Embedded systems are all around us and control many devices in common use. Among the different types of embedded systems, the malfunctions of some can cause major harm to the surrounding environment or human lives. Examples of these can be found in medical devices, aviation and the transport industry; they are referred to as safety-critical systems. Within the related industry standards, their functions are classified into multiple criticality (safety) levels which are used to identify the hazard which may be caused by their failure. The concept of a mixed-criticality system (MCS) was therefore developed, aiming to create a software platform that can help functions with different criticality levels coexist on a shared hardware platform. This is a replacement for dedicating a single embedded hardware platform to a single function, and has several benefits including a reduction in the weight of the device and its cost, and a simplification to the cable connection. MCS design, particularly in view of the task scheduling issue, has been a popular research topic since Vestal et al. proposed the first model in 2007. In these systems, each task is identified by a criticality (safety) level. Most of the work in this area tends to pessimistically allocate processor resources to tasks with a higher criticality level, sacrificing tasks with lower criticality levels. This behaviour can cause under-utilisation of processor resources and mean that less critical tasks are unnecessarily stopped from running. To reduce the effect of this pessimism, a general solution is to characterise the same piece of code by multiple worst-case execution time (WCET) values using different confidence levels. The system can thereby increase processor utilisation and protect the less important tasks by not allowing a high-criticality task to receive resources that are equal to its high-confidence WCET estimate until its execution exceeds the low-confidence one. However, pessimism still exists in MCS design in many other aspects. One issue is that in a dual-criticality system, for example, once a high-criticality task exceeds its low-confidence WCET estimate the low-criticality tasks are always completely suspended. This choice becomes pessimistic when the suspended low-criticality tasks release more resources than required. Under these conditions, at least some service of low-criticality tasks should be granted in order to make full use of the available processor resources. Secondly, the WCET values are difficult to estimate in practice, especially when there are uncertainties in the task's parameters. If the piece of code has dynamically variable execution times during runtime, the offline WCET estimate tends to be over-pessimistic even when it is at a low-confidence level. Thirdly, a general design simultaneously increases the processor allocation of all high-criticality tasks. This operation can reduce the computation complexity of the run-time algorithm; however, it ignores the fact that additional resources are not necessarily required during the same period. Last but not least, most research considers the missing of a single task deadline as failure; according to the standards, however, missing a single deadline may not necessarily cause failure of the function, which makes the existing approaches overly conservative. In this dissertation, these issues are addressed in two phases. In the first phase, algorithms are proposed based on a generally used MCS model in a dual-criticality system. The algorithms are extended from the well-known EDF-VD (Earliest Deadline First with Virtual Deadlines) using increased processor allocat
Guan, F 2017, 'Reducing pessimism in mixed-criticality system designs', Vrije Universiteit Brussel, Brussels.
Guan, F. (2017). Reducing pessimism in mixed-criticality system designs. [PhD Thesis, Vrije Universiteit Brussel].
@phdthesis{38d690c5515248f792ee2e6a3c29acfc,
title = "Reducing pessimism in mixed-criticality system designs",
abstract = "Embedded systems are all around us and control many devices in common use. Among the different types of embedded systems, the malfunctions of some can cause major harm to the surrounding environment or human lives. Examples of these can be found in medical devices, aviation and the transport industry; they are referred to as safety-critical systems. Within the related industry standards, their functions are classified into multiple criticality (safety) levels which are used to identify the hazard which may be caused by their failure. The concept of a mixed-criticality system (MCS) was therefore developed, aiming to create a software platform that can help functions with different criticality levels coexist on a shared hardware platform. This is a replacement for dedicating a single embedded hardware platform to a single function, and has several benefits including a reduction in the weight of the device and its cost, and a simplification to the cable connection. MCS design, particularly in view of the task scheduling issue, has been a popular research topic since Vestal et al. proposed the first model in 2007. In these systems, each task is identified by a criticality (safety) level. Most of the work in this area tends to pessimistically allocate processor resources to tasks with a higher criticality level, sacrificing tasks with lower criticality levels. This behaviour can cause under-utilisation of processor resources and mean that less critical tasks are unnecessarily stopped from running. To reduce the effect of this pessimism, a general solution is to characterise the same piece of code by multiple worst-case execution time (WCET) values using different confidence levels. The system can thereby increase processor utilisation and protect the less important tasks by not allowing a high-criticality task to receive resources that are equal to its high-confidence WCET estimate until its execution exceeds the low-confidence one. However, pessimism still exists in MCS design in many other aspects. One issue is that in a dual-criticality system, for example, once a high-criticality task exceeds its low-confidence WCET estimate the low-criticality tasks are always completely suspended. This choice becomes pessimistic when the suspended low-criticality tasks release more resources than required. Under these conditions, at least some service of low-criticality tasks should be granted in order to make full use of the available processor resources. Secondly, the WCET values are difficult to estimate in practice, especially when there are uncertainties in the task's parameters. If the piece of code has dynamically variable execution times during runtime, the offline WCET estimate tends to be over-pessimistic even when it is at a low-confidence level. Thirdly, a general design simultaneously increases the processor allocation of all high-criticality tasks. This operation can reduce the computation complexity of the run-time algorithm; however, it ignores the fact that additional resources are not necessarily required during the same period. Last but not least, most research considers the missing of a single task deadline as failure; according to the standards, however, missing a single deadline may not necessarily cause failure of the function, which makes the existing approaches overly conservative. In this dissertation, these issues are addressed in two phases. In the first phase, algorithms are proposed based on a generally used MCS model in a dual-criticality system. The algorithms are extended from the well-known EDF-VD (Earliest Deadline First with Virtual Deadlines) using increased processor allocat",
keywords = "embedded systems",
author = "Fei Guan",
year = "2017",
language = "English",
school = "Vrije Universiteit Brussel",
}