Timing Faults and Mixed Criticality Systems

Many safety-critical embedded systems are subject to certification requirements. However, only a subset of the functionality of the system may be safety-critical and hence subject to certification; the rest of the functionality is non safety-critical and does not need to be certified, or is certified to a lower level. The resulting mixed criticality system offers challenges both for static analysis and run-time monitoring. This paper is concerned with timing failures and how they can arise and be tolerated. The main causes of these errors are faults in the estimation of worst-case execution times (WCETs). For different levels of criticality, different forms of static analysis for WCET are employed. This give rise to a novel implementation scheme for the fixed priority uniprocessor scheduling of mixed criticality systems. The scheme requires that jobs have their execution times monitored (as is usually the case in high integrity systems). This results in higher levels of schedulability than previously published.