a practical degradation model for mixed criticality
play

A Practical Degradation Model for Mixed Criticality Systems Vijaya - PowerPoint PPT Presentation

Nov 01, 2022 •145 likes •1.02k views

A Practical Degradation Model for Mixed Criticality Systems Vijaya Kumar Sundar, Arvind Easwaran Nanyang Technological University (NTU), Singapore May 8, 2019 Research Outline Research Objective: A new degradation model for Mixed Criticality

  1. A Practical Degradation Model for Mixed Criticality Systems Vijaya Kumar Sundar, Arvind Easwaran Nanyang Technological University (NTU), Singapore May 8, 2019

  2. Research Outline Research Objective: A new degradation model for Mixed Criticality System Motivation from Key Properties Degradation Model Automotive Domain of MCS For MCS Evaluation using the Autonomous Vehicle Test bed 2

  3. Current Trends in Automotive Systems 3

  4. Current Trends in Automotive Systems Trend 1 : Automotive is shifting from mechanical centric to electronic and software centric domain. 3

  5. Current Trends in Automotive Systems Trend 1 : Automotive is shifting from mechanical centric to electronic and software centric domain.  need for Autonomous Driving  increase in software intensive Driver Assistance Systems for safety and comfort. 3

  6. Current Trends in Automotive Systems Trend 1 : Automotive is shifting from mechanical centric to electronic and software centric domain.  need for Autonomous Driving  increase in software intensive Driver Assistance Systems for safety and comfort. Challenge : Increase in ECUs  Increase in harness weight, cost and reduced fuel efficiency. 3

  7. Trend Towards ECU Consolidation • A dedicated ECU for each functionality is not a sustainable solution! • Increase in demand for safety and comfort features • Increase in harness weight, cost and network complexity • Car manufacturers are moving towards ECU consolidation • Shared sensors and actuators between applications • Reduced communication latency • Applications having varied importance/criticality execute on a single hardware platform ADAS Autosar Autosar 8 ADAS 8 8 8 Hypervisor or RTOS RTOS RTOS RTOS Physical Hardware ECU 1 ECU 1 ECU 1 Core 3 Core 4 Core 1 Core 2 4

  8. Trend Towards ECU Consolidation • A dedicated ECU for each functionality is not a sustainable solution! • Increase in demand for safety and comfort features • Increase in harness weight, cost and network complexity • Car manufacturers are moving towards ECU consolidation • Shared sensors and actuators between applications • Reduced communication latency • Applications having varied importance/criticality execute on a single hardware platform ADAS Autosar Autosar 8 ADAS 8 8 8 Hypervisor or RTOS RTOS RTOS RTOS Physical Hardware ECU 1 ECU 1 ECU 1 Core 3 Core 4 Core 1 Core 2 Innovation in hardware and software platforms have made automotive, a Mixed Criticality System 4

  9. Mixed Criticality Systems (MCS) • A system with multiple applications that are “certified” to different levels of criticality and share hardware resources • Example, Antilock Braking (ABS), a highly critical application sharing hardware with Parking Assist, a relatively less critical application 5

  10. Mixed Criticality Systems (MCS) • A system with multiple applications that are “certified” to different levels of criticality and share hardware resources • Example, Antilock Braking (ABS), a highly critical application sharing hardware with Parking Assist, a relatively less critical application • MCS is not new in the safety-criticality industry • Integrated Modular Avionics (IMA) was commercially introduced in the 1990s • AUTOSAR has been around for about 10 years now 5

  11. Mixed Criticality Systems (MCS) • A system with multiple applications that are “certified” to different levels of criticality and share hardware resources • Example, Antilock Braking (ABS), a highly critical application sharing hardware with Parking Assist, a relatively less critical application • MCS is not new in the safety-criticality industry • Integrated Modular Avionics (IMA) was commercially introduced in the 1990s • AUTOSAR has been around for about 10 years now • Important challenges for computing platforms in MCS • Resource allocation strategy ensuring safety with acceptable compromise on performance • Software architectures for enabling MCS 5

  12. Resource Allocation in MCS • How to ensure safety? • Guaranteed allocation for critical applications • Satisfaction of safety standards such as ISO26262 6

  13. Resource Allocation in MCS • How to ensure safety? • Guaranteed allocation for critical applications • Satisfaction of safety standards such as ISO26262 • How to efficiently utilize resources? • To ensure safety, utilization estimates are needed for applications • Example, Worst-Case Execution Time (WCET) estimates • Estimates are typically generous for critical applications • Leads to over-allocation and consequently wastage 6

  14. Resource Allocation in MCS • How to ensure safety? • Guaranteed allocation for critical applications • Satisfaction of safety standards such as ISO26262 • How to efficiently utilize resources? • To ensure safety, utilization estimates are needed for applications • Example, Worst-Case Execution Time (WCET) estimates • Estimates are typically generous for critical applications • Leads to over-allocation and consequently wastage How to reconcile seemingly conflicting requirements of safety and efficiency? 6

  15. ISO26262 Resource Allocation Requirements 7

  16. ISO26262 Resource Allocation Requirements If an ECU runs SW-Cs of different ASILs, ISO26262 provides two options ASIL D + ASIL C ECU with mixed ASILs 7

  17. ISO26262 Resource Allocation Requirements If an ECU runs SW-Cs of different ASILs, ISO26262 provides two options ASIL D Option 1 : Raise the ASIL + ASIL C  ASIL D • For all SW-Cs, assign the highest ASIL among all coexisting SW-Cs ASIL D • Do this if evidence for freedom from interference is not feasible + • Increased certification cost, larger footprint ASIL C ECU with mixed ASILs 7

  18. ISO26262 Resource Allocation Requirements If an ECU runs SW-Cs of different ASILs, ISO26262 provides two options ASIL D Option 1 : Raise the ASIL + ASIL C  ASIL D • For all SW-Cs, assign the highest ASIL among all coexisting SW-Cs ASIL D • Do this if evidence for freedom from interference is not feasible + • Increased certification cost, larger footprint ASIL C ECU with ASIL D mixed ASILs Option 2 : Allow co-existence + ASIL C • Do this if evidence for freedom from interference is feasible 7

  19. Freedom from Interference (as defined in ISO26262) • Quote* “Interference is the presence of cascading failures from a SW -C with no ASIL assigned, or a lower ASIL assigned, to a SW-C with a higher ASIL assigned leading to the violation of a safety requirement of the SW- C” • Definition 1.49 in ISO26262* “Freedom from interference is the absence of cascading failures between two or more SW- Cs that could lead to the violation of a safety requirement” *Paraphrased (replaced elements and sub-elements with SW-Cs) 8

  20. Motivation for Permitting Interference • Resource utilization estimates are pessimistic to ensure safety • Hardware/Software complexity adds to the pessimism 9

  21. Motivation for Permitting Interference • Resource utilization estimates are pessimistic to ensure safety • Hardware/Software complexity adds to the pessimism • Higher criticality  More stringent safety requirements  More pessimism 9

  22. Motivation for Permitting Interference • Resource utilization estimates are pessimistic to ensure safety • Hardware/Software complexity adds to the pessimism • Higher criticality  More stringent safety requirements  More pessimism Task B Task A Task A – high criticality Task B – low criticality Budget WCET WCET Low Criticality High 9

  23. Motivation for Permitting Interference • Resource utilization estimates are pessimistic to ensure safety • Hardware/Software complexity adds to the pessimism • Higher criticality  More stringent safety requirements  More pessimism Task B Task A Task A – high criticality Safety Safety margin margin Task B – low criticality Budget WCET WCET Low Criticality High 9

  24. Motivation for Permitting Interference • Resource utilization estimates are pessimistic to ensure safety • Hardware/Software complexity adds to the pessimism • Higher criticality  More stringent safety requirements  More pessimism • Permit interference within the safety margin • Safety is not compromised • Resource utilization is vastly improved 9

  25. Motivation for Permitting Interference • Resource utilization estimates are pessimistic to ensure safety • Hardware/Software complexity adds to the pessimism • Higher criticality  More stringent safety requirements  More pessimism • Permit interference within the safety margin • Safety is not compromised • Resource utilization is vastly improved • How to ensure interference is safe when WCET is unknown? • Permit interference and recover prior to a safety violation • Recovery may impact the execution of some (lower criticality) tasks • As long as there is no impact on safety, . . . 9

  26. A Popular MCS Model in Academia • Reserve less “pessimistic” budgets for tasks → Allows interference → Improves efficiency 10

  27. A Popular MCS Model in Academia • Reserve less “pessimistic” budgets for tasks → Allows interference → Improves efficiency • In the (hopefully) “rare” case that a budget is overrun, prioritize allocations to critical tasks → Recovers prior to a safety violation → No impact on critical tasks Budget overrun Normal execution Suspend or degrade High Critical Task . . . . Low Critical Task time 10

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Mixed Criticality A Personal View Alan Burns Contents Some discussion on the notion of mixed

Mixed Criticality A Personal View Alan Burns Contents Some discussion on the notion of mixed

Mixed Criticality A Personal View Alan Burns Contents Some discussion on the notion of mixed criticality A brief overview of the literature An augmented system model Open issues (as I see it) What is Criticality A

568 views • 25 slides
Graceful Degradation of Low-Criticality Tasks in Multiprocessor Dual-Criticality Systems Lin

Graceful Degradation of Low-Criticality Tasks in Multiprocessor Dual-Criticality Systems Lin

Graceful Degradation of Low-Criticality Tasks in Multiprocessor Dual-Criticality Systems Lin Huang, I-Hong Hou, Sachin S.Sapatnekar and Jiang Hu v Outline Motivation Previous Work Variable Precision Scheduling Methods Experiment

782 views • 32 slides
Programming with Time for Mixed Criticality Systems Dagstuhl Seminar, March 16-20, 2015 Mixed

Programming with Time for Mixed Criticality Systems Dagstuhl Seminar, March 16-20, 2015 Mixed

Programming with Time for Mixed Criticality Systems Dagstuhl Seminar, March 16-20, 2015 Mixed Criticality on Multicore/Manycore Platforms David Broman Associate Professor, KTH Royal Institute of Technology Assistant Research Engineer,

202 views • 6 slides
PREDICTING LOW VELOCITY IMPACT DAMAGE A MIXED MODE DEGRADATION MODEL F. Ehrich 1 *, L.

PREDICTING LOW VELOCITY IMPACT DAMAGE A MIXED MODE DEGRADATION MODEL F. Ehrich 1 *, L.

18 TH INTERNATIONAL CONFERENCE ON COMPOSITE MATERIALS PREDICTING LOW VELOCITY IMPACT DAMAGE A MIXED MODE DEGRADATION MODEL F. Ehrich 1 *, L. Iannucci 1 , J. Ankersen 1 , M. Fouinneteau 2 1 Department of Aeronautics, Imperial College of Science

415 views • 4 slides
Bounding and Shaping the Demand of Mixed-Criticality Sporadic Tasks Pontus Ekberg & Wang Yi

Bounding and Shaping the Demand of Mixed-Criticality Sporadic Tasks Pontus Ekberg & Wang Yi

Bounding and Shaping the Demand of Mixed-Criticality Sporadic Tasks Pontus Ekberg & Wang Yi Uppsala University, Sweden ECRTS 2012 Mixed-criticality sporadic tasks D i : Relative deadline T i : Period L i : Criticality (lo or hi) Pontus

801 views • 39 slides
AdaptMC A Control-Theoretic Approach for Achieving Resilience in Mixed-Criticality Systems

AdaptMC A Control-Theoretic Approach for Achieving Resilience in Mixed-Criticality Systems

AdaptMC A Control-Theoretic Approach for Achieving Resilience in Mixed-Criticality Systems Alessandro V. Papadopoulos, Enrico Bini, Sanjoy Baruah, Alan Burns Embedded system ! 2 Mixed-criticality system C Each task has its Monitoring

456 views • 27 slides
Mixed Criticality Systems: Beyond Transient Faults Abhilash Thekkilakattil, Alan Burns, Radu

Mixed Criticality Systems: Beyond Transient Faults Abhilash Thekkilakattil, Alan Burns, Radu

Mixed Criticality Systems: Beyond Transient Faults Abhilash Thekkilakattil, Alan Burns, Radu Dobrin and Sasikumar Punnekkat Motivation and Contribution State of the art of mixed criticality scheduling mainly focuses on WCET overruns WCET

258 views • 23 slides
State-Based Mode Switching with Applications to Mixed-Criticality Systems Pontus Ekberg , Martin

State-Based Mode Switching with Applications to Mixed-Criticality Systems Pontus Ekberg , Martin

State-Based Mode Switching with Applications to Mixed-Criticality Systems Pontus Ekberg , Martin Stigge, Nan Guan & Wang Yi Uppsala University, Sweden WMC 2013 Mixed Criticality as Mode Switching At a switch between modes (e.g., lo to hi),

627 views • 48 slides
Regarding the Optimality of Speedup Bounds of Mixed-Criticality Schedulability Tests Zhishan Guo

Regarding the Optimality of Speedup Bounds of Mixed-Criticality Schedulability Tests Zhishan Guo

Regarding the Optimality of Speedup Bounds of Mixed-Criticality Schedulability Tests Zhishan Guo Department of Computer Science, Missouri S&T Presented at Dagstuhl Seminar 17131 Mar. 29, 2017 MC & Vestals Interpretation Mixed

513 views • 23 slides
Mixed Criticality Systems view from the industry side MAXI M Cristia n Airb us Ope ra tio

Mixed Criticality Systems view from the industry side MAXI M Cristia n Airb us Ope ra tio

Mixed Criticality Systems view from the industry side MAXI M Cristia n Airb us Ope ra tio ns S.A.S Da g stuhl Se mina r - 27/ 03/ 2017 Criticality (notions) itic ality is a de sig na tio n o f the le ve l o f a ssura nc e Cr a g

287 views • 24 slides
mixed criticality systems (Experience from MultiPARTES, DREAMS and PROXIMA FP7) Dr. Jon Perez

mixed criticality systems (Experience from MultiPARTES, DREAMS and PROXIMA FP7) Dr. Jon Perez

Road to certification in multicore partitioned mixed criticality systems (Experience from MultiPARTES, DREAMS and PROXIMA FP7) Dr. Jon Perez Dr. Alfons Crespo November 04 th , 2014. Berlin. AUTOSAR Working Group Agenda Introduction

595 views • 31 slides
for Real-Time and Mixed Criticality Applications Author: Vittoriano Muttillo

for Real-Time and Mixed Criticality Applications Author: Vittoriano Muttillo

CPS Summer School 2017 Designing Cyber-Physical Systems From concepts to implementation System-Level HW/SW Co-Design Methodology for Real-Time and Mixed Criticality Applications Author: Vittoriano Muttillo

486 views • 7 slides
The Feasibility Analysis of Mixed-Criticality Systems Saravanan Ramanathan, Xiaozhe Gu, Arvind

The Feasibility Analysis of Mixed-Criticality Systems Saravanan Ramanathan, Xiaozhe Gu, Arvind

Motivation Open Problem Possible Solution Design Methodology The Feasibility Analysis of Mixed-Criticality Systems Saravanan Ramanathan, Xiaozhe Gu, Arvind Easwaran Nanyang Technological University, Singapore July 5, 2016 NTU RTSOPS2016 1

1.67k views • 18 slides
Mixed-Criticality Systems with Permitted Failure Probability Zhishan Guo , Luca Santinelli * , and

Mixed-Criticality Systems with Permitted Failure Probability Zhishan Guo , Luca Santinelli * , and

EDF Schedulability Analysis on Mixed-Criticality Systems with Permitted Failure Probability Zhishan Guo , Luca Santinelli * , and Kecheng Yang Department of Computer Science, UNC Chapel Hill *ONERA The French Aerospace Lab at Toulouse The

432 views • 42 slides
Guaranteeing some service upon mode switch in mixed-criticality systems Zhishan Guo Department

Guaranteeing some service upon mode switch in mixed-criticality systems Zhishan Guo Department

Guaranteeing some service upon mode switch in mixed-criticality systems Zhishan Guo Department of Computer Science, Missouri S&T Presented at Dagstuhl Seminar 17131 Mar. 28, 2017 MC & Vestals Interpretation MC: functionalities

570 views • 15 slides
Mixed Criticality Systems and Multicore Roman Obermaisser Agenda 09:00 09:30 Welcome and

Mixed Criticality Systems and Multicore Roman Obermaisser Agenda 09:00 09:30 Welcome and

Mixed Criticality Systems and Multicore Roman Obermaisser Agenda 09:00 09:30 Welcome and Introductions Prof Dr Roman Obermaisser, University of Siegen Short keynote address Prof Dr Heinrich Daembkes, ARTEMIS IA President The

671 views • 12 slides
Dynamic Adaptation of DAGs with Uncertain Execution Times in Heterogeneous Computing Systems Qin

Dynamic Adaptation of DAGs with Uncertain Execution Times in Heterogeneous Computing Systems Qin

Dynamic Adaptation of DAGs with Uncertain Execution Times in Heterogeneous Computing Systems Qin Zheng Institute of High Performance Computing Agency for Science, Technology and Research (A*Star), Singapore Background on DAG Scheduling

296 views • 16 slides
CHARACTERS AND STRINGS CSSE 120 Rose Hulman Institute of Technology Characters and Strings

CHARACTERS AND STRINGS CSSE 120 Rose Hulman Institute of Technology Characters and Strings

CHARACTERS AND STRINGS CSSE 120 Rose Hulman Institute of Technology Characters and Strings Characters in Python Just a one-character string >>> myChar = 'C' >>> print myChar C >>> print ord(myChar) # converts

291 views • 15 slides
IS GHANAS PETROLEUM REVENUE MANAGEMENT LAW A GOOD PUBLIC FINANCIAL MANAGEMENT TOOL FOR PUBLIC

IS GHANAS PETROLEUM REVENUE MANAGEMENT LAW A GOOD PUBLIC FINANCIAL MANAGEMENT TOOL FOR PUBLIC

IS GHANAS PETROLEUM REVENUE MANAGEMENT LAW A GOOD PUBLIC FINANCIAL MANAGEMENT TOOL FOR PUBLIC INVESTMENT AND CONSUMPTION SMOOTHING? Authors: 1. Pauline Anaman: Senior Policy Analyst, Africa Centre for Energy Policy (ACEP) 2. John Darko:

688 views • 23 slides
TLS Under Siege: A Bug Hunters Perspective Neel Mehta, Google Security What Ill Cover

TLS Under Siege: A Bug Hunters Perspective Neel Mehta, Google Security What Ill Cover

TLS Under Siege: A Bug Hunters Perspective Neel Mehta, Google Security What Ill Cover Lightning-fast background on TLS. A bunch of TLS bugs, both new and old. Perspective gained from reading lots of code. How bad are the

1.05k views • 77 slides
Todays Objec4ves Networking: TCP Threads and Synchroniza4on Sept 20, 2017 Sprenkle -

Todays Objec4ves Networking: TCP Threads and Synchroniza4on Sept 20, 2017 Sprenkle -

9/20/17 Todays Objec4ves Networking: TCP Threads and Synchroniza4on Sept 20, 2017 Sprenkle - CSCI325 1 Review What is the OSI model? What are the theore4cal layers? What are their real-world equivalents? What do they do?

390 views • 15 slides
Riding the Overflow Riding the Overflow Then and Now Then and Now Miroslav tampar

Riding the Overflow Riding the Overflow Then and Now Then and Now Miroslav tampar

Riding the Overflow Riding the Overflow Then and Now Then and Now Miroslav tampar Miroslav tampar (mstampar@zsis.hr ) (mstampar@zsis.hr ) tl;dr BalCCon2k14, Novi Sad (Serbia) September 6th,

634 views • 29 slides
Exhaustive Testing of Safety Critical Java Tomas Kalibera Pavel Parizek Charles University Michal

Exhaustive Testing of Safety Critical Java Tomas Kalibera Pavel Parizek Charles University Michal

Exhaustive Testing of Safety Critical Java Tomas Kalibera Pavel Parizek Charles University Michal Malohlava Technical University of Martin Schoeberl Denmark Exhaustive Testing with Java PathFinder (JPF) JTRES 2010 Tomas Kalibera JPF is a

485 views • 20 slides
Common software vulnerabilities: causes and consequences Ricardo J. Rodrguez CUD

Common software vulnerabilities: causes and consequences Ricardo J. Rodrguez CUD

Common software vulnerabilities: causes and consequences Ricardo J. Rodrguez CUD rjrodriguez@unizar.es @RicardoJRdez 14 de marzo, 2019 I Jornadas OWASP ZGZ $whoami Ph.D. in Computer Sciences (University of Zaragoza, 2013)

611 views • 31 slides

More recommend