Software-intensive embedded systems, especially cyber-physical systems, benefit from the additional performance and the small power envelope offered by many-core processors. Nevertheless, the adoption of a massively parallel processor architecture in the embedded domain is still challenging. The integration of multiple and potentially parallel functions on a chip—instead of just a single function—makes best use of the resources offered. However, this multifunction approach leads to new technical and nontechnical challenges during the integration. This is especially the case for a distributed system architecture, which is subject to specific safety considerations. In this paper, it is argued that these challenges cannot be effectively addressed with traditional engineering approaches. Instead, the application of the “correctness by construction” principle is proposed to improve the integration process. 1. Introduction Multicore processors have put an end to the era of the “free lunch” [1] in terms of computer power being available for applications to use. The “end of endless scalability” [2] of single-core processor performance appears to have been reached. Still, the currently available Multicore processors with two, four, or eight execution units—“cores”—indicate just the beginning of a new era in which parallel computing stops being a niche for scientist and starts becoming mainstream. Multicore processors are just the beginning. With the amount of cores increasing further, Multicores become many-cores. The distinction between these two classes of parallel processors is not precisely defined. Multicore processors typically feature up to 32 powerful cores. Their memory architecture allows the usage of traditional shared memory programming model without suffering from significant performance penalties. Many-core processors on the other hand comprise more than 64 rather simple and less powerful cores. With a increasing number of cores, a scalable on-chip interconnect between cores on the chip becomes a necessity. Memory access, especially to off-chip memory, constitutes a bottleneck and becomes very expensive. Therefore, traditional shared memory architectures and corresponding programming models suffer from significant performance penalties—unless they are specifically optimized. Comparing their raw performance figures, the approach of having many, but less powerful cores, outperforms processor architectures with less, but more powerful cores [2, 3]. Of course in reality, this comparison is not as clear cut. It largely depends on the software, which has
References
[1]
H. Sutter, “The free lunch is over: a fundamental turn toward concurrency in software,” Dr. Dobb's Journal, vol. 30, no. 3, pp. 202–210, 2005.
[2]
A. A. Vajda, Programming Many-Core Chips, Springer, 2011.
[3]
M. D. Hill and M. R. Marty, “Amdahl's law in the multicore era,” Computer, vol. 41, no. 7, pp. 33–38, 2008.
[4]
E. A. Lee, Cyber-Physical Systems—Are Computing Foundations Adequate?, 2006.
[5]
E. A. Lee and S. A. Seshia, Introduction to Embedded Systems, A Cyber-Physical Systems Approach, Lee & Seshia, 2011, http://www.lulu.com/.
[6]
K. Asanovic, R. Bodik, B. C. Catanzaro, et al., The Landscape of Parallel Computing Research: A view from Berkeley, 2006.
[7]
S. Borkar, “Thousand core chips—a technology perspective,” in Proceedings of the 44th ACM/IEEE Design Automation Conference (DAC '07), pp. 746–749, June 2007.
[8]
G. M. Amdahl, “Validity of the single processor approach to achieving large scale computing capabilities,” in Proceedings of the Spring Joint Computer Conference, pp. 483–485, ACM, April 1967.
[9]
F. P. Brooks Jr., The Mythical Man-Month, Addison-Wesley Longman Publishing, Boston, Mass, USA, 1995.
[10]
R. Fuchsen, “How to address certification for multi-core based IMA platforms: current status and potential solutions,” in Proceedings of the 29th IEEE/AIAA Digital Avionics Systems Conference: Improving Our Environment through Green Avionics and ATM Solutions (DASC '10), pp. 5.E.31–5.E.311, October 2010.
[11]
C. B. Watkins and R. Walter, “Transitioning from federated avionics architectures to integrated modular avionics,” in Proceedings of the 26th IEEE/AIAA Digital Avionics Systems Conference—4-Dimensional Trajectory-Based Operaions: Impact on Future Avionics and Systems (DASC '07), pp. 2.A.1-1–2.A.1-10, October 2007.
[12]
RTCA, Integrated Modular Architecture—Development Guidance and Certification Considerations, 2005.
[13]
J. Rushby, “Partitioning for avionics architectures: requirements, mechanisms, and assurance,” NASA Contractor Report CR-1999-209347, NASA Langley Research Center, 1999, Also to be issued by the FAA.
[14]
RTCA, Software Considerations in Airborne Systems and Equipment Certification, 1994.
[15]
ARINC, ARINC Specification 653P1-2: Avionics Application Software Standard Interface Part 1—Required Services, 2005.
L. Bass, P. Clements, and R. Kazman, Software Architecture in Practice, Addison-Wesley Longman Publishing, Boston, Mass, USA, 1998.
[19]
R. Rose, “Survey of system virtualization techniques,” Tech. Rep., Oregon State University (OSU), 2004.
[20]
M. Rosenblum and T. Garfinkel, “Virtual machine monitors: current technology and future trends,” Computer, vol. 38, no. 5, pp. 39–47, 2005.
[21]
R. Hilbrich and M. Gerlach, “Virtualisierung bei Eingebetteten Multicore Systemen: Integration und Isolation sicherheitskritischer Funktionen,” in INFORMATIK 2011—Informatik Schafft Communities, H. U. Hei?, P. Pepper, H. Schlingloff, and J. Schneider, Eds., vol. 192 of Lecture Notes in Informatics, Springer, 2011.
[22]
E. A. Lee, “Computing needs time,” Communications of the ACM, vol. 52, no. 5, pp. 70–79, 2009.
[23]
A. Hall and R. Chapman, “Correctness by construction: developing a commercial secure system,” IEEE Software, vol. 19, no. 1, pp. 18–25, 2002.
[24]
R. Chapman, “Correctness by construction: a manifesto for high integrity software,” in Proceedings of the 10th Australian workshop on Safety critical systems and software (SCS '05), vol. 55, pp. 43–46, Australian Computer Society, Darlinghurst, Australia, 2006.
[25]
S. Resmerita, K. Butts, P. Derler, A. Naderlinger, and W. Pree, “Migration of legacy software towards correct-by-construction timing behavior,” Proceedings of the 16th Monterey Conference on Foundations of Computer Software: Modeling, Development, and Verification of Adaptive Systems (FOCS '10), Springer, Berlin, Germany, pp. 55–76, 2011.
[26]
R. Hilbrich and H. J. Goltz, “Model-based generation of static schedules for safety critical multi-core systems in the avionics domain,” in Proceedings of the 4th ACM International Workshop on Multicore Software Engineering (IWMSE '11), pp. 9–16, New York, NY, USA, May 2011.
[27]
M. Lombardi, M. Milano, and L. Benini, “Robust non-preemptive hard real-time scheduling for clustered multicore platforms,” in Proceedings of the Design, Automation and Test in Europe Conference and Exhibition (DATE '09), pp. 803–808, April 2009.
