View
0
Download
0
Category
Preview:
Citation preview
CONTREX/ECSI/R/D6.4.3 Public
CONTREX Forum Report (Final)
Page 1
Public
FP7-ICT-2013- 10 (611146) CONTREX
Design of embedded mixed-criticality CONTRol
systems under consideration of EXtra-functional
properties
Project Duration 2013-10-01 – 2016-09-30 Type IP
WP no. Deliverable no. Lead participant
WP6 D6.4.3 ECSI
CONTREX Forum Report (Final)
Prepared by Adam Morawiec (ECSI)
Ralph Görgen, Kim Grüttner (OFFIS)
Issued by ECSI
Document Number/Rev. CONTREX/ECSI/R/D6.4.3/1.0
Classification CONTREX Public
Submission Date 2016-09-30
Due Date 2016-09-30
Project co-funded by the European Commission within the Seventh Framework Programme (2007-2013)
© Copyright 2016 OFFIS e.V., STMicroelectronics srl., GMV Aerospace and Defence
SA, Vodafone Automotive SpA, Eurotech SPA, Intecs SPA, iXtronics GmbH, EDALab srl,
Docea Power, Politecnico di Milano, Politecnico di Torino, Universidad de Cantabria,
Kungliga Tekniska Hoegskolan, European Electronic Chips & Systems design Initiative, ST-
Polito Societa’ consortile a r.l., Intel Corporation SAS.
This document may be copied freely for use in the public domain. Sections of it may
be copied provided that acknowledgement is given of this original work. No responsibility is
assumed by CONTREX or its members for any application or design, nor for any
infringements of patents or rights of others which may result from the use of this document.
CONTREX/ECSI/R/D6.4.3 Public
CONTREX Forum Report (Final)
Page 2
History of Changes
ED. REV. DATE PAGES REASON FOR CHANGES
AM 0.1 2016-09-30 33 Initial version
KG 0.2 2016-09-30 54 Completion with activities coordinated by OFFIS
AM 1.0 2016-09-30 54 Final review and editing, conclusions added
CONTREX/ECSI/R/D6.4.3 Public
CONTREX Forum Report (Final)
Page 3
Contents
1 Introduction ........................................................................................................................ 4
2 Strategy to Implement CONTREX Forum ......................................................................... 5
3 MCC Workshop 2014 in Brussels ...................................................................................... 7
4 MCC Forum Website ......................................................................................................... 9
5 EUROMICRO DSD/SEAA Special Sessions .................................................................. 10
5.1 MCSDIA 2014 ........................................................................................................... 10
5.2 MCSDIA 2015 ........................................................................................................... 12
5.3 MCSDIA 2016 ........................................................................................................... 14
6 FDL 2015 Special Session: High Integrity Multi-Core Modelling for Future Systems
(Hi-MCM) ................................................................................................................................ 18
7 HiPEAC Conference MCS Workshops ............................................................................ 21
7.1 3rd International workshop on the “Integration of mixed-criticality subsystems on
multi-core and manycore processors” (MCS) ...................................................................... 21
7.2 4th International workshop on the “Integration of mixed-criticality subsystems on
multi-core and manycore processors” (MCS) ...................................................................... 26
8 ARTEMIS/ITEA Co-Summit 2015 ................................................................................. 29
8.1 MCC Exhibition Booth .............................................................................................. 30
8.2 MCC Speakers Corner ............................................................................................... 30
9 DAC Workshops .............................................................................................................. 31
9.1 Introduction ............................................................................................................... 31
9.2 DAC Workshop 2014 ................................................................................................ 31
9.3 Workshop Program .................................................................................................... 34
9.4 DAC Workshop 2015: System to Silicon Performance Modeling and Analysis ...... 37
9.5 DAC Workshop 2016: System to Silicon Performance Modeling and Analysis ...... 38
10 DATE Workshops and Exhibition ................................................................................... 44
10.1 IMPAC Workshop ................................................................................................. 44
10.2 OpenES & CONTREX Projects Workshop: System-Level Power and Temperature
Specification, Modelling and Analysis ................................................................................ 46
10.3 MCC DATE Exhibition Booth .............................................................................. 48
11 Conclusion ........................................................................................................................ 54
CONTREX/ECSI/R/D6.4.3 Public
CONTREX Forum Report (Final)
Page 4
1 Introduction
In this document, we present the progressive activities to establish the CONTREX Forum.
In its initial idea, the Forum was planned to largely disseminate project results, but also
initiate discussion on partial results, get feedback from larger number of industry members,
than those involved in the CONTREX consortium.
During the first year of the project, the Mixed-Criticality Cluster (MCC), consisting of the
jointly started projects DREAMS, PROXIMA and CONTREX, enabled different fruitful
collaborations between these projects and their involved partners. Furthermore, we have
supported the MCC more intensively than initially planned. For this reason, the CONTREX
Forum is an umbrella for the following activities:
1) Support of the Mixed-Criticality Cluster and its related events, jointly organised by
DREAMS, PROXIMA and CONTREX
2) The dedicated CONTREX Forum, addressing the combination of mixed-criticality and
extra-functional properties on the System on Chip level.
CONTREX step-wise creates the momentum around the crucial problems addressed
by the project, with particular emphasis on mixed-criticality and extra-functional
properties modelling and analysis. Focused workshops and events were organized by
the CONTREX consortium to mobilise the community around these topics.
The most successful event that CONTREX organized in tight cooperation with the
OpenES project was a workshop on System to Silicon Performance Modeling and
Analysis Workshop organized for four consecutive years at the DAC Conference. It
attracted a very large audience and proved that the extra-functional properties
modelling subject is vital to the industry and is addressed by various research
activities as well.
This report covers both activities that have actively been supported by CONTREX partners.
CONTREX/ECSI/R/D6.4.3 Public
CONTREX Forum Report (Final)
Page 5
2 Strategy to Implement CONTREX Forum
The CONTREX Forum is thought to complement the existing and specially established
dissemination mechanisms:
Direct dissemination activities. Example:
o Open workshops, e.g. DAC Workshop proposed to the largest possible
audience
Mixed-Criticality Cluster (MCC). Examples are:
o MCC workshops between the CONTREX, PROXIMA and DREAMS partners.
o MCC Special Sessions at different conference. Partners of CONTREX,
PROXIMA and DREAMS are organizing these events, participate in the
programme committees and submit papers, thus creating an active scientific
community within established conferences.
o Contribution to the MCC Forum website
Relations and cooperation with existing R&D projects (e.g. OpenES, EMC2, …)
o Presentation of CONTREX to the OpenES and EMC2 project consortia
Mixed-Criticality Cluster
CONTREX
Consortium
Related R&D Projects
Industry,
Standardization, Academia
CONTREX
Forum
CONTREX/ECSI/R/D6.4.3 Public
CONTREX Forum Report (Final)
Page 6
These activities differ and complement each other in terms of target audience:
The MCC target audience encompasses mainly the 3 project consortium members:
DREAMS, PROXIMA and CONTREX (depicted in the above figure with white
arrows).
The next level contains partners in the related project consortia, e.g. CRYSTAL,
EMC2, OpenES.
Finally the CONTREX Forum activities are oriented to address message to largest
possible audience in industry and academia (depicted in clear yellow in the picture)
In order to achieve its objectives, the CONTREX Forum acts through organization of open
workshops and events, to which all interested partners are invited. The CONTREX Forum
will thoughtfully create or select events and places to maximize its objective to reach out to
highest possible audience, especially new companies and research partners (not involved at
other levels of dissemination).
This is why the CONTREX consortium focused on two activities that offer the highest value
from the before mentioned perspective: DAC (the biggest event in electronic system design)
and DVCon Europe (the largest industrial conference and exhibition for design and
verification of electronic systems).
CONTREX/ECSI/R/D6.4.3 Public
CONTREX Forum Report (Final)
Page 7
3 MCC Workshop 2014 in Brussels
The European mixed-criticality cluster consisting of the three EU FP7 projects CONTREX,
DREAMS and PROXIMA organised an internal workshop that took place on July 2nd in
Brussels. The workshop aimed the mutual technical understanding of planned work in the
projects as well as to present first research results in the projects, to identify synergies in
future standardisation activities and to foster the collaboration in between the cluster.
All three projects contributed to the workshop with 12 technical presentations and a total of
about 50 attendees. CONTREX contributed with the following two presentations:
- Modelling of Distributed Embedded Mixed-Critical Systems
- Analysis of extra-functional properties power, temperature, and degradation in MCS
CONTREX/ECSI/R/D6.4.3 Public
CONTREX Forum Report (Final)
Page 8
Workshop Agenda
Time Session Project Speaker Topic
09:00
Welcome and Overview
Roman Obermaisser, Francisco Cazorla, Kim Grüttner
Welcome
09:10 Roman Obermaisser, Francisco Cazorla, Sven Rosinger
Project overviews
09:40
Certification
DREAMS, PROXIMA
Leire Rubio, IKERLAN Towards Modular Certification of Mixed-Criticality Systems
10:00 PROXIMA
Jon Perez/Mikel Azkarate, IKERLAN
e.g. Certification arguments based on probabilistic chip-level platforms
10:20 Scheduling and Timing
Analysis
DREAMS Gerhard Fohler, TUKL Resource management and
scheduling for MCS
10:40 PROXIMA
Mark Pearce (RAPITA), Enrico Mezzetti (University of Padua)
e.g. Probabilistic timing analysis for multi-cores
11:00 Morning Coffee Break
11:30
MCS Platforms
DREAMS Hamidreza Ahmadian, USIEGEN
TSP and Heterogeneous Models of Computation at Chip-Level
11:50 DREAMS Marcello Coppola, ST Memory Interleaving
12:10 PROXIMA
Jaume Abella e.g. Chip-Level Platform for probabilistic WCET guarantees
12:30 Lunch Break
13:30
Model-Driven Development
CONTREX Julio Medina, Universidad de Cantabria
Modelling of Distributed Embedded Mixed-Critical Systems
13:50 DREAMS
Simon Barner, FORTISS Dev. process for MCS and modelling of Networked Multi-Core Chips
14:10 DREAMS Oystein Haugen, SINTEF Variability modelling
14:30 Extra
functional properties
CONTREX Sven Rosinger, OFFIS Analysis of extra-functional
properties power, temperature, and degradation in MCS
14:50 DREAMS Thomas Koller, USIEGEN Security in MCS
15:10 Afternoon Coffee Break
15:40 Community Platform
DREAMS Arjan Geven, TTT
MCS Community Platform
16:30 Panel discussion on Impact and Exploitation
DREAMS, CONTREX, PROXIMA, EU
Moderator: Alfons Crespo, UPV Open exploitation, joint exploitation,
IP issues, …
17:30 Workshop closure
DREAMS Roman Obermaisser
Workshop closure
CONTREX/ECSI/R/D6.4.3 Public
CONTREX Forum Report (Final)
Page 9
4 MCC Forum Website
The CONTREX project participated in the set-up of the Mixed-Criticality Cluster Forum
website. It is available at the following address:
http://www.mixedcriticalityforum.org
CONTREX/ECSI/R/D6.4.3 Public
CONTREX Forum Report (Final)
Page 10
5 EUROMICRO DSD/SEAA Special Sessions
As part of the EUROMICRO DSD/SEAA 2014, 2015 and 2016 conferences, the “Special
Session on Mixed-Criticality System Design, Implementation and Analysis (MCSDIA)” has
been organized Kim Grüttner (OFFIS) and Eugenio Villar (UC) with the help of other
CONTREX and MCC partners.
5.1 MCSDIA 2014
The 17th Euromicro Conference on Digital System Design has taken place in Verona, Italy, in
August 27-29, 2014..
5.1.1 Call for Papers and Scope
Modern embedded appliances already integrate a multitude of functionalities with potentially
different criticality levels into a single system and this trend is expected to grow in the near
future. The integration of multiple functions with different criticality and certification
assurance levels on a shared computing platform constitutes a mixed-criticality system
(MCS). Mixed-criticality systems range from lowest assurance requirements up to the highest
criticality levels (e.g., DAL A in RTCA DO-178B or SIL4 in EN ISO/IEC 61508 and 26262).
In many domains such as automotive, avionics and industrial control, the economic success
depends on the ability to design, implement, qualify and certify advanced real-time embedded
systems within bounded time, effort and costs. Without appropriate preconditions, the
integration of mixed-criticality subsystems can lead to a significant and potentially
unacceptable increase of engineering and certification costs. There are several ongoing
research initiatives studying mixed-criticality integration in single and multicore processors,
as well as on distributed systems. Key challenges are the combination of software
virtualization and hardware segregation and the extension of partitioning mechanisms jointly
addressing significant extra-functional requirements (e.g., time, energy and power budgets,
adaptivity, reliability, safety, security, volume, weight, etc.) along with a proven development
and certification methodology. To support the design and implementation of mixed-criticality
systems, new design techniques and tools for the analysis of extra-functional properties are
required.
Special Session Scope
This special session aims at gathering contributions regarding the design, implementation and
analysis of mixed-criticality systems within a dedicated forum. Papers on any of the following
and related topics will be considered for the special session:
Task and system models for mixed-criticality systems on single and multicore platforms,
mechanisms for temporal and spatial partitioning, physical resource virtualization for
temporal and spatial segregation, resource partitioning to achieve composability in multiple
dimensions (time, power, temperature, …), solutions for shared communication resource
partitioning, resources partitioning techniques at chip and cluster level, dynamic resource
management for services of mixed-criticality, multi-physical component- and model-based
design techniques, (composable) analysis of extra-functional properties (like timing, power,
temperature, safety and security), reliability and energy integrity of services with mixed-
criticality, dependable operation of battery-driven/mobile mixed-criticality systems,
requirements engineering and traceability for mixed-criticality systems, modular safety cases,
CONTREX/ECSI/R/D6.4.3 Public
CONTREX Forum Report (Final)
Page 11
(incremental) verification of extra-functional properties, composable certification techniques,
design-space exploration for multi-physical mixed-criticality systems, and industrial case-
studies.
5.1.2 Program Committee
Session Co-Chairs:
Kim Grüttner, OFFIS – Institute for Information Technology, Germany
Eugenio Villar, University of Cantabria,Spain
Special Session Program Subcommittee:
Sanjoy Baruah, The University of North Carolina, USA
Gedare Bloom, The George Washington University, USA
Francisco J. Cazorla, Supercomputing Center and IIIA-CSIC, Spain
Arvind Easwaran, Nanyang Technological University, Singapore
William Fornaciari, Politecnico di Milano, Italy
Franco Fummi, University of Verona, Italy
Kees Goossens, Eindhoven University of Technology, The Netherlands
Philipp A. Hartmann, OFFIS – Institute for Information Technology, Germany
Knut Hufeld, Infineon Technologies AG, Germany
Silvia Mazzini, INTECS, Italy
Julio Medina, University of Cantabria, Spain
Moritz Neukirchner, TU Braunschweig, Germany
Roman Obermaisser, University of Siegen, Germany
Ingo Sander, KTH, Sweden
Ingo Stierand, Carl von Ossietzky University Oldenburg, Germany
Jean-Loup Terraillon, ESA, The Netherlands
Salvador Trujillo, IK4-IKERLAN Research Centre, Spain
Andreas von Schwerin, Siemens AG, Germany
Roberto Zafalon, STMicroelectronics, Italy
CONTREX/ECSI/R/D6.4.3 Public
CONTREX Forum Report (Final)
Page 12
5.1.3 Program
Mixed Criticality System Design, Implementation and Analysis 1 (MCSDIA1)
Thursday, 28 August 2014, 10:00 – 11:00
“Composable and Predictable Dynamic Loading for Time-Critical Partitioned
Systems” Shubhendu Sinha, Martijn Koedam, Rob Wijk, Andrew Nelson, Ashkan
Nejad, Marc Geilen and Kees Goossens
“End-to-End Real-Time Communication in Mixed-Criticality Systems Based on
Networked Multicore Chips” Roman Obermisser, Zaher Owda, Mohammed Abuteir,
Hamidreza Ahmadian and Donatus Weber.
“Iterative FPGA Implementation Easing Safety Certification for Mixed-Criticality
Embedded Real-Time Systems” Daniel Muench, Michael Paulitsch, Michael Honold,
Wolfgang Schlecker and Andreas Herkersdorf
Mixed Criticality System Design, Implementation and Analysis 2 (MCSDIA2)
Thursday, 28 August 2014, 15:30 – 16:30
“A safety certification strategy for IEC-61508 compliant industrial mixed-criticality
systems based on multicore partitioning” Jon Perez, David Gonzalez, Carlos Fernando
Nicolas, Ton Trapman and Jose Miguel Garate
“Measurement-Based Probabilistic Timing Analysis and Its Impact on Processor
Architecture” Leonidas Kosmidis, Eduardo Quiñones, Jaume Abella, Tullio
Vardanega, Ian Broster and Francisco J Cazorla
5.2 MCSDIA 2015
The 18th Euromicro Conference on Digital System Design has taken place in Funchal,
Madeira, Portugal, in August 26-28, 2015 (see https://paginas.fe.up.pt/~dsd-seaa-
2015/dsd2015/).
5.2.1 Call for Papers and Scope
5.2.1.1 Scope
Modern embedded appliances already integrate a multitude of functionalities with potentially
different criticality levels into a single system and this trend is expected to grow in the near
future. The integration of multiple functions with different criticality and certification
assurance levels on a shared computing platform constitutes a mixed-criticality system
(MCS). Mixed-criticality systems range from lowest assurance requirements up to the highest
criticality levels (e.g., DAL A in RTCA DO-178B or SIL4 in EN ISO/IEC 61508). In many
domains such as automotive, avionics and industrial control, the economic success depends
on the ability to design, implement, qualify and certify advanced real-time embedded systems
within bounded time, effort and costs. Without appropriate preconditions, the integration of
mixed-criticality subsystems can lead to a significant and potentially unacceptable increase of
engineering and certification costs. There are several ongoing research initiatives studying
CONTREX/ECSI/R/D6.4.3 Public
CONTREX Forum Report (Final)
Page 13
mixed-criticality integration in single and multicore processors, as well as on distributed
systems. Key challenges are the combination of software virtualization and hardware
segregation and the extension of partitioning mechanisms jointly addressing significant extra-
functional requirements (e.g., time, energy and power budgets, adaptivity, reliability, safety,
security, volume, weight, etc.) along with a proven development and certification
methodology. To support the design and implementation of mixed-criticality systems, new
design techniques and tools for the analysis of extra-functional properties are required.
5.2.1.2 Topics of interest
Requirements engineering and traceability for mixed-criticality systems, mechanisms for
temporal and spatial partitioning, physical resource virtualization for temporal and spatial
segregation, resource partitioning to achieve composability in multiple dimensions (time,
power, temperature, …), resources partitioning techniques at chip and cluster level, solutions
for communication resource partitioning, (incremental) verification of extra-functional
properties, composable certification techniques, modular safety cases, multi-physical
component- and model-based design techniques, (composable) analysis of extra-functional
properties (like timing, power, temperature, safety and security), reliability and energy
integrity of services with mixed-criticality, dependable operation of battery-driven/mobile
mixed-criticality systems, dynamic resource management for services of mixed-criticality,
design-space exploration for multi-physical mixed-criticality systems, industrial case-studies.
5.2.2 Program Committee
Session Co-Chairs:
Kim Grüttner (OFFIS, DE)
Eugenio Villar (TEISA U Cantabria, ES)
Program Committee:
Kim Grüttner (OFFIS, DE)
Eugenio Villar (U Cantabria, ES)
Sanjoy Baruah (U North Carolina, USA)
Gedare Bloom (George Washington U, USA)
Francisco J. Cazorla (BSC & IIIA-CSIC, ES)
Arvind Easwaran (Nanyang TU, Singapore)
William Fornaciari (Politecnico di Milano, IT)
Franco Fummi (U Verona, IT)
Kees Goossens (TU/e, NL)
Philipp A. Hartmann (OFFIS, DE)
Knut Hufeld (Infineon, DE)
Silvia Mazzini (INTECS, IT)
Julio Medina (U Cantabria, ES)
Moritz Neukirchner (Elektrobit, DE)
Roman Obermaisser (U Siegen, DE)
Ingo Sander (KTH, SE)
CONTREX/ECSI/R/D6.4.3 Public
CONTREX Forum Report (Final)
Page 14
Ingo Stierand, (CvO University Oldenburg, DE)
Jean-Loup Terraillon (ESA, NL)
Salvador Trujillo (IK4-IKERLAN, ES)
Andreas von Schwerin (Siemens, DE)
Roberto Zafalon (STMicroelectronics, IT)
5.2.3 Program
MCSDIA-1 – Mixed Criticality System Design, Implementation and Analysis (1)
August 27th – 10:00-11:00
Chair: Kim Grüttner
10:00 - 10:30: Michael Paulitsch; Oscar Medina Duarte; Hassen Karray; Kevin Mueller;
Daniel Muench and Jan Nowotsch, Mixed-Criticality Embedded Systems – A Balance
Ensuring Partitioning and Performance
10:30 - 11:00: Milos Panic; Jaume Abella; Carles Hernandez; Eduardo Quiñones; Theo
Ungerer and Francisco J Cazorla, Enabling TDMA Arbitration in the Context of MBPTA
MCSDIA-2 – Mixed Criticality System Design, Implementation and Analysis (2)
August 28th – 10:00-11:00
Chair: Eugenio Villar
10:00 - 10:20: Irune Agirre; Mikel Azkarate-askasua; Jon Perez; Carles Hernandez; Jaume
Abella; Tullio Vardanega and Francisco J Cazorla, IEC-61508 SIL 3-compliant Pseudo-
Random Number Generators for Probabilistic Timing Analysis
10:20 - 10:40: Milos Panic; Eduardo Quiñones; Carles Hernandez; Jaume Abella and
Francisco J Cazorla, CAP: Communication-aware Allocation Algorithm for Real-Time
Parallel Applications on Many-cores
10:40 - 11:00: Hamidreza Ahmadian and Roman Obermaisser, Time-Triggered Extension
Layer for On-Chip Network Interfaces in Mixed-Criticality Systems
5.3 MCSDIA 2016
The 19th Euromicro Conference on Digital System Design has taken place in Limassol,
Cyprus, in August 31 – September 2, 2016 (see http://dsd-
seaa2016.cs.ucy.ac.cy/index.php?p=DSD2016).
5.3.1 Call for Papers and Scope
5.3.1.1 Scope
Modern embedded appliances already integrate a multitude of functionalities with potentially
different criticality levels into a single system and this trend is expected to grow in the near
future. The integration of multiple functions with different criticality and certification
CONTREX/ECSI/R/D6.4.3 Public
CONTREX Forum Report (Final)
Page 15
assurance levels on a shared computing platform constitutes a mixed-criticality system
(MCS). Mixed-criticality systems range from lowest assurance requirements up to the highest
criticality levels (e.g., DAL A in RTCA DO-178B or SIL4 in EN ISO/IEC 61508). In many
domains such as automotive, avionics and industrial control, the economic success depends
on the ability to design, implement, qualify and certify advanced real-time embedded systems
within bounded time, effort and costs. Without appropriate preconditions, the integration of
mixed-criticality subsystems can lead to a significant and potentially unacceptable increase of
engineering and certification costs. There are several ongoing research initiatives studying
mixed-criticality integration in single and multicore processors, as well as on distributed
systems. Key challenges are the combination of software virtualization and hardware
segregation and the extension of partitioning mechanisms jointly addressing significant extra-
functional requirements (e.g., time, energy and power budgets, adaptivity, reliability, safety,
security, volume, weight, etc.) along with a proven development and certification
methodology. To support the design and implementation of mixed-criticality systems, new
design techniques and tools for the analysis of extra-functional properties are required.
5.3.1.2 Topics of interest
Requirements engineering and traceability for mixed-criticality systems
Multi-physical component- and model-based design techniques
Reliability and energy integrity of services for mixed-criticality systems, health
monitoring
Dependable operation of battery-driven/mobile mixed-criticality systems
Dynamic resource management for mixed-criticality systems
Mechanisms for temporal and spatial partitioning, including physical resource
virtualization for temporal and spatial segregation and resources partitioning
techniques at chip and cluster level to achieve composability in multiple dimensions
(time, power, temperature)
Solutions for communication resource partitioning and virtualization on chip and off-
chip
Composable analysis of extra-functional properties (like timing, power, temperature,
safety and security) & certification techniques
(Incremental) verification of extra-functional properties
Modular safety cases
Design-space exploration for multi-physical mixed-criticality systems
Industrial case-studies and best practice
5.3.2 Program Committee
Session Co-Chairs:
CONTREX/ECSI/R/D6.4.3 Public
CONTREX Forum Report (Final)
Page 16
Kim Grüttner (OFFIS, DE)
Eugenio Villar (TEISA U Cantabria, ES)
Program Committee:
Kim Grüttner (OFFIS, DE)
Eugenio Villar (U Cantabria, ES)
Sanjoy Baruah (U North Carolina, USA)
Gedare Bloom (George Washington U, USA)
Francisco J. Cazorla (BSC & IIIA-CSIC, ES)
Arvind Easwaran (Nanyang TU, Singapore)
William Fornaciari (Politecnico di Milano, IT)
Franco Fummi (U Verona, IT)
Kees Goossens (TU/e, NL)
Philipp A. Hartmann (Intel, DE)
Silvia Mazzini (INTECS, IT)
Julio Medina (U Cantabria, ES)
Moritz Neukirchner (Elektrobit Auto., DE)
Roman Obermaisser (U Siegen, DE)
Michael Paulitsch (Thales, AT)
Ingo Sander (KTH, SE)
Ingo Stierand, (CvO Uni Oldenburg, DE)
Jean-Loup Terraillon (ESA, NL)
Salvador Trujillo (IK4-IKERLAN, ES)
Sascha Uhrig (Airbus, DE)
Andreas von Schwerin (Siemens, DE)
5.3.3 Program
MCSDIA: Mixed Criticality System Design, Implementation and Analysis
Session chair: Eugenio Villar
Session Duration: 11:30-13:00
CONTREX/ECSI/R/D6.4.3 Public
CONTREX Forum Report (Final)
Page 17
Mitra Mahdiani and Alejandro Masrur, Introducing Utilization Caps into Mixed-Criticality
Scheduling
Asier Larrucea Ortube, Hamidreza Ahmadian, Roman Obermaisser, Jon Perez and Carlos
Fernando Nicolas, A Realistic Approach to a Network-on-Chip Cross-Domain Pattern
Mladen Slijepcevic, Mikel Fernandez, Carles Hernandez, Jaume Abella, Eduardo Quiñones
and Francisco J Cazorla, pTNoC: Probabilistically Time-Analyzable Tree-Based NoC for
Mixed-Criticality Systems
EPDSD-2: European Projects in Digital System Design – 2 (these projects are related to
mixed-criticality)
Session chair: Francesco Leporati
Session Duration: 10:00-11:00
Francisco J Cazorla, Jaume Abella, Jan Anderson, Tullio Vardanega, Francis Vatrinet, Iain
Bate, Ian Broster, Mikel Azkarate-Askasua, Franck Wartel, Liliana Cucu, Fabrice Cros,
Glenn Farrall, Adriana Gogonel, Andrea Gianarro, Benoît Triquet, Carles Hernandez, Code
Lo, Cristian Maxim, David Morales, Eduardo Quiñones, Enrico Mezzetti, Leonidas Kosmidis,
Irune Agirre, Mikel Fernandez, Mladen Slijepcevic, Philippa Conmy and Walid Talaboulma,
PROXIMA: Improving Measurement-Based Timing Analysis through Randomisation and
Probabilistic Analysis
Ralph Görgen, Kim Grüttner, Fernando Herrera, Gianluca Palermo, William Fornaciari,
Carlo Brandolese, Davide Gadioli, Sara Bocchio, Luca Ceva, Paolo Azzoni, Massimo
Poncino, Sara Vinco, Enrico Macii, Salvatore Cusenza, John Favaro, Raul Valencia, Ingo
Sander, Kathrin Rosvall, Davide Quaglia, Pablo Peñil, Julio Medina and Eugenio Villar,
CONTREX: Design of embedded mixed-criticality CONTRol systems under consideration of
EXtra-functional properties
Alina Lenz, Mikel Azkarate-Askasua Blázquez, Javier Coronel, Alfons Crespo, Simon
Davidmann, Juan Carlos Diaz Garcia, Nera González Romero, Kim Grüttner, Roman
Obermaisser, Johnny Öberg, Jon Perez, Ingo Sander and Ingemar Söderquist, SAFEPOWER
project: Architecture for Safe and Power-Efficient Mixed-Criticality Systems
CONTREX/ECSI/R/D6.4.3 Public
CONTREX Forum Report (Final)
Page 18
6 FDL 2015 Special Session: High Integrity Multi-Core Modelling for Future Systems (Hi-MCM)
The Hi-MCM special session has been co-organized with the project coordinators of DREAM
and PROXIMA, see https://ecsi.org/fdl2015/call-papers-specialsessions.
Organizers:
Kim Grüttner (OFFIS)
Roman Obermaisser (University of Siegen)
Francisco J. Cazorla (Barcelona Supercomputing Center)
Chair: Kim Grüttner (OFFIS)
Modern embedded applications already integrate a multitude of functionalities with
potentially different criticality levels into a single system. Driven by the availability of
embedded multi-core System-on-Chips, this trend is expected to grow in the near future.
Without appropriate preconditions, the integration of mixed-criticality subsystems can lead to
a significant and potentially unacceptable increase of engineering and certification costs.
The Assurance of Multi-Core and Mixed Criticality Systems is an ongoing challenge for high
integrity and safety critical development, which will be addressed in this session. The first
talk proposes an executable system model for functional simulation enabling the observation
of dynamic effects caused by mixed-criticality mode switching. The proposed model allows
the expression of dynamic execution modes and execution time estimates for each criticality
level. The second talk presents how to integrate formally based models relying on the
Synchronous Dataflow Model-of-Computation within a component-based application model
captured in a UML/MARTE extension suitable to express extra-functional properties and
criticality levels. The third contribution is an IEC-61508 compliant validation strategy of the
temporal independence on a partitioned multicore mixed-criticality system and presents
evidences through a set of performed measurements. This session closes with a user
experience report on the applicability of UML/MARTE in an automotive battery management
system, considering functional and extra-functional properties.
Program:
Mixed-Criticality System Modelling with Dynamic Execution Mode Switching
Philipp Ittershagen, Kim Gruettner and Wolfgang Nebel
Abstract - In this paper, an executable system model for performing a functional simulation
while observing the dynamic effects of mixed-criticality requirements regarding applications
with different levels of assurance is proposed. The model provides the expression of dynamic
execution modes and execution time estimates on each criticality level of the system. In a
refinement step, it is possible to observe the effects of scheduling policies, dynamic criticality-
, and execution mode switches on the functional behaviour of the system in a trace-based,
simulative manner. An early evaluation of a quadrocopter platform consisting of a safety-
critical flight control application and a video-based, performance-critical object detection is
used to demonstrate the applicability of the design flow. Simulation results indicate that by
defining multiple execution modes of the object detection algorithm, the run-time utilisation
CONTREX/ECSI/R/D6.4.3 Public
CONTREX Forum Report (Final)
Page 19
feedback allows the algorithm to run in a high-quality mode for more than 50% of the time,
thereby increasing the overall system utilisation by two thirds compared to a static resource
utilisation analysis.
Enhancing Analyzability and Time Predictability in UML/MARTE Component-based
Application Models
Fernando Herrera, Pablo Peñil and Eugenio Villar
Abstract - This paper presents how to integrate formally based models relying on the
Synchronous Dataflow Model-of-Computation within an expressive, component-based
application model captured in UML/MARTE. The application modelling methodology is part
of an UML/MARTE modelling methodology supporting high-level synthesis and design space
exploration. The expressiveness of the application modelling methodology facilitates to find
and build an application model fulfilling the intended semantics, but does not help to ensure
at least for some parts of the model a strict fulfilment of functional and extra-functional
requirements. This capability has become a need in the context of modelling mixed-criticality
applications. This paper shows how expressive, component-based UML/MARTE models can
integrate parts with a sound formal basis, which facilitates the analysis of functional and
extra-functional properties of such parts. Specifically, the paper shows a set of modelling
patterns, which can be translated into SDF counterparts. The paper also reports an
implementation, which enables a bi-directional interoperability between the UML/MARTE
models abiding the patterns and the formally-based ForSyDe methodology, which automates
functional validation and the link to automated analysis of functional and extra-functional
properties
Temporal Independence Validation for IEC-61508 compliant Mixed-Criticality Systems
based on Multicore Partitioning
Asier Larrucea Ortube, Irune Agirre, Carlos Fernando Nicolas, Jon Perez, Mikel Azkarate-
Askasua and Ton Trapman
Abstract - The migration from conventional federated embedded system architectures into
mixed-criticality integrated multicore architectures provides benefits such as reduced cost-
size-weight, better scalability and improved reliability. As a consequence, integrated mixed-
criticality solutions are on the bull’s eye for many embedded systems developers but the
challenges coming from the safety certification of multicore approaches may hinder their
adoption.
Among many other stringent requirements, safety standards demand to prove that mixed-
criticality systems are free of interferences, guaranteeing the spatial and temporal
independence among applications. This paper contributes with the validation strategy of the
temporal independence on a partitioned multicore mixed-criticality system and presents
evidences as a set of performed measurements.
A Novel Design Method for Automotive Safety-Critical Systems based on UML/MARTE
Ralph Weissnegger, Markus Pistauer, Christian Kreiner, Kay Roemer and Christian Steger
Abstract - The complexity of electric/electronic systems in today's vehicles is steadily
growing. New challenges arise through highly distributed systems, which interact with and
have an impact on the physical world, so-called cyber-physical systems. There is a need for
modeling languages like UML/MARTE to support engineers and managers throughout the
whole design process to reduce costs and time to market. Especially when it comes to safety-
CONTREX/ECSI/R/D6.4.3 Public
CONTREX Forum Report (Final)
Page 20
critical systems, safety aspects must be handled on various abstraction levels from high level
system description to detailed modeling of hardware and software. Not only functional but
also non-functional requirements need to be taken into account here. In this paper, we present
a seamless model-driven architecture approach to model safety-critical systems throughout
the whole design phase of the functional safety standard ISO 26262. Furthermore, SysML is
used to extend MARTE with semi-formal requirements to handle the issue with traceability. In
order to demonstrate its efficiency, this methodology is applied to an industrial use case of a
battery management system. The results show that MARTE is very suitable for modeling
systems at any level of granularity in the automotive area, in compliance with functional
safety.
Associated other contributions:
Security Services for Mixed-Criticality Systems based on Networked Multi-Core Chips
Thomas Koller and Donatus Weber
Abstract - Networked multi-core chips are a good solution to efficiently share decentralized
resources. The European FP7 project DREAMS introduces a service based architecture to
realize mixed-criticality systems on networked multi-core chips. The architecture is based on
a waistline structure with secure core services for communication, execution, time
synchronization and resource management. This paper defines the required security
properties to harden the DREAMS architecture against malicious attacks. Furthermore, the
security properties are mapped to concrete security services that serve as basis for the
implementation of the architecture.
CONTREX/ECSI/R/D6.4.3 Public
CONTREX Forum Report (Final)
Page 21
7 HiPEAC Conference MCS Workshops
The HiPEAC conference is the premier European forum for experts in computer architecture,
programming models, compilers and operating systems for embedded and general-purpose
systems. For this reason CONTREX, PROXIMA and DREAM have been actively involved in
the organisation of a joint workshop. The workshop has been executed already four times.
Three times (in 2014, 2015 and 2016) with the participation of CONTREX, PROXIMA and
DREAMS. In 2015 and 2016 CONTREX, PROXIMA and DREAMS have been explicitly
involved in the organization of this workshop.
A 5th edition of the MCS workshop will also be organized in 2016 at the HiPEAC conference
in Stockholm, Sweden.
7.1 3rd International workshop on the “Integration of mixed-criticality subsystems on multi-core and manycore processors” (MCS)
The 10th HiPEAC conference has taken place in Amsterdam, The Netherlands from Monday,
January 19 to Wednesday, January 21, 2015. As part of this conference, the workshop “MCS:
Integration of mixed-criticality subsystems on multi-core and manycore processors” has been
held on Monday. The workshop has been attended by 103 people from 69 different
institutions.
The MCS community aims to solve the challenges to safely integrate applications and
systems of higher and lower criticality together on multicore and distributed architectures. In
order to safely achieve this, challenges reside at the hardware and software architecture level
as well as in the support by means of methodology, modelling, simulation, verification,
documentation and training.
CONTREX/ECSI/R/D6.4.3 Public
CONTREX Forum Report (Final)
Page 22
7.1.1 Organizers
Francisco Cazorla (Barcelona Supercomputing Center),
Jon Perez (IK4-IKERLAN),
Kim Grüttner (OFFIS),
Roman Obermaisser (University of Siegen),
Sascha Uhrig (University of Dortmund)
7.1.2 Workshop Program
10:00-10:05 “Welcome and Introduction” (Dr. Jon Perez – IK4-IKERLAN)
10:05-11:00 Mixed-Criticality Platform (Dr. Francisco Cazorla – BSC)
”Segregation of Subsystems with Different Criticalities on Networked Multi-Core
Chips in the DREAMS Architecture” (Roman Obermaisser – University of Siegen,
FP7 Project DREAMS)
“Embedded Mixed Criticality Multicore – An industry perspective of multicore and
certification” (Bernd Koppenhoefer – Airbus Defence and Space, ARTEMIS Project
EMC²)
11:00-11:30 Coffee Break
11:30-11:45 Mixed-Criticality Platform (Dr. Francisco Cazorla – BSC)
“Mixed criticality for complex networked systems” (Arjan Geven – TTTech, FP7
Project DREAMS)
CONTREX/ECSI/R/D6.4.3 Public
CONTREX Forum Report (Final)
Page 23
11:45-13:00 Community building (Dr. Roman Obermaisser – University of Siegen)
“The vision of the commission” – Presented by Werner Steinhögl (Programme
Officer; Complex Systems and Advanced Computing CONNECT – A3; European
Commission)
Mixed-Criticality community building (Arjan Geven – TTTech)
Community building interactive part (Arjan Geven – TTTech)
15:00-16:00 Certification (Dr. Roman Obermaisser – University of Siegen)
“Towards modular certification of mixed-criticality product lines based on multicore
and virtualization technology (IEC-61508) – Wind power and railway case studies”
(Jon Perez – IK4-Ikerlan, FP7 Projects MultiPARTES / DREAMS / PROXIMA)
“XtratuM Hypervisor: certification elements” (Alfons Crespo – UPV, FP7 Projects
MULTIPARTES / DREAMS)
16:00-16:30 Tools and MBD design methods (Kim Grüttner – OFFIS)
“Towards power, temperature and aging analysis and estimation for SoCs at
system-level” (Kim Grüttner – OFFIS, FP7 Project CONTREX)
16:30-17:00 Coffee Break
17:00-18:00 Tools and MBD design methods (Kim Grüttner – OFFIS)
“Probabilistic timing analysis for multicore based mixed-criticality systems”
(Francisco Cazorla – BSC, FP7 Project PROXIMA)
“Interoperability for Mixed/Safety-Critical Systems Development Environments”
(Omar Kacimi - OFFIS)
18:00-18:30 Panel Discussion
“Complexity management in the development and certification of multicore /
manycore mixed-criticality systems”
Moderator: Jon Perez (IK4-Ikerlan)
Panelists: Dietmar Geiger (Airbus Defence and Space), Rafael Zalman (Infineon),
Christoph Scherrer (Thales Austria)
7.1.3 Community Session
CONTREX/ECSI/R/D6.4.3 Public
CONTREX Forum Report (Final)
Page 24
Along with the workshop, a community session was held focusing on the advancement of the
Mixed-Criticality Forum and Community. With a total of roughly 50 engaged participants
from academia and industry across Europe, the workshop can be considered successful with
fruitful discussions. Discussions were centred on three central themes: expectations, content,
and potential barriers.
The session was organized from the context of the Mixed-Criticality Forum at http://
mixedcriticalityforum.org, an initiative within the FP7 project DREAMS to support the
‘Mixed-Criticality Cluster’ of ongoing FP7 projects, i.e. DREAMS, CONTREX and
PROXIMA and the growing mixed-criticality community in academia and industry.
The results of the three discussion groups are summarized in the following.
Group 1: Expectations to the Mixed-Criticality Community
(10 participants)
In the first group, the discussions focused on the expectations of the participants towards a
mixed-criticality community. The general comment is that the MCF can become a reference
repository for researchers in MCS in different aspects.
Requirements/Metrics: There was a general feeling that academics can be looking
into problems of small interest to industry. This can be corrected/prevented by asking
different industries (across different domains) to articulate a document with their main
requirements in terms of timing, reliability, and any other metric of interest. This will
also help academics to understand what can be done (and what can be assumed) when
attacking a problem and what cannot.
Overview of standards: In this respect, it is understood that many requirements come
from standards, which are hard to read. However, from the dozens of standards in a
domain, the experts in the domain know which are those apply for the problem under
interest and the particular paragraphs in those standards that are of interest. It would
be great if this information is put in the MCF website
Best practices for MCS: A document with Best Practices in each domain would also
be of help. This document cover the main elements to take into account when
deploying a software/hardware function that is to be deployed in the targeted
application domain
CONTREX/ECSI/R/D6.4.3 Public
CONTREX Forum Report (Final)
Page 25
Experiences with MCS: This part covers experiences of people (likely industrialists)
on multicore mixed-criticality systems. The feeling is that a lot can be learnt from the
experience of other people with MCS. Further, overlaps can be found among different
domains.
Who is doing what in the community: This section covers a good description of
what each member of the MCF is doing: in the different application domains and in
the different layers of the computing system. This would help industry understanding
who is doing what in the Mixed-Criticality community. This helps looking for
partners for new projects and building connection among partners.
Group 2: Technical contents
(24 participants)
In the second group, the discussions focused on the technical contents and potential
contributions of parties involved in research on Mixed-Criticality Systems. Regrettably, time
was too short to go into detailed discussions about specific technical contributions. The
discussions therefore centred on the organization of the contents within the MCF and how to
further enable the contribution of technical content.
Application domains: the definition of mixed criticality as well as the challenges and
expectation from the solutions are very diverse in the different domains. All provided
content should be linked with an industrial domain. For this purpose, it might be
useful to collect the domains covered by the MCC projects.
Use cases: to provide (high-level) use-cases of industrial mixed-criticality problems
from the domains avionics and railway. These use-cases can be used to identify
common challenges and join forces to work on the solutions. Anyhow, there might be
some confidentiality issues that need to be discussed internally first.
Common requirements: A common list on requirements (maybe per domain) for
mixed-criticality system could be collected and harmonized across the MCF
contributors (each project should have done this anyhow)
Terminology: A common definition and a refined definition of “Mixed-Criticality” in
the different domains could give some guidance to new players entering the scene
Industrial best-practices: Guidelines, procedures and best practices from industrial
partners could be collected and published through the MCF
Security: Guidelines what you need to consider would be well received. Specific input
from the EURO-MILS (http://www.euromils.eu/) project has been offered. They have
developed a matrix to compare different safety and security critical systems. This
could be a valuable contribution to the MCF.
Collection of standards and certification bodies per domain could be very
interesting. The MCF could also become a common place to discuss potential
shortcomings and roadblocks of existing standards
Furthermore, potential additions to the MCF were discussed to further broaden the scope and
usefulness of the Mixed-Criticality Forum. In particular, the following were mentioned:
Publication and deliverable database: A database of publications from each project
of the MCC. Each Bibtex entry would also carry: a link to the project(s) of the MCC,
a link to the industrial domain or the common domain, and a pdf, if possible. This
publication database could be Bibtex-based. The database could further be extended
with a Public deliverable database of all deliverables from each MCC project to
facilitate the interaction between the projects.
Social functions: the group discussed about ways to further facilitate the social
interaction between organizations and projects, e.g. the integration of a full discussion
CONTREX/ECSI/R/D6.4.3 Public
CONTREX Forum Report (Final)
Page 26
forum and mailing list for discussions, and the integration with social media by means
of Facebook Fan Page and Twitter Channel.
Group 3: Barriers to adoption
(15 participants)
Within the MCS community, several barriers to the adoption of MCS solutions identified that
can be addressed at least in part by community activities. In the group, the following topics
were discussed:
Common Terminology: A missing common terminology is perceived as a barrier.
For example, there are different definitions of mixed-criticality systems in different
communities (e.g., scheduling community vs. certification). In addition, consolidation
of terminology from different domains (automotive, avionics, ...) and different
technological communities (e.g., real-time, high-performance, ...) is necessary.
Certification standards: High certification cost is a barrier towards the certification
of multi-core systems. Certification standards need updates to enable the certification
of these systems.
Ecosystem: Project results need to be leveraged after research projects finish.
Distance between academic and industry: There is a gap between industrial
challenges and academic research. The level of ambition in academic research is often
far from industrial state-of-practice and actual industrial challenges.
Fail-safe and fail-operational systems: Both fail-safe and fail-operational systems
need to be addressed. Mixed-criticality research at present focuses on fail operational
systems.
7.2 4th International workshop on the “Integration of mixed-criticality subsystems on multi-core and manycore processors” (MCS)
The 11th HiPEAC conference has taken place in Prague, Czech Republic from January 18 to
January 20, 2016. As part of this conference, the workshop “MCS: Integration of mixed-
criticality subsystems on multi-core and manycore processors” has been held on Monday. The
workshop has been attended by 81 people from 68 different institutions.
The MCS community aims to solve the challenges to safely integrate applications and
systems of higher and lower criticality together on multicore and distributed architectures. In
order to safely achieve this, challenges reside at the hardware and software architecture level
as well as in the support by means of methodology, modelling, simulation, verification,
documentation and training.
CONTREX/ECSI/R/D6.4.3 Public
CONTREX Forum Report (Final)
Page 27
7.2.1 Organizers
Francisco Cazorla (Barcelona Supercomputing Center (BSC))
Jon Perez (IK4-IKERLAN)
Kim Grüttner (OFFIS)
Roman Obermaisser (University of Siegen)
7.2.2 Workshop Program
Morning Session (10:00-11:00 and 11:30-13:00)
10:00-10:05: “Welcome and Introduction” (5 min, Jon Perez - IK4-IKERLAN) The
introduction motivates the research in computer architectures that support mixed-criticality
integration and outlines the specific challenges with respect to multi-core processors, extra-
functional requirements and software support.
10:05-11:30: Extra-functional requirements 1/2 (30 min, Jon Perez – IK4-IKERLAN)
“Energy, power and thermal management and its impact on safety” (Kim Grüttner – OFFIS,
FP7 CONTREX)
“Introduction to SAFEPOWER (Secure and safe cyber-physical- systems with low power
requirements)” (SAFEPOWER; Mikel Azkarate, IK4-Ikerlan)
"Towards security (and safety) by design for embedded systems" (FP7 SAFURE; André
Osterhues, ESCRYPT GmbH - Embedded Security)
11:30-12:00: Coffee Break
12:00-13:00: Embedded (parallel) computer architectures (55 min, Francisco Cazorla - BSC):
CONTREX/ECSI/R/D6.4.3 Public
CONTREX Forum Report (Final)
Page 28
“Architectures for mixed-criticality systems based on multicore and virtualization" (Roman
Obermaisser – University of Siegen, FP7 DREAMS)
”T-CREST: A Time-predictable Multi-Core Architecture for Embedded Systems” (T-CREST;
Wolfgang Puffitsch, Technical University of Denmark)
“Efficient Arbitration through Randomization for Shared Resources in Multicores”
(PROXIMA; Jaume Abella, Barcelona Supercomputing Center)
Afternoon Session (15:00-17:30)
15:00-16:00: Ecosystems for CPS (60 min, Werner Steinhögl – European Commission)
“The vision of the commission” – Presented by Werner Steinhögl (EC)
Discussion of platforms, ecosystems and innovation for CPS – Moderated by Werner
Steinhögl (EC)
16:00-17:30: “Mixed-Criticality Community Building: roadmapping, technical
challenges/solutions and exploitation” (90 min, Arjan Geven – TTTech, Roman Obermaisser -
University of Siegen)
CONTREX/ECSI/R/D6.4.3 Public
CONTREX Forum Report (Final)
Page 29
8 ARTEMIS/ITEA Co-Summit 2015
The seventh edition of the annual Co-summit “Smart Industry: impact of software innovation”
took place at the Berlin Congress Center on 10/11 of March 2015. The Co-summit was jointly
organised by ITEA, the EUREKA Cluster on Software-intensive Systems & Services and by
ARTEMIS Industry Association, the association for actors in Embedded & Cyber-Physical
Systems within Europe.
Over two days a diversity of projects, presentations and discussions demonstrated the central
and crucial role played by ITEA and ARTEMIS projects in the creation of new, smart
manufacturing and processing. In her keynote address, Jutta Schneider, Director of eDrive and
Software Technologies at Daimler AG, underlined the importance of “software innovation as
a key driver”, a view that was resoundingly echoed by other prominent speakers from the
German government, the European Commission and industry. During the panel discussion on
the Co-summit theme, TNO’s Egbert-Jan Sol suggested that “it is not simply software
innovation but also business innovation and social innovation” that are keys to the
evolutionary process that is revolutionising industry. Importantly, Thomas Lagerberg of ABB
put the question: “We have all these big data and connectivity but it is important to ask what’s
in it for me, how can I make money out of it? We have to demonstrate the benefits to people.”
Examples of precisely such benefits were being displayed all around the exhibition floor:
ARTEMIS and ITEA projects that not only captured the imagination but actually showed to
more than 700 visitors and participants the tangible impact of their work. Like the R5-COP
autonomous WALL•E-looking robot wandering around the exhibition floor, an example of a
smart solution for dirty and dangerous jobs, or the BaaS project leaders in their hardhats and
hazard warning vests that attracted interest in the use of novel value-added services and
applications for smart commercial buildings – both winners of the Exhibition Award.
Speakers corners offered insight into smart industry trends, such as the future of automated
driving with a focus on secure connectivity and the role of Cyber-Physical Systems as a key
technology in the connectivity. Or the dilemma of financing healthcare in which Philips
believes that by cleverly linking Cyber-Physical Systems the costs of realising requirements
for the healthcare system chain can be reduced. Speakers from as far as Canada and South
Africa underlined the global dimension of the Co-summit and the European programmes.
The CONTREX project participated in this event together with the other Mixed Criticality
Cluster projects DREAMS and PROXIMA. On one hand, there was a joint MCC exhibition
booth to promote the Mixed Criticality Cluster and the project topics. On the other hand, the
cluster organized a speakers corner with presentations and discussions on mixed-criticality
systems.
CONTREX/ECSI/R/D6.4.3 Public
CONTREX Forum Report (Final)
Page 30
8.1 MCC Exhibition Booth
8.2 MCC Speakers Corner
The speakers corner with the title “Towards Platforms for Mixed-Criticality Systems” on
mixed-criticality systems was held on 10 March 2015 with the following agenda:
14:00 - 16:00 Towards Platforms for Mixed-Criticality Systems
14:00 - 14:05 Mixed-Criticality Systems and Research Challenges
14:05 - 14:15 Vision of the European Commission
Multi-Core Platforms for Mixed-Criticality Systems
14:15 - 14:30 DREAMS - EC FP7
14:30 - 14:45 PROXIMA - EC FP7
14:45 - 15:00 EMC2 - ARTEMIS
15:00 - 15:15 P-SOCRATES - EC FP7
Development Methodologies for Mixed-Criticality Systems
15:15 - 15:30 CRYSTAL - ARTEMIS
15:30 - 15:45 CONTREX - EC FP7
15:45 - 16:00 MBAT - ARTEMIS
CONTREX/ECSI/R/D6.4.3 Public
CONTREX Forum Report (Final)
Page 31
9 DAC Workshops
9.1 Introduction
In 2013 ECSI together with the partners of CONTREX and OPENES projects launched a very
first workshop organized at the DAC Conference addressing the subject of extra-functional
properties modelling and analysis.
It was the believe of the organizers that having the event organized at the biggest conference
in the domain of electronic systems design is the right choice of place to attract attention of
industry and academia to this emerging topic. The results of the consecutive events organized
between 2014 and 2016 (presented below) demonstrate that this plan has been achieved. Itself
the participation from large number of industry representatives showed that the topic is of a
high relevance.
9.2 DAC Workshop 2014
This is the second workshop organized jointly by CONTREX and OpenES projects to create
the momentum in the community around the aspects of modelling of extra-functional
properties. The objective for both projects is to exchange information on advances and results,
but also to present them to the industry in general sense. This is why the workshop is
organized in the context of the major international conference DAC (Design Automation
Conference) to gain exposure to major industry players.
This year also the presentations in the workshop will be given by several partners otside of the
project consortia including Intel, Xilinx, ARM, Cadence, IMEC, IROC, Toshiba and several
renowned research partners.
CONTREX/ECSI/R/D6.4.3 Public
CONTREX Forum Report (Final)
Page 32
CONTREX/ECSI/R/D6.4.3 Public
CONTREX Forum Report (Final)
Page 33
CONTREX/ECSI/R/D6.4.3 Public
CONTREX Forum Report (Final)
Page 34
9.3 Workshop Program
Workshop Program
9:00 Intro Welcome & Agenda Adam Morawiec (ECSI)
9:05 Keynote An Accurate Simulation Framework for Thermal Explorations and Optimizations William Fornaciari (PoliMi, Italy)
9:50 Session 1
System-Level Design for Reliability Organizers: Andreas Herkersdorf (TU München, Germany), Jürgen Becker (KIT Karlsruhe, Germany) Abstract: Reliability is a system-level concern, both from the hardware/software architecture as well as design method perspectives. Advanced nanometer CMOS technologies are known to be increasingly vulnerable for radiation induced sporadic soft-errors, device aging and various forms of manufacturing and environmental variations. Another source of reliability exposures for today’s and future Systems-on-Chip (SoC) solutions is their inherent complexity, expressed either in Billions of transistors, number of IP cores integrated, and the variety of huge functionality implemented on a single SoC. Today, it is already practically infeasible to validate such SoCs down to clock cycle accuracy under various representative workload scenarios. Both, feature size and complexity induced challenges cannot be addressed at individual, specific abstraction layers with acceptable quality and cost. Senior university and industry researchers from the US and Europe will share their perspectives on crucial design aspects of today’s and future embedded and cyber physical systems. Topics span from dependable NoC communication virtualization on MPSoC, to self-aware Cyber Physical Systems-on-Chip, to high-throughput database query acceleration on reconfigurable FPGAs with High-Level Synthesis, to reliability management of 3D stacked wireless baseband SoCs.
9:50 1.1 A Cross Layer Approach for Efficient Reliability Management in 3D Stacked Wireless Baseband SoCs Norbert Wehn (Microelectronic System Design Research Group, University of Kaiserslautern, Germany)
10:15 1.2 Using Roofline Models to Analyze the Performance of Realistic Key Value Store Implementations on FPGAs with High Level Synthesis Kees Vissers and Michaela Blott (Xilinx, USA and Ireland)
10:40 1.3 CyberPhysical-System-On-Chip (CPSoC): A Self-Aware SoC Platform for Cross-Layer Reliability Nikil Dutt (Center for Embedded and CyberPhysical Systems, UC Irvine)
11:05 Coffee Break
11:20 1.4 Intel Euro Labs Presentation (TBC) Enno Lübbers, Intel Euro Labs, München, Germany
11:45 1.5 Enabling Dependable MPSoC Task Migration with On-Chip Interconnect Virtualization Andreas Herkersdorf (Integrated Systems Lab, Technische Universität München, Germany)
12:10 1.6 Dynamic Migration and Performance Optimization of Deterministic Applications Across Platform Components Using Intel® CoFluent™ Studio Jérôme Lemaitre, Rocco Le Moigne (Intel Corporation SAS, France)
12:35 Lunch Break
13:15 Keynote Towards Parallel Simulation of Multi-Domain System Models Rainer Dömer, UC Irvine, USA
14:00 Session 2
Tools and Methods for Power and Temperature Modeling and Analysis Organizers: Kim Grüttner (OFFIS, Germany), Domenik Helms (OFFIS, Germany) Laurent Maillet-Contoz (STMicroelectronics, France) Abstract: With the predicted device, core and multicore scaling, the dark silicon hypothesis predicts the end
CONTREX/ECSI/R/D6.4.3 Public
CONTREX Forum Report (Final)
Page 35
of multicore scaling, regardless of chip organization and topology, due to power or energy density limitations. For this reason, future system engineers should be able to address power and thermal management as soon as possible in the design flow. Introduction of power and temperature management cannot be done at a single abstraction layer, but must be taken into consideration from the operating system, early system-level models, down to the integration of RTL IP components. For this reason, power and temperature properties need to be modelled across all abstraction layers, because they can strongly affect the products overall quality of service or even cause the system to fail meeting its real-time and safety requirements. In this session will discuss breakthrough academic and industrial solutions to control power consumption and heat dissipation at design and run-time. Furthermore, this session will discuss proposed extensions of existing industrial standards and their implications on commercial tool support. The addressed topics are: operating system support for fine-grained system-level energy analysis through orchestration of energy measurements at hardware level; the extensions of IP-XACT and UPF industry standards to support a seamless ESL to RTL low power design methodology; the extension of IP-XACT with verification features including portable stimuli vectors to enable performance and power closure of complex SoCs; tools for architectural level power and thermal modeling; and a new thermal constrained run-time management called “Thermal Safe Power”.
14:00 2.1 The FIGAROS Operating System Kernel for Fine-Grained System-Level Energy Analysis Timo Hönig, Heiko Janker, Wolfgang Schröder-Preikschat (Friedrich-Alexander-Universität Erlangen-Nürnberg, Germany)
14:25 2.2 Extending IP-XACT and UPF to Support ESL to RTL Low Power Design Methodology Emmanuel Vaumorin, Grégoire Avot (Magillem Design Services; France), Hend Affes, Michel Auguin, Alain Pégatoquet, François Verdier (Univ. Nice Sophia Antipolis, France)
14:50 Coffee Break
15:05 2.3 IP Configuration for the Right Balance Between Required Performance and Power
Nick Heaton (Cadence Design Systems, USA), Simon Rance (ARM, UK)
15:30 2.4 The Use of High Level IP Power Models Across System Analysis Environments and Teams Sylvian Kaiser (Docea Power, France)
15:55 2.5 Thermal-Aware Power Budgeting for Dark Silicon Chips Santiago Pagani, Muhammad Shafique (Karlsruhe Institute of Technology, Germany), Jian-Jia Cheny, Jörg Henkel (TU Dortmund, Germany)
16:20 Session 3
Ageing and Variation Prediction from Transistor to RT Level Organizers: Christoph Sohrmann & Roland Jancke (Fraunhofer Institute for Integrated Circuits IIS, Germany) Abstract: Even in safety-critical areas such as Automotive, Aviation, Medical, and Industrial the demand for applications having highest performance, lowest energy consumption, and smallest dimensions together with extended service life grows rapidly. Combinations of these requirements can only be provided by extremely scaled technologies. Such safety-critical applications do not tolerate device failure. However, devices from advanced technology nodes are generally more susceptible to parametric deviations, either from process variations, parametric drift over lifetime or a combination thereof. The correct prediction of parametric deviations is similarly important as making them accessible on higher abstraction levels. The focus of this session are thus models and formats which abstract detailed knowledge about parameter variations and reliability from the device level to the circuit or RT level. The solutions presented will enable the designer to take these effects into account early in the design phase and ensure to meet specifications over the entire lifetime and for all application conditions.
16:20 3.1 Impact of Time-dependent Variability on the Yield and Performance of 6T SRAM Cells in an Advanced HK/MG Technology Pieter Weckx, Ben Kaczer, Praveen Raghavan, Francky Catthoor, Guido Groeseneken (IMEC, Belgium)
16:45 3.2 Facilitating Cross-Layer Reliability Management through Universal Reliability
CONTREX/ECSI/R/D6.4.3 Public
CONTREX Forum Report (Final)
Page 36
Information Exchange Enrico Costenaro1, Domenik Helms2, Nematollah Bidokhti3, Adrian Evans1, Maximilian Glorieux1 and Dan Alexandrescu1 (1IROC Technologies, France; 2OFFIS, Germany; 3OCZ Toshiba, USA)
17:10 3.3 Statistical Timing Methodology for Low-Power and Multi-Voltage Designs Kerim Kalafala, Natesan Venkateswaran, Stephen Shuma, Vladimir Zolotov, Eric A Foreman (IBM Thomas J. Watson Research Center, USA)
17:35 3.4 Reliability-Driven Analog Circuit Design using gm/Id Method and Cross Layer Modelling of Aging Steffen Paul, Nico Hellwege, Nils Heidmann, Dagmar Peters-Drolshagen (Institute of Electrodynamics and Microelectronics, ITEM, University Bremen, Germany)
18:00 Concluding Remarks & Closing Adam Morawiec (ECSI)
CONTREX Contributions:
Keynote 1: An Accurate Simulation Framework for Thermal Explorations and Optimizations Speaker: William Fornaciari (PoliMi, Italy)
Abstract: While technology scaling allows integrating more cores in the same chip, the complexity of current designs requires accurate and fast techniques to explore different trade-offs. Moreover, the increased power densities in current architectures highlight thermal issues as a first class design metric to be addressed. At the same time, the need to access to accurate models for the exploited actuators is of paramount importance, since their overheads can shadow the benefit of the proposed methodologies. This talk proposes a complete simulation framework for the assessment of run-time policies for thermal-performance and power-performance trade-offs optimization with two main improvements over the state of the art. First, it accurately models Dynamic Voltage and Frequency Scaling (DVFS) modules for both cores and NoC routers as well as a complete Globally Asynchronous Locally Synchronous (GALS) design paradigm and power gating support for crossbar and buffers in the NoC. Second, it accounts for the chip thermal dynamics as well as power and performance overheads for the actuators. Some results related to the use of the framework for the identification of ultra-fast novel thermal management strategies and optimal design of NoC infrastructures will also be presented.
Presentation 2.4: The Use of High Level IP Power Models Across System Analysis Environments and Teams Author: Sylvian Kaiser (Docea Power, France)
Abstract: System behavior, and associated thermal behavior, directly impact the success of electronic products: cost, reliability, safety, quality of service, user experience, and compliance with industry standards. The design technology trend is yet making power and thermal more and more critical with higher power density, higher system integration and more power-hungry applications. In this context high abstraction level approaches can bring valuable system-wide observation and exploration of power behavior in advance of real physical systems, in order to make appropriate power-aware design trade-offs. In this paper we show how IP power models can be used in an architectural level modeling and simulation environment dedicated to SoC and platform power analysis. The environment allows spreadsheet-like static analysis and dynamic analysis, including early power-performance trade-off. The same IP power models can alternatively be used in high level behavioral and functional modeling platforms, for instance ESL platforms typically relying on SystemC-TLM, in order to augment the system simulation with a power estimation perspective. To help share and reuse the IP models across system modeling environments and across teams within an organization, a framework is set-up that centralizes and manages the models. The complete methodology generally improves a company's ability to address the system power dissipation concerns and launch products meeting or exceeding power targets.
CONTREX/ECSI/R/D6.4.3 Public
CONTREX Forum Report (Final)
Page 37
9.4 DAC Workshop 2015: System to Silicon Performance Modeling and Analysis
Date & Location:
June 7, 2015 – San Francisco, USA
Organizer: ECSI
Rationale for this year edition:
The integration of heterogeneous electronic systems composed of SW and HW requires not
only a proper handling of system functionality, but also an appropriate expression and
analysis of various extra-functional properties: timing, energy consumption, thermal behavior,
reliability, cost and others as well as performance aspects related to caching, non-
determinism, probabilistic effects.
The workshop addresses cross-domain aspects related to the design and verification
framework covering methodology, interoperable tools, flows, interfaces and standards that
enable formalization, specification, annotation and refinement of functional and extra-
functional properties of a system. Special emphasis will be given to formalization and
expression of power, temperature, reliability, degradation and aging.
Several research and industry efforts address (parts of) the problem. However, there is a need
for community-wide cooperation to establish a holistic vision on extra-functional property
treatment, and to agree on research and development directions and further on validation of
applicable solutions and standardization.
This event will support collaboration between main actors from system and microelectronics
industry, EDA and research.
The workshop is inviting submissions of short abstracts industrial and scientific work in
progress and practical solution and experiences.
Figure: The System-to-Silicon Performance workshop audience.
CONTREX/ECSI/R/D6.4.3 Public
CONTREX Forum Report (Final)
Page 38
Impact Assessment
Target System companies, Microelectronics companies, Research centres, Universities, Standardisation
Audience Aachen University of Technology, Airbus , Analog Devices, Inc., Broadcom Corporation, Cadence, Carnegie Mellon University, Chapman Consulting, Credit Suisse, CSR, CST AG, D. E. Shaw Research, DOCEA Power, Ecole Centrale de Lyon, EDXACT SA, ETRI, Faraday Technology Corp., FAU Erlangen-Nürnberg, Fraunhofer IIS, Friedrich-Alexander-Universität Erlangen-Nürnberg, Fudan University, Huawei Technologies Co., Ltd., IBM Corporation, Imagination Technologies Ltd., imec, Imperial College London, Infineon Technologies AG, Intel Corporation, iRoc Technologies, L-3 Communications, LEAT/CNRS, Leibniz University of Hannover, LG Electronics, Library Technologies, Inc., MediaTek, Inc., Mentor Graphics Corporation, Microchip Technology, Inc. , Micron Technology, Inc., National Security Research Institute, National Taiwan University of Science and Technolo, National Tsing Hua University, NC State University, Northeastern University, NVIDIA Corporation, Olympus, Oracle Corporation, Osaka University, Oticon A/S, Panasonic Corporation, Politecnico di Milano - DEIB, Qualcomm, RWTH Aachen University, Samsung Electronics Co., Ltd., Sasken Communication Technologies Ltd., Semiconductor Manufacturing International Corp., Seoul National University, Silvaco, Sk hynix, Sonics Inc., Spin Transfer Technologies, Stanford University, STMicroelectronics, Synopsys, Inc., Technische Universität München, The Aerospace Corporation, Toshiba Corporation, Trajectory Design Automation Corp., TSMC, TU Dortmund, UC Irvine, University Bremen, University of British Columbia, University of California at San Diego, University of California, Irvine, University of California, Santa Barbara, University of Illinois, University of Kaiserslautern, University of Texas at Austin, University of Virginia, Utah State University, Virginia Tech, Western Digital Corporation, Xilinx, Inc.
Participation profile
Participants total: 123 registered, 60+ present constantly in the room
59% Industry (!)
39% Academia
2% others (e.g. consulting) Impact Presentation of CONTREX approach to the very wide audience, mostly from
industry
Collaboration with related projects: PAPP, CRAFTERS, OPENES
9.5 DAC Workshop 2016: System to Silicon Performance Modeling and Analysis
Date & Location:
June 5-9, 2016
Austin, TX, USA
Organizer: ECSI
Rationale
The integration of heterogeneous electronic systems composed of SW and HW requires not
only a proper handling of system functionality, but also an appropriate expression and
analysis of various extra-functional properties: timing, energy consumption, thermal behavior,
reliability, cost and others as well as performance aspects related to caching, non-
determinism, probabilistic effects.
CONTREX/ECSI/R/D6.4.3 Public
CONTREX Forum Report (Final)
Page 39
The workshop addresses cross-domain aspects related to the design and verification
framework covering methodology, interoperable tools, flows, interfaces and standards that
enable formalization, specification, annotation and refinement of functional and extra-
functional properties of a system. Special emphasis will be given to formalization and
expression of power, temperature, reliability, degradation and aging.
Several research and industry efforts address (parts of) the problem. However, there is a need
for community-wide cooperation to establish a holistic vision on extra-functional property
treatment, and to agree on research and development directions and further on validation of
applicable solutions and standardization.
This event will support collaboration between main actors from system and microelectronics
industry, EDA and research.
The workshop is inviting submissions of short abstracts on industrial and scientific work in
progress and practical solution and experiences.
Main topics Extra-functional property modeling (power, temperature, reliability, aging, …)
Power and temperature analysis at SoC level: future needs and requirements
Evolution and extensions of standards like UPF, IP-XACT to express extra-functional properties
Power and temperature simulation and analysis at system-level
System level reliability and aging models
Reliability from transistor to RTL level: e.g. NBTI models including basic physical properties
Workshop Organizers: Laurent Maillet-Contoz, STMicroelectronics, France
Kim Grüttner, OFFIS, Germany
Gjalt de Jong, ArchWorks, Belgium
Adam Morawiec, ECSI, France
Organized by R&D Collaborative projects:
CONTREX/ECSI/R/D6.4.3 Public
CONTREX Forum Report (Final)
Page 40
CONTREX/ECSI/R/D6.4.3 Public
CONTREX Forum Report (Final)
Page 41
CONTREX/ECSI/R/D6.4.3 Public
CONTREX Forum Report (Final)
Page 42
CONTREX/ECSI/R/D6.4.3 Public
CONTREX Forum Report (Final)
Page 43
Impact Assessment
Target Audience DAC participants: world-wide industry and academia
System, Fab, Fabless, EDA, IP, research
Participation 45 registered people
+70 entering the room
Companies & organizations represented:
Ajou University, ARM Ltd., Aurrion Inc., Carnegie Mellon University, CEA LIST, Cirrus Logic, Inc., Ericsson, Fraunhofer IIS/EAS, Graz University of Technology, Hella, iRoc Technologies, Karlsruhe Institute of Technology, Leibniz University of Hannover, LG Electronics, Marvell Semiconductor, Inc., MunEDA GmbH, Oracle Corporation, Qualcomm Technologies, Inc., Samsung Austin R&D Center, Samsung Electronics Co., Ltd., Seagate Technology, LLC, Socionext, Inc., Sony Corp., STMicroelectronics, SuZhou PowerCore Technology, Synopsys, Inc., Technische Universität München, UFRGS, University of Cantabria, US Department of Defense (DoD)
Comments Very good exposure to world-wide audience
Very strong industrial participation: Qualcomm, Samsung, LG, Sony, Ericsson, ARM, Marvell, Seagate, Cirrus…
One of the most prestigious places to organize the OpenES Forum workshop at DAC
Third event in a series of workshops initiated, set-up and conducted by OpenES
One of the best participation among all DAC workshops
CONTREX/ECSI/R/D6.4.3 Public
CONTREX Forum Report (Final)
Page 44
10 DATE Workshops and Exhibition
10.1 IMPAC Workshop
DATE 2016 Friday Workshop, March 18th, 2016
IMPAC: Getting more for less: Innovative MPSoC Architecture Paradigms for Analysability
and Composability of Timing and Power
Today’s MPSoCs cannot only potentially provide high performance but also the possibility of
integrating more than one application. With more than one application, different workload
demands need to be handled like strict timing for safety critical real-time applications or best-
effort computation for, e.g., video processing. Ensuring dependable behaviour of such
systems with respect to timing and power is a huge challenge for state-of-the-art analysis
methods. Without support from the hardware platform, firmware and software, this analysis
can become extremely cumbersome. Furthermore, the independent analysis and incremental
integration of different applications on a single chip becomes infeasible.
To support the analysability of MPSoCs, predictable and composable architectures with
appropriate software layer support have been proposed. This ranges from less-predictable best
effort (Average Case Analysis) over cycle-level predictable (Static Timing Analysis) to
predictable and randomized (Probabilistic Timing Analysis) MPSoC platforms.
This workshop aims at presenting and discussing the latest research results within this
spectrum of topics, with emphasis on new on-chip architectures and analysis paradigms to
enable fast, yet accurate, and dependable analysis, to support the incremental integration of
heterogeneous applications in MPSoCs. The workshop, whose presentations are by invitation
only, will bring together representatives of the major European projects in the field as well as
academic/industrialist experts on the field. The workshop audience will be exposed to the
latest developments, at hardware and software level, on predictable and composable
platforms.
10.1.1 Organizers
Dr. Francisco J. Cazorla is a researcher at the National Spanish Research Council (CSIC)
and the leader of the CAOS research group (Computer Architecture - Operating System) at
the Barcelona Supercomputing Centre (http://www.bsc.es/caos). His research area covers the
design for both high-performance and real-time systems. He has led several research projects
funded by industry including several processor vendor companies (IBM, Sun microsystems)
and the European Space Agency. He has also participated in European FP6 (SARC) and FP7
Projects (MERASA, parMERASA). He led the FP7 PROARTIS project and currently leads
the FP7 PROXIMA project. He has co-authored over 80 papers in international refereed
conferences and has several patents on the area.
Dr.-Ing. Ralph Görgen is a senior researcher in the Hardware/Software Design Methodology
group at the OFFIS Institute for Information Technology, Oldenburg, Germany. He studied
Electrical Engineering at the University of Applied Science in Emden until 2006, and
completed his PhD in Computer Science at the University of Oldenburg in January 2014. His
main research area is modelling and simulation of embedded hardware/software systems.
CONTREX/ECSI/R/D6.4.3 Public
CONTREX Forum Report (Final)
Page 45
Ralph Görgen participated in several national and international research projects. Currently,
he coordinates the European research project CONTREX.
Prof. Dr. Roman Obermaisser is full professor at the Division for Embedded Systems of
University of Siegen. He has studied computer sciences at Vienna University of Technology,
and received the Master's degree in 2001. In February 2004, Roman Obermaisser has finished
his doctoral studies in Computer Science with Prof. Hermann Kopetz at Vienna University of
Technology as research advisor. In July 2009, Roman Obermaisser has received the
habilitation ("Venia docendi") certificate for Technical Computer Science. His research work
focuses on system architectures for distributed embedded real-time systems. He wrote a book
on an integrated time-triggered architecture published by Springer-Verlag, USA. He is the
author of several journal papers and conference publications. He has also participated in
numerous EU research projects (e.g. DECOS, NextTTA) and was the coordinator of the
European research projects GENESYS and ACROSS.
CONTREX/ECSI/R/D6.4.3 Public
CONTREX Forum Report (Final)
Page 46
10.1.2 Agenda and Speakers
Speaker
08:30 –
08:40
Welcome and Opening
08:40 –
10:15
Session 1a: Analysis Methods and Platform
Requirements for Analysability
08:40 –
09:25
Avionics Requirements for Dependability and
Composability
Sascha Uhrig (Airbus
Group Innovations)
09:25 –
09:50
Static Code Level Timing Analysis on Systems with
Interference
Christian Ferdinand
(AbsInt)
09:50 –
10:15
Addressing the Path Coverage Problem with
Measurement-based Timing Analysis
Tullio Vardanega
(University of Padova )
10:15 –
10:45
Coffee Break
10:45 –
11:35
Session 1b: Analysis Methods and Platform
Requirements for Analysability
10:45 –
11:10
Analysis of Power – Measurement, Simulation, and
Composability
Kim Grüttner (OFFIS)
11:10 –
11:35
Short Panel 1: Static Analysis vs. Measurement-based
Analysis
Session 1 Speakers
11:35 –
12:00
Session 2a: Concepts for Composable Dependable
Architectures
11:35 –
12:00
DREAMS: Dependable NoC Roman Obermaiser
(Uni Siegen)
12:00 –
13:00
Lunch Break
13:00 –
15:00
Session 2b: Concepts for Composable Dependable
Architectures
13:00 –
13:20
Model-Based Code Generation for the MPPA
Manycore Processor
Benoît Dupont de
Dinechin (Kalray)
13:20 –
13:40
Safe and Secure Real-Time (SSRT) Benjamin GIittins
(Synaptic Labs)
13:40 –
14:05
PROXIMA Probabilistic Architecture for FPGA and
COTS
Francisco Cazorla
(BSC)
14:05 –
14: 35
CompSOC: A Predictable and Composable Multicore
System
Kees Goossens (TU/e)
14:35 –
15:00
Short Panel 2: Costs of Hardware-Support for
Dependability
Session 2 Speakers
15:00 Closing of WS
10.2 OpenES & CONTREX Projects Workshop: System-Level Power and Temperature Specification, Modelling and Analysis
The OpenES/CONTREX workshop was executed as a fringe event of the DATE 2016
conference (see https://www.date-conference.com/date16/conference/co-located-workshop-
cw02) on March 17, 2016. The main goal of this workshop was the presentation of project
CONTREX/ECSI/R/D6.4.3 Public
CONTREX Forum Report (Final)
Page 47
results in the area of system-level power and temperature specification, modelling and
analysis and the identification of joint future work to integrate these results. The workshop
was mainly driven by STMicroelectronics (France), as coordinator of OpenES, OFFIS and
ECSI.
Organizers:
Kim Grüttner (OFFIS, DE)
Laurent Maillet-Contoz (STMicroelectronics, FR)
Adam Morawiec (ECSI, FR)
With the predicted device, core and multicore scaling, a recent study revealed that regardless
of chip organization and topology, multicore scaling is power limited. It has been predicted
that at 22 nm, 21% of a fixed-size chip must be powered off, and at eight nm, even more than
50%. A system engineer should be able to plan the power intent and break is down to the
different hardware resources. With regard to the software, a system engineer should be aware
of any possible cross-application interferences with respect to timing, power and thermal
properties, as soon as possible in the design flow. Power and temperature management shall
be considered in conjunction with the application needs and platform capabilities. For this
reason, power and temperature properties need to be modelled and analyzed at the system
level, because they can strongly affect the overall quality of service (performance, battery
lifetime) or even cause the system to fail meeting its real-time and safety requirements.
In this workshop, we present and discuss our perspectives on the integration and usage of
power and temperature models in SystemC and IP-XACT. This covers the specification of
platform properties (extra-functional model) as well as the dynamic capturing, processing, and
extraction of power/temperature information during the simulation. In particular, the
following topics will be addressed:
- Modeling of extra-functional properties (especially power and temperature) in
executable system-level models (ESL models)
- Estimation techniques to build/generate/annotate ESL models with extra-functional
properties and extra-functional property models
- Expression of Power Management techniques on ESL
- Specification and monitoring of extra-functional properties
- Integration with relevant standards to support future interoperability of models:
SystemC, IP-XACT
- Integration into industrial tools
Workshop Program:
9:00 – 9:15 Opening and Workshop Overview
9:15 – 10:00 OpenES Modeling Toolkit
Laurent Maillet-Contoz (STMicroelectronics, France)
10:00 – 10:30 Case Study: IP-XACT Extensions for Safety-Critical Embedded
Systems
Ralph Weissnegger (CISC, Austria)
10:30 – 11:00 Coffee Break & Exhibition
11:00 – 11:30 Power State Machines: State-based System-level Power Estimation and
Modelling
Daniel Lorenz (OFFIS, Germany)
CONTREX/ECSI/R/D6.4.3 Public
CONTREX Forum Report (Final)
Page 48
11:30 – 12:00 From RTL IP to Functional System-Level Models with Extra-
Functional Properties
Franco Fummi (EDALab, Italy)
12:00 – 12:30 IP-XACT Extensions for Extra-functional Properties
Emmanuel Vaumorin (Magillem, France)
12:30 – 13:30 Lunch & Exhibition
13:30 – 14:00 Timed Value Streams: Tracing, Monitoring and Analysis of Extra-
functional Properties in SystemC
Kim Grüttner (OFFIS, Germany)
14:00 – 14:30 Timed Value Stream-based Power and Temperature Model
Ralph Görgen (OFFIS, Germany)
14:30 – 15:00 Coffee Break & Exhibition
15:00 – 15:45 Discussion: Enhance Interoperability of Models and Tools by
Upgrading and Extending Existing Open Standards (SystemC TLM,
SystemC-AMS, IP-XACT)
15:45 – 16:00 Closing and Concluding Remarks
10.3 MCC DATE Exhibition Booth
The Mixed-Criticality Cluster projects CONTREX, PROXIMA and DREAM have been
participating with a joint booth at the DATE exhibition. The goals of the joint booth were:
- Communication and discussions among the MCC project partners
- Information about the projects and the project’s results to the public
- Discussion and communication with other European Projects and the research
community
In particular, we have participated in the organization of a booth at DATE 2014 and 2016.
10.3.1 DATE 2014
Title of the booth: European Project Cluster on Mixed-Criticality Systems (DREAMS,
PROXIMA, CONTREX, MultiPARTES)
Short description:
The European Project Cluster on Mixed-Criticality Systems has been started in October 2013
and consists of the following European projects, attacking several challenges and aspects of
Mixed-Criticality Systems:
1) DREAMS (Distributed REal‐time Architecture for Mixed criticality Systems) will
develop a cross-domain architecture and design tools for networked complex systems
where application subsystems of different criticality, executing on networked multi-
core chips, are supported. More details at: http://www.dreams-project.eu/
2) PROXIMA (PRObabilistic real‐time control of miXed‐crIticality Multicore and
mAnycore systems) will define new hardware and software architectural paradigms
based on the concept of randomization. It extends this approach across the
CONTREX/ECSI/R/D6.4.3 Public
CONTREX Forum Report (Final)
Page 49
hardware and software stack ensuring that the risks of temporal pathological
cases are reduced to probabilistically quantifiable small levels. More details at:
http://www.proxima-project.eu/
3) CONTREX (Design of embedded mixed-criticality CONTRol systems under
consideration of EXtra-functional properties) will enable energy-efficient and cost
aware design through analysis and optimization of real-time, power, temperature and
reliability with regard to application demands at different criticality levels. More
details at: http://contrex.offis.de/
4) MultiPARTES (Multicore Partitioned Systems) aims at developing tools and solutions
for building trusted embedded systems with mixed criticality components on multicore
platforms based on the XtratuM hypervisor. More details at:
http://www.multipartes.eu/
CONTREX/ECSI/R/D6.4.3 Public
CONTREX Forum Report (Final)
Page 50
CONTREX/ECSI/R/D6.4.3 Public
CONTREX Forum Report (Final)
Page 51
CONTREX/ECSI/R/D6.4.3 Public
CONTREX Forum Report (Final)
Page 52
10.3.2 DATE 2016
• Modern embedded applications already
integrate mixed-criticality functionalities
• This trend is expected to continue with the
advent of multicores.
Multicore benefits: higher degree of
integration of systems with different
levels of dependability and security,
known as mixed-criticality.
ӿ Without appropriate preconditions,
the integration of mixed-criticality
multi-core processors can lead to a
significant (potentially unacceptable)
increase of engineering and
certification costs.
• Grand challenge for EU industries in the
integration of mixed-criticality systems in
different domains having multicores and
manycores as hardware computing platform
Motivation
DREAMS PROXIMA
Derivate Challenges
• Timing: enabling integrated mixed-
criticality multicore systems are
mechanisms for temporal and spatial
partitioning, which establish fault
containment and the absence of
unintended side effects between functions
• Certification: Key to enable exploitation of
results in certain application domains such
as railways or energy
• Extra-functional properties: timeliness,
energy efficiency of battery-operated
devices, dependable operation in safety-
relevant scenarios, short time-to-market
and low cost in addition to increasing
requirements with respect to functionality.
• Development methods: with explicit
support for modelling mixed-criticality
European Mixed-Criticality Cluster
Francisco J. Cazorla (BSC), Kim Grüttner (OFFIS) ,
Roman Obermaisser (Univ. Siegen)
Mixed Criticality Forum
CONTREX
• Mixed-criticality architecture based on
networked multi-core chips
• Hierarchical platform including both on-chip
resources (e.g., processing cores, memory,
Network-on-a-Chip (NoC)) and off-chip
resources such as computer networks
Reduced development cost and
time-to-market for mixed-criticality
applications
Exploitation of economies of scale
through cross-domain approach
Significant advances in virtualization
techniques leading to higher
reliability, security and safety
• Provides industry ready software timing
analysis using probabilistic analysis for
multi-core real-time embedded systems
• Enable cost-effective verification of software
timing analysis including WCET
• Industrial benefits
More performance using multi/many-
core hardware in critical systems
Lower mixed-criticality integration
costs with time-composable software
Cost-effective software timing
analysis (WCET)
Certification arguments for DO-178B
and safety standards
• CONTREX enables consideration of extra-
functional requirements and constraints
(timing, power, temperature, aging,
reliability)
• Allows to represent extra-functional
properties
Timing
Power
Temperature
in executable prototypes and analysis of
these properties
under different deployments and
mappings
local/global scheduling and control
decisions.
• Mixed-Criticality Website with shared
information
• www.mixedcriticalityforum.org
• Information on MCC / MCS News & Events
• Innovation Roadmap
• Catalogue of Technology Building Blocks
• Description of the three projects and their
relationship
• Provides the infrastructure for a mixed-
criticality community supporting active
exchange of ideas as well as technological
building blocks.
• The Mixed Criticality Cluster (MCC) brings
together different EU FP7 projects
(CONTREX, DREAMS and PROXIMA) to
address the mixed-criticality grand
challenge and derivate challenges
• Those project closely work together in
terms of identification of future challenges:
Design and development of mixed-
criticality multicore system
Join dissemination activities,
Where possible exploring tech-
niques to attack those challenges.
The MCC Cluster
This work has been supported by the
European Commissions funded projects
DREAMS (610640), PROXIMA (611085) and
CONTREX (611146)
Acknowledgements
Node Node Node NodeSystem Node: Global Res. Manager (GRM)
DREAMS SYSTEM OF NETWORKED MULTI-CORE CHIPS
Tile: System Core
Memory GW
Application Tile Application Tile Application Tile
Tile: System Core
Off-Chip/On-Chip GW
Tile: System Core
I/O
System Node
Off-Chip GW
Local Resource Mngmt.
On-Chip Interconnect
Off-Chip Network Off-Chip Network
Pa
rtit
ion
s
DRALOS
Sys
tem
Co
mp
on
en
tO
pti
on
al S
erv
ice
DREAMS Virtualization Layer
Processor Cores
Network Interface
DRALOS
Sys
tem
Co
mp
on
en
tO
pti
on
al S
erv
ice
DRALOS
Optional Service (MW)
Ap
pli
cati
on
Co
mp
on
en
t
DRALOS
Optional Service (MW)
Ap
pli
cati
on
Co
mp
on
en
t
CONTREX/ECSI/R/D6.4.3 Public
CONTREX Forum Report (Final)
Page 53
CONTREX/ECSI/R/D6.4.3 Public
CONTREX Forum Report (Final)
Page 54
11 Conclusion
The main objective of the CONTREX Forum was to enable and support the spread out of the
CONTREX results to industry.
While the initial idea to create a stable group of industry partners who will collaborate in the
area of extra-functional properties modelling and design methods couldn’t be fully
implemented, the consortium made a significant step towards the wide-spread of the
innovative idea of addressing this topic in the entire design process from system to silicon.
The main success in largely disseminating the concept and the results was the creation of a
stable worldwide event (the DAC Workshop on System-to-Silicon Performance Modelling
and Analysis) which confirmed on one hand the industrial relevance of the subject and on the
other hand showed the emerging solutions and proposal to solve the problem.
This event was the main vehicle that CONTREX used to reach worldwide industry and focus
interest around this topic.
Furthermore, the Mixed-Criticality Cluster (MCC) has been very active in the organisation of
joint events at conferences and workshops. The collaboration within the MCC went far
beyond the original plan of having cluster reviews “only”. The MCC has been actively
supported by the CONTREX project and many events that have been listed in this document
are a result of a joint organization. Partners/Coordinators from the DREAMS or PROXIMA
project have been invited to the program committees or have submitted their results for
technical discussion. Through this very intensive exchange inside the MCC and especially
among the coordinators of the MCC, new project ideas and new collaborations have been
grown and are still growing.
Recommended