, 2014

15

### AVERAGE

Tasks in each core access all the available DRAM banks.



#### DRAM PRIVATE BANK ENFORCEMENT

- Each DIMM contains multiple (8~16) banks
- Different banks can be accessed in parallel



[RTAS'14] Heechul Yun, Renato Mancuso, Zheng-Pei Wu, Rodolfo Pellizzoni. PALLOC: DRAM Bank-Aware Memory Allocator for Performance Isolation on Multicore Platforms. *IEEE Intl. Conference on Real-Time and Embedded Technology and Applications Symposium* (RTAS 2014), Berlin, Germany, 2014

15

### AVERAGE

Tasks in each core access all the available DRAM banks.

### **WORST-CASE**

Tasks in all the cores access a single DRAM bank.



#### DRAM PRIVATE BANK ENFORCEMENT [2]

- Each DIMM contains multiple (8~16) banks
- Different banks can be accessed in parallel



#### MANAGEMENT

### 16

#### Memory Controller







DRAM PRIVATE BANK ENFORCEMENT [2]

- Each DIMM contains multiple (8~16) banks
- Different banks can be accessed in parallel



#### MANAGEMENT



### Memory Control

#### First-Ready First-Come First-Served FR-FCFS





Bank 4

#### reordering...





#### PALLOC [RTAS'14]



#### PROBLEM

In general, the OS / Hypervisor ignores page-to-bank mapping.



#### PALLOC

Modified allocator to export mapping between physical memory and DRAM banks.

#### MANAGEMENT

17





#### PALLOC [RTAS'14]



#### PROBLEM

In general, the OS / Hypervisor ignores page-to-bank mapping.



#### PALLOC

Modified allocator to export mapping between physical memory and DRAM banks.



Prevents request re-ordering at bank queue \* requests from same core may still be re-ordered

Prevents inter-core induced row misses

#### MANAGEMENT







#### **ARBITER CONGESTION**





## bandwidth















#### SCE WCET(m) *[ECRTS'15]*



[ECRTS'15] Renato Mancuso, Rodolfo Pellizzoni, Marco Caccamo, Lui Sha, Heechul Yun, WCET(m) Estimation in Multi-Core Systems using Single Core Equivalence. In Proceedings of the 27th Euromicro Conference on Real-Time Systems (ECRTS 2015), Lund, Sweden, 2015









[IEEE Comp'16]

Colored Lockdown Iast level cache management

PALLOC private per-core DRAM banks

MemGuard DRAM BW management



Ρ

>:<

≯





## single-core equivalence

[IEEE Comp'16]







## single-core equivalence

[IEEE Comp'16]



SCE & CAST-32A

How SCE fits in the context of state-of-the-art multicore avionics certification guidance



#### MANAGEMENT

[CAST-32A] CAST Position Paper on Multi-core Processors, Certification Authorities Software Team (CAST), November 2016 (Rev 0). Available at: https://www.faa.gov/aircraft/air cert/design approvals/air software/cast/cast papers/media/cast-32A.pdf



#### MCP Platforms with **Robust Partitioning**

MCP\_Planning\_2: *how shared resources are used so as to avoid or mitigate the* 

MCP\_Resource\_Usage\_3: *identification* of interference channels (shared memory, cache, interconnect, I/O) and means of mitigation

MCP\_Resource\_Usage\_4: *identification* of resources, their allocation, and verification that usage does not exceed limits

MCP\_Software\_1: with robust partitioning it is possible to "verify applications on the MCP" and determine their WCETs separately"







#### MANAGEMENT

[CAST-32A] CAST Position Paper on Multi-core Processors, Certification Authorities Software Team (CAST), November 2016 (Rev 0). Available at: https://www.faa.gov/aircraft/air cert/design approvals/air software/cast/cast papers/media/cast-32A.pdf



#### MCP Platforms with **Robust Partitioning**

MCP\_Planning\_2: *how shared resources are used so as to avoid or mitigate the* 

MCP\_Resource\_Usage\_3: *identification* of interference channels (shared memory, cache, interconnect, I/O) and means of mitigation

MCP\_Resource\_Usage\_4: *identification* of resources, their allocation, and verification that usage does not exceed limits

MCP\_Software\_1: with robust partitioning it is possible to "verify applications on the MCP" and determine their WCETs separately"





#### **OPEN CHALLENGES**

### Communication

### Verification





#### MANAGEMENT



#### Optimization



### Cross-OS SCE













#### Minimal Multicore Avionics Certification Guidance







### Minimal Multicore Avionics Certification Guidance



We want your contribute. Get on board !





### Minimal Multicore Avionics Certification Guidance



We want your contribute. Get on board !





#### **THANKS FOR LISTENING**

**Renato Mancuso** rmancus2@illinois.edu

