Dependability Driven Integration of Mixed Criticality SW Components Shariful Islam, Robert Lindström and Neeraj Suri Department of Computer Science TU Darmstadt, Germany {ripon,rl,suri}@informatik.tu-darmstadt.de Supported in part by EU IP DECOS www.decos.at Dependable Embedded Systems & SW Group www.deeds.informatik.tu-darmstadt.de
Outline Motivation System Models The Mapping Approach Mapping Illustration Conclusions 2
Motivation Federated: Each function assigned to dedicated node (e.g., in cars) SC Components (e.g., brake-by-wire) non-sc Components (e.g., doors control system) BPS Job 4 SP Job 20 Job 35 Network BFC BAs Job 5 NBC WL Job 21 Job 36 Integrated Job 16 M Job 34 Job n Good FT but expensive from resource view Partitioned-by-design Networks 3
Motivation (Contd.) Limited resource set Integrating SW components of mixed criticality Criticality partitions maintained: FT and RT requirements are not compromised Mapping defined as Jobs onto suitable nodes (allocation) and Ordering SW execution in time (scheduling) Goal: A dependability driven resource allocation approach for consolidated mapping of SC and non-sc components Jobs (SC + non-sc) Mapping (Allocation, scheduling) Distributed shared platform Prime driver: Dependability [1] Wang, S. et al. Component Allocation with Multiple Resource Constraints for Large Embedded Real-Time Software Design. In IEEE RTAS, pp. 219 226. 2004. [2] Lee, Y. et al. Resource Scheduling in Dependable Integrated Modular Avionics. In Proc. of the Int. Conf. on Dependable Systems and Networks, pp. 14 23. 2000. 4
System Models HW and communication model Set of connected nodes Nodes contain (partitioned OS or discrete) processors + CC 1 TTN 2 based node communication System partitioning Each job runs in a single partition Boundaries among jobs to prevent error propagation sensors/actuators Partition A OS Service A Service Interface OS Kernel Comm. Controller 1 Communication Controller 2 Time Triggered Network 5
SW model System Models (Contd.) Components of varied criticality Components decomposed into jobs Job properties Input and output ports (for receiving/sending messages) Timing requirements Dependability requirements (to provide required level of FT) Fault model (HW & SW) ( ESTCT, & D) Errors due to transient, crash or SW-internal faults EST Shared resources introduce paths for error propagation Propagation of errors via communicating jobs (interactions) CT D Earliest Start Time Computation Time Deadline 6
Constraints Binding constraints Resource needs (e.g., sensors, actuators) Dependability constraints SC and non-sc partitioning Separation of replicas for SC components Timing constraints Precedence Deadlines Computing constraints Computational Memory Communication constraints Bandwidth Jobs (SC + non-sc) Mapping (Allocation, scheduling) Distributed shared platform Constraints 7
The Overall Process Generalized mapping approach Mapping Feasible Optimization Assessment Replication, Interactions SW model Selection of jobs, Constraints HW model Non-feasible Primary driver: Dependability Mapping Heuristics/Algorithms Feasible assignment (one or more solution) Assessment framework Good/Near-optimal mapping 8
The SW-HW Mapping Process Goal is to assign jobs onto nodes Mapping strategies Heuristics Facilitates iterative assignment Optimal ordering no backtracking necessary [3] j 1 j 2a j 2b j 3 j 4 n 0 n 1 Jobs j 1, j 2a, j 2b, j 3 and j 4 nodes n 0 and n 1 Jobs C1 are binding ordered constraints so that jmost conflicting 1 n 0 and C2 most fault constrained tolerance j jobs handled first 2a, j 2b must not run on the same node C3 max 3 jobs can run on a single node (computing constraints) j 4 j 3 j 2a j 2b j 1 X n 0 n 1 [3] Sadeh, N. et al. Variable and Value Ordering Heuristics for the Job Shop Scheduling Constraint Satisfaction Problem. Artificial Intelligence, 86(1): pp. 1 41, 1996. 9
Provide fault tolerance Assign replicated jobs onto different nodes Still provide services in case a fault occurs Reduce communication and interactions Highly communicating jobs onto the same node Mapping Strategies Reduce error propagation probability Increase performance (avoiding network delay) 40 j 1 n 0 n 1 n 1 n 0 j 2 m 12 m 24 m 13 m 34 j3 30 30 n 0 n 1 j 1 20 j 4 Deadline: 140ms Slot length 10ms TDMA of 20ms 2 messages/slot j 2 j 3 m 12 m 24 m 34 m 13 S 0 S 1 S 0 S 1 S 0 S 1 S 0 S 1 S 0 S 1 m 12 m 34 j 1 j 3 j 2 j 4 140ms Length decreases 30ms j 4 10
Schedulability Mapping Strategies (Contd.) Satisfy precedence and deadline constraints Necessary condition for schedulability max j ζ where ζ is the set Example ( D ) min ( EST ) j of j ζ j j ζ CT jobs assigned on the same node j EST CT D Earliest Start Time Computation Time Deadline Let, j1 { EST, CT, D} {2,4,10} j3 {7,4,14} j {5,5,12} 4 Cannot be assigned onto the same node since (( 14 2) < (4 + 6 + 5)) 11
Heuristic Process Prerequisite HW model and Platform independent SW components Estimation of job s properties Extracted constraints Allocation algorithm execute once for each phase Phase 1: Assign replicated jobs from SC-component Phase 2: Assign non-replicated jobs from SC-component Phase 3: Assign jobs from non-sc component Result Schedulable placement of jobs onto nodes 12
Dependability/RT Driven Algorithm Replication of jobs Job ordering heuristics Node ordering heuristics Evaluation of assignment - iterative Backtrack if necessary * Space allocation and Course timetabling 13
Ordering Heuristics How to order jobs and nodes? j 1 E.g., j 1 sends 4 bytes to j 2 per execution 4 j 2 5 5 j3 8 n 0 n 1 j4 sensor A j 1 j 2 j 3 j 4 n 0 1 1 0 1 3 n 1 1 1 1 1 4 2 2 1 2 Assignment matrix C j 1 j 2 j 3 j 4 j 1 0 4 5 0 j 2 4 0 0 8 j 3 5 0 0 5 j 4 0 8 5 0 Communication matrix Nodes with most possible assignment come first Order n 1,n 0 Jobs with least possible assignment come first Order j 3,j 1,j 2,j 4 Break ties Jobs are ordered with potential amount of communication Order j 3,j 4,j 2,j 1 [4] Ramamritham, K. Allocation and Scheduling of Precedence-Related Periodic Tasks. IEEE Trans. Parallel Distrib. Syst., 1995. 14
Assignment Evaluation Empty node - only check binding constraints Already assigned job: Phase 1: check FT, schedulability, computing capability Phase 2, 3: check schedulability and computing capability Feasible assignment found select assignment Else exploration continues with the next node Dead end is reached - backtrack Terminates when job list is empty or no feasible assignment is found in previous step 15
Mapping Illustration Example of automotive application SC component brake-by-wire (6 jobs, denoted as j 1 to j 6 including 2 SC jobs criticality degree of 3) non-sc component door control system (8 jobs, denoted as j 7 to j 14 where 2 jobs need temp. sensor) 4 nodes HW platform (node consists of two processors) Implementing highly dependable systems No previous mapping process considered this architecture j 1a,j 2a, j 7,j 13, j 5 j 14 SC non- SC CC j 1b,j 2b, j 6 j 8,j 11 j 1c,j 2c j 9,j 10 CC CC TDMA based network j 3,j 4 j 12 CC Resulting allocation of jobs from the brake-by-wire and doors components 16
DECOS Implementation PIM PIM PIM XML CRD XML bound PI XML PIM-PIL type map XML Code Information XML Job + SA replication Marking Job allocation Python Partition/Job Scheduler Python VIATRA DECOS Model Store Python Message Scheduler Python XML PSM www.decos.at 17
Conclusions and Future Work FT driven schedulable allocation Use of comprehensive strategies with the formulation of constraints Dependability Providing fault tolerance Minimizing interactions Allowing partitions for the desired system design Examples show the usefulness of the algorithm Next step: Implementation, comparing heuristics, optimization 18