EPSRC logo

Details of Grant 

EPSRC Reference: EP/K011626/1
Title: Mixed Criticality Embedded Systems on Many-Core Platforms
Principal Investigator: Burns, Professor A
Other Investigators:
Soares Indrusiak, Professor L Bate, Professor I
Researcher Co-Investigators:
Dr R I Davis
Project Partners:
BAE Systems
Department: Computer Science
Organisation: University of York
Scheme: Standard Research
Starts: 01 April 2013 Ends: 30 September 2016 Value (£): 652,126
EPSRC Research Topic Classifications:
Computer Sys. & Architecture
EPSRC Industrial Sector Classifications:
Aerospace, Defence and Marine
Related Grants:
Panel History:
Panel DatePanel NameOutcome
09 Oct 2012 EPSRC ICT Responsive Mode - Oct 2012 Announced
Summary on Grant Application Form
An increasingly important trend in the design of real-time and embedded systems is the integration of applications with different levels of criticality onto a common hardware platform. At the same time, these platforms are migrating from single cores to multi-cores and, in the future, many-core architectures. Criticality is a designation of the level of assurance against failure needed for a system component. A mixed criticality system (MCS) is one that has two or more distinct levels. A number of application domains, such as automotive and avionics, and EU initiatives (for example Horizon2020) have identified Mixed Criticality as a key issue in future systems.

The fundamental research question underlying these initiatives is: how, in a disciplined way, to reconcile the conflicting requirements of 'partitioning' for (safety) assurance and 'sharing' for efficient resource usage. This question gives rise to theoretical problems in modelling and verification, and systems problems relating to the design and implementation of the necessary hardware and software run-time controls. This project addresses both the theoretical and related systems questions.

A many-core platform with a scheduled communications medium is the designated platform on which multiple applications (perhaps composed of what are often called 'system of systems') are to be hosted. The isolation of components with different criticality levels is crucial, but the processor interconnects must be shared and be able to transmit messages with different criticality levels. Moreover, applications with different criticality levels must be able to exchange data in a demonstrably safe way.

A defining property of MCS is that the different means of assurance (for each criticality level) give rise to different values for the component's key parameters such as worst-case execution times and worst-case transmission times. In general, the higher the criticality level, the more conservative are the assumptions made about these values. Hence the context (system criticality level) will determine the parameters that must be used to verify (via scheduling analysis) that each core and each inter-connect will perform as required by the temporal constraints of each application. The development of criticality-aware analysis is needed for these systems.

Although total isolation with rigid time-triggered global scheduling is a possible architectural structure, significantly greater resource utilisation and hence reduced power consumption is possible if trade-offs are made between the overall system criticality level and assumptions about each component's run-time behaviour. For example, we require that: in a dual-criticality systems all applications will meet their timing constraints if all components are constrained by (rely on) their low criticality assumptions, but all high-criticality applications must also meet their deadlines if any component exhibits high-criticality behaviour (i.e. the low criticality assumptions can no longer be relied upon).

Previous work (in York and in a number of other international research centres) has explored this trade-off for single processor systems. This project will focus on many-core platforms to: (i) develop the appropriate scheduling schemes (on the cores and interconnects), (ii) derive verification procedures for MCSs, (iii) explore the theoretical bounds of the developed schemes (to show to what extent resource usage and power consumption are improved over a full partitioned system), (iv) develop the necessary run-time controls (to manage the sharing of communication media between the criticality levels), and (v) demonstrate the developed theory via simulations, a FPGA test-bed and an industrially relevant case study.

Key Findings
This information can now be found on Gateway to Research (GtR) http://gtr.rcuk.ac.uk
Potential use in non-academic contexts
This information can now be found on Gateway to Research (GtR) http://gtr.rcuk.ac.uk
Description This information can now be found on Gateway to Research (GtR) http://gtr.rcuk.ac.uk
Date Materialised
Sectors submitted by the Researcher
This information can now be found on Gateway to Research (GtR) http://gtr.rcuk.ac.uk
Project URL: http://www.cs.york.ac.uk/research/research-groups/rts/mcc/
Further Information:  
Organisation Website: http://www.york.ac.uk