Professional Documents
Culture Documents
net/publication/334157231
CITATIONS READS
0 285
4 authors, including:
Julien Deantoni
University of Nice Sophia Antipolis
91 PUBLICATIONS 872 CITATIONS
SEE PROFILE
Some of the authors of this publication are also working on these related projects:
Functional mockup Interface extension with support for Discrete Event Languages View project
All content following this page was uploaded by Julien Deantoni on 23 July 2019.
Amin Oueslati, Julien Deantoni, Philippe Cuenot. Capella Based Interference Analysis. Licensed under .
In Journal of Object Technology, vol. 0, 2019, pages 0:1–11. Available at
2 · Amin Oueslati, Julien Deantoni, Philippe Cuenot
1 Introduction
The aerospace domain has a long tradition of dedicated hardware and software, tailored
to the condition in space and designed to be more resistant to SEU (Single Event
Upset). Such design reduced the capabilities of embedded hardware and forced in many
case to disable some of its capabilities (for instance processor caches were disabled
because they are very sensitive to SEU). Nowadays, a better management of fault
management techniques opens the door to off the shelves hardware for satellites. This
allows to define new computing architectures based on already existing hardware to
allow the integration of various avionic functionalities on a same hardware. These
new architectures are essential for new low costs satellites. However, beyond the
study of fault tolerance mechanisms (important but not the focus of this paper),
the computing power introduced by the use of COTS (Component Off The Shelf)
and the need to regroup various functionalities on a same hardware board makes
more difficult to master the deployment of the application on the architecture. For
instance, it becomes more difficult to understand miscellaneous emerging behaviors
like, for instance, the emergence of temporary high load on a bus due to unexpected
synchronizations between different tasks.
Model Based Engineering [?] have been introduced to help in the analysis of
systems at the early stages of the development process. MBE is more and more
used and is nowadays a common practice in many software related disciplines [?].
For instance, Capella [?] is a tooled open source language to support design of
systems architecture(http://polarsys.org/capella) introduced by Thalès1 and
used in many other company nowadays. Capella is of great to help in providing a
consistent view of the system architecture, which can be reviewed, shared, etc.
Despite interesting features, Capella is not yet fully equipped to help system
designers with the understanding of emerging behaviors. This is mainly due to the
generality of Capella, encompassing various disciplines, that forbids the definition
of a full operational semantics from which simulation and behavioral analysis can
be conducted. For instance, during the definition of new software and hardware
architectures for satellite-based systems, it remains difficult to understand the impact
of architectural choices at the first steps of the development process. This disable
an early exploration of different deployment solutions and parameterizations. In
other words, despite the use of Capella models (i.e., MBE), it is nowadays difficult
to tame the adequacy between the application and the architecture at early stage
of the development process. this is a fortiori the case when new computational
resources are amenable to the integration of new functionalities on a same hardware
platform. Note that in this case the problem is not a classical scheduling problem
(even if part of the problem) but rather a communication scheduling problem since the
interconnect between the different computational resources and the memory becomes a
potential bottleneck that must be used wisely. To do so, it is important to adjust (1) the
deployment of the different tasks of the system on the right computational resource and
(2) to schedule their communication so that it avoids interference on the interconnect,
i.e., it avoids communications initiated by different tasks to use an interconnect at
the same time, for instance by delaying the start of some communications at specific
point in times. Of course, such decisions should be compliant with more traditional
scheduling analysis, i.e., with respect to periods and deadlines.
What we report in this paper is the use of Capella models allowing the exploration
1 https://www.thalesgroup.com/fr
2 Background
(2 pages max)
2.1.2 KitAlpha
Kitalpha3 is an set of eclipse plugins, based on Capella, which allow to extend Capella
models with Domain Specific information. Also provided by PolarSys, it enables the
customization of the Capella syntax for a specific viewpoint. Developing a viewpoint
allows to describe specific concerns on top of Capella’s generic ones. For instance, this
mechanism was used to allow the specification of fault tolerant mechanism directly in
Capella4 .
amba-specifications/
ECMFA2019/figures/Zynq7000.png
The main challenge for the application architecture is to be able to master commu-
nication exchange with the DDR memory, OCM memory being not used as sensitive
to radiation and having inefficient protection mechanism. Depending of the commu-
nication scheduling of the application access to DDR can be subject to interference.
Interference occurs from concurrent request access from software task execution or
from hardware IP of the PL area to DDR. The access path to DDR using AXI bus
causes potential congestion on central interconnect or memory interconnect or DDR
controller. So it is important to assess early in the design the AXI bus throughputs and
latencies characteristics on the component port interface and to compare alternative
solution. Alternative solution may varies on software task parametrized scheduling, on
AXI bus port allocation for hardware IP, or on allocation of function into a software
task or an hardware IP component. The case study in section 5 will elaborates the
analysis performed in the context of the ATIPPIC project.
3 Running example
In the rest of this paper, we rely on the simplified example of Figure 2 to illustrate the
two approaches that we propose for interference analysis. Since it is not representative
of real world software and hardware architectures, a more concrete use case will be
introduced later. The example was made under the Capella tool, using the PAB
extended with a Kitalpha viewpoint. The hardware architecture is composed of four
Physical Components, two of them represent CPUs, the third one an interconnect and
the last one a memory. These Physical Components are connected through Physical
Links which considered as bus connections in our case of study. On top of this
hardware architecture, we allocate two Physical Components Behavior to represent
the software tasks, one on each CPU. The data dependency between the two tasks is
abstracted by the Component Exchange Link that directly connects the Output Flow
Port of Task1 to the Input Flow Port of the Task2. These output and input ports
are then allocated on Component executions Physical Ports and the data dependency
is explicitly translated into two transactions carried by two physical Paths. The first
Physical Path in red is composed of two physical Links and connects CPU1 to the
memory passing by the interconnect. It represents the transaction path for writing
Task1 data to memory. The second Physical Path in blue is also composed of two
physical Links and connects CPU2 to the memory passing by the interconnect. It
represents the transaction path for reading Task2 data from memory.
More generally, without considering all the Capella formalisms, Task1 and Task2
are both periodic, Task1 executes on CPU1 for a certain time interval then writes
data to Memory using cpu1_to_interconnect (red link) and interconnect_to_memory
(black link) buses. While Task2 allocated on CPU2, reads data from Memory through
interconnect_to_memory (black link) and CPU2_to_interconnect (blue link) buses
then executes for a certain time interval. The described scenario of execution is similar
to the producer-consumer problem replacing the shared variable by a shared resource
which is represented in this example by the interconnect_to_memory bus (black link).
ECMFA2019/figures/running_example_kitalpha.png
In the following, and for the sake of readability, we will avoid as much as possible using
Capella naming. We will only refer to diagram elements with the name of the concepts
they represent (e.g. bus instead of Physical Link, task or component execution instead
of Physical Component Behavior...).
4 Proposition
The proposed solutions to estimate the bus throughput and latency of the on-chip
component communication requires 1) to identify the component that involved in
the communication scheduling 2) to define component parameters that affects the
communication scheduling (performance and latency).
As the estimation is targeting to provide results in the early stage of the application
design, we don’t need to consider, in a first step, optimization features of the component
(e.g. internal buffers, pipeline... in the interconnect, in the computing resource
load/store interface, or in the memory controller). Moreover local memory transaction
such as data cache line access and control from processor is not considered, we
overestimate the high level communication scheduling by considering access through
bus interfaces.
Then, we need to identify in Capella the architecture layer and diagram where to
start our approach. Obviously we select the Physical Architecture with the Physical
Architecture Blank (PAB) diagram. The PAB diagram represents the allocation of
function into behavioral component mapped to hardware execution component. This
depicts the mapping of software component behavior to general purpose processor and
of hardware IP behavior to FPGA as execution support. It describes the hardware
and software architecture. However, the expressivity of the diagram is not rich enough
to describe all the domain specific properties we need to represent in our model.
First, we need to identify the elements as well as their properties that affect bus
performance and communication latencies. For the scope of our SoC, we assume that
transactions are initiated by tasks (software or hardware) allocated on computation
resources (general purpose processor or FPGA). And by DMA (Direct Memory Access),
for fast data flow transfer. We need to distinguish two kinds of DMA, dedicated
hardware DMA present in the PS, and hardware implemented DMA (FPGA IP)
present in the PL. As we focus on bus contention analysis, we only consider external
memory transactions that involve buses and interconnects. In the following we list all
the elements involved on bus communications:
Second we need to select for each of these components the set of properties and
parameters that are relevant for bus performance analysis. Conflicts on the interconnect
occurs when two or more data memory transactions address the same target at the
same time. Thus the time properties have a significant impact on generating latency.
We need to consider timing properties related to support and initiation of transaction,
but also transaction support and size information to scale transaction timing. We
propose the following properties organize by upper defined categories:
• Component execution (tasks): The scheduling of the task can be event driven is
data port event or periodic execution rate and offset. Execution time
characterizes the task and data size the associated transaction. The task
allocation identifies the initiator of the transaction.
The Figure 2) depicts the running example applied to document the analytic and
operational solution.
ECMFA2019/figures/kitalpha_properties.png
order to include the lacking information. This was done by using the Kitalpha tool to
generate a veiewpoint extension.
In this viewpoint, we define all the elements needed for our analysis as extensions
of existing PAB components. On the running example of Figure 3, we distinguish 3
different kinds of Physical Components, computation resources for CPU 1 and 2 (in
blue), a bus controller for interconnect (in orange) and a memory resources (in red).
Same for Physical Links for buses and Physical Components Behavior for component
execution. Figure 3 shows the tab view generated by Kitalpha for setting the properties
of components.
In addition to the properties, Kitalpha also provides the possibility to extend the
model by defining operations that describe the actions realized by each element. These
operations are needed in the operational solution.
Note that as AXI protocol support separated R/W channel a factor two need
to be applied on interconnect. Additionally the duration of the write response
channel will be ignored.
2. maxBlockedT imetask (µs) maximum time a task can be blocked by other tasks
using the same port.
The calculation have been performed with definition of parameter in Kitapha and
java code for computing the formula. For more information onf Kitalpha viewpoint
see next section 4.3.
The method applied on the running example of Figure 2) aims to evaluate through-
put and latency to access to the memory component. First we calculate a Bandwidth of
400 MBps on all component port interface. The ResponseTime computed from initiator
to target component gives for CPU2 port gives Task2.DataSize (5) / Bandwidth (400)
= 12.5 µs, and for CPU1 port Task1.DataSize (5) / Bandwidth (400) = 12.5 µs. On
the Interconnect master port it is (5+5) / 400 = 25 µs, and so the same value for
Memory Port. The Latency on Memory Port is Max(Task1.DataSize, Task2.DataSize)
(5) / Bandwidth (400) = 12.5 µs. It is the same value on the Interconnect Master Port
as there only one value computed for latency on this Port. So, the Latency for CPU1
and CPU2 port is identical 12.5 µs. Finally the throughput on the Memory Port is
computed by (Task1.DataSize + Task2.Data) (10) / (ResponseTime + Latency) (37,5)
= 266.6 MBps.
operation is executed and the dynamic information needed to monitor the evolution
of the system during execution. To illustrate this, let’s consider the case when a task
is waiting for a bus, the associated wait() operation is thus executed and it updates
the values of bus latency and bandwidth. In Gemoc Studio, dynamic information
also called Runtime Data (RTD) and execution functions form the Domain Specific
Actions (DSA) and are implemented in Kermeta (ref). A DSA implements the data
semantic of the system.
Once we defined the DSA, the second step is the implementation of the control
flow semantic. In order to do this, we first define the Domain Specific Events (DSE)
that trigger the execution functions. As we may have several instances of the . For
instance, in the context of task, we define a start, stop, execute, read, write and wait
DSE. As we may have several instances of task,
5 Case study
AO:
(4 pages max)
6 Related Works
(2 pages max)
7 Conclusion
(0.5 page max)