Professional Documents
Culture Documents
Crave I Ro 11 Towards Self
Crave I Ro 11 Towards Self
I. I NTRODUCTION
The computing infrastructures supporting onboard
aerospace systems, given the criticality of the mission
being pursued, have strict dependability and real-time
requisites. They also require flexible resource reallocation,
and reduced size, weight and power consumption (SWaP). A
typical spacecraft onboard computer hosts multiple avionics
functions, to each of which separate dedicated hardware
resources were traditionally allocated. To cater to resource
allocation and SWaP requirements, there has been a trend in
the aerospace industry towards integrating several functions
in the same computing platform. As these functions may
have different degrees of criticality and predictability, and
originate from multiple providers or development teams,
safety issues might arise, which are mitigating by employing
time and space partitioning (TSP) [1], whereby applications
are separated into logical partitions.
Achieving time partitioning by scheduling partitions in a
cyclic fashion, assigning them predefined execution time windows (in a partition scheduling table PST), has advantages
related to system verification, validation and certification.
Time windows are defined at system configuration time,
This work was developed in the context of ESA ITI project AIR-II
(ARINC 653 In Space RTOS, http://air.di.fc.ul.pt). This work was partially
supported by the EC, through project IST-FP7-STREP-288195 (KARYON),
and by FCT (Fundaca o para a Ciencia e a Tecnologia), through the Multiannual and CMU|Portugal programs and the Individual Doctoral Grants
SFRH/BD/60193/2009 and SFRH/BD/80026/2011.
Figure 1.
Figure 2. AIR two-level hierarchical scheduling, with support for modebased schedules
(b) PST 1
(c) PST 2
Figure 3.
Example
Figure 4.
Figure 5.
As shown in the results, the use of self-adaptation mechanisms significantly decreases the number of deadline misses,
when comparing to the same system execution without the use
of such mechanisms. However, besides the good contributions
to mitigate this problem, these self-adaptation mechanisms
do not cover all the possible cases, neither ensure perpetual
stability of the system. For example, temporal faultiness may
further increase, due to the additional execution time provided
to the faulty partition not being enough. Furthermore, this
problem can be even more serious if the system encounters
deadline misses in more than one partition.
As it is impossible to foresee all the cases, i.e., all the
suitable PSTs associated to different temporal requirements,
we need to provide ways to reconfigure the system, during
its execution, when facing this kind of problems. This reconfiguration can be done replacing the original set of PSTs
by a redefined and updated set that covers the new temporal
requirements and encounters issues [7]. Self-adaptability can,
in such more serious scenario, provide a temporary mitigation
to allow time for a more targeted solution through online
reconfiguration which enables mission survival.
VI. R ELATED WORK
Previous adaptive approaches to overload management
were based on load adjustment [8] and task rate (period)
adaptation [9], [10]. These are however not applicable to the
safety-critical TSP systems we target. In [11], tasks migrate
between the conditions of software task (running on a
CPU) and hardware task (running on a reconfigurable hardware device, an FPGA) to adaptively cope with a dynamic
workload. The notion of switching among predefined PSTs
in reaction to process deadline misses, was first mentioned
in [4], where we presented the mode-based schedules and
process deadline violation monitoring features in the context
of AIR. Later, Khalilzad et al. [12] independently proposed
an adaptive hierarchical scheduling framework based on
feedback control loops. The hierarchical scheduling model is
similar to most server-based approaches, with each subsystem
(analogous to partition) being temporally characterized by a
budget and a period. For each subsystem, two variables are
controlled (number of deadline misses and the ratio between
total budget and consumed budget), and the total budget
is manipulated accordingly. Recently, Bini et al. [13] have
proposed the ACTORS (Adaptivity and Control of Resources
in Embedded Systems) software architecture.
VII. C ONCLUSION AND FUTURE WORK
In this paper, we have proposed self-adaptability mechanisms to cope with temporal faults in time- and spacepartitioned (TSP) systems. Our approach consists of having
a set of feasible and specially crafted partition scheduling
tables, among which the system shall switch upon detecting