## Cheddar Architecture Description Language

Christian Fotsing, Frank Singhoff, Alain Plantec, Vincent Gaudel,
Stéphane Rubini, Shuai Li, Hai Nam Tran, Laurent Lemarchand Lab-STICC/UMR CNRS 6285, University of Brest
20, av Le Gorgeu, CS 93837, 29238 Brest Cedex 3, France Email: {first\_name.last\_name}@univ-brest.fr

> Pierre Dissaux, Jérôme Legrand Ellidiss Technologies 24, quai de la douane 29200 Brest, France Email: {first\_name.last\_name}@ellidiss.com

> > May 21, 2014

#### Abstract

The aim of this paper is to give a complete and fine definition of the Cheddar Architecture Design Language.

Cheddar is a free real time scheduling tool composed of a graphical editor used to describe a real-time applications, a framework which includes most of classical real time scheduling/feasibility algorithms/tests. It is designed for checking temporal constraints of real-time applications.

To perform this type of scheduling analysis with Cheddar, systems to analyse can be described with AADL or with a dedicated ADL, the Cheddar Architecture Design Language, called Cheddar ADL.

Cheddar ADL aims to write, analyse and validate real-time applications handled in the context of Cheddar.

Our objective in this report is to describe it formally, to also show how it may be implemented and used.

Keywords: ADL; Cheddar; Real-Time Systems; Validation; Simulation;

## Table of Contents

| 1        | Intr         | oducti   | on                      |    |    |  |  |  |           |   |       |   |  |  |   |  |   |   | 7         |
|----------|--------------|----------|-------------------------|----|----|--|--|--|-----------|---|-------|---|--|--|---|--|---|---|-----------|
| <b>2</b> | Requirements |          |                         |    |    |  |  |  |           | 8 |       |   |  |  |   |  |   |   |           |
| 3        | Che          | ddar A   | ADL Concepts            |    |    |  |  |  |           |   |       |   |  |  |   |  |   |   | 8         |
| 4        | Sen          |          | of Components           |    |    |  |  |  |           |   |       |   |  |  |   |  |   |   | 9         |
|          | 4.1          | Hardw    | vare Components         |    | •  |  |  |  | •         | • | <br>• | • |  |  | • |  | • | • | 9         |
|          |              | 4.1.1    | $Cache \ . \ . \ . \ .$ |    |    |  |  |  | •         | • |       | • |  |  |   |  | • | • | 9         |
|          |              | 4.1.2    | Core                    |    |    |  |  |  | •         | • |       | • |  |  |   |  |   | • | 14        |
|          |              | 4.1.3    | Processor               |    |    |  |  |  | •         |   |       |   |  |  | • |  |   |   | 17        |
|          |              | 4.1.4    | Memory                  |    |    |  |  |  | •         |   |       |   |  |  |   |  |   |   | 19        |
|          |              | 4.1.5    | Network                 |    |    |  |  |  | •         |   |       |   |  |  |   |  |   |   | 21        |
|          | 4.2          | Softwa   | are Components          |    |    |  |  |  | •         |   |       |   |  |  |   |  |   |   | 22        |
|          |              | 4.2.1    | Address space .         |    |    |  |  |  |           |   |       |   |  |  |   |  |   |   | 23        |
|          |              | 4.2.2    | Task                    |    |    |  |  |  |           |   |       |   |  |  |   |  |   |   | 25        |
|          |              | 4.2.3    | Resource                |    |    |  |  |  |           |   |       |   |  |  |   |  |   |   | 29        |
|          |              | 4.2.4    | Buffer                  |    |    |  |  |  |           |   |       |   |  |  |   |  |   |   | 33        |
|          |              | 4.2.5    | Message                 |    |    |  |  |  |           |   |       |   |  |  |   |  |   |   | 40        |
|          |              | 4.2.6    | Dependency              |    |    |  |  |  |           |   |       |   |  |  |   |  |   |   | 42        |
|          |              | 4.2.7    | Task group              |    |    |  |  |  |           |   |       |   |  |  |   |  |   |   | 44        |
| 5        | Not          | ion of   | Deployments             |    |    |  |  |  |           |   |       |   |  |  |   |  |   |   | 47        |
|          | 5.1          | Gener    | ic Deployments .        |    |    |  |  |  |           |   |       |   |  |  |   |  |   |   | 47        |
|          | 5.2          |          | Deployments             |    |    |  |  |  |           |   |       |   |  |  |   |  |   |   | 48        |
|          | 5.3          |          | nic Deployments         |    |    |  |  |  |           |   |       |   |  |  |   |  |   |   | 49        |
| 6        | Арр          | olicatio | ons of Cheddar          | AI | DL |  |  |  |           |   |       |   |  |  |   |  |   |   | <b>53</b> |
| 7        | Rel          | ated w   | orks                    |    |    |  |  |  |           |   |       |   |  |  |   |  |   |   | 57        |
| 8        | Conclusion 5 |          |                         |    |    |  |  |  | <b>59</b> |   |       |   |  |  |   |  |   |   |           |

# List of Figures

| 1  | The DTD of entity $Cache$                                                                                    | 13 |
|----|--------------------------------------------------------------------------------------------------------------|----|
| 2  | An Example of entity <i>Cache</i>                                                                            | 14 |
| 3  | The DTD of entity Core                                                                                       | 16 |
| 4  | An example of <i>Core</i> description                                                                        | 16 |
| 5  | The DTD of entity <i>Processor</i>                                                                           | 19 |
| 6  | An example of <i>Mono_core_processor</i> description                                                         | 20 |
| 7  | An example of <i>Multi_cores_processor</i> description                                                       | 20 |
| 8  | The DTD of entity Network                                                                                    | 22 |
| 9  | An example of <i>Network</i> description                                                                     | 22 |
| 10 | The DTD of entity Address Space                                                                              | 24 |
| 11 | An Example of entity Address space described using Cheddar ADL                                               | 25 |
| 12 | The DTD of entity $Task \ldots \ldots$ | 30 |
| 13 | An example of $Task$ description in Cheddar ADL                                                              | 31 |
| 14 | The DTD of entity Resource                                                                                   | 34 |
| 15 | An example of <i>Resource</i> description in Cheddar ADL                                                     | 35 |
| 16 | The DTD of entity $Buffer$                                                                                   | 38 |
| 17 | An example of entity <i>Buffer</i>                                                                           | 39 |
| 18 | The DTD of entity Message                                                                                    | 42 |
| 19 | An example of entity <i>Message</i>                                                                          | 43 |
| 20 | The DTD of entity <i>Dependency</i>                                                                          | 44 |
| 21 | An example of <i>Dependency</i>                                                                              | 45 |
| 22 | An example of $Task \ group$ (of type $Transaction_Type$ ) descrip-                                          |    |
|    | tion in Cheddar ADL                                                                                          | 47 |
| 23 | The DTD of entity Generic_Deployment                                                                         | 48 |
| 24 | The DTD of entity <i>Static_Deployment</i>                                                                   | 49 |
| 25 | An example of <i>Static_Deployment</i>                                                                       | 49 |
| 26 | The DTD of entity Dynamic_Deployment                                                                         | 52 |
| 27 | An example of <i>Dynamic_deployment</i> description in Cheddar ADL                                           | 53 |
| 28 | How interoperability with other ADLs is ensured: the particular                                              |    |
|    | case of AADL and Cheddar ADL                                                                                 | 54 |
| 29 | Example of an application specified using Cheddar ADL                                                        | 55 |
| 30 | A Cheddar scheduling simulation of our example                                                               | 57 |

List of Tables

### Guidelines to read

(1) For each entity, we have several sub-paragraphs.

#### Standard attributes

We define in this part the main properties of entity.

#### Legality rules

(L1) We define here the constraints of entity.

#### Annexes

(A1) This part completes the standard attributes definitions. It allows to define precisely the attributes.

(A2) The annexes of an entity allow to define the sub attributes of this entity.

#### Implementation

This corresponds to a table, which give the precise denomination of attributes with their types.

#### Example

We present here an example of use of entity.

## Definitions

(1) We define here a set of usual terms in this paper.

**Definition 1** Valid identifier.

An identifier is valid if it is composed only by the letters of the alphabet (upper-case or lower-case), digits from 0 to 9 and characters ., :, /,  $\setminus$  and  $\_$ .

### **1** Introduction

We consider real-time applications, dedicated to process control, which are modelled by a set of tasks. They are characterized by the presence of temporal constraints, induced by the dynamics of the controlled process. The tasks can be periodic or not, have same first release time or not, may shared resources or exchanges messages.

For study schedulability analysis, each task  $T_i$  is usually modelled by four temporal parameters [10]: its first release time  $r_i$ , its worst case execution time (WCET)  $C_i$ , which is the highest computation time of the task, its relative deadline  $D_i$ , which is the maximum acceptable delay between the release and the completion of any instance of the task, and its period  $P_i$ .

From this simplified model of task, real-time scheduling theory provides two ways to perform schedulability analysis: feasibility tests and scheduling simulation on the hyperperiod  $^{1}$ .

We have a necessary condition for a system to be feasible [11]: if a system of n tasks  $T_1 \ldots T_n$  is feasible, then its utilization factor, defined by

$$U = \sum_{i=1}^{n} \frac{C_i}{P_i}$$

is less than or equal to 1.

Our general aim is the validation, using simulation, of the real-time applications.

For that, we consider the Cheddar project. Cheddar [9] is a GPL open-source schedulability tool composed of a graphical editor and a library of schedulability analysis modules. The library of analysis modules implements various analysis methods based on the real-time scheduling theory.

In order to perform schedulability analysis in Cheddar context, several approaches have been investigated [12]: The MARTE based approach [37] [13] where a MARTE to Cheddar transformation have been proposed, and an experimentation on an industrial software radio system have been done; The Model Driven Engineering (MDE) [54] based approach, combined to ADL have been experimented by showing how scheduling analysis tools can be automatically produced from an ADL with MDE [39] [40] [41]; An AADL based approach [42] where the relevant hardware features are expressed in order to have better scheduling analysis.

We focus on this paper to the ADLs approach, by presenting Cheddar ADL. It will allow us to finely specify and validate the real-time application, in the Cheddar context [12]. Indeed, Cheddar ADL, especially dedicated to scheduling analysis, provides tools to design and validate (by using Cheddar tool) real-time applications.

The paper presents an Architecture Description Language (ADL) that has been designed to model software architecture in the perspective of scheduling analysis. This ADL illustrates how an ADL may provide to model a real-time application on which designers expect to perform scheduling analysis.

The rest of the paper is organized as follows: we begin by enumerate the requirements of Cheddar ADL (section 2), in order to lay the foundations of our language, then, we describe the general concepts of the language (section 3).

<sup>1.</sup> The lcm periods

After-that, the sections 4 and 5 precise the semantic of the basic entities of Cheddar ADL, and section 6 is dedicated to the way to apply it. Section 7 gives the related works, by describing some ADLs using in real-time domains, and we conclude in section 8, by giving some perspectives.

### 2 Requirements

In order to allow interoperability with other ADLs, we define some requirements for Cheddar ADL:

- Applicable in several areas: It should be take various concepts like FPGA, Multiprocessor architectures with caches/cores and shared memory, Nlevel of hierarchical scheduling into account.
- Should be as close as possible with real-time scheduling and queueing system theories: Classic models, synchronization/dependencies, scheduler parameters.
- Must stay simple and easy/quick to use/understand.
- Maintain existing features: allow transformation to AADL/Marte/others supported ADLs.
- Provide isolation : spatial and temporal. The aim is to enable independently spatial analysis (take the behaviour of system into account, model checking ...) and temporal analysis (compute the respond time, the schedulability analysis ...).
- Both hardware/software modelling and software deployment: required for real-time systems analysis, user/designer understanding.

The next section aims to present the general concepts of Cheddar ADL, based on these requirements.

### 3 Cheddar ADL Concepts

Cheddar ADL defines basic entities which model usual concepts of the realtime scheduling theory. We have two kinds of entities:

- 1. Components: There are the reusable units. A component has a type, an unique name and attributes. It is a part of a system to analyse.
- 2. Bindings: the bindings define relationships between components. They Model a resource allocation between n providers and m consumers, where n and m are integers.

These basic entities can be grouped into 3 types:

- 1. Hardware components: They model resources provided by the execution environment. We have Processor , Cache , Core , Memory and Network
- 2. Software components: They model the design of the software. They are deployed onto hardware components. In Cheddar, we have Task, Resource, Buffer, Dependency and Message.
- 3. Bindings: Their role is to enforce either temporal or spatial isolation. They allow to model the relationships between components.

In order to finely describe the Cheddar ADL, we clarify in sections 4 and 5 the semantic of basic entities.

### 4 Semantic of Components

We distinguish in Cheddar two types of components: hardware components and software components.

#### 4.1 Hardware Components

(1) We define in this section the following hardware components: Cache , Core , Processor , Memory and Network .

(2) Cache which models a hardware cache unit.

(3) *Core* which models an entity providing a resource to sequentially run flow of controls.

(4) *Processor* which corresponds to the deployment unit for a software component.

(5) Memory which models an entity providing a physical memory unit.

(6) *Network* which models any entity allowing tasks located in different processors to exchange messages.

#### 4.1.1 Cache

The *Cache* is specified by the following definitions [2] [3] [4] [5] [6] [14]:

(1) It is small high speed memory usually Static RAM (SRAM) that contains the most recently accessed pieces of main memory.

(2) Cache memories are small, high-speed buffer memories used in modern computer systems to hold temporarily those portions of the contents of main memory which are (believed to be) currently in use.

(3) In Cheddar ADL, the Cache is named Generic\_Cache in the xml schema.

#### Standard attributes

Name: it is the unique name of the Cache.

 $Cache\_Size$ : it is the size of the cache - the number of bytes that a cache can contain.

 $Block_Size$ : it is an integer, which corresponds to the number of contiguous bytes that are transferred from main memory on a cache miss<sup>2</sup>.

<sup>2.</sup> When the cache does not contain the memory block requested, the transaction is said to be a cache miss.

Associativity: it is an integer, which corresponds to the number of cache locations where a particular memory block may reside.

 $Hit_Time$ : it corresponds to time to access to a memory block that is in the cache.

 $Miss\_Time$ : it corresponds to the time to access a memory block that is not in the cache.

*Replacement\_Policy*: it is a policy which decides which cache block should be replaced when a new memory block needs to be stored in the cache.

*Coherence\_Protocol*: it is a protocol which maintains the consistency between all the caches in a system of distributed shared memory.

 $Cache\_Category$ : it specifies a cache is instruction cache, data cache or a combined one.

 $Write_Policy$ : it determines how the cache performs the write of the data in the cache back to the main memory.

#### Legality rules

- (L1) The cache name must not be empty.
- (L2) The cache name must be valid identifier.
- (L3)  $Cache\_size > 0.$
- (L4)  $Block_size > 0.$
- (L5)  $Cache_Size MOD Block_Size = 0.$
- (L6)  $Hit_Time > Miss_Time > 0$ .

(L7) The Coherence\_Protocol of Instruction\_Cache can only be Shared\_Cache\_Protocol or  $Private_Cache_Protocol$ .

#### Annexes

(A1) The kinds of Associativity :

(A11)  $Fully\_Associative\_Cache$ : when a memory block can reside in any locations in the cache (Associativity = Cache\\_Size/Block\\_Size).

(A12)  $Direct\_Mapped\_Cache$ : when a memory block can reside in exactly one location in the cache (Associtivity = 1).

(A13) A way set associative cache: when a memory block can reside in exactly A location in the cache (Associativity = A).

In this case, we have

$$Number\_of\_set\_of\_the\_cache = \frac{Number\_of\_block}{A}$$

(A2) The replacement policies :

(A21) *Random*: this policy randomly replace a selected block among all blocks currently in cache.

(A22)  $Least\_Recently\_Used(LRU)$ : it replaces the block in cache that has not been used for the longest time.

(A23)  $Least_Recently_Replaced(LRR)$ : it replaces the block in cache that has not been replaced for the longest time.

(A24)  $First_in, First_out(FiFo)$ : it evicts the block that has been in the cache the longest.

(A3) The types of coherence protocols.

(A31) Shared\_Cache\_Protocol: cache is shared between cores.

(A32) Private\_Cache\_Protocol: each core has its private cache.

(A33) *Private\_Invalid\_Cache\_Protocol*: when a core writes into a memory block in the cache, all copies of this memory block in other cores' cache are invalidated.

(A34) Private\_MSI\_Cache\_Protocol: M,S,I stand for Modified, Shared and Invalid.

They are three possibles states that a block inside the cache can have. This protocol is used in the 4D machine [7].

(A35) *Private\_MESI\_Cache\_Protocol*: MESI stand for Modified, Exclusive, Shared and Invalid. This cache coherence protocol is derived from MSI protocol. More information about the MESI protocol can be found in [8]

(A4) The Cache\_Category:

(A41)  $Data_Cache$ : cache which is used in order to speed up data fetch and store.

(A42) Instruction\_Cache: cache which is used in order to speed up executable instruction fetch. Instruction\_Cache is in fact a cache where coherence protocol is Private\_Cache\_Protocol or Shared\_Cache\_Protocol. (A43)  $Data_Instruction_Cache$ : both data and instructions are stored in cache.

(A5) Type of write policies.

(A51) Write-Back (called also  $Copy-Back,\ Write_Behind):$  the information is written only to the block in the Cache .

The modified block is written in the memory only when the cache is replaced.

(A52)  $Write\_Through$ : the information is written both in the block to cache and the block in the main-memory.

(A521)  $Write\_Through\_With\_Allocation:$  memory block at the missed-write location is loaded to cache then followed by a write operation in the Cache .

(A522)  $Write_Through_Without_Allocation:$  memory block at the missed-write location is not loaded to the cache and written directly in the higher level memory.

```
<!ELEMENT caches (generic cache | data cache |</pre>
        instruction cache | data instruction cache |
        cache system) +>
<!ELEMENT generic cache (object type | name |</pre>
        cache size | block size | associativity |
        replacement_policy | hit_time | miss_time |
        miss rate | coherence protocol |
        cache category) *>
<!ATTLIST generic cache id ID #REQUIRED>
<!ELEMENT data_cache (object_type | name | cache_size |</pre>
        block size | associativity | cache replacement |
        hit time | miss time | miss rate |
        coherence protocol | cache category |
        write policy)*>
<!ATTLIST data cache id ID #REQUIRED>
<!ELEMENT instruction_cache (object_type | name</pre>
        cache size | block size | associativity
        replacement_policy | hit_time | miss_time |
        miss rate | coherence protocol |
        cache_category)*>
<!ATTLIST instruction cache id ID #REQUIRED>
<!ELEMENT data_instruction_cache (object_type | name |</pre>
        cache_size | block_size | associativity |
        replacement policy | hit time | miss time |
        miss rate | coherence_protocol |
        cache category | write_policy)*>
<!ATTLIST data instruction cache id ID #REQUIRED>
<!ELEMENT cache system (object type | name | caches)*>
<!ATTLIST cache_system id ID \#REQUIRED>
```

Figure 1 – The DTD of entity Cache

Implementation

The figure 1 gives the DTD of entity Cache.



Figure 2 – An Example of entity Cache

#### Example

The figure 2 gives an example of entity *Cache* described using Cheddar ADL. It describes an 2-ways set associative (*Associativity* = 2) instruction cache with cache size 2048 bytes (2 KB) and block size 8 bytes. The replacement policy is Least Recently Used.

#### 4.1.2 Core

A *Core* is specified by the following definitions [16]:

- (1) It is a deployment unit for a software component.
- (2) It is the unit that read and execute program instructions.

#### Standard attributes

Name: It is the unique name of Core.

Speed: It is a real, which gives the exchange rate of flow.

 $L1\_cache\_system\_name$ : It is a string, which corresponds to the primary cache. It is faster, generally smaller, and located in core.

The  $L1\_cache_system$  is a list of 0 or several Caches.

Each *Cache* can be of 2 types:

- Unified : in this case, it corresponds to Data\_Instruction\_Cache.
- Separated : in this case, it corresponds to 1 Data\_Cache and 1 Instruction\_Cache.

Scheduling: It defines all parameters of scheduling.

It is the type of *Scheduling\_Parameters* (see Annexes for definitions of *Scheduling\_Parameters*).

#### Legality rules

(L1) The Core name must not be empty.

(L2) The Core name must be valid identifier.

(L3) We must not have simultaneous  $(A\_Scheduler = Pipeline\_User\_Defined\_Protocol)$  and  $(File\_Name\ Empty)$ .

(L4) We must not have simultaneous ( $File_Name \neq Empty$ ) and ( $A_Scheduler \neq Pipeline_User_Defined_Protocol$ ) and ( $A_Scheduler \neq Automata_User_Defined_Protocol$ ).

(L5) The *Period* must be greater than or equal to 0.

(L6) The *Capacity* must be greater than or equal to 0.

(L7) We must not have  $(Priority < Priority_Range'First)$  or  $(Priority < Priority_Range'Last)$ .

(L8) We must not have simultaneous ( $Quantum \neq 0$ ) and ( $A\_Scheduler \neq Posix\_1003\_Highest\_Priority\_First\_Protocol$ ) and ( $A\_Scheduler \neq Round\_Robin\_Protocol$ ) and ( $A\_Scheduler \neq Hierarchical\_Round\_Robin\_Protocol$ ) and ( $A\_Scheduler \neq Hierarchical\_Cyclic\_Protocol$ ).

(L9) The Quantum must be greater than or equal to 0.

(L10) The Speed must be greater than or equal to 0.

(L11) A\_Scheduler must be different of No\_Scheduling\_Protocol.

#### Annexes

(A1) See Annexes of Dynamic\_Deployment for attributes of Scheduling\_Parameters.

#### Implementation

The figure 3 gives the DTD of entity Core.

#### Example

The figure 4 gives an example of entity *Core* described using Cheddar ADL.

In this case, the scheduler POSIX\_1003\_HIGHEST\_PRIORITY\_FIRST\_PROTOCOL is fixed on the core named *core*1, and it is of *Preemptive* Type. The L1\_cache\_system\_name is not represented.

```
<!ELEMENT core_units (core_unit)+>
<!ELEMENT core_unit (object_type | name
| scheduling | speed | l1_cache_system_name)*>
<!ATTLIST core unit id ID #REQUIRED>
```





Figure 4 – An example of *Core* description

#### 4.1.3 Processor

The entity *Processor* is specified by the following definitions:

- (1) It is a deployment unit for a software component.
- (2) It is composed by a set of *Cores* and *Caches*.

(3) We distinguish in Cheddar two separate cases: **Mono\_Core\_Processor** and **Multi\_Core\_Processor**.

#### Standard attributes

Name : It is the unique name of Processor.

Network: It is a string, which corresponds to the name of entity Network connected to the Processor.

 $Processor\_Type:$  It is an enumeration, which defines the type of considered Processor .

 $Migration_Type$ : It is an enumeration, which defines the type of Tasks migration between the Cores of the Processor.

In Cheddar, we assume that a Task may be migrated only between jobs.

#### Legality rules

(L1) The *Processor* name must not be empty.

(L2) The *Processor* name must be valid identifier.

(L3) Cores should not be empty in the Multi\_cores\_processor case.

(L4) If the Processor type is  $Monocore_Type$ , it must exist at least one Core.

(L5) If the Processor type is  $Multicore_Type$ , it must exist several Cores

#### Annexes

(A1) The types of *Processors* [30] [29] [32] [33] [31].

(A11)  $Monocore_Type$ : It is a Processor with only one Core. In this case, the Processor only executes one instruction flow, i.e. one Task, at a time.

The  $Multicore_Type$  references to a Processor with two or more processing units, i.e. Core components.

(A12)  $Identical_Multicores_Type$ : In this case, all processors are identical.

That means processors have the same computing capability and run task at the same rate.

(A13)  $Uniform\_Multicores\_Type$ : Each Processor P is characterized by a single parameter *speed* (or computing capacity), named Speed(P), with the interpretation that a job that executes on processor P for t time units completes  $Speed(P) \times t$  units of execution.

(A14) Unrelated\_Multicores\_Types: In this case, Processors differ in area, performance, power dissipated, speed, ...

An execution rate is defined for every uplet  $(r_{i,j}, i, j)$ : the work *i* requires  $r_{i,j}$  units of time on the processor *j*.

(A2) The types of Migrations [24] [25] [26].

(A21)  $No_Migration_Type$ : When no migration is allowed between the **Cores** of a *Processor*.

A Task that begins its execution on a Core cannot migrate and must always run on this one.

(A22)  $Job\_Level\_Migration\_Type$ : a Task can run its successive jobs in different Cores.

When a job is started in one Core, the task cannot migrate before the job is completed, i.e. a job starting in a given Core must be completed on the same Core.

Job-level parallelism is forbidden (i.e., a job may not execute concurrently with itself on two or more different *Cores*.

(A23) *Time\_Unit\_Migration\_Type*: A *Task* can migrate at any time on any *Cores* of the processor.

Job-level parallelism is also forbidden in this case.

(A3) Mono\_Core\_Processor is defined by the following parameter:

(A31) *Core*: It is the corresponding core to the **Mono\_Core\_Processor**. It is characterized by:

(A311) Scheduling: See the Core description.

(A312) Speed: See the Core description.

(A313) L1\_Cache\_System\_Name: See the Core description.

(A4) **Multi\_Core\_Processor** is a single computing component with two or more independent *Cores*, which are the units that read and execute program instructions [15].

It allows to schedule tasks globally with a set of cores.

| <pre><!--ELEMENT processors (generic_processor</pre--></pre>      |
|-------------------------------------------------------------------|
| $\mid$ mono_core_processor $\mid$ multi cores processor)+>        |
| <pre>  <!--ELEMENT generic_processor (object_type</pre--></pre>   |
| $ $ name   network_name   processor type                          |
| migration type)*>                                                 |
| <pre><!--ATTLIST generic_processor id ID #REQUIRED--></pre>       |
| <pre><!--ELEMENT mono_core_processor (object_type</pre--></pre>   |
| $ $ <b>name</b>   network_name   <b>processor_type</b>            |
| migration type   core)*>                                          |
| <pre><!--ATTLIST mono_core_processor id ID #REQUIRED--></pre>     |
| <pre><!--ELEMENT multi cores processor (object_type</pre--></pre> |
| name network_name processor type                                  |
| migration_type                                                    |
| $ $ <b>cores</b>   l2_cache_system_name)*>                        |
| <pre><!--ATTLIST multi cores processor id ID #REQUIRED--></pre>   |

Figure 5 – The DTD of entity Processor

It is defined by the following parameters:

(A41) Cores: The list of Cores of the Processor.

(A42)  $L2\_Cache\_System\_Name$ : It is a list of 0 or several Caches. When it exists, it is Unified: it corresponds to Data\_Instruction\_Cache. In this case, all corresponding  $L1\_Cache\_System$  are separated.

#### Implementation

The figure 5 gives the DTD of entity Processor.

Example

The example of figure 6 describes a  $Mono\_core\_processor$ , with one core referenced by id 75.

Notice the type of Processor ( $MONOCORE_TYPE$ ) and the type of Migration ( $NO_MIGRATION_TYPE$ ).

The example of figure 7 describes a  $Multi\_cores\_processor$ , with two cores referenced by their *id* (67, 68).

It has two identical cores (that means that the cores have the same computing capability and run *Task* at the same rate), and migrations between cores is of the type *time\_unit\_migration*; that means that a job requires one time unit for task migration between two cores.

#### 4.1.4 Memory

A *Memory* is specified by the following definitions [23]:

(1) It is a deployment unit for a software component.



Figure 6 – An example of  $Mono\_core\_processor$  description



Figure 7 – An example of *Multi\_cores\_processor* description

(2) It is everything a process can address, code, data, stack, heap.

(3) In uniprocessor designs, the memory system was a rather simple component, consisting of a few levels of cache to feed the single processor with data and instructions.

(4) In multi-cores, the caches are just one part of the memory system, the other components include the consistency model, cache coherence support, and the intra-chip interconnect.

#### Standard attributes

Name : It is the unique name of Memory.

#### Legality rules

(L1) The *Memory* name must not be empty.

(L2) The *Memory* name must be valid identifier.

#### Implementation

#### Example

#### 4.1.5 Network

A Network is specified by the following definitions:

- (1) It is any communication link between any hardware components.
- (2) It is used to simulate message scheduling.

#### Standard attributes

Name: It is the unique name of entity Network .

*Network\_type*: It is the technique of taking into account the communication.

#### Legality rules

- (L1) The network name must not be empty.
- (L2) The network name must be valid identifier.
- (L3) The Network\_type is mandatory.

#### Annexes

```
<!ELEMENT networks (\mathbf{network})+>
<!ELEMENT network (object type)</pre>
                                   name
    network type)*>
<!ATTLIST network id ID #REQUIRED>
```

Figure 8 – The DTD of entity Network

```
< networks >
<network id="id 89">
 <object_type>NETWORK_OBJECT_TYPE</object_type>
 < name > a network < /name >
  <network type>BOUNDED DELAY</network type>
 </network>
</\mathrm{networks}>
```

Figure 9 - An example of *Network* description

(A1) The Network\_type techniques [21] [34] [35] [22] is in fact the way to characterize delay when we consider the network.

We distinguish:

(A11) Bounded\_Delay: In this case, the delay is bounded. It is an effective search prioritization strategy for concurrent programs that handles both statically-known and dynamically-created tasks.

The sending of message is characterized by a bounded time.

(A12) Jitter\_Delay: In this case, the delay is a function of jitter. The sending of message is characterized by an bounded interval (max and min).

(A13) Parametric\_Delay: In this case, the delay is parametric. The user may define its own delay.

#### Implementation

The figure 8 gives the DTD of entity Network.

#### Example

The figure 9 gives an example of entity Network described using Cheddar ADL.

The type of *Network* in this case is *BOUNDED\_DELAY*.

#### 4.2Software Components

(1) We define in this section the following software components: Address space, Task, Resource, Buffer, Message and Task group.

(2) Address space models a logical unit of memory.

(3) Task models a flow of control.

(4) *Resource* models asynchronous communication between tasks of the same address space.

(5) Buffer models queued data exchanges between tasks of the same address space.

(6) Message models queued data exchanges between tasks located in different address spaces.

(7) Task group models a subset of tasks organized in transactions.

(8) *Dependency* which models relationships between tasks and other software entities.

#### 4.2.1 Address space

An Address space is specified by the following definitions [27] [28]:

(1) It is the range of virtual addresses that the operating system assigns to a user or separately running program.

(2) The range of addresses which a *Processor* or process can access, or at which a device can be accessed.

(3) It refers to either physical address or virtual address.

(4) An Address space may be associated to an address protection mechanism.

(5) An *Address space* defines a range of discrete addresses, each of which may correspond to a network host, peripheral device, disk sector, a memory cell or other logical or physical entity.

(6) It allows to model a logical unit of memory.

#### Standard attributes

Name: it is the unique name of the  $Address\ space$ .

 $Cpu_name$ : It is the name of *Processor* which contain Address space.

 $Text\_Memory\_Size$ : It is the size of text segment. A text segment contains the executable image of the program.

It is used to perform a global memory analysis.

#### Figure 10 – The DTD of entity Address Space

 $Stack\_Memory\_Size$ : It is the size of stack segment. A stack segment contains the function-call stack.

This segment is extended automatically as needed.

 $Data_Memory_Size$ : It is the size of data segment. A data segment contains the *heap* of dynamically allocated data space.

Heap\_Memory\_Size: It is the size of logical memory reserved for the heap.

Scheduling: It defines all parameters of scheduling.

It is the type of *Scheduling\_Parameters* (see Annexes for definitions of *Scheduling\_Parameters*).

#### Legality rules

- (L1) The Address space name must not be empty.
- (L2) The Address space name must be valid identifier.
- (L3) An  $Address \ space \ must \ be \ linked \ to \ a \ Processor$  .
- (L4) The *Text\_Memory\_Size* must be greater than or equal to 0.
- (L5) The *Stack\_Memory\_Size* must be greater than or equal to 0.
- (L6) The Data\_Memory\_Size must be greater than or equal to 0.
- (L7) The Heap\_Memory\_Size must be greater than or equal to 0.

#### Annexes

(A1) See Annexes of *Dynamic\_Deployment* for attributes of *Scheduling\_Parameters*.

#### Implementation

The figure 10 gives the DTD of entity  $Address \ space$ .

#### Example

The figure 11 gives an example of Address space .

This Address space, named addr1 is based on Processor processor1. The others parameters are fixed on 0, and the scheduling parameters have a quantum equal to 0, and is the type PREEMPTIVE.

```
< address\_space id=".18" >
<object type>ADDRESS SPACE OBJECT TYPE</object type>
<name>addr1 < /name>
<cpu name>processor1 </cpu name>
<text_memory_size>0</text_memory_size>
<stack_memory_size>0</stack_memory_size>
<data memory size>0</data memory size>
<heap_memory_size>0</heap_memory_size>
<scheduling><scheduling parameters>
 <scheduler type>NO SCHEDULING PROTOCOL</scheduler type>
 <quantum>0</quantum>
 <preemptive type>PREEMPTIVE</preemptive type>
 <capacity>0</capacity>
 <period>0</period>
 <priority>0</priority>
 <start time>0</start time>
 </scheduling_parameters>
</scheduling>
</address space>
```

Figure 11 – An Example of entity Address space described using Cheddar ADL

#### 4.2.2 Task

A task, named  $Generic_Task$  is specified by the following definitions:

(1) Run any type of program (including any operating system function such as a scheduler).

(2) Statically defined in an Address space.

#### Standard attributes

Name: It is the unique name of the Task.

 $Task_Type$ : It defines the type of the task. Annexes (A1) give the different types of task.

 $Cpu\_Name:$  It is a string, which defined the Processor where is running the Task .

Address\_Space\_Name: It is a string, which defines the name of the Address space hosting the task.

 $Capacity\!:$  It is a natural, and it corresponds to the worst case execution time of the task.

*Deadline*: The task must end its activation before its deadline. A deadline is a relative information : to get the absolute date at which a task must end an activation, you should add to the deadline the time when the task was awoken/activated. The deadline must be equal to the period if you define a Rate Monotonic scheduler.

 $Start_Time$ : It is a natural, which defines the first release time of a Task.

*Priority*: It is a priority range.

It allows the scheduler to choose the Task to run.

 $Blocking_Time$ : It's the worst case shared resource waiting time of the task. This duration could be set by the user or computed by Cheddar shared resources accesses are described.

*Policy*: It defines the scheduling policy of a task. Policy can be  $SCHED_RR$ , or  $SCHED_FIFO$  or  $SCHED_OTHERS$  and describes how the scheduler chooses a task when several tasks have the same priority level.

*Offsets*: An offset stores two information : an activation number and a value. It allows to change the wake up time of a task on a given activation number. For an activation number, the task wake up time will be delayed by the amount of time given by the value field.

*Text\_Memory\_Size*: Size of the text segment of the task in order to perform memory requirement analysis.

*Stack\_Memory\_Size*: Size of the memory stack of the task in order to perform memory requirement analysis.

*Parameters*: A parameter is similar to the deadline, the period, to capacity ..., but used by user-defined schedulers.

A user can define new task parameters. A user-defined task scheduled has a value, a name and a type. The types currently available to define user-defined task parameters are : string, integer boolean and double.

*Criticality*: The field indicates how the task is critical. Currently used by the *MUF* scheduler or any user-defined schedulers.

Context\_Switch\_Overhead: It is an integer.

Legality rules

(L1) The Task name must not be empty.

(L2) The Task name must be valid identifier.

(L3) In the case of  $Parametric_Type$ , The  $Activation_Rule$  should be a valid identifier.

(L4) The  $Cpu_Name$  must not be empty.

(L5) The Address\_Space\_Name must not be empty.

(L6) In the case of *Periodic\_Type*, the *Period* must be greater than 0.

(L7) In the case of  $Periodic_Type$ , the *Jitter* must be greater than or equal to 0.

(L8) In the case of Aperiodic\_Type, the Period shouldn't exist.

(L9) In the case of Sporadic\_Type, the Period shouldn't exist.

(L10) In the case of  $Parametric_Type$ , the  $Activation_Rule$  must not be empty.

(L11) In the case of  $Frame_Task_Type$ , the *Period* must be greater than or equal to 0

(L12) The *Capacity* must be greater than 0.

(L13) The Context\_Switch\_Overhead must be greater than or equal to 0.

(L14) The *Criticality* must be greater than or equal to 0.

(L15) The *Deadline* must be greater than or equal to 0.

(L16) The Deadline must be less than the Jitter.

(L17) The  $Start_Time$  must be greater than or equal to 0.

(L18) The *Blocking\_Time* must be greater than or equal to 0.

(L19) The Text\_Memory\_Size must be greater than or equal to 0.

(L20) The Stack\_Memory\_Size must be greater than or equal to 0.

(L21) The Priority must be between Priority\_Range\_First and Priority\_Range\_Last.

(L22) We can't have simultaneously  $Priority \neq 0$   $Policy = Sched_Others$ .

(L23) We can't have simultaneously Priority = 0  $Policy \neq Sched_Others$ .

#### Annexes

(A1) The types of  $Generic_Task$ .

(A11)  $Periodic_Type$ : In this case, the Task is periodic, and we have two more attributes in order to characterize the Task:

(A111) *Period*: It is the time between two task activations. The period is a constant delay for a periodic task. It's an average delay for a *poisson* process task. If you have selected a *Processor* that owns a Rate Monotonic or a Deadline Monotonic scheduler, you have to give a period for each of its tasks.

(A112) *Jitter*: The *Jitter* of Task is an upper bound on the delay that Task may suffer between the time it is supposed to be released and the time that it is actually released.

The jitter is a maximum lateness on the task wake up time. This information can be used to express task precedencies and to applied method such as the Holistic task response time method.

(A12)  $Aperiodic_Type$  In this case, the Task is called aperiodic task. An aperiodic task is only activated once.

(A13)  $Sporadic_Type$ : A sporadic task is a task which is activated many times with a minimal delay between two successive activations.

If the Task type is  $user\_defined$ , the task activation delay is defined by the user.

(A14) Poisson\_Type. In this case, the task is called *poisson* task. It is a subtype of *Periodic* task, with two more attributes.

(A141) Seed: If you define a *poisson* process task or a user-defined task, you can set here how random activation delay should be generated (in a deterministic way or not). The *Seed* button proposes you a randomly generated seed value but of course, you can give any seed value. This seed value is used only if the Predictable button is pushed. If the Unpredictable button is pushed instead, the seed is initialized at simulation time with *gettimeofday*.

(A142) Predictable: It is a boolean, which guides the *seed* value (see the *Seed* definition).

(A15)  $Parametric_Type$ . In this case, the task is called parametric task, and it is characterized by one more attribute.

(A151)  $Activation_Rule$ : The name of the rule which defines the way the task should be activated. Only used with user-defined task.

(A16)  $Scheduling_Task_Type$ : It is one of the types of Task.

(A17)  $Frame_Task_Type$ . In this case, the task is called frame task, and it is characterized by one more attribute.

(A171) *Interarrival*: It defines the duration between the release of two tasks. It is specified through the *Period* attribute.

(A2) The types of *Policies* [36].

(A21) Sched\_Fifo: With this policy, ready processes in a given priority level get the *Processor* according to their order in the FIFO queue.

The process at the head of the queue runs first and keeps the processor until it executes some statement that blocks it, explicitly releases the processor, or finishes.

(A22)  $Sched_Rr$ : It can be seen as a  $Sched_Fifo$  policy but with a time quantum and some extra rules on the queue management.

When the quantum is exhausted, the preempted thread is moved to the tail of the queue.

(A23) *Sched\_Others*: The behaviour of this policy is not defined in the POSIX standard. It is implementation defined.

Sometimes, this policy provides a time sharing scheduler.

This policy is used by Linux for all processes with a priority level of 0. These processes are put in a  $Sched_Others$  queue.

With Linux, the process in the *Sched\_Others* queue that has waited longest for the processor is dispatched first.

#### Implementation

The figure 12 gives the DTD of entity Task.

#### Example

We give at figure 13 an example of *Task* described in Cheddar ADL.

This task is *periodic*  $(task_type is PERIODIC_TYPE)$ , and its *period* (4) is specified by attribute *period*. We can remark another informations, like by example the task runs on *processor*1, and *addr*1 is *Address\_space* dedicated for its execution.

#### 4.2.3 Resource

A *Resource* is specified by the following definitions:

(1) It is any data structure, shared by tasks or not, synchronized or not.

(2) It is statically defined in an Address space.

(3) It may models asynchronous communication between tasks of the same  $Address\ space$  .

Standards attributes

<!ELEMENT tasks (generic\_task | periodic task | aperiodic\_task</pre> poisson\_task | sporadic\_task | parametric\_task  $scheduling_task \mid frame_task) +>$ <!ELEMENT generic\_task (object\_type | name | task\_type</pre> cpu name | address space name | capacity | deadline start time | priority | blocking time | policy offsets | text\_memory\_size | stack\_memory\_size parameters | criticality | context\_switch\_overhead)\*>  $<!ATTLIST generic_task id ID #REQUIRED>$ <!ELEMENT periodic\_task (object\_type | name | task\_type</pre> cpu name | address\_space\_name | capacity | deadline start time | priority | blocking time | policy | offsets text\_memory\_size | stack\_memory\_size | parameters criticality | context\_switch\_overhead | period | jitter)\*> <!ATTLIST periodic task id ID #REQUIRED> <!ELEMENT aperiodic task (object type | name | task type</pre> cpu name | address\_space\_name | capacity | deadline start\_time | priority | blocking\_time | policy | offsets text\_memory\_size | stack\_memory\_size | parameters criticality | context switch overhead)\*> <!ATTLIST aperiodic task id ID #REQUIRED> <!ELEMENT poisson\_task (object\_type | name | task\_type</pre> **cpu name** | address\_space\_name | **capacity** | **deadline** start time | priority | blocking time | policy | offsets text\_memory\_size | stack\_memory\_size | parameters criticality | context\_switch\_overhead | period jitter | seed | predictable)\*> <!ATTLIST poisson task id ID #REQUIRED> <!ELEMENT sporadic\_task (object\_type | name | task\_type</pre> cpu name | address\_space\_name | capacity | deadline start time | priority | blocking time | policy | offsets text\_memory\_size | stack\_memory\_size | parameters criticality | context\_switch\_overhead | period | jitter seed | predictable)\*> <!ATTLIST sporadic\_task id ID #REQUIRED> <!ELEMENT parametric task (object type | name | task type</pre> cpu name | address space name | capacity | deadline start time | priority | blocking time | policy | offsets text\_memory\_size | stack\_memory\_size | parameters criticality | context\_switch\_overhead | period | jitter  $seed | predictable | activation_rule) *>$ <!ATTLIST parametric\_task id ID #REQUIRED> <!ELEMENT scheduling\_task (object\_type | name | task\_type</pre> cpu name | address\_space\_name | capacity | deadline start\_time | priority | blocking\_time | policy | offsets text\_memory\_size | stack\_memory\_size | parameters criticality | context\_switch\_overhead | period jitter | seed | predictable)\*> <!ATTLIST scheduling\_task id ID #REQUIRED> <!ELEMENT frame\_task (object\_type | name | task\_type</pre> cpu\_name | address\_space\_name | capacity | deadline start\_time | priority | blocking\_time | policy | offsets text\_memory\_size | stack\_memory\_size | parameters criticality | context\_switch\_overhead | period jitter | interarrival)\*> <!ATTLIST frame\_task id ID #REQUIRED>



Figure 13 – An example of *Task* description in Cheddar ADL

State: It is an initial value/state (similar to a semaphore initial value). During a scheduling simulation, at a given time, if a resource value is equal or less than zero, the requesting tasks are blocked until the semaphore/shared resource is released.

It is also an initial value equal to 1 allows you to design a shared resource that is initially free and that can be used by only one task at a given time.

Size: It defines the size of the Resource.

Address: It is the located of Resource.

*Protocol*: It characterises how the *Resource* is locked and unlocked.

Currently, you can choose between [43] [44] PCP (for Priority Ceiling Protocol), PIP (for Priority Inheritance Protocol) or *No protocol*.

With PCP or PIP, accessing shared resources may change task priorities. With *No protocol*, the tasks are inserted in a FIFO order in the semaphore queue and no task priority will be changed at accessing the shared *Resource*.

*Critical\_Sections*: It specifies when each *Task* must lock or unlock resources.

This attribute specifies critical sections defined for each Task and Resource .

 $Cpu_Name$ : Each shared resource has to be hosted by a given Processor.

Address\_Space\_Name: Its corresponds to the name of Address space which

hosted the *Resource* .

Priority: Its the type of  $Priority\_Range.$  It defines the priority of the Resource .

This attribute is currently only used with the ICPP protocol.

 $Priority\_Assignment$ : It is an enumerated type, and characterize the way that Cheddar assigns priority to the Resource.

Legality rules

(L1) The resource name must not be empty.

(L2) The resource name must be a valid identifier.

(L3) The  $Cpu_Name$  must not be empty.

(L4) The Address\_Space\_Name must not be empty.

(L5) The types of *Protocol* are specified in *Annexes*.

(L6) The Size must be greater than or equal to 0.

(L7) The Address must be greater than or equal to 0.

#### Annexes

(A1) Each critical section is defined by :

(A11)  $Task\_begin$ : The time at which the critical section is started. Task is the Task name accessing the shared Resource.

(A12)  $task\_end$ : The time at which the critical section is completed. Task is the Task name accessing the shared Resource.

Each of this date are relative to the task capacity. Finally, several critical sections can be defined for a given task on a given resource.

(A2) The types of *Protocol* [36].

(A21)  $No\_Protocol:$  It is the case where any protocol is allocated to the Resource .

(A22) *Priority\_Inheritance\_Protocol*: A *Task* which blocks a high priority task due to a critical section, sees its priority to be increased to the priority level of the blocked task.

(A23) *Priority\_Ceiling\_Protocol: Priority\_Inheritance\_Protocol* can not be used with more than one shared resource due to deadlock.

In this case, *Priority\_Ceiling\_Protocol* is used.

(A24) Immediate\_Priority\_Ceiling\_Protocol: In this case:

(A241) Ceiling priority of a resource = maximum static priority of the tasks which use it.

(A242) Dynamic task priority = maximum of its own static priority and the ceiling priorities of any resources it has locked.

(A3) The types of *Priority\_Assignment*:

(A31)  $Automatic_Assignment$ : In this case, Cheddar assigns automatically priority to the *Resource*. The attribute *Priority* is then ignored during the simulation.

(A31)  $Manual_Assignment$ : This case corresponds to the manually affectation of Priority to the Resource. The attribute Priority is then used during the simulation.

#### Implementation

The figure 14 gives the DTD of entity Resource .

#### Example

An example of resource described in Cheddar ADL is given in figure 15.

Since protocol has value  $NO_{-}PROTOCOL$ , that means that no priority is attributed to task when it holds the resource R1. We can also remark that this resource concerns processor1, and runs at addr1, and has two critical sections: each task holds and releases the resource at time unit 1.

#### 4.2.4 Buffer

A Buffer is specified by the following definitions:

(1) It is statically defined in an Address space.

(2) A Buffer has an unique name, size and is hosted by a Processor and an  $Address \ space$ .

(3) It allows to model queued data exchanges between Tasks on the same  $Address\ space$ .

#### Standard attributes

Name: It is the unique name of Buffer.

```
<!ELEMENT resources (generic resource | np resource |</pre>
pip resource
pcp resource | ipcp resource | critical section)+>
<!ELEMENT generic resource (object type | name |</pre>
state | size | address | protocol |
critical_sections | cpu name | address_space_name)*>
<!ATTLIST generic_resource id ID #REQUIRED>
<!ELEMENT np resource (object type | name | state |</pre>
priority | size | address | protocol | critical sections |
cpu name | address_space_name)*>
<!ATTLIST np resource id ID #REQUIRED>
<!ELEMENT pip resource (object type | name | state |</pre>
priority | size | address | protocol | critical_sections |
cpu_name | address_space_name)*>
<!ATTLIST pip resource id ID #REQUIRED>
<!ELEMENT pcp resource (object type | name | state |</pre>
priority | size | address | protocol | critical sections |
cpu name | address_space_name | ceiling_priority)*>
<!ATTLIST pcp resource id ID #REQUIRED>
<!ELEMENT ipcp_resource (object_type | name | state |</pre>
priority | size | address | protocol | critical_sections |
cpu_name | address_space_name | ceiling_priority)*>
<!ATTLIST ipcp_resource id ID #REQUIRED>
<!ELEMENT critical section (task begin | task end)*>
```

Figure 14 – The DTD of entity Resource

```
<np_resource id="_44" >
<object_type>RESOURCE_OBJECT_TYPE</object_type>
          <name>R1</name>
          < state > 1 < / state >
          < \sin z \, e > 0 < / \sin z \, e >
          < address > 0 < /address >
          <protocol>NO PROTOCOL</protocol>
          < critical sections>
                    <\!task\_name\!>~T1~<\!/task\_name\!>
                    < critical section >
                              <\!task\_begin\!>\!1\!<\!/task\_begin\!>
                              <\!task\_end\!>\!1\!<\!/task\_end\!>
                    </\operatorname{critical} section >
                    < task name> T2 </task name>
                    < critical section >
                              <task_begin>1</task_begin>
                              <\!task\_end\!>\!1\!<\!/task\_end\!>
                    </\operatorname{critical} section >
          </\operatorname{critical} sections >
          <cpu name> processor1 < /cpu name>
          < address\_space\_name> addr1 < / address\_space\_name>
</np_resource>
```

Figure 15 – An example of Resource description in Cheddar ADL

Cpu\_Name: It corresponds to the name of Processor hosted by the Buffer

 $Address\_Space\_Name:$  It corresponds to the name of  $Address\ space$  hosted by the Buffer .

 $Queueing\_System\_Type$ : It defines the types of  $Queueing\_System$ . A  $Queueing\_System$  model is assigned to each Buffer.

This queueing system model describes the way buffer reads and writes operations will be done at simulation time.

This information is also used to apply *Buffer* feasibility tests.

 $Buffer_Size$ : Size of the Buffer.

Roles: It is the type of Buffer\_Roles\_Table. The Buffer\_roles\_table is a list of buffer\_role.

#### Legality rules

(L1) The Buffer name must not be empty.

(L2) The Buffer name must be a valid identifier.

(L3) The  $Cpu_Name$  must not be empty.

(L4) The Address\_Space\_Name must not be empty.

(L5) The Size must be greater than 0.

(L6) Two types of Tasks can access to a Buffer: producers and consumers.

(L7) We suppose that a producer/consumer writes/reads a fixed size of information in the Buffer.

(L8) For each producer or consumer, the size of the information produced or consumed has to be defined.

(L9) The time of the read/write operation is also given : this time is relative to the task capacity (e.g. if task  $T_i$  consumes a message at time 2, it means that the message will be removed from the *Buffer* when  $T_i$  runs the  $2^{nd}$  unit of time of its *capacity*).

#### Annexes

(A1) The types of Queueing\_System [46].

(A11)  $Qs_Pp_1$ : compliant with P/P/1 queueing model [45]. There are several producers but only one consumer Task. Producers and the consumers are independent periodic tasks. Producers and the consumer are not blocked when they access the Buffer.

(A12)  $Qs_Mm1$ : compliant with the classical M/M/1 queueing system model. There are several producers but only one consumer task. Producers are released according to a Markovian law. The consumer is released on data arrival and its service time is exponential (markovian law too).

(A13)  $Qs_Md1$ : compliant with the classical M/D/1 queueing system model. There are several producers but only one consumer Task. Producers are released according to a Markovian law. The consumer is released on data arrival and its service time is deterministic.

(A14)  $Qs\_Mp1$  : compliant with the classical M/P/1 queueing system model.

(A15)  $Qs_{-}Mg1$  : compliant with the classical  ${\rm M/G/1}$  queueing system model.

(A16)  $Qs\_Mms$  : compliant with the classical M/M/S queueing system model.

(A17)  $Qs_{-}Mds$  : compliant with the classical M/D/S queueing system model.

(A18)  $Qs\_Mps$  : compliant with the classical M/P/S queueing system model.

(A19)  $Qs_{-}Mgs$  : compliant with the classical M/G/S queueing system model.

(A110)  $Qs_{-}Mm1n$  : compliant with the classical M/M/1/N queueing system model.

(A111)  $Qs_{-}Md1n$  : compliant with the classical M/D/1/N queueing system model.

(A112)  $Qs_-Mp1n$  : compliant with the classical M/P/1/N queueing system model.

(A113)  $Qs_{-}Mg1n$  : compliant with the classical M/G/1/N queueing system model.

(A114)  $Qs\_Mmsn$  : compliant with the classical M/M/S/N queueing system model.

(A115)  $Qs_Mdsn$  : compliant with the classical M/D/S/N queueing system model.

(A116)  $Qs_-Mpsn$  : compliant with the classical M/P/S/N queueing system model.

Figure 16 – The DTD of entity Buffer

(A117) $Qs_{-}Mgsn$  : compliant with the classical M/G/S/N queueing system model.

(A2) The  $Buffer_Roles_Table$  is a list of  $Buffer_Role$ . Each  $Buffer_Role$  is characterized by:

(A21)  $The\_Role$  which is the type of  $Buffer\_Role\_Type$ . It describes the behaviour of Task on the Buffer.

(A211)  $No_Role$ : When any role is defined.

(A212)  $Queuing_Producer$ : name of the producer Task.

(A213)  $Queuing\_Consumer$ : name of the consumer Task.

(A214)  $Sampling_Writer$ : name of the producer Task.

(A215)  $Sampling\_Reader$ : name of the consumer Task.

(A22) Size: size of the data reads/writes to/from the Buffer.

(A23) Time: time at which the data must be read or write on the Buffer. This time is relative to the Task capacity

(A24) Timeout: specify the maximum blocking time allowed when a read/write is proceeded on a Buffer.

### Implementation

The figure 16 gives the DTD of entity Buffer.

## Example

The figure 17 gives an example of entity Buffer, described using Cheddar ADL.

The considered Buffer, named B1 is hosted by the  $Processor \ processor1$  and  $Address \ space \ addr1$ .

```
< buffers>
< buffer id="_37" >
 <object_type>BUFFER_OBJECT_TYPE</object_type>
 <name>B1</name>
 <cpu name> processor1 < /cpu name>
 < address space name > addr1 < / address space name >
 <queueing_system_type>QS_MMl</queueing_system_type>
 < size > 1 < / size >
 <\!\mathrm{roles}>
 <\!task\_name\!>~T1~<\!/task\_name\!>
 < buffer_role>
  <\!the\_role\!>\!\!Q\!U\!E\!U\!I\!N\!G\_P\!R\!O\!D\!U\!C\!E\!R\!\!<\!/the\_role\!>
  < size > 1 < / size >
  < time > 1 < /time >
  <timeout>1</timeout>
 </buffer role>
 <\!\!task name\!\!> T2 <\!\!/task\_name\!\!>
 < buffer role>
  <\!the\_role\!>\!\!Q\!U\!E\!U\!I\!N\!G\_C\!O\!N\!S\!U\!M\!E\!R\!<\!/the\_role\!>
  <\!{\rm size}>\!2<\!/{\rm size}>
  <\!\!\mathrm{time}\!>\!\!2<\!\!/\mathrm{time}\!>
  <timeout>2</timeout>
 <\!/\,b\,uffe\,r\_\,r\,o\,l\,e\!>
 </
m roles>
< / buffer >
</buffers>
```

Figure 17 - An example of entity Buffer

#### 4.2.5 Message

A *Message* is specified by the following definitions:

(1) It allows to model data exchanges between Tasks located in different Processor .

(2) A *Message* can be sent by one or several sending Task and can be received by one or several receiving Tasks.

(3) Messages can be queued on the receiver side before they are read by sending Task.

### Standard attributes

Name: It is the unique name of the Message.

 $Message_Type$ : It specifies the type of Message.

*Parameters*: It is the type of *User\_Defined\_Parameters\_Table*, which is the list of *Parameter*.

Deadline: It is deadline of the Message. This corresponds to the last time that the Message should be received or sent.

Jitter: The jitter of the Message.

Size: It is the size of the payload of the Message.

 $Response_Time$ : Amount of time a message takes to reach the receiver after it has been sent by the sender.

It also corresponds to the end to end time between the emission and reception of the Message .

 $Communication_Time$ : It is the duration of the Message in the Buffer.

#### Legality rules

(L1) The Message name must not be empty.

(L2) The Message name must be a valid identifier.

(L3) The *Size* must be greater than 0.

(L4) The *Deadline* must be less than or equal to *Jitter*.

(L5) Message is sent when the sender is running its last time unit of its capacity.

(L6) A Message is received at the execution of the at completion time of a sender Task.

(L7) A *Message* cannot be received before the specified number of units of time specified by the attribute *response\_time* after the message sending time.

(L8) A *Message* is received when (L7) holds and when a receiver task is running its first unit of time of its *Capacity*.

#### Annexes

(A1) The types of Message.

(A11)  $Periodic_Type$ : A *periodic* message is automatically sent at each *Period*.

(A12) Aperiodic\_Type: In this case, the message is sent according to aperiodic time.

(A13)  $Generic_Type$ : It is the case when we have no information about the sending time of Message.

(A2) Each *Parameter* is characterized by:

(A21) Discriminant. It is the type of  $Parameter_Type$ .

(A211) Boolean\_Parameter: When the parameter is boolean.

(A212) Integer\_Parameter: When the parameter is integer.

(A213) Double\_Parameter: When the parameter is double.

(A214) String\_Parameter: When the parameter is string.

(A22) Union, which is the type of Parameter\_Union.

(A221) Boolean\_Parameter: When the parameter is boolean.

(A222) Integer\_Parameter: When the parameter is integer.

(A223) Double\_Parameter: When the parameter is double.

(A224) String\_Parameter: When the parameter is string.

(A23) Name: The name of the parameter.

## Implementation

The figure 18 gives the DTD of entity Message.

| <pre>  <!--ELEMENT messages (generic_message  </pre--></pre>           |
|------------------------------------------------------------------------|
| $ $ periodic_message   aperiodic_message)+>                            |
| <pre>  <!--ELEMENT generic_message (object_type   name  </pre--></pre> |
| message_type   parameters   <b>deadline</b>   size                     |
| $ $ response_time   communication_time)*>                              |
| ATTLIST generic_message id ID #REQUIRED                                |
| <pre><!--ELEMENT periodic_message (object_type   name  </pre--></pre>  |
| message_type   parameters   <b>deadline</b>   size                     |
| response_time   communication_time   period   jitter)*>                |
| <pre>  <!--ATTLIST periodic_message id ID #REQUIRED--></pre>           |
| <pre><!--ELEMENT aperiodic_message (object_type   name  </pre--></pre> |
| message_type   parameters   <b>deadline</b>   size                     |
| $ $ response_time   communication_time)*>                              |
| ATTLIST aperiodic_message id ID #REQUIRED                              |

Figure 18 – The DTD of entity Message

#### Example

The figure 19 gives an example of entity Message , described using Cheddar ADL.

The example describes a periodic message, named M1, with *deadline*, *size*,  $response\_time$ , *period* and *jitter* equal to 1.

## 4.2.6 Dependency

A *Dependency* is specified by the following definitions:

(1) It allows to model an interaction between two software entities which has an impact upon the scheduling of the system.

(2) Software entities handled in a Dependency component can either be Tasks , and or Resources and or Buffers .

#### Standard attributes

Name: It is the unique name of entity Network.

 $Type\_of\_dependency$  : It specifies the kind of dependency component models.

Union: It corresponds to the description of union in C language. In this case, it allows to describe the different dependency types.

Legality rules

<messages>
<periodic\_message id="\_58" >
<object\_type>MESSAGE\_OBJECT\_TYPE</object\_type>
<message\_type>PERIODIC\_TYPE</message\_type>
<deadline>1</deadline>
<size>1</size>
<response\_time>1</response\_time>
<communication\_time>1</communication\_time>
<period>1</period>
<jitter>1</jitter>
</periodic\_message>
</messages>

Figure 19 – An example of entity Message

(L1) The dependency name must not be empty.

(L2) The dependency name must be valid identifier.

#### Annexes

(A1) The types of *Dependency* :

(A11)  $Precedence\_Dependency$ : When the dependency models a dependency between two Task components.

(A12)  $Queuing_Buffer_Dependency$ : When the dependency models a dependency between Task and Buffer components.

(A13)  $Communication\_Dependency$ : When the dependency models a dependency between Task and Message components.

(A2) The types of Union:

(A21) Precedence\_Dependency: It is the type of Precedence\_Dependency\_Type.

(A22)  $Queuing\_Buffer\_Dependency$ : It is the type of  $Queuing\_Buffer\_Dependency\_Type$ .

(A23) Communication\_Dependency: It is the type of Communication\_Dependency\_Type.

(A24)  $Time\_Triggered\_Communication\_Dependency$ : It is the type of  $Time\_Triggered\_Communication\_Dependency\_Type$ .

<!ELEMENT dependencies (dependency)+> <!ELEMENT dependency (type of dependency |</pre> precedence\_sink | precedence\_source | buffer dependent task | buffer orientation | buffer dependency object communication dependent task communication orientation communication dependency object time triggered communication sink time\_triggered\_communication\_source | timing\_property | resource\_dependency\_resource | resource dependency task black board dependent task black board orientation black\_board\_dependency\_object)\*>

Figure 20 – The DTD of entity Dependency

(A25) *Resource\_Dependency*: It is the type of *Resource\_Dependency\_Type*.

(A26) Black\_Board\_Buffer\_Dependency: It is the type of Black\_Board\_Buffer\_Dependency\_Type.

#### Implementation

The figure 20 gives the DTD of entity Dependency.

## Example

The figure 21 gives some examples of *Dependency*. We illustrate an example of *QUEUING\_BUFFER\_DEPENDENCY*, *RESOURCE\_DEPENDENCY*, *COMMUNICATION\_DEPENDENCY* and *PRECEDENCE\_DEPENDENCY* 

#### 4.2.7 Task group

A Task group is specified by the following definitions:

- (1) A Task group is a sub-set of Tasks.
- (2) A  $Generic_Task_Group$  has an unique name.

(3) A  $Generic_Task_Group$  may constrain (the attributes of) its Tasks.

(4) The manner a  $Generic_Task_Group$  constrains its Tasks depends on the type of the  $Task\ group$  .

```
<dependencies>
<dependency>
 <\!type\_of\_dependency\!>\!\!QU\!E\!U\!I\!N\!G\_BUFF\!ER\_D\!E\!P\!E\!N\!D\!E\!N\!C\!Y
 </type_of_dependency>
 <buffer dependent task ref="_42" />
 <br/><buffer orientation>FROM TASK TO OBJECT
 < /buffer orientation >
 <br/>
<buffer dependency object ref="_46" />
 </dependency>
<dependency>
 <type_of_dependency>RESOURCE_DEPENDENCY
 </type of dependency>
 <resource dependency resource ref="_44" />
 <resource_dependency_task ref="_42" />
 </dependency>
<dependency>
 <\!type\_of\_dependency\!\!>\!\!COMMUNICATION\_DEPENDENCY
 </type of dependency>
 <communication dependent task ref="_43" />
 <communication orientation>FROM TASK TO OBJECT
 </communication orientation>
 <communication dependency object ref="_45" />
 </dependency>
<dependency>
 <type_of_dependency>PRECEDENCE_DEPENDENCY
 </type of dependency>
 <precedence sink ref="_42" />
 <precedence source ref="_43" />
 </dependency>
</dependencies>
```

Figure 21 – An example of *Dependency* 

#### Standard attributes

 $Task\_List$ : The set of tasks part of the  $Task\ group$ . A list is used because some  $Task\ groups$  may constrain its Tasks to be in a certain order.

Task\_Group\_Type: Type of Task group.

Currently there exists two types of  $Task \ group$ . Annexes (A1) give the different types of a  $Task \ group$ .

The other attributes of a  $Task \ group$  are the same as those for a Task. This way a  $Task \ group$  may constrain any attribute of its Tasks.

#### Legality rules

(L1) The Task group name must not be empty.

(L2) The Task group name must be valid identifier.

(L3) When Task\_Group\_Type is Multiframe\_Type, the Task\_Type must not be different of Frame\_Task\_Type.

(L4) When  $Task\_Group\_Type$  is  $Transaction\_Type$ , the  $Task\_Type$  must not be different of  $Periodic\_Type$ .

(L5) When  $Task\_Group\_Type$ , of a  $Task\_group$ , is  $Transaction\_Type$ , the period attribute of its tasks must be equal to the period attribute of the  $Generic\_Task\_Group$ 

#### Annexes

(A1) The types of Generic\_Task\_Group.

(A11) Transaction\_Type: A Generic\_Task\_Group of Transaction\_Type is a transaction [47].

A transaction is group of tasks related by precedence dependency.

A transaction is released by a periodic event. A particular instance of a transaction is called a job. A job of a task in a transaction is released after the event that releases the job of the transaction.

If a job of a transaction is released at  $t_0$ , then a job of a Task is released at earliest after  $t_0 + O$  with O being the offset of the Task.

(A12) Multiframe\_Type: A Generic\_Task\_Group of Multiframe\_Type is a Multiframe task [50] or a General Multiframe task [49], i.e. group of tasks of  $Frame_Task_Type$ . Tasks of  $Frame_Task_Type$  represent the instances of the Multiframe/Generam Multiframe task (Generic\_Task\_Group of Multiframe\_Type) and the tasks are ordered. Releases of two tasks of  $Frame_Task_Type$  are separated at least by the Interarrival attribute of the tasks.

## Implementation

```
<transaction_task_group id="_13">
<object_type>TASK_GROUP_OBJECT_TYPE</object_type>
<name>TDMA_Frame</name>
<task_list>
<periodic_task ref="_14"/>
<periodic_task ref="_15"/>
<periodic_task ref="_16"/>
</task_list>
<task_group_type>TRANSACTION_TYPE</task_group_type>
<period>0</period>
</transaction_task_group>
```

Figure 22 – An example of  $Task\ group$  (of type  $Transaction\_Type)$  description in Cheddar ADL

#### Example

We give at figure 22 an example of  $Task\ group$  described in Cheddar ADL. The considered example is a Transaction, composed by three periodic tasks. Note that other parameters are not described here in order to simplify the example.

## 5 Notion of Deployments

A *Deployment* models a relationship between two sets of entities : consumer entities and resource entities.

It is specified by the following definitions.

(1) It may be static or dynamic.

(2) We distinguish *Generic\_Deployments*, which is composed by *Static\_Deployments* and *Dynamic\_Deployments*.

## 5.1 Generic Deployments

(1) A Generic\_Deployment characterizes the deployment notion.

(2) A *Generic\_Deployment* is a relationship between two set of entities : consumer entities and resource entities.

Standard attributes

Name: The unique name of Deployment.

Consumer\_Entities: The set of entities requesting access to the resource.

```
<!ELEMENT deployments (generic_deployment |
static_deployment | dynamic_deployment)+>
<!ELEMENT generic_deployment (object_type |
name | consumer_entities | resource_entities)*>
<!ATTLIST generic deployment id ID #REQUIRED>
```

## Figure 23 – The DTD of entity Generic\_Deployment

 $Resource\_Entities$ : The set of resources that are made available for resource consumers.

#### Legality rules

(L1) The Generic\_Deployment name must not be empty.

(L2) The Generic\_Deployment name must be a valid identifier.

Annexes

#### Implementation

The figure 23 gives the DTD of entity Generic\_Deployment.

Example

## 5.2 Static Deployments

(1) A *Static Deployment* contains a table which defines how the resources are statically allocated by the resource consumers.

(2) It can model a task off-line scheduling for example or a partition off-line scheduling of an ARINC 653 architecture.

#### Standard attributes

Allocation\_description: It defines how the resources are statically allocated by the resource consumers.

This table may be a off-line scheduling of Task or a set of addresses statically defined for each software component inside an  $Address \ space$ .

## Legality rules

(L1) The Static\_Deployment name must not be empty.

(L2) The Static\_Deployment name must be a valid identifier.

```
<!ELEMENT static_deployment (object_type | name |
consumer_entities | resource_entities |
allocation_description)*>
<!ATTLIST static_deployment id ID #REQUIRED>
```

Figure 24 – The DTD of entity *Static\_Deployment* 

```
<deployments>
<static_deployment id="_66" >
<object_type>DEPLOYMENT_TYPE</object_type>
<name>static_example</name>
<consumer_entities><multi_cores_processor ref="_61" />
</consumer_entities>
<resource_entities>
<resource_entities>
<periodic_task ref="_64" />
<periodic_task ref="_65" />
</resource_entities>
<allocation>scheduling_sequence.xml</allocation>
</static_deployment>
</deployments>
```

Figure 25 – An example of *Static\_Deployment* 

#### Annexes

#### Implementation

The figure 24 gives the DTD of entity Static\_Deployment.

#### Example

An example of *Static\_Deployment* described in Cheddar ADL is given in figure 25.

In this example, the *consumer\_entities*, a *ulti\_cores\_processor* needs a *periodic\_task* to work. An off-line scheduling is given in file *scheduling\_sequence.xml*.

## 5.3 Dynamic Deployments

(1) A Dynamic\_Deployment contains an algorithm.

(2) The algorithm defines how the resources are dynamically allocated by the resource consumers.

(3) It allows to define a dynamic resource allocation between the two sets of components.

(4) It may be an on-line scheduling algorithm for Task component or a malloc algorithm for a set of software components inside an  $Address \ space$ .

## Standard attributes

Allocation\_parameters: It is the type of Scheduling\_Parameters. It specifies how the resources are shared between consumers. Allocation\_parameters store parameters of an algorithm, which defines how the resources are scheduling among the resource consumers.

#### Legality rules

(L1) The Dynamic\_Deployment name must not be empty.

(L2) The Dynamic\_Deployment name must be a valid identifier.

#### Annexes

(A1) The Scheduling\_Parameters attributes.

A scheduler is responsible for selecting the running task for each unit of time from among the set of ready tasks. There are various ways to make this choice.

We distinguish:

(A11) Scheduler\_type: Which defines the type of scheduler, and may be [17] [18] [19], [20]:

(A111) Compiled\_User\_Defined\_Protocol: ...

(A112) Automata\_User\_Defined\_Protocol: ...

(A113) Pipeline\_User\_Defined\_Protocol: ...

(A114) User\_Defined\_Protocol: ...

(A115) *Earliest\_Deadline\_First\_Protocol*: Tasks can be periodic or not and are scheduled according to their *Deadline*.

(A116) Least\_Laxity\_First\_Protocol: Tasks can be periodic or not and are scheduled according to their laxity.

(A117)  $Rate\_Monotonic\_Protocol$ : He attributes the higher priority to the task which has the smallest period.

(A118) *Deadline\_Monotonic\_Protocol*: At every scheduling point, the task having the shortest deadline is taken up for scheduling.

Tasks have to be periodic and are scheduled according to their deadline. You have to be aware that the value of the priority field of the tasks is ignored here.

(A119) Round\_Robin\_Protocol: ...

(A1110) Time\_Sharing\_Based\_On\_Wait\_Time\_Protocol: ...

(A1111) Posix\_1003\_Highest\_Priority\_First\_Protocol: ...

(A1112)  $D_Over_Protocol: ...$ 

(A1113) Maximum\_Urgency\_First\_Based\_On\_Laxity\_Protocol:

(A1114) Maximum\_Urgency\_First\_Based\_On\_Deadline\_Protocol:

(A1115) Time\_Sharing\_Based\_On\_Cpu\_Usage\_Protocol: ...

(A1116)  $No\_Scheduling\_Protocol: ...$ 

(A1117) *Hierarchical\_Cyclic\_Protocol*: ...

(A1118) Hierarchical\_Round\_Robin\_Protocol: ...

(A1119) *Hierarchical\_Fixed\_Priority\_Protocol:* ...

(A1120) *Hierarchical\_Polling\_Aperiodic\_Server\_Protocol:* ...

(A1121) Hierarchical\_Priority\_Exchange\_Aperiodic\_Server\_Protocol:...

(A1122) *Hierarchical\_Sporadic\_Aperiodic\_Server\_Protocol*:...

(A1123) *Hierarchical\_Deferrable\_Aperiodic\_Server\_Protocol*:

• • •

. . .

. . .

(A1124) Proportionate\_Fair\_PF\_Protocol: ...

(A1125) Proportionate\_Fair\_PD\_Protocol: ...

(A1126) Proportionate\_Fair\_PD2\_Protocol: ...

(A12) Quantum: It is the quantum value associated with the Scheduler.

It is a natural, which defines the smallest unit of execution time of a task. A time quantum is a maximum duration that a process can run on the *Processor* before being pre-empted by another process of the same queue.

This information is useful if a scheduler has to manage several tasks with the same dynamic or static priority : in this case, the simulator has to choose

```
<!ELEMENT dynamic_deployment (object_type | name |
consumer_entities | resource_entities |
allocation_parameters)*>
<!ATTLIST dynamic_deployment id ID #REQUIRED>
```

Figure 26 – The DTD of entity Dynamic\_Deployment

how to share the processor between these tasks. The quantum is a bound on the delay a task can hold the processor (if the quantum is equal to zero, there is no bound on the processor holding time).

(A13)  $Preemptive_type$ : It characterizes the scheduler type. We have two types:

(A131) *Preemptive*: When the running task is interrupted for some time and resumed later when the priority task has finished its execution.

(A132)  $Not_{preemptive}$ : In this case, a running task is executed till completion. It cannot be interrupted.

(A14) Automaton\_name: ...

(A15) Capacity: It is the worst case execution time of a Task.

(A16) Period: It is duration between two periodic release times.

In this case, a task starts a job at each release time.

(A17) *Priority*: It is a priority range. It is an integer, which allows the scheduler to choose the task to run.

(A18) User\_Defined\_Scheduler\_Source: ...

(A19) User\_Defined\_Scheduler\_Source\_File\_Name: the file name of a file which contains the source code of a User\_Defined\_Scheduler.

(A110) Start\_Time: It is the first release time of a Task.

#### Implementation

The figure 26 gives the DTD of entity Dynamic\_Deployment.

## Example

An example of *Dynamic\_deployment* is given at figure 27. This *dynamic deployment* specify the way that three periodic tasks, referred by *ref* 71, 72 and 73 request a *multi\_cores\_processors*, referred by *ref* 69.

```
<\!{
m deployments}>
<dynamic_deployment_id="_74">
<object_type>DEPLOYMENT_TYPE</object_type>
<name>dynamic example</name>
<consumer entities>
 <periodic task ref="_71"/>
 <periodic task ref="_72"/>
 <periodic task ref=".73"/>
 </{f consumer} entities>
<resource entities>
 <multi cores processor ref="_69"/>
 </resource entities>
<allocation>
 <scheduling_parameters>
  <\!\!\mathbf{scheduler\_type}\!\!>\!\!\operatorname{RATE\_MONOTONIC\_PROTOCOL}
   </scheduler type>
   <quantum>0</quantum>
   <preemptive type>PREEMPTIVE
   </preemptive type>
  <capacity>0</capacity>
   <period>0</period>
   <priority>0</priority>
  <start time>0</start time>
   </scheduling_parameters>
</allocation>
</dynamic deployment>
```

Figure 27 – An example of Dynamic\_deployment description in Cheddar ADL

The allocation strategy is RATE\_MONOTONIC, with another characteristics like Preemptive\_type which is PREEMPTIVE, capacity and period.

# 6 Applications of Cheddar ADL

In this section, we show how Cheddar ADL is used for scheduling analysis in the Cheddar context.

We implement Cheddar ADL through a XML format. XML tags represent the different types of components and attributes. Each real-time application architecture is specified by a XML file, which must be conform to the DTD (Document Type Definition) of Cheddar ADL. Cheddar tools check this XML file format, verify specific consistency rules, and then append an instance of the matching component into the internal system representation.



Figure 28 – How interoperability with other ADLs is ensured: the particular case of AADL and Cheddar ADL

Notice that the Cheddar ADL file does not indicate what is the type of the scheduling analysis to apply. Users choose the method through a graphical interface, or by calling dedicated programs from the Cheddar toolbox. A tool is also provided to guide users towards the feasibility tests that are usable according to the architecture of their system [41].

Like announced in our requirements, Cheddar ADL should be a gateway with another tool in order to perform schedulability analysis.

The figure 28 shows how, in general case, an analysis tool with it specific language is used to check an another model.

Using an ADL editor or not, the user produces its own model, which is transformed by an ADL Model Translator, in order to generate the specific model, compatible with your analysis tool.

Especially in our case, we show how Cheddar is integrated into an iteration of the development process of a real-time system using AADL inspector, an AADL model editor <sup>3</sup>:

- The designer models a system using AADL inspector.
- The system is then transformed toward the Cheddar ADL used by the analysis tool.

This transformation extracts information relevant to the schedulability analysis only.

The example of figure 29 is a result of transformation.

It is composed of a set periodic tasks, with  $start_time$  equal to 0.

The tasks run on a multi-cores processors, with two identical cores, with the scheduler  $posix\_1003\_highest\_priority\_first\_protocol$ .

One address space, linked to the processor, allows to model logical memory. Finally, a *static deployment* is used to give the relationships between the multi-cores processors and tasks. It is the off-line scheduling, and *scheduling\_sequence.xml* gives the time moments when each task is pre-empted.

<sup>-</sup> The analysis tool performs the schedulability analysis and provides an

<sup>3.</sup> AADL inspector is a product of Ellidiss Technologies http://www.ellidiss.com

```
<cheddar>
 . . .
<core unit id="_59" >
  <name>core1 < /name>
  <scheduler type>
  POSIX 1003 HIGHEST PRIORITY FIRST PROTOCOL
   </scheduler type>
  <preemptive type> PREEMPTIVE </preemptive type>
  </core unit>
  . . .
 <\!{\bf multi\_cores\_processor} id="_61" >
  <name> processor 1 </name>
  <\!\!\mathbf{processor\_type}\!> \mathbf{I\!DENTICAL\_MULTICORES} \ \mathbf{TYPE}
   </processor type>
  <migration type> TIME UNIT MIGRATION TYPE
   </migration type>
  < cores >
   <core_unit} ref="59" />
   < core unit i ref="[]60" />
   </cores>
  </multi cores processor>
  . . .
 <periodic task id="_63" >
  <name>T1</name>
  <cpu name> processor1 < /cpu name>
  <capacity>2</capacity>
  <deadline>4</deadline>
  <start time>0</start time>
  <policy>SCHED FIFO</policy>
  <period>4</period>
  <jitter>0</jitter>
  </periodic task>
 <static deployment id="_66" >
  <name>static_example</name>
  <consumer entities>
   <multi cores processor ref="_61" />
   </consumer entities>
   <resource entities>
   <periodic task ref="_63" />
   <periodic_task ref="_64" />
   <periodic_task ref="_65" />
   </resource entities>
                          scheduling_sequence.xml
  <allocation>
   </allocation>
  </static deployment>
</cheddar
```

Figure 29 – Example of an application specified using Cheddar ADL

analysis report. We give at figure 30 a Cheddar scheduling simulation of our example, on the hyper-period.



Figure 30 – A Cheddar scheduling simulation of our example

Let us remark that in this case, our application is not feasible.

# 7 Related works

The Dedal [1] context is the development of software based components. The life cycle of the software is composed of three steps: specification, deployment and exploitation, which are closely linked in term of maintenance.

Dedal is an ADL which aim to define independently specification, configuration and assembly of an architecture, in order to coordinate the evolution of different levels of an abstraction. Usually, only two of the three levels are taken into account in the definition of ADLs.

Three dimensions so define the language:

- The abstract specification of an architecture: it is the description of all roles played by components that participate in the realization of the architecture. At this level, the authors focus on the definition of roles of components, connections between component interfaces and behaviour of the architecture.
- The concrete configuration of an architecture: this is to define the classes of components and connectors used to implement the architecture.
- The assembly of an architecture: this step describes all instances, components and connectors that make up the architecture. Here, the authors assign values or constraints to the components.

In the Cheddar context, our objective is the proposition of an architecture description language for real-time applications, in order to perform scheduling analysis.

Although it is not the same context, the description of Cheddar ADL is based on the same logic: software component for abstract specification, hardware component for concrete specification and binding for assembly.

The Architecture Analysis & Design Language (AADL) is a SAE standard (AS-5506), first published in 2004 [48]. AADL targets the design, analysis and

integration of distributed real-time systems. An AADL model describes a system as a hierarchy of components with their interfaces and their connections. It allows the modelling of the software components and their interactions, and also of the execution platform. Component categories are *process*, *data*, *thread*, *subprogram* for the software modelling, and *processor*, *memory*, *bus* and *device* for the entities of the execution platform. The deployment of a software application onto an execution platform is specified through *binding* properties. The execution of a software task may be assigned to one or a set of components of the execution platform. The AADL standard includes a large set of properties to precisely model system characteristics. Moreover, new ones may be appended to extend the description with regard to the expected system analysis.

The AADL language is not especially dedicated to analysis of real-time systems. It takes into account more components, and the concepts is not very adapted for a classical designer of real-time systems. This is actually a language too heavy, too wide and not especially dedicated to the schedulability analysis of real-time systems. Moreover, it is not very adapted for a regular user of realtime systems. By example, *device* is an inappropriate term for a classic user of real-time systems, whose objective is the schedulability analysis.

Modelling and Analysis of Real-Time Embedded systems (MARTE) is a standard UML profile promoted by the Object Management Group [51] [?] [53]. The profile adds capabilities to UML for Model-Driven Development [54] of realtime systems. MARTE thus provides support to specify and to design such a system but also to annotate the model for different kinds of analysis. MARTE was designed to cover a large area of real-time systems, including avionic, automotive or software radio systems. For example, the profile was designed so that all AADL concepts can be modelled in MARTE ([51], Annex A, section 2.3). The profile was also designed to support tools dedicated to real-time system (e.g. modeller, code generator, functional analyser, simulator). Several real-time analysing tools have been developed using MARTE, such as: [55], which presented the MARTE model elements associated with the time model package of MARTE, and illustrated their use on an automotive case study. For that, they extracted the physical timing information and used it to perform a schedulability analysis.

The real-time profile of MARTE is dedicated to model and analyse real-time systems, by cons, MARTE's approach is not to create new analysis methods, but to support existing ones, as opposed to Cheddar ADL which offers possibilities to take into account new analytical techniques.

In the context of automotive application, [56] investigate schedulability of real-time systems at earliest design phases. Their approach is based on the combination of two modelling languages for system design: EAST-ADL2, which addresses modelling and analysis needs of automotive electronic systems and the integration of an open source toolset for scheduling analysis, MAST [57] [58]. On one hand, EAST-ADL2 is an architecture description language defined as a domain specific language for the development of automotive electronic systems. On the other hand, MARTE is known for its rich expressive power for the modelling of system real-time properties and constraints. Their methodology has the objective of completing EAST-ADL models with MARTE entities to enable scheduling analysis at the design level. MAST is used to perform schedulability analysis. Other works based on EAST-ADLs have been done: It is the case of [59], which combines TADL2, Timing Augmented Description Language v.2, EAST-ADL and UPPAAL [60] to perform scheduling analysis of real-time systems.

We can note that, like AADL, EAST-ADL is not initially designed to perform schedulability analysis, and the diversity of languages that are associated do not facilitates neither automatic code generation, nor reactivity about the integration of new components.

To easily cover new real-time scheduling models and techniques, [61] propose an ADL: MoSaRT. This approach may be used to extract the scheduling information from different design methodologies and ADL used for system design such as UML-MARTE or AADL. The extracted information is then modeled with MoSaRT. Thus, it fills the gap between the conception abstraction level and the analysis abstraction level by capturing information relevant for analysis.

Yet, this language is not dedicated to analysis itself, but to model transformation between ADLs with different purposes. Cheddar ADL is, on its side, built from the analysis methods it supports.

## 8 Conclusion

This paper presented Cheddar ADL, an Architecture Design Language for the scheduling of real-time systems.

The particularity of this ADL, as compared to other ADLs, is that it allows to capture all required aspects for the schedulability analysis of real-time systems.

After the presentation of the requirements of this ADL, we classified the elements into two categories: software part, which contain  $Address \ space$ , Task, Buffer, Resource, Message and Dependency, and hardware part, which contain Core, Cache, Processor and Network.

Another category, deployment, is in fact a combination of these two categories.

We then presented in detail each of theses elements, by giving for each, the definitions, the standard attributes, the legality rules, an implementation and an example.

Subsequently, we have shown how the language is used as an entry point to the Cheddar tool, a real-time scheduling simulator.

In order to extend the usability of the language, we have also been interested in interoperability with other tools for analysing real-time systems that are more and more numerous.

For that, we proposed an approach which allow to use our Cheddar tool, in order to perform schedulability analysis of real-time systems described in other languages. This approach consists in fact in transforming the entry ADL, into Cheddar ADL.

The language is meant to evolve. Therefore, our future works will concern the extension, in order to consider new hardware (e.g. heterogeneous multiprocessors), that can provide schedulability results closest to reality; and then, new feasibilities tests.

We also plan to focus on evaluation of our language, by comparing with other ADLs. The paper of [62] will be the starting point. Indeed, [62] compare differ-

ent ADLs under certain aspects: syntax; visualization, which concerns graphical representation; variability and extensibility, the capability to model new patterns. The paper of [63] provides also a good basis for this study, because it provides a framework which is used to classify and compare several existing ADLs.

## References

- Z. H. Yulin and C. Urtado and S. Vauttier. Dedal: Un ADL à trois dimensions pour gérer l'évolution des architectures à base de composants. 4eme Conférence francophone sur les architectures logicielles, Pau, France. CAL 2010.
- [2] A. J. Smith. Cache Memories. Computing Surveys, Vol. 14, No. 3, September 1982. ACM Press.
- [3] Sebek, Filip. "The state of the art in cache memories and real-time systems." (2001).
- [4] Mellor-Crummey, John, David Whalley, and Ken Kennedy. "Improving memory hierarchy performance for irregular applications using data and computation reorderings." International Journal of Parallel Programming 29.3 (2001): 217-247.
- [5] Zahran, Mohamed. "Cache replacement policy revisited." Proceedings of the 6th Workshop on Duplicating, Deconstructing, and Debunking. 2007.
- [6] Jaleel, Aamer, et al. "High performance cache replacement using re-reference interval prediction (RRIP)." ACM SIGARCH Computer Architecture News. Vol. 38. No. 3. ACM, 2010.
- [7] F. Baslett, T. Jermoluk, and D. Solomon, "The 4D-MP Graphics Superworkstataion: Computing+Graphics= 40MIPS+40MFLOPS and 100,000 Lighted Polygons per Second," Proc. 33rd IEEE Computer Society Int'l Conference - COMPCON'88, pp 468-471, February 1988.
- [8] Papamarcos, Mark S., and Janak H. Patel. "A low-overhead coherence solution for multiprocessors with private cache memories." ACM SIGARCH Computer Architecture News. Vol. 12. No. 3. ACM, 1984.
- [9] F. Singhoff and J. Legrand and L. Nana and L. Marcé. Cheddar: a flexible Real-Time Scheduling Framework. ACM SIGAda Ada Letters. ACM Press, New York, USA. 24 (4). pp 1–8. Dec 2004.
- [10] C. L. Liu and J. W. Layland. Scheduling algorithms for multiprogramming in a hard real-time environment. Journal of the ACM. 20 (1). pp 46–61. Jan 1973.
- [11] G. C. Buttazo. Hard real-time computing systems: predictable scheduling algorithms and applications. Kluwer academics. 1997.
- [12] F. Singhoff, A. Plantec, S. Rubini, V. Gaudel, S. Li, C. Fotsing, P. Dissaux, J. Legrand, L. Lemarchand. How architecture description languages help (or not) schedulability analysis : the example of Cheddar. Preprint submitted to Science of Computer Programming. SCP13. 2013.
- [13] S. Li and F. Singhoff and S. Rubini and M. Bourdellès. Applicability of real-time schedulability analysis on a software radio protocol. Proceedings

of the 2012 ACM conference on High integrity language technology. New York, USA, pp. 81–94. December 2012.

- [14] C. Srilatha and C. V. Guru Rao and G. Prabhu. Effective Cache Configuration for High Performance Embedded Systems. American Journal of Computer Architecture, 1(1). pp. 1–5. DOI: 10.5923/j.ajca.20120101.01. 2012.
- [15] http://searchdatacenter.techtarget.com/definition/multi-core-processor.
- [16] R. Kumar and D. Tullsen and N. Jouppi. Core Architecture Optimization for Heterogeneous Chip Multiprocessors. PACT'06. September 16, 20. Seattle, Washington, USA. ACM 1-59593-264-X/06/0009. 2006.
- [17] R. Mall. Real-Time Systems: Theory and Practice. Pearson Education India. September 14, 2006. ISBN-10: 8131700690.
- [18] F. Singhoff. Real time scheduling theory and its use with Ada. ACM SIGAda'07 tutorial, Washington DC, USA.
- [19] G. Buttazzo. Rate monotonic vs. EDF: Judgment day. In Proc. 3rd ACM International Conference on Embedded Software, Philadephia, USA, October 2003.
- [20] J. Zalewski. What Every Engineer Needs To Know About Rate-Monotonic: A Tutorial. Real-Time Magazine. 1995. Edited by Zalewski, IEEE Computer Society Press. Vol 1.
- [21] C.Chou and I. Cidon and I. S. Gopal and S. Zaks. Synchronizing Asynchronous Bounded Delay Networks. IEEE TRANSACTIONS ON COMMU-NICATIONS, VOL.38, NO. 2, FEBRUARY 1990.
- [22] M. Emmi and S. Qadeer and Z. rakamarié. Delay-Bounded Scheduling. PoPL'11, January 26–28, 2011, Austin, Texas, USA. ACM 978-1-4503-0490-0/11/01.
- [23] G. Blake and R. G. Dreslinski and T. Mudge. A Survey of Multicore Processors (A review of their common attributes). IEEE SIGNAL PROCESSING MAGAZINE. 1053-5888/09/26.002009.IEEE. November 2009.
- [24] M. Katre and H. Ramaprasad and A. Sarkar and F. Mueller. Policies for Migration of Real-Time Tasks in Embedded Multi-Core Systems. RTSS09, WIP. 2009.
- [25] N. W. Fisher. The Multiprocessor Real-Time Scheduling of General Task Systems. Phd Thesis. University of North Carolina, USA. 2007.
- [26] A. Sarkar and F. Mueller and H. Ramaprasad. Predictable Task Migration for Locked Caches in Multi-Core Systems. LCTES11. Chicago, Illinois, USA. 2011.
- [27] http://publib.boulder.ibm.com/infocenter/zos/basics/index.jsp?topic=/com. ibm.zos.zconcepts/zconcepts\_82.htm.
- [28] http://menehune.opt.wfu.edu/Kokua/More\_SGI/007-2478-008/sgi\_html/ch01.html.
- [29] N. Maculan and S.C.S. Porto and C.C. Ribeiro and C.C. De. Souza. A new formulation for scheduling unrelated processor under precedence constraints. RAIRO Rech. Oper. Vol. 33. Number 1. pp. 87-92. 1999.
- [30] E. L. Lawler and J. Labetoulle. On Pre-emptive Scheduling of Unrelated Parallel Processors by Linear Programming. Journal of the Association for Computing Machinery. pp 612–61. Vol 25. No 4. October 1978.

- [31] K. Jansen and C. Robenet. Scheduling jobs on identical and uniform processors revisited. In Proceeding WAOA'11. Proceedings of the 9th international conference on Approximation and Online Algorithms. Pages 109-122. 2012.
- [32] S. Baruah and J. Goossens. The Static-priority Scheduling of Periodic Task Systems upon Identical Multiprocessor Platforms. Fifteenth IASTED International Conference on Parallel and Distributed Computing and Systems. Pages 427–432. Marina del Rey CA, November. Acta Press. ISBN 0-88986-392-X.
- [33] A. Hyari. A Comparative Study on Heterogeneous and Homogeneous Multiprocessors. University of Jordan. 2009.
- [34] Q. Li, D. L. Mills, "Investigating the Scaling Behavior, Crossover and Antipersistence of Internet Packet Delay Dynamics," Proceedings of IEEE Globalcom, Vol. 3, pp. 1843-1852, Rio de Janeiro, Brazil, 1999.
- [35] E.J. Daniel and C.M. White and K.A. Teague. An inter-arrival delay jitter model using multi-structure network delay characteristics for packet networks. Sch. of Electr. Comput. Eng., Oklahoma State Univ., Stillwater, OK, USA. pp 1738 - 1742. Vol.2. 2003.
- [36] John W. McCormick and Frank Singhoff and Jérôme Hugues. Building Parallel, Embedded, and Real-Time Applications with Ada. Cambridge University Press. ISBN-13: 978-0521197168. 2011.
- [37] E. Maes and N. Vienne. MARTE to Cheddar Transformation Using ATL. Technical report. THALES Research and Technologies. 2007.
- [38] C. D. Schmidt. Model-Driven Engineering. IEEE Computer. 39. 2. February 2006.
- [39] A. Plantec and V. Ribaud. PLATYPUS: A STEP-based Integration Framework. 14th Interdisciplinary Information Management Talks (IDIMT-2006). pp 261-274. September 2006.
- [40] F. Singhoff and A. Plantec. Towards user-level extensibility of an Ada library: an experiment with cheddar. Proceedings of the 12th international conference on Reliable software technologies. Ada-Europe'07. isbn 978-3-540-73229-7. pp 180-191. 2007.
- [41] V. Gaudel and F. Singhoff and A. Plantec and S. Rubini, P. Dissaux and J. Legrand. An Ada design pattern recognition tool for AADL performance analysis. Ada Letters.
- [42] S. Rubini, F. Singhoff and J. Hugues. Modeling and Verification of Memory Architectures with AADL and REAL. Sixth IEEE International Workshop on UML and AADL. In the proceedings of the 16th IEEE International Conference on Engineering of Complex Computer Systems. Las Vegas, USA. pp 338-343. isbn 978-0-7695-4381-9. April 2011.
- [43] M.I. Chen and K.J. Lin. Dynamic Priority Ceilings: A Concurrency Control Protocol for Real-Time Systems. Journal of Real-Time Systems. 2. pp 325 - 346. 1990.
- [44] L. Sha and R. Rajkumar and J.P. Lehoczky. Priority Inheritance Protocols: An Approach to Real-Time Synchronization. IEEE transactions on computers. 39 (9). pp 1175 - 1185. 1990.

- [45] J. Legrand, F. Singhoff, L. Nana and L. Marcé. Performance Analysis of Buffers Shared by Independent Periodic Tasks. LISYC Technical report number legrand-02-2004. January 2004.
- [46] L. Kleinrock. Queueing Systems: Theory. Wiley. 1. 1976.
- [47] J. C. Palencia and M. G. Harbour. Exploiting precedence relations in the schedulability analysis of distributed real-time systems. The 20th IEEE Real-Time Systems Symposium. pp 328 - 339. 1999.
- [48] P. Feiler and B. Lewis and S. Vestal. The SAE AADL standard: A basis for model-based architecture-driven embedded systems engineering. Workshop on Model-Driven Embedded Systems. May 2003.
- [49] S.K. Baruah. Feasibility analysis of recurring branching tasks. In proceedings of the 10th Euromicro Workshop on Real-Time Systems. pp 138–145. Jun 98.
- [50] A. K. Mok and D. Chen. A Multiframe Model for Real-Time Tasks. IEEE TRANSACTIONS ON SOFTWARE ENGINEERING. 23 (10). pp 635 – 645. October 1997.
- [51] MARTE Specification. http://www.omg.org/spec/MARTE. Object Management Group. 2005.
- [52] UML Specification. http://www.omg.org/spec/UML. Object Management Group. 2011.
- [53] OMG Website. http://www.omg.org. Object Management Group. 2013.
- [54] Douglas C. Schmidt. Model-Driven Engineering. IEEE Computer. 39 (2). February 2006.
- [55] M. Peraldi-Frati and Y. Sorel. From hight level modelling of time in MARTE to real-time scheduling analysis. MODELS 2008.
- [56] Anssi, Saoussen and Gérard, Sébastien and Albinet, Arnaud and Terrier, François. Requirements and Solutions for Timing Analysis of Automotive Systems. System Analysis and Modeling: About Models. Lecture Notes in Computer Science. Kraemer, Frank and Herrmann, Peter. Springer Berlin / Heidelberg. 6598. pp 209-220. 2011.
- [57] Harbour, Michael Gonzalez and Garcia, Javier Gutierrez and Palencia, J.C. and Drake Moyano, J.M. MAST: Modeling and analysis suite for real-time applications. isbn = 0-7695-1221-6. Proceedings of the 13th Euromicro Conference on Real-Time Systems. IEEE Comput. Soc. pp 125–134. 2001.
- [58] J. M. Drake and M. G. Harbour and J. J. Gutiérrez and P. L. Martinez and J. L. Medina and J. C. Palencia. Modeling and Analysis Suite for Real-Time Applications (MAST 1.4.0): Description of the MAST Model. Universidad de Cantabria, SPAIN. 2011.
- [59] A. Goknil and J. Suryadevara and M. Peraldi-Frati and F. Mallet. Analysis Support for TADL2 Timing Constraints on EAST-ADL Models. ECSA 2013. pp 89–105. 2013.
- [60] G. Behrmann and R. David and K. G. Larsen. 3185. Lecture Notes in Computer Science. A tutorial on UPPALL. International School on Formal Methods for the Design of Computer, Communication and Software Systems. SFM-RT 2004. pp 200–237. 2004. Springer Verlag. Updated November 28, 2006.

- [61] Y. Ouhammou and E. Grolleau and M. Richard and P. Richard. Towards a Simple Meta-model for Complex Real-Time and Embedded Systems. The First International Conference, MEDI 2011. pp 226-236. Obidos, Portugal. 2011.
- [62] A. W. Kamal and P. Avgeriou. An Evaluation of ADLs on Modeling Patterns for Software Architecture. RISE07. 2007.
- [63] N. Medvidovic and R. N. Taylor. A classification and comparison framework for software architecture description languages. Software Engineering, IEEE Transactions. 26 (1). pp 70–93. January 2000.