

- ▶ Performance modeling & analysis of classical automotive systems
  - ► Motivation ... or the real complexity
  - Amalthea performance model
  - Current usage @ Bosch
  - ▶ Upcoming challenges
- Communication centric design in multi-core systems
  - ► Importance of cause-effect chains
  - Issues with concurrent execution in multi-core systems
  - ► Communication mechanisms as solution & impact on latencies
  - Experiments
- Timing-aware control design
  - Control and real-time systems engineering two worlds collide
  - Co-engineering approach
  - Example



- ▶ Performance modeling & analysis of classical automotive systems
  - ► Motivation ... or the real complexity
  - ► Amalthea performance model
  - ► Current usage @ Bosch
  - ▶ Upcoming challenges
- Communication centric design in multi-core systems
  - ► Importance of cause-effect chains
  - Issues with concurrent execution in multi-core systems
  - ► Communication mechanisms as solution & impact on latencies
  - Experiments
- Timing-aware control design
  - Control and real-time systems engineering two worlds collide
  - Co-engineering approach
  - Example



## Performance modeling & analysis of classical automotive systems Typical Classic Automotive Software Architecture Pattern





### Performance modeling & analysis of classical automotive systems Typical Distribution Pattern – Task-Level Parallelism





The Real Complexity...





Fine-grain, legacy SW sharing between OEM and Tier1 with multiple dependencies



#### Performance modeling & analysis of classical automotive systems Tasks to solve during migration to multi-core...

- ► Maintain single-core dependencies
- ► Ensure data consistency
- ▶ Balance core load
- ► Optimize memory placement of variables
- ▶ Bound latency of cause-effect chains

**>** ...

► Need a model capturing the system aspects required to solve those tasks





#### Performance modeling & analysis of classical automotive systems The Basic Idea





#### Performance modeling & analysis of classical automotive systems Suitable abstraction level needed





- ▶ Performance modeling & analysis of classical automotive systems
  - ► Motivation ... or the real complexity
  - ► Amalthea performance model
  - Current usage @ Bosch
  - ▶ Upcoming challenges
- Communication centric design in multi-core systems
  - ► Importance of cause-effect chains
  - Issues with concurrent execution in multi-core systems
  - ► Communication mechanisms as solution & impact on latencies
  - Experiments
- Timing-aware control design
  - Control and real-time systems engineering two worlds collide
  - Co-engineering approach
  - Example



#### AMALTHEA Model - Hardware

#### **▶** Hardware elements

- ► ECU
- Microcontroller
- ▶ Core
- Memory
- Network



► Latency Access Path





► Hardware Access Path







**HW Platform** 

#### AMALTHEA Model - Software

#### **▶** Software behavior

- ► Tasks, runnables, schedulers, ...
- Description on different levels of abstraction
- Runnables characterized by
  - Execution time (distribution)
  - Variable access (distribution)
- ► Detailed (probabilistic) call sequences possible



#### **▶** Operating System behavior





Costs  $T_1$  takes 10 $\mu$ s on Core0, 20 $\mu$ s on Core3



#### **AMALTHEA Model – Constraints**

#### ► Runnable Sequencing Constraints

#### **▶** Timing Constraints

- ▶ Order Constraint
- ► Synchronization Constraint
- ► Repetition Constraint
- Delay Constraint
- ► Age Constraint
- **▶** Reaction Constraint

#### **▶** Data Age Constraints

#### ► Arrival Curves



#### ► Mapping Constraints

- ▶ Pairing Constraints
- ► Separation Constraints

#### **▶** Property Constraints



Constraints
Period T<sub>1</sub> = 2ms
Deadline D<sub>1</sub> =
1.5ms

Period  $T_2 = 5ms$ Deadline  $D_2 = 5ms$ 

- ▶ Performance modeling & analysis of classical automotive systems
  - ► Motivation ... or the real complexity
  - Amalthea performance model
  - ► Current usage @ Bosch
  - ▶ Upcoming challenges
- Communication centric design in multi-core systems
  - ► Importance of cause-effect chains
  - Issues with concurrent execution in multi-core systems
  - ► Communication mechanisms as solution & impact on latencies
  - Experiments
- Timing-aware control design
  - Control and real-time systems engineering two worlds collide
  - Co-engineering approach
  - Example



# Performance modeling & analysis of classical automotive systems PLAT4MC - Multicore Tool Platform @ Bosch Series Production





# Performance modeling & analysis of classical automotive systems PLAT4MC - Automated AMALTHEA Model Generation





#### Performance modeling & analysis of classical automotive systems Status Quo of Performance Simulation



Current modelling approach suited for (homogeneous) many-core architectures



# Performance modeling & analysis of classical automotive systems PLAT4MC - Example Use Case: Memory Optimization

- ► Optimize placement of variables and code (in system and core local memories) in order to improve execution time load of cores (for a fixed task to core mapping)
- ► Considers allocation constraints (White List, Black List) as well as call/access statistics







# Performance modeling & analysis of classical automotive systems Basis for WATERS Industrial Challenges 2016/17

#### https://waters2017.inria.fr/challenge/



- ▶ Performance modeling & analysis of classical automotive systems
  - ► Motivation ... or the real complexity
  - Amalthea performance model
  - Current usage @ Bosch
  - **▶** Upcoming challenges
- ► Communication centric design in multi-core systems
  - ► Importance of cause-effect chains
  - Issues with concurrent execution in multi-core systems
  - ► Communication mechanisms as solution & impact on latencies
  - Experiments
- Timing-aware control design
  - Control and real-time systems engineering two worlds collide
  - Co-engineering approach
  - Example



## Performance modeling & analysis of classical automotive systems Trends in automotive E/E systems





**Large-scale integration of** heterogeneous applications on (Cross)-Domain & Vehicle Centralized E/E Architectures

#### **Computing Power Demand**

Serial computing in embedded systems is hitting the technological limits







**Heterogeneous HW platforms** to satisfy tremendous need for computing power



Extending the AMALTHEA Hardware Model



Goal: Enable our models & simulation for heterogeneous software and hardware



Basic Flow - Tackle the Gap Improve/Adapt Classic



## Performance modeling & analysis of classical automotive systems Predictability on High-Performance Platforms



- ► Shared memory is a big bottleneck in high-end µP based realtime platforms
  - ► Interference effects are more severe by orders of magnitude compared to µC platforms
- ► Support systems engineering with performance analysis for high-performance platforms
- ► Goal: predictable real-time behavior

NVIDIA Tegra X1 Platform



Avg. memory access latencies per word

Source: Roberto Cavicchioli, Nicola Capodieci, Marko Bertogna, Memory interference characterization between CPU cores and integrated GPUs in mixed-criticality platforms. ETFA 2017



- ▶ Performance modeling & analysis of classical automotive systems
  - ► Motivation ... or the real complexity
  - Amalthea performance model
  - Current usage @ Bosch
  - ▶ Upcoming challenges
- ► Communication centric design in multi-core systems
  - ► Importance of cause-effect chains
  - Issues with concurrent execution in multi-core systems
  - ► Communication mechanisms as solution & impact on latencies
  - Experiments
- Timing-aware control design
  - Control and real-time systems engineering two worlds collide
  - Co-engineering approach
  - Example



#### Communication Centric Design

## Introduction 1/2: Complexity of communication dependencies





## Communication Centric Design

#### Introduction 2/2: Importance of cause-effect chains

► Very simple SW structure of an engine control system



Benchmarking, System Design and Case-studies for Multi-core based Embedded Automotive Systems

Piotr Dziurzanski, Amit Kumar Singh, Leandro S. Indrusiak, Björn Saballus



- ▶ Performance modeling & analysis of classical automotive systems
  - ► Motivation ... or the real complexity
  - ► Amalthea performance model
  - Current usage @ Bosch
  - ▶ Upcoming challenges
- ► Communication centric design in multi-core systems
  - ► Importance of cause-effect chains
  - ► Issues with concurrent execution in multi-core systems
  - ► Communication mechanisms as solution & impact on latencies
  - Experiments
- Timing-aware control design
  - ► Control and real-time systems engineering two worlds collide
  - Co-engineering approach
  - Example



# Communication Centric Design Data inconsistency problem



➤ Single core: Legacy code contains implicit assumptions about priorities and thus execution sequences



- ► Multi-core: These assumptions often break the functionalities and require lots of debugging of race conditions
- → Need for data consistency



## Communication Centric Design Distribution and load dependent end-to-end latencies



- ► End-to-end behaviour along cause effect chains is non deterministic
- Heavily depends on distribution & scheduling
- ▶ 188 possible chains
- ► Prohibitive for "large scale engineering" where we need to handle thousands of variants
- ▶ It's not about optimization!
- ➤ **Determinism needed**: distribution and load independent timing behaviour



- ▶ Performance modeling & analysis of classical automotive systems
  - ► Motivation ... or the real complexity
  - Amalthea performance model
  - Current usage @ Bosch
  - ▶ Upcoming challenges
- ► Communication centric design in multi-core systems
  - ► Importance of cause-effect chains
  - Issues with concurrent execution in multi-core systems
  - ► Communication mechanisms as solution & impact on latencies
  - Experiments
- Timing-aware control design
  - ► Control and real-time systems engineering two worlds collide
  - Co-engineering approach
  - Example



## Communication Centric Design Implicit communication to achieve data consistency





- ► Automotive embedded systems are organized in tasks containing functions that communicate over shared memory (using labels)
- ► Explicit communication
  - No regulations in place, each function directly reads and writes labels
  - Possible races are handled using locks by the developers
- ► Implicit communication
  - ► Local copies are created for each read label at the beginning of the task
  - ► All computations work on the local copies
  - ► The local copies are written back to the shared memory at the end of the task
  - Result: data consistency on task level: all functions operate on the same data set

### Communication Centric Design Logical Execution time (LET) communication



- Mechanism to ensure determinism and data consistency
- ▶ Data is communicated at the beginning and end of the period (activation interval)
- ▶ Deterministic availability of data irrespective of where the task executes
- ▶ Decouples communication and execution
  - Also independent of where data is mapped
- ▶ Incurs longer latency
- ► Simplified event chain timing analysis for complex event chains with multi-rate tasks



### Communication Centric Design Cause-effect chain revisited using LET





## Communication Centric Design Analysis of end-to-end latencies

- ► For real-world systems **implicit & LET communication** need to be taken into account
- ► End-to-end latency analyses & simulation approaches are available for direct communication
  - ► MAST, SymTA/S, pyCPA, Prelude, Timing Architects, Real-time Calculus, ... (name it)
- ► However, these tools generally ignore communication semantics or focus on schedulability analysis considering task deadlines only
- ▶ Idea: transform the performance model to take into account the different communication semantics



### Communication Centric Design Transformation for implicit communication

- ► Goal: data consistency on task level
  - ▶ Different tasks might work on different values at the same time instant
- ▶ Trivial transformation: For each Task T
  - ► Adding one copy-in runnable Cp<sub>in</sub>: Create a local copy for all data that is read or modified
  - ► Adding one copy-out runnable Cp<sub>out</sub>: Write back local copies
  - ► Add these copy runnables Cp<sub>in</sub> and Cp<sub>out</sub> to the cause-effect chain





### Communication Centric Design Transformation for LET communication (naïve implementation)



- Many different possibilities to implement LET communication
- Need to perform copy operation between each pair of communicating tasks
- ▶ Here: copy operations done by high priority copy interrupts
  - ▶ Leads to jitter



# Real-time Systems Engineering @ Bosch Outline

- ▶ Performance modeling & analysis of classical automotive systems
  - ► Motivation ... or the real complexity
  - Amalthea performance model
  - Current usage @ Bosch
  - ▶ Upcoming challenges
- ► Communication centric design in multi-core systems
  - Importance of cause-effect chains
  - Issues with concurrent execution in multi-core systems
  - ► Communication mechanisms as solution & impact on latencies
  - Experiments
- Timing-aware control design
  - Control and real-time systems engineering two worlds collide
  - Co-engineering approach
  - Example



# Communication Centric Design HW Model



#### ► Simplified AURIX Architecture



#### ► Memory Access Time





# Communication Centric Design SW Model

- ► Key data of the model
  - ► 1250 Runnables mapped to
  - ▶ 21 Tasks & Interrupts accessing
  - ► 10.000 Labels (shared data)
  - ▶ Event chains

- ► Huge amount of data dependencies
  - ► challenge exact analysis methods



|   | I   | II    | III    | IV      | V        | VI    |  |
|---|-----|-------|--------|---------|----------|-------|--|
| 1 | <10 | 10-50 | 51-100 | 100-500 | 501-1000 | >1000 |  |

| TABLE II | INTER_TAG | K COMMUNICATIO | N |
|----------|-----------|----------------|---|

| Period         | 1 ms | 2 ms | 5 ms | 10<br>ms | 20<br>ms | 50<br>ms | 100<br>ms | 200<br>ms | 1000<br>ms | sync |
|----------------|------|------|------|----------|----------|----------|-----------|-----------|------------|------|
| 1 ms           |      |      |      | I        | I        |          | I         |           |            | I    |
| 2 ms           |      |      |      | I        | I        |          | I         |           |            |      |
| 5 ms           |      | I    | IV   | IV       | II       | II       | I         |           |            |      |
| 10 ms          | II   | II   | II   | VI       | IV       | II       | IV        | II        | III        | IV   |
| 20 ms          | I    | I    | I    | IV       | VI       | II       | IV        | I         | II         | IV   |
| 50 ms          |      |      | II   | II       | II       | Ш        | I         |           |            |      |
| 100 ms         |      | I    | I    | V        | IV       | II       | VI        | II        | III        | IV   |
| 200 ms         |      |      |      | I        | I        |          | I         | I         | I          |      |
| 1000 ms        |      |      |      | III      | II       |          | III       | I         | IV         | I    |
| Angle-<br>sync | I    | I    | I    | IV       | IV       | I        | III       | I         | I          | V    |



## Communication Centric Design Experiment setup





- ► Analysis of 2 cause-effect chains
- ► Calculation of end-to-end latency distribution
  - ▶ Direct communication
  - Implicit communication
  - LET communication
- ► Comparison of overhead for copy operations
- ▶ Use of scheduling simulation engine of SymTA/S
  - ► Worst-case end-to-end latency of limited interest



# Communication Centric Design End-to-end latency EC1

▶ Reaction semantic:  $10ms \rightarrow 10ms \rightarrow 10ms$ 





~ same Latency

# Communication Centric Design End-to-end latency EC2

► Reaction semantic: 100ms → 10ms → 2ms









Direct communication



Implicit communication



LET communication



### Communication Centric Design

### Data access costs for the different communication semantics



► Observation 1: implicit communication reduces data access costs

▶ Observation 2: LET communication further reduces data access costs since less copy operations are performed

▶ Room for optimizing the data placement to reduce data access costs



# Communication Centric Design

### Conclusion

- ► Large scale engineering requires mechanisms that simplify timing analysis
  - ► Simplicity, maintainability, composability key principles of robust design
- ► Benefits offered by Implicit and LET communication in terms of determinism and data consistency outweigh the increase in latency
- ► Communication semantics need to be accounted for in the timing analysis
  - ► Impact each stage: Task Formation, Task Mapping, End-to-end Latencies
- ► Existing academic approaches handling co-scheduling of computation/communication should be extended towards meeting the goals of determinism and data consistency



# Real-time Systems Engineering @ Bosch Outline

- ▶ Performance modeling & analysis of classical automotive systems
  - ► Motivation ... or the real complexity
  - Amalthea performance model
  - Current usage @ Bosch
  - ▶ Upcoming challenges
- Communication centric design in multi-core systems
  - ► Importance of cause-effect chains
  - Issues with concurrent execution in multi-core systems
  - ► Communication mechanisms as solution & impact on latencies
  - Experiments
- ► Timing-aware control design
  - ► Control and real-time systems engineering two worlds collide
  - Co-engineering approach
  - ▶ Example



# Timing-aware Control Design Two Disciplines – Two Worlds





### System as seen by the software engineer





$$R_i = C_i + \sum_{j \in hp(i)} C_j \qquad \left\lceil \frac{R_i}{T_j} \right\rceil \qquad \le D_i = T_i$$



$$\sum_{i=1}^{n} \frac{C_i}{T_i} \le n \cdot \left(\sqrt[n]{2} - 1\right)$$

$$\ln 2 \approx 69.3\%$$



"Real-time performance"



## Timing-aware Control Design System as seen by the control engineer







### Consequences



Engineer

- ▶ "That guy has unclear, not implementable requirements
  - -> I'll optimize resources"
- Guaranteed period, task-wide data consistency, last-is-best (LIB) communication
- ▶ Load-dependent behavior & jitter



Engineer

- **)**
- ► "My algorithm performs always better in simulation than in the prototype vehicle → I'll test my algorithm only in the vehicle and make it more robust"
- ► Long design iterations, late rework, ... (adds burden to heavy calibration tasks)
- ▶ Wasted HW resources



# Real-time Systems Engineering @ Bosch Outline

- ▶ Performance modeling & analysis of classical automotive systems
  - ► Motivation ... or the real complexity
  - Amalthea performance model
  - Current usage @ Bosch
  - ▶ Upcoming challenges
- ► Communication centric design in multi-core systems
  - ► Importance of cause-effect chains
  - Issues with concurrent execution in multi-core systems
  - ► Communication mechanisms as solution & impact on latencies
  - Experiments
- ► Timing-aware control design
  - ► Control and real-time systems engineering two worlds collide
  - Co-engineering approach
  - Example



Solution: Early Simulation Feedback





Solution Details: Simulink Toolbox



Generic instrumentation of model with timing blocks





Blocks are configured with timing profiles (i.e. lists of time stamps)



# Solution Details: Timing Profile Generation





# Real-time Systems Engineering @ Bosch Outline

- ▶ Performance modeling & analysis of classical automotive systems
  - ► Motivation ... or the real complexity
  - Amalthea performance model
  - Current usage @ Bosch
  - ▶ Upcoming challenges
- Communication centric design in multi-core systems
  - ► Importance of cause-effect chains
  - Issues with concurrent execution in multi-core systems
  - ► Communication mechanisms as solution & impact on latencies
  - Experiments

#### ► Timing-aware control design

- Control and real-time systems engineering two worlds collide
- Co-engineering approach
- Example



## Timing-aware Control Design Proof of Concept: Car Road Damping (Active Suspension)

- ▶ Is tool and concept applicable for complex systems?
- ► Case study: Damp car body acceleration with body control
- ► Complex system: 12 runnables, 7 accelerometers, 4 force actuators
- ► Exercise basic workflow with tool
- ► Tested different platform timing configurations
- ► Published SAE 2015 World Congress



Road unevenness in m

#### Source of Model:

S. Ikenaga, F. L. Lewis, J. Campos and L. Davis (2000). Active Suspension Control of Ground Vehicle based on a Full-Vehicle Model. In Proceedings of the American Control Conference (ACC). Chicago, USA.



### Simulink model structure





**Different Solutions Alternatives** 

Road unevenness in m



#### Results for one set of control parameters (Shown: z-Acceleration in m/s<sup>2</sup>):







**Timing Single Core** 

Timing Distributed ECUs



- Approach is able to handle complex systems
- Results are plausible and show expected differences in response



# Timing-aware Control Design Co-Engineering can start ...



▶ I can see the effects of real-world timing on my control performance already in functional simulation

Engineer

► But now I want to redistribute tasks to balance load in multi-core...



# THANK YOU

...AND HARALD MACKAMUL, JÖRG TESSMER, FALK WURST, TOBIAS BEICHTER, SYED AOUN RAZA, DIRK ZIEGENBEIN, JENS GLADIGAU, DAKSHINA DASARI, MICHAEL PRESSLER

