EDF Schedulability Analysis on Mixed-Criticality Systems with Permitted Failure Probability

Zhishan Guo, Luca Santinelli, Kecheng Yang
2015 2015 IEEE 21st International Conference on Embedded and Real-Time Computing Systems and Applications  
Many safety critical real-time systems are considered certified when they meet failure probability requirements with respect to the maximum permitted incidences of failure per hour. In this paper, the mixed-criticality task model with multiple worst case execution time (WCET) estimations is extended to incorporate such system-level certification restrictions. A new parameter is added to each task, characterizing the distribution of the WCET estimations -the likelihood of all jobs of a task
more » ... hing their executions within the less pessimistic WCET estimate. An efficient algorithm named LFF-Clustering is derived for scheduling mixed-criticality systems represented by this model. Experimental analyses show our new model and algorithm out-perform current state-of-the-art mixed-criticality scheduling algorithms. Mixed-Criticality Systems. The gap between the actual running time and the WCET may be significantly large. Instead of completely wasting the processor capacities within the gap, people start to implement functionalities of different degrees of importance, or criticalities, upon a common platform, so that the less important tasks may execute in these gaps under normal circumstances, may be dropped in an occasional situation where jobs of higher importance level execute beyond their estimated common case running time. Much prior research on mixed-criticality scheduling (see [6] for a review) has focused upon the phenomenon that different tools for determining WCET bounds may be more or less conservative than one another, which results in multiple WCET estimations for each individual task (piece of code). Typically in the two-criticality-level case, each task is designated as being of either higher (HI) or lower (LO) criticality, and two WCETs are specified for each HI-criticality task: a LO-WCET determined by a less pessimistic tool, and a larger HI-WCET determined by a more conservative one, which is sometimes larger than the LO-WCET by several orders of magnitude. The scheduling objective is to determine a run-time scheduling strategy which ensures that (i) all jobs of all tasks complete by their deadlines if each job completes upon executing for no more than its LO-WCET; and (ii) all jobs of tasks designated as being of HI criticality continue to complete by their deadlines (although the LO-criticality jobs may not) if any job requires execution for more than its LO-WCET (but no larger than its HI-WCET) to complete. Under the current mixed-criticality model, it is assumed that all HI-criticality jobs may require executions up to their HI-WCETs in HI mode simultaneously. However, since WCET tools are normally quite pessimistic, LO-WCET are not very likely to be exceeded during run time. Example 1: Consider a system comprised of two independent 1 HI-criticality tasks τ 1 and τ 2 , where each task is denoted by two utilization estimations u LO ≤ u HI . The two tasks τ 1 = {0.4, 0.6}, τ 2 = {0.3, 0.5}, represented by utilizations in different modes, are to be scheduled on a preemptive unitspeed uniprocessor. It is evident that this system cannot be scheduled correctly under the traditional model, since the HI-criticality utilization, at (0.6 + 0.5), is greater than the processor capacity which is 1. However, suppose that: (i) absolute certainty of correctness is not required; instead it is specified that the system failure probability should not exceed 10 −6 per hour; and (ii) it is known that the timing analysis tools used to determine Two events are independent if the occurrence of one event does not have any impact on the other.
doi:10.1109/rtcsa.2015.8 dblp:conf/rtcsa/GuoSY15 fatcat:kilppnooxfcz3jp7tmvbeioa7e