Mixed Criticality Systemsand Many-Core Platforms

Alan Burns, University of York, UK

Mixed Criticality Systems and Many-Core Platforms – p. 1/19

Background

Mixed Criticality Systems (MCSs) arebecoming a distinct focus for research andindustrial application

Two key issues:1. Separation for Safety2. Sharing for efficient resource usage

Mixed Criticality Systems and Many-Core Platforms – p. 2/19

Background

Many-Core (multi-core) platforms arebecoming the norm for industrial application

Two key issues:1. How to share/allocate the applications2. How to control communications

Mixed Criticality Systems and Many-Core Platforms – p. 3/19

Requirements

In any multi-application system, failures mustbe confined to the application experiencingthe fault

In particular, in mixed criticality systems,failure of a low criticality application must notcompromise higher criticality applications

But the over provision of resources to highcriticality tasks could lead to poorschedulability

Mixed Criticality Systems and Many-Core Platforms – p. 4/19

Exemplar - UAV

A UAV may fly in civil airspace and hence itsfight control system (FCS) must be certifiedby, say, the CAA

Mission critical software associated with theplanning, capturing and processing of imagesetc (PCP) must be fit for purpose and signedoff by the system’s lead engineer

Mixed Criticality Systems and Many-Core Platforms – p. 5/19

Exemplar - UAV

Certification via CAA uses very conservativeestimates of execution times

They estimate FCS requires 0.75 of thechosen processor (CPU)

PCP is analysed more accurately (but stillsafely) to give a WCET of 0.4

As a result two CPUs are needed (0.75+0.4)

Mixed Criticality Systems and Many-Core Platforms – p. 6/19

Exemplar - UAV

BUT, if FCS is analysed as if it were onlymission critical the system engineers may beconfident that WCET is no higher than 0.55

SO:CAA are only interested in FCS, requiring0.75 CPUMission needs FCS + PCP (0.55+0.4), ieonly 0.95

HENCE, a single CPU will do

Mixed Criticality Systems and Many-Core Platforms – p. 7/19

Exemplar - UAV

At run-timeFCS has a budget of 0.75 (with an alarm ifexecutes for more than 0.55)PCP gets a budget of 0.4FCS must always get its full budget (of0.75)PCP may be starved, but only ifassumption underlying the mission criticalsoftware are flawed

Mixed Criticality Systems and Many-Core Platforms – p. 8/19

Many-Core Issues

Partitioning - static seems only real game intown, perhaps some minimal migration

Communications (cores and off-chip):Busses are pessimistic – 1071ms to 2876(8 core), one read going from 41 cycles to604.Busses with budgets are inefficient, and donot scaleTime triggered (TDMA) is OK for someapplicationsNoC provides a manageable resource

Mixed Criticality Systems and Many-Core Platforms – p. 9/19

Wormhole Routing

Message/package is a series of flits

Fixed route - typically X-YHeader flit has destination

Credit-based flow control

Minimal router buffering

Priority based flit-level arbitrationVirtual channels (VCs)

Mixed Criticality Systems and Many-Core Platforms – p. 10/19

Wormhole Routing

Mixed Criticality Systems and Many-Core Platforms – p. 11/19

Abstract SchedulingModel

Entities (τ ) haveRepeated behaviour, minimum repeat timeor period, TResource usage per release, CRelative deadline of each release, DPerturbations in release time (jitter), JPriority assigned, P

Mixed Criticality Systems and Many-Core Platforms – p. 12/19

Abstract SchedulingModel

Entities (τ ) haveRepeated behaviour, minimum repeat timeor period, TResource usage per release, CRelative deadline of each release, DPerturbations in release time (jitter), JPriority assigned, PIn a MCSs all parameters can becriticality specific

Mixed Criticality Systems and Many-Core Platforms – p. 13/19

Response TimeAnalysis

For a single criticality system

Ri = Ci +

∑

τj∈hp(i)

⌈

Ri + Jj

Tj

⌉

Cj

This is solved using standard techniques forrecurrence relations

Is R ≤ D?

Mixed Criticality Systems and Many-Core Platforms – p. 14/19

Response TimeAnalysis

For a single criticality system

Ri = Ci +

∑

τj∈hp(i)

⌈

Ri + Jj

Tj

⌉

Cj

This is solved using standard techniques forrecurrence relations

Is R ≤ D?Applicable to Tasks on cores and Flows onNoC

Mixed Criticality Systems and Many-Core Platforms – p. 15/19

MCS SchemesCrMPO, 1973

PT, 1986

SMA-NO, Vestal, 2007

SMA, 2011

AMC, 2011

TwoP, 2013

AMC for CAN, 2013

AMC-NPR, RTSS, 2014

Partial AMC for Wormhole, 2014Mixed Criticality Systems and Many-Core Platforms – p. 16/19

Typical Results-Tasks

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

100%

110%

0.4 0.45 0.5 0.55 0.6 0.65 0.7 0.75 0.8 0.85 0.9 0.95

Sc

he

du

lab

le T

as

ks

ets

Utilisation

Valid

UB-NPR

AMC-NPR

AMC-rtb

SMC

SMC-NO

CrMPO

Mixed Criticality Systems and Many-Core Platforms – p. 17/19

Typical Results-Flows

0 5 10 15 20 25 300

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

0.9

1

Number of flows in each generated flowset (10x10 NoC)

Pro

port

ion

of s

ched

ulab

le fl

owse

ts

Schedulable flowsets (WPMC)Schedulable flowsets (baseline)Schedulable flowsets − (criticality monotonic baseline)

Mixed Criticality Systems and Many-Core Platforms – p. 18/19

ConclusionMixed Criticality systems are becomingincreasingly important

Smart scheduling can significantly increaseresources usage

A number of scheduling schemes have beendeveloped

Most use RTA as the basis for analysis

Can be adapted to flow analysis for amany-core NoC

Mixed Criticality Systems and Many-Core Platforms – p. 19/19