# Multi-core Safety-Critical Memory Manager DAC YF Alexy Torres Aurora Dugo, Gabriela Nicolescu, Polytechnique Montreal

### Context

Avionic software -> real-time, deterministic and safety-critical

Hard partitioned CPU time / resources

Interferences appear in Multi-Core architectures

- Shared resources mechanisms
- Contention

Processors evict other cores' data from shared caches

Shared bus get contended: arbitration generates unpredictable delays



**Objectives** 

### Bound bus contention to ensure QoS

- Memory bandwidth limitation

# **Remove** shared cache interferences

- Application space coloring / partitioning

# **Ease** certification process

- Set of formalized constraints
- Run-time monitoring



Approach

Distributed monitoring mechanism Rely on Commercial Off-The-Shelf hardware Private mechanism - Each core managed independently

| Memory Coloring                                                   |                             |
|-------------------------------------------------------------------|-----------------------------|
|                                                                   | Global<br>Pool              |
| Physical address multiplexing                                     | Full Reclaimir<br>Partition |
| Physical address <b>multiplexing</b><br>- DRAM Bank bit selection |                             |
| - Cache Set bit selection                                         | Per ap<br>- SO              |
| Virtual / Physical translation used to choose where to place the  | - Allo                      |
| application's data                                                | 4 recla                     |
|                                                                   | • (0                        |

# **Run-Time Monitoring (Safety Net)**

Formal constraints - Used in formal system's verification Run-time monitoring – Recovery in case of unhandled interference

 $\forall t \in [0; Q], G(t) + \sum_{\forall A_i} A_i^B$ 







Throttling mechanism timeline

oplication throttling OTA: per CPU lows finer configuration

# aiming modes

$$\times R(A_i, t) \le B_{max}$$



CC + BC CC + BC + BB CC + BC + BB GRP

Execution time increase



Predictability analysis

# **Results**

**Increased** predictability by 68% on average

Increased execution time (+22.3%) on 2 cores

### Still advantageous

compared to single core (less than 100% slowdown)

## **Small overhead**

introduced by the isolation mechanism (less than 2%)

AMP architecture ensures scalability

# Conclusion

Our work ensures correct **isolation** of shared resources and removes state-of-the-art limitations

The presented methodology is applied in a commercial RTOS, extended to 4 cores

The low overhead makes our proposition applicable without hard constraints on the system.

