# Interference Measurement and Mitigation Means on Multi-Core **COTS** processors

**Contacts** : sylvain.girbal@thalesgroup.com jimmy.lerhun@thalesgroup.com HALE5 **RESEARCH & TECHNOLOGY** 

**CRITICAL EMBEDDED SYSTEM LABS** 



**Avionics: Context & Challenges** 

Requirements

- **C** Exponential increase of performance requirements
- **Compliance with industry standards**
- ⇒ Spatial isolation & Timing isolation

The problem: inter-core interferences

▷ Multi-core COTS

➡ Timing interference while concurrently accessing the same shared hardware resource





I/O

How to evaluate solutions ensuring a time-deterministic usage of multicore architectures ?

## **Deterministic Platform Software Solutions**

**Regulation DPS: react before interferences become harmful** 

### MemGuard



Partitioning

**Distributed Runtime WCET Controller** 



## **Application Performance Profiling Solution**

## METrICS: Measure Environment for Time-Critical Systems

### **Avionics software specifics**

Safety standards require applications to be partitioned, typically in time domain ⇒ APEX is the API specified by Arinc 653 norm for application partitioning ▷ Multicore architecture breaks strict time isolation paradigm



### Solution

⇒ Use of cycle-accurate core timer and hardware performance counters, for minimal timing overhead.



## **Control DPS: Avoid interferences by restricting usage**



- A kernel driver has been developed for configuration of HW counters, and a data collection infrastructure has been set up.
- ♀ Automatic instrumentation of all APEX system calls
- Statistical analysis of execution time distribution: full histogram is kept

## Preliminary Results on a control-command application

Separation communications, and floating-point calculations.

#### Inter-partition parallelism





Several resource partitions ▷ Mapping-agnostic communication mechanisms Processor-space isolation of partitions Solution Memory hierarchy is the main shared resource

Results

⇒ Large variability of execution time

- ▷ Impact of inter-partition communications on WCET
- ⇒ Source of variability to be determined by analysis of hardware performance counters



- ⇒ During a timeslot, only one of the running tasks can access shared hardware resources
- ➡ Cache locking & MMU programming Support
- ▷ No modification to
- legacy software
- ♀ Limited efficiency



ntegration in an

industry process port applications

Easiness to

| FADEC    | IMA        | DS        | IFE       |  |
|----------|------------|-----------|-----------|--|
|          | Good       | Average   | Bad       |  |
| Memguard | IFE        | DS        | FADEC,IMA |  |
| D.R.W.C  | DS, IFE    | -         | FADEC,IMA |  |
| D.E.M    | FADEC, IMA | DS        | IFE       |  |
| D.A.S    | FADEC, IFE | IMA       | DS        |  |
| Marthy   | IMA        | FADEC, DS | IDE       |  |

Certifiability

software

the cor

- Survey of Deterministic Platform **Software**
- ⇒ All proposed solutions are reaching a different compromise on identified key properties
- ⇒ With different level of maturity
- ♀ Qualitative approach is not sufficient



#### 12000 14000 16000 18000 8000 10000 duration (ns)

- Separate Separation with parallel APEX processes within a partition
- ⇔ Compliant with newest Arinc-653 P1-4 standard, with processor affinity
- ⇒ Isolation not required within a partition, but same application
- ▷ Mapping-dependant communication mechanisms

#### Results

▷ Varying amount of interference among cores Lower variability than inter-partition parallelism

## Conclusions

- □ Capability to monitor avionics application behaviour with low timing overhead
- ➡ Comparison of multicore deployment options
- ⇒ Timing characterization only allows to quantify interference
- ⇒ Hardware monitoring is necessary to identify interference sources