Mixed Criticality Scheduling of Probabilistic Real-Time Systems

. In this paper we approach the problem of Mixed Criticality (MC) for probabilistic real-time systems where tasks execution times are described with probabilistic distributions. In our analysis, the task enters high criticality mode if its response time exceeds a certain threshold, which is a slight deviation from a more classical approach in MC. We do this to obtain an application oriented MC system in which criticality mode changes depend on actual scheduled execution. This is in contrast to classical approaches which use task execution time to make criticality mode decisions, because execution time is not affected by scheduling while the response time is. We use a graph-based approach to seek for an optimal MC schedule by exploring every possible MC schedule the task set can have. The schedule we obtain minimizes the probability of the system entering high criticality mode. In turn, this aims at maximizing the resource efﬁciency by the means of scheduling without compromising the execution of the high criticality tasks and minimizing the loss of lower criticality functionality. The proposed approach is applied to test cases for validation purposes.


Introduction
Real-time applications demand timing guarantees at all of their execution scenarios. Classical approaches apply Worst Case Execution Times (WCET) in order to have safe/pessimistic models of task executions. The actual task execution time may vary but will always lie below the WCET because the instances when the actual execution time is equal to WCET are unlikely [15,17]. Predictability is assured with schedulability analysis that applies worst-case models like WCETs.
This work is also a result of the CISTER Research Unit (UID/CEC/04234), supported by FCT/MCTES (Portuguese Foundation for Science and Technology).

Problem Discussion and Contribution
In this work, we look for a probabilistic MC scheduling analysis which provides a reliable probabilistic picture of the system, and safe timing guarantees, especially for high criticality tasks, or low probability of occurrence of critical events. In addition, it must be able to exploit the common objective of the MC and probabilistic approaches, which is leveraging probabilities into maximizing resource usage and minimizing pessimism.
Given a MC periodic non-preemptive task set known beforehand to be executed on a uniprocessor machine, with each task described with a pWCET, instead of a WCET, and given a maximum probability of deadline miss for the tasks, how do we find a schedule such that the probability of the system entering high criticality mode is minimum ? We aim for a minimization of the probability of system entering high criticality because there are certain predefined actions that are taken when the system does enter high criticality. Usually, these actions involve discarding the lower criticality tasks. With our approach, we make such actions least likely. With this objective in mind, we propose a graph-based task execution model. We begin constructing a graph based model to represent the possible job orderings. The possible schedules are then represented in exploration trees. These trees are explored to obtain a resource efficient schedule. Using graphs allows us explore all the possible combinations of job scheduling. Only by exploring all the combinations, we can confidently conclude for a schedule with the least probability of the system switching mode to high criticality among all the possibilities. Using the graph and other structures to model task executions, we are able to extract crucial schedulability information like pWCRT and the probabilities associated. There exist some approaches like [9,20] which use graphs to express for task execution, but they do so in a non-probabilistic and non-MC domain.
Our approach mainly consists of an offline analysis to obtain a schedule for the jobs. The schedule obtained is a sequence of jobs which are ensured to contain all the high criticality jobs. In addition, the schedule results in the minimum probability that the system enters high criticality mode. The exploration process has exponential complexity. It originates from the complexity of the probabilistic models in addition to the complexity of the MC approaches. However, the relatively high offline complexity is a trade-off we make at the moment where we gain a new application oriented MC approach through the advantages of probabilistic models. The complexity of this exploration is somewhat reduced in parallel of the offline construction of the schedule by discarding unfeasible schedules. The complexity will be further improved in the future works.
The online part of the schedule consists of execution of jobs in the sequence given from the offline analysis. It simply executes the jobs given in the scheduling order. The online complexity is drastically reduced through our method as the schedule is a simple list to follow.
As in most works on MC scheduling, we assume a system with tasks of two criticalities and modes. However, our work can easily extend to multi-criticality system. Moreover, contrary to classical MC we use probabilistic Worst Case 3 Response Time (pWCRT) to make criticality decisions. Any increased resource demand from a jobs occurs at run-time. The criticality mode change for a job is a reflection of this increased demand. This run-time execution information is represented by the response time and not execution time. With this, we also leverage probabilities into scheduling decisions in order to maximize the resource usage. This is because the pWCRT is affected by the schedule and the schedule defines the resource assignment to the jobs.
Outline of the Paper. The paper is divided as follows: Sect. 1 introduces the context and states the problems which we answer in this paper. Section 2 gives the reader the necessary background to understand this paper as well as the assumptions made. Section 3 presents the graph-based model and the exploration trees. Section 4 details the schedulability analysis from graph and tree representations, together with the offline and online strategies developed. The paper is concluded in the Sect. 5.

Notations and Definitions
In this work we consider pWCETs to define task execution which is probability distribution.
For a discrete random variable C , the Probability Mass Function (PMF) In the rest of the paper, calligraphic letters are for random variables, while noncalligraphic letters are for deterministic variables. Figures 1 shows an example of a certain distribution in PMF, discrete CDF and discrete ICDF forms. The discrete cumulative forms show probability increment or decrement in a step-wise fashion. The task pWCET is a discrete random variable C taking task execution values where PMF f C (x) represents the probability that the task takes a certain WCET. In its representation with CDF, F C (x) is the cumulative probability that the task respects WCET x while executing; in the ICDF representation, F C (x) is the probability that the task overcomes WCET x. The deterministic WCET C from C is the maximum value of C ; for it F C (C) = 1, and F C (C) = 0. Figure 2 shows a discrete form of a pWCET with its maximum value as WCET.
The convolution of two PMFs f X (x)a n dg Y (y), denoted by ⊗, refers to the summation of the random variables X and Y , given as:

Computational Model
We assume a fixed set of periodic tasks executing in a system with each instance of a task called a job. All the tasks are known beforehand. We focus our analysis on the jobs. A MC job J i is represented with a tuple of parameters: C i is the job pWCET probability distribution; the job arrives at time a i ; has the deadline d i ;a n dl i is the criticality execution time threshold. The arrival time and the deadline are deterministic variables. The criticality level of the job is L i . We assume that the arrival of the first job of each task is always at time zero. The tasks are scheduled periodically and non-preemptively on a uniprocessor machine in which execution of jobs are suspended at their respective deadlines. For the jobs, we consider pWCET described with discrete distributions, although our method applies to both, continuous and discrete distributions. We analyze the jobs in the hyperperiod because the schedule repeats each hyperperiod. Since the jobs are suspended at the deadline, the execution order does not change across the hyperperiods. The sequence of the jobs remain the same and the execution room for each job is sufficiently given within the hyperperiod. The execution behaviour of the jobs across the hyperperiods can be different and our approach takes that into account. The hyperperiod is defined as the least common multiple of the periods of all the tasks. Definition 1. For a probabilistic job J i as defined in Eq. (1), its probabilistic Worst Case Response Time pWCRT is the PMF f Ri (x) which gives the probability that J i will take certain time R i , to end execution after its release. The CDF is F Ri (x)=Σf Ri (c), and the ICDF is Because the response time is a probability distribution, which in turn comes from pWCET of the jobs, the deadline miss also has an associated probability. This is easily extracted from the response time. We assume a certain allowed maximum probability of deadline miss for any job P max dm is given. A job J i is said to have missed its deadline if 1 − Σ di x=0 f Ri (x) > P max dm . Criticality Levels. We consider two level criticality case, hi and lo, with hi having higher importance than lo. The high criticality job can execute in hi or lo mode, the low criticality job executes only in lo mode. After its release, the high criticality job executes in lo criticality mode until the response time threshold l i . A job execution exceeding this threshold is said to execute in the high criticality mode. Evidently, l i is a deterministic single-valued parameter. The job criticality is given by L i which is its relative importance over others. L i can take values hi or lo.
We explain criticality using the response time because we can make scheduling decisions based on actual job execution. This implies, criticality decision takes into account the affect of other job executions as well. Figure 3 shows an example of a job pWCET and pWCRT. It shows both the distributions with criticality thresholds. The criticality obtained from threshold applied on response time contains more run-time information than that obtained from pWCET. In the hyperperiod there are n jobs, and the set of jobs is Λ. There are n hi high criticality jobs in Λ, and n lo low criticality jobs in Λ; Λ hi represents the set of high criticality jobs, and Λ lo represents the set of low criticality jobs; Λ=Λ hi ∪ Λ lo ,a n dn = n lo + n hi .
Worst-Case Independence. The pWCETs are assumed to be independent [6]; this is because the pWCET represents the worst case execution scenario of the job. Independence implies that the execution of one job does not inherently affect the execution of another (dependence in this case would be in the cases like shared resources by the two jobs). Any dependencies on execution and criticality mode changes due to scheduling of the jobs is not assumed and is taken into account. Any execution delays which are caused apart from the scheduling must already be included in the pWCET distribution.

Probabilistic Scheduling Model
We propose an exploration of graph models for possible job execution combinations. We find a schedule which ensures the schedulability all the jobs. Then, it ensures that the probability that the system enters high criticality is minimum. This is when the job criticality is computed from its response time. We begin by defining the graph model. We follow by elaborating the graph model into exploration tree.

Graph Model
The graph represents the possible job combinations as schedules of the system in each hyperperiod. It uses nodes to represent the jobs and arcs to represent the possible ordering of execution among them. A directed graph is defined as is a finite set of elements called nodes and E(G) is the finite set of ordered pairs of elements of V (G) called arcs. The graph is acyclic because the schedule repeats each hyperperiod. Since there is no passing of information across the hyperperiods, it is not required to be represented through cyclic graph.
Nodes. Each node J i ∈ V (G) represents the execution of a job J i ∈ Λ. Since the elements of V (G) are one-to-one mapped to the elements of Λ, i.e. it represents the jobs, we directly use J i to represent the node.
The system can begin execution with any of the jobs which arrive at time zero, i.e. first jobs of the tasks. The nodes representing these first jobs are called the early nodes.T h eearly nodes set S(G) is a subset of the node set V (G), S(G) ⊆ V (G) such that ∀ J i ∈ S(G):a i = 0. The system can potentially begin execution by any of the jobs in this set. Graphically, we identify the early nodes set S(G) with extra arcs entering in J i ∈ S(G) without the source node, see Fig. 5 for an example. These arcs are not considered part of the E(G) set.
Arcs. An arc {J i ,J j }∈E(G) represents a possible ordering of jobs, in particular, that the job J j executes after the execution of the task J i . Formally, for An arc only exists when the deadline of the next job is greater than the arrival time of the executing job (previous job). This is enforced to prevent the scheduling of a job which has already passed its deadline. Also, in order to prevent scheduling the same job more than once, no self loop (arcs connecting themselves) exist, ∃{J i ,J i }∈E(G). It should be noted that, since the graph is directed, {J i ,J j } is not the same as {J j ,J i }. Also, the arcs do not represent the time of execution of the jobs, they simply direct to the next job to execute J j once the executing job J i finishes. For {J i ,J j }, we define a successor node as succ(J i )=J j and a predecessor node pred(J j )=J i .

Scheduling Tree
In order to search for a schedule, the graph is unfolded into trees defined as follows.
The exploration tree is constructed from the graph beginning with a root node of the graph as the first job to execute in the schedule. Each node of the tree is labelled with the job J i it represents. A node is only added to the tree if it does not miss its deadline and a corresponding arc exists in the graph, given that the corresponding node exists the graph. At each time it is added to the tree, the deadline miss is checked for by the condition 1 − Σ di x=0 f Ri (x) > P max dm for a job J i . If there is a deadline miss, the node/job is not added because the system should never be scheduled beyond this job.
To relax the notation, from now on we simply write V (T )a n dE(T )t o represent nodes/jobs and arcs respectively of the tree. In particular, since the tree is a rooted tree, its root is defined as the unique node with the label J s . Because the system can begin with one of the jobs arriving at time zero, there are different possible roots of a tree; this implies the number of possible trees is equal to the number of tasks because each task has a first job arriving at time zero. These trees are collectively called a forest.
The set of all exploration trees is called the exploration forest: F = {T s1 (G),T s2 (G), ...T s k (G)}, where s 1 , ..., s k are the indices of early jobs in S(G). The trees represent possible orderings or sequences of jobs beginning with an early job at the root. A leaf node in the tree is a node with no outgoing transitions, J n is a leaf node if succ(J n ) does not exist. Thus, a schedule is a path taken through the tree from a node to a leaf node defined as follows.
Definition 4 (Path). A path in the T-th tree path T (J i ,J n ) is a unique sequence of connected arcs starting from a node J i to a leaf node J n : Whenever we refer to the notation path T (J i ,J n ), we always refer to a unique path with a node J i and leaf node J n . Two paths are same if their elements, which are the sequences of arcs, are the same. We specify this because there are many possible paths from the root node to a leaf node notated by the same job. Also, a path can begin at any node and it ends at a leaf node.
For any node in the tree, there must not exist a same node in the path between itself and the root node This is done to prevent scheduling the same job more than once, we enforce the following definition. Formally, a node J i is not added to the tree if it already exists between the root and the desired point of addition: Example 1. We use a set of jobs Λ 1 shown in Fig. 4     The graph is a direct representation of all the possible ordering of the jobs in the system, see Fig. 5. There are nodes J 1 , J 2 , etc. for each job which are interconnected by uni-directed arcs which refer to the order of executions; e.g., if J 3 is executing, then it can be followed by the jobs J 1 , J 4 or J 5 . The system can begin execution with J 1 or J 2 . This set of early nodes of the jobs J 1 and J 2 are represented by the extra arcs entering those nodes. In order to explore this graph to look for a schedule, it is unfolded into a forest of trees.
For Λ 1 , a portion of the tree is represented in the Fig. 6. The tree begins with ar o o tJ 1 followed by possible jobs which can execute, namely, J 2 , J 3 , J 4 , J 5 . This goes on until the leaf nodes where any more addition of nodes will mean a repetition of the same job in the schedule on the path. For the tree job set Λ 1 the Fig. 6, one possible path is shown by a dotted line. The dotted line represents a path J 1 ,J 2 ,J 4 ,J 3 ,J 5 . It also shows another possible tree with just its root J 2 .
With the construction of the exploration model complete, we now proceed extracting certain metrics from the exploration trees in order to decide for a MC schedule.

Evaluation
We first the define the metrics necessary for system criticality and then apply them to our model. We begin with obtaining a non-preemptive pWCRT for a job.
Classically, the pWCETs of the jobs are simply convoluted in order to obtain the pWCRT. The convolution operation does not take different arrival times into account. Thus, performing a convolution contains a hidden assumption that all the jobs arrive at the same time, i.e. at a critical instant. This results in a pessimistic pWCRT. Our approach to obtain the pWCRT involves handling the discrete distributions in a piece-wise manner. To do so, we first define a tail PMF as follows.

Definition 5 (Tail Probability Mass Function). A tail distribution of the response time f Ri (x) of a job J i with Worst Case Execution Time
given as: The tail distribution represents a complete PMF which probabilistically delays the execution of the next job in the schedule where the next job arrives at time a j . The probability accumulated at the instant a j (x = 0 in the function) in the tail PMF represents the probability that the job J i has finished execution by then. As in Fig. 7, the tail distribution of job J 1 (from Λ 1 in Example 1) accumulates 0.1+0.15 + 0.15 + 0.2=0.6 time zero. By doing so we prevent any loss of information in the distribution. We use this to obtain the pWCRT of the delayed job.
In order to obtain the response time of the jobs, we present the following theorem. The approach we propose is similar to the ones used by [12,14] but applied to every job with respect to their arrival times. It is not same as the classical convolution because convolution does not take the relative arrival times and the deadlines of the jobs into account. Classical convolution between the pWCETs of two jobs contains a hidden assumption that the jobs arrive at the same time. This is easily seen as the tail distribution approaches full pWCET when the arrival times are equal. Since this is not always the case, convolution results in a pessimistic response time distribution.
Theorem 1 (Non-Preemptive Probabilistic Worst Case Response Time). The pWCRT of a job without preemption is represented by convolution between its pWCET and the Tail PMF of the job executing immediately before.  Proof. Consider two jobs, J i arriving at time a i and J j arriving at time a j , a i ≤ a j . A representative example is shown in Fig. 7 as J 1 and J 3 for the jobs in Λ 1 of Example 1. Probabilistically, J i can continue to execute after the arrival time of J j . That means, there exists a probabilistic delay to the execution of the job J j due to the execution of the job J i . However, the probabilistic delay only exists due to J i executing between time a j and its WCET (which is the maximum value of its pWCET). Thus, the state space which affects the execution of J j is [a j ,WCET]. This state space contains the tail of the pWCRT of J i .I n order for the state space to be complete it must respect the property that sum of all the probabilities in the state space is equal to one. This implies, the tail of pWCRT of J i must be a PMF on its own. This distribution is given by the function f [aj ,W CET ] taili (x). The probability that J j ends execution at time a j depends on the probability that J j finishes at time a j and J i finishes at time a j OR J i finishes at time a j +1 OR at time a j + 2 OR ... and so on. Similarly, J j ends execution at time a j +1 depends on the probability that J j finishes at time a j and J i finishes at time a j + 1 OR at time a j + 2 OR ... and so on. This way we approach the classical convolution operation between the pWCET f Cj (x)o fJ j and the tail function f [aj ,W CET ] taili (x), given as:

⊓ ⊔
Our approach to obtain the pWCRT separates the part of the pWCRT PMF which affects the execution of the next job. We do not lose any information in the distribution as the probabilities before the time a j are accumulated 1 .M o r e o v e r , we retain the information within the time intervals in the distribution.
Using the pWCRT we apply the job criticality Definition 2 on the paths through the exploration tree.
Definition 6 (Job Criticality). Aj o bJ j in a path path T (J i ,J n ) is said to have entered high criticality if its response time crosses the threshold l j , f Rj (x) > l j , the probability of which is given as: where l j <d j and J n is a leaf node.
Example 2. Figure 7 shows a scenario where job J 3 executes after J 1 from the jobs in Λ 1 in Example 1; for explanation, a pWCET PMF is assumed for J 1 . The Tail PMF for the same is shown in the box. To obtain the pWCRT of J 3 , this PMF is then convoluted with the pWCET of the job J 3 . A pWCRT of the job J 1 with its threshold is shown in Fig. 8. The threshold is shown by the dotted line labelled l i = 12. From the Figure, the probability that this job enters hi-criticality mode is 0.15 + 0.05 = 0.20.
From the job criticality defined using its pWCRT, we define the probability of the system entering high criticality as follows.

Definition 7 (System Criticality). The system enters high criticality mode if at least one high criticality job enters high criticality mode.
To elaborate the above definition, system enters high criticality if the first high criticality job enters high criticality OR the second high criticality job enters high criticality OR the third..., and so on. This represents a summation of probabilities. However, the probability that a job enters high criticality is given from its pWCRT which has its own sample space. In order to sum the probabilities of all the high criticality jobs involved, we also need to sum the sample space. This is clear from the fact that the summation of probabilities without considering the sample space can result in a probability greater than one 2 . For each job entering high criticality, the probability adjusted for state space is ΣP hi i (path T )/(number of high criticality jobs). We use the law P (A ∪ B)=P (A)+P (B) − P (A ∩ B) for any two events A and B with P () giving their probability of occurrence [21]. Therefore, the probability that the system enters high criticality is given as the summation of probability of each high criticality job entering high criticality minus their product.
We apply these definitions to the graph and tree model. In our model, the schedule is represented as paths. Because the paths represent the schedule, the probability that the system enters high criticality is also a function of paths. However, not all the paths in the exploration tree are available for scheduling because not all paths contain all the high criticality jobs. The set of available paths are defined as follows.
Definition 8 (Available paths). Available paths is a set of all possible paths in a T -th tree from the root node J s ∈ S(G) to a leaf node J n , P avail = {path T (J s ,J n )} such that ∀k : J k =Λ = ⇒∃ J k ∈ path T (J s ,J n ); (6) and P avail is a set of possible schedules of the jobs in MC through the trees as the available paths. The available paths are the paths in which contain all the jobs in it and all those jobs meet their respective deadlines. In our context, the set of available paths represent the possible candidates to find a schedule. It should be noted that the criteria of all jobs meeting their deadlines is already met while constructing exploration tree. A node is not added to the tree if it misses its deadline. To quantify the probability of these paths we apply the definition of system criticality on the available paths as follows.
Definition 9 (Probability of system entering high criticality). For an available path path T (J s ,J n ) ∈ P avail , the probability P sys (path T (J s ,J n )) that the system enters high criticality by taking this path is given as: Using the available paths and the system criticality metric defined above, we finally obtain a mixed criticality (MC) schedule as follows.
Definition 10 (Mixed Criticality Schedule). A path P MC = path T (J s ,J n ) is the mixed criticality schedule if P sys (path T (J s ,J n )) is the minimum among all possible path T (J s ,J n ) ∈ P avail ∀i, ∃J i ∈ path T (J s ,J n ),a n d ∀i∃J i ∈ Λ where J s ∈ S(G).
The MC schedule is a path P MC through the exploration tree which contains all the jobs, no job misses its deadline and the probability of the system entering high criticality is minimum. It represents the schedule that should be taken by the system as the ordered sequence of execution of the jobs. To recall, the probability is minimum given the criticality is defined using the response time. Thus, we have found a solution to our problem which is a schedule represented by the path P MC . The path P MC by definition is from root node to a leaf node, thus we do not need to notate them (unlike jobs J s and J n in path T (J s ,J n )). Since this method is based on complete exploration, the schedule is guaranteed to be the optimal by minimizing the probability of system entering high criticality. Any impossible schedule is the one in which a job does not meet its timing constraints. These impossible schedules are already excluded while building the tree as we calculate response time in parallel.
Offline Schedule. As we see, the offline analysis results in a schedule P MC such that the probability of system entering high criticality is minimum. The schedule ensures that no job missed its deadline. It uses an exploration of tree based on a graph representation of job executions. Because it is an exhaustive exploration, the minimum probability is ensured.
Online Schedule. The online part of our method is straightforward. It takes the schedule P MC obtained in the offline analysis and executes the jobs as given in the sequence. The minimization of the probability of system entering high criticality has already been performed in the offline and is not required to be done in the online. The jobs are suspended if they reach their deadline and the sequence of jobs repeat each hyperperiod.
Example 3. We analyze the set of jobs Λ 2 s h o w ni nT a b l e1 which consists of 4 periodic tasks and 15 jobs with pWCET and implicit deadline as shown. There are 6 high criticality jobs from task τ 1 and 11 low criticality jobs from the rest of the tasks. To recall, the job set is to be scheduled non-preemptively on a uniprocessor system and the jobs are suspended at their deadlines. The threshold for the high criticality jobs of task τ 1 is set at 4 time units. The maximum allowed probability of deadline miss P max dm for any job is set at 1E − 03. The proposed schedule P MC is: J 11 ,J 41 ,J 31 ,J 32 ,J 21 ,J 12 ,J 13 ,J 42 ,J 33 ,J 22 , J 14 ,J 15 ,J 34 ,J 23 ,J 16 . The probability that the system enters high criticality is 0.0.00509. The pWCRT of some of the jobs is shown in Fig. 9. The pWCRT jobs of the high criticality task τ 1 remains unchanged as their pWCET as shown in Fig. 9(a). The pWCRTs of jobs which have been affected by probabilistic delay in execution are J 21 , J 22 , J 23 , J 31 , J 33 , J 34 and J 41 whose pWCRTs are shown in Figs. 9(b), (c), (d), (e), (f) and (g), respectively.
We obtain this result along with other possible schedules in which there is no deadline miss but the probability of the system entering high criticality is higher. For example, another possible schedule is: J 11 ,J 21 ,J 12 ,J 31 ,J 41 ,J 32 ,J 13 ,J 14 ,J 22 , J 42 ,J 15 ,J 33 ,J 34 ,J 23 ,J 16 . In this case the probability of system entering high criticality is 0.00605.
On computation, the tree for the job set Λ 2 contains 716, 132 nodes. Overall, we observe that we can quantify the probability of something occurring in the system, like deadline miss or entering high criticality. This gives us a global picture of the MC system with pWCETs in terms of risk involved of system entering high criticality when applying such a system. In addition, we can control it through observing the pWCRTs and making the scheduling decisions accordingly.
Complexity. In general, MC problem lies beyond NP and PSPACE complexity and it is NP in uniprocessor case [11]. The complexity of our approach depends on the number of jobs n. The maximum complexity of building the graph is O(n!). However, this might not always be the case because the tree is not built in the direction of a node which missed its deadline. Thus, the complexity also depends on the maximum allowed probability of deadline miss. The complexity of analyzing the tree and finding the paths is linear to the number of leaf nodes in the tree. In addition to this, there exists computational complexity of the convolution operation, which in turn depends on the possible values a random variable can take. Assuming that all jobs release at one critical instant, the convolution complexity is O(n n ).
Actual complexity of the offline process is much less. Firstly, it is rarely the case that all the jobs are release at the same time since they belong to periodic tasks in the hyperperiod. Second, some combinations of sequences of jobs will result in a deadline miss. This means that the exploration tree is not built in that direction.

15
We have utilized a graph base exploratory method to obtain a non-preemptive schedule for MC probabilistic real-time system on uniprocessor machine, where task executions are suspended at the deadline. The task criticalities are defined using the pWCRT. We do this to make criticality decisions based on tasks demanding more resource at run-time. The obtained schedule minimizes the probability of system entering high criticality mode. This way, the actions needed to perform to cope with system high criticality are made less likely for the application.
At the current state of the work, the complexity of searching through enumerations is high. This work is one of the first steps to formalize the mixed criticality domain through response time. At the cost of complexity, we gain an application oriented perspective of the mixed criticality approach by using the response time. We adapt the schedule to the application itself and minimize the probabilities accordingly. We intend to reduce the complexity through methods like ordered searches and merging common and similar paths.
We intend to perform comparisons with real benchmarks in the future once the complexity is feasible for very large task sets. In future work we will extend this model to optimize the decisions when the system does enter high criticality. This future step is a hybrid approach where offline probability minimization has been performed. The online step of the hybrid approach will take care of the real-time response of the tasks and adjust the schedule accordingly to safer scenarios without jeopardizing the system critical functionality. We also aim to perform a sensitivity analysis on the criticality definition using the task response times.