Achieving Confidence in Multicore Processors to Enhance DoD Capabilities

2021 Year in Review

Achieving Confidence in Multicore Processors to Enhance DoD Capabilities

Complex, cyber-physical Department of Defense (DoD) systems, such as aircraft, depend on software that does the right thing at the right time to properly and reliably execute crucial sensing, computing, and actuation functions. Timing failure can have disastrous consequences—a delay in translating sensor data into actuation, for instance, can cause system instability and loss of control.

The ever-growing complexity of DoD systems amplifies the need for precise software timing, which demands more processing power. Multicore processors, ubiquitous today, could supply it. But the DoD has been reluctant to take advantage of them because of timing concerns.

“Multicore processors share resources in the memory system,” said SEI researcher Bjorn Andersson, “which makes it difficult to get correct timing of the software. Many practitioners disable all processor cores except one. This simplifies software timing verification but reduces the overall system capability.” Disabled processor cores also represent unused computing capacity.

Software systems used in warfighting are embedded computer systems with software that interacts with the physical world. You have to satisfy real-time requirements.

Bjorn Andersson
Principal Researcher, SEI Software Solutions Division

Andersson has been leading an effort to overcome obstacles to precise multicore processor timing. The research team brings decades of experience in this area, which the SEI first began investigating in the 1980s with research on rate-monotonic analysis for single-core systems. The team collaborates with Carnegie Mellon University’s John Lehoczky and the University of California Riverside’s Hyoseung Kim.

“Software systems used in warfighting are embedded computer systems with software that interacts with the physical world,” said Andersson. “You have to satisfy real-time requirements.” Such critical software timing is determined by many shared resources in the memory system, including cache, memory banks, and memory bus, with complex arbitration mechanisms, some of which are undocumented.

The research team has been working on ways to enable software practitioners to use all processor cores while being confident about timing by providing real-time guarantees to software executing on undocumented multicore processors.

The SEI’s approach involves reframing the problem. “Other academic works have modeled the resources in the memory system and developed analytic methods that compute an upper bound on the delay that software can experience,” noted Andersson. “We take another view. Instead of modeling the hardware resource, we model the effect of hardware resources on the timing of software: how much software thread A slows down software thread B when A and B execute in parallel.” This approach enables the team to analyze the timing of software executing on undocumented multicore processors.

The work has achieved some important objectives:

verification—a method for timing verification that does not depend directly on undocumented design qualities and quantities
parameter extraction—a method for obtaining values for parameters in the model of a software system suited for timing verification
configuration—a configuration procedure, such as assigning threads to processor cores or assigning priorities to threads, that takes a model as input and produces a configuration for which the verification will succeed, if such a configuration exists

SEI expertise on multicore processor timing has influenced the air vehicle certification and qualification guidance of the U.S. Air Force and U.S. Army Aviation and Missile Center (AvMC). Andersson and his colleagues have taught multicore timing techniques within AvMC and demonstrated multicore timing tools. The project’s ultimate objective is to provide the DoD with a general-purpose technology that unlocks the capabilities of multicore processors in almost all warfighting systems.