Implementation of time isolation based on SAFERTOS system

MamoYU

Implementation of time isolation based on SAFERTOS system [Copy link]

SAFECheckpoints

In the functional safety system based on SAFERTOS, in addition to spatial isolation, time isolation function may be required for different safety standards to ensure the time processing requirements of the software.

In a single core processor, a software component can be used to detect violations of system timing requirements. Note that this does not enforce timing isolation, but does enable detection and recovery actions.

Time Scheduling Problems in Priority Scheduling Systems

In embedded real-time systems, it is difficult to achieve true time separation because, by the definition of embedded real-time systems, timely response to events is critical.

In this example, the execution cycle of periodic task 2 is very unstable. In response to the event that triggers low-priority task 1, the task cycle is delayed, the cycle processing has not yet been completed, and the next cycle will start.

To avoid time scheduling problems, you can use the software timer provided by SAFERTOS to monitor the frequency (and jitter) of task execution and the interrupt response time.

Using a timer to implement a monitoring checkpoint is very simple and useful; however, there are some disadvantages. Unexpected behavior of the software timer may affect the integrity of the entire monitoring mechanism; monitoring is not reported due to the CPU executing higher priority tasks and how to identify overflow tasks.

In order to solve the time monitoring problem and supplement the functionality of SAFERTOS, WHIS provides a dedicated check module SAFECheckpoints to implement time checking.

The SAFECheckpoints mechanism runs as the highest priority kernel task (Timer instance) in the system, ensuring that any erroneous behavior in the timer callback handler will not affect the operation of the check monitoring, and other task processing cannot preempt or prevent the operation of the check task.

The dedicated checkpoint mechanism also provides additional functionality in the API, providing safety-certified kernel code:

• Limited checkpoint API minimizes problems caused by misoperation in security monitoring systems

• You can choose single or periodic inspection

• Cycle checks can be run from absolute or relative checkpoints

• Failure notification is implemented through callback functions; system error handlers or individual checkpoint callback functions can be specified

• The same handler manages multiple checkpoints and identifies the corresponding callback functions

The SAFECheckpoint module provides host application developers with the necessary tools to perform real-time monitoring of tasks in a safety system.

For more technical information, please check out previous tweets from the "McTai Technology" public account!

This content is originally created by MamoYU , a user on the EEWORLD forum. If you want to reprint or use it for commercial purposes, you must obtain the author's consent and indicate the source