Skip to main content
SpringerLink
Log in

Formal modeling and verification for amplification timing anomalies in the superscalar TriCore architecture

  • General
  • Special Issue: FMICS 2019/2020
  • Published:
International Journal on Software Tools for Technology Transfer Aims and scope Submit manuscript

Abstract

Static worst-case timing analyses compute safe timing bounds of applications running in real-time systems. These bounds are necessary to evaluate the strict timing constraints of real-time systems. Moreover, the inherent complexity of such systems demands that their timing analyses are able to cope with the large resulting state space. In this direction, a potential solution is to perform compositional timing analysis, where the system-level timing is obtained from component-level timings. Undesired timing phenomena, called timing anomalies, threaten the soundness of (compositional) timing analyses. In this work, we investigate how the industrial superscalar TriCore architecture is amenable for compositional timing analyses via a formal evaluation of amplification timing anomalies. Firstly, we adapt and extend a specialized abstraction, called canonical pipeline model, to capture the amplification effects in a formal model of the TriCore architecture. Then, we use model checking to efficiently detect amplification timing anomalies and report the associated complexity results. Finally, we aim for better precision as we design and implement counterexample-based methods so as to uncover patterns leading to such anomalies.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9

Similar content being viewed by others

Notes

  1. https://github.com/t-crest/patmos-sail/tree/master/uclid/tricore

  2. In this paper, we note an interpretation for which a formula is true an SMT model to distinguish it from our pipeline models.

  3. It cannot interfere with the up.I instruction since both instructions may only access the PMI in the IF stage.

  4. This will be refined in Sect. 5.3.3 by taking into account the case of dependent loads (Formula (26)).

  5. For instance, the memdep attribute globally characterizes two instructions.

  6. This delay \(delay\_dw\) is here actually a tuple (one delay per I or LS downstream instruction) and a positive delay value is a tuple different from the \(null\_delay=(0,0)\).

  7. https://docs.python.org/3/glossary.html#term-generator

  8. With the only-upstream progression logic however (see Sect. 7.1.1).

  9. Just before the EX stage where the SRI bus access will occur through the DMI (Sect. 5.2).

  10. Note that the converse is not true, as mentioned above.

  11. Namely, the same scenario if we omit the pipeline stages that are not responsible for the delay scenario.

References

  1. Abate, A., David, C., Kesseli, P., Kroening, D., Polgreen, E.: Counterexample guided inductive synthesis modulo theories. In: Chockler, H., Weissenbacher, G. (eds.) Computer Aided Verification, pp. 270–288. Springer International Publishing, Cham (2018)

    Chapter  Google Scholar 

  2. Asavoae, M., Ben Hedia, B., Jan, M.: Formal executable models for automatic detection of timing anomalies. In: 18th International Workshop on Worst-Case Execution Time Analysis (WCET), Barcelona, Spain, pp. 2:1–2:13, (2018)

  3. Ballabriga, C., Cassé, H., Rochange, C., Sainrat, P.: OTAWA: an open toolbox for adaptive WCET analysis. In: SEUS 2010. pp. 35–46 (2010)

  4. Barrett, C., Tinelli, C.: Satisfiability modulo theories, pp. 305–343. Springer International Publishing, Cham (2018). 10.1007/978-3-319-10575-8_11,

  5. Binder, B., Asavoae, M., Brandner, F., Ben Hedia, B., Jan, M.: Scalable detection of amplification timing anomalies for the superscalar tricore architecture. In: ter Beek, M.H., Ničković, D. (eds.) Formal Methods for Industrial Critical Systems, pp. 151–169. Springer International Publishing, Cham (2020)

    Chapter  Google Scholar 

  6. Bjørner, N., de Moura, L., Nachmanson, L., Wintersteiger, C.: Programming z3. http://theory.stanford.edu/~nikolaj/programmingz3.html

  7. Brady, B.A., Holcomb, D., Seshia, S.A.: Counterexample-guided smt-driven optimal buffer sizing. In: 2011 Design, Automation Test in Europe. pp. 1–6 (2011). 10.1109/DATE.2011.5763058

  8. de Dinechin, B.D., van Amstel, D., Poulhiès, M., Lager, G.: Time-critical computing on a single-chip massively parallel processor. In: Proceedings of the Conference on Design, Automation & Test in Europe (DATE’14). pp. 97:1–97:6 (2014)

  9. Eisinger, J., Polian, I., Becker, B., Metzner, A., Thesing, S., Wilhelm, R.: Automatic identification of timing anomalies for cycle-accurate worst-case execution time analysis. In: Proceedings of the Workshop on Design & Diagnostics of Electronic Circuits & Systems (DDECS). Prague, Czech Republic, pp. 15–20. (2006)

  10. Hahn, S., Reineke, J.: Design and analysis of sic: A provably timing-predictable pipelined processor core. In: 2018 IEEE Real-Time Systems Symposium (RTSS). pp. 469–481 (2018)

  11. Hahn, S., Jacobs, M., Reineke, J.: Enabling compositionality for multicore timing analysis. In: Plantec, A., Singhoff, F., Faucou, S., Pinho, L.M. (eds.) Proceedings of the 24th International Conference on Real-Time Networks and Systems, RTNS 2016, Brest, France, October 19-21, 2016. pp. 299–308. ACM (2016)

  12. Hahn, S., Reineke, J., Wilhelm, R.: Towards compositionality in execution time analysis: Definition and challenges. SIGBED Rev. 12(1), 28–36 (2015)

    Article  Google Scholar 

  13. Hennessy, J.L., Patterson, D.A.: Computer architecture - A quantitative approach, 5th Edition. Morgan Kaufmann (2012)

  14. Infineon Technologies AG: Architecture Overview Handbook, TriCore 1.3, 32-bit Unified Processor Core, IP Cores (05 2002)

  15. Infineon technologies AG: TriCore 1 pipeline behaviour and instruction execution timing (2004)

  16. Infineon Technologies AG: AURIX TC21x/TC22x/TC23x Family 32-Bit Single-Chip Microcontroller User’s Manual (12 2014)

  17. Jan, M., Asavoae, M., Schoeberl, M., Lee, E.: Formal semantics of predictable pipelines: a comparative study. In: Proceedings of the 25th Asia and South Pacific Design Automation Conference. IEEE, United States (2020)

  18. Lahiri, S.K., Seshia, S.A., Bryant, R.E.: Modeling and verification of out-of-order microprocessors in UCLID. In: Formal Methods in Computer-Aided Design, 4th International Conference, FMCAD 2002, Portland, OR, USA, November 6-8, 2002, Proceedings. pp. 142–159 (2002)

  19. Lauterbach GmbH: Simulator for TriCore (04 2021)

  20. Liu, I., Reineke, J., Lee, E.A.: A PRET architecture supporting concurrent programs with composable timing properties. In: 44th Asilomar Conference on Signals, Systems, and Computers (November 2010)

  21. Lundqvist, T., Stenström, P.: Timing anomalies in dynamically scheduled microprocessors. In: Real-Time Systems Symposium. pp. 12–21. RTSS’99, IEEE (1999). 10.1109/REAL.1999.818824

  22. Nguyen, V.a., Jenn, E., Serwe, W., Lang, F., Mateescu, R.: Using model checking to identify timing interferences on multicore processors. In: ERTS 2020 - 10th European Congress on Embedded Real Time Software and Systems. pp. 1–10. Toulouse, France (2020)

  23. Reineke, J., Wachter, B., Thesing, S., Wilhelm, R., Polian, I., Eisinger, J., Becker, B.: A definition and classification of timing anomalies. In: 6th International Workshop on Worst-Case Execution Time (WCET) Analysis. Dresden, Germany (2006)

  24. Schoeberl, M., Abbaspour, S., Akesson, B., Audsley, N.C., Capasso, R., Garside, J., Goossens, K., Goossens, S., Hansen, S., Heckmann, R., Hepp, S., Huber, B., Jordan, A., Kasapaki, E., Knoop, J., Li, Y., Prokesch, D., Puffitsch, W., Puschner, P.P., Rocha, A., Silva, C., Sparsø, J., Tocchi, A.: T-CREST: time-predictable multi-core architecture for embedded systems. J. Syst. Arch. Emb. Syst. Design 61(9), 449–471 (2015)

  25. Seshia, S.A., Subramanyan, P.: Uclid5: Integrating modeling, verification, synthesis and learning. In: 2018 16th ACM/IEEE International Conference on Formal Methods and Models for System Design (MEMOCODE). pp. 1–10 (2018). 10.1109/MEMCOD.2018.8556946

  26. Sun, W.T., Jenn, E., Cassé, H.: Build your own static wcet analyser: the case of the automotive processor aurix tc275. In: 10th European Congress on Embedded Real Time Software and Systems (ERTS 2020) (Jan 2020)

  27. Ungerer, T., Cazorla, F.J., Sainrat, P., Bernat, G., Petrov, Z., Rochange, C., Quiñones, E., Gerdes, M., Paolieri, M., Wolf, J., Cassé, H., Uhrig, S., Guliashvili, I., Houston, M., Kluge, F., Metzlaff, S., Mische, J.: Merasa: Multicore execution of hard real-time applications supporting analyzability. IEEE Micro 30(5), 66–75 (2010)

    Article  Google Scholar 

  28. Wenzel, I., Kirner, R., Puschner, P.P., Rieder, B.: Principles of timing anomalies in superscalar processors. In: International Conference on Quality Software (QSIC 2005), Melbourne, Australia, pp. 295–306. (2005)

  29. Wilhelm, S., Wachter, B.: Towards symbolic state traversal for efficient WCET analysis of abstract pipeline and cache models. In: 7th International Workshop on Worst-Case Execution Time (WCET) Analysis, Pisa, Italy, July 3, (2007)

Download references

Author information

Authors and Affiliations

  1. Université Paris-Saclay, CEA, List, F-91120, Palaiseau, France

    Benjamin Binder, Mihail Asavoae, Belgacem Ben Hedia & Mathieu Jan

  2. LTCI, Télécom Paris, Institut Polytechnique de Paris, F-91120, Palaiseau, France

    Florian Brandner

Authors
  1. Benjamin Binder
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mihail Asavoae
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Florian Brandner
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Belgacem Ben Hedia
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Mathieu Jan
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Benjamin Binder.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Binder, B., Asavoae, M., Brandner, F. et al. Formal modeling and verification for amplification timing anomalies in the superscalar TriCore architecture. Int J Softw Tools Technol Transfer 24, 415–440 (2022). https://doi.org/10.1007/s10009-022-00655-1

Download citation

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10009-022-00655-1

Keywords

Search

Navigation