presentation slides

Comments

Transcription

presentation slides
IIES 2008
Preserving temporal behaviour of legacy real-time
software across static binary translation
001101000101
000101100111
101101111011
000100001011
010010010011
00011
semantical equivalence
and
temporal proximity
...
µC X
1
001101000110
100101100001
100001110111
000101100111
010010001111
00011
...
Thomas Heinz
Saarland University
Robert Bosch GmbH
Thomas Heinz (Saarland University, CR/AEA3) | 22/03/2008 | © Robert Bosch GmbH 2008. All rights reserved, also regarding any disposal,
exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
µC Y
IIES 2008
Outline
2

Motivation

Static binary translation

Levels of temporal accuracy

Dynamic temporal barrier

Static temporal barrier
Thomas Heinz (Saarland University, CR/AEA3) | 22/03/2008 | © Robert Bosch GmbH 2008. All rights reserved, also regarding any disposal,
exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
IIES 2008
Motivation
Life cycle problem
Automotive ECUs
Electronic ECU components
30

Current “solution”: stockpiling

Prognosis of ECU market demand at production time required (unreliable)

Redesign may be necessary
New approach: Automatic Software Retargeting
by Static Binary Translation
3
years
Thomas Heinz (Saarland University, CR/AEA3) | 22/03/2008 | © Robert Bosch GmbH 2008. All rights reserved, also regarding any disposal,
exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
IIES 2008
Static Binary Translation
Source
binary
decode binary
and instructions
Source
instructions
control flow
analysis
Interprocedural
control flow graph
semantic
mapping
Target
RTL
code
generation
Augmented
RTL
program
analyses
instruction
selection
Target
instructions
4
Source
RTL
Main challenge
assembler
Target
binary
Preservation of
temporal behaviour
Thomas Heinz (Saarland University, CR/AEA3) | 22/03/2008 | © Robert Bosch GmbH 2008. All rights reserved, also regarding any disposal,
exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
IIES 2008
Levels of temporal accuracy
 Cycle accuracy
Basic block (BB)
target
source
sim_dec
sim_addr
sim_mem
Instruction
sequence
of maximum
lengthsim_wb
with delay
one
fetch
eff. addressand
memory
write-back
entry pointdecode
(1st instruction)
oneaccess
exit point
(last
instruction).
sim_fetch
cycles
 Instruction accuracy
target
source
Accuracy
too
imprecise
E.g. used in
full-system
simulators
sim_ld
sim_ld
sim_add
sim_mul
sim_st
delay
 E.g. basic block may contain I/O instruction
 Software-based approach is not real-time capable
ld R1,[R2] ld R2,[R3]
add R1,R2
mul R1,7
st [R3],R1
whose execution
point in
time is crucial
for
 Accuracy not required
correct real-time behaviour


cycles
 Basic block accuracy
target
source

sim_BB1
BB1

Software-based
approachsim_BB4
only real-time
capable
delay
sim_BB3
sim_BB5
sim_BB2
if target is vastly superior to source machine
BB2
BB3
Accuracy not required
BB4
BB5
cycles
5
Thomas Heinz (Saarland University, CR/AEA3) | 22/03/2008 | © Robert Bosch GmbH 2008. All rights reserved, also regarding any disposal,
exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
IIES 2008
Levels of temporal accuracy
 Synchronization point accuracy
Observation: Some instruction sequences may be executed arbitrarily fast
without affecting the correctness of the temporal behaviour
E.g. arithmetic computations involving only local variables
Solution: Selectively mark critical program points for synchronous
execution
target
source
sim_ld
sim_add
ld R1,23
sim_add
sim_mul
add R1,R2
delay
add R1,R3
mul R1,7
sim_st
st [R4],R1
cycles
synchronization point
6
Thomas Heinz (Saarland University, CR/AEA3) | 22/03/2008 | © Robert Bosch GmbH 2008. All rights reserved, also regarding any disposal,
exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
IIES 2008
Dynamic temporal barrier
Maintain source execution time and compute delay dynamically
Only efficient for simple
s
s it requires
architectures as
v1
simulating all execution
time
v1
st = current time on
source machine
affecting entities (pipeline, cache)tt = current time on
v2
v3
v4
source
t
control
flow graph
7
sync v3
v2an extent
v3
up to
v4
target
sync t
t
control
flow graph
Thomas Heinz (Saarland University, CR/AEA3) | 22/03/2008 | © Robert Bosch GmbH 2008. All rights reserved, also regarding any disposal,
exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
target machine
wait st-tt
st += execution time of
v3 on source
machine
IIES 2008
Novel approach: static temporal barrier
Basic idea
Precompute a set of delay constants for each program point and
select the appropriate constant at runtime according to a certain
criterion.
switch (criterion) {
case 1: wait( d p ,1 )
...
case m: wait( d p , m )
}
Context of p
Temporal barrier for
program point p
8
Thomas Heinz (Saarland University, CR/AEA3) | 22/03/2008 | © Robert Bosch GmbH 2008. All rights reserved, also regarding any disposal,
exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
IIES 2008
Context Henrik Theiling. Control Flow Graphs For Real-Time Systems Analysis. PhD thesis, 2002.
Idea: Augment nodes with procedure invocation history
e1
p1
e3
main()
int f(int i)
{
f(...); // p3
}
int main()
{
f(5);
// p1
f(10); // p2
}
f()
e2
p2
e4
e5
p3 has 4 contexts
p3
(e3,1), (e3,T),
e6
(e4,1), (e4,T)
Call graph
p1,ε
main(),ε
Context
f(), (e3,1)
p3, (e3,1)
p3, (e3,T)
= sequence of call edges with saturated counter
p2,ε
f(), (e4,1)
p3, (e4,1)
Augmented call graph
9
f(), (e3,T)
Thomas Heinz (Saarland University, CR/AEA3) | 22/03/2008 | © Robert Bosch GmbH 2008. All rights reserved, also regarding any disposal,
exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
f(), (e4,T)
p3, (e4,T)
IIES 2008
Efficient implementation
Assign each context a unique integer and maintain current context
and a stack of preceding contexts
context_stack.push(current_context)
switch(current_context) {
case context_1:
switch next_instruction {
case addr_1: current_context ← contexti1,1
case addr_2: current_context ← contexti1, 2
default:
current_context ← contexti1,3
}
...
case context_m:
current_context ← contextim ,1
}
current_context ←
context_stack.pop()
Context maintenance at
return instruction
Context maintenance at call instruction
Stack implementation: Store (context, counter) to reduce memory
consumption
10
Thomas Heinz (Saarland University, CR/AEA3) | 22/03/2008 | © Robert Bosch GmbH 2008. All rights reserved, also regarding any disposal,
exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
IIES 2008
Computation of delay constants 1/3
Mixed integer quadratic bilevel program formulation
Assumption: target control flow graph is isomorphic to source control
flow graph
s
e1
G  (V , E ) interprocedural control flow graph with contexts
v1
e2
e3
v2
v3
e4
e6
e5
v4
e7
t
11
Vsync  V
synchronization points
Variables:
Execution count of u
xu   0 , u  V
Execution count of e
xe   0 , e  E
d v  R 0 , v  Vsync Delay at v
Constants: busrc/ dst , u V
BCET of u on source/target machine
wusrc/ dst , u V
besrc/ dst , e  E
wesrc/ dst , e  E
WCET of u on source/target machine
BCET of e on source/target machine
WCET of e on source/target machine
Thomas Heinz (Saarland University, CR/AEA3) | 22/03/2008 | © Robert Bosch GmbH 2008. All rights reserved, also regarding any disposal,
exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
IIES 2008
Computation of delay constants 2/3
Static representation of execution time per program point
~
~
~
Each assignment of xu , xe represents
paths.
the subgraph
of
Gv  (Vav ,set
Ev )ofisexecution
are restricted by points
linear constraints
(loop bounds,
infeasible paths,
All remaining
program
xu All
, xe synchronization
G that consists
~ of all nodes that
~
structural
constraints, ...) to safely and tightly approximate
the set of possible
in Vv .
points in Vv .
execution paths.
lie on a path from s to v.
Bvsrc / dst : best case execution times of all paths from s to v on source/target
Wvsrc / dst : worst case execution times of all paths from s to v on source/target
Bvsrc 
x b
src
u u
~
uVv
Bvdst 
 
x b
src
e e
~
eE v

xu budst  d u 
~
uVv Vsync
12


~
xu budst 
uVv \Vsync

xe bedst
~
eEv
Thomas Heinz (Saarland University, CR/AEA3) | 22/03/2008 | © Robert Bosch GmbH 2008. All rights reserved, also regarding any disposal,
exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
IIES 2008
Computation of delay constants 3/3
Minimizing the worst-case temporal displacement
Temporal displacement  v = maximum time that the execution of v on the target
machine is ahead or behind of its execution on the source machine
source
target
ahead
v

v  max ahead
, behind
v
v

ahead
 Wvsrc  Bvdst
v
behind
v
 Wvdst
source
target
 Bvsrc
Optimization problem



max
max



v 
{d v |vVsync}{ xu , xe |uV ,eE}vVsync


yields delay constants and temporal displacement
min
13
Thomas Heinz (Saarland University, CR/AEA3) | 22/03/2008 | © Robert Bosch GmbH 2008. All rights reserved, also regarding any disposal,
exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
behind
v
IIES 2008
Side effects of a static temporal barrier



Previous assumptions:
 Temporal barrier itself (not including delay) has execution time 0
 Execution of temporal barrier does not change execution times of
subsequent instructions
Useful to determine which synchronization point should be augmented
with a temporal barrier, i.e. if  v   holds for a small ε then it is beneficial
to omit the temporal barrier at v
Possible approach:



14
Perform static analysis with unkown delay
Delay = empty loop
Replace d u by (linear) function f (lu ) where lu is the delay iteration count at u
Thomas Heinz (Saarland University, CR/AEA3) | 22/03/2008 | © Robert Bosch GmbH 2008. All rights reserved, also regarding any disposal,
exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
IIES 2008
Conclusion



15
Novel approach for preserving temporal behaviour of real-time software
using precomputed static temporal barriers
Optimization problem yields safe upper bound of the maximum deviation
from the original temporal behaviour (temporal displacement)
Open issues:
 Efficient solution of the optimization problem
 Proof of concept that static binary translation yields real-time capable
code for a reasonable pair of source and target microcontroller
Thomas Heinz (Saarland University, CR/AEA3) | 22/03/2008 | © Robert Bosch GmbH 2008. All rights reserved, also regarding any disposal,
exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.

Similar documents