Abstract
The interference between software components is increasing in safety-critical domains, such as autonomous driving. Low-criticality (LC) tasks, such as vehicle communication, may control high-criticality (HC) tasks, such as acceleration. In such cases, the LC task should also be considered as an HC task because the HC tasks relies on the LC task. However, the difficulty in guaranteeing these LC tasks is the catastrophic cost of computing resources, the electronic control unit in the domain of vehicles, required for every task. In this paper, we theoretically and practically provide safety-guaranteed and inexpensive scheduling for LC tasks by borrowing the computational power of neighbored systems in distributed systems, obviating the need for additional hardware components. As a result, our approach extended the schedulability of LC tasks without violating the HC tasks. Based on the deadline test, the compatibility of our approach with the task-level MC scheduler was higher than that of the system-level MC scheduler, such that the task-level had all dropped LC tasks recovered while the system-level only had 25.5% recovery. Conversely, from the worst-case measurement of violated HC tasks, the HC tasks were violated by the task-level MC scheduler more often than by the system-level MC scheduler, with 70.3% and 15.4% average response time overhead, respectively. In conclusion, under the condition that the HC task ratio has lower than 47% of the overall task systems at 80% of total utilization, the task-level approach with task migration has extensively higher sustainability on LC tasks.
Highlights
Since the rise of autonomous vehicles, automotive systems have comprised multiple highly functional software components interacting with each other
A more specific subset defined in MC-ADAPT was used to investigate testing on five different schedulers, namely SCHED_DEADLINE, earliest deadline first (EDF)-virtual deadline (VD), MC-ADAPT, EDF-VD with distributed mixed-criticality (DMC), and MC-ADAPT with DMC, under the same conditions
For the EDF-VD scheduler, the deadline miss ratio of LC tasks improved by 25.53% from 0.47% to 0.35%, and for the MC-ADAPT scheduler, the improvement in the deadline miss ratio was 100%, from 0.12% to 0%
Summary
Since the rise of autonomous vehicles, automotive systems have comprised multiple highly functional software components interacting with each other. Based on ISO 26262 [1], a fault in lower automotive safety-integrity-level (ASIL) components should not interfere with higher ASIL components, as it can be hazardous. To prevent interference from lower ASIL components, automotive industries have designed vehicles by isolating different levels of safety-critical components, which is a system design approach called partitioned architecture [2]. This approach is becoming more flexible for two reasons. Scheduling diverse levels of safety functions in single systems are being considered in future vehicle designs. Because of the popularity of these standards, electronic control units designing companies such as Siemens and BlackBerry Limited are considering mixed safety-criticality scheduling in their products [4,5]. State-ofthe-art research addressed this issue using mixed-criticality (MC) scheduling theory [6]
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
