mixed criticality systems and many-core platforms
DESCRIPTION
An increasingly important trend in the design of real-time and embedded systems is the integration of components with different levels of criticality onto a common hardware platform. At the same time, these platforms are migrating from single cores to multi-cores and, in the future, manycore architectures. Criticality is a designation of the level of assurance against failure needed for a system component. A mixed criticality system (MCS) is one that has two or more distinct levels (for example safety critical, mission critical and non-critical). Perhaps up to five levels may be identified (see, for example, the IEC 61508, DO-178B, DO-254 and ISO 26262 standards). In this talk some of the techniques being developed for MCS will be outlined, as will schemes by which the different assuance methods for each criticality level can be exploited to reduce resource usage.TRANSCRIPT
Mixed Criticality Systemsand Many-Core Platforms
Alan Burns, University of York, UK
Mixed Criticality Systems and Many-Core Platforms – p. 1/19
Background
Mixed Criticality Systems (MCSs) arebecoming a distinct focus for research andindustrial application
Two key issues:1. Separation for Safety2. Sharing for efficient resource usage
Mixed Criticality Systems and Many-Core Platforms – p. 2/19
Background
Many-Core (multi-core) platforms arebecoming the norm for industrial application
Two key issues:1. How to share/allocate the applications2. How to control communications
Mixed Criticality Systems and Many-Core Platforms – p. 3/19
Requirements
In any multi-application system, failures mustbe confined to the application experiencingthe fault
In particular, in mixed criticality systems,failure of a low criticality application must notcompromise higher criticality applications
But the over provision of resources to highcriticality tasks could lead to poorschedulability
Mixed Criticality Systems and Many-Core Platforms – p. 4/19
Exemplar - UAV
A UAV may fly in civil airspace and hence itsfight control system (FCS) must be certifiedby, say, the CAA
Mission critical software associated with theplanning, capturing and processing of imagesetc (PCP) must be fit for purpose and signedoff by the system’s lead engineer
Mixed Criticality Systems and Many-Core Platforms – p. 5/19
Exemplar - UAV
Certification via CAA uses very conservativeestimates of execution times
They estimate FCS requires 0.75 of thechosen processor (CPU)
PCP is analysed more accurately (but stillsafely) to give a WCET of 0.4
As a result two CPUs are needed (0.75+0.4)
Mixed Criticality Systems and Many-Core Platforms – p. 6/19
Exemplar - UAV
BUT, if FCS is analysed as if it were onlymission critical the system engineers may beconfident that WCET is no higher than 0.55
SO:CAA are only interested in FCS, requiring0.75 CPUMission needs FCS + PCP (0.55+0.4), ieonly 0.95
HENCE, a single CPU will do
Mixed Criticality Systems and Many-Core Platforms – p. 7/19
Exemplar - UAV
At run-timeFCS has a budget of 0.75 (with an alarm ifexecutes for more than 0.55)PCP gets a budget of 0.4FCS must always get its full budget (of0.75)PCP may be starved, but only ifassumption underlying the mission criticalsoftware are flawed
Mixed Criticality Systems and Many-Core Platforms – p. 8/19
Many-Core Issues
Partitioning - static seems only real game intown, perhaps some minimal migration
Communications (cores and off-chip):Busses are pessimistic – 1071ms to 2876(8 core), one read going from 41 cycles to604.Busses with budgets are inefficient, and donot scaleTime triggered (TDMA) is OK for someapplicationsNoC provides a manageable resource
Mixed Criticality Systems and Many-Core Platforms – p. 9/19
Wormhole Routing
Message/package is a series of flits
Fixed route - typically X-YHeader flit has destination
Credit-based flow control
Minimal router buffering
Priority based flit-level arbitrationVirtual channels (VCs)
Mixed Criticality Systems and Many-Core Platforms – p. 10/19
Wormhole Routing
Mixed Criticality Systems and Many-Core Platforms – p. 11/19
Abstract SchedulingModel
Entities (τ ) haveRepeated behaviour, minimum repeat timeor period, TResource usage per release, CRelative deadline of each release, DPerturbations in release time (jitter), JPriority assigned, P
Mixed Criticality Systems and Many-Core Platforms – p. 12/19
Abstract SchedulingModel
Entities (τ ) haveRepeated behaviour, minimum repeat timeor period, TResource usage per release, CRelative deadline of each release, DPerturbations in release time (jitter), JPriority assigned, PIn a MCSs all parameters can becriticality specific
Mixed Criticality Systems and Many-Core Platforms – p. 13/19
Response TimeAnalysis
For a single criticality system
Ri = Ci +
∑
τj∈hp(i)
⌈
Ri + Jj
Tj
⌉
Cj
This is solved using standard techniques forrecurrence relations
Is R ≤ D?
Mixed Criticality Systems and Many-Core Platforms – p. 14/19
Response TimeAnalysis
For a single criticality system
Ri = Ci +
∑
τj∈hp(i)
⌈
Ri + Jj
Tj
⌉
Cj
This is solved using standard techniques forrecurrence relations
Is R ≤ D?Applicable to Tasks on cores and Flows onNoC
Mixed Criticality Systems and Many-Core Platforms – p. 15/19
MCS SchemesCrMPO, 1973
PT, 1986
SMA-NO, Vestal, 2007
SMA, 2011
AMC, 2011
TwoP, 2013
AMC for CAN, 2013
AMC-NPR, RTSS, 2014
Partial AMC for Wormhole, 2014Mixed Criticality Systems and Many-Core Platforms – p. 16/19
Typical Results-Tasks
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
110%
0.4 0.45 0.5 0.55 0.6 0.65 0.7 0.75 0.8 0.85 0.9 0.95
Sc
he
du
lab
le T
as
ks
ets
Utilisation
Valid
UB-NPR
AMC-NPR
AMC-rtb
SMC
SMC-NO
CrMPO
Mixed Criticality Systems and Many-Core Platforms – p. 17/19
Typical Results-Flows
0 5 10 15 20 25 300
0.1
0.2
0.3
0.4
0.5
0.6
0.7
0.8
0.9
1
Number of flows in each generated flowset (10x10 NoC)
Pro
port
ion
of s
ched
ulab
le fl
owse
ts
Schedulable flowsets (WPMC)Schedulable flowsets (baseline)Schedulable flowsets − (criticality monotonic baseline)
Mixed Criticality Systems and Many-Core Platforms – p. 18/19
ConclusionMixed Criticality systems are becomingincreasingly important
Smart scheduling can significantly increaseresources usage
A number of scheduling schemes have beendeveloped
Most use RTA as the basis for analysis
Can be adapted to flow analysis for amany-core NoC
Mixed Criticality Systems and Many-Core Platforms – p. 19/19