

# SMT-based task- and network-level static schedule generation for time-triggered networked systems

#### Silviu S. Craciunas, Ramon Serna Oliver

TTTech Computertechnik AG RTNS 2014, Versailles, France, October 5-8, 2014





#### Time Triggered Networks





www.tttech.com









www.tttech.com



Copyright © TTTech Computertechnik AG. All rights reserved.



Copyright © TTTech Computertechnik AG. All rights reserved.



Copyright ©TTTech Computertechnik AG. All rights reserved.



Copyright ©TTTech Computertechnik AG. All rights reserved.



Copyright © TTTech Computertechnik AG. All rights reserved.



Copyright ©TTTech Computertechnik AG. All rights reserved.



Copyright ©TTTech Computertechnik AG. All rights reserved.



Copyright ©TTTech Computertechnik AG. All rights reserved.



www.tttech.com

Sequential scheduling

- Network [Steiner@RTSSI0] ▷ Tasks [Craciunas@ETFAI4]
- Tasks ▷ Network [Hanzalek@ECRTS09]

www.tttech.com

Sequential scheduling

- Network [Steiner@RTSSI0] ▷ Tasks [Craciunas@ETFAI4]
- Tasks ▷ Network [Hanzalek@ECRTS09]

Sequential scheduling

- Network [Steiner@RTSSI0] ▷ Tasks [Craciunas@ETFAI4]
- Tasks > Network [Hanzalek@ECRTS09]
- Combined scheduling

Network model

Task model

## Scheduling

Sequential scheduling

- Network [Steiner@RTSS10]  $\triangleright$  Tasks [Craciunas@ETFA14]
- Tasks > Network [Hanzalek@ECRTS09]
- Combined scheduling

Network model



Sequential scheduling

- Network [Steiner@RTSSI0] ▷ Tasks [Craciunas@ETFAI4]
- Tasks > Network [Hanzalek@ECRTS09]
- Combined scheduling



Sequential scheduling

- Network [Steiner@RTSSI0] ▷ Tasks [Craciunas@ETFAI4]
- Tasks ▷ Network [Hanzalek@ECRTS09]
- Combined scheduling



Sequential scheduling

- Network [Steiner@RTSSI0] ▷ Tasks [Craciunas@ETFAI4]
- Tasks ▷ Network [Hanzalek@ECRTS09]



Sequential scheduling

- Network [Steiner@RTSSI0] ▷ Tasks [Craciunas@ETFAI4]
- Tasks > Network [Hanzalek@ECRTS09]



Sequential scheduling

- Network [Steiner@RTSSI0] ▷ Tasks [Craciunas@ETFAI4]
- Tasks > Network [Hanzalek@ECRTS09]



Sequential scheduling

- Network [Steiner@RTSSI0] ▷ Tasks [Craciunas@ETFAI4]
- Tasks > Network [Hanzalek@ECRTS09]



Sequential scheduling

- Network [Steiner@RTSSI0] ▷ Tasks [Craciunas@ETFAI4]
- Tasks > Network [Hanzalek@ECRTS09]



Sequential scheduling

- Network [Steiner@RTSSI0] ▷ Tasks [Craciunas@ETFAI4]
- Tasks > Network [Hanzalek@ECRTS09]



Sequential scheduling

- Network [Steiner@RTSSI0] ▷ Tasks [Craciunas@ETFAI4]
- Tasks > Network [Hanzalek@ECRTS09]





#### Network model



- multi-hop layer 2 switched network via full-duplex multi-speed links
- virtual links (ARINC 664 P-7)
- TT-traffic class (RC [Tamas-Selicean@CODES+ISSSI2], BE)
- synchronised time (< I used precision)</li>
- link delay for each link
- memory buffers on switches



#### Task model



- periodic asynchronous TT-tasks (offset  $\phi$  , weet C, period T, deadline D)
- static time-driven schedule with preemption
- 3 types of tasks (producer, consumer, free)
- macrotick on ES (usec ms)
- communication at beginning/end of consumer/producer ([Derler@CITI0])
- end-to-end latency, dependencies between tasks

#### Networked system model



Network

$$G(\mathcal{V}, \mathcal{L}) \quad \mathcal{L} \subseteq \mathcal{V} \times \mathcal{V}$$
$$\forall [v_a, v_b] \in \mathcal{L} \Rightarrow [v_b, v_a] \in \mathcal{L}$$

Network links 
$$\begin{bmatrix} v_a, v_b \end{bmatrix}$$
 (speed, link delay, macrotick, memory buffer)  
CPU self-links  $\begin{bmatrix} v_a, v_a \end{bmatrix}$ 

Virtual link - dataflow from one producer to one receiver  $vl_i = [[v_a, v_a], [v_a, v_1], [v_1, v_2], \dots, [v_{n-1}, v_n], [v_n, v_b], [v_b, v_b]].$ 

www.tttech.com

#### Frames



www.tttech.com



Communication



www.tttech.com







www.tttech.com









www.tttech.com





#### Scheduling problem



www.tttech.com



#### Scheduling problem

find offsets for the frames (on links and virtual task frames)

www.tttech.com

find offsets for the frames (on links and virtual task frames)

reduces to finding a solution for a set of constraints

- frame constraints
- link constraints
- virtual link constraints
- memory constraints
- end-to-end latency constraints
- precedence constraints

find offsets for the frames (on links and virtual task frames)

reduces to finding a solution for a set of constraints

- frame constraints
- link constraints
- virtual link constraints
- memory constraints
- end-to-end latency constraints
- precedence constraints

#### NP-complete

www.tttech.com



Period

www.tttech.com

## Frame constraints







# Frame constraints







# Frame constraints











www.tttech.com





www.tttech.com









www.tttech.com

www.tttech.com





no two frames scheduled on the same link may overlap



# Virtual link constraints



www.tttech.com







www.tttech.com



# Memory constraints





# Memory constraints





# Memory constraints





www.tttech.com

satisfiability of logical formulas in first-order formulation

background theories  $\mathcal{LA}(\mathbb{Z}) \ \mathcal{BV}$ 

variables  $x_1, x_2, \ldots, x_n$ 

logical symbols  $\vee, \wedge, \neg, (,)$ 

non-logical symbols  $+, =, \%, \leq$ 

quantifiers  $\exists, \forall$ 



Copyright ©TTTech Computertechnik AG. All rights reserved.

Ensuring Reliable Networks

**TITech** 

satisfiability of logical formulas in first-order formulation

background theories  $\mathcal{LA}(\mathbb{Z}) \ \mathcal{BV}$ 

variables  $x_1, x_2, \ldots, x_n$ 

logical symbols  $\vee, \wedge, \neg, (,)$ 

non-logical symbols +, =, %, <

quantifiers  $\exists, \forall$ 

A lot of solvers and a very active community

OpenSMT [Bruttomesso@TACAS10] Yices Dutertre@CAV14 CVC4 [Barrett@CAVII] Z3 [de Moura@TACAS08]

Copyright ©TTTech Computertechnik AG. All rights reserved.

Ensuring Reliable Network

Tlech



satisfiability of logical formulas in first-order formulation

background theories  $\mathcal{LA}(\mathbb{Z})\mathcal{BV}$ 



variables  $x_1, x_2, \ldots, x_n$ 

logical symbols  $\vee, \wedge, \neg, (,)$ 

$$\land, \neg, (, \neg)$$

non-logical symbols  $+, =, \%, \leq$ 



quantifiers  $\exists, \forall$ 

A lot of solvers and a very active community

OpenSMT [Bruttomesso@TACAS10] Yices Dutertre@CAV14 CVC4 [Barrett@CAVII] Z3 [de Moura@TACAS08]



satisfiability of logical formulas in first-order formulation

background theories



variables  $x_1, x_2, \ldots, x_n$ 

logical symbols V

$$,\wedge,
eg,(,)$$

non-logical symbols  $+, =, \%, \leq$ 



quantifiers  $\exists d d d$ 



A lot of solvers and a very active community

OpenSMT [Bruttomesso@TACAS10] Yices Dutertre@CAV14 CVC4 [Barrett@CAVII] Z3 [de Moura@TACAS08]



satisfiability of logical formulas in first-order formulation

background theories



variables  $x_1, x_2, \ldots, x_n$ 

logical symbols  $\vee$ 

$$, \wedge, \neg, (,)$$

non-logical symbols  $+, =, \%, \leq$ 



quantifiers  $\exists d d d$ 



A lot of solvers and a very active community Yices Dutertre@CAV14 OpenSMT [Bruttomesso@TACAS10] CVC4 [Barrett@CAVII] Z3 [de Moura@TACAS08]



www.tttech.com



| www.tttech.com |       | Copyright © TTTe | ech Computertechnik AG. All rig | hts reserved. |
|----------------|-------|------------------|---------------------------------|---------------|
|                | small | medium           | large                           |               |
| 10             |       |                  |                                 |               |
| 100            |       |                  |                                 |               |
| 1000           |       |                  |                                 |               |
| 10000          |       |                  |                                 |               |
| 100000         |       |                  |                                 |               |



| 100000         |           |                                                            |       |  |  |
|----------------|-----------|------------------------------------------------------------|-------|--|--|
| 10000          |           |                                                            |       |  |  |
| 1000           |           |                                                            |       |  |  |
| 100            |           |                                                            |       |  |  |
| 10             |           |                                                            |       |  |  |
|                | 32s 997ms |                                                            |       |  |  |
|                | small     | medium                                                     | large |  |  |
| www.tttech.com |           | Copyright ©TTTech Computertechnik AG. All rights reserved. |       |  |  |









www.tttech.com



www.tttech.com



where does the complexity come from?

www.tttech.com



where does the complexity come from?

where do the frames come from?



where does the complexity come from?

where do the frames come from?

consumer tasks producer tasks communication





where does the complexity come from?

where do the frames come from?

consumer tasks producer tasks communication









where does the complexity come from?

where do the frames come from?

consumer tasks producer tasks communication

free tasks





where does the complexity come from?

where do the frames come from?

consumer tasks producer tasks communication

free tasks



#### let's treat them differently

Copyright ©TTTech Computertechnik AG. All rights reserved.

www.tttech.com

#### Demand-based



www.tttech.com



consumer tasks producer tasks communication

free tasks





consumer tasks producer tasks communication

SMT

free tasks





free tasks



www.tttech.com



free tasks







free tasks









www.tttech.com









www.tttech.com















www.tttech.com









#### EDF tasks

|  | (0,  , 8,  ) |
|--|--------------|
|  | (2,  , 8,  ) |
|  | (4,  , 8,  ) |
|  | (5, 2, 8, 2) |



#### EDF tasks



#### free tasks





www.tttech.com





#### EDF tasks



#### free tasks



# $$\begin{split} \forall v_a \in \mathcal{V}, \forall t_1 \in \Phi^{v_a}, \forall t_2 \in \Delta^{v_a}, t_1 < t_2: \\ \sum_{\tilde{\tau_i}^{v_a} \in \tilde{\Gamma}^{v_a}} \tilde{\tau_i}^{v_a}.C \times \left( \left\lfloor \frac{t_2 - \tilde{\tau_i}^{v_a}.\phi - \tilde{\tau_i}^{v_a}.D}{\tilde{\tau_i}^{v_a}.T} \right\rfloor - \left\lceil \frac{t_1 - \tilde{\tau_i}^{v_a}.\phi}{\tilde{\tau_i}^{v_a}.T} \right\rceil + 1 \right)_0 \leq t_2 - t_1, \\ \text{where} \\ \Phi^{v_a} \stackrel{def}{=} \left\{ a_{i,j}^{v_a} = \tilde{\tau_i}^{v_a}.\phi + j \times \tilde{\tau_i}^{v_a}.T | \tilde{\tau_i}^{v_a} \in \tilde{\Gamma}^{v_a}, j \geq 0, a_{i,j}^{v_a} \leq \lambda^{v_a} \right\}, \\ \Delta^{v_a} \stackrel{def}{=} \left\{ d_{i,j}^{v_a} = a_{i,j}^{v_a} + \tilde{\tau_i}^{v_a}.D | \tilde{\tau_i}^{v_a} \in \tilde{\Gamma}^{v_a}, j \geq 0, d_{i,j}^{v_a} \leq \lambda^{v_a} \right\}, \\ \lambda^{v_a} = max(\{\tilde{\tau_i}^{v_a}.\phi|\tilde{\tau_i}^{v_a} \in \tilde{\Gamma}^{v_a}\}) + 2 \times lcm(\{\tilde{\tau_i}^{v_a}.T|\tilde{\tau_i}^{v_a} \in \tilde{\Gamma}^{v_a}\}). \end{split}$$

Ensuring Reliable Networks

www.tttech.com



#### EDF tasks

www.tttech.com



#### free tasks

|  | (0, | 2, | 8, | 8) |
|--|-----|----|----|----|
|  | (0, | Ι, | 8, | 8) |

# $$\begin{split} \forall v_a \in \mathcal{V}, \forall t_1 \in \Phi^{v_a}, \forall t_2 \in \Delta^{v_a}, t_1 < t_2: \\ \sum_{\tilde{\tau_i}^{v_a} \in \tilde{\Gamma}^{v_a}} \tilde{\tau_i}^{v_a}.C \times \left( \left\lfloor \frac{t_2 - \tilde{\tau_i}^{v_a}.\phi - \tilde{\tau_i}^{v_a}.D}{\tilde{\tau_i}^{v_a}.T} \right\rfloor - \left\lceil \frac{t_1 - \tilde{\tau_i}^{v_a}.\phi}{\tilde{\tau_i}^{v_a}.T} \right\rceil + 1 \right)_0 \leq t_2 - t_1, \\ \end{split}$$ where $\Phi^{v_a} \stackrel{def}{=} \{a_{i,j}^{v_a} = \tilde{\tau_i}^{v_a}.\phi + j \times \tilde{\tau_i}^{v_a}.T | \tilde{\tau_i}^{v_a} \in \tilde{\Gamma}^{v_a}, j \geq 0, a_{i,j}^{v_a} \leq \lambda^{v_a} \}, \\ \Delta^{v_a} \stackrel{def}{=} \{d_{i,j}^{v_a} = a_{i,j}^{v_a} + \tilde{\tau_i}^{v_a}.D | \tilde{\tau_i}^{v_a} \in \tilde{\Gamma}^{v_a}, j \geq 0, d_{i,j}^{v_a} \leq \lambda^{v_a} \}, \\ \lambda^{v_a} = max(\{\tilde{\tau_i}^{v_a}.\phi|\tilde{\tau_i}^{v_a} \in \tilde{\Gamma}^{v_a}\}) + 2 \times lcm(\{\tilde{\tau_i}^{v_a}.T|\tilde{\tau_i}^{v_a} \in \tilde{\Gamma}^{v_a}\}). \end{split}$







www.tttech.com



• transform scheduled frames on CPUs into asynchronous periodic tasks



- transform scheduled frames on CPUs into asynchronous periodic tasks
- add free tasks and apply schedulability test [Pellizzoni@RealTimeSyst05]



- transform scheduled frames on CPUs into asynchronous periodic tasks
- add free tasks and apply schedulability test [Pellizzoni@RealTimeSyst05]
- if not schedulable, increment number of tasks that are solved with SMT



- transform scheduled frames on CPUs into asynchronous periodic tasks
- add free tasks and apply schedulability test [Pellizzoni@RealTimeSyst05]
- if not schedulable, increment number of tasks that are solved with SMT
- if schedulable, generate final schedule by simulating EDF until HP



- transform scheduled frames on CPUs into asynchronous periodic tasks
- add free tasks and apply schedulability test [Pellizzoni@RealTimeSyst05]
- if not schedulable, increment number of tasks that are solved with SMT
- if schedulable, generate final schedule by simulating EDF until HP
- incremental algorithm so we don't lose schedulability



- transform scheduled frames on CPUs into asynchronous periodic tasks
- add free tasks and apply schedulability test [Pellizzoni@RealTimeSyst05]
- if not schedulable, increment number of tasks that are solved with SMT
- if schedulable, generate final schedule by simulating EDF until HP
- incremental algorithm so we don't lose schedulability
- we are still exponential but scale better for the average case



www.tttech.com









www.tttech.com











### Topologies



Periods { | 0,20,25,50, | 00}, { | 0,30, | 00}, {50,75} ms

l usec network link granularity

100Mbit/s and 1Gbit/s

random message size and virtual links

different macrotick and utilization configurations

www.tttech.com







#### Macrotick

Ensuring Reliable Networks

P={10, 20, 25, 50, 100}[ms], HP=100ms, Size=S, U=50%, T=MESH



www.tttech.com

#### Utilization

Ensuring Reliable Networks

P={10, 20, 25, 50, 100}[ms], HP=100ms, MT=250µsec, Size=S, T=MESH



www.tttech.com

### SMT assertions





assertions



www.tttech.com





#### co-synthesis of task and message schedules

www.tttech.com





co-synthesis of task and message schedules preemptive tasks





- co-synthesis of task and message schedules preemptive tasks
- switched multi-speed TTEthernet networks





- co-synthesis of task and message schedules
- preemptive tasks
- switched multi-speed TTEthernet networks
- satisfiability modulo theories





- co-synthesis of task and message schedules preemptive tasks
- switched multi-speed TTEthernet networks
- satisfiability modulo theories
- demand based approach



- co-synthesis of task and message schedules
- preemptive tasks
- switched multi-speed TTEthernet networks
- satisfiability modulo theories
- demand based approach
- scales for medium to large industrial systems



### Thank you!

## **The Charles** Ensuring Reliable Networks www.tttech.com

www.tttech.com

### SMT-scheduled frames





Copyright ©TTTech Computertechnik AG. All rights reserved.

www.tttech.com