### **Precision Timed Infrastructure** Promoting Time to a First-Class Citizen in System Design

#### National Workshop on the New Clockwork for Time-Critical Systems

October 26, 2012



**David Broman** broman@eecs.berkeley.edu

UC Berkeley and Linköping University

Stephen A. Edwards sedwards@cs.columbia.edu **Columbia University** 

Edward A. Lee eal@eecs.berkeley.edu UC Berkeley

#### **PRET Infrastructure at Berkeley**

Jian Cai Hokeun Kim Yooseong Kim

David Broman Edward A. Lee Aviral Shrivastava Michael Zimmer

#### **PRET Machine Collaborators and Alumni**

Steven A. Edwards Isaac Liu Jeff Jensen Sungjun Kim

Slobadan Matic Hiren Patel

Jan Reineke Sanjit Seshia Jia Zou

2

## Agenda

broman@eecs.berkeley.edu



3







Part II Precision Timed Infrastructure Part III Summary of Challenges



### **Cyber/Physical Co-Design Problem**

broman@eecs.berkeley.edu

# Rapid development of CPS with high confidence of correctness is a <u>co-design problem</u>





7

### Part II Precision Timed Infrastructure



Part I Cyber-Physical Systems Part II Precision Timed Infrastructure

Part III Summary of Challenges

# A Story...

broman@eecs.berkeley.edu

8



Fly-by-wire technology controlled by <u>software.</u>

Safety critical → Rigorous validation and certification



They have to purchase and store microprocessors for at least 50 years production and maintenance...

Why?

Apparently, the <u>software</u> does not specify the behaviour that has been validated and certified!



Success?

Part III Summary of Challenges

### Timing is not part of the software semantics

<u>Correct execution</u> of programs (e.g., in C, C++, C#, Java, Scala, Haskell, OCaml) has nothing to do with how long time things takes to execute.



# What is Precision Timed (PRET) Infrastructure?

broman@eecs.berkeley.edu

10

A vision of making time first class citizen in both software and hardware.

### **PRET Infrastructure**

- PRET Language (Language with timing semantics)
- PRET Compiler (Timing aware compilation)
- **PRET Machine (Computer Architecture)**

Focus until now has been on PRET machines



#### Focus on cyber-physical systems with real-time constraints



| Language                 |                                       |                                        | mantioo                         | broman@e                                                           | ecs.berkeley.ec                        |
|--------------------------|---------------------------------------|----------------------------------------|---------------------------------|--------------------------------------------------------------------|----------------------------------------|
| Modeling<br>Languages    | Simulink/<br>Stateflow<br>(Mathworks) | Modelica<br>(Modelica<br>Associations) | Ptolemy II<br>(Eker et al., 200 | Giotto<br>(Henzinger, Horowitz,<br><sup>3)</sup> and Kirsch, 2003) | Modelyze<br>(Broman and<br>Siek, 2012) |
| Programming<br>Languages | Real-time concurrent o                |                                        |                                 | RET-C<br>Andalam et al., 2009)                                     |                                        |



### **Precision Timed Machine**

#### **Rethink the ISA**

Timing has to be a *correctness* property not only a *performance* (quality) property

#### **PRET Machine**

- · Repeatable and predictable execution time
- · Repeatable memory access time
- Timing instructions for handling missed deadline detection



# **Our Current PRET Architecture**

broman@eecs.berkeley.edu

14

## PTARM, a soft core on Xilinx Virtex 5 FPGA



broman@eecs.berkeley.edu

#### Subset of ARMv4 ISA extended with timing constructs broman@eecs.berkeley.edu



| PRET Infr                       | astructu                              | re                                     |                                                     |                                 |                                                           |
|---------------------------------|---------------------------------------|----------------------------------------|-----------------------------------------------------|---------------------------------|-----------------------------------------------------------|
| Modeling<br>Languages           | Simulink/<br>Stateflow<br>(Mathworks) | Modelica<br>(Modelica<br>Associations) | Ptolemy II<br>(Eker et al., 2003)                   | Giotto<br>(Henzinger, Horowitz, | eecs.berkeley.e<br>Modelyze<br>(Broman and<br>Siek, 2012) |
| Programming<br>Languages        |                                       |                                        |                                                     |                                 |                                                           |
|                                 |                                       | timed h                                | tic gap betweei<br>igh level mode<br>ges and PRET l | ling                            |                                                           |
| Assembly<br>Languages           |                                       | ſ                                      | PRET<br>ISA                                         |                                 |                                                           |
| <b>Part I</b><br>Cyber-Physical | Systems                               | Part II<br>Precision T                 | ïmed Infrastructure                                 | <b>Part III</b><br>Summary of ( | Challenges                                                |









# Sub-problems for timing analysis





### **Relating clock cycles and time**

broman@eecs.berkeley.edu

22

Simple translation to worst-case execution time: WCCC / clock\_frequency = WCET Example 1: 10'000 cycles / 100 MHz = 0.1 ms

Based on assumptions:

- The clock frequency is constant (e.g., not the case for frequency/voltage scaling)
- The CPU's clock (oscillator) is accurate (which is typically not the case).



## Part II Summary of Challenges



Part I Cyber-Physical Systems

Part II Precision Timed Infrastructure Part III Summary of Challenges



Part I Cyber-Physical Systems

Part II Precision Timed Infrastructure Part III
Summary of Challenges