HLC-PCP: A resource synchronization protocol for certifiable mixed criticality scheduling

https://doi.org/10.1016/j.sysarc.2016.01.008Get rights and content

Highlights

  • We propose HLC-PCP (Highest-Locker Criticality, Priority-Ceiling Protocol), which extends the well-known Priority Ceiling Protocol (PCP) to be applicable to AMC (Adaptive Mixed-Criticality), a variant of MCS. We present methods for worst-case blocking time computation with HLC-PCP, used for schedulability analysis of AMC with resource sharing, for both the dual-criticality model and the general multi-criticality model. This helps relax one of the key limiting assumptions of most MCS work, that is, tasks with different levels of criticality do not have common shared resources.

Abstract

Today’s safety-critical Cyber-Physical Systems (CPS) often need to integrate multiple diverse applications with varying levels of importance, or criticality. Mixed-Criticality Scheduling (MCS) has been proposed with the objectives of achieving certification at multiple criticality levels and efficient utilization of hardware resources. Current work on MCS typically assumes tasks at different criticality levels are independent and do not share any resources (data). We propose HLC-PCP (Highest-Locker Criticality, Priority-Ceiling Protocol), which extends the well-known Priority Ceiling Protocol (PCP) to be applicable to AMC (Adaptive Mixed-Criticality), a variant of MCS. We present methods for worst-case blocking time computation with HLC-PCP, used for schedulability analysis of AMC with resource sharing, for both the dual-criticality model and the general multi-criticality model.

Introduction

Today’s complex Cyber-Physical Systems often need to integrate multiple diverse applications with varying levels of criticality, or importance. For example, in the avionics certification standard DO-178B, there are 5 criticality levels, classified according to the degree of damage caused by failure of the application: catastrophic; hazardous; major; minor; no effect. Similarly, in the automotive safety certification standard ISO 26262, there are 4 criticality levels: ASIL (Automotive Safety and Integrity Level) A-D. In both avionics and automotive domains, there has been a trend of increasing degree of integration of multiple applications on shared hardware platforms, i.e., to move from many distributed small processors to a few centralized, powerful processors, with benefits of reduced network traffic and increased system reliability. A Mixed criticality system is a system with multiple applications at different levels of criticality executing on the same hardware platform. Current industry practice achieves strong isolation by resource reservation and virtualization, e.g., ARINC 653 software architecture for Integrated Modular Avionics, but this approach tends to result in resource over-provisioning, making it unsuitable for resource-constrained environments like automotive embedded systems.

In order to address the challenges of integrating mixed-criticality systems on a shared hardware platform, researchers have proposed Mixed-Criticality Scheduling (MCS) [1], with the objectives of achieving certification at multiple criticality levels while having efficient utilization of hardware resources. In order to achieve safety certification at multiple levels of criticality with different levels of design assurance, task τi is given multiple different Worst-Case Execution Time (WCET) estimates, one for each criticality level, and certification at each criticality level uses the WCET estimate at the corresponding criticality level. For example, consider a dual-criticality system with two criticality levels Low (LO) and High (HI). A task τi is given two WCET estimates: a tight, optimistic estimate Ci(LO) for LO-critical level that may be occasionally exceeded, used for certification at the LO-critical level; and a loose, pessimistic estimate Ci(HI) for HI-critical level that should rarely, if ever, be exceeded, used for certification at HI-crit level. For certification at LO-crit level, all tasks (LO-critical and HI-critical levels) must be considered; for certification at HI-crit level, only the HI-crit tasks are considered, since all LO-critiacl tasks are removed from the system (either dropped, or assigned the lowest background priority).

For the sake of strong functional and temporal isolation, current work on MCS typically assumes tasks at different criticality levels are independent and do not have any shared resources (data). While reasonable, this assumption may be unnecessarily restrictive and conservative, since resource sharing between criticality levels is often necessary for today’s large and complex applications. In this paper, we propose HLC-PCP (Highest-Locker Criticality, Priority-Ceiling Protocol), which extends the well-known Priority Ceiling Protocol (PCP) to be applicable to MCS, with bounded worst-case blocking time.

This paper is structured as follows: we present background and related work in Section 2; HLC-PCP for dual-criticality systems in Section 3; HLC-PCP for multiple criticality levels in Section 4, which is a generalization of dual-criticality systems; priority assignment algorithm in Section 5; performance evaluation in Section 6; conclusions in Section 7.

Section snippets

Background and related work

A safety-critical system may experience different types of faults at runtime, including hardware faults (transient or permanent), software faults (bugs), timing faults (timing constraints are not satisfied). In MCS, we are only concerned with timing faults, caused by tasks exceeding their estimated WCET (Worst-Case Execution Time) at runtime, not with the other types of faults. Therefore, MCS is orthogonal and complementary to traditional fault-tolerance techniques designed to handle hardware

Protocol definition

We present a synchronization protocol designed for protecting shared resources in the context of AMC, called Highest-locker-Criticality and Priority Ceiling Protocol (HLC-PCP), which is an extension to conventional PCP[15] by introducing criticality inheritance.

Consider a set of N sporadic tasks, τ={τ1,,τN} that access shared resources protected by a set of M semaphores, S={S1,,Sk,,SM}. Each task τi is characterized by a tuple of parameters Ti,Di,Ci,Pi,pi,Li,li,σi, with two additional

Protocol definition

Suppose there is a total of NC criticality levels, numbered from low to high as (1,,m,,NC). The AMC protocol can be extended to this general case easily, e.g., drop all tasks with active criticality level lower than the current system-wide criticality mode m. Each semaphore Sk is associated with a Priority Ceiling in system-wide criticality mode m PC(Sk, m), defined as the highest priority of the tasks that can lock it in criticality mode m, including all tasks with nominal criticality

Priority assignment

It is proved in [7] that Audsley’s optimal priority assignment [26] is applicable to AMC. As AMC with HLC-PCP is an extension of AMC, Audsley’s optimal priority assignment is also applicable to AMC with HLC-PCP ,as long as the blocking times are taken into account in the schedulability analysis. Formally for this to be the case, the schedulability test for AMC with HLC-PCP adheres to the following conditions of Audsley’s algorithm:

  • The schedulability of a task τk is dependent on the set of

Performance evaluation

We generate random tasksets, where each taskset Γk has five parameters: the number of criticality levels NC, LO-crit CPU utilization UkLO, the number of tasks NT, the number of semaphores NS, the ratio of critical section length SF. Each task τi in taskset Γk was generated using similar techniques to [27]:

  • Given a UkLO, the utilization ui of a task τi in Γk was generated by the UUnifast algorithm [28].

  • The period Ti of a task τi was 100x where x was randomly sampled from a uniform distribution

Conclusion

In this paper, we present HLC-PCP (Highest-Locker Criticality, Priority-Ceiling Protocol), which extends the Priority Ceiling Protocol (PCP) in the context of AMC (Adaptive Mixed-Criticality) for MCS. We formally prove its correctness and worst-case blocking time analysis, which are used for schedulability analysis of AMC with resource sharing, for both the dual-criticality model and the general multi-criticality model, as well as the priority assignment algorithm.

Acknowledgements

This project is supported by National Natural Science Foundation of China (Grants No. 61272127, No. 61471165 and No. 61572164).

Qingling Zhao received her B.S. degree in Computer Science from Northwest A&F University, China in 2009, and is currently a Ph.D. student in the College of Computer Science and Technology, Zhejiang University. Her research interests include real-time embedded systems and real-time scheduling.

References (28)

  • H.-M. Huang

    MCFlow: Middleware for Mixed-Criticality Distributed Real-Time Systems

    (2012)
  • S. Vestal

    Preemptive scheduling of multi-criticality systems with varying degrees of execution time assurance

    Proceedings of the 28th IEEE International Real-Time Systems Symposium, 2007. RTSS 2007.

    (2007)
  • M.A. Haque et al.

    Real-time scheduling under fault bursts with multiple recovery strategy

    Proceedings of IEEE 20th Real-Time and Embedded Technology and Applications Symposium (RTAS), 2014

    (2014)
  • A. Burns et al.

    Mixed Criticality Systems: A Review

    (2013)
  • S. Baruah et al.

    Towards the design of certifiable mixed-criticality systems

    Proceedings of the 16th IEEE Real-Time and Embedded Technology and Applications Symposium (RTAS), 2010

    (2010)
  • N. Guan et al.

    Effective and efficient scheduling of certifiable mixed-criticality sporadic task systems

    Proceedings of IEEE 32nd Real-Time Systems Symposium (RTSS), 2011

    (2011)
  • C. Gu et al.

    Improving ocbp-based scheduling for mixed-criticality sporadic task systems.

    RTCSA

    (2013)
  • S.K. Baruah et al.

    Response-time analysis for mixed criticality systems

    RTSS

    (2011)
  • T. Fleming et al.

    Extending mixed criticality scheduling

    Proceedings of Workshop on Mixed Criticality Systems (WMC)

    (2013)
  • S.K. Baruah et al.

    Mixed-criticality scheduling of sporadic task systems

    Algorithms–ESA 2011

    (2011)
  • F. Santy et al.

    Relaxing mixed-criticality scheduling strictness for task sets scheduled with fp

    Proceedings of the 24th Euromicro Conference on Real-Time Systems (ECRTS), 2012

    (2012)
  • E. Bini et al.

    Sensitivity analysis for fixed-priority real-time systems

    Real-Time Syst.

    (2008)
  • A. Burns et al.

    Towards a more practical model for mixed criticality systems

    Proc. WMC, RTSS

    (2013)
  • H. Su et al.

    An elastic mixed-criticality task model and its scheduling algorithm

    Proceedings of the Conference on Design, Automation and Test in Europe

    (2013)
  • Cited by (12)

    • Memory-efficient deep learning inference with incremental weight loading and data layout reorganization on edge systems

      2021, Journal of Systems Architecture
      Citation Excerpt :

      Meanwhile, these approaches increased the training complexity and hardware overhead. In recent years, a number of studies [6–8] are proposed to solve problems or optimize the performance in Cyber–Physical Systems. For CPSS applications, with the development of modern high-performance hardware (such as Graphics Processing Unit (GPU) and Tensor Processing Unit (TPU)) and the availability of large-scale datasets, the accuracy of image classification and target recognition are getting higher.

    • PHDFS: Optimizing I/O performance of HDFS in deep learning cloud computing platform

      2020, Journal of Systems Architecture
      Citation Excerpt :

      Cloud computing [12] is a new innovation and a great leap in the information age after the Internet and computers, which also brings huge challenges, such as distributed storage and scheduling. In recent years, a lot of works [13–19] are proposed to solve problems or optimize the performance in cloud platform. HDFS, designed and implemented by Apache free software foundation based on Google file system, is the most popular among many open source cloud storage systems.

    • An active scheduling policy for automotive cyber-physical systems

      2019, Journal of Systems Architecture
      Citation Excerpt :

      This work has been extended in [7,11], and inspired substantial further investigation of mixed-criticality cyber-physical systems. In terms of automotive domain applications, Zhao et al. considered on hardware resource constraints in automotive ECUs due to competitive pressure to reduce per-unit cost, and presented techniques for reducing application stack memory size of a multitasking system [12–15], and reducing edge buffer size in implementation of multirate Synchronous-Reactive models such as Simulink [16]. The mixed-criticality scheduling for DAG-based tasks based on federated scheduling was studied recently [17,18].

    • Early prediction of reliability and availability of combined hardware-software systems based on functional failures

      2019, Journal of Systems Architecture
      Citation Excerpt :

      A sharp increase in the use of software-intensive systems has been noticed in recent times. Even a wide range of safety-critical hardware devices that perform a multitude of activities are often controlled by software [1,2]. For example, in the aircraft industry, a significant increase in the use of combined hardware-software systems can be noticed.

    • Priority Ceiling Protocol Based on Avoidance Blocking

      2023, Ruan Jian Xue Bao/Journal of Software
    View all citing articles on Scopus

    Qingling Zhao received her B.S. degree in Computer Science from Northwest A&F University, China in 2009, and is currently a Ph.D. student in the College of Computer Science and Technology, Zhejiang University. Her research interests include real-time embedded systems and real-time scheduling.

    Zonghua Gu received his Ph.D. degree in Computer Science and Engineering from the University of Michigan at Ann Arbor in 2004. He is currently an associate professor in the College of Computer Science, Zhejiang University. His research area is real-time and embedded systems.

    Min Yao received his Ph. D. degree in Biomedical Engineering and Instrument from Zhejiang University, China, in 1995. He is currently a professor in the College of Computer Science and Technology, Zhejiang University. His research interests include computational intelligence, pattern recognition, knowledge discovery and knowledge service.

    Haibo Zeng is currently an Assistant Professor at Virginia Tech, USA. He received his Ph.D. in Electrical Engineering and Computer Sciences from University of California at Berkeley. He was a senior researcher at General Motors R&D until October 2011, and an assistant professor at McGill University until August 2014. His research interests are design methodology, analysis, and optimization for embedded systems, cyber-physical systems, and real-time systems. He earned three best paper citations in the above fields.

    View full text