# **CEOSmp**

# a whitebox RTOS for multicore embedded systems

**GR740** User Day

13<sup>th</sup> December 2022 Michael Ryan, CTO, O.C.E.Technology Ltd



## Embedded System Characteristics (1)

- Fixed Code Base Software not added during system life => can use physical addresses, RTOS doesn't need page tables etc.
- Code must be robust So an RTOS design should... => ensure certain failure modes are impossible
  - e.g. unbounded priority inversion, ...
  - => allow behaviour policing by the application (white box)
    - performance data recorded and checkable at any time
  - => automatically check for problems
    - e.g. stack overrun, missed deadlines...
  - => automatically trigger application problem handlers
    => provide calls to deal with problems
    - e.g. kill task, disable task, disable a CPU, ...







## Embedded System Characteristics (2)

- But things can go wrong So an RTOS design must provide => Fault Anticipation, Detection, Isolation, Reporting, Recovery - make it easy for the application to police the system: min time between task start requests max execution times, deadline misses max pre-emptions, max stack usage - make it easy to exploit redundancy: run same task on many CPUs, check results agree - automatic checks of key components memory area sentinels, stack space - automatic logging of anomalies - triggers for user defined problem handler functions - kill tasks, disable tasks, disable CPU cores,
  - restart CPU core, ...







### OCEOSmp: For Multi-Core Embedded Systems

Based on 'Stack Resource Policy' (Baker 1991)
 => single system stack per CPU (not stack per task)

#### Deterministic

- => behaviour predictable
- => memory statically allocated
- => timing overheads minimized and quantifiable
- Schedulability analysis
   => simpler to perform

#### • Application task timing recorded for analysis

- => maximum execution times, maximum times to completion,...
   => missed deadlines trigger application defined action
- Timed actions independent of scheduling
   => output at specific time, task start request at specific time







### OCEOSmp: Multi-Core

• Exclude

=> exclude some cores from OCEOSmp use, e.g. for use by Linux

• Reserve

=> reserve cores for higher priority OCEOSmp tasks

• Symmetric

=> after start-up, all cores are equal

Work Distribution

=> task execution instances distributed evenly across cores
=> unless task restricted to a particular core

Control

=> take core out of use, put core back in use







## OCEOSmp: RTOS (1)



• Fixed priority

=> task priorities fixed based on task importance

Pre-emption threshold

=> pre-emption only by tasks with higher priority than threshold

### Multiple execution instances

=> multiple same task 'jobs' can be in execution at same time typically using different data

- Timed actions independent of scheduling
  - => data output at specific time
  - => task start request at specific time



OCEOSmp for RISC-V



### OCEOSmp: RTOS (2)

# USER DAY 2022

#### Mutexes

=> unbounded priority inversion cannot occur => deadlock warning, cannot occur if single core

#### Read-Write mutexes

- => allow multiple simultaneous reads of protected area when not being written, prevent writing if being read
- Counting semaphores
  - => allow wait with timeout
- Data queues

=> allow read with timeout





## OCEOSmp: RTOS (3)

- System time => in microseconds, 64 bit
- Context switch timing
  - => context switching shared across all cores
  - => context switch time minimized

#### • Interrupts

=> interrupt disabled timing is minimized => high priority timer interrupt reserved for timed actions

#### Some numbers

Up to 255 cores, 255 tasks, 15\*255 execution instances (jobs), 63 mutexes, 63 read-write mutexes, 63 semaphores, 63 data queues, memory < 20KiB













# OCEOSmp: RTOS (4) – USING IT

- Library components not used not linked into the executable
- Servant not Master started by application main()
- Step 1 : Create application configuration, pass to oceos\_init() what cores to use, what stack space, log entries how many tasks, jobs per task, timed actions, how many mutexes, semaphores, data queues
- Step 2: Create corresponding tasks, mutexes, etc. using oceos\_task\_create() etc.
- Step 3: Use oceos\_init\_finish() to complete fixed data and checksum
- Step 4: Pass fixed data and initial task (if any) to oceos\_start() dynamic data area is set up multi-core scheduling begins





OCEOS for automobiles





### Debug support - DMON

| ø        |                          |                      |            |                |                                         |     |                          |                     | (     | OCEOS Syste        | m view     |          |                       |          |            |            |            |            |            | - 0 ×      |
|----------|--------------------------|----------------------|------------|----------------|-----------------------------------------|-----|--------------------------|---------------------|-------|--------------------|------------|----------|-----------------------|----------|------------|------------|------------|------------|------------|------------|
| • e      | nabled 🛛 🗕 paused        | ]                    |            |                |                                         |     |                          |                     |       |                    |            |          |                       |          |            |            |            |            |            |            |
| Log ID   | TimeStamp                | Log Type             | Delay      | DeadLineMargin | Stack                                   | CWP | SysStateVar              | Log Info            |       |                    |            |          |                       |          | Sta        | ack        |            |            |            |            |
| 0        | 00.969 602               | SC=>T:0              | 00.000 213 |                | 0x6ffffbd0 (39%)                        | 4   | 0x00000000               | 1                   |       | 0x700003A          |            |          |                       |          |            |            |            |            |            |            |
| 1        | 02.425 673 LO            |                      |            |                |                                         |     | 0x0000000                | 0x0000cafe          |       |                    |            |          |                       |          |            |            |            |            |            |            |
| 2        | 02.425 772 US            |                      |            |                |                                         |     | 0x0000000                | 0x0000caf1          |       | 0x6FFFFF40         |            |          |                       |          |            |            |            |            |            |            |
| 3        | 02.425 865               |                      | 00.000 075 |                | 0x6ffff890 (70%)                        |     | 0x00000000               |                     |       | 0x6FFFFE46         |            |          |                       |          |            |            |            |            |            |            |
| 4        | 03.111 704               | T:9=>T:0             |            | 00.146 503     | 0x6ffff890 (70%)                        |     | 0x00000000               |                     |       |                    |            |          |                       |          |            |            |            |            |            |            |
| 5        | 03.111 858               | T:0=>T:3             | 00.685 982 |                | 0x6ffff890 (70%)                        |     | 0x00000000               |                     |       | 0x6FFFFD4C         |            |          |                       |          |            |            |            |            |            |            |
| 6        | 03.249 052               | T:3=>T:0             |            | N/A            | 0x6ffff890 (70%)                        | 1   | 0x00000000               |                     |       |                    |            |          |                       |          |            |            |            |            |            |            |
| 7        | 03.249 111               | T:0=>T:8             | 00.000 088 |                | 0x6ffff890 (70%)                        | 1   | 0x00000000               |                     |       | 0x6FFFFC52         |            |          |                       |          |            |            |            |            |            |            |
| 8        | 03.437 738               | T:8=>T:0             |            | 00.040 061     | 0x6ffff890 (70%)                        | 1   | 0x00000000               |                     |       | 0x6FFFFB58         |            |          |                       |          |            |            |            |            |            |            |
| 9        | 03.437 795               | T:0=>T:4             | 00.188 673 |                | 0x6ffff890 (70%)                        | 1   | 0x0000000                |                     |       | -                  |            |          |                       |          | U          | UU         | UU         | υι         | ו ט נ      |            |
| 10       | 03.780 781               | T:4=>T:7             | 00.000 058 |                | 0x6ffff560 (101%)                       | 6   | 0x00000000               |                     | Stack | 0x6FFFFA5E         |            |          |                       |          |            |            |            |            |            |            |
| 11       | 04.038 013               | T:7=>T:4             |            | 00.050 989     | 0x6ffff560 (101%)                       |     | 0x0000000                |                     | S S   |                    |            |          |                       |          |            |            |            |            |            |            |
| 12       | 04.038 084               | T:4=>T:5<br>T:5=>T:4 | 00.000 110 |                | 0x6ff#560 (101%)<br>0x6ff#560 (101%)    | 6   | 0x00000000               |                     |       | 0x6FFFF964         |            |          |                       |          |            |            |            |            |            |            |
| 13<br>14 | 04.209 567               | T:4=>T:0             |            | 00.035 675     |                                         | 1   | 0x00000000               |                     |       | 0x6FFFF86A         |            |          |                       |          |            |            |            |            |            |            |
| 14       | 04.209 621               | T:0=>T:6             | 00.000.146 | 00.192 995     | 0x6ffff890 (70%)                        | 1   | 0x00000000               |                     |       | UXOFFFF80A         |            |          |                       |          |            |            |            |            |            |            |
| 15       | 04.209 683<br>04.288 557 | T:6=>T:0             | 00.000 146 | 00.017 119     | 0x6ffff890 (70%)                        | 1   | 0x00000000<br>0x00000000 |                     |       | 0x6FFFF770         |            |          |                       |          |            |            |            |            |            |            |
| 10       | 04.288 557               | T:0=>SC              |            | N/A            | 0x6ffff890 (70%)<br>0x6ffffbd0 (39%)    |     | 0x00000000               |                     |       |                    |            |          |                       |          |            |            |            |            |            |            |
| 18       | 04.288 657               | SC=>SL               |            | IN/A           |                                         |     | 0x00000000               |                     |       | 0x6FFFF676         |            |          |                       |          |            |            |            |            |            |            |
| 19       | 06.474 362               |                      |            |                |                                         |     | 0x00000000               |                     |       |                    |            |          |                       |          |            |            |            |            |            |            |
| 20       | 06.474 428               | ISR:9=>SC            |            |                |                                         | 3   | 0x00000040               |                     |       | 0x6FFFF57C         |            |          |                       |          |            |            |            |            |            |            |
| 21       | 06.474 469               | SC=>T:1              | 00.000.069 |                | 0x6ffffad8 (49%)                        |     | 0x00000040               |                     |       | 0x6FFFF482         |            |          |                       |          |            |            |            |            |            |            |
| 22       | 06.474 478 LO            |                      |            |                | 0.0000000000000000000000000000000000000 | -   | 0x00000040               | 0x0000cafe          |       | 8                  | 5          | 8        | ß                     | 70.      | 75.        | 8 8        | 8          | 95         | 10         | 10 11      |
| 23       | 06.509 745               |                      |            | -00.035 330    | 0x6ffffad8 (49%)                        | 2   | 0x00000040               |                     |       | 000                | 000 0      | 000      | 000                   | 000      | 000 00     | .000 0     | 000        | 0000       |            | 0.000 000  |
| 24       |                          | G DEADLINE MISSED    |            |                |                                         |     | 0x00000040               | 0x0000001           |       | 000                | 000        | 000      | 000                   | 000      | 000        | 000        | 00         | 000        | 8          | 00 00      |
| 25       | 06.509 814               | SC=>T:2              | 00.035 437 |                | 0x6ffffad8 (49%)                        | 2   | 0x00000040               |                     |       |                    |            |          |                       |          |            | Time, s    |            |            |            |            |
| 26       | 07.214 794               | T:2=>SC              |            | 00.116 539     | 0x6ffffad8 (49%)                        |     | 0x00000040               |                     |       |                    |            |          | <b>0</b> M <b>0</b> J | 10 CEEEE |            |            |            | 0)         |            |            |
| 27       | 07.214 843               |                      |            |                |                                         |     |                          |                     |       |                    |            | 0)       |                       | >        |            |            |            |            |            |            |
| Context  | 01.344                   | 484 02.402 810       | 03.472     | 626 04.586     | 479 05.662 9                            | 977 | 06.720 724               | 4 07.794 5          | 530   | 08.866 794         | 09.943 062 | 11.058 0 | 60 12.11              | 7 324    | 13.190 711 | 14.251 151 | 15.316 717 | 16.378 592 | 17.435 156 | 18.522 557 |
| TimeLine |                          |                      |            |                |                                         |     |                          |                     |       |                    |            |          |                       |          |            |            |            |            |            |            |
| ISR      |                          |                      |            |                |                                         |     |                          |                     |       |                    |            |          |                       |          |            |            |            |            |            |            |
| 1        |                          |                      |            |                | · · ·                                   |     | ir ir                    |                     |       |                    | •          | i i i    |                       |          |            |            | ir - ir    | · ·        |            |            |
| 2        |                          |                      |            |                | · · · ·                                 |     | - 1 <b>-</b>             |                     |       |                    |            | - 1 h    |                       |          |            |            |            |            |            |            |
|          | · · ·                    |                      | <b>•</b> • |                | · · · ·                                 |     |                          |                     |       |                    |            |          |                       |          |            |            |            |            |            |            |
| 3        |                          |                      |            | · ·            | · · · ·                                 |     |                          | Log ID<br>Timestamp |       |                    | · · · ·    |          |                       |          |            |            |            |            |            |            |
| 5        |                          |                      |            |                |                                         |     |                          | Log Type            |       |                    |            |          |                       |          |            |            |            |            |            |            |
| 7        |                          |                      |            |                |                                         |     |                          | Stack               |       | 0x6ffffad8         |            |          |                       |          |            |            |            |            |            |            |
| 9        |                          |                      |            |                |                                         |     |                          | CWP                 |       |                    |            |          |                       |          |            |            |            |            |            |            |
| 4        |                          |                      |            |                |                                         |     |                          | SysStateV<br>Margin |       | 0x40<br>00.116 539 |            |          |                       |          |            |            |            |            |            |            |
| 6        |                          |                      |            | <u>.</u>       |                                         |     |                          | _                   |       |                    |            |          |                       |          |            |            |            |            |            |            |
| 8        |                          |                      |            |                |                                         |     |                          |                     |       |                    |            |          |                       |          |            |            |            |            |            |            |
| 0        |                          |                      |            | 11             |                                         |     | i i                      |                     |       |                    |            |          |                       |          |            |            |            |            |            |            |
| Schedu   |                          |                      |            | . j.           |                                         |     | 01                       |                     |       |                    |            | 11       |                       |          |            |            | 11         |            |            |            |
| Sleep    |                          |                      |            | i i            |                                         |     |                          |                     |       |                    |            | 1        |                       |          |            |            |            |            |            |            |
| <        |                          |                      |            |                |                                         |     |                          |                     |       |                    |            |          |                       |          |            |            |            |            |            | >          |
|          |                          |                      |            |                |                                         |     |                          |                     |       |                    |            |          |                       |          |            |            |            |            |            |            |



### Current Status

### OCEOS (single core)

 SPARC and ARM versions complete (with additional support for GR716 microcontroller) ESA Flight Level B qualification ready

### • OCEOSmp (multicore)

- Multicore SPARC & RISC-V scheduling in initial test, ARM later
- Example test results using SPARC quad core Gaisler GR740:
  - 1001 task starts even distribution: Per CPU 251,250,250,250
  - 4096 sample FFT (one task, four jobs in parallel): Speedup factor 3.7

### • Availability

- OCEOS single-core development kit on-sale
- OCEOSmp multicore beta evaluations available soon





OCEOS task usage & debug screen







- Thanks to ESA for their support
- Thank you for listening
- Any Questions?



www.ocetechnology.com

michael.ryan@ocetechnology.com