Design of MixedCriticality Applications on Distributed RealTime Systems
Design of Mixed-Criticality Applications on Distributed Real-Time Systems Domițian Tămaș-Selicean
Outline § Introduction § Design optimizations at the processor-level § § § System and application models Motivational examples Optimization strategy Experimental results Realistic case study § Design optimizations at the communication network-level § § § ARINC 664 p 7 “Aircraft Data Network” and TTEthernet Motivational examples Optimization strategy Experimental results Realistic case study § Summary 2
Introduction: embedded systems embedded / real-time 3
Introduction: mixed-criticality systems embedded / real-time / safety-critical / mixed-critical 4
Introduction: evolution of architectures Federated Architecture SIL 3 SIL 4 Integrated Architecture SIL 1 SIL 4 Partitioned Architecture SIL 4 SIL 3 SIL 4 SIL 1 SIL 3 SIL 4 SIL 2 SIL 4 SIL 1 Application A 2 SIL 3 SIL 4 PE SIL 4 SIL 1 Application A 3 SIL: Safety Integrity Level dictates certification costs No separation: certification is expensive Separation through partitioning 5
Introduction 6
Introduction: design space exploration Application model Platform model CPU-level design tasks: § § § Mapping of tasks to processors Partitioning Design tasks Task schedules Network-level design tasks: § § § Packing of messages into frames Routing of frames Frame schedules System implementation model Evaluation: worst-case schedulability analysis Operational architecture 7
Outline § Introduction § Design optimizations at the processor-level § § § System and application models Motivational examples Optimization strategy Experimental results Realistic case study § Design optimizations at the communication network-level § § § ARINC 664 p 7 “Aircraft Data Network” and TTEthernet Motivational examples Optimization strategy Experimental results Realistic case study § Summary 8
System Model SIL 3 SIL 4 SIL 1 SIL 3 SIL 4 § Partition = virtual dedicated machine § Partitioned architecture § Spatial partitioning § protects one application’s memory and access to resources from another application § Temporal partitioning SIL 1 § partitions the CPU time among applications 9
System Model SIL 3 SIL 4 SIL 1 PE 2 SIL 4 SIL 3 PE 3 Partition SIL 4 Partition slice Major Frame § Temporal partitioning g n ppi a m ns § Static partitionasktable o SIL 1 e t artiti z i § Repeated tim with f p period MF p o o : on §ob. Partition overhead lem locatiswitch l r P nd a § a. Each partition can have its own scheduling policy § A partition has a certain SIL 10
Application Model § Static Cyclic Scheduling e d re : m ble o r P e d e c u pm o l ve sts o c nt Elevation: develop a task to a higher SIL 11
Application model § Task decomposition § Implementing a function of a higher SIL as several redundant tasks of a lower SIL. ask t e iz m i t : op osition m ble omp o r P dec According to ISO 26262 “Road Vehicles – Functional Safety” 12
Design tasks at the processor level § Given § § § A set of applications The criticality level (or SIL) for each task The separation requirements between tasks A set of N processing elements (PEs) The size of the Major Frame and of the Application Cycle The decomposition library § Determine § § § The mapping of tasks to PEs The sequence and length of partition slices on each processor The assignment of tasks to partitions The schedule for all the tasks in the system The partition sharing The task decomposition § Such that § All applications meet their deadline § The development costs are minimized 13
Design optimization problems: overview Mapping § Deciding in which PE to place a task Scheduling § Deciding the start times of static tasks Partitioning § Deciding the sequence and sizes of partition slices Task decomposition § Deciding how to implement a task to meet the SIL requirements Elevation § Implementing a lower SIL task at a higher SIL 14
Motivational Example § Partition sharing optimization 15
Motivational Example No partition sharing allowed t 13 does not fit in the schedule Partition sharing is allowed Reassigning t 2, t 13 and t 21 results in a successful schedule with DC = 44 16
Motivational Example Partition sharing is allowed Reassigning t 2, t 13 and t 21 results in a successful schedule with DC = 44 Optimized partitioned sharing Optimizing the mapping, partitioning and partition sharing results in schedulable implementation with DC = 37 and one extra time unit on N 2 17
Optimization Strategy § Mixed-Criticality Design Optimization (MCDO) strategy: § Tabu Search meta-heuristic § § The mapping of tasks to processors The sequence and length of partition slices on each PE The assignment of tasks to partitions The task decomposition § List scheduling § The schedule for the applications § Tabu Search § Explores the solution space using design transformations § Minimizes the cost function § Development cost § Constraint: schedulability 18
Experimental Results § Benchmarks § 7 synthetic § 2 real life test cases from E 3 S § MCDO compared to: § MO+PO § Strategy where first we do a mapping optimization, without considering partitioning (MO), and then we perform a partitioning optimization, considering the mapping obtained previously as fixed (PO) § MPO § Mapping and partitioning optimization is done at the same time, but without considering partition sharing. § MP+PO and MPO use “degree of schedulability” as the cost function 19
Experimental Results • It is important to simultaneously optimize the mapping and partitioning • Only by using partition sharing and SIL decomposition we can reduce costs • The optimization is important especially for large or loaded systems 20
Realistic Case Study , to k r wo s (5 month JPL stay) e am lem r f le prob b a end esign t x y e ent d l i s Ea iffer d 21
Outline § Introduction § Design optimizations at the processor-level § § § System and application models Motivational examples Optimization strategy Experimental results Realistic case study § Design optimizations at the communication network-level § § § ARINC 664 p 7 “Aircraft Data Network” and TTEthernet Motivational examples Optimization strategy Experimental results Realistic case study § Summary 22
ARINC 664 p 7 “Aircraft Data Network” Network Switch ES 1 NS 1 ES 3 NS 2 ES 4 End System NS 3 § Full-Duplex Ethernet-based data network for safety-critical applications 23
ARINC 664 p 7 “Aircraft Data Network” ES 1 ES 3 NS 1 NS 2 ES 4 NS 3 CPU RAM ROM NIC 24
ARINC 664 p 7 “Aircraft Data Network” ES 1 to NS 1 to ES 1 ES 3 NS 1 NS 2 ES 4 NS 3 dataflow link 25
ARINC 664 p 7 “Aircraft Data Network” ES 1 virtual link τ1 τ2 vl 2 NS 1 ES 2 τ4 ES 3 τ5 NS 2 vl 1 τ3 ES 4 NS 3 § Highly critical application A 1: τ1, τ2 and τ3 § τ1 sends message m 1 to τ2 and τ3 § Non-critical application A 2: τ4 and τ5 § τ4 sends message m 2 to τ5 26
ARINC 664 p 7 “Aircraft Data Network” ES 1 dataflow path τ1 dp 1 l 1 ize m i opt ting : lem k rou b o Pr al lin u dp 2 virt NS 1 ES 2 τ4 vl 1 l 2 τ2 l 3 NS 2 l 4 τ3 ES 3 τ5 ES 4 NS 3 § Highly critical application A 1: τ1, τ2 and τ3 § τ1 sends message m 1 to τ2 and τ3 § Non-critical application A 2: τ4 and τ5 § τ4 sends message m 2 to τ5 27
TTEthernet § ARINC 664 p 7 compliant § Traffic classes: § synchronized communication § Time Triggered (TT) § unsynchronized communication § Rate Constrained (RC) – ARINC 664 p 7 traffic class § Best Effort (BE) – no timing guarantees § Standardized as SAE AS 6802 § Marketed by TTTech Computertechnik AG § Implemented by Honeywell on the NASA Orion Constellation 28
TT Transmission ES 1 NS 1 ES 2 CPU FU P 1, 1 τ 1 TT P 1, 2 τ 2 P 1, 3 FU b B 1, Tx f 2 B 2, Tx SS TTS b a NS 2 TTR SR TTS B 1, Tx B 1, Rx τ3 B 2, Tx SS B 2, Rx CPU P 2, 1 τ4 P 2, 2 P 2, 3 a f 3 NS 3 f 4 a TT frames send according to sending schedules b Window of acceptance based on receive schedules A 1: τ1 à m 1 àτ3, RC A 2: τ2 à m 2 àτ4, TT 29
RC Transmission ES 1 1 f 1 CPU P 1, 1 τ 1 P 1, 2 τ 2 P 1, 3 2 Q 1, Tx TR 1 Q 2, Tx TR 2 3 B 2, Tx SS QTx ES 2 FU RCS FU TT TTR b a NS 2 TP RC TTS B 1, Tx f 2 NS 1 SR B 1, Rx TTS B 1, Tx B 2, Rx Q 2, Rx B 2, Tx CPU P 2, 1 τ4 τ3 Q 1, Rx SS P 2, 2 P 2, 3 a f 3 NS 3 f 4 A 1: τ1 à m 1 àτ3, RC A 2: τ2 à m 2 àτ4, TT a TT frames send according to sending schedules b Window of acceptance based on receive schedules 1 RC frames characteristic: Bandwidth Allocation Gap (BAG) 2 Traffic regulator enforces the BAG for each VL 3 Traffic integration policies: timely block, preemption, shuffling 30
Application Model 31
Worst-Case End-to-End Delay les u d he c s he s t e iz ame m i t op e TT fr : lem or th b o f Pr 32
Design tasks at the communication network-level § Given § The topology of the network § The set of TT and RC frames § For each frame the size, the deadline and the period § Determine § § § The fragmenting of messages and packing into frames The assignment of frames to virtual links The routing of virtual links The bandwidth for each RC virtual link The set of TT schedules § Such that § The deadlines for the TT and RC frames are satisfied 33
Design optimization problems: overview Scheduling TT frames § Deciding the schedules of TT frames in ES and NS devices Routing § Deciding the routing of virtual links Bandwidth for RC VLs § Deciding the Bandwidth Allocation Gap for RC VLs Fragmenting § Deciding if and how to split messages before transmission Packing § Deciding which messages to pack into a frame 34
Motivational Example 35
Motivational Example Baseline solution – no optimization Routing optimization 36
Motivational Example Baseline solution – no optimization Packing optimization 37
Motivational Example Baseline solution – no optimization Schedule optimization Reschedule frame f 5 on [ES 2, NS 1] and [NS 1, NS 3] 38
Optimization Strategy § Design Optimization of TTEthernet-based Systems (DOTTS) : § Tabu Search meta-heuristic § § The fragmenting of messages and packing in frames The assignment of frames to virtual links The routing of virtual links The bandwidth for each RC virtual link List scheduling § The schedules for the TT frames § Tabu Search § Explores the solution space using design transformations § Minimizes the cost function § Degree of schedulability for RC frames § Constraint: schedulability for all messages 39
Experimental Results § Benchmarks § 8 synthetic § 2 real life test cases § DOTTS compared to: § Routing Optimization (RO) § Optimizes the routing only. § Packing and Fragmenting Optimization (PFO) § Optimizes the fragmenting and packing. § Scheduling Optimization (SO) § Optimizes the scheduling of TT frames. 40
Experimental Results • SO yields the biggest improvement among RO, PFO and SO • It is necessary to simultaneously optimize the routing, packing and fragmenting, and scheduling, to obtain schedulable solutions. 41
Realistic Case Study § Next generation space vehicle § Implements TTEthernet § The case study: network for CM and SM § Extended DOTTS to: , to k r wo s e ram blem f e ro bl a p d n ten desig x e ily rent s a E e diff § perform architecture selection § capture Qo. S for BE traffic 42
Outline § Introduction § Design optimizations at the processor-level § § § System and application models Motivational examples Optimization strategy Experimental results Realistic case study § Design optimizations at the communication network-level § § § ARINC 664 p 7 “Aircraft Data Network” and TTEthernet Motivational examples Optimization strategy Experimental results Realistic case study § Summary 43
Summary § Design problems at the processor-level: § § § § Mapping of tasks to PEs Deciding the sequence and length of partition slices on each PE ols o Assignment of tasks to partitions t rt y o p p calit u s Task decomposition n iti s as g r i c s de ixed raint e Schedule table generation d t i m rov ment g cons sts p leusing Response time analysisanfor in. FPS dincopartitioned architectures t totasks t p e m p ort fully i com ility an p Addressed alsoissoft h im real-time itapplications lab ess It cc s w hedu u n s o to licati y, sc t app safe § Design problems at the communication network-level: § § § Deciding the fragmenting and packing of messages into frames Routing of virtual links Generation of schedules for TT frames Architecture selection to reduce the cost of the system Addressed also BE traffic 44
Design of Mixed-Criticality Applications on Distributed Real-Time Systems Domițian Tămaș-Selicean
- Slides: 45