Transcript homepages.engineering.auckland.ac.nz

Relaxing the Synchronous
Approach for Mixed-Criticality
Systems
Eugene Yip, Matthew M Y Kuo,
Partha S Roop, and David Broman
RTAS’14
Mixed-Criticality Motivations
Different requirements:
timing, security, safety.
Criticality: Level of required
assurance against failure.
Software
Task 1, Task 2, ... Task n
Hardware
Hard/soft/non-real-time
Multi-processor, Multi-core, Multi-threaded, ...
Life
Mission
[Vestal 2007] Preemptive Scheduling of Multi-criticality
Systems with Varying Degrees of Execution Time Assurance.
[RTCA 1992] Software Considerations in Airborne Systems
and Equipment Certification.
Non-critical
DO-178B
Software Level
Failure
Condition
A
Catastrophic
B
Hazardous
C
Major
D
Minor
E
No effect
UAV Example
Input from
position &
orientation
sensors
Nav
(Life-critical)
Stability
(Life-critical)
Avoid
(Mission-critical)
Logging
(Non-critical)
Video
(Mission-critical)
Sharing
(Non-critical)
Input from
comms
Input from
proximity
sensor
Input from
camera
Output
to flight
surfaces
Output to
comms
Related Work
• Vestal: Task WCETs more pessimistic at higher
criticalities. Over provisioning of resources.
• Early-Release EDF: Low critical tasks have a
maximum period and shorter desired periods.
• Zero-Slack QoS-based Resource Allocation
Model: Tasks with lower utility degraded first
(selecting longer periods).
[Vestal 2007] Preemptive Scheduling of Multi-criticality Systems with Varying Degrees of Execution Time Assurance.
[Su et al. 2013] Scheduling Algorithms for Elastic Mixed-Criticality Tasks in Multicore Systems.
[de Niz et al. 2012] On Resource Overbooking in an Unmanned Aerial Vehicle.
The Synchronous Approach
Environment
Task 1
int i
Task 1
Task 2
Task 2
j = f(i)
int j
Synchrony
Implementation
hypothesis:
Validate:
WCET is
Executions
takes physical
complete
time
instantaneously.
to always
execute.
Taskless
1 than the
Implementation
duration
Task
2of any tick.
takes
physical
k = g(j)
Task 1
Task 2
int k
• Formal semantics.
• Formal verification.
• SCADE used in Airbus.
time to tick.
1
2
[Benveniste et al. 2003] The Synchronous Languages: 12 Years Later.
3
Logical time
Related Work
• Baruah’s static scheduling approach:
– High and low criticality tasks.
– Low-criticality tasks may be discarded.
– Multi-rate synchronous tasks on uni-processor.
– Single-rate synchronous tasks on multi-processor.
• Missing:
– Multi-rate tasks on multi-processor.
– Modelling of mission tasks that can tolerate
bounded deadline misses (soft real-time).
[Baruah 2012] Semantics-Preserving Implementation of Multirate Mixed-Criticality Synchronous Programs.
[Baruah 2013] Implementing Mixed-Criticality Synchronous Reactive Systems Upon Multiprocessor Platforms.
UAV Example
Input from
position &
orientation
sensors
Nav
(Life-critical)
4Hz
Stability
(Life-critical)
20Hz
Input from
proximity
sensor
Avoid
(Mission-critical)
10Hz – 20Hz
Logging
(Non-critical)
10Hz
Input from
camera
Video
(Mission-critical)
10Hz – 25Hz
Sharing
(Non-critical)
10Hz
Input from
comms
Output
to flight
surfaces
Output to
comms
Problem Statement
• Synchrony hypothesis requires:
– All tasks to be hard real-time: No advantage in
prioritizing tasks based on criticality.
– WCETs of all tasks for validation: Cannot include
(non-critical) tasks with unknown WCETs.
– Enough resources to be provisioned for the worstcase: Under-utilization of resources at runtime.
Contributions
• Relax the synchrony hypothesis to model
mission critical tasks with frequency bounds.
• Address the communication between mission
critical tasks.
• Propose an efficient scheduling of multi-rate,
mixed-criticality, synchronous tasks on multiprocessors.
• Benchmark showing better processor
utilization than ER-EDF.
Talk Outline
•
•
•
•
MC Task and Communication Model
Multiprocessor Scheduling Approach
Performance Evaluation and Discussions
Conclusions and Future Work
MC Task Model
• Program is a set of tasks: 𝜏 ∈ Γ
• Task’s level of criticality:
𝜁𝜏 ∈ life, mission, non−critical
• Task’s release frequency:
Life: 𝑓 = 𝑓 𝑚𝑖𝑛 = 𝑓 𝑚𝑎𝑥
(constant)
Mission: 𝑓 𝑚𝑖𝑛 ≤ 𝑓 ≤ 𝑓 𝑚𝑎𝑥 (bound)
Non-critical: 𝑓 = 𝑓 𝑚𝑎𝑥
(goal)
• Task’s computation time (WCET analysis): 𝑐𝜏
[Wilhelm et al. 2008] The Worst-Case Execution-Time Problem - Overview of Methods and Survey of Tools.
MC Task Communication Model
• Instead of instantaneous communication...
Task A
b
Data-dependencies limit schedulability
and distribution. Delays difficult to
analyze for distributed tasks.
a
Task B
r
r+p
Time
• Use delayed communication:
Task A
a0
b0
Task B
Tasks use values produced from the
previous period. Delays due to data
dependencies are avoided.
a1
b1
r
r+p
Time
MC Task Communication Model
• Oversampling:
Task A
b0
Task B
b1
r
b2
r+p
r+2p
r+3p
r+4p Time
• Undersampling:
Task A
a0
a1
a2
a3
a4
Task B
r
r+p
r+2p
r+3p
r+4p Time
MC Task Communication Model
• Lossless buffering:
Task A
a0
Task B
a1 a2
r
r+p
a3 a4
r+2p
r+3p
r+4p Time
– Data received in the same sequence as it is sent.
Timing of when data is received varies at runtime.
– Maximum buffer size =
𝑓𝜏𝑚𝑎𝑥
𝑓𝜏𝑚𝑖𝑛
′
𝜏 = sending task
𝜏 ′ = receiving task
Related Work
• Lossless buffering:
– Synchronous Data Flow and Rate-Based Execution.
• Release of a task depends on receiving a minimum
amount of buffered data.
• Buffer sizes depend on task scheduling order.
[Lee & Messerschmitt 1987] Synchronous Data Flow.
[Goddard & Jeffay 2001] Managing Latency and Buffer Requirements in Processing Graph Chains.
Multiprocessor Task Schedulability
Notations for task utilization:
1. 𝑢𝜏𝑚𝑖𝑛 = 𝑐𝜏 ⋅ 𝑓𝜏𝑚𝑖𝑛
2. 𝑢𝜏𝑚𝑎𝑥 = 𝑐𝜏 ⋅ 𝑓𝜏𝑚𝑎𝑥
3. 𝑈Γ life = 𝜏∈Γ,𝜁𝜏 =life 𝑢𝜏𝑚𝑖𝑛
4. 𝑈Γ𝑚𝑖𝑛 mission =
𝑚𝑖𝑛
𝑢
𝜏∈Γ,𝜁𝜏 =mission 𝜏
Multiprocessor Task Schedulability
Schedulability: Given a set of homogenous
processors 𝑛 ∈ 𝑁, a task set 𝜏 ∈ Γ is schedulable
over 𝑁 processors if:
∀𝑛 ∈ 𝑁: 𝑈Γ𝑛 life + 𝑈Γ𝑚𝑖𝑛
mission ≤ 1
𝑛
Multiprocessor Scheduling
Approach
• Static scheduling:
1. Allocate minimum processor time to life and
mission critical tasks to satisfy schedulability.
2. Distribute slack fairly among mission critical
tasks to help improve their frequency.
• Dynamic scheduling:
3. Give non-critical tasks the chance to execute and
reach their goal frequency.
Static Scheduling
• Base period approach:
Base period = 𝐺𝐶𝐷 500𝑚𝑠, 200𝑚𝑠
= 100𝑚𝑠
Task C on
processor 1
Task D on
processor 2
0
50
100
150
200
250
300
Example:
Task C = 𝜁 = life, 𝑓 = 2Hz, 𝑐 = 250𝑚𝑠
Task D = 𝜁 = life, 𝑓 = 5Hz, 𝑐 = 100𝑚𝑠
0
50
100
150
200
250
300
350
400
450
500
550
600
– GCD of task periods.
– Portion of 𝑐𝜏 allocated in the base period.
– Slack accumulates at the end of each base period.
Time (ms)
[Caspi & Maler 2005] From Control Loops to Real-Time Programs.
Static Scheduling (ILP)
• 𝑝𝑏 : Base period (GCD). 𝑛 ∈ 𝑁: Processors.
𝑡𝜏𝑚𝑖𝑛 , 𝑡𝜏𝑚𝑎𝑥 ∈ 𝑇: Min and max processor time
each life and mission critical task needs in 𝑝𝑏 .
Maximize:
𝑛∈𝑁
𝒖𝒏
1.
𝒖𝒏 ≤ 𝑝𝑏
2.
𝒖𝒏 = 𝛽 +
3.
if 𝜏 is allocated
Cost 1
of delayed
Costto
of processor
preempting 𝑛
𝒂𝒏𝝉 =
communication.
a task.
0 otherwise
4.
∀𝜏 ∈ Γ:
𝜏∈Γ
𝒏
𝑛∈𝑁 𝒂𝝉
𝑡𝜏𝑚𝑖𝑛 + 𝛼 ⋅ 𝒂𝒏𝝉
=1
Solution exists
if the task set
is schedulable.
Static scheduling (ILP)
Input from
position &
orientation
sensors
Input from
comms
Nav
(Life-critical)
4Hz
Stability
(Life-critical)
20Hz
Output
to flight
surfaces
Minimum allocated times:
Input from
proximity
sensor
Input from
camera
Avoid
(Mission-critical)
10Hz – 20Hz
Logging
(Non-critical)
10Hz
1 1 1 1
𝑝𝑏 = 𝐺𝐶𝐷 , , ,
4 10 20 25
= 10𝑚𝑠
Maximum
Video allocated times:Sharing
(Mission-critical)
10Hz – 25Hz
(Non-critical)
10Hz
𝑥𝜏𝑚𝑎𝑥 = 𝑡𝜏𝑚𝑎𝑥 − 𝑡𝜏𝑚𝑖𝑛
Output
to 𝒙𝒏
0≤
𝝉
comms
𝑡𝜏𝑚𝑖𝑛
𝒙𝒏𝝉
≤ 𝒂𝒏𝝉 ⋅ 𝑥𝜏𝑚𝑎𝑥
Note, 𝑥𝜏𝑚𝑎𝑥 = 0 for life critical tasks.
Static scheduling (ILP)
• Allocate slack among mission critical tasks:
– Additional constraints to guide slack allocation.
– E.g., proportionate fairness or marginal utility.
– Example: For any two tasks, the task with larger
𝑥𝜏𝑚𝑎𝑥 is given proportionally more slack.
∀𝑛, 𝑛′
∈ 𝑁,
∈ Γ, 𝑥𝜏𝑚𝑎𝑥 ≥ 𝑥𝜏𝑚𝑎𝑥
, 𝒂𝒏𝝉
′
𝑚𝑎𝑥
𝒏
𝑥
𝒙
′
𝜏
𝒏𝝉 ⋅ 𝑥 𝑚𝑎𝑥
𝒙𝒏𝝉′ ⋅ 𝑥𝜏𝑚𝑎𝑥
≤
𝒙
𝝉𝒏′ 𝜏′
𝑚𝑎𝑥
𝑥𝜏′
𝒙𝝉′
∀𝜏, 𝜏 ′
[Lan et al. 2010] An Axiomatic Theory of Fairness in Network Resource Allocation.
[Baruah et al. 1996] Proportionate Progress: A Notion of Fairness in Resource Allocation.
[de Niz et al. 2012] On Resource Overbooking in an Unmanned Aerial Vehicle.
= 1,
𝒏′
𝒂𝝉′
= 1:
Static scheduling (ILP)
Maximize:
1.
𝒖𝒏 ≤ 𝑝𝑏
2.
𝒖𝒏 = 𝛽 +
3.
𝒂𝒏𝝉
4.
∀𝜏 ∈ Γ:
5.
0 ≤ 𝒙𝒏𝝉 ≤ 𝒂𝒏𝝉 ⋅ 𝑥𝜏𝑚𝑎𝑥
6.
∀𝑛, 𝑛′
𝑛∈𝑁
𝒖𝒏
𝑡𝜏𝑚𝑖𝑛 + 𝛼 ⋅ 𝒂𝒏𝝉 + 𝒙𝒏𝝉
𝜏∈Γ
1 if 𝜏 is allocated to processor 𝑛
=
0 otherwise
𝒏
𝑛∈𝑁 𝒂𝝉
∈ 𝑁,
∈ Γ, 𝑥𝜏𝑚𝑎𝑥 ≥ 𝑥𝜏𝑚𝑎𝑥
,
′
𝑥𝜏𝑚𝑎𝑥 ≤ 𝒙𝒏𝝉 ⋅ 𝑥𝜏𝑚𝑎𝑥
′
∀𝜏, 𝜏 ′
𝒏′
𝒙𝝉′
⋅
=1
𝒂𝒏𝝉
= 1,
𝒏′
𝒂𝝉′
= 1:
Multiprocessor Scheduling
Approach
• Static scheduling:
1. Allocate minimum processor time to life and
mission critical tasks to satisfy schedulability.
2. Distribute slack fairly among mission critical
tasks to help improve their release frequency.
• Dynamic scheduling:
3. Give non-critical and mission tasks the chance to
reach their 𝑓 𝑚𝑎𝑥 .
Dynamic Scheduling
Statically scheduled
life and mission
critical tasks.
Execute noncritical tasks.
Execute mission
critical tasks.
Execute life
critical tasks.
Processor
1
2
3
Slack
(Dynamic scheduling)
Time (base period)
Dynamic scheduling:
• Allow task migration.
• Tasks execute until they complete or the base period expires.
• Pick non-critical tasks that have received the least amount of slack.
• Pick mission critical tasks with the least improvement in frequency.
𝑖𝑚𝑝𝑟𝑜𝑣𝑒
𝑓𝜏
𝑎𝑣𝑔
=
𝑓𝜏
− 𝑓𝜏𝑚𝑖𝑛
𝑓𝜏𝑚𝑎𝑥 − 𝑓𝜏𝑚𝑖𝑛
Performance Evaluation
• Compare against ER-EDF (the closest work):
– High criticality task ⇒ Life critical task
– Low criticality task ⇒ Mission critical task
• Early release points spaced evenly by 𝑝𝑏 .
• Tasks picked randomly for early release.
ER-EDF low
criticality task
Proposed mission
critical task
𝑟
𝑟
𝑘1
𝑟+
𝑘2
1
𝑓𝑚𝑎𝑥
[Su et al. 2013] Scheduling Algorithms for Elastic Mixed-Criticality Tasks in Multicore Systems.
𝑘3
𝑘4 𝑟 + 𝑝
𝑟+
1
𝑓𝑚𝑖𝑛
Performance Evaluation
• Follow the simulation approach of ER-EDF.
Generate random task sets:
• 5% ≤ 𝑢𝜏𝑚𝑎𝑥 ≤ 50%
• 100𝐻𝑧 ≤ 𝑓𝑏 ≤ 1,000𝐻𝑧
• Divisors of 𝑓𝑏 randomly selected for 𝑓𝜏𝑚𝑖𝑛 and
𝑓𝜏𝑚𝑎𝑥 .
[Su et al. 2013] Scheduling Algorithms for Elastic Mixed-Criticality Tasks in Multicore Systems.
Performance Evaluation
• Control the proportion of life and mission
critical tasks generated.
• Control the “normalized system utilization”:
• Estimated utilization expected at runtime.
• 0% ≤ 𝑈 ≤ 100%
• 𝑈=
𝑀𝑎𝑥 𝑈Γ
life
, 𝑈Γ𝑚𝑖𝑛
life
+𝑈Γ𝑚𝑖𝑛
mission
𝑁
𝜏∈Γ,𝜁𝜏
𝑢𝜏𝑚𝑎𝑥
where,
[Su et al. 2013] Scheduling Algorithms for Elastic Mixed-Criticality Tasks in Multicore Systems. 8
𝑚𝑖𝑛
𝑢
𝜏
=life
≤ 𝑢𝜏𝑚𝑖𝑛 ≤ 𝑢𝜏𝑚𝑎𝑥
Performance Evaluation
• Schedulability of the generated task sets:
100%
prop(0.2)
prop(0.5)
80%
Acceptance Ratio
prop(0.8)
60%
40%
20%
0%
20%
40%
60%
Normalized System Utilization
[Gurobi version 5.6] http://www.gurobi.com
80%
100%
• Each data point is the average of
10,000 random task sets.
• 4 processor system.
• An average of 118.9 ILP
constraints for each task set.
• ILP solver (Gurobi) allowed one
minute to solve and generate a
static schedule.
• Less schedulable task sets
generated when life and mission
critical tasks are in equal
proportions.
Performance Evaluation
• Proportion of life critical tasks varied:
• U = 50%, N = 4, 1000 base periods.
• Task’s actual execution time between 0.8𝑐𝜏 and 𝑐𝜏 .
System Runtime Utilization
System Runtime Utilization
100%
• Consistently higher utilization.
• Utilization drops off because
less mission critical tasks are
available to use the slack.
80%
60%
40%
Proposed
ER-EDF
20%
EDF
0%
0%
20%
40%
60%
prop(life)
80%
100%
Performance Evaluation
• Proportion of life critical tasks varied:
• U = 50%, N = 4, 1000 base periods.
• Task’s actual execution time between 0.8𝑐𝜏 and 𝑐𝜏 .
Overall Frequency Improvement of Mission Critical Tasks
Overall Frequency Improvement
100%
Proposed
𝑖𝑚𝑝𝑟𝑜𝑣𝑒
𝑓𝑚𝑖𝑠𝑠𝑖𝑜𝑛
ER-EDF
80%
𝑎𝑣𝑔
=
𝑓𝜏
− 𝑓𝜏𝑚𝑖𝑛
𝑓𝜏𝑚𝑎𝑥 − 𝑓𝜏𝑚𝑖𝑛
60%
• Higher system utilization leads to
higher frequency improvement.
• No improvement when there are
no mission critical tasks.
40%
20%
0%
0%
20%
40%
60%
prop(life)
80%
100%
Performance Evaluation
• Proportion of life critical tasks varied:
• U = 50%, N = 4, 1000 base periods.
• Task’s actual execution time between 0.8𝑐𝜏 and 𝑐𝜏 .
Fairness Among Mission Critical Tasks
unfair
𝑎𝑣𝑔_𝑖𝑚𝑝𝑟𝑜𝑣𝑒
25%
Fairness
20%
• Fairness heuristics performs
better when there are many
mission critical tasks.
• Completely fair when only one
mission critical task is generated.
15%
10%
Proposed
5%
fair
𝑖𝑚𝑝𝑟𝑜𝑣𝑒
𝑓𝜏
− 𝑓𝜏
fairness =
𝑁𝑢𝑚𝑏𝑒𝑟 𝑜𝑓 𝑀𝑖𝑠𝑠𝑖𝑜𝑛 𝑇𝑎𝑠𝑘𝑠
30%
ER-EDF
0%
0%
20%
40%
60%
prop(life)
80%
100%
Performance Evaluation
• Proportion of non-critical tasks varied:
• Remaining tasks: Equal proportions of life and
mission critical tasks.
Overall Frequency Improvement
Overall Frequency Improvement
System Runtime Utilization
100.0%
99.8%
99.6%
99.4%
99.2%
99.0%
10%
30%
50%
70%
prop(non-critical)
Non-critical tasks use
most of the slack.
90%
Fairness
40%
40%
30%
30%
Fairness
System Runtime Utilization
20%
10%
0%
10%
20%
10%
30%
50%
70%
prop(non-critical)
90%
0%
10%
30%
50%
70%
prop(non-critical)
90%
Mission critical tasks already given slack in the static
schedule and rarely picked during dynamic scheduling.
Discussions
• Proposed scheduling achieved:
– Higher system utilization, frequency improvement,
and better fairness.
• Proposed scheduling approach supports an
extra level of task criticality.
• Base period scheduling incurs nearly twice the
number of preemptions than ER-EDF.
• Solving ILP can be expensive. Can use solver to
find locally optimal solutions, like a heuristic.
Conclusions and Future Work
• Mission critical tasks (bounded deadline
misses) for the synchronous task model.
• Lossless communication between multi-rate
tasks.
• Scheduling on multi-processors to maximize
system utilization with fairness.
• Future: Study a real system. Extend definition
of criticality to include energy use. Develop
improved fairness/utility heuristics.
Thank You
Questions?
MC Task Model
• Program is a set of tasks: 𝜏 ∈ Γ
• Task’s level of criticality:
𝜁𝜏 ∈ life, mission, non−critical
• Task’s release times:
Deadline is the
next release time.
Constant release
1
frequency: 𝑓 = 𝑝
Life-critical task
r
r+p
r+2p
Time
MC Task Model
• Program is a set of tasks: 𝜏 ∈ Γ
• Task’s level of criticality:
𝜁𝜏 ∈ life, mission, non−critical
• Task’s release times:
Ideal next release
time (and deadline).
Upper bound on
deadline miss.
Mission-critical task
r
r+pmin r r+pmax
If a task completes between the bounds,
then it is immediately released again.
r+pmin
r+pmax Time
Bounded release frequency:
1
1
≤
𝑓
≤
𝑝𝑚𝑎𝑥
𝑝𝑚𝑖𝑛
MC Task Model
• Program is a set of tasks: 𝜏 ∈ Γ
• Task’s level of criticality:
𝜁𝜏 ∈ life, mission, non−critical
• Task’s release times:
Ideal next
release time.
No upper bound
on deadline miss.
Non-critical task
r
r+p
Time
Goal release
frequency: 𝑓 =
1
𝑝
Multiprocessor Scheduling
Approach
• Traditional static scheduling approaches: Base
period and hyper period.
– Task C = 𝜁 = life, 𝑓 = 2Hz, 𝑐 = 0.25𝑠
– Task D = 𝜁 = life, 𝑓 = 5Hz, 𝑐 = 0.10𝑠
Hyper period:
Makespan = LCM of task periods.
Longer schedules.
Slack appears between task releases.
Task C on
process 1
0
0.5
0.75
Task D on
process 2
0.2
0.3 0.4
Time (s)
0
0.05
0.1
0.15
0.2
0.25
0.3
Task C on
process 1
0.1
0.5
0.6
0
0.05
0.1
0.15
0.2
0.25
0.3
0.35
0.4
0.45
0.5
0.55
0.6
0
Base period:
Makespan = GCD of task periods.
Shorter schedules. More preemptions.
Slack accumulates at the end of each
base period (easier to track).
0.25
1
Task D on
process 2
Time (s)
0.7
0.8
0.9
1
Obtaining a Static Schedule
Fairness Example
Task C = 𝑡𝜏𝑚𝑖𝑛 = 4, 𝑡𝜏𝑚𝑎𝑥 = 8, 𝑥𝐶𝑚𝑎𝑥 = 4
Task D = 𝑡𝜏𝑚𝑖𝑛 = 4, 𝑡𝜏𝑚𝑎𝑥 = 6, 𝑥𝐷𝑚𝑎𝑥 = 2
𝑥𝐶𝑚𝑎𝑥2 𝒙𝒏𝑪
𝑚𝑎𝑥 = 𝒏
𝑥𝐷 1 𝒙𝑫
• If processor 𝑛 only has 4 units of slack, then
𝒙𝒏𝑪 = 2, 𝒙𝒏𝑫 =1, and 1 unit of slack left over.
• An inequality would allow task C to take the
remaining unit of slack.
ILP Scalability
• Time for Gurobi to find the first (locally
optimal) solution compared to the final
(globally optimal) solution.
> 600
Solving Time (Seconds)
• Generated 250 random task sets
containing 2 to 50 tasks (even
numbered).
• U = 50%, N = 32, 50% life critical
tasks.
• Quick to find the first solution.
• Similar to using a heuristic.
First locally optimal
100
Globally optimal
10
1
0.1
0.01
2
10
18
26
Number of Tasks
34
42
50
Preemptions
• Normalized system utilization varied:
• N = 4, 1000 base periods, 50% life critical tasks.
• Task’s actual execution time between 0.8𝑐𝜏 and 𝑐𝜏 .
Average Number of Preemptions on each Processor
Number of Preemptions
8000
6000
• Proposed approach is nearly
twice that of EDF.
• Implementation determines the
true cost.
Proposed
ER-EDF-ILP
EDF
4000
2000
0
10%
20%
30%
Normalized System Utilization
40%
50%
Extra Levels of Criticality
• Refining the timing criticality of tasks:
Failure Condition
DO-178B Software Level
Task Criticality
𝑓 𝑚𝑖𝑛
𝑣 = 𝑚𝑎𝑥
𝑓
1
Catastrophic
A
Life
Hazardous
B
Mission
0.66 ≤ 𝑣 < 1
Major
C
Mission
0.33 ≤ 𝑣 < 0.66
Minor
D
Mission
0 ≤ 𝑣 < 0.33
No effect
E
Non-Critical
0
• Or mix timing criticality with other kinds of
criticalities (e.g., security, safety, and power).