Defending Event-Triggered Systems against Out-of-Envelope Environments

TL;DR

This paper examines how event-triggered real-time systems can be designed to withstand environmental assumption violations, such as interrupt storms, by introducing importance-based scheduling and comparing robustness with time-triggered systems.

Contribution

It introduces importance as a new concept for prioritizing tasks in event-triggered systems to enhance robustness against out-of-envelope conditions, and compares this approach to traditional time-triggered systems.

Findings

Event-triggered systems can be fortified against interrupt storms using importance-based scheduling.

Time-triggered systems are not inherently immune to out-of-envelope behavior.

Importance scheduling parallels mixed-criticality scheduling to improve robustness.

Abstract

The design of real-time systems is based on assumptions about environmental conditions in which they will operate. We call this their safe operational envelope. Violation of these assumptions, i.e., out-of-envelope environments, can jeopardize timeliness and safety of real-time systems, e.g., by overwhelming them with interrupt storms. A long-lasting debate has been going on over which design paradigm, the time- or event-triggered, is more robust against such behavior. In this work, we investigate the claim that time-triggered systems are immune against out-of-envelope behavior and how event-triggered systems can be constructed to defend against being overwhelmed by interrupt showers. We introduce importance (independently of priority and criticality) as a means to express which tasks should still be scheduled in case environmental design assumptions cease to hold, draw parallels to mixed-criticality scheduling, and demonstrate how event-triggered systems can defend against out-of-envelope behavior.