Matthieu Lemerre

Method and Tools for Mixed-Criticality Real-Time Applications within PharOS

This paper provides an overview of some principles and mechanisms to securely operate mixed-criticality real-time systems on embedded platforms. Those principles are illustrated with PharOS a complete set of tools to design, implement and execute real-time systems on automotive embedded platforms. The keystone of this approach is a dynamic time-triggered methodology that supports full temporal isolation without wasting CPU time. In addition, memory isolation is handled through automatic off-line generation of fine-grained memory protection tables used at runtime. These isolation mechanisms are building blocks for the support of mixed-criticality applications. Several extensions have been brought to this model to expand the support for mixed-criticality within the system. These extensions feature fault recovery, support for the cohabitation of event-triggered with time-triggered tasks and paravirtualization of other operating systems. The contribution of this paper is to provide a high-level description of these extensions, along with an analysis of their impact on the global system safety, in particular on the determinism property of the PharOS model.

Equivalence between Schedule Representations: Theory and Applications

Multiprocessor scheduling problems are hard because of the numerous constraints on valid schedules to take into account. This paper presents new schedule representations in order to overcome these difficulties, by allowing processors to be fractionally allocated. We prove that these representations are equivalent to the standard representations when preemptive scheduling is allowed. This allows the creation of scheduling algorithms and the study of feasibility in the simpler representations. We apply this method throughout the paper. Then, we use it to provide new simple solutions to the previously solved implicit-deadline periodic scheduling problem. We also tackle the more general problem of scheduling arbitrary time-triggered tasks, and thus in particular solve the open multiprocessor general periodic tasks scheduling problem. Contrary to previous solutions like the PFair class of algorithms, the proposed solution also works when processors have different speeds. We complete the method by providing an online schedule transformation algorithm, that allows the efficient handling of both time-triggered and event-triggered tasks, as well as the creation of online rate-based scheduling algorithms on multiprocessors.

A communication mechanism for resource isolation

Sharing resources between multiple untrusted clients requires a shared service that provides access to the resources upon client requests. But executing these requests needs other resources, like memory or CPU time, which must be carefully allocated. In this paper, we investigate a communication mechanism that allows access to shared services without changing existing allocation decisions. This is achieved by systematically using the new resource lending principle, that allows a service to use the resources of its clients to perform the request. We present an easily understandable design model for this communication mechanism named the thread lending model, that completely avoids any allocation by the service, and demonstrate its implementation in our prototype OS Anaxagoros. We finally investigate the consequences of using this model on the structure and implementation of the shared services.

The OASIS Kernel: A Framework for High Dependability Real-Time Systems

This paper presents the design and some aspects of implementation of a highly dependable, safety-oriented kernel for real-time applications. It is specifically designed as an execution facility for a deterministic semi-formal model -- the OASIS model -- which allows to express and verify temporal behaviors and communications of a safety critical real-time application. This paper shows specifically how, from a formalism, and a Domain Specific Language, we achieved to build a generic execution layer that conforms to the highest levels of safety, how the safety is implemented thank to the interaction between the kernel and the compilation tools, and how performance was optimized within these constraints.

An Introduction to Time-Constrained Automata

We present timing-constrained automata (TCA), a model for real-time computation in which agents behaviors are modeled by automata constrained by time intervals. In this model time does not change automata behavior: on the contrary, it is automata execution that changes the timing constraints. This allows the model to well lend itself to analysis as well as concrete execution. TCA actions model can have multiple start time and deadlines, can be aperiodic, and can change dynamically following a graph, the time-constrained automaton. This allows expressing much more precise timing constraints than classical periodic or sporadic model, while preserving the ease of scheduling and analysis. We provide some properties of this model as well as their scheduling semantics. We show that timing-constrained tasks can be automatically derived from source-code, and optimally scheduled on single processors using a variant of EDF. We explain how timing constraints can be used to guarantee communication determinism by construction, and used to study when possible agent interactions happens.