Use of Modern Processors in Safety-Critical Applications

Bate, Iain; Conmy, Philippa; Kelly, Tim; McDermid, John

doi:10.1093/comjnl/44.6.531

Cited by 17 publications

(11 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…That said, there are recognized safety margins for existing systems however these tend to be for simple processors (i.e. without caches and simple pipelines) and it would be difficult to justify revised safety margins if more modern processors are deployed [6,7].…”

Section: Statistical Timing Analysismentioning

confidence: 99%

Study of the reliability of statistical timing analysis for real-time systems

Maxim¹,

Soboczenski

Bate

et al. 2015

Proceedings of the 23rd International Conference on Real Time and Networks Systems

View full text Add to dashboard Cite

Probabilistic and statistical temporal analyses have been developedas a means of determining the worst-case execution and responsetimes of real-time software for decades. A number of such methodshave been proposed in the literature, of which the majority claim tobe able to provide worst-case timing scenarios with respect to agiven likelihood of a certain value being exceeded. Further, suchclaims are based on either some estimates associated with a probability,or probability distributions with a certain level of confidence.However, the validity of the claims are very much dependent on anumber of factors, such as the achieved samples and the adopteddistributions for analysis.In this paper, we investigate whether the claims made are in facttrue as well as the establishing an understanding of the factors thataffect the validity of these claims. The results are of importancefor two reasons: to allow researchers to examine whether there areimportant issues that mean their techniques need to be refined; andso that practitioners, including industrialists who are currently usingcommercial timing analysis tools based on these types of techniques,understand how the techniques should be used to ensure theresults are fit for their purposes. Study of the Reliability of Statistical Timing Analysis forReal-Time Systems ABSTRACTProbabilistic and statistical temporal analyses have been developed as a means of determining the worst-case execution and response times of real-time software for decades. A number of such methods have been proposed in the literature, of which the majority claim to be able to provide worst-case timing scenarios with respect to a given likelihood of a certain value being exceeded. Further, such claims are based on either some estimates associated with a probability, or probability distributions with a certain level of confidence. However, the validity of the claims are very much dependent on a number of factors, such as the achieved samples and the adopted distributions for analysis. This paper is the first one that puts side by side existing state of the art statistical and probabilistic analysis techniques, using the probabilistic analysis as the ground truth in order to asses the applicability and performance of the statistical technique. The evaluation clearly shows that for the experiments performed the approach can identify clear differences between a range of techniques and that these differences can be considered valid based on the trends expected from the academic theory.

show abstract

Section: Statistical Timing Analysismentioning

confidence: 99%

Study of the reliability of statistical timing analysis for real-time systems

Maxim¹,

Soboczenski

Bate

et al. 2015

Proceedings of the 23rd International Conference on Real Time and Networks Systems

View full text Add to dashboard Cite

show abstract

“…Fortunately some semiconductor companies provide extended lifetimes for some of their processor architectures, enabling them to be deployed on defence programmes in conjunction with planned obsolescence lifecycles which include periodic technology refreshes. However, even this is regarded as less than ideal, as the preference of military and safety-critical projects would be to standardize on a specific processor variant for the duration of the project, due to the cost of hardware qualification under DO-254 (RTCA 2000), including processor verification (Bate et al 2001), and software safety-certification under DO-178B (RTCA 1992).…”

Section: Federated Avionics Architecturementioning

confidence: 99%

Safety, Security and Multicore

Parkinson¹

2010

Advances in Systems Safety

View full text Add to dashboard Cite

Historically many safety-related and security-critical systems have been developed and qualified using single-core processors. These platforms could easily meet their increases in system performance requirements through higher processor clock speeds. However, the industry is now approaching the limit of relatively simple upgrade path, and there is an increasing trend towards the adoption of multicore processor architectures in critical systems to address higher performance demands. In this paper, we will review the challenges involved in migration to multicore processor architectures and the specific challenges related to their use in safety-critical and security-sensitive systems.

show abstract

“…Simplicity is often cited as a prerequisite for safe realtime systems [e.g., 4,8,28,32]. It has also been noted that complex architectural features are allowable as long as they are disabled based on analyzability requirements [4,9].…”

Section: Related Workmentioning

confidence: 99%

“…Currently, there is no way to precisely specify microarchitectures with a full complement of high-performance techniques (complex dynamic branch predictors, caches, deep speculation, dynamic scheduling, and multiple instruction issue), let alone safely and accurately predict WCET of tasks with variable control flow and data flow on these highly dynamic substrates. In fact, so far the simple pipeline described above is a complexity limit and simplicity may be fundamental to the design of safe real-time systems [4,8,28,32], because of the need for analyzability.…”

Section: Introductionmentioning

confidence: 99%

“…Disabling complex hardware features has been proposed before, e.g., disabling the cache or pinning critical cache lines [4,9]. Our approach differs fundamentally in that the real-time task is attempted on the complex pipeline even though it is unsafe to do so, and the run-time system dynamically and continuously verifies that the complex pipeline's execution time is bounded by WCET of the hypothetical simple pipeline.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Virtual simple architecture (VISA)

Anantaraman

Seth

Patil

et al. 2003

Proceedings of the 30th Annual International Symposium on Computer Architecture - ISCA '03

View full text Add to dashboard Cite

Meeting deadlines is a key requirement in safe realtime systems. Worst-case execution times (WCET) of tasks are needed for safe planning. Contemporary worst-case timing analysis tools can safely and tightly bound execution time on in-order single-issue pipelines with caches and static branch prediction. However, this simple pipeline appears to be a complexity limit, due to the need for analyzability. This excludes a whole class of high-performance processors from many embedded systems.We reconcile the complexity/safety trade-off by decoupling worst-case timing analysis from the processor implementation, through a virtual simple architecture (VISA). A VISA is the timing specification of a hypothetical simple pipeline and is the basis for worst-case timing analysis. However, the underlying microarchitecture can be arbitrarily complex. A task is divided into multiple sub-tasks which provide a means to gauge progress on the complex pipeline. Each sub-task is assigned an interim deadline, or checkpoint, based on the latest allowable completion time of the sub-task on the hypothetical simple pipeline. If no checkpoints are missed, then the complex pipeline is as timely as the safe pipeline. If a checkpoint is missed, the pipeline switches to a simple mode of operation that directly implements the VISA so that execution time of unfinished sub-tasks is safely bounded. The significance of our approach is that we circumvent worst-case timing analysis of the complex pipeline, by dynamically confirming its behavior is bounded by worst-case timing analysis of a simpler proxy pipeline.The benefit of using a high-performance processor is that tasks finish much sooner than they would have on an explicitly-safe processor. The new slack in the schedule can be exploited for higher throughput or lower power. With the VISA approach, an arbitrarily complex SMT processor can safely run non-real-time tasks at the same time as a real-time task. Alternatively, frequency/voltage can be safely lowered to take up slack. We explore the latter application and show a VISA-compliant complex pipeline consumes 43-61% less power than an explicitly-safe pipeline.

show abstract

Use of Modern Processors in Safety-Critical Applications

Cited by 17 publications

References 7 publications

Study of the reliability of statistical timing analysis for real-time systems

Study of the reliability of statistical timing analysis for real-time systems

Safety, Security and Multicore

Virtual simple architecture (VISA)

Contact Info

Product

Resources

About