Upload
others
View
4
Download
0
Embed Size (px)
Citation preview
HW/SW Codesign - Mixed-Criticality Systems
Johannes Obermuller
January 24, 2017
Johannes Obermuller Mixed-Criticality Systems January 24, 2017 1
Overview
1 IntroductionDefinitionMotivationChallenges
2 Techniques for Mixed-Criticality SystemsSchedulingPartitioning/VirtualizationArchitectures for Mixed-Criticality Systems
3 ExamplesTTSoCMemory Hierarchy for Mixed-Criticality Systems
4 Outlook & Conclusion
Johannes Obermuller Mixed-Criticality Systems January 24, 2017 2
Introduction
Johannes Obermuller Mixed-Criticality Systems January 24, 2017 3
Definition - Mixed-Criticality System (MCS)
Mixed-Criticality System (MCS)
A system where applications of different levels of criticality are executedon a shared computing platform.
Johannes Obermuller Mixed-Criticality Systems January 24, 2017 4
Definition - Criticality
Criticality
Criticality is a designation of the level of assurance against failureneeded for a system component. Burns, Davis [1]
example classifications:
safety-critical / non-safety-critical
entertainment / comfort / safety functions
safety-critical / mission-critical / uncritical
Johannes Obermuller Mixed-Criticality Systems January 24, 2017 5
Criticality levels in Industry
SILs (Safety Integrity Levels)
ASILs (Automotive SILs)
DALs (Development Assurance Levels)
Some relevant safety standards: IEC 61508, DO-178B, ISO 26262
DO-178B
table from [2]
→ Level has huge influence on development costs!!
Johannes Obermuller Mixed-Criticality Systems January 24, 2017 6
Criticality levels in Industry
SILs (Safety Integrity Levels)
ASILs (Automotive SILs)
DALs (Development Assurance Levels)
Some relevant safety standards: IEC 61508, DO-178B, ISO 26262
DO-178B
table from [2]
→ Level has huge influence on development costs!!
Johannes Obermuller Mixed-Criticality Systems January 24, 2017 6
Examples of Mixed-Criticality Systems
Johannes Obermuller Mixed-Criticality Systems January 24, 2017 7
Motivation
Johannes Obermuller Mixed-Criticality Systems January 24, 2017 8
Current Situation
Huge performance increase in computing→ makes novel applications feasible
Results in addition of lots of comfort / infotainment functions→ major differentiator for manufacturers
But at the same time usage of ES in safety-critical areas is increasing→ X-by-wire,...
Example: current premium car [3],[4]
70 computers, ∼ 100 electric motors and 3 km of wiring
functions: driver assistance features, ESP systems, motor control,...
future services: weather and traffic information, stations or foodlocation, breakdown or accident assistance,...
→ more functions integrated, some critical, others less so
similar situation in other domains: aerospace, medical systems,manufacturing equipment,...
Johannes Obermuller Mixed-Criticality Systems January 24, 2017 9
Current Situation
Huge performance increase in computing→ makes novel applications feasible
Results in addition of lots of comfort / infotainment functions→ major differentiator for manufacturers
But at the same time usage of ES in safety-critical areas is increasing→ X-by-wire,...
Example: current premium car [3],[4]
70 computers, ∼ 100 electric motors and 3 km of wiring
functions: driver assistance features, ESP systems, motor control,...
future services: weather and traffic information, stations or foodlocation, breakdown or accident assistance,...
→ more functions integrated, some critical, others less so
similar situation in other domains: aerospace, medical systems,manufacturing equipment,...
Johannes Obermuller Mixed-Criticality Systems January 24, 2017 9
Current Situation
Huge performance increase in computing→ makes novel applications feasible
Results in addition of lots of comfort / infotainment functions→ major differentiator for manufacturers
But at the same time usage of ES in safety-critical areas is increasing→ X-by-wire,...
Example: current premium car [3],[4]
70 computers, ∼ 100 electric motors and 3 km of wiring
functions: driver assistance features, ESP systems, motor control,...
future services: weather and traffic information, stations or foodlocation, breakdown or accident assistance,...
→ more functions integrated, some critical, others less so
similar situation in other domains: aerospace, medical systems,manufacturing equipment,...
Johannes Obermuller Mixed-Criticality Systems January 24, 2017 9
Current Situation
Huge performance increase in computing→ makes novel applications feasible
Results in addition of lots of comfort / infotainment functions→ major differentiator for manufacturers
But at the same time usage of ES in safety-critical areas is increasing→ X-by-wire,...
Example: current premium car [3],[4]
70 computers, ∼ 100 electric motors and 3 km of wiring
functions: driver assistance features, ESP systems, motor control,...
future services: weather and traffic information, stations or foodlocation, breakdown or accident assistance,...
→ more functions integrated, some critical, others less so
similar situation in other domains: aerospace, medical systems,manufacturing equipment,...
Johannes Obermuller Mixed-Criticality Systems January 24, 2017 9
Drawbacks of current situation
Car:
tremendous effort in cabling (3 km of cables)
wastes spaceincreases weight (VW Phaeton: 64kg)decreases reliability (connectors & cables are a major problem)
70 ECUs
high hardware cost (30% of overall production cost)inefficient power usage
Johannes Obermuller Mixed-Criticality Systems January 24, 2017 10
Proposed Solution
Johannes Obermuller Mixed-Criticality Systems January 24, 2017 11
Benefits of integration
Reduced Size, Weight and Power (SWaP)
cf. car: 3 km of wiring, 70 ECUs
Lower hardware cost
Increased reliability
cf. connectors & cables
Johannes Obermuller Mixed-Criticality Systems January 24, 2017 12
Motivation - Utilize Multi-core Processors
Multi-core processors are becoming prevalent in Embedded Systems
estimated deployment in industrial applications: 45% [5]
Typically only one core used (in safety-critical applications)
→ want to better utilize them by executing multiple applications (possiblyof different criticality)
But:
need to isolate applications of different criticality
WCET analysis on mult-core is very difficult
→ lots of ongoing research
Johannes Obermuller Mixed-Criticality Systems January 24, 2017 13
Motivation - Utilize Multi-core Processors
Multi-core processors are becoming prevalent in Embedded Systems
estimated deployment in industrial applications: 45% [5]
Typically only one core used (in safety-critical applications)
→ want to better utilize them by executing multiple applications (possiblyof different criticality)
But:
need to isolate applications of different criticality
WCET analysis on mult-core is very difficult
→ lots of ongoing research
Johannes Obermuller Mixed-Criticality Systems January 24, 2017 13
Motivation - Utilize Multi-core Processors
Multi-core processors are becoming prevalent in Embedded Systems
estimated deployment in industrial applications: 45% [5]
Typically only one core used (in safety-critical applications)
→ want to better utilize them by executing multiple applications (possiblyof different criticality)
But:
need to isolate applications of different criticality
WCET analysis on mult-core is very difficult
→ lots of ongoing research
Johannes Obermuller Mixed-Criticality Systems January 24, 2017 13
Motivation - Utilize Multi-core Processors
Multi-core processors are becoming prevalent in Embedded Systems
estimated deployment in industrial applications: 45% [5]
Typically only one core used (in safety-critical applications)
→ want to better utilize them by executing multiple applications (possiblyof different criticality)
But:
need to isolate applications of different criticality
WCET analysis on mult-core is very difficult
→ lots of ongoing research
Johannes Obermuller Mixed-Criticality Systems January 24, 2017 13
Motivation - Conclusion
MCS are an increasingly important trend in the design of real-timeand embedded systems
Huge interest from industry
Priority topic on European funded research projects
Johannes Obermuller Mixed-Criticality Systems January 24, 2017 14
Challenges
Johannes Obermuller Mixed-Criticality Systems January 24, 2017 15
Certification - The ”Lift-Up Effect”
[6]
Johannes Obermuller Mixed-Criticality Systems January 24, 2017 16
Multi-core processors
Commercial off-the-shelf (COTS) multi-core platforms are a source ofindeterminism.
Shared resources that cause temporal unpredictability:
Caches
Memory
I/O
→ application in one core can affect temporal behaviour of application inanother core
→ can lead to prohibitive certification costs
Johannes Obermuller Mixed-Criticality Systems January 24, 2017 17
Fundamental Challenges
Heterogenity
Dissimilar requirements in terms of timing: firm, soft, hard,non-realtime
Different models of computation: dataflow, time-triggered messaging,distributed shared memory
Fundamental research question Burns, Davis [1]
reconcile the conflicting requirements of:
partitioning (for safety assurance)
sharing (for efficient resource usage)
Johannes Obermuller Mixed-Criticality Systems January 24, 2017 18
Fundamental Challenges
Heterogenity
Dissimilar requirements in terms of timing: firm, soft, hard,non-realtime
Different models of computation: dataflow, time-triggered messaging,distributed shared memory
Fundamental research question Burns, Davis [1]
reconcile the conflicting requirements of:
partitioning (for safety assurance)
sharing (for efficient resource usage)
Johannes Obermuller Mixed-Criticality Systems January 24, 2017 18
Techniques for Mixed-Criticality Systems
Johannes Obermuller Mixed-Criticality Systems January 24, 2017 19
Scheduling
Focus of much theoretical research on MCSUses criticality-specific WCETs
Assumption: the higher the criticality level of a task, the morepessimistic its WCET
Many standard scheduling results not applicable for MCS
But not much intersection with HW/SW-Codesign.
Further Reading
Good Survey in ”Mixed Criticality Systems - A Review”[1]
Johannes Obermuller Mixed-Criticality Systems January 24, 2017 20
Scheduling
Focus of much theoretical research on MCSUses criticality-specific WCETs
Assumption: the higher the criticality level of a task, the morepessimistic its WCET
Many standard scheduling results not applicable for MCS
But not much intersection with HW/SW-Codesign.
Further Reading
Good Survey in ”Mixed Criticality Systems - A Review”[1]
Johannes Obermuller Mixed-Criticality Systems January 24, 2017 20
Partitioning
Strong isolation of applications/partitions:
Execution of one partition MUST NOT beinfluenced by execution of another partition.
Spatial partitioning
Protect one partitions’s memory and access to resources from otherpartitions.
Resources: CPU, memory, network, I/O devices, Interrupts,...
Temporal partitioning
Eliminate temporal interference between partitions.
→ partition the CPU time (and access to resources) among applications
Major benefit of partitioning: reduced certification costs
Johannes Obermuller Mixed-Criticality Systems January 24, 2017 21
Partitioning
Strong isolation of applications/partitions:
Execution of one partition MUST NOT beinfluenced by execution of another partition.
Spatial partitioning
Protect one partitions’s memory and access to resources from otherpartitions.
Resources: CPU, memory, network, I/O devices, Interrupts,...
Temporal partitioning
Eliminate temporal interference between partitions.
→ partition the CPU time (and access to resources) among applications
Major benefit of partitioning: reduced certification costs
Johannes Obermuller Mixed-Criticality Systems January 24, 2017 21
Partitioning
Strong isolation of applications/partitions:
Execution of one partition MUST NOT beinfluenced by execution of another partition.
Spatial partitioning
Protect one partitions’s memory and access to resources from otherpartitions.
Resources: CPU, memory, network, I/O devices, Interrupts,...
Temporal partitioning
Eliminate temporal interference between partitions.
→ partition the CPU time (and access to resources) among applications
Major benefit of partitioning: reduced certification costs
Johannes Obermuller Mixed-Criticality Systems January 24, 2017 21
Partitioning
Strong isolation of applications/partitions:
Execution of one partition MUST NOT beinfluenced by execution of another partition.
Spatial partitioning
Protect one partitions’s memory and access to resources from otherpartitions.
Resources: CPU, memory, network, I/O devices, Interrupts,...
Temporal partitioning
Eliminate temporal interference between partitions.
→ partition the CPU time (and access to resources) among applications
Major benefit of partitioning: reduced certification costs
Johannes Obermuller Mixed-Criticality Systems January 24, 2017 21
Partitioning
Strong isolation of applications/partitions:
Execution of one partition MUST NOT beinfluenced by execution of another partition.
Spatial partitioning
Protect one partitions’s memory and access to resources from otherpartitions.
Resources: CPU, memory, network, I/O devices, Interrupts,...
Temporal partitioning
Eliminate temporal interference between partitions.
→ partition the CPU time (and access to resources) among applications
Major benefit of partitioning: reduced certification costs
Johannes Obermuller Mixed-Criticality Systems January 24, 2017 21
Partitioning
Strong isolation of applications/partitions:
Execution of one partition MUST NOT beinfluenced by execution of another partition.
Spatial partitioning
Protect one partitions’s memory and access to resources from otherpartitions.
Resources: CPU, memory, network, I/O devices, Interrupts,...
Temporal partitioning
Eliminate temporal interference between partitions.
→ partition the CPU time (and access to resources) among applications
Major benefit of partitioning: reduced certification costs
Johannes Obermuller Mixed-Criticality Systems January 24, 2017 21
Architectures for Mixed-Criticality Systems
Johannes Obermuller Mixed-Criticality Systems January 24, 2017 22
Federated Architecture
Applications are executed on separate processors:
→ partitioning of shared network necessary
Johannes Obermuller Mixed-Criticality Systems January 24, 2017 23
Federated Architecture
Applications are executed on separate processors:
→ partitioning of shared network necessary
Johannes Obermuller Mixed-Criticality Systems January 24, 2017 23
Partitioning of the Network
Another instance of the fundamental MCS challenge
partition the use of the network to enhance safety
share the capacity of the network to reduce cost
Partitioning by Arbitration: e.g. TDMA
Enforced by Architectural Approaches[7]:
Johannes Obermuller Mixed-Criticality Systems January 24, 2017 24
Partitioning of the Network
Another instance of the fundamental MCS challenge
partition the use of the network to enhance safety
share the capacity of the network to reduce cost
Partitioning by Arbitration: e.g. TDMA
Enforced by Architectural Approaches[7]:
Johannes Obermuller Mixed-Criticality Systems January 24, 2017 24
Partitioning of the Network
Another instance of the fundamental MCS challenge
partition the use of the network to enhance safety
share the capacity of the network to reduce cost
Partitioning by Arbitration: e.g. TDMA
Enforced by Architectural Approaches[7]:
Johannes Obermuller Mixed-Criticality Systems January 24, 2017 24
Federated Architecture - Example
Figure: Federated Architecture in a car [8]
Johannes Obermuller Mixed-Criticality Systems January 24, 2017 25
Federated Architecture - Problems
one device per function
more and more functions added
results in excessive resource consumption
premium car: 70-100 ECUs
is being replaced by integrated architectures
enabled by more powerful (multi-core) processors
Johannes Obermuller Mixed-Criticality Systems January 24, 2017 26
Evolution of Architectures
Johannes Obermuller Mixed-Criticality Systems January 24, 2017 27
Integrated Architecture
Applications are executed on a shared processor:
Problem: Partitioning much harder
Johannes Obermuller Mixed-Criticality Systems January 24, 2017 28
Integrated Architecture
Applications are executed on a shared processor:
Problem: Partitioning much harder
→ Solution: use of a Separation Kernel/Hypervisor (Virtualization)
Johannes Obermuller Mixed-Criticality Systems January 24, 2017 29
Separation/Partitioning Kernel
Partitioning Kernel - MILS architecture
”The overall security of a distributed system rests partly on the physicalseparation of its components and partly on the critical functions performedby some of those components. The role which I propose for a securitykernel is simply that it should re-create, within a single sharedmachine, an environment which supports the various components of thesystem, and provides the communications channels between them, in sucha way that individual components of the system cannot distinguishthis shared environment from a physically distributed one.”[9]
→ a hypervisor is one possible implementation of the concept of apartitioning kernel
Johannes Obermuller Mixed-Criticality Systems January 24, 2017 30
Virtualization
Hypervisor (aka. Virtual Machine Monitor (VMM))
”computer software, firmware, or hardware, that creates and runs virtualmachines” (Wikipedia)
Type-1 (native / bare-metal) Type-2 (hosted)
Johannes Obermuller Mixed-Criticality Systems January 24, 2017 31
Virtualization: Type-1 vs. Type-2 Performance
Figure: Number of mode-switches for a syscall (Type-1 vs. Type-2 Hypervisor)
→ hybrids exist:
Linux KVM
FreeBSD’s bhyve
Johannes Obermuller Mixed-Criticality Systems January 24, 2017 32
Virtualization: Options
Type-1 vs. Type-2
Full virtualization vs. para-virtualization vs. binary translation
→ in MCS: mostly type-1 with para-virtualization
highest performance
OS sources often available
But also full virtualization becoming possible by added HW support
Johannes Obermuller Mixed-Criticality Systems January 24, 2017 33
Virtualization: Options
Type-1 vs. Type-2
Full virtualization vs. para-virtualization vs. binary translation
→ in MCS: mostly type-1 with para-virtualization
highest performance
OS sources often available
But also full virtualization becoming possible by added HW support
Johannes Obermuller Mixed-Criticality Systems January 24, 2017 33
Virtualization: Options
Type-1 vs. Type-2
Full virtualization vs. para-virtualization vs. binary translation
→ in MCS: mostly type-1 with para-virtualization
highest performance
OS sources often available
But also full virtualization becoming possible by added HW support
Johannes Obermuller Mixed-Criticality Systems January 24, 2017 33
Main problems prohibiting full virtualization [10]
instruction set is not virtualizable
memory management
interrupt handling
I/O device handling
→ necessary HW Support: Supervisor Mode, MMU, EPT, IOMMU,...
Problems to be solved for MCS:
Memory Arbitration
Caches: invalidate them at context switches, or partitioned caches
I/O Arbitration
Interrupts
Communication/Networking: TDMA,...
Johannes Obermuller Mixed-Criticality Systems January 24, 2017 34
Mixed-Criticality Systems vs. TMR
Figure: Failure containment regions and fault containment modules [11]
MCS/Composability: failure containment regions
TMR: fault containment modules
”The majority of the research in mixed-criticality systems do not considerthe possibility of permanent faults”[12]
Johannes Obermuller Mixed-Criticality Systems January 24, 2017 35
Examples
Johannes Obermuller Mixed-Criticality Systems January 24, 2017 36
TTSoC - Federated Architecture on a SoC
Figure: TTSoC Architecture [13]
Johannes Obermuller Mixed-Criticality Systems January 24, 2017 37
Memory Hierarchy for Mixed-Criticality Systems
Figure: Memory access topology proposed in [14], [15]
Johannes Obermuller Mixed-Criticality Systems January 24, 2017 38
Cache Partitioning
Hardware-based
Software-based:
Compiler-basedOS-controlled
Johannes Obermuller Mixed-Criticality Systems January 24, 2017 39
Arbiter
Johannes Obermuller Mixed-Criticality Systems January 24, 2017 40
Memory Arbitration
Johannes Obermuller Mixed-Criticality Systems January 24, 2017 41
Memory Arbitration Performance
Johannes Obermuller Mixed-Criticality Systems January 24, 2017 42
Future Outlook
Access to shared HW resources
Time-predictable processor architecturesFlexPRET [16], Patmos [17]
Formal Verification of Hypervisor
seL4 [18], XtratuM [19]
Manycores:
Mixed Criticality on Multicore/Manycore Platforms (DagstuhlSeminar) [20]
MCC EU research project [21]
Johannes Obermuller Mixed-Criticality Systems January 24, 2017 43
Future Outlook
Access to shared HW resources
Time-predictable processor architecturesFlexPRET [16], Patmos [17]
Formal Verification of Hypervisor
seL4 [18], XtratuM [19]
Manycores:
Mixed Criticality on Multicore/Manycore Platforms (DagstuhlSeminar) [20]
MCC EU research project [21]
Johannes Obermuller Mixed-Criticality Systems January 24, 2017 43
Future Outlook
Access to shared HW resources
Time-predictable processor architecturesFlexPRET [16], Patmos [17]
Formal Verification of Hypervisor
seL4 [18], XtratuM [19]
Manycores:
Mixed Criticality on Multicore/Manycore Platforms (DagstuhlSeminar) [20]
MCC EU research project [21]
Johannes Obermuller Mixed-Criticality Systems January 24, 2017 43
Future Outlook
Access to shared HW resources
Time-predictable processor architecturesFlexPRET [16], Patmos [17]
Formal Verification of Hypervisor
seL4 [18], XtratuM [19]
Manycores:
Mixed Criticality on Multicore/Manycore Platforms (DagstuhlSeminar) [20]
MCC EU research project [21]
Johannes Obermuller Mixed-Criticality Systems January 24, 2017 43
Take Away Messages
MCS are an increasingly important trend in the design of real-timeand embedded systems
Federated Architecture → Integrated Architecture (Multi-core,Hypervisor)
Fundamental Challenge: Partitioning vs. Sharing
Johannes Obermuller Mixed-Criticality Systems January 24, 2017 44
Take Away Messages
MCS are an increasingly important trend in the design of real-timeand embedded systems
Federated Architecture → Integrated Architecture (Multi-core,Hypervisor)
Fundamental Challenge: Partitioning vs. Sharing
Johannes Obermuller Mixed-Criticality Systems January 24, 2017 44
Take Away Messages
MCS are an increasingly important trend in the design of real-timeand embedded systems
Federated Architecture → Integrated Architecture (Multi-core,Hypervisor)
Fundamental Challenge: Partitioning vs. Sharing
Johannes Obermuller Mixed-Criticality Systems January 24, 2017 44
Discussion
Are MCS an unavoidable result of prevalence of embedded systems andconsumers’ desire for ever more features? Are there alternatives?
When implementing the MILS architecture, what differences remainbetween federated and integrated architectures?
Johannes Obermuller Mixed-Criticality Systems January 24, 2017 45
Discussion
Are MCS an unavoidable result of prevalence of embedded systems andconsumers’ desire for ever more features? Are there alternatives?
When implementing the MILS architecture, what differences remainbetween federated and integrated architectures?
Johannes Obermuller Mixed-Criticality Systems January 24, 2017 45
Alan Burns and Robert Davis.Mixed criticality systems-a review.Department of Computer Science, University of York, Tech. Rep, 2016.
James H Anderson, Sanjoy Baruah, and Bjorn B Brandenburg.Multicore operating-system support for mixed criticality.In Proceedings of the Workshop on Mixed Criticality: Roadmap toEvolving UAV Certification, 2009.
Alfons Crespo, Alejandro Alonso, Marga Marcos, Juan A. de laPuente, and Patricia Balbastre.Mixed Criticality in Control Systems.IFAC Proceedings Volumes, 47(3):12261–12271, 2014.
Jon Perez, David Gonzalez, Salvador Trujillo, and Ton Trapman.A safety concept for an iec-61508 compliant fail-safe wind powermixed-criticality system based on multicore and partitioning.In Ada-Europe International Conference on Reliable SoftwareTechnologies, pages 3–17. Springer, 2015.
S. Trujillo, A. Crespo, and A. Alonso.Johannes Obermuller Mixed-Criticality Systems January 24, 2017 45
MultiPARTES: Multicore Virtualization for Mixed-Criticality Systems.In 2013 Euromicro Conference on Digital System Design, pages260–265, September 2013.
Arjan Geven.Mixed criticality for complex networked systems.In Mixed Criticality Systems Seminar, 2012.
Peter Puschner.Vo echtzeitsysteme, 2014.
Wolfgang Kastner.Vu dezentrale automation, 2014.
John M Rushby.Design and verification of secure systems, volume 15.ACM, 1981.
Christopher Helpa.State of the art hardware and virtualization extensions.Part of the Seventh Framework Programme Funded by the EC–DGINFSO, pages 1–52, 2012.Johannes Obermuller Mixed-Criticality Systems January 24, 2017 45
Stefan Resch, Andreas Steininger, and Christoph Scherrer.Software Composability and Mixed Criticality for Triple ModularRedundant Architectures.In Matthieu ROY, editor, SAFECOMP 2013 - Workshop SASSUR(Next Generation of System Assurance Approaches for Safety-CriticalSystems) of the 32nd International Conference on Computer Safety,Reliability and Security, page NA, Toulouse, France, September 2013.
Abhilash Thekkilakattil, Alan Burns, Radu Dobrin, and SasikumarPunnekkat.Mixed criticality systems: Beyond transient faults.In Proc. 3rd Workshop on Mixed Criticality Systems (WMC), RTSS,pages 18–23, 2015.
A. Wasicek, C. El-Salloum, and H. Kopetz.A System-on-a-Chip Platform for Mixed-Criticality Applications.In 2010 13th IEEE International Symposium onObject/Component/Service-Oriented Real-Time DistributedComputing, pages 210–216, May 2010.
Johannes Obermuller Mixed-Criticality Systems January 24, 2017 45
Bekim Cilku and Peter Puschner.Towards temporal and spatial isolation in memory hierarchies formixed-criticality systems with hypervisors.Proc. ReTiMiCS, RTCSA, pages 25–28, 2013.
B. Cilku, A. Crespo, P. Puschner, J. Coronel, and S. Peiro.A TDMA-Based arbitration scheme for mixed-criticality multicoreplatforms.In 2015 International Conference on Event-based Control,Communication, and Signal Processing (EBCCSP), pages 1–6, June2015.
M. Zimmer, D. Broman, C. Shaver, and E. A. Lee.FlexPRET: A processor platform for mixed-criticality systems.In 2014 IEEE 19th Real-Time and Embedded Technology andApplications Symposium (RTAS), pages 101–110, April 2014.
Martin Schoeberl, Pascal Schleuniger, Wolfgang Puffitsch, FlorianBrandner, Christian W. Probst, Sven Karlsson, and Tommy Thorn.
Johannes Obermuller Mixed-Criticality Systems January 24, 2017 45
Towards a Time-predictable Dual-Issue Microprocessor: The PatmosApproach.In Philipp Lucas, Lothar Thiele, Benoit Triquet, Theo Ungerer, andReinhard Wilhelm, editors, Bringing Theory to Practice: Predictabilityand Performance in Embedded Systems, volume 18, pages 11–21,Grenoble, France, March 2011. Philipp Lucas, Lothar Thiele, BenoitTriquet, Theo Ungerer, and Reinhard Wilhelm.
Gerwin Klein, Kevin Elphinstone, Gernot Heiser, June Andronick,David Cock, Philip Derrin, Dhammika Elkaduwe, Kai Engelhardt,Rafal Kolanski, Michael Norrish, et al.sel4: Formal verification of an os kernel.In Proceedings of the ACM SIGOPS 22nd symposium on Operatingsystems principles, pages 207–220. ACM, 2009.
David Sanan, Andrew Butterfield, and Mike Hinchey.Separation kernel verification: The xtratum case study.In Working Conference on Verified Software: Theories, Tools, andExperiments, pages 133–149. Springer, 2014.
Johannes Obermuller Mixed-Criticality Systems January 24, 2017 45
Sanjoy K Baruah, Liliana Cucu-Grosjean, Roabert I Davis, and ClaireMaiza.Mixed criticality on multicore/manycore platforms (dagstuhl seminar15121).In Dagstuhl Reports, volume 5. Schloss Dagstuhl-Leibniz-Zentrum fuerInformatik, 2015.
Mixed criticality embedded systems on many-core platforms.
Johannes Obermuller Mixed-Criticality Systems January 24, 2017 46
More Definitions
A system containing computer hardware and software that can executeseveral applications of different criticality. (Wikipedia)
[...] is the integration of components with different levels of criticality ontoa common hardware platform. (Alan Burns and Robert I. Davis)
Systems where applications of different security or safety-criticality sharethe same hardware. (Varun Sethi & Michael Paulitsch)
Integration of functions with different safety assurance levels using ashared computing platform. (Roman Obermaisser)
Systems composed of a mixture of safety-critical and non-critical parts, asfor example when an aircraft contains a passenger entertainment systemthat is isolated from the safety-critical flight systems.
Johannes Obermuller Mixed-Criticality Systems January 24, 2017 46
More Definitions (ctd.)
A mixed criticality system is ”an integrated suite of HW, OS, middlewareservices and application software that supports the concurrent execution ofsafety-critical, mission-critical, and non-critical software within a single,secure computing platform”, i.e. a system containing computer hardwareand software that executes concurrently several applications of differentcriticality (such as safety-critical and non-safety critical).
Johannes Obermuller Mixed-Criticality Systems January 24, 2017 47