a practical degradation model for mixed criticality
play

A Practical Degradation Model for Mixed Criticality Systems Vijaya - PowerPoint PPT Presentation

Nov 01, 2022 •145 likes •1.02k views

A Practical Degradation Model for Mixed Criticality Systems Vijaya Kumar Sundar, Arvind Easwaran Nanyang Technological University (NTU), Singapore May 8, 2019 Research Outline Research Objective: A new degradation model for Mixed Criticality

  1. A Practical Degradation Model for Mixed Criticality Systems Vijaya Kumar Sundar, Arvind Easwaran Nanyang Technological University (NTU), Singapore May 8, 2019

  2. Research Outline Research Objective: A new degradation model for Mixed Criticality System Motivation from Key Properties Degradation Model Automotive Domain of MCS For MCS Evaluation using the Autonomous Vehicle Test bed 2

  3. Current Trends in Automotive Systems 3

  4. Current Trends in Automotive Systems Trend 1 : Automotive is shifting from mechanical centric to electronic and software centric domain. 3

  5. Current Trends in Automotive Systems Trend 1 : Automotive is shifting from mechanical centric to electronic and software centric domain.  need for Autonomous Driving  increase in software intensive Driver Assistance Systems for safety and comfort. 3

  6. Current Trends in Automotive Systems Trend 1 : Automotive is shifting from mechanical centric to electronic and software centric domain.  need for Autonomous Driving  increase in software intensive Driver Assistance Systems for safety and comfort. Challenge : Increase in ECUs  Increase in harness weight, cost and reduced fuel efficiency. 3

  7. Trend Towards ECU Consolidation • A dedicated ECU for each functionality is not a sustainable solution! • Increase in demand for safety and comfort features • Increase in harness weight, cost and network complexity • Car manufacturers are moving towards ECU consolidation • Shared sensors and actuators between applications • Reduced communication latency • Applications having varied importance/criticality execute on a single hardware platform ADAS Autosar Autosar 8 ADAS 8 8 8 Hypervisor or RTOS RTOS RTOS RTOS Physical Hardware ECU 1 ECU 1 ECU 1 Core 3 Core 4 Core 1 Core 2 4

  8. Trend Towards ECU Consolidation • A dedicated ECU for each functionality is not a sustainable solution! • Increase in demand for safety and comfort features • Increase in harness weight, cost and network complexity • Car manufacturers are moving towards ECU consolidation • Shared sensors and actuators between applications • Reduced communication latency • Applications having varied importance/criticality execute on a single hardware platform ADAS Autosar Autosar 8 ADAS 8 8 8 Hypervisor or RTOS RTOS RTOS RTOS Physical Hardware ECU 1 ECU 1 ECU 1 Core 3 Core 4 Core 1 Core 2 Innovation in hardware and software platforms have made automotive, a Mixed Criticality System 4

  9. Mixed Criticality Systems (MCS) • A system with multiple applications that are “certified” to different levels of criticality and share hardware resources • Example, Antilock Braking (ABS), a highly critical application sharing hardware with Parking Assist, a relatively less critical application 5

  10. Mixed Criticality Systems (MCS) • A system with multiple applications that are “certified” to different levels of criticality and share hardware resources • Example, Antilock Braking (ABS), a highly critical application sharing hardware with Parking Assist, a relatively less critical application • MCS is not new in the safety-criticality industry • Integrated Modular Avionics (IMA) was commercially introduced in the 1990s • AUTOSAR has been around for about 10 years now 5

  11. Mixed Criticality Systems (MCS) • A system with multiple applications that are “certified” to different levels of criticality and share hardware resources • Example, Antilock Braking (ABS), a highly critical application sharing hardware with Parking Assist, a relatively less critical application • MCS is not new in the safety-criticality industry • Integrated Modular Avionics (IMA) was commercially introduced in the 1990s • AUTOSAR has been around for about 10 years now • Important challenges for computing platforms in MCS • Resource allocation strategy ensuring safety with acceptable compromise on performance • Software architectures for enabling MCS 5

  12. Resource Allocation in MCS • How to ensure safety? • Guaranteed allocation for critical applications • Satisfaction of safety standards such as ISO26262 6

  13. Resource Allocation in MCS • How to ensure safety? • Guaranteed allocation for critical applications • Satisfaction of safety standards such as ISO26262 • How to efficiently utilize resources? • To ensure safety, utilization estimates are needed for applications • Example, Worst-Case Execution Time (WCET) estimates • Estimates are typically generous for critical applications • Leads to over-allocation and consequently wastage 6

  14. Resource Allocation in MCS • How to ensure safety? • Guaranteed allocation for critical applications • Satisfaction of safety standards such as ISO26262 • How to efficiently utilize resources? • To ensure safety, utilization estimates are needed for applications • Example, Worst-Case Execution Time (WCET) estimates • Estimates are typically generous for critical applications • Leads to over-allocation and consequently wastage How to reconcile seemingly conflicting requirements of safety and efficiency? 6

  15. ISO26262 Resource Allocation Requirements 7

  16. ISO26262 Resource Allocation Requirements If an ECU runs SW-Cs of different ASILs, ISO26262 provides two options ASIL D + ASIL C ECU with mixed ASILs 7

  17. ISO26262 Resource Allocation Requirements If an ECU runs SW-Cs of different ASILs, ISO26262 provides two options ASIL D Option 1 : Raise the ASIL + ASIL C  ASIL D • For all SW-Cs, assign the highest ASIL among all coexisting SW-Cs ASIL D • Do this if evidence for freedom from interference is not feasible + • Increased certification cost, larger footprint ASIL C ECU with mixed ASILs 7

  18. ISO26262 Resource Allocation Requirements If an ECU runs SW-Cs of different ASILs, ISO26262 provides two options ASIL D Option 1 : Raise the ASIL + ASIL C  ASIL D • For all SW-Cs, assign the highest ASIL among all coexisting SW-Cs ASIL D • Do this if evidence for freedom from interference is not feasible + • Increased certification cost, larger footprint ASIL C ECU with ASIL D mixed ASILs Option 2 : Allow co-existence + ASIL C • Do this if evidence for freedom from interference is feasible 7

  19. Freedom from Interference (as defined in ISO26262) • Quote* “Interference is the presence of cascading failures from a SW -C with no ASIL assigned, or a lower ASIL assigned, to a SW-C with a higher ASIL assigned leading to the violation of a safety requirement of the SW- C” • Definition 1.49 in ISO26262* “Freedom from interference is the absence of cascading failures between two or more SW- Cs that could lead to the violation of a safety requirement” *Paraphrased (replaced elements and sub-elements with SW-Cs) 8

  20. Motivation for Permitting Interference • Resource utilization estimates are pessimistic to ensure safety • Hardware/Software complexity adds to the pessimism 9

  21. Motivation for Permitting Interference • Resource utilization estimates are pessimistic to ensure safety • Hardware/Software complexity adds to the pessimism • Higher criticality  More stringent safety requirements  More pessimism 9

  22. Motivation for Permitting Interference • Resource utilization estimates are pessimistic to ensure safety • Hardware/Software complexity adds to the pessimism • Higher criticality  More stringent safety requirements  More pessimism Task B Task A Task A – high criticality Task B – low criticality Budget WCET WCET Low Criticality High 9

  23. Motivation for Permitting Interference • Resource utilization estimates are pessimistic to ensure safety • Hardware/Software complexity adds to the pessimism • Higher criticality  More stringent safety requirements  More pessimism Task B Task A Task A – high criticality Safety Safety margin margin Task B – low criticality Budget WCET WCET Low Criticality High 9

  24. Motivation for Permitting Interference • Resource utilization estimates are pessimistic to ensure safety • Hardware/Software complexity adds to the pessimism • Higher criticality  More stringent safety requirements  More pessimism • Permit interference within the safety margin • Safety is not compromised • Resource utilization is vastly improved 9

  25. Motivation for Permitting Interference • Resource utilization estimates are pessimistic to ensure safety • Hardware/Software complexity adds to the pessimism • Higher criticality  More stringent safety requirements  More pessimism • Permit interference within the safety margin • Safety is not compromised • Resource utilization is vastly improved • How to ensure interference is safe when WCET is unknown? • Permit interference and recover prior to a safety violation • Recovery may impact the execution of some (lower criticality) tasks • As long as there is no impact on safety, . . . 9

  26. A Popular MCS Model in Academia • Reserve less “pessimistic” budgets for tasks → Allows interference → Improves efficiency 10

  27. A Popular MCS Model in Academia • Reserve less “pessimistic” budgets for tasks → Allows interference → Improves efficiency • In the (hopefully) “rare” case that a budget is overrun, prioritize allocations to critical tasks → Recovers prior to a safety violation → No impact on critical tasks Budget overrun Normal execution Suspend or degrade High Critical Task . . . . Low Critical Task time 10

Recommend

Mixed Criticality A Personal View Alan Burns Contents Some discussion on the notion of mixed

Mixed Criticality A Personal View Alan Burns Contents Some discussion on the notion of mixed

Mixed Criticality A Personal View Alan Burns Contents Some discussion on the notion of mixed criticality A brief overview of the literature An augmented system model Open issues (as I see it) What is Criticality A

568 views • 25 slides
Graceful Degradation of Low-Criticality Tasks in Multiprocessor Dual-Criticality Systems Lin

Graceful Degradation of Low-Criticality Tasks in Multiprocessor Dual-Criticality Systems Lin

Graceful Degradation of Low-Criticality Tasks in Multiprocessor Dual-Criticality Systems Lin Huang, I-Hong Hou, Sachin S.Sapatnekar and Jiang Hu v Outline Motivation Previous Work Variable Precision Scheduling Methods Experiment

782 views • 32 slides
Programming with Time for Mixed Criticality Systems Dagstuhl Seminar, March 16-20, 2015 Mixed

Programming with Time for Mixed Criticality Systems Dagstuhl Seminar, March 16-20, 2015 Mixed

Programming with Time for Mixed Criticality Systems Dagstuhl Seminar, March 16-20, 2015 Mixed Criticality on Multicore/Manycore Platforms David Broman Associate Professor, KTH Royal Institute of Technology Assistant Research Engineer,

202 views • 6 slides
PREDICTING LOW VELOCITY IMPACT DAMAGE A MIXED MODE DEGRADATION MODEL F. Ehrich 1 *, L.

PREDICTING LOW VELOCITY IMPACT DAMAGE A MIXED MODE DEGRADATION MODEL F. Ehrich 1 *, L.

18 TH INTERNATIONAL CONFERENCE ON COMPOSITE MATERIALS PREDICTING LOW VELOCITY IMPACT DAMAGE A MIXED MODE DEGRADATION MODEL F. Ehrich 1 *, L. Iannucci 1 , J. Ankersen 1 , M. Fouinneteau 2 1 Department of Aeronautics, Imperial College of Science

415 views • 4 slides
Bounding and Shaping the Demand of Mixed-Criticality Sporadic Tasks Pontus Ekberg & Wang Yi

Bounding and Shaping the Demand of Mixed-Criticality Sporadic Tasks Pontus Ekberg & Wang Yi

Bounding and Shaping the Demand of Mixed-Criticality Sporadic Tasks Pontus Ekberg & Wang Yi Uppsala University, Sweden ECRTS 2012 Mixed-criticality sporadic tasks D i : Relative deadline T i : Period L i : Criticality (lo or hi) Pontus

801 views • 39 slides
AdaptMC A Control-Theoretic Approach for Achieving Resilience in Mixed-Criticality Systems

AdaptMC A Control-Theoretic Approach for Achieving Resilience in Mixed-Criticality Systems

AdaptMC A Control-Theoretic Approach for Achieving Resilience in Mixed-Criticality Systems Alessandro V. Papadopoulos, Enrico Bini, Sanjoy Baruah, Alan Burns Embedded system ! 2 Mixed-criticality system C Each task has its Monitoring

456 views • 27 slides
Mixed Criticality Systems: Beyond Transient Faults Abhilash Thekkilakattil, Alan Burns, Radu

Mixed Criticality Systems: Beyond Transient Faults Abhilash Thekkilakattil, Alan Burns, Radu

Mixed Criticality Systems: Beyond Transient Faults Abhilash Thekkilakattil, Alan Burns, Radu Dobrin and Sasikumar Punnekkat Motivation and Contribution State of the art of mixed criticality scheduling mainly focuses on WCET overruns WCET

258 views • 23 slides
State-Based Mode Switching with Applications to Mixed-Criticality Systems Pontus Ekberg , Martin

State-Based Mode Switching with Applications to Mixed-Criticality Systems Pontus Ekberg , Martin

State-Based Mode Switching with Applications to Mixed-Criticality Systems Pontus Ekberg , Martin Stigge, Nan Guan & Wang Yi Uppsala University, Sweden WMC 2013 Mixed Criticality as Mode Switching At a switch between modes (e.g., lo to hi),

627 views • 48 slides
Regarding the Optimality of Speedup Bounds of Mixed-Criticality Schedulability Tests Zhishan Guo

Regarding the Optimality of Speedup Bounds of Mixed-Criticality Schedulability Tests Zhishan Guo

Regarding the Optimality of Speedup Bounds of Mixed-Criticality Schedulability Tests Zhishan Guo Department of Computer Science, Missouri S&T Presented at Dagstuhl Seminar 17131 Mar. 29, 2017 MC & Vestals Interpretation Mixed

513 views • 23 slides
Mixed Criticality Systems view from the industry side MAXI M Cristia n Airb us Ope ra tio

Mixed Criticality Systems view from the industry side MAXI M Cristia n Airb us Ope ra tio

Mixed Criticality Systems view from the industry side MAXI M Cristia n Airb us Ope ra tio ns S.A.S Da g stuhl Se mina r - 27/ 03/ 2017 Criticality (notions) itic ality is a de sig na tio n o f the le ve l o f a ssura nc e Cr a g

287 views • 24 slides
mixed criticality systems (Experience from MultiPARTES, DREAMS and PROXIMA FP7) Dr. Jon Perez

mixed criticality systems (Experience from MultiPARTES, DREAMS and PROXIMA FP7) Dr. Jon Perez

Road to certification in multicore partitioned mixed criticality systems (Experience from MultiPARTES, DREAMS and PROXIMA FP7) Dr. Jon Perez Dr. Alfons Crespo November 04 th , 2014. Berlin. AUTOSAR Working Group Agenda Introduction

595 views • 31 slides
for Real-Time and Mixed Criticality Applications Author: Vittoriano Muttillo

for Real-Time and Mixed Criticality Applications Author: Vittoriano Muttillo

CPS Summer School 2017 Designing Cyber-Physical Systems From concepts to implementation System-Level HW/SW Co-Design Methodology for Real-Time and Mixed Criticality Applications Author: Vittoriano Muttillo

486 views • 7 slides
The Feasibility Analysis of Mixed-Criticality Systems Saravanan Ramanathan, Xiaozhe Gu, Arvind

The Feasibility Analysis of Mixed-Criticality Systems Saravanan Ramanathan, Xiaozhe Gu, Arvind

Motivation Open Problem Possible Solution Design Methodology The Feasibility Analysis of Mixed-Criticality Systems Saravanan Ramanathan, Xiaozhe Gu, Arvind Easwaran Nanyang Technological University, Singapore July 5, 2016 NTU RTSOPS2016 1

1.67k views • 18 slides
Mixed-Criticality Systems with Permitted Failure Probability Zhishan Guo , Luca Santinelli * , and

Mixed-Criticality Systems with Permitted Failure Probability Zhishan Guo , Luca Santinelli * , and

EDF Schedulability Analysis on Mixed-Criticality Systems with Permitted Failure Probability Zhishan Guo , Luca Santinelli * , and Kecheng Yang Department of Computer Science, UNC Chapel Hill *ONERA The French Aerospace Lab at Toulouse The

432 views • 42 slides
Guaranteeing some service upon mode switch in mixed-criticality systems Zhishan Guo Department

Guaranteeing some service upon mode switch in mixed-criticality systems Zhishan Guo Department

Guaranteeing some service upon mode switch in mixed-criticality systems Zhishan Guo Department of Computer Science, Missouri S&T Presented at Dagstuhl Seminar 17131 Mar. 28, 2017 MC & Vestals Interpretation MC: functionalities

570 views • 15 slides
Mixed Criticality Systems and Multicore Roman Obermaisser Agenda 09:00 09:30 Welcome and

Mixed Criticality Systems and Multicore Roman Obermaisser Agenda 09:00 09:30 Welcome and

Mixed Criticality Systems and Multicore Roman Obermaisser Agenda 09:00 09:30 Welcome and Introductions Prof Dr Roman Obermaisser, University of Siegen Short keynote address Prof Dr Heinrich Daembkes, ARTEMIS IA President The

671 views • 12 slides
Availability Enhancement and Analysis for Mixed-Criticality Systems on Multi-core Roberto MEDINA,

Availability Enhancement and Analysis for Mixed-Criticality Systems on Multi-core Roberto MEDINA,

Availability Enhancement and Analysis for Mixed-Criticality Systems on Multi-core Roberto MEDINA, Etienne BORDE, Laurent PAUTET Design, Automation & Test Europe March 22nd 2018 Overview Research and Industrial Context 1

227 views • 21 slides
Uniprocessor scheduling of mixed-criticality implicit-deadline sporadic task systems with K levels

Uniprocessor scheduling of mixed-criticality implicit-deadline sporadic task systems with K levels

Uniprocessor scheduling of mixed-criticality implicit-deadline sporadic task systems with K levels Sanjoy Baruah 1 Vincenzo Bonifaci 2 Gianlorenzo DAngelo 3 Haohan Li 6 Alberto Marchetti-Spaccamela 4 Suzanne Van Der Ster 5 Leen Stougie 5 1 The

541 views • 29 slides
A safety concept for a wind power mixed-criticality embedded system based on multicore

A safety concept for a wind power mixed-criticality embedded system based on multicore

2 1 A safety concept for a wind power mixed-criticality embedded system based on multicore partitioning Jon Perez 1 , David Gonzalez 1 (dgonzalez@ikerlan.es), Salvador Trujillo 1 , Jose Miguel Grate 2 , Ton Trapman 2 1st International Workshop

306 views • 14 slides
Mixed-Criticality Systems Based on Time- Triggered Ethernet with Multiple Ring Topologies

Mixed-Criticality Systems Based on Time- Triggered Ethernet with Multiple Ring Topologies

Mixed-Criticality Systems Based on Time- Triggered Ethernet with Multiple Ring Topologies University of Siegen Mohammed Abuteir, Roman Obermaisser Naturwissenschaftlich-Technische Fakultt Department Elektrotechnik und Informatik / Embedded

433 views • 21 slides
Planar Ising model at criticality: state-of-the-art and perspectives Dmitry Chelkak, ENS,

Planar Ising model at criticality: state-of-the-art and perspectives Dmitry Chelkak, ENS,

Planar Ising model at criticality: state-of-the-art and perspectives Dmitry Chelkak, ENS, Paris [ & PDMI, St. Petersburg (on leave) ] ICM, Rio de Janeiro, August 4, 2018 Planar Ising model at criticality: outline Combinatorics

791 views • 37 slides
A safety concept for a wind power mixed-criticality embedded system based on multicore

A safety concept for a wind power mixed-criticality embedded system based on multicore

A safety concept for a wind power mixed-criticality embedded system based on multicore partitioning Jon Perez, David Gonzalez, Salvador Trujillo Ton Trapman, Jose Miguel Garate Embedded Systems Group Software and Performance Ik4-IKERLAN

330 views • 6 slides
HEPSYCODE-RTMC: a Real-Time and Mixed Criticality Extensions for a System-Level HWSW Co-Design

HEPSYCODE-RTMC: a Real-Time and Mixed Criticality Extensions for a System-Level HWSW Co-Design

2st Italian Workshop on Embedded Systems (IWES 2017) HEPSYCODE-RTMC: a Real-Time and Mixed Criticality Extensions for a System-Level HWSW Co-Design Methodology Author: Vittoriano Muttillo , Vincenzo Stoico, Daniele Ciambrone, Giacomo Valente,

1.1k views • 52 slides
A Virtualized Separation Kernel for Mixed Criticality Systems Ye Li, Richard West and Eric

A Virtualized Separation Kernel for Mixed Criticality Systems Ye Li, Richard West and Eric

Introduction Architecture Performance Conclusions Ongoing and Future Work A Virtualized Separation Kernel for Mixed Criticality Systems Ye Li, Richard West and Eric Missimer Boston University March 2nd, 2014 Introduction Architecture

449 views • 21 slides

More recommend