Time-Predictable and Composable Architectures for Dependable Embedded Systems


Prof. Kees Goossens (Eindhoven university of technology)
Prof. Saddek Bensalem (Verimag, University Joseph Fourier)

Overview of the tutorial

Embedded systems must interact with their real-time environment in a timely and dependable fashion. Most embedded-systems architectures and design processes consider "non-functional" properties such as time, energy, and reliability as an afterthought, when functional correctness has (hopefully) been achieved. As a result, embedded systems are often fragile in their real-time behaviour, and take longer to design and test than planned. Several techniques have been proposed to make real-time embedded systems more robust, and to ease the process of designing embedded systems, including
  1. Precision-timed and time-triggered architectures, to make time a first-class citizen of system design.
  2. Deterministic architectures for repeatable timing behaviour.
  3. Composability, which guarantees that the (non)-functional behaviour of components is unchanged on integration in a larger system.
The aim of this tutorial is to present the state of the art and major approaches to time-predictability and composability, such as BIP, TTA, PRET, PTIDES, Giotto, TipToe, and CompSOC.

Slides are now online below

  1. Prof. Sifakis - Rigorous Component-based System Design in BIP
  2. Prof. Obermaisser - Time-Triggered Architecture -- Concepts, Applications and Research Challenges
  3. Prof. Goossens - Composable Timing and Energy in CompSOC
  4. Prof. Lee - Repeatable Timing in Software and Networks
  5. Prof. Kirsch - The Logical Execution Time Paradigm
The tutorial abstract that is in the proceedings:
"Time-predictable and composable architectures for dependable embedded systems"


In alphabetical order:


This tutorial is part of the embedded systems week. Please visit this website to register for this tutorial and the other events that take place during the ESWEEK.

Abstracts of the presentations

Prof. Sifakis - Rigorous Component-based System Design Using the BIP Framework

Rigorous system design requires the use of a single powerful component framework allowing the representation of the designed system at different levels of abstraction, from application software to its implementation. Such a framework allows to maintain overall coherency and correctness of the design flow by comparing different architectural solutions and their properties. We present a rigorous design flow using the BIP Behavior, Interaction, Priority) component framework as a unifying semantic model to derive correct implementations from application software, a model of the target architecture and a mapping. Correctness of implementations is ensured by application of source-to-source transformations in BIP which preserve essential design properties. The design flow is fully automated and supported by a toolset including a compiler, the D-Finder verification tool and model transformers. It is illustrated through two rivial case studies.

Prof. Lee - Repeatable Timing in Software and Networks

All widely used software abstractions lack temporal semantics. The notion of correct execution of a program written in every widely-used programming language today does not depend on the temporal behavior of the program. But temporal behavior matters in almost all systems. Even in systems with no particular real-time requirements, timing of programs is relevant to the value delivered by programs, and in the case of concurrent programs, also affects the functionality. In systems with real-time requirements, such as most cyber-physical systems, temporal behavior affects not just the value delivered by a system but also its correctness.

In this talk, we will argue that time can and must become part of the semantics of programs for a large class of applications. To illustrate that this is both practical and useful, we will describe two recent efforts at Berkeley in the design and implementation of timing-centric software systems. On the design side, we will describe PTIDES, a programming model for distributed real-time systems. PTIDES rests on a rigorous semantics of discrete-event systems and reflects the realities in distributed real-time, where measuring the passage of time is imperfect. PTIDES enables deterministic time-sensitive distributed actions. It relies on certain assumptions about networks that are not trivial (time synchronization with bounded error and bounded latency), but which have been shown in some contexts to be achievable and economical. PTIDES is also robust to subsystem failures, and, perhaps most interestingly, provides a semantic basis for detecting such failures at the earliest possible time. On the implementation side, we will describe PRET machines, which redefine the instruction-set architecture (ISA) of a microprocessor to include temporal semantics.

Prof. Obermaisser - Time-Triggered Architecture -- Concepts, Applications and Research Challenges

This presentation gives an overview of the concepts, applications and research challenges of the Time-Triggered Architecture (TTA). The TTA supports complexity management through the straightforward composition of systems out of components. As the foundation for robustness, the TTA supports fault isolation, the selective restart of components after transient faults, and active redundancy. Security is addressed at all levels of the architecture. Energy efficiency is enabled through integrated resource management that makes it possible to individually reduce the power-requirements of components. The TTA is a platform architecture that provides a minimal set of core services and a plurality of optional services that are predominantly implemented as self-contained system components. Choosing a suitable set of these system components that implement optional services, augmented by application specific components, can generate domain-specific instantiations (e.g., automotive, avionics).

Prof. Kirsch - The Logical Execution Time Paradigm

Since its introduction in 2000 in the time-triggered programming language Giotto, the Logical Execution Time (LET) paradigm has evolved from a highly controversial idea to a well-understood principle of real-time programming. This tutorial provides an easy-to-follow overview of LET programming languages and runtime systems as well as some LET-inspired models of computation. The presentation is intuitive, by example, citing the relevant literature including more formal treatment of the material for reference. This is joint work with Ana Sokolova.

Prof. Goossens - Composable Timing and Energy in CompSOC

This presentation will overview of the CompSOC platform that enables multiple applications to be implemented, verified, and executed independently. Any mix of best-effort, soft and firm real-time applications can be integrated, without any interference between them. Composability holds for functional behaviour, but also for timing, energy, and power. Every application has its own time budget on processor tiles, network on chip, on-chip memories, and SDRAM off-chip memory, enabling end-to-end performance guarantees for real-time applications. Energy and power budgets per application on each processor tile allow each application to have its own (real-time) power manager, without causing interference.