Design and analysis of task models for mixed-criticality systems with practical considerations
The current trend in designing safety-critical real-time embedded systems is to consolidate applications performing functionalities with varying levels of safety integrity requirements onto a common platform. These systems are commonly referred to as Mixed Criticality Systems (MCS) and are found i...
Saved in:
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | Thesis-Doctor of Philosophy |
| Language: | English |
| Published: |
Nanyang Technological University
2022
|
| Subjects: | |
| Online Access: | https://hdl.handle.net/10356/155381 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| Summary: | The current trend in designing safety-critical real-time embedded systems is to consolidate applications
performing functionalities with varying levels of safety integrity requirements onto a common platform.
These systems are commonly referred to as Mixed Criticality Systems (MCS) and are found in safety-critical
domains such as avionics and automotive. The main goals of MCS are to provide high reliability
in execution for safety-critical software and at the same time to strike a balance between the pessimistic
resource reservations for safety versus efficient resource utilization for cost-effectiveness. Such systems
are also required to adapt their functionality depending on their operating mode. To achieve these
goals, the application designer relies on task models to provide parameters such as period, deadline,
budgets, and criticality of tasks, to denote the required timing behaviour which is later verified by
applying mathematical techniques to ensure that the resource allocated for tasks are sufficient to meet
their deadlines, even under the occurrence of system overload due to timing faults such as budget overrun
of a task.
Safety standards like ISO 26262 (functional safety standard for automotive) consider four to five
levels of criticality. But, to simplify the complexity of the analysis involved in verifying the timing
behaviour, a majority of the existing MCS task models consider only two criticality levels (high and
low) for tasks. Although such a simplified model can capture the fundamental behaviour of MCS, these
models face criticisms for their approach to handling system overload by suspending or degrading tasks
with lower criticality than the overloading tasks. Such a degradation strategy may not be safe for those
systems which support more than 2 criticality levels. As MCS can also undergo functional mode changes
at run-time, a system overload can occur due to a budget overrun of a high criticality task and/or due
to a spike in the resource consumption pattern leading to a temporary system overload when tasks
belonging to different modes execute together for a certain time interval when system switches from
one mode to another. Most real-time system models that focus on functional mode changes do not focus
on capturing mixed-criticality aspects of the system. To address these issues, graph-based MCS task
models were proposed as they can provide a higher level of flexibility in the choice of degradation of
tasks and to model functional mode change aspects, but such models are harder to analyse.
In this thesis, as a first step, we present the Context-Aware Mixed Criticality System (CA-MCS) model that is expressive enough to handle system overload caused due to budget overruns of tasks while
operating in a specific mode. The model is motivated by the guidelines provided by ISO 26262 and
from case studies related to the automotive domain that clearly show that a task can be degraded in
multiple ways, and it is possible to consider performance degradation of higher criticality task instead
of suspension or degradation of the core functionality of lower criticality tasks. By considering these
possibilities, the CA-MCS model is designed in such a way that it can provide a higher level of flexibility
to choose the tasks to be degraded and the specific way in which they can be degraded. Further, the
criticality information of a task is used only to decide on the degraded budget when the budget overrun
of multiple tasks occur.
As a second step, we focus on MCS that can undergo functional mode changes and present the
Multi-Mode Mixed Criticality System (MM-MCS) model. The proposed model is expressive enough to
capture parameters to determine the budget, release patterns and degradation of tasks during the mode
transition, and considers both task degradation and the notion of offsets to handle the system overload.
Further, the MM-MCS model establishes precise rules to handle budget overrun of tasks both within
a mode and during mode transitions. Additionally, an algorithm to compute the offset values for newmode
tasks based on their criticality value is also derived.
The fixed-priority based schedulability tests for a uniprocessor system is proposed for CA-MCS and
MM-MCS models with complexity still being pseudo-polynomial with respect to the number of tasks.
The experimental results based on synthetic task sets for these tests show the benefit of considering
offsets and task degradation to improve the schedulability performance. Further, the algorithm presented
to compute offsets clearly shows that criticality information can play an important role not only for
achieving task degradation but also for determining suitable offset values for higher criticality tasks.
As a third step, we present a realistic automotive testbed that is designed and implemented with
automotive applications such as Adaptive Cruise Control (ACC), Steering Control (SC) and Collision
Avoidance (CA). The main objective is to observe the impact of different degradation strategies adopted
by MCS models on the performance and safety aspects of these applications. Experimental results
show that the proposed models can give the ability to degrade the performance of the system in a
controlled manner by isolating the effects of degradation between safety applications. The testbed is
highly flexible, scalable, can facilitate the implementation of any new MCS task models, and can be
included as a lab exercise in the university courses related to real-time systems or automated driving. |
|---|