Software-enforced Interconnect Arbitration for COTS Multicores

Software-enforced Interconnect Arbitration for COTS Multicores Marco Ziccardi, Alessandro Cornaglia, Enrico Mezzetti, and Tullio Vardanega University of Padova, Italy {mziccard,acornagl,emezzett,tullio.vardanega}@math.unipd.it Abstract The advent of multicore processors complicates timing analysis owing to the need to account for the interference between cores accessing shared resources, which is not always easy to characterize in a safe and tight way. Solutions have been proposed that take two distinct but complementary directions: on the one hand, complex analysis techniques have been developed to provide safe and tight bounds to contention; on the other hand, sophisticated arbitration policies (hardware or software) have been proposed to limit or control inter-core interference. In this paper we propose a software-based TDMA-like arbitration of accesses to a shared interconnect (e.g. a bus) that prevents inter-core interference. A more flexible arbitration scheme is also proposed to reserve more bandwidth to selected cores while still avoiding contention. A proof-of-concept implementation on an AURIX TC277TU processor shows that our approach can apply to COTS processors, thus not relying on dedicated hardware arbiters, while introducing little overhead. 1998 ACM Subject Classification D.4.7 Organization and Design – Real-time Systems and Embedded Systems Keywords and phrases multicore, resource arbitration, interference, mixed-criticality Digital Object Identifier 10.4230/OASIcs.WCET.2015.11 1 Introduction An extraordinary growth in the complexity of software systems has occurred in the last decades. This complexity growth also entailed an increase in the computational demand [6] that could only be sustained by the adoption of advanced and powerful multicore and manycore systems, which have become the de-facto reference standard for computing platforms. This unrelenting transition to multicore systems also involves the application domain of real-time embedded applications (avionics, automotive, aerospace, etc.), where predictability and analyzability in the time domain are stringent requirements. The coexistence of multiple applications running in parallel on distinct cores in the same platform, however, complicates the analysis of the worst-case execution time (WCET) behavior of programs running on such systems, due to the inter-core timing interference caused by contention on access to shared hardware resources. The WCET, in turn, is the main input to schedulability analysis, which is a mandatory test for real-time systems to guarantee that tasks will meet deadlines at run time. Notable effort has been devoted in the last few years to analyze the WCET behavior of systems deployed on modern multicore platforms. Two main research paths have been followed to cope with the inter-core interference problem [4]. One class of approaches [17, 5, 8, 14] aims at precisely analyzing the timing interference to provide safe and tight bounds, to be fed into schedulability analysis as an additive factor. However, besides the inherent complexity of deriving trustworthy bounds on complex architectures, the worst-case inter-core interference thereby computed is likely to be too large to be usable. The second © Marco Ziccardi, Alessandro Cornaglia, Enrico Mezzetti, and Tullio Vardanega; licensed under Creative Commons License CC-BY 15th International Workshop on Worst-Case Execution Time Analysis (WCET 2015). Editor: Francisco J. Cazorla; pp. 11–20 OpenAccess Series in Informatics Schloss Dagstuhl – Leibniz-Zentrum für Informatik, Dagstuhl Publishing, Germany 12 Software-enforced Interconnect Arbitration for COTS Multicores class of approaches [16, 18, 21, 9] attacks this problem by carefully limiting/controlling the sources of inter-core interference in the system to make it more analyzable. This can be achieved by partitioning the shared hardware resources in a system either spatially (physical partitioning) or temporally (e.g., through a hypervisor or arbitration schemes). Resource partitioning is particularly interesting when dealing with mixed-criticality systems (MCS) [20] where the computational power guaranteed by multicore platforms allows hosting on the same target applications that are classified at different criticality levels, according to the applicable certification and qualification standard [13]. In the MCS scenario, we need to avoid high criticality tasks to be interfered by lower criticality ones in a possibly uncontrollable way. Time and space partitioning are well-known concepts also in singlecore settings and are advocated, for example, by the ARINC-653[2] standard to provide isolation across applications running on the same core. On a multicore architecture, however, interference not only occurs between tasks running on the same core but can also arise when tasks on different cores access platform resources (e.g. shared memory, cache), often through a shared interconnect. Concurrent accesses of different criticality applications to a shared interconnect may heavily affect the performance of high criticality ones. This performance impact is often complex to quantify as it depends on the number of applications running in parallel as well as on the specific hardware arbitration policy employed. A task spending only 10% of its time fetching shared memory may suffer up to 300% interference on an eight core processor[15]. To mitigate the problem of interference and achieve analyzability, statically arbitrated interconnects are often used. Time division multiple access (TDMA) policy, amongst other, allows ruling out inter-core interference by means of temporal isolation [17]. However, the hardware support provided in Commercial Off The Shelf (COTS) multicores to arbitration policies, regulating accesses to shared interconnects, is typically oriented to achieve better average performance rather than system analyzability. Relying on specific hardware-enforced policies is, therefore, not always possible without recurring to (often unaffordable) custom hardware solutions. In this paper we propose an approach to the arbitration of hardware shared resources that relies solely on system software, without posing particular requirements on the hardware platform. Our solution applies to partitioned multicore systems where intercore communication is regulated by the real-time operating system (RTOS). This is the case, for example, of automotive systems abiding by the OSEK/AUTOSAR[3] standards where a specific inter-core message-passing API is provided. Our approach consists in deploying a flexible software-arbitration layer through a specific API implementation, while, of course, preserving the API semantics. We exploit the inherent flexibility of software approach to enforce both a pure TDMA arbitration policy and a bandwidth-reservation flavour of TDMA, which is better equipped to meet mixed-criticality application requirements. We show that our technique manages to c (...truncated)