Peak-Power Aware Life-Time Reliability Improvement in Fault-Tolerant Mixed-Criticality Systems

Mixed-Criticality Systems (MCSs) include tasks with multiple levels of criticality and different modes of operation. These systems bring benefits such as energy and resource saving while ensuring safe operation. However, management of available resources in order to achieve high utilization, low power consumption, and required reliability level is challenging in MCSs. In many cases, there is a trade-off between these goals. For instance, although using fault-tolerance techniques, such as replication, leads to improving the timing reliability, it increases power consumption and can threaten life-time reliability. In this work, we introduce an approach named ${\mathbf {L}}ife-time \,\,{\mathbf {P}}eak \,\,{\mathbf {P}}{ower~management~in}\,\,{\mathbf {M}}{ixed}-{\mathbf {C}}{riticality\,\, systems}$ (LPP-MC) to guarantee reliability, along with peak power reduction. This approach maps the tasks using a novel metric called Reliability-Power Metric (RPM). The LPP-MC approach uses this metric to balance the power consumption of different processor cores and to improve the life-time of a chip. Moreover, to guarantee the timing reliability of MCSs, a fault-tolerance technique, called task re-execution, is utilized in this approach. We evaluate the proposed approach by a real avionics task set, and various synthetic task sets. The experimental results show that the proposed approach mitigates the aging rate and reduces peak power by up to 20.6% and 17.6%, respectively, compared to state-of-the-art.


I. INTRODUCTION
T HE CONSTRAINT on the power consumption and fabrication cost has triggered a growing trend towards implementing embedded systems with multiple functionalities on a shared platform [1], [2], [3]. Such systems that have functionalities with different criticality levels concerning how important they are to the application, are called Mixed-Criticality Systems (MCSs) [1], [2], [3], [4]. The number of processing cores is rising in such systems that results in boosting computing capacity [4]. However, increasing the number of processing cores and aggressive downscaling of feature size have resulted in higher overall power dissipation and power density, respectively, and consequently, elevate processor temperature [5], [6].
Different tasks running on an MCS require different reliability levels corresponding to their criticality [2], [7], [8], [9]. For example, in avionics applications, the flight management system includes high criticality (HI-Crit) tasks, like the engine operation (i.e., the task that ensures the safe operation). Failure during these task's executions may lead to system failure, and cause catastrophic damage. These tasks should be executed with higher reliability or execution time in comparison with low criticality (LO-Crit) tasks like air conditioning. By executing these LO-Crit tasks, the system accomplishes its mission successfully. There are defined standards like DO-178B [10] that provide reliability metrics for each task in each level of criticality in the MCSs [7], [8]. DO-178B considers the Probability of Failure per Hour (PFH) as a reliability metric based on transient faults.
A large number of previous works consider task reexecution or replication [2], [3], [7], [11] and task migration [8], [12], [13], [14] to confront with transient and permanent faults in MCSs, respectively. Regarding the transient fault tolerating, when a task is executed, if an instance of the task failed due to a transient fault occurrence, another instance of the task is executed to meet the required reliability level with higher probability. On the other hand, if a core failed permanently, HI-Crit tasks are migrated and re-mapped on an active core. Hence, HI-Crit tasks are executed correctly before their deadline. Although the downside of these approaches is timing overhead, they guarantee required reliability; however, there is no improvement on life-time reliability. As a result, to the best of our knowledge, there is no proposed solution to address these issues in mixed-criticality systems: 1) considering both transient and permanent faults, 2) mitigating aging, i.e., improving life-time reliability. These approaches would be beneficial to apply in real-life avionic applications, like satellites and airplanes, where functions have different criticality levels, and LO-Crit tasks can be dropped in an emergency situation in favor of HI-Crit tasks to have a safe operation. Besides, life-time reliability management would be essential while designing such systems.
From the perspective of MC system operation, each system operates in different criticality modes. At first, the system starts its operation in the Low (LO) mode and in this mode, all tasks must finish their execution correctly before their deadlines. However, as an example, if a fault occurs and leads to exceeding the Worst-Case Execution Time (WCET) of HI-Crit tasks, these tasks overrun and consequently, the system switches from LO mode to the High (HI) mode. In this HI mode, we have to guarantee the correct execution of HI-Crit tasks before their deadlines to prevent catastrophic consequences [1], [2], [3]. In the worst-case scenario, executing all HI-Crit and LO-Crit tasks up to their WCET in the HI mode, requires higher computational demands, which may increase the processor's utilization and causes the cores to be activated for some time with the highest performance. Thus, all cores may execute tasks simultaneously to meet the task deadlines, which draw a significantly larger power than it is designed for and may increase the system instantaneous power consumption [15], [16], [17]. In this situation, the system is more likely to generate heat beyond its cooling capacity. Therefore, it will be more susceptible to failures [17]. To overcome this power consumption issue, Dynamic Voltage and Frequency Scaling (DVFS) is one of the outstanding technique [18]. However, there are some restrictions in managing the power of MCSs while using the DVFS technique. For example, applying DVFS leads to high switching time overhead due to changing the cores' voltage and frequency levels. Thus, it may cause deadline violation and also threaten the reliability of tasks [16]. Moreover, the DVFS technique increases transient fault rate probability [18], and therefore, it cannot be simply applied in different operational modes of MCSs, especially in the HI mode. On the other hand, the power budgeting strategies such as Thermal Design Power (TDP) [17], [19] are not efficient on permanent faults. The reason is that although these techniques reduce chip aging and prevent failures caused by extreme power density and generating unexpected heat, they do not propose any policy such as aging balancing to mitigate chip failures due to permanent faults. Note that TDP refers to the maximum power that can be safely dissipated by a chip. By exceeding the TDP (peak power constraint), a large amount of heat will be generated that may exceed the cooling capability of the chip and hence activate dynamic thermal management [15], [17]. However, although the system in which TDP constraint is met, some processing cores may experience higher temperature and age faster [5]. Based on the International Roadmap for Devices and Systems (IRDS) 2020 reports [20], aggressive downscaling of feature size and inefficiency of power budgeting strategies on reliability, accelerate aging in recent and future technology sizes.
Due to the effect of temperature on aging rate and consequently on failure rate, temperature management with long-term perspective has an important effect on MCSs' reliability. This work proposes an approach named Life-time Peak Power management in Mixed-Criticality systems (LPP-MC) to prolong the life-time of MCSs. To balance the aging rate of processing cores, that results in system lifetime extension, we propose Reliability-Power Metric (RPM). According to RPM, the proposed algorithm selects the appropriate region with lower aging rate and less power density to map tasks with different criticality levels. After mapping tasks, we apply re-execution fault-tolerance technique to guarantee that tasks execute correctly before their deadline by assuming permanent and transient faults. Then, Earliest Deadline First with Virtual Deadline (EDF-VD) [9], [21] is used to schedule the tasks. In summary, the main contributions of this article are: • Defining a new metric to evaluate the effect of power, utilization, and reliability w.r.t. a life-time target on aging rate, and then proposing an approach to balance stress condition on the processing cores in MCSs. • Proposing an scheme for peak power management to avoid chip failures due to TDP violations in short-term. • Considering both permanent and transient faults in MCSs to guarantee the timing reliability and to improve the life-time reliability. • Calculating the required number of re-executions for each task to guarantee the reliability in each criticality level, based on both permanent and transient faults in an analytical approach. To evaluate our approach, we compare it with the stateof-the-art task mapping approaches in MCSs [1], [22]. The experimental results show that LPP-MC extends life-time up to 20.6% and reduces peak power comparing to the existing approaches up to 17.6%.
The rest of the paper is structured as follows: related work in this area is presented in Section II. A brief overview of fundamental concepts is provided in Section III. The problem definition and motivational example are presented in Section IV. Then, in Section V, we describe the proposed LPP-MC approach in detail. In the end, Section VI and VII describe experimental results and conclusion, respectively.

II. RELATED WORK
The state-of-the-art research works on multi-core MCSs focus on three scopes: utilization bound improvement, power management and reliability management. Since our focus is on power and reliability management, we discussed the most related works within these scopes. These works are categorized in Multi(M)/Single(S)-Core, Real-Time (RT), and Mixed-Criticality (MC) task model from the perspective of different objective optimization, such as providing Quality of Service (QoS) for the LO-Crit tasks in the HI mode, peak or average power consumption management, transient fault, permanent fault and life-time, which are summarized in Table 1. The research works in the scope of power management are given in rows 1-4 of Table 1. Rows 5-8 of the table show works on reliability management, specifically timing reliability. The works given in rows 9-15 are implemented on non-MCSs with life-time reliability and peak power objectives. A brief explanation of these works is given below.
Power Management: There are some works in the context of power management in MCSs [18], [23], [24], [25], [26], [27], [28], [40], in which, the authors have applied DVFS to minimize energy consumption and have dropped LO-Crit tasks in HI mode (rows 1-2). Researchers in [41] give a comprehensive study in the field of power and energyaware task scheduling in MCSs. However, there is a lack of peak power reduction in some research works, like what mentioned in rows 1-2 and no guarantee to meet TDP. In [16], [29], the authors have minimized peak power consumption by employing the accumulated dynamic slack and then using the DVFS technique at run-time for mixedcriticality systems with no guarantee of meeting the TDP constraint (row 3). However, since the DVFS technique increases the rate of fault occurrence [18] and there is no method in order to tolerate transient faults, reliability management cannot be guaranteed. Besides, these authors have presented a design-time approach to manage peak power and transient fault occurrence in MCSs by finding different scenarios of task mapping (row 4). However, this presented approach does not guarantee the reliability requirements and improves the life-time reliability and average power consumption.
Reliability Management: The reliability of MCSs has been considered by researchers as well. All techniques that were presented in [8], [12], [13], [14] have considered permanent faults as the fault model that have guaranteed reliability of the HI-Crit tasks by migration and reallocation. If there is no appropriate core to migrate HI-Crit tasks, they will drop LO-Crit tasks (row 5). Besides, researchers in [30] have proposed redundancy-based task mapping and scheduling to address the reliability improvement; however since the task's replicas are mapped to different types of processors, like safe and regular, there is no guarantee on correct execution of HI-Crit tasks in the case of failing of safe processors. Researchers in [42] give a comprehensive study in the field of reliability management for multi-core MCSs. Besides, there are some works that have considered transient faults as well [2], [3], [7], [9], [11], [32], [43]. Huang et al. [7], have applied re-execution fault-tolerance technique to MCSs. They have proposed an analytical approach to model safety requirements for both HI-Crit and LO-Crit tasks in single-core MCSs. Ranjbar et al. [9] also have used re-execution to meet reliability requirement. Moreover, they have considered maximum allowable number of drops for LO-Crit tasks in HI mode. Researchers in [3] have defined a four-mode model for single-core MCSs and optimized the LO-Crit tasks' quality of service (row 6). Later, Caplan et al. [11], have proposed an algorithm for this model in multi-core MCSs. Also, based on the proposed approach in [7], Zeng et al. [2] have proposed a multi-core faulttolerance scheduling algorithm. They have used replication besides re-execution (row 7). Rambo and Ernst [31] has also presented a replica-aware co-scheduling method for MCSs by exploiting cross-layer fault tolerance mechanisms. This method has supported network-on-chip communication delay and replication management overheads. However, there is no guarantee on correct execution of LO-Crit tasks in the HI mode, which may lead the system not to do its mission efficiently. Researchers in [32], [33] have proposed mapping algorithm for multi-core MCSs and guarantee a level of QoS for LO-Crit tasks (row 8). The disadvantage of this set of approaches is that they can no longer be used if a core fails. Hence, life-time of each core plays a crucial role in the efficiency of these works that is one of the main drawbacks of these approaches. Some other previous works focus on single-core MCSs reliability improvement [3], [7], [9], [44]. Although scheduling on single-core architectures is more straight forward, however, since multi-core architectures are more power-efficient and flexible in task scheduling, almost all of the recent MCSs exploit multi-core architectures and many of the state-of-the-art researches are focusing on these systems.
There are previous works in the context of lifetime (rows 9-13) and peak power (rows [14][15] which are implemented for non real-time systems or systems with one level of criticality. In the following, a summary of these works is mentioned: 1) Life-time Improvement: A task allocation and scheduling for real-time applications are presented in [34]. This work has presented an analytical model in order to estimate the life-time (row 9). Das et al. [35], have considered multi-objective optimization problem including energy and reliability for real-time applications (row 10). Also, Das et al. [36], propose a mapping and scheduling for Synchronous Data Flow Graphs (SDFGs) to improve life-time and power consumption (row 11). The work in [5], has applied a two-step resource management approach for dynamic applications to improve life-time while meeting a power budget. Although the work presented in [5] considers throughput, there is no guarantee to complete the correct execution of tasks before their deadline. Moreover, they are not concerned about transient faults (row 12). Besides, researchers in [37] have considered trade-off between transient and permanent faults in resource allocation. However, there is no guarantee to manage the realtime constraints (row 13). 2) Peak Power Reduction: The first work on peak power control has been presented in [38]. They have considered task graph model and there is no constraint on the task execution time (row 14). Later the works in [17], [39], have assumed real-time tasks and propose an scheduling algorithm to reduce the peak power (row 15).
There is no policy for the HI and LO modes in the mentioned categories due to the existence of one operational mode in the traditional systems. If these approaches are applied in MCSs, the utilization will reduce extremely. The reason is that, there is a gap between Worst-Case Execution Time (WCET) and Actual Execution Time (AET) of a task. These algorithms consider WCET; hence this gap leads the cores to be underutilized [45]. On the contrary, considering two or more criticality modes (i.e., MCSs) results in decreasing the gap due to the close proximity of WCET and AET in lower modes by defining two WCETs for HI-Crit tasks, optimistic and pessimistic, and therefore, improving the system utilization [45], [46], [47].
In many of the previous works on MCSs, the LO-Crit tasks are ignored in the HI mode and furthermore, none of them consider life-time and TDP. To the best of our knowledge, there is no algorithm that prolongs life-time along with considering the TDP constraints in MCSs, while LO-Crit tasks are executed in the HI mode by increasing their period (i.e., using service degradation) until all tasks are schedulable in the HI mode.

III. PRELIMINARIES
In this section, the essential concepts to understand the proposed approach are introduced. For this aim, system and task models are explained. Then, we show how power, and reliability are modeled in this work. Figure 1 presents our system overview in which tasks are executed on a multi-core system. Temperature and power consumption of the cores are utilized to analyse the cores reliability and manage peak power, respectively. The mapping and scheduling unit uses the output of the reliability analysis unit and peak power analysis unit. Then, it decides how to map and schedule the input tasks on the cores.

A. SYSTEM OVERVIEW AND APPLICATION MODEL
Application Model: Let τ = {τ 1 , τ 2 , . . . , τ n } be a set of independent periodic tasks which execute on a multicore systems with m × m square matrix layout WCET of task τ k . T k is the period of task τ k which is the minimum time amount between two released instances of the task. Note that the period amount is used to compute the task utilization bound which is used to check the task schedulability in the system (u k = C k T k ). D k is the implicitdeadline 1 of task τ k . Analogous to [1], [3], [22], we consider the former that deadline is equal to the period (T k = D k ). Besides, χ is a criticality level of task τ k (χ ∈ {LO, HI}) 2 Also, τ χ represents all tasks with χ − Crit.
For mixed-criticality tasks, two levels of WCET are generally considered; Low WCET (LWCET, denoted by C LO k ) and High WCET (HWCET, denoted by C HI k ). We discuss in Section D, how these mixed-criticality tasks are analyzed and how these WCETs for different operational modes are computed.
Besides, the total utilization of χ 1 _Crit tasks (τ χ 1 ) in the χ 2 mode is denoted by U χ 2 χ 1 and is calculated by [18], [22]. System Operational Mode: Without loss of generality, we assume an MCS with two criticality modes: HI and LO [2], [7], [9]. At the beginning of time, all of the cores start in the LO mode. In this mode, if the execution time of any HI-Crit task exceeds its LWCET, the core enters to the HI mode [2]. It remains in this mode until there is no HI-Crit task in the execution queue of the core. To guarantee the HI-Crit tasks are executed before their deadlines, EDF-VD [21] (one of the most common scheduling algorithms for MCSs) is used to schedule tasks. Moreover, service degradation policy is considered for the LO-Crit tasks [2], [7]. The details are elaborated in Section E.

B. POWER MODEL
The power consumed in each core ς i,j includes static and dynamic power [18], [23], [27]: The static power P Sta i,j is dissipated due to sub-threshold leakage current and is approximately related to the number of transistors on the chip. The dynamic power P Dyn i,j is akin to the switching activity α, internal nodes capacitance c, operating voltage v dd and frequency f : The total power consumption of cores at a given time is: A chip can withstand certain power threshold which is determined by the chip TDP. Therefore, the TDP constraint determines the total power consumption limit. 1. Between two kind of deadline, implicit and constrained [22]. 2. Analogous to [3], [7], [11], we consider two criticality levels in this article.

C. FAULT MODEL AND FAULT TOLERANCE
We consider both transient and permanent faults in the proposed approach. We employ fault tolerance techniques to guarantee the reliability requirement of the MCS. To achieve this purpose, the DO-178B standard and furthermore, the Probability-of-Failure-per-Hour (PFH) metric are utilized to characterize the system reliability [2], [3], [9], [24]. As shown in Table 2, DO-178B introduces five levels of criticality A, B, C, D and E, which A provides the highest level of criticality and E is the lowest one. Usually, the HI-Crit tasks are classified in the levels A to C. The tasks that have criticality level D or level E are more LO-Crit tasks and QoS is more important for these tasks.
In the following, we first define reliability and Probability-Of-Failure (POF). Then, we present the transient and permanent fault models used in this work.
The system reliability is denoted by R(t). R(t) is the probability of the correct operation of the system during the period of time [t 0 , t] (i.e., in the operational phase), where t 0 refers to initial time that can be equal to 0. The PFH can be calculated as follows [48]: where t is time in hour and 1 ≤ t ≤ 10 [7]. Without loss of generality, we assume t = 1, therefore PFH = POF. Transient Fault Model: An instance of the task τ k is not completed before its deadline, with the probability of failure f due to transient faults [7]. Note that an error detection mechanism, like ARGUS [49], is employed to check the correctness of the task's output when the task finishes its execution. ARGUS is one of the significant checker tools to detect errors, which can be applied to any embedded systems with low chip area overhead and check control flow, data-flow, computation, and memory access separately [15]. Hence, the timing overhead of error detection has been considered in the tasks' WCETs in our evaluation. We use re-execution technique for each task to deal with transient faults and meet the timing reliability requirements [2], [11]. In the case of fault occurrence, there is a timing overhead to discard the faulty result and resume the task execution. Since we have to guarantee the worst-case scenario, we consider the timing overhead in the WCETs of tasks as well. The number of re-execution task τ k to guarantee the timing reliability requirement in χ criticality mode (LO or HI mode) is denoted by n χ k and is calculated in Eq. 5. Figure 2 shows how a task is released and re-executed in each period until duration time t. Each task instance τ k is released in its period of T k . In one period, we assume each instance is re-executed n k times with the execution time of C k , so n k × C k is the total execution time of task τ k shown as a green rectangle during a time period. Also, if the probability of failure of task τ k was f , it will be decreased to f n k in one period when re-executing the task for n k times. On the other hand, if we want to calculate the probability of failure in time t, not a period, we need to take into account the total number of released instances in duration t, (r(n k , t)), which is equal to four in the Figure 2. Hence, we can model PFH and consequently, transient reliability R Tra k (t, χ) for a LO-Crit or HI-Crit task τ k as Eq. (5) [7]: where n χ k is the re-execution number of task τ k in criticality mode χ . t is the operating time in hour and r(n χ k , t) is the maximum number of instances of τ k that can be executed until time t. With the help of Figure 2, this maximum number can be calculated as follows [7]: The PFH of all χ _Crit tasks on a specific core ς i,j in criticality mode χ is denoted by PFH Tra i,j (t, χ) and is calculated as follows [7]: where PFH Tra Permanent Fault Model: We adopt an analytical model similar to [5], [34] to calculate the permanent reliability of each core (R Per i,j (t)). Furthermore, we assume each core ς i,j will permanently fail with probability of failure PFH Per i,j . Therefore, permanent reliability R Per i,j (t) can be calculated as follow: where β is the Weibull slope parameter, t s is a time slot, t c is a current time and Temp is the temperature in Kelvin. α is the aging rate that depends on temperature and wear-out mechanisms. In this work, we consider Electromigration (EM) as one of the most important aging causes [5], [34]: in which A 0 is material-dependent constant, J and J Crit are current density and critical current density, respectively. n typically is equal to 2, E a , K and are the activation energy, Boltzmann,s constant and gamma function, respectively. The average life-time of the core ς i,j is estimated by Mean Time To Failure (MTTF). By the first core failure, the system needs to be fixed or changed. Thus, the minimum of MTTF of the cores can be estimated as the system MTTF [34], [50].

D. MIXED-CRITICALITY TASK ANALYSIS
Analogous to [7], [9], we define the two execution time levels based on the reliability requirement level. As mentioned in previous section, Tolerating transient faults has been achieved by re-executing tasks. Therefore, this technique directly affects the execution time of task. Consequently, re-executing each task to guarantee its safety requirement would result in specific WCETs for each criticality level [7].
To guarantee the reliability, the number of re-executions (n k ) for each criticality level of tasks in each mode is obtained (n LO k for LO mode, and n HI k for HI mode), which has been discussed in previous section. Therefore, C LO k is the Low WCET (LWCET) of task τ k and also C HI k is the High WCET (HWCET) of task τ k . Now, the WCET of each task in each criticality level is computed as follows, where for each LO-Crit task, the LWCET C LO k is equal to the HWCET C HI k and n LO k is equal or lower than n HI k subject to the criticality level [7], [9]:

E. MIXED-CRITICALITY SCHEDULING ALGORITHM
There are various algorithms for task scheduling in MCSs. One of the most efficient algorithms is EDF-VD [21]. EDF-VD has separate policies to schedule tasks in the two modes.

1) LO Mode Policy:
The tasks are scheduled based on their LWCET and a Virtual Deadline (VD). In fact, the VD is defined to give higher priority to the HI-Crit tasks in the scheduling algorithm. The VD is obtained as follows: [21]. 2) HI Mode Policy: Task Dropping (TD) or Service Degradation (SD) are utilized to improve schedulability. When the system enters to the HI mode, it is possible that algorithms cannot schedule all tasks with their HWCET. In this case, EDF-VD does TD or SD for the LO-Crit tasks. The TD drops the LO-Crit tasks in the HI mode to guarantee the HI-Crit tasks meet their deadlines [47]. The SD extends the period of each LO-Crit task to reduce the number of executed LO-Crit tasks. For this aim, the period of LO-Crit task T converts to T as follows:

IV. PROBLEM DEFINITION AND MOTIVATION
This section defines the problem statement that is discussed in this work. Then, it shows the effectiveness of using Region Selection (RS) in solving the problem through a concrete example. After defining the problem and illustrating the example, we take advantage of RS to uniform aging rate of cores and power consumption in order to increase life-time and reduce peak power in mixed-criticality systems.

A. PROBLEM DEFINITION
This work deals with the life-time and peak power management in mixed-criticality systems. The proposed approach tries to balance the aging of cores and consequently increases the life-time. On the other hand, reliability level is satisfied by one of the fault tolerance techniques, re-execution. The problem can be formulated as follows: Inputs: Given: • The multi-core embedded system that the cores are assumed to be organized in a m × m square matrix layout. ς = {ς 1,1 , ς 1,2 , . . . , ς m,m } • The mixed-criticality task set τ = {τ 1 , τ 2 , . . . , τ n }. • The target reliability R target (t) and t life−time .
• The system power constraint (TDP). • The scheduling and aging parameters. Outputs: Determining a mapping algorithm to allocate tasks to processing cores and a scheduling algorithm to schedule tasks on each processing core w.r.t the constraints.
Constraints: Reliability, power and schedulability are represented as main constraints which are introduced as follows.

B. MOTIVATIONAL EXAMPLE
In this section, we give a motivational example to show the effect of RS technique. We show that selecting a region of processing cores for mapping the tasks reduces the number of active cores. Then, we take this advantage to reduce peak power and consequently avoid chip failure.
We implement CU-UDP algorithm [22] on a 4 × 4 multicore platform in two different scenarios. First, we assume a scenario that we have 16 cores when implementing CU-UDP. Second, we use RS, in which, we have a subset of cores (nine cores in this example) when the tasks are mapped. The task set and timing parameters of our example are given in Figure 3a. CU-UDP sorts tasks unaware of task criticality. It considers U HI HI for HI-Crit tasks and U LO LO for LO-Crit tasks to sort the tasks in decreasing order of utilization. Then, it maps the HI-Crit tasks based on Worst Fit (WF) strategy subject to the U HI HI − U LO HI and LO-Crit tasks based on First Fit (FF) strategy. In the first scenario, Figure 3b and 3c show the result of tasks mapping based on CU-UDP with 16 cores without RS that all available resources have been utilized.
In the second scenario, we apply RS technique. Each region has two properties; a central core that is named First Node (FN) and region radius r that (2r + 1) 2 cores exist around FN [5]. Therefore, there are four regions with radius r = 1 and (2 + 1) 2 = 9 cores in this example. In Figure 3d, CU-UDP maps the tasks on a region with nine cores until there is no available core for mapping the tasks on. Then, it switches to another region and keeps going to map all the tasks. The result in Figure 3e shows the task set is mapped on 12 cores by using RS. If we choose another region except for this region, we will have some idle cores too. As most of the mapping algorithms in MCSs use WF strategy, these algorithms may turn on all available cores. However, RS leads to have some idle cores and to manage peak power without time redundancy or increasing fault rate. For instance, DVFS manages peak power but it increases transient fault rate exponentially by reduction of operating voltage [48]. Although turning off four cores reduces peak power consumption, it may increase power density on the active cores. Hence, it is important to propose an algorithm to take into account the power density of the cores intelligently. If we do not utilize some cores unaware of reliability and temperature, it even can cause hotspot and accelerate aging [5]. However, if we manage RS and choose a fresh region to map tasks, it results in an increased life-time.

V. PROPOSED APPROACH
In this section, we present an approach that uses RS to solve the problem. We first introduce our proposed approach which consists of four main units: the subset unit, the reliability power unit, the LPP-MC mapping unit and the scheduling unit. Then, we explain the implemented algorithm for each unit. Figure 4 shows the overview of an MCS operational phase includes offline and online phases that utilizes LPP-MC. An operational phase defines as a period of time from the start of system operation to the end of it, which is usually between 1 to 10 hours due to the application (as mentioned in Section C). In each operational phase, at first, the offline phase will be done then the online phase will start. In the offline phase, LPP-MC takes the task set, reliability target, PFH and TDP as inputs and generates the mapped tasks and tests the schedulability of tasks. Then, the mapped tasks are scheduled by EDF-VD in the online phase. In the first step, the subset unit divides the task set in l subsets. Then, the LPP-MC mapping unit selects an appropriate region by considering RPM and maps a subset of tasks on the selected region. Later, the scheduling unit tests schedulability and returns a flag. If the flag is set to zero (i.e., the task subset cannot be scheduled under the defined circumstances), LPP-MC will select another region to map the subset until the schedulability flag is set or LPP-MC failed. In parallel, the reliability-power unit updates RPM and the next subset is mapped by the LPP-MC mapping unit. All these calculations are done offline so the required time for task mapping is not critical. Further explanation of the units is presented as follows.

A. LPP-MC APPROACH
Subset Unit: In this unit given task set is divided into subsets. Since LPP-MC considers a subset of cores to map the tasks, it is necessary to map a subset of tasks on a subset of cores. Otherwise, it will be impossible to map all tasks of the task set on a subset of cores. We consider two main factors for dividing a task set into subsets: The sum of tasks utilization in task set and utilization level of a region of cores. By dividing these two factors we calculate the minimum number of subsets. For this aim, the subset unit sorts the tasks from the HI-Crit to the LO-Crit level to divide the task set into subsets. Then, it assigns one task of the task set to each subset until all subsets include one task. It repeats this algorithm for all tasks. In this situation, HI-Crit and LO-Crit tasks will distribute uniformly in different subsets. It should be mentioned that the proposed approach is applied in offline mode. Therefore, it has no knowledge about the online power trace of the system. However, we guaranty that total power consumption is always less than TDP. Hence, the task with the highest power consumption level is assumed as the power of the core. In this way, we can manage peak power in offline mode.
Reliability-Power Unit: The reliability calculator and the power and reliability analyzer are the main components of the reliability-power unit. Temperature is akin to the power consumption of each core which is given to the reliability calculator as an input to calculate core reliability. After calculating core reliability, the power & reliability analyzer uses it to calculate the region selection metric. In this work, as explained in Section I, we propose a new metric named Reliability-Power Metric (RPM) given in Eq. (12). It uses the concept of Reliability Factor (RF) which has been presented for the first time in [5]. The proposed technique in [5] minimizes the communication latencies of interconnected tasks belonging to the same application and manages the lifetime; while, in our proposed method (RPM), we minimize the number of active cores to reduce peak power along with life-time management. The RPM is defined for all available FN cores ς w,h as follows: (12) where, RPM r w,h is RPM for the FN ς w,h and radius r on a square region. This region includes (2r + 1) 2 cores ς i,j . u i,j is the core ς i,j utilization and 1 − u i,j is weight of the core. p i,j is a factor for power of core ς i,j which is a binary variable.
Three factors take part in this metric. The first factor is r Per i,j which is a factor for core aging. If R Per i,j (t) is greater than R target (t), it means the core ς i,j is fresh enough, otherwise, the core ς i,j is aged. Therefore, the value of r Per i,j is equal to R Per i,j (t) if the core ς i,j is not aged, otherwise r Per i,j is set to zero. Hence, a region with FN ς w,h and higher RPM r w,h contains more fresh cores. The second factor is p i,j that distributes power consumption among cores. To initiate p i,j , we compare the power of the core ς i,j with TDP/(m × m). Since we must guarantee to meet the TDP constraint, we consider the worst-case scenario. It means among the power of tasks, mapped on the core ς i,j , the one with the highest power is assumed as the power of core ς i,j (further explanation in Section VI). If the power of core ς i,j exceeds TDP/(m × m), p i,j is set, otherwise, it is reset. The power factor discourages the selection of regions that have a high power density. The last effective factor to select an appropriate region is the utilization factor. We map tasks on a region that has the lowest utilization to apply load balancing besides distributing power density. After calculating the RPM, it is transmitted to the LPP-MC mapping unit.

Life-time Peak Power Management in Mixed-Criticality Systems (LPP-MC) Mapping Unit:
A task allocation algorithm must meet the required reliability level and peak power constraint, and maximize the processor's utilization. To achieve these objectives, this unit uses region selection. The region with the maximum metric level takes priority over the other regions. The LPP-MC mapping unit takes the task subset and the RPM from the subset unit and the reliabilitypower unit, respectively. Then, the LPP-MC mapping unit selects a region that has more fresh cores and lower power density using the defined metric. After region selection, the LPP-MC mapping unit sorts tasks of the subset and cores of the selected region. Then, it maps the tasks based on Best Fit (BF) strategy. The mapped tasks are given to the scheduling unit as an input.
Re-Execution Number Calculator Unit: LPP-MC must guarantee the mapped tasks to be schedulable under the reliability constraints. The re-execution number calculator unit calculates the required number of re-executions for each task τ k to guarantee its timing reliability requirement based on DO-178B.
This unit considers both effect of transient and permanent faults to calculate the re-execution numbers. If only the transient faults are considered to calculate the re-execution time overhead, it may lead to fault rate underestimation in the long-term. Therefore, we present the following model to guarantee the reliability of tasks under permanent and transient faults to have a more accurate estimation of the required number of re-executions for each task in order to meet the timing reliability requirements.
The reliability R Per i,j (t) and R Tra i,j (t, χ) are calculated based on the permanent and transient faults rate, respectively. These reliability factors are independent, therefore the total reliability of each core ς i,j , denoted by R Tot i,j (t), can be modeled as follows: PFH Tot i,j (t, χ) is the PFH for the tasks on the core ς i,j : If a subset is mapped and scheduled, the next subset and the updated RPM are given to the LPP-MC mapping unit. The cycle of task mapping and scheduling is repeated until all tasks are mapped. Now, we explain the algorithm of the units.

Algorithm 1 is consisted of four main functions: update_RPM(), Subset_Creation(), LPP_MC_Map() and
Calculate_U_MC(). Function update_RPM() and function Subset_Creation() are used in the reliability-power unit and the subset unit, respectively. We explain function LPP_MC_Map() in Algorithm 2 which is used in the LPP-MC mapping unit. Furthermore, function Calculate_U_MC() is used in the scheduling unit and is explained in Algorithm 3. The detail of each algorithm is as follows: Algorithm 1: For each start of the system operation, Algorithm 1 updates the reliability R Per i,j (t), the utilization factor u i,j and the power factor p i,j for each core ς i,j in lines 1-4. At the first time, since all processing cores are free, u i,j and p i,j are initiated to 0. The reliability R Per i,j (t) is set to the last reliability of core ς i,j . Then, line 5 calculates the maximum radius of the chip. In lines 6-13 the algorithm calculates the RPM r w,h for each FN ς w,h and radius r based on the Eq. (12). Furthermore, it sorts RPM_array in decreasing order of the RMP in line 14. In line 15 function Subset_Creation() divides the task set τ in l subsets. In line 16, some variables is initiated: l is the number of subsets, sc and cc count the number of subsets and cores, respectively. r is the current radius which is used in mapping the tasks.
Lines 17-49 map the subsets on the cores. These lines are repeated until all subsets are mapped successfully. In line 18, flag sche_suc is initiated to 0. This flag is set by function Calculate_U_MC(), when the subset sc is schedulable. Core ς w,h with the maximum RPM 0 w,h is chosen as FN. As explained in Section V-A, a region with the highest RPM is the most appropriate region for mapping a subset. If in functions LPP_MC_Map() or Calculate_U_MC(), the subset sc cannot be mapped or schedulable due to the constraints (line 36), the algorithm looks for the next appropriate region (lines [37][38][39][40][41][42][43][44][45][46]. In each time, if the algorithm returns 0, there is no possible region for mapping and scheduling tasks.  35: end if 36: if !map_suc || !sche_suc then 37: if cc ! = length(RPM_array(r)) then 38: cc ← cc + 1; 39: else 40: if r < r_max then 41 Algorithm 2: This algorithm gets the subset sc, the cores ς , FN ς w,h and radius r. FN ς w,h and radius r are the properties of the selected region which determines its cores. Function LPP_MC_Map() applies a Worst Fit (WF) strategy based on the utilization of cores. Before mapping the tasks of the subset sc on the selected region, function Sort_Tasks() sorts the tasks in decreasing order of power consumption. Then, the tasks with the same power are sorted in decreasing order of utilization.
In line 3, function Sort_Cores() sorts all the cores in the selected region as follows; it sorts first non-busy cores in decreasing order of reliability and then, cores with equal reliability, in increasing order of utilization. Then Lines 2-21 are repeated until all tasks are mapped on the cores. Task τ k is mapped on core c and the information of mapping is saved Algorithm 2 LPP-MC-Map Function 1: Tasks ← Sort_Tasks(Tasks); 2: for k = 1 : length(Tasks) do 3: Cores ← Sort_Cores (FN, r, ς); 4: τ k ← Tasks(k); ij ← 0; deltaR ← 0; map_suc ← 0; map_suc ← 0; 5: BU_c ← c; deltaR ← 1; 11: end if 12: ij ← ij + 1; 13: end while 14: if !map_suc then 15: if deltaR then 16: on a data structure Q (line 8). If the following three conditions are satisfied: 1) Processor core c is fresh enough (i.e., 2) The utilization of the task τ k is smaller than the weight of core c, and 3) Adding the task τ k does not violate the TDP constraint. Otherwise, the first core for which, condition 1 and 2 are satisfied, is selected for mapping the τ k on it (line 10). If the variables map = 0 and deltaR = 1, Algorithm 2 maps the task τ k on a core that satisfied the conditions 1 and 2 (lines [14][15][16]. Function LPP_MC_Map() returns fail and stops task mapping whenever it cannot find an appropriate core for a task(lines 18).
Algorithm 3: It tests schedulability of tasks for the subset sc which are mapped on the cores in the mapping Q. In the first step, the algorithm initiates the target PFH (PFH target ) for the tasks due to the their criticality levels. Then, lines 3-27 are repeated for each core c in the current mapping. In lines 5-11, Algorithm 3 calculates the re-execution numbers of HI-Crit and LO-Crit tasks (n HI HI and n HI LO ) in the HI mode by using Eq. (14). Then, it calculates the re-execution number of HI-Crit tasks in the LO mode (n LO HI ) in lines 12-17. In lines 18-21, it uses n HI HI , n HI LO and n LO HI to calculate the HI and LO mode utilization U HI and U LO , and then the system utilization U MC by using the Eq. (15). If Algorithm 3 cannot schedule at least one task on a core, it fails and returns 0.
Example: We present an example here to explain LPP-MC. A task set is considered in Table 3 to be mapped on a 4 × 4 multi-core platform. According to Figure 4, there are four major steps to apply LPP-MC: subsets creation, region selection, mapping the tasks, and testing the schedulability. Before these steps, the RPM is initiated to 1 and 9 for r = 0 and r = 1, respectively (lines 1-13, Algorithm 1).

15:
PFH_Tot(ij, SD) ← calculate_PFH_Tot(ij, SD, Q); 16: end while 17: end for 18 Then, it assigns one task of the task set to each subset until all subsets include one task. It repeats this algorithm for all tasks (line 15, Algorithm 1). The result of this step is shown in Table 4. The remaining three steps are repeated for the mapping of each subset (lines 17-48, Algorithm 1). We explain these three steps for subset 1 that is similar for the rest of subsets.
In the second step, Algorithm 1 chooses a region with FN ς ij and radius r = 0 (line 18) and goes to the third step. Function LPP_MC_Map() maps subset sc on the selected region. Before mapping the tasks, Algorithm 2 sorts the tasks based on the power and utilization (line 1). The result of the task sorting is shown in Figure 5. Then, Algorithm 2 maps the tasks τ 13 and τ 1 on core ς ij (c.U = τ 13 .U +τ 1 .U = 0.55) in lines 2-21. When Algorithm 2 tries to map the task τ 19 , it fails due to the second condition in line 7 or 9 ((τ 19 .U = 0.55) (c.W = 1 − 0.55)). LPP-MC cannot map the subset sc on a region with radius r = 0. Therefore, Algorithm 1 returns to the second step. It increases the radius r (line 41) and chooses the FN ς 2,3 (line 18), then it goes to the third step again.
In the third step, function LPP_MC_Map() sorts tasks based on function Sort_Tasks(). Then, it sorts cores based on the reliability, utilization and power. It maps task τ 13 on the core ς 1,2 that is the first core in the queue in Figure 5. The value of the power and utilization are updated for this core and the cores are sorted again in order to map next task. Task τ 1 is mapped on the first core in the queue (ς 1,2 ). The utilization of the core ς 1,2 is equal to 0.5 + 0.05 × 3 = 0.65. Therefore, the weight of core ς 1,2 is equal to 1 − 0.65 = 0.35. The utilization of τ 19 is 0.55 and is greater than the weight of ς 1,2 , hence it cannot be mapped on this core. Algorithm 2 maps task τ 19 on the next core in the queue (core ς 1,3 ). To map task τ 31 and τ 25 , it selects the first core in the queue (core ς 1,2 ). Then, it updates the core utilization: 0.65 + 0.2 + 0.1 = 0.95 < 1. The task τ 7 is mapped on the core ς 1,4 that is the first appropriate core on the queue with utilization is 3 × 0.2 = 0.6 ≤ 1.
In the last step, LPP-MC tests the schedulability of mapped tasks on the cores in Algorithm 3. In lines 1-20 of Algorithm 3, the number of re-executions is calculated for the HI-Crit and the LO-Crit tasks on each core: n HI HI = 3, n LO HI = 2 and n LO LO = 1. Then, it calculates U MC by helping Eq. (15) for cores ς 1,2 , ς 1,3 and ς 1,4 that is equal to 0.85, 0.55, 1, respectively (lines [22][23][24]. These three steps are executed for mapping the other subsets. The result of mapping all subsets are shown in Figure 5.

VI. EXPERIMENTAL RESULT
In this section, we first present the experimental setup. Then, we evaluate the LPP-MC in terms of reliability and   life-time, power and temperature distribution, and utilization and compare to the state-of-the-arts.

A. EXPERIMENTAL SETUP
To evaluate our system, we model the embedded multi-core platforms with ARM processors in our experiments. Besides, we use two types of task sets for evaluation: real task set for flight management system [2], [7] and synthetic task sets, similar to the state of the art studies such as [2], [4], [22]. The procedure described in [7], [9] has been used to generate synthetic task sets, where the following data are employed. . In order to have a realistic power consumption data for tasks, we use the MEET tool [51] (which is configured with ARM cores), and running several embedded benchmarks from MiBench suite [52] such as Automotive, Network and Telecommunication benchmarks on it. The benchmarks are run 1000 times to report the maximum values of power consumption. According to the measurements, the maximum power of tasks is generated randomly following the normal distribution, in the range of the minimum and maximum values, reported in experiments, which is pow ∈ [456, 833]mW. In this work, we consider the TDP value as 80% of the maximum power that a chip consumes, which is conventionally considered in embedded processors [53]. In addition, in order to obtain the temperature of cores, HOTSPOT simulator [54] is used throughout the execution for a floorplan and configuration platform which has ARM cores [16]. For the configuration file, we use the parameters reported in [55] which is for ARM processors. The ARM core (A7) has an area of 0.45mm 2 in our experiments reported by the ARM company.

B. EXPERIMENTAL RESULTS
As mentioned in previous sections, there is no approach that considers life-time and peak power in multi-core MCSs. Therefore, to evaluate LPP-MC, we compare it with two state-of-the-art mapping algorithms in multi-core MCSs which are more close to the proposed approach; DPM [1], and UDP [22]. In the following section, we first evaluate the effect of different mapping on the reliability and life-time of the cores. Furthermore, we measure the total power of cores in time slots to show the peak power. Then, we demonstrate temperature distribution among the cores. Eventually, we show the schedulability using extensive experiments by generating synthetic task sets for the proposed approach. Figure 6 shows system reliability in long-term (10 years) when UDP [22], DPM [1] and LPP-MC are applied on  an MCS. To accelerate the life-time evaluation, we consider the worst-case scenario in power and core utilization. We extract the maximum, minimum and average reliability of 16 cores at each time (based on the Eq. (8)) to show the effect of different mapping on reliability. In the first three figures of Figure 6, although the reliability of cores is approximately equal to 1 in the first year when applying three approaches the distance between the reliability of cores is increasing over time (up to 0.12). The reason is that, the effect of various mapping on the reliability against permanent faults determines after spending a long time. Figure 6a shows that the maximum reliability of cores in UDP and DPM is higher than LPP-MC, while Figure 6b shows that applying the two former approaches results in lower reliability of cores than LPP-MC. Therefore, using the LPP-MC approach reduces the variance between the maximum and minimum reliability of cores, while some of the cores are more reliable than other cores in UDP and DPM. Moreover, it is reasonable that the maximum reliability of cores in LPP-MC is lower than other approaches. The reason is that it increases the minimum reliability of cores compared to two other approaches to balance the reliability of cores. Additionally, it can be extracted from Figure 6 that since the maximum, average, and minimum reliability of cores are almost equal, the reliability is balanced among cores when applying LPP-MC. Balancing the reliability of cores not only reduces the probability of failure of MCSs, but also increases the average reliability of cores due to the results presented in Figure 6c. Figure 6d shows system reliability considering the transient and permanent faults which are calculated by Eq. (7) and Eq. (8), respectively. System reliability by applying LPP-MC is 0.9999997 and 0.7444 in 10 years by considering the transient fault and permanent fault, individually. It is worth mentioning that UDP [22] and DPM [1] do not consider any fault tolerant techniques and since failure in the execution of HI-Crit tasks may lead to system failure [16], the system may fail with the first transient fault on those tasks, which causes irreparable damage to the system. This is while, LPP-MC schedules tasks by applying re-execution at the presence of transient faults. LPP-MC schedules tasks by EDF-VD after applying re-execution fault tolerance technique in order to meet the deadlines of tasks. On the other hand, LPP-MC postpone permanent faults by re-mapping tasks in each operational phase which leads to better load balancing over the cores.

1) LIFE-TIME RELIABILITY
In this work, MTTF is reported as a metric to evaluate the life-time of the system. Figure 7 compares MTTF of the LPP-MC mapping approach to UDP and DPM. Figure 7c shows that LPP-MC has a more balanced life-time of the cores compared to UDP and DPMs. This is because the former approaches use static mapping, while LPP-MC changes the mapping of tasks due to the aging parameter in each start of operational phase. Besides, the MTTF of 12 cores is equal to about 14 years in the UDP (Figure 7a  2) PEAK POWER MANAGEMENT Figure 8a shows the worst-case power consumption trace of 1000 task sets during a hyper-period (1000ms). As shown, the total power consumption has the peak value when time instants located at integer multiples of 100ms. The reason is that, there are many tasks that have period equal to time instants, which are integer multiples of 100ms (100, 200, 300, etc.). Therefore, the system consumes more power to execute many tasks that execute in this time instants. The curve of total power consumption has a decreasing trend in three approaches, without considering the peaks (Figure 8a). This means the period of some tasks is bigger than 100ms. For instance, there are some tasks with the period of 1000ms that are executed once in this hyper-period. As the value of TDP is one of LPP-MC inputs, TDP = 10W (which is acceptable for embedded processors) is given to the algorithm as the input of the experiment. As Figure 8a shows, LPP-MC succeeds to meet given TDP, while UDP and DPM violate TDP. The maximum power consumption for the UDP, DPM, and LPP-MC approaches is 11.02W, 10.78W, and 9.08W, respectively. Hence, LPP-MC reduces peak power consumption up to 17.6% compared to others.
In addition to considering a constant value for TDP, Figure 8b counts how many times systems have a power consumption higher than a specific power. It is worth mentioning that the better mapping is the one that has no violation in lower power consumption because it can be applied to map tasks on a chip with lower TDP. The number of violation is non-zero for power consumption lower than 11.02W in curve related to UDP, lower than 10.78W in curve related to DPM and lower than 9.08W for LPP-MC. Therefore, LPP-MC can be used for systems with lower TDP.

3) TEMPERATURE DISTRIBUTION
We first measure temperature in an short term operational phase, equal to 10 hours. Note that since the UDP and DPM approaches have static mapping during run-time, the result for any short term operational time has the same trend and there is no matter we take which operational time result. The steady-state temperature output of HOTSPOT [54] is shown in Figure 9. Figure 9b, 9c and 9d show that the temperature is well distributed. However, four processing cores ς 1,1 , ς 1,2 , ς 1,3 and ς 1,4 of UDP [22], have reasonably higher temperature, which are equal to 327.74 K, 327.67 K, 327.71 K and 327.76 K, respectively (Figure 9a). Although DPM has lower maximum temperature that other approaches and also distributes temperature, it activates most of processor cores, which may causes to not meet TDP constraint. On the other hand, as shown in Figure 9b, the temperature of upper half of the cores are higher than the temperature of cores ς 4,1 , ς 4,2 , ς 4,3 and ς 4,4 , hence they would age faster than other cores in long term. The reason is that keeping running these cores in long-term and being active causes higher temperature. We show and explain the temperature distribution in long term in the next paragraph. Figure 9c and Figure 9d shows system temperature of two different task mappings in two operational phase by applying LPP-MC. In Figure 9c, LPP-MC activates 14 cores in addition to distributing temperature among them. Therefore, the proposed approach by applying region selection not only meets the TDP constraint due to activating fewer cores but also, it avoids hotspots in the chip due to the thermal distribution. On the other hand, the difference between the temperatures of free cores like ς 3,4 or ς 4,4 with other cores such as ς 3,2 , does not cause unbalanced aging. The reason is that the thermal distribution changes in long-term in LPP-MC, due to the task re-mapping in each operational phase. For instance, Figure 9d shows that in another operational phase, tasks are mapped on the younger processors (ς 4,4 ).
In order to show the effect of different mapping on the distribution of temperature in the long-term, we evaluate temperature with the assumption that the system has continuously run for different operational times ( Figure 10). As shown in Figure 10a and 10b, some cores have a higher temperature than other cores in UDP and DPM. This result is also matched with Figure 7b in which the first 12 cores also have lower MTTF due to experiencing higher temperature. However, Figure 10c shows that LPP-MC distributes temperature among cores since the task mapping is changed during time by considering mapping tasks on younger cores.

4) SCHEDULING
LPP-MC considers transient and permanent faults to calculate required re-execution number to guarantee predefined reliability level; This can affect schedulability and utilization, Eq. (15). Figure 11 shows the effect of LPP-MC on MCS utilization. We generate 1000 task sets for each total utilization u tot ∈ [0.01, 16]. Then, we report normalized utilization u tot /16 = u sys ∈ [0.01, 1]. The work in [7], named Safety Quantification with Service Degradation (SQSD), uses reexecution technique to tolerate the faults and SD in MCSs. We compare the schedulability of our approach with the SQSD. Schedulability is the percent of the schedulable task sets in comparison with all examined task sets on the MCSs. Figure 11 shows that SQSD guarantees 100% schedulability until the system utilization is smaller than 0.2 while LPP-MC imposes 0.1 utilization penalty. The reason of penalty is that SQSD does not consider peak power and life-time while applying peak power management approaches reduces the number of active cores at a time. This limits LPP-MC to achieve higher utilization.

VII. CONCLUSION AND FUTURE WORK
In this work, we propose an approach called LPP-MC to prolong the life-time and reduce the peak power of mixedcriticality systems (MCSs). Besides, we present a reliability model for MCSs that considers both transient and permanent faults. For this aim, a new metric called RPM is proposed and it includes three factors; power, reliability, and utilization to select an appropriate cores' region for task mapping. Besides, the schedulability of the tasks is evaluated using EDF-VD. The results show peak power reduction up to 17.6% and lifetime improvement up to 20.6%, compared to state-of-the-art works, along with reliability guarantee against permanent and transient faults.
To guarantee the worst-case scenario of system operation, we design the system for objectives' improvement by considering the worst-case scenario of task execution and fault occurrence at design-time. However, since it does not always exhibit the worst-case behavior at run-time, the core's capacity may be wasted, which can be a limitation/drawback of the proposed scheme. Therefore, as prospective future work, we would first employ the more efficient mixed-criticality task scheduling algorithm than EDF-VD at design-time. Then, we would consider the run-time behavior and employ the accumulated dynamic slack of cores in order to better manage the objectives, like improving the life-time or reducing the peak power consumption. Besides, in multi-core systems, to avoid manufacturing yield losses and increase reliability, designers embed redundant cores in the system. As another future work, those redundancies can be modeled and considered to improve the MCS's life-time.