Lutz Wrage

Coordinated Bank and Cache Coloring for Temporal Protection of Memory Accesses

In commercial-off-the-shelf (COTS) multi-core systems, the execution times of tasks become hard to predict because of contention on shared resources in the memory hierarchy. In particular, a task running in one processor core can delay the execution of another task running in another processor core. This is due to the fact that tasks can access data in the same cache set shared among processor cores or in the same memory bank in the DRAM memory (or both). Such cache and bank interference effects have motivated the need to create isolation mechanisms for resources accessed by more than one task. One popular isolation mechanism is cache coloring that divides the cache into multiple partitions. With cache coloring, each task can be assigned exclusive cache partitions, thereby preventing cache interference from other tasks. Similarly, bank coloring allows assigning exclusive bank partitions to tasks. While cache coloring and some bank coloring mechanisms have been studied separately, interactions between the two schemes have not been studied. Specifically, while memory accesses to two different bank colors do not interfere with each other at the bank level, they may interact at the cache level. Similarly, two different cache colors avoid cache interference but may not prevent bank interference. Therefore it is necessary to coordinate cache and bank coloring approaches. In this paper, we present a coordinated cache and bank coloring scheme that is designed to prevent cache and bank interference simultaneously. We also developed color allocation algorithms for configuring a virtual memory system to support our scheme which has been implemented in the Linux kernel. In our experiments, we observed that the execution time can increase by 60% due to inter-task interference when we use only cache coloring. Our coordinated approach can reduce this figure down to 12% (an 80% reduction).

Engineering Systems of Systems

Over the past decade, the focus of much effort in systems development has evolved from the development of individual self- contained systems to the integration of large-scale systems of systems (SoS) that are constantly evolving to address new user needs. Because these types of systems of systems no longer have a single controlling authority, have components that are developed and evolve independently, and as a result cannot be specified by a top-down set of requirements, the methods for engineering them need to be modified from the methods for engineering traditional systems. This paper identifies the characteristics of SoS, proposes a SoS life cycle, and identifies some considerations for requirements engineering in an SoS environment.

Measuring software sustainability

Planning and management of software sustainment is impaired by a lack of consistently applied, practical measures. Without these measures, it is impossible to determine the effect of efforts to improve sustainment practices. In this paper we provide a context for evaluating sustainability and discuss a set of measures developed at the Software Engineering Institute at Carnegie Mellon University.

On Resource Overbooking in an Unmanned Aerial Vehicle

Large variations in the execution times of algorithms characterize many cyber-physical systems (CPS). For example, variations arise in the case of visual object-tracking tasks, whose execution times depend on the contents of the current field of view of the camera. In this paper, we study such a scenario in a small Unmanned Aerial Vehicle (UAV) system with a camera that must detect objects in a variety of conditions ranging from the simple to the complex. Given resource, weight and size constraints, such cyber-physical systems do not have the resources to satisfy the hard-real-time requirements of safe flight along with the need to process highly variable workloads at the highest quality and resolution levels. Hence, tradeoffs have to be made in real-time across multiple levels of criticality of running tasks and their operating points. Specifically, the utility derived from tracking an increasing number of objects may saturate when the mission software can no longer perform the required processing on each individual object. In this paper, we evaluate a new approach called ZS-QRAM (Zero-Slack QoS-based Resource Allocation Model) that maximizes the UAV system utility by explicitly taking into account the diminishing returns on tracking an increasing number of objects. We perform a detailed evaluation of our approach on our UAV system to clearly demonstrate its benefits.

Model-Based Verification of Security and Non-Functional Behavior using AADL

Modeling of system quality attributes, including security, is often done with low fidelity software models and disjointed architectural specifications by various engineers using their own specialized notations. These models are typically not maintained or documented throughout the life cycle and make it difficult to obtain a system view. However, a single-source architecture model of the system that is annotated with analysis-specific information allows changes to the architecture to be reflected in the various analysis models with little effort. We describe how model-based development using the Architecture Analysis and Design Language (AADL) and compatible analysis tools provides the platform for multi-dimensional, multi-fidelity analysis and verification. A special emphasis is given to analysis approaches using Bell-LaPadula, Biba, and MILS approaches to security and that enable a system designer to exercise various architectural design options for confidentiality and data integrity prior to system realization.

Utility-Based Resource Overbooking for Cyber-Physical Systems

The tight coupling among computation, sensing and control found in Cyber-Physical Systems (CPS) often requires information processing to be completed within strict timing deadlines. Traditional hard real-time scheduling algorithms require the use of the worst-case execution times to guarantee that deadlines will be met. Unfortunately, many algorithms with parameters derived from sensing the physical world suffer from large variations in execution time, which leads to pessimistic overall utilization. For example, object tracking in a computer vision system is highly dependent on the number and size of the objects within the cameras field of view. In this paper, we present the formal description of ZS-QRAM [8], a scheduling approach that allows system designers to flexibly assign execution times and application-derived utility to tasks in order to maximize total system utility even in the presence of highly variable processing estimates. In particular, we provide a detailed description of the algorithm, the formal proofs for its temporal protection and a detail evaluation. Our evaluation uses the Utility Degradation Resilience (UDR) metric presented in [8]. Our results show that ZS-QRAM is able to obtain four times as much UDR as ZSRM, a previous overbooking approach, and almost twice as much UDR as Rate-Monotonic with Period Transformation (RM/TP) even when the latter does not provide temporal protection.

An Implementation of the Behavior Annex in the AADL-Toolset Osate2

AADL is a modeling language to design and analyze High-Integrity Distributed and Real-time systems. Embedded sub-languages published as AADL annexes extend an AADL model to enhance analysis. The behavior annex specifies the behavior of an AADL application model. Thus, an implantation of this annex allows to perform behavior analysis. In addition, as there are several AADL annexes, the implementation of generic mechanisms to support each one of them is challenging. The behavior annex is a valid candidate to illustrate these challenges by combining several sub-languages. In this paper we expose our experiment to support the behavior annex in the reference AADL tool set OSATE2. This one, supports the AADL version 2 by providing a front-end and a set of analysis plug-ins to analyze an AADL model.

Resource allocation contracts for open analytic runtime models

Open Analytic Runtime (OAR) Models embed analysis algorithms into runtime architectural models, thus integrating the model and its analytic interpretations. Such an integration is critical for Cyber-Physical Systems (CPS) when model parts are independently developed by different teams as it is the case in multi-tier industries, e.g. avionics and automotive. Analysis algorithms play a central role augmenting the designers capacity to automatically verify properties of interest in systems at the scale and complexity required by these industries. Unfortunately, the verification results are valid only if the assumptions of the different analysis algorithms (analytic assumptions) are consistent with each other. This paper presents our work on the automatic verification of one important class of analytic assumptions in OAR models: resource allocation assumptions. These assumptions are modeled as Resource Allocation (RA) contracts. RA contract constructs include not only the typical assumes and guarantees but also runtime facts and implications. Finally, we automatically determine the correct sequence of execution of the analysis algorithms based on the contract input/output dependencies described in our models. Together these characteristics enable the automatic assumption verification that preserves the scalability of analytic models. We illustrate our approach using an example model with analysis algorithms for security, schedulability, and energy efficiency.

Adaptive Quality of Service in ad hoc wireless networks

In high criticality crisis scenarios, such as disaster management, ad hoc wireless networks are quickly assembled in the field to support decision makers through situational awareness using messaging-, voice-, and video-based applications. These applications cannot afford the luxury of stalling or failing due to overwhelming bandwidth demand on these networks as this could contribute to overall mission failure. This paper describes an approach for satisfying application-specific Quality of Service (QoS) expectations operating on ad hoc wireless networks where available bandwidth fluctuates. The proposed algorithm, D-Q-RAM (Distributed QoS Resource Allocation Model) incorporates a distributed optimization heuristic that results in near optimal adaptation without the need to know, estimate, or predict available bandwidth at any moment in time.

Utility-based resource overbooking for Cyber-Physical Systems

The tight coupling among computation, sensing and control found in Cyber-Physical Systems (CPS) often requires information processing to be completed within strict timing deadlines. Traditional hard real-time scheduling algorithms require the use of the worst-case execution times to guarantee that deadlines will be met. Unfortunately, many algorithms with parameters derived from sensing the physical world suffer from large variations in execution time, which leads to pessimistic overall utilization. For example, object tracking in a computer vision system is highly dependent on the number and size of the objects within the cameras field of view. In this paper, we present the formal description of ZS-QRAM [8], a scheduling approach that allows system designers to flexibly assign execution times and application-derived utility to tasks in order to maximize total system utility even in the presence of highly variable processing estimates. In particular, we provide a detailed description of the algorithm, the formal proofs for its temporal protection and a detail evaluation. Our evaluation uses the Utility Degradation Resilience (UDR) metric presented in [8]. Our results show that ZS-QRAM is able to obtain four times as much UDR as ZSRM, a previous overbooking approach, and almost twice as much UDR as Rate-Monotonic with Period Transformation (RM/TP) even when the latter does not provide temporal protection.