Programming multi-core architectures using model-based design methodologies
The multi-core challenge in safety-critical environments
The era of parallel processing has pushed multi-core architectures into the mainstream, leading to a situation in which they are used in almost all application domains. The initial challenges with programming multi-core architectures, mostly related to synchronization and race conditions among parallel operating threads of execution, are still not fully solved.
Although the situation is alleviated by parallelizing compilers, parallel languages, special language constructs and the overall growing experience of software developers getting accustomed to the new paradigm of programming, in safety-critical domains, multi-core has yet to succeed. In environments such as the automotive or the aerospace field, verification and proof of error-free operation are essential, conflicting with the added complexity and new sources of error in multi-core programming.
In this context, model-based design may prove to provide the answers and close the gap that spans between current multi-core architecture programming and the requirements by the safety-critical domains.
Model-based design methodologies
Especially in aerospace, automotive and process industries, which increasingly utilize embedded electronics and software, the model-based design of control functions has received growing interest in the last couple of decades. The main reason for this tendency is the possibility to manage the development process from a higher-level point of view, thereby abstracting from the low-level design of systems while enabling the simulation of the system behaviour and the code generation of the modelled functions. This results in reduced development time and cost.
While model-based design is being increasingly adopted for early system specification, structural modelling and design space exploration, the final software implementation for critical embedded systems is often still developed manually.
End-to-end solutions that are aware of single safety aspects for an isolated embedded system have been developed in recent research projects like ARGO, which focuses on WCET-aware code generation. Model-based systems engineering approaches towards electric/electronic architectures have also been established in recent years. They divide the architecture into multiple abstraction layers and viewpoints to manage complexity throughout the development process, from analysis and design to series production. The main reasons for this can be seen as analogous to the model-based function design, but from an architecture and system point of view. The model-based development of each domain are typically separate running processes, where architectural decisions and information needs to be modelled manually in the model-based function design tool or vice versa. Although exchange formats exist for individual aspects of a system such as communication matrices, import/export processes tend to be error-prone eliciting inconsistencies between the architecture and complementary behavioural model, especially when considering distributed and concurrent collaboration on the models.
Existing approaches and research amend architectural models with simple finite state machine behavioural descriptions and deal with generating executable architecture specifications for simulation-based verification. However, this needs to be developed further into a holistic approach capturing all design and verification steps within an integrated development environment using a single-source meta-model. This includes, in particular, the architecture modelling of distributed networked embedded systems, its detailed integrated behavioural modelling, its synthesis into a cross-layer simulation model as well as the necessary verification steps and subsequent code generation.
XANDAR sets out to realize such a holistic approach in which the code generator provides the required X-by-construction (XbC) guarantees and preserve the relevant non-functional properties of the input model. XANDAR will introduce new innovations in this area by providing platform-agnostic code-generation support including the generation of monitoring runnables for critical services as well as non-deterministic accelerators for artificial intelligence (AI) and machine learning (ML) applications.
Addressing these challenges requires new concepts, automated decision algorithms, formal checks, and program optimizations not only for performance and energy efficiency but also for non-functional guarantees. The whole process is subject to a trade-off between real-time performance, energy efficiency, non-functional guarantees and flexibility at runtime. High-quality code generators and transformations that co-optimize all these aspects require new and specialized solutions.
