EDF Schedulability Analysis on Mixed-Criticality Systems with Permitted Failure Probability Zhishan Guo , Luca Santinelli * , and Kecheng Yang Department of Computer Science, UNC Chapel Hill *ONERA The French Aerospace Lab at Toulouse
The Multi-WCET MC Task Model Implicit Deadline • The Liu & Layland (LL) sporadic task model: Task τ i = (c i , T i ) – Worst-case execution requirement – Minimum inter-arrival separation (period)
The Multi-WCET MC Task Model Implicit Deadline • The Liu & Layland (LL) sporadic task model: Task τ i = (c i , T i ) – Worst-case execution requirement – Minimum inter-arrival separation (period) • Provisioning assumptions (e.g., WCET-analysis tools) may be more or less conservative • Example: x := a + b 3 ~ 321 cycles
The Multi-WCET MC Task Model Implicit Deadline • The Liu & Layland (LL) sporadic task model: Task τ i = (c i , T i ) – Worst-case execution requirement – Minimum inter-arrival separation (period) • Provisioning assumptions (e.g., WCET-analysis tools) may be more or less conservative Static Analysis; • Example: x := a + b Pessimistic c iHI 3 ~ 321 cycles c iLO t Measurement Based; Optimistic
Our MC Task Model Implicit Deadline • Liu & Layland (LL) sporadic task: τ i = (c i , T i ) • MC sporadic task: τ i = (c iLO , c iHI , T i , HI) – Worst-case execution estimates – Minimum inter-arrival separation (period) – Criticality level Static Analysis; Pessimistic c iHI c iLO t Measurement Based; Optimistic
Our MC Task Model Implicit Deadline • Liu & Layland (LL) sporadic task: τ i = (c i , T i ) • MC sporadic task: τ i = (c iLO , c iHI , T i , HI) • HI task τ i = (c iLO , c iHI , f i , T i , HI) – Worst-case execution estimates along with failure prob. – Minimum inter-arrival separation (period) Failure Probability – Criticality level c iHI c iLO t
Our MC Task Model Implicit Deadline • Liu & Layland (LL) sporadic task: τ i = (c i , T i ) • MC sporadic task: τ i = (c iLO , c iHI , T i , HI) • HI task τ i = (c iLO , c iHI , f i , T i , HI) For each HI-criticality task τ i , Failure Probability within a time interval of one hour , no job of τ i has an execution greater than c iHI and the probability of any job of τ i has an execution greater than c iLO is f i — we would expect f i to c iHI be a very small positive value. c iLO t
Why Failure Probability? • Steve Vestal. Preemptive scheduling of multi-criticality systems with varying degrees of execution time assurance . RTSS 2007. c iHI c iLO t
Why Failure Probability? c iHI c iLO t • Steve Vestal. Preemptive scheduling of multi-criticality systems with varying degrees of execution time assurance . RTSS 2007. Abstract tract … the more more con confi fiden dence ce one ne needs in a task exe xecut cutio ion ti time me bo bound, the larger and more conservative that bound tends to become in practice. … We assume a task may have a set of alt lter erna nati tive ve wor worst st-ca case se execu cuti tion on times, each ch assured to to a differ feren ent level of of CONFIDENCE ENCE.
Why Failure Probability? c iHI c iLO t • Steve Vestal. Preemptive scheduling of multi-criticality systems with varying degrees of execution time assurance . RTSS 2007. Abstract tract … the more more con confi fiden dence ce one ne needs in a task exe xecut cutio ion ti time me bo bound, the larger and more conservative that bound tends to become in practice. … We assume a task may have a set of alt lter erna nati tive ve wor worst st-ca case se execu cuti tion on times, each ch assured to to a differ feren ent level of of CONFIDENCE ENCE. f i is a quantized form of confidence
* Fudge factor Why Failure Probability? c iHI c iLO t • Steve Vestal. Preemptive scheduling of multi-criticality systems Static Analysis with varying degrees of execution time assurance . RTSS 2007. Abstract tract Eval aluat atio ion n This paper is based on a conjecture that the more more conf confide idence ce one ne needs in a task exe execut cution ion ti time me bo bound nd (the less tolerant one is of In some cases, experience or special fa fact ctors ors associated with a missed deadlines), the larger and more conservative that bound tends particular application domain were taken into account, sometimes to become in practice. … We assume a task may have a set of including added safety margins. alt lter ernati native ve wor worst st-ca case se exec executi tion ti time mes, each ch as assured sured to to a di diff ffer erent nt level el of of CONFIDENCE ENCE.
Why Failure Probability? c iHI c iLO t • Steve Vestal. Preemptive scheduling of multi-criticality systems with varying degrees of execution time assurance . RTSS 2007. Remark mark Eval aluat atio ion n Abstract tract One would obtain WCET bounds onl nly at the precision and lev level el of of Discussions with individuals from various Honeywell sites indicated This paper is based on a conjecture that the more more conf confide idence ce one ne assurance ce required . that execution time measurements obtained from instrumented needs in a task exe execut cution ion ti time me bo bound nd (the less tolerant one is of platforms were the primary but not not on only dat data used to determine missed deadlines), the larger and more conservative that bound tends worst-case execution time parameters. Testing was influenced by the to become in practice. … We assume a task may have a set of desi esign as assuran urance ce lev level el of a task … . In some cases experience or special alt lter ernati native ve wor worst st-ca case se exec executi tion ti time mes, each ch as assured sured to to a di diff ffer erent nt fa factor ctors associated with a particular application domain were taken level el of of CONFIDENCE ENCE. into account, sometimes including added safety margins.
Why Failure Probability? c iHI c iLO t • Steve Vestal. Preemptive scheduling of multi-criticality systems with varying degrees of execution time assurance . RTSS 2007. Remark mark Eval aluat atio ion n Abstract tract One would obtain WCET bounds onl nly at the precision and lev level el of of Discussions with individuals from various Honeywell sites indicated This paper is based on a conjecture that the more more conf confide idence ce one ne assurance ce required . that execution time measurements obtained from instrumented needs in a task exe execut cution ion ti time me bo bound nd (the less tolerant one is of platforms were the primary but not not on only dat data used to determine missed deadlines), the larger and more conservative that bound tends An allowed system failure probability F S is specified. worst-case execution time parameters. Testing was influenced by the to become in practice. … We assume a task may have a set of It describes the permitted probability of the system failing desi esign as assuran urance ce lev level el of a task … . In some cases experience or special alt lter ernati native ve wor worst st-ca case se exec executi tion ti time mes, each ch as assured sured to to a di diff ffer erent nt factor fa ctors associated with a particular application domain were taken to meet timing constraints during one hour of execution . level el of of CONFIDENCE ENCE. F S may be very close to zero (e.g., 10 −12 for some safety- into account, sometimes including added safety margins. critical avionics systems).
Why Failure Probability? c iHI c iLO t • Steve Vestal. Preemptive scheduling of multi-criticality systems with varying degrees of execution time assurance . RTSS 2007. Remark mark Eval aluat atio ion n Abstract tract One would obtain WCET bounds onl nly at the precision and lev level el of of Discussions with individuals from various Honeywell sites indicated This paper is based on a conjecture that the more more conf confide idence ce one ne assurance ce required . that execution time measurements obtained from instrumented needs in a task exe execut cution ion ti time me bo bound nd (the less tolerant one is of Tractable exact WCET analysis would reduce but not entirely platforms were the primary but not not on only dat data used to determine missed deadlines), the larger and more conservative that bound tends eliminate the utility of these methods. For example, the longest worst-case execution time parameters. Testing was influenced by the to become in practice. … We assume a task may have a set of execution paths might be sufficiently infrequent in practice (e.g. desi esign as assuran urance ce lev level el of a task … . In some cases experience or special alt lter ernati native ve wor worst st-ca case se exec executi tion ti time mes, each ch as assured sured to to a di diff ffer erent nt error handling paths) that they sho shoul uld be be ig ignore nored for low-to- factor fa ctors associated with a particular application domain were taken level el of of CONFIDENCE ENCE. moderate criticality tasks. Occ ccasi asional nal deadline misses may be into account, sometimes including added safety margins. tolerable, especially by tasks at lower criticality levels.
Recommend
More recommend
