heuristic resource allocation and scheduling method ... - Springer Link

International Journal of Automotive Technology, Vol. 14, No. 4, pp. 611−624 (2013) DOI 10.1007/s12239−013−0066−3

Copyright © 2013 KSAE/ 072−12 pISSN 1229−9138/ eISSN 1976−3832

HEURISTIC RESOURCE ALLOCATION AND SCHEDULING METHOD FOR DISTRIBUTED AUTOMOTIVE CONTROL SYSTEMS J. YOUN1), I. PARK2) and M. SUNWOO3)* 1)

Eco-Vehicle Control System Development Team, Hyundai-Kia R&D Center, 772-1 Jangdeok-dong, Hwaseong-si, Gyeonggi 445-706, Korea 2) Automotive Control and Electronics Laboratory (ACE Lab), Hanyang University, Seoul 133-791, Korea 3) Department of Automotive Engineering, Hanyang University, Seoul 133-790, Korea (Received 12 December 2011; Revised 10 January 2013; Accepted 15 January 2013) ABSTRACT−This paper presents a heuristic resource allocation and scheduling method, which is based on an integrated architecture that enables multiple missions to be embedded in a single electronic control unit (ECU) and a single mission to be distributed over multiple ECUs. The proposed design method is composed of resource(e.g. task and message) allocation, scheduling, and attribute assignments. From a given target application’s task graph, the method generates a scheduling table specifying the release, start, and completion timings of tasks and messages. After that, all relevant attributes(e.g. priority of tasks and messages) are automatically assigned. In order to guarantee the functional and temporal requirements of target applications, design constraints such as the worst case response time, deadline, precedence relations, and physical limitations are concurrently considered. A chassis control system consisting of electronic stability control, an electro-mechanical brake, continuous damping control, and electronic air suspension is employed for evaluating the proposed method. The conventional chassis control system which is composed of seven ECUs was redesigned by only four ECUs without the degradation of control performance. Consequently, it is expected that the development time and production cost of distributed automotive control systems can be significantly reduced by the proposed design method. KEY WORDS : Real-time system, Distributed system, Resource allocation, Scheduling method, Automotive, In-vehicle network

1. INTRODUCTION

of functionalities (Ryu et al., 2006, Shin and Sunwoo, 2007). Otherwise, car makers have limited control in supervising the electronics system architecture. Fortunately, this kind of supply chain has been successful until now. However, there are technical challenges which are forcing the shift to a new development paradigm. The first challenge is the increasing functional complexity. Because of strict environmental and safety regulations, the functional requirements have rapidly increased. For example, the active collision mitigation, adaptive cruise control, and electronic stability control functions share I/O devices such as the brake, throttle, and many others. The integration of these functions requires a supervisory algorithm for planning and arbitration (Di Natale and Sangiovanni-Vincentelli, 2010). The problem of cost due to the increased number of ECUs is the other challenge. In the single function-tosingle ECU paradigm, it is hard to balance the the computational loads of ECUs. Therefore, number of ECUs has increased unnecessarily during the past decades. This is considered as an unacceptable phenomenon by car-makers (Di Natale and Sangiovanni-Vincentelli, 2010). The other main challenge is the requirement of faulttolerance for safety issues. Due to the increasing requirements

The increasing the number of features and the complexity of automotive electronics have led to the embedment of numerous electronic control units (ECUs) into vehicles, and has influenced the increases in the cost of vehicle electronics. For example, the electronics cost of hybrid vehicle account for almost 50% of the total cost, and the semiconductors in a vehicle have increased in price to be on par with that of the silicon wafers used in eight personal computers (Abo et al., 2006). Furthermore, up to 2500 signals are exchanged by about 70 ECUs in today’s highend vehicles (Navet et al., 2005). Due to the supply chain of the automotive industry, the traditional development of ECUs depends on the suppliers with a single function-to-single ECU paradigm (Di Natale and Sangiovanni-Vincentelli, 2010). Each ECU is designed independently, and they are loosely coupled by in-vehicle network (IVN) buses such as controller area network (CAN), and local interconnect network (LIN). This architecture enables the separation of concerns and simple verification *Corresponding author. e-mail: [email protected] 611

612

J. YOUN, I. PARK and M. SUNWOO

for safety critical functions such as the brakes, steering, and shift-by-wire applications, the functional safety and fault tolerance of those applications should be guaranteed for production (Ringler et al., 1998). In the case of a function failure in a specific ECU, the other ECUs have to handle this situation. However, there are technical limitations to the conventional approach for ECU development since they are independently designed by varios suppliers. These challenging issues can be handled with an integrated architecture, which enables multiple missions to be embedded in a single ECU, and in which a single mission is distributed over multiple ECUs. This integrated architecture can resolve the aforementioned functional complexity problem. The computational loads of ECUs can be optimized by distributing and integrating functions across the IVN. This enables a reduction of the number of ECUs in a vehicle, thererby substantially decreasing the overall system cost. Furthermore, the requirements for functional safety and fault tolerance can be satisfied by distributing and duplicating functions in this integrated architecture. These promising features enable advanced automotive applications such as x-by-wire and advanced driver assistance systems (ADAS) (Heitzer, 2003, Leohold and Schmidt, 2004). In order to successfully adopt the integrated architecture, a methodology is required that can optimize the resource allocation and scheduling of embedded systems. Related studies have been introduced in the past decade to develop design methods. Xiuqiang et al. suggested a design optimization framework for time triggered protocol (TTP)based distributed embedded systems (Xiuqiang et al., 2008). They optimized the task-to-CPU mapping, task/message scheduling and bus access configuration. An automatic configuration method for time triggered schedulers and design optimization method for fault-tolerant distributed embedded systems (Izosimov et al., 2005, Gendy and Pont, 2008). These previous studies developed promising design methods for integrated architecture. Unfortunately, their novel approaches are limited to low flexible target platfroms such as time-triggered scheduling and protocol. These limitations obstruct the adoption of the integrated architecture for legacy automotive applications. In this study, we focused on a practical design method for automotive embedded systems. It includes a process for resource allocation (i.e., task-to-ECU mapping) and scheduling (i.e., task and network message scheduling) of the integrated architecture. The method is targeted to the fixed priority scheduling algorithm and CAN that are generally used in automotive applications. This paper is structured as follows. In Section 2, the system model employed in this study is described. The design constratins for off-line scheduling are considered in Section 3. The design process for the resource allocation/scheduling, and attributed assignments are described in Section 4 and 5, respectively. A case study using the proposed architecture and design method is presented in Section 6. Finally, we

Figure 1. Overview of physical model.

Figure 2. Task graph for application modeling.

summarize the result of this study with some conclusions in Section 7.

2. SYSTEM MODELS In this study, system models can be defined from three different viewpoints: physical, functional, and temporal models. 2.1. Physical Model The physical model in this study is composed of sensors/ actuators, single core processors, and synchronized network buses as shown in . The sensors and actuators are housed in a ECU with physical constraints, and they are not directly connected to the network buses, but are attached to a ECU’s local bus. Each ECU has a single processor and various input/output devices for interfacing with the external sensors and actuators. In this model, the sensors sample the environment information, and then the processors execute the tasks to process the sensor data and generate the actuation data. The network bus provides a global time service for processor synchronization. 2.2. Functional Model A task graph was adopted in this study in order to describe the functional behavior of embedded control systems. As depicted in Figure 2, a task graph consists of vertices and edges representing the tasks and precedence constraints, respectively. A task set that realizes a given application can be represented by a directed acyclic task graph, in which the nodes represent the tasks and the edges represent the precedence constraints between the tasks. Each vertex is labeled with a task name (τi), the worst-case execution time (WCETτi), and the period (periodτi) in micro seconds. The precedence relation between the tasks τi and τj is τi , where the edge weight ma represented as τj represents the data size, and its inter-processor communicama

HEURISTIC RESOURCE ALLOCATION AND SCHEDULING METHOD FOR DISTRIBUTED AUTOMOTIVE

613

data that come from the predecessors. Periodic tasks transmit the processing results to the successors at a fixed time instance. The release time of the tasks, except for source tasks, is defined as follows: rlτn = max ( rlperiod , max ( WCRTmsg n )) n τ i

period

rlτn

Figure 3. Functional behavior diagram.

tion cost, i.e., the response time, is decided by not only the processor allocation of τi and τj but also the communication protocol of the network bus. Using this task graph, the application’s functional behavior can be described as depicted in Figure 3. The application, including the sensor, computation tasks, and actuator tasks, is mapped onto the physical model in Figure 1. The sensing and actuator tasks are executed on the processors that are physically connected to the corresponding sensors and actuators. The computation tasks are allocated to a processor to satisfy their temporal requirements, such as response time, deadlines, and utilization of the processors and communication networks. 2.3. Temporal Model In a temporal model, the behavior which is represented by the worst case response time (WCRT) is the main consideration. In this section, the task and network scheduling strategies are presented first, and then the WCRTs are analyzed. 2.3.1. Task and message scheduling The processors employ a real-time operating system (RTOS) to schedule several tasks that are constrained by complex temporal requirements. The RTOS adopts an fixed priority scheduling (FPS) policy. Due to its simple run-time scheduling, small overhead, and good flexibility for scheduling heterogeneous applications with mixed periodic and non-periodic tasks, the FPS policy is widely used in automotive applications. FPS has a strongly guaranteed predictability as a centralized system with standard timer devices; however, it is difficult to predict the temporal behavior of distributed systems. If a global notion of time exists, then it allows the processors to agree both on the time at which events occurred as well as the time at which to trigger actions. In order to enhance the predictability and design optimization, a CAN-based global clock synchronization method is applied (Rodriguez-Navas and Proenza, 2004). Based on this method, we utilize a synchronized CAN network bus which has a bounded time-skew, ∆skew, as the network platform in this study. 2.3.2. WCRT of a task Tasks are released at the latest arrival time among the input

i

τi

i

if n=1 = {rlτ1 + periodτi × ( n – 1 ) else i

(1)

The term rlτin denotes the release time of the task τin, which means the nth instance of τi , and rlτin is defined as the is latest time between rlperiod and max(WCRTmsgτin). rlperiod n n τi τi the release time required by periodic execution and is defined by the last time as (n - 1) multiples of its period since the release time of the first instance. The maximum value of n is the number of scheduled entries into the hyperperiod for which the length is defined as the least common multiple (LCM) of the periods of all scheduled tasks. The term msgτin denotes the set of messages received by τin, and WCRTmsgτin denotes the WCRT of the messages. In particular, for a source task, the release time of its first instance can be initialized by its offset value, which is specified by the design requirement, when there are no messages to be received by it. Therefore, the nth release of a source task is determined by a summation of the offset value and the (n – 1) multiple of its period as follows: rlτn = offsetτi + periodτi × ( n – 1 )

(2)

i

Actually, a time unit (tunit) for a task and message release depends on the timer precision provided by the RTOS and communication controller software. The above release time should be refined to the smallest effective time that is not less than the natural release time. The refined result is as follows: rl*τn = [ rlτn ⁄ tunit ] × tunit i

(3)

i

The WCRT of a task τin under FPS is given by the following equation (Audsley et al., 1993): WCRTτn = rlτn + WCETτi + Iτn i

i

(4)

i

In this equation, the term WCRTτin describes the WCRT for a task τin and WCETτi represents the worst-case execution time (WCET), which is the processor time required for the execution of τin. In this research, we define the blocking time considering only the preemptive tasks without shared resources. In a globally synchronized architecture with a fixed time skew, the interference time only considers the higher priority tasks for which the execution windows overlap with τin. The execution window of a task instance is defined as the interval of time during which the instance will execute and complete at run-time, and it equals the time interval from the release instance, rlτin, to the WCRT, WCRTτin. Accordingly,

614

J. YOUN, I. PARK and M. SUNWOO

BCRTmn = rlqmn + min( trmi )

the WCRTτin is defined as follows: WCRTτn = rlτn + WCETτi + i

i

∑

i

(5)

WCETτj

∀j ∈ hp n τi

Furthermore, we define the end-to-end response time m τ from τin to τjm, WCRTτnj , as follows: i

m

τj

(6)

WCRTτn = WCRTτn – rlτn i

i

i

2.3.3. WCRT of a message The communication cost between tasks depends on not only the processor allocation to execute a send task (predecessor) and a receive task (successor), but also the communication protocol and configuration including the bandwidth and scheduling properties. If two tasks are allocated to different processors, then the only way for them to communicate with each other is to broadcast a message through a shared data bus. We assume that there is only one such data bus available, and all processors are connected to it. However, two tasks sharing the same processor are able to communicate directly with each other (Schild and Wurtz, 1998). In order to estimate a deadline related to data consistency, we need to calculate the best case response time (BCRT) of a message. For a network message scheduled by a nonpreemptive scheduling policy, the best case occurs with minimum transmission delay and zero blocking time due to lower priority messages without regard to a task graph. Firstly, the release time of a message min is initialized by ∆skew as follows: rl0mn = WCRTsender n + min( ∆skew ) i

(7)

mi

If the initial release instance of min overlaps with the transmission window of another message instance, then the release instance is postponed until the transmission of the other message is completed. In our approach, the priorities for message scheduling are determined based on the scheduling sequence. Therefore, messages with a transmission window before the scheduling min are always a higher priority than the priority of min. The best case transmission window is determined by the time interval from the initial release instance to the BCRT of a message instance. The new release instance min is decided by the BCRT of an overlapped message instance and then it is evaluated for an overlapped transmission window following q iterative calculations: rlqm+n 1 = BCRTmk ← mkj :rl0mk ≤ rlqmn < BCRTmk i

j

j

i

(9)

i

The Bmin denotes the maximum blocking time that a message min can experience. It is the maximum transmission time of a single message allowed by the network protocol. In the case of CAN protocol, the maximum blocking time is defined as Bmin =130τbit, where τbit is bit time of the network. For the worst case response of a message, the message release time is delayed when a message is released early if the message transmission request by a sending task for min is later than the request of the sending task for that message. rlqm+n 1 = max( rlqmn, WCRTmk ) j

i

j

if WCRTsender k ≤ WCRTsender mj

(10) n mi

In order to consider the pre-scheduled messages before min, an iteration number q is substituted into Equation . The number is an integer from zero to the number of preassigned messages on the bus, and mjk indicates the message instance considered at the qth iteration. The initial value of the release instance is described as follows: rl0mn = WCRTsender n + max ( ∆skew ) + Bmn i

(11)

i

mi

Furthermore, we should consider the interference induced by the messages released later than min. In order to make a new iteration for the rlmin calculation, the iteration starts with the worst-case release time defined by the first step. When message mjk satisfies the following inequality conditions:, WCRTsender k + min( ∆skew ) ≥ mj

(12)

WCRTsender n + max( ∆skew ) mi

WCRTsender k + min( ∆skew ) ≤ rlqmn i

mj

(13)

the release time of the (q+1)th iteration is calculated as follows: rlqm+n 1 = rlqmn + max( trmj ) i

(14)

i

The iteration of equation (14) terminates when rlqm+n 1 i equals rlqmn . Finally, the WCRT of a min is determined by i q the summation of rlmn and max(trmi). i

WCRTmn = rlmn + max ( trmi ) q

i

(15)

i

3. DESIGN CONSTRAINTS (8)

j

The iteration of Equation (8) is terminated when rlqm+n 1 = rlqmn . Finally, the BCRT for min is defined as the sum i i of the last release instance and the minimum transmission time.

There are constraints should be considered in design phase. Based on the constraints, the proposed resource allocation and scheduling method can satisfy functional and temporal requirements of a target application.

HEURISTIC RESOURCE ALLOCATION AND SCHEDULING METHOD FOR DISTRIBUTED AUTOMOTIVE

Table 1. Precedence relationship between τi and τj. Period realtionship

Predecessor

periodτi ≥ periodτj

τj k × n ∈ preτn

periodτi < periodτj

τj k × (n – 1) + 1 ∈ preτn

i

i

3.1. Fixed Processor Allocation Some tasks interface with one or several external devices in an embedded system. These tasks must be allocated to the processor and its interfacing devices because of physical constraints such as signal processing. Moreover, the design intention to satisfy either the functional or temporal requirements can restrict the flexibility of the task-toprocessor assignment.

the application tasks in the task graphs by considering the data flow between them. Since the deadline assignment problem is NP-complete, various heuristics have been proposed to solve it (Di Natale and Stankovic, 1994, Jonsson and Shin, 1997, Saksena and Seongsoo, 1996). We use an approach that maximizes the slack added to each task in the graph while still satisfying its deadline. This simple approach was proposed by Natale et al. in 1994, and its performance for general task graphs compares favorably with other heuristics (Di Natale and Stankovic, 1994). The Given dleted 〈 τ 1, τ k〉 , which denotes an ETED for the corresponding task pair , is separated into intermediate end-to-end deadlines (IETED) for each task τin in the task graph, dleted n . The distribution satisfies, τ 1

dlτ1 + … + dlτe1 + … + dlτ1 ≤ dleted 〈 τ 1, τ k〉 ieted

3.2. Precedence Relationship by Dataflow Tasks have precedence constraints, which specify whether or not any task(s) needs to precede others. If the output of a task, τi is needed as the input for a task τj, then τj is constrained to be preceded by τi. To multiply executed τi into its hyperperiod, the nth instance has its (n – 1)th instance as a predecessor, τin-1 ∈ preτin. This relation is available when n is larger than one and the term preτin denotes a set of predecessors for the τin. In a multi-rate task graph, the data dependency between two tasks is determined by the correlation between their periods (Ziegenbein et al., 2000). Table1 hows the precedence relation between τi and τj. 3.3. Deadlines A real-time system must complete all executions of the real-time functions within their deadlines. In order to schedule an intermediate task τin in the task graph, its scheduling range [rlτin, dlτin ] must be obtained, firstly. In this study, a deadline is bounded by the period of a task ( dlperiod ), end-to-end deadline by data flow ( dlieted ), and data n n τi τi consistency constraints ( dldata ). As a result, the deadline is n τi defined by the minimum values as follow: data dlτn = min( dlperiod , dlieted n n , dl n ) τ τ τ i

i

i

(16)

i

3.3.1. Period deadline A periodic constraint requires the task to run exactly once every period. We assume that a periodic task has a deadline as long as its period. The deadline of each instance of a periodic task is defined as the time interval during its period after the task of the first instance is released. dlperiod = rlτ1 + n × periodτi n τ i

(17)

i

3.3.2. End-to-end deadline In order to guarantee the functionality of a real-time system, the task procedures guarantee their global end-to-end deadline (ETED), i.e., their execution must be completed within a given ETED. In order to satisfy an ETED requirement, as a rule, the ETED must be distributed over

615

1

ieted 1

ieted

(18)

k

for each path φ between τ11 and τk1. Let e1 denote the number of instances of τ1 in path φ. e1 also represents the number of instances of the other tasks that should be considered to accumulate as the ETED. A path φ is a sequence of tasks with data exchange in the task graph for which the first and last tasks are regarded as a task pair. Consequently, the IETED can be represeted by using a dead line distribution metric R, which is defined as follows: ⎛ eted ⎞ ⎜ dl 〈 τ1, τk〉 – ∑ WCETτi⎟ ⎝ ⎠ n τi ∈ φ R = -------------------------------------------------kφ

(19)

This metric is the ratio of available path slack to the number of task instances kφ in a path φ. It is insensitive to the variations of the execution time (Di Natale and Stankovic, 1994). With this deadline distribution metric R, the IETED for task τkn is defined as ⎧ WCETτi + R if i = 1 and n = 1 ⎪ ieted ⎪ dlieted = ⎨ dlτei –i –11 + WCETτi + R else if i ≠ 1 and n = 1 n τi ⎪ dlieted else n – 1 + W CET τ + R ⎪ i τi ⎩

(20)

As a result, all of the tasks are assigned an equal share of slack. The algorithm for the deadline distribution is based on Natale’s approach, which uses the critical path concept. The critical path φ is the sequence of tasks that minimize a given metric R, and it is sought on the set of paths φ, defined as all paths between the end-to-end tasks indicated by an ETED requirement. Table 2 shows the ETED distribution algorithm of this study. ∏ signifies a set of tasks that should be executed to transfer the data specified by an ETED requirement from τ1 to τk. If a multiplyexecuted task in a hyperperiod has an IETED only for partial instances, then the IETEDs for the remaining instances are calculated by the sum of the execution period and the IETED of the previous instance. When one more IETED is assigned to a task, we select the smaller one.

616

J. YOUN, I. PARK and M. SUNWOO

Table 2. End-to-end deadline distribution algorithm. IETED of all tasks in the task graph to infi01 Initialize nite value {the number of end-to-end deadline requirements} 02 for loop 03

Find all paths Φ between end-to-end tasks;

04

Initialize set ∏ with all task instances in paths φ

05

while {∏ ≠ 0} loop

06

Find the critical path φ in Φ that minimizes R

07

for {each task instance τ in φ} loop

08

Define new IETED from predecessor of τni

Assign an IETED to τ that is minimum value 09 between current and new IETED 10

Remove τ in φ from ∏ and the φ from Φ

11

end loop

12

end loop

13

Assign an IETED to remained task instances of ∏

14 end loop

3.3.3. Data consistency deadline In order to execute with a consistent input data set, a task τin has constraints when starting and stopping. After a task is released, it must be started before its input data is overwritten by multiple instances of a precedence task. In addition, if a task execution τin is delayed until the input data for its successors, τin+1, is overwritten, then it deprives τin+1 of the capacity for consistent data usage. These two constraints depend on the intra- or inter-processor communication between τin and its predecessors.

τin+1 startτn < BCRTτ k × (n + 1) + 1 = rlτ k × n + 1 i

j

j

dldata = BCRTτ k × (n + 1) + 1 = rlτ k × (n + 1) + 1 τi j

• Case 2: periodτi < periodτj In this case, the output data generated from the ( k × ( n – 1 ) + 1 )th instance of the precedence task is used for the nth instance of the succession task τi. The execution of τin is finished by the execution of τj k × (n + 1) + 3 , and it is initiated before the execution of τj k × (n + 1) + 2 . startτn < BCRTτ k × (n – 1) + 2 = rlτ k × (n – 1) + 2, i

j

j

dldata = BCRTτ k × (n – 1) + 3 = rlτ k × (n – 1) + 3 n τ i

j

• Case 1: periodτi ≥ periodτj When the periods of the predecessor and successor are equal, the successor should be started before the input data is overwritten and should be terminated before the input data for the next instance is overwritten by the predecessor. Since the precedence task instance for τin, in this case, is defined as τj k × n by the previous precedence relation, the nth instance of τi should be initiated before the execution of τj k × n + 1 , and it should be completed until the beginning of τj k × (n + 1) + 1 , which is the next instance of the predecessor of

(22)

j

Inter-processor communication: In the case of communication between tasks that are allocated to different processors, a message transmission instance is decided by the finishing time of the send task and the network bus status. A message transmitted by a periodic task is released when the data generated by the send task is copied into a communication register. Since the message is transmitted whenever the predecessor completes its execution, the transmission instance of the message is decided by the execution periods of the sending and receiving tasks. When the message has several reception tasks, its transmission is synchronized to the instance indicated as the predecessor of the reception tasks. Therefore, we can discern that the execution period of sending task has certain relationships with the periods of receiving tasks. The following equation is the general form of time constraints for the data consistency of τin. τaj ∈ preτn, mbi ∈ msgτn, i

Intra-processor communication: Since the communication cost between tasks using the same processor is implicitly included in the WCRT of each task, intra-processor communication does not require any time for message transmission. Therefore, we assume that a task τin directly receives input data from its predecessor τjm without any time-consumption. The deadline required by the data consistency constraint is determined to be the relation between its own period and the predecessor’s period.

(21)

j

i

startτn < BCRTmc, dldata n = BCRT d τ m i

i

i

(23)

i

• Case 1: periodτi ≥ periodτj The periodsucτj denotes the set of execution periods of τj’s succeeded tasks. If some of them are shorter than or equal to the period of their precedence task, then every instance of the precedence task is indicated as a predecessor that transmits its output data on the network bus in a specified message format. As a result, the message period equals the sending task period (i.e., the transmission instance (b) of ml equals the execution instance (a) of τj). For each receive task, the designation of the message instance to be preceded is derived by dividing, as in the two cases shown below. • Case 1-1: periodτi ≥ periodτj a = b = k×n , c = k × n + 1, d = k × ( n + 1 ) + 1

• Case 1-2: periodτi < periodτj

(24)

HEURISTIC RESOURCE ALLOCATION AND SCHEDULING METHOD FOR DISTRIBUTED AUTOMOTIVE

a = b = k × ( n – 1) + 1, c = k × ( n – 1 ) + 2, d = k × ( n + 1 ) + 3

617

(25)

• Case 2: period∀sicτ > periodτj j

When τj completes its execution, message mlb, with the input data for τin, is transmitted on the network bus. The predecessor, τja, is decided by a precedence relation between τi and τj, whereas the transmission instance b of message ml is indicated by the order of the messages required by the successors. We denote the next instance of message transmission as mlc and the message used for τin+2 as mld. As a result, task τin must start before the reception of mlc and must be completed before the reception of mld. In this case, we cannot derive mathematical relations between b, c, and d for the data consistency constraints. The time constraints for the case are analytically resolved considering the order of the messages required by all successors. a

4. HEURISTIC DESIGN PROCESS FOR RESOURCE ALLOCATION AND SCHEDULING In this section, a heuristic design process for the allocation and off-line scheduling of tasks and network messages is introduced. The resource allocation and off-line scheduling problem is formulated for multi-rate applications, which are described by several task graphs to be mapped onto multiple processors and a single network. As mentioned in section 3, the design algorithm is constrained by the precedence relations of the data flow, period, end-to-end deadline, data consistency, and physical limitations. Using this heuristic design process, we can obtain a scheduling table for each processor specifying the release time, start time, and finish time for each task allocated to the processor. The length of the table is equal to the LCM of the task periods, and we use the graph folding concept to achieve the pipelined schedules (Allan et al., 1995). Graph folding has previously been applied to address a general situation in which the tasks are preemptive, have deadlines, and incur communication delays (Kandasamy et al., 2005). Our off-line scheduling algorithm includes a class of scheduling heuristics in which the tasks are placed in specified execution windows on a processor. If an execution window overlaps the windows of task, then they are scheduled by a real-time kernel according to the order of priority as assigned by off-line scheduling. The proposed algorithm accommodates pipelining and scheduling tasks. Figure 4 describes a procedure for the computation and communication resource allocation to each task and message based on the heuristic approach. Our algorithm considers the utilization-balancing of processors and the utilization limitations of a network. The detail process is introduced in following four sub-sections. 4.1. Step0: Extraction of Design Input Before the beginning of the design process, the design

Figure 4. Heuristic process for processor and network resource allocation.

input data should be extracted from the given target application. From the target application’s physical model, input data such as the number of processors, network bandwidth and time-skew to bound the clock tolerance of the processors are specified. A given set of task graphs provide the data flow, length between tasks, execution period, and physical processor assignment. In addition, the WCETs of the tasks are required. Unfortunately, it is difficult to estimate the WCET due to the variations in the hardware and software environments used for the realization process, such as the processor architecture, the compiler option, input data received at run time, and other factors. Therefore, we suppose that the WCET of a task is known beforehand and that the processors have identical architecture and computing power. 4.2. Step1: Preprocessing During the pre-processing step, a precedence array of each task instance is generated from the given task graphs. ETED is distributed over the application tasks in task graphs by considering the data flow between them. 4.3. Step2: Task Selection First, we determine the set of ready task instances. A task instance is ready to be scheduled if it is an entry instance with no successors, or if its predecessors have all been scheduled. In order to evaluate the intermediate timeconstraints of the ready instances, the latest finishing time,

618

J. YOUN, I. PARK and M. SUNWOO

the latest starting time, and the release time of each ready instance are generated, where the latest finishing time is denoted as a deadline. The algorithm chooses the task with the tightest scheduling range, which is an available time between the release time and the latest finishing time. The scheduling range is calculated by subtracting the reserved time for pre-scheduled instances from the initial scheduling range, [rlτ, dlτ]. If several tasks exist, then the task with the minimum identifier as a unique number assigned to each task is selected. 4.4. Step3: Task Allocation The allocation of a task is possible when the first instance of the task is scheduled. The schedulability test, used to search for feasible processor allocation, is performed when a selected task instance is the first instance of the task. The feasibility of processor allocation is determined when an execution window for the task instance meets its time constraints, such as the deadline and latest starting time. If the execution window is initiated after the latest starting time or is terminated after the latest finishing time, then the task can be scheduled on the processor. However, a task constrained by a physical link is allocated to the specified processor regardless of the scheduling possibility. After the task is released, it is scheduled as soon as possible (ASAP) within an unreserved processor resource. The execution window indicates the time interval between the starting time and the WCRT. The inter-processor communication related to the execution of the task instance is decided, and the BCRT and the WCRT of the network message are obtained analytically. Finally, the task is dedicated to the processor to minimize the cost function among the feasible processors. We define the allocation cost (AC) to be considered relative to the response time, processor utilization balance, and network usage. The relative response time is represented by the ratio of the finishing time to the latest finishing time of its predecessor and the WCET, and the standard deviation of the processor utilization represents the utilization balancing, σ(U(P)). The network usage is denoted by the network utilization, U(N). The final form of AC is as follows: ⎛ finish( τ1i ) – max( finish( preτ1 ) )⎞⎞ ⎜ C( P ) = w × ⎛⎜ -----------------------------------------------------------------------i -⎟ ⎟ 1 r A⎜ τi XCET ( τ1i ) ⎝ ⎠⎟⎟ ⎜ ⎝ ⎠ + wp × σ ( U ( P ) ) + w n × U ( N )

(26)

where wr, wp, and wn denote the weighting factors for the relative response time, the balancing of processor utilization and the network usage, respectively. If there is not a feasible processor, then the processor with the minimum AC is selected. After the task instance assignment is completed, the algorithm is iterated from step 1 to step 3 until every task instance is completely scheduled. After the first instance, the algorithm defines the execution time window and communication cost on the

processor designated to schedule the task at the first instance.

5. TASK AND MESSAGE ATTRIBUTE ASSIGNMENT FOR FIXED PRIORITY SCHEDULING In the proposed resource allocation and off-line scheduling algorithm, we assume a roughly synchronized distributed system connected by a shared network. The tasks and messages for the operation of a task graph are allocated to the processors and a network, respectively. As a result, each task and message has a release time, a response time, and a priority inequality in its allocated processor or network for run-time scheduling. Using these original constraints, the off-line scheduled tasks and messages are transformed into tasks and messages with attributes suited for fixed priority scheduling (FPS) (i.e., periods, offsets, and priorities) that will reenact the timing behavior of offline scheduling at run-time (Dobrin et al., 2001). FPS cannot reconstruct an off-line scheduling result without any refinement of the FPS attributes of the scheduled instances. Obviously, no valid FPS attribute assignments exist that can achieve inconsistent priority and release time. Therefore, some tasks and messages should be split into several instances to achieve consistent task and message attributes based on the original constraints. When using the algorithm, FPS can have more tasks and messages than the original number of tasks and messages, which are called artifact tasks and messages. 5.1. Problem Definition As the result of off-line scheduling, we obtain a set of tasks (messages) with constraints by priority inequalities, period, and release time of each instance. The given set, which is denoted as Original_Tasks = {τ1, τ2,…, τN}, is transformed into a set of artifact tasks (messages), FPS_Tasks = {τ1, τ2, …, τN } , with attributes suitable for FPS. Although the number of artifacts depends on how the priority conflict and inconsistent release time are resolved, a size of artifact is always greater than or equal to the size of the original tasks (i.e., N ≥ N , N and N means the number of original and artifact tasks, respectively). The task τi executed by the FPS server has a fixed priority ( prioτi ), an offset ( offsetτi ), and a period ( periodτi ) as scheduling attributes, while the original task τi has an initial priority ( prioτi ), and period ( periodτi ), and its instances have individual release times ( rlτn ), where a is an instance number. The initial i priorities of original tasks are based on the identification number of tasks in given task graphs such that a task with a lower identification number has a higher priority. 5.2. Priority Inequalities Every task instance has an execution window, which is the time interval between its release and finish. If execution windows overlap each other, then their execution order is

HEURISTIC RESOURCE ALLOCATION AND SCHEDULING METHOD FOR DISTRIBUTED AUTOMOTIVE

decided by the off-line scheduler and each preempted instance has the information about higher priority instances, which is denoted as hpτn = {τmj prioτn < prioτm } . j i j Elements of hp for all task instances construct the set of priority inequalities, e, which has a cardinality of the number of priority inequalities. Each inequality is represented as an inequality equation between two priorities. For example, when the pth inequality indicates that the τmj is an instance prior to τni , the pth inequality equation is defined as follows: ep:prioτn < prioτm i

(27)

j

5.3. Irregular Release Instance A release instance of a periodic task has an identical time interval. However, by the precedence relation, when input data from precedence tasks is not available due to scheduling delay, the release instance is deferred until all input data has been received. In FPS, the initial release time of a periodic task can be designated to relatively offset the scheduling timer. If a release interval between neighbor instances programmed by the off-line scheduler equals the period of the original task, then the release time of the first instance is assigned to the offset and the original task is mapped to one artifact task with its original period. On the other hand, an original task having an irregular interval should be split into several artifacts. In this case, the instances are re-grouped by their release time, and then an offset and a period of generated artifacts to execute instances into each group is decided according to the original period and indices of involved instances. In order to minimize artifact size, the number of group created by irregular release time should be minimized. Accordingly, we propose a way to make the minimum number of groups using the factors of an original period. 5.4. Artifact Minimization In order to minimize the scheduling overhead added by conversion from an off-line schedule to FPS, the goal function G should be defined to minimize the number of artifact tasks or messages. Each instance can be grouped using divisors of the number of instances, where the set of divisors of τi ’s instances is denoted by Dτi . For example, if the number of instances is equal to 6, then the elements of set Dτi are {6, 3, 2, 1}, which are sorted in descending order for the convenience of calculation. The possible instance groups are derived from the subsets to have the same cardinality with its element numbers, as follows: Group level -1: d1τi( = 6 ) → {τ1i , τ2i , τ3i , τ4i , τ5i , τ6i } Group level -2: d2τi( = 3 ) → {τ1i , τ3i , τ5i } , {τ2i , τ4i , τ6i } 3 τi

1 i

4 i

2 i

5 i

3 i

6 i

Group level -3: d ( = 2 ) → {τ , τ }, {τ , τ },{τ , τ }

619

Group level -4: d4τi ( = 1 ) → {τ1i }, {τ2i },{τ3i }, {τ4i }, {τ5i }, {τ6i } The cardinality of each subset becomes the value of the selected element in set Di, as shown on the left side of the above subsets. For each subset (instance group), the difference between instance numbers of neighbor elements is equal to d1τi , dividing its cardinality. The cost function to represent priority difference between instances in a particular subset is formulated as the summation of the priority difference of two elements in 2-combination subsets of the instance group. For example, the cost function of the subset gτi = {τ1i , τ3i , τ5i } is defined as follows: C( gτi ) = min(1, ( prioτ1 – prioτ3 + prioτ1 – prioτ5 i

i

i

+ prioτ3 – prioτ5 )) i

i

(28)

i

In the above equation, the function value larger or equal to one indicates group breaking; therefore, it is bounded by one. Each cost function is summed to the final goal function with multiplication weighting factors to minimize generated artifact. A weighting factor is calculated using the number of elements in a group and the number of groups at the next split level. The weighting factor, wsτi , for group level - s of τi is defined as follows: d1τi wsτi = ( dsτi – dτ(si + 1) ) × ---------dτ(si + 1)

(29)

The first term considers an increased number of artifacts, and the other is included to consider the potential of the group. As a result, the term in the final goal function for one instance group becomes wsτi × C( gτi) , and the final goal function is represented in equation (30). G = ∑ wsτi × C( gτi )

(30)

The coefficients of the priority inequality constraints are represented by A, and the corresponding right side vector is denoted by b. In optimal problem formulation, because linear inequality constraints have a greater than or equal to condition, we modify the original set of the priority inequality equation e as follows: peioτn < peioτm → peioτn – peioτm ≤ 1 i

j

i

j

The priority inequality constraints matrix A is defined as follows: A = [ a1, a2, …, a e ]T

(31)

ep:prioτn < peioτm → i

j

⎧ 1 if q = idτn i ⎪ ap = [ap1, ap2, …, apq, apk ] = ⎨ –1 if q = idτn j ⎪ ⎩ 0 otherwise

where idτni and idτnj are indexing numbers assigned to each instance in order to formulate the optimal problem. The

620

J. YOUN, I. PARK and M. SUNWOO

corresponding vector b is determined as e – dimensional column vector with components of 1s, b = [ 1, 1, …, 1]T . • Effective instance group selection In order to minimize the optimal problem, we reduce the number of instances in the optimal function considering the strong split and irregular release instance conditions. First of all, instances constrained by priority inequalities compose the initial variable set. We then select candidate instance groups involving an element of the initial variable set from among the entire set. Selected groups search their higher and lower priority instances and check whether instances are indicated on both sides or not.

instance and assign a priority, period and offset to each artifact. The offset and period of an artifact are calculated as follows: LCM offsetτi = rlτi, periodτi = --------------------------------------------------------------------i the number of instances of τi

(32)

6. CASE STUDY: CHASSIS CONTROL SYSTEM BASED ON INTEGRATED ARCHITECTURE

5.5. Period and Offset Assignment From the priority assignment algorithm, we have a set of minimum artifacts with priorities. In addition, we create additional artifacts constrained by the irregular release

In order to evaluate the proposed heuristic design method, we employed a conventional chassis control system as a case study. The chassis control system includes the electronic stability control (ESC), electro-mechanical brake (EMB), continuous damping control (CDC), and electronic air suspension (EAS) systems. The detailed application structure and task graphs are shown in Figure 5 and Figure 6. The ESC controls the brake force to track the desired vehicle yaw rate and slip angle, and the EMB controls the electric motors to generate the brake force required by the ESC. The CDC and EAS independently control the damping force and height of each suspension system located at the four corners of the vehicle. The control applications have multi-rate execution, and we constrain the hardware architecture to the physical location of each component. As depicted in Figure 7, the given conventinoal chassis control system is composed of seven ECUs which are developed in a paradigm of signel function-to-single ECU. The sensors and actuators are connected to the corresponding ECU through long and complex electrical wires, as

Figure 5. Functional diagram of chassis control system.

Figure 6. Task graphs of chassis control system.

• Solver of optimal problem This optimal problem is to find a minimum of a constrained non-linear multivariable function. We used the optimal solver combined sequential quadratic programming and genetic algorithm in the optimization toolbox developed by Matlab/Simulink. The result of the solver does not guarantee the justified priority assignment for unconstrained instances because the priority inequalities may not be defined to all priority relations between every instance. Therefore, the result should be revised to only include instances constrained by the priority inequalities, and constrained instances of the corresponding column vector in A contain the non-zero elements.

HEURISTIC RESOURCE ALLOCATION AND SCHEDULING METHOD FOR DISTRIBUTED AUTOMOTIVE

621

Figure 7. Physical architecture of conventional and proposed chassis control system.

Figure 8. Relationship between the objective function and three weighting factors. shown in Figure 7. The CAN bus is only used for unified control functions or for the information sharing of sensors and actuators. On the other hand, with our approach, the control functions can be distributed onto several ECUs to satisfy the temporal requirements. Therefore, we can propose a new hardware architecture for the system as shown in Figure 7, where the sensors and actuators are

Figure 9. Hardware configuration for the case study.

physically connected to the nearest ECU. In this architecture, we assume that the system uses four ECUs to operate the application functions, which are positioned at each corner to minimize the physical wiring.

Figure 10. Off-line scheduling result with wr=0.15, wp=0.7, and wn=0.15.

622

J. YOUN, I. PARK and M. SUNWOO

Table 3. Artifact task-set of the chassis control system. Task

1

prio

Task

offset period

prio

τ1

0

5000

10

τ11_1

7800 10000

-

τ2

0

10000

3

τ15_1

500

10000

4

τ6

0

5000

6

τ15_2

5500 10000

9

200

τ7

5000

5

τ16

1500

5000

2

τ11_1

2400 10000

8

τ19

8100

5000

1

Task

offset period

prio

Task

offset period

prio

9

τ10_2

7300 10000

-

τ3

Figure 11. ESC and EMB test case (Steering angle, and yaw rate).

2

3

4

Figure 12. ESC and EMB test results (Braking force of each wheel).

offset period

0

10000

τ8

700

5000

8

τ12_1

2000 10000

3

τ9_1

1300 10000

7

τ12_2

7400 10000

-

τ9_2

6700 10000

-

τ20

8100 10000

1

τ10_2

1900 10000

5

Task

offset period

prio

Task

offset period

prio

10000

5

τ17

1900 10000

2

τ13_1

2400 10000

4

τ21

8200 10000

1

τ13_2

7800 10000

-

Task

offset period

τ4

0

prio

Task

offset period

prio

10000

5

τ18

5600 10000

2

τ14_1

2500 10000

4

τ22

7700 10000

1

τ14_2

7900 10000

-

τ5

0

Table 4. Artifact message-set of the chassis control system. Message offset period prio Message offset period

6.1. Redesign of the Chassis Control Applications In order to determine appropriate weighting factors, we define an objective function as the summation of the WCRT of the actuator tasks, σ(U(P)) and U(N), in which the WCRT is normalized to 100 ms. Figure 8. Relationship between the objective function and three weighting factors. shows the relationship between the objective function and three weighting factors, and select appropriate values such as wr=0.15, wp=0.7, and wn=0.15. As shown in Figure 10, the design requirement is satisfied with a response time similar to that in Figure 6. Task graphs of chassis control system., and a more balanced processor usage than in every previous case. Using the proposed off-line scheduling algorithm, we obtain the final artifact-sets for each processor, as shown in Table 3 and Table 4. There is priority conflict between τ7 and τ15 in P1: hpτ1 = {τ16 } , hpτ2 = {τ26, τ215} , hpτ1 = {τ17 } , hpτ2 = { } . As a 7 7 7 15 result, the original task τ15 is split into two artifacts, τ15_1 and τ15_2 , and their priorities are assigned to satisfy the priority inequalities. 6.2. On-target Implementation and Hardware-in-the Loop Simulation As mentioned in the previous section, the conventional

1

2

m1

200

5000 19(1)

m3_2

6300 10000

-

m2

200

5000 18(2)

m10

1500 10000

9(11)

m3_1

900 10000 13(7)

Message offset period prio Message offset period

prio

m6_1

2000 10000 17(3)

m9_1

2000 10000

5(15)

m6_2

7400 10000

m9_2

7400 10000

-

m8_1

2000 10000 11(9)

m11

200

m8_2

7400 10000

-

10000

4

15(5)

-

Message offset period prio Message offset period 3

prio

prio

m12

200 10000 8(12)

m15

4800 10000

7(13)

m14

4800 10000 14(6)

m16

4800 10000

2(18)

Message offset period prio Message offset period

prio

m13

200 10000 3(17)

m17

7700 10000 6(14)

m18

7700 10000

1(19)

chassis control system is redesigned with heuristic resource allocation and the off-line scheduling method. The control algorithms are embedded in four 16-bit microcontrollers with a CAN bus. This redesigned chassis control system is evaluated by a vehicle model running in a dSPACE

HEURISTIC RESOURCE ALLOCATION AND SCHEDULING METHOD FOR DISTRIBUTED AUTOMOTIVE

Figure 13. CDC test case (damper displacement of each wheel).

623

Figure 15. EAS test case (Vehicle velocity, driver input, and gear position).

Figure 16. EAS test result (Air suspension displacement of each corner). Figure 14. CDC test results (Heave motion of each corner).

7. CONCLUSION hardware-in-the loop simulation (HILS) device. Figure 9 shows the hardware configuration of the chassis control system. The results of the conventional and newly redesigned chassis control systems are compared and evaluated using three kinds of test scenarios. The ESC and EMB control system is evaluated using the test scenario described in Fiugre 11. There is a steering angle and yaw rate profile with 80 km/h of initial longitudinal velocity. Fiugre 12 displays the braking force applied to each wheel, which is controlled by the EMB system to generate the desired braking force determined by the ESC logic. A bump situation is used for testing the CDC algorithm as described in Figure 13. The control results are summarized in Figure 14. For the EAS system, the testing inputs are shown in Figugre 15, and the control results are plotted in Figugre 16. As described in the HILS results, the control performances of the newly proposed chassis control system is similar to that of the conventional system. This means that automotive applications can be operated using the proposed architecture without performance degradation.

In this study, we proposed heuristic resource allocation and scheduling method for distributed automotive control systems. The proposed method generates the scheduling table of tasks and messages with their priority attributes with regard to costs for network usage, computational load balance, response time. It can provide cost-effective design results satisfying functional and temporal requirements. In order to evaluate the proposed design methodology, we employed a conventional chassis control system as a sample application. We assumed that the hardware architecture is constrained by the physical locations of the sensors and actuators. The proposed scheduling algorithm resolved the application to satisfy the design requirements. Consequently, we obtained satisfactory design results based on the proposed method. Conventional system which is composed of seven ECUs were redesigned by only four ECUs without the degradation of control performance. Based on the proposed design method, it is expected that the development time and cost will be remarkably reduced. Concurrently, the production cost can be reduced with the

624

J. YOUN, I. PARK and M. SUNWOO

optimized hardware configuration as shown in the case study. Furthermore, it is beneficial to apply automotive industry implementations due to the practival targe platform such as fixed priority scheduling algorithm and CAN-based communication. ACKNOWLEDGEMENT−This work was financially supported by Energy Resource R&D program (2006ETR11P091C) under the Ministry of Knowledge Economy(MKE), BK21 Program (201000000000173) under Ministry of Education, Science and Technology, Workforce Development Program in Strategic Technology under MKE and Korea Institute for Advancement in Technology (KIAT), the National Research Foundation of Korea(NRF) grant funded by the Korea government(MEST) (No. 2011-0017495), and industrial strategy technology development program of MKE (No. 10039673, No. 10042633).

REFERENCES Abo, T., Tanigawa, H. and Hashimoto, H. (2006). Significance of electronics platform and the motivation for JasPar. Convergence Transportation Electronics Association and SAE Int., SAE Paper No. 2006-21-0020. Allan, V., Jones, R., Lee, R. and Allan, S. (1995). Software pipelining. ACM Computing Surveys (CSUR) 27, 3, 367−432. Audsley, N., Burns, A., Richardson, M., Tindell, K. and Wellings, A. (1993). Applying new scheduling theory to static priority pre-emptive scheduling. Software Engineering J., 8, 5, 284−292. Di Natale, M. and Sangiovanni-Vincentelli, A. L. (2010). Moving from federated to integrated architectures in automotive: The role of standards, methods and tools. Proc. IEEE 98, 4, 603−620. Di Natale, M. and Stankovic, J. A. (1994). Dynamic endto-end guarantees in distributed real time systems. Proc. Real-Time Systems Symp., 216−227. Dobrin, R., Fohler, G. and Puschner, P. (2001). Translating off-line schedules into task attributes for fixed priority scheduling. 22nd IEEE Real-Time Systems Symp. (RTSS'01), 225−234. Gendy, A. K. and Pont, M. J. (2008). Automatically configuring time-triggered schedulers for use with resource-constrained, single-processor embedded systems. Industrial Informatics, IEEE Trans. 4, 1, 37−46. Heitzer, H. (2003). Development of a fault-tolerant steerby-wire steering system. Auto Technology, 4, 55−60. Izosimov, V., Pop, P., Eles, P. and Peng, Z. (2005). Design optimization of time- and cost-constrained fault-tolerant distributed embedded systems. Design, Automation and

Test in Europe, Proc., 2, 864−869. Jonsson, J. and Shin, K. G. (1997). Deadline assignment in distributed hard real-time systems with relaxed locality constraints. Proc. 17th Int. Conf. Distributed Computing Systems, 432−440. Kandasamy, N., Hayes, J. and Murray, B. (2005). Dependable communication synthesis for distributed embedded systems. Reliability Engineering and System Safety 89, 1, 81−92. Leohold, J. and Schmidt, C. (2004). Communication requirements of future driver assistance systems in automobiles. Proc. 2004 IEEE Int. Workshop on Factory Communication Systems, 167−174. Navet, N., Song, Y., Simonot-Lion, F. and Wilwert, C. (2005). Trends in automotive communication systems. Proc. IEEE 93, 6, 1204−1223. Ringler, T., Steiner, J., Belschner, R. and Hedenetz, B. (1998). Increasing System Safety for By-Wire Applications in Vehicles by Using a Time Triggered Architecture. Computer Safety, Reliability and Security. 1st edn. Springer Berlin Heidelberg, 1516, 243−253. Rodriguez-Navas, G. and Proenza, J. (2004). Clock synchronization in CAN distributed embedded systems. RTN 2004, 35. Ryu, J., Yoon, M. and Sunwoo, M. (2006). Development of a network-based traction control system, validation of its traction control algorithm and evaluation of its performance using NET-HILS. Int. J. Automotive Technology 7, 6, 687−695. Saksena, M. and Seongsoo, H. (1996). An engineering approach to decomposing end-to-end delays on a distributed real-time system. Proc. 4th Int. Workshop on Parallel and Distributed Real-Time Systems, 244−251. Schild, K. and Wurtz, J. (1998). Off-line scheduling of a real-time system. Proc. CP97 Workshop on Industrial Constraint-Directed Scheduling, 29−38. Shin, M. and Sunwoo, M. (2007). Optimal period an priority assignment for a networked control system scheduled by a fixed priority scheduling system. Int. J. Automotive Technology 8, 1, 39−48. Xiuqiang, H., Mingxuan, Y. and Zonghua, G. (2008). A hierarchical framework for design space exploration and optimization of TTP-based distributed embedded systems. Industrial Informatics, IEEE Trans. 4, 4, 237− 249. Ziegenbein, D., Uerpmann, J. and Ernst, R. (2000). Dynamic response time optimization for SDF graphs. IEEE/ACM Int. Conf. Computer Aided Design, 135− 141.