http://www.dagstuhl.de/15121

March 15 – 20 , 2015, Dagstuhl Seminar 15121

Mixed Criticality on Multicore/Manycore Platforms

Organizers

Sanjoy K. Baruah (University of North Carolina at Chapel Hill, US)
Liliana Cucu-Grosjean (INRIA – Le Chesnay, FR)
Robert Davis (University of York, GB)
Claire Maiza (VERIMAG – Grenoble, FR)

For support, please contact

Dagstuhl Service Team

Documents

Dagstuhl Report, Volume 5, Issue 3 Dagstuhl Report
Aims & Scope
List of Participants
Shared Documents
Dagstuhl Seminar Schedule [pdf]

Summary

Real-time systems are characterised not only by the need for functional correctness, but also the need for timing correctness. Today, real-time embedded systems are found in many diverse application areas including; automotive electronics, avionics, and space systems. In these areas, technological progress is resulting in rapid increases in both software complexity and processing demands. To address the demand for increased processor performance, silicon vendors no longer concentrate on increasing processor clock speeds, as this approach has led to problems with high power consumption and excessive heat dissipation. Instead, technological development has shifted to multicore processors, with multiple CPUs integrated onto a single chip. The broad technology trend is towards much larger numbers of cores, referred to as manycore, requiring network-on-chip rather than bus interconnects.

Requirements on Size Weight and Power consumption, as well as unremitting cost pressures, are pushing developments in avionics and automotive electronics towards the adoption of powerful embedded multicore processors, with a longer term vision of migrating to manycore. With the adoption of such technology comes the opportunity to combine different applications on the same platform, potentially dramatically reducing assembly and production costs, while also improving reliability through a reduction in harnessing. Different applications may have different criticality levels (e.g. safety-critical, mission-critical, non-critical) designating the level of assurance needed against failure. For example, in automotive electronics, cruise control is a low criticality application, whereas electric steering assistance is of high criticality. In an aerospace context, flight control and surveillance applications in Unmanned Aerial Vehicles are of high and low criticality respectively. The very low acceptable failure rates (e.g. 10^{-9} failures per hour) for high criticality applications imply the need for significantly more rigorous and costly development and verification processes than required by low criticality applications.

Combining high and low criticality applications on the same hardware platform raises issues of time separation and composition; it must be possible to prevent the timing behaviour of high criticality applications from being disturbed by low criticality ones, otherwise both need to be engineered to the same rigorous and expensive standards. Simple methods of achieving this separation, such as time partitioning or allocation to different cores can however be wasteful of processing resources. They may require more expensive hardware than necessary, increasing production costs, which is something industry is strongly motivated to avoid. Time composability is needed so that the timing behaviour of applications, determined in isolation, remains valid when they are composed during system integration. Without time composability integration of complex applications would become infeasible expensive. The transformation of real-time embedded systems into mixed criticality multicore and manycore systems is recognised as a strategically important research area in Europe and the USA.

The seminar focused on the two key conflicting requirements of Mixed Criticality Systems: separation between criticality levels for assurance and sharing for resource efficiency, along with the related requirement of time composability. The key research questions addressed were:

  • How to provide effective guarantees of real-time performance to applications of different criticality levels via intelligent sharing of resources while respecting the requirements for asymmetric separation / isolation between criticality levels?
  • How to provide asymmetric time separation between applications with different levels of criticality so that the impact of lower criticality applications on those of higher criticality can be tightly bounded independent of the behaviour or misbehaviour of the former, without significantly compromising guaranteed real-time performance?
  • How to provide time composability for applications of different criticality levels, so that the timing behaviour of applications determined in isolation remains valid when they are composed during system integration?

The sessions of the seminar were structured around a set of themes. Particular attention was given to the interfaces between themes, as these are the areas that can benefit most from improved understanding and collaboration. The discussion groups were organized around the following themes that correspond to research challenges in mixed criticality systems (MCS):

  • Platforms and Experimental Evaluation (see Section 5.1);
  • Worst-Case Execution Time (see Section 5.2);
  • Criticality (see Section 5.3);
  • Probabilistic (see Section 5.4).

Organization of the Seminar

The seminar took place from 15th to 20th March 2015. The first day started with a keynote talk by Prof. Alan Burns (University of York), one of the most influential researchers in the Real-Time Systems field over the last 25 years. Alan reviewed advances in MCS research and underlined current open problems. An overview of his talk is provided in Section 3. The first day ended with presentations and feedback on real implementations (see Section 4) as well as identifying the main themes for group discussion.

The following three days started with presentations, which were followed by discussions either within the identified groups or in an open format.

The second day started with discussions about the motivation for mixed-criticality systems presented by three different participants (see Sections 4.4., 4.5 and 4.6). Different notations are used by different sub-communities and several presentations underlined these differences (see Sections 4.7, 4.8 and 4.9). An outline of the main ideas for probabilistic analysis of real-time systems provided the topics for the discussion group on probabilistic MCS (see Sections 4.10 and 4.11).

The morning of the third day commenced with discussions on the relation between time and MCS (see Section 4.11), which continued into the afternoon's hiking activity.

Starting from the fourth day a slot dedicated to anonymous mixed criticality supporters was added to the program allowing researchers new to the topic to identify open problems in MCS from the perspective of their different domains.

As detailed later in this report, the seminar enabled the real-time community to make important progress in articulating and reaching a common understanding on the key open problems in mixed criticality systems, as well as attracting new researchers to these open problems (see Section 6). The seminar also provided an ideal venue for commencing new collaborations, a number of which are progressing towards new research publications, see Section 7.

The seminar has helped define a research agenda for the coming years that could be supported by follow-up events, given the strong interest expressed by the participants of this seminar.

As organizers, we would like to thank Prof. Reinhard Wilhelm for encouraging us to submit the seminar proposal, Dagstuhl's Scientific Directorate for allowing us to run a seminar on mixed criticality systems, and to the staff at Schloss Dagstuhl for their superb support during the seminar itself. Finally, we would like to thank all of the participants for their strong interaction, presentations, group discussions, and work on open problems, sometimes into the early hours of the morning. We were very pleased to hear about the progress of new found collaborations, and to receive such positive feedback about the seminar itself. Thank you to everyone who participated for a most enjoyable and fruitful seminar.

License
  Creative Commons BY 3.0 Unported license
  Sanjoy K. Baruah, Liliana Cucu-Grosjean, Robert Davis, and Claire Maiza

Related Dagstuhl Seminar

Classification

  • Networks
  • Operating Systems
  • Optimization / Scheduling

Keywords

  • Real-Time Systems
  • Mixed Criticality
  • Multicore
  • Manycore
  • Scheduling
  • Schedulability Analysis
  • Timing Analysis
  • Network-on-Chip
  • Memory Architectures
  • Worst-Case Execution time
  • Real-Time Operating Systems

Book exhibition

Books from the participants of the current Seminar 

Book exhibition in the library, ground floor, during the seminar week.

Documentation

In the series Dagstuhl Reports each Dagstuhl Seminar and Dagstuhl Perspectives Workshop is documented. The seminar organizers, in cooperation with the collector, prepare a report that includes contributions from the participants' talks together with a summary of the seminar.

 

Download overview leaflet (PDF).

Publications

Furthermore, a comprehensive peer-reviewed collection of research papers can be published in the series Dagstuhl Follow-Ups.

Dagstuhl's Impact

Please inform us when a publication was published as a result from your seminar. These publications are listed in the category Dagstuhl's Impact and are presented on a special shelf on the ground floor of the library.

NSF young researcher support