368 research outputs found

    Ordonnancement des systÚmes avec différents niveaux de criticité

    Get PDF
    Real-time safety-critical systems must complete their tasks within a given time limit. Failure to successfully perform their operations, or missing a deadline, can have severe consequences such as destruction of property and/or loss of life. Examples of such systems include automotive systems, drones and avionics among others. Safety guarantees must be provided before these systems can be deemed usable. This is usually done through certification performed by a certification authority.Safety evaluation and certification are complicated and costly even for smaller systems.One answer to these difficulties is the isolation of the critical functionality. Executing tasks of different criticalities on separate platforms prevents non-critical tasks from interfering with critical ones, provides a higher guaranty of safety and simplifies the certification process limiting it to only the critical functions. But this separation, in turn, introduces undesirable results portrayed by an inefficient resource utilization, an increase in the cost, weight, size and energy consumption which can put a system in a competitive disadvantage.To overcome the drawbacks of isolation, Mixed Criticality (MC) systems can be used. These systems allow functionalities with different criticalities to execute on the same platform. In 2007, Vestal proposed a model to represent MC-systems where tasks have multiple Worst Case Execution Times (WCETs), one for each criticality level. In addition, correctness conditions for scheduling policies were formally defined, allowing lower criticality jobs to miss deadlines or be even dropped in cases of failure or emergency situations.The introduction of multiple WCETs and different conditions for correctness increased the difficulty of the scheduling problem for MC-systems. Conventional scheduling policies and schedulability tests proved inadequate and the need for new algorithms arose. Since then, a lot of work has been done in this field.In this thesis, we contribute to the study of schedulability in MC-systems. The workload of a system is represented as a set of jobs that can describe the execution over the hyper-period of tasks or over a duration in time. This model allows us to study the viability of simulation-based correctness tests in MC-systems. We show that simulation tests can still be used in mixed-criticality systems, but in this case, the schedulability of the worst case scenario is no longer sufficient to guarantee the schedulability of the system even for the fixed priority scheduling case. We show that scheduling policies are not predictable in general, and define the concept of weak-predictability for MC-systems. We prove that a specific class of fixed priority policies are weakly predictable and propose two simulation-based correctness tests that work for weakly-predictable policies.We also demonstrate that contrary to what was believed, testing for correctness can not be done only through a linear number of preemptions.The majority of the related work focuses on systems of two criticality levels due to the difficulty of the problem. But for automotive and airborne systems, industrial standards define four or five criticality levels, which motivated us to propose a scheduling algorithm that schedules mixed-criticality systems with theoretically any number of criticality levels. We show experimentally that it has higher success rates compared to the state of the art.We illustrate how our scheduling algorithm, or any algorithm that generates a single time-triggered table for each criticality mode, can be used as a recovery strategy to ensure the safety of the system in case of certain failures.Finally, we propose a high level concurrency language and a model for designing an MC-system with coarse grained multi-core interference.Les systĂšmes temps-rĂ©el critiques doivent exĂ©cuter leurs tĂąches dans les dĂ©lais impartis. En cas de dĂ©faillance, des Ă©vĂ©nements peuvent avoir des catastrophes Ă©conomiques. Des classifications des dĂ©faillances par rapport aux niveaux des risques encourus ont Ă©tĂ© Ă©tablies, en particulier dans les domaines des transports aĂ©ronautique et automobile. Des niveaux de criticitĂ© sont attribuĂ©s aux diffĂ©rentes fonctions des systĂšmes suivant les risques encourus lors d'une dĂ©faillance et des probabilitĂ©s d'apparition de celles-ci. Ces diffĂ©rents niveaux de criticitĂ© influencent les choix d'architecture logicielle et matĂ©rielle ainsi que le type de composants utilisĂ©s pour sa rĂ©alisation. Les systĂšmes temps-rĂ©els modernes ont tendance Ă  intĂ©grer sur une mĂȘme plateforme de calcul plusieurs applications avec diffĂ©rents niveaux de criticitĂ©. Cette intĂ©gration est nĂ©cessaire pour des systĂšmes modernes comme par exemple les drones (UAV) afin de rĂ©duire le coĂ»t, le poids et la consommation d'Ă©nergie. Malheureusement, elle conduit Ă  des difficultĂ©s importantes lors de leurs conceptions. En plus, ces systĂšmes doivent ĂȘtre certifiĂ©s en prenant en compte ces diffĂ©rents niveaux de criticitĂ©s.Il est bien connu que le problĂšme d'ordonnancement des systĂšmes avec diffĂ©rents niveaux de criticitĂ©s reprĂ©sente un des plus grand dĂ©fi dans le domaine de systĂšmes temps-rĂ©el. Les techniques traditionnelles proposent comme solution l’isolation complĂšte entre les niveaux de criticitĂ© ou bien une certification globale au plus haut niveau. Malheureusement, une telle solution conduit Ă  une mauvaise des ressources et Ă  la perte de l’avantage de cette intĂ©gration. En 2007, Vestal a proposĂ© un modĂšle pour reprĂ©senter les systĂšmes avec diffĂ©rents niveaux de criticitĂ© dont les tĂąches ont plusieurs temps d’exĂ©cution, un pour chaque niveau de criticitĂ©. En outre, les conditions de validitĂ© des stratĂ©gies d’ordonnancement ont Ă©tĂ© dĂ©finies de maniĂšre formelle, permettant ainsi aux tĂąches les moins critiques d’échapper aux dĂ©lais, voire d’ĂȘtre abandonnĂ©es en cas de dĂ©faillance ou de situation d’urgence.Les politiques de planification conventionnelles et les tests d’ordonnoncement se sont rĂ©vĂ©lĂ©s inadĂ©quats.Dans cette thĂšse, nous contribuons Ă  l’étude de l’ordonnancement dans les systĂšmes avec diffĂ©rents niveaux de criticitĂ©. La surcharge d'un systĂšme est reprĂ©sentĂ©e sous la forme d'un ensemble de tĂąches pouvant dĂ©crire l'exĂ©cution sur l'hyper-pĂ©riode de tĂąches ou sur une durĂ©e donnĂ©e. Ce modĂšle nous permet d’étudier la viabilitĂ© des tests de correction basĂ©s sur la simulation pour les systĂšmes avec diffĂ©rents niveaux de criticitĂ©. Nous montrons que les tests de simulation peuvent toujours ĂȘtre utilisĂ©s pour ces systĂšmes, et la possibilitĂ© de l’ordonnancement du pire des scĂ©narios ne suffit plus, mĂȘme pour le cas de l’ordonnancement avec prioritĂ© fixe. Nous montrons que les politiques d'ordonnancement ne sont gĂ©nĂ©ralement pas prĂ©visibles. Nous dĂ©finissons le concept de faible prĂ©visibilitĂ© pour les systĂšmes avec diffĂ©rents niveaux de criticitĂ© et nous montrons ensuite qu'une classe spĂ©cifique de stratĂ©gies Ă  prioritĂ© fixe sont faiblement prĂ©visibles. Nous proposons deux tests de correction basĂ©s sur la simulation qui fonctionnent pour des stratĂ©gies faiblement prĂ©visibles.Nous montrons Ă©galement que, contrairement Ă  ce que l’on croyait, le contrĂŽle de l’exactitude ne peut se faire que par l’intermĂ©diaire d’un nombre linĂ©aire de prĂ©emptions.La majoritĂ© des travaux reliĂ©s Ă  notre domaine portent sur des systĂšmes Ă  deux niveaux de criticitĂ© en raison de la difficultĂ© du problĂšme. Mais pour les systĂšmes automobiles et aĂ©riens, les normes industrielles dĂ©finissent quatre ou cinq niveaux de criticitĂ©, ce qui nous a motivĂ©s Ă  proposer un algorithme de planification qui planifie les systĂšmes Ă  criticitĂ© mixte avec thĂ©oriquement un nombre quelconque de niveaux de criticitĂ©. Nous montrons expĂ©rimentalement que le taux de rĂ©ussite est supĂ©rieur Ă  celui de l’état de la technique

    Hard Real-Time Java:Profiles and Schedulability Analysis

    Get PDF

    Embedded System Design

    Get PDF
    A unique feature of this open access textbook is to provide a comprehensive introduction to the fundamental knowledge in embedded systems, with applications in cyber-physical systems and the Internet of things. It starts with an introduction to the field and a survey of specification models and languages for embedded and cyber-physical systems. It provides a brief overview of hardware devices used for such systems and presents the essentials of system software for embedded systems, including real-time operating systems. The author also discusses evaluation and validation techniques for embedded systems and provides an overview of techniques for mapping applications to execution platforms, including multi-core platforms. Embedded systems have to operate under tight constraints and, hence, the book also contains a selected set of optimization techniques, including software optimization techniques. The book closes with a brief survey on testing. This fourth edition has been updated and revised to reflect new trends and technologies, such as the importance of cyber-physical systems (CPS) and the Internet of things (IoT), the evolution of single-core processors to multi-core processors, and the increased importance of energy efficiency and thermal issues

    Analyse pire cas exact du réseau AFDX

    Get PDF
    L'objectif principal de cette thĂšse est de proposer les mĂ©thodes permettant d'obtenir le dĂ©lai de transmission de bout en bout pire cas exact d'un rĂ©seau AFDX. Actuellement, seules des bornes supĂ©rieures pessimistes peuvent ĂȘtre calculĂ©es en utilisant les approches de type Calcul RĂ©seau ou par Trajectoires. Pour cet objectif, diffĂ©rentes approches et outils existent et ont Ă©tĂ© analysĂ©es dans le contexte de cette thĂšse. Cette analyse a mis en Ă©vidence le besoin de nouvelles approches. Dans un premier temps, la vĂ©rification de modĂšle a Ă©tĂ© explorĂ©e. Les automates temporisĂ©s et les outils de verification ayant fait leur preuve dans le domaine temps rĂ©el ont Ă©tĂ© utilisĂ©s. Ensuite, une technique de simulation exhaustive a Ă©tĂ© utilisĂ©e pour obtenir les dĂ©lais de communication pire cas exacts. Pour ce faire, des mĂ©thodes de rĂ©duction de sĂ©quences ont Ă©tĂ© dĂ©finies et un outil a Ă©tĂ© dĂ©veloppĂ©. Ces mĂ©thodes ont Ă©tĂ© appliquĂ©es Ă  une configuration rĂ©elle du rĂ©seau AFDX, nous permettant ainsi de valider notre travail sur une configuration de taille industrielle du rĂ©seau AFDX telle que celle embarquĂ©e Ă  bord des avions Airbus A380. The main objective of this thesis is to provide methodologies for finding exact worst case end to end communication delays of AFDX network. Presently, only pessimistic upper bounds of these delays can be calculated by using Network Calculus and Trajectory approach. To achieve this goal, different existing tools and approaches have been analyzed in the context of this thesis. Based on this analysis, it is deemed necessary to develop new approaches and algorithms. First, Model checking with existing well established real time model checking tools are explored, using timed automata. Then, exhaustive simulation technique is used with newly developed algorithms and their software implementation in order to find exact worst case communication delays of AFDX network. All this research work has been applied on real life implementation of AFDX network, allowing us to validate our research work on industrial scale configuration of AFDX network such as used on Airbus A380 aircraft. ABSTRACT : The main objective of this thesis is to provide methodologies for finding exact worst case end to end communication delays of AFDX network. Presently, only pessimistic upper bounds of these delays can be calculated by using Network Calculus and Trajectory approach. To achieve this goal, different existing tools and approaches have been analyzed in the context of this thesis. Based on this analysis, it is deemed necessary to develop new approaches and algorithms. First, Model checking with existing well established real time model checking tools are explored, using timed automata. Then, exhaustive simulation technique is used with newly developed algorithms and their software implementation in order to find exact worst case communication delays of AFDX network. All this research work has been applied on real life implementation of AFDX network, allowing us to validate our research work on industrial scale configuration of AFDX network such as used on Airbus A380 aircraft

    Analysis of Embedded Controllers Subject to Computational Overruns

    Get PDF
    Microcontrollers have become an integral part of modern everyday embedded systems, such as smart bikes, cars, and drones. Typically, microcontrollers operate under real-time constraints, which require the timely execution of programs on the resource-constrained hardware. As embedded systems are becoming increasingly more complex, microcontrollers run the risk of violating their timing constraints, i.e., overrunning the program deadlines. Breaking these constraints can cause severe damage to both the embedded system and the humans interacting with the device. Therefore, it is crucial to analyse embedded systems properly to ensure that they do not pose any significant danger if the microcontroller overruns a few deadlines.However, there are very few tools available for assessing the safety and performance of embedded control systems when considering the implementation of the microcontroller. This thesis aims to fill this gap in the literature by presenting five papers on the analysis of embedded controllers subject to computational overruns. Details about the real-time operating system's implementation are included into the analysis, such as what happens to the controller's internal state representation when the timing constraints are violated. The contribution includes theoretical and computational tools for analysing the embedded system's stability, performance, and real-time properties.The embedded controller is analysed under three different types of timing violations: blackout events (when no control computation is completed during long periods), weakly-hard constraints (when the number of deadline overruns is constrained over a window), and stochastic overruns (when violations of timing constraints are governed by a probabilistic process). These scenarios are combined with different implementation policies to reduce the gap between the analysis and its practical applicability. The analyses are further validated with a comprehensive experimental campaign performed on both a set of physical processes and multiple simulations.In conclusion, the findings of this thesis reveal that the effect deadline overruns have on the embedded system heavily depends the implementation details and the system's dynamics. Additionally, the stability analysis of embedded controllers subject to deadline overruns is typically conservative, implying that additional insights can be gained by also analysing the system's performance

    Embedded System Design

    Get PDF
    A unique feature of this open access textbook is to provide a comprehensive introduction to the fundamental knowledge in embedded systems, with applications in cyber-physical systems and the Internet of things. It starts with an introduction to the field and a survey of specification models and languages for embedded and cyber-physical systems. It provides a brief overview of hardware devices used for such systems and presents the essentials of system software for embedded systems, including real-time operating systems. The author also discusses evaluation and validation techniques for embedded systems and provides an overview of techniques for mapping applications to execution platforms, including multi-core platforms. Embedded systems have to operate under tight constraints and, hence, the book also contains a selected set of optimization techniques, including software optimization techniques. The book closes with a brief survey on testing. This fourth edition has been updated and revised to reflect new trends and technologies, such as the importance of cyber-physical systems (CPS) and the Internet of things (IoT), the evolution of single-core processors to multi-core processors, and the increased importance of energy efficiency and thermal issues

    Automated competitive analysis of real time scheduling with graph games

    Get PDF
    This paper is devoted to automatic competitive analysis of real-time scheduling algorithms for firm-deadline tasksets, where only completed tasks con- tribute some utility to the system. Given such a taskset T , the competitive ratio of an on-line scheduling algorithm A for T is the worst-case utility ratio of A over the utility achieved by a clairvoyant algorithm. We leverage the theory of quantitative graph games to address the competitive analysis and competitive synthesis problems. For the competitive analysis case, given any taskset T and any finite-memory on- line scheduling algorithm A , we show that the competitive ratio of A in T can be computed in polynomial time in the size of the state space of A . Our approach is flexible as it also provides ways to model meaningful constraints on the released task sequences that determine the competitive ratio. We provide an experimental study of many well-known on-line scheduling algorithms, which demonstrates the feasibility of our competitive analysis approach that effectively replaces human ingenuity (required Preliminary versions of this paper have appeared in Chatterjee et al. ( 2013 , 2014 ). B Andreas Pavlogiannis [email protected] Krishnendu Chatterjee [email protected] Alexander KĂ¶ĂŸler [email protected] Ulrich Schmid [email protected] 1 IST Austria (Institute of Science and Technology Austria), Am Campus 1, 3400 Klosterneuburg, Austria 2 Embedded Computing Systems Group, Vienna University of Technology, Treitlstrasse 3, 1040 Vienna, Austria 123 Real-Time Syst for finding worst-case scenarios) by computing power. For the competitive synthesis case, we are just given a taskset T , and the goal is to automatically synthesize an opti- mal on-line scheduling algorithm A , i.e., one that guarantees the largest competitive ratio possible for T . We show how the competitive synthesis problem can be reduced to a two-player graph game with partial information, and establish that the compu- tational complexity of solving this game is Np -complete. The competitive synthesis problem is hence in Np in the size of the state space of the non-deterministic labeled transition system encoding the taskset. Overall, the proposed framework assists in the selection of suitable scheduling algorithms for a given taskset, which is in fact the most common situation in real-time systems design

    Model-Based Schedulability Analysis of Real-Time Systems

    Get PDF
    • 

    corecore