{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,26]],"date-time":"2026-02-26T15:25:53Z","timestamp":1772119553211,"version":"3.50.1"},"reference-count":35,"publisher":"Springer Science and Business Media LLC","issue":"1-2","license":[{"start":{"date-parts":[[2023,4,11]],"date-time":"2023-04-11T00:00:00Z","timestamp":1681171200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2023,4,11]],"date-time":"2023-04-11T00:00:00Z","timestamp":1681171200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"funder":[{"DOI":"10.13039\/501100005713","name":"Technische Universit\u00e4t M\u00fcnchen","doi-asserted-by":"crossref","id":[{"id":"10.13039\/501100005713","id-type":"DOI","asserted-by":"crossref"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Des Autom Embed Syst"],"published-print":{"date-parts":[[2023,6]]},"abstract":"<jats:title>Abstract<\/jats:title>\n                  <jats:p>Fail-operational behavior of safety-critical software for autonomous driving is essential as there is no driver available as a backup solution. In a failure scenario, safety-critical tasks can be restarted on other available hardware resources. Here, graceful degradation can be used as a cost-efficient solution where hardware resources are redistributed from non-critical to safety-critical tasks at run-time. We allow non-critical tasks to actively use resources that are reserved as a backup for critical tasks, which would be otherwise unused and which are only required in a failure scenario. However, in such a scenario, it is of paramount importance to achieve a predictable timing behavior of safety-critical applications to allow a safe operation. Here, it has to be ensured that even after the restart of safety-critical tasks a guarantee on execution times can be given. In this paper, we propose a graceful degradation approach using composable scheduling. We use our approach to present, for the first time, a performance analysis which is able to analyze timing constraints of fail-operational distributed applications using graceful degradation. Our method can verify that even during a critical Electronic Control Unit failure, there is always a backup solution available which adheres to end-to-end timing constraints. Furthermore, we present a dynamic decentralized mapping procedure which performs constraint solving at run-time using our analytical approach combined with a backtracking algorithm. We evaluate our approach by comparing mapping success rates to state-of-the-art approaches such as active redundancy and an approach based on resource availability. In our experimental setup our graceful degradation approach can fit about double the number of critical applications on the same architecture compared to an active redundancy approach. Combined, our approaches enable, for the first time, a dynamic and fail-operational behavior of gracefully degrading automotive systems with cost-efficient backup solutions for safety-critical applications.<\/jats:p>","DOI":"10.1007\/s10617-023-09271-x","type":"journal-article","created":{"date-parts":[[2023,4,11]],"date-time":"2023-04-11T06:02:52Z","timestamp":1681192972000},"page":"103-138","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":2,"title":["Predictable timing behavior of gracefully degrading automotive systems"],"prefix":"10.1007","volume":"27","author":[{"given":"Philipp","family":"Weiss","sequence":"first","affiliation":[]},{"given":"Sebastian","family":"Steinhorst","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2023,4,11]]},"reference":[{"key":"9271_CR1","doi-asserted-by":"crossref","unstructured":"Saidi S, Steinhorst S, Hamann A, Ziegenbein D, Wolf M (2018) Future automotive systems design: research challenges and opportunities: special session. In: Proceedings of the international conference on hardware\/software codesign and system synthesis (CODES+ISSS)","DOI":"10.1109\/CODESISSS.2018.8525873"},{"key":"9271_CR2","doi-asserted-by":"publisher","unstructured":"Weiss P, Weichslgartner A, Reimann F, Steinhorst S (2020) Fail-operational automotive software design using agent-based graceful degradation. In: Proceedings of the conference on design, automation and test in Europe (DATE), pp 1169\u20131174. https:\/\/doi.org\/10.23919\/DATE48585.2020.9116322","DOI":"10.23919\/DATE48585.2020.9116322"},{"key":"9271_CR3","doi-asserted-by":"publisher","unstructured":"Akesson B, Molnos A, Hansson A, Angelo JA, Goossens K (2011) Composability and Predictability for independent application development, verification, and execution, pp 25\u201356. https:\/\/doi.org\/10.1007\/978-1-4419-6460-1_2","DOI":"10.1007\/978-1-4419-6460-1_2"},{"key":"9271_CR4","doi-asserted-by":"publisher","unstructured":"Weiss P, Elsabbahy S, Weichslgartner A, Steinhorst S (2021) Worst-case failover timing analysis of distributed fail-operational automotive applications. In: Proceedings of the conference on design, automation and test in Europe (DATE), pp 1294\u20131299. https:\/\/doi.org\/10.23919\/DATE51398.2021.9473950","DOI":"10.23919\/DATE51398.2021.9473950"},{"key":"9271_CR5","doi-asserted-by":"publisher","unstructured":"Kohn A, K\u00e4\u00dfmeyer M, Schneider R, Roger A, Stellwag C, Herkersdorf A (2015) Fail-operational in safety-related automotive multi-core systems. In: 10th IEEE international symposium on industrial embedded systems (SIES), pp 1\u20134. https:\/\/doi.org\/10.1109\/SIES.2015.7185051","DOI":"10.1109\/SIES.2015.7185051"},{"key":"9271_CR6","doi-asserted-by":"publisher","unstructured":"Baleani M, Ferrari A, Mangeruca L, Sangiovanni-Vincentelli A, Peri M, Pezzini S (2003) Fault-tolerant platforms for automotive safety-critical applications. In: Proceedings of the 2003 international conference on compilers, architecture and synthesis for embedded systems. CASES \u201903, pp 170\u2013177. https:\/\/doi.org\/10.1145\/951710.951734","DOI":"10.1145\/951710.951734"},{"key":"9271_CR7","doi-asserted-by":"publisher","unstructured":"Bak S, Chivukula DK, Adekunle O, Sun M, Caccamo M, Sha L (2009) The system-level simplex architecture for improved real-time embedded system safety. In: 15th IEEE real-time and embedded technology and applications symposium, pp 99\u2013107. https:\/\/doi.org\/10.1109\/RTAS.2009.20","DOI":"10.1109\/RTAS.2009.20"},{"key":"9271_CR8","doi-asserted-by":"publisher","unstructured":"Oszwald F, Obergfell P, Traub M, Becker J (2019) Reliable fail-operational automotive e\/e-architectures by dynamic redundancy and reconfiguration. In: 2019 32nd IEEE international system-on-chip conference (SOCC), pp 203\u2013208. https:\/\/doi.org\/10.1109\/SOCC46988.2019.1570547977","DOI":"10.1109\/SOCC46988.2019.1570547977"},{"key":"9271_CR9","doi-asserted-by":"publisher","unstructured":"Smirnov F, Reimann F, Teich J, Han Z, Gla\u00df M (2018) Automatic optimization of redundant message routings in automotive networks. In: Proceedings of the 21st international workshop on software and compilers for embedded systems, pp 90\u201399. https:\/\/doi.org\/10.1145\/3207719.3207725","DOI":"10.1145\/3207719.3207725"},{"key":"9271_CR10","doi-asserted-by":"publisher","unstructured":"Weichslgartner A, Wildermann S, Teich J (2011) Dynamic decentralized mapping of tree-structured applications on NoC architectures. In: Proceedings of the fifth ACM\/IEEE international symposium, pp 201\u2013208. https:\/\/doi.org\/10.1145\/1999946.1999979","DOI":"10.1145\/1999946.1999979"},{"key":"9271_CR11","doi-asserted-by":"publisher","unstructured":"Faruque M, Krist R, Henkel J (2008) Adam: run-time agent-based distributed application mapping for on-chip communication. In: Proceedings of the 45th annual design automation conference, pp 760\u2013765. https:\/\/doi.org\/10.1145\/1391469.1391664","DOI":"10.1145\/1391469.1391664"},{"issue":"5","key":"9271_CR12","doi-asserted-by":"publisher","first-page":"26","DOI":"10.1109\/MDT.2010.106","volume":"27","author":"EL de Souza Carvalho","year":"2010","unstructured":"de Souza Carvalho EL, Calazans NLV, Moraes FG (2010) Dynamic task mapping for MPSoCs. IEEE Des Test 27(5):26\u201335. https:\/\/doi.org\/10.1109\/MDT.2010.106","journal-title":"IEEE Des Test"},{"key":"9271_CR13","doi-asserted-by":"publisher","unstructured":"Becker K, Voss S (2015) Analyzing graceful degradation for mixed critical fault-tolerant real-time systems. In: 18th international symposium on real-time distributed computing (ISORC), pp 110\u2013118. https:\/\/doi.org\/10.1109\/ISORC.2015.10","DOI":"10.1109\/ISORC.2015.10"},{"key":"9271_CR14","doi-asserted-by":"publisher","unstructured":"Gla\u00df M, Lukasiewycz M, Haubelt C, Teich J (2009) Incorporating graceful degradation into embedded system design. In: Proceedings of the conference on design, automation and test in Europe, pp 320\u2013323. https:\/\/doi.org\/10.1109\/DATE.2009.5090681","DOI":"10.1109\/DATE.2009.5090681"},{"key":"9271_CR15","doi-asserted-by":"publisher","unstructured":"Shelton CP, Koopman P, Nace W (2003) A framework for scalable analysis and design of system-wide graceful degradation in distributed embedded systems. In: Proceedings of the 8th International workshop on object-oriented real-time dependable systems (WORDS), pp 156\u2013163. https:\/\/doi.org\/10.1109\/WORDS.2003.1218078","DOI":"10.1109\/WORDS.2003.1218078"},{"issue":"1","key":"9271_CR16","doi-asserted-by":"publisher","first-page":"93","DOI":"10.1109\/71.80192","volume":"2","author":"MP Herlihy","year":"1991","unstructured":"Herlihy MP, Wing JM (1991) Specifying graceful degradation. IEEE Trans Parallel Distrib Syst 2(1):93\u2013104. https:\/\/doi.org\/10.1109\/71.80192","journal-title":"IEEE Trans Parallel Distrib Syst"},{"key":"9271_CR17","doi-asserted-by":"publisher","DOI":"10.1145\/3274665","author":"A Weichslgartner","year":"2018","unstructured":"Weichslgartner A, Wildermann S, Gangadharan D, Gla\u00df M, Teich J (2018) A design-time\/run-time application mapping methodology for predictable execution time in MPSOCS. ACM Trans Embed Comput Syst. https:\/\/doi.org\/10.1145\/3274665","journal-title":"ACM Trans Embed Comput Syst"},{"key":"9271_CR18","doi-asserted-by":"publisher","unstructured":"Guo Z, Yang K, Vaidhun S, Arefin S, Das SK, Xiong H (2018) Uniprocessor mixed-criticality scheduling with graceful degradation by completion rate. In: 2018 IEEE real-time systems symposium (RTSS), pp 373\u2013383. https:\/\/doi.org\/10.1109\/RTSS.2018.00052","DOI":"10.1109\/RTSS.2018.00052"},{"key":"9271_CR19","doi-asserted-by":"publisher","unstructured":"Kim J, Bhatia G, Rajkumar R, Jochim M (2012) Safer: system-level architecture for failure evasion in real-time applications. In: 2012 IEEE 33rd real-time systems symposium, pp 227\u2013236. https:\/\/doi.org\/10.1109\/RTSS.2012.74","DOI":"10.1109\/RTSS.2012.74"},{"key":"9271_CR20","doi-asserted-by":"publisher","unstructured":"Pourmohseni B, Wildermann S, Gla\u00df M, Teich J (2017) Predictable run-time mapping reconfiguration for real-time applications on many-core systems. In: Proceedings of the 25th international conference on real-time networks and systems, pp 148\u2013157. https:\/\/doi.org\/10.1145\/3139258.3139278","DOI":"10.1145\/3139258.3139278"},{"key":"9271_CR21","doi-asserted-by":"publisher","DOI":"10.3390\/jlpea10040038","author":"B Pourmohseni","year":"2020","unstructured":"Pourmohseni B, Gla\u00df M, Henkel J, Khdr H, Rapp M, Richthammer V, Schwarzer T, Smirnov F, Spieck J, Teich J et al (2020) Hybrid application mapping for composable many-core systems: overview and future perspective. J Low Power Electron Appl. https:\/\/doi.org\/10.3390\/jlpea10040038","journal-title":"J Low Power Electron Appl"},{"key":"9271_CR22","unstructured":"WikiChip: Tesla FSD computer. https:\/\/en.wikichip.org\/wiki\/tesla_(car_company)\/fsd_chip Accessed 16 Aug 2022"},{"key":"9271_CR23","unstructured":"Lunt M (2016) E\/E-architecture in a connected world. https:\/\/www.asam.net\/index.php?eID=dumpFile &t=f &f=798 &token=148b5052945a466cacfe8f31c44eb22509d5aad1 Accessed 16 Aug 2022"},{"key":"9271_CR24","unstructured":"Bosch: vehicle-centralized, zone-oriented E\/E architecture with vehicle computers. https:\/\/www.bosch-mobility-solutions.com\/en\/mobility-topics\/ee-architecture\/ Accessed 16 Aug 2022"},{"key":"9271_CR25","unstructured":"Scalable service-oriented MiddlewarE over IP (SOME\/IP) (2021) http:\/\/some-ip.com\/"},{"key":"9271_CR26","unstructured":"International Organization for Standardization: ISO 26262 (2011) Road vehicles\u2014functional safety\u2014 part 1\u20139, 1st edn. International Organization for Standardization"},{"issue":"1","key":"9271_CR27","doi-asserted-by":"publisher","first-page":"269","DOI":"10.1007\/BF01386390","volume":"1","author":"EW Dijkstra","year":"1959","unstructured":"Dijkstra EW (1959) A note on two problems in connexion with graphs. Numer Math 1(1):269\u2013271. https:\/\/doi.org\/10.1007\/BF01386390","journal-title":"Numer Math"},{"key":"9271_CR28","doi-asserted-by":"publisher","unstructured":"Pourmohseni B, Smirnov F, Wildermann S, Teich J (2020) Real-time task migration for dynamic resource management in many-core systems. In: Workshop on next generation real-time embedded systems (NG-RES 2020). Schloss Dagstuhl-Leibniz-Zentrum fuer Informatik. https:\/\/doi.org\/10.4230\/OASIcs.NG-RES.2020.5","DOI":"10.4230\/OASIcs.NG-RES.2020.5"},{"key":"9271_CR29","doi-asserted-by":"publisher","unstructured":"Frese T, Leonhardt T, Hatebur D, C\u00f4t\u00e9 I, Aryus H-J, Heisel M (2020) Fault tolerance time interval: how to define and handle. In: Neue dimensionen der mobilit\u00e4t: technische und betriebswirtschaftliche aspekte, pp 559\u2013567. https:\/\/doi.org\/10.1007\/978-3-658-29746-6_45","DOI":"10.1007\/978-3-658-29746-6_45"},{"key":"9271_CR30","doi-asserted-by":"publisher","unstructured":"Weiss P, Daporta E, Weichslgartner A, Steinhorst S (2021) Checkpointing period optimization of distributed fail-operational automotive applications. In: 2021 24th Euromicro conference on digital system design (DSD), pp 389\u2013395. https:\/\/doi.org\/10.1109\/DSD53832.2021.00066","DOI":"10.1109\/DSD53832.2021.00066"},{"issue":"8","key":"9271_CR31","doi-asserted-by":"publisher","first-page":"2603","DOI":"10.1016\/j.compeleceng.2013.06.005","volume":"39","author":"J Heisswolf","year":"2013","unstructured":"Heisswolf J, K\u00f6nig R, Kupper M, Becker J (2013) Providing multiple hard latency and throughput guarantees for packet switching networks on chip. Comput Electr Eng 39(8):2603\u20132622. https:\/\/doi.org\/10.1016\/j.compeleceng.2013.06.005","journal-title":"Comput Electr Eng"},{"key":"9271_CR32","unstructured":"SimPy T (2021) SimPy discrete event simulation library for Python, Version 4.0.1. https:\/\/simpy.readthedocs.io"},{"key":"9271_CR33","unstructured":"Reimann F, Lukasiewycz M, Gla\u00df M, Smirnov F (2021) OpenDSE\u2014Open design space exploration framework. http:\/\/opendse.sourceforge.net\/"},{"key":"9271_CR34","doi-asserted-by":"crossref","unstructured":"Dick RP, Rhodes DL, Wolf W (1998) Tgff: task graphs for free. In: Proceedings of the sixth international workshop on hardware\/software codesign. (CODES\/CASHE\u201998), pp 97\u2013101","DOI":"10.1145\/278241.278309"},{"key":"9271_CR35","doi-asserted-by":"publisher","unstructured":"Schwarzer T, Roloff S, Richthammer V, Khaldi R, Wildermann S, Gla\u00df M, Teich J (2018) On the complexity of mapping feasibility in many-core architectures. In: 2018 IEEE 12th International symposium on embedded multicore\/many-core systems-on-chip (MCSoC), pp 176\u2013183. https:\/\/doi.org\/10.1109\/MCSoC2018.2018.00038","DOI":"10.1109\/MCSoC2018.2018.00038"}],"container-title":["Design Automation for Embedded Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10617-023-09271-x.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10617-023-09271-x\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10617-023-09271-x.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,6,28]],"date-time":"2023-06-28T23:38:43Z","timestamp":1687995523000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10617-023-09271-x"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,4,11]]},"references-count":35,"journal-issue":{"issue":"1-2","published-print":{"date-parts":[[2023,6]]}},"alternative-id":["9271"],"URL":"https:\/\/doi.org\/10.1007\/s10617-023-09271-x","relation":{"has-preprint":[{"id-type":"doi","id":"10.21203\/rs.3.rs-1882453\/v1","asserted-by":"object"}]},"ISSN":["0929-5585","1572-8080"],"issn-type":[{"value":"0929-5585","type":"print"},{"value":"1572-8080","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023,4,11]]},"assertion":[{"value":"21 July 2022","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"24 March 2023","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"11 April 2023","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}}]}}